List of usage examples for com.amazonaws.services.redshift AmazonRedshiftClient describeClusterSecurityGroups
@Override
public DescribeClusterSecurityGroupsResult describeClusterSecurityGroups(
DescribeClusterSecurityGroupsRequest request)
Returns information about Amazon Redshift security groups.
From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsDataSourceRecovery.java
License:Open Source License
private void createRedshiftSecurityGroup(AwsReportDataSource awsReportDataSource) throws Exception { AWSCredentials awsCredentials = AwsCredentialUtil.getAWSCredentials(awsReportDataSource.getAWSAccessKey(), awsReportDataSource.getAWSSecretKey(), awsReportDataSource.getRoleARN()); AmazonRedshiftClient redshiftClient = new AmazonRedshiftClient(awsCredentials); DescribeClustersRequest describeClustersRequest = new DescribeClustersRequest() .withClusterIdentifier(awsReportDataSource.getDbInstanceIdentifier()); String endpoint = awsReportDataSource.getAWSRegion(); if (endpoint != null) { redshiftClient.setEndpoint(Redshift + "." + endpoint); }//from w w w. j ava2 s . c om Cluster cluster; DescribeClustersResult describeClustersResult = redshiftClient.describeClusters(describeClustersRequest); if (describeClustersResult != null && describeClustersResult.getClusters() != null && describeClustersResult.getClusters().size() > 0) { cluster = describeClustersResult.getClusters().get(0); if (!cluster.getClusterStatus().equals(awsDataSourceActiveStatus)) { throw new JSException(getErrorMessage("aws.exception.datasource.recovery.instance.not.active")); } Map<String, String> awsDSInstanceDetails = new HashMap<String, String>(); awsDSInstanceDetails.put(DB_REGION, parseRegionFromSubRegion(cluster.getAvailabilityZone())); String vpcId = cluster.getVpcId(); if (isNotEmpty(vpcId)) { awsDSInstanceDetails.put(DB_VPC_ID, vpcId); } else { awsDSInstanceDetails.put(DB_VPC_ID, null); } String instanceSourceIp = determineSourceIpAddress(awsDSInstanceDetails); if (!isNotEmpty(instanceSourceIp)) { throw new JSException( getErrorMessage("aws.exception.datasource.recovery.public.ip.not.determined")); } //IP that should be added in CIDRIP of JS DB Security Group String ingressIpMask = instanceSourceIp + ingressIpPermission; String vpcSecurityGroupId = null; if (awsDSInstanceDetails.get(DB_VPC_ID) != null) { //Recover VPC Security Group. vpcSecurityGroupId = recoverVpcSecurityGroup(awsReportDataSource, awsDSInstanceDetails.get(DB_VPC_ID), ingressIpMask); } else { //Recover Cluster Security Group. //Fount existing JS DB Security Group Boolean jsSecurityGroupMembershipFount = true; ClusterSecurityGroup clusterSecurityGroup = null; try { DescribeClusterSecurityGroupsRequest describeClusterSecurityGroupsRequest = new DescribeClusterSecurityGroupsRequest() .withClusterSecurityGroupName(awsProperties.getSecurityGroupName()); DescribeClusterSecurityGroupsResult describeClusterSecurityGroupsResult = redshiftClient .describeClusterSecurityGroups(describeClusterSecurityGroupsRequest); clusterSecurityGroup = describeClusterSecurityGroupsResult.getClusterSecurityGroups().get(0); } catch (ClusterSecurityGroupNotFoundException ex) { jsSecurityGroupMembershipFount = false; } boolean ingressIpMaskExist = false; if (jsSecurityGroupMembershipFount) { List<com.amazonaws.services.redshift.model.IPRange> ipRanges = clusterSecurityGroup .getIPRanges(); for (com.amazonaws.services.redshift.model.IPRange ipRange : ipRanges) { if (ipRange.getCIDRIP().contains(ingressIpMask)) { ingressIpMaskExist = true; break; } } if (!ingressIpMaskExist) { //Remove old ingress Ips for (com.amazonaws.services.redshift.model.IPRange ipRange : ipRanges) { RevokeClusterSecurityGroupIngressRequest revokeClusterSecurityGroupIngressRequest = new RevokeClusterSecurityGroupIngressRequest() .withClusterSecurityGroupName(awsProperties.getSecurityGroupName()) .withCIDRIP(ipRange.getCIDRIP()); redshiftClient .revokeClusterSecurityGroupIngress(revokeClusterSecurityGroupIngressRequest); } } } else { clusterSecurityGroup = redshiftClient .createClusterSecurityGroup(new CreateClusterSecurityGroupRequest() .withClusterSecurityGroupName(awsProperties.getSecurityGroupName()) .withDescription(awsProperties.getSecurityGroupDescription())); } if (!ingressIpMaskExist) { redshiftClient .authorizeClusterSecurityGroupIngress(new AuthorizeClusterSecurityGroupIngressRequest() .withClusterSecurityGroupName( clusterSecurityGroup.getClusterSecurityGroupName()) .withCIDRIP(ingressIpMask)); } } if (vpcSecurityGroupId == null) { List<ClusterSecurityGroupMembership> clusterSecurityGroupMemberships = cluster .getClusterSecurityGroups(); List<String> clusterSecurityGroupNames = new ArrayList<String>(); for (ClusterSecurityGroupMembership clusterSecurityGroupMembership : clusterSecurityGroupMemberships) { clusterSecurityGroupNames.add(clusterSecurityGroupMembership.getClusterSecurityGroupName()); } //If Redshift Instance does not contain JSSecurityGroup that we should assign it to. if (!clusterSecurityGroupNames.contains(awsProperties.getSecurityGroupName())) { clusterSecurityGroupNames.add(awsProperties.getSecurityGroupName()); ModifyClusterRequest modifyClusterRequest = new ModifyClusterRequest() .withClusterSecurityGroups(clusterSecurityGroupNames) .withClusterIdentifier(cluster.getClusterIdentifier()); redshiftClient.modifyCluster(modifyClusterRequest); } } else { List<com.amazonaws.services.redshift.model.VpcSecurityGroupMembership> vpcSecurityGroupMemberships = cluster .getVpcSecurityGroups(); List<String> vpcSecurityGroupIds = new ArrayList<String>(); for (com.amazonaws.services.redshift.model.VpcSecurityGroupMembership vpcSecurityGroupMembership : vpcSecurityGroupMemberships) { vpcSecurityGroupIds.add(vpcSecurityGroupMembership.getVpcSecurityGroupId()); } //If Redshift Instance does not contain VPC Security Group that we should assign it to. if (!vpcSecurityGroupIds.contains(vpcSecurityGroupId)) { vpcSecurityGroupIds.add(vpcSecurityGroupId); ModifyClusterRequest modifyClusterRequest = new ModifyClusterRequest() .withVpcSecurityGroupIds(vpcSecurityGroupIds) .withClusterIdentifier(cluster.getClusterIdentifier()); redshiftClient.modifyCluster(modifyClusterRequest); } } } }