List of usage examples for com.amazonaws.services.rds.model VpcSecurityGroupMembership getVpcSecurityGroupId
public String getVpcSecurityGroupId()
The name of the VPC security group.
From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsDataSourceRecovery.java
License:Open Source License
private void createRDSSecurityGroup(AwsReportDataSource awsReportDataSource) throws Exception { AWSCredentials awsCredentials = AwsCredentialUtil.getAWSCredentials(awsReportDataSource.getAWSAccessKey(), awsReportDataSource.getAWSSecretKey(), awsReportDataSource.getRoleARN()); AmazonRDSClient rdsClient = new AmazonRDSClient(awsCredentials); DescribeDBInstancesRequest describeDBInstancesRequest = new DescribeDBInstancesRequest() .withDBInstanceIdentifier(awsReportDataSource.getDbInstanceIdentifier()); String endpoint = awsReportDataSource.getAWSRegion(); if (endpoint != null) { rdsClient.setEndpoint(RDS + "." + endpoint); }/*www. j a v a2s . c o m*/ DBInstance dbInstance; DescribeDBInstancesResult describeInstancesResult = rdsClient .describeDBInstances(describeDBInstancesRequest); if (describeInstancesResult != null && describeInstancesResult.getDBInstances() != null && describeInstancesResult.getDBInstances().size() > 0) { dbInstance = describeInstancesResult.getDBInstances().get(0); if (!dbInstance.getDBInstanceStatus().equals(awsDataSourceActiveStatus)) { throw new JSException( messageSource.getMessage("aws.exception.datasource.recovery.instance.not.active", null, LocaleContextHolder.getLocale())); } Map<String, String> awsDSInstanceDetails = new HashMap<String, String>(); awsDSInstanceDetails.put(DB_REGION, parseRegionFromSubRegion(dbInstance.getAvailabilityZone())); DBSubnetGroup dbSubnetGroup = dbInstance.getDBSubnetGroup(); if (dbSubnetGroup != null) { awsDSInstanceDetails.put(DB_VPC_ID, dbSubnetGroup.getVpcId()); } else { awsDSInstanceDetails.put(DB_VPC_ID, null); } String instanceSourceIp = determineSourceIpAddress(awsDSInstanceDetails); if (!isNotEmpty(instanceSourceIp)) { throw new JSException( getErrorMessage("aws.exception.datasource.recovery.public.ip.not.determined")); } //IP that should be added in CIDRIP of JS DB Security Group String ingressIpMask = instanceSourceIp + ingressIpPermission; String vpcSecurityGroupId = null; if (awsDSInstanceDetails.get(DB_VPC_ID) != null) { //Recover VPC Security Group. vpcSecurityGroupId = recoverVpcSecurityGroup(awsReportDataSource, awsDSInstanceDetails.get(DB_VPC_ID), ingressIpMask); } else { //Recover Db Security Group //Fount existing JS DB Security Group Boolean jsSecurityGroupMembershipFount = true; DBSecurityGroup dbSecurityGroup = null; try { DescribeDBSecurityGroupsRequest describeDBSecurityGroupsRequest = new DescribeDBSecurityGroupsRequest() .withDBSecurityGroupName(awsProperties.getSecurityGroupName()); DescribeDBSecurityGroupsResult describeDBSecurityGroupsResult = rdsClient .describeDBSecurityGroups(describeDBSecurityGroupsRequest); dbSecurityGroup = describeDBSecurityGroupsResult.getDBSecurityGroups().get(0); } catch (DBSecurityGroupNotFoundException ex) { jsSecurityGroupMembershipFount = false; } boolean ingressIpMaskExist = false; if (jsSecurityGroupMembershipFount) { List<IPRange> ipRanges = dbSecurityGroup.getIPRanges(); for (IPRange ipRange : ipRanges) { if (ipRange.getCIDRIP().contains(ingressIpMask)) { ingressIpMaskExist = true; break; } } if (!ingressIpMaskExist) { //Remove old ingress Ips for (IPRange ipRange : ipRanges) { RevokeDBSecurityGroupIngressRequest revokeDBSecurityGroupIngressRequest = new RevokeDBSecurityGroupIngressRequest() .withDBSecurityGroupName(awsProperties.getSecurityGroupName()) .withCIDRIP(ipRange.getCIDRIP()); rdsClient.revokeDBSecurityGroupIngress(revokeDBSecurityGroupIngressRequest); } } } else { dbSecurityGroup = rdsClient.createDBSecurityGroup(new CreateDBSecurityGroupRequest() .withDBSecurityGroupName(awsProperties.getSecurityGroupName()) .withDBSecurityGroupDescription(awsProperties.getSecurityGroupDescription())); } //Authorize