Examples with FirewallRule com.cloud.legacymodel.network.FirewallRule used on opensource projects

Search in sources :

Example 16 with FirewallRule

use of com.cloud.legacymodel.network.FirewallRule in project cosmic by MissionCriticalCloud.

the class CommandSetupHelper method createApplyFirewallRulesCommands.

public void createApplyFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
    final List<FirewallRuleTO> rulesTO = new ArrayList<>();
    String systemRule = null;
    Boolean defaultEgressPolicy = false;
    if (rules != null) {
        if (rules.size() > 0) {
            if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
                systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
            }
        }
        for (final FirewallRule rule : rules) {
            _rulesDao.loadSourceCidrs((FirewallRuleVO) rule);
            final FirewallRule.TrafficType traffictype = rule.getTrafficType();
            if (traffictype == FirewallRule.TrafficType.Ingress) {
                final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
                final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), Purpose.Firewall, traffictype);
                rulesTO.add(ruleTO);
            } else if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
                final NetworkVO network = _networkDao.findById(guestNetworkId);
                final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
                defaultEgressPolicy = offering.getEgressDefaultPolicy();
                assert rule.getSourceIpAddressId() == null : "ipAddressId should be null for egress firewall rule. ";
                final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, "", Purpose.Firewall, traffictype, defaultEgressPolicy);
                rulesTO.add(ruleTO);
            }
        }
    }
    final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
    final Zone zone = zoneRepository.findById(router.getDataCenterId()).orElse(null);
    cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
    if (systemRule != null) {
        cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule);
    } else {
        cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
    }
    cmds.addCommand(cmd);
}
Also used : NetworkVO(com.cloud.network.dao.NetworkVO) Zone(com.cloud.db.model.Zone) ArrayList(java.util.ArrayList) NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO) IpAddress(com.cloud.network.IpAddress) PublicIpAddress(com.cloud.network.PublicIpAddress) FirewallRuleTO(com.cloud.legacymodel.to.FirewallRuleTO) FirewallRule(com.cloud.legacymodel.network.FirewallRule) SetFirewallRulesCommand(com.cloud.legacymodel.communication.command.SetFirewallRulesCommand)

Example 17 with FirewallRule

use of com.cloud.legacymodel.network.FirewallRule in project cosmic by MissionCriticalCloud.

the class CommandSetupHelper method createFirewallRulesCommands.

public void createFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
    final List<FirewallRuleTO> rulesTO = new ArrayList<>();
    String systemRule = null;
    Boolean defaultEgressPolicy = false;
    if (rules != null) {
        if (rules.size() > 0) {
            if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
                systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
            }
        }
        for (final FirewallRule rule : rules) {
            _rulesDao.loadSourceCidrs((FirewallRuleVO) rule);
            final FirewallRule.TrafficType traffictype = rule.getTrafficType();
            if (traffictype == FirewallRule.TrafficType.Ingress) {
                final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
                final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), Purpose.Firewall, traffictype);
                rulesTO.add(ruleTO);
            } else if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
                final NetworkVO network = _networkDao.findById(guestNetworkId);
                final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
                defaultEgressPolicy = offering.getEgressDefaultPolicy();
                assert rule.getSourceIpAddressId() == null : "ipAddressId should be null for egress firewall rule. ";
                final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, "", Purpose.Firewall, traffictype, defaultEgressPolicy);
                rulesTO.add(ruleTO);
            }
        }
    }
    final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
    final Zone zone = zoneRepository.findById(router.getDataCenterId()).orElse(null);
    cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
    if (systemRule != null) {
        cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule);
    } else {
        cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
    }
    cmds.addCommand(cmd);
}
Also used : NetworkVO(com.cloud.network.dao.NetworkVO) Zone(com.cloud.db.model.Zone) ArrayList(java.util.ArrayList) NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO) IpAddress(com.cloud.network.IpAddress) PublicIpAddress(com.cloud.network.PublicIpAddress) FirewallRuleTO(com.cloud.legacymodel.to.FirewallRuleTO) FirewallRule(com.cloud.legacymodel.network.FirewallRule) SetFirewallRulesCommand(com.cloud.legacymodel.communication.command.SetFirewallRulesCommand)

Example 18 with FirewallRule

use of com.cloud.legacymodel.network.FirewallRule in project cosmic by MissionCriticalCloud.

the class FirewallManagerTest method testDetectRulesConflict.

@Test
public void testDetectRulesConflict() {
    final List<FirewallRuleVO> ruleList = new ArrayList<>();
    final FirewallRuleVO rule1 = spy(new FirewallRuleVO("rule1", 3, 500, "UDP", 1, 2, 1, Purpose.Vpn, null, null, null, null));
    final FirewallRuleVO rule2 = spy(new FirewallRuleVO("rule2", 3, 1701, "UDP", 1, 2, 1, Purpose.Vpn, null, null, null, null));
    final FirewallRuleVO rule3 = spy(new FirewallRuleVO("rule3", 3, 4500, "UDP", 1, 2, 1, Purpose.Vpn, null, null, null, null));
    ruleList.add(rule1);
    ruleList.add(rule2);
    ruleList.add(rule3);
    final FirewallManagerImpl firewallMgr = (FirewallManagerImpl) _firewallMgr;
    when(firewallMgr._firewallDao.listByIpAndPurposeAndNotRevoked(3, null)).thenReturn(ruleList);
    when(rule1.getId()).thenReturn(1L);
    when(rule2.getId()).thenReturn(2L);
    when(rule3.getId()).thenReturn(3L);
    final FirewallRule newRule1 = new FirewallRuleVO("newRule1", 3, 500, "TCP", 1, 2, 1, Purpose.PortForwarding, null, null, null, null);
    final FirewallRule newRule2 = new FirewallRuleVO("newRule2", 3, 1701, "TCP", 1, 2, 1, Purpose.PortForwarding, null, null, null, null);
    final FirewallRule newRule3 = new FirewallRuleVO("newRule3", 3, 4500, "TCP", 1, 2, 1, Purpose.PortForwarding, null, null, null, null);
    try {
        firewallMgr.detectRulesConflict(newRule1);
        firewallMgr.detectRulesConflict(newRule2);
        firewallMgr.detectRulesConflict(newRule3);
    } catch (final NetworkRuleConflictException ex) {
        Assert.fail();
    }
}
Also used : ArrayList(java.util.ArrayList) FirewallRule(com.cloud.legacymodel.network.FirewallRule) NetworkRuleConflictException(com.cloud.legacymodel.exceptions.NetworkRuleConflictException) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO) Test(org.junit.Test)

