Example 1 with NetworkACLTO
use of com.cloud.agent.api.to.NetworkACLTO in project cosmic by MissionCriticalCloud.
the class SetNetworkACLCommand method generateFwRules.
public String[][] generateFwRules() {
final List<NetworkACLTO> aclList = Arrays.asList(rules);
orderNetworkAclRulesByRuleNumber(aclList);
final String[][] result = new String[2][aclList.size()];
int i = 0;
for (final NetworkACLTO aclTO : aclList) {
/* example : Ingress:tcp:80:80:0.0.0.0/0:ACCEPT:,Egress:tcp:220:220:0.0.0.0/0:DROP:,
* each entry format Ingress/Egress:protocol:start port: end port:scidrs:action:
* reverted entry format Ingress/Egress:reverted:0:0:0:
*/
if (aclTO.revoked()) {
final StringBuilder sb = new StringBuilder();
/* This entry is added just to make sure at least there will one entry in the list to get the IP address */
sb.append(aclTO.getTrafficType().toString()).append(":reverted:0:0:0:");
final String aclRuleEntry = sb.toString();
result[0][i++] = aclRuleEntry;
continue;
}
final List<String> cidr;
final StringBuilder sb = new StringBuilder();
sb.append(aclTO.getTrafficType().toString()).append(":").append(aclTO.getProtocol()).append(":");
if ("icmp".equals(aclTO.getProtocol())) {
sb.append(aclTO.getIcmpType()).append(":").append(aclTO.getIcmpCode()).append(":");
} else {
sb.append(aclTO.getStringPortRange()).append(":");
}
cidr = aclTO.getSourceCidrList();
if (cidr == null || cidr.isEmpty()) {
sb.append("0.0.0.0/0");
} else {
Boolean firstEntry = true;
for (final String tag : cidr) {
if (!firstEntry) {
sb.append(",");
}
sb.append(tag);
firstEntry = false;
}
}
sb.append(":").append(aclTO.getAction()).append(":");
final String aclRuleEntry = sb.toString();
result[0][i++] = aclRuleEntry;
}
return result;
}
Also used :
NetworkACLTO(com.cloud.agent.api.to.NetworkACLTO)
Example 2 with NetworkACLTO
use of com.cloud.agent.api.to.NetworkACLTO in project cosmic by MissionCriticalCloud.
the class SetNetworkACLCommandTest method testNetworkAclRuleOrdering.
@Test
public void testNetworkAclRuleOrdering() {
// given
final List<NetworkACLTO> aclList = Lists.newArrayList();
aclList.add(new NetworkACLTO(3, null, null, null, null, false, false, null, null, null, null, false, 3));
aclList.add(new NetworkACLTO(1, null, null, null, null, false, false, null, null, null, null, false, 1));
aclList.add(new NetworkACLTO(2, null, null, null, null, false, false, null, null, null, null, false, 2));
final SetNetworkACLCommand cmd = new SetNetworkACLCommand(aclList, null);
// when
cmd.orderNetworkAclRulesByRuleNumber(aclList);
// then
for (int i = 0; i < aclList.size(); i++) {
assertEquals(aclList.get(i).getNumber(), i + 1);
}
}
Also used :
NetworkACLTO(com.cloud.agent.api.to.NetworkACLTO)
Test(org.junit.Test)
Example 3 with NetworkACLTO
use of com.cloud.agent.api.to.NetworkACLTO in project cloudstack by apache.
the class SetNetworkACLCommandTest method testNetworkAclRuleOrdering.
@Test
public void testNetworkAclRuleOrdering() {
// given
List<NetworkACLTO> aclList = Lists.newArrayList();
aclList.add(new NetworkACLTO(3, null, null, null, null, false, false, null, null, null, null, false, 3));
aclList.add(new NetworkACLTO(1, null, null, null, null, false, false, null, null, null, null, false, 1));
aclList.add(new NetworkACLTO(2, null, null, null, null, false, false, null, null, null, null, false, 2));
SetNetworkACLCommand cmd = new SetNetworkACLCommand(aclList, null);
// when
cmd.orderNetworkAclRulesByRuleNumber(aclList);
// then
for (int i = 0; i < aclList.size(); i++) {
assertEquals(aclList.get(i).getNumber(), i + 1);
}
}
Also used :
NetworkACLTO(com.cloud.agent.api.to.NetworkACLTO)
Test(org.junit.Test)
Example 4 with NetworkACLTO
use of com.cloud.agent.api.to.NetworkACLTO in project cosmic by MissionCriticalCloud.
the class CommandSetupHelper method createNetworkACLsCommands.
public void createNetworkACLsCommands(final List<? extends NetworkACLItem> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId, final boolean privateGateway) {
final List<NetworkACLTO> rulesTO = new ArrayList<>();
String guestVlan = null;
final Network guestNtwk = _networkDao.findById(guestNetworkId);
final URI uri = guestNtwk.getBroadcastUri();
if (uri != null) {
guestVlan = BroadcastDomainType.getValue(uri);
}
if (rules != null) {
for (final NetworkACLItem rule : rules) {
final NetworkACLTO ruleTO = new NetworkACLTO(rule, guestVlan, rule.getTrafficType());
rulesTO.add(ruleTO);
}
}
final NicTO nicTO = _networkHelper.getNicTO(router, guestNetworkId, null);
final SetNetworkACLCommand cmd = new SetNetworkACLCommand(rulesTO, nicTO);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, guestVlan);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
final Zone zone = zoneRepository.findOne(router.getDataCenterId());
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
if (privateGateway) {
cmd.setAccessDetail(NetworkElementCommand.VPC_PRIVATE_GATEWAY, String.valueOf(VpcGateway.Type.Private));
}
cmds.addCommand(cmd);
}
Also used :
NetworkACLItem(com.cloud.network.vpc.NetworkACLItem)
NetworkACLTO(com.cloud.agent.api.to.NetworkACLTO)
Zone(com.cloud.db.model.Zone)
Network(com.cloud.network.Network)
ArrayList(java.util.ArrayList)
SetNetworkACLCommand(com.cloud.agent.api.routing.SetNetworkACLCommand)
URI(java.net.URI)
NicTO(com.cloud.agent.api.to.NicTO)
Example 5 with NetworkACLTO
use of com.cloud.agent.api.to.NetworkACLTO in project cloudstack by apache.
the class SetNetworkACLCommand method generateFwRules.
public String[][] generateFwRules() {
final List<NetworkACLTO> aclList = Arrays.asList(rules);
orderNetworkAclRulesByRuleNumber(aclList);
final String[][] result = new String[2][aclList.size()];
int i = 0;
for (final NetworkACLTO aclTO : aclList) {
/* example : Ingress:tcp:80:80:0.0.0.0/0:ACCEPT:,Egress:tcp:220:220:0.0.0.0/0:DROP:,
* each entry format Ingress/Egress:protocol:start port: end port:scidrs:action:
* reverted entry format Ingress/Egress:reverted:0:0:0:
*/
if (aclTO.revoked() == true) {
final StringBuilder sb = new StringBuilder();
/* This entry is added just to make sure atleast there will one entry in the list to get the ipaddress */
sb.append(aclTO.getTrafficType().toString()).append(":reverted:0:0:0:");
final String aclRuleEntry = sb.toString();
result[0][i++] = aclRuleEntry;
continue;
}
List<String> cidr;
final StringBuilder sb = new StringBuilder();
sb.append(aclTO.getTrafficType().toString()).append(":").append(aclTO.getProtocol()).append(":");
if ("icmp".compareTo(aclTO.getProtocol()) == 0) {
sb.append(aclTO.getIcmpType()).append(":").append(aclTO.getIcmpCode()).append(":");
} else {
sb.append(aclTO.getStringPortRange()).append(":");
}
cidr = aclTO.getSourceCidrList();
if (cidr == null || cidr.isEmpty()) {
sb.append("0.0.0.0/0");
} else {
Boolean firstEntry = true;
for (final String tag : cidr) {
if (!firstEntry) {
sb.append(",");
}
sb.append(tag);
firstEntry = false;
}
}
sb.append(":").append(aclTO.getAction()).append(":");
final String aclRuleEntry = sb.toString();
result[0][i++] = aclRuleEntry;
}
return result;
}
Also used :
NetworkACLTO(com.cloud.agent.api.to.NetworkACLTO)
Aggregations
NetworkACLTO (com.cloud.agent.api.to.NetworkACLTO)7
SetNetworkACLCommand (com.cloud.agent.api.routing.SetNetworkACLCommand)3
NicTO (com.cloud.agent.api.to.NicTO)3
ArrayList (java.util.ArrayList)3
Network (com.cloud.network.Network)2
NetworkACLItem (com.cloud.network.vpc.NetworkACLItem)2
URI (java.net.URI)2
Test (org.junit.Test)2
Zone (com.cloud.db.model.Zone)1
DataCenterVO (com.cloud.dc.DataCenterVO)1
