创建秘钥
首先准备一个秘钥
对接查看安全组规则
选择对应的Region即服务器区域 可以在线生成代码 可以在线调试
工厂类
/**
* 腾讯云安全组对接 Factory
* @author enbei
* @date 2022/11/4
*/
@Component
public class TencentSecurityGroupFactory {
//这里将事先准备好的秘钥放到 nacos 配置文件
@Value("${TXCLOUD.SecurityGroup.SecretID}")
private String secretId;
@Value("${TXCLOUD.SecurityGroup.SecretKey}")
private String secretKey;
private Credential cred;
public VpcClient getVpcClient(){
// 实例化一个认证对象,入参需要传入腾讯云账户secretId,secretKey,此处还需注意密钥对的保密
cred = new Credential(secretId, secretKey);
// 实例化一个http选项,可选的,没有特殊需求可以跳过
HttpProfile httpProfile = new HttpProfile();
//腾讯API地址
httpProfile.setEndpoint(TencentConfigConstant.endpoint);
// 实例化一个client选项,可选的,没有特殊需求可以跳过
ClientProfile clientProfile = new ClientProfile();
clientProfile.setHttpProfile(httpProfile);
// 实例化要请求产品的client对象,clientProfile是可选的
return new VpcClient(cred, TencentConfigConstant.region, clientProfile);
}
}
需要用到的参数
/**
* @author enbei
* @Date 2022/11/4
*/
public class TencentConfigConstant {
/**
* 腾讯安全组对接地址
*/
public static final String endpoint = "vpc.tencentcloudapi.com";
/**
* 服务器区域 广州 ap-guangzhou
*/
public static final String region = "ap-guangzhou";
/**
* 测试用 开发环境 安全组唯一ID
*/
public static final String securityGroupId = "";
/**
* 生产环境 安全组唯一ID
*/
public static final String prodSecurityGroupId = "";
}
查询安全组规则工具类方法
/**
* @param securityGroupId 安全组ID
* @description: 根据ID查询安全组下的安全规则
*/
public DescribeSecurityGroupPoliciesResponse querySecurityGroupPolicy(String securityGroupId){
try {
VpcClient client = tencentSecurityGroupFactory.getVpcClient();
// 实例化一个请求对象,每个接口都会对应一个request对象
DescribeSecurityGroupPoliciesRequest req = new DescribeSecurityGroupPoliciesRequest();
req.setSecurityGroupId(securityGroupId);
// 返回的resp是一个DescribeSecurityGroupsResponse的实例,与请求对象对应
return client.DescribeSecurityGroupPolicies(req);
} catch (TencentCloudSDKException e) {
e.printStackTrace();
return null;
}
}
查询安全组规则Service层
@Value("${spring.profiles.active}")
private String env; //根据配置文件后缀拿到环境信息
public List<SecurityGroupPolicy> rules() {
//这里根据环境 选择使用的安全组 为了安全起见 测试开发环境 建议新建一个安全组用于测试
String securityGroupId = "prod".equals(env)?TencentConfigConstant.prodSecurityGroupId:TencentConfigConstant.securityGroupId;
// 返回的resp是一个DescribeSecurityGroupsResponse的实例,与请求对象对应
DescribeSecurityGroupPoliciesResponse resp = tencentSecurityGroupUtil.querySecurityGroupPolicy(securityGroupId);
//从相应信息中拿到入站规则 如果需要其它信息可以查阅接口文档
List<SecurityGroupPolicy> securityGroupPolicies = Arrays.asList(resp.getSecurityGroupPolicySet().getIngress());
List<String> cidrBlockList = new ArrayList<>();
Collections.addAll(cidrBlockList,"","",""); //添加不允许查看的IP
//根据IP过滤掉一些比较重要的安全规则 只能通过腾讯云控制台查看
List<SecurityGroupPolicy> collect = securityGroupPolicies.stream().filter(item -> !cidrBlockList.contains(item.getCidrBlock())).collect(Collectors.toList());
return collect;
}
更新安全组规则
如果是更新一条安全组规则 选择替换单条安全组规则即可
需要传递的参数
更新安全组规则工具类
/**
* @param securityGroupId 安全组ID
* @param @See com.ddwl.schema.bo.gate.securityGroupPolicyBo 要修改的参数
* @description: 根据ID查询安全组下的安全规则
*/
public void authSecurityGroupPolicy(SecurityGroupPolicyBo bo,String securityGroupId){
try{
// 实例化要请求产品的client对象,clientProfile是可选的
VpcClient client = tencentSecurityGroupFactory.getVpcClient();
// 实例化一个请求对象,每个接口都会对应一个request对象
ReplaceSecurityGroupPolicyRequest req = new ReplaceSecurityGroupPolicyRequest();
req.setSecurityGroupId(securityGroupId);
//配置请求参数 格式可以通过腾讯云平台生成
SecurityGroupPolicySet securityGroupPolicySet = new SecurityGroupPolicySet();
SecurityGroupPolicy[] securityGroupPolicyArray = new SecurityGroupPolicy[1];
SecurityGroupPolicy securityGroupPolicy = new SecurityGroupPolicy();
securityGroupPolicy.setPolicyIndex(bo.getPolicyIndex()); //需要修改的规则条目
securityGroupPolicy.setCidrBlock(bo.getCidrBlock()+"/32");
securityGroupPolicy.setAction(bo.getAction());
securityGroupPolicy.setPort(bo.getPort());
securityGroupPolicy.setProtocol(bo.getProtocol());
securityGroupPolicy.setPolicyDescription(bo.getPolicyDescription());
securityGroupPolicyArray[0] = securityGroupPolicy;
securityGroupPolicySet.setIngress(securityGroupPolicyArray);
req.setSecurityGroupPolicySet(securityGroupPolicySet);
client.ReplaceSecurityGroupPolicy(req);
} catch (TencentCloudSDKException e) {
e.printStackTrace();
}
}
更新安全组规则Service层
public void auth(SecurityGroupPolicyBo bo) {
String securityGroupId = "prod".equals(env)?TencentConfigConstant.prodSecurityGroupId:TencentConfigConstant.securityGroupId;
tencentSecurityGroupUtil.authSecurityGroupPolicy(bo,securityGroupId);
}