feat(aws-ec2): support UDP port ranges in SecurityGroups (#835)

Add support for UDP to ec2.SecurityGroupRule
aws · Oct 3, 2018 · 8215389 · 8215389
1 parent 7e5738f
commit 8215389
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 3 deletions.
diff --git a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts
@@ -234,7 +234,92 @@ export class TcpAllPorts implements IPortRange {
 }
 
 /**
- * All TCP Ports
+ * A single UDP port
+ */
+export class UdpPort implements IPortRange {
+ public readonly canInlineRule = true;
+
+ constructor(private readonly port: number) {
+ }
+
+ public toRuleJSON(): any {
+ return {
+ ipProtocol: Protocol.Udp,
+ fromPort: this.port,
+ toPort: this.port
+ };
+ }
+
+ public toString() {
+ return `UDP ${this.port}`;
+ }
+}
+
+/**
+ * A single UDP port that is provided by a resource attribute
+ */
+export class UdpPortFromAttribute implements IPortRange {
+ public readonly canInlineRule = false;
+
+ constructor(private readonly port: string) {
+ }
+
+ public toRuleJSON(): any {
+ return {
+ ipProtocol: Protocol.Udp,
+ fromPort: this.port,
+ toPort: this.port
+ };
+ }
+
+ public toString() {
+ return 'UDP {IndirectPort}';
+ }
+}
+
+/**
+ * A UDP port range
+ */
+export class UdpPortRange implements IPortRange {
+ public readonly canInlineRule = true;
+
+ constructor(private readonly startPort: number, private readonly endPort: number) {
+ }
+
+ public toRuleJSON(): any {
+ return {
+ ipProtocol: Protocol.Udp,
+ fromPort: this.startPort,
+ toPort: this.endPort
+ };
+ }
+
+ public toString() {
+ return `UDP ${this.startPort}-${this.endPort}`;
+ }
+}
+
+/**
+ * All UDP Ports
+ */
+export class UdpAllPorts implements IPortRange {
+ public readonly canInlineRule = true;
+
+ public toRuleJSON(): any {
+ return {
+ ipProtocol: Protocol.Udp,
+ fromPort: 0,
+ toPort: 65535
+ };
+ }
+
+ public toString() {
+ return 'UDP ALL PORTS';
+ }
+}
+
+/**
+ * All Traffic
  */
 export class AllConnections implements IPortRange {
  public readonly canInlineRule = true;

diff --git a/packages/@aws-cdk/aws-ec2/test/test.connections.ts b/packages/@aws-cdk/aws-ec2/test/test.connections.ts
@@ -2,7 +2,7 @@ import { expect, haveResource } from '@aws-cdk/assert';
 import { Stack } from '@aws-cdk/cdk';
 import { Test } from 'nodeunit';
 import { AllConnections, AnyIPv4, AnyIPv6, Connections, IConnectable, PrefixList, SecurityGroup, SecurityGroupRef,
- TcpAllPorts, TcpPort, TcpPortFromAttribute, TcpPortRange, VpcNetwork } from '../lib';
+ TcpAllPorts, TcpPort, TcpPortFromAttribute, TcpPortRange, UdpAllPorts, UdpPort, UdpPortFromAttribute, UdpPortRange, VpcNetwork } from '../lib';
 
 export = {
  'peering between two security groups does not recursive infinitely'(test: Test) {
@@ -73,9 +73,13 @@ export = {
 
  const ports = [
  new TcpPort(1234),
- new TcpPortFromAttribute("port!"),
+ new TcpPortFromAttribute("tcp-test-port!"),
  new TcpAllPorts(),
  new TcpPortRange(80, 90),
+ new UdpPort(2345),
+ new UdpPortFromAttribute("udp-test-port!"),
+ new UdpAllPorts(),
+ new UdpPortRange(85, 95),
  new AllConnections()
  ];