com.amazonaws.services.ec2.model.Ipv6Range Java Examples

The following examples show how to use com.amazonaws.services.ec2.model.Ipv6Range. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityGroupsTableProviderTest.java    From aws-athena-query-federation with Apache License 2.0 6 votes vote down vote up
private SecurityGroup makeSecurityGroup(String id)
{
    return new SecurityGroup()
            .withGroupId(id)
            .withGroupName("name")
            .withDescription("description")
            .withIpPermissions(new IpPermission()
                    .withIpProtocol("protocol")
                    .withFromPort(100)
                    .withToPort(100)
                    .withIpv4Ranges(new IpRange().withCidrIp("cidr").withDescription("description"))

                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("cidr").withDescription("description"))
                    .withPrefixListIds(new PrefixListId().withPrefixListId("prefix").withDescription("description"))
                    .withUserIdGroupPairs(new UserIdGroupPair().withGroupId("group_id").withUserId("user_id"))
            );
}
 
Example #2
Source File: PredicatesTest.java    From fullstop with Apache License 2.0 6 votes vote down vote up
@Test
public void testAllTcpFromEverywhereIPv6() throws Exception {
    assertThat(pred).accepts(
            new IpPermission()
                    .withFromPort(0)
                    .withToPort(65535)
                    .withIpProtocol("tcp")
                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")));

    assertThat(pred).accepts(
            new IpPermission()
                    .withFromPort(0)
                    .withToPort(65535)
                    .withIpProtocol("6")
                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")));
}
 
Example #3
Source File: PredicatesTest.java    From fullstop with Apache License 2.0 6 votes vote down vote up
@Test
public void testAllUDPFromEverywhereIPv6() throws Exception {
    assertThat(pred).accepts(
            new IpPermission()
                    .withIpProtocol("udp")
                    .withFromPort(0)
                    .withToPort(65535)
                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")));

    assertThat(pred).accepts(
            new IpPermission()
                    .withIpProtocol("17")
                    .withFromPort(0)
                    .withToPort(65535)
                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")));
}
 
Example #4
Source File: PredicatesTest.java    From fullstop with Apache License 2.0 6 votes vote down vote up
@Test
public void testAllICMPIPv6FromEverywhereIPv6() throws Exception {
    assertThat(pred).rejects(
            new IpPermission()
                    .withIpProtocol("icmpv6")
                    .withFromPort(-1)
                    .withToPort(-1)
                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")));

    assertThat(pred).rejects(
            new IpPermission()
                    .withIpProtocol("58")
                    .withFromPort(-1)
                    .withToPort(-1)
                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")));
}
 
Example #5
Source File: PredicatesTest.java    From fullstop with Apache License 2.0 6 votes vote down vote up
@Test
public void testAllICMPIPv4FromEverywhereIPv6() throws Exception {
    assertThat(pred).rejects(
            new IpPermission()
                    .withIpProtocol("icmp")
                    .withFromPort(-1)
                    .withToPort(-1)
                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")));

    assertThat(pred).rejects(
            new IpPermission()
                    .withIpProtocol("1")
                    .withFromPort(-1)
                    .withToPort(-1)
                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")));
}
 
Example #6
Source File: SecurityGroupsCheckerImplTest.java    From fullstop with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
@Before
public void setUp() throws Exception {
    final ClientProvider mockClientProvider = mock(ClientProvider.class);
    final AmazonEC2Client mockEC2 = mock(AmazonEC2Client.class);
    mockPredicate = (Predicate<IpPermission>) mock(Predicate.class);

    when(mockClientProvider.getClient(any(), any(), any())).thenReturn(mockEC2);

    securityGroupsChecker = new SecurityGroupsCheckerImpl(mockClientProvider, mockPredicate);

    final DescribeSecurityGroupsResult securityGroups = new DescribeSecurityGroupsResult()
            .withSecurityGroups(new SecurityGroup()
                    .withGroupId("sg-12345678")
                    .withGroupName("my-sec-group")
                    .withIpPermissions(new IpPermission()
                            .withIpProtocol("tcp")
                            .withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0"))
                            .withFromPort(0)
                            .withToPort(65535)
                            .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0"))
                            .withUserIdGroupPairs(new UserIdGroupPair()
                                    .withUserId("111222333444")
                                    .withGroupId("sg-11223344"))));
    when(mockEC2.describeSecurityGroups(any())).thenReturn(securityGroups);
}
 
Example #7
Source File: PredicatesTest.java    From fullstop with Apache License 2.0 5 votes vote down vote up
@Test
public void testAllTrafficFromPrivateNetworks() throws Exception {
    assertThat(pred).rejects(
            new IpPermission()
                    .withIpProtocol("-1")
                    .withIpv4Ranges(
                            new IpRange().withCidrIp("10.0.0.0/8"),
                            new IpRange().withCidrIp("172.31.0.0/16"),
                            new IpRange().withCidrIp("172.16.0.0/12"),
                            new IpRange().withCidrIp("192.168.0.0/16"))
                    .withIpv6Ranges(
                            new Ipv6Range().withCidrIpv6("fc00::/7"))
    );
}
 
