Fixing SG update which removes unused ip's

Netflix · Jun 26, 2012 · e49e963 · e49e963
1 parent db7c006
commit e49e963
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 8 deletions.
diff --git a/src/main/java/com/netflix/priam/aws/AWSMembership.java b/src/main/java/com/netflix/priam/aws/AWSMembership.java
@@ -144,7 +144,7 @@ public void removeACL(Collection<String> listIPs, int from, int to)
     /**
      * List SG ACL's
      */
-    public List<String> listACL()
+    public List<String> listACL(int from, int to)
     {
         AmazonEC2 client = null;
         try
@@ -155,7 +155,8 @@ public List<String> listACL()
             DescribeSecurityGroupsResult result = client.describeSecurityGroups(req);
             for (SecurityGroup group : result.getSecurityGroups())
                 for (IpPermission perm : group.getIpPermissions())
-                    ipPermissions.addAll(perm.getIpRanges());
+                    if (perm.getFromPort() == from && perm.getToPort() == to)
+                        ipPermissions.addAll(perm.getIpRanges());
 
             return ipPermissions;
         }

diff --git a/src/main/java/com/netflix/priam/aws/UpdateSecuritySettings.java b/src/main/java/com/netflix/priam/aws/UpdateSecuritySettings.java
@@ -56,7 +56,8 @@ public UpdateSecuritySettings(IConfiguration config, IMembership membership, IPr
     public void execute()
     {
         // if seed dont execute.
-        List<String> acls = membership.listACL();
+        int port = config.getSSLStoragePort();
+        List<String> acls = membership.listACL(port, port);
         List<PriamInstance> instances = factory.getAllIds(config.getAppName());
 
         // iterate to add...
@@ -69,7 +70,6 @@ public void execute()
         }
         if (add.size() > 0)
         {
-            int port = config.getSSLStoragePort();
             membership.addACL(add, port, port);
             firstTimeUpdated = true;
         }
@@ -89,7 +89,6 @@ public void execute()
                 remove.add(acl);
         if (remove.size() > 0)
         {
-            int port = config.getSSLStoragePort(); 
             membership.removeACL(remove, port, port);
             firstTimeUpdated = true;
         }

diff --git a/src/main/java/com/netflix/priam/identity/IMembership.java b/src/main/java/com/netflix/priam/identity/IMembership.java
@@ -48,10 +48,8 @@ public interface IMembership
 
     /**
      * List all ACLs
-     * 
-     * @return
      */
-    public List<String> listACL();
+    public List<String> listACL(int from, int to);
 
     /**
      * Expand the membership size by 1.