@Override public void addRules( final String name, final Collection<String> ipRanges, final String protocol, final int fromPort, final int toPort ) { IpPermission ipPermission = new IpPermission(); ipPermission.withIpRanges( ipRanges ) .withIpProtocol( protocol ) .withFromPort( fromPort ) .withToPort( toPort ); try { AuthorizeSecurityGroupIngressRequest request = new AuthorizeSecurityGroupIngressRequest(); request = request.withGroupName( name ).withIpPermissions( ipPermission ); client.authorizeSecurityGroupIngress( request ); } catch ( Exception e ) { LOG.error( "Error whilt adding rule to security group: {}", name, e ); } }
new AuthorizeSecurityGroupIngressRequest( config.getACLGroupName(), ipPermissions)); if (logger.isInfoEnabled()) { new AuthorizeSecurityGroupIngressRequest(); sgIngressRequest.withGroupId(getVpcGoupId()); sgIngressRequest.withIpPermissions(
@Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getCidrIp() == null) ? 0 : getCidrIp().hashCode()); hashCode = prime * hashCode + ((getFromPort() == null) ? 0 : getFromPort().hashCode()); hashCode = prime * hashCode + ((getGroupId() == null) ? 0 : getGroupId().hashCode()); hashCode = prime * hashCode + ((getGroupName() == null) ? 0 : getGroupName().hashCode()); hashCode = prime * hashCode + ((getIpPermissions() == null) ? 0 : getIpPermissions().hashCode()); hashCode = prime * hashCode + ((getIpProtocol() == null) ? 0 : getIpProtocol().hashCode()); hashCode = prime * hashCode + ((getSourceSecurityGroupName() == null) ? 0 : getSourceSecurityGroupName().hashCode()); hashCode = prime * hashCode + ((getSourceSecurityGroupOwnerId() == null) ? 0 : getSourceSecurityGroupOwnerId().hashCode()); hashCode = prime * hashCode + ((getToPort() == null) ? 0 : getToPort().hashCode()); return hashCode; }
ec2.authorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() .withGroupId(groupId) .withGroupName(groupName) .withIpPermissions(parse(ipPermissions))); } catch (AmazonServiceException e) { if (e.getErrorCode().equals("InvalidPermission.Duplicate")) {
ip.setFromPort(22); ip.setToPort(22); AuthorizeSecurityGroupIngressRequest r = new AuthorizeSecurityGroupIngressRequest(); r = r.withIpPermissions(ip.withIpRanges("0.0.0.0/0")); r.setGroupId(g.getGroupId()); try { ec2client.authorizeSecurityGroupIngress(r);
/** * Adds a iplist to the SG. */ public void addACL(Collection<String> listIPs, int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<IpPermission> ipPermissions = new ArrayList<IpPermission>(); ipPermissions.add(new IpPermission().withFromPort(from).withIpProtocol("tcp").withIpRanges(listIPs).withToPort(to)); client.authorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest(config.getACLGroupName(), ipPermissions)); logger.info("Done adding ACL to: " + StringUtils.join(listIPs, ",")); } finally { if (client != null) client.shutdown(); } }
/*** * Open firewall for a security group * * @param groupName Open firewall for this security group * @param ipRanges Open firewall for this IP range * @param ipProtocol Open firewall for this protocol type (eg. tcp, udp) * @param fromPort Open firewall for port range starting at this port * @param toPort Open firewall for port range ending at this port */ public void addPermissionsToSecurityGroup(String groupName, String ipRanges, String ipProtocol, Integer fromPort, Integer toPort) { final AmazonEC2 amazonEC2 = getEc2Client(); final IpPermission ipPermission = new IpPermission() .withIpRanges(ipRanges) .withIpProtocol(ipProtocol) .withFromPort(fromPort) .withToPort(toPort); final AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest() .withGroupName(groupName) .withIpPermissions(ipPermission); amazonEC2.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); LOGGER.info("Added permissions: " + ipPermission + " to security group: " + groupName); }
private void addPublicIngress(AmazonEC2 targetAmazonEC2, String elbGroupId, LoadBalancerDescription sourceDescription) { List<IpPermission> permissions = sourceDescription.getListenerDescriptions().stream().map(l -> new IpPermission() .withIpProtocol("tcp") .withFromPort(l.getListener().getLoadBalancerPort()) .withToPort(l.getListener().getLoadBalancerPort()) .withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")) //TODO(cfieber)-ipv6 ).collect(Collectors.toList()); targetAmazonEC2.authorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() .withGroupId(elbGroupId) .withIpPermissions(permissions) ); }
