Examples with FirewallRuleTO com.cloud.agent.api.to.FirewallRuleTO used on opensource projects

Search in sources :

Example 11 with FirewallRuleTO

use of com.cloud.agent.api.to.FirewallRuleTO in project cloudstack by apache.

the class CiscoVnmcResourceTest method testFirewall.

@Test
public void testFirewall() throws ConfigurationException, Exception {
    long vlanId = 123;
    List<FirewallRuleTO> rules = new ArrayList<FirewallRuleTO>();
    List<String> cidrList = new ArrayList<String>();
    cidrList.add("2.3.2.3/32");
    FirewallRuleTO active = new FirewallRuleTO(1, null, "1.2.3.4", "tcp", 22, 22, false, false, FirewallRule.Purpose.Firewall, cidrList, null, null);
    rules.add(active);
    FirewallRuleTO revoked = new FirewallRuleTO(1, null, "1.2.3.4", "tcp", 22, 22, true, false, FirewallRule.Purpose.Firewall, null, null, null);
    rules.add(revoked);
    SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rules);
    cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
    cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
    _resource.setConnection(_connection);
    when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
    when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
    when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
    when(_connection.deleteTenantVDCAclRule(anyString(), anyLong(), anyString())).thenReturn(true);
    when(_connection.createTenantVDCIngressAclRule(anyString(), anyLong(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString())).thenReturn(true);
    when(_connection.createTenantVDCEgressAclRule(anyString(), anyLong(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString())).thenReturn(true);
    when(_connection.associateAclPolicySet(anyString())).thenReturn(true);
    Answer answer = _resource.executeRequest(cmd);
    System.out.println(answer.getDetails());
    assertTrue(answer.getResult());
}
Also used : Answer(com.cloud.agent.api.Answer) ArrayList(java.util.ArrayList) Matchers.anyString(org.mockito.Matchers.anyString) FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO) SetFirewallRulesCommand(com.cloud.agent.api.routing.SetFirewallRulesCommand) Test(org.junit.Test)

Example 12 with FirewallRuleTO

use of com.cloud.agent.api.to.FirewallRuleTO in project cloudstack by apache.

the class PaloAltoResource method execute.

private Answer execute(SetFirewallRulesCommand cmd, int numRetries) {
    FirewallRuleTO[] rules = cmd.getRules();
    try {
        ArrayList<IPaloAltoCommand> commandList = new ArrayList<IPaloAltoCommand>();
        for (FirewallRuleTO rule : rules) {
            if (!rule.revoked()) {
                manageFirewallRule(commandList, PaloAltoPrimative.ADD, rule);
            } else {
                manageFirewallRule(commandList, PaloAltoPrimative.DELETE, rule);
            }
        }
        boolean status = requestWithCommit(commandList);
        return new Answer(cmd);
    } catch (ExecutionException e) {
        s_logger.error(e);
        if (numRetries > 0 && refreshPaloAltoConnection()) {
            int numRetriesRemaining = numRetries - 1;
            s_logger.debug("Retrying SetFirewallRulesCommand. Number of retries remaining: " + numRetriesRemaining);
            return execute(cmd, numRetriesRemaining);
        } else {
            return new Answer(cmd, e);
        }
    }
}
Also used : Answer(com.cloud.agent.api.Answer) MaintainAnswer(com.cloud.agent.api.MaintainAnswer) IpAssocAnswer(com.cloud.agent.api.routing.IpAssocAnswer) ReadyAnswer(com.cloud.agent.api.ReadyAnswer) ExternalNetworkResourceUsageAnswer(com.cloud.agent.api.ExternalNetworkResourceUsageAnswer) ArrayList(java.util.ArrayList) FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO) ExecutionException(com.cloud.utils.exception.ExecutionException)

Example 13 with FirewallRuleTO

use of com.cloud.agent.api.to.FirewallRuleTO in project cloudstack by apache.

the class PaloAltoResourceTest method removeEgressFirewallRule.

@Test
public void removeEgressFirewallRule() throws ConfigurationException, Exception {
    if (_context.containsKey("enable_console_output") && _context.get("enable_console_output").equals("true")) {
        System.out.println("\nTEST: removeEgressFirewallRule");
        System.out.println("---------------------------------------------------");
    }
    _context.put("has_public_interface", "true");
    _context.put("has_private_interface", "true");
    _context.put("has_src_nat_rule", "true");
    _context.put("has_isolation_fw_rule", "true");
    _context.put("has_service_tcp_80", "true");
    _context.put("has_egress_fw_rule", "true");
    _resource.setMockContext(_context);
    _resource.configure("PaloAltoResource", _resourceParams);
    long vlanId = 3954;
    List<FirewallRuleTO> rules = new ArrayList<FirewallRuleTO>();
    FirewallRuleVO revokedVO = new FirewallRuleVO(null, null, 80, 80, "tcp", 1, 1, 1, Purpose.Firewall, null, null, null, null, FirewallRule.TrafficType.Egress);
    revokedVO.setState(State.Revoke);
    FirewallRuleTO revoked = new FirewallRuleTO(revokedVO, Long.toString(vlanId), null, Purpose.Firewall, FirewallRule.TrafficType.Egress);
    rules.add(revoked);
    SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rules);
    cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
    cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "10.3.96.1/20");
    Answer answer = _resource.executeRequest(cmd);
    assertTrue(answer.getResult());
}
Also used : Answer(com.cloud.agent.api.Answer) IpAssocAnswer(com.cloud.agent.api.routing.IpAssocAnswer) ArrayList(java.util.ArrayList) FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO) SetFirewallRulesCommand(com.cloud.agent.api.routing.SetFirewallRulesCommand) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO) Test(org.junit.Test)

Example 14 with FirewallRuleTO

use of com.cloud.agent.api.to.FirewallRuleTO in project cloudstack by apache.

the class PaloAltoResourceTest method addIngressFirewallRule.

