@Override public boolean apply(NetworkSecurityRule input) { NetworkSecurityRuleProperties props = input.properties(); return Objects.equal(portRange, props.destinationPortRange()) && Objects.equal(Protocol.fromValue(protocol.name()), props.protocol()) && Objects.equal(Direction.Inbound, props.direction()) // && Objects.equal(Access.Allow, props.access()) && any(ipRanges, equalTo(props.sourceAddressPrefix().replace("*", "0.0.0.0/0"))); } });
@Override public IpPermission apply(final NetworkSecurityRule rule) { if (!InboundRule.apply(rule)) { logger.warn(">> ignoring non-inbound network security rule %s...", rule.name()); return null; } IpPermission permissions = IpPermissions.permit(IpProtocol.fromValue(rule.properties().protocol().name())); String portRange = rule.properties().destinationPortRange(); if (!"*".equals(portRange)) { String[] range = portRange.split("-"); // One single element if it is a single port permissions = PortSelection.class.cast(permissions).fromPort(Integer.parseInt(range[0])) .to(Integer.parseInt(range[range.length - 1])); } if (!"*".equals(rule.properties().sourceAddressPrefix())) { permissions = ToSourceSelection.class.cast(permissions).originatingFromCidrBlock( rule.properties().sourceAddressPrefix()); } return permissions; }
private String createSecurityGroup(String location, String resourceGroup, String name, int[] inboundPorts) { logger.debug(">> creating security group %s in %s...", name, location); Map<Integer, Integer> portRanges = getPortRangesFromList(inboundPorts); List<NetworkSecurityRule> rules = new ArrayList<NetworkSecurityRule>(); int startPriority = 100; for (Map.Entry<Integer, Integer> portRange : portRanges.entrySet()) { String range = portRange.getKey() + "-" + portRange.getValue(); String ruleName = "tcp-" + range; NetworkSecurityRuleProperties properties = NetworkSecurityRuleProperties.builder().protocol(Protocol.Tcp) // .sourceAddressPrefix("*") // .sourcePortRange("*") // .destinationAddressPrefix("*") // .destinationPortRange(range) // .direction(Direction.Inbound) // .access(Access.Allow) // .priority(startPriority++) // .build(); rules.add(NetworkSecurityRule.create(ruleName, null, null, properties)); } NetworkSecurityGroup securityGroup = api.getNetworkSecurityGroupApi(resourceGroup).createOrUpdate(name, location, null, NetworkSecurityGroupProperties.builder().securityRules(rules).build()); checkState(securityGroupAvailable.create(resourceGroup).apply(name), "Security group was not created in the configured timeout"); return securityGroup.id(); }
public void createNetworkSecurityGroup() throws InterruptedException { NetworkSecurityGroup nsg = createGroup(); server.enqueue(jsonResponse("/networksecuritygroupcreate.json").setResponseCode(200)); final NetworkSecurityGroupApi nsgApi = api.getNetworkSecurityGroupApi(resourcegroup); String path = String.format("/subscriptions/%s/resourcegroups/%s/providers/Microsoft.Network/networkSecurityGroups/%s?%s", subscriptionid, resourcegroup, DEFAULT_NSG_NAME, apiVersion); String json = String.format("{\"location\":\"%s\",\"properties\":%s}", "westus", new Gson().toJson(nsg.properties())); NetworkSecurityGroup result = nsgApi.createOrUpdate(DEFAULT_NSG_NAME, "westus", null, nsg.properties()); assertSent(server, "PUT", path, json); assertEquals(result.name(), DEFAULT_NSG_NAME); assertEquals(result.location(), "westus"); assertEquals(result.properties().securityRules().size(), 1); assertEquals(result.properties().securityRules().get(0).properties().protocol(), Protocol.Tcp); }
@Override public IpPermission apply(final NetworkSecurityRule rule) { if (!InboundRule.apply(rule)) { logger.warn(">> ignoring non-inbound network security rule %s...", rule.name()); return null; } IpPermission permissions = IpPermissions.permit(IpProtocol.fromValue(rule.properties().protocol().name())); String portRange = rule.properties().destinationPortRange(); if (!"*".equals(portRange)) { String[] range = portRange.split("-"); // One single element if it is a single port permissions = PortSelection.class.cast(permissions).fromPort(Integer.parseInt(range[0])) .to(Integer.parseInt(range[range.length - 1])); } if (!"*".equals(rule.properties().sourceAddressPrefix())) { permissions = ToSourceSelection.class.cast(permissions).originatingFromCidrBlock( rule.properties().sourceAddressPrefix()); } return permissions; }
private String createSecurityGroup(String location, String resourceGroup, String name, int[] inboundPorts) { logger.debug(">> creating security group %s in %s...", name, location); Map<Integer, Integer> portRanges = getPortRangesFromList(inboundPorts); List<NetworkSecurityRule> rules = new ArrayList<NetworkSecurityRule>(); int startPriority = 100; for (Map.Entry<Integer, Integer> portRange : portRanges.entrySet()) { String range = portRange.getKey() + "-" + portRange.getValue(); String ruleName = "tcp-" + range; NetworkSecurityRuleProperties properties = NetworkSecurityRuleProperties.builder().protocol(Protocol.Tcp) // .sourceAddressPrefix("*") // .sourcePortRange("*") // .destinationAddressPrefix("*") // .destinationPortRange(range) // .direction(Direction.Inbound) // .access(Access.Allow) // .priority(startPriority++) // .build(); rules.add(NetworkSecurityRule.create(ruleName, null, null, properties)); } NetworkSecurityGroup securityGroup = api.getNetworkSecurityGroupApi(resourceGroup).createOrUpdate(name, location, null, NetworkSecurityGroupProperties.builder().securityRules(rules).build()); checkState(securityGroupAvailable.create(resourceGroup).apply(name), "Security group was not created in the configured timeout"); return securityGroup.id(); }
