@Override public SecurityGroup addIpPermission(IpPermission ipPermission, SecurityGroup group) { checkNotNull(group, "group"); checkNotNull(ipPermission, "ipPermission"); String id = checkNotNull(group.getId(), "group.getId()"); if (!ipPermission.getCidrBlocks().isEmpty()) { jobComplete.apply(api.getSecurityGroupApi().authorizeIngressPortsToCIDRs(id, ipPermission.getIpProtocol().toString().toUpperCase(), ipPermission.getFromPort(), ipPermission.getToPort(), ipPermission.getCidrBlocks())); } if (!ipPermission.getTenantIdGroupNamePairs().isEmpty()) { jobComplete.apply(api.getSecurityGroupApi().authorizeIngressPortsToSecurityGroups(id, ipPermission.getIpProtocol().toString().toUpperCase(), ipPermission.getFromPort(), ipPermission.getToPort(), ipPermission.getTenantIdGroupNamePairs())); } return getSecurityGroupById(id); }
@Override public boolean removeSecurityGroup(String id) { checkNotNull(id, "id"); org.jclouds.cloudstack.domain.SecurityGroup group = api.getSecurityGroupApi().getSecurityGroup(id); if (group == null) { invalidateCache(id); return false; } for (IngressRule rule : group.getIngressRules()) { jobComplete.apply(api.getSecurityGroupApi().revokeIngressRule(rule.getId())); } api.getSecurityGroupApi().deleteSecurityGroup(id); invalidateCache(id); return true; }
@Override public SecurityGroup load(ZoneAndName in) { SecurityGroup group = client.getSecurityGroupApi().getSecurityGroupByName(in.getName()); if (group != null) { return group; } else { return createNewSecurityGroup(in); } }
private void cleanupOrphanedSecurityGroupsInZone(Set<String> groups, String zoneId) { Zone zone = zoneIdToZone.get().getUnchecked(zoneId); if (supportsSecurityGroups().apply(zone)) { for (String group : groups) { for (SecurityGroup securityGroup : Iterables.filter(client.getSecurityGroupApi().listSecurityGroups(), SecurityGroupPredicates.nameMatches(namingConvention.create().containsGroup(group)))) { ZoneAndName zoneAndName = ZoneAndName.fromZoneAndName(zoneId, securityGroup.getName()); logger.debug(">> deleting securityGroup(%s)", zoneAndName); client.getSecurityGroupApi().deleteSecurityGroup(securityGroup.getId()); // TODO: test this clear happens securityGroupMap.invalidate(zoneAndName); logger.debug("<< deleted securityGroup(%s)", zoneAndName); } } } }
@Test public void testCreateDestroySecurityGroup() { try { zone = Iterables.find(client.getZoneApi().listZones(), new Predicate<Zone>() { @Override public boolean apply(Zone arg0) { return arg0.isSecurityGroupsEnabled(); } }); securityGroupsSupported = true; for (SecurityGroup securityGroup : client.getSecurityGroupApi().listSecurityGroups( ListSecurityGroupsOptions.Builder.named(prefix))) { for (IngressRule rule : securityGroup.getIngressRules()) assertTrue(jobComplete.apply(client.getSecurityGroupApi().revokeIngressRule(rule.getId())), rule.toString()); client.getSecurityGroupApi().deleteSecurityGroup(securityGroup.getId()); } group = client.getSecurityGroupApi().createSecurityGroup(prefix); assertEquals(group.getName(), prefix); checkGroup(group); try { client.getSecurityGroupApi().createSecurityGroup(prefix); fail("Expected IllegalStateException"); } catch (IllegalStateException e) { } } catch (NoSuchElementException e) { e.printStackTrace(); } }
expect(secClient.getSecurityGroupByName("group-1")).andReturn(null); expect(secClient.createSecurityGroup("group-1")).andReturn(group); expect(secClient.authorizeIngressPortsToCIDRs("sec-1234", "TCP", 22,
@Override public SecurityGroup apply(ZoneSecurityGroupNamePortsCidrs input) { checkNotNull(input, "input"); String zoneId = input.getZone(); Zone zone = zoneIdToZone.get().getUnchecked(zoneId); checkArgument(supportsSecurityGroups().apply(zone), "Security groups are required, but the zone %s does not support security groups", zoneId); logger.debug(">> creating securityGroup %s", input); try { SecurityGroup securityGroup = client.getSecurityGroupApi().createSecurityGroup(input.getName()); logger.debug("<< created securityGroup(%s)", securityGroup); ImmutableSet<String> cidrs; if (!input.getCidrs().isEmpty()) { cidrs = ImmutableSet.copyOf(input.getCidrs()); } else { cidrs = ImmutableSet.of("0.0.0.0/0"); } for (int port : input.getPorts()) { authorizeGroupToItselfAndToTCPPortAndCidr(client, securityGroup, port, cidrs); } return securityGroup; } catch (IllegalStateException e) { logger.trace("<< trying to find securityGroup(%s): %s", input, e.getMessage()); SecurityGroup group = client.getSecurityGroupApi().getSecurityGroupByName(input.getName()); logger.debug("<< reused securityGroup(%s)", group.getId()); return group; } }
String cidr = getCurrentCIDR(); ImmutableSet<String> cidrs = ImmutableSet.of(cidr); assertTrue(jobComplete.apply(client.getSecurityGroupApi().authorizeIngressICMPToCIDRs(group.getId(), 0, 8, cidrs)), group.toString()); assertTrue(jobComplete.apply(client.getSecurityGroupApi().authorizeIngressPortsToCIDRs(group.getId(), "TCP", 22, 22, cidrs)), group.toString()); group = Iterables.find(client.getSecurityGroupApi().listSecurityGroups(), new Predicate<SecurityGroup>() {
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { checkNotNull(group, "group"); checkNotNull(ipPermission, "ipPermission"); String id = checkNotNull(group.getId(), "group.getId()"); org.jclouds.cloudstack.domain.SecurityGroup rawGroup = api.getSecurityGroupApi() .getSecurityGroup(id); if (!ipPermission.getCidrBlocks().isEmpty()) { for (IngressRule rule : filter(rawGroup.getIngressRules(), ruleCidrMatches(ipPermission.getIpProtocol().toString(), ipPermission.getFromPort(), ipPermission.getToPort(), ipPermission.getCidrBlocks()))) { jobComplete.apply(api.getSecurityGroupApi().revokeIngressRule(rule.getId())); } } if (!ipPermission.getTenantIdGroupNamePairs().isEmpty()) { for (IngressRule rule : filter(rawGroup.getIngressRules(), ruleGroupMatches(ipPermission.getIpProtocol().toString(), ipPermission.getFromPort(), ipPermission.getToPort(), ipPermission.getTenantIdGroupNamePairs()))) { jobComplete.apply(api.getSecurityGroupApi().revokeIngressRule(rule.getId())); } } return getSecurityGroupById(id); }
protected void checkGroup(SecurityGroup group) { // http://bugs.cloud.com/show_bug.cgi?id=8968 if (group.getIngressRules().size() <= 1) { assertEquals(group, client.getSecurityGroupApi().getSecurityGroup(group.getId())); assertEquals(group, client.getSecurityGroupApi().getSecurityGroupByName(group.getName())); } assert group.getId() != null : group; assert group.getName() != null : group; assert group.getAccount() != null : group; assert group.getDomain() != null : group; assert group.getDomainId() != null : group; assert group.getIngressRules() != null : group; }
expect(secClient.createSecurityGroup("group-1")).andReturn(group); expect(secClient.authorizeIngressPortsToCIDRs("sec-1234", "TCP", 22,
@Override public Set<SecurityGroup> listSecurityGroups() { Iterable<? extends org.jclouds.cloudstack.domain.SecurityGroup> rawGroups = api.getSecurityGroupApi().listSecurityGroups(); Iterable<SecurityGroup> groups = transform(filter(rawGroups, notNull()), groupConverter); return ImmutableSet.copyOf(groups); }
@Override public SecurityGroup getSecurityGroupById(String id) { checkNotNull(id, "id"); org.jclouds.cloudstack.domain.SecurityGroup rawGroup = api.getSecurityGroupApi().getSecurityGroup(id); if (rawGroup == null) { return null; } return groupConverter.apply(rawGroup); }
private void authorizeGroupToItselfAndToTCPPortAndCidr(CloudStackApi client, SecurityGroup securityGroup, int port, Set<String> cidrs) { for (String cidr : cidrs) { logger.debug(">> authorizing securityGroup(%s) permission to %s on port %d", securityGroup, cidr, port); if (!portInRangeForCidr(port, cidr).apply(securityGroup)) { jobComplete.apply(client.getSecurityGroupApi().authorizeIngressPortsToCIDRs(securityGroup.getId(), "TCP", port, port, ImmutableSet.of(cidr))); logger.debug("<< authorized securityGroup(%s) permission to %s on port %d", securityGroup, cidr, port); } } } }
expect(secClient.createSecurityGroup("group-1")).andThrow(new IllegalStateException()); expect(secClient.getSecurityGroupByName("group-1")).andReturn(group);
@Override public Set<SecurityGroup> listSecurityGroupsForNode(String id) { checkNotNull(id, "id"); Iterable<? extends org.jclouds.cloudstack.domain.SecurityGroup> rawGroups = api.getSecurityGroupApi().listSecurityGroups(ListSecurityGroupsOptions.Builder .virtualMachineId(id)); Iterable<SecurityGroup> groups = transform(filter(rawGroups, notNull()), groupConverter); return ImmutableSet.copyOf(groups); }
@AfterGroups(groups = "live") @Override protected void tearDownContext() { if (vm != null) { assertTrue(jobComplete.apply(client.getVirtualMachineApi().destroyVirtualMachine(vm.getId()))); } if (group != null) { for (IngressRule rule : group.getIngressRules()) assertTrue(jobComplete.apply(client.getSecurityGroupApi().revokeIngressRule(rule.getId())), rule.toString()); client.getSecurityGroupApi().deleteSecurityGroup(group.getId()); assertEquals(client.getSecurityGroupApi().getSecurityGroup(group.getId()), null); } super.tearDownContext(); }
public void testListSecurityGroup() throws Exception { skipIfSecurityGroupsNotSupported(); for (SecurityGroup securityGroup : client.getSecurityGroupApi().listSecurityGroups()) checkGroup(securityGroup); }
expect(client.getAsyncJobApi()).andReturn(jobClient).anyTimes(); expect(secClient.getSecurityGroupByName("group-1")).andReturn(group);
public static VirtualMachine createVirtualMachine(CloudStackApi client, String defaultTemplate, Predicate<String> jobComplete, Predicate<VirtualMachine> virtualMachineRunning) { Set<Network> networks = client.getNetworkApi().listNetworks(isDefault(true)); if (!networks.isEmpty()) { Network network = get(filter(networks, new Predicate<Network>() { @Override public boolean apply(Network network) { return network != null && network.getState().equals("Implemented"); } }), 0); return createVirtualMachineInNetwork(network, defaultTemplateOrPreferredInZone(defaultTemplate, client, network.getZoneId()), client, jobComplete, virtualMachineRunning); } else { String zoneId = find(client.getZoneApi().listZones(), new Predicate<Zone>() { @Override public boolean apply(Zone arg0) { return arg0.isSecurityGroupsEnabled(); } }).getId(); return createVirtualMachineWithSecurityGroupInZone(zoneId, defaultTemplateOrPreferredInZone(defaultTemplate, client, zoneId), get(client.getSecurityGroupApi().listSecurityGroups(), 0).getId(), client, jobComplete, virtualMachineRunning); } }