当前位置: 首页>>代码示例>>Java>>正文

Java NetworkAclEntry类代码示例

本文整理汇总了Java中com.amazonaws.services.ec2.model.NetworkAclEntry的典型用法代码示例。如果您正苦于以下问题:Java NetworkAclEntry类的具体用法?Java NetworkAclEntry怎么用?Java NetworkAclEntry使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


NetworkAclEntry类属于com.amazonaws.services.ec2.model包,在下文中一共展示了NetworkAclEntry类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: getPortRangeFromAclEntry

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
/**
 * Gets the port range for the TCP and UDP protocols defined in the given network
 * ACL entry. If the range contains {@code -1}, it indicates all ports.
 *
 * @param aclEntry the given network ACL entry
 * @return         the port range that this network ACL entry applies to
 */
@VisibleForTesting
static Range<Integer> getPortRangeFromAclEntry(NetworkAclEntry aclEntry) {
  PortRange portRange = aclEntry.getPortRange();
  Range<Integer> ports = null;
  if (portRange != null) {
    if (portRange.getFrom() != null && portRange.getTo() != null) {
      ports = Range.closed(portRange.getFrom(), portRange.getTo());
    } else {
      if (portRange.getFrom() != null) {
        ports = Range.singleton(portRange.getFrom());
      } else if (portRange.getTo() != null) {
        ports = Range.singleton(portRange.getTo());
      }
    }
  }
  return ports;
}
开发者ID:cloudera,项目名称:director-aws-plugin,代码行数:25,代码来源:EC2NetworkValidator.java

示例2: visitNetworkAcl

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private void visitNetworkAcl(VPCDiagramBuilder vpcDiagramBuilder, NetworkAcl acl) throws CfnAssistException {
	vpcDiagramBuilder.addAcl(acl);
	String networkAclId = acl.getNetworkAclId();
	logger.debug("visit acl " + networkAclId);

	for(NetworkAclAssociation assoc : acl.getAssociations()) {
		String subnetId = assoc.getSubnetId();
		vpcDiagramBuilder.associateAclWithSubnet(acl, subnetId);
		
		for(NetworkAclEntry entry : acl.getEntries()) {
			if (entry.getEgress()) {
				vpcDiagramBuilder.addACLOutbound(networkAclId, entry, subnetId);
			} else {
				vpcDiagramBuilder.addACLInbound(networkAclId, entry, subnetId);
			}
		}			
	}	
}
开发者ID:cartwrightian,项目名称:cfnassist,代码行数:19,代码来源:VPCVisitor.java

示例3: checkRulesForNetworkAclEntries

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
/**
 * Checks network ACL entries against pre-defined network rules.
 *
 * Because network ACLs define both allow rules and deny rules, we need check
 * the enforcements and violations for both allow and deny rules.
 *
 * @param networkAclId        the network ACL ID
 * @param sortedEntries       the sorted list of network ACL entries
 * @param direction           the network traffic direction
 * @param accumulator         the exception condition accumulator
 * @param localizationContext the localization context
 */
private void checkRulesForNetworkAclEntries(String networkAclId,
                                            Iterable<NetworkAclEntry> sortedEntries,
                                            Direction direction,
                                            PluginExceptionConditionAccumulator accumulator,
                                            LocalizationContext localizationContext) {
  Iterable<NetworkRule> rules = networkRules.getRules(direction);
  if (Iterables.isEmpty(rules)) {
    return;
  }

  List<NetworkRule> pendingRules = Lists.newArrayList(rules);
  Multimap<String, NetworkRule> violatedRules = HashMultimap.create();

  for (NetworkAclEntry aclEntry : sortedEntries) {
    String cidr = getCidrFromAclEntry(aclEntry);
    if (cidr != null) {
      final List<String> ipRanges = ImmutableList.of(cidr);
      final String protocol = aclEntry.getProtocol();
      final Range<Integer> ports = getPortRangeFromAclEntry(aclEntry);
      final AccessType accessType =
          AccessType.valueOf(aclEntry.getRuleAction().toUpperCase(localizationContext.getLocale()));

      Iterator<NetworkRule> ruleIt = pendingRules.iterator();
      while (ruleIt.hasNext()) {
        NetworkRule rule = ruleIt.next();
        if (rule.isEnforced(protocol, ports, ipRanges, accessType)) {
          ruleIt.remove();
        } else if (rule.isViolated(protocol, ports, ipRanges, accessType)) {
          violatedRules.put(networkAclId, rule);
          ruleIt.remove();
        }
      }
    }
  }
  recordNotEnforcedRules(pendingRules, direction, accumulator, localizationContext,
      INVALID_ENFORCEMENT_NETWORK_ACL, SUBNET_ID);
  recordViolatedRules(violatedRules, direction, accumulator, localizationContext,
      INVALID_VIOLATION_NETWORK_ACL, SUBNET_ID);
}
开发者ID:cloudera,项目名称:director-aws-plugin,代码行数:52,代码来源:EC2NetworkValidator.java

示例4: getCidrFromAclEntry

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
/**
 * Gets the IP ranges defined in the given network ACL entry.
 *
 * @param aclEntry the given network ACL entry
 * @return         the IP range that the network ACL entry applies to
 */
@VisibleForTesting
static String getCidrFromAclEntry(NetworkAclEntry aclEntry) {
  String ipv4Cidr = aclEntry.getCidrBlock();
  if (!Strings.isNullOrEmpty(ipv4Cidr)) {
    return ipv4Cidr;
  } else {
    String ipv6Cidr = aclEntry.getIpv6CidrBlock();
    if (!Strings.isNullOrEmpty(ipv6Cidr)) {
      return ipv6Cidr;
    }
  }
  return null;
}
开发者ID:cloudera,项目名称:director-aws-plugin,代码行数:20,代码来源:EC2NetworkValidator.java

示例5: addACLOutbound

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
public void addACLOutbound(String aclId, NetworkAclEntry entry, String subnetId) throws CfnAssistException {
	String cidrUniqueId = createCidrUniqueId("out", aclId, entry);
	String labelForEdge = labelFromEntry(entry);
	securityDiagram.addCidr(cidrUniqueId, getLabelFromCidr(entry));
	if (entry.getRuleAction().equals(RuleAction.Allow.toString())) {
		securityDiagram.addConnectionFromSubDiagram(cidrUniqueId, subnetId, subnetDiagramBuilders.get(subnetId), labelForEdge);
	} else {
		securityDiagram.addBlockedConnectionFromSubDiagram(cidrUniqueId, subnetId, subnetDiagramBuilders.get(subnetId), labelForEdge);
	}
}
开发者ID:cartwrightian,项目名称:cfnassist,代码行数:11,代码来源:VPCDiagramBuilder.java

示例6: addACLInbound

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
public void addACLInbound(String aclId, NetworkAclEntry entry, String subnetId) throws CfnAssistException {
	String cidrUniqueId = createCidrUniqueId("in", aclId, entry);
	String labelForEdge = labelFromEntry(entry);
	securityDiagram.addCidr(cidrUniqueId, getLabelFromCidr(entry));
	//  associate subnet with port range and port range with cidr
	if (entry.getRuleAction().equals(RuleAction.Allow.toString())) {
		securityDiagram.addConnectionToSubDiagram(cidrUniqueId, subnetId, subnetDiagramBuilders.get(subnetId), labelForEdge);
	} else {
		securityDiagram.addBlockedConnectionToSubDiagram(cidrUniqueId, subnetId, subnetDiagramBuilders.get(subnetId), labelForEdge);
	}
}
开发者ID:cartwrightian,项目名称:cfnassist,代码行数:12,代码来源:VPCDiagramBuilder.java

示例7: getRuleName

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private String getRuleName(NetworkAclEntry entry) {
	Integer number = entry.getRuleNumber();
	if (number==32767) {
		return "default";
	}
	return number.toString();
}
开发者ID:cartwrightian,项目名称:cfnassist,代码行数:8,代码来源:VPCDiagramBuilder.java

示例8: getRangeFrom

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private String getRangeFrom(NetworkAclEntry entry) {
	PortRange portRange = entry.getPortRange();
	if (portRange==null) {
		return("all");
	}
	if (portRange.getFrom().toString().equals(portRange.getTo().toString())) {
		return String.format("%s", portRange.getFrom());
	}
	return String.format("%s-%s", portRange.getFrom(), portRange.getTo());
}
开发者ID:cartwrightian,项目名称:cfnassist,代码行数:11,代码来源:VPCDiagramBuilder.java

示例9: getProtoFrom

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private String getProtoFrom(NetworkAclEntry entry) {
	Integer protoNum = Integer.parseInt(entry.getProtocol());
	switch(protoNum) {
		case -1: return "all";
		case 1: return "icmp";
		case 6: return "tcp";
		case 17: return "udp";
	}
	return protoNum.toString();		
}
开发者ID:cartwrightian,项目名称:cfnassist,代码行数:11,代码来源:VPCDiagramBuilder.java

示例10: getLabelFromCidr

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private String getLabelFromCidr(NetworkAclEntry entry) {
	String cidrBlock = entry.getCidrBlock();
	if (cidrBlock.equals("0.0.0.0/0")) {
		return CIDR_ANY;
	} 
	return cidrBlock;
}
开发者ID:cartwrightian,项目名称:cfnassist,代码行数:8,代码来源:VPCDiagramBuilder.java

示例11: compare

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
@Override
public int compare(NetworkAclEntry entry1, NetworkAclEntry entry2) {
  return entry1.getRuleNumber().compareTo(entry2.getRuleNumber());
}
开发者ID:cloudera,项目名称:director-aws-plugin,代码行数:5,代码来源:EC2NetworkValidator.java

示例12: checkNetworkACL

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
/**
 * Validates the network ACL against the pre-defined network rules.
 *
 * <p>
 * For more information about network ACLs, see <a
 * href="http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html">Network ACLs</a> in the <i>Amazon
 * Virtual Private Cloud User Guide</i>.
 * </p>
 *
 * @param client              the EC2 client
 * @param configuration       the configuration to be validated
 * @param accumulator         the exception condition accumulator
 * @param localizationContext the localization context
 */
private void checkNetworkACL(AmazonEC2Client client,
                             Configured configuration,
                             PluginExceptionConditionAccumulator accumulator,
                             LocalizationContext localizationContext) {
  String subnetId = configuration.getConfigurationValue(SUBNET_ID, localizationContext);
  DescribeNetworkAclsResult aclResult;
  LOG.info(">> Describing network ACL associated with subnet '{}'", subnetId);
  try {
    aclResult = client.describeNetworkAcls(
        new DescribeNetworkAclsRequest().withFilters(
            new Filter().withName("association.subnet-id").withValues(subnetId)
        )
    );
  } catch (AmazonServiceException e) {
    // Due to backward compatibility, we cannot mandate the IAM permssion:
    // ec2:DescribeNetworkAcls in customers' accounts and have to fail the
    // above AWS call gracefully, which means the NetworkACL validation is
    // optional now.
    // We have logged a ticket, https://jira.cloudera.com/browse/CLOUD-5345,
    // to track it, and will make this validation mandatory later.
    LOG.warn("Failed to retrieve the network ACL for subnet: " + subnetId, e);
    LOG.warn("Skipping network ACL validation");
    return;
  }
  List<NetworkAcl> aclList = aclResult.getNetworkAcls();
  // Each subnet must be associated with one and only one network ACL.
  if (aclList.isEmpty()) {
    LOG.error(String.format(EMPTY_NETWORK_ACL, subnetId));
    addError(accumulator, SUBNET_ID, localizationContext, null,
        EMPTY_NETWORK_ACL, subnetId);
    return;
  }
  if (aclList.size() > 1) {
    List<String> aclIds = FluentIterable.from(aclList)
        .transform(new Function<NetworkAcl, String>() {
          @Override
          public String apply(NetworkAcl input) {
            return input.getNetworkAclId();
          }
        })
        .toList();
    LOG.error(String.format(MORE_THAN_ONE_NETWORK_ACL, aclIds, subnetId));
    addError(accumulator, SUBNET_ID, localizationContext, null,
        MORE_THAN_ONE_NETWORK_ACL, aclIds, subnetId);
    return;
  }

  NetworkAcl networkAcl = aclList.get(0);

  for (final Direction direction : Direction.values()) {
    Iterable<NetworkAclEntry> aclEntries = FluentIterable.from(networkAcl.getEntries())
        .filter(new Predicate<NetworkAclEntry>() {
          @Override
          public boolean apply(NetworkAclEntry aclEntry) {
            return direction == Direction.INBOUND
                ? !aclEntry.isEgress()
                : aclEntry.isEgress();
          }
        })
        .toSortedList(new NetworkAclEntryComparator());

    checkRulesForNetworkAclEntries(networkAcl.getNetworkAclId(), aclEntries, direction,
        accumulator, localizationContext);
  }
}
开发者ID:cloudera,项目名称:director-aws-plugin,代码行数:80,代码来源:EC2NetworkValidator.java

示例13: getEntries

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
@Override
public List<NetworkAclEntry> getEntries() {
    return (List<NetworkAclEntry>) resource.getAttribute("Entries");
}
开发者ID:awslabs,项目名称:aws-sdk-java-resources,代码行数:5,代码来源:NetworkAclImpl.java

示例14: labelFromEntry

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private String labelFromEntry(NetworkAclEntry entry) {
	String proto = getProtoFrom(entry);	
	String range = getRangeFrom(entry);

	return String.format("%s:[%s]\n(rule:%s)",proto, range, getRuleName(entry));
}
开发者ID:cartwrightian,项目名称:cfnassist,代码行数:7,代码来源:VPCDiagramBuilder.java

示例15: createCidrUniqueId

import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private String createCidrUniqueId(String direction, String aclId, NetworkAclEntry entry) {
	String uniqueId = String.format("%s_%s_%s", direction, entry.getCidrBlock(), aclId);
	return uniqueId;
}
开发者ID:cartwrightian,项目名称:cfnassist,代码行数:5,代码来源:VPCDiagramBuilder.java


注:本文中的com.amazonaws.services.ec2.model.NetworkAclEntry类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。