Examples with ExternalFirewallDeviceVO com.cloud.network.dao.ExternalFirewallDeviceVO used on opensource projects

Example 6 with ExternalFirewallDeviceVO

use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.

the class ExternalFirewallDeviceManagerImpl method applyFirewallRules.

@Override
public boolean applyFirewallRules(Network network, List<? extends FirewallRule> rules) throws ResourceUnavailableException {
    // Find the external firewall in this zone
    long zoneId = network.getDataCenterId();
    DataCenterVO zone = _dcDao.findById(zoneId);
    ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network);
    // During destroy, device reference may already been clean up, then we just return true
    if (fwDeviceVO == null) {
        return true;
    }
    HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId());
    assert (externalFirewall != null);
    if (network.getState() == Network.State.Allocated) {
        s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
        return true;
    }
    List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
    NetworkVO networkVO = _networkDao.findById(network.getId());
    NetworkOfferingVO offering = _networkOfferingDao.findById(networkVO.getNetworkOfferingId());
    Boolean defaultEgressPolicy = offering.getEgressDefaultPolicy();
    for (FirewallRule rule : rules) {
        if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) {
            _fwRulesDao.loadSourceCidrs((FirewallRuleVO) rule);
        }
        FirewallRuleTO ruleTO;
        if (rule.getPurpose() == Purpose.Firewall && rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
            String guestVlanTag = BroadcastDomainType.getValue(network.getBroadcastUri());
            String guestCidr = network.getCidr();
            ruleTO = new FirewallRuleTO(rule, guestVlanTag, rule.getTrafficType(), guestCidr, defaultEgressPolicy, rule.getType());
        } else {
            IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
            Vlan vlan = _vlanDao.findById(sourceIp.getVlanId());
            ruleTO = new FirewallRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr());
        }
        rulesTO.add(ruleTO);
    }
    //Firewall rules configured for staticNAT/PF
    sendFirewallRules(rulesTO, zone, externalFirewall.getId());
    return true;
}

Example 7 with ExternalFirewallDeviceVO

use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.

the class JuniperSRXExternalFirewallElement method configureSrxFirewall.

@Override
public ExternalFirewallDeviceVO configureSrxFirewall(ConfigureSrxFirewallCmd cmd) {
    Long fwDeviceId = cmd.getFirewallDeviceId();
    Long deviceCapacity = cmd.getFirewallCapacity();
    ExternalFirewallDeviceVO fwDeviceVO = _fwDevicesDao.findById(fwDeviceId);
    if (fwDeviceVO == null || !fwDeviceVO.getDeviceName().equalsIgnoreCase(NetworkDevice.JuniperSRXFirewall.getName())) {
        throw new InvalidParameterValueException("No SRX firewall device found with ID: " + fwDeviceId);
    }
    if (deviceCapacity != null) {
        // check if any networks are using this SRX device
        List<NetworkExternalFirewallVO> networks = _networkFirewallDao.listByFirewallDeviceId(fwDeviceId);
        if ((networks != null) && !networks.isEmpty()) {
            if (deviceCapacity < networks.size()) {
                throw new CloudRuntimeException("There are more number of networks already using this SRX firewall device than configured capacity");
            }
        }
        if (deviceCapacity != null) {
            fwDeviceVO.setCapacity(deviceCapacity);
        }
    }
    fwDeviceVO.setDeviceState(FirewallDeviceState.Enabled);
    _fwDevicesDao.update(fwDeviceId, fwDeviceVO);
    return fwDeviceVO;
}

Example 8 with ExternalFirewallDeviceVO

use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.

the class JuniperSRXExternalFirewallElement method listSrxFirewalls.

@Override
public List<ExternalFirewallDeviceVO> listSrxFirewalls(ListSrxFirewallsCmd cmd) {
    Long physcialNetworkId = cmd.getPhysicalNetworkId();
    Long fwDeviceId = cmd.getFirewallDeviceId();
    PhysicalNetworkVO pNetwork = null;
    List<ExternalFirewallDeviceVO> fwDevices = new ArrayList<ExternalFirewallDeviceVO>();
    if (physcialNetworkId == null && fwDeviceId == null) {
        throw new InvalidParameterValueException("Either physical network Id or load balancer device Id must be specified");
    }
    if (fwDeviceId != null) {
        ExternalFirewallDeviceVO fwDeviceVo = _fwDevicesDao.findById(fwDeviceId);
        if (fwDeviceVo == null || !fwDeviceVo.getDeviceName().equalsIgnoreCase(NetworkDevice.JuniperSRXFirewall.getName())) {
            throw new InvalidParameterValueException("Could not find SRX firewall device with ID: " + fwDeviceId);
        }
        fwDevices.add(fwDeviceVo);
    }
    if (physcialNetworkId != null) {
        pNetwork = _physicalNetworkDao.findById(physcialNetworkId);
        if (pNetwork == null) {
            throw new InvalidParameterValueException("Could not find phyical network with ID: " + physcialNetworkId);
        }
        fwDevices = _fwDevicesDao.listByPhysicalNetworkAndProvider(physcialNetworkId, Provider.JuniperSRX.getName());
    }
    return fwDevices;
}

Example 9 with ExternalFirewallDeviceVO

use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.

the class PaloAltoExternalFirewallElement method listNetworks.

@Override
public List<? extends Network> listNetworks(ListPaloAltoFirewallNetworksCmd cmd) {
    Long fwDeviceId = cmd.getFirewallDeviceId();
    List<NetworkVO> networks = new ArrayList<NetworkVO>();
    ExternalFirewallDeviceVO fwDeviceVo = _fwDevicesDao.findById(fwDeviceId);
    if (fwDeviceVo == null || !fwDeviceVo.getDeviceName().equalsIgnoreCase(NetworkDevice.PaloAltoFirewall.getName())) {
        throw new InvalidParameterValueException("Could not find Palo Alto firewall device with ID " + fwDeviceId);
    }
    List<NetworkExternalFirewallVO> networkFirewallMaps = _networkFirewallDao.listByFirewallDeviceId(fwDeviceId);
    if (networkFirewallMaps != null && !networkFirewallMaps.isEmpty()) {
        for (NetworkExternalFirewallVO networkFirewallMap : networkFirewallMaps) {
            NetworkVO network = _networkDao.findById(networkFirewallMap.getNetworkId());
            networks.add(network);
        }
    }
    return networks;
}

Example 10 with ExternalFirewallDeviceVO

use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.

the class AddPaloAltoFirewallCmd method execute.

/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
    try {
        ExternalFirewallDeviceVO fwDeviceVO = _paFwService.addPaloAltoFirewall(this);
        if (fwDeviceVO != null) {
            PaloAltoFirewallResponse response = _paFwService.createPaloAltoFirewallResponse(fwDeviceVO);
            response.setObjectName("pafirewall");
            response.setResponseName(getCommandName());
            this.setResponseObject(response);
        } else {
            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add Palo Alto firewall due to internal error.");
        }
    } catch (InvalidParameterValueException invalidParamExcp) {
        throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
    } catch (CloudRuntimeException runtimeExcp) {
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
    }
}