Example #8
Source File: PredicatesTest.java    From fullstop with Apache License 2.0 5 votes vote down vote up
@Test
public void testAllTrafficFromEverywhereIPv6() throws Exception {
    assertThat(pred).accepts(
            new IpPermission()
                    .withIpProtocol("-1")
                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")));

    assertThat(pred).accepts(
            new IpPermission()
                    .withIpProtocol(null)
                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")));
}
 
Example #9
Source File: PredicatesTest.java    From fullstop with Apache License 2.0 5 votes vote down vote up
@Test
public void testUnallowedPortFromEverywhereIPv6() throws Exception {
    assertThat(pred).accepts(
            new IpPermission()
                    .withFromPort(9100)
                    .withToPort(9100)
                    .withIpProtocol("tcp")
                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")));
}
 
Example #10
Source File: PredicatesTest.java    From fullstop with Apache License 2.0 5 votes vote down vote up
@Test
public void testAllowedPortFromEverywhereIPv6() throws Exception {
    assertThat(pred).rejects(
            new IpPermission()
                    .withFromPort(443)
                    .withToPort(443)
                    .withIpProtocol("tcp")
                    .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")));
}
 
Example #11
Source File: PublicAccessAutoFix.java    From pacbot with Apache License 2.0 4 votes vote down vote up
/**
 * Creates the security group.
 *
 * @param sourceSecurityGroupId the source security group id
 * @param vpcId the vpc id
 * @param ec2Client the ec 2 client
 * @param ipPermissionsToBeAdded the ip permissions to be added
 * @param resourceId the resource id
 * @param defaultCidrIp the default cidr ip
 * @param existingIpPermissions the existing ip permissions
 * @return the string
 * @throws Exception the exception
 */
public static String createSecurityGroup(String sourceSecurityGroupId, String vpcId, AmazonEC2 ec2Client, Collection<IpPermission> ipPermissionsToBeAdded, String resourceId,String defaultCidrIp,List<IpPermission> existingIpPermissions) throws Exception {
	String createdSecurityGroupId = null;
	try {
		CreateSecurityGroupRequest createsgRequest = new CreateSecurityGroupRequest();
		createsgRequest.setGroupName(createSecurityGroupName(pacTag,resourceId));
		createsgRequest.setVpcId(vpcId);
		createsgRequest.setDescription(createSecurityGroupDescription(sourceSecurityGroupId));
		CreateSecurityGroupResult createResult = ec2Client.createSecurityGroup(createsgRequest);
		createdSecurityGroupId = createResult.getGroupId();

		if (!createdSecurityGroupId.isEmpty()) {
			logger.info("Security Group {} created successfully" ,createdSecurityGroupId);
			// Authorize newly created securityGroup with Inbound Rules
			AuthorizeSecurityGroupIngressRequest authRequest = new AuthorizeSecurityGroupIngressRequest();
			authRequest.setGroupId(createdSecurityGroupId);
			if(ipPermissionsToBeAdded.isEmpty()){
                   IpRange ipv4Ranges = new IpRange();
                   ipv4Ranges.setCidrIp(defaultCidrIp);
				for (IpPermission ipPermission : existingIpPermissions) {

					if (!ipPermission.getIpv4Ranges().isEmpty()) {
						ipPermission.setIpv4Ranges(Arrays.asList(ipv4Ranges));
					}

					if (!ipPermission.getIpv6Ranges().isEmpty()) {
						Ipv6Range ipv6Range = new Ipv6Range();
						ipPermission.setIpv6Ranges(Arrays.asList(ipv6Range));
					}
					if (!ipPermission.getIpv4Ranges().isEmpty() || !ipPermission.getIpv6Ranges().isEmpty()) {
						ipPermissionsToBeAdded.add(ipPermission);
					}
				}
               }
			authRequest.setIpPermissions(ipPermissionsToBeAdded);
			ec2Client.authorizeSecurityGroupIngress(authRequest);
			//adding tag
			String deleteSgTag = CommonUtils.getPropValue("deleteSgTag");
			Map<String, String> tagMap = new HashMap();
			tagMap.put(deleteSgTag, "true");
			CreateTagsRequest createTagsRequest = new CreateTagsRequest(Arrays.asList(createdSecurityGroupId), new ArrayList<>());
			createTagsRequest.setTags(tagMap.entrySet().stream().map(t -> new Tag(t.getKey(), t.getValue())).collect(Collectors.toList()));
			try {
				ec2Client.createTags(createTagsRequest);
			} catch (AmazonServiceException ase) {
				logger.error("error tagging sg - > " + resourceId, ase);
				throw ase;
			}
		}

	} catch (Exception e) {
		logger.error(e.getMessage());
		logger.debug(e.getMessage());
		throw new RuntimeException(sourceSecurityGroupId+ " SG copy failed");
	}
	return createdSecurityGroupId;
}