use of com.cloud.legacymodel.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.
the class NetworkACLServiceImpl method listNetworkACLItems.
@Override
public Pair<List<? extends NetworkACLItem>, Integer> listNetworkACLItems(final ListNetworkACLsCmd cmd) {
final Long networkId = cmd.getNetworkId();
final Long id = cmd.getId();
Long aclId = cmd.getAclId();
final String trafficType = cmd.getTrafficType();
final String protocol = cmd.getProtocol();
final String action = cmd.getAction();
final Map<String, String> tags = cmd.getTags();
final Account caller = CallContext.current().getCallingAccount();
final Filter filter = new Filter(NetworkACLItemVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal());
final SearchBuilder<NetworkACLItemVO> sb = _networkACLItemDao.createSearchBuilder();
sb.and("id", sb.entity().getId(), Op.EQ);
sb.and("aclId", sb.entity().getAclId(), Op.EQ);
sb.and("trafficType", sb.entity().getTrafficType(), Op.EQ);
sb.and("protocol", sb.entity().getProtocol(), Op.EQ);
sb.and("action", sb.entity().getAction(), Op.EQ);
if (tags != null && !tags.isEmpty()) {
final SearchBuilder<ResourceTagVO> tagSearch = _resourceTagDao.createSearchBuilder();
for (int count = 0; count < tags.size(); count++) {
tagSearch.or().op("key" + String.valueOf(count), tagSearch.entity().getKey(), Op.EQ);
tagSearch.and("value" + String.valueOf(count), tagSearch.entity().getValue(), Op.EQ);
tagSearch.cp();
}
tagSearch.and("resourceType", tagSearch.entity().getResourceType(), Op.EQ);
sb.groupBy(sb.entity().getId());
sb.join("tagSearch", tagSearch, sb.entity().getId(), tagSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER);
}
if (aclId == null) {
// Join with network_acl table when aclId is not specified to list acl_items within permitted VPCs
final SearchBuilder<NetworkACLVO> vpcSearch = _networkACLDao.createSearchBuilder();
vpcSearch.and("vpcId", vpcSearch.entity().getVpcId(), Op.IN);
sb.join("vpcSearch", vpcSearch, sb.entity().getAclId(), vpcSearch.entity().getId(), JoinBuilder.JoinType.INNER);
}
final SearchCriteria<NetworkACLItemVO> sc = sb.create();
if (id != null) {
sc.setParameters("id", id);
}
if (networkId != null) {
final Network network = _networkDao.findById(networkId);
aclId = network.getNetworkACLId();
if (aclId == null) {
// Return empty list
return new Pair(new ArrayList<NetworkACLItem>(), 0);
}
}
if (trafficType != null) {
sc.setParameters("trafficType", trafficType);
}
if (aclId != null) {
// Get VPC and check access
final NetworkACL acl = _networkACLDao.findById(aclId);
if (acl.getVpcId() != 0) {
final Vpc vpc = _vpcDao.findById(acl.getVpcId());
if (vpc == null) {
throw new InvalidParameterValueException("Unable to find VPC associated with acl");
}
_accountMgr.checkAccess(caller, null, true, vpc);
}
sc.setParameters("aclId", aclId);
} else {
// ToDo: Add accountId to network_acl_item table for permission check
// aclId is not specified
// List permitted VPCs and filter aclItems
final List<Long> permittedAccounts = new ArrayList<>();
Long domainId = cmd.getDomainId();
boolean isRecursive = cmd.isRecursive();
final String accountName = cmd.getAccountName();
final Long projectId = cmd.getProjectId();
final boolean listAll = cmd.listAll();
final Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<>(domainId, isRecursive, null);
_accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, listAll, false);
domainId = domainIdRecursiveListProject.first();
isRecursive = domainIdRecursiveListProject.second();
final ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
final SearchBuilder<VpcVO> sbVpc = _vpcDao.createSearchBuilder();
_accountMgr.buildACLSearchBuilder(sbVpc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
final SearchCriteria<VpcVO> scVpc = sbVpc.create();
_accountMgr.buildACLSearchCriteria(scVpc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
final List<VpcVO> vpcs = _vpcDao.search(scVpc, null);
final List<Long> vpcIds = new ArrayList<>();
for (final VpcVO vpc : vpcs) {
vpcIds.add(vpc.getId());
}
// Add vpc_id 0 to list acl_items in default ACL
vpcIds.add(0L);
sc.setJoinParameters("vpcSearch", "vpcId", vpcIds.toArray());
}
if (protocol != null) {
sc.setParameters("protocol", protocol);
}
if (action != null) {
sc.setParameters("action", action);
}
if (tags != null && !tags.isEmpty()) {
int count = 0;
sc.setJoinParameters("tagSearch", "resourceType", ResourceObjectType.NetworkACL.toString());
for (final String key : tags.keySet()) {
sc.setJoinParameters("tagSearch", "key" + String.valueOf(count), key);
sc.setJoinParameters("tagSearch", "value" + String.valueOf(count), tags.get(key));
count++;
}
}
final Pair<List<NetworkACLItemVO>, Integer> result = _networkACLItemDao.searchAndCount(sc, filter);
final List<NetworkACLItemVO> aclItemVOs = result.first();
for (final NetworkACLItemVO item : aclItemVOs) {
_networkACLItemDao.loadCidrs(item);
}
return new Pair<>(aclItemVOs, result.second());
}
use of com.cloud.legacymodel.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.
the class NetworkACLManagerImpl method applyNetworkACL.
@Override
public boolean applyNetworkACL(final long aclId) throws ResourceUnavailableException {
boolean applyToNetworksFailed = false;
boolean applyToPrivateGatewaysFailed = false;
boolean applyToIpAddressesFailed = false;
final List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(aclId);
final List<NetworkVO> networks = _networkDao.listByAclId(aclId);
for (final NetworkVO network : networks) {
if (!applyACLItemsToNetwork(network.getId(), rules)) {
applyToNetworksFailed = true;
s_logger.debug("Failed to apply ACL item to Network [" + network.getId() + "], ACL [" + aclId + "]");
break;
}
}
final List<VpcGatewayVO> vpcGateways = _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private);
for (final VpcGatewayVO vpcGateway : vpcGateways) {
final PrivateGateway privateGateway = _vpcSvc.getVpcPrivateGateway(vpcGateway.getId());
if (!applyACLToPrivateGw(privateGateway)) {
applyToPrivateGatewaysFailed = true;
s_logger.debug("Failed to apply ACL item to Private Gateway [" + privateGateway.getId() + "], ACL [" + aclId + "]");
break;
}
}
final List<IPAddressVO> ipAddresses = _ipAddressDao.listByAclId(aclId);
for (final IPAddressVO ipAddress : ipAddresses) {
if (!applyACLItemsToPublicIp(ipAddress.getId(), rules)) {
applyToIpAddressesFailed = true;
s_logger.debug("Failed to apply ACL item to IP Address [" + ipAddress.getId() + "], ACL [" + aclId + "]");
break;
}
}
if (!applyToNetworksFailed && !applyToPrivateGatewaysFailed && !applyToIpAddressesFailed) {
for (final NetworkACLItem rule : rules) {
if (rule.getState() == NetworkACLItem.State.Revoke) {
removeRule(rule);
} else if (rule.getState() == NetworkACLItem.State.Add) {
final NetworkACLItemVO ruleVO = _networkACLItemDao.findById(rule.getId());
ruleVO.setState(NetworkACLItem.State.Active);
_networkACLItemDao.update(ruleVO.getId(), ruleVO);
}
}
}
return !applyToNetworksFailed && !applyToPrivateGatewaysFailed && !applyToIpAddressesFailed;
}
use of com.cloud.legacymodel.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.
the class CommandSetupHelper method createPublicIpACLsCommands.
public void createPublicIpACLsCommands(final List<? extends NetworkACLItem> rules, final VirtualRouter router, final Commands cmds, final IpAddress publicIp) {
final List<PublicIpACLTO> rulesTO = new ArrayList<>();
if (rules != null) {
for (final NetworkACLItem rule : rules) {
final PublicIpACLTO ruleTO = new PublicIpACLTO(rule, publicIp.getAddress().toString(), rule.getTrafficType());
rulesTO.add(ruleTO);
}
}
final NicTO nicTO = _networkHelper.getNicTO(router, publicIp.getNetworkId(), null);
final SetPublicIpACLCommand cmd = new SetPublicIpACLCommand(rulesTO, nicTO, publicIp.getAddress().toString());
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
final Zone zone = zoneRepository.findById(router.getDataCenterId()).orElse(null);
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
cmds.addCommand(cmd);
}
use of com.cloud.legacymodel.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.
the class CreateNetworkACLCmd method create.
@Override
public void create() {
final NetworkACLItem result = _networkACLService.createNetworkACLItem(this);
setEntityId(result.getId());
setEntityUuid(result.getUuid());
}
use of com.cloud.legacymodel.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.
the class UpdateNetworkACLItemCmd method execute.
@Override
public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + getId());
final NetworkACLItem aclItem = _networkACLService.updateNetworkACLItem(getId(), getProtocol(), getSourceCidrList(), getTrafficType(), getAction(), getNumber(), getSourcePortStart(), getSourcePortEnd(), getIcmpCode(), getIcmpType(), this.getCustomId(), this.isDisplay());
if (aclItem == null) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update network ACL item");
}
final NetworkACLItemResponse aclResponse = _responseGenerator.createNetworkACLItemResponse(aclItem);
setResponseObject(aclResponse);
aclResponse.setResponseName(getCommandName());
}
Aggregations