Examples with SecurityGroup software.amazon.awssdk.services.ec2.model.SecurityGroup used on opensource projects

Example 26 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project photon-model by vmware.

the class AWSUtils method getOrCreateDefaultSecurityGroup.

public static List<String> getOrCreateDefaultSecurityGroup(AmazonEC2AsyncClient amazonEC2Client, AWSNicContext nicCtx) {
    AWSSecurityGroupClient client = new AWSSecurityGroupClient(amazonEC2Client);
    // in case no group is configured in the properties, attempt to discover the default one
    if (nicCtx != null && nicCtx.vpc != null) {
        try {
            SecurityGroup group = client.getSecurityGroup(DEFAULT_SECURITY_GROUP_NAME, nicCtx.vpc.getVpcId());
            if (group != null) {
                return Arrays.asList(group.getGroupId());
            }
        } catch (AmazonServiceException t) {
            if (!t.getMessage().contains(DEFAULT_SECURITY_GROUP_NAME)) {
                throw t;
            }
        }
    }
    // if the group doesn't exist an exception is thrown. We won't throw a
    // missing group exception
    // we will continue and create the group
    String groupId = client.createDefaultSecurityGroupWithDefaultRules(nicCtx.vpc);
    return Collections.singletonList(groupId);
}

Example 27 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project photon-model by vmware.

the class AWSSecurityGroupClient method getSecurityGroupById.

public SecurityGroup getSecurityGroupById(String groupId) {
    SecurityGroup cellGroup = null;
    DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest().withGroupIds(groupId);
    DescribeSecurityGroupsResult cellGroups = this.client.describeSecurityGroups(req);
    if (cellGroups != null) {
        cellGroup = cellGroups.getSecurityGroups().get(0);
    }
    return cellGroup;
}

Example 28 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project photon-model by vmware.

the class TestAWSSetupUtils method deleteSecurityGroupUsingEC2Client.

public static void deleteSecurityGroupUsingEC2Client(AmazonEC2AsyncClient client, VerificationHost host, String awsGroupId) {
    host.log(Level.INFO, "Starting to delete aws Security group with id %s", awsGroupId);
    if (awsGroupId == null) {
        return;
    }
    try {
        DeleteSecurityGroupRequest deleteSecurityGroupRequest = new DeleteSecurityGroupRequest().withGroupId(awsGroupId);
        client.deleteSecurityGroup(deleteSecurityGroupRequest);
        host.waitFor("Timeout waiting for AWS to delete a SecurityGroup with name " + awsGroupId, () -> {
            // Check if the SG is actually not present on AWS after the delete operation
            SecurityGroup discoveredSGOnAWS = getSecurityGroupsIdUsingEC2Client(client, awsGroupId);
            if (discoveredSGOnAWS != null) {
                // Requested SG was not deleted from AWS
                return false;
            }
            host.log("Deleted SG with id: %s", awsGroupId);
            return true;
        });
    } catch (Exception e) {
        String message = e.getMessage();
        if (!message.contains("The security group '" + awsGroupId + "' already exists")) {
            throw e;
        }
    }
}

Example 29 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project photon-model by vmware.

the class TestProvisionAWSSecurityGroup method validateAWSArtifacts.

private void validateAWSArtifacts(String securityGroupDescriptionLink, AuthCredentialsServiceState creds) throws Throwable {
    SecurityGroupState securityGroup = getSecurityGroupState(securityGroupDescriptionLink);
    AWSSecurityGroupClient client = new AWSSecurityGroupClient(AWSUtils.getAsyncClient(creds, this.region, getExecutor()));
    // if any artifact is not present then an error will be thrown
    SecurityGroup sg = client.getSecurityGroupById(securityGroup.customProperties.get(AWSSecurityGroupService.SECURITY_GROUP_ID));
    assertNotNull(sg);
    assertNotNull(sg.getIpPermissions());
    assertTrue(sg.getIpPermissions().size() == 2);
    // check that there is a rule that enables internal communication
    assertTrue(isInternalRule(sg.getGroupId(), sg.getIpPermissions()));
    assertNotNull(sg.getIpPermissionsEgress());
    // there are two egress rules (one that was added as part of this test, and the default one)
    assertTrue(sg.getIpPermissionsEgress().size() == 2);
    // check that there is a rule that enables internal communication
    assertTrue(isInternalRule(sg.getGroupId(), sg.getIpPermissionsEgress()));
}

Example 30 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project photon-model by vmware.

the class TestAWSSecurityGroupService method testAllocateSecurityGroup.

/*
     * create a new security group via the allocation method
     */
@Test
public void testAllocateSecurityGroup() throws Throwable {
    this.client.createDefaultSecurityGroup(null);
    SecurityGroup group = this.client.getDefaultSecurityGroup(null);
    validateDefaultRules(group.getIpPermissions());
    this.client.deleteSecurityGroup(group.getGroupId());
}