List of usage examples for com.amazonaws.services.ec2.model SecurityGroup getOwnerId
public String getOwnerId()
The AWS account ID of the owner of the security group.
From source file:com.netflix.spinnaker.clouddriver.aws.deploy.handlers.MigrateSecurityGroupStrategy.java
License:Apache License
private Set<MigrateSecurityGroupReference> getTargetReferences(SecurityGroupUpdater source) { SecurityGroup group = source.getSecurityGroup(); if (getInfrastructureApplications().contains(Names.parseName(group.getGroupName()).getApp())) { return new HashSet<>(); }//from ww w . j av a 2 s .c o m return group.getIpPermissions().stream().map(IpPermission::getUserIdGroupPairs).flatMap(List::stream) .filter(pair -> !pair.getGroupId().equals(group.getGroupId()) || !pair.getUserId().equals(group.getOwnerId())) .map(pair -> { NetflixAmazonCredentials account = sourceLookup.getCredentialsForId(pair.getUserId()); if (pair.getGroupName() == null) { if (account == null) { pair.setGroupName(pair.getGroupId()); } else { sourceLookup.getSecurityGroupById(account.getName(), pair.getGroupId(), pair.getVpcId()) .ifPresent(u -> pair.setGroupName(u.getSecurityGroup().getGroupName())); } } return new MigrateSecurityGroupReference(pair, account); }).collect(Collectors.toSet()); }
From source file:com.netflix.spinnaker.clouddriver.aws.security.DefaultAWSAccountInfoLookup.java
License:Apache License
@Override public String findAccountId() { AmazonEC2 ec2 = amazonClientProvider.getAmazonEC2(credentialsProvider, AmazonClientProvider.DEFAULT_REGION); try {//from w w w. j a va2 s. c om List<Vpc> vpcs = ec2.describeVpcs().getVpcs(); boolean supportsByName = false; if (vpcs.isEmpty()) { supportsByName = true; } else { for (Vpc vpc : vpcs) { if (vpc.getIsDefault()) { supportsByName = true; break; } } } DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest(); if (supportsByName) { request.withGroupNames(DEFAULT_SECURITY_GROUP_NAME); } DescribeSecurityGroupsResult result = ec2.describeSecurityGroups(request); for (SecurityGroup sg : result.getSecurityGroups()) { //if there is a vpcId or it is the default security group it won't be an EC2 cross account group if ((sg.getVpcId() != null && sg.getVpcId().length() > 0) || DEFAULT_SECURITY_GROUP_NAME.equals(sg.getGroupName())) { return sg.getOwnerId(); } } throw new IllegalArgumentException("Unable to lookup accountId with provided credentials"); } catch (AmazonServiceException ase) { if ("AccessDenied".equals(ase.getErrorCode())) { String message = ase.getMessage(); Matcher matcher = IAM_ARN_PATTERN.matcher(message); if (matcher.matches()) { return matcher.group(1); } } throw ase; } }
From source file:n3phele.factory.ec2.VirtualServerResource.java
License:Open Source License
private boolean makeSecurityGroup(String groupName, String id, String secret, URI location, String to, String firstName, String lastName) { AmazonEC2Client client = null;//from w w w .j a v a 2 s . c o m client = getEC2Client(id, secret, location); boolean found = true; boolean failed = false; try { client.createSecurityGroup(new CreateSecurityGroupRequest().withGroupName("n3phele-" + groupName) .withDescription("n3phele " + groupName + " security group")); String ownerId = null; DescribeSecurityGroupsResult newGroupResult = client.describeSecurityGroups(); for (SecurityGroup g : newGroupResult.getSecurityGroups()) { if (g.getGroupName().equals("n3phele-" + groupName)) { ownerId = g.getOwnerId(); } } if (ownerId == null) return false; log.info("found ownerId of " + ownerId); log.info("adding ssh ports"); try { client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest().withGroupName("n3phele-" + groupName) .withCidrIp("0.0.0.0/0").withIpProtocol("tcp").withFromPort(22).withToPort(22)); } catch (Exception e) { log.log(Level.SEVERE, "Create security group " + groupName, e); failed = true; } log.info("adding agent ports"); try { client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest().withGroupName("n3phele-" + groupName) .withCidrIp("0.0.0.0/0").withIpProtocol("tcp").withFromPort(8887).withToPort(8887)); } catch (Exception e) { log.log(Level.SEVERE, "Create security group " + groupName, e); failed = true; } if (!failed) { log.info("adding self access"); try { List<IpPermission> permissions = new ArrayList<IpPermission>(); UserIdGroupPair userIdGroupPairs = new UserIdGroupPair().withUserId(ownerId) .withGroupName("n3phele-" + groupName); permissions.add(new IpPermission().withIpProtocol("icmp").withFromPort(-1).withToPort(-1) .withUserIdGroupPairs(userIdGroupPairs)); permissions.add(new IpPermission().withIpProtocol("tcp").withFromPort(1).withToPort(65535) .withUserIdGroupPairs(userIdGroupPairs)); permissions.add(new IpPermission().withIpProtocol("udp").withFromPort(1).withToPort(65535) .withUserIdGroupPairs(userIdGroupPairs)); log.info("adding icmp/tcp/udp"); client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest("n3phele-" + groupName, permissions)); } catch (Exception e) { log.log(Level.WARNING, "Error adding self access to group " + groupName, e); } } if (failed) { client.deleteSecurityGroup(new DeleteSecurityGroupRequest().withGroupName("n3phele-" + groupName)); found = false; } else { sendSecurityGroupNotificationEmail("n3phele-" + groupName, to, firstName, lastName, location); } } catch (Exception e) { log.log(Level.SEVERE, "Create security group " + groupName, e); client.deleteSecurityGroup(new DeleteSecurityGroupRequest().withGroupName("n3phele-" + groupName)); found = false; } return found; }
From source file:org.gridgain.grid.spi.cloud.ec2lite.GridEc2LiteCloudSpi.java
License:GNU General Public License
/** * Gets security group resource from EC2 security group. * * @param grp EC2 security group./* ww w .j av a 2 s. c o m*/ * @return Security group resource. */ private GridCloudResource createSecurityGroupResource(SecurityGroup grp) { assert grp != null; Map<String, String> params = new HashMap<String, String>(); params.put(OWNER_ID, grp.getOwnerId()); params.put(GRP_DESCR, grp.getDescription()); List<IpPermission> perms = grp.getIpPermissions(); int permSize = F.isEmpty(perms) ? 0 : perms.size(); params.put(GRP_IP_PERMS_CNT, String.valueOf(permSize)); for (int i = 0; i < permSize; i++) { IpPermission perm = perms.get(i); StringBuilder buf = new StringBuilder(); buf.append('[').append(IP_PERM_IP_PROTO).append('=').append(perm.getIpProtocol()).append(VAL_DELIM) .append(IP_PERM_FROM_PORT).append('=').append(perm.getFromPort()).append(VAL_DELIM) .append(IP_PERM_TO_PORT).append('=').append(perm.getToPort()).append(VAL_DELIM) .append(IP_PERM_IP_RANGE).append('=').append(perm.getIpRanges()); List<UserIdGroupPair> pairs = perm.getUserIdGroupPairs(); int pairSize = F.isEmpty(pairs) ? 0 : pairs.size(); if (pairSize > 0) { buf.append(VAL_DELIM).append(USER_ID_GRP_PAIR).append("=["); for (int j = 0; j < pairSize; j++) { if (j != 0) buf.append(','); UserIdGroupPair pair = pairs.get(j); buf.append(PAIR).append(j).append("=[").append(PAIR_USER_ID).append('=') .append(pair.getUserId()).append(':').append(PAIR_GRP).append('=') .append(pair.getGroupName()).append(']'); } buf.append(']'); } buf.append(']'); params.put(GRP_IP_PERM + i, buf.toString()); } return new GridCloudSpiResourceAdapter(grp.getGroupName(), CLD_SECURITY_GROUP, cloudId, params); }