new ingress Ip if (!ingressIpMaskExist) { rdsClient.authorizeDBSecurityGroupIngress(new AuthorizeDBSecurityGroupIngressRequest() .withDBSecurityGroupName(dbSecurityGroup.getDBSecurityGroupName()) .withCIDRIP(ingressIpMask)); } } if (vpcSecurityGroupId == null) { List<DBSecurityGroupMembership> dbSecurityGroupMemberships = dbInstance.getDBSecurityGroups(); List<String> dbSecurityGroupNames = new ArrayList<String>(); for (DBSecurityGroupMembership dbSecurityGroupMembership : dbSecurityGroupMemberships) { dbSecurityGroupNames.add(dbSecurityGroupMembership.getDBSecurityGroupName()); } //If RDS Instance does not contain JSSecurityGroup that we should assign it to. if (!dbSecurityGroupNames.contains(awsProperties.getSecurityGroupName())) { dbSecurityGroupNames.add(awsProperties.getSecurityGroupName()); ModifyDBInstanceRequest modifyDBInstanceRequest = new ModifyDBInstanceRequest() .withDBSecurityGroups(dbSecurityGroupNames) .withDBInstanceIdentifier(dbInstance.getDBInstanceIdentifier()); modifyDBInstanceRequest.setApplyImmediately(true); rdsClient.modifyDBInstance(modifyDBInstanceRequest); } } else { List<VpcSecurityGroupMembership> vpcSecurityGroupMemberships = dbInstance.getVpcSecurityGroups(); List<String> vpcSecurityGroupIds = new ArrayList<String>(); for (VpcSecurityGroupMembership vpcSecurityGroupMembership : vpcSecurityGroupMemberships) { vpcSecurityGroupIds.add(vpcSecurityGroupMembership.getVpcSecurityGroupId()); } //If RDS Instance does not contain VPC Security Group that we should assign it to. if (!vpcSecurityGroupIds.contains(vpcSecurityGroupId)) { vpcSecurityGroupIds.add(vpcSecurityGroupId); ModifyDBInstanceRequest modifyDBInstanceRequest = new ModifyDBInstanceRequest() .withVpcSecurityGroupIds(vpcSecurityGroupIds) .withDBInstanceIdentifier(dbInstance.getDBInstanceIdentifier()); modifyDBInstanceRequest.setApplyImmediately(true); rdsClient.modifyDBInstance(modifyDBInstanceRequest); } } } }
From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsDataSourceRecovery.java
License:Open Source License
private void createRedshiftSecurityGroup(AwsReportDataSource awsReportDataSource) throws Exception { AWSCredentials awsCredentials = AwsCredentialUtil.getAWSCredentials(awsReportDataSource.getAWSAccessKey(), awsReportDataSource.getAWSSecretKey(), awsReportDataSource.getRoleARN()); AmazonRedshiftClient redshiftClient = new AmazonRedshiftClient(awsCredentials); DescribeClustersRequest describeClustersRequest = new DescribeClustersRequest() .withClusterIdentifier(awsReportDataSource.getDbInstanceIdentifier()); String endpoint = awsReportDataSource.getAWSRegion(); if (endpoint != null) { redshiftClient.setEndpoint(Redshift + "." + endpoint); }//from ww w. ja v a 2 s. com Cluster cluster; DescribeClustersResult describeClustersResult = redshiftClient.describeClusters(describeClustersRequest); if (describeClustersResult != null && describeClustersResult.getClusters() != null && describeClustersResult.getClusters().size() > 0) { cluster = describeClustersResult.getClusters().get(0); if (!cluster.getClusterStatus().equals(awsDataSourceActiveStatus)) { throw new JSException(getErrorMessage("aws.exception.datasource.recovery.instance.not.active")); } Map<String, String> awsDSInstanceDetails = new HashMap<String, String>(); awsDSInstanceDetails.put(DB_REGION, parseRegionFromSubRegion(cluster.getAvailabilityZone())); String vpcId = cluster.getVpcId(); if (isNotEmpty(vpcId)) { awsDSInstanceDetails.put(DB_VPC_ID, vpcId); } else { awsDSInstanceDetails.put(DB_VPC_ID, null); } String instanceSourceIp = determineSourceIpAddress(awsDSInstanceDetails); if (!isNotEmpty(instanceSourceIp)) { throw new JSException( getErrorMessage("aws.exception.datasource.recovery.public.ip.not.determined")); } //IP that should be added in CIDRIP of JS DB Security Group String ingressIpMask = instanceSourceIp + ingressIpPermission; String vpcSecurityGroupId = null; if (awsDSInstanceDetails.get(DB_VPC_ID) != null) { //Recover VPC Security Group. vpcSecurityGroupId = recoverVpcSecurityGroup(awsReportDataSource, awsDSInstanceDetails.get(DB_VPC_ID), ingressIpMask); } else { //Recover Cluster Security Group. //Fount existing JS DB Security Group Boolean jsSecurityGroupMembershipFount = true; ClusterSecurityGroup clusterSecurityGroup = null; try { DescribeClusterSecurityGroupsRequest describeClusterSecurityGroupsRequest = new DescribeClusterSecurityGroupsRequest() .withClusterSecurityGroupName(awsProperties.getSecurityGroupName()); DescribeClusterSecurityGroupsResult describeClusterSecurityGroupsResult = redshiftClient .describeClusterSecurityGroups(describeClusterSecurityGroupsRequest); clusterSecurityGroup = describeClusterSecurityGroupsResult.getClusterSecurityGroups().get(0); } catch (ClusterSecurityGroupNotFoundException ex) { jsSecurityGroupMembershipFount = false; } boolean ingressIpMaskExist = false; if (jsSecurityGroupMembershipFount) { List<com.amazonaws.services.redshift.model.IPRange> ipRanges = clusterSecurityGroup .getIPRanges(); for (com.amazonaws.services.redshift.model.IPRange ipRange : ipRanges) { if (ipRange.getCIDRIP().contains(ingressIpMask)) { ingressIpMaskExist = true; break; } } if (!ingressIpMaskExist) { //Remove old ingress Ips for (com.amazonaws.services.redshift.model.IPRange ipRange : ipRanges) { RevokeClusterSecurityGroupIngressRequest revokeClusterSecurityGroupIngressRequest = new RevokeClusterSecurityGroupIngressRequest() .withClusterSecurityGroupName(awsProperties.getSecurityGroupName()) .withCIDRIP(ipRange.getCIDRIP()); redshiftClient .revokeClusterSecurityGroupIngress(revokeClusterSecurityGroupIngressRequest); } } } else { clusterSecurityGroup = redshiftClient .createClusterSecurityGroup(new CreateClusterSecurityGroupRequest() .withClusterSecurityGroupName(awsProperties.getSecurityGroupName()) .withDescription(awsProperties.getSecurityGroupDescription())); } if (!ingressIpMaskExist) { redshiftClient .authorizeClusterSecurityGroupIngress(new AuthorizeClusterSecurityGroupIngressRequest() .withClusterSecurityGroupName( clusterSecurityGroup.getClusterSecurityGroupName()) .withCIDRIP(ingressIpMask)); } } if (vpcSecurityGroupId == null) { List<ClusterSecurityGroupMembership> clusterSecurityGroupMemberships = cluster .getClusterSecurityGroups(); List<String> clusterSecurityGroupNames = new ArrayList<String>(); for (ClusterSecurityGroupMembership clusterSecurityGroupMembership : clusterSecurityGroupMemberships) { clusterSecurityGroupNames.add(clusterSecurityGroupMembership.getClusterSecurityGroupName()); } //If Redshift Instance does not contain JSSecurityGroup that we should assign it to. if (!clusterSecurityGroupNames.contains(awsProperties.getSecurityGroupName())) { clusterSecurityGroupNames.add(awsProperties.getSecurityGroupName()); ModifyClusterRequest modifyClusterRequest = new ModifyClusterRequest() .withClusterSecurityGroups(clusterSecurityGroupNames) .withClusterIdentifier(cluster.getClusterIdentifier()); redshiftClient.modifyCluster(modifyClusterRequest); } } else { List<com.amazonaws.services.redshift.model.VpcSecurityGroupMembership> vpcSecurityGroupMemberships = cluster .getVpcSecurityGroups(); List<String> vpcSecurityGroupIds = new ArrayList<String>(); for (com.amazonaws.services.redshift.model.VpcSecurityGroupMembership vpcSecurityGroupMembership : vpcSecurityGroupMemberships) { vpcSecurityGroupIds.add(vpcSecurityGroupMembership.getVpcSecurityGroupId()); } //If Redshift Instance does not contain VPC Security Group that we should assign it to. if (!vpcSecurityGroupIds.contains(vpcSecurityGroupId)) { vpcSecurityGroupIds.add(vpcSecurityGroupId); ModifyClusterRequest modifyClusterRequest = new ModifyClusterRequest() .withVpcSecurityGroupIds(vpcSecurityGroupIds) .withClusterIdentifier(cluster.getClusterIdentifier()); redshiftClient.modifyCluster(modifyClusterRequest); } } } }