Examples with FirewallRule com.cloud.network.rules.FirewallRule used on opensource projects

Search in sources :

Example 51 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cloudstack by apache.

the class CreateEgressFirewallRuleCmd method create.

@Override
public void create() {
    validateCidrs();
    if (NetUtils.ALL_PROTO.equalsIgnoreCase(getProtocol())) {
        if (getSourcePortStart() != null && getSourcePortEnd() != null) {
            throw new InvalidParameterValueException(String.format("Unable to create firewall rule for the network id=[%d] due to: ports must not be informed to protocol ALL, as it does not require them.", networkId));
        }
    }
    if (getVpcId() != null) {
        throw new InvalidParameterValueException(String.format("Unable to create firewall rule for the network id=[%d] as firewall egress rule can be created only for non VPC networks.", networkId));
    }
    try {
        FirewallRule result = _firewallService.createEgressFirewallRule(this);
        if (result != null) {
            setEntityId(result.getId());
            setEntityUuid(result.getUuid());
        }
    } catch (NetworkRuleConflictException ex) {
        String message = "Network rule conflict: ";
        if (!s_logger.isTraceEnabled()) {
            s_logger.info(message + ex.getMessage());
        } else {
            s_logger.trace(message, ex);
        }
        throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage());
    }
}
Also used : ServerApiException(org.apache.cloudstack.api.ServerApiException) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) FirewallRule(com.cloud.network.rules.FirewallRule) NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException)

Example 52 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cloudstack by apache.

the class CreateEgressFirewallRuleCmd method execute.

@Override
public void execute() throws ResourceUnavailableException {
    CallContext callerContext = CallContext.current();
    boolean success = false;
    FirewallRule rule = _entityMgr.findById(FirewallRule.class, getEntityId());
    try {
        CallContext.current().setEventDetails("Rule Id: " + getEntityId());
        success = _firewallService.applyEgressFirewallRules(rule, callerContext.getCallingAccount());
        // State is different after the rule is applied, so get new object here
        rule = _entityMgr.findById(FirewallRule.class, getEntityId());
        FirewallResponse fwResponse = new FirewallResponse();
        if (rule != null) {
            fwResponse = _responseGenerator.createFirewallResponse(rule);
            setResponseObject(fwResponse);
        }
        fwResponse.setResponseName(getCommandName());
    } finally {
        if (!success || rule == null) {
            _firewallService.revokeEgressFirewallRule(getEntityId(), true);
            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create firewall rule");
        }
    }
}
Also used : ServerApiException(org.apache.cloudstack.api.ServerApiException) CallContext(org.apache.cloudstack.context.CallContext) FirewallRule(com.cloud.network.rules.FirewallRule) FirewallResponse(org.apache.cloudstack.api.response.FirewallResponse)

Example 53 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cloudstack by apache.

the class ListFirewallRulesCmd method execute.

@Override
public void execute() {
    Pair<List<? extends FirewallRule>, Integer> result = _firewallService.listFirewallRules(this);
    ListResponse<FirewallResponse> response = new ListResponse<FirewallResponse>();
    List<FirewallResponse> fwResponses = new ArrayList<FirewallResponse>();
    for (FirewallRule fwRule : result.first()) {
        FirewallResponse ruleData = _responseGenerator.createFirewallResponse(fwRule);
        ruleData.setObjectName("firewallrule");
        fwResponses.add(ruleData);
    }
    response.setResponses(fwResponses, result.second());
    response.setResponseName(getCommandName());
    setResponseObject(response);
}
Also used : ListResponse(org.apache.cloudstack.api.response.ListResponse) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) FirewallRule(com.cloud.network.rules.FirewallRule) FirewallResponse(org.apache.cloudstack.api.response.FirewallResponse)

Example 54 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cloudstack by apache.

the class CiscoVnmcElementTest method applyFWRulesTest.

@Test
public void applyFWRulesTest() throws ResourceUnavailableException {
    URI uri = URI.create("vlan://123");
    Network network = mock(Network.class);
    when(network.getId()).thenReturn(1L);
    when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
    when(network.getDataCenterId()).thenReturn(1L);
    when(network.getBroadcastUri()).thenReturn(uri);
    when(network.getCidr()).thenReturn("1.1.1.0/24");
    when(network.getState()).thenReturn(Network.State.Implemented);
    Ip ip = mock(Ip.class);
    when(ip.addr()).thenReturn("1.2.3.4");
    IpAddress ipAddress = mock(IpAddress.class);
    when(ipAddress.getAddress()).thenReturn(ip);
    when(_networkModel.getIp(anyLong())).thenReturn(ipAddress);
    when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, Provider.CiscoVnmc)).thenReturn(true);
    List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
    devices.add(mock(CiscoVnmcControllerVO.class));
    when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
    when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
    HostVO hostVO = mock(HostVO.class);
    when(hostVO.getId()).thenReturn(1L);
    when(_hostDao.findById(anyLong())).thenReturn(hostVO);
    FirewallRule rule = mock(FirewallRule.class);
    when(rule.getSourceIpAddressId()).thenReturn(1L);
    List<FirewallRule> rules = new ArrayList<FirewallRule>();
    rules.add(rule);
    Answer answer = mock(Answer.class);
    when(answer.getResult()).thenReturn(true);
    when(_agentMgr.easySend(anyLong(), any(SetFirewallRulesCommand.class))).thenReturn(answer);
    assertTrue(_element.applyFWRules(network, rules));
}
Also used : Ip(com.cloud.utils.net.Ip) PublicIp(com.cloud.network.addr.PublicIp) ArrayList(java.util.ArrayList) URI(java.net.URI) SetFirewallRulesCommand(com.cloud.agent.api.routing.SetFirewallRulesCommand) HostVO(com.cloud.host.HostVO) Answer(com.cloud.agent.api.Answer) Network(com.cloud.network.Network) NetworkAsa1000vMapVO(com.cloud.network.cisco.NetworkAsa1000vMapVO) IpAddress(com.cloud.network.IpAddress) CiscoVnmcControllerVO(com.cloud.network.cisco.CiscoVnmcControllerVO) FirewallRule(com.cloud.network.rules.FirewallRule) Test(org.junit.Test)

Example 55 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cloudstack by apache.

the class CommandSetupHelper method createApplyFirewallRulesCommands.

public void createApplyFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
    final List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
    String systemRule = null;
    Boolean defaultEgressPolicy = false;
    if (rules != null) {
        if (rules.size() > 0) {
            if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
                systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
            }
        }
        for (final FirewallRule rule : rules) {
            _rulesDao.loadSourceCidrs((FirewallRuleVO) rule);
            final FirewallRule.TrafficType traffictype = rule.getTrafficType();
            if (traffictype == FirewallRule.TrafficType.Ingress) {
                final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
                final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), Purpose.Firewall, traffictype);
                rulesTO.add(ruleTO);
            } else if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
                final NetworkVO network = _networkDao.findById(guestNetworkId);
                final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
                defaultEgressPolicy = offering.isEgressDefaultPolicy();
                assert rule.getSourceIpAddressId() == null : "ipAddressId should be null for egress firewall rule. ";
                final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, "", Purpose.Firewall, traffictype, defaultEgressPolicy);
                rulesTO.add(ruleTO);
            }
        }
    }
    final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId()));
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
    final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
    cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
    if (systemRule != null) {
        cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule);
    } else {
        cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
    }
    cmds.addCommand(cmd);
}
Also used : DataCenterVO(com.cloud.dc.DataCenterVO) NetworkVO(com.cloud.network.dao.NetworkVO) ArrayList(java.util.ArrayList) NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO) PrivateIpAddress(com.cloud.network.vpc.PrivateIpAddress) IpAddress(com.cloud.network.IpAddress) PublicIpAddress(com.cloud.network.PublicIpAddress) FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO) FirewallRule(com.cloud.network.rules.FirewallRule) SetFirewallRulesCommand(com.cloud.agent.api.routing.SetFirewallRulesCommand)

Aggregations

FirewallRule (com.cloud.network.rules.FirewallRule)59 ArrayList (java.util.ArrayList)32 FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)16 IpAddress (com.cloud.network.IpAddress)13 NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)10 FirewallResponse (com.cloud.api.response.FirewallResponse)9 List (java.util.List)9 ServerApiException (com.cloud.api.ServerApiException)8 PublicIpAddress (com.cloud.network.PublicIpAddress)8 NetworkVO (com.cloud.network.dao.NetworkVO)8 StaticNatRule (com.cloud.network.rules.StaticNatRule)8 FirewallRuleTO (com.cloud.agent.api.to.FirewallRuleTO)7 ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)7 NetworkOfferingVO (com.cloud.offerings.NetworkOfferingVO)7 FirewallResponse (org.apache.cloudstack.api.response.FirewallResponse)7 SetFirewallRulesCommand (com.cloud.agent.api.routing.SetFirewallRulesCommand)6 ActionEvent (com.cloud.event.ActionEvent)6 ListResponse (com.cloud.api.response.ListResponse)5 ServerApiException (org.apache.cloudstack.api.ServerApiException)5 IpForwardingRuleResponse (com.cloud.api.response.IpForwardingRuleResponse)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial