apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

ExternalUUID control support for Firewall and Egress Firewall rules

Browse Source
This commit is contained in:
Alena Prokharchyk 2014-02-04 16:26:53 -08:00
parent 039b1c1594
commit aaa20947a9
8 changed files with 270 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
api/src/com/cloud/event/EventTypes.java
View File

@ -112,6 +112,7 @@ public class EventTypes {
public static final String EVENT_NETWORK_UPDATE = "NETWORK.UPDATE";
public static final String EVENT_FIREWALL_OPEN = "FIREWALL.OPEN";
public static final String EVENT_FIREWALL_CLOSE = "FIREWALL.CLOSE";
public static final String EVENT_FIREWALL_UPDATE = "FIREWALL.UPDATE";
//NIC Events
public static final String EVENT_NIC_CREATE = "NIC.CREATE";

2
api/src/com/cloud/network/firewall/FirewallService.java
View File

@ -50,4 +50,6 @@ public interface FirewallService {
boolean revokeRelatedFirewallRule(long ruleId, boolean apply);
FirewallRule updateFirewallRule(long ruleId, String customId);
}

113
api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java Normal file
View File

@ -0,0 +1,113 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.package org.apache.cloudstack.api.command.user.firewall;
package org.apache.cloudstack.api.command.user.firewall;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCustomIdCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.FirewallResponse;
import org.apache.cloudstack.api.response.FirewallRuleResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.FirewallRule.TrafficType;
@APICommand(name = "updateEgressFirewallRule", description = "Updates egress firewall rule ", responseObject = FirewallResponse.class, since = "4.4")
public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateEgressFirewallRuleCmd.class.getName());
private static final String s_name = "updateegressfirewallruleresponse";
// ///////////////////////////////////////////////////
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = FirewallRuleResponse.class, required = true, description = "the ID of the egress firewall rule")
private Long id;
// unexposed parameter needed for events logging
@Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false)
private Long ownerId;
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
public Long getId() {
return id;
}
// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id);
FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId());
FirewallResponse fwResponse = new FirewallResponse();
if (rule != null) {
fwResponse = _responseGenerator.createFirewallResponse(rule);
setResponseObject(fwResponse);
}
fwResponse.setResponseName(getCommandName());
}
@Override
public void checkUuid() {
if (this.getCustomId() != null) {
_uuidMgr.checkUuid(this.getCustomId(), FirewallRule.class);
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_FIREWALL_UPDATE;
}
@Override
public String getEventDescription() {
return ("Updating egress firewall rule id=" + id);
}
@Override
public long getEntityOwnerId() {
if (ownerId == null) {
FirewallRule rule = _entityMgr.findById(FirewallRule.class, id);
if (rule == null || rule.getTrafficType() != TrafficType.Egress) {
throw new InvalidParameterValueException("Unable to find egress firewall rule by id");
} else {
ownerId = _entityMgr.findById(FirewallRule.class, id).getAccountId();
}
}
return ownerId;
}
}

114
api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java Normal file
View File

@ -0,0 +1,114 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.package org.apache.cloudstack.api.command.user.firewall;
package org.apache.cloudstack.api.command.user.firewall;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCustomIdCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.FirewallResponse;
import org.apache.cloudstack.api.response.FirewallRuleResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.FirewallRule.TrafficType;
@APICommand(name = "updateFirewallRule", description = "Updates firewall rule ", responseObject = FirewallResponse.class, since = "4.4")
public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateFirewallRuleCmd.class.getName());
private static final String s_name = "updatefirewallruleresponse";
// ///////////////////////////////////////////////////
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = FirewallRuleResponse.class, required = true, description = "the ID of the firewall rule")
private Long id;
// unexposed parameter needed for events logging
@Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false)
private Long ownerId;
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
public Long getId() {
return id;
}
// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id);
FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId());
FirewallResponse fwResponse = new FirewallResponse();
if (rule != null) {
fwResponse = _responseGenerator.createFirewallResponse(rule);
setResponseObject(fwResponse);
}
fwResponse.setResponseName(getCommandName());
}
@Override
public void checkUuid() {
if (this.getCustomId() != null) {
_uuidMgr.checkUuid(this.getCustomId(), FirewallRule.class);
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_FIREWALL_UPDATE;
}
@Override
public String getEventDescription() {
return ("Updating firewall rule id=" + id);
}
@Override
public long getEntityOwnerId() {
if (ownerId == null) {
FirewallRule rule = _entityMgr.findById(FirewallRule.class, id);
if (rule == null || rule.getTrafficType() != TrafficType.Ingress) {
throw new InvalidParameterValueException("Unable to find firewall rule by id");
} else {
ownerId = _entityMgr.findById(FirewallRule.class, id).getAccountId();
}
}
return ownerId;
}
}

2
client/tomcatconf/commands.properties.in
View File

@ -401,11 +401,13 @@ deleteProjectInvitation=15
createFirewallRule=15
deleteFirewallRule=15
listFirewallRules=15
updateFirewallRule=15
####
createEgressFirewallRule=15
deleteEgressFirewallRule=15
listEgressFirewallRules=15
updateEgressFirewallRule=15
#### hypervisor capabilities commands
updateHypervisorCapabilities=1

31
server/src/com/cloud/network/firewall/FirewallManagerImpl.java
View File

@ -27,13 +27,12 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.api.command.user.firewall.ListFirewallRulesCmd;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import com.cloud.configuration.Config;
import com.cloud.domain.dao.DomainDao;
@ -716,6 +715,32 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
return revokeFirewallRule(ruleId, apply, caller, userId);
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating firewall rule", async = true)
public FirewallRule updateFirewallRule(long ruleId, String customId) {
Account caller = CallContext.current().getCallingAccount();
return updateFirewallRule(ruleId, customId, caller);
}
protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller) {
FirewallRuleVO rule = _firewallDao.findById(ruleId);
if (rule == null || rule.getPurpose() != Purpose.Firewall) {
throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall);
}
if (rule.getType() == FirewallRuleType.System && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
throw new InvalidParameterValueException("Only root admin can update the system wide firewall rule");
}
_accountMgr.checkAccess(caller, null, true, rule);
if (customId != null) {
rule.setUuid(customId);
_firewallDao.update(ruleId, rule);
}
return _firewallDao.findById(ruleId);
}
@Override
@DB
public void revokeRule(final FirewallRuleVO rule, Account caller, long userId, final boolean needUsageEvent) {

4
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -255,6 +255,8 @@ import org.apache.cloudstack.api.command.user.firewall.DeletePortForwardingRuleC
import org.apache.cloudstack.api.command.user.firewall.ListEgressFirewallRulesCmd;
import org.apache.cloudstack.api.command.user.firewall.ListFirewallRulesCmd;
import org.apache.cloudstack.api.command.user.firewall.ListPortForwardingRulesCmd;
import org.apache.cloudstack.api.command.user.firewall.UpdateEgressFirewallRuleCmd;
import org.apache.cloudstack.api.command.user.firewall.UpdateFirewallRuleCmd;
import org.apache.cloudstack.api.command.user.firewall.UpdatePortForwardingRuleCmd;
import org.apache.cloudstack.api.command.user.guest.ListGuestOsCategoriesCmd;
import org.apache.cloudstack.api.command.user.guest.ListGuestOsCmd;
@ -2861,6 +2863,8 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
cmdList.add(ListOvsElementsCmd.class);
cmdList.add(ConfigureOvsElementCmd.class);
cmdList.add(GetVMUserDataCmd.class);
cmdList.add(UpdateEgressFirewallRuleCmd.class);
cmdList.add(UpdateFirewallRuleCmd.class);
return cmdList;
}

6
server/test/com/cloud/network/MockFirewallManagerImpl.java
View File

@ -184,4 +184,10 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana
return null;
}
@Override
public FirewallRule updateFirewallRule(long ruleId, String customId) {
// TODO Auto-generated method stub
return null;
}
}