org.jclouds.googlecomputeengine.domain.Firewall Maven / Gradle / Ivy
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jclouds.googlecomputeengine.domain;
import static com.google.common.base.Objects.equal;
import static com.google.common.base.Objects.toStringHelper;
import static com.google.common.base.Preconditions.checkNotNull;
import static com.google.common.base.Preconditions.checkState;
import static com.google.common.collect.Range.closed;
import static com.google.common.collect.Range.singleton;
import java.beans.ConstructorProperties;
import java.net.URI;
import java.util.Date;
import java.util.Set;
import org.jclouds.net.domain.IpProtocol;
import com.google.common.annotations.Beta;
import com.google.common.base.Objects;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.RangeSet;
import com.google.common.collect.TreeRangeSet;
/**
* Represents a network firewall
*
* @author David Alves
* @see
* @see
*/
@Beta
public final class Firewall extends Resource {
private final URI network;
private final Set sourceRanges;
private final Set sourceTags;
private final Set targetTags;
private final Set allowed;
@ConstructorProperties({
"id", "creationTimestamp", "selfLink", "name", "description", "network", "sourceRanges",
"sourceTags", "targetTags", "allowed"
})
protected Firewall(String id, Date creationTimestamp, URI selfLink, String name, String description,
URI network, Set sourceRanges, Set sourceTags, Set targetTags,
Set allowed) {
super(Kind.FIREWALL, id, creationTimestamp, selfLink, name, description);
this.network = checkNotNull(network, "network of %s", name);
this.sourceRanges = sourceRanges == null ? ImmutableSet.of() : sourceRanges;
this.sourceTags = sourceTags == null ? ImmutableSet.of() : sourceTags;
this.targetTags = targetTags == null ? ImmutableSet.of() : targetTags;
this.allowed = allowed == null ? ImmutableSet.of() : allowed;
}
/**
* @return URI of the network to which this firewall is applied; provided by the client when the firewall is created.
*/
public URI getNetwork() {
return network;
}
/**
* One or both of sourceRanges and sourceTags may be set; an inbound connection is allowed if either the range or
* the tag of the source matches.
*
* @return a list of IP address blocks expressed in CIDR format which this rule applies to.
*/
public Set getSourceRanges() {
return sourceRanges;
}
/**
* @return a list of instance items which this rule applies to. One or both of sourceRanges and sourceTags may be
* set; an inbound connection is allowed if either the range or the tag of the source matches.
*/
public Set getSourceTags() {
return sourceTags;
}
/**
* If no targetTags are specified, the firewall rule applies to all instances on the specified network.
*
* @return a list of instance items indicating sets of instances located on network which may make network
* connections as specified in allowed.
*/
public Set getTargetTags() {
return targetTags;
}
/**
* Each rule specifies a protocol and port-range tuple that describes a permitted connection.
*
* @return the list of rules specified by this firewall.
*/
public Set getAllowed() {
return allowed;
}
/**
* {@inheritDoc}
*/
protected Objects.ToStringHelper string() {
return super.string()
.add("network", network)
.add("sourceRanges", sourceRanges)
.add("sourceTags", sourceTags)
.add("targetTags", targetTags)
.add("allowed", allowed);
}
/**
* {@inheritDoc}
*/
@Override
public String toString() {
return string().toString();
}
public static Builder builder() {
return new Builder();
}
public Builder toBuilder() {
return new Builder().fromFirewall(this);
}
public static final class Builder extends Resource.Builder {
private URI network;
private ImmutableSet.Builder sourceRanges = ImmutableSet.builder();
private ImmutableSet.Builder sourceTags = ImmutableSet.builder();
private ImmutableSet.Builder targetTags = ImmutableSet.builder();
private ImmutableSet.Builder allowed = ImmutableSet.builder();
/**
* @see Firewall#getNetwork()
*/
public Builder network(URI network) {
this.network = network;
return this;
}
/**
* @see Firewall#getSourceRanges()
*/
public Builder addSourceRange(String sourceRange) {
this.sourceRanges.add(checkNotNull(sourceRange));
return this;
}
/**
* @see Firewall#getSourceRanges()
*/
public Builder sourceRanges(Set sourceRanges) {
this.sourceRanges.addAll(checkNotNull(sourceRanges));
return this;
}
/**
* @see Firewall#getSourceTags()
*/
public Builder addSourceTag(String sourceTag) {
this.sourceTags.add(checkNotNull(sourceTag));
return this;
}
/**
* @see Firewall#getSourceTags()
*/
public Builder sourceTags(Set sourceTags) {
this.sourceTags.addAll(checkNotNull(sourceTags));
return this;
}
/**
* @see Firewall#getTargetTags()
*/
public Builder addTargetTag(String targetTag) {
this.targetTags.add(checkNotNull(targetTag));
return this;
}
/**
* @see Firewall#getTargetTags()
*/
public Builder targetTags(Set targetTags) {
this.targetTags.addAll(checkNotNull(targetTags));
return this;
}
/**
* @see Firewall#getAllowed()
*/
public Builder addAllowed(Rule firewallRule) {
this.allowed.add(checkNotNull(firewallRule));
return this;
}
/**
* @see Firewall#getAllowed()
*/
public Builder allowed(Set firewallRules) {
this.allowed = ImmutableSet.builder();
this.allowed.addAll(firewallRules);
return this;
}
@Override
protected Builder self() {
return this;
}
public Firewall build() {
return new Firewall(super.id, super.creationTimestamp, super.selfLink, super.name,
super.description, network, sourceRanges.build(), sourceTags.build(), targetTags.build(),
allowed.build());
}
public Builder fromFirewall(Firewall in) {
return super.fromResource(in).network(in.getNetwork()).sourceRanges(in.getSourceRanges()).sourceTags(in
.getSourceTags()).targetTags(in.getTargetTags()).allowed(in.getAllowed());
}
}
/**
* A Firewall rule. Rule specifies a protocol and port-range tuple that describes a
* permitted connection.
*
* @author David Alves
* @see
*/
public static final class Rule {
private final IpProtocol ipProtocol;
private final RangeSet ports;
/* Some handy shortcuts */
public static Rule permitTcpRule(Integer start, Integer end) { return Rule.builder().IpProtocol(IpProtocol.TCP).addPortRange(start, end).build(); }
public static Rule permitTcpRule(Integer port) { return Rule.builder().IpProtocol(IpProtocol.TCP).addPort(port).build(); }
public static Rule permitUdpRule(Integer start, Integer end) { return Rule.builder().IpProtocol(IpProtocol.UDP).addPortRange(start, end).build(); }
public static Rule permitUdpRule(Integer port) { return Rule.builder().IpProtocol(IpProtocol.UDP).addPort(port).build(); }
@ConstructorProperties({
"IpProtocol", "ports"
})
private Rule(IpProtocol IpProtocol, RangeSet ports) {
this.ipProtocol = checkNotNull(IpProtocol);
this.ports = ports == null ? TreeRangeSet.create() : ports;
}
/**
* This can either be a well known protocol string (tcp, udp or icmp) or the IP protocol number.
*
* @return this is the IP protocol that is allowed for this rule.
*/
public IpProtocol getIpProtocol() {
return ipProtocol;
}
/**
* Each entry must be either an integer or a range. If not specified, connections through any port are allowed.
* Example inputs include: ["22"], ["80,"443"], and ["12345-12349"].
*
* It is an error to specify this for any protocol that isn't UDP or TCP.
*
* @return An optional list of ports which are allowed.
*/
public RangeSet getPorts() {
return ports;
}
/**
* {@inheritDoc}
*/
@Override
public int hashCode() {
return Objects.hashCode(ipProtocol, ports);
}
/**
* {@inheritDoc}
*/
@Override
public boolean equals(Object obj) {
if (this == obj) return true;
if (obj == null || getClass() != obj.getClass()) return false;
Rule that = Rule.class.cast(obj);
return equal(this.ipProtocol, that.ipProtocol)
&& equal(this.ports, that.ports);
}
/**
* {@inheritDoc}
*/
public Objects.ToStringHelper string() {
return toStringHelper(this)
.add("IpProtocol", ipProtocol).add("ports", ports);
}
/**
* {@inheritDoc}
*/
@Override
public String toString() {
return string().toString();
}
public static Builder builder() {
return new Builder();
}
public Builder toBuilder() {
return builder().fromFirewallRule(this);
}
public static final class Builder {
private IpProtocol ipProtocol;
private RangeSet ports = TreeRangeSet.create();
/**
* @see org.jclouds.googlecomputeengine.domain.Firewall.Rule#getIpProtocol()
*/
public Builder IpProtocol(IpProtocol IpProtocol) {
this.ipProtocol = IpProtocol;
return this;
}
/**
* @see org.jclouds.googlecomputeengine.domain.Firewall.Rule#getPorts()
*/
public Builder addPort(Integer port) {
this.ports.add(singleton(checkNotNull(port, "port")));
return this;
}
/**
* @see org.jclouds.googlecomputeengine.domain.Firewall.Rule#getPorts()
*/
public Builder addPortRange(Integer start, Integer end) {
checkState(checkNotNull(start, "start") < checkNotNull(end, "end"),
"start of range must be lower than end of range");
this.ports.add(closed(start, end));
return this;
}
/**
* @see org.jclouds.googlecomputeengine.domain.Firewall.Rule#getPorts()
*/
public Builder ports(RangeSet ports) {
this.ports = TreeRangeSet.create();
this.ports.addAll(ports);
return this;
}
public Rule build() {
return new Rule(ipProtocol, ports);
}
public Builder fromFirewallRule(Rule firewallRule) {
return new Builder().IpProtocol(firewallRule.getIpProtocol()).ports(firewallRule.getPorts());
}
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy