Examples with SecurityRuleInner com.microsoft.azure.management.network.implementation.SecurityRuleInner used on opensource projects

Example 1 with SecurityRuleInner

use of com.microsoft.azure.management.network.implementation.SecurityRuleInner in project photon-model by vmware.

the class AzureSecurityGroupUtils method buildSecurityRule.

private static SecurityRuleInner buildSecurityRule(Rule rule, SecurityRuleDirection direction, int priority) {
    SecurityRuleInner sr = new SecurityRuleInner();
    sr.withPriority(priority);
    sr.withAccess(rule.access == Access.Allow ? SecurityRuleAccess.ALLOW : SecurityRuleAccess.DENY);
    sr.withDirection(direction);
    String addressPrefix = rule.ipRangeCidr.equals(ANY_RANGE) ? SecurityGroupService.ANY : rule.ipRangeCidr;
    String portRange = rule.ports.equals(SecurityGroupService.ALL_PORTS) ? SecurityGroupService.ANY : rule.ports;
    sr.withName(rule.name);
    sr.withProtocol(rule.protocol.equals(ALL_TRAFFIC) ? SecurityRuleProtocol.ASTERISK : new SecurityRuleProtocol(rule.protocol));
    if (SecurityRuleDirection.INBOUND.equals(direction)) {
        sr.withSourceAddressPrefix(addressPrefix);
        sr.withDestinationAddressPrefix(SecurityGroupService.ANY);
        sr.withSourcePortRange(portRange);
        sr.withDestinationPortRange(SecurityGroupService.ANY);
    } else {
        sr.withSourceAddressPrefix(SecurityGroupService.ANY);
        sr.withDestinationAddressPrefix(addressPrefix);
        sr.withSourcePortRange(SecurityGroupService.ANY);
        sr.withDestinationPortRange(portRange);
    }
    return sr;
}

Example 2 with SecurityRuleInner

use of com.microsoft.azure.management.network.implementation.SecurityRuleInner in project photon-model by vmware.

the class AzureSecurityGroupServiceTest method validateAzureSecurityRules.

private void validateAzureSecurityRules(List<SecurityRuleInner> actualRules, int expectedNumberOfRules) {
    assertEquals(expectedNumberOfRules, actualRules.stream().filter(r -> r.direction().equals(SecurityRuleDirection.INBOUND)).count());
    assertEquals(expectedNumberOfRules, actualRules.stream().filter(r -> r.direction().equals(SecurityRuleDirection.OUTBOUND)).count());
    for (SecurityRuleInner rule : actualRules) {
        assertTrue(rule.sourceAddressPrefix().equals(SecurityGroupService.ANY));
        assertTrue(rule.destinationAddressPrefix().equals(SecurityGroupService.ANY));
        assertTrue(rule.sourcePortRange().equals(SecurityGroupService.ANY));
        assertTrue(rule.destinationPortRange().equals(SecurityGroupService.ANY));
        if (rule.access().equals(SecurityRuleAccess.ALLOW)) {
            assertTrue(rule.protocol().equals(SecurityRuleProtocol.TCP));
        } else {
            assertTrue(rule.protocol().equals(SecurityRuleProtocol.UDP));
        }
    }
}

Example 3 with SecurityRuleInner

use of com.microsoft.azure.management.network.implementation.SecurityRuleInner in project photon-model by vmware.

the class AzureLoadBalancerService method updateSecurityRules.

/**
 * Build a list of Security group firewall rules to allow traffic through load balancer routes
 *
 * @param context Azure load balancer context
 */
private void updateSecurityRules(AzureLoadBalancerContext context) {
    List<SecurityRuleInner> securityRuleInnerList = Lists.newArrayList();
    final AtomicInteger priority = new AtomicInteger(2000);
    context.loadBalancerAzure.loadBalancingRules().forEach(loadBalancingRuleInner -> {
        SecurityRuleInner securityRuleInner = new SecurityRuleInner();
        securityRuleInner.withName(String.format("%s-sg-rule", loadBalancingRuleInner.name()));
        securityRuleInner.withDirection(SecurityRuleDirection.INBOUND);
        securityRuleInner.withAccess(SecurityRuleAccess.ALLOW);
        securityRuleInner.withPriority(priority.getAndIncrement());
        securityRuleInner.withProtocol(new SecurityRuleProtocol(loadBalancingRuleInner.protocol().toString()));
        securityRuleInner.withSourcePortRange(SecurityGroupService.ANY);
        securityRuleInner.withSourceAddressPrefix(SecurityGroupService.ANY);
        securityRuleInner.withDestinationPortRange(Integer.toString(loadBalancingRuleInner.backendPort()));
        // Azure API expects destination address prefix to be set even if we are using
        // destination address prefixes
        securityRuleInner.withDestinationAddressPrefix(getDestinationAddressPrefix(context));
        // TODO this should be fixed once Azure API version is updates
        // securityRuleInner.withDestinationAddressPrefixes(getDestinationAddressPrefixes
        // (context));
        securityRuleInnerList.add(securityRuleInner);
    });
    // update rules
    context.securityGroupInners.forEach(securityGroupInner -> {
        if (securityGroupInner != null) {
            securityGroupInner.securityRules().addAll(securityRuleInnerList);
            securityGroupInner.withSecurityRules(securityGroupInner.securityRules());
        }
    });
}

Example 4 with SecurityRuleInner

use of com.microsoft.azure.management.network.implementation.SecurityRuleInner in project photon-model by vmware.

the class AzureTestUtil method createAzureNetworkSecurityGroup.

private static void createAzureNetworkSecurityGroup(String resourceGroupName, NetworkManagementClientImpl networkManagementClient) throws Exception {
    final NetworkSecurityGroupInner sharedNSG = new NetworkSecurityGroupInner();
    sharedNSG.withLocation(AzureTestUtil.AZURE_RESOURCE_GROUP_LOCATION);
    SecurityRuleInner sr = new SecurityRuleInner();
    sr.withPriority(AzureConstants.AZURE_SECURITY_GROUP_PRIORITY);
    sr.withAccess(SecurityRuleAccess.ALLOW);
    sr.withDirection(SecurityRuleDirection.INBOUND);
    sr.withSourceAddressPrefix(AzureConstants.AZURE_SECURITY_GROUP_SOURCE_ADDRESS_PREFIX);
    sr.withDestinationAddressPrefix(AzureConstants.AZURE_SECURITY_GROUP_DESTINATION_ADDRESS_PREFIX);
    sr.withSourcePortRange(AzureConstants.AZURE_SECURITY_GROUP_SOURCE_PORT_RANGE);
    sr.withDestinationPortRange(AzureConstants.AZURE_LINUX_SECURITY_GROUP_DESTINATION_PORT_RANGE);
    sr.withName(AzureConstants.AZURE_LINUX_SECURITY_GROUP_NAME);
    sr.withProtocol(SecurityRuleProtocol.TCP);
    // Azure's custom serializers don't handle well collections constructed with
    // Collections.singletonList(), so initialize an ArrayList
    ArrayList<SecurityRuleInner> rules = new ArrayList<>();
    rules.add(sr);
    sharedNSG.withSecurityRules(rules);
    networkManagementClient.networkSecurityGroups().createOrUpdate(resourceGroupName, AzureTestUtil.AZURE_SECURITY_GROUP_NAME, sharedNSG);
}

Example 5 with SecurityRuleInner

use of com.microsoft.azure.management.network.implementation.SecurityRuleInner in project photon-model by vmware.

the class AzureSecurityGroupUtils method addSecurityRules.

private static NetworkSecurityGroupInner addSecurityRules(NetworkSecurityGroupInner securityGroupInner, SecurityGroupState sgState) {
    AssertUtil.assertNotNull(sgState, "SecurityGroup state should not be null.");
    AssertUtil.assertNotNull(securityGroupInner, "NetworkSecurityGroupInner should not be null.");
    List<SecurityRuleInner> securityRules = new ArrayList<>();
    List<SecurityRuleInner> defaultSecurityRules = securityGroupInner.defaultSecurityRules();
    final AtomicInteger priority = new AtomicInteger(1000);
    if (sgState.ingress != null) {
        sgState.ingress.forEach(rule -> {
            SecurityRuleInner sgRule = buildSecurityRule(rule, SecurityRuleDirection.INBOUND, priority.getAndIncrement());
            if (!isDefaultRule(defaultSecurityRules, sgRule)) {
                securityRules.add(sgRule);
            }
        });
    }
    priority.set(1000);
    if (sgState.egress != null) {
        sgState.egress.forEach(rule -> {
            SecurityRuleInner sgInner = buildSecurityRule(rule, SecurityRuleDirection.OUTBOUND, priority.getAndIncrement());
            if (!isDefaultRule(defaultSecurityRules, sgInner)) {
                securityRules.add(sgInner);
            }
        });
    }
    if (securityRules.size() > 0) {
        securityGroupInner.withSecurityRules(securityRules);
    }
    return securityGroupInner;
}