Example 6 with NetworkACLItemVO
use of com.cloud.network.vpc.NetworkACLItemVO in project cloudstack by apache.
the class NetworkACLItemDaoImpl method persist.
@Override
@DB
public NetworkACLItemVO persist(NetworkACLItemVO networkAclItem) {
TransactionLegacy txn = TransactionLegacy.currentTxn();
txn.start();
NetworkACLItemVO dbNetworkACLItem = super.persist(networkAclItem);
saveCidrs(networkAclItem, networkAclItem.getSourceCidrList());
loadCidrs(dbNetworkACLItem);
txn.commit();
return dbNetworkACLItem;
}
Also used :
TransactionLegacy(com.cloud.utils.db.TransactionLegacy)
NetworkACLItemVO(com.cloud.network.vpc.NetworkACLItemVO)
DB(com.cloud.utils.db.DB)
Example 7 with NetworkACLItemVO
use of com.cloud.network.vpc.NetworkACLItemVO in project cloudstack by apache.
the class BigSwitchBcfUtils method listACLbyNetwork.
public List<AclData> listACLbyNetwork(Network network) {
List<AclData> aclList = new ArrayList<AclData>();
List<FirewallRuleVO> fwRules;
fwRules = _fwRulesDao.listByNetworkAndPurposeAndNotRevoked(network.getId(), Purpose.Firewall);
List<FirewallRulesCidrsVO> fwCidrList = null;
SubnetUtils utils;
for (FirewallRuleVO rule : fwRules) {
AclData acl = new AclData();
acl.setId(rule.getUuid());
// CloudStack Firewall interface does not have priority
acl.setPriority((int) rule.getId());
acl.setIpProto(rule.getProtocol());
String cidr = null;
Integer port = rule.getSourcePortStart();
fwCidrList = _fwCidrsDao.listByFirewallRuleId(rule.getId());
if (fwCidrList != null) {
if (fwCidrList.size() > 1 || !rule.getSourcePortEnd().equals(port)) {
continue;
} else {
cidr = fwCidrList.get(0).getCidr();
}
}
if (cidr == null || cidr.equalsIgnoreCase("0.0.0.0/0")) {
cidr = "";
} else {
utils = new SubnetUtils(cidr);
if (!utils.getInfo().getNetworkAddress().equals(utils.getInfo().getAddress())) {
continue;
}
}
acl.setSource(acl.new AclNetwork(cidr, port));
acl.setAction("permit");
aclList.add(acl);
}
List<NetworkACLItemVO> aclItems;
List<NetworkACLItemCidrsVO> aclCidrList;
if (network.getNetworkACLId() != null) {
aclItems = _aclItemDao.listByACL(network.getNetworkACLId());
for (NetworkACLItem item : aclItems) {
AclData acl = new AclData();
acl.setId(item.getUuid());
acl.setPriority(item.getNumber());
acl.setIpProto(item.getProtocol());
// currently BCF supports single cidr policy
String cidr = null;
// currently BCF supports single port policy
Integer port = item.getSourcePortStart();
aclCidrList = _aclItemCidrsDao.listByNetworkACLItemId(item.getId());
if (aclCidrList != null) {
if (aclCidrList.size() > 1 || !item.getSourcePortEnd().equals(port)) {
continue;
} else {
cidr = aclCidrList.get(0).getCidr();
}
}
if (cidr == null || cidr.equalsIgnoreCase("0.0.0.0/0")) {
cidr = "";
} else {
utils = new SubnetUtils(cidr);
if (!utils.getInfo().getNetworkAddress().equals(utils.getInfo().getAddress())) {
continue;
}
}
acl.setSource(acl.new AclNetwork(cidr, port));
acl.setAction(item.getAction().name());
aclList.add(acl);
}
}
return aclList;
}
Also used :
SubnetUtils(org.apache.commons.net.util.SubnetUtils)
ArrayList(java.util.ArrayList)
NetworkACLItemCidrsVO(com.cloud.network.vpc.NetworkACLItemCidrsVO)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
NetworkACLItemVO(com.cloud.network.vpc.NetworkACLItemVO)
NetworkACLItem(com.cloud.network.vpc.NetworkACLItem)
FirewallRulesCidrsVO(com.cloud.network.dao.FirewallRulesCidrsVO)
Example 8 with NetworkACLItemVO
use of com.cloud.network.vpc.NetworkACLItemVO in project cloudstack by apache.
the class NetworkACLManagerTest method driveTestApplyNetworkACL.
@SuppressWarnings("unchecked")
public void driveTestApplyNetworkACL(final boolean result, final boolean applyNetworkACLs, final boolean applyACLToPrivateGw) throws Exception {
// In order to test ONLY our scope method, we mock the others
final NetworkACLManager aclManager = Mockito.spy(_aclMgr);
// Prepare
// Reset mocked objects to reuse
Mockito.reset(_networkACLItemDao);
// Make sure it is handled
final long aclId = 1L;
final NetworkVO network = Mockito.mock(NetworkVO.class);
final List<NetworkVO> networks = new ArrayList<NetworkVO>();
networks.add(network);
Mockito.when(_networkDao.listByAclId(Matchers.anyLong())).thenReturn(networks);
Mockito.when(_networkDao.findById(Matchers.anyLong())).thenReturn(network);
Mockito.when(_networkModel.isProviderSupportServiceInNetwork(Matchers.anyLong(), Matchers.any(Network.Service.class), Matchers.any(Network.Provider.class))).thenReturn(true);
Mockito.when(_networkAclElements.get(0).applyNetworkACLs(Matchers.any(Network.class), Matchers.anyList())).thenReturn(applyNetworkACLs);
// Make sure it applies ACL to private gateway
final List<VpcGatewayVO> vpcGateways = new ArrayList<VpcGatewayVO>();
final VpcGatewayVO vpcGateway = Mockito.mock(VpcGatewayVO.class);
final PrivateGateway privateGateway = Mockito.mock(PrivateGateway.class);
Mockito.when(_vpcSvc.getVpcPrivateGateway(Mockito.anyLong())).thenReturn(privateGateway);
vpcGateways.add(vpcGateway);
Mockito.when(_vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private)).thenReturn(vpcGateways);
// Create 4 rules to test all 4 scenarios: only revoke should
// be deleted, only add should update
final List<NetworkACLItemVO> rules = new ArrayList<NetworkACLItemVO>();
final NetworkACLItemVO ruleActive = Mockito.mock(NetworkACLItemVO.class);
final NetworkACLItemVO ruleStaged = Mockito.mock(NetworkACLItemVO.class);
final NetworkACLItemVO rule2Revoke = Mockito.mock(NetworkACLItemVO.class);
final NetworkACLItemVO rule2Add = Mockito.mock(NetworkACLItemVO.class);
Mockito.when(ruleActive.getState()).thenReturn(NetworkACLItem.State.Active);
Mockito.when(ruleStaged.getState()).thenReturn(NetworkACLItem.State.Staged);
Mockito.when(rule2Add.getState()).thenReturn(NetworkACLItem.State.Add);
Mockito.when(rule2Revoke.getState()).thenReturn(NetworkACLItem.State.Revoke);
rules.add(ruleActive);
rules.add(ruleStaged);
rules.add(rule2Add);
rules.add(rule2Revoke);
final long revokeId = 8;
Mockito.when(rule2Revoke.getId()).thenReturn(revokeId);
final long addId = 9;
Mockito.when(rule2Add.getId()).thenReturn(addId);
Mockito.when(_networkACLItemDao.findById(addId)).thenReturn(rule2Add);
Mockito.when(_networkACLItemDao.listByACL(aclId)).thenReturn(rules);
// Mock methods to avoid
Mockito.doReturn(applyACLToPrivateGw).when(aclManager).applyACLToPrivateGw(privateGateway);
// Execute
assertEquals("Result was not congruent with applyNetworkACLs and applyACLToPrivateGw", result, aclManager.applyNetworkACL(aclId));
// Assert if conditions met, network ACL was applied
final int timesProcessingDone = applyNetworkACLs && applyACLToPrivateGw ? 1 : 0;
Mockito.verify(_networkACLItemDao, Mockito.times(timesProcessingDone)).remove(revokeId);
Mockito.verify(rule2Add, Mockito.times(timesProcessingDone)).setState(NetworkACLItem.State.Active);
Mockito.verify(_networkACLItemDao, Mockito.times(timesProcessingDone)).update(addId, rule2Add);
}
Also used :
NetworkVO(com.cloud.network.dao.NetworkVO)
VpcGatewayVO(com.cloud.network.vpc.VpcGatewayVO)
ArrayList(java.util.ArrayList)
NetworkOrchestrationService(org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService)
VpcService(com.cloud.network.vpc.VpcService)
NetworkACLItemVO(com.cloud.network.vpc.NetworkACLItemVO)
NetworkACLManager(com.cloud.network.vpc.NetworkACLManager)
NetworkACLServiceProvider(com.cloud.network.element.NetworkACLServiceProvider)
PrivateGateway(com.cloud.network.vpc.PrivateGateway)
Network(com.cloud.network.Network)
Example 9 with NetworkACLItemVO
use of com.cloud.network.vpc.NetworkACLItemVO in project cloudstack by apache.
the class NetworkACLServiceTest method testCreateACLItem.
@Test
public void testCreateACLItem() throws Exception {
Mockito.when(_entityMgr.findById(Matchers.eq(Vpc.class), Matchers.anyLong())).thenReturn(new VpcVO());
Mockito.when(_networkAclMgr.getNetworkACL(Matchers.anyLong())).thenReturn(acl);
Mockito.when(_networkAclMgr.createNetworkACLItem(Matchers.anyInt(), Matchers.anyInt(), Matchers.anyString(), Matchers.anyList(), Matchers.anyInt(), Matchers.anyInