apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-763: Added APIs to create, delete and list NetworkACLlist.

Browse Source
This commit is contained in:
Kishan Kavala 2013-04-16 16:48:56 +05:30
parent df39196bf7
commit ebf8a7fd1e
21 changed files with 666 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/src/com/cloud/event/EventTypes.java
View File

@ -344,6 +344,11 @@ public class EventTypes {
public static final String EVENT_VPC_DELETE = "VPC.DELETE";
public static final String EVENT_VPC_RESTART = "VPC.RESTART";
// Network ACL
public static final String EVENT_NETWORK_ACL_CREATE = "NETWORK.ACL.CREATE";
public static final String EVENT_NETWORK_ACL_UPDATE = "NETWORK.ACL.UPDATE";
public static final String EVENT_NETWORK_ACL_DELETE = "NETWORK.ACL.DELETE";
// VPC offerings
public static final String EVENT_VPC_OFFERING_CREATE = "VPC.OFFERING.CREATE";
public static final String EVENT_VPC_OFFERING_UPDATE = "VPC.OFFERING.UPDATE";

16
api/src/com/cloud/network/firewall/NetworkACLService.java
View File

@ -19,6 +19,9 @@ package com.cloud.network.firewall;
import java.util.List;
import com.cloud.network.vpc.NetworkACL;
import org.apache.cloudstack.api.command.user.network.CreateNetworkACLListCmd;
import org.apache.cloudstack.api.command.user.network.ListNetworkACLListsCmd;
import org.apache.cloudstack.api.command.user.network.ListNetworkACLsCmd;
import com.cloud.exception.NetworkRuleConflictException;
@ -28,14 +31,14 @@ import com.cloud.user.Account;
import com.cloud.utils.Pair;
public interface NetworkACLService {
FirewallRule getNetworkACL(long ruleId);
FirewallRule getNetworkACLItem(long ruleId);
boolean applyNetworkACLs(long networkId, Account caller) throws ResourceUnavailableException;
/**
* @param createNetworkACLCmd
* @return
*/
FirewallRule createNetworkACL(FirewallRule acl) throws NetworkRuleConflictException;
FirewallRule createNetworkACLItem(FirewallRule acl) throws NetworkRuleConflictException;
/**
* @param ruleId
* @param apply
@ -46,6 +49,13 @@ public interface NetworkACLService {
* @param listNetworkACLsCmd
* @return
*/
Pair<List<? extends FirewallRule>, Integer> listNetworkACLs(ListNetworkACLsCmd cmd);
Pair<List<? extends FirewallRule>, Integer> listNetworkACLItems(ListNetworkACLsCmd cmd);
NetworkACL createNetworkACL(CreateNetworkACLListCmd cmd);
NetworkACL getNetworkACL(long id);
boolean deleteNetworkACL(long id);
Pair<List<? extends NetworkACL>,Integer> listNetworkACLs(ListNetworkACLListsCmd listNetworkACLListsCmd);
}

32
api/src/com/cloud/network/vpc/NetworkACL.java Normal file
View File

@ -0,0 +1,32 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.vpc;
import org.apache.cloudstack.api.InternalIdentity;
public interface NetworkACL extends InternalIdentity{
String getDescription();
String getUuid();
Long getVpcId();
long getId();
String getName();
}