return false; AuthorizeSecurityGroupIngressRequest other = (AuthorizeSecurityGroupIngressRequest) obj; if (other.getCidrIp() == null ^ this.getCidrIp() == null) return false; if (other.getCidrIp() != null && other.getCidrIp().equals(this.getCidrIp()) == false) return false; if (other.getFromPort() == null ^ this.getFromPort() == null) return false; if (other.getFromPort() != null && other.getFromPort().equals(this.getFromPort()) == false) return false; if (other.getGroupId() == null ^ this.getGroupId() == null) return false; if (other.getGroupId() != null && other.getGroupId().equals(this.getGroupId()) == false) return false; if (other.getGroupName() == null ^ this.getGroupName() == null) return false; if (other.getGroupName() != null && other.getGroupName().equals(this.getGroupName()) == false) return false; if (other.getIpPermissions() == null ^ this.getIpPermissions() == null) return false; if (other.getIpPermissions() != null && other.getIpPermissions().equals(this.getIpPermissions()) == false) return false; if (other.getIpProtocol() == null ^ this.getIpProtocol() == null) return false; if (other.getIpProtocol() != null && other.getIpProtocol().equals(this.getIpProtocol()) == false) return false; if (other.getSourceSecurityGroupName() == null ^ this.getSourceSecurityGroupName() == null) return false; if (other.getSourceSecurityGroupName() != null && other.getSourceSecurityGroupName().equals(this.getSourceSecurityGroupName()) == false)
AuthorizeSecurityGroupIngressRequest() .withGroupName(group_name) .withIpPermissions(ip_perm, ip_perm2);
/** * Adding peers' IPs as ingress to the running instance SG. The running * instance could be in "classic" or "vpc" */ public void addACL(Collection<String> listIPs, int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<IpPermission> ipPermissions = new ArrayList<IpPermission>(); ipPermissions.add( new IpPermission().withFromPort(from).withIpProtocol("tcp").withIpRanges(listIPs).withToPort(to)); if (this.insEnvIdentity.isClassic()) { client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(envVariables.getDynomiteClusterName(), ipPermissions)); logger.info("Done adding ACL to classic: " + StringUtils.join(listIPs, ",")); } else { AuthorizeSecurityGroupIngressRequest sgIngressRequest = new AuthorizeSecurityGroupIngressRequest(); // fetch SG group id for VPC account of the running instances sgIngressRequest.withGroupId(getVpcGroupId()); // Add peer's IPs as ingress to the SG that the running instance // belongs to client.authorizeSecurityGroupIngress(sgIngressRequest.withIpPermissions(ipPermissions)); logger.info("Done adding ACL to vpc: " + StringUtils.join(listIPs, ",")); } } finally { if (client != null) client.shutdown(); } }
StringBuilder sb = new StringBuilder(); sb.append("{"); if (getCidrIp() != null) sb.append("CidrIp: ").append(getCidrIp()).append(","); if (getFromPort() != null) sb.append("FromPort: ").append(getFromPort()).append(","); if (getGroupId() != null) sb.append("GroupId: ").append(getGroupId()).append(","); if (getGroupName() != null) sb.append("GroupName: ").append(getGroupName()).append(","); if (getIpPermissions() != null) sb.append("IpPermissions: ").append(getIpPermissions()).append(","); if (getIpProtocol() != null) sb.append("IpProtocol: ").append(getIpProtocol()).append(","); if (getSourceSecurityGroupName() != null) sb.append("SourceSecurityGroupName: ").append(getSourceSecurityGroupName()).append(","); if (getSourceSecurityGroupOwnerId() != null) sb.append("SourceSecurityGroupOwnerId: ").append(getSourceSecurityGroupOwnerId()).append(","); if (getToPort() != null) sb.append("ToPort: ").append(getToPort()); sb.append("}"); return sb.toString();
