diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java index 471b3f652fa..0fa3cd5fd7f 100755 --- a/api/src/com/cloud/event/EventTypes.java +++ b/api/src/com/cloud/event/EventTypes.java @@ -128,6 +128,10 @@ public class EventTypes { public static final String EVENT_FIREWALL_CLOSE = "FIREWALL.CLOSE"; public static final String EVENT_FIREWALL_UPDATE = "FIREWALL.UPDATE"; + public static final String EVENT_FIREWALL_EGRESS_OPEN = "FIREWALL.EGRESS.OPEN"; + public static final String EVENT_FIREWALL_EGRESS_CLOSE = "FIREWALL.EGRESS.CLOSE"; + public static final String EVENT_FIREWALL_EGRESS_UPDATE = "FIREWALL.EGRESS.UPDATE"; + //NIC Events public static final String EVENT_NIC_CREATE = "NIC.CREATE"; public static final String EVENT_NIC_DELETE = "NIC.DELETE"; @@ -556,6 +560,10 @@ public class EventTypes { entityEventDetails.put(EVENT_NET_RULE_MODIFY, FirewallRule.class); entityEventDetails.put(EVENT_FIREWALL_OPEN, FirewallRule.class); entityEventDetails.put(EVENT_FIREWALL_CLOSE, FirewallRule.class); + entityEventDetails.put(EVENT_FIREWALL_EGRESS_OPEN, FirewallRule.class); + entityEventDetails.put(EVENT_FIREWALL_EGRESS_CLOSE, FirewallRule.class); + entityEventDetails.put(EVENT_FIREWALL_EGRESS_UPDATE, FirewallRule.class); + // Load Balancers entityEventDetails.put(EVENT_ASSIGN_TO_LOAD_BALANCER_RULE, FirewallRule.class); diff --git a/api/src/com/cloud/network/firewall/FirewallService.java b/api/src/com/cloud/network/firewall/FirewallService.java index 5ab789121ad..41b170da5b8 100644 --- a/api/src/com/cloud/network/firewall/FirewallService.java +++ b/api/src/com/cloud/network/firewall/FirewallService.java @@ -40,7 +40,8 @@ public interface FirewallService { * the id of the rule to revoke. * @return */ - boolean revokeFirewallRule(long ruleId, boolean apply); + boolean revokeIngressFirewallRule(long ruleId, boolean apply); + boolean revokeEgressFirewallRule(long ruleId, boolean apply); boolean applyEgressFirewallRules(FirewallRule rule, Account caller) throws ResourceUnavailableException; @@ -50,6 +51,9 @@ public interface FirewallService { boolean revokeRelatedFirewallRule(long ruleId, boolean apply); - FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay); + FirewallRule updateIngressFirewallRule(long ruleId, String customId, Boolean forDisplay); + FirewallRule updateEgressFirewallRule(long ruleId, String customId, Boolean forDisplay); + boolean applyIngressFwRules(long ipId, Account caller) throws ResourceUnavailableException; + boolean revokeIngressFwRule(long ruleId, boolean apply); } diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java index 579cccbfb25..90aed5e507d 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java @@ -154,7 +154,7 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F fwResponse.setResponseName(getCommandName()); } finally { if (!success || rule == null) { - _firewallService.revokeFirewallRule(getEntityId(), true); + _firewallService.revokeEgressFirewallRule(getEntityId(), true); throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create firewall rule"); } } @@ -270,7 +270,7 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F @Override public String getEventType() { - return EventTypes.EVENT_FIREWALL_OPEN; + return EventTypes.EVENT_FIREWALL_EGRESS_OPEN; } @Override diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java index b09d3a73a76..06669359e86 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java @@ -134,7 +134,7 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal FirewallRule rule = _entityMgr.findById(FirewallRule.class, getEntityId()); try { CallContext.current().setEventDetails("Rule Id: " + getEntityId()); - success = _firewallService.applyIngressFirewallRules(rule.getSourceIpAddressId(), callerContext.getCallingAccount()); + success = _firewallService.applyIngressFwRules(rule.getSourceIpAddressId(), callerContext.getCallingAccount()); // State is different after the rule is applied, so get new object here rule = _entityMgr.findById(FirewallRule.class, getEntityId()); @@ -146,7 +146,7 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal fwResponse.setResponseName(getCommandName()); } finally { if (!success || rule == null) { - _firewallService.revokeFirewallRule(getEntityId(), true); + _firewallService.revokeIngressFwRule(getEntityId(), true); throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create firewall rule"); } } diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java index 4d227722f8f..17968fce58f 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java @@ -74,7 +74,7 @@ public class DeleteEgressFirewallRuleCmd extends BaseAsyncCmd { @Override public String getEventType() { - return EventTypes.EVENT_FIREWALL_CLOSE; + return EventTypes.EVENT_FIREWALL_EGRESS_CLOSE; } @Override @@ -98,7 +98,7 @@ public class DeleteEgressFirewallRuleCmd extends BaseAsyncCmd { @Override public void execute() throws ResourceUnavailableException { CallContext.current().setEventDetails("Rule Id: " + id); - boolean result = _firewallService.revokeFirewallRule(id, true); + boolean result = _firewallService.revokeEgressFirewallRule(id, true); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java index 66dcc039c35..f8d1c18329a 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java @@ -96,7 +96,7 @@ public class DeleteFirewallRuleCmd extends BaseAsyncCmd { @Override public void execute() throws ResourceUnavailableException { CallContext.current().setEventDetails("Rule Id: " + id); - boolean result = _firewallService.revokeFirewallRule(id, true); + boolean result = _firewallService.revokeIngressFwRule(id, true); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java index 079539624c7..b597a891ba3 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java @@ -78,7 +78,7 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd { @Override public void execute() throws ResourceUnavailableException { CallContext.current().setEventDetails("Rule Id: " + id); - FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay()); + FirewallRule rule = _firewallService.updateEgressFirewallRule(id, this.getCustomId(), getDisplay()); FirewallResponse fwResponse = new FirewallResponse(); if (rule != null) { @@ -97,7 +97,7 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd { @Override public String getEventType() { - return EventTypes.EVENT_FIREWALL_UPDATE; + return EventTypes.EVENT_FIREWALL_EGRESS_UPDATE; } diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java index f68437192b7..e9c87d01631 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java @@ -79,7 +79,7 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd { @Override public void execute() throws ResourceUnavailableException { CallContext.current().setEventDetails("Rule Id: " + id); - FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay()); + FirewallRule rule = _firewallService.updateIngressFirewallRule(id, this.getCustomId(), getDisplay()); FirewallResponse fwResponse = new FirewallResponse(); if (rule != null) { diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index 4f853b332a6..dd928d8d6fa 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -161,7 +161,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, } @Override - @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewall rule", create = true) + @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_OPEN, eventDescription = "creating egress firewall rule for network", create = true) public FirewallRule createEgressFirewallRule(FirewallRule rule) throws NetworkRuleConflictException { Account caller = CallContext.current().getCallingAccount(); @@ -612,6 +612,12 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, _firewallDao.remove(rule.getId()); } + @Override + @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewall rule", async = true) + public boolean applyIngressFwRules(long ipId, Account caller) throws ResourceUnavailableException { + return applyIngressFirewallRules(ipId, caller); + } + @Override public boolean applyIngressFirewallRules(long ipId, Account caller) throws ResourceUnavailableException { List rules = _firewallDao.listByIpAndPurpose(ipId, Purpose.Firewall); @@ -619,6 +625,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, } @Override + @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_OPEN, eventDescription = "creating egress firewall rule", async = true) public boolean applyEgressFirewallRules(FirewallRule rule, Account caller) throws ResourceUnavailableException { List rules = _firewallDao.listByNetworkPurposeTrafficType(rule.getNetworkId(), Purpose.Firewall, FirewallRule.TrafficType.Egress); return applyFirewallRules(rules, false, caller); @@ -719,7 +726,21 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, @Override @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_CLOSE, eventDescription = "revoking firewall rule", async = true) - public boolean revokeFirewallRule(long ruleId, boolean apply) { + public boolean revokeIngressFwRule(long ruleId, boolean apply) { + return revokeIngressFirewallRule(ruleId, apply); + } + + + @Override + public boolean revokeIngressFirewallRule(long ruleId, boolean apply) { + Account caller = CallContext.current().getCallingAccount(); + long userId = CallContext.current().getCallingUserId(); + return revokeFirewallRule(ruleId, apply, caller, userId); + } + + @Override + @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_CLOSE, eventDescription = "revoking egress firewall rule", async = true) + public boolean revokeEgressFirewallRule(long ruleId, boolean apply) { Account caller = CallContext.current().getCallingAccount(); long userId = CallContext.current().getCallingUserId(); return revokeFirewallRule(ruleId, apply, caller, userId); @@ -727,7 +748,14 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, @Override @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating firewall rule", async = true) - public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) { + public FirewallRule updateIngressFirewallRule(long ruleId, String customId, Boolean forDisplay) { + Account caller = CallContext.current().getCallingAccount(); + return updateFirewallRule(ruleId, customId, caller, forDisplay); + } + + @Override + @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_UPDATE, eventDescription = "updating egress firewall rule", async = true) + public FirewallRule updateEgressFirewallRule(long ruleId, String customId, Boolean forDisplay) { Account caller = CallContext.current().getCallingAccount(); return updateFirewallRule(ruleId, customId, caller, forDisplay); } @@ -881,7 +909,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, } s_logger.debug("Revoking Firewall rule id=" + fwRule.getId() + " as a part of rule delete id=" + ruleId + " with apply=" + apply); - return revokeFirewallRule(fwRule.getId(), apply); + return revokeIngressFirewallRule(fwRule.getId(), apply); } diff --git a/server/test/com/cloud/network/MockFirewallManagerImpl.java b/server/test/com/cloud/network/MockFirewallManagerImpl.java index 3c026135dab..e484e61b9b6 100644 --- a/server/test/com/cloud/network/MockFirewallManagerImpl.java +++ b/server/test/com/cloud/network/MockFirewallManagerImpl.java @@ -70,9 +70,13 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana } @Override - public boolean revokeFirewallRule(long ruleId, boolean apply) { - // TODO Auto-generated method stub - return false; + public boolean revokeIngressFirewallRule(long ruleId, boolean apply) { + return false; //To change body of implemented methods use File | Settings | File Templates. + } + + @Override + public boolean revokeEgressFirewallRule(long ruleId, boolean apply) { + return false; //To change body of implemented methods use File | Settings | File Templates. } @Override @@ -87,6 +91,26 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana return false; } + @Override + public FirewallRule updateIngressFirewallRule(long ruleId, String customId, Boolean forDisplay) { + return null; //To change body of implemented methods use File | Settings | File Templates. + } + + @Override + public FirewallRule updateEgressFirewallRule(long ruleId, String customId, Boolean forDisplay) { + return null; //To change body of implemented methods use File | Settings | File Templates. + } + + @Override + public boolean applyIngressFwRules(long ipId, Account caller) throws ResourceUnavailableException { + return false; //To change body of implemented methods use File | Settings | File Templates. + } + + @Override + public boolean revokeIngressFwRule(long ruleId, boolean apply) { + return false; //To change body of implemented methods use File | Settings | File Templates. + } + @Override public void detectRulesConflict(FirewallRule newRule) throws NetworkRuleConflictException { // TODO Auto-generated method stub @@ -184,10 +208,5 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana return null; } - @Override - public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) { - // TODO Auto-generated method stub - return null; - } }