use of com.amazonaws.services.ec2.model.PrefixListId in project cloudbreak by hortonworks.
the class SecurityGroupBuilderUtilTest method testEgressWhenOutboundInternetTrafficDisabledAndPrefixListNotEmptyButVpcCidrsEmptyButContainsAlready.
@Test
public void testEgressWhenOutboundInternetTrafficDisabledAndPrefixListNotEmptyButVpcCidrsEmptyButContainsAlready() {
IpPermission ipPermission = new IpPermission().withIpProtocol("-1").withFromPort(0).withToPort(TO_PORT).withPrefixListIds(new PrefixListId().withPrefixListId("id1"));
stubRegionName();
when(awsNetworkView.getOutboundInternetTraffic()).thenReturn(OutboundInternetTraffic.DISABLED);
when(awsNetworkService.getPrefixListIds(amazonEc2Client, REGION_NAME, OutboundInternetTraffic.DISABLED)).thenReturn(List.of("id1", "id2"));
when(awsNetworkService.getVpcCidrs(ac, awsNetworkView)).thenReturn(emptyList());
underTest.egress(amazonEc2Client, ac, awsNetworkView, "id", List.of(ipPermission));
ArgumentCaptor<AuthorizeSecurityGroupEgressRequest> egressCaptor = ArgumentCaptor.forClass(AuthorizeSecurityGroupEgressRequest.class);
verify(amazonEc2Client).addEgress(egressCaptor.capture());
verify(amazonEc2Client, times(1)).addEgress(any());
Assertions.assertEquals("id", egressCaptor.getValue().getGroupId());
Assertions.assertEquals("-1", egressCaptor.getValue().getIpPermissions().get(0).getIpProtocol());
Assertions.assertEquals(0, egressCaptor.getValue().getIpPermissions().get(0).getFromPort());
Assertions.assertEquals(TO_PORT, egressCaptor.getValue().getIpPermissions().get(0).getToPort());
Assertions.assertEquals("id2", egressCaptor.getValue().getIpPermissions().get(0).getPrefixListIds().get(0).getPrefixListId());
}
use of com.amazonaws.services.ec2.model.PrefixListId in project cloudbreak by hortonworks.
the class SecurityGroupBuilderUtil method egress.
public void egress(AmazonEc2Client amazonEc2Client, AuthenticatedContext ac, AwsNetworkView awsNetworkView, String securityGroupId, List<IpPermission> egress) {
OutboundInternetTraffic outboundInternetTraffic = awsNetworkView.getOutboundInternetTraffic();
List<String> prefixListIds = awsNetworkService.getPrefixListIds(amazonEc2Client, ac.getCloudContext().getLocation().getRegion().getRegionName(), outboundInternetTraffic);
List<String> vpcCidrs = awsNetworkService.getVpcCidrs(ac, awsNetworkView);
if (outboundInternetTraffic == OutboundInternetTraffic.DISABLED && (!prefixListIds.isEmpty() || !vpcCidrs.isEmpty())) {
List<IpPermission> permissions = new ArrayList<>();
for (String existingVpcCidr : vpcCidrs) {
IpPermission e = new IpPermission().withIpProtocol("-1").withIpv4Ranges(new IpRange().withCidrIp(existingVpcCidr));
if (!egress.contains(e)) {
permissions.add(e);
}
}
for (String prefixListId : prefixListIds) {
IpPermission e = new IpPermission().withIpProtocol("-1").withFromPort(0).withToPort(TO_PORT).withPrefixListIds(new PrefixListId().withPrefixListId(prefixListId));
if (!egress.contains(e)) {
permissions.add(e);
}
}
if (!permissions.isEmpty()) {
AuthorizeSecurityGroupEgressRequest reguest = new AuthorizeSecurityGroupEgressRequest().withGroupId(securityGroupId).withIpPermissions(permissions);
amazonEc2Client.addEgress(reguest);
LOGGER.info("Egress added to {}", securityGroupId);
} else {
LOGGER.debug("No permission for egress request, skip it");
}
} else {
LOGGER.debug("Egress creation skipped: {}, prefix list size: {}, vpc cidrs size: {}", outboundInternetTraffic, prefixListIds.size(), vpcCidrs.size());
}
}
Aggregations