Skip to content

Commit

Permalink
display all security group rules for a port range
Browse files Browse the repository at this point in the history
  • Loading branch information
@GavinFrazar
GavinFrazar committed Oct 1, 2024
1 parent 0870fb0 commit 7cad307
Show file tree
Hide file tree
Showing 4 changed files with 63 additions and 22 deletions.
2 changes: 1 addition & 1 deletion web/packages/teleport/src/Discover/Database/EnrollRdsDatabase/SingleEnrollment.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,7 @@ export function SingleEnrollment({
<>
{showTable && (
<>
<Text mt={3}>Select an RDS to enroll:</Text>
<Text mt={3}>Select an RDS database to enroll:</Text>
<DatabaseList
wantAutoDiscover={false}
items={tableData?.items || []}
Expand Down
56 changes: 51 additions & 5 deletions web/packages/teleport/src/Discover/Shared/SecurityGroupPicker/SecurityGroupPicker.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import { FetchStatus } from 'design/DataTable/types';
import { Attempt } from 'shared/hooks/useAttemptNext';

import { SecurityGroup } from 'teleport/services/integrations';
import { SecurityGroupRule } from 'teleport/services/integrations';

import { SecurityGroupRulesDialog } from './SecurityGroupRulesDialog';

Expand All @@ -43,7 +44,8 @@ type Props = {
};

export type ViewRulesSelection = {
sg: SecurityGroup;
name: string;
rules: ExpandedSecurityGroupRule[];
ruleType: 'inbound' | 'outbound';
};

Expand Down Expand Up @@ -102,15 +104,22 @@ export const SecurityGroupPicker = ({
altKey: 'inboundRules',
headerText: 'Inbound Rules',
render: sg => {
const rules = sg.inboundRules.flatMap(rule =>
expandSecurityGroupRule(rule)
);
return (
<Cell>
<Link
style={{ cursor: 'pointer' }}
onClick={() =>
setViewRulesSelection({ sg, ruleType: 'inbound' })
setViewRulesSelection({
name: sg.name,
rules: rules,
ruleType: 'inbound',
})
}
>
View ({sg.inboundRules.length})
View ({rules.length})
</Link>
</Cell>
);
Expand All @@ -120,15 +129,22 @@ export const SecurityGroupPicker = ({
altKey: 'outboundRules',
headerText: 'Outbound Rules',
render: sg => {
const rules = sg.outboundRules.flatMap(rule =>
expandSecurityGroupRule(rule)
);
return (
<Cell>
<Link
style={{ cursor: 'pointer' }}
onClick={() =>
setViewRulesSelection({ sg, ruleType: 'outbound' })
setViewRulesSelection({
name: sg.name,
rules: rules,
ruleType: 'outbound',
})
}
>
View ({sg.outboundRules.length})
View ({rules.length})
</Link>
</Cell>
);
Expand Down Expand Up @@ -177,3 +193,33 @@ function CheckboxCell({
</Cell>
);
}

type ExpandedSecurityGroupRule = {
// IPProtocol is the protocol used to describe the rule.
ipProtocol: string;
// FromPort is the inclusive start of the Port range for the Rule.
fromPort: string;
// ToPort is the inclusive end of the Port range for the Rule.
toPort: string;
// Source is IP range, security group ID, or prefix list that the rule applies to.
source: string;
// Description contains a small text describing the source.
description: string;
};

// expandSecurityGroupRule takes a security group rule in the compact form that
// AWS API returns, wherein rules are grouped by port range, and expands the
// rule into a list of rules that is not grouped by port range.
// This is the same display format that the AWS console uses when you view a
// security group's rules.
function expandSecurityGroupRule(
rule: SecurityGroupRule
): ExpandedSecurityGroupRule[] {
return rule.cidrs.map(source => ({
ipProtocol: rule.ipProtocol,
fromPort: rule.fromPort,
toPort: rule.toPort,
source: source.cidr,
description: source.description,
}));
}
25 changes: 10 additions & 15 deletions web/packages/teleport/src/Discover/Shared/SecurityGroupPicker/SecurityGroupRulesDialog.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ export function SecurityGroupRulesDialog({
viewRulesSelection: ViewRulesSelection;
onClose: () => void;
}) {
const { ruleType, sg } = viewRulesSelection;
const data = ruleType === 'inbound' ? sg.inboundRules : sg.outboundRules;
const { name, rules, ruleType } = viewRulesSelection;
// expand the list of rules into a list of rules without port range grouping.

return (
<Dialog disableEscapeKeyDown={false} open={true}>
Expand All @@ -44,11 +44,10 @@ export function SecurityGroupRulesDialog({
textAlign="center"
>
<H2 mb={4}>
{ruleType === 'inbound' ? 'Inbound' : 'Outbound'} Rules for [{sg.name}
]
{ruleType === 'inbound' ? 'Inbound' : 'Outbound'} Rules for [{name}]
</H2>
<StyledTable
data={data}
data={rules}
columns={[
{
key: 'ipProtocol',
Expand All @@ -67,23 +66,19 @@ export function SecurityGroupRulesDialog({
{
altKey: 'source',
headerText: 'Source',
render: ({ cidrs }) => {
// The AWS API returns an array, however it appears it's not actually possible to have multiple CIDR's for a single rule.
// As a fallback we just display the first one.
const cidr = cidrs[0];
if (cidr) {
return <Cell>{cidr.cidr}</Cell>;
render: ({ source }) => {
if (source) {
return <Cell>{source}</Cell>;
}
return null;
},
},
{
altKey: 'description',
headerText: 'Description',
render: ({ cidrs }) => {
const cidr = cidrs[0];
if (cidr) {
return <Cell>{cidr.description}</Cell>;
render: ({ description }) => {
if (description) {
return <Cell>{description}</Cell>;
}
return null;
},
Expand Down
2 changes: 1 addition & 1 deletion web/packages/teleport/src/config.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -319,7 +319,7 @@ const cfg = {
awsRdsDbRequiredVpcsPath:
'/v1/webapi/sites/:clusterId/integrations/aws-oidc/:name/requireddatabasesvpcs',
awsDatabaseVpcsPath:
'/webapi/sites/:clusterId/integrations/aws-oidc/:name/databasevpcs',
'/v1/webapi/sites/:clusterId/integrations/aws-oidc/:name/databasevpcs',
awsRdsDbListPath:
'/v1/webapi/sites/:clusterId/integrations/aws-oidc/:name/databases',
awsDeployTeleportServicePath:
Expand Down

0 comments on commit 7cad307

Please sign in to comment.