/// <summary> /// Unmarshaller the response from the service to the response class. /// </summary> /// <param name="context"></param> /// <returns></returns> public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { RevokeSecurityGroupIngressResponse response = new RevokeSecurityGroupIngressResponse(); int originalDepth = context.CurrentDepth; int targetDepth = originalDepth + 1; if (context.IsStartOfDocument) { targetDepth = 2; } while (context.ReadAtDepth(originalDepth)) { if (context.IsStartElement || context.IsAttribute) { if (context.TestExpression("return", targetDepth)) { var unmarshaller = BoolUnmarshaller.Instance; response.Return = unmarshaller.Unmarshall(context); continue; } if (context.TestExpression("unknownIpPermissionSet/item", targetDepth)) { var unmarshaller = IpPermissionUnmarshaller.Instance; var item = unmarshaller.Unmarshall(context); response.UnknownIpPermissions.Add(item); continue; } } } return(response); }
public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { RevokeSecurityGroupIngressResponse response = new RevokeSecurityGroupIngressResponse(); while (context.Read()) { } return(response); }
private PortChangeResult ClosePort(Configs.Rule rule) { var client = new AmazonEC2Client(); RevokeSecurityGroupIngressResponse res = null; try { var ipRule = GetIpPermissionRule(rule, false); res = client.RevokeSecurityGroupIngress(new RevokeSecurityGroupIngressRequest() { IpPermissions = new List <IpPermission>() { ipRule }, GroupId = rule.SecurityGroupId }); } catch (AmazonEC2Exception ex) { if (ex.Message.Contains("The specified rule does not exist")) { return(new PortChangeResult { Message = $"Success: Connection to port {rule.Port} (already) CLOSED", Color = Color.DarkGreen }); } return(new PortChangeResult { Message = $"Error (Port {rule.Port}): " + ex.Message, Color = Color.DarkRed }); } if (res.HttpStatusCode == HttpStatusCode.OK) { return(new PortChangeResult { Message = $"Success: Connection to port {rule.Port} CLOSED", Color = Color.DarkGreen }); } return(new PortChangeResult { Message = $"Error: couldn't close port {rule.Port}. Code: " + res.HttpStatusCode, Color = Color.DarkRed }); }
public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { RevokeSecurityGroupIngressResponse response = new RevokeSecurityGroupIngressResponse(); int originalDepth = context.CurrentDepth; int targetDepth = originalDepth + 1; if (context.IsStartOfDocument) { targetDepth = 2; } while (context.ReadAtDepth(originalDepth)) { if (context.IsStartElement || context.IsAttribute) { } } return(response); }
/// <summary> /// Run a single item /// </summary> /// <param name="item">The item to run</param> public void RunItem(EC2SecurityGroupEntry item) { AmazonEC2Client ec2Client = new AmazonEC2Client( Config.BaseSettings.AWSAccessKeyID, Config.BaseSettings.AWSSecretAccessKey, new AmazonEC2Config { RegionEndpoint = RegionEndpoint }); //1) Revoke Old entries/permissions if (IpState.HasOldIP && IpState.Changed) { bool oldIpStillInUse = MultiClientState? .Clients? .Where(mcei => mcei.IP == IpState.OldIP) .Any() ?? false; if (!oldIpStillInUse) { RevokeSecurityGroupIngressRequest revokeRequest = new RevokeSecurityGroupIngressRequest { GroupId = item.GroupId, IpPermissions = new List <IpPermission> { new IpPermission { IpProtocol = item.IpProtocol, FromPort = item.PortRange.FromPort, ToPort = item.PortRange.ToPort, Ipv4Ranges = new List <IpRange> { new IpRange { CidrIp = IpState.NewIPRange } } } } }; RevokeSecurityGroupIngressResponse revokeResponse = null; try { revokeResponse = ec2Client .RevokeSecurityGroupIngressAsync(revokeRequest) .GetAwaiter() .GetResult(); //Output Output($"EC2SG: Revoked Security Group Rule: {item} for Old IP: {IpState.OldIP}"); } catch (Exception ex) { //In this case we do nothing. //The old rule was not removed for whatever reason, but we choose to do nothing here //so that the new rules continue to be added. Output($"EC2SG: [ACTION REQUIRED] An exception was thrown while trying to revoke Security Group Rule: {item} for Old IP: {IpState.OldIP}\nRule was likely not revoked.\nException was: {ex}"); } } } //2) Insert new entries/permissions AuthorizeSecurityGroupIngressRequest authorizeRequest = new AuthorizeSecurityGroupIngressRequest { GroupId = item.GroupId, IpPermissions = new List <IpPermission> { new IpPermission { IpProtocol = "tcp", FromPort = item.PortRange.FromPort, ToPort = item.PortRange.ToPort, Ipv4Ranges = new List <IpRange> { new IpRange { CidrIp = IpState.NewIPRange } } } } }; AuthorizeSecurityGroupIngressResponse authorizeResponse = null; try { //Output Output($"EC2SG: START : Adding Security Group Rule: {item} for New IP: {IpState.NewIP}"); //Send authorizeResponse = ec2Client .AuthorizeSecurityGroupIngressAsync(authorizeRequest) .GetAwaiter() .GetResult(); } catch (AmazonEC2Exception ex) { //Diagnostics Debug.WriteLine($"{DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss.fff")}: EXCEPTION: \n" + ex.ToString()); //Handle if (string.Equals(ex.ErrorCode, "InvalidPermission.Duplicate", StringComparison.InvariantCultureIgnoreCase)) { //Apparently it is already there, and we're perfectly happy with that Output($"EC2SG: ERROR : The entry: {item} for New IP: {IpState.NewIP} was already present. No entry was added."); } else { //Don't really know quite exactly what went wrong :-| Output($"EC2SG: ERROR : While adding the entry: {item} for New IP: {IpState.NewIP} an exception was thrown. Error Code: {ex.ErrorCode}, Message: {ex.Message}"); } } catch (Exception ex) { //Diagnostics Debug.WriteLine($"{DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss.fff")}: EXCEPTION: \n" + ex.ToString()); //Throw throw new ApplicationException("EC2SG: An unknown exception was thrown while trying to update AWS EC2 Security Group", ex); } finally { //Output Output($"EC2SG: COMPLETE: Finished adding Security Group Rule: {item} for New IP: {IpState.NewIP}"); } }