• Home
• io.cloudsoft.jclouds.labs
• google-compute-engine
• 1.7.4-ea-brooklyn.1
• source code
• NetworkFirewallPredicates.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.jclouds.googlecomputeengine.predicates.NetworkFirewallPredicates Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.jclouds.googlecomputeengine.predicates;

import org.jclouds.googlecomputeengine.domain.Firewall;
import org.jclouds.googlecomputeengine.domain.Firewall.Rule;
import org.jclouds.net.domain.IpPermission;
import org.jclouds.net.domain.IpProtocol;

import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import com.google.common.collect.Range;
import com.google.common.collect.Sets;

public class NetworkFirewallPredicates {

   public static Predicate hasProtocol(final IpProtocol protocol) {
      return new Predicate() {

         @Override
         public boolean apply(Firewall fw) {
            for (Rule rule: fw.getAllowed()) {
               if (rule.getIpProtocol().equals(protocol)) {
                  return true;
               }
            }

            return false;
         }
      };
   }

   public static Predicate hasPortRange(final Range portRange) {
      return new Predicate() {

         @Override
         public boolean apply(Firewall fw) {
            return Iterables.any(fw.getAllowed(), new Predicate() {
               @Override
               public boolean apply(Rule input) {
                  return input.getPorts().encloses(portRange);
               }
            });
         }
      };
   }

   public static Predicate hasSourceTag(final String sourceTag) {
      return new Predicate() {
         @Override
         public boolean apply(Firewall input) {
            return input.getSourceTags() != null && input.getSourceTags().contains(sourceTag);
         }
      };
   }

   public static Predicate hasSourceRange(final String sourceRange) {
      return new Predicate() {
         @Override
         public boolean apply(Firewall input) {
            return input.getSourceRanges() != null && input.getSourceRanges().contains(sourceRange);
         }
      };
   }

   public static Predicate equalsIpPermission(final IpPermission permission) {
      return new Predicate() {
         @Override
         public boolean apply(Firewall input) {
            return Iterables.elementsEqual(permission.getGroupIds(), input.getSourceTags())
                      && Iterables.elementsEqual(permission.getCidrBlocks(), input.getSourceRanges())
                      && (input.getAllowed().size() == 1
                             && ruleEqualsIpPermission(permission).apply(Iterables.getOnlyElement(input.getAllowed())));
         }
      };
   }

   public static Predicate providesIpPermission(final IpPermission permission) {
      return new Predicate() {
         @Override
         public boolean apply(Firewall input) {
            boolean groupsMatchTags = (permission.getGroupIds().isEmpty() && input.getSourceTags().isEmpty())
                    || !Sets.intersection(permission.getGroupIds(), input.getSourceTags()).isEmpty();
            boolean cidrsMatchRanges =(permission.getCidrBlocks().isEmpty() && input.getSourceRanges().isEmpty())
                    || !Sets.intersection(permission.getCidrBlocks(), input.getSourceRanges()).isEmpty();
            boolean firewallHasPorts = hasProtocol(permission.getIpProtocol()).apply(input)
                    && ((permission.getFromPort() == 0 && permission.getToPort() == 0)
                    || hasPortRange(Range.closed(permission.getFromPort(), permission.getToPort())).apply(input));

            return groupsMatchTags && cidrsMatchRanges && firewallHasPorts;
         }
      };
   }

   private static Predicate ruleEqualsIpPermission(final IpPermission permission) {
      return new Predicate() {
         @Override
         public boolean apply(Firewall.Rule input) {
            return permission.getIpProtocol().equals(input.getIpProtocol())
                      && ((input.getPorts().isEmpty() && permission.getFromPort() == 0 && permission.getToPort() == 0)
                             || (input.getPorts().asRanges().size() == 1
                                    && permission.getFromPort() == Iterables.getOnlyElement(input.getPorts().asRanges()).lowerEndpoint()
                                    && permission.getToPort() == Iterables.getOnlyElement(input.getPorts().asRanges()).upperEndpoint()));
         }
      };
   }
}