cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kous...@apache.org
Subject [4/4] git commit: refs/heads/cisco-vnmc-api-integration - Added logic for revoking ACL, PF and Static NAT rules
Date Fri, 08 Mar 2013 09:58:05 GMT
Updated Branches:
  refs/heads/cisco-vnmc-api-integration fb23c5036 -> ef069b332


Added logic for revoking ACL, PF and Static NAT rules


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/ef069b33
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/ef069b33
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/ef069b33

Branch: refs/heads/cisco-vnmc-api-integration
Commit: ef069b33235c9d9864749fcfec878c2c255b8c10
Parents: 4c65b70
Author: Koushik Das <koushik.das@citrix.com>
Authored: Fri Mar 8 15:26:26 2013 +0530
Committer: Koushik Das <koushik.das@citrix.com>
Committed: Fri Mar 8 15:26:26 2013 +0530

----------------------------------------------------------------------
 .../network/cisco/create-acl-policy-set.xml        |    2 +-
 .../scripts/network/cisco/delete-rule.xml          |   12 +--
 .../cloud/network/cisco/CiscoVnmcConnection.java   |   15 ++-
 .../network/cisco/CiscoVnmcConnectionImpl.java     |   48 ++++++--
 .../cloud/network/resource/CiscoVnmcResource.java  |   95 +++++++--------
 5 files changed, 97 insertions(+), 75 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ef069b33/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
index a8aeaba..f2045a1 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
@@ -4,7 +4,7 @@
   <inConfigs>
     <pair key="%aclpolicysetdn%">
       <policyPolicySet
-      descr=""
+      descr="%descr%"
       dn="%aclpolicysetdn%"
       name="%aclpolicysetname%"
       status="created"/>

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ef069b33/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml
index 92354b0..2c8da08 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml
@@ -1,17 +1,13 @@
-
 <configConfMos
   cookie="%cookie%"
   inHierarchical="false">
   <inConfigs>
-
-    <pair key="%aclruledn%">
+    <pair key="%ruledn%">
       <policyRule
         descr=""
-        dn="%aclruledn%"
-        name="%aclrulename%"
-        order="300"
+        dn="%ruledn%"
+        name="%rulename%"
         status="deleted"/>
     </pair>
-
   </inConfigs>
-</configConfMos>
\ No newline at end of file
+</configConfMos>

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ef069b33/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
index abad8ad..59a605e 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
@@ -78,6 +78,10 @@ public interface CiscoVnmcConnection {
             String publicIp)
             throws ExecutionException;
 
+    public boolean deleteTenantVDCDNatRule(String tenantName,
+            String identifier, String policyIdentifier)
+            throws ExecutionException;
+
     public boolean createTenantVDCIngressAclRuleForDNat(String tenantName,
             String identifier, String policyIdentifier,
             String publicIp)
@@ -105,6 +109,10 @@ public interface CiscoVnmcConnection {
             String startPort, String endPort)
             throws ExecutionException;
 
+    public boolean deleteTenantVDCPFRule(String tenantName,
+            String identifier, String policyIdentifier)
+            throws ExecutionException;
+
     public boolean createTenantVDCIngressAclRuleForPF(String tenantName,
             String identifier, String policyIdentifier,
             String protocol, String publicIp,
@@ -129,15 +137,14 @@ public interface CiscoVnmcConnection {
     public boolean associateNatPolicySet(String tenantName)
             throws ExecutionException;
 
-    public boolean createIngressAclRule(String tenantName,
+    public boolean createTenantVDCIngressAclRule(String tenantName,
             String identifier, String policyIdentifier,
             String protocol, String sourceStartIp, String sourceEndIp,
             String destStartPort, String destEndPort, String destIp)
             throws ExecutionException;
 
-    public boolean deleteAclRule(String policyIdentifier,
-            String identifier, String destIp)
-            throws ExecutionException;
+    public boolean deleteTenantVDCAclRule(String tenantName,
+            String identifier, String policyIdentifier) throws ExecutionException;
 
     public boolean createTenantVDCAclPolicy(String tenantName, String identifier,
             boolean ingress) throws ExecutionException;

