@Override public void addRules( final String name, final Collection<String> ipRanges, final String protocol, final int fromPort, final int toPort ) { IpPermission ipPermission = new IpPermission(); ipPermission.withIpRanges( ipRanges ) .withIpProtocol( protocol ) .withFromPort( fromPort ) .withToPort( toPort ); try { AuthorizeSecurityGroupIngressRequest request = new AuthorizeSecurityGroupIngressRequest(); request = request.withGroupName( name ).withIpPermissions( ipPermission ); client.authorizeSecurityGroupIngress( request ); } catch ( Exception e ) { LOG.error( "Error whilt adding rule to security group: {}", name, e ); } }
@Override public SetPermissionsResult setPermissions(String securityGroupName, List<Permission> permissions) { checkNotBlank(securityGroupName, "securityGroupName"); checkNotNull(permissions, "permissions"); Optional<SecurityGroup> optional = getSecurityGroup(securityGroupName); checkState(optional.isPresent(), "Security group [%s] does not exist", securityGroupName); SecurityGroup group = optional.get(); List<IpPermission> oldPerms = group.getIpPermissions(); List<Permission> oldPermissions = getPermissions(oldPerms); Set<Permission> newSet = new HashSet<Permission>(permissions); Set<Permission> oldSet = new HashSet<Permission>(oldPermissions); Set<Permission> adds = SetUtils.difference(newSet, oldSet); Set<Permission> deletes = SetUtils.difference(oldSet, newSet); Set<Permission> existing = SetUtils.intersection(newSet, oldSet); // Delete any permissions that are not in the list, but exist in the security group if (deletes.size() > 0) { RevokeSecurityGroupIngressRequest revoker = new RevokeSecurityGroupIngressRequest(securityGroupName, getIpPermissions(deletes)); client.revokeSecurityGroupIngress(revoker); } // Add any permissions that are in the list but don't exist in the security group if (adds.size() > 0) { AuthorizeSecurityGroupIngressRequest authorizer = new AuthorizeSecurityGroupIngressRequest(); authorizer.withGroupName(securityGroupName).withIpPermissions(getIpPermissions(adds)); client.authorizeSecurityGroupIngress(authorizer); } return new SetPermissionsResult(adds, deletes, existing); }
r.setGroupId(g.getGroupId()); try { ec2client.authorizeSecurityGroupIngress(r); } catch (AmazonServiceException as) {