private void CheckIngresPortAndIPAdress(SecurityGroupOptions securityGroup, ISecurityGroup sg, SecurityGroupRuleOptions ingressRule, bool ipAddressIsEmpty, SecurityGroupRuleType securityGroupRuleType)
{
if (ingressRule.Port != null)
{
if (ipAddressIsEmpty)
{
var securityGroupAllowed = LocateSecurityGroup(ingressRule.SecurityGroupId,
$"The security group id {ingressRule.SecurityGroupId} was found in the list of ingress rules of the security group {securityGroup.SecurityGroupName}, that security group does not exist");
if (securityGroupRuleType == SecurityGroupRuleType.IngressRule)
{
sg.AddIngressRule(securityGroupAllowed, Port.Tcp(ingressRule.Port.Value), ingressRule.Description);
}
else
{
sg.AddEgressRule(securityGroupAllowed, Port.Tcp(ingressRule.Port.Value), ingressRule.Description);
}
}
else
{
if (securityGroupRuleType == SecurityGroupRuleType.IngressRule)
{
sg.AddIngressRule(Peer.Ipv4(ingressRule.IpAddress), Port.Tcp(ingressRule.Port.Value), ingressRule.Description);
}
else
{
sg.AddEgressRule(Peer.Ipv4(ingressRule.IpAddress), Port.Tcp(ingressRule.Port.Value), ingressRule.Description);
}
}
}
}
private void AddRuleWithEMptyIPAddress(SecurityGroupOptions securityGroup, ISecurityGroup sg, SecurityGroupRuleOptions securitygroupRuleOptions, SecurityGroupRuleType securityGroupRuleType)
{
var securityGroupAllowed = LocateSecurityGroup(securitygroupRuleOptions.SecurityGroupId,
$"The security group id {securitygroupRuleOptions.SecurityGroupId} was found in the list of ingress rules of the security group {securityGroup.SecurityGroupName}, that security group does not exist");
if (securityGroupRuleType == SecurityGroupRuleType.IngressRule)
{
sg.AddIngressRule(securityGroupAllowed, Port.TcpRange(securitygroupRuleOptions.PortRangeStart.Value, securitygroupRuleOptions.PortRangeEnd.Value), securitygroupRuleOptions.Description);
}
else
{
sg.AddEgressRule(securityGroupAllowed, Port.TcpRange(securitygroupRuleOptions.PortRangeStart.Value, securitygroupRuleOptions.PortRangeEnd.Value), securitygroupRuleOptions.Description);
}
}
private void AddSecurityGroupRules(SecurityGroupOptions securityGroup, ISecurityGroup sg, SecurityGroupRuleType securityGroupRuleType)
{
if (securityGroup.IngressRules?.Any() != true)
{
return;
}
foreach (var ingressRule in securityGroup.IngressRules)
{
var securityGroupIdIsEmpty = string.IsNullOrWhiteSpace(ingressRule.SecurityGroupId);
var ipAddressIsEmpty = string.IsNullOrWhiteSpace(ingressRule.IpAddress);
CheckSecurityGroupIngressRulesParams(ingressRule, securityGroupIdIsEmpty, ipAddressIsEmpty, securityGroupRuleType);
CheckIngresPortAndIPAdress(securityGroup, sg, ingressRule, ipAddressIsEmpty, securityGroupRuleType);
CheckPortRangeStart(securityGroup, sg, ingressRule, ipAddressIsEmpty, securityGroupRuleType);
}
}
private void CheckPortRangeStart(SecurityGroupOptions securityGroup, ISecurityGroup sg, SecurityGroupRuleOptions securitygroupRuleOptions, bool ipAddressIsEmpty, SecurityGroupRuleType securityGroupRuleType)
{
if ((securitygroupRuleOptions.PortRangeStart != null || securitygroupRuleOptions.PortRangeEnd != null) && (securitygroupRuleOptions.PortRangeStart == null || securitygroupRuleOptions.PortRangeEnd == null))
{
throw new ArgumentException("A Port Range must specify both a start port and an end port");
}
else
{
if (securitygroupRuleOptions.PortRangeStart != null && securitygroupRuleOptions.PortRangeEnd != null)
{
if (ipAddressIsEmpty)
{
AddRuleWithEMptyIPAddress(securityGroup, sg, securitygroupRuleOptions, securityGroupRuleType);
}
else
{
AddRuleWithIPAddress(sg, securitygroupRuleOptions, securityGroupRuleType);
}
}
}
}