public void getNetworkSecurityGroup() throws InterruptedException { server.enqueue(jsonResponse("/networksecuritygroupget.json").setResponseCode(200)); final NetworkSecurityGroupApi nsgApi = api.getNetworkSecurityGroupApi(resourcegroup); NetworkSecurityGroup result = nsgApi.get(DEFAULT_NSG_NAME); String path = String.format("/subscriptions/%s/resourcegroups/%s/providers/Microsoft.Network/networkSecurityGroups/%s?%s", subscriptionid, resourcegroup, DEFAULT_NSG_NAME, apiVersion); assertSent(server, "GET", path); assertEquals(result.name(), DEFAULT_NSG_NAME); assertEquals(result.location(), "westus"); assertEquals(result.properties().securityRules().size(), 1); assertEquals(result.properties().securityRules().get(0).properties().protocol(), Protocol.Tcp); }
@Override public boolean apply(NetworkSecurityRule input) { NetworkSecurityRuleProperties props = input.properties(); return Objects.equal(portRange, props.destinationPortRange()) && Objects.equal(Protocol.fromValue(protocol.name()), props.protocol()) && Objects.equal(Direction.Inbound, props.direction()) // && Objects.equal(Access.Allow, props.access()) && any(ipRanges, equalTo(props.sourceAddressPrefix().replace("*", "0.0.0.0/0"))); } });
@SerializedNames({"description", "protocol", "sourcePortRange", "destinationPortRange", "sourceAddressPrefix", "destinationAddressPrefix", "access", "priority", "direction"}) public static NetworkSecurityRuleProperties create(final String description, final Protocol protocol, final String sourcePortRange, final String destinationPortRange, final String sourceAddressPrefix, final String destinationAddressPrefix, final Access access, final Integer priority, final Direction direction) { return builder() .description(description) .protocol(protocol) .sourcePortRange(sourcePortRange) .destinationPortRange(destinationPortRange) .sourceAddressPrefix(sourceAddressPrefix) .destinationAddressPrefix(destinationAddressPrefix) .access(access) .priority(priority) .direction(direction) .build(); }
@SerializedNames({"description", "protocol", "sourcePortRange", "destinationPortRange", "sourceAddressPrefix", "destinationAddressPrefix", "access", "priority", "direction"}) public static NetworkSecurityRuleProperties create(final String description, final Protocol protocol, final String sourcePortRange, final String destinationPortRange, final String sourceAddressPrefix, final String destinationAddressPrefix, final Access access, final Integer priority, final Direction direction) { return builder() .description(description) .protocol(protocol) .sourcePortRange(sourcePortRange) .destinationPortRange(destinationPortRange) .sourceAddressPrefix(sourceAddressPrefix) .destinationAddressPrefix(destinationAddressPrefix) .access(access) .priority(priority) .direction(direction) .build(); }
private int getRuleStartingPriority(NetworkSecurityGroup securityGroup) { List<NetworkSecurityRule> existingRules = securityGroup.properties().securityRules(); return existingRules.isEmpty() ? 100 : rulesByPriority().max(existingRules).properties().priority() + 1; }
NetworkSecurityRuleProperties properties = NetworkSecurityRuleProperties.builder() .protocol(Protocol.fromValue(protocol.name())) .sourceAddressPrefix(ipRange)
private int getRuleStartingPriority(NetworkSecurityGroup securityGroup) { List<NetworkSecurityRule> existingRules = securityGroup.properties().securityRules(); return existingRules.isEmpty() ? 100 : rulesByPriority().max(existingRules).properties().priority() + 1; }
NetworkSecurityRuleProperties properties = NetworkSecurityRuleProperties.builder() .protocol(Protocol.fromValue(protocol.name())) .sourceAddressPrefix(ipRange)
private NetworkSecurityGroup createGroup() { NetworkSecurityRule rule = NetworkSecurityRule.create("denyallout", null, null, NetworkSecurityRuleProperties.builder() .description("deny all out") .protocol(Protocol.Tcp) .sourcePortRange("*") .destinationPortRange("*") .sourceAddressPrefix("*") .destinationAddressPrefix("*") .access(NetworkSecurityRuleProperties.Access.Deny) .priority(4095) .direction(NetworkSecurityRuleProperties.Direction.Outbound) .build()); ArrayList<NetworkSecurityRule> ruleList = new ArrayList<NetworkSecurityRule>(); ruleList.add(rule); NetworkSecurityGroup nsg = NetworkSecurityGroup.create("id", "samplensg", "westus", null, NetworkSecurityGroupProperties.builder() .securityRules(ruleList) .build(), null); return nsg; }
protected NetworkSecurityGroup newNetworkSecurityGroup(String nsgName, String locationName) { NetworkSecurityRule rule = NetworkSecurityRule.create("denyallout", null, null, NetworkSecurityRuleProperties.builder() .description("deny all out") .protocol(NetworkSecurityRuleProperties.Protocol.Tcp) .sourcePortRange("*") .destinationPortRange("*") .sourceAddressPrefix("*") .destinationAddressPrefix("*") .access(NetworkSecurityRuleProperties.Access.Deny) .priority(4095) .direction(NetworkSecurityRuleProperties.Direction.Outbound) .build()); List<NetworkSecurityRule> ruleList = Lists.newArrayList(); ruleList.add(rule); NetworkSecurityGroup nsg = NetworkSecurityGroup.create("id", nsgName, locationName, null, NetworkSecurityGroupProperties.builder() .securityRules(ruleList) .build(), null); return nsg; }