@Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getDescription() == null) ? 0 : getDescription().hashCode()); hashCode = prime * hashCode + ((getGroupName() == null) ? 0 : getGroupName().hashCode()); hashCode = prime * hashCode + ((getIpPermissions() == null) ? 0 : getIpPermissions().hashCode()); hashCode = prime * hashCode + ((getOwnerId() == null) ? 0 : getOwnerId().hashCode()); hashCode = prime * hashCode + ((getGroupId() == null) ? 0 : getGroupId().hashCode()); hashCode = prime * hashCode + ((getIpPermissionsEgress() == null) ? 0 : getIpPermissionsEgress().hashCode()); hashCode = prime * hashCode + ((getTags() == null) ? 0 : getTags().hashCode()); hashCode = prime * hashCode + ((getVpcId() == null) ? 0 : getVpcId().hashCode()); return hashCode; }
DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges());
if (getGroupName() != null) sb.append("GroupName: ").append(getGroupName()).append(","); if (getIpPermissions() != null) sb.append("IpPermissions: ").append(getIpPermissions()).append(","); if (getOwnerId() != null) sb.append("OwnerId: ").append(getOwnerId()).append(",");
/** * One or more inbound rules associated with the security group. * <p> * Returns a reference to this object so that method calls can be chained together. * * @param ipPermissions One or more inbound rules associated with the security group. * * @return A reference to this updated object so that method calls can be chained * together. */ public SecurityGroup withIpPermissions(IpPermission... ipPermissions) { if (getIpPermissions() == null) setIpPermissions(new java.util.ArrayList<IpPermission>(ipPermissions.length)); for (IpPermission value : ipPermissions) { getIpPermissions().add(value); } return this; }
@Override public Collection<IpRule> getRules( final String name, final boolean inbound ) { DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest().withGroupNames( name ); DescribeSecurityGroupsResult result = client.describeSecurityGroups( request ); if( result.getSecurityGroups().size() != 1 ) { return null; } Collection<IpRule> ipRules = new ArrayList<IpRule>(); List<IpPermission> permissions; if( inbound ) { permissions = result.getSecurityGroups().get( 0 ).getIpPermissions(); } else { permissions = result.getSecurityGroups().get( 0 ).getIpPermissionsEgress(); } for( IpPermission permission : permissions ) { ipRules.add( toIpRule( permission ) ); } return ipRules; }
@Override public Map<String, SecurityGroupCheckDetails> check(final Collection<String> groupIds, final String account, final Region region) { final DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); describeSecurityGroupsRequest.setGroupIds(groupIds); final AmazonEC2Client amazonEC2Client = clientProvider.getClient( AmazonEC2Client.class, account, region); final DescribeSecurityGroupsResult describeSecurityGroupsResult = amazonEC2Client.describeSecurityGroups( describeSecurityGroupsRequest); final ImmutableMap.Builder<String, SecurityGroupCheckDetails> result = ImmutableMap.builder(); for (final SecurityGroup securityGroup : describeSecurityGroupsResult.getSecurityGroups()) { final List<String> offendingRules = securityGroup.getIpPermissions().stream() .filter(isOffending) .map(Object::toString) .collect(toList()); if (!offendingRules.isEmpty()) { final SecurityGroupCheckDetails details = new SecurityGroupCheckDetails( securityGroup.getGroupName(), ImmutableList.copyOf(offendingRules)); result.put(securityGroup.getGroupId(), details); } } return result.build(); } }
if (other.getGroupName() != null && other.getGroupName().equals(this.getGroupName()) == false) return false; if (other.getIpPermissions() == null ^ this.getIpPermissions() == null) return false; if (other.getIpPermissions() != null && other.getIpPermissions().equals(this.getIpPermissions()) == false) return false; if (other.getOwnerId() == null ^ this.getOwnerId() == null)