/*** * Open firewall for a security group * * @param groupName Open firewall for this security group * @param ipRanges Open firewall for this IP range * @param ipProtocol Open firewall for this protocol type (eg. tcp, udp) * @param fromPort Open firewall for port range starting at this port * @param toPort Open firewall for port range ending at this port */ public void addPermissionsToSecurityGroup(String groupName, String ipRanges, String ipProtocol, Integer fromPort, Integer toPort) { final AmazonEC2 amazonEC2 = getEc2Client(); final IpPermission ipPermission = new IpPermission() .withIpRanges(ipRanges) .withIpProtocol(ipProtocol) .withFromPort(fromPort) .withToPort(toPort); final AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest() .withGroupName(groupName) .withIpPermissions(ipPermission); amazonEC2.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); LOGGER.info("Added permissions: " + ipPermission + " to security group: " + groupName); }
if (inbound) { AuthorizeSecurityGroupIngressRequest request = new AuthorizeSecurityGroupIngressRequest() .withGroupId(groupId) .withIpPermissions(perm); ec2Client.authorizeSecurityGroupIngress(request);
if (authorizeSecurityGroupIngressRequest.getCidrIp() != null) { request.addParameter("CidrIp", StringUtils.fromString(authorizeSecurityGroupIngressRequest.getCidrIp())); if (authorizeSecurityGroupIngressRequest.getFromPort() != null) { request.addParameter("FromPort", StringUtils.fromInteger(authorizeSecurityGroupIngressRequest.getFromPort())); if (authorizeSecurityGroupIngressRequest.getGroupId() != null) { request.addParameter("GroupId", StringUtils.fromString(authorizeSecurityGroupIngressRequest.getGroupId())); if (authorizeSecurityGroupIngressRequest.getGroupName() != null) { request.addParameter("GroupName", StringUtils.fromString(authorizeSecurityGroupIngressRequest.getGroupName())); .getIpPermissions(); if (!authorizeSecurityGroupIngressRequestIpPermissionsList.isEmpty() || !authorizeSecurityGroupIngressRequestIpPermissionsList.isAutoConstruct()) { int ipPermissionsListIndex = 1; if (authorizeSecurityGroupIngressRequest.getIpProtocol() != null) { request.addParameter("IpProtocol", StringUtils.fromString(authorizeSecurityGroupIngressRequest.getIpProtocol())); if (authorizeSecurityGroupIngressRequest.getSourceSecurityGroupName() != null) { request.addParameter("SourceSecurityGroupName", StringUtils.fromString(authorizeSecurityGroupIngressRequest.getSourceSecurityGroupName())); if (authorizeSecurityGroupIngressRequest.getSourceSecurityGroupOwnerId() != null) { request.addParameter("SourceSecurityGroupOwnerId", StringUtils.fromString(authorizeSecurityGroupIngressRequest.getSourceSecurityGroupOwnerId())); if (authorizeSecurityGroupIngressRequest.getToPort() != null) { request.addParameter("ToPort", StringUtils.fromInteger(authorizeSecurityGroupIngressRequest.getToPort()));
/*** * Open firewall for a security group * * @param groupName Open firewall for this security group * @param ipRanges Open firewall for this IP range * @param ipProtocol Open firewall for this protocol type (eg. tcp, udp) * @param fromPort Open firewall for port range starting at this port * @param toPort Open firewall for port range ending at this port */ public void addPermissionsToSecurityGroup(String groupName, String ipRanges, String ipProtocol, Integer fromPort, Integer toPort) { final AmazonEC2 amazonEC2 = getEc2Client(); final IpPermission ipPermission = new IpPermission() .withIpRanges(ipRanges) .withIpProtocol(ipProtocol) .withFromPort(fromPort) .withToPort(toPort); final AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest() .withGroupName(groupName) .withIpPermissions(ipPermission); amazonEC2.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); LOGGER.info("Added permissions: " + ipPermission + " to security group: " + groupName); }
.withFromPort(listener.getInstancePort()).withToPort(listener.getInstancePort()) .withUserIdGroupPairs(new UserIdGroupPair().withGroupId(elbGroupId).withVpcId(target.getVpcId())); targetAmazonEC2.authorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() .withGroupId(appGroup.getGroupId()) .withIpPermissions(newPermission) ); });
@Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getGroupName() == null) ? 0 : getGroupName().hashCode()); hashCode = prime * hashCode + ((getGroupId() == null) ? 0 : getGroupId().hashCode()); hashCode = prime * hashCode + ((getSourceSecurityGroupName() == null) ? 0 : getSourceSecurityGroupName().hashCode()); hashCode = prime * hashCode + ((getSourceSecurityGroupOwnerId() == null) ? 0 : getSourceSecurityGroupOwnerId().hashCode()); hashCode = prime * hashCode + ((getIpProtocol() == null) ? 0 : getIpProtocol().hashCode()); hashCode = prime * hashCode + ((getFromPort() == null) ? 0 : getFromPort().hashCode()); hashCode = prime * hashCode + ((getToPort() == null) ? 0 : getToPort().hashCode()); hashCode = prime * hashCode + ((getCidrIp() == null) ? 0 : getCidrIp().hashCode()); hashCode = prime * hashCode + ((getIpPermissions() == null) ? 0 : getIpPermissions().hashCode()); return hashCode; }
@Override public SetPermissionsResult setPermissions(String securityGroupName, List<Permission> permissions) { checkNotBlank(securityGroupName, "securityGroupName"); checkNotNull(permissions, "permissions"); Optional<SecurityGroup> optional = getSecurityGroup(securityGroupName); checkState(optional.isPresent(), "Security group [%s] does not exist", securityGroupName); SecurityGroup group = optional.get(); List<IpPermission> oldPerms = group.getIpPermissions(); List<Permission> oldPermissions = getPermissions(oldPerms); Set<Permission> newSet = new HashSet<Permission>(permissions); Set<Permission> oldSet = new HashSet<Permission>(oldPermissions); Set<Permission> adds = SetUtils.difference(newSet, oldSet); Set<Permission> deletes = SetUtils.difference(oldSet, newSet); Set<Permission> existing = SetUtils.intersection(newSet, oldSet); // Delete any permissions that are not in the list, but exist in the security group if (deletes.size() > 0) { RevokeSecurityGroupIngressRequest revoker = new RevokeSecurityGroupIngressRequest(securityGroupName, getIpPermissions(deletes)); client.revokeSecurityGroupIngress(revoker); } // Add any permissions that are in the list but don't exist in the security group if (adds.size() > 0) { AuthorizeSecurityGroupIngressRequest authorizer = new AuthorizeSecurityGroupIngressRequest(); authorizer.withGroupName(securityGroupName).withIpPermissions(getIpPermissions(adds)); client.authorizeSecurityGroupIngress(authorizer); } return new SetPermissionsResult(adds, deletes, existing); }
@Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof AuthorizeSecurityGroupIngressRequest == false) return false; AuthorizeSecurityGroupIngressRequest other = (AuthorizeSecurityGroupIngressRequest)obj; if (other.getGroupName() == null ^ this.getGroupName() == null) return false; if (other.getGroupName() != null && other.getGroupName().equals(this.getGroupName()) == false) return false; if (other.getGroupId() == null ^ this.getGroupId() == null) return false; if (other.getGroupId() != null && other.getGroupId().equals(this.getGroupId()) == false) return false; if (other.getSourceSecurityGroupName() == null ^ this.getSourceSecurityGroupName() == null) return false; if (other.getSourceSecurityGroupName() != null && other.getSourceSecurityGroupName().equals(this.getSourceSecurityGroupName()) == false) return false; if (other.getSourceSecurityGroupOwnerId() == null ^ this.getSourceSecurityGroupOwnerId() == null) return false; if (other.getSourceSecurityGroupOwnerId() != null && other.getSourceSecurityGroupOwnerId().equals(this.getSourceSecurityGroupOwnerId()) == false) return false; if (other.getIpProtocol() == null ^ this.getIpProtocol() == null) return false; if (other.getIpProtocol() != null && other.getIpProtocol().equals(this.getIpProtocol()) == false) return false; if (other.getFromPort() == null ^ this.getFromPort() == null) return false; if (other.getFromPort() != null && other.getFromPort().equals(this.getFromPort()) == false) return false; if (other.getToPort() == null ^ this.getToPort() == null) return false; if (other.getToPort() != null && other.getToPort().equals(this.getToPort()) == false) return false; if (other.getCidrIp() == null ^ this.getCidrIp() == null) return false; if (other.getCidrIp() != null && other.getCidrIp().equals(this.getCidrIp()) == false) return false; if (other.getIpPermissions() == null ^ this.getIpPermissions() == null) return false; if (other.getIpPermissions() != null && other.getIpPermissions().equals(this.getIpPermissions()) == false) return false; return true; }