Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DD5B711BB3 for ; Fri, 21 Feb 2014 19:06:26 +0000 (UTC) Received: (qmail 40423 invoked by uid 500); 21 Feb 2014 19:06:26 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 40375 invoked by uid 500); 21 Feb 2014 19:06:26 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 40368 invoked by uid 99); 21 Feb 2014 19:06:25 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Feb 2014 19:06:25 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id AFBF582EE09; Fri, 21 Feb 2014 19:06:25 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: alena1108@apache.org To: commits@cloudstack.apache.org Message-Id: <479da6def2be4976a89cd72829086bde@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: git commit: updated refs/heads/master to 27a790b Date: Fri, 21 Feb 2014 19:06:25 +0000 (UTC) Repository: cloudstack Updated Branches: refs/heads/master 8ec0190ee -> 27a790bdc DisplayFlag update support for PF/Firewall/EgressFirewall rules Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/27a790bd Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/27a790bd Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/27a790bd Branch: refs/heads/master Commit: 27a790bdc1d11713c532ebad62dd5bbae8a976d0 Parents: 8ec0190 Author: Alena Prokharchyk Authored: Fri Feb 21 11:06:52 2014 -0800 Committer: Alena Prokharchyk Committed: Fri Feb 21 11:06:52 2014 -0800 ---------------------------------------------------------------------- .../cloud/network/firewall/FirewallService.java | 2 +- .../com/cloud/network/rules/FirewallRule.java | 2 ++ .../com/cloud/network/rules/RulesService.java | 5 ++-- .../firewall/CreateEgressFirewallRuleCmd.java | 16 +++++++++-- .../user/firewall/CreateFirewallRuleCmd.java | 15 +++++++++-- .../firewall/CreatePortForwardingRuleCmd.java | 19 ++++++++++--- .../firewall/UpdateEgressFirewallRuleCmd.java | 10 ++++++- .../user/firewall/UpdateFirewallRuleCmd.java | 10 ++++++- .../firewall/UpdatePortForwardingRuleCmd.java | 10 ++++++- .../user/nat/CreateIpForwardingRuleCmd.java | 7 +++-- .../api/response/FirewallResponse.java | 12 +++++++-- .../api/response/FirewallRuleResponse.java | 12 +++++++-- .../cloud/network/rules/StaticNatRuleImpl.java | 6 +++++ .../com/cloud/network/rules/FirewallRuleVO.java | 12 +++++++++ server/src/com/cloud/api/ApiResponseHelper.java | 3 +++ .../network/firewall/FirewallManagerImpl.java | 28 +++++++++++++------- .../cloud/network/rules/RulesManagerImpl.java | 13 +++++++-- .../cloud/network/MockFirewallManagerImpl.java | 2 +- setup/db/db/schema-430to440.sql | 1 + 19 files changed, 153 insertions(+), 32 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/com/cloud/network/firewall/FirewallService.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/network/firewall/FirewallService.java b/api/src/com/cloud/network/firewall/FirewallService.java index 0e4f495..5ab7891 100644 --- a/api/src/com/cloud/network/firewall/FirewallService.java +++ b/api/src/com/cloud/network/firewall/FirewallService.java @@ -50,6 +50,6 @@ public interface FirewallService { boolean revokeRelatedFirewallRule(long ruleId, boolean apply); - FirewallRule updateFirewallRule(long ruleId, String customId); + FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/com/cloud/network/rules/FirewallRule.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/network/rules/FirewallRule.java b/api/src/com/cloud/network/rules/FirewallRule.java index 274242a..b02257b 100644 --- a/api/src/com/cloud/network/rules/FirewallRule.java +++ b/api/src/com/cloud/network/rules/FirewallRule.java @@ -87,4 +87,6 @@ public interface FirewallRule extends ControlledEntity, Identity, InternalIdenti */ TrafficType getTrafficType(); + boolean isDisplay(); + } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/com/cloud/network/rules/RulesService.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/network/rules/RulesService.java b/api/src/com/cloud/network/rules/RulesService.java index 1bd9cfe..2dd0182 100644 --- a/api/src/com/cloud/network/rules/RulesService.java +++ b/api/src/com/cloud/network/rules/RulesService.java @@ -41,11 +41,12 @@ public interface RulesService { * vm to be linked to. If specified the destination ip address is ignored. * @param openFirewall * TODO + * @param forDisplay TODO * @return PortForwardingRule if created. * @throws NetworkRuleConflictException * if conflicts in the network rules are detected. */ - PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Ip vmIp, boolean openFirewall) throws NetworkRuleConflictException; + PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Ip vmIp, boolean openFirewall, Boolean forDisplay) throws NetworkRuleConflictException; /** * Revokes a port forwarding rule @@ -80,6 +81,6 @@ public interface RulesService { boolean disableStaticNat(long ipId) throws ResourceUnavailableException, NetworkRuleConflictException, InsufficientAddressCapacityException; - PortForwardingRule updatePortForwardingRule(long id, String customId); + PortForwardingRule updatePortForwardingRule(long id, String customId, Boolean forDisplay); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java index 778a18b..22c8860 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java @@ -20,8 +20,7 @@ package org.apache.cloudstack.api.command.user.firewall; import java.util.ArrayList; import java.util.List; -import org.apache.log4j.Logger; - +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; import org.apache.cloudstack.api.ApiConstants; @@ -33,6 +32,7 @@ import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.FirewallResponse; import org.apache.cloudstack.api.response.NetworkResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.log4j.Logger; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; @@ -84,6 +84,9 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F @Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, description = "type of firewallrule: system/user") private String type; + @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin}) + private Boolean display; + // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// // /////////////////////////////////////////////////// @@ -341,4 +344,13 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F return null; } + @Override + public boolean isDisplay() { + if (display != null) { + return display; + } else { + return true; + } + } + } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java index 44aa26f..40a8fe6 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java @@ -19,8 +19,7 @@ package org.apache.cloudstack.api.command.user.firewall; import java.util.ArrayList; import java.util.List; -import org.apache.log4j.Logger; - +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; import org.apache.cloudstack.api.ApiConstants; @@ -32,6 +31,7 @@ import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.FirewallResponse; import org.apache.cloudstack.api.response.IPAddressResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.log4j.Logger; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; @@ -83,6 +83,9 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal @Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, description = "type of firewallrule: system/user") private String type; + @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin}) + private Boolean display; + // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// // /////////////////////////////////////////////////// @@ -333,4 +336,12 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal return FirewallRule.TrafficType.Ingress; } + @Override + public boolean isDisplay() { + if (display != null) { + return display; + } else { + return true; + } + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java index de82377..d441271 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java @@ -18,9 +18,7 @@ package org.apache.cloudstack.api.command.user.firewall; import java.util.List; -import com.cloud.utils.net.NetUtils; -import org.apache.log4j.Logger; - +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; import org.apache.cloudstack.api.ApiConstants; @@ -34,6 +32,7 @@ import org.apache.cloudstack.api.response.IPAddressResponse; import org.apache.cloudstack.api.response.NetworkResponse; import org.apache.cloudstack.api.response.UserVmResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.log4j.Logger; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; @@ -43,6 +42,7 @@ import com.cloud.network.IpAddress; import com.cloud.network.rules.PortForwardingRule; import com.cloud.user.Account; import com.cloud.utils.net.Ip; +import com.cloud.utils.net.NetUtils; @APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class) public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule { @@ -118,6 +118,9 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P description = "VM guest nic Secondary ip address for the port forwarding rule") private String vmSecondaryIp; + @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin}) + private Boolean display; + // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// // /////////////////////////////////////////////////// @@ -341,7 +344,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P } try { - PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, privateIp, getOpenFirewall()); + PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, privateIp, getOpenFirewall(), isDisplay()); setEntityId(result.getId()); setEntityUuid(result.getUuid()); } catch (NetworkRuleConflictException ex) { @@ -416,4 +419,12 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P return null; } + @Override + public boolean isDisplay() { + if (display != null) { + return display; + } else { + return true; + } + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java index 690afe5..43b9a61 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java @@ -17,6 +17,7 @@ package org.apache.cloudstack.api.command.user.firewall; +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseAsyncCustomIdCmd; @@ -50,6 +51,9 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd { @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false) private Long ownerId; + @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin}) + private Boolean display; + // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// // /////////////////////////////////////////////////// @@ -57,6 +61,10 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd { public Long getId() { return id; } + + public Boolean getDisplay() { + return display; + } // /////////////////////////////////////////////////// // ///////////// API Implementation/////////////////// // /////////////////////////////////////////////////// @@ -69,7 +77,7 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd { @Override public void execute() throws ResourceUnavailableException { CallContext.current().setEventDetails("Rule Id: " + id); - FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId()); + FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay()); FirewallResponse fwResponse = new FirewallResponse(); if (rule != null) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java index 3fa3b9e..f6411d0 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java @@ -17,6 +17,7 @@ package org.apache.cloudstack.api.command.user.firewall; +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseAsyncCustomIdCmd; @@ -50,6 +51,9 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd { @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false) private Long ownerId; + @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin}) + private Boolean display; + // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// // /////////////////////////////////////////////////// @@ -58,6 +62,10 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd { return id; } + public Boolean getDisplay() { + return display; + } + // /////////////////////////////////////////////////// // ///////////// API Implementation/////////////////// // /////////////////////////////////////////////////// @@ -70,7 +78,7 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd { @Override public void execute() throws ResourceUnavailableException { CallContext.current().setEventDetails("Rule Id: " + id); - FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId()); + FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay()); FirewallResponse fwResponse = new FirewallResponse(); if (rule != null) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java index a7bb7e3..f7ee86f 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java @@ -16,6 +16,7 @@ // under the License. package org.apache.cloudstack.api.command.user.firewall; +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseAsyncCmd; @@ -72,6 +73,9 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd { description = "the ID of the virtual machine for the port forwarding rule") private Long virtualMachineId; + @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin}) + private Boolean display; + ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -100,6 +104,10 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd { return virtualMachineId; } + public Boolean getDisplay() { + return display; + } + ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// @@ -139,7 +147,7 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd { @Override public void execute() { - PortForwardingRule rule = _rulesService.updatePortForwardingRule(id, this.getCustomId()); + PortForwardingRule rule = _rulesService.updatePortForwardingRule(id, this.getCustomId(), getDisplay()); FirewallRuleResponse fwResponse = new FirewallRuleResponse(); if (rule != null) { fwResponse = _responseGenerator.createPortForwardingRuleResponse(rule); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java index 0917d52..320375c 100644 --- a/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java @@ -18,8 +18,6 @@ package org.apache.cloudstack.api.command.user.nat; import java.util.List; -import org.apache.log4j.Logger; - import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; import org.apache.cloudstack.api.ApiConstants; @@ -32,6 +30,7 @@ import org.apache.cloudstack.api.response.FirewallRuleResponse; import org.apache.cloudstack.api.response.IPAddressResponse; import org.apache.cloudstack.api.response.IpForwardingRuleResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.log4j.Logger; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; @@ -317,4 +316,8 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta return null; } + @Override + public boolean isDisplay() { + return true; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/response/FirewallResponse.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/response/FirewallResponse.java b/api/src/org/apache/cloudstack/api/response/FirewallResponse.java index e3aaec5..14fabfc 100644 --- a/api/src/org/apache/cloudstack/api/response/FirewallResponse.java +++ b/api/src/org/apache/cloudstack/api/response/FirewallResponse.java @@ -18,12 +18,12 @@ package org.apache.cloudstack.api.response; import java.util.List; -import com.google.gson.annotations.SerializedName; - +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseResponse; import com.cloud.serializer.Param; +import com.google.gson.annotations.SerializedName; @SuppressWarnings("unused") public class FirewallResponse extends BaseResponse { @@ -75,6 +75,10 @@ public class FirewallResponse extends BaseResponse { @Param(description = "the list of resource tags associated with the rule", responseObject = ResourceTagResponse.class) private List tags; + @SerializedName(ApiConstants.FOR_DISPLAY) + @Param(description = "is vpc for display to the regular user", since = "4.4", authorized = {RoleType.Admin}) + private Boolean forDisplay; + public void setId(String id) { this.id = id; } @@ -122,4 +126,8 @@ public class FirewallResponse extends BaseResponse { public void setTags(List tags) { this.tags = tags; } + + public void setForDisplay(Boolean forDisplay) { + this.forDisplay = forDisplay; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java b/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java index 71a3097..0d11e85 100644 --- a/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java +++ b/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java @@ -18,14 +18,14 @@ package org.apache.cloudstack.api.response; import java.util.List; -import com.google.gson.annotations.SerializedName; - +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseResponse; import org.apache.cloudstack.api.EntityReference; import com.cloud.network.rules.FirewallRule; import com.cloud.serializer.Param; +import com.google.gson.annotations.SerializedName; @EntityReference(value = FirewallRule.class) @SuppressWarnings("unused") @@ -94,6 +94,10 @@ public class FirewallRuleResponse extends BaseResponse { @Param(description = "the id of the guest network the port forwarding rule belongs to") private String networkId; + @SerializedName(ApiConstants.FOR_DISPLAY) + @Param(description = "is firewall for display to the regular user", since = "4.4", authorized = {RoleType.Admin}) + private Boolean forDisplay; + public String getDestNatVmIp() { return destNatVmIp; } @@ -218,4 +222,8 @@ public class FirewallRuleResponse extends BaseResponse { public void setNetworkId(String networkId) { this.networkId = networkId; } + + public void setForDisplay(Boolean forDisplay) { + this.forDisplay = forDisplay; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java ---------------------------------------------------------------------- diff --git a/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java b/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java index 1c67047..7104715 100644 --- a/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java +++ b/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java @@ -31,6 +31,7 @@ public class StaticNatRuleImpl implements StaticNatRule { long networkId; long sourceIpAddressId; String destIpAddress; + boolean forDisplay; public StaticNatRuleImpl(FirewallRuleVO rule, String dstIp) { this.id = rule.getId(); @@ -45,6 +46,7 @@ public class StaticNatRuleImpl implements StaticNatRule { this.networkId = rule.getNetworkId(); this.sourceIpAddressId = rule.getSourceIpAddressId(); this.destIpAddress = dstIp; + this.forDisplay = rule.isDisplay(); } @Override @@ -142,4 +144,8 @@ public class StaticNatRuleImpl implements StaticNatRule { return null; } + @Override + public boolean isDisplay() { + return forDisplay; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java b/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java index a8aef2c..4fa751d 100644 --- a/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java +++ b/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java @@ -101,6 +101,9 @@ public class FirewallRuleVO implements FirewallRule { @Enumerated(value = EnumType.STRING) TrafficType trafficType; + @Column(name = "display", updatable = true, nullable = false) + protected boolean display = true; + // This is a delayed load value. If the value is null, // then this field has not been loaded yet. // Call firewallrules dao to load it. @@ -268,4 +271,13 @@ public class FirewallRuleVO implements FirewallRule { public TrafficType getTrafficType() { return trafficType; } + + public void setDisplay(boolean display) { + this.display = display; + } + + @Override + public boolean isDisplay() { + return display; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/server/src/com/cloud/api/ApiResponseHelper.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index c566a5d..e802ec3 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -1017,6 +1017,7 @@ public class ApiResponseHelper implements ResponseGenerator { Network guestNtwk = ApiDBUtils.findNetworkById(fwRule.getNetworkId()); response.setNetworkId(guestNtwk.getUuid()); + IpAddress ip = ApiDBUtils.findIpAddressById(fwRule.getSourceIpAddressId()); response.setPublicIpAddressId(ip.getUuid()); response.setPublicIpAddress(ip.getAddress().addr()); @@ -1051,6 +1052,7 @@ public class ApiResponseHelper implements ResponseGenerator { response.setTags(tagResponses); response.setState(stateToSet); + response.setForDisplay(fwRule.isDisplay()); response.setObjectName("portforwardingrule"); return response; } @@ -2241,6 +2243,7 @@ public class ApiResponseHelper implements ResponseGenerator { response.setIcmpCode(fwRule.getIcmpCode()); response.setIcmpType(fwRule.getIcmpType()); + response.setForDisplay(fwRule.isDisplay()); // set tag information List tags = ApiDBUtils.listByResourceTypeAndId(ResourceObjectType.FirewallRule, fwRule.getId()); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/server/src/com/cloud/network/firewall/FirewallManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index 593c0b5..853de44 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -170,7 +170,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, } return createFirewallRule(null, caller, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(), - rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType()); + rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType(), rule.isDisplay()); } @Override @@ -180,13 +180,14 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, Long sourceIpAddressId = rule.getSourceIpAddressId(); return createFirewallRule(sourceIpAddressId, caller, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), - rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType()); + rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType(), rule.isDisplay()); } @DB protected FirewallRule createFirewallRule(final Long ipAddrId, Account caller, final String xId, final Integer portStart, final Integer portEnd, final String protocol, final List sourceCidrList, final Integer icmpCode, final Integer icmpType, final Long relatedRuleId, - final FirewallRule.FirewallRuleType type, final Long networkId, final FirewallRule.TrafficType trafficType) throws NetworkRuleConflictException { + final FirewallRule.FirewallRuleType type, + final Long networkId, final FirewallRule.TrafficType trafficType, final Boolean forDisplay) throws NetworkRuleConflictException { IPAddressVO ipAddress = null; if (ipAddrId != null) { @@ -233,6 +234,9 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, new FirewallRuleVO(xId, ipAddrId, portStart, portEnd, protocol.toLowerCase(), networkId, accountIdFinal, domainIdFinal, Purpose.Firewall, sourceCidrList, icmpCode, icmpType, relatedRuleId, trafficType); newRule.setType(type); + if (forDisplay != null) { + newRule.setDisplay(forDisplay); + } newRule = _firewallDao.persist(newRule); if (type == FirewallRuleType.User) @@ -717,12 +721,12 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, @Override @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating firewall rule", async = true) - public FirewallRule updateFirewallRule(long ruleId, String customId) { + public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) { Account caller = CallContext.current().getCallingAccount(); - return updateFirewallRule(ruleId, customId, caller); + return updateFirewallRule(ruleId, customId, caller, forDisplay); } - protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller) { + protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller, Boolean forDisplay) { FirewallRuleVO rule = _firewallDao.findById(ruleId); if (rule == null || rule.getPurpose() != Purpose.Firewall) { throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall); @@ -736,8 +740,14 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, if (customId != null) { rule.setUuid(customId); - _firewallDao.update(ruleId, rule); } + + if (forDisplay != null) { + rule.setDisplay(forDisplay); + } + + _firewallDao.update(ruleId, rule); + return _firewallDao.findById(ruleId); } @@ -822,7 +832,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, List oneCidr = new ArrayList(); oneCidr.add(NetUtils.ALL_CIDRS); return createFirewallRule(ipAddrId, caller, null, startPort, endPort, protocol, oneCidr, icmpCode, icmpType, relatedRuleId, FirewallRule.FirewallRuleType.User, - networkId, FirewallRule.TrafficType.Ingress); + networkId, FirewallRule.TrafficType.Ingress, true); } @Override @@ -936,7 +946,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, _firewallDao.loadSourceCidrs(rule); } createFirewallRule(ip.getId(), acct, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(), - rule.getIcmpCode(), rule.getIcmpType(), rule.getRelated(), FirewallRuleType.System, rule.getNetworkId(), rule.getTrafficType()); + rule.getIcmpCode(), rule.getIcmpType(), rule.getRelated(), FirewallRuleType.System, rule.getNetworkId(), rule.getTrafficType(), true); } catch (Exception e) { s_logger.debug("Failed to add system wide firewall rule, due to:" + e.toString()); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/server/src/com/cloud/network/rules/RulesManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 2fa72a7..06c478c 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -201,7 +201,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules @Override @DB @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating forwarding rule", create = true) - public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule, final Long vmId, Ip vmIp, final boolean openFirewall) + public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule, final Long vmId, Ip vmIp, final boolean openFirewall, final Boolean forDisplay) throws NetworkRuleConflictException { CallContext ctx = CallContext.current(); final Account caller = ctx.getCallingAccount(); @@ -316,6 +316,10 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules PortForwardingRuleVO newRule = new PortForwardingRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), dstIpFinal, rule.getDestinationPortStart(), rule.getDestinationPortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, vmId); + + if (forDisplay != null) { + newRule.setDisplay(forDisplay); + } newRule = _portForwardingDao.persist(newRule); // create firewallRule for 0.0.0.0/0 cidr @@ -1486,7 +1490,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules @Override @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_MODIFY, eventDescription = "updating forwarding rule", async = true) - public PortForwardingRule updatePortForwardingRule(long id, String customId) { + public PortForwardingRule updatePortForwardingRule(long id, String customId, Boolean forDisplay) { Account caller = CallContext.current().getCallingAccount(); PortForwardingRuleVO rule = _portForwardingDao.findById(id); if (rule == null) { @@ -1497,6 +1501,11 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules if (customId != null) { rule.setUuid(customId); } + + if (forDisplay != null) { + rule.setDisplay(forDisplay); + } + _portForwardingDao.update(id, rule); return _portForwardingDao.findById(id); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/server/test/com/cloud/network/MockFirewallManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/test/com/cloud/network/MockFirewallManagerImpl.java b/server/test/com/cloud/network/MockFirewallManagerImpl.java index b306976..3c02613 100644 --- a/server/test/com/cloud/network/MockFirewallManagerImpl.java +++ b/server/test/com/cloud/network/MockFirewallManagerImpl.java @@ -185,7 +185,7 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana } @Override - public FirewallRule updateFirewallRule(long ruleId, String customId) { + public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) { // TODO Auto-generated method stub return null; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/setup/db/db/schema-430to440.sql ---------------------------------------------------------------------- diff --git a/setup/db/db/schema-430to440.sql b/setup/db/db/schema-430to440.sql index c11f446..9c0cc26 100644 --- a/setup/db/db/schema-430to440.sql +++ b/setup/db/db/schema-430to440.sql @@ -531,6 +531,7 @@ UPDATE `cloud`.`vpc_gateway_details` set `display`=1 where id> 0; ALTER TABLE `cloud`.`user_ip_address` ADD COLUMN `display` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'True if the ip address can be displayed to the end user'; ALTER TABLE `cloud`.`vpc` ADD COLUMN `display` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'True if the vpc can be displayed to the end user'; +ALTER TABLE `cloud`.`firewall_rules` ADD COLUMN `display` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'True if the rule can be displayed to the end user';