Example 6 with NetworkACLItem
use of com.cloud.network.vpc.NetworkACLItem in project cloudstack by apache.
the class NetworkPolicyModel method build.
public void build(ModelController controller, List<? extends NetworkACLItem> rules) throws Exception {
String projectName = null;
if (_project != null) {
_fqName = StringUtils.join(_project.getQualifiedName(), ':') + ":" + _name;
projectName = StringUtils.join(_project.getQualifiedName(), ':');
} else {
_fqName = ContrailManager.VNC_ROOT_DOMAIN + ":" + ContrailManager.VNC_DEFAULT_PROJECT + ":" + _name;
projectName = ContrailManager.VNC_ROOT_DOMAIN + ":" + ContrailManager.VNC_DEFAULT_PROJECT;
}
PolicyEntriesType policyMap = new PolicyEntriesType();
for (NetworkACLItem rule : rules) {
if (rule.getState() != NetworkACLItem.State.Active && rule.getState() != NetworkACLItem.State.Add) {
continue;
}
String action = null;
if (rule.getAction() == Action.Allow) {
action = "pass";
} else if (rule.getAction() == Action.Deny) {
action = "deny";
}
List<String> cidrList = rule.getSourceCidrList();
String protocol = rule.getProtocol();
if (protocol == null || protocol.equalsIgnoreCase("ALL") || protocol.isEmpty()) {
protocol = "any";
} else {
protocol = protocol.toLowerCase();
}
Integer portStart = rule.getSourcePortStart();
Integer portEnd = rule.getSourcePortEnd();
if (portStart == null) {
portStart = 0;
}
if (portEnd == null) {
portEnd = 65535;
}
List<PolicyRuleType.AddressType> srcList = new ArrayList<PolicyRuleType.AddressType>();
List<PolicyRuleType.AddressType> dstList = new ArrayList<PolicyRuleType.AddressType>();
List<PolicyRuleType.PortType> srcPorts = new ArrayList<PolicyRuleType.PortType>();
List<PolicyRuleType.PortType> dstPorts = new ArrayList<PolicyRuleType.PortType>();
if (rule.getTrafficType() == NetworkACLItem.TrafficType.Egress) {
for (String cidr : cidrList) {
NetworkVO net = cidrToNetwork(controller, cidr);
/*String[] maskInfo = StringUtils.splitByWholeSeparator(cidr, "/");
SubnetType subnet = new SubnetType();
subnet.setIpPrefix(maskInfo[0]);
subnet.setIpPrefixLen(Integer.parseInt(maskInfo[1]));
*/
String netName = projectName + ":" + controller.getManager().getCanonicalName(net);
dstList.add(new PolicyRuleType.AddressType(null, netName, null));
}
dstPorts.add(new PolicyRuleType.PortType(portStart, portEnd));
srcList.add(new PolicyRuleType.AddressType(null, "local", null));
srcPorts.add(new PolicyRuleType.PortType(0, 65535));
} else {
for (String cidr : cidrList) {
NetworkVO net = cidrToNetwork(controller, cidr);
String netName = projectName + ":" + controller.getManager().getCanonicalName(net);
srcList.add(new PolicyRuleType.AddressType(null, netName, null));
}
dstPorts.add(new PolicyRuleType.PortType(portStart, portEnd));
dstList.add(new PolicyRuleType.AddressType(null, "local", null));
srcPorts.add(new PolicyRuleType.PortType(0, 65535));
}
PolicyRuleType vnRule = new PolicyRuleType(new PolicyRuleType.SequenceType(1, 0), rule.getUuid(), "<>", protocol, srcList, srcPorts, null, dstList, dstPorts, new PolicyRuleType.ActionListType(action, null, null, null));
policyMap.addPolicyRule(vnRule);
}
_policyMap = policyMap;
}
Also used :
NetworkVO(com.cloud.network.dao.NetworkVO)
PolicyEntriesType(net.juniper.contrail.api.types.PolicyEntriesType)
ArrayList(java.util.ArrayList)
PolicyRuleType(net.juniper.contrail.api.types.PolicyEntriesType.PolicyRuleType)
NetworkACLItem(com.cloud.network.vpc.NetworkACLItem)
Example 7 with NetworkACLItem
use of com.cloud.network.vpc.NetworkACLItem in project cloudstack by apache.
the class ListNetworkACLsCmd method execute.
@Override
public void execute() {
Pair<List<? extends NetworkACLItem>, Integer> result = _networkACLService.listNetworkACLItems(this);
ListResponse<NetworkACLItemResponse> response = new ListResponse<NetworkACLItemResponse>();
List<NetworkACLItemResponse> aclResponses = new ArrayList<NetworkACLItemResponse>();
for (NetworkACLItem acl : result.first()) {
NetworkACLItemResponse ruleData = _responseGenerator.createNetworkACLItemResponse(acl);
aclResponses.add(ruleData);
}
response.setResponses(aclResponses, result.second());
response.setResponseName(getCommandName());
setResponseObject(response);
}
Also used :
NetworkACLItem(com.cloud.network.vpc.NetworkACLItem)
ListResponse(org.apache.cloudstack.api.response.ListResponse)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
NetworkACLItemResponse(org.apache.cloudstack.api.response.NetworkACLItemResponse)
Example 8 with NetworkACLItem
use of com.cloud.network.vpc.NetworkACLItem in project cloudstack by apache.
the class UpdateNetworkACLItemCmd method execute.
@Override
public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + getId());
NetworkACLItem aclItem = _networkACLService.updateNetworkACLItem(this);
NetworkACLItemResponse aclResponse = _responseGenerator.createNetworkACLItemResponse(aclItem);
setResponseObject(aclResponse);
aclResponse.setResponseName(getCommandName());
}
Also used :
NetworkACLItem(com.cloud.network.vpc.NetworkACLItem)
NetworkACLItemResponse(org.apache.cloudstack.api.response.NetworkACLItemResponse)
Example 9 with NetworkACLItem
use of com.cloud.network.vpc.NetworkACLItem in project cloudstack by apache.
the class CreateNetworkACLCmd method create.
@Override
public void create() {
NetworkACLItem result = _networkACLService.createNetworkACLItem(this);
setEntityId(result.getId());
setEntityUuid(result.getUuid());
}
Also used :
NetworkACLItem(com.cloud.network.vpc.NetworkACLItem)
Example 10 with NetworkACLItem
use of com.cloud.network.vpc.NetworkACLItem in project cloudstack by apache.
the class ApiResponseHelper method createNetworkACLItemResponse.
@Override
public NetworkACLItemResponse createNetworkACLItemResponse(NetworkACLItem aclItem) {
NetworkACLItemResponse response = new NetworkACLItemResponse();
response.setId(aclItem.getUuid());
response.setProtocol(aclItem.getProtocol());
if (aclItem.getSourcePortStart() != null) {
response.setStartPort(Integer.toString(aclItem.getSourcePortStart()));
}
if (aclItem.getSourcePortEnd() != null) {
response.setEndPort(Integer.toString(aclItem.getSourcePortEnd()));
}
response.setCidrList(StringUtils.join(aclItem.getSourceCidrList(), ","));
response.setTrafficType(aclItem.getTrafficType().toString());
NetworkACLItem.State state = aclItem.getState();
String stateToSet = state.toString();
if (state.equals(NetworkACLItem.State.Revoke)) {
stateToSet = "Deleting";
}
response.setIcmpCode(aclItem.getIcmpCode());
response.setIcmpType(aclItem.getIcmpType());
response.setState(stateToSet);
response.setNumber(aclItem.getNumber());
response.setAction(aclItem.getAction().toString());
response.setForDisplay(aclItem.isDisplay());
NetworkACL acl = ApiDBUtils.findByNetworkACLId(aclItem.getAclId());
if (acl != null) {
response.setAclId(acl.getUuid());
response.setAclName(acl.getName());
}
// set tag information
List<? extends ResourceTag> tags = ApiDBUtils.listByResourceTypeAndId(ResourceObjectType.NetworkACL, aclItem.getId());
List<ResourceTagResponse> tagResponses = new ArrayList<ResourceTagResponse>();
for (ResourceTag tag : tags) {
ResourceTagResponse tagResponse = createResourceTagResponse(tag, true);
CollectionUtils.addIgnoreNull(tagResponses, tagResponse);
}
response.setTags(tagResponses);
response.setReason(aclItem.getReason());
response.setObjectName("networkacl");
return response;
}
Also used :
NetworkACLItem(com.cloud.network.vpc.NetworkACLItem)
ResourceTag(com.cloud.server.ResourceTag)
ResourceTagResponse(org.apache.cloudstack.api.response.ResourceTagResponse)
ArrayList(java.util.ArrayList)
NetworkACL(com.cloud.network.vpc.NetworkACL)
NetworkACLItemResponse(org.apache.cloudstack.api.response.NetworkACLItemResponse)
Aggregations
NetworkACLItem (com.cloud.network.vpc.NetworkACLItem)18
ArrayList (java.util.ArrayList)9
NetworkACLItemResponse (org.apache.cloudstack.api.response.NetworkACLItemResponse)5
NetworkACLItemResponse (com.cloud.api.response.NetworkACLItemResponse)4
NicTO (com.cloud.agent.api.to.NicTO)3
SetNetworkACLCommand (com.cloud.agent.api.routing.SetNetworkACLCommand)2
NetworkACLTO (com.cloud.agent.api.to.NetworkACLTO)2
ServerApiException (com.cloud.api.ServerApiException)2
Zone (com.cloud.db.model.Zone)2
ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)2
Network (com.cloud.network.Network)2
NetworkACL (com.cloud.network.vpc.NetworkACL)2
ResourceTag (com.cloud.server.ResourceTag)2
URI (java.net.URI)2
List (java.util.List)2
SubnetUtils (org.apache.commons.net.util.SubnetUtils)2
Answer (com.cloud.agent.api.Answer)1
ApplyAclRuleVspCommand (com.cloud.agent.api.element.ApplyAclRuleVspCommand)1
SetPublicIpACLCommand (com.cloud.agent.api.routing.SetPublicIpACLCommand)1
PublicIpACLTO (com.cloud.agent.api.to.PublicIpACLTO)1
