Example 1 with OutboundInternetTraffic
use of com.sequenceiq.common.api.type.OutboundInternetTraffic in project cloudbreak by hortonworks.
the class OutboundInternetTrafficValidator method isValid.
@Override
public boolean isValid(EnvironmentNetworkRequest environmentNetworkRequest, ConstraintValidatorContext constraintValidatorContext) {
OutboundInternetTraffic outboundInternetTraffic = environmentNetworkRequest.getOutboundInternetTraffic();
ServiceEndpointCreation serviceEndpointCreation = environmentNetworkRequest.getServiceEndpointCreation();
if (outboundInternetTraffic == OutboundInternetTraffic.DISABLED && (serviceEndpointCreation == null || serviceEndpointCreation == ServiceEndpointCreation.DISABLED)) {
return false;
}
return true;
}
Also used :
ServiceEndpointCreation(com.sequenceiq.common.api.type.ServiceEndpointCreation)
OutboundInternetTraffic(com.sequenceiq.common.api.type.OutboundInternetTraffic)
Example 2 with OutboundInternetTraffic
use of com.sequenceiq.common.api.type.OutboundInternetTraffic in project cloudbreak by hortonworks.
the class SecurityGroupBuilderUtil method egress.
public void egress(AmazonEc2Client amazonEc2Client, AuthenticatedContext ac, AwsNetworkView awsNetworkView, String securityGroupId, List<IpPermission> egress) {
OutboundInternetTraffic outboundInternetTraffic = awsNetworkView.getOutboundInternetTraffic();
List<String> prefixListIds = awsNetworkService.getPrefixListIds(amazonEc2Client, ac.getCloudContext().getLocation().getRegion().getRegionName(), outboundInternetTraffic);
List<String> vpcCidrs = awsNetworkService.getVpcCidrs(ac, awsNetworkView);
if (outboundInternetTraffic == OutboundInternetTraffic.DISABLED && (!prefixListIds.isEmpty() || !vpcCidrs.isEmpty())) {
List<IpPermission> permissions = new ArrayList<>();
for (String existingVpcCidr : vpcCidrs) {
IpPermission e = new IpPermission().withIpProtocol("-1").withIpv4Ranges(new IpRange().withCidrIp(existingVpcCidr));
if (!egress.contains(e)) {
permissions.add(e);
}
}
for (String prefixListId : prefixListIds) {
IpPermission e = new IpPermission().withIpProtocol("-1").withFromPort(0).withToPort(TO_PORT).withPrefixListIds(new PrefixListId().withPrefixListId(prefixListId));
if (!egress.contains(e)) {
permissions.add(e);
}
}
if (!permissions.isEmpty()) {
AuthorizeSecurityGroupEgressRequest reguest = new AuthorizeSecurityGroupEgressRequest().withGroupId(securityGroupId).withIpPermissions(permissions);
amazonEc2Client.addEgress(reguest);
LOGGER.info("Egress added to {}", securityGroupId);
} else {
LOGGER.debug("No permission for egress request, skip it");
}
} else {
LOGGER.debug("Egress creation skipped: {}, prefix list size: {}, vpc cidrs size: {}", outboundInternetTraffic, prefixListIds.size(), vpcCidrs.size());
}
}
Also used :
IpRange(com.amazonaws.services.ec2.model.IpRange)
PrefixListId(com.amazonaws.services.ec2.model.PrefixListId)
ArrayList(java.util.ArrayList)
IpPermission(com.amazonaws.services.ec2.model.IpPermission)
OutboundInternetTraffic(com.sequenceiq.common.api.type.OutboundInternetTraffic)
AuthorizeSecurityGroupEgressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupEgressRequest)
Aggregations
OutboundInternetTraffic (com.sequenceiq.common.api.type.OutboundInternetTraffic)2
AuthorizeSecurityGroupEgressRequest (com.amazonaws.services.ec2.model.AuthorizeSecurityGroupEgressRequest)1
IpPermission (com.amazonaws.services.ec2.model.IpPermission)1
IpRange (com.amazonaws.services.ec2.model.IpRange)1
PrefixListId (com.amazonaws.services.ec2.model.PrefixListId)1
ServiceEndpointCreation (com.sequenceiq.common.api.type.ServiceEndpointCreation)1
ArrayList (java.util.ArrayList)1
