Examples with NetworkACLItem - com.cloud.network.vpc.NetworkACLItem

Example 1 with NetworkACLItem

use of com.cloud.network.vpc.NetworkACLItem in project cloudstack by apache.

the class NuageVspElement method applyACLRules.

protected boolean applyACLRules(final Network network, List<? extends InternalIdentity> rules, boolean isNetworkAcl, boolean networkReset) throws ResourceUnavailableException {
    VspNetwork vspNetwork = _nuageVspEntityBuilder.buildVspNetwork(network);
    List<VspAclRule> vspAclRules = Lists.transform(rules, new Function<InternalIdentity, VspAclRule>() {

        @Nullable
        @Override
        public VspAclRule apply(@Nullable InternalIdentity input) {
            if (input instanceof FirewallRule) {
                return _nuageVspEntityBuilder.buildVspAclRule((FirewallRule) input, network);
            }
            return _nuageVspEntityBuilder.buildVspAclRule((NetworkACLItem) input);
        }
    });
    HostVO nuageVspHost = _nuageVspManager.getNuageVspHost(network.getPhysicalNetworkId());
    VspAclRule.ACLType vspAclType = isNetworkAcl ? VspAclRule.ACLType.NetworkACL : VspAclRule.ACLType.Firewall;
    ApplyAclRuleVspCommand cmd = new ApplyAclRuleVspCommand(vspAclType, vspNetwork, vspAclRules, networkReset);
    Answer answer = _agentMgr.easySend(nuageVspHost.getId(), cmd);
    if (answer == null || !answer.getResult()) {
        s_logger.error("ApplyAclRuleNuageVspCommand for network " + network.getUuid() + " failed on Nuage VSD " + nuageVspHost.getDetail("hostname"));
        if ((null != answer) && (null != answer.getDetails())) {
            throw new ResourceUnavailableException(answer.getDetails(), Network.class, network.getId());
        }
    }
    return true;
}

Also used : HostVO(com.cloud.host.HostVO) Answer(com.cloud.agent.api.Answer) NetworkACLItem(com.cloud.network.vpc.NetworkACLItem) ApplyAclRuleVspCommand(com.cloud.agent.api.element.ApplyAclRuleVspCommand) VspAclRule(net.nuage.vsp.acs.client.api.model.VspAclRule) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) VspNetwork(net.nuage.vsp.acs.client.api.model.VspNetwork) InternalIdentity(org.apache.cloudstack.api.InternalIdentity) FirewallRule(com.cloud.network.rules.FirewallRule) Nullable(javax.annotation.Nullable)

Example 2 with NetworkACLItem

use of com.cloud.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.

the class CreateNetworkACLCmd method create.

@Override
public void create() {
    final NetworkACLItem result = _networkACLService.createNetworkACLItem(this);
    setEntityId(result.getId());
    setEntityUuid(result.getUuid());
}

Also used : NetworkACLItem(com.cloud.network.vpc.NetworkACLItem)

Example 3 with NetworkACLItem

use of com.cloud.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.

the class UpdateNetworkACLItemCmd method execute.

@Override
public void execute() throws ResourceUnavailableException {
    CallContext.current().setEventDetails("Rule Id: " + getId());
    final NetworkACLItem aclItem = _networkACLService.updateNetworkACLItem(getId(), getProtocol(), getSourceCidrList(), getTrafficType(), getAction(), getNumber(), getSourcePortStart(), getSourcePortEnd(), getIcmpCode(), getIcmpType(), this.getCustomId(), this.isDisplay());
    if (aclItem == null) {
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update network ACL item");
    }
    final NetworkACLItemResponse aclResponse = _responseGenerator.createNetworkACLItemResponse(aclItem);
    setResponseObject(aclResponse);
    aclResponse.setResponseName(getCommandName());
}

Also used : NetworkACLItem(com.cloud.network.vpc.NetworkACLItem) ServerApiException(com.cloud.api.ServerApiException) NetworkACLItemResponse(com.cloud.api.response.NetworkACLItemResponse)

Example 4 with NetworkACLItem

use of com.cloud.network.vpc.NetworkACLItem in project cosmic by MissionCriticalCloud.

the class CommandSetupHelper method createPublicIpACLsCommands.

public void createPublicIpACLsCommands(final List<? extends NetworkACLItem> rules, final VirtualRouter router, final Commands cmds, final IpAddress publicIp) {
    final List<PublicIpACLTO> rulesTO = new ArrayList<>();
    if (rules != null) {
        for (final NetworkACLItem rule : rules) {
            final PublicIpACLTO ruleTO = new PublicIpACLTO(rule, publicIp.getAddress().toString(), rule.getTrafficType());
            rulesTO.add(ruleTO);
        }
    }
    final NicTO nicTO = _networkHelper.getNicTO(router, publicIp.getNetworkId(), null);
    final SetPublicIpACLCommand cmd = new SetPublicIpACLCommand(rulesTO, nicTO, publicIp.getAddress().toString());
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
    final Zone zone = zoneRepository.findOne(router.getDataCenterId());
    cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
    cmds.addCommand(cmd);
}

Also used : NetworkACLItem(com.cloud.network.vpc.NetworkACLItem) SetPublicIpACLCommand(com.cloud.agent.api.routing.SetPublicIpACLCommand) Zone(com.cloud.db.model.Zone) ArrayList(java.util.ArrayList) PublicIpACLTO(com.cloud.agent.api.to.PublicIpACLTO) NicTO(com.cloud.agent.api.to.NicTO)

Example 5 with NetworkACLItem

use of com.cloud.network.vpc.NetworkACLItem in project cloudstack by apache.

the class BigSwitchBcfUtils method listACLbyNetwork.

public List<AclData> listACLbyNetwork(Network network) {
    List<AclData> aclList = new ArrayList<AclData>();
    List<FirewallRuleVO> fwRules;
    fwRules = _fwRulesDao.listByNetworkAndPurposeAndNotRevoked(network.getId(), Purpose.Firewall);
    List<FirewallRulesCidrsVO> fwCidrList = null;
    SubnetUtils utils;
    for (FirewallRuleVO rule : fwRules) {
        AclData acl = new AclData();
        acl.setId(rule.getUuid());
        // CloudStack Firewall interface does not have priority
        acl.setPriority((int) rule.getId());
        acl.setIpProto(rule.getProtocol());
        String cidr = null;
        Integer port = rule.getSourcePortStart();
        fwCidrList = _fwCidrsDao.listByFirewallRuleId(rule.getId());
        if (fwCidrList != null) {
            if (fwCidrList.size() > 1 || !rule.getSourcePortEnd().equals(port)) {
                continue;
            } else {
                cidr = fwCidrList.get(0).getCidr();
            }
        }
        if (cidr == null || cidr.equalsIgnoreCase("0.0.0.0/0")) {
            cidr = "";
        } else {
            utils = new SubnetUtils(cidr);
            if (!utils.getInfo().getNetworkAddress().equals(utils.getInfo().getAddress())) {
                continue;
            }
        }
        acl.setSource(acl.new AclNetwork(cidr, port));
        acl.setAction("permit");
        aclList.add(acl);
    }
    List<NetworkACLItemVO> aclItems;
    List<NetworkACLItemCidrsVO> aclCidrList;
    if (network.getNetworkACLId() != null) {
        aclItems = _aclItemDao.listByACL(network.getNetworkACLId());
        for (NetworkACLItem item : aclItems) {
            AclData acl = new AclData();
            acl.setId(item.getUuid());
            acl.setPriority(item.getNumber());
            acl.setIpProto(item.getProtocol());
            // currently BCF supports single cidr policy
            String cidr = null;
            // currently BCF supports single port policy
            Integer port = item.getSourcePortStart();
            aclCidrList = _aclItemCidrsDao.listByNetworkACLItemId(item.getId());
            if (aclCidrList != null) {
                if (aclCidrList.size() > 1 || !item.getSourcePortEnd().equals(port)) {
                    continue;
                } else {
                    cidr = aclCidrList.get(0).getCidr();
                }
            }
            if (cidr == null || cidr.equalsIgnoreCase("0.0.0.0/0")) {
                cidr = "";
            } else {
                utils = new SubnetUtils(cidr);
                if (!utils.getInfo().getNetworkAddress().equals(utils.getInfo().getAddress())) {
                    continue;
                }
            }
            acl.setSource(acl.new AclNetwork(cidr, port));
            acl.setAction(item.getAction().name());
            aclList.add(acl);
        }
    }
    return aclList;
}

Also used : SubnetUtils(org.apache.commons.net.util.SubnetUtils) ArrayList(java.util.ArrayList) NetworkACLItemCidrsVO(com.cloud.network.vpc.NetworkACLItemCidrsVO) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO) NetworkACLItemVO(com.cloud.network.vpc.NetworkACLItemVO) NetworkACLItem(com.cloud.network.vpc.NetworkACLItem) FirewallRulesCidrsVO(com.cloud.network.dao.FirewallRulesCidrsVO)

Aggregations

NetworkACLItem (com.cloud.network.vpc.NetworkACLItem)18 ArrayList (java.util.ArrayList)9 NetworkACLItemResponse (org.apache.cloudstack.api.response.NetworkACLItemResponse)5 NetworkACLItemResponse (com.cloud.api.response.NetworkACLItemResponse)4 NicTO (com.cloud.agent.api.to.NicTO)3 SetNetworkACLCommand (com.cloud.agent.api.routing.SetNetworkACLCommand)2 NetworkACLTO (com.cloud.agent.api.to.NetworkACLTO)2 ServerApiException (com.cloud.api.ServerApiException)2 Zone (com.cloud.db.model.Zone)2 ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)2 Network (com.cloud.network.Network)2 NetworkACL (com.cloud.network.vpc.NetworkACL)2 ResourceTag (com.cloud.server.ResourceTag)2 URI (java.net.URI)2 List (java.util.List)2 SubnetUtils (org.apache.commons.net.util.SubnetUtils)2 Answer (com.cloud.agent.api.Answer)1 ApplyAclRuleVspCommand (com.cloud.agent.api.element.ApplyAclRuleVspCommand)1 SetPublicIpACLCommand (com.cloud.agent.api.routing.SetPublicIpACLCommand)1 PublicIpACLTO (com.cloud.agent.api.to.PublicIpACLTO)1