Examples with StaticNatRule com.cloud.legacymodel.network.StaticNatRule used on opensource projects

Example 6 with StaticNatRule

use of com.cloud.legacymodel.network.StaticNatRule in project cosmic by MissionCriticalCloud.

the class RulesManagerImpl method createStaticNatRule.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating static nat rule", create = true)
public StaticNatRule createStaticNatRule(final StaticNatRule rule, final boolean openFirewall) throws NetworkRuleConflictException {
    final Account caller = CallContext.current().getCallingAccount();
    final Long ipAddrId = rule.getSourceIpAddressId();
    final IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId);
    // Validate ip address
    if (ipAddress == null) {
        throw new InvalidParameterValueException("Unable to create static nat rule; ip id=" + ipAddrId + " doesn't exist in the system");
    } else if (ipAddress.isSourceNat() || !ipAddress.isOneToOneNat() || ipAddress.getAssociatedWithVmId() == null) {
        throw new NetworkRuleConflictException("Can't do static nat on ip address: " + ipAddress.getAddress());
    }
    _firewallMgr.validateFirewallRule(caller, ipAddress, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), Purpose.StaticNat, FirewallRuleType.User, null, rule.getTrafficType());
    final Long networkId = ipAddress.getAssociatedWithNetworkId();
    final Long accountId = ipAddress.getAllocatedToAccountId();
    final Long domainId = ipAddress.getAllocatedInDomainId();
    _networkModel.checkIpForService(ipAddress, Service.StaticNat, null);
    final Network network = _networkModel.getNetwork(networkId);
    final NetworkOffering off = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId());
    if (off.getElasticIp()) {
        throw new InvalidParameterValueException("Can't create ip forwarding rules for the network where elasticIP service is enabled");
    }
    // String dstIp = _networkModel.getIpInNetwork(ipAddress.getAssociatedWithVmId(), networkId);
    final String dstIp = ipAddress.getVmIp();
    return Transaction.execute(new TransactionCallbackWithException<StaticNatRule, NetworkRuleConflictException>() {

        @Override
        public StaticNatRule doInTransaction(final TransactionStatus status) throws NetworkRuleConflictException {
            FirewallRuleVO newRule = new FirewallRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, rule.getPurpose(), null, null, null, null, null);
            newRule = _firewallDao.persist(newRule);
            // create firewallRule for 0.0.0.0/0 cidr
            if (openFirewall) {
                _firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null, newRule.getId(), networkId);
            }
            try {
                _firewallMgr.detectRulesConflict(newRule);
                if (!_firewallDao.setStateToAdd(newRule)) {
                    throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
                }
                CallContext.current().setEventDetails("Rule Id: " + newRule.getId());
                final StaticNatRule staticNatRule = new StaticNatRuleImpl(newRule, dstIp);
                return staticNatRule;
            } catch (final Exception e) {
                if (newRule != null) {
                    // no need to apply the rule as it wasn't programmed on the backend yet
                    _firewallMgr.revokeRelatedFirewallRule(newRule.getId(), false);
                    _firewallMgr.removeRule(newRule);
                }
                if (e instanceof NetworkRuleConflictException) {
                    throw (NetworkRuleConflictException) e;
                }
                throw new CloudRuntimeException("Unable to add static nat rule for the ip id=" + newRule.getSourceIpAddressId(), e);
            }
        }
    });
}

Example 7 with StaticNatRule

use of com.cloud.legacymodel.network.StaticNatRule in project cosmic by MissionCriticalCloud.

the class CreateIpForwardingRuleCmd method create.

@Override
public void create() {
    // cidr list parameter is deprecated
    if (cidrlist != null) {
        throw new InvalidParameterValueException("Parameter cidrList is deprecated; if you need to open firewall rule for the specific CIDR, please refer to createFirewallRule command");
    }
    try {
        final StaticNatRule rule = _rulesService.createStaticNatRule(this, getOpenFirewall());
        setEntityId(rule.getId());
        setEntityUuid(rule.getUuid());
    } catch (final NetworkRuleConflictException e) {
        s_logger.info("Unable to create static NAT rule due to ", e);
        throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, e.getMessage());
    }
}

Example 8 with StaticNatRule

use of com.cloud.legacymodel.network.StaticNatRule in project cosmic by MissionCriticalCloud.

the class BasicNetworkVisitor method visit.

@Override
public boolean visit(final FirewallRules firewall) throws ResourceUnavailableException {
    final Network network = firewall.getNetwork();
    final DomainRouterVO router = (DomainRouterVO) firewall.getRouter();
    final List<? extends FirewallRule> rules = firewall.getRules();
    final List<LoadBalancingRule> loadbalancingRules = firewall.getLoadbalancingRules();
    final Purpose purpose = firewall.getPurpose();
    final Commands cmds = new Commands(Command.OnError.Continue);
    _commandSetupHelper.createPublicIpACLsCommands(router, cmds);
    if (purpose == Purpose.LoadBalancing) {
        _commandSetupHelper.createApplyLoadBalancingRulesCommands(loadbalancingRules, router, cmds, network.getId());
        return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
    } else if (purpose == Purpose.PortForwarding) {
        _commandSetupHelper.createApplyPortForwardingRulesCommands((List<? extends PortForwardingRule>) rules, router, cmds, network.getId());
        return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
    } else if (purpose == Purpose.StaticNat) {
        _commandSetupHelper.createApplyStaticNatRulesCommands((List<StaticNatRule>) rules, router, cmds, network.getId());
        return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
    } else if (purpose == Purpose.Firewall) {
        _commandSetupHelper.createApplyFirewallRulesCommands(rules, router, cmds, network.getId());
        return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
    }
    s_logger.warn("Unable to apply rules of purpose: " + rules.get(0).getPurpose());
    return false;
}

Example 9 with StaticNatRule

use of com.cloud.legacymodel.network.StaticNatRule in project cosmic by MissionCriticalCloud.

the class RulesManagerImpl method applyStaticNatRulesForIp.

protected boolean applyStaticNatRulesForIp(final long sourceIpId, final boolean continueOnError, final Account caller, final boolean forRevoke) {
    final List<? extends FirewallRule> rules = _firewallDao.listByIpAndPurpose(sourceIpId, Purpose.StaticNat);
    final List<StaticNatRule> staticNatRules = new ArrayList<>();
    if (rules.size() == 0) {
        s_logger.debug("There are no static nat rules to apply for ip id=" + sourceIpId);
        return true;
    }
    for (final FirewallRule rule : rules) {
        staticNatRules.add(buildStaticNatRule(rule, forRevoke));
    }
    if (caller != null) {
        _accountMgr.checkAccess(caller, null, true, staticNatRules.toArray(new StaticNatRule[staticNatRules.size()]));
    }
    try {
        if (!_firewallMgr.applyRules(staticNatRules, continueOnError, true)) {
            return false;
        }
    } catch (final ResourceUnavailableException ex) {
        s_logger.warn("Failed to apply static nat rules for ip due to ", ex);
        return false;
    }
    return true;
}