ExternalUUID control support for Firewall and Egress Firewall rules

api/src/com/cloud/event/EventTypes.java

@@ -112,6 +112,7 @@ public class EventTypes {
     public static final String EVENT_NETWORK_UPDATE = "NETWORK.UPDATE";
     public static final String EVENT_FIREWALL_OPEN = "FIREWALL.OPEN";
     public static final String EVENT_FIREWALL_CLOSE = "FIREWALL.CLOSE";
+    public static final String EVENT_FIREWALL_UPDATE = "FIREWALL.UPDATE";
 
     //NIC Events
     public static final String EVENT_NIC_CREATE = "NIC.CREATE";

api/src/com/cloud/network/firewall/FirewallService.java

@@ -50,4 +50,6 @@ public interface FirewallService {
 
     boolean revokeRelatedFirewallRule(long ruleId, boolean apply);
 
+    FirewallRule updateFirewallRule(long ruleId, String customId);
+
 }

api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java

@@ -0,0 +1,113 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.package org.apache.cloudstack.api.command.user.firewall;
+
+package org.apache.cloudstack.api.command.user.firewall;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCustomIdCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.FirewallRule.TrafficType;
+
+@APICommand(name = "updateEgressFirewallRule", description = "Updates egress firewall rule ", responseObject = FirewallResponse.class, since = "4.4")
+public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd {
+    public static final Logger s_logger = Logger.getLogger(UpdateEgressFirewallRuleCmd.class.getName());
+
+    private static final String s_name = "updateegressfirewallruleresponse";
+
+    // ///////////////////////////////////////////////////
+    // ////////////// API parameters /////////////////////
+    // ///////////////////////////////////////////////////
+
+    @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = FirewallRuleResponse.class, required = true, description = "the ID of the egress firewall rule")
+    private Long id;
+
+    // unexposed parameter needed for events logging
+    @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false)
+    private Long ownerId;
+
+    // ///////////////////////////////////////////////////
+    // ///////////////// Accessors ///////////////////////
+    // ///////////////////////////////////////////////////
+
+    public Long getId() {
+        return id;
+    }
+    // ///////////////////////////////////////////////////
+    // ///////////// API Implementation///////////////////
+    // ///////////////////////////////////////////////////
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public void execute() throws ResourceUnavailableException {
+        CallContext.current().setEventDetails("Rule Id: " + id);
+        FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId());
+
+        FirewallResponse fwResponse = new FirewallResponse();
+        if (rule != null) {
+            fwResponse = _responseGenerator.createFirewallResponse(rule);
+            setResponseObject(fwResponse);
+        }
+        fwResponse.setResponseName(getCommandName());
+    }
+
+    @Override
+    public void checkUuid() {
+        if (this.getCustomId() != null) {
+            _uuidMgr.checkUuid(this.getCustomId(), FirewallRule.class);
+        }
+    }
+
+    @Override
+    public String getEventType() {
+        return EventTypes.EVENT_FIREWALL_UPDATE;
+
+    }
+
+    @Override
+    public String getEventDescription() {
+        return ("Updating egress firewall rule id=" + id);
+
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        if (ownerId == null) {
+            FirewallRule rule = _entityMgr.findById(FirewallRule.class, id);
+            if (rule == null || rule.getTrafficType() != TrafficType.Egress) {
+                throw new InvalidParameterValueException("Unable to find egress firewall rule by id");
+            } else {
+                ownerId = _entityMgr.findById(FirewallRule.class, id).getAccountId();
+            }
+        }
+        return ownerId;
+    }
+}

api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java

@@ -0,0 +1,114 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.package org.apache.cloudstack.api.command.user.firewall;
+
+package org.apache.cloudstack.api.command.user.firewall;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCustomIdCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.FirewallRule.TrafficType;
+
+@APICommand(name = "updateFirewallRule", description = "Updates firewall rule ", responseObject = FirewallResponse.class, since = "4.4")
+public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd {
+    public static final Logger s_logger = Logger.getLogger(UpdateFirewallRuleCmd.class.getName());
+
+    private static final String s_name = "updatefirewallruleresponse";
+
+    // ///////////////////////////////////////////////////
+    // ////////////// API parameters /////////////////////
+    // ///////////////////////////////////////////////////
+
+    @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = FirewallRuleResponse.class, required = true, description = "the ID of the firewall rule")
+    private Long id;
+
+    // unexposed parameter needed for events logging
+    @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false)
+    private Long ownerId;
+
+    // ///////////////////////////////////////////////////
+    // ///////////////// Accessors ///////////////////////
+    // ///////////////////////////////////////////////////
+
+    public Long getId() {
+        return id;
+    }
+
+    // ///////////////////////////////////////////////////
+    // ///////////// API Implementation///////////////////
+    // ///////////////////////////////////////////////////
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public void execute() throws ResourceUnavailableException {
+        CallContext.current().setEventDetails("Rule Id: " + id);
+        FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId());
+
+        FirewallResponse fwResponse = new FirewallResponse();
+        if (rule != null) {
+            fwResponse = _responseGenerator.createFirewallResponse(rule);
+            setResponseObject(fwResponse);
+        }
+        fwResponse.setResponseName(getCommandName());
+    }
+
+    @Override
+    public void checkUuid() {
+        if (this.getCustomId() != null) {
+            _uuidMgr.checkUuid(this.getCustomId(), FirewallRule.class);
+        }
+    }
+
+    @Override
+    public String getEventType() {
+        return EventTypes.EVENT_FIREWALL_UPDATE;
+
+    }
+
+    @Override
+    public String getEventDescription() {
+        return ("Updating firewall rule id=" + id);
+
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        if (ownerId == null) {
+            FirewallRule rule = _entityMgr.findById(FirewallRule.class, id);
+            if (rule == null || rule.getTrafficType() != TrafficType.Ingress) {
+                throw new InvalidParameterValueException("Unable to find firewall rule by id");
+            } else {
+                ownerId = _entityMgr.findById(FirewallRule.class, id).getAccountId();
+            }
+        }
+        return ownerId;
+    }
+}

client/tomcatconf/commands.properties.in

@@ -401,11 +401,13 @@ deleteProjectInvitation=15
 createFirewallRule=15
 deleteFirewallRule=15
 listFirewallRules=15
+updateFirewallRule=15
 
 ####
 createEgressFirewallRule=15
 deleteEgressFirewallRule=15
 listEgressFirewallRules=15
+updateEgressFirewallRule=15
 
 #### hypervisor capabilities commands
 updateHypervisorCapabilities=1

server/src/com/cloud/network/firewall/FirewallManagerImpl.java

@@ -27,13 +27,12 @@ import javax.ejb.Local;
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
 import org.apache.cloudstack.api.command.user.firewall.ListFirewallRulesCmd;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
 
 import com.cloud.configuration.Config;
 import com.cloud.domain.dao.DomainDao;
@@ -716,6 +715,32 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
         return revokeFirewallRule(ruleId, apply, caller, userId);
     }
 
+    @Override
+    @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating firewall rule", async = true)
+    public FirewallRule updateFirewallRule(long ruleId, String customId) {
+        Account caller = CallContext.current().getCallingAccount();
+        return updateFirewallRule(ruleId, customId, caller);
+    }
+
+    protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller) {
+        FirewallRuleVO rule = _firewallDao.findById(ruleId);
+        if (rule == null || rule.getPurpose() != Purpose.Firewall) {
+            throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall);
+        }
+
+        if (rule.getType() == FirewallRuleType.System && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+            throw new InvalidParameterValueException("Only root admin can update the system wide firewall rule");
+        }
+
+        _accountMgr.checkAccess(caller, null, true, rule);
+
+        if (customId != null) {
+            rule.setUuid(customId);
+            _firewallDao.update(ruleId, rule);
+        }
+        return _firewallDao.findById(ruleId);
+    }
+
     @Override
     @DB
     public void revokeRule(final FirewallRuleVO rule, Account caller, long userId, final boolean needUsageEvent) {

server/src/com/cloud/server/ManagementServerImpl.java

@@ -255,6 +255,8 @@ import org.apache.cloudstack.api.command.user.firewall.DeletePortForwardingRuleC
 import org.apache.cloudstack.api.command.user.firewall.ListEgressFirewallRulesCmd;
 import org.apache.cloudstack.api.command.user.firewall.ListFirewallRulesCmd;
 import org.apache.cloudstack.api.command.user.firewall.ListPortForwardingRulesCmd;
+import org.apache.cloudstack.api.command.user.firewall.UpdateEgressFirewallRuleCmd;
+import org.apache.cloudstack.api.command.user.firewall.UpdateFirewallRuleCmd;
 import org.apache.cloudstack.api.command.user.firewall.UpdatePortForwardingRuleCmd;
 import org.apache.cloudstack.api.command.user.guest.ListGuestOsCategoriesCmd;
 import org.apache.cloudstack.api.command.user.guest.ListGuestOsCmd;
@@ -2861,6 +2863,8 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
         cmdList.add(ListOvsElementsCmd.class);
         cmdList.add(ConfigureOvsElementCmd.class);
         cmdList.add(GetVMUserDataCmd.class);
+        cmdList.add(UpdateEgressFirewallRuleCmd.class);
+        cmdList.add(UpdateFirewallRuleCmd.class);
         return cmdList;
     }
 

server/test/com/cloud/network/MockFirewallManagerImpl.java

@@ -184,4 +184,10 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana
         return null;
     }
 
+    @Override
+    public FirewallRule updateFirewallRule(long ruleId, String customId) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
 }