Search in sources :

Example 1 with Allowed

use of com.google.api.services.compute.model.Firewall.Allowed in project platformlayer by platformlayer.

the class EnsureFirewallIngress method handler.

@Handler
public void handler(GoogleCloud cloud, GoogleComputeMachine machine) throws OpsException {
    GoogleComputeClient client = googleComputeClientFactory.getComputeClient(cloud);
    // Find the public address, although the Google Cloud firewall may be blocking it
    publicAddress = machine.getNetworkPoint().getBestAddress(NetworkPoint.forPublicInternet());
    String serverLink = machine.getServerSelfLink();
    List<Firewall> rules = client.getInstanceFirewallRules(serverLink);
    Firewall matchingRule = findMatchingRule(rules);
    if (OpsContext.isConfigure()) {
        if (matchingRule == null) {
            Firewall rule = new Firewall();
            rule.setSourceRanges(Arrays.asList("0.0.0.0/0"));
            rule.setName("pl-" + UUID.randomUUID().toString());
            Allowed allowed = new Allowed();
            allowed.setIPProtocol("tcp");
            allowed.setPorts(Arrays.asList("" + model.publicPort));
            rule.setAllowed(Arrays.asList(allowed));
            rule.setNetwork(client.buildNetworkUrl("default"));
            client.createFirewallRule(rule);
        }
    }
    if (OpsContext.isDelete()) {
        if (matchingRule != null) {
            client.deleteFirewallRule(matchingRule);
        }
    }
}
Also used : GoogleComputeClient(org.platformlayer.service.cloud.google.ops.compute.GoogleComputeClient) Allowed(com.google.api.services.compute.model.Firewall.Allowed) Firewall(com.google.api.services.compute.model.Firewall) Handler(org.platformlayer.ops.Handler)

Example 2 with Allowed

use of com.google.api.services.compute.model.Firewall.Allowed in project platformlayer by platformlayer.

the class EnsureFirewallIngress method findMatchingRule.

private Firewall findMatchingRule(List<Firewall> rules) {
    for (Firewall rule : rules) {
        List<Allowed> allowedList = rule.getAllowed();
        boolean matchesPortAndProtocol = false;
        if (allowedList != null) {
            for (Allowed allowed : allowedList) {
                if (!Objects.equal("tcp", allowed.getIPProtocol())) {
                    continue;
                }
                List<String> ports = allowed.getPorts();
                if (ports != null) {
                    for (String port : ports) {
                        if (port.contains("-")) {
                            if (port.equals(model.publicPort + "-" + model.publicPort)) {
                                matchesPortAndProtocol = true;
                            }
                        } else {
                            if (port.equals(model.publicPort + "")) {
                                matchesPortAndProtocol = true;
                            }
                        }
                    }
                }
            }
        }
        if (!matchesPortAndProtocol) {
            continue;
        }
        boolean matchedSourceRange = false;
        List<String> sourceRanges = rule.getSourceRanges();
        if (sourceRanges == null) {
            if (rule.getSourceTags() == null) {
                matchedSourceRange = true;
            }
        } else {
            for (String sourceRange : sourceRanges) {
                if (Objects.equal(sourceRange, "0.0.0.0/0")) {
                    matchedSourceRange = true;
                }
            }
        }
        if (matchedSourceRange) {
            return rule;
        }
    }
    return null;
}
Also used : Allowed(com.google.api.services.compute.model.Firewall.Allowed) Firewall(com.google.api.services.compute.model.Firewall)

Aggregations

Firewall (com.google.api.services.compute.model.Firewall)2 Allowed (com.google.api.services.compute.model.Firewall.Allowed)2 Handler (org.platformlayer.ops.Handler)1 GoogleComputeClient (org.platformlayer.service.cloud.google.ops.compute.GoogleComputeClient)1