Examples with FirewallRuleVO com.cloud.network.rules.FirewallRuleVO used on opensource projects

Search in sources :

Example 6 with FirewallRuleVO

use of com.cloud.network.rules.FirewallRuleVO in project cloudstack by apache.

the class FirewallManagerImpl method updateFirewallRule.

protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller, Boolean forDisplay) {
    FirewallRuleVO rule = _firewallDao.findById(ruleId);
    if (rule == null || rule.getPurpose() != Purpose.Firewall) {
        throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall);
    }
    if (rule.getType() == FirewallRuleType.System && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
        throw new InvalidParameterValueException("Only root admin can update the system wide firewall rule");
    }
    _accountMgr.checkAccess(caller, null, true, rule);
    if (customId != null) {
        rule.setUuid(customId);
    }
    if (forDisplay != null) {
        rule.setDisplay(forDisplay);
    }
    _firewallDao.update(ruleId, rule);
    return _firewallDao.findById(ruleId);
}
Also used : InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)

Example 7 with FirewallRuleVO

use of com.cloud.network.rules.FirewallRuleVO in project cloudstack by apache.

the class FirewallManagerImpl method listFirewallRules.

@Override
public Pair<List<? extends FirewallRule>, Integer> listFirewallRules(IListFirewallRulesCmd cmd) {
    Long ipId = cmd.getIpAddressId();
    Long id = cmd.getId();
    Long networkId = cmd.getNetworkId();
    Map<String, String> tags = cmd.getTags();
    FirewallRule.TrafficType trafficType = cmd.getTrafficType();
    Boolean display = cmd.getDisplay();
    Account caller = CallContext.current().getCallingAccount();
    List<Long> permittedAccounts = new ArrayList<Long>();
    if (ipId != null) {
        IPAddressVO ipAddressVO = _ipAddressDao.findById(ipId);
        if (ipAddressVO == null || !ipAddressVO.readyToUse()) {
            throw new InvalidParameterValueException("Ip address id=" + ipId + " not ready for firewall rules yet");
        }
        _accountMgr.checkAccess(caller, null, true, ipAddressVO);
    }
    Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, ListProjectResourcesCriteria>(cmd.getDomainId(), cmd.isRecursive(), null);
    _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, cmd.listAll(), false);
    Long domainId = domainIdRecursiveListProject.first();
    Boolean isRecursive = domainIdRecursiveListProject.second();
    ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
    Filter filter = new Filter(FirewallRuleVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal());
    SearchBuilder<FirewallRuleVO> sb = _firewallDao.createSearchBuilder();
    _accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
    sb.and("id", sb.entity().getId(), Op.EQ);
    sb.and("trafficType", sb.entity().getTrafficType(), Op.EQ);
    sb.and("networkId", sb.entity().getNetworkId(), Op.EQ);
    sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ);
    sb.and("purpose", sb.entity().getPurpose(), Op.EQ);
    sb.and("display", sb.entity().isDisplay(), Op.EQ);
    if (tags != null && !tags.isEmpty()) {
        SearchBuilder<ResourceTagVO> tagSearch = _resourceTagDao.createSearchBuilder();
        for (int count = 0; count < tags.size(); count++) {
            tagSearch.or().op("key" + String.valueOf(count), tagSearch.entity().getKey(), SearchCriteria.Op.EQ);
            tagSearch.and("value" + String.valueOf(count), tagSearch.entity().getValue(), SearchCriteria.Op.EQ);
            tagSearch.cp();
        }
        tagSearch.and("resourceType", tagSearch.entity().getResourceType(), SearchCriteria.Op.EQ);
        sb.groupBy(sb.entity().getId());
        sb.join("tagSearch", tagSearch, sb.entity().getId(), tagSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER);
    }
    SearchCriteria<FirewallRuleVO> sc = sb.create();
    _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
    if (id != null) {
        sc.setParameters("id", id);
    }
    if (tags != null && !tags.isEmpty()) {
        int count = 0;
        sc.setJoinParameters("tagSearch", "resourceType", ResourceObjectType.FirewallRule.toString());
        for (String key : tags.keySet()) {
            sc.setJoinParameters("tagSearch", "key" + String.valueOf(count), key);
            sc.setJoinParameters("tagSearch", "value" + String.valueOf(count), tags.get(key));
            count++;
        }
    }
    if (display != null) {
        sc.setParameters("display", display);
    }
    if (ipId != null) {
        sc.setParameters("ip", ipId);
    }
    if (networkId != null) {
        sc.setParameters("networkId", networkId);
    }
    sc.setParameters("purpose", Purpose.Firewall);
    sc.setParameters("trafficType", trafficType);
    Pair<List<FirewallRuleVO>, Integer> result = _firewallDao.searchAndCount(sc, filter);
    return new Pair<List<? extends FirewallRule>, Integer>(result.first(), result.second());
}
Also used : Account(com.cloud.user.Account) ArrayList(java.util.ArrayList) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) ResourceTagVO(com.cloud.tags.ResourceTagVO) List(java.util.List) ArrayList(java.util.ArrayList) FirewallRule(com.cloud.network.rules.FirewallRule) Pair(com.cloud.utils.Pair) Ternary(com.cloud.utils.Ternary) ListProjectResourcesCriteria(com.cloud.projects.Project.ListProjectResourcesCriteria) Filter(com.cloud.utils.db.Filter) IPAddressVO(com.cloud.network.dao.IPAddressVO)

Example 8 with FirewallRuleVO

use of com.cloud.network.rules.FirewallRuleVO in project cloudstack by apache.

the class FirewallRulesDaoImpl method remove.

@Override
@DB
public boolean remove(Long id) {
    TransactionLegacy txn = TransactionLegacy.currentTxn();
    txn.start();
    FirewallRuleVO entry = findById(id);
    if (entry != null) {
        if (entry.getPurpose() == Purpose.LoadBalancing) {
            _tagsDao.removeByIdAndType(id, ResourceObjectType.LoadBalancer);
        } else if (entry.getPurpose() == Purpose.PortForwarding) {
            _tagsDao.removeByIdAndType(id, ResourceObjectType.PortForwardingRule);
        } else if (entry.getPurpose() == Purpose.Firewall) {
            _tagsDao.removeByIdAndType(id, ResourceObjectType.FirewallRule);
        } else if (entry.getPurpose() == Purpose.NetworkACL) {
            _tagsDao.removeByIdAndType(id, ResourceObjectType.NetworkACL);
        }
    }
    boolean result = super.remove(id);
    txn.commit();
    return result;
}
Also used : TransactionLegacy(com.cloud.utils.db.TransactionLegacy) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO) DB(com.cloud.utils.db.DB)

Example 9 with FirewallRuleVO

use of com.cloud.network.rules.FirewallRuleVO in project cloudstack by apache.

the class NuageVspElement method getFirewallRulesToApply.

private List<VspAclRule> getFirewallRulesToApply(final Network network, FirewallRule.TrafficType trafficType) {
    List<FirewallRuleVO> firewallRulesToApply = _firewallRulesDao.listByNetworkPurposeTrafficType(network.getId(), FirewallRule.Purpose.Firewall, trafficType);
    List<VspAclRule> vspAclRulesToApply = Lists.newArrayListWithExpectedSize(firewallRulesToApply.size());
    for (FirewallRuleVO rule : firewallRulesToApply) {
        rule.setSourceCidrList(_firewallRulesCidrsDao.getSourceCidrs(rule.getId()));
        VspAclRule vspAclRule = _nuageVspEntityBuilder.buildVspAclRule(rule, network);
        vspAclRulesToApply.add(vspAclRule);
    }
    return vspAclRulesToApply;
}
Also used : VspAclRule(net.nuage.vsp.acs.client.api.model.VspAclRule) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)

Example 10 with FirewallRuleVO

use of com.cloud.network.rules.FirewallRuleVO in project cloudstack by apache.

the class NuageVspElementTest method testImplement.

@Test
public void testImplement() throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException, URISyntaxException {
    final Network network = mock(Network.class);
    when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vsp);
    when(network.getId()).thenReturn(NETWORK_ID);
    when(network.getVpcId()).thenReturn(null);
    when(network.getBroadcastUri()).thenReturn(new URI(""));
    when(network.getPhysicalNetworkId()).thenReturn(NETWORK_ID);
    when(network.getDomainId()).thenReturn(NETWORK_ID);
    when(network.getDataCenterId()).thenReturn(NETWORK_ID);
    when(_networkModel.isProviderForNetwork(Provider.NuageVsp, NETWORK_ID)).thenReturn(true);
    final NetworkOffering offering = mock(NetworkOffering.class);
    when(offering.getId()).thenReturn(NETWORK_ID);
    when(offering.getTrafficType()).thenReturn(TrafficType.Guest);
    when(offering.getGuestType()).thenReturn(GuestType.Isolated);
    DeployDestination deployDest = mock(DeployDestination.class);
    final DomainVO dom = mock(DomainVO.class);
    when(dom.getName()).thenReturn("domain");
    when(_domainDao.findById(NETWORK_ID)).thenReturn(dom);
    final Account acc = mock(Account.class);
    when(acc.getAccountName()).thenReturn("accountname");
    final ReservationContext context = mock(ReservationContext.class);
    when(context.getDomain()).thenReturn(dom);
    when(context.getAccount()).thenReturn(acc);
    final HostVO host = mock(HostVO.class);
    when(host.getId()).thenReturn(NETWORK_ID);
    final NuageVspDeviceVO nuageVspDevice = mock(NuageVspDeviceVO.class);
    when(nuageVspDevice.getHostId()).thenReturn(NETWORK_ID);
    when(_nuageVspDao.listByPhysicalNetwork(NETWORK_ID)).thenReturn(Arrays.asList(new NuageVspDeviceVO[] { nuageVspDevice }));
    when(_hostDao.findById(NETWORK_ID)).thenReturn(host);
    when(_nuageVspManager.getNuageVspHost(NETWORK_ID)).thenReturn(host);
    when(_firewallRulesDao.listByNetworkPurposeTrafficType(NETWORK_ID, FirewallRule.Purpose.Firewall, FirewallRule.TrafficType.Ingress)).thenReturn(new ArrayList<FirewallRuleVO>());
    when(_firewallRulesDao.listByNetworkPurposeTrafficType(NETWORK_ID, FirewallRule.Purpose.Firewall, FirewallRule.TrafficType.Egress)).thenReturn(new ArrayList<FirewallRuleVO>());
    when(_ipAddressDao.listStaticNatPublicIps(NETWORK_ID)).thenReturn(new ArrayList<IPAddressVO>());
    when(_nuageVspManager.getDnsDetails(network.getDataCenterId())).thenReturn(new ArrayList<String>());
    assertTrue(_nuageVspElement.implement(network, offering, deployDest, context));
}
Also used : NuageVspDeviceVO(com.cloud.network.NuageVspDeviceVO) Account(com.cloud.user.Account) NetworkOffering(com.cloud.offering.NetworkOffering) URI(java.net.URI) HostVO(com.cloud.host.HostVO) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO) ReservationContext(com.cloud.vm.ReservationContext) DomainVO(com.cloud.domain.DomainVO) DeployDestination(com.cloud.deploy.DeployDestination) Network(com.cloud.network.Network) PhysicalNetwork(com.cloud.network.PhysicalNetwork) IPAddressVO(com.cloud.network.dao.IPAddressVO) NuageTest(com.cloud.NuageTest) Test(org.junit.Test)

Aggregations

FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)32 ArrayList (java.util.ArrayList)18 InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)9 ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)8 IPAddressVO (com.cloud.network.dao.IPAddressVO)8 FirewallRule (com.cloud.network.rules.FirewallRule)8 DB (com.cloud.utils.db.DB)7 List (java.util.List)7 ActionEvent (com.cloud.event.ActionEvent)6 Network (com.cloud.network.Network)6 NetworkVO (com.cloud.network.dao.NetworkVO)6 Test (org.junit.Test)6 Account (com.cloud.user.Account)5 TransactionStatus (com.cloud.utils.db.TransactionStatus)5 CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)5 HashSet (java.util.HashSet)5 DataCenter (com.cloud.dc.DataCenter)4 NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)4 PortForwardingRuleVO (com.cloud.network.rules.PortForwardingRuleVO)4 PhysicalNetwork (com.cloud.network.PhysicalNetwork)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial