static void ProcessNetworkAclEntryFromTemplate(dynamic input, CFStack stack)
{
NetworkAclEntry ne = new NetworkAclEntry();
var rule = input.Value["Properties"];
ne.Protocol = rule.Protocol;
ne.CidrBlock = rule.CidrBlock;
ne.Egress = (bool)rule.Egress;
ne.RuleNumber = rule.RuleNumber;
ne.RuleAction = rule.RuleAction;
if (rule.NetworkAclId != null)
{
var a = rule.NetworkAclId;
foreach (var item in a)
{
ne.NetworkAclId = item.Value;
}
}
if (rule.PortRange != null)
{
var range = rule.PortRange;
foreach (var item in range)
{
if (item.Name == "To")
{
if (item.Value == "-1")
{
ne.ToPort = "ALL";
}
else
{
ne.ToPort = item.Value;
}
}
if (item.Name == "From")
{
if (item.Value == "-1")
{
ne.ToPort = "ALL";
}
else
{
ne.FromPort = item.Value;
}
}
}
}
else //If port range is not specified in the template then AWS sets it to ALL
{
ne.FromPort = "ALL";
ne.ToPort = "ALL";
}
//Format PortRange
string from = "";
string to = "";
FormatPortRange(ne.FromPort, ne.ToPort, out from, out to);
ne.FromPort = from;
ne.ToPort = to;
if (rule.Icmp != null)
{
//May not be needed
}
if (ne.NetworkAclId != null)
{
NetworkAcl x = stack.Resources.Find(n => n != null && n.LogicalId == ne.NetworkAclId);
if (x != null)
{
x.Properties.NetworkAclEntry.Add(ne);
}
else
{
//TODO
//Either remember and process orphaned ingress rule
//Or write out to error log.
MessageBox.Show("Error", "Did not find NACL " + ne.NetworkAclId + " to add entry to", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
// -----------------------------------------------------------------------
// Live Stack
public static void ProcessNetworkAclFromAWS(StackResourceSummary resource, CFStack stack, AmazonEC2Client ec2Client, string stackName)
{
DescribeNetworkAclsRequest naclRequest = new DescribeNetworkAclsRequest();
naclRequest.NetworkAclIds = new List <string> {
resource.PhysicalResourceId
};
DescribeNetworkAclsResponse response = ec2Client.DescribeNetworkAcls(naclRequest);
foreach (Amazon.EC2.Model.NetworkAcl nacl in response.NetworkAcls)
{
NetworkAcl n = new NetworkAcl();
n.LogicalId = resource.LogicalResourceId;
if (log)
{
Utils.WriteToFile(logFile, "AWS NACL: " + n.LogicalId.ToString(), true);
}
n.Type = "AWS::EC2::NetworkAcl";
n.Properties.VpcId = nacl.VpcId;
foreach (Amazon.EC2.Model.NetworkAclEntry e in nacl.Entries)
{
NetworkAclEntry ne = new NetworkAclEntry();
ne.RuleNumber = e.RuleNumber.ToString();
ne.CidrBlock = e.CidrBlock;
ne.Egress = e.Egress;
if (e.PortRange == null)
{
ne.FromPort = "ALL"; ne.ToPort = "ALL";
}
else
{
//FormatPortRange - Port range could be 0-0 -1-1 0-65535
string from = "";
string to = "";
FormatPortRange(e.PortRange.From.ToString(), e.PortRange.To.ToString(), out from, out to);
ne.FromPort = from;
ne.ToPort = to;
//------------------------------------------------------
}
//FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp)
ne.Protocol = FormatProtocol(e.Protocol);
//-------------------------------------------------------------------
ne.RuleAction = e.RuleAction;
//ICMP not included.
n.Properties.NetworkAclEntry.Add(ne);
if (e.PortRange == null)
{
if (log)
{
Utils.WriteToFile(logFile, ne.RuleNumber + " Protocol: " + e.Protocol + " | From: " + "null" + " To: " + "null", true);
}
}
else
{
if (log)
{
Utils.WriteToFile(logFile, ne.RuleNumber + " Protocol: " + e.Protocol + " | From: " + e.PortRange.From.ToString() + " To: " + e.PortRange.To.ToString(), true);
}
}
}
stack.Resources.Add(n);
}
}
