List of usage examples for com.amazonaws.services.ec2.model IpPermission getToPort
public Integer getToPort()
The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.
From source file:c3.ops.priam.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's/*from ww w . j ava 2s.c o m*/ */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.appdynamics.connectors.AWSConnector.java
License:Apache License
private void validateAndConfigureSecurityGroups(List<String> securityGroupNames, AmazonEC2 connector) throws ConnectorException { DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); DescribeSecurityGroupsResult describeSecurityGroupsResult = connector .describeSecurityGroups(describeSecurityGroupsRequest.withGroupNames(securityGroupNames)); String controllerIp = "0.0.0.0/0"; int agentPort = controllerServices.getDefaultAgentPort(); // check if any one of the security group // already has agent port and controller ip List<SecurityGroup> securityGroups = describeSecurityGroupsResult.getSecurityGroups(); for (SecurityGroup securityGroup : securityGroups) { List<IpPermission> ipPermissions = securityGroup.getIpPermissions(); for (IpPermission permission : ipPermissions) { if (permission.getIpRanges().contains(controllerIp) && (agentPort >= permission.getFromPort() && agentPort <= permission.getToPort())) { return; }/* w ww.j a va 2 s .c om*/ } } String securityGroup = null; if (securityGroups.contains(Utils.DEFAULT_SECURITY_GROUP)) { securityGroup = Utils.DEFAULT_SECURITY_GROUP; } else { securityGroup = securityGroups.get(0).getGroupName(); } IpPermission ipPermission = new IpPermission(); ipPermission.setFromPort(agentPort); ipPermission.setToPort(agentPort); ipPermission.setIpProtocol("tcp"); ipPermission.setIpRanges(Lists.newArrayList(controllerIp)); connector.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(securityGroup, Lists.newArrayList(ipPermission))); }
From source file:com.axemblr.provisionr.amazon.functions.ConvertIpPermissionToRule.java
License:Apache License
@Override public Rule apply(IpPermission ipPermission) { final RuleBuilder builder = Rule.builder().cidr(getOnlyElement(ipPermission.getIpRanges())) .protocol(Protocol.valueOf(ipPermission.getIpProtocol().toUpperCase())); if (!ipPermission.getIpProtocol().equals("icmp")) { builder.ports(ipPermission.getFromPort(), ipPermission.getToPort()); }/*from www. j av a 2 s .co m*/ return builder.createRule(); }
From source file:com.brighttag.agathon.security.ec2.Ec2SecurityGroupService.java
License:Apache License
/** * Converts EC2 {@link IpPermission}s to {@link SecurityGroupPermission}s. *///from www. ja v a 2s.co m private ImmutableSet<SecurityGroupPermission> fromIpPermissions(Iterable<IpPermission> permissions) { return FluentIterable.from(permissions).transform(new Function<IpPermission, SecurityGroupPermission>() { @Override public SecurityGroupPermission apply(IpPermission permission) { return new SecurityGroupPermission(Netmask.fromCidr(permission.getIpRanges()), Range.closed(permission.getFromPort(), permission.getToPort())); } }).toSet(); }
From source file:com.netflix.dynomitemanager.sidecore.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's/*from w ww . j a v a 2 s. co m*/ */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); if (this.insEnvIdentity.isClassic()) { DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); logger.info("Fetch current permissions for classic env of running instance"); } else { Filter nameFilter = new Filter().withName("group-name").withValues(config.getACLGroupName()); String vpcid = config.getVpcId(); if (vpcid == null || vpcid.isEmpty()) { throw new IllegalStateException("vpcid is null even though instance is running in vpc."); } Filter vpcFilter = new Filter().withName("vpc-id").withValues(vpcid); //only fetch SG for the vpc id of the running instance DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest().withFilters(nameFilter, vpcFilter); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); logger.info("Fetch current permissions for vpc env of running instance"); } return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.netflix.raigad.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's//from w w w .ja v a 2 s . co m */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) { for (IpPermission perm : group.getIpPermissions()) { if (perm.getFromPort() == from && perm.getToPort() == to) { ipPermissions.addAll(perm.getIpRanges()); } } } return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.zotoh.cloudapi.aws.SecurityGroup.java
License:Open Source License
private List<FirewallRule> toRules(String group, IpPermission p) { List<FirewallRule> lst = LT(); if (p != null) { for (String s : p.getIpRanges()) { lst.add(new FirewallRule(group, s, Protocol.valueOf(p.getIpProtocol().toUpperCase()), p.getFromPort(), p.getToPort())); }//w ww . ja v a2 s. co m } return lst; }
From source file:datameer.awstasks.aws.ec2.GroupPermission.java
License:Apache License
public boolean matches(IpPermission ipPermission) { boolean sourceAllowed = false; if (!ipPermission.getIpRanges().isEmpty()) { sourceAllowed = ipPermission.getIpRanges().contains(_sourceIp); } else if (!ipPermission.getUserIdGroupPairs().isEmpty()) { sourceAllowed = false;//w ww . ja v a 2 s . com } return ipPermission.getFromPort() <= getFromPort() && ipPermission.getToPort() >= getToPort() && getProtocol().equalsIgnoreCase(ipPermission.getIpProtocol()) && sourceAllowed; }
From source file:org.apache.provisionr.amazon.functions.ConvertIpPermissionToRule.java
License:Apache License
@Override public Rule apply(IpPermission ipPermission) { checkNotNull(ipPermission, "ipPermission is null"); final RuleBuilder builder = Rule.builder().cidr(getOnlyElement(ipPermission.getIpRanges())) .protocol(Protocol.valueOf(ipPermission.getIpProtocol().toUpperCase())); if (!ipPermission.getIpProtocol().equalsIgnoreCase("icmp")) { builder.ports(ipPermission.getFromPort(), ipPermission.getToPort()); }/*from w w w . j a v a 2s . c om*/ return builder.createRule(); }
From source file:org.apache.usergrid.chop.api.store.amazon.AmazonIpRuleManager.java
License:Apache License
protected static IpRule toIpRule(IpPermission permission) { BasicIpRule rule = new BasicIpRule(); rule.setFromPort(permission.getFromPort()); rule.setToPort(permission.getToPort()); rule.setIpProtocol(permission.getIpProtocol()); rule.setIpRanges(permission.getIpRanges()); return rule;//w w w . j a v a2 s . c o m }