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ef069b33/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
index 5a1755c..e7c7091 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
@@ -92,7 +92,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         LIST_ACL_POLICIES("list-acl-policies.xml", "policy-mgr"),
         CREATE_ACL_POLICY_REF("create-acl-policy-ref.xml", "policy-mgr"),
         CREATE_INGRESS_ACL_RULE("create-ingress-acl-rule.xml", "policy-mgr"),
-        DELETE_ACL_RULE("delete-acl-rule.xml", "policy-mgr"),
+
+        DELETE_RULE("delete-rule.xml", "policy-mgr"),
 
         LIST_CHILDREN("list-children.xml", "policy-mgr"),
 
@@ -632,7 +633,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         String xml = VnmcXml.CREATE_ACL_POLICY_SET.getXml();
         String service = VnmcXml.CREATE_ACL_POLICY_SET.getService();
         xml = replaceXmlValue(xml, "cookie", _cookie);
-        //xml = replaceXmlValue(xml, "descr", "ACL policy set for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "descr", "ACL policy set for Tenant VDC " + tenantName);
         xml = replaceXmlValue(xml, "aclpolicysetname", getNameForAclPolicySet(tenantName,
ingress));
         xml = replaceXmlValue(xml, "aclpolicysetdn", getDnForAclPolicySet(tenantName, ingress));
 
@@ -670,7 +671,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
     }
 
     @Override
-    public boolean createIngressAclRule(String tenantName,
+    public boolean createTenantVDCIngressAclRule(String tenantName,
             String identifier, String policyIdentifier,
             String protocol, String sourceStartIp, String sourceEndIp,
             String destStartPort, String destEndPort, String destIp) throws ExecutionException
{
@@ -700,15 +701,10 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection
{
     }
 
     @Override
-    public boolean deleteAclRule(String tenantName, String identifier, String policyIdentifier)
throws ExecutionException {
-        String xml = VnmcXml.DELETE_ACL_RULE.getXml();
-        String service = VnmcXml.DELETE_ACL_RULE.getService();
-        xml = replaceXmlValue(xml, "cookie", _cookie);
-        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
-        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
-
-        String response =  sendRequest(service, xml);
-        return verifySuccess(response);
+    public boolean deleteTenantVDCAclRule(String tenantName, String identifier, String policyIdentifier)
throws ExecutionException {
+        return deleteTenantVDCRule(
+                getDnForAclRule(tenantName, identifier, policyIdentifier),
+                getNameForAclRule(tenantName, identifier));
     }
 
     private String getNameForPFPortPool(String tenantName, String identifier) {
@@ -796,6 +792,17 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         return verifySuccess(response);
     }
 
+    private boolean deleteTenantVDCRule(String ruledn, String ruleName) throws ExecutionException
{
+        String xml = VnmcXml.DELETE_RULE.getXml();
+        String service = VnmcXml.DELETE_RULE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "ruledn", ruledn);
+        xml = replaceXmlValue(xml, "rulename", ruleName);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
     private List<String> listNatPolicies(String tenantName) throws ExecutionException
{
 
         String xml = VnmcXml.LIST_NAT_POLICIES.getXml();
@@ -929,6 +936,14 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
     }
 
     @Override
+    public boolean deleteTenantVDCPFRule(String tenantName, String identifier,
+            String policyIdentifier) throws ExecutionException {
+        return deleteTenantVDCRule(
+                getDnForPFRule(tenantName, identifier, policyIdentifier),
+                getNameForPFRule(tenantName, identifier));
+    }
+
+    @Override
     public boolean createTenantVDCIngressAclRuleForPF(String tenantName,
             String identifier, String policyIdentifier, String protocol,
             String publicIp, String startPort, String endPort)
@@ -1041,6 +1056,15 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection
{
     }
 
     @Override
+    public boolean deleteTenantVDCDNatRule(String tenantName,
+            String identifier, String policyIdentifier)
+            throws ExecutionException {
+        return deleteTenantVDCRule(
+                getDnForDNatRule(tenantName, identifier, policyIdentifier),
+                getNameForDNatRule(tenantName, identifier));
+    }
+
+    @Override
     public boolean createTenantVDCIngressAclRuleForDNat(String tenantName,
             String identifier, String policyIdentifier, String publicIp)
             throws ExecutionException {

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ef069b33/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
index 16aaed2..321046b 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@@ -71,10 +71,6 @@ public class CiscoVnmcResource implements ServerResource{
     private String _password;
     private String _guid;
     private Integer _numRetries;
-    private String _publicZone;
-    private String _privateZone;
-    private String _publicInterface;
-    private String _privateInterface;
 
