From f332c82afde69d6f32de092c6643f5c4dcb384c4 Mon Sep 17 00:00:00 2001 From: Chintan Raval Date: Wed, 3 Oct 2018 14:06:57 +1000 Subject: [PATCH 1/5] Add support for UDP to ec2.SecurityGroupRule --- .../aws-ec2/lib/security-group-rule.ts | 87 ++++++++++++++++++- .../@aws-cdk/aws-ec2/test/test.connections.ts | 8 +- 2 files changed, 92 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts index 9b707fd82f29b..53bf04efeebe8 100644 --- a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts +++ b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts @@ -234,7 +234,92 @@ export class TcpAllPorts implements IPortRange { } /** - * All TCP Ports + * A single UDP port + */ +export class UdpPort implements IPortRange { + public readonly canInlineRule = true; + + constructor(private readonly port: number) { + } + + public toRuleJSON(): any { + return { + ipProtocol: Protocol.Udp, + fromPort: this.port, + toPort: this.port + }; + } + + public toString() { + return `${this.port}`; + } +} + +/** + * A single UDP port that is provided by a resource attribute + */ +export class UdpPortFromAttribute implements IPortRange { + public readonly canInlineRule = false; + + constructor(private readonly port: string) { + } + + public toRuleJSON(): any { + return { + ipProtocol: Protocol.Udp, + fromPort: this.port, + toPort: this.port + }; + } + + public toString() { + return '{IndirectPort}'; + } +} + +/** + * A UDP port range + */ +export class UdpPortRange implements IPortRange { + public readonly canInlineRule = true; + + constructor(private readonly startPort: number, private readonly endPort: number) { + } + + public toRuleJSON(): any { + return { + ipProtocol: Protocol.Udp, + fromPort: this.startPort, + toPort: this.endPort + }; + } + + public toString() { + return `${this.startPort}-${this.endPort}`; + } +} + +/** + * All UDP Ports + */ +export class UdpAllPorts implements IPortRange { + public readonly canInlineRule = true; + + public toRuleJSON(): any { + return { + ipProtocol: Protocol.Udp, + fromPort: 0, + toPort: 65535 + }; + } + + public toString() { + return 'ALL PORTS'; + } +} + +/** + * All Traffic */ export class AllConnections implements IPortRange { public readonly canInlineRule = true; diff --git a/packages/@aws-cdk/aws-ec2/test/test.connections.ts b/packages/@aws-cdk/aws-ec2/test/test.connections.ts index 34bbf485b06bb..de7087f425b64 100644 --- a/packages/@aws-cdk/aws-ec2/test/test.connections.ts +++ b/packages/@aws-cdk/aws-ec2/test/test.connections.ts @@ -2,7 +2,7 @@ import { expect, haveResource } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/cdk'; import { Test } from 'nodeunit'; import { AllConnections, AnyIPv4, AnyIPv6, Connections, IConnectable, PrefixList, SecurityGroup, SecurityGroupRef, - TcpAllPorts, TcpPort, TcpPortFromAttribute, TcpPortRange, VpcNetwork } from '../lib'; + TcpAllPorts, TcpPort, TcpPortFromAttribute, TcpPortRange, UdpAllPorts, UdpPort, UdpPortFromAttribute, UdpPortRange, VpcNetwork } from '../lib'; export = { 'peering between two security groups does not recursive infinitely'(test: Test) { @@ -73,9 +73,13 @@ export = { const ports = [ new TcpPort(1234), - new TcpPortFromAttribute("port!"), + new TcpPortFromAttribute("tcp-test-port!"), new TcpAllPorts(), new TcpPortRange(80, 90), + new UdpPort(2345), + new UdpPortFromAttribute("udp-test-port!"), + new UdpAllPorts(), + new UdpPortRange(85, 95), new AllConnections() ]; From a4918e705cfe8a491ca77e741cf6b05eaf9dc37b Mon Sep 17 00:00:00 2001 From: Chintan Raval Date: Wed, 3 Oct 2018 18:45:34 +1000 Subject: [PATCH 2/5] code review feedback - ensure all UDP related IPortRange implmentations output context upon invoking