本文整理汇总了Java中com.amazonaws.services.ec2.model.NetworkAclEntry类的典型用法代码示例。如果您正苦于以下问题:Java NetworkAclEntry类的具体用法?Java NetworkAclEntry怎么用?Java NetworkAclEntry使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
NetworkAclEntry类属于com.amazonaws.services.ec2.model包,在下文中一共展示了NetworkAclEntry类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getPortRangeFromAclEntry
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
/**
* Gets the port range for the TCP and UDP protocols defined in the given network
* ACL entry. If the range contains {@code -1}, it indicates all ports.
*
* @param aclEntry the given network ACL entry
* @return the port range that this network ACL entry applies to
*/
@VisibleForTesting
static Range<Integer> getPortRangeFromAclEntry(NetworkAclEntry aclEntry) {
PortRange portRange = aclEntry.getPortRange();
Range<Integer> ports = null;
if (portRange != null) {
if (portRange.getFrom() != null && portRange.getTo() != null) {
ports = Range.closed(portRange.getFrom(), portRange.getTo());
} else {
if (portRange.getFrom() != null) {
ports = Range.singleton(portRange.getFrom());
} else if (portRange.getTo() != null) {
ports = Range.singleton(portRange.getTo());
}
}
}
return ports;
}
示例2: visitNetworkAcl
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private void visitNetworkAcl(VPCDiagramBuilder vpcDiagramBuilder, NetworkAcl acl) throws CfnAssistException {
vpcDiagramBuilder.addAcl(acl);
String networkAclId = acl.getNetworkAclId();
logger.debug("visit acl " + networkAclId);
for(NetworkAclAssociation assoc : acl.getAssociations()) {
String subnetId = assoc.getSubnetId();
vpcDiagramBuilder.associateAclWithSubnet(acl, subnetId);
for(NetworkAclEntry entry : acl.getEntries()) {
if (entry.getEgress()) {
vpcDiagramBuilder.addACLOutbound(networkAclId, entry, subnetId);
} else {
vpcDiagramBuilder.addACLInbound(networkAclId, entry, subnetId);
}
}
}
}
示例3: checkRulesForNetworkAclEntries
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
/**
* Checks network ACL entries against pre-defined network rules.
*
* Because network ACLs define both allow rules and deny rules, we need check
* the enforcements and violations for both allow and deny rules.
*
* @param networkAclId the network ACL ID
* @param sortedEntries the sorted list of network ACL entries
* @param direction the network traffic direction
* @param accumulator the exception condition accumulator
* @param localizationContext the localization context
*/
private void checkRulesForNetworkAclEntries(String networkAclId,
Iterable<NetworkAclEntry> sortedEntries,
Direction direction,
PluginExceptionConditionAccumulator accumulator,
LocalizationContext localizationContext) {
Iterable<NetworkRule> rules = networkRules.getRules(direction);
if (Iterables.isEmpty(rules)) {
return;
}
List<NetworkRule> pendingRules = Lists.newArrayList(rules);
Multimap<String, NetworkRule> violatedRules = HashMultimap.create();
for (NetworkAclEntry aclEntry : sortedEntries) {
String cidr = getCidrFromAclEntry(aclEntry);
if (cidr != null) {
final List<String> ipRanges = ImmutableList.of(cidr);
final String protocol = aclEntry.getProtocol();
final Range<Integer> ports = getPortRangeFromAclEntry(aclEntry);
final AccessType accessType =
AccessType.valueOf(aclEntry.getRuleAction().toUpperCase(localizationContext.getLocale()));
Iterator<NetworkRule> ruleIt = pendingRules.iterator();
while (ruleIt.hasNext()) {
NetworkRule rule = ruleIt.next();
if (rule.isEnforced(protocol, ports, ipRanges, accessType)) {
ruleIt.remove();
} else if (rule.isViolated(protocol, ports, ipRanges, accessType)) {
violatedRules.put(networkAclId, rule);
ruleIt.remove();
}
}
}
}
recordNotEnforcedRules(pendingRules, direction, accumulator, localizationContext,
INVALID_ENFORCEMENT_NETWORK_ACL, SUBNET_ID);
recordViolatedRules(violatedRules, direction, accumulator, localizationContext,
INVALID_VIOLATION_NETWORK_ACL, SUBNET_ID);
}
示例4: getCidrFromAclEntry
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
/**
* Gets the IP ranges defined in the given network ACL entry.
*
* @param aclEntry the given network ACL entry
* @return the IP range that the network ACL entry applies to
*/
@VisibleForTesting
static String getCidrFromAclEntry(NetworkAclEntry aclEntry) {
String ipv4Cidr = aclEntry.getCidrBlock();
if (!Strings.isNullOrEmpty(ipv4Cidr)) {
return ipv4Cidr;
} else {
String ipv6Cidr = aclEntry.getIpv6CidrBlock();
if (!Strings.isNullOrEmpty(ipv6Cidr)) {
return ipv6Cidr;
}
}
return null;
}
示例5: addACLOutbound
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
public void addACLOutbound(String aclId, NetworkAclEntry entry, String subnetId) throws CfnAssistException {
String cidrUniqueId = createCidrUniqueId("out", aclId, entry);
String labelForEdge = labelFromEntry(entry);
securityDiagram.addCidr(cidrUniqueId, getLabelFromCidr(entry));
if (entry.getRuleAction().equals(RuleAction.Allow.toString())) {
securityDiagram.addConnectionFromSubDiagram(cidrUniqueId, subnetId, subnetDiagramBuilders.get(subnetId), labelForEdge);
} else {
securityDiagram.addBlockedConnectionFromSubDiagram(cidrUniqueId, subnetId, subnetDiagramBuilders.get(subnetId), labelForEdge);
}
}
示例6: addACLInbound
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
public void addACLInbound(String aclId, NetworkAclEntry entry, String subnetId) throws CfnAssistException {
String cidrUniqueId = createCidrUniqueId("in", aclId, entry);
String labelForEdge = labelFromEntry(entry);
securityDiagram.addCidr(cidrUniqueId, getLabelFromCidr(entry));
// associate subnet with port range and port range with cidr
if (entry.getRuleAction().equals(RuleAction.Allow.toString())) {
securityDiagram.addConnectionToSubDiagram(cidrUniqueId, subnetId, subnetDiagramBuilders.get(subnetId), labelForEdge);
} else {
securityDiagram.addBlockedConnectionToSubDiagram(cidrUniqueId, subnetId, subnetDiagramBuilders.get(subnetId), labelForEdge);
}
}
示例7: getRuleName
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private String getRuleName(NetworkAclEntry entry) {
Integer number = entry.getRuleNumber();
if (number==32767) {
return "default";
}
return number.toString();
}
示例8: getRangeFrom
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private String getRangeFrom(NetworkAclEntry entry) {
PortRange portRange = entry.getPortRange();
if (portRange==null) {
return("all");
}
if (portRange.getFrom().toString().equals(portRange.getTo().toString())) {
return String.format("%s", portRange.getFrom());
}
return String.format("%s-%s", portRange.getFrom(), portRange.getTo());
}
示例9: getProtoFrom
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private String getProtoFrom(NetworkAclEntry entry) {
Integer protoNum = Integer.parseInt(entry.getProtocol());
switch(protoNum) {
case -1: return "all";
case 1: return "icmp";
case 6: return "tcp";
case 17: return "udp";
}
return protoNum.toString();
}
示例10: getLabelFromCidr
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private String getLabelFromCidr(NetworkAclEntry entry) {
String cidrBlock = entry.getCidrBlock();
if (cidrBlock.equals("0.0.0.0/0")) {
return CIDR_ANY;
}
return cidrBlock;
}
示例11: compare
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
@Override
public int compare(NetworkAclEntry entry1, NetworkAclEntry entry2) {
return entry1.getRuleNumber().compareTo(entry2.getRuleNumber());
}
示例12: checkNetworkACL
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
/**
* Validates the network ACL against the pre-defined network rules.
*
* <p>
* For more information about network ACLs, see <a
* href="http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html">Network ACLs</a> in the <i>Amazon
* Virtual Private Cloud User Guide</i>.
* </p>
*
* @param client the EC2 client
* @param configuration the configuration to be validated
* @param accumulator the exception condition accumulator
* @param localizationContext the localization context
*/
private void checkNetworkACL(AmazonEC2Client client,
Configured configuration,
PluginExceptionConditionAccumulator accumulator,
LocalizationContext localizationContext) {
String subnetId = configuration.getConfigurationValue(SUBNET_ID, localizationContext);
DescribeNetworkAclsResult aclResult;
LOG.info(">> Describing network ACL associated with subnet '{}'", subnetId);
try {
aclResult = client.describeNetworkAcls(
new DescribeNetworkAclsRequest().withFilters(
new Filter().withName("association.subnet-id").withValues(subnetId)
)
);
} catch (AmazonServiceException e) {
// Due to backward compatibility, we cannot mandate the IAM permssion:
// ec2:DescribeNetworkAcls in customers' accounts and have to fail the
// above AWS call gracefully, which means the NetworkACL validation is
// optional now.
// We have logged a ticket, https://jira.cloudera.com/browse/CLOUD-5345,
// to track it, and will make this validation mandatory later.
LOG.warn("Failed to retrieve the network ACL for subnet: " + subnetId, e);
LOG.warn("Skipping network ACL validation");
return;
}
List<NetworkAcl> aclList = aclResult.getNetworkAcls();
// Each subnet must be associated with one and only one network ACL.
if (aclList.isEmpty()) {
LOG.error(String.format(EMPTY_NETWORK_ACL, subnetId));
addError(accumulator, SUBNET_ID, localizationContext, null,
EMPTY_NETWORK_ACL, subnetId);
return;
}
if (aclList.size() > 1) {
List<String> aclIds = FluentIterable.from(aclList)
.transform(new Function<NetworkAcl, String>() {
@Override
public String apply(NetworkAcl input) {
return input.getNetworkAclId();
}
})
.toList();
LOG.error(String.format(MORE_THAN_ONE_NETWORK_ACL, aclIds, subnetId));
addError(accumulator, SUBNET_ID, localizationContext, null,
MORE_THAN_ONE_NETWORK_ACL, aclIds, subnetId);
return;
}
NetworkAcl networkAcl = aclList.get(0);
for (final Direction direction : Direction.values()) {
Iterable<NetworkAclEntry> aclEntries = FluentIterable.from(networkAcl.getEntries())
.filter(new Predicate<NetworkAclEntry>() {
@Override
public boolean apply(NetworkAclEntry aclEntry) {
return direction == Direction.INBOUND
? !aclEntry.isEgress()
: aclEntry.isEgress();
}
})
.toSortedList(new NetworkAclEntryComparator());
checkRulesForNetworkAclEntries(networkAcl.getNetworkAclId(), aclEntries, direction,
accumulator, localizationContext);
}
}
示例13: getEntries
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
@Override
public List<NetworkAclEntry> getEntries() {
return (List<NetworkAclEntry>) resource.getAttribute("Entries");
}
示例14: labelFromEntry
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private String labelFromEntry(NetworkAclEntry entry) {
String proto = getProtoFrom(entry);
String range = getRangeFrom(entry);
return String.format("%s:[%s]\n(rule:%s)",proto, range, getRuleName(entry));
}
示例15: createCidrUniqueId
import com.amazonaws.services.ec2.model.NetworkAclEntry; //导入依赖的package包/类
private String createCidrUniqueId(String direction, String aclId, NetworkAclEntry entry) {
String uniqueId = String.format("%s_%s_%s", direction, entry.getCidrBlock(), aclId);
return uniqueId;
}