Example 1 with Allowed
use of com.google.api.services.compute.model.Firewall.Allowed in project platformlayer by platformlayer.
the class EnsureFirewallIngress method handler.
@Handler
public void handler(GoogleCloud cloud, GoogleComputeMachine machine) throws OpsException {
GoogleComputeClient client = googleComputeClientFactory.getComputeClient(cloud);
// Find the public address, although the Google Cloud firewall may be blocking it
publicAddress = machine.getNetworkPoint().getBestAddress(NetworkPoint.forPublicInternet());
String serverLink = machine.getServerSelfLink();
List<Firewall> rules = client.getInstanceFirewallRules(serverLink);
Firewall matchingRule = findMatchingRule(rules);
if (OpsContext.isConfigure()) {
if (matchingRule == null) {
Firewall rule = new Firewall();
rule.setSourceRanges(Arrays.asList("0.0.0.0/0"));
rule.setName("pl-" + UUID.randomUUID().toString());
Allowed allowed = new Allowed();
allowed.setIPProtocol("tcp");
allowed.setPorts(Arrays.asList("" + model.publicPort));
rule.setAllowed(Arrays.asList(allowed));
rule.setNetwork(client.buildNetworkUrl("default"));
client.createFirewallRule(rule);
}
}
if (OpsContext.isDelete()) {
if (matchingRule != null) {
client.deleteFirewallRule(matchingRule);
}
}
}
Also used :
GoogleComputeClient(org.platformlayer.service.cloud.google.ops.compute.GoogleComputeClient)
Allowed(com.google.api.services.compute.model.Firewall.Allowed)
Firewall(com.google.api.services.compute.model.Firewall)
Handler(org.platformlayer.ops.Handler)
Example 2 with Allowed
use of com.google.api.services.compute.model.Firewall.Allowed in project platformlayer by platformlayer.
the class EnsureFirewallIngress method findMatchingRule.
private Firewall findMatchingRule(List<Firewall> rules) {
for (Firewall rule : rules) {
List<Allowed> allowedList = rule.getAllowed();
boolean matchesPortAndProtocol = false;
if (allowedList != null) {
for (Allowed allowed : allowedList) {
if (!Objects.equal("tcp", allowed.getIPProtocol())) {
continue;
}
List<String> ports = allowed.getPorts();
if (ports != null) {
for (String port : ports) {
if (port.contains("-")) {
if (port.equals(model.publicPort + "-" + model.publicPort)) {
matchesPortAndProtocol = true;
}
} else {
if (port.equals(model.publicPort + "")) {
matchesPortAndProtocol = true;
}
}
}
}
}
}
if (!matchesPortAndProtocol) {
continue;
}
boolean matchedSourceRange = false;
List<String> sourceRanges = rule.getSourceRanges();
if (sourceRanges == null) {
if (rule.getSourceTags() == null) {
matchedSourceRange = true;
}
} else {
for (String sourceRange : sourceRanges) {
if (Objects.equal(sourceRange, "0.0.0.0/0")) {
matchedSourceRange = true;
}
}
}
if (matchedSourceRange) {
return rule;
}
}
return null;
}Aggregations
Firewall (com.google.api.services.compute.model.Firewall)2
Allowed (com.google.api.services.compute.model.Firewall.Allowed)2
Handler (org.platformlayer.ops.Handler)1
GoogleComputeClient (org.platformlayer.service.cloud.google.ops.compute.GoogleComputeClient)1