private void filterOutExistingRules(List<IpPermission> permissionsToApply, SecurityGroup targetGroup) { permissionsToApply.forEach(permission -> { permission.getUserIdGroupPairs().removeIf(pair -> targetGroup.getIpPermissions().stream().anyMatch(targetPermission -> targetPermission.getFromPort().equals(permission.getFromPort()) && targetPermission.getToPort().equals(permission.getToPort()) && targetPermission.getUserIdGroupPairs().stream().anyMatch(t -> t.getGroupId().equals(pair.getGroupId())) ) ); permission.getIpv4Ranges().removeIf(range -> targetGroup.getIpPermissions().stream().anyMatch(targetPermission -> targetPermission.getFromPort().equals(permission.getFromPort()) && targetPermission.getToPort().equals(permission.getToPort()) && targetPermission.getIpv4Ranges().contains(range) ) ); permission.getIpv6Ranges().removeIf(range -> targetGroup.getIpPermissions().stream().anyMatch(targetPermission -> targetPermission.getFromPort().equals(permission.getFromPort()) && targetPermission.getToPort().equals(permission.getToPort()) && targetPermission.getIpv6Ranges().contains(range) ) ); }); }
@Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getOwnerId() == null) ? 0 : getOwnerId().hashCode()); hashCode = prime * hashCode + ((getGroupName() == null) ? 0 : getGroupName().hashCode()); hashCode = prime * hashCode + ((getGroupId() == null) ? 0 : getGroupId().hashCode()); hashCode = prime * hashCode + ((getDescription() == null) ? 0 : getDescription().hashCode()); hashCode = prime * hashCode + ((getIpPermissions() == null) ? 0 : getIpPermissions().hashCode()); hashCode = prime * hashCode + ((getIpPermissionsEgress() == null) ? 0 : getIpPermissionsEgress().hashCode()); hashCode = prime * hashCode + ((getVpcId() == null) ? 0 : getVpcId().hashCode()); hashCode = prime * hashCode + ((getTags() == null) ? 0 : getTags().hashCode()); return hashCode; }
private Set<MigrateSecurityGroupReference> getTargetReferences(SecurityGroupUpdater source) { SecurityGroup group = source.getSecurityGroup(); if (getInfrastructureApplications().contains(Names.parseName(group.getGroupName()).getApp())) { return new HashSet<>(); } return group.getIpPermissions() .stream() .map(IpPermission::getUserIdGroupPairs) .flatMap(List::stream) .filter(pair -> !pair.getGroupId().equals(group.getGroupId()) || !pair.getUserId().equals(group.getOwnerId())) .map(pair -> { NetflixAmazonCredentials account = sourceLookup.getCredentialsForId(pair.getUserId()); if (pair.getGroupName() == null) { if (account == null) { pair.setGroupName(pair.getGroupId()); } else { sourceLookup.getSecurityGroupById(account.getName(), pair.getGroupId(), pair.getVpcId()) .ifPresent(u -> pair.setGroupName(u.getSecurityGroup().getGroupName())); } } return new MigrateSecurityGroupReference(pair, account); }) .collect(Collectors.toSet()); }
/** * Returns a string representation of this object; useful for testing and * debugging. * * @return A string representation of this object. * * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getOwnerId() != null) sb.append("OwnerId: " + getOwnerId() + ","); if (getGroupName() != null) sb.append("GroupName: " + getGroupName() + ","); if (getGroupId() != null) sb.append("GroupId: " + getGroupId() + ","); if (getDescription() != null) sb.append("Description: " + getDescription() + ","); if (getIpPermissions() != null) sb.append("IpPermissions: " + getIpPermissions() + ","); if (getIpPermissionsEgress() != null) sb.append("IpPermissionsEgress: " + getIpPermissionsEgress() + ","); if (getVpcId() != null) sb.append("VpcId: " + getVpcId() + ","); if (getTags() != null) sb.append("Tags: " + getTags() ); sb.append("}"); return sb.toString(); }
@Override public SetPermissionsResult setPermissions(String securityGroupName, List<Permission> permissions) { checkNotBlank(securityGroupName, "securityGroupName"); checkNotNull(permissions, "permissions"); Optional<SecurityGroup> optional = getSecurityGroup(securityGroupName); checkState(optional.isPresent(), "Security group [%s] does not exist", securityGroupName); SecurityGroup group = optional.get(); List<IpPermission> oldPerms = group.getIpPermissions(); List<Permission> oldPermissions = getPermissions(oldPerms); Set<Permission> newSet = new HashSet<Permission>(permissions); Set<Permission> oldSet = new HashSet<Permission>(oldPermissions); Set<Permission> adds = SetUtils.difference(newSet, oldSet); Set<Permission> deletes = SetUtils.difference(oldSet, newSet); Set<Permission> existing = SetUtils.intersection(newSet, oldSet); // Delete any permissions that are not in the list, but exist in the security group if (deletes.size() > 0) { RevokeSecurityGroupIngressRequest revoker = new RevokeSecurityGroupIngressRequest(securityGroupName, getIpPermissions(deletes)); client.revokeSecurityGroupIngress(revoker); } // Add any permissions that are in the list but don't exist in the security group if (adds.size() > 0) { AuthorizeSecurityGroupIngressRequest authorizer = new AuthorizeSecurityGroupIngressRequest(); authorizer.withGroupName(securityGroupName).withIpPermissions(getIpPermissions(adds)); client.authorizeSecurityGroupIngress(authorizer); } return new SetPermissionsResult(adds, deletes, existing); }
@Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof SecurityGroup == false) return false; SecurityGroup other = (SecurityGroup)obj; if (other.getOwnerId() == null ^ this.getOwnerId() == null) return false; if (other.getOwnerId() != null && other.getOwnerId().equals(this.getOwnerId()) == false) return false; if (other.getGroupName() == null ^ this.getGroupName() == null) return false; if (other.getGroupName() != null && other.getGroupName().equals(this.getGroupName()) == false) return false; if (other.getGroupId() == null ^ this.getGroupId() == null) return false; if (other.getGroupId() != null && other.getGroupId().equals(this.getGroupId()) == false) return false; if (other.getDescription() == null ^ this.getDescription() == null) return false; if (other.getDescription() != null && other.getDescription().equals(this.getDescription()) == false) return false; if (other.getIpPermissions() == null ^ this.getIpPermissions() == null) return false; if (other.getIpPermissions() != null && other.getIpPermissions().equals(this.getIpPermissions()) == false) return false; if (other.getIpPermissionsEgress() == null ^ this.getIpPermissionsEgress() == null) return false; if (other.getIpPermissionsEgress() != null && other.getIpPermissionsEgress().equals(this.getIpPermissionsEgress()) == false) return false; if (other.getVpcId() == null ^ this.getVpcId() == null) return false; if (other.getVpcId() != null && other.getVpcId().equals(this.getVpcId()) == false) return false; if (other.getTags() == null ^ this.getTags() == null) return false; if (other.getTags() != null && other.getTags().equals(this.getTags()) == false) return false; return true; }
default void addClassicLinkIngress(SecurityGroupLookup lookup, String classicLinkGroupName, String groupId, NetflixAmazonCredentials credentials, String vpcId) { if (classicLinkGroupName == null) { return; } lookup.getSecurityGroupById(credentials.getName(), groupId, vpcId).ifPresent(targetGroupUpdater -> { SecurityGroup targetGroup = targetGroupUpdater.getSecurityGroup(); lookup.getSecurityGroupByName(credentials.getName(), classicLinkGroupName, vpcId) .map(updater -> updater.getSecurityGroup().getGroupId()) .ifPresent(classicLinkGroupId -> { // don't attach if there's already some rule already configured if (targetGroup.getIpPermissions().stream() .anyMatch(p -> p.getUserIdGroupPairs().stream() .anyMatch(p2 -> p2.getGroupId().equals(classicLinkGroupId)))) { return; } targetGroupUpdater.addIngress(Collections.singletonList( new IpPermission() .withIpProtocol("tcp").withFromPort(80).withToPort(65535) .withUserIdGroupPairs( new UserIdGroupPair() .withUserId(credentials.getAccountId()) .withGroupId(classicLinkGroupId) .withVpcId(vpcId) ) )); }); }); } }
