All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.netflix.nfsidecar.resources.SecurityGroupAdmin Maven / Gradle / Ivy

package com.netflix.nfsidecar.resources;

import java.util.Collections;

import javax.ws.rs.DELETE;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.google.inject.Inject;
import com.netflix.nfsidecar.identity.IMembership;

/**
 * This http endpoint allows direct updates (adding/removing) (CIDR) IP addresses and port
 * ranges to the security group for this app.
 */
@Path("/v1/secgroup")
@Produces(MediaType.TEXT_PLAIN)
public class SecurityGroupAdmin
{
    private static final Logger log = LoggerFactory.getLogger(SecurityGroupAdmin.class);
    private static final String CIDR_TAG = "/32";
    private final IMembership membership;

    @Inject
    public SecurityGroupAdmin(IMembership membership)
    {
        this.membership = membership;
    }

    @POST
    public Response addACL(@QueryParam("ip") String ipAddr, @QueryParam("fromPort") int fromPort, @QueryParam("toPort") int toPort)
    {
        if(!ipAddr.endsWith(CIDR_TAG))
            ipAddr += CIDR_TAG;
        try
        {
            membership.addACL(Collections.singletonList(ipAddr), fromPort, toPort);
        }
        catch(Exception e)
        {
            log.error("Error while trying to add an ACL to a security group", e);
            return Response.serverError().build();
        }
        return Response.ok().build();
    }

    @DELETE
    public Response removeACL(@QueryParam("ip") String ipAddr, @QueryParam("fromPort") int fromPort, @QueryParam("toPort") int toPort)
    {
        if(!ipAddr.endsWith(CIDR_TAG))
            ipAddr += CIDR_TAG;
        try
        {
            membership.removeACL(Collections.singletonList(ipAddr), fromPort, toPort);
        }
        catch(Exception e)
        {
            log.error("Error while trying to remove an ACL to a security group", e);
            return Response.serverError().build();
        }
        return Response.ok().build();
    }
}





© 2015 - 2024 Weber Informatics LLC | Privacy Policy