Example 1 with FirewallRuleTO
use of com.cloud.legacymodel.to.FirewallRuleTO in project cosmic by MissionCriticalCloud.
the class SetFirewallRulesConfigItem method generateConfig.
@Override
public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) {
final SetFirewallRulesCommand command = (SetFirewallRulesCommand) cmd;
final List<FirewallRule> rules = new ArrayList<>();
for (final FirewallRuleTO rule : command.getRules()) {
final FirewallRule fwRule = new FirewallRule(rule.getId(), rule.getSrcVlanTag(), rule.getSrcIp(), rule.getProtocol(), rule.getSrcPortRange(), rule.revoked(), rule.isAlreadyAdded(), rule.getSourceCidrList(), rule.getPurpose().toString(), rule.getIcmpType(), rule.getIcmpCode(), rule.getTrafficType().toString(), rule.getGuestCidr(), rule.isDefaultEgressPolicy());
rules.add(fwRule);
}
final FirewallRules ruleSet = new FirewallRules(rules.toArray(new FirewallRule[rules.size()]));
return generateConfigItems(ruleSet);
}
Also used :
ArrayList(java.util.ArrayList)
FirewallRuleTO(com.cloud.legacymodel.to.FirewallRuleTO)
SetFirewallRulesCommand(com.cloud.legacymodel.communication.command.SetFirewallRulesCommand)
FirewallRule(com.cloud.legacymodel.network.rules.FirewallRule)
FirewallRules(com.cloud.legacymodel.network.rules.FirewallRules)
Example 2 with FirewallRuleTO
use of com.cloud.legacymodel.to.FirewallRuleTO in project cosmic by MissionCriticalCloud.
the class CommandSetupHelper method createApplyFirewallRulesCommands.
public void createApplyFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
final List<FirewallRuleTO> rulesTO = new ArrayList<>();
String systemRule = null;
Boolean defaultEgressPolicy = false;
if (rules != null) {
if (rules.size() > 0) {
if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
}
}
for (final FirewallRule rule : rules) {
_rulesDao.loadSourceCidrs((FirewallRuleVO) rule);
final FirewallRule.TrafficType traffictype = rule.getTrafficType();
if (traffictype == FirewallRule.TrafficType.Ingress) {
final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), Purpose.Firewall, traffictype);
rulesTO.add(ruleTO);
} else if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
final NetworkVO network = _networkDao.findById(guestNetworkId);
final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
defaultEgressPolicy = offering.getEgressDefaultPolicy();
assert rule.getSourceIpAddressId() == null : "ipAddressId should be null for egress firewall rule. ";
final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, "", Purpose.Firewall, traffictype, defaultEgressPolicy);
rulesTO.add(ruleTO);
}
}
}
final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
final Zone zone = zoneRepository.findById(router.getDataCenterId()).orElse(null);
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
if (systemRule != null) {
cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule);
} else {
cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
}
cmds.addCommand(cmd);
}
Also used :
NetworkVO(com.cloud.network.dao.NetworkVO)
Zone(com.cloud.db.model.Zone)
ArrayList(java.util.ArrayList)
NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
FirewallRuleTO(com.cloud.legacymodel.to.FirewallRuleTO)
FirewallRule(com.cloud.legacymodel.network.FirewallRule)
SetFirewallRulesCommand(com.cloud.legacymodel.communication.command.SetFirewallRulesCommand)
Example 3 with FirewallRuleTO
use of com.cloud.legacymodel.to.FirewallRuleTO in project cosmic by MissionCriticalCloud.
the class CommandSetupHelper method createFirewallRulesCommands.
public void createFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
final List<FirewallRuleTO> rulesTO = new ArrayList<>();
String systemRule = null;
Boolean defaultEgressPolicy = false;
if (rules != null) {
if (rules.size() > 0) {
if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
}
}
for (final FirewallRule rule : rules) {
_rulesDao.loadSourceCidrs((FirewallRuleVO) rule);
final FirewallRule.TrafficType traffictype = rule.getTrafficType();
if (traffictype == FirewallRule.TrafficType.Ingress) {
final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), Purpose.Firewall, traffictype);
rulesTO.add(ruleTO);
} else if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
final NetworkVO network = _networkDao.findById(guestNetworkId);
final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
defaultEgressPolicy = offering.getEgressDefaultPolicy();
assert rule.getSourceIpAddressId() == null : "ipAddressId should be null for egress firewall rule. ";
final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, "", Purpose.Firewall, traffictype, defaultEgressPolicy);
rulesTO.add(ruleTO);
}
}
}
final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
final Zone zone = zoneRepository.findById(router.getDataCenterId()).orElse(null);
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
if (systemRule != null) {
cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule);
} else {
cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
}
cmds.addCommand(cmd);
}
Also used :
NetworkVO(com.cloud.network.dao.NetworkVO)
Zone(com.cloud.db.model.Zone)
ArrayList(java.util.ArrayList)
NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
FirewallRuleTO(com.cloud.legacymodel.to.FirewallRuleTO)
FirewallRule(com.cloud.legacymodel.network.FirewallRule)
SetFirewallRulesCommand(com.cloud.legacymodel.communication.command.SetFirewallRulesCommand)
Aggregations
SetFirewallRulesCommand (com.cloud.legacymodel.communication.command.SetFirewallRulesCommand)3
FirewallRuleTO (com.cloud.legacymodel.to.FirewallRuleTO)3
ArrayList (java.util.ArrayList)3
Zone (com.cloud.db.model.Zone)2
FirewallRule (com.cloud.legacymodel.network.FirewallRule)2
IpAddress (com.cloud.network.IpAddress)2
PublicIpAddress (com.cloud.network.PublicIpAddress)2
NetworkVO (com.cloud.network.dao.NetworkVO)2
NetworkOfferingVO (com.cloud.offerings.NetworkOfferingVO)2
FirewallRule (com.cloud.legacymodel.network.rules.FirewallRule)1
FirewallRules (com.cloud.legacymodel.network.rules.FirewallRules)1
