Example 1 with Firewall
use of com.google.api.services.compute.model.Firewall in project cloudbreak by hortonworks.
the class GcpFirewallInResourceBuilder method createNewFirewallRule.
private ComputeRequest<Operation> createNewFirewallRule(GcpContext context, AuthenticatedContext auth, Group group, Security security, CloudResource buildableResource, String projectId) throws IOException {
ComputeRequest<Operation> firewallRequest;
List<String> sourceRanges = getSourceRanges(security);
Firewall firewall = new Firewall();
firewall.setSourceRanges(sourceRanges);
List<Allowed> allowedRules = new ArrayList<>();
allowedRules.add(new Allowed().setIPProtocol("icmp"));
allowedRules.addAll(createRule(security));
firewall.setTargetTags(Collections.singletonList(GcpStackUtil.getGroupClusterTag(auth.getCloudContext(), group)));
firewall.setAllowed(allowedRules);
firewall.setName(buildableResource.getName());
firewall.setNetwork(String.format("https://www.googleapis.com/compute/v1/projects/%s/global/networks/%s", projectId, context.getParameter(GcpNetworkResourceBuilder.NETWORK_NAME, String.class)));
return context.getCompute().firewalls().insert(projectId, firewall);
}Example 2 with Firewall
use of com.google.api.services.compute.model.Firewall in project cloudbreak by hortonworks.
the class GcpFirewallInResourceBuilder method updateExistingFirewallForNewTargets.
private Update updateExistingFirewallForNewTargets(GcpContext context, AuthenticatedContext auth, Group group, Security security) throws java.io.IOException {
Firewall firewall = context.getCompute().firewalls().get(context.getProjectId(), security.getCloudSecurityId()).execute();
if (firewall.getTargetTags() == null) {
firewall.setTargetTags(Lists.newArrayListWithCapacity(1));
}
firewall.getTargetTags().add(GcpStackUtil.getGroupClusterTag(auth.getCloudContext(), group));
return context.getCompute().firewalls().update(context.getProjectId(), firewall.getName(), firewall);
}
Also used :
Firewall(com.google.api.services.compute.model.Firewall)
Example 3 with Firewall
use of com.google.api.services.compute.model.Firewall in project platformlayer by platformlayer.
the class EnsureFirewallIngress method handler.
@Handler
public void handler(GoogleCloud cloud, GoogleComputeMachine machine) throws OpsException {
GoogleComputeClient client = googleComputeClientFactory.getComputeClient(cloud);
// Find the public address, although the Google Cloud firewall may be blocking it
publicAddress = machine.getNetworkPoint().getBestAddress(NetworkPoint.forPublicInternet());
String serverLink = machine.getServerSelfLink();
List<Firewall> rules = client.getInstanceFirewallRules(serverLink);
Firewall matchingRule = findMatchingRule(rules);
if (OpsContext.isConfigure()) {
if (matchingRule == null) {
Firewall rule = new Firewall();
rule.setSourceRanges(Arrays.asList("0.0.0.0/0"));
rule.setName("pl-" + UUID.randomUUID().toString());
Allowed allowed = new Allowed();
allowed.setIPProtocol("tcp");
allowed.setPorts(Arrays.asList("" + model.publicPort));
rule.setAllowed(Arrays.asList(allowed));
rule.setNetwork(client.buildNetworkUrl("default"));
client.createFirewallRule(rule);
}
}
if (OpsContext.isDelete()) {
if (matchingRule != null) {
client.deleteFirewallRule(matchingRule);
}
}
}
Also used :
GoogleComputeClient(org.platformlayer.service.cloud.google.ops.compute.GoogleComputeClient)
Allowed(com.google.api.services.compute.model.Firewall.Allowed)
Firewall(com.google.api.services.compute.model.Firewall)
Handler(org.platformlayer.ops.Handler)
Example 4 with Firewall
use of com.google.api.services.compute.model.Firewall in project platformlayer by platformlayer.
the class EnsureFirewallIngress method findMatchingRule.
private Firewall findMatchingRule(List<Firewall> rules) {
for (Firewall rule : rules) {
List<Allowed> allowedList = rule.getAllowed();
boolean matchesPortAndProtocol = false;
if (allowedList != null) {
for (Allowed allowed : allowedList) {
if (!Objects.equal("tcp", allowed.getIPProtocol())) {
continue;
}
List<String> ports = allowed.getPorts();
if (ports != null) {
for (String port : ports) {
if (port.contains("-")) {
if (port.equals(model.publicPort + "-" + model.publicPort)) {
matchesPortAndProtocol = true;
}
} else {
if (port.equals(model.publicPort + "")) {
matchesPortAndProtocol = true;
}
}
}
}
}
}
if (!matchesPortAndProtocol) {
continue;
}
boolean matchedSourceRange = false;
List<String> sourceRanges = rule.getSourceRanges();
if (sourceRanges == null) {
if (rule.getSourceTags() == null) {
matchedSourceRange = true;
}
} else {
for (String sourceRange : sourceRanges) {
if (Objects.equal(sourceRange, "0.0.0.0/0")) {
matchedSourceRange = true;
}
}
}
if (matchedSourceRange) {
return rule;
}
}
return null;
}Example 5 with Firewall
use of com.google.api.services.compute.model.Firewall in project cloudbreak by hortonworks.
the class GcpPlatformResources method securityGroups.
@Override
public CloudSecurityGroups securityGroups(CloudCredential cloudCredential, Region region, Map<String, String> filters) throws IOException {
Compute compute = GcpStackUtil.buildCompute(cloudCredential);
String projectId = GcpStackUtil.getProjectId(cloudCredential);
Map<String, Set<CloudSecurityGroup>> result = new HashMap<>();
if (compute != null) {
FirewallList firewallList = compute.firewalls().list(projectId).execute();
for (Firewall firewall : firewallList.getItems()) {
Map<String, Object> properties = new HashMap<>();
properties.put("network", getNetworkName(firewall));
CloudSecurityGroup cloudSecurityGroup = new CloudSecurityGroup(firewall.getName(), firewall.getName(), properties);
result.computeIfAbsent(region.value(), k -> new HashSet<>()).add(cloudSecurityGroup);
}
}
return new CloudSecurityGroups(result);
}
Also used :
FirewallList(com.google.api.services.compute.model.FirewallList)
Arrays(java.util.Arrays)
CloudVmTypes(com.sequenceiq.cloudbreak.cloud.model.CloudVmTypes)
CloudIpPools(com.sequenceiq.cloudbreak.cloud.model.CloudIpPools)
Region(com.sequenceiq.cloudbreak.cloud.model.Region)
Cacheable(org.springframework.cache.annotation.Cacheable)
HashMap(java.util.HashMap)
Network(com.google.api.services.compute.model.Network)
StringUtils(org.apache.commons.lang3.StringUtils)
CloudGateWays(com.sequenceiq.cloudbreak.cloud.model.CloudGateWays)
CloudNetworks(com.sequenceiq.cloudbreak.cloud.model.CloudNetworks)
CloudRegions(com.sequenceiq.cloudbreak.cloud.model.CloudRegions)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
Inject(javax.inject.Inject)
Value(org.springframework.beans.factory.annotation.Value)
AvailabilityZone(com.sequenceiq.cloudbreak.cloud.model.AvailabilityZone)
Strings(com.google.common.base.Strings)
NetworkList(com.google.api.services.compute.model.NetworkList)
Firewall(com.google.api.services.compute.model.Firewall)
CloudSshKeys(com.sequenceiq.cloudbreak.cloud.model.CloudSshKeys)
Service(org.springframework.stereotype.Service)
Map(java.util.Map)
RegionList(com.google.api.services.compute.model.RegionList)
GcpStackUtil(com.sequenceiq.cloudbreak.cloud.gcp.util.GcpStackUtil)
VmTypeMeta(com.sequenceiq.cloudbreak.cloud.model.VmTypeMeta)
Subnetwork(com.google.api.services.compute.model.Subnetwork)
PlatformResources(com.sequenceiq.cloudbreak.cloud.PlatformResources)
VmTypeMetaBuilder(com.sequenceiq.cloudbreak.cloud.model.VmTypeMeta.VmTypeMetaBuilder)
Region.region(com.sequenceiq.cloudbreak.cloud.model.Region.region)
Set(java.util.Set)
IOException(java.io.IOException)
CloudAccessConfigs(com.sequenceiq.cloudbreak.cloud.model.CloudAccessConfigs)
CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential)
VmType(com.sequenceiq.cloudbreak.cloud.model.VmType)
MachineType(com.google.api.services.compute.model.MachineType)
List(java.util.List)
MachineTypeList(com.google.api.services.compute.model.MachineTypeList)
CloudSecurityGroups(com.sequenceiq.cloudbreak.cloud.model.CloudSecurityGroups)
FirewallList(com.google.api.services.compute.model.FirewallList)
Collections(java.util.Collections)
Compute(com.google.api.services.compute.Compute)
CloudNetwork(com.sequenceiq.cloudbreak.cloud.model.CloudNetwork)
CloudSecurityGroup(com.sequenceiq.cloudbreak.cloud.model.CloudSecurityGroup)
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
Firewall(com.google.api.services.compute.model.Firewall)
CloudSecurityGroups(com.sequenceiq.cloudbreak.cloud.model.CloudSecurityGroups)
Compute(com.google.api.services.compute.Compute)
CloudSecurityGroup(com.sequenceiq.cloudbreak.cloud.model.CloudSecurityGroup)
HashSet(java.util.HashSet)
Aggregations
Firewall (com.google.api.services.compute.model.Firewall)8
Allowed (com.google.api.services.compute.model.Firewall.Allowed)4
Operation (com.google.api.services.compute.model.Operation)3
IOException (java.io.IOException)3
Compute (com.google.api.services.compute.Compute)2
FirewallList (com.google.api.services.compute.model.FirewallList)2
GcpResourceException (com.sequenceiq.cloudbreak.cloud.gcp.GcpResourceException)2
ArrayList (java.util.ArrayList)2
GoogleJsonResponseException (com.google.api.client.googleapis.json.GoogleJsonResponseException)1
Insert (com.google.api.services.compute.Compute.Firewalls.Insert)1
Networks (com.google.api.services.compute.Compute.Networks)1
Get (com.google.api.services.compute.Compute.Subnetworks.Get)1
MachineType (com.google.api.services.compute.model.MachineType)1
MachineTypeList (com.google.api.services.compute.model.MachineTypeList)1
Network (com.google.api.services.compute.model.Network)1
NetworkList (com.google.api.services.compute.model.NetworkList)1
RegionList (com.google.api.services.compute.model.RegionList)1
Subnetwork (com.google.api.services.compute.model.Subnetwork)1
Strings (com.google.common.base.Strings)1
PlatformResources (com.sequenceiq.cloudbreak.cloud.PlatformResources)1
