Examples with SetFirewallRulesCommand com.cloud.agent.api.routing.SetFirewallRulesCommand used on opensource projects

Example 1 with SetFirewallRulesCommand

use of com.cloud.agent.api.routing.SetFirewallRulesCommand in project cloudstack by apache.

the class CiscoVnmcResourceTest method testFirewall.

@Test
public void testFirewall() throws ConfigurationException, Exception {
    long vlanId = 123;
    List<FirewallRuleTO> rules = new ArrayList<FirewallRuleTO>();
    List<String> cidrList = new ArrayList<String>();
    cidrList.add("2.3.2.3/32");
    FirewallRuleTO active = new FirewallRuleTO(1, null, "1.2.3.4", "tcp", 22, 22, false, false, FirewallRule.Purpose.Firewall, cidrList, null, null);
    rules.add(active);
    FirewallRuleTO revoked = new FirewallRuleTO(1, null, "1.2.3.4", "tcp", 22, 22, true, false, FirewallRule.Purpose.Firewall, null, null, null);
    rules.add(revoked);
    SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rules);
    cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
    cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
    _resource.setConnection(_connection);
    when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
    when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
    when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
    when(_connection.deleteTenantVDCAclRule(anyString(), anyLong(), anyString())).thenReturn(true);
    when(_connection.createTenantVDCIngressAclRule(anyString(), anyLong(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString())).thenReturn(true);
    when(_connection.createTenantVDCEgressAclRule(anyString(), anyLong(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString())).thenReturn(true);
    when(_connection.associateAclPolicySet(anyString())).thenReturn(true);
    Answer answer = _resource.executeRequest(cmd);
    System.out.println(answer.getDetails());
    assertTrue(answer.getResult());
}

Example 2 with SetFirewallRulesCommand

use of com.cloud.agent.api.routing.SetFirewallRulesCommand in project cloudstack by apache.

the class HypervDirectConnectResource method executeRequest.

// TODO: Is it valid to return NULL, or should we throw on error?
@Override
public final Answer executeRequest(final Command cmd) {
    // Set HTTP POST destination URI
    // Using java.net.URI, see
    // http://docs.oracle.com/javase/1.5.0/docs/api/java/net/URI.html
    URI agentUri = null;
    final Class<? extends Command> clazz = cmd.getClass();
    Answer answer = null;
    try {
        final String cmdName = cmd.getClass().getName();
        agentUri = new URI("https", null, _agentIp, _port, "/api/HypervResource/" + cmdName, null, null);
    } catch (final URISyntaxException e) {
        // TODO add proper logging
        final String errMsg = "Could not generate URI for Hyper-V agent";
        s_logger.error(errMsg, e);
        return null;
    }
    if (cmd instanceof NetworkElementCommand) {
        return _vrResource.executeRequest((NetworkElementCommand) cmd);
    }
    if (clazz == CheckSshCommand.class) {
        answer = execute((CheckSshCommand) cmd);
    } else if (clazz == GetDomRVersionCmd.class) {
        answer = execute((GetDomRVersionCmd) cmd);
    } else if (cmd instanceof NetworkUsageCommand) {
        answer = execute((NetworkUsageCommand) cmd);
    } else if (clazz == IpAssocCommand.class) {
        answer = execute((IpAssocCommand) cmd);
    } else if (clazz == DnsMasqConfigCommand.class) {
        return execute((DnsMasqConfigCommand) cmd);
    } else if (clazz == CreateIpAliasCommand.class) {
        return execute((CreateIpAliasCommand) cmd);
    } else if (clazz == DhcpEntryCommand.class) {
        answer = execute((DhcpEntryCommand) cmd);
    } else if (clazz == VmDataCommand.class) {
        answer = execute((VmDataCommand) cmd);
    } else if (clazz == SavePasswordCommand.class) {
        answer = execute((SavePasswordCommand) cmd);
    } else if (clazz == SetFirewallRulesCommand.class) {
        answer = execute((SetFirewallRulesCommand) cmd);
    } else if (clazz == LoadBalancerConfigCommand.class) {
        answer = execute((LoadBalancerConfigCommand) cmd);
    } else if (clazz == DeleteIpAliasCommand.class) {
        return execute((DeleteIpAliasCommand) cmd);
    } else if (clazz == PingTestCommand.class) {
        answer = execute((PingTestCommand) cmd);
    } else if (clazz == SetStaticNatRulesCommand.class) {
        answer = execute((SetStaticNatRulesCommand) cmd);
    } else if (clazz == CheckRouterCommand.class) {
        answer = execute((CheckRouterCommand) cmd);
    } else if (clazz == SetPortForwardingRulesCommand.class) {
        answer = execute((SetPortForwardingRulesCommand) cmd);
    } else if (clazz == SetSourceNatCommand.class) {
        answer = execute((SetSourceNatCommand) cmd);
    } else if (clazz == Site2SiteVpnCfgCommand.class) {
        answer = execute((Site2SiteVpnCfgCommand) cmd);
    } else if (clazz == CheckS2SVpnConnectionsCommand.class) {
        answer = execute((CheckS2SVpnConnectionsCommand) cmd);
    } else if (clazz == RemoteAccessVpnCfgCommand.class) {
        answer = execute((RemoteAccessVpnCfgCommand) cmd);
    } else if (clazz == VpnUsersCfgCommand.class) {
        answer = execute((VpnUsersCfgCommand) cmd);
    } else if (clazz == SetStaticRouteCommand.class) {
        answer = execute((SetStaticRouteCommand) cmd);
    } else if (clazz == SetMonitorServiceCommand.class) {
        answer = execute((SetMonitorServiceCommand) cmd);
    } else if (clazz == PlugNicCommand.class) {
        answer = execute((PlugNicCommand) cmd);
    } else if (clazz == UnPlugNicCommand.class) {
        answer = execute((UnPlugNicCommand) cmd);
    } else if (clazz == CopyCommand.class) {
        answer = execute((CopyCommand) cmd);
    } else {
        if (clazz == StartCommand.class) {
            final VirtualMachineTO vmSpec = ((StartCommand) cmd).getVirtualMachine();
            if (vmSpec.getType() != VirtualMachine.Type.User) {
                if (s_hypervMgr != null) {
                    final String secondary = s_hypervMgr.prepareSecondaryStorageStore(Long.parseLong(_zoneId));
                    if (secondary != null) {
                        ((StartCommand) cmd).setSecondaryStorage(secondary);
                    }
                } else {
                    s_logger.error("Hyperv manager isn't available. Couldn't check and copy the systemvm iso.");
                }
            }
        }
        // Send the cmd to hyperv agent.
        final String ansStr = postHttpRequest(s_gson.toJson(cmd), agentUri);
        if (ansStr == null) {
            return Answer.createUnsupportedCommandAnswer(cmd);
        }
        // Only Answer instances are returned by remote agents.
        // E.g. see Response.getAnswers()
        final Answer[] result = s_gson.fromJson(ansStr, Answer[].class);
        final String logResult = cleanPassword(s_gson.toJson(result));
        s_logger.debug("executeRequest received response " + logResult);
        if (result.length > 0) {
            return result[0];
        }
    }
    return answer;
}

Example 3 with SetFirewallRulesCommand

use of com.cloud.agent.api.routing.SetFirewallRulesCommand in project cloudstack by apache.

the class PaloAltoResourceTest method removeEgressFirewallRule.

@Test
public void removeEgressFirewallRule() throws ConfigurationException, Exception {
    if (_context.containsKey("enable_console_output") && _context.get("enable_console_output").equals("true")) {
        System.out.println("\nTEST: removeEgressFirewallRule");
        System.out.println("---------------------------------------------------");
    }
    _context.put("has_public_interface", "true");
    _context.put("has_private_interface", "true");
    _context.put("has_src_nat_rule", "true");
    _context.put("has_isolation_fw_rule", "true");
    _context.put("has_service_tcp_80", "true");
    _context.put("has_egress_fw_rule", "true");
    _resource.setMockContext(_context);
    _resource.configure("PaloAltoResource", _resourceParams);
    long vlanId = 3954;
    List<FirewallRuleTO> rules = new ArrayList<FirewallRuleTO>();
    FirewallRuleVO revokedVO = new FirewallRuleVO(null, null, 80, 80, "tcp", 1, 1, 1, Purpose.Firewall, null, null, null, null, FirewallRule.TrafficType.Egress);
    revokedVO.setState(State.Revoke);
    FirewallRuleTO revoked = new FirewallRuleTO(revokedVO, Long.toString(vlanId), null, Purpose.Firewall, FirewallRule.TrafficType.Egress);
    rules.add(revoked);
    SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rules);
    cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
    cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "10.3.96.1/20");
    Answer answer = _resource.executeRequest(cmd);
    assertTrue(answer.getResult());
}

Example 4 with SetFirewallRulesCommand

use of com.cloud.agent.api.routing.SetFirewallRulesCommand in project cloudstack by apache.

the class PaloAltoResourceTest method addIngressFirewallRule.

@Test
public void addIngressFirewallRule() throws ConfigurationException, Exception {
    if (_context.containsKey("enable_console_output") && _context.get("enable_console_output").equals("true")) {
        System.out.println("\nTEST: addIngressFirewallRule");
        System.out.println("---------------------------------------------------");
    }
    _context.put("has_public_interface", "true");
    _context.put("has_private_interface", "true");
    _context.put("has_src_nat_rule", "true");
    _context.put("has_isolation_fw_rule", "true");
    _context.put("has_service_tcp_80", "true");
    _resource.setMockContext(_context);
    _resource.configure("PaloAltoResource", _resourceParams);
    long vlanId = 3954;
    List<FirewallRuleTO> rules = new ArrayList<FirewallRuleTO>();
    List<String> cidrList = new ArrayList<String>();
    cidrList.add("0.0.0.0/0");
    FirewallRuleTO active = new FirewallRuleTO(8, null, "192.168.80.103", "tcp", 80, 80, false, false, FirewallRule.Purpose.Firewall, cidrList, null, null);
    rules.add(active);
    SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rules);
    cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
    cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "10.3.96.1/20");
    Answer answer = _resource.executeRequest(cmd);
    assertTrue(answer.getResult());
}

Example 5 with SetFirewallRulesCommand

use of com.cloud.agent.api.routing.SetFirewallRulesCommand in project cloudstack by apache.

the class VirtualRoutingResourceTest method generateSetFirewallRulesCommand.

protected SetFirewallRulesCommand generateSetFirewallRulesCommand() {
    final List<FirewallRuleTO> rules = new ArrayList<>();
    final List<String> sourceCidrs = new ArrayList<>();
    sourceCidrs.add("10.10.1.1/24");
    sourceCidrs.add("10.10.1.2/24");
    rules.add(new FirewallRuleTO(1, "64.10.10.10", "TCP", 22, 80, false, false, Purpose.Firewall, sourceCidrs, 0, 0));
    rules.add(new FirewallRuleTO(2, "64.10.10.10", "ICMP", 0, 0, false, false, Purpose.Firewall, sourceCidrs, -1, -1));
    rules.add(new FirewallRuleTO(3, "64.10.10.10", "ICMP", 0, 0, true, true, Purpose.Firewall, sourceCidrs, -1, -1));
    final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rules);
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, ROUTERNAME);
    return cmd;
}