apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 20:02:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-6922: Updated events for firewall ingress and egress

Browse Source
This commit is contained in:
Jayapal 2014-06-17 12:06:03 +05:30
parent 2be26e03af
commit cc98d44542
10 changed files with 83 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api/src/com/cloud/event/EventTypes.java
View File

@ -128,6 +128,10 @@ public class EventTypes {
public static final String EVENT_FIREWALL_CLOSE = "FIREWALL.CLOSE"; public static final String EVENT_FIREWALL_CLOSE = "FIREWALL.CLOSE";
public static final String EVENT_FIREWALL_UPDATE = "FIREWALL.UPDATE"; public static final String EVENT_FIREWALL_UPDATE = "FIREWALL.UPDATE";
public static final String EVENT_FIREWALL_EGRESS_OPEN = "FIREWALL.EGRESS.OPEN";
public static final String EVENT_FIREWALL_EGRESS_CLOSE = "FIREWALL.EGRESS.CLOSE";
public static final String EVENT_FIREWALL_EGRESS_UPDATE = "FIREWALL.EGRESS.UPDATE";
//NIC Events //NIC Events
public static final String EVENT_NIC_CREATE = "NIC.CREATE"; public static final String EVENT_NIC_CREATE = "NIC.CREATE";
public static final String EVENT_NIC_DELETE = "NIC.DELETE"; public static final String EVENT_NIC_DELETE = "NIC.DELETE";
@ -556,6 +560,10 @@ public class EventTypes {
entityEventDetails.put(EVENT_NET_RULE_MODIFY, FirewallRule.class); entityEventDetails.put(EVENT_NET_RULE_MODIFY, FirewallRule.class);
entityEventDetails.put(EVENT_FIREWALL_OPEN, FirewallRule.class); entityEventDetails.put(EVENT_FIREWALL_OPEN, FirewallRule.class);
entityEventDetails.put(EVENT_FIREWALL_CLOSE, FirewallRule.class); entityEventDetails.put(EVENT_FIREWALL_CLOSE, FirewallRule.class);
entityEventDetails.put(EVENT_FIREWALL_EGRESS_OPEN, FirewallRule.class);
entityEventDetails.put(EVENT_FIREWALL_EGRESS_CLOSE, FirewallRule.class);
entityEventDetails.put(EVENT_FIREWALL_EGRESS_UPDATE, FirewallRule.class);
// Load Balancers // Load Balancers
entityEventDetails.put(EVENT_ASSIGN_TO_LOAD_BALANCER_RULE, FirewallRule.class); entityEventDetails.put(EVENT_ASSIGN_TO_LOAD_BALANCER_RULE, FirewallRule.class);

8
api/src/com/cloud/network/firewall/FirewallService.java
View File

@ -40,7 +40,8 @@ public interface FirewallService {
* the id of the rule to revoke. * the id of the rule to revoke.
* @return * @return
*/ */
boolean revokeFirewallRule(long ruleId, boolean apply); boolean revokeIngressFirewallRule(long ruleId, boolean apply);
boolean revokeEgressFirewallRule(long ruleId, boolean apply);
boolean applyEgressFirewallRules(FirewallRule rule, Account caller) throws ResourceUnavailableException; boolean applyEgressFirewallRules(FirewallRule rule, Account caller) throws ResourceUnavailableException;
@ -50,6 +51,9 @@ public interface FirewallService {
boolean revokeRelatedFirewallRule(long ruleId, boolean apply); boolean revokeRelatedFirewallRule(long ruleId, boolean apply);
FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay); FirewallRule updateIngressFirewallRule(long ruleId, String customId, Boolean forDisplay);
FirewallRule updateEgressFirewallRule(long ruleId, String customId, Boolean forDisplay);
boolean applyIngressFwRules(long ipId, Account caller) throws ResourceUnavailableException;
boolean revokeIngressFwRule(long ruleId, boolean apply);
} }

4
api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
View File

@ -154,7 +154,7 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F
fwResponse.setResponseName(getCommandName()); fwResponse.setResponseName(getCommandName());
} finally { } finally {
if (!success || rule == null) { if (!success || rule == null) {
_firewallService.revokeFirewallRule(getEntityId(), true); _firewallService.revokeEgressFirewallRule(getEntityId(), true);
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create firewall rule"); throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create firewall rule");
} }
} }
@ -270,7 +270,7 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F
@Override @Override
public String getEventType() { public String getEventType() {
return EventTypes.EVENT_FIREWALL_OPEN; return EventTypes.EVENT_FIREWALL_EGRESS_OPEN;
} }
@Override @Override

4
api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
View File

@ -134,7 +134,7 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal
FirewallRule rule = _entityMgr.findById(FirewallRule.class, getEntityId()); FirewallRule rule = _entityMgr.findById(FirewallRule.class, getEntityId());
try { try {
CallContext.current().setEventDetails("Rule Id: " + getEntityId()); CallContext.current().setEventDetails("Rule Id: " + getEntityId());
success = _firewallService.applyIngressFirewallRules(rule.getSourceIpAddressId(), callerContext.getCallingAccount()); success = _firewallService.applyIngressFwRules(rule.getSourceIpAddressId(), callerContext.getCallingAccount());
// State is different after the rule is applied, so get new object here // State is different after the rule is applied, so get new object here
rule = _entityMgr.findById(FirewallRule.class, getEntityId()); rule = _entityMgr.findById(FirewallRule.class, getEntityId());
@ -146,7 +146,7 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal
fwResponse.setResponseName(getCommandName()); fwResponse.setResponseName(getCommandName());
} finally { } finally {
if (!success || rule == null) { if (!success || rule == null) {
_firewallService.revokeFirewallRule(getEntityId(), true); _firewallService.revokeIngressFwRule(getEntityId(), true);
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create firewall rule"); throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create firewall rule");
} }
} }

4
api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
View File

@ -74,7 +74,7 @@ public class DeleteEgressFirewallRuleCmd extends BaseAsyncCmd {
@Override @Override
public String getEventType() { public String getEventType() {
return EventTypes.EVENT_FIREWALL_CLOSE; return EventTypes.EVENT_FIREWALL_EGRESS_CLOSE;
} }
@Override @Override
@ -98,7 +98,7 @@ public class DeleteEgressFirewallRuleCmd extends BaseAsyncCmd {
@Override @Override
public void execute() throws ResourceUnavailableException { public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id); CallContext.current().setEventDetails("Rule Id: " + id);
boolean result = _firewallService.revokeFirewallRule(id, true); boolean result = _firewallService.revokeEgressFirewallRule(id, true);
if (result) { if (result) {
SuccessResponse response = new SuccessResponse(getCommandName()); SuccessResponse response = new SuccessResponse(getCommandName());

2
api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
View File

@ -96,7 +96,7 @@ public class DeleteFirewallRuleCmd extends BaseAsyncCmd {
@Override @Override
public void execute() throws ResourceUnavailableException { public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id); CallContext.current().setEventDetails("Rule Id: " + id);
boolean result = _firewallService.revokeFirewallRule(id, true); boolean result = _firewallService.revokeIngressFwRule(id, true);
if (result) { if (result) {
SuccessResponse response = new SuccessResponse(getCommandName()); SuccessResponse response = new SuccessResponse(getCommandName());

4
api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java
View File

@ -78,7 +78,7 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Override @Override
public void execute() throws ResourceUnavailableException { public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id); CallContext.current().setEventDetails("Rule Id: " + id);
FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay()); FirewallRule rule = _firewallService.updateEgressFirewallRule(id, this.getCustomId(), getDisplay());
FirewallResponse fwResponse = new FirewallResponse(); FirewallResponse fwResponse = new FirewallResponse();
if (rule != null) { if (rule != null) {
@ -97,7 +97,7 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Override @Override
public String getEventType() { public String getEventType() {
return EventTypes.EVENT_FIREWALL_UPDATE; return EventTypes.EVENT_FIREWALL_EGRESS_UPDATE;
} }

2
api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java
View File

@ -79,7 +79,7 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Override @Override
public void execute() throws ResourceUnavailableException { public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id); CallContext.current().setEventDetails("Rule Id: " + id);
FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay()); FirewallRule rule = _firewallService.updateIngressFirewallRule(id, this.getCustomId(), getDisplay());
FirewallResponse fwResponse = new FirewallResponse(); FirewallResponse fwResponse = new FirewallResponse();
if (rule != null) { if (rule != null) {

36
server/src/com/cloud/network/firewall/FirewallManagerImpl.java
View File

@ -161,7 +161,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
} }
@Override @Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewall rule", create = true) @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_OPEN, eventDescription = "creating egress firewall rule for network", create = true)
public FirewallRule createEgressFirewallRule(FirewallRule rule) throws NetworkRuleConflictException { public FirewallRule createEgressFirewallRule(FirewallRule rule) throws NetworkRuleConflictException {
Account caller = CallContext.current().getCallingAccount(); Account caller = CallContext.current().getCallingAccount();
@ -612,6 +612,12 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
_firewallDao.remove(rule.getId()); _firewallDao.remove(rule.getId());
} }
@Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewall rule", async = true)
public boolean applyIngressFwRules(long ipId, Account caller) throws ResourceUnavailableException {
return applyIngressFirewallRules(ipId, caller);
}
@Override @Override
public boolean applyIngressFirewallRules(long ipId, Account caller) throws ResourceUnavailableException { public boolean applyIngressFirewallRules(long ipId, Account caller) throws ResourceUnavailableException {
List<FirewallRuleVO> rules = _firewallDao.listByIpAndPurpose(ipId, Purpose.Firewall); List<FirewallRuleVO> rules = _firewallDao.listByIpAndPurpose(ipId, Purpose.Firewall);
@ -619,6 +625,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
} }
@Override @Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_OPEN, eventDescription = "creating egress firewall rule", async = true)
public boolean applyEgressFirewallRules(FirewallRule rule, Account caller) throws ResourceUnavailableException { public boolean applyEgressFirewallRules(FirewallRule rule, Account caller) throws ResourceUnavailableException {
List<FirewallRuleVO> rules = _firewallDao.listByNetworkPurposeTrafficType(rule.getNetworkId(), Purpose.Firewall, FirewallRule.TrafficType.Egress); List<FirewallRuleVO> rules = _firewallDao.listByNetworkPurposeTrafficType(rule.getNetworkId(), Purpose.Firewall, FirewallRule.TrafficType.Egress);
return applyFirewallRules(rules, false, caller); return applyFirewallRules(rules, false, caller);
@ -719,7 +726,21 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
@Override @Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_CLOSE, eventDescription = "revoking firewall rule", async = true) @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_CLOSE, eventDescription = "revoking firewall rule", async = true)
public boolean revokeFirewallRule(long ruleId, boolean apply) { public boolean revokeIngressFwRule(long ruleId, boolean apply) {
return revokeIngressFirewallRule(ruleId, apply);
}
@Override
public boolean revokeIngressFirewallRule(long ruleId, boolean apply) {
Account caller = CallContext.current().getCallingAccount();
long userId = CallContext.current().getCallingUserId();
return revokeFirewallRule(ruleId, apply, caller, userId);
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_CLOSE, eventDescription = "revoking egress firewall rule", async = true)
public boolean revokeEgressFirewallRule(long ruleId, boolean apply) {
Account caller = CallContext.current().getCallingAccount(); Account caller = CallContext.current().getCallingAccount();
long userId = CallContext.current().getCallingUserId(); long userId = CallContext.current().getCallingUserId();
return revokeFirewallRule(ruleId, apply, caller, userId); return revokeFirewallRule(ruleId, apply, caller, userId);
@ -727,7 +748,14 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
@Override @Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating firewall rule", async = true) @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating firewall rule", async = true)
public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) { public FirewallRule updateIngressFirewallRule(long ruleId, String customId, Boolean forDisplay) {
Account caller = CallContext.current().getCallingAccount();
return updateFirewallRule(ruleId, customId, caller, forDisplay);
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_UPDATE, eventDescription = "updating egress firewall rule", async = true)
public FirewallRule updateEgressFirewallRule(long ruleId, String customId, Boolean forDisplay) {
Account caller = CallContext.current().getCallingAccount(); Account caller = CallContext.current().getCallingAccount();
return updateFirewallRule(ruleId, customId, caller, forDisplay); return updateFirewallRule(ruleId, customId, caller, forDisplay);
} }
@ -881,7 +909,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
} }
s_logger.debug("Revoking Firewall rule id=" + fwRule.getId() + " as a part of rule delete id=" + ruleId + " with apply=" + apply); s_logger.debug("Revoking Firewall rule id=" + fwRule.getId() + " as a part of rule delete id=" + ruleId + " with apply=" + apply);
return revokeFirewallRule(fwRule.getId(), apply); return revokeIngressFirewallRule(fwRule.getId(), apply);
} }

35
server/test/com/cloud/network/MockFirewallManagerImpl.java
View File

@ -70,9 +70,13 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana
} }
@Override @Override
public boolean revokeFirewallRule(long ruleId, boolean apply) { public boolean revokeIngressFirewallRule(long ruleId, boolean apply) {
// TODO Auto-generated method stub return false; //To change body of implemented methods use File | Settings | File Templates.
return false; }
@Override
public boolean revokeEgressFirewallRule(long ruleId, boolean apply) {
return false; //To change body of implemented methods use File | Settings | File Templates.
} }
@Override @Override
@ -87,6 +91,26 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana
return false; return false;
} }
@Override
public FirewallRule updateIngressFirewallRule(long ruleId, String customId, Boolean forDisplay) {
return null; //To change body of implemented methods use File | Settings | File Templates.
}
@Override
public FirewallRule updateEgressFirewallRule(long ruleId, String customId, Boolean forDisplay) {
return null; //To change body of implemented methods use File | Settings | File Templates.
}
@Override
public boolean applyIngressFwRules(long ipId, Account caller) throws ResourceUnavailableException {
return false; //To change body of implemented methods use File | Settings | File Templates.
}
@Override
public boolean revokeIngressFwRule(long ruleId, boolean apply) {
return false; //To change body of implemented methods use File | Settings | File Templates.
}
@Override @Override
public void detectRulesConflict(FirewallRule newRule) throws NetworkRuleConflictException { public void detectRulesConflict(FirewallRule newRule) throws NetworkRuleConflictException {
// TODO Auto-generated method stub // TODO Auto-generated method stub
@ -184,10 +208,5 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana
return null; return null;
} }
@Override
public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) {
// TODO Auto-generated method stub
return null;
}
} }