@Override public Collection<String> listRuleSets() { DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest(); DescribeSecurityGroupsResult result = null; try { result = client.describeSecurityGroups( request ); } catch ( Exception e ) { LOG.warn( "Error while getting security groups", e ); return new LinkedList<String>(); } Collection<String> groups = new ArrayList<String>(); for( SecurityGroup group : result.getSecurityGroups() ) { groups.add( group.getGroupName() ); } return groups; }
if (getDescription() != null) sb.append("Description: ").append(getDescription()).append(","); if (getGroupName() != null) sb.append("GroupName: ").append(getGroupName()).append(","); if (getIpPermissions() != null) sb.append("IpPermissions: ").append(getIpPermissions()).append(",");
@Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getDescription() == null) ? 0 : getDescription().hashCode()); hashCode = prime * hashCode + ((getGroupName() == null) ? 0 : getGroupName().hashCode()); hashCode = prime * hashCode + ((getIpPermissions() == null) ? 0 : getIpPermissions().hashCode()); hashCode = prime * hashCode + ((getOwnerId() == null) ? 0 : getOwnerId().hashCode()); hashCode = prime * hashCode + ((getGroupId() == null) ? 0 : getGroupId().hashCode()); hashCode = prime * hashCode + ((getIpPermissionsEgress() == null) ? 0 : getIpPermissionsEgress().hashCode()); hashCode = prime * hashCode + ((getTags() == null) ? 0 : getTags().hashCode()); hashCode = prime * hashCode + ((getVpcId() == null) ? 0 : getVpcId().hashCode()); return hashCode; }
if (other.getDescription() != null && other.getDescription().equals(this.getDescription()) == false) return false; if (other.getGroupName() == null ^ this.getGroupName() == null) return false; if (other.getGroupName() != null && other.getGroupName().equals(this.getGroupName()) == false) return false; if (other.getIpPermissions() == null ^ this.getIpPermissions() == null)
@Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getOwnerId() == null) ? 0 : getOwnerId().hashCode()); hashCode = prime * hashCode + ((getGroupName() == null) ? 0 : getGroupName().hashCode()); hashCode = prime * hashCode + ((getGroupId() == null) ? 0 : getGroupId().hashCode()); hashCode = prime * hashCode + ((getDescription() == null) ? 0 : getDescription().hashCode()); hashCode = prime * hashCode + ((getIpPermissions() == null) ? 0 : getIpPermissions().hashCode()); hashCode = prime * hashCode + ((getIpPermissionsEgress() == null) ? 0 : getIpPermissionsEgress().hashCode()); hashCode = prime * hashCode + ((getVpcId() == null) ? 0 : getVpcId().hashCode()); hashCode = prime * hashCode + ((getTags() == null) ? 0 : getTags().hashCode()); return hashCode; }
/** * Returns a string representation of this object; useful for testing and * debugging. * * @return A string representation of this object. * * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getOwnerId() != null) sb.append("OwnerId: " + getOwnerId() + ","); if (getGroupName() != null) sb.append("GroupName: " + getGroupName() + ","); if (getGroupId() != null) sb.append("GroupId: " + getGroupId() + ","); if (getDescription() != null) sb.append("Description: " + getDescription() + ","); if (getIpPermissions() != null) sb.append("IpPermissions: " + getIpPermissions() + ","); if (getIpPermissionsEgress() != null) sb.append("IpPermissionsEgress: " + getIpPermissionsEgress() + ","); if (getVpcId() != null) sb.append("VpcId: " + getVpcId() + ","); if (getTags() != null) sb.append("Tags: " + getTags() ); sb.append("}"); return sb.toString(); }
@Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof SecurityGroup == false) return false; SecurityGroup other = (SecurityGroup)obj; if (other.getOwnerId() == null ^ this.getOwnerId() == null) return false; if (other.getOwnerId() != null && other.getOwnerId().equals(this.getOwnerId()) == false) return false; if (other.getGroupName() == null ^ this.getGroupName() == null) return false; if (other.getGroupName() != null && other.getGroupName().equals(this.getGroupName()) == false) return false; if (other.getGroupId() == null ^ this.getGroupId() == null) return false; if (other.getGroupId() != null && other.getGroupId().equals(this.getGroupId()) == false) return false; if (other.getDescription() == null ^ this.getDescription() == null) return false; if (other.getDescription() != null && other.getDescription().equals(this.getDescription()) == false) return false; if (other.getIpPermissions() == null ^ this.getIpPermissions() == null) return false; if (other.getIpPermissions() != null && other.getIpPermissions().equals(this.getIpPermissions()) == false) return false; if (other.getIpPermissionsEgress() == null ^ this.getIpPermissionsEgress() == null) return false; if (other.getIpPermissionsEgress() != null && other.getIpPermissionsEgress().equals(this.getIpPermissionsEgress()) == false) return false; if (other.getVpcId() == null ^ this.getVpcId() == null) return false; if (other.getVpcId() != null && other.getVpcId().equals(this.getVpcId()) == false) return false; if (other.getTags() == null ^ this.getTags() == null) return false; if (other.getTags() != null && other.getTags().equals(this.getTags()) == false) return false; return true; }
@Test public void findsAllSecurityGroups() { assertThat(firewall.findAllSecurityGroups().size(), is(greaterThan(0))); } @Test public void findsDefaultSecurityGroupByName() { SecurityGroup defaultGroup = firewall.findOneSecurityGroupByName("default"); assertThat(defaultGroup.getGroupName(), is(equalTo("default"))); } @Test(expected = AmazonServiceException.class) public void throwsExceptionWhenfindingNonExistentSecurityGroup() { firewall.findOneSecurityGroupByName("inexistent"); }
@Override public boolean apply(SecurityGroup input) { return -1 == input.getGroupName().indexOf(environmentId); } };
@Override public List<String> getSecurityGroupNames() { DescribeSecurityGroupsResult result = client.describeSecurityGroups(); List<String> names = newArrayList(); for (SecurityGroup group : result.getSecurityGroups()) { names.add(group.getGroupName()); } Collections.sort(names); return ImmutableList.copyOf(names); }
/** * Determines whether ingress rules should be updated when migrating the security group - for example, you may * not want to touch security groups that are managed by a different team, or security groups in a specific service * * @param securityGroup the security group * @return true if ingress rules should be updated, false otherwise */ protected boolean shouldCreateTargetPermissions(SecurityGroup securityGroup) { return !getInfrastructureApplications().contains(Names.parseName(securityGroup.getGroupName()).getApp()); }
private Predicate<SecurityGroup> isAppSecurityGroup() { return g -> { if (!g.getGroupName().equals(applicationName)) { return false; } if (g.getVpcId() == null) { return target.getVpcId() == null; } return g.getVpcId().equals(target.getVpcId()); }; }
if (getDescription() != null) sb.append("Description: ").append(getDescription()).append(","); if (getGroupName() != null) sb.append("GroupName: ").append(getGroupName()).append(","); if (getIpPermissions() != null) sb.append("IpPermissions: ").append(getIpPermissions()).append(",");
@Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getDescription() == null) ? 0 : getDescription().hashCode()); hashCode = prime * hashCode + ((getGroupName() == null) ? 0 : getGroupName().hashCode()); hashCode = prime * hashCode + ((getIpPermissions() == null) ? 0 : getIpPermissions().hashCode()); hashCode = prime * hashCode + ((getOwnerId() == null) ? 0 : getOwnerId().hashCode()); hashCode = prime * hashCode + ((getGroupId() == null) ? 0 : getGroupId().hashCode()); hashCode = prime * hashCode + ((getIpPermissionsEgress() == null) ? 0 : getIpPermissionsEgress().hashCode()); hashCode = prime * hashCode + ((getTags() == null) ? 0 : getTags().hashCode()); hashCode = prime * hashCode + ((getVpcId() == null) ? 0 : getVpcId().hashCode()); return hashCode; }