securityGroup.getIpPermissions().add(IpPermissionStaxUnmarshaller.getInstance().unmarshall(context)); continue;
/** * List SG ACL's */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest().withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) { for (IpPermission perm : group.getIpPermissions()) { if (perm.getFromPort() == from && perm.getToPort() == to) { ipPermissions.addAll(perm.getIpRanges()); } } } return ipPermissions; } finally { if (client != null) client.shutdown(); } }
@Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getDescription() == null) ? 0 : getDescription().hashCode()); hashCode = prime * hashCode + ((getGroupName() == null) ? 0 : getGroupName().hashCode()); hashCode = prime * hashCode + ((getIpPermissions() == null) ? 0 : getIpPermissions().hashCode()); hashCode = prime * hashCode + ((getOwnerId() == null) ? 0 : getOwnerId().hashCode()); hashCode = prime * hashCode + ((getGroupId() == null) ? 0 : getGroupId().hashCode()); hashCode = prime * hashCode + ((getIpPermissionsEgress() == null) ? 0 : getIpPermissionsEgress().hashCode()); hashCode = prime * hashCode + ((getTags() == null) ? 0 : getTags().hashCode()); hashCode = prime * hashCode + ((getVpcId() == null) ? 0 : getVpcId().hashCode()); return hashCode; }
/** * List SG ACL's */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); Filter nameFilter = new Filter().withName("group-name").withValues(envVariables.getDynomiteClusterName()); String vpcid = retriever.getVpcId(); if (vpcid == null || vpcid.isEmpty()) { throw new IllegalStateException("vpcid is null even though instance is running in vpc."); } Filter vpcFilter = new Filter().withName("vpc-id").withValues(vpcid); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest().withFilters(nameFilter, vpcFilter); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); logger.info("Fetch current permissions for vpc env of running instance"); return ipPermissions; } finally { if (client != null) client.shutdown(); } }
/** * Generate sec group file. * * @param secGrpMap the sec grp map * @throws IOException Signals that an I/O exception has occurred. */ public static void generateSecGroupFile(Map<String, List<SecurityGroup>> secGrpMap) throws IOException { String fieldNames; fieldNames = "GroupId`Description`GroupName`OwnerId`vpcid"; FileGenerator.generateFile(secGrpMap, fieldNames, "secgroup-info.data"); fieldNames = "GroupId`tags.key`tags.value"; FileGenerator.generateFile(secGrpMap, fieldNames, "secgroup-tags.data"); Map<String, List<SGRuleVH>> secGrp = new HashMap<>(); secGrpMap.forEach((k,v)-> { List<SGRuleVH> sgruleList = new ArrayList<>(); v.forEach(sg -> { String groupId = sg.getGroupId(); sgruleList.addAll(getRuleInfo(groupId,"inbound",sg.getIpPermissions())); sgruleList.addAll(getRuleInfo(groupId,"outbound",sg.getIpPermissionsEgress())); }); secGrp.put(k,sgruleList); } ); fieldNames = "groupId`type`ipProtocol`fromPort`toPort`cidrIp`cidrIpv6"; FileGenerator.generateFile(secGrp, fieldNames, "secgroup-rules.data"); }
if (getGroupName() != null) sb.append("GroupName: ").append(getGroupName()).append(","); if (getIpPermissions() != null) sb.append("IpPermissions: ").append(getIpPermissions()).append(","); if (getOwnerId() != null) sb.append("OwnerId: ").append(getOwnerId()).append(",");