Examples with Purpose com.cloud.legacymodel.network.FirewallRule.Purpose used on opensource projects
Example 1 with Purpose
use of com.cloud.legacymodel.network.FirewallRule.Purpose in project cosmic by MissionCriticalCloud.
the class NetworkModelImpl method getIpToServices.
@Override
public Map<PublicIpAddress, Set<Service>> getIpToServices(final List<? extends PublicIpAddress> publicIps, final boolean postApplyRules, final boolean includingFirewall) {
final Map<PublicIpAddress, Set<Service>> ipToServices = new HashMap<>();
if (publicIps != null && !publicIps.isEmpty()) {
final Set<Long> networkSNAT = new HashSet<>();
for (final PublicIpAddress ip : publicIps) {
Set<Service> services = ipToServices.get(ip);
if (services == null) {
services = new HashSet<>();
}
if (ip.isSourceNat()) {
if (!networkSNAT.contains(ip.getAssociatedWithNetworkId())) {
services.add(Service.SourceNat);
networkSNAT.add(ip.getAssociatedWithNetworkId());
} else {
final CloudRuntimeException ex = new CloudRuntimeException("Multiple generic soure NAT IPs provided for network");
// see the IPAddressVO.java class.
final IPAddressVO ipAddr = ApiDBUtils.findIpAddressById(ip.getAssociatedWithNetworkId());
String ipAddrUuid = ip.getAssociatedWithNetworkId().toString();
if (ipAddr != null) {
ipAddrUuid = ipAddr.getUuid();
}
ex.addProxyObject(ipAddrUuid, "networkId");
throw ex;
}
}
ipToServices.put(ip, services);
// provider
if (ip.getState() == State.Allocating) {
continue;
}
// check if any active rules are applied on the public IP
Set<Purpose> purposes = getPublicIpPurposeInRules(ip, false, includingFirewall);
// Firewall rules didn't cover static NAT
if (ip.isOneToOneNat() && ip.getAssociatedWithVmId() != null) {
if (purposes == null) {
purposes = new HashSet<>();
}
purposes.add(Purpose.StaticNat);
}
if (purposes == null || purposes.isEmpty()) {
// since no active rules are there check if any rules are applied on the public IP but are in
// revoking state
purposes = getPublicIpPurposeInRules(ip, true, includingFirewall);
if (ip.isOneToOneNat()) {
if (purposes == null) {
purposes = new HashSet<>();
}
purposes.add(Purpose.StaticNat);
}
if (purposes == null || purposes.isEmpty()) {
// IP is not being used for any purpose so skip IPAssoc to network service provider
continue;
} else {
if (postApplyRules) {
// association with the provider
if (ip.isSourceNat()) {
s_logger.debug("Not releasing ip " + ip.getAddress().addr() + " as it is in use for SourceNat");
} else {
ip.setState(State.Releasing);
}
} else {
if (ip.getState() == State.Releasing) {
// rules are not revoked yet, so don't let the network service provider revoke the IP
// association
// mark IP is allocated so that IP association will not be removed from the provider
ip.setState(State.Allocated);
}
}
}
}
if (purposes.contains(Purpose.StaticNat)) {
services.add(Service.StaticNat);
}
if (purposes.contains(Purpose.LoadBalancing)) {
services.add(Service.Lb);
}
if (purposes.contains(Purpose.PortForwarding)) {
services.add(Service.PortForwarding);
}
if (purposes.contains(Purpose.Vpn)) {
services.add(Service.Vpn);
}
if (purposes.contains(Purpose.Firewall)) {
services.add(Service.Firewall);
}
if (services.isEmpty()) {
continue;
}
ipToServices.put(ip, services);
}
}
return ipToServices;
}
Also used :
Set(java.util.Set)
TreeSet(java.util.TreeSet)
SortedSet(java.util.SortedSet)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Service(com.cloud.legacymodel.network.Network.Service)
Purpose(com.cloud.legacymodel.network.FirewallRule.Purpose)
CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
HashSet(java.util.HashSet)
Example 2 with Purpose
use of com.cloud.legacymodel.network.FirewallRule.Purpose in project cosmic by MissionCriticalCloud.
the class NetworkModelImpl method getPublicIpPurposeInRules.
Set<Purpose> getPublicIpPurposeInRules(final PublicIpAddress ip, final boolean includeRevoked, final boolean includingFirewall) {
final Set<Purpose> result = new HashSet<>();
final List<FirewallRuleVO> rules;
if (includeRevoked) {
rules = _firewallDao.listByIp(ip.getId());
} else {
rules = _firewallDao.listByIpAndNotRevoked(ip.getId());
}
if (rules == null || rules.isEmpty()) {
return null;
}
for (final FirewallRuleVO rule : rules) {
if (rule.getPurpose() != Purpose.Firewall || includingFirewall) {
result.add(rule.getPurpose());
}
}
return result;
}
Also used :
Purpose(com.cloud.legacymodel.network.FirewallRule.Purpose)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
HashSet(java.util.HashSet)
Example 3 with Purpose
use of com.cloud.legacymodel.network.FirewallRule.Purpose in project cosmic by MissionCriticalCloud.
the class NetworkServiceImpl method getPublicIpPurposeInRules.
private Set<Purpose> getPublicIpPurposeInRules(final PublicIp ip, final boolean includeRevoked, final boolean includingFirewall) {
final Set<Purpose> result = new HashSet<>();
List<FirewallRuleVO> rules = null;
if (includeRevoked) {
rules = _firewallDao.listByIp(ip.getId());
} else {
rules = _firewallDao.listByIpAndNotRevoked(ip.getId());
}
if (rules == null || rules.isEmpty()) {
return null;
}
for (final FirewallRuleVO rule : rules) {
if (rule.getPurpose() != Purpose.Firewall || includingFirewall) {
result.add(rule.getPurpose());
}
}
return result;
}
Also used :
Purpose(com.cloud.legacymodel.network.FirewallRule.Purpose)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
HashSet(java.util.HashSet)
Example 4 with Purpose
use of com.cloud.legacymodel.network.FirewallRule.Purpose in project cosmic by MissionCriticalCloud.
the class NetworkServiceImpl method getIpToServices.
/* Get a list of IPs, classify them by service */
protected Map<PublicIp, Set<Service>> getIpToServices(final List<PublicIp> publicIps, final boolean rulesRevoked, final boolean includingFirewall) {
final Map<PublicIp, Set<Service>> ipToServices = new HashMap<>();
if (publicIps != null && !publicIps.isEmpty()) {
final Set<Long> networkSNAT = new HashSet<>();
for (final PublicIp ip : publicIps) {
Set<Service> services = ipToServices.get(ip);
if (services == null) {
services = new HashSet<>();
}
if (ip.isSourceNat()) {
if (!networkSNAT.contains(ip.getAssociatedWithNetworkId())) {
services.add(Service.SourceNat);
networkSNAT.add(ip.getAssociatedWithNetworkId());
} else {
final CloudRuntimeException ex = new CloudRuntimeException("Multiple generic soure NAT IPs provided for network");
// see the IPAddressVO.java class.
final IPAddressVO ipAddr = ApiDBUtils.findIpAddressById(ip.getAssociatedWithNetworkId());
String ipAddrUuid = ip.getAssociatedWithNetworkId().toString();
if (ipAddr != null) {
ipAddrUuid = ipAddr.getUuid();
}
ex.addProxyObject(ipAddrUuid, "networkId");
throw ex;
}
}
ipToServices.put(ip, services);
// provider
if (ip.getState() == State.Allocating) {
continue;
}
// check if any active rules are applied on the public IP
Set<Purpose> purposes = getPublicIpPurposeInRules(ip, false, includingFirewall);
// Firewall rules didn't cover static NAT
if (ip.isOneToOneNat() && ip.getAssociatedWithVmId() != null) {
if (purposes == null) {
purposes = new HashSet<>();
}
purposes.add(Purpose.StaticNat);
}
if (purposes == null || purposes.isEmpty()) {
// since no active rules are there check if any rules are applied on the public IP but are in
// revoking state
purposes = getPublicIpPurposeInRules(ip, true, includingFirewall);
if (ip.isOneToOneNat()) {
if (purposes == null) {
purposes = new HashSet<>();
}
purposes.add(Purpose.StaticNat);
}
if (purposes == null || purposes.isEmpty()) {
// IP is not being used for any purpose so skip IPAssoc to network service provider
continue;
} else {
if (rulesRevoked) {
// no active rules/revoked rules are associated with this public IP, so remove the
// association with the provider
ip.setState(State.Releasing);
} else {
if (ip.getState() == State.Releasing) {
// rules are not revoked yet, so don't let the network service provider revoke the IP
// association
// mark IP is allocated so that IP association will not be removed from the provider
ip.setState(State.Allocated);
}
}
}
}
if (purposes.contains(Purpose.StaticNat)) {
services.add(Service.StaticNat);
}
if (purposes.contains(Purpose.LoadBalancing)) {
services.add(Service.Lb);
}
if (purposes.contains(Purpose.PortForwarding)) {
services.add(Service.PortForwarding);
}
if (purposes.contains(Purpose.Vpn)) {
services.add(Service.Vpn);
}
if (purposes.contains(Purpose.Firewall)) {
services.add(Service.Firewall);
}
if (services.isEmpty()) {
continue;
}
ipToServices.put(ip, services);
}
}
return ipToServices;
}
Also used :
ResultSet(java.sql.ResultSet)
Set(java.util.Set)
SortedSet(java.util.SortedSet)
HashSet(java.util.HashSet)
PublicIp(com.cloud.network.addr.PublicIp)
HashMap(java.util.HashMap)
NetworkOrchestrationService(com.cloud.engine.orchestration.service.NetworkOrchestrationService)
LoadBalancingRulesService(com.cloud.network.lb.LoadBalancingRulesService)
Service(com.cloud.legacymodel.network.Network.Service)
ResourceLimitService(com.cloud.user.ResourceLimitService)
Purpose(com.cloud.legacymodel.network.FirewallRule.Purpose)
CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
HashSet(java.util.HashSet)
Example 5 with Purpose
use of com.cloud.legacymodel.network.FirewallRule.Purpose in project cosmic by MissionCriticalCloud.
the class FirewallManagerImpl method applyRules.
@Override
public boolean applyRules(final List<? extends FirewallRule> rules, final boolean continueOnError, final boolean updateRulesInDB) throws ResourceUnavailableException {
boolean success = true;
if (rules == null || rules.size() == 0) {
s_logger.debug("There are no rules to forward to the network elements");
return true;
}
final Purpose purpose = rules.get(0).getPurpose();
if (!_ipAddrMgr.applyRules(rules, purpose, this, continueOnError)) {
s_logger.warn("Rules are not completely applied");
return false;
} else {
if (updateRulesInDB) {
for (final FirewallRule rule : rules) {
if (rule.getState() == FirewallRule.State.Revoke) {
final FirewallRuleVO relatedRule = _firewallDao.findByRelatedId(rule.getId());
if (relatedRule != null) {
s_logger.warn("Can't remove the firewall rule id=" + rule.getId() + " as it has related firewall rule id=" + relatedRule.getId() + "; leaving it in Revoke state");
success = false;
} else {
removeRule(rule);
if (rule.getSourceIpAddressId() != null) {
// if the rule is the last one for the ip address assigned to VPC, unassign it from the network
final IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId());
_vpcMgr.unassignIPFromVpcNetwork(ip.getId(), rule.getNetworkId());
}
}
} else if (rule.getState() == FirewallRule.State.Add) {
final FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId());
ruleVO.setState(FirewallRule.State.Active);
_firewallDao.update(ruleVO.getId(), ruleVO);
}
}
}
}
return success;
}
Also used :
Purpose(com.cloud.legacymodel.network.FirewallRule.Purpose)
IpAddress(com.cloud.network.IpAddress)
FirewallRule(com.cloud.legacymodel.network.FirewallRule)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
Aggregations
Purpose (com.cloud.legacymodel.network.FirewallRule.Purpose)7
HashSet (java.util.HashSet)4
FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)3
CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)2
Network (com.cloud.legacymodel.network.Network)2
Service (com.cloud.legacymodel.network.Network.Service)2
IPAddressVO (com.cloud.network.dao.IPAddressVO)2
HashMap (java.util.HashMap)2
Set (java.util.Set)2
SortedSet (java.util.SortedSet)2
Commands (com.cloud.agent.manager.Commands)1
NetworkOrchestrationService (com.cloud.engine.orchestration.service.NetworkOrchestrationService)1
FirewallRule (com.cloud.legacymodel.network.FirewallRule)1
LoadBalancingRule (com.cloud.legacymodel.network.LoadBalancingRule)1
PortForwardingRule (com.cloud.legacymodel.network.PortForwardingRule)1
StaticNatRule (com.cloud.legacymodel.network.StaticNatRule)1
IpAddress (com.cloud.network.IpAddress)1
PublicIp (com.cloud.network.addr.PublicIp)1
LoadBalancingServiceProvider (com.cloud.network.element.LoadBalancingServiceProvider)1
LoadBalancingRulesService (com.cloud.network.lb.LoadBalancingRulesService)1
