Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7A05810A66 for ; Fri, 3 May 2013 13:15:03 +0000 (UTC) Received: (qmail 85689 invoked by uid 500); 3 May 2013 13:14:58 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 85621 invoked by uid 500); 3 May 2013 13:14:58 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 80381 invoked by uid 99); 3 May 2013 13:14:45 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 May 2013 13:14:45 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id CE730886092; Fri, 3 May 2013 13:14:44 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: kishan@apache.org To: commits@cloudstack.apache.org Date: Fri, 03 May 2013 13:15:27 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [45/50] [abbrv] git commit: updated refs/heads/network_acl to 1609d01 CLOUDSTACK-763: Added replaceNetworkACLList API. Added support for ACL action allow/deny and also number Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/604754d1 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/604754d1 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/604754d1 Branch: refs/heads/network_acl Commit: 604754d1db5ac73590e650676c09d544ca861b84 Parents: 0d5e950 Author: Kishan Kavala Authored: Tue Apr 23 10:54:44 2013 +0530 Committer: Kishan Kavala Committed: Fri May 3 18:34:18 2013 +0530 ---------------------------------------------------------------------- .../agent/api/routing/SetNetworkACLCommand.java | 19 +- api/src/com/cloud/agent/api/to/NetworkACLTO.java | 35 +- api/src/com/cloud/event/EventTypes.java | 3 + api/src/com/cloud/network/Network.java | 1 + api/src/com/cloud/network/NetworkProfile.java | 7 + .../network/element/NetworkACLServiceProvider.java | 3 +- .../cloud/network/firewall/NetworkACLService.java | 15 +- api/src/com/cloud/network/vpc/NetworkACL.java | 3 +- api/src/com/cloud/network/vpc/NetworkACLItem.java | 87 +++ .../org/apache/cloudstack/api/ApiConstants.java | 1 + .../apache/cloudstack/api/ResponseGenerator.java | 14 +- .../command/user/network/CreateNetworkACLCmd.java | 107 ++--- .../user/network/CreateNetworkACLListCmd.java | 6 +- .../command/user/network/DeleteNetworkACLCmd.java | 7 +- .../user/network/DeleteNetworkACLListCmd.java | 4 +- .../user/network/ListNetworkACLListsCmd.java | 12 +- .../command/user/network/ListNetworkACLsCmd.java | 15 +- .../user/network/ReplaceNetworkACLListCmd.java | 107 ++++ .../api/response/NetworkACLItemResponse.java | 106 ++++ .../api/response/NetworkACLListResponse.java | 57 -- .../api/response/NetworkACLResponse.java | 78 +-- client/tomcatconf/applicationContext.xml.in | 1 + client/tomcatconf/commands.properties.in | 1 + server/src/com/cloud/api/ApiDBUtils.java | 28 +- server/src/com/cloud/api/ApiResponseHelper.java | 25 +- .../src/com/cloud/network/NetworkManagerImpl.java | 4 +- server/src/com/cloud/network/dao/NetworkDao.java | 2 + .../src/com/cloud/network/dao/NetworkDaoImpl.java | 9 + server/src/com/cloud/network/dao/NetworkVO.java | 12 + .../network/element/VpcVirtualRouterElement.java | 8 +- .../network/firewall/FirewallManagerImpl.java | 4 +- .../router/VpcVirtualNetworkApplianceManager.java | 7 +- .../VpcVirtualNetworkApplianceManagerImpl.java | 29 +- .../com/cloud/network/vpc/NetworkACLItemDao.java | 44 ++ .../com/cloud/network/vpc/NetworkACLItemVO.java | 198 +++++++ .../com/cloud/network/vpc/NetworkACLManager.java | 9 +- .../cloud/network/vpc/NetworkACLManagerImpl.java | 424 +++++++-------- server/src/com/cloud/network/vpc/NetworkACLVO.java | 10 + .../network/vpc/dao/NetworkACLItemDaoImpl.java | 147 +++++ .../src/com/cloud/server/ManagementServerImpl.java | 1 + setup/db/db/schema-410to420.sql | 9 +- 41 files changed, 1138 insertions(+), 521 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/com/cloud/agent/api/routing/SetNetworkACLCommand.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/agent/api/routing/SetNetworkACLCommand.java b/api/src/com/cloud/agent/api/routing/SetNetworkACLCommand.java index dba7354..d876c61 100644 --- a/api/src/com/cloud/agent/api/routing/SetNetworkACLCommand.java +++ b/api/src/com/cloud/agent/api/routing/SetNetworkACLCommand.java @@ -17,6 +17,9 @@ package com.cloud.agent.api.routing; +import java.util.Arrays; +import java.util.Collections; +import java.util.Comparator; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -42,11 +45,17 @@ public class SetNetworkACLCommand extends NetworkElementCommand{ public String[][] generateFwRules() { String [][] result = new String [2][]; Set toAdd = new HashSet(); + List aclList = Arrays.asList(rules); + Collections.sort(aclList, new Comparator() { + @Override + public int compare(NetworkACLTO acl1, NetworkACLTO acl2) { + return acl1.getNumber() > acl2.getNumber() ? 1 : -1; + } + }); - - for (NetworkACLTO aclTO: rules) { - /* example : Ingress:tcp:80:80:0.0.0.0/0:,Egress:tcp:220:220:0.0.0.0/0:, - * each entry format Ingress/Egress:protocol:start port: end port:scidrs: + for (NetworkACLTO aclTO: aclList) { + /* example : Ingress:tcp:80:80:0.0.0.0/0:ACCEPT:,Egress:tcp:220:220:0.0.0.0/0:DROP:, + * each entry format Ingress/Egress:protocol:start port: end port:scidrs:action: * reverted entry format Ingress/Egress:reverted:0:0:0: */ if (aclTO.revoked() == true) @@ -80,7 +89,7 @@ public class SetNetworkACLCommand extends NetworkElementCommand{ firstEntry = false; } } - sb.append(":"); + sb.append(":").append(aclTO.getAction()).append(":"); String aclRuleEntry = sb.toString(); toAdd.add(aclRuleEntry); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/com/cloud/agent/api/to/NetworkACLTO.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/agent/api/to/NetworkACLTO.java b/api/src/com/cloud/agent/api/to/NetworkACLTO.java index 8818e13..48de40c 100644 --- a/api/src/com/cloud/agent/api/to/NetworkACLTO.java +++ b/api/src/com/cloud/agent/api/to/NetworkACLTO.java @@ -20,10 +20,10 @@ package com.cloud.agent.api.to; import java.util.ArrayList; import java.util.List; +import com.cloud.network.vpc.NetworkACLItem; +import com.cloud.network.vpc.NetworkACLItem.TrafficType; import org.apache.cloudstack.api.InternalIdentity; -import com.cloud.network.rules.FirewallRule; -import com.cloud.network.rules.FirewallRule.TrafficType; import com.cloud.utils.net.NetUtils; @@ -37,15 +37,16 @@ public class NetworkACLTO implements InternalIdentity { private List cidrList; private Integer icmpType; private Integer icmpCode; - private FirewallRule.TrafficType trafficType; - + private TrafficType trafficType; + String action; + int number; protected NetworkACLTO() { } public NetworkACLTO(long id,String vlanTag, String protocol, Integer portStart, Integer portEnd, boolean revoked, - boolean alreadyAdded, List cidrList, Integer icmpType,Integer icmpCode,TrafficType trafficType) { + boolean alreadyAdded, List cidrList, Integer icmpType,Integer icmpCode,TrafficType trafficType, boolean allow, int number) { this.vlanTag = vlanTag; this.protocol = protocol; @@ -70,12 +71,20 @@ public class NetworkACLTO implements InternalIdentity { this.icmpType = icmpType; this.icmpCode = icmpCode; this.trafficType = trafficType; + + if(allow){ + this.action = "ACCEPT"; + } else { + this.action = "DROP"; + } + + this.number = number; } - public NetworkACLTO(FirewallRule rule, String vlanTag, FirewallRule.TrafficType trafficType ) { + public NetworkACLTO(NetworkACLItem rule, String vlanTag, NetworkACLItem.TrafficType trafficType ) { this(rule.getId(), vlanTag, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), - rule.getState() == FirewallRule.State.Revoke, rule.getState() == FirewallRule.State.Active, - rule.getSourceCidrList() ,rule.getIcmpType(), rule.getIcmpCode(),trafficType); + rule.getState() == NetworkACLItem.State.Revoke, rule.getState() == NetworkACLItem.State.Active, + rule.getSourceCidrList() ,rule.getIcmpType(), rule.getIcmpCode(),trafficType, rule.getAction() == NetworkACLItem.Action.Allow, rule.getNumber()); } public long getId() { @@ -121,7 +130,15 @@ public class NetworkACLTO implements InternalIdentity { return alreadyAdded; } - public FirewallRule.TrafficType getTrafficType() { + public TrafficType getTrafficType() { return trafficType; } + + public String getAction() { + return action; + } + + public int getNumber(){ + return number; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/com/cloud/event/EventTypes.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java index 06f652f..81dea38 100755 --- a/api/src/com/cloud/event/EventTypes.java +++ b/api/src/com/cloud/event/EventTypes.java @@ -338,6 +338,9 @@ public class EventTypes { public static final String EVENT_NETWORK_ACL_CREATE = "NETWORK.ACL.CREATE"; public static final String EVENT_NETWORK_ACL_UPDATE = "NETWORK.ACL.UPDATE"; public static final String EVENT_NETWORK_ACL_DELETE = "NETWORK.ACL.DELETE"; + public static final String EVENT_NETWORK_ACL_REPLACE = "NETWORK.ACL.REPLACE"; + public static final String EVENT_NETWORK_ACL_ITEM_CREATE = "NETWORK.ACL.ITEM.CREATE"; + public static final String EVENT_NETWORK_ACL_ITEM_DELETE = "NETWORK.ACL.ITEM.DELETE"; // VPC offerings public static final String EVENT_VPC_OFFERING_CREATE = "VPC.OFFERING.CREATE"; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/com/cloud/network/Network.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/network/Network.java b/api/src/com/cloud/network/Network.java index 4472dba..0b20122 100644 --- a/api/src/com/cloud/network/Network.java +++ b/api/src/com/cloud/network/Network.java @@ -324,4 +324,5 @@ public interface Network extends ControlledEntity, StateObject, I */ Long getVpcId(); + Long getNetworkACLId(); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/com/cloud/network/NetworkProfile.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/network/NetworkProfile.java b/api/src/com/cloud/network/NetworkProfile.java index 2f56645..568edf7 100644 --- a/api/src/com/cloud/network/NetworkProfile.java +++ b/api/src/com/cloud/network/NetworkProfile.java @@ -52,6 +52,7 @@ public class NetworkProfile implements Network { private boolean restartRequired; private boolean specifyIpRanges; private Long vpcId; + private Long networkAclId; public NetworkProfile(Network network) { this.id = network.getId(); @@ -81,6 +82,7 @@ public class NetworkProfile implements Network { this.restartRequired = network.isRestartRequired(); this.specifyIpRanges = network.getSpecifyIpRanges(); this.vpcId = network.getVpcId(); + this.networkAclId = network.getNetworkACLId(); } public String getDns1() { @@ -237,6 +239,11 @@ public class NetworkProfile implements Network { } @Override + public Long getNetworkACLId() { + return networkAclId; + } + + @Override public void setTrafficType(TrafficType type) { this.trafficType = type; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/com/cloud/network/element/NetworkACLServiceProvider.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/network/element/NetworkACLServiceProvider.java b/api/src/com/cloud/network/element/NetworkACLServiceProvider.java index 4073b07..dac0a25 100644 --- a/api/src/com/cloud/network/element/NetworkACLServiceProvider.java +++ b/api/src/com/cloud/network/element/NetworkACLServiceProvider.java @@ -21,6 +21,7 @@ import java.util.List; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.Network; import com.cloud.network.rules.FirewallRule; +import com.cloud.network.vpc.NetworkACLItem; public interface NetworkACLServiceProvider extends NetworkElement{ @@ -30,6 +31,6 @@ public interface NetworkACLServiceProvider extends NetworkElement{ * @return * @throws ResourceUnavailableException */ - boolean applyNetworkACLs(Network config, List rules) throws ResourceUnavailableException; + boolean applyNetworkACLs(Network config, List rules) throws ResourceUnavailableException; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/com/cloud/network/firewall/NetworkACLService.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/network/firewall/NetworkACLService.java b/api/src/com/cloud/network/firewall/NetworkACLService.java index 8621e48..ae46d83 100644 --- a/api/src/com/cloud/network/firewall/NetworkACLService.java +++ b/api/src/com/cloud/network/firewall/NetworkACLService.java @@ -20,36 +20,37 @@ package com.cloud.network.firewall; import java.util.List; import com.cloud.network.vpc.NetworkACL; +import com.cloud.network.vpc.NetworkACLItem; +import org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd; import org.apache.cloudstack.api.command.user.network.CreateNetworkACLListCmd; import org.apache.cloudstack.api.command.user.network.ListNetworkACLListsCmd; import org.apache.cloudstack.api.command.user.network.ListNetworkACLsCmd; import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.ResourceUnavailableException; -import com.cloud.network.rules.FirewallRule; import com.cloud.user.Account; import com.cloud.utils.Pair; public interface NetworkACLService { - FirewallRule getNetworkACLItem(long ruleId); - boolean applyNetworkACLs(long networkId, Account caller) throws ResourceUnavailableException; + NetworkACLItem getNetworkACLItem(long ruleId); + boolean applyNetworkACLtoNetworks(long aclId, Account caller) throws ResourceUnavailableException; /** * @param createNetworkACLCmd * @return */ - FirewallRule createNetworkACLItem(FirewallRule acl) throws NetworkRuleConflictException; + NetworkACLItem createNetworkACLItem(CreateNetworkACLCmd aclItemCmd) throws NetworkRuleConflictException; /** * @param ruleId * @param apply * @return */ - boolean revokeNetworkACL(long ruleId, boolean apply); + boolean revokeNetworkACLItem(long ruleId, boolean apply); /** * @param listNetworkACLsCmd * @return */ - Pair, Integer> listNetworkACLItems(ListNetworkACLsCmd cmd); + Pair, Integer> listNetworkACLItems(ListNetworkACLsCmd cmd); NetworkACL createNetworkACL(CreateNetworkACLListCmd cmd); @@ -58,4 +59,6 @@ public interface NetworkACLService { boolean deleteNetworkACL(long id); Pair,Integer> listNetworkACLs(ListNetworkACLListsCmd listNetworkACLListsCmd); + + boolean replaceNetworkACL(long aclId, long networkId); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/com/cloud/network/vpc/NetworkACL.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/network/vpc/NetworkACL.java b/api/src/com/cloud/network/vpc/NetworkACL.java index 8839ffd..1b171e3 100644 --- a/api/src/com/cloud/network/vpc/NetworkACL.java +++ b/api/src/com/cloud/network/vpc/NetworkACL.java @@ -17,9 +17,10 @@ package com.cloud.network.vpc; +import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.api.InternalIdentity; -public interface NetworkACL extends InternalIdentity{ +public interface NetworkACL extends InternalIdentity, ControlledEntity{ String getDescription(); String getUuid(); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/com/cloud/network/vpc/NetworkACLItem.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/network/vpc/NetworkACLItem.java b/api/src/com/cloud/network/vpc/NetworkACLItem.java new file mode 100644 index 0000000..9cce187 --- /dev/null +++ b/api/src/com/cloud/network/vpc/NetworkACLItem.java @@ -0,0 +1,87 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.vpc; + +import org.apache.cloudstack.acl.ControlledEntity; +import org.apache.cloudstack.api.Identity; +import org.apache.cloudstack.api.InternalIdentity; + +import java.util.List; + +public interface NetworkACLItem extends InternalIdentity { + + String getUuid(); + + Action getAction(); + + int getNumber(); + + enum NetworkACLType { + System, // The pre-defined rules created by admin, in the system wide + User // the rules created by user, to a specific ip + } + + enum State { + Staged, // Rule been created but has never got through network rule conflict detection. Rules in this state can not be sent to network elements. + Add, // Add means the rule has been created and has gone through network rule conflict detection. + Active, // Rule has been sent to the network elements and reported to be active. + Revoke // Revoke means this rule has been revoked. If this rule has been sent to the network elements, the rule will be deleted from database. + } + + enum TrafficType { + Ingress, + Egress + } + + enum Action { + Allow, + Deny + } + + /** + * @return first port of the source port range. + */ + Integer getSourcePortStart(); + + /** + * @return last port of the source prot range. If this is null, that means only one port is mapped. + */ + Integer getSourcePortEnd(); + + /** + * @return protocol to open these ports for. + */ + String getProtocol(); + + State getState(); + + long getACLId(); + + Integer getIcmpCode(); + + Integer getIcmpType(); + + List getSourceCidrList(); + + NetworkACLType getType(); + + /** + * @return + */ + TrafficType getTrafficType(); + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/org/apache/cloudstack/api/ApiConstants.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java index 1165c7b..733dda4 100755 --- a/api/src/org/apache/cloudstack/api/ApiConstants.java +++ b/api/src/org/apache/cloudstack/api/ApiConstants.java @@ -482,6 +482,7 @@ public class ApiConstants { public static final String AFFINITY_GROUP_NAMES = "affinitygroupnames"; public static final String ASA_INSIDE_PORT_PROFILE = "insideportprofile"; public static final String AFFINITY_GROUP_ID = "affinitygroupid"; + public static final String ACL_ID = "aclid"; public enum HostDetails { all, capacity, events, stats, min; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/org/apache/cloudstack/api/ResponseGenerator.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/ResponseGenerator.java b/api/src/org/apache/cloudstack/api/ResponseGenerator.java index a681fe0..e7f4203 100644 --- a/api/src/org/apache/cloudstack/api/ResponseGenerator.java +++ b/api/src/org/apache/cloudstack/api/ResponseGenerator.java @@ -20,17 +20,15 @@ import java.text.DecimalFormat; import java.util.EnumSet; import java.util.List; -<<<<<<< HEAD -import com.cloud.vm.NicSecondaryIp; -import org.apache.cloudstack.affinity.AffinityGroup; -import org.apache.cloudstack.affinity.AffinityGroupResponse; -======= import com.cloud.network.vpc.NetworkACL; +import com.cloud.network.vpc.NetworkACLItem; import com.cloud.network.vpc.PrivateGateway; import com.cloud.network.vpc.StaticRoute; import com.cloud.network.vpc.Vpc; import com.cloud.network.vpc.VpcOffering; ->>>>>>> CLOUDSTACK-763: Added APIs to create, delete and list NetworkACLlist. +import com.cloud.vm.NicSecondaryIp; +import org.apache.cloudstack.affinity.AffinityGroup; +import org.apache.cloudstack.affinity.AffinityGroupResponse; import org.apache.cloudstack.api.ApiConstants.HostDetails; import org.apache.cloudstack.api.ApiConstants.VMDetails; import org.apache.cloudstack.api.command.user.job.QueryAsyncJobResultCmd; @@ -357,13 +355,13 @@ public interface ResponseGenerator { * @param networkACLItem * @return */ - NetworkACLResponse createNetworkACLItemResponse(FirewallRule networkACLItem); + NetworkACLItemResponse createNetworkACLItemResponse(NetworkACLItem networkACLItem); /** * @param networkACL * @return */ - NetworkACLListResponse createNetworkACLResponse(NetworkACL networkACL); + NetworkACLResponse createNetworkACLResponse(NetworkACL networkACL); /** * @param result http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java index ae1ea90..b6c0eb6 100644 --- a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java @@ -19,6 +19,9 @@ package org.apache.cloudstack.api.command.user.network; import java.util.ArrayList; import java.util.List; +import com.cloud.network.vpc.NetworkACL; +import com.cloud.network.vpc.NetworkACLItem; +import com.cloud.network.vpc.NetworkACLItem.NetworkACLType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -26,6 +29,7 @@ import org.apache.cloudstack.api.BaseAsyncCmd; import org.apache.cloudstack.api.BaseAsyncCreateCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; +import org.apache.cloudstack.api.response.NetworkACLItemResponse; import org.apache.cloudstack.api.response.NetworkACLResponse; import org.apache.cloudstack.api.response.NetworkResponse; import org.apache.log4j.Logger; @@ -36,15 +40,14 @@ import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.Network; -import com.cloud.network.rules.FirewallRule; import com.cloud.network.vpc.Vpc; import com.cloud.user.Account; import com.cloud.user.UserContext; import com.cloud.utils.net.NetUtils; @APICommand(name = "createNetworkACL", description = "Creates a ACL rule the given network (the network has to belong to VPC)", -responseObject = NetworkACLResponse.class) -public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallRule { +responseObject = NetworkACLItemResponse.class) +public class CreateNetworkACLCmd extends BaseAsyncCreateCmd { public static final Logger s_logger = Logger.getLogger(CreateNetworkACLCmd.class.getName()); private static final String s_name = "createnetworkaclresponse"; @@ -74,10 +77,13 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR private Integer icmpCode; @Parameter(name=ApiConstants.NETWORK_ID, type=CommandType.UUID, entityType = NetworkResponse.class, - required=true, description="The network of the vm the ACL will be created for") private Long networkId; + @Parameter(name=ApiConstants.ACL_ID, type=CommandType.UUID, entityType = NetworkACLResponse.class, + description="The network of the vm the ACL will be created for") + private Long aclId; + @Parameter(name=ApiConstants.TRAFFIC_TYPE, type=CommandType.STRING, description="the traffic type for the ACL," + "can be Ingress or Egress, defaulted to Ingress if not specified") private String trafficType; @@ -90,7 +96,6 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR return null; } - @Override public String getProtocol() { return protocol.trim(); } @@ -106,25 +111,34 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR } public long getVpcId() { - Network network = _networkService.getNetwork(getNetworkId()); - if (network == null) { - throw new InvalidParameterValueException("Invalid networkId is given"); + Long vpcId = null; + + if(getACLId() != null){ + NetworkACL acl = _networkACLService.getNetworkACL(getACLId()); + if(acl == null){ + throw new InvalidParameterValueException("Invalid aclId is given"); + } + vpcId = acl.getVpcId(); + } else if(getNetworkId() != null){ + Network network = _networkService.getNetwork(getNetworkId()); + if (network == null) { + throw new InvalidParameterValueException("Invalid networkId is given"); + } + vpcId = network.getVpcId(); } - Long vpcId = network.getVpcId(); if (vpcId == null) { - throw new InvalidParameterValueException("Can create network ACL only for the network belonging to the VPC"); + throw new InvalidParameterValueException("Can create network ACL only for the ACL belonging to the VPC"); } return vpcId; } - @Override - public FirewallRule.TrafficType getTrafficType() { + public NetworkACLItem.TrafficType getTrafficType() { if (trafficType == null) { - return FirewallRule.TrafficType.Ingress; + return NetworkACLItem.TrafficType.Ingress; } - for (FirewallRule.TrafficType type : FirewallRule.TrafficType.values()) { + for (NetworkACLItem.TrafficType type : NetworkACLItem.TrafficType.values()) { if (type.toString().equalsIgnoreCase(trafficType)) { return type; } @@ -149,13 +163,13 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR public void execute() throws ResourceUnavailableException { UserContext callerContext = UserContext.current(); boolean success = false; - FirewallRule rule = _networkACLService.getNetworkACLItem(getEntityId()); + NetworkACLItem rule = _networkACLService.getNetworkACLItem(getEntityId()); try { UserContext.current().setEventDetails("Rule Id: " + getEntityId()); - success = _networkACLService.applyNetworkACLs(rule.getNetworkId(), callerContext.getCaller()); + success = _networkACLService.applyNetworkACLtoNetworks(rule.getACLId(), callerContext.getCaller()); // State is different after the rule is applied, so get new object here - NetworkACLResponse aclResponse = new NetworkACLResponse(); + NetworkACLItemResponse aclResponse = new NetworkACLItemResponse(); if (rule != null) { aclResponse = _responseGenerator.createNetworkACLItemResponse(rule); setResponseObject(aclResponse); @@ -163,36 +177,16 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR aclResponse.setResponseName(getCommandName()); } finally { if (!success || rule == null) { - _networkACLService.revokeNetworkACL(getEntityId(), true); + _networkACLService.revokeNetworkACLItem(getEntityId(), true); throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create network ACL"); } } } - @Override - public long getId() { - throw new UnsupportedOperationException("database id can only provided by VO objects"); - } - - @Override - public String getXid() { - // FIXME: We should allow for end user to specify Xid. - return null; - } - - - @Override - public String getUuid() { - // TODO Auto-generated method stub - return null; - } - - @Override public Long getSourceIpAddressId() { return null; } - @Override public Integer getSourcePortStart() { if (publicStartPort != null) { return publicStartPort.intValue(); @@ -200,7 +194,6 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR return null; } - @Override public Integer getSourcePortEnd() { if (publicEndPort == null) { if (publicStartPort != null) { @@ -213,18 +206,11 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR return null; } - @Override - public Purpose getPurpose() { - return Purpose.Firewall; - } - - @Override - public State getState() { + public NetworkACLItem.State getState() { throw new UnsupportedOperationException("Should never call me to find the state"); } - @Override - public long getNetworkId() { + public Long getNetworkId() { return networkId; } @@ -239,7 +225,6 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR return account.getId(); } - @Override public long getDomainId() { Vpc vpc = _vpcService.getVpc(getVpcId()); return vpc.getDomainId(); @@ -256,7 +241,7 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR } try { - FirewallRule result = _networkACLService.createNetworkACLItem(this); + NetworkACLItem result = _networkACLService.createNetworkACLItem(this); setEntityId(result.getId()); setEntityUuid(result.getUuid()); } catch (NetworkRuleConflictException ex) { @@ -268,16 +253,15 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR @Override public String getEventType() { - return EventTypes.EVENT_FIREWALL_OPEN; + return EventTypes.EVENT_NETWORK_ACL_ITEM_CREATE; } @Override public String getEventDescription() { - Network network = _networkService.getNetwork(networkId); - return ("Createing Network ACL for Netowrk: " + network + " for protocol:" + this.getProtocol()); + //Network network = _networkService.getNetwork(networkId); + return ("Creating Network ACL Item for protocol:" + this.getProtocol()); } - @Override public long getAccountId() { Vpc vpc = _vpcService.getVpc(getVpcId()); return vpc.getAccountId(); @@ -293,7 +277,6 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR return getNetworkId(); } - @Override public Integer getIcmpCode() { if (icmpCode != null) { return icmpCode; @@ -303,7 +286,6 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR return null; } - @Override public Integer getIcmpType() { if (icmpType != null) { return icmpType; @@ -314,14 +296,8 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR return null; } - @Override - public Long getRelated() { - return null; - } - - @Override - public FirewallRuleType getType() { - return FirewallRuleType.User; + public NetworkACLType getType() { + return NetworkACLType.User; } @Override @@ -329,4 +305,7 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR return AsyncJob.Type.FirewallRule; } + public Long getACLId() { + return aclId; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLListCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLListCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLListCmd.java index 9c71497..0cc460d 100644 --- a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLListCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLListCmd.java @@ -24,12 +24,12 @@ import com.cloud.network.vpc.Vpc; import com.cloud.user.Account; import com.cloud.user.UserContext; import org.apache.cloudstack.api.*; -import org.apache.cloudstack.api.response.NetworkACLListResponse; +import org.apache.cloudstack.api.response.NetworkACLResponse; import org.apache.cloudstack.api.response.VpcResponse; import org.apache.log4j.Logger; @APICommand(name = "createNetworkACLList", description = "Creates a Network ACL for the given VPC", -responseObject = NetworkACLListResponse.class) +responseObject = NetworkACLResponse.class) public class CreateNetworkACLListCmd extends BaseAsyncCreateCmd { public static final Logger s_logger = Logger.getLogger(CreateNetworkACLListCmd.class.getName()); @@ -86,7 +86,7 @@ public class CreateNetworkACLListCmd extends BaseAsyncCreateCmd { boolean success = false; NetworkACL acl = _networkACLService.getNetworkACL(getEntityId()); if(acl != null){ - NetworkACLListResponse aclResponse = _responseGenerator.createNetworkACLResponse(acl); + NetworkACLResponse aclResponse = _responseGenerator.createNetworkACLResponse(acl); setResponseObject(aclResponse); aclResponse.setResponseName(getCommandName()); } else { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkACLCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkACLCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkACLCmd.java index 272a129..2f88230 100644 --- a/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkACLCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkACLCmd.java @@ -16,6 +16,7 @@ // under the License. package org.apache.cloudstack.api.command.user.network; +import com.cloud.network.vpc.NetworkACLItem; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -80,11 +81,11 @@ public class DeleteNetworkACLCmd extends BaseAsyncCmd { @Override public long getEntityOwnerId() { if (ownerId == null) { - FirewallRule rule = _networkACLService.getNetworkACLItem(id); + NetworkACLItem rule = _networkACLService.getNetworkACLItem(id); if (rule == null) { throw new InvalidParameterValueException("Unable to find network ACL by id=" + id); } else { - ownerId = rule.getAccountId(); + //ownerId = rule.getAccountId(); } } return ownerId; @@ -93,7 +94,7 @@ public class DeleteNetworkACLCmd extends BaseAsyncCmd { @Override public void execute() throws ResourceUnavailableException { UserContext.current().setEventDetails("Network ACL Id: " + id); - boolean result = _networkACLService.revokeNetworkACL(id, true); + boolean result = _networkACLService.revokeNetworkACLItem(id, true); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkACLListCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkACLListCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkACLListCmd.java index f502475..42ecd8d 100644 --- a/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkACLListCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkACLListCmd.java @@ -27,7 +27,7 @@ import com.cloud.user.UserContext; import org.apache.cloudstack.api.*; import org.apache.cloudstack.api.response.AccountResponse; import org.apache.cloudstack.api.response.FirewallRuleResponse; -import org.apache.cloudstack.api.response.NetworkACLListResponse; +import org.apache.cloudstack.api.response.NetworkACLResponse; import org.apache.cloudstack.api.response.SuccessResponse; import org.apache.log4j.Logger; @@ -40,7 +40,7 @@ public class DeleteNetworkACLListCmd extends BaseAsyncCmd { //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// - @Parameter(name=ApiConstants.ID, type=CommandType.UUID, entityType = NetworkACLListResponse.class, + @Parameter(name=ApiConstants.ID, type=CommandType.UUID, entityType = NetworkACLResponse.class, required=true, description="the ID of the network ACL") private Long id; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/org/apache/cloudstack/api/command/user/network/ListNetworkACLListsCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/network/ListNetworkACLListsCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/ListNetworkACLListsCmd.java index b043eed..55d6147 100644 --- a/api/src/org/apache/cloudstack/api/command/user/network/ListNetworkACLListsCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/network/ListNetworkACLListsCmd.java @@ -23,13 +23,15 @@ import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseListTaggedResourcesCmd; import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.response.*; +import org.apache.cloudstack.api.response.ListResponse; +import org.apache.cloudstack.api.response.NetworkACLResponse; +import org.apache.cloudstack.api.response.NetworkResponse; import org.apache.log4j.Logger; import java.util.ArrayList; import java.util.List; -@APICommand(name = "listNetworkACLLists", description="Lists all network ACLs", responseObject=NetworkACLListResponse.class) +@APICommand(name = "listNetworkACLLists", description="Lists all network ACLs", responseObject=NetworkACLResponse.class) public class ListNetworkACLListsCmd extends BaseListTaggedResourcesCmd { public static final Logger s_logger = Logger.getLogger(ListNetworkACLListsCmd.class.getName()); @@ -70,11 +72,11 @@ public class ListNetworkACLListsCmd extends BaseListTaggedResourcesCmd { @Override public void execute(){ Pair,Integer> result = _networkACLService.listNetworkACLs(this); - ListResponse response = new ListResponse(); - List aclResponses = new ArrayList(); + ListResponse response = new ListResponse(); + List aclResponses = new ArrayList(); for (NetworkACL acl : result.first()) { - NetworkACLListResponse aclResponse = _responseGenerator.createNetworkACLResponse(acl); + NetworkACLResponse aclResponse = _responseGenerator.createNetworkACLResponse(acl); aclResponses.add(aclResponse); } response.setResponses(aclResponses, result.second()); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/org/apache/cloudstack/api/command/user/network/ListNetworkACLsCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/network/ListNetworkACLsCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/ListNetworkACLsCmd.java index 93842d5..53e19d7 100644 --- a/api/src/org/apache/cloudstack/api/command/user/network/ListNetworkACLsCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/network/ListNetworkACLsCmd.java @@ -19,20 +19,21 @@ package org.apache.cloudstack.api.command.user.network; import java.util.ArrayList; import java.util.List; +import com.cloud.network.vpc.NetworkACLItem; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseListTaggedResourcesCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.response.FirewallRuleResponse; import org.apache.cloudstack.api.response.ListResponse; -import org.apache.cloudstack.api.response.NetworkACLResponse; +import org.apache.cloudstack.api.response.NetworkACLItemResponse; import org.apache.cloudstack.api.response.NetworkResponse; import org.apache.log4j.Logger; import com.cloud.network.rules.FirewallRule; import com.cloud.utils.Pair; -@APICommand(name = "listNetworkACLs", description="Lists all network ACLs", responseObject=NetworkACLResponse.class) +@APICommand(name = "listNetworkACLs", description="Lists all network ACL items", responseObject=NetworkACLItemResponse.class) public class ListNetworkACLsCmd extends BaseListTaggedResourcesCmd { public static final Logger s_logger = Logger.getLogger(ListNetworkACLsCmd.class.getName()); @@ -79,12 +80,12 @@ public class ListNetworkACLsCmd extends BaseListTaggedResourcesCmd { @Override public void execute(){ - Pair,Integer> result = _networkACLService.listNetworkACLItems(this); - ListResponse response = new ListResponse(); - List aclResponses = new ArrayList(); + Pair,Integer> result = _networkACLService.listNetworkACLItems(this); + ListResponse response = new ListResponse(); + List aclResponses = new ArrayList(); - for (FirewallRule acl : result.first()) { - NetworkACLResponse ruleData = _responseGenerator.createNetworkACLItemResponse(acl); + for (NetworkACLItem acl : result.first()) { + NetworkACLItemResponse ruleData = _responseGenerator.createNetworkACLItemResponse(acl); aclResponses.add(ruleData); } response.setResponses(aclResponses, result.second()); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/org/apache/cloudstack/api/command/user/network/ReplaceNetworkACLListCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/network/ReplaceNetworkACLListCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/ReplaceNetworkACLListCmd.java new file mode 100644 index 0000000..78e0b1a --- /dev/null +++ b/api/src/org/apache/cloudstack/api/command/user/network/ReplaceNetworkACLListCmd.java @@ -0,0 +1,107 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package org.apache.cloudstack.api.command.user.network; + +import com.cloud.event.EventTypes; +import com.cloud.exception.InvalidParameterValueException; +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.vpc.NetworkACL; +import com.cloud.network.vpc.Vpc; +import com.cloud.user.UserContext; +import org.apache.cloudstack.api.*; +import org.apache.cloudstack.api.response.NetworkACLResponse; +import org.apache.cloudstack.api.response.NetworkResponse; +import org.apache.cloudstack.api.response.SuccessResponse; +import org.apache.log4j.Logger; + +@APICommand(name = "replaceNetworkACLList", description="Replaces ACL associated with a Network", responseObject=SuccessResponse.class) +public class ReplaceNetworkACLListCmd extends BaseAsyncCmd { + public static final Logger s_logger = Logger.getLogger(ReplaceNetworkACLListCmd.class.getName()); + private static final String s_name = "replacenetworkacllistresponse"; + + ///////////////////////////////////////////////////// + //////////////// API parameters ///////////////////// + ///////////////////////////////////////////////////// + + @Parameter(name=ApiConstants.ACL_ID, type=CommandType.UUID, entityType = NetworkACLResponse.class, + required=true, description="the ID of the network ACL") + private long aclId; + + @Parameter(name=ApiConstants.NETWORK_ID, type=CommandType.UUID, entityType = NetworkResponse.class, + required=true, description="the ID of the network") + private long networkId; + + ///////////////////////////////////////////////////// + /////////////////// Accessors /////////////////////// + ///////////////////////////////////////////////////// + + public long getAclId() { + return aclId; + } + + public long getNetworkId(){ + return networkId; + } + + ///////////////////////////////////////////////////// + /////////////// API Implementation/////////////////// + ///////////////////////////////////////////////////// + @Override + public String getCommandName() { + return s_name; + } + + @Override + public String getEventType() { + return EventTypes.EVENT_NETWORK_ACL_REPLACE; + } + + @Override + public String getEventDescription() { + return ("Associating Network ACL id=" + aclId+ " with Network id="+ networkId); + } + + @Override + public long getEntityOwnerId() { + NetworkACL acl = _networkACLService.getNetworkACL(aclId); + if (acl == null) { + throw new InvalidParameterValueException("Unable to find network ACL by id=" + aclId); + } else { + long vpcId = acl.getVpcId(); + Vpc vpc = _vpcService.getVpc(vpcId); + if(vpc != null){ + return vpc.getAccountId(); + } else { + throw new InvalidParameterValueException("Unable to find VPC associated with network ACL by id=" + aclId); + } + } + } + + @Override + public void execute() throws ResourceUnavailableException { + UserContext.current().setEventDetails("Network ACL Id: " + aclId); + boolean result = _networkACLService.replaceNetworkACL(aclId, networkId); + + if (result) { + SuccessResponse response = new SuccessResponse(getCommandName()); + this.setResponseObject(response); + } else { + throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to replace network ACL"); + } + } +} + http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/org/apache/cloudstack/api/response/NetworkACLItemResponse.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/response/NetworkACLItemResponse.java b/api/src/org/apache/cloudstack/api/response/NetworkACLItemResponse.java new file mode 100644 index 0000000..d40acbf --- /dev/null +++ b/api/src/org/apache/cloudstack/api/response/NetworkACLItemResponse.java @@ -0,0 +1,106 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package org.apache.cloudstack.api.response; + +import java.util.List; + +import org.apache.cloudstack.api.ApiConstants; +import org.apache.cloudstack.api.BaseResponse; + +import com.cloud.serializer.Param; +import com.google.gson.annotations.SerializedName; + +@SuppressWarnings("unused") +public class NetworkACLItemResponse extends BaseResponse { + @SerializedName(ApiConstants.ID) @Param(description="the ID of the ACL Item") + private String id; + + @SerializedName(ApiConstants.PROTOCOL) @Param(description="the protocol of the ACL") + private String protocol; + + @SerializedName(ApiConstants.START_PORT) @Param(description="the starting port of ACL's port range") + private String startPort; + + @SerializedName(ApiConstants.END_PORT) @Param(description = "the ending port of ACL's port range") + private String endPort; + + @SerializedName(ApiConstants.TRAFFIC_TYPE) @Param(description="the traffic type for the ACL") + private String trafficType; + + @SerializedName(ApiConstants.STATE) @Param(description="the state of the rule") + private String state; + + @SerializedName(ApiConstants.CIDR_LIST) @Param(description="the cidr list to forward traffic from") + private String cidrList; + + @SerializedName(ApiConstants.ICMP_TYPE) @Param(description= "type of the icmp message being sent") + private Integer icmpType; + + @SerializedName(ApiConstants.ICMP_CODE) @Param(description = "error code for this icmp message") + private Integer icmpCode; + + @SerializedName(ApiConstants.TAGS) @Param(description="the list of resource tags associated with the network ACLs", + responseObject = ResourceTagResponse.class) + private List tags; + + @SerializedName(ApiConstants.ACL_ID) @Param(description="the ID of the ACL this item belongs to") + private String aclId; + + public void setId(String id) { + this.id = id; + } + + public void setProtocol(String protocol) { + this.protocol = protocol; + } + + public void setStartPort(String startPort) { + this.startPort = startPort; + } + + public void setEndPort(String endPort) { + this.endPort = endPort; + } + + public void setState(String state) { + this.state = state; + } + + public void setCidrList(String cidrList) { + this.cidrList = cidrList; + } + + public void setIcmpType(Integer icmpType) { + this.icmpType = icmpType; + } + + public void setIcmpCode(Integer icmpCode) { + this.icmpCode = icmpCode; + } + + public void setTrafficType(String trafficType) { + this.trafficType = trafficType; + } + + public void setTags(List tags) { + this.tags = tags; + } + + public void setAclId(String aclId) { + this.aclId = aclId; + } +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/org/apache/cloudstack/api/response/NetworkACLListResponse.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/response/NetworkACLListResponse.java b/api/src/org/apache/cloudstack/api/response/NetworkACLListResponse.java deleted file mode 100644 index 3487851..0000000 --- a/api/src/org/apache/cloudstack/api/response/NetworkACLListResponse.java +++ /dev/null @@ -1,57 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.response; - -import com.cloud.network.vpc.NetworkACL; -import com.cloud.serializer.Param; -import com.google.gson.annotations.SerializedName; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.BaseResponse; -import org.apache.cloudstack.api.EntityReference; - -import java.util.List; - -@EntityReference(value = NetworkACL.class) -public class NetworkACLListResponse extends BaseResponse { - @SerializedName(ApiConstants.ID) @Param(description="the ID of the ACL") - private String id; - - @SerializedName(ApiConstants.NAME) @Param(description="the Name of the ACL") - private String name; - - @SerializedName(ApiConstants.DESCRIPTION) @Param(description="Description of the ACL") - private String description; - - @SerializedName(ApiConstants.VPC_ID) @Param(description="Id of the VPC this ACL is associated with") - private String vpcId; - - public void setId(String id) { - this.id = id; - } - - public void setName(String name) { - this.name = name; - } - - public void setDescription(String description) { - this.description = description; - } - - public void setVpcId(String vpcId) { - this.vpcId = vpcId; - } -} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/api/src/org/apache/cloudstack/api/response/NetworkACLResponse.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/response/NetworkACLResponse.java b/api/src/org/apache/cloudstack/api/response/NetworkACLResponse.java index b45b43c..12ca38b 100644 --- a/api/src/org/apache/cloudstack/api/response/NetworkACLResponse.java +++ b/api/src/org/apache/cloudstack/api/response/NetworkACLResponse.java @@ -16,84 +16,42 @@ // under the License. package org.apache.cloudstack.api.response; -import java.util.List; - +import com.cloud.network.vpc.NetworkACL; +import com.cloud.serializer.Param; +import com.google.gson.annotations.SerializedName; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseResponse; +import org.apache.cloudstack.api.EntityReference; -import com.cloud.serializer.Param; -import com.google.gson.annotations.SerializedName; +import java.util.List; -@SuppressWarnings("unused") +@EntityReference(value = NetworkACL.class) public class NetworkACLResponse extends BaseResponse { @SerializedName(ApiConstants.ID) @Param(description="the ID of the ACL") private String id; - @SerializedName(ApiConstants.PROTOCOL) @Param(description="the protocol of the ACL") - private String protocol; - - @SerializedName(ApiConstants.START_PORT) @Param(description="the starting port of ACL's port range") - private String startPort; - - @SerializedName(ApiConstants.END_PORT) @Param(description = "the ending port of ACL's port range") - private String endPort; - - @SerializedName(ApiConstants.TRAFFIC_TYPE) @Param(description="the traffic type for the ACL") - private String trafficType; - - @SerializedName(ApiConstants.STATE) @Param(description="the state of the rule") - private String state; - - @SerializedName(ApiConstants.CIDR_LIST) @Param(description="the cidr list to forward traffic from") - private String cidrList; - - @SerializedName(ApiConstants.ICMP_TYPE) @Param(description= "type of the icmp message being sent") - private Integer icmpType; + @SerializedName(ApiConstants.NAME) @Param(description="the Name of the ACL") + private String name; - @SerializedName(ApiConstants.ICMP_CODE) @Param(description = "error code for this icmp message") - private Integer icmpCode; + @SerializedName(ApiConstants.DESCRIPTION) @Param(description="Description of the ACL") + private String description; - @SerializedName(ApiConstants.TAGS) @Param(description="the list of resource tags associated with the network ACLs", - responseObject = ResourceTagResponse.class) - private List tags; + @SerializedName(ApiConstants.VPC_ID) @Param(description="Id of the VPC this ACL is associated with") + private String vpcId; public void setId(String id) { this.id = id; } - public void setProtocol(String protocol) { - this.protocol = protocol; - } - - public void setStartPort(String startPort) { - this.startPort = startPort; - } - - public void setEndPort(String endPort) { - this.endPort = endPort; - } - - public void setState(String state) { - this.state = state; - } - - public void setCidrList(String cidrList) { - this.cidrList = cidrList; - } - - public void setIcmpType(Integer icmpType) { - this.icmpType = icmpType; - } - - public void setIcmpCode(Integer icmpCode) { - this.icmpCode = icmpCode; + public void setName(String name) { + this.name = name; } - public void setTrafficType(String trafficType) { - this.trafficType = trafficType; + public void setDescription(String description) { + this.description = description; } - public void setTags(List tags) { - this.tags = tags; + public void setVpcId(String vpcId) { + this.vpcId = vpcId; } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/client/tomcatconf/applicationContext.xml.in ---------------------------------------------------------------------- diff --git a/client/tomcatconf/applicationContext.xml.in b/client/tomcatconf/applicationContext.xml.in index 6154f5b..b9df70e 100644 --- a/client/tomcatconf/applicationContext.xml.in +++ b/client/tomcatconf/applicationContext.xml.in @@ -247,6 +247,7 @@ + http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/client/tomcatconf/commands.properties.in ---------------------------------------------------------------------- diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in index e93e686..bd1c7af 100644 --- a/client/tomcatconf/commands.properties.in +++ b/client/tomcatconf/commands.properties.in @@ -434,6 +434,7 @@ deleteNetworkACL=15 listNetworkACLs=15 createNetworkACLList=15 deleteNetworkACLList=15 +replaceNetworkACLList=15 listNetworkACLLists=15 http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/server/src/com/cloud/api/ApiDBUtils.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java index e291c84..c16c3e6 100755 --- a/server/src/com/cloud/api/ApiDBUtils.java +++ b/server/src/com/cloud/api/ApiDBUtils.java @@ -26,6 +26,18 @@ import javax.annotation.PostConstruct; import javax.inject.Inject; import com.cloud.network.rules.LoadBalancer; +import com.cloud.network.vpc.NetworkACL; +import com.cloud.network.vpc.StaticRouteVO; +import com.cloud.network.vpc.VpcGatewayVO; +import com.cloud.network.vpc.VpcManager; +import com.cloud.network.vpc.VpcOffering; +import com.cloud.network.vpc.VpcProvisioningService; +import com.cloud.network.vpc.VpcVO; +import com.cloud.network.vpc.dao.NetworkACLDao; +import com.cloud.network.vpc.dao.StaticRouteDao; +import com.cloud.network.vpc.dao.VpcDao; +import com.cloud.network.vpc.dao.VpcGatewayDao; +import com.cloud.network.vpc.dao.VpcOfferingDao; import com.cloud.region.ha.GlobalLoadBalancingRulesService; import org.apache.cloudstack.affinity.AffinityGroup; import org.apache.cloudstack.affinity.AffinityGroupResponse; @@ -183,16 +195,6 @@ import com.cloud.network.security.SecurityGroup; import com.cloud.network.security.SecurityGroupManager; import com.cloud.network.security.SecurityGroupVO; import com.cloud.network.security.dao.SecurityGroupDao; -import com.cloud.network.vpc.StaticRouteVO; -import com.cloud.network.vpc.VpcGatewayVO; -import com.cloud.network.vpc.VpcManager; -import com.cloud.network.vpc.VpcOffering; -import com.cloud.network.vpc.VpcProvisioningService; -import com.cloud.network.vpc.VpcVO; -import com.cloud.network.vpc.dao.StaticRouteDao; -import com.cloud.network.vpc.dao.VpcDao; -import com.cloud.network.vpc.dao.VpcGatewayDao; -import com.cloud.network.vpc.dao.VpcOfferingDao; import com.cloud.offering.DiskOffering; import com.cloud.offering.NetworkOffering; import com.cloud.offering.ServiceOffering; @@ -391,6 +393,7 @@ public class ApiDBUtils { static AffinityGroupDao _affinityGroupDao; static AffinityGroupJoinDao _affinityGroupJoinDao; static GlobalLoadBalancingRulesService _gslbService; + static NetworkACLDao _networkACLDao; @Inject private ManagementServer ms; @Inject public AsyncJobManager asyncMgr; @@ -498,6 +501,7 @@ public class ApiDBUtils { @Inject private AffinityGroupDao affinityGroupDao; @Inject private AffinityGroupJoinDao affinityGroupJoinDao; @Inject private GlobalLoadBalancingRulesService gslbService; + @Inject private NetworkACLDao networkACLDao; @PostConstruct void init() { @@ -606,6 +610,7 @@ public class ApiDBUtils { _gslbService = gslbService; // Note: stats collector should already have been initialized by this time, otherwise a null instance is returned _statsCollector = StatsCollector.getInstance(); + _networkACLDao = networkACLDao; } // /////////////////////////////////////////////////////////// @@ -1272,6 +1277,9 @@ public class ApiDBUtils { return _vpcOfferingDao.findById(offeringId); } + public static NetworkACL findByNetworkACLId(long aclId){ + return _networkACLDao.findById(aclId); + } public static AsyncJob findAsyncJobById(long jobId){ return _asyncJobDao.findById(jobId); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/server/src/com/cloud/api/ApiResponseHelper.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index 97e82ec..0524aa3 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -34,6 +34,12 @@ import java.util.TimeZone; import javax.inject.Inject; +import com.cloud.network.vpc.NetworkACL; +import com.cloud.network.vpc.NetworkACLItem; +import com.cloud.network.vpc.PrivateGateway; +import com.cloud.network.vpc.StaticRoute; +import com.cloud.network.vpc.Vpc; +import com.cloud.network.vpc.VpcOffering; import com.cloud.vm.*; import com.cloud.network.vpc.NetworkACL; import com.cloud.network.vpc.PrivateGateway; @@ -82,7 +88,7 @@ import org.apache.cloudstack.api.response.LBStickinessPolicyResponse; import org.apache.cloudstack.api.response.LBStickinessResponse; import org.apache.cloudstack.api.response.LDAPConfigResponse; import org.apache.cloudstack.api.response.LoadBalancerResponse; -import org.apache.cloudstack.api.response.NetworkACLListResponse; +import org.apache.cloudstack.api.response.NetworkACLItemResponse; import org.apache.cloudstack.api.response.NetworkACLResponse; import org.apache.cloudstack.api.response.NetworkOfferingResponse; import org.apache.cloudstack.api.response.NetworkResponse; @@ -2548,8 +2554,8 @@ public class ApiResponseHelper implements ResponseGenerator { } @Override - public NetworkACLResponse createNetworkACLItemResponse(FirewallRule networkACL) { - NetworkACLResponse response = new NetworkACLResponse(); + public NetworkACLItemResponse createNetworkACLItemResponse(NetworkACLItem networkACL) { + NetworkACLItemResponse response = new NetworkACLItemResponse(); response.setId(networkACL.getUuid()); response.setProtocol(networkACL.getProtocol()); @@ -2566,9 +2572,9 @@ public class ApiResponseHelper implements ResponseGenerator { response.setTrafficType(networkACL.getTrafficType().toString()); - FirewallRule.State state = networkACL.getState(); + NetworkACLItem.State state = networkACL.getState(); String stateToSet = state.toString(); - if (state.equals(FirewallRule.State.Revoke)) { + if (state.equals(NetworkACLItem.State.Revoke)) { stateToSet = "Deleting"; } @@ -2577,6 +2583,11 @@ public class ApiResponseHelper implements ResponseGenerator { response.setState(stateToSet); + NetworkACL acl = ApiDBUtils.findByNetworkACLId(networkACL.getACLId()); + if(acl != null){ + response.setAclId(acl.getUuid()); + } + //set tag information List tags = ApiDBUtils.listByResourceTypeAndId(TaggedResourceType.NetworkACL, networkACL.getId()); List tagResponses = new ArrayList(); @@ -3718,8 +3729,8 @@ public class ApiResponseHelper implements ResponseGenerator { } } - public NetworkACLListResponse createNetworkACLResponse(NetworkACL networkACL) { - NetworkACLListResponse response = new NetworkACLListResponse(); + public NetworkACLResponse createNetworkACLResponse(NetworkACL networkACL) { + NetworkACLResponse response = new NetworkACLResponse(); response.setId(networkACL.getUuid()); response.setName(networkACL.getName()); response.setDescription(networkACL.getDescription()); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/server/src/com/cloud/network/NetworkManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 5179e87..f2815d2 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -2636,7 +2636,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L } //apply network ACLs - if (!_networkACLMgr.applyNetworkACLs(networkId, caller)) { + if (!_networkACLMgr.applyNetworkACL(networkId, caller)) { s_logger.warn("Failed to reapply network ACLs as a part of of network id=" + networkId + " restart"); success = false; } @@ -3107,7 +3107,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L //revoke all network ACLs for network try { - if (_networkACLMgr.revokeAllNetworkACLsForNetwork(networkId, callerUserId, caller)) { + if (_networkACLMgr.revokeACLItemsForNetwork(networkId, callerUserId, caller)) { s_logger.debug("Successfully cleaned up NetworkACLs for network id=" + networkId); } else { success = false; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/server/src/com/cloud/network/dao/NetworkDao.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/dao/NetworkDao.java b/server/src/com/cloud/network/dao/NetworkDao.java index 1d3f0b8..43cabe7 100644 --- a/server/src/com/cloud/network/dao/NetworkDao.java +++ b/server/src/com/cloud/network/dao/NetworkDao.java @@ -111,4 +111,6 @@ public interface NetworkDao extends GenericDao , StateDao listNetworksByAccount(long accountId, long zoneId, Network.GuestType type, boolean isSystem); List listRedundantNetworks(); + + List listByAclId(long aclId); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/server/src/com/cloud/network/dao/NetworkDaoImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/dao/NetworkDaoImpl.java b/server/src/com/cloud/network/dao/NetworkDaoImpl.java index 1bc8973..5b3b526 100644 --- a/server/src/com/cloud/network/dao/NetworkDaoImpl.java +++ b/server/src/com/cloud/network/dao/NetworkDaoImpl.java @@ -104,6 +104,7 @@ public class NetworkDaoImpl extends GenericDaoBase implements N AllFieldsSearch.and("physicalNetwork", AllFieldsSearch.entity().getPhysicalNetworkId(), Op.EQ); AllFieldsSearch.and("broadcastUri", AllFieldsSearch.entity().getBroadcastUri(), Op.EQ); AllFieldsSearch.and("vpcId", AllFieldsSearch.entity().getVpcId(), Op.EQ); + AllFieldsSearch.and("aclId", AllFieldsSearch.entity().getNetworkACLId(), Op.EQ); SearchBuilder join1 = _ntwkOffDao.createSearchBuilder(); join1.and("isSystem", join1.entity().isSystemOnly(), Op.EQ); join1.and("isRedundant", join1.entity().getRedundantRouter(), Op.EQ); @@ -618,4 +619,12 @@ public class NetworkDaoImpl extends GenericDaoBase implements N sc.setJoinParameters("offerings", "isRedundant", true); return listBy(sc, null); } + + @Override + public List listByAclId(long aclId) { + SearchCriteria sc = AllFieldsSearch.create(); + sc.setParameters("aclId", aclId); + + return listBy(sc, null); + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/server/src/com/cloud/network/dao/NetworkVO.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/dao/NetworkVO.java b/server/src/com/cloud/network/dao/NetworkVO.java index 77b40c8..664bc77 100644 --- a/server/src/com/cloud/network/dao/NetworkVO.java +++ b/server/src/com/cloud/network/dao/NetworkVO.java @@ -163,6 +163,9 @@ public class NetworkVO implements Network { @Column(name="ip6_cidr") String ip6Cidr; + @Column(name="network_acl_id") + Long networkACLId; + public NetworkVO() { this.uuid = UUID.randomUUID().toString(); } @@ -540,4 +543,13 @@ public class NetworkVO implements Network { public void setIp6Gateway(String ip6Gateway) { this.ip6Gateway = ip6Gateway; } + + public void setNetworkACLId(Long networkACLId) { + this.networkACLId = networkACLId; + } + + @Override + public Long getNetworkACLId() { + return networkACLId; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/server/src/com/cloud/network/element/VpcVirtualRouterElement.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java index 0844369..8b0c58a 100644 --- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java @@ -25,6 +25,7 @@ import java.util.Set; import javax.ejb.Local; import javax.inject.Inject; +import com.cloud.network.vpc.*; import org.apache.log4j.Logger; import com.cloud.dc.DataCenter; @@ -48,11 +49,6 @@ import com.cloud.network.router.VirtualRouter; import com.cloud.network.router.VirtualRouter.Role; import com.cloud.network.router.VpcVirtualNetworkApplianceManager; import com.cloud.network.rules.FirewallRule; -import com.cloud.network.vpc.PrivateGateway; -import com.cloud.network.vpc.StaticRouteProfile; -import com.cloud.network.vpc.Vpc; -import com.cloud.network.vpc.VpcGateway; -import com.cloud.network.vpc.VpcManager; import com.cloud.offering.NetworkOffering; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.vm.DomainRouterVO; @@ -390,7 +386,7 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc } @Override - public boolean applyNetworkACLs(Network config, List rules) throws ResourceUnavailableException { + public boolean applyNetworkACLs(Network config, List rules) throws ResourceUnavailableException { if (canHandle(config, Service.NetworkACL)) { List routers = _routerDao.listByNetworkAndRole(config.getId(), Role.VIRTUAL_ROUTER); if (routers == null || routers.isEmpty()) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/server/src/com/cloud/network/firewall/FirewallManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index 4ad8868..20a45de 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -574,7 +574,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, break; } break; - case NetworkACL: +/* case NetworkACL: for (NetworkACLServiceProvider element: _networkAclElements) { Network.Provider provider = element.getProvider(); boolean isAclProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.NetworkACL, provider); @@ -585,7 +585,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, if (handled) break; } - break; + break;*/ default: assert(false): "Unexpected fall through in applying rules to the network elements"; s_logger.error("FirewallManager cannot process rules of type " + purpose); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java index 76c8aa8..306b1a8 100644 --- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java +++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java @@ -25,10 +25,7 @@ import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.Network; import com.cloud.network.Site2SiteVpnConnection; import com.cloud.network.VpcVirtualNetworkApplianceService; -import com.cloud.network.rules.FirewallRule; -import com.cloud.network.vpc.PrivateGateway; -import com.cloud.network.vpc.StaticRouteProfile; -import com.cloud.network.vpc.Vpc; +import com.cloud.network.vpc.*; import com.cloud.user.Account; import com.cloud.vm.DomainRouterVO; import com.cloud.vm.VirtualMachineProfile.Param; @@ -57,7 +54,7 @@ public interface VpcVirtualNetworkApplianceManager extends VirtualNetworkApplian * @return * @throws ResourceUnavailableException */ - boolean applyNetworkACLs(Network network, List rules, List routers) + boolean applyNetworkACLs(Network network, List rules, List routers) throws ResourceUnavailableException; /** http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java index ebf2d42..1d901d9 100644 --- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java @@ -27,6 +27,7 @@ import java.util.TreeSet; import javax.ejb.Local; import javax.inject.Inject; +import com.cloud.network.vpc.*; import org.apache.log4j.Logger; import org.springframework.stereotype.Component; @@ -93,16 +94,6 @@ import com.cloud.network.dao.Site2SiteVpnGatewayVO; import com.cloud.network.rules.FirewallRule; import com.cloud.network.rules.FirewallRule.Purpose; import com.cloud.network.rules.FirewallRuleVO; -import com.cloud.network.vpc.NetworkACLManager; -import com.cloud.network.vpc.PrivateGateway; -import com.cloud.network.vpc.PrivateIpAddress; -import com.cloud.network.vpc.PrivateIpVO; -import com.cloud.network.vpc.StaticRoute; -import com.cloud.network.vpc.StaticRouteProfile; -import com.cloud.network.vpc.Vpc; -import com.cloud.network.vpc.VpcGateway; -import com.cloud.network.vpc.VpcManager; -import com.cloud.network.vpc.VpcVO; import com.cloud.network.vpc.dao.PrivateIpDao; import com.cloud.network.vpc.dao.StaticRouteDao; import com.cloud.network.vpc.dao.VpcDao; @@ -704,7 +695,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian } @Override - public boolean applyNetworkACLs(Network network, final List rules, List routers) + public boolean applyNetworkACLs(Network network, final List rules, List routers) throws ResourceUnavailableException { if (rules == null || rules.isEmpty()) { s_logger.debug("No network ACLs to be applied for network " + network.getId()); @@ -719,14 +710,14 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian } - protected boolean sendNetworkACLs(VirtualRouter router, List rules, long guestNetworkId) + protected boolean sendNetworkACLs(VirtualRouter router, List rules, long guestNetworkId) throws ResourceUnavailableException { Commands cmds = new Commands(OnError.Continue); createNetworkACLsCommands(rules, router, cmds, guestNetworkId); return sendCommandsToRouter(router, cmds); } - private void createNetworkACLsCommands(List rules, VirtualRouter router, Commands cmds, + private void createNetworkACLsCommands(List rules, VirtualRouter router, Commands cmds, long guestNetworkId) { List rulesTO = null; String guestVlan = null; @@ -739,11 +730,11 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian if (rules != null) { rulesTO = new ArrayList(); - for (FirewallRule rule : rules) { - if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) { - _firewallDao.loadSourceCidrs((FirewallRuleVO)rule); - } - NetworkACLTO ruleTO = new NetworkACLTO(rule, guestVlan, rule.getTrafficType()); + for (NetworkACLItem rule : rules) { +// if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) { +// _firewallDao.loadSourceCidrs((FirewallRuleVO)rule); +// } + NetworkACLTO ruleTO = new NetworkACLTO((NetworkACLItemVO)rule, guestVlan, rule.getTrafficType()); rulesTO.add(ruleTO); } } @@ -929,7 +920,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian if (router.getVpcId() != null) { if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.NetworkACL, Provider.VPCVirtualRouter)) { - List networkACLs = _networkACLMgr.listNetworkACLs(guestNetworkId); + List networkACLs = _networkACLMgr.listNetworkACLItems(guestNetworkId); s_logger.debug("Found " + networkACLs.size() + " network ACLs to apply as a part of VPC VR " + router + " start for guest network id=" + guestNetworkId); if (!networkACLs.isEmpty()) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/604754d1/server/src/com/cloud/network/vpc/NetworkACLItemDao.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/NetworkACLItemDao.java b/server/src/com/cloud/network/vpc/NetworkACLItemDao.java new file mode 100644 index 0000000..739aa8c --- /dev/null +++ b/server/src/com/cloud/network/vpc/NetworkACLItemDao.java @@ -0,0 +1,44 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.vpc; + +import com.cloud.utils.db.GenericDao; + +import java.util.List; + +/* + * Data Access Object for network_acl_item table + */ +public interface NetworkACLItemDao extends GenericDao { + + List listByACLAndNotRevoked(long aclId); + + boolean setStateToAdd(NetworkACLItemVO rule); + + boolean revoke(NetworkACLItemVO rule); + + boolean releasePorts(long ipAddressId, String protocol, int[] ports); + + List listByACL(long aclId); + + List listSystemRules(); + + List listByACLTrafficTypeAndNotRevoked(long aclId, NetworkACLItemVO.TrafficType trafficType); + List listByACLTrafficType(long aclId, NetworkACLItemVO.TrafficType trafficType); + + void loadSourceCidrs(NetworkACLItemVO rule); +}