Skip to content

fix: support wildcard filtering in EC2 filters #837

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hectorvent merged 3 commits into from
May 14, 2026
Merged

fix: support wildcard filtering in EC2 filters #837

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
325f3b8
fix: support wildcard filtering in EC2 filters
kapoorp99 May 14, 2026
6f6ed58
fix: reorganize imports in Ec2Service and Ec2IntegrationTest for clarity
kapoorp99 May 14, 2026
8ccf99f
Potential fix for pull request finding
kapoorp99 May 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
156 changes: 116 additions & 40 deletions src/main/java/io/github/hectorvent/floci/services/ec2/Ec2Service.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,48 @@
package io.github.hectorvent.floci.services.ec2;

import java.time.Instant;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Random;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Collectors;

import org.jboss.logging.Logger;

import io.github.hectorvent.floci.config.EmulatorConfig;
import io.github.hectorvent.floci.core.common.AwsArnUtils;
import io.github.hectorvent.floci.core.common.AwsException;
import io.github.hectorvent.floci.services.ec2.model.*;
import io.github.hectorvent.floci.services.ec2.model.Address;
import io.github.hectorvent.floci.services.ec2.model.GroupIdentifier;
import io.github.hectorvent.floci.services.ec2.model.Image;
import io.github.hectorvent.floci.services.ec2.model.Instance;
import io.github.hectorvent.floci.services.ec2.model.InstanceNetworkInterface;
import io.github.hectorvent.floci.services.ec2.model.InstanceState;
import io.github.hectorvent.floci.services.ec2.model.InternetGateway;
import io.github.hectorvent.floci.services.ec2.model.InternetGatewayAttachment;
import io.github.hectorvent.floci.services.ec2.model.IpPermission;
import io.github.hectorvent.floci.services.ec2.model.IpRange;
import io.github.hectorvent.floci.services.ec2.model.KeyPair;
import io.github.hectorvent.floci.services.ec2.model.Placement;
import io.github.hectorvent.floci.services.ec2.model.Reservation;
import io.github.hectorvent.floci.services.ec2.model.Route;
import io.github.hectorvent.floci.services.ec2.model.RouteTable;
import io.github.hectorvent.floci.services.ec2.model.RouteTableAssociation;
import io.github.hectorvent.floci.services.ec2.model.SecurityGroup;
import io.github.hectorvent.floci.services.ec2.model.SecurityGroupRule;
import io.github.hectorvent.floci.services.ec2.model.Subnet;
import io.github.hectorvent.floci.services.ec2.model.Tag;
import io.github.hectorvent.floci.services.ec2.model.Volume;
import io.github.hectorvent.floci.services.ec2.model.Vpc;
import io.github.hectorvent.floci.services.ec2.model.VpcCidrBlockAssociation;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import org.jboss.logging.Logger;

import java.time.Instant;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Collectors;

@ApplicationScoped
public class Ec2Service {
Expand Down Expand Up @@ -1211,6 +1241,52 @@ private Map<String, Object> buildInstanceType(String name, int vcpu, int memMib)

// ─── Filter matching ───────────────────────────────────────────────────────

private boolean matchesValue(String resourceValue, List<String> filterValues) {
String normalizedResourceValue = Objects.toString(resourceValue, "");
return filterValues.stream()
.map(filterValue -> Objects.toString(filterValue, ""))
.anyMatch(filterValue -> normalizedResourceValue.matches(wildcardToRegex(filterValue)));
}

private String wildcardToRegex(String pattern) {
String normalizedPattern = Objects.toString(pattern, "");
StringBuilder regex = new StringBuilder("^");
for (int i = 0; i < normalizedPattern.length(); i++) {
char c = normalizedPattern.charAt(i);
switch (c) {
case '*':
regex.append(".*");
break;
case '?':
regex.append(".");
break;
Comment thread
hectorvent marked this conversation as resolved.
case '.':
case '\\':
case '^':
case '$':
case '+':
case '{':
case '}':
case '[':
case ']':
case '(':
case ')':
case '|':
regex.append("\\").append(c);
break;
default:
regex.append(c);
}
}
regex.append("$");
return regex.toString();
}

private boolean matchesValue(List<String> patterns, String value) {
return patterns.stream()
.anyMatch(pattern -> value.matches(wildcardToRegex(pattern)));
}