     CiscoVnmcConnectionImpl _connection;
 
@@ -140,26 +136,6 @@ public class CiscoVnmcResource implements ServerResource{
                 throw new ConfigurationException("Unable to find password");
             }            
 
-            _publicInterface = (String) params.get("publicinterface");
-            if (_publicInterface == null) {
-                //throw new ConfigurationException("Unable to find public interface.");
-            }
-
-            _privateInterface = (String) params.get("privateinterface");
-            if (_privateInterface == null) {
-                //throw new ConfigurationException("Unable to find private interface.");
-            }
-
-            _publicZone = (String) params.get("publiczone");
-            if (_publicZone == null) {
-                _publicZone = "untrust";
-            }
-
-            _privateZone = (String) params.get("privatezone");
-            if (_privateZone == null) {
-                _privateZone = "trust";
-            }
-
             _guid = (String)params.get("guid");
             if (_guid == null) {
                 throw new ConfigurationException("Unable to find the guid");
@@ -265,6 +241,20 @@ public class CiscoVnmcResource implements ServerResource{
         return new IpAssocAnswer(cmd, results);
     }
 
+    private String[] getIpRangeFromCidr(String cidr) {
+        String[] result = new String[2];
+        String[] cidrData = cidr.split("\\/");
+        assert (cidrData.length == 2) : "Something is wrong with source cidr " + cidr;
+        long size = Long.valueOf(cidrData[1]);
+        result[0] = cidrData[0];
+        result[1] = cidrData[0];
+        if (size < 32) {
+            result[0] = NetUtils.getIpRangeStartIpFromCidr(cidrData[0], size);
+            result[1] = NetUtils.getIpRangeEndIpFromCidr(cidrData[0], size);
+        }
+        return result;
+    }
+
     /*
      * Source NAT
      */
@@ -285,6 +275,7 @@ public class CiscoVnmcResource implements ServerResource{
             if (!_connection.createTenantVDCSourceNatPolicy(tenant, policyIdentifier)) {
                 throw new Exception("Failed to create source NAT policy in VNMC for guest
network with vlan " + vlanId);
             }
+
             if (!_connection.createTenantVDCSourceNatPolicyRef(tenant, policyIdentifier))
{
                 throw new Exception("Failed to associate source NAT policy with NAT policy
set in VNMC for guest network with vlan " + vlanId);
             }
@@ -293,13 +284,8 @@ public class CiscoVnmcResource implements ServerResource{
                 throw new Exception("Failed to create source NAT ip pool in VNMC for guest
network with vlan " + vlanId);
             }
 
-            String cidr = cmd.getContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR);
-            String[] result = cidr.split("\\/");
-            assert (result.length == 2) : "Something is wrong with guest cidr " + cidr;
-            long size = Long.valueOf(result[1]);
-            String startIp = NetUtils.getIpRangeStartIpFromCidr(result[0], size);
-            String endIp = NetUtils.getIpRangeEndIpFromCidr(result[0], size);
-            if (!_connection.createTenantVDCSourceNatRule(tenant, policyIdentifier, startIp,
endIp)) {
+            String[] ipRange = getIpRangeFromCidr(cmd.getContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR));
+            if (!_connection.createTenantVDCSourceNatRule(tenant, policyIdentifier, ipRange[0],
ipRange[1])) {
                 throw new Exception("Failed to create source NAT rule in VNMC for guest network
with vlan " + vlanId);
             }
 
@@ -362,22 +348,14 @@ public class CiscoVnmcResource implements ServerResource{
 
                 for (FirewallRuleTO rule : publicIpRulesMap.get(publicIp)) {
                     if (rule.revoked()) {
-                        //_connection.deleteAclRule(tenant, Long.toString(rule.getId()),
publicIp);
-                    } else {
-                        String cidr = rule.getSourceCidrList().get(0);
-                        String[] result = cidr.split("\\/");
-                        assert (result.length == 2) : "Something is wrong with source cidr
" + cidr;
-                        long size = Long.valueOf(result[1]);
-                        String externalStartIp = result[0];
-                        String externalEndIp = result[0];
-                        if (size < 32) {
-                            externalStartIp = NetUtils.getIpRangeStartIpFromCidr(result[0],
size);
-                            externalEndIp = NetUtils.getIpRangeEndIpFromCidr(result[0], size);
+                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()),
publicIp)) {
+                            throw new Exception("Failed to delete ACL ingress rule in VNMC
for guest network with vlan " + vlanId);
                         }
-
-                        if (!_connection.createIngressAclRule(tenant,
+                    } else {
+                        String[] externalIpRange = getIpRangeFromCidr(rule.getSourceCidrList().get(0));
+                        if (!_connection.createTenantVDCIngressAclRule(tenant,
                                 Long.toString(rule.getId()), policyIdentifier,
-                                rule.getProtocol().toUpperCase(), externalStartIp, externalEndIp,
+                                rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1],
                                 Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]),
publicIp)) {
                             throw new Exception("Failed to create ACL ingress rule in VNMC
for guest network with vlan " + vlanId);
                         }
@@ -426,6 +404,10 @@ public class CiscoVnmcResource implements ServerResource{
                 throw new Exception("Failed to create NAT policy set in VNMC for guest network
with vlan " + vlanId);
             }
 
+            if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
+                throw new Exception("Failed to create ACL ingress policy set in VNMC for
guest network with vlan " + vlanId);
+            }
+
             for (String publicIp : publicIpRulesMap.keySet()) {
                 String policyIdentifier = publicIp.replace('.', '-');
 
@@ -449,8 +431,13 @@ public class CiscoVnmcResource implements ServerResource{
 
                 for (StaticNatRuleTO rule : publicIpRulesMap.get(publicIp)) {
                     if (rule.revoked()) {
-                        //_connection.deleteDNatRule(tenant, Long.toString(rule.getId()),
policyIdentifier);
-                        //_connection.deleteAclRule(tenant, Long.toString(rule.getId()),
policyIdentifier);
+                        if (!_connection.deleteTenantVDCDNatRule(tenant, Long.toString(rule.getId()),
policyIdentifier)) {
+                            throw new Exception("Failed to delete DNAT rule in VNMC for guest
network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()),
policyIdentifier)) {
+                            throw new Exception("Failed to delete ACL ingress rule for DNAT
in VNMC for guest network with vlan " + vlanId);
+                        }
                     } else {
                         if (!_connection.createTenantVDCDNatIpPool(tenant, policyIdentifier
+ "-" + rule.getId(), rule.getDstIp())) {
                             throw new Exception("Failed to create DNAT ip pool in VNMC for
guest network with vlan " + vlanId);
@@ -509,6 +496,10 @@ public class CiscoVnmcResource implements ServerResource{
                 throw new Exception("Failed to create NAT policy set in VNMC for guest network
with vlan " + vlanId);
             }
 
+            if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
+                throw new Exception("Failed to create ACL ingress policy set in VNMC for
guest network with vlan " + vlanId);
+            }
+
             for (String publicIp : publicIpRulesMap.keySet()) {
                 String policyIdentifier = publicIp.replace('.', '-');
 
@@ -532,13 +523,17 @@ public class CiscoVnmcResource implements ServerResource{
 
                 for (PortForwardingRuleTO rule : publicIpRulesMap.get(publicIp)) {
                     if (rule.revoked()) {
-                        //_connection.deletePFRule(tenant, Long.toString(rule.getId()), policyIdentifier);
-                        //_connection.deleteAclRule(tenant, Long.toString(rule.getId()),
policyIdentifier);
+                        if (!_connection.deleteTenantVDCPFRule(tenant, Long.toString(rule.getId()),
policyIdentifier)) {
+                            throw new Exception("Failed to delete PF rule in VNMC for guest
network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()),
policyIdentifier)) {
+                            throw new Exception("Failed to delete ACL ingress rule for PF
in VNMC for guest network with vlan " + vlanId);
+                        }
                     } else {
                         if (!_connection.createTenantVDCPFIpPool(tenant, policyIdentifier
+ "-" + rule.getId(), rule.getDstIp())) {
                             throw new Exception("Failed to create PF ip pool in VNMC for
guest network with vlan " + vlanId);
                         }
-
                         if (!_connection.createTenantVDCPFPortPool(tenant, policyIdentifier
+ "-" + rule.getId(),
                                 Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1])))
{
                             throw new Exception("Failed to create PF port pool in VNMC for
guest network with vlan " + vlanId);


Mime
View raw message