@Override public Map<String, SecurityGroupCheckDetails> check(final Collection<String> groupIds, final String account, final Region region) { final DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); describeSecurityGroupsRequest.setGroupIds(groupIds); final AmazonEC2Client amazonEC2Client = clientProvider.getClient( AmazonEC2Client.class, account, region); final DescribeSecurityGroupsResult describeSecurityGroupsResult = amazonEC2Client.describeSecurityGroups( describeSecurityGroupsRequest); final ImmutableMap.Builder<String, SecurityGroupCheckDetails> result = ImmutableMap.builder(); for (final SecurityGroup securityGroup : describeSecurityGroupsResult.getSecurityGroups()) { final List<String> offendingRules = securityGroup.getIpPermissions().stream() .filter(isOffending) .map(Object::toString) .collect(toList()); if (!offendingRules.isEmpty()) { final SecurityGroupCheckDetails details = new SecurityGroupCheckDetails( securityGroup.getGroupName(), ImmutableList.copyOf(offendingRules)); result.put(securityGroup.getGroupId(), details); } } return result.build(); } }
protected List<MigrateSecurityGroupResult> generateTargetSecurityGroups(MigrateClusterConfigurationResult result) { source.getSecurityGroupIds().stream() .filter(g -> !sourceLookup.getSecurityGroupById(source.getCredentialAccount(), g, source.getVpcId()).isPresent()) .forEach(m -> result.getWarnings().add("Skipping creation of security group: " + m + " (could not be found in source location)")); List<String> securityGroupNames = source.getSecurityGroupIds().stream() .filter(g -> sourceLookup.getSecurityGroupById(source.getCredentialAccount(), g, source.getVpcId()).isPresent()) .map(g -> sourceLookup.getSecurityGroupById(source.getCredentialAccount(), g, source.getVpcId()).get()) .map(g -> g.getSecurityGroup().getGroupName()) .collect(Collectors.toList()); List<MigrateSecurityGroupResult> targetSecurityGroups = securityGroupNames.stream() .map(this::getMigrateSecurityGroupResult) .collect(Collectors.toList()); if (getDeployDefaults().getAddAppGroupToServerGroup()) { // if the app security group is already present, don't include it twice Optional<MigrateSecurityGroupResult> appGroup = targetSecurityGroups.stream() .filter(r -> source.getApplication().equals(r.getTarget().getTargetName())).findFirst(); if (!appGroup.isPresent()) { appGroup = Optional.of(generateAppSecurityGroup()); targetSecurityGroups.add(appGroup.get()); } handleClassicLinkIngress(appGroup.get().getTarget().getTargetId()); } return targetSecurityGroups; }
protected List<MigrateSecurityGroupResult> generateTargetSecurityGroups(LaunchConfiguration sourceLaunchConfig, MigrateServerGroupResult result) { sourceLaunchConfig.getSecurityGroups().stream() .filter(g -> !sourceLookup.getSecurityGroupById(source.getCredentialAccount(), g, source.getVpcId()).isPresent()) .forEach(m -> result.getWarnings().add("Skipping creation of security group: " + m + " (could not be found in source location)")); List<String> securityGroupNames = sourceLaunchConfig.getSecurityGroups().stream() .filter(g -> sourceLookup.getSecurityGroupById(source.getCredentialAccount(), g, source.getVpcId()).isPresent()) .map(g -> sourceLookup.getSecurityGroupById(source.getCredentialAccount(), g, source.getVpcId()).get()) .map(g -> g.getSecurityGroup().getGroupName()) .collect(Collectors.toList()); List<MigrateSecurityGroupResult> targetSecurityGroups = securityGroupNames.stream().map(group -> getMigrateSecurityGroupResult(group) ).collect(Collectors.toList()); if (getDeployDefaults().getAddAppGroupToServerGroup()) { Names names = Names.parseName(source.getName()); // if the app security group is already present, don't include it twice Optional<MigrateSecurityGroupResult> appGroup = targetSecurityGroups.stream() .filter(r -> names.getApp().equals(r.getTarget().getTargetName())).findFirst(); if (!appGroup.isPresent()) { appGroup = Optional.of(generateAppSecurityGroup()); targetSecurityGroups.add(appGroup.get()); } handleClassicLinkIngress(appGroup.get().getTarget().getTargetId()); } return targetSecurityGroups; }
/** * Generates a list of security groups that should be applied to the target load balancer * * @param sourceDescription AWS descriptor of source load balancer * @param result result object of the calling migate operation * @return the list of security groups that will be created or added, excluding the elb-specific security group */ protected List<MigrateSecurityGroupResult> getTargetSecurityGroups(LoadBalancerDescription sourceDescription, MigrateLoadBalancerResult result) { sourceDescription.getSecurityGroups().stream() .filter(g -> !sourceLookup.getSecurityGroupById(source.getCredentialAccount(), g, source.getVpcId()).isPresent()) .forEach(m -> result.getWarnings().add("Skipping creation of security group: " + m + " (could not be found in source location)")); List<SecurityGroup> currentGroups = sourceDescription.getSecurityGroups().stream() .filter(g -> sourceLookup.getSecurityGroupById(source.getCredentialAccount(), g, source.getVpcId()).isPresent()) .map(g -> sourceLookup.getSecurityGroupById(source.getCredentialAccount(), g, source.getVpcId()) .get().getSecurityGroup()).collect(Collectors.toList()); return sourceDescription.getSecurityGroups().stream() .filter(g -> currentGroups.stream().anyMatch(g2 -> g2.getGroupId().equals(g))) .map(g -> { SecurityGroup match = currentGroups.stream().filter(g3 -> g3.getGroupId().equals(g)).findFirst().get(); SecurityGroupLocation sourceLocation = new SecurityGroupLocation(); sourceLocation.setName(match.getGroupName()); sourceLocation.setRegion(source.getRegion()); sourceLocation.setCredentials(source.getCredentials()); sourceLocation.setVpcId(source.getVpcId()); return new SecurityGroupMigrator(sourceLookup, targetLookup, migrateSecurityGroupStrategy, sourceLocation, new SecurityGroupLocation(target)).migrate(dryRun); }) .collect(Collectors.toList()); }
private Set<MigrateSecurityGroupReference> getTargetReferences(SecurityGroupUpdater source) { SecurityGroup group = source.getSecurityGroup(); if (getInfrastructureApplications().contains(Names.parseName(group.getGroupName()).getApp())) { return new HashSet<>(); } return group.getIpPermissions() .stream() .map(IpPermission::getUserIdGroupPairs) .flatMap(List::stream) .filter(pair -> !pair.getGroupId().equals(group.getGroupId()) || !pair.getUserId().equals(group.getOwnerId())) .map(pair -> { NetflixAmazonCredentials account = sourceLookup.getCredentialsForId(pair.getUserId()); if (pair.getGroupName() == null) { if (account == null) { pair.setGroupName(pair.getGroupId()); } else { sourceLookup.getSecurityGroupById(account.getName(), pair.getGroupId(), pair.getVpcId()) .ifPresent(u -> pair.setGroupName(u.getSecurityGroup().getGroupName())); } } return new MigrateSecurityGroupReference(pair, account); }) .collect(Collectors.toSet()); }
if (other.getDescription() != null && other.getDescription().equals(this.getDescription()) == false) return false; if (other.getGroupName() == null ^ this.getGroupName() == null) return false; if (other.getGroupName() != null && other.getGroupName().equals(this.getGroupName()) == false) return false; if (other.getIpPermissions() == null ^ this.getIpPermissions() == null)