Search in sources :

Example 1 with PrefixListId

use of com.amazonaws.services.ec2.model.PrefixListId in project cloudbreak by hortonworks.

the class SecurityGroupBuilderUtilTest method testEgressWhenOutboundInternetTrafficDisabledAndPrefixListNotEmptyButVpcCidrsEmptyButContainsAlready.

@Test
public void testEgressWhenOutboundInternetTrafficDisabledAndPrefixListNotEmptyButVpcCidrsEmptyButContainsAlready() {
    IpPermission ipPermission = new IpPermission().withIpProtocol("-1").withFromPort(0).withToPort(TO_PORT).withPrefixListIds(new PrefixListId().withPrefixListId("id1"));
    stubRegionName();
    when(awsNetworkView.getOutboundInternetTraffic()).thenReturn(OutboundInternetTraffic.DISABLED);
    when(awsNetworkService.getPrefixListIds(amazonEc2Client, REGION_NAME, OutboundInternetTraffic.DISABLED)).thenReturn(List.of("id1", "id2"));
    when(awsNetworkService.getVpcCidrs(ac, awsNetworkView)).thenReturn(emptyList());
    underTest.egress(amazonEc2Client, ac, awsNetworkView, "id", List.of(ipPermission));
    ArgumentCaptor<AuthorizeSecurityGroupEgressRequest> egressCaptor = ArgumentCaptor.forClass(AuthorizeSecurityGroupEgressRequest.class);
    verify(amazonEc2Client).addEgress(egressCaptor.capture());
    verify(amazonEc2Client, times(1)).addEgress(any());
    Assertions.assertEquals("id", egressCaptor.getValue().getGroupId());
    Assertions.assertEquals("-1", egressCaptor.getValue().getIpPermissions().get(0).getIpProtocol());
    Assertions.assertEquals(0, egressCaptor.getValue().getIpPermissions().get(0).getFromPort());
    Assertions.assertEquals(TO_PORT, egressCaptor.getValue().getIpPermissions().get(0).getToPort());
    Assertions.assertEquals("id2", egressCaptor.getValue().getIpPermissions().get(0).getPrefixListIds().get(0).getPrefixListId());
}
Also used : PrefixListId(com.amazonaws.services.ec2.model.PrefixListId) IpPermission(com.amazonaws.services.ec2.model.IpPermission) AuthorizeSecurityGroupEgressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupEgressRequest) Test(org.junit.jupiter.api.Test)

Example 2 with PrefixListId

use of com.amazonaws.services.ec2.model.PrefixListId in project cloudbreak by hortonworks.

the class SecurityGroupBuilderUtil method egress.

public void egress(AmazonEc2Client amazonEc2Client, AuthenticatedContext ac, AwsNetworkView awsNetworkView, String securityGroupId, List<IpPermission> egress) {
    OutboundInternetTraffic outboundInternetTraffic = awsNetworkView.getOutboundInternetTraffic();
    List<String> prefixListIds = awsNetworkService.getPrefixListIds(amazonEc2Client, ac.getCloudContext().getLocation().getRegion().getRegionName(), outboundInternetTraffic);
    List<String> vpcCidrs = awsNetworkService.getVpcCidrs(ac, awsNetworkView);
    if (outboundInternetTraffic == OutboundInternetTraffic.DISABLED && (!prefixListIds.isEmpty() || !vpcCidrs.isEmpty())) {
        List<IpPermission> permissions = new ArrayList<>();
        for (String existingVpcCidr : vpcCidrs) {
            IpPermission e = new IpPermission().withIpProtocol("-1").withIpv4Ranges(new IpRange().withCidrIp(existingVpcCidr));
            if (!egress.contains(e)) {
                permissions.add(e);
            }
        }
        for (String prefixListId : prefixListIds) {
            IpPermission e = new IpPermission().withIpProtocol("-1").withFromPort(0).withToPort(TO_PORT).withPrefixListIds(new PrefixListId().withPrefixListId(prefixListId));
            if (!egress.contains(e)) {
                permissions.add(e);
            }
        }
        if (!permissions.isEmpty()) {
            AuthorizeSecurityGroupEgressRequest reguest = new AuthorizeSecurityGroupEgressRequest().withGroupId(securityGroupId).withIpPermissions(permissions);
            amazonEc2Client.addEgress(reguest);
            LOGGER.info("Egress added to {}", securityGroupId);
        } else {
            LOGGER.debug("No permission for egress request, skip it");
        }
    } else {
        LOGGER.debug("Egress creation skipped: {}, prefix list size: {}, vpc cidrs size: {}", outboundInternetTraffic, prefixListIds.size(), vpcCidrs.size());
    }
}
Also used : IpRange(com.amazonaws.services.ec2.model.IpRange) PrefixListId(com.amazonaws.services.ec2.model.PrefixListId) ArrayList(java.util.ArrayList) IpPermission(com.amazonaws.services.ec2.model.IpPermission) OutboundInternetTraffic(com.sequenceiq.common.api.type.OutboundInternetTraffic) AuthorizeSecurityGroupEgressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupEgressRequest)

Aggregations

AuthorizeSecurityGroupEgressRequest (com.amazonaws.services.ec2.model.AuthorizeSecurityGroupEgressRequest)2 IpPermission (com.amazonaws.services.ec2.model.IpPermission)2 PrefixListId (com.amazonaws.services.ec2.model.PrefixListId)2 IpRange (com.amazonaws.services.ec2.model.IpRange)1 OutboundInternetTraffic (com.sequenceiq.common.api.type.OutboundInternetTraffic)1 ArrayList (java.util.ArrayList)1 Test (org.junit.jupiter.api.Test)1