private boolean matchesFilters(Object resource, Map<String, List<String>> filters, String region) {
if (filters == null || filters.isEmpty()) {
return true;
Expand All @@ -1230,83 +1306,83 @@ private boolean matchesFilter(Object resource, String filterName, List<String> v
String tagKey = filterName.substring(4);
List<Tag> resourceTags = getResourceTags(resource);
return resourceTags.stream()
.anyMatch(t -> t.getKey().equals(tagKey) && values.contains(t.getValue()));
.anyMatch(t -> t.getKey().equals(tagKey) && matchesValue(values, t.getValue()));
}
if ("tag-key".equals(filterName)) {
List<Tag> resourceTags = getResourceTags(resource);
return resourceTags.stream().anyMatch(t -> values.contains(t.getKey()));
return resourceTags.stream().anyMatch(t -> matchesValue(values, t.getKey()));
}
if ("tag-value".equals(filterName)) {
List<Tag> resourceTags = getResourceTags(resource);
return resourceTags.stream().anyMatch(t -> values.contains(t.getValue()));
return resourceTags.stream().anyMatch(t -> matchesValue(values, t.getValue()));
}
// Resource-specific field filters
if (resource instanceof Vpc vpc) {
return switch (filterName) {
case "vpc-id" -> values.contains(vpc.getVpcId());
case "state" -> values.contains(vpc.getState());
case "isDefault", "is-default" -> values.contains(String.valueOf(vpc.isDefault()));
case "cidr" -> values.contains(vpc.getCidrBlock());
case "vpc-id" -> matchesValue(values, vpc.getVpcId());
case "state" -> matchesValue(values, vpc.getState());
case "isDefault", "is-default" -> matchesValue(values, String.valueOf(vpc.isDefault()));
case "cidr" -> matchesValue(values, vpc.getCidrBlock());
default -> true;
};
}
if (resource instanceof Subnet subnet) {
return switch (filterName) {
case "subnet-id" -> values.contains(subnet.getSubnetId());
case "vpc-id" -> values.contains(subnet.getVpcId());
case "state" -> values.contains(subnet.getState());
case "availabilityZone", "availability-zone" -> values.contains(subnet.getAvailabilityZone());
case "subnet-id" -> matchesValue(values, subnet.getSubnetId());
case "vpc-id" -> matchesValue(values, subnet.getVpcId());
case "state" -> matchesValue(values, subnet.getState());
case "availabilityZone", "availability-zone" -> matchesValue(values, subnet.getAvailabilityZone());
default -> true;
};
}
if (resource instanceof SecurityGroup sg) {
return switch (filterName) {
case "group-id" -> values.contains(sg.getGroupId());
case "group-name" -> values.contains(sg.getGroupName());
case "vpc-id" -> values.contains(sg.getVpcId());
case "group-id" -> matchesValue(values, sg.getGroupId());
case "group-name" -> matchesValue(values, sg.getGroupName());
case "vpc-id" -> matchesValue(values, sg.getVpcId());
default -> true;
};
}
if (resource instanceof Instance inst) {
return switch (filterName) {
case "instance-id" -> values.contains(inst.getInstanceId());
case "instance-state-name" -> values.contains(inst.getState().getName());
case "instance-type" -> values.contains(inst.getInstanceType());
case "vpc-id" -> values.contains(inst.getVpcId());
case "subnet-id" -> values.contains(inst.getSubnetId());
case "instance-id" -> matchesValue(values, inst.getInstanceId());
case "instance-state-name" -> matchesValue(values, inst.getState().getName());
case "instance-type" -> matchesValue(values, inst.getInstanceType());
case "vpc-id" -> matchesValue(values, inst.getVpcId());
case "subnet-id" -> matchesValue(values, inst.getSubnetId());
default -> true;
};
}
if (resource instanceof InternetGateway igw) {
return switch (filterName) {
case "internet-gateway-id" -> values.contains(igw.getInternetGatewayId());
case "internet-gateway-id" -> matchesValue(values, igw.getInternetGatewayId());
case "attachment.vpc-id" -> igw.getAttachments().stream()
.anyMatch(a -> values.contains(a.getVpcId()));
.anyMatch(a -> matchesValue(values, a.getVpcId()));
default -> true;
};
}
if (resource instanceof RouteTable rt) {
return switch (filterName) {
case "route-table-id" -> values.contains(rt.getRouteTableId());
case "vpc-id" -> values.contains(rt.getVpcId());
case "route-table-id" -> matchesValue(values, rt.getRouteTableId());
case "vpc-id" -> matchesValue(values, rt.getVpcId());
case "association.route-table-association-id" -> rt.getAssociations().stream()
.anyMatch(a -> values.contains(a.getRouteTableAssociationId()));
.anyMatch(a -> matchesValue(values, a.getRouteTableAssociationId()));
case "association.subnet-id" -> rt.getAssociations().stream()
.anyMatch(a -> a.getSubnetId() != null && values.contains(a.getSubnetId()));
.anyMatch(a -> a.getSubnetId() != null && matchesValue(values, a.getSubnetId()));
case "association.gateway-id" -> rt.getAssociations().stream()
.anyMatch(a -> a.getGatewayId() != null && values.contains(a.getGatewayId()));
.anyMatch(a -> a.getGatewayId() != null && matchesValue(values, a.getGatewayId()));
case "association.main" -> rt.getAssociations().stream()
.anyMatch(a -> values.contains(String.valueOf(a.isMain())));
.anyMatch(a -> matchesValue(values, String.valueOf(a.isMain())));
default -> true;
};
}
if (resource instanceof Volume vol) {
return switch (filterName) {
case "volume-id" -> values.contains(vol.getVolumeId());
case "status" -> values.contains(vol.getState());
case "volume-type" -> values.contains(vol.getVolumeType());
case "availability-zone" -> values.contains(vol.getAvailabilityZone());
case "encrypted" -> values.contains(String.valueOf(vol.isEncrypted()));
case "volume-id" -> matchesValue(values, vol.getVolumeId());
case "status" -> matchesValue(values, vol.getState());
case "volume-type" -> matchesValue(values, vol.getVolumeType());
case "availability-zone" -> matchesValue(values, vol.getAvailabilityZone());
case "encrypted" -> matchesValue(values, String.valueOf(vol.isEncrypted()));
default -> true;
};
}
Expand Down
130 changes: 128 additions & 2 deletions src/test/java/io/github/hectorvent/floci/services/ec2/Ec2IntegrationTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,17 @@
package io.github.hectorvent.floci.services.ec2;

import io.quarkus.test.junit.QuarkusTest;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.startsWith;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;

import io.quarkus.test.junit.QuarkusTest;
import static io.restassured.RestAssured.given;
import static org.hamcrest.Matchers.*;

/**
* Integration tests for EC2 via the EC2 Query Protocol (form-encoded POST, XML response).
Expand Down Expand Up @@ -1117,4 +1121,126 @@ void unsupportedAction() {
.statusCode(400)
.body("Response.Errors.Error.Code", equalTo("UnsupportedOperation"));
}

// =========================================================================
// Wildcard filtering
// =========================================================================

@Test
@Order(300)
void describeVpcsWithWildcardTagFilter() {
// Create a VPC with a specific tag value
String vpcWithWildcard = given()
.formParam("Action", "CreateVpc")
.formParam("CidrBlock", "10.1.0.0/16")
.header("Authorization", AUTH_HEADER)
.when()
.post("/")
.then()
.statusCode(200)
.extract().path("CreateVpcResponse.vpc.vpcId");

// Tag it with BEGINANDEND
given()
.formParam("Action", "CreateTags")
.formParam("ResourceId.1", vpcWithWildcard)
.formParam("Tag.1.Key", "Name")
.formParam("Tag.1.Value", "BEGINANDEND")
.header("Authorization", AUTH_HEADER)
.when()
.post("/")
.then()
.statusCode(200);

// Test exact match still works
given()
.formParam("Action", "DescribeVpcs")
.formParam("Filter.1.Name", "tag:Name")
.formParam("Filter.1.Value.1", "BEGINANDEND")
.header("Authorization", AUTH_HEADER)
.when()
.post("/")
.then()
.statusCode(200)
.body("DescribeVpcsResponse.vpcSet.item.vpcId", equalTo(vpcWithWildcard));

// Test wildcard with asterisk: BEGIN*END should match BEGINANDEND
given()
.formParam("Action", "DescribeVpcs")
.formParam("Filter.1.Name", "tag:Name")
.formParam("Filter.1.Value.1", "BEGIN*END")
.header("Authorization", AUTH_HEADER)
.when()
.post("/")
.then()
.statusCode(200)
.body("DescribeVpcsResponse.vpcSet.item.vpcId", equalTo(vpcWithWildcard));

// Test wildcard with middle asterisk: *AND* should match BEGINANDEND
given()
.formParam("Action", "DescribeVpcs")
.formParam("Filter.1.Name", "tag:Name")
.formParam("Filter.1.Value.1", "*AND*")
.header("Authorization", AUTH_HEADER)
.when()
.post("/")
.then()
.statusCode(200)
.body("DescribeVpcsResponse.vpcSet.item.vpcId", equalTo(vpcWithWildcard));

// Cleanup
given()
.formParam("Action", "DeleteVpc")
.formParam("VpcId", vpcWithWildcard)
.header("Authorization", AUTH_HEADER)
.when()
.post("/");
}

@Test
@Order(301)
void describeVpcsWithWildcardQuestionMark() {
// Create a VPC with a specific tag value
String vpcId1 = given()
.formParam("Action", "CreateVpc")
.formParam("CidrBlock", "10.2.0.0/16")
.header("Authorization", AUTH_HEADER)
.when()
.post("/")
.then()
.statusCode(200)
.extract().path("CreateVpcResponse.vpc.vpcId");

// Tag it with "test1"
given()
.formParam("Action", "CreateTags")
.formParam("ResourceId.1", vpcId1)
.formParam("Tag.1.Key", "Name")
.formParam("Tag.1.Value", "test1")
.header("Authorization", AUTH_HEADER)
.when()
.post("/")
.then()
.statusCode(200);

// Test wildcard with question mark: test? should match test1
given()
.formParam("Action", "DescribeVpcs")
.formParam("Filter.1.Name", "tag:Name")
.formParam("Filter.1.Value.1", "test?")
.header("Authorization", AUTH_HEADER)
.when()
.post("/")
.then()
.statusCode(200)
.body("DescribeVpcsResponse.vpcSet.item.vpcId", equalTo(vpcId1));

// Cleanup
given()
.formParam("Action", "DeleteVpc")
.formParam("VpcId", vpcId1)
.header("Authorization", AUTH_HEADER)
.when()
.post("/");
}
}
Loading