102
api/src/org/apache/cloudstack/api/ResponseGenerator.java
View File

@ -21,94 +21,18 @@ import java.util.EnumSet;
import java.util.List;
import java.util.Map;
import com.cloud.vm.NicSecondaryIp;
import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import com.cloud.network.vpc.NetworkACL;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.StaticRoute;
import com.cloud.network.vpc.Vpc;
import com.cloud.network.vpc.VpcOffering;
import org.apache.cloudstack.api.ApiConstants.HostDetails;
import org.apache.cloudstack.api.ApiConstants.VMDetails;
import org.apache.cloudstack.api.command.user.job.QueryAsyncJobResultCmd;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.AutoScalePolicyResponse;
import org.apache.cloudstack.api.response.AutoScaleVmGroupResponse;
import org.apache.cloudstack.api.response.AutoScaleVmProfileResponse;
import org.apache.cloudstack.api.response.CapacityResponse;
import org.apache.cloudstack.api.response.ClusterResponse;
import org.apache.cloudstack.api.response.ConditionResponse;
import org.apache.cloudstack.api.response.ConfigurationResponse;
import org.apache.cloudstack.api.response.CounterResponse;
import org.apache.cloudstack.api.response.CreateCmdResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
import org.apache.cloudstack.api.response.EventResponse;
import org.apache.cloudstack.api.response.ExtractResponse;
import org.apache.cloudstack.api.response.FirewallResponse;
import org.apache.cloudstack.api.response.FirewallRuleResponse;
import org.apache.cloudstack.api.response.GlobalLoadBalancerResponse;
import org.apache.cloudstack.api.response.GuestOSResponse;
import org.apache.cloudstack.api.response.GuestVlanRangeResponse;
import org.apache.cloudstack.api.response.HostForMigrationResponse;
import org.apache.cloudstack.api.response.HostResponse;
import org.apache.cloudstack.api.response.HypervisorCapabilitiesResponse;
import org.apache.cloudstack.api.response.IPAddressResponse;
import org.apache.cloudstack.api.response.InstanceGroupResponse;
import org.apache.cloudstack.api.response.InternalLoadBalancerElementResponse;
import org.apache.cloudstack.api.response.IpForwardingRuleResponse;
import org.apache.cloudstack.api.response.IsolationMethodResponse;
import org.apache.cloudstack.api.response.LBHealthCheckResponse;
import org.apache.cloudstack.api.response.LBStickinessResponse;
import org.apache.cloudstack.api.response.LDAPConfigResponse;
import org.apache.cloudstack.api.response.LoadBalancerResponse;
import org.apache.cloudstack.api.response.NetworkACLResponse;
import org.apache.cloudstack.api.response.NetworkOfferingResponse;
import org.apache.cloudstack.api.response.NetworkResponse;
import org.apache.cloudstack.api.response.NicResponse;
import org.apache.cloudstack.api.response.NicSecondaryIpResponse;
import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
import org.apache.cloudstack.api.response.PodResponse;
import org.apache.cloudstack.api.response.PrivateGatewayResponse;
import org.apache.cloudstack.api.response.ProjectAccountResponse;
import org.apache.cloudstack.api.response.ProjectInvitationResponse;
import org.apache.cloudstack.api.response.ProjectResponse;
import org.apache.cloudstack.api.response.ProviderResponse;
import org.apache.cloudstack.api.response.RegionResponse;
import org.apache.cloudstack.api.response.RemoteAccessVpnResponse;
import org.apache.cloudstack.api.response.ResourceCountResponse;
import org.apache.cloudstack.api.response.ResourceLimitResponse;
import org.apache.cloudstack.api.response.ResourceTagResponse;
import org.apache.cloudstack.api.response.S3Response;
import org.apache.cloudstack.api.response.SecurityGroupResponse;
import org.apache.cloudstack.api.response.ServiceOfferingResponse;
import org.apache.cloudstack.api.response.ServiceResponse;
import org.apache.cloudstack.api.response.Site2SiteCustomerGatewayResponse;
import org.apache.cloudstack.api.response.Site2SiteVpnConnectionResponse;
import org.apache.cloudstack.api.response.Site2SiteVpnGatewayResponse;
import org.apache.cloudstack.api.response.SnapshotPolicyResponse;
import org.apache.cloudstack.api.response.SnapshotResponse;
import org.apache.cloudstack.api.response.SnapshotScheduleResponse;
import org.apache.cloudstack.api.response.StaticRouteResponse;
import org.apache.cloudstack.api.response.StorageNetworkIpRangeResponse;
import org.apache.cloudstack.api.response.StoragePoolForMigrationResponse;
import org.apache.cloudstack.api.response.StoragePoolResponse;
import org.apache.cloudstack.api.response.SwiftResponse;
import org.apache.cloudstack.api.response.SystemVmInstanceResponse;
import org.apache.cloudstack.api.response.SystemVmResponse;
import org.apache.cloudstack.api.response.TemplatePermissionsResponse;
import org.apache.cloudstack.api.response.TemplateResponse;
import org.apache.cloudstack.api.response.TrafficMonitorResponse;
import org.apache.cloudstack.api.response.TrafficTypeResponse;
import org.apache.cloudstack.api.response.UsageRecordResponse;
import org.apache.cloudstack.api.response.UserResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
import org.apache.cloudstack.api.response.VMSnapshotResponse;
import org.apache.cloudstack.api.response.VirtualRouterProviderResponse;
import org.apache.cloudstack.api.response.VlanIpRangeResponse;
import org.apache.cloudstack.api.response.VolumeResponse;
import org.apache.cloudstack.api.response.VpcOfferingResponse;
import org.apache.cloudstack.api.response.VpcResponse;
import org.apache.cloudstack.api.response.VpnUsersResponse;
import org.apache.cloudstack.api.response.ZoneResponse;
import org.apache.cloudstack.api.response.*;
import org.apache.cloudstack.network.lb.ApplicationLoadBalancerRule;
import org.apache.cloudstack.region.Region;
import org.apache.cloudstack.usage.Usage;
@ -154,10 +78,6 @@ import com.cloud.network.rules.StaticNatRule;
import com.cloud.network.rules.StickinessPolicy;
import com.cloud.network.security.SecurityGroup;
import com.cloud.network.security.SecurityRule;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.StaticRoute;
import com.cloud.network.vpc.Vpc;
import com.cloud.network.vpc.VpcOffering;
import com.cloud.offering.DiskOffering;
import com.cloud.offering.NetworkOffering;
import com.cloud.offering.ServiceOffering;
@ -381,11 +301,17 @@ public interface ResponseGenerator {
*/
VpcResponse createVpcResponse(Vpc vpc);
/**
* @param networkACLItem
* @return
*/
NetworkACLResponse createNetworkACLItemResponse(FirewallRule networkACLItem);
/**
* @param networkACL
* @return
*/
NetworkACLResponse createNetworkACLResponse(FirewallRule networkACL);
NetworkACLListResponse createNetworkACLResponse(NetworkACL networkACL);
/**
* @param result

6
api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java
View File

@ -149,7 +149,7 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR
public void execute() throws ResourceUnavailableException {
UserContext callerContext = UserContext.current();
boolean success = false;
FirewallRule rule = _networkACLService.getNetworkACL(getEntityId());
FirewallRule rule = _networkACLService.getNetworkACLItem(getEntityId());
try {
UserContext.current().setEventDetails("Rule Id: " + getEntityId());
success = _networkACLService.applyNetworkACLs(rule.getNetworkId(), callerContext.getCaller());
@ -157,7 +157,7 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR
// State is different after the rule is applied, so get new object here
NetworkACLResponse aclResponse = new NetworkACLResponse();
if (rule != null) {
aclResponse = _responseGenerator.createNetworkACLResponse(rule);
aclResponse = _responseGenerator.createNetworkACLItemResponse(rule);
setResponseObject(aclResponse);
}
aclResponse.setResponseName(getCommandName());
@ -256,7 +256,7 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallR
}
try {
FirewallRule result = _networkACLService.createNetworkACL(this);
FirewallRule result = _networkACLService.createNetworkACLItem(this);
setEntityId(result.getId());
setEntityUuid(result.getUuid());
} catch (NetworkRuleConflictException ex) {

117
api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLListCmd.java Normal file
View File

@ -0,0 +1,117 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.user.network;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.NetworkACL;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
import com.cloud.user.UserContext;
import org.apache.cloudstack.api.*;
import org.apache.cloudstack.api.response.NetworkACLListResponse;
import org.apache.cloudstack.api.response.VpcResponse;
import org.apache.log4j.Logger;
@APICommand(name = "createNetworkACLList", description = "Creates a Network ACL for the given VPC",
responseObject = NetworkACLListResponse.class)
public class CreateNetworkACLListCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateNetworkACLListCmd.class.getName());
private static final String s_name = "createnetworkacllistresponse";
// ///////////////////////////////////////////////////
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "Name of the network ACL List")
private String name;
@Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "Description of the network ACL List")
private String description;
@Parameter(name = ApiConstants.VPC_ID, type = CommandType.UUID, required = true, entityType = VpcResponse.class, description = "Id of the VPC associated with this network ACL List")
private Long vpcId;
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
public String getName() {
return name;
}
public String getDescription() {
return description;
}
public Long getVpcId() {
return vpcId;
}
// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public void create() {
NetworkACL result = _networkACLService.createNetworkACL(this);
setEntityId(result.getId());
setEntityUuid(result.getUuid());
}
@Override
public void execute() throws ResourceUnavailableException {
UserContext callerContext = UserContext.current();
boolean success = false;
NetworkACL acl = _networkACLService.getNetworkACL(getEntityId());
if(acl != null){
NetworkACLListResponse aclResponse = _responseGenerator.createNetworkACLResponse(acl);
setResponseObject(aclResponse);
aclResponse.setResponseName(getCommandName());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create network ACL");
}
}
@Override
public long getEntityOwnerId() {
Vpc vpc = _vpcService.getVpc(getVpcId());
if (vpc == null) {
throw new InvalidParameterValueException("Invalid vpcId is given");
}
Account account = _accountService.getAccount(vpc.getAccountId());
return account.getId();
}
@Override
public String getEventType() {
return EventTypes.EVENT_NETWORK_ACL_CREATE;
}
@Override
public String getEventDescription() {
return "Creating Network ACL with id: "+getEntityUuid();
}
}

2
api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkACLCmd.java
View File

@ -80,7 +80,7 @@ public class DeleteNetworkACLCmd extends BaseAsyncCmd {
@Override
public long getEntityOwnerId() {
if (ownerId == null) {
FirewallRule rule = _networkACLService.getNetworkACL(id);
FirewallRule rule = _networkACLService.getNetworkACLItem(id);
if (rule == null) {
throw new InvalidParameterValueException("Unable to find network ACL by id=" + id);
} else {

102
api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkACLListCmd.java Normal file
View File

@ -0,0 +1,102 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.user.network;
import com.cloud.async.AsyncJob;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.vpc.NetworkACL;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.UserContext;
import org.apache.cloudstack.api.*;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.FirewallRuleResponse;
import org.apache.cloudstack.api.response.NetworkACLListResponse;
import org.apache.cloudstack.api.response.SuccessResponse;
import org.apache.log4j.Logger;
@APICommand(name = "deleteNetworkACLList", description="Deletes a Network ACL", responseObject=SuccessResponse.class)
public class DeleteNetworkACLListCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteNetworkACLListCmd.class.getName());
private static final String s_name = "deletenetworkacllistresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.ID, type=CommandType.UUID, entityType = NetworkACLListResponse.class,
required=true, description="the ID of the network ACL")
private Long id;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getId() {
return id;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public String getEventType() {
return EventTypes.EVENT_NETWORK_ACL_DELETE;
}
@Override
public String getEventDescription() {
return ("Deleting Network ACL id=" + id);
}
@Override
public long getEntityOwnerId() {
NetworkACL acl = _networkACLService.getNetworkACL(id);
if (acl == null) {
throw new InvalidParameterValueException("Unable to find network ACL by id=" + id);
} else {
long vpcId = acl.getVpcId();
Vpc vpc = _vpcService.getVpc(vpcId);
if(vpc != null){
return vpc.getAccountId();
} else {
throw new InvalidParameterValueException("Unable to find VPC associated with network ACL by id=" + id);
}
}
}
@Override
public void execute() throws ResourceUnavailableException {
UserContext.current().setEventDetails("Network ACL Id: " + id);
boolean result = _networkACLService.deleteNetworkACL(id);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete network ACL");
}
}
}

84
api/src/org/apache/cloudstack/api/command/user/network/ListNetworkACLListsCmd.java Normal file
View File

@ -0,0 +1,84 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.user.network;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.vpc.NetworkACL;
import com.cloud.utils.Pair;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.*;
import org.apache.log4j.Logger;
import java.util.ArrayList;
import java.util.List;
@APICommand(name = "listNetworkACLLists", description="Lists all network ACLs", responseObject=NetworkACLListResponse.class)
public class ListNetworkACLListsCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListNetworkACLListsCmd.class.getName());
private static final String s_name = "listnetworkacllistsresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.ID, type=CommandType.UUID, entityType = NetworkACLResponse.class,
description="Lists network ACL with the specified ID.")
private Long id;
@Parameter(name=ApiConstants.NETWORK_ID, type=CommandType.UUID, entityType = NetworkResponse.class,
description="list network ACLs by network Id")
private Long networkId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getNetworkId() {
return networkId;
}
public Long getId() {
return id;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public void execute(){
Pair<List<? extends NetworkACL>,Integer> result = _networkACLService.listNetworkACLs(this);
ListResponse<NetworkACLListResponse> response = new ListResponse<NetworkACLListResponse>();
List<NetworkACLListResponse> aclResponses = new ArrayList<NetworkACLListResponse>();
for (NetworkACL acl : result.first()) {
NetworkACLListResponse aclResponse = _responseGenerator.createNetworkACLResponse(acl);
aclResponses.add(aclResponse);
}
response.setResponses(aclResponses, result.second());
response.setResponseName(getCommandName());
this.setResponseObject(response);
}
}

4
api/src/org/apache/cloudstack/api/command/user/network/ListNetworkACLsCmd.java
View File

@ -79,12 +79,12 @@ public class ListNetworkACLsCmd extends BaseListTaggedResourcesCmd {
@Override
public void execute(){
Pair<List<? extends FirewallRule>,Integer> result = _networkACLService.listNetworkACLs(this);
Pair<List<? extends FirewallRule>,Integer> result = _networkACLService.listNetworkACLItems(this);
ListResponse<NetworkACLResponse> response = new ListResponse<NetworkACLResponse>();
List<NetworkACLResponse> aclResponses = new ArrayList<NetworkACLResponse>();
for (FirewallRule acl : result.first()) {
NetworkACLResponse ruleData = _responseGenerator.createNetworkACLResponse(acl);
NetworkACLResponse ruleData = _responseGenerator.createNetworkACLItemResponse(acl);
aclResponses.add(ruleData);
}
response.setResponses(aclResponses, result.second());

57
api/src/org/apache/cloudstack/api/response/NetworkACLListResponse.java Normal file
View File

@ -0,0 +1,57 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.response;
import com.cloud.network.vpc.NetworkACL;
import com.cloud.serializer.Param;
import com.google.gson.annotations.SerializedName;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.api.EntityReference;
import java.util.List;
@EntityReference(value = NetworkACL.class)
public class NetworkACLListResponse extends BaseResponse {
@SerializedName(ApiConstants.ID) @Param(description="the ID of the ACL")
private String id;
@SerializedName(ApiConstants.NAME) @Param(description="the Name of the ACL")
private String name;
@SerializedName(ApiConstants.DESCRIPTION) @Param(description="Description of the ACL")
private String description;
@SerializedName(ApiConstants.VPC_ID) @Param(description="Id of the VPC this ACL is associated with")
private String vpcId;
public void setId(String id) {
this.id = id;
}
public void setName(String name) {
this.name = name;
}
public void setDescription(String description) {
this.description = description;
}
public void setVpcId(String vpcId) {
this.vpcId = vpcId;
}
}

1
client/tomcatconf/applicationContext.xml.in
View File

@ -246,6 +246,7 @@
<bean id="mockVMDaoImpl" class="com.cloud.simulator.dao.MockVMDaoImpl" />
<bean id="mockVolumeDaoImpl" class="com.cloud.simulator.dao.MockVolumeDaoImpl" />
<bean id="networkAccountDaoImpl" class="com.cloud.network.dao.NetworkAccountDaoImpl" />
<bean id="networkACLDaoImpl" class="com.cloud.network.vpc.dao.NetworkACLDaoImpl" />
<bean id="networkDaoImpl" class="com.cloud.network.dao.NetworkDaoImpl" />
<bean id="networkDomainDaoImpl" class="com.cloud.network.dao.NetworkDomainDaoImpl" />
<bean id="networkExternalFirewallDaoImpl" class="com.cloud.network.dao.NetworkExternalFirewallDaoImpl" />

4
client/tomcatconf/commands.properties.in
View File

@ -435,6 +435,10 @@ deletePrivateGateway=1
createNetworkACL=15
deleteNetworkACL=15
listNetworkACLs=15
createNetworkACLList=15
deleteNetworkACLList=15
listNetworkACLLists=15
#### Static route commands
createStaticRoute=15

