in priam/src/main/java/com/netflix/priam/aws/AWSMembership.java [277:323]
public ImmutableSet<String> listACL(int from, int to) {
AmazonEC2 client = null;
try {
client = getEc2Client();
ImmutableSet.Builder<String> ipPermissions = ImmutableSet.builder();
if (isClassic()) {
DescribeSecurityGroupsRequest req =
new DescribeSecurityGroupsRequest()
.withGroupNames(
Collections.singletonList(config.getACLGroupName()));
DescribeSecurityGroupsResult result = client.describeSecurityGroups(req);
for (SecurityGroup group : result.getSecurityGroups())
for (IpPermission perm : group.getIpPermissions())
if (perm.getFromPort() == from && perm.getToPort() == to)
ipPermissions.addAll(perm.getIpRanges());
logger.debug("Fetch current permissions for classic env of running instance");
} else {
Filter nameFilter =
new Filter().withName("group-name").withValues(config.getACLGroupName());
String vpcid = instanceInfo.getVpcId();
if (vpcid == null || vpcid.isEmpty()) {
throw new IllegalStateException(
"vpcid is null even though instance is running in vpc.");
}
// only fetch SG for the vpc id of the running instance
Filter vpcFilter = new Filter().withName("vpc-id").withValues(vpcid);
DescribeSecurityGroupsRequest req =
new DescribeSecurityGroupsRequest().withFilters(nameFilter, vpcFilter);
DescribeSecurityGroupsResult result = client.describeSecurityGroups(req);
for (SecurityGroup group : result.getSecurityGroups())
for (IpPermission perm : group.getIpPermissions())
if (perm.getFromPort() == from && perm.getToPort() == to)
ipPermissions.addAll(perm.getIpRanges());
logger.debug("Fetch current permissions for vpc env of running instance");
}
return ipPermissions.build();
} finally {
if (client != null) client.shutdown();
}
}