@Test
public void addIngressFirewallRule() throws ConfigurationException, Exception {
    if (_context.containsKey("enable_console_output") && _context.get("enable_console_output").equals("true")) {
        System.out.println("\nTEST: addIngressFirewallRule");
        System.out.println("---------------------------------------------------");
    }
    _context.put("has_public_interface", "true");
    _context.put("has_private_interface", "true");
    _context.put("has_src_nat_rule", "true");
    _context.put("has_isolation_fw_rule", "true");
    _context.put("has_service_tcp_80", "true");
    _resource.setMockContext(_context);
    _resource.configure("PaloAltoResource", _resourceParams);
    long vlanId = 3954;
    List<FirewallRuleTO> rules = new ArrayList<FirewallRuleTO>();
    List<String> cidrList = new ArrayList<String>();
    cidrList.add("0.0.0.0/0");
    FirewallRuleTO active = new FirewallRuleTO(8, null, "192.168.80.103", "tcp", 80, 80, false, false, FirewallRule.Purpose.Firewall, cidrList, null, null);
    rules.add(active);
    SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rules);
    cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
    cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "10.3.96.1/20");
    Answer answer = _resource.executeRequest(cmd);
    assertTrue(answer.getResult());
}
Also used : Answer(com.cloud.agent.api.Answer) IpAssocAnswer(com.cloud.agent.api.routing.IpAssocAnswer) ArrayList(java.util.ArrayList) FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO) SetFirewallRulesCommand(com.cloud.agent.api.routing.SetFirewallRulesCommand) Test(org.junit.Test)

Example 15 with FirewallRuleTO

use of com.cloud.agent.api.to.FirewallRuleTO in project CloudStack-archive by CloudStack-extras.

the class SetFirewallRulesCommand method generateFwRules.

public String[][] generateFwRules() {
    String[][] result = new String[2][];
    Set<String> toAdd = new HashSet<String>();
    for (FirewallRuleTO fwTO : rules) {
        /* example  :  172.16.92.44:tcp:80:80:0.0.0.0/0:,200.16.92.44:tcp:220:220:0.0.0.0/0:, 
		 *  each entry format      <ip>:protocol:srcport:destport:scidr:
		 *  reverted entry format  <ip>:reverted:0:0:0:
		 */
        if (fwTO.revoked() == true) {
            StringBuilder sb = new StringBuilder();
            /* This entry is added just to make sure atleast there will one entry in the list to get the ipaddress */
            sb.append(fwTO.getSrcIp()).append(":reverted:0:0:0:");
            String fwRuleEntry = sb.toString();
            toAdd.add(fwRuleEntry);
            continue;
        }
        List<String> cidr;
        StringBuilder sb = new StringBuilder();
        sb.append(fwTO.getSrcIp()).append(":").append(fwTO.getProtocol()).append(":");
        if ("icmp".compareTo(fwTO.getProtocol()) == 0) {
            sb.append(fwTO.getIcmpType()).append(":").append(fwTO.getIcmpCode()).append(":");
        } else if (fwTO.getStringSrcPortRange() == null)
            sb.append("0:0").append(":");
        else
            sb.append(fwTO.getStringSrcPortRange()).append(":");
        cidr = fwTO.getSourceCidrList();
        if (cidr == null || cidr.isEmpty()) {
            sb.append("0.0.0.0/0");
        } else {
            Boolean firstEntry = true;
            for (String tag : cidr) {
                if (!firstEntry)
                    sb.append("-");
                sb.append(tag);
                firstEntry = false;
            }
        }
        sb.append(":");
        String fwRuleEntry = sb.toString();
        toAdd.add(fwRuleEntry);
    }
    result[0] = toAdd.toArray(new String[toAdd.size()]);
    return result;
}
Also used : FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO) HashSet(java.util.HashSet)

Aggregations

FirewallRuleTO (com.cloud.agent.api.to.FirewallRuleTO)28 ArrayList (java.util.ArrayList)23 SetFirewallRulesCommand (com.cloud.agent.api.routing.SetFirewallRulesCommand)13 Answer (com.cloud.agent.api.Answer)11 IpAssocAnswer (com.cloud.agent.api.routing.IpAssocAnswer)9 FirewallRule (com.cloud.network.rules.FirewallRule)9 IpAddress (com.cloud.network.IpAddress)6 PublicIpAddress (com.cloud.network.PublicIpAddress)6 ExternalNetworkResourceUsageAnswer (com.cloud.agent.api.ExternalNetworkResourceUsageAnswer)5 MaintainAnswer (com.cloud.agent.api.MaintainAnswer)5 ReadyAnswer (com.cloud.agent.api.ReadyAnswer)5 NetworkVO (com.cloud.network.dao.NetworkVO)5 NetworkOfferingVO (com.cloud.offerings.NetworkOfferingVO)5 ExecutionException (com.cloud.utils.exception.ExecutionException)5 Test (org.junit.Test)5 HashMap (java.util.HashMap)4 DataCenterVO (com.cloud.dc.DataCenterVO)3 HashSet (java.util.HashSet)3 PortForwardingRuleTO (com.cloud.agent.api.to.PortForwardingRuleTO)2 StaticNatRuleTO (com.cloud.agent.api.to.StaticNatRuleTO)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial