Search in sources :

Example 1 with NetworkACLItem

use of com.cloud.legacymodel.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.

the class NetworkACLServiceImpl method listNetworkACLItems.

@Override
public Pair<List<? extends NetworkACLItem>, Integer> listNetworkACLItems(final ListNetworkACLsCmd cmd) {
    final Long networkId = cmd.getNetworkId();
    final Long id = cmd.getId();
    Long aclId = cmd.getAclId();
    final String trafficType = cmd.getTrafficType();
    final String protocol = cmd.getProtocol();
    final String action = cmd.getAction();
    final Map<String, String> tags = cmd.getTags();
    final Account caller = CallContext.current().getCallingAccount();
    final Filter filter = new Filter(NetworkACLItemVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal());
    final SearchBuilder<NetworkACLItemVO> sb = _networkACLItemDao.createSearchBuilder();
    sb.and("id", sb.entity().getId(), Op.EQ);
    sb.and("aclId", sb.entity().getAclId(), Op.EQ);
    sb.and("trafficType", sb.entity().getTrafficType(), Op.EQ);
    sb.and("protocol", sb.entity().getProtocol(), Op.EQ);
    sb.and("action", sb.entity().getAction(), Op.EQ);
    if (tags != null && !tags.isEmpty()) {
        final SearchBuilder<ResourceTagVO> tagSearch = _resourceTagDao.createSearchBuilder();
        for (int count = 0; count < tags.size(); count++) {
            tagSearch.or().op("key" + String.valueOf(count), tagSearch.entity().getKey(), Op.EQ);
            tagSearch.and("value" + String.valueOf(count), tagSearch.entity().getValue(), Op.EQ);
            tagSearch.cp();
        }
        tagSearch.and("resourceType", tagSearch.entity().getResourceType(), Op.EQ);
        sb.groupBy(sb.entity().getId());
        sb.join("tagSearch", tagSearch, sb.entity().getId(), tagSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER);
    }
    if (aclId == null) {
        // Join with network_acl table when aclId is not specified to list acl_items within permitted VPCs
        final SearchBuilder<NetworkACLVO> vpcSearch = _networkACLDao.createSearchBuilder();
        vpcSearch.and("vpcId", vpcSearch.entity().getVpcId(), Op.IN);
        sb.join("vpcSearch", vpcSearch, sb.entity().getAclId(), vpcSearch.entity().getId(), JoinBuilder.JoinType.INNER);
    }
    final SearchCriteria<NetworkACLItemVO> sc = sb.create();
    if (id != null) {
        sc.setParameters("id", id);
    }
    if (networkId != null) {
        final Network network = _networkDao.findById(networkId);
        aclId = network.getNetworkACLId();
        if (aclId == null) {
            // Return empty list
            return new Pair(new ArrayList<NetworkACLItem>(), 0);
        }
    }
    if (trafficType != null) {
        sc.setParameters("trafficType", trafficType);
    }
    if (aclId != null) {
        // Get VPC and check access
        final NetworkACL acl = _networkACLDao.findById(aclId);
        if (acl.getVpcId() != 0) {
            final Vpc vpc = _vpcDao.findById(acl.getVpcId());
            if (vpc == null) {
                throw new InvalidParameterValueException("Unable to find VPC associated with acl");
            }
            _accountMgr.checkAccess(caller, null, true, vpc);
        }
        sc.setParameters("aclId", aclId);
    } else {
        // ToDo: Add accountId to network_acl_item table for permission check
        // aclId is not specified
        // List permitted VPCs and filter aclItems
        final List<Long> permittedAccounts = new ArrayList<>();
        Long domainId = cmd.getDomainId();
        boolean isRecursive = cmd.isRecursive();
        final String accountName = cmd.getAccountName();
        final Long projectId = cmd.getProjectId();
        final boolean listAll = cmd.listAll();
        final Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<>(domainId, isRecursive, null);
        _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, listAll, false);
        domainId = domainIdRecursiveListProject.first();
        isRecursive = domainIdRecursiveListProject.second();
        final ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
        final SearchBuilder<VpcVO> sbVpc = _vpcDao.createSearchBuilder();
        _accountMgr.buildACLSearchBuilder(sbVpc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
        final SearchCriteria<VpcVO> scVpc = sbVpc.create();
        _accountMgr.buildACLSearchCriteria(scVpc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
        final List<VpcVO> vpcs = _vpcDao.search(scVpc, null);
        final List<Long> vpcIds = new ArrayList<>();
        for (final VpcVO vpc : vpcs) {
            vpcIds.add(vpc.getId());
        }
        // Add vpc_id 0 to list acl_items in default ACL
        vpcIds.add(0L);
        sc.setJoinParameters("vpcSearch", "vpcId", vpcIds.toArray());
    }
    if (protocol != null) {
        sc.setParameters("protocol", protocol);
    }
    if (action != null) {
        sc.setParameters("action", action);
    }
    if (tags != null && !tags.isEmpty()) {
        int count = 0;
        sc.setJoinParameters("tagSearch", "resourceType", ResourceObjectType.NetworkACL.toString());
        for (final String key : tags.keySet()) {
            sc.setJoinParameters("tagSearch", "key" + String.valueOf(count), key);
            sc.setJoinParameters("tagSearch", "value" + String.valueOf(count), tags.get(key));
            count++;
        }
    }
    final Pair<List<NetworkACLItemVO>, Integer> result = _networkACLItemDao.searchAndCount(sc, filter);
    final List<NetworkACLItemVO> aclItemVOs = result.first();
    for (final NetworkACLItemVO item : aclItemVOs) {
        _networkACLItemDao.loadCidrs(item);
    }
    return new Pair<>(aclItemVOs, result.second());
}
Also used : Account(com.cloud.legacymodel.user.Account) Vpc(com.cloud.legacymodel.network.vpc.Vpc) ArrayList(java.util.ArrayList) NetworkACL(com.cloud.legacymodel.network.vpc.NetworkACL) NetworkACLItem(com.cloud.legacymodel.network.vpc.NetworkACLItem) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) Network(com.cloud.legacymodel.network.Network) ResourceTagVO(com.cloud.tags.ResourceTagVO) List(java.util.List) ArrayList(java.util.ArrayList) Pair(com.cloud.legacymodel.utils.Pair) Ternary(com.cloud.legacymodel.utils.Ternary) ListProjectResourcesCriteria(com.cloud.projects.Project.ListProjectResourcesCriteria) Filter(com.cloud.utils.db.Filter)

Example 2 with NetworkACLItem

use of com.cloud.legacymodel.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.

the class NetworkACLManagerImpl method applyNetworkACL.

@Override
public boolean applyNetworkACL(final long aclId) throws ResourceUnavailableException {
    boolean applyToNetworksFailed = false;
    boolean applyToPrivateGatewaysFailed = false;
    boolean applyToIpAddressesFailed = false;
    final List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(aclId);
    final List<NetworkVO> networks = _networkDao.listByAclId(aclId);
    for (final NetworkVO network : networks) {
        if (!applyACLItemsToNetwork(network.getId(), rules)) {
            applyToNetworksFailed = true;
            s_logger.debug("Failed to apply ACL item to Network [" + network.getId() + "], ACL [" + aclId + "]");
            break;
        }
    }
    final List<VpcGatewayVO> vpcGateways = _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private);
    for (final VpcGatewayVO vpcGateway : vpcGateways) {
        final PrivateGateway privateGateway = _vpcSvc.getVpcPrivateGateway(vpcGateway.getId());
        if (!applyACLToPrivateGw(privateGateway)) {
            applyToPrivateGatewaysFailed = true;
            s_logger.debug("Failed to apply ACL item to Private Gateway [" + privateGateway.getId() + "], ACL [" + aclId + "]");
            break;
        }
    }
    final List<IPAddressVO> ipAddresses = _ipAddressDao.listByAclId(aclId);
    for (final IPAddressVO ipAddress : ipAddresses) {
        if (!applyACLItemsToPublicIp(ipAddress.getId(), rules)) {
            applyToIpAddressesFailed = true;
            s_logger.debug("Failed to apply ACL item to IP Address [" + ipAddress.getId() + "], ACL [" + aclId + "]");
            break;
        }
    }
    if (!applyToNetworksFailed && !applyToPrivateGatewaysFailed && !applyToIpAddressesFailed) {
        for (final NetworkACLItem rule : rules) {
            if (rule.getState() == NetworkACLItem.State.Revoke) {
                removeRule(rule);
            } else if (rule.getState() == NetworkACLItem.State.Add) {
                final NetworkACLItemVO ruleVO = _networkACLItemDao.findById(rule.getId());
                ruleVO.setState(NetworkACLItem.State.Active);
                _networkACLItemDao.update(ruleVO.getId(), ruleVO);
            }
        }
    }
    return !applyToNetworksFailed && !applyToPrivateGatewaysFailed && !applyToIpAddressesFailed;
}
Also used : NetworkVO(com.cloud.network.dao.NetworkVO) NetworkACLItem(com.cloud.legacymodel.network.vpc.NetworkACLItem) IPAddressVO(com.cloud.network.dao.IPAddressVO) PrivateGateway(com.cloud.legacymodel.network.vpc.PrivateGateway)

Example 3 with NetworkACLItem

use of com.cloud.legacymodel.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.

the class CommandSetupHelper method createPublicIpACLsCommands.

public void createPublicIpACLsCommands(final List<? extends NetworkACLItem> rules, final VirtualRouter router, final Commands cmds, final IpAddress publicIp) {
    final List<PublicIpACLTO> rulesTO = new ArrayList<>();
    if (rules != null) {
        for (final NetworkACLItem rule : rules) {
            final PublicIpACLTO ruleTO = new PublicIpACLTO(rule, publicIp.getAddress().toString(), rule.getTrafficType());
            rulesTO.add(ruleTO);
        }
    }
    final NicTO nicTO = _networkHelper.getNicTO(router, publicIp.getNetworkId(), null);
    final SetPublicIpACLCommand cmd = new SetPublicIpACLCommand(rulesTO, nicTO, publicIp.getAddress().toString());
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
    final Zone zone = zoneRepository.findById(router.getDataCenterId()).orElse(null);
    cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
    cmds.addCommand(cmd);
}
Also used : NetworkACLItem(com.cloud.legacymodel.network.vpc.NetworkACLItem) SetPublicIpACLCommand(com.cloud.legacymodel.communication.command.SetPublicIpACLCommand) Zone(com.cloud.db.model.Zone) ArrayList(java.util.ArrayList) PublicIpACLTO(com.cloud.legacymodel.to.PublicIpACLTO) NicTO(com.cloud.legacymodel.to.NicTO)

Example 4 with NetworkACLItem

use of com.cloud.legacymodel.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.

the class CreateNetworkACLCmd method create.

@Override
public void create() {
    final NetworkACLItem result = _networkACLService.createNetworkACLItem(this);
    setEntityId(result.getId());
    setEntityUuid(result.getUuid());
}
Also used : NetworkACLItem(com.cloud.legacymodel.network.vpc.NetworkACLItem)

Example 5 with NetworkACLItem

use of com.cloud.legacymodel.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.

the class UpdateNetworkACLItemCmd method execute.

@Override
public void execute() throws ResourceUnavailableException {
    CallContext.current().setEventDetails("Rule Id: " + getId());
    final NetworkACLItem aclItem = _networkACLService.updateNetworkACLItem(getId(), getProtocol(), getSourceCidrList(), getTrafficType(), getAction(), getNumber(), getSourcePortStart(), getSourcePortEnd(), getIcmpCode(), getIcmpType(), this.getCustomId(), this.isDisplay());
    if (aclItem == null) {
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update network ACL item");
    }
    final NetworkACLItemResponse aclResponse = _responseGenerator.createNetworkACLItemResponse(aclItem);
    setResponseObject(aclResponse);
    aclResponse.setResponseName(getCommandName());
}
Also used : NetworkACLItem(com.cloud.legacymodel.network.vpc.NetworkACLItem) ServerApiException(com.cloud.api.ServerApiException) NetworkACLItemResponse(com.cloud.api.response.NetworkACLItemResponse)

Aggregations

NetworkACLItem (com.cloud.legacymodel.network.vpc.NetworkACLItem)9 ArrayList (java.util.ArrayList)5 NetworkACLItemResponse (com.cloud.api.response.NetworkACLItemResponse)4 ServerApiException (com.cloud.api.ServerApiException)2 Zone (com.cloud.db.model.Zone)2 Network (com.cloud.legacymodel.network.Network)2 NetworkACL (com.cloud.legacymodel.network.vpc.NetworkACL)2 NicTO (com.cloud.legacymodel.to.NicTO)2 List (java.util.List)2 ListResponse (com.cloud.api.response.ListResponse)1 ResourceTagResponse (com.cloud.api.response.ResourceTagResponse)1 SetNetworkACLCommand (com.cloud.legacymodel.communication.command.SetNetworkACLCommand)1 SetPublicIpACLCommand (com.cloud.legacymodel.communication.command.SetPublicIpACLCommand)1 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)1 PrivateGateway (com.cloud.legacymodel.network.vpc.PrivateGateway)1 Vpc (com.cloud.legacymodel.network.vpc.Vpc)1 NetworkACLTO (com.cloud.legacymodel.to.NetworkACLTO)1 PublicIpACLTO (com.cloud.legacymodel.to.PublicIpACLTO)1 Account (com.cloud.legacymodel.user.Account)1 Pair (com.cloud.legacymodel.utils.Pair)1