27
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -34,6 +34,11 @@ import java.util.TimeZone;
import javax.inject.Inject;
import com.cloud.network.vpc.NetworkACL;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.StaticRoute;
import com.cloud.network.vpc.Vpc;
import com.cloud.network.vpc.VpcOffering;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.affinity.AffinityGroup;
@ -84,6 +89,7 @@ import org.apache.cloudstack.api.response.LBStickinessPolicyResponse;
import org.apache.cloudstack.api.response.LBStickinessResponse;
import org.apache.cloudstack.api.response.LDAPConfigResponse;
import org.apache.cloudstack.api.response.LoadBalancerResponse;
import org.apache.cloudstack.api.response.NetworkACLListResponse;
import org.apache.cloudstack.api.response.NetworkACLResponse;
import org.apache.cloudstack.api.response.NetworkOfferingResponse;
import org.apache.cloudstack.api.response.NetworkResponse;
@ -230,10 +236,6 @@ import com.cloud.network.security.SecurityGroup;
import com.cloud.network.security.SecurityGroupVO;
import com.cloud.network.security.SecurityRule;
import com.cloud.network.security.SecurityRule.SecurityRuleType;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.StaticRoute;
import com.cloud.network.vpc.Vpc;
import com.cloud.network.vpc.VpcOffering;
import com.cloud.offering.DiskOffering;
import com.cloud.offering.NetworkOffering;
import com.cloud.offering.NetworkOffering.Detail;
@ -2547,7 +2549,7 @@ public class ApiResponseHelper implements ResponseGenerator {
}
@Override
public NetworkACLResponse createNetworkACLResponse(FirewallRule networkACL) {
public NetworkACLResponse createNetworkACLItemResponse(FirewallRule networkACL) {
NetworkACLResponse response = new NetworkACLResponse();
response.setId(networkACL.getUuid());
@ -3808,7 +3810,6 @@ public class ApiResponseHelper implements ResponseGenerator {
}
}
@Override
public InternalLoadBalancerElementResponse createInternalLbElementResponse(VirtualRouterProvider result) {
if (result.getType() != VirtualRouterProvider.VirtualRouterProviderType.InternalLbVm) {
@ -3826,7 +3827,6 @@ public class ApiResponseHelper implements ResponseGenerator {
return response;
}
@Override
public IsolationMethodResponse createIsolationMethodResponse(IsolationType method) {
IsolationMethodResponse response = new IsolationMethodResponse();
@ -3834,4 +3834,17 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setObjectName("isolationmethod");
return response;
}
public NetworkACLListResponse createNetworkACLResponse(NetworkACL networkACL) {
NetworkACLListResponse response = new NetworkACLListResponse();
response.setId(networkACL.getUuid());
response.setName(networkACL.getName());
response.setDescription(networkACL.getDescription());
Vpc vpc = ApiDBUtils.findVpcById(networkACL.getVpcId());
if(vpc != null){
response.setVpcId(vpc.getUuid());
}
response.setObjectName("networkacllist");
return response;
}
}

1
server/src/com/cloud/network/vpc/NetworkACLManager.java
View File

@ -22,6 +22,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.firewall.NetworkACLService;
import com.cloud.network.rules.FirewallRule;
import com.cloud.user.Account;
import org.apache.cloudstack.api.command.user.network.CreateNetworkACLListCmd;
public interface NetworkACLManager extends NetworkACLService{

41
server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
View File

@ -24,6 +24,9 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
import com.cloud.network.vpc.dao.NetworkACLDao;
import org.apache.cloudstack.api.command.user.network.CreateNetworkACLListCmd;
import org.apache.cloudstack.api.command.user.network.ListNetworkACLListsCmd;
import org.apache.cloudstack.api.command.user.network.ListNetworkACLsCmd;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
@ -85,6 +88,8 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
VpcManager _vpcMgr;
@Inject
ResourceTagDao _resourceTagDao;
@Inject
NetworkACLDao _networkACLDao;
@Override
public boolean applyNetworkACLs(long networkId, Account caller) throws ResourceUnavailableException {
@ -93,7 +98,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
}
@Override
public FirewallRule createNetworkACL(FirewallRule acl) throws NetworkRuleConflictException {
public FirewallRule createNetworkACLItem(FirewallRule acl) throws NetworkRuleConflictException {
if (acl.getSourceCidrList() == null && (acl.getPurpose() == Purpose.Firewall || acl.getPurpose() == Purpose.NetworkACL)) {
_firewallDao.loadSourceCidrs((FirewallRuleVO)acl);
}
@ -174,7 +179,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
txn.commit();
return getNetworkACL(newRule.getId());
return getNetworkACLItem(newRule.getId());
}
@ -320,7 +325,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
@Override
public FirewallRule getNetworkACL(long ACLId) {
public FirewallRule getNetworkACLItem(long ACLId) {
FirewallRule rule = _firewallDao.findById(ACLId);
if (rule != null && rule.getPurpose() == Purpose.NetworkACL) {
return rule;
@ -330,7 +335,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
@Override
public Pair<List<? extends FirewallRule>,Integer> listNetworkACLs(ListNetworkACLsCmd cmd) {
public Pair<List<? extends FirewallRule>,Integer> listNetworkACLItems(ListNetworkACLsCmd cmd) {
Long networkId = cmd.getNetworkId();
Long id = cmd.getId();
String trafficType = cmd.getTrafficType();
@ -438,5 +443,31 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
return success;
}
@Override
public NetworkACL createNetworkACL(CreateNetworkACLListCmd cmd){
NetworkACLVO acl = new NetworkACLVO(cmd.getName(), cmd.getDescription(), cmd.getVpcId());
_networkACLDao.persist(acl);
return acl;
}
@Override
public NetworkACL getNetworkACL(long id) {
return _networkACLDao.findById(id);
}
@Override
public boolean deleteNetworkACL(long id) {
return _networkACLDao.remove(id);
}
@Override
public Pair<List<? extends NetworkACL>, Integer> listNetworkACLs(ListNetworkACLListsCmd listNetworkACLListsCmd) {
SearchBuilder<NetworkACLVO> sb = _networkACLDao.createSearchBuilder();
SearchCriteria<NetworkACLVO> sc = sb.create();
Filter filter = new Filter(NetworkACLVO.class, "id", false, null, null);
Pair<List<NetworkACLVO>, Integer> acls = _networkACLDao.searchAndCount(sc, filter);
return new Pair<List<? extends NetworkACL>, Integer>(acls.first(), acls.second());
}
}

78
server/src/com/cloud/network/vpc/NetworkACLVO.java Normal file
View File

@ -0,0 +1,78 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.vpc;
import javax.persistence.*;
import java.util.UUID;
@Entity
@Table(name="network_acl")
public class NetworkACLVO implements NetworkACL{
@Id
@GeneratedValue(strategy= GenerationType.IDENTITY)
@Column(name="id")
private long id;
@Column(name="vpc_id")
Long vpcId;
@Column(name="uuid")
private String uuid;
@Column(name="name")
private String name;
@Column(name="description")
private String description;
protected NetworkACLVO(){
}
protected NetworkACLVO(String name, String description, long vpcId){
this.uuid = UUID.randomUUID().toString();
this.name = name;
this.description = description;
this.vpcId = vpcId;
}
@Override
public String getDescription() {
return description;
}
@Override
public String getUuid() {
return uuid;
}
@Override
public Long getVpcId() {
return vpcId;
}
@Override
public long getId() {
return id;
}
@Override
public String getName() {
return name;
}
}

23
server/src/com/cloud/network/vpc/dao/NetworkACLDao.java Normal file
View File

@ -0,0 +1,23 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.vpc.dao;
import com.cloud.network.vpc.NetworkACLVO;
import com.cloud.utils.db.GenericDao;
public interface NetworkACLDao extends GenericDao<NetworkACLVO, Long>{
}

35
server/src/com/cloud/network/vpc/dao/NetworkACLDaoImpl.java Normal file
View File

@ -0,0 +1,35 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.vpc.dao;
import com.cloud.network.vpc.NetworkACLVO;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import org.springframework.stereotype.Component;
import javax.ejb.Local;
@Component
@Local(value = NetworkACLDao.class)
@DB(txn = false)
public class NetworkACLDaoImpl extends GenericDaoBase<NetworkACLVO, Long> implements NetworkACLDao{
protected NetworkACLDaoImpl() {
}
}

3
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -2879,6 +2879,9 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
cmdList.add(ListNetworkIsolationMethodsCmd.class);
cmdList.add(ListNetworkIsolationMethodsCmd.class);
cmdList.add(CreateNetworkACLListCmd.class);
cmdList.add(DeleteNetworkACLListCmd.class);
cmdList.add(ListNetworkACLListsCmd.class);
return cmdList;
}

35
setup/db/create-schema.sql
View File

@ -196,6 +196,8 @@ DROP TABLE IF EXISTS `cloud`.`vm_network_map`;
DROP TABLE IF EXISTS `cloud`.`netapp_volume`;
DROP TABLE IF EXISTS `cloud`.`netapp_pool`;
DROP TABLE IF EXISTS `cloud`.`netapp_lun`;
DROP TABLE IF EXISTS `cloud`.`network_acl`;
DROP TABLE IF EXISTS `cloud`.`network_acl_item`;
CREATE TABLE `cloud`.`version` (
`id` bigint unsigned NOT NULL UNIQUE AUTO_INCREMENT COMMENT 'id',
@ -268,6 +270,7 @@ CREATE TABLE `cloud`.`networks` (
`removed` datetime COMMENT 'date removed if not null',
`specify_ip_ranges` int(1) unsigned NOT NULL DEFAULT 0 COMMENT 'true if the network provides an ability to define ip ranges',
`vpc_id` bigint unsigned COMMENT 'vpc this network belongs to',
`network_acl_id` bigint unsigned COMMENT 'network acl id',
PRIMARY KEY (`id`),
CONSTRAINT `fk_networks__network_offering_id` FOREIGN KEY (`network_offering_id`) REFERENCES `network_offerings`(`id`),
CONSTRAINT `fk_networks__data_center_id` FOREIGN KEY (`data_center_id`) REFERENCES `data_center`(`id`) ON DELETE CASCADE,
@ -2475,5 +2478,37 @@ CREATE TABLE `cloud`.`nicira_nvp_nic_map` (
CONSTRAINT `fk_nicira_nvp_nic_map__nic` FOREIGN KEY(`nic`) REFERENCES `nics`(`uuid`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`network_acl` (
`id` bigint unsigned NOT NULL auto_increment COMMENT 'id',
`name` varchar(255) NOT NULL COMMENT 'name of the network acl',
`uuid` varchar(40),
`vpc_id` bigint unsigned COMMENT 'vpc this network acl belongs to',
`description` varchar(1024),
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`network_acl_item` (
`id` bigint unsigned NOT NULL auto_increment COMMENT 'id',
`uuid` varchar(40),
`network_acl_id` bigint unsigned NOT NULL COMMENT 'network acl id',
`start_port` int(10) COMMENT 'starting port of a port range',
`end_port` int(10) COMMENT 'end port of a port range',
`state` char(32) NOT NULL COMMENT 'current state of this rule',
`protocol` char(16) NOT NULL default 'TCP' COMMENT 'protocol to open these ports for',
`account_id` bigint unsigned NOT NULL COMMENT 'owner id',
`domain_id` bigint unsigned NOT NULL COMMENT 'domain id',
`xid` char(40) NOT NULL COMMENT 'external id',
`created` datetime COMMENT 'Date created',
`icmp_code` int(10) COMMENT 'The ICMP code (if protocol=ICMP). A value of -1 means all codes for the given ICMP type.',
`icmp_type` int(10) COMMENT 'The ICMP type (if protocol=ICMP). A value of -1 means all types.',
`type` varchar(10) NOT NULL DEFAULT 'USER',
`traffic_type` char(32) COMMENT 'the traffic type of the rule, can be Ingress or Egress',
PRIMARY KEY (`id`),
CONSTRAINT `fk_network_acl_item__account_id` FOREIGN KEY(`account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE,
CONSTRAINT `fk_network_acl_item__domain_id` FOREIGN KEY(`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE,
CONSTRAINT `fk_network_acl_item__acl_id` FOREIGN KEY(`network_acl_id`) REFERENCES `network_acl`(`id`) ON DELETE CASCADE,
CONSTRAINT `uc_network_acl_item__uuid` UNIQUE (`uuid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
SET foreign_key_checks = 1;