cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Will Stevens" <wstev...@cloudops.com>
Subject Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Date Fri, 01 Nov 2013 21:10:17 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/
-----------------------------------------------------------

(Updated Nov. 1, 2013, 9:10 p.m.)


Review request for cloudstack and Sheng Yang.


Changes
-------

I built the patch with 'git format-patch' instead of 'git diff'.  I have uploaded the new
patch file as the diff for this request.


Bugs: CLOUDSTACK-1275
    https://issues.apache.org/jira/browse/CLOUDSTACK-1275


Repository: cloudstack-git


Description
-------

More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration

This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their
appliance and their VM series firewall).

Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private gateway/cidr on the PA
as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs
to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device
(additional docs to come)

Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between CloudStack and
the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.


Diffs (updated)
-----

  api/src/com/cloud/network/Network.java 49f380b 
  api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255

  api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d

  api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3 
  client/WEB-INF/classes/resources/messages.properties c075bf8 
  client/pom.xml fd1f13a 
  client/tomcatconf/commands.properties.in 96e841a 
  client/tomcatconf/nonossComponentContext.xml.in 0502bbc 
  plugins/network-elements/palo-alto/pom.xml PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java
PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java
PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java
PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java
PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java
PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java
PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java
PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java
PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java
PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java
PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java
PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java
PRE-CREATION 
  plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION

  plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java
PRE-CREATION 
  plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java
PRE-CREATION 
  plugins/pom.xml ca41dff 
  server/src/com/cloud/api/ApiResponseHelper.java f4ca112 
  server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1 
  ui/dictionary.jsp 80aab6f 
  ui/scripts/docs.js 3a4f8ca 
  ui/scripts/system.js 0af3952 

Diff: https://reviews.apache.org/r/15050/diff/


Testing
-------

I have tested all of the functionality listed under 'supported features'.

Unit tests are in file 24 and 25 of this patch.  The details of the tests can be found in
the functional spec.


Thanks,

Will Stevens


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message