Example 19 with FirewallRule

use of com.cloud.legacymodel.network.FirewallRule in project cosmic by MissionCriticalCloud.

the class RulesManagerImpl method applyStaticNatRulesForIp.

protected boolean applyStaticNatRulesForIp(final long sourceIpId, final boolean continueOnError, final Account caller, final boolean forRevoke) {
    final List<? extends FirewallRule> rules = _firewallDao.listByIpAndPurpose(sourceIpId, Purpose.StaticNat);
    final List<StaticNatRule> staticNatRules = new ArrayList<>();
    if (rules.size() == 0) {
        s_logger.debug("There are no static nat rules to apply for ip id=" + sourceIpId);
        return true;
    }
    for (final FirewallRule rule : rules) {
        staticNatRules.add(buildStaticNatRule(rule, forRevoke));
    }
    if (caller != null) {
        _accountMgr.checkAccess(caller, null, true, staticNatRules.toArray(new StaticNatRule[staticNatRules.size()]));
    }
    try {
        if (!_firewallMgr.applyRules(staticNatRules, continueOnError, true)) {
            return false;
        }
    } catch (final ResourceUnavailableException ex) {
        s_logger.warn("Failed to apply static nat rules for ip due to ", ex);
        return false;
    }
    return true;
}
Also used : ArrayList(java.util.ArrayList) ResourceUnavailableException(com.cloud.legacymodel.exceptions.ResourceUnavailableException) StaticNatRule(com.cloud.legacymodel.network.StaticNatRule) FirewallRule(com.cloud.legacymodel.network.FirewallRule)

Example 20 with FirewallRule

use of com.cloud.legacymodel.network.FirewallRule in project cosmic by MissionCriticalCloud.

the class FirewallManagerImpl method applyRules.

@Override
public boolean applyRules(final List<? extends FirewallRule> rules, final boolean continueOnError, final boolean updateRulesInDB) throws ResourceUnavailableException {
    boolean success = true;
    if (rules == null || rules.size() == 0) {
        s_logger.debug("There are no rules to forward to the network elements");
        return true;
    }
    final Purpose purpose = rules.get(0).getPurpose();
    if (!_ipAddrMgr.applyRules(rules, purpose, this, continueOnError)) {
        s_logger.warn("Rules are not completely applied");
        return false;
    } else {
        if (updateRulesInDB) {
            for (final FirewallRule rule : rules) {
                if (rule.getState() == FirewallRule.State.Revoke) {
                    final FirewallRuleVO relatedRule = _firewallDao.findByRelatedId(rule.getId());
                    if (relatedRule != null) {
                        s_logger.warn("Can't remove the firewall rule id=" + rule.getId() + " as it has related firewall rule id=" + relatedRule.getId() + "; leaving it in Revoke state");
                        success = false;
                    } else {
                        removeRule(rule);
                        if (rule.getSourceIpAddressId() != null) {
                            // if the rule is the last one for the ip address assigned to VPC, unassign it from the network
                            final IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId());
                            _vpcMgr.unassignIPFromVpcNetwork(ip.getId(), rule.getNetworkId());
                        }
                    }
                } else if (rule.getState() == FirewallRule.State.Add) {
                    final FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId());
                    ruleVO.setState(FirewallRule.State.Active);
                    _firewallDao.update(ruleVO.getId(), ruleVO);
                }
            }
        }
    }
    return success;
}
Also used : Purpose(com.cloud.legacymodel.network.FirewallRule.Purpose) IpAddress(com.cloud.network.IpAddress) FirewallRule(com.cloud.legacymodel.network.FirewallRule) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)

Aggregations

FirewallRule (com.cloud.legacymodel.network.FirewallRule)23 ArrayList (java.util.ArrayList)14 FirewallResponse (com.cloud.api.response.FirewallResponse)7 FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)7 ServerApiException (com.cloud.api.ServerApiException)5 NetworkRuleConflictException (com.cloud.legacymodel.exceptions.NetworkRuleConflictException)4 StaticNatRule (com.cloud.legacymodel.network.StaticNatRule)4 IpAddress (com.cloud.network.IpAddress)4 List (java.util.List)4 ListResponse (com.cloud.api.response.ListResponse)3 ActionEvent (com.cloud.event.ActionEvent)3 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)3 PublicIpAddress (com.cloud.network.PublicIpAddress)3 NetworkVO (com.cloud.network.dao.NetworkVO)3 NetworkOfferingVO (com.cloud.offerings.NetworkOfferingVO)3 IpForwardingRuleResponse (com.cloud.api.response.IpForwardingRuleResponse)2 CallContext (com.cloud.context.CallContext)2 Zone (com.cloud.db.model.Zone)2 SetFirewallRulesCommand (com.cloud.legacymodel.communication.command.SetFirewallRulesCommand)2 ResourceUnavailableException (com.cloud.legacymodel.exceptions.ResourceUnavailableException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial