@Test public void testPortInRangeForCidr() { assertTrue(portInRangeForCidr(11, "1.1.1.1/24").apply(group())); assertTrue(portInRangeForCidr(45, "1.1.1.1/24").apply(group())); assertFalse(portInRangeForCidr(45, "2.2.2.2/16").apply(group())); assertFalse(portInRangeForCidr(11, "2.2.2.2/16").apply(group())); assertFalse(portInRangeForCidr(11, "3.3.3.3/25").apply(group())); }
@Test public void testNameEquals() { assertTrue(nameEquals("default").apply(group())); assertFalse(nameEquals("not-default").apply(group())); }
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { checkNotNull(group, "group"); checkNotNull(ipPermission, "ipPermission"); String id = checkNotNull(group.getId(), "group.getId()"); org.jclouds.cloudstack.domain.SecurityGroup rawGroup = api.getSecurityGroupApi() .getSecurityGroup(id); if (!ipPermission.getCidrBlocks().isEmpty()) { for (IngressRule rule : filter(rawGroup.getIngressRules(), ruleCidrMatches(ipPermission.getIpProtocol().toString(), ipPermission.getFromPort(), ipPermission.getToPort(), ipPermission.getCidrBlocks()))) { jobComplete.apply(api.getSecurityGroupApi().revokeIngressRule(rule.getId())); } } if (!ipPermission.getTenantIdGroupNamePairs().isEmpty()) { for (IngressRule rule : filter(rawGroup.getIngressRules(), ruleGroupMatches(ipPermission.getIpProtocol().toString(), ipPermission.getFromPort(), ipPermission.getToPort(), ipPermission.getTenantIdGroupNamePairs()))) { jobComplete.apply(api.getSecurityGroupApi().revokeIngressRule(rule.getId())); } } return getSecurityGroupById(id); }
@Test public void testRuleCidrMatches() { assertTrue(Iterables.any(group().getIngressRules(), ruleCidrMatches("tcp", 40, 50, ImmutableSet.of("1.1.1.1/24")))); assertFalse(Iterables.any(group().getIngressRules(), ruleCidrMatches("tcp", 40, 50, ImmutableSet.of("2.2.2.2/24")))); }
@Test public void testRuleGroupMatches() { assertTrue(Iterables.any(group().getIngressRules(), ruleGroupMatches("tcp", 22, 22, ImmutableMultimap.<String, String>builder().put("adrian", "adriancole").build()))); assertFalse(Iterables.any(group().getIngressRules(), ruleGroupMatches("tcp", 22, 22, ImmutableMultimap.<String, String>builder().put("adrian", "somegroup").build()))); assertFalse(Iterables.any(group().getIngressRules(), ruleGroupMatches("tcp", 22, 22, ImmutableMultimap.<String, String>builder().put("someuser", "adriancole").build()))); } }
@Test public void testPortInRange() { assertTrue(portInRange(22).apply(group())); assertTrue(portInRange(45).apply(group())); assertFalse(portInRange(100).apply(group())); }
private void cleanupOrphanedSecurityGroupsInZone(Set<String> groups, String zoneId) { Zone zone = zoneIdToZone.get().getUnchecked(zoneId); if (supportsSecurityGroups().apply(zone)) { for (String group : groups) { for (SecurityGroup securityGroup : Iterables.filter(client.getSecurityGroupApi().listSecurityGroups(), SecurityGroupPredicates.nameMatches(namingConvention.create().containsGroup(group)))) { ZoneAndName zoneAndName = ZoneAndName.fromZoneAndName(zoneId, securityGroup.getName()); logger.debug(">> deleting securityGroup(%s)", zoneAndName); client.getSecurityGroupApi().deleteSecurityGroup(securityGroup.getId()); // TODO: test this clear happens securityGroupMap.invalidate(zoneAndName); logger.debug("<< deleted securityGroup(%s)", zoneAndName); } } } }
private void authorizeGroupToItselfAndToTCPPortAndCidr(CloudStackApi client, SecurityGroup securityGroup, int port, Set<String> cidrs) { for (String cidr : cidrs) { logger.debug(">> authorizing securityGroup(%s) permission to %s on port %d", securityGroup, cidr, port); if (!portInRangeForCidr(port, cidr).apply(securityGroup)) { jobComplete.apply(client.getSecurityGroupApi().authorizeIngressPortsToCIDRs(securityGroup.getId(), "TCP", port, port, ImmutableSet.of(cidr))); logger.debug("<< authorized securityGroup(%s) permission to %s on port %d", securityGroup, cidr, port); } } } }