toString --- packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts index 53bf04efeebe8..672d169de5ff2 100644 --- a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts +++ b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts @@ -251,7 +251,7 @@ export class UdpPort implements IPortRange { } public toString() { - return `${this.port}`; + return `UDP ${this.port}`; } } @@ -295,7 +295,7 @@ export class UdpPortRange implements IPortRange { } public toString() { - return `${this.startPort}-${this.endPort}`; + return `UDP ${this.startPort}-${this.endPort}`; } } @@ -314,7 +314,7 @@ export class UdpAllPorts implements IPortRange { } public toString() { - return 'ALL PORTS'; + return 'UDP ALL PORTS'; } } From d072dc42b97ef376869ba8c011eb748a780a5282 Mon Sep 17 00:00:00 2001 From: Chintan Raval Date: Wed, 3 Oct 2018 19:06:58 +1000 Subject: [PATCH 3/5] include protocol in toString methods of both TCP and UDP implementations of IPortRange --- .../aws-ec2/lib/security-group-rule.ts | 43 +++++++++++-------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts index 672d169de5ff2..2e626e402c762 100644 --- a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts +++ b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts @@ -153,20 +153,21 @@ export enum Protocol { */ export class TcpPort implements IPortRange { public readonly canInlineRule = true; + private readonly protocol = Protocol.Tcp; constructor(private readonly port: number) { } public toRuleJSON(): any { return { - ipProtocol: Protocol.Tcp, + ipProtocol: this.protocol, fromPort: this.port, toPort: this.port }; } public toString() { - return `${this.port}`; + return `${this.protocol} ${this.port}`; } } @@ -175,20 +176,21 @@ export class TcpPort implements IPortRange { */ export class TcpPortFromAttribute implements IPortRange { public readonly canInlineRule = false; + private readonly protocol = Protocol.Tcp; constructor(private readonly port: string) { } public toRuleJSON(): any { return { - ipProtocol: Protocol.Tcp, + ipProtocol: this.protocol, fromPort: this.port, toPort: this.port }; } public toString() { - return '{IndirectPort}'; + return `${this.protocol} {IndirectPort}`; } } @@ -197,20 +199,21 @@ export class TcpPortFromAttribute implements IPortRange { */ export class TcpPortRange implements IPortRange { public readonly canInlineRule = true; + private readonly protocol = Protocol.Tcp; constructor(private readonly startPort: number, private readonly endPort: number) { } public toRuleJSON(): any { return { - ipProtocol: Protocol.Tcp, + ipProtocol: this.protocol, fromPort: this.startPort, toPort: this.endPort }; } public toString() { - return `${this.startPort}-${this.endPort}`; + return `${this.protocol} ${this.startPort}-${this.endPort}`; } } @@ -219,17 +222,18 @@ export class TcpPortRange implements IPortRange { */ export class TcpAllPorts implements IPortRange { public readonly canInlineRule = true; + private readonly protocol = Protocol.Tcp; public toRuleJSON(): any { return { - ipProtocol: Protocol.Tcp, + ipProtocol: this.protocol, fromPort: 0, toPort: 65535 }; } public toString() { - return 'ALL PORTS'; + return `${this.protocol} ALL PORTS`; } } @@ -238,20 +242,21 @@ export class TcpAllPorts implements IPortRange { */ export class UdpPort implements IPortRange { public readonly canInlineRule = true; + private readonly protocol = Protocol.Udp; constructor(private readonly port: number) { } public toRuleJSON(): any { return { - ipProtocol: Protocol.Udp, + ipProtocol: this.protocol, fromPort: this.port, toPort: this.port }; } public toString() { - return `UDP ${this.port}`; + return `${this.protocol} ${this.port}`; } } @@ -260,20 +265,21 @@ export class UdpPort implements IPortRange { */ export class UdpPortFromAttribute implements IPortRange { public readonly canInlineRule = false; + private readonly protocol = Protocol.Udp; constructor(private readonly port: string) { } public toRuleJSON(): any { return { - ipProtocol: Protocol.Udp, + ipProtocol: this.protocol, fromPort: this.port, toPort: this.port }; } public toString() { - return '{IndirectPort}'; + return `${this.protocol} {IndirectPort}`; } } @@ -282,20 +288,21 @@ export class UdpPortFromAttribute implements IPortRange { */ export class UdpPortRange implements IPortRange { public readonly canInlineRule = true; + private readonly protocol = Protocol.Udp; constructor(private readonly startPort: number, private readonly endPort: number) { } public toRuleJSON(): any { return { - ipProtocol: Protocol.Udp, + ipProtocol: this.protocol, fromPort: this.startPort, toPort: this.endPort }; } public toString() { - return `UDP ${this.startPort}-${this.endPort}`; + return `${this.protocol} ${this.startPort}-${this.endPort}`; } } @@ -304,17 +311,18 @@ export class UdpPortRange implements IPortRange { */ export class UdpAllPorts implements IPortRange { public readonly canInlineRule = true; + private readonly protocol = Protocol.Udp; public toRuleJSON(): any { return { - ipProtocol: Protocol.Udp, + ipProtocol: this.protocol, fromPort: 0, toPort: 65535 }; } public toString() { - return 'UDP ALL PORTS'; + return `${this.protocol} ALL PORTS`; } } @@ -323,10 +331,11 @@ export class UdpAllPorts implements IPortRange { */ export class AllConnections implements IPortRange { public readonly canInlineRule = true; + private readonly protocol = Protocol.All; public toRuleJSON(): any { return { - ipProtocol: '-1', + ipProtocol: this.protocol, fromPort: -1, toPort: -1, }; From 33ed77237c8bc5e928a3db1750d4cbb343c52d39 Mon Sep 17 00:00:00 2001 From: Chintan Raval Date: Wed, 3 Oct 2018 19:44:10 +1000 Subject: [PATCH 4/5] Revert "include protocol in toString methods of both TCP and UDP implementations of IPortRange" This reverts commit d072dc42b97ef376869ba8c011eb748a780a5282. --- .../aws-ec2/lib/security-group-rule.ts | 43 ++++++++----------- 1 file changed, 17 insertions(+), 26 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts index 2e626e402c762..672d169de5ff2 100644 --- a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts +++ b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts @@ -153,21 +153,20 @@ export enum Protocol { */ export class TcpPort implements IPortRange { public readonly canInlineRule = true; - private readonly protocol = Protocol.Tcp; constructor(private readonly port: number) { } public toRuleJSON(): any { return { - ipProtocol: this.protocol, + ipProtocol: Protocol.Tcp, fromPort: this.port, toPort: this.port }; } public toString() { - return `${this.protocol} ${this.port}`; + return `${this.port}`; } } @@ -176,21 +175,20 @@ export class TcpPort implements IPortRange { */ export class TcpPortFromAttribute implements IPortRange { public readonly canInlineRule = false; - private readonly protocol = Protocol.Tcp; constructor(private readonly port: string) { } public toRuleJSON(): any { return { - ipProtocol: this.protocol, + ipProtocol: Protocol.Tcp, fromPort: this.port, toPort: this.port }; } public toString() { - return `${this.protocol} {IndirectPort}`; + return '{IndirectPort}'; } } @@ -199,21 +197,20 @@ export class TcpPortFromAttribute implements IPortRange { */ export class TcpPortRange implements IPortRange { public readonly canInlineRule = true; - private readonly protocol = Protocol.Tcp; constructor(private readonly startPort: number, private readonly endPort: number) { } public toRuleJSON(): any { return { - ipProtocol: this.protocol, + ipProtocol: Protocol.Tcp, fromPort: this.startPort, toPort: this.endPort }; } public toString() { - return `${this.protocol} ${this.startPort}-${this.endPort}`; + return `${this.startPort}-${this.endPort}`; } } @@ -222,18 +219,17 @@ export class TcpPortRange implements IPortRange { */ export class TcpAllPorts implements IPortRange { public readonly canInlineRule = true; - private readonly protocol = Protocol.Tcp; public toRuleJSON(): any { return { - ipProtocol: this.protocol, + ipProtocol: Protocol.Tcp, fromPort: 0, toPort: 65535 }; } public toString() { - return `${this.protocol} ALL PORTS`; + return 'ALL PORTS'; } } @@ -242,21 +238,20 @@ export class TcpAllPorts implements IPortRange { */ export class UdpPort implements IPortRange { public readonly canInlineRule = true; - private readonly protocol = Protocol.Udp; constructor(private readonly port: number) { } public toRuleJSON(): any { return { - ipProtocol: this.protocol, + ipProtocol: Protocol.Udp, fromPort: this.port, toPort: this.port }; } public toString() { - return `${this.protocol} ${this.port}`; + return `UDP ${this.port}`; } } @@ -265,21 +260,20 @@ export class UdpPort implements IPortRange { */ export class UdpPortFromAttribute implements IPortRange { public readonly canInlineRule = false; - private readonly protocol = Protocol.Udp; constructor(private readonly port: string) { } public toRuleJSON(): any { return { - ipProtocol: this.protocol, + ipProtocol: Protocol.Udp, fromPort: this.port, toPort: this.port }; } public toString() { - return `${this.protocol} {IndirectPort}`; + return '{IndirectPort}'; } } @@ -288,21 +282,20 @@ export class UdpPortFromAttribute implements IPortRange { */ export class UdpPortRange implements IPortRange { public readonly canInlineRule = true; - private readonly protocol = Protocol.Udp; constructor(private readonly startPort: number, private readonly endPort: number) { } public toRuleJSON(): any { return { - ipProtocol: this.protocol, + ipProtocol: Protocol.Udp, fromPort: this.startPort, toPort: this.endPort }; } public toString() { - return `${this.protocol} ${this.startPort}-${this.endPort}`; + return `UDP ${this.startPort}-${this.endPort}`; } } @@ -311,18 +304,17 @@ export class UdpPortRange implements IPortRange { */ export class UdpAllPorts implements IPortRange { public readonly canInlineRule = true; - private readonly protocol = Protocol.Udp; public toRuleJSON(): any { return { - ipProtocol: this.protocol, + ipProtocol: Protocol.Udp, fromPort: 0, toPort: 65535 }; } public toString() { - return `${this.protocol} ALL PORTS`; + return 'UDP ALL PORTS'; } } @@ -331,11 +323,10 @@ export class UdpAllPorts implements IPortRange { */ export class AllConnections implements IPortRange { public readonly canInlineRule = true; - private readonly protocol = Protocol.All; public toRuleJSON(): any { return { - ipProtocol: this.protocol, + ipProtocol: '-1', fromPort: -1, toPort: -1, }; From 81cd0793598e807c740476dc1feb3c1adc206400 Mon Sep 17 00:00:00 2001 From: Chintan Raval Date: Wed, 3 Oct 2018 19:45:50 +1000 Subject: [PATCH 5/5] ensure UdpPortFromAttribute.toString outputs context to avoid similarity with corresponding TCP-type --- packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts index 672d169de5ff2..c0541da365afa 100644 --- a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts +++ b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts @@ -273,7 +273,7 @@ export class UdpPortFromAttribute implements IPortRange { } public toString() { - return '{IndirectPort}'; + return 'UDP {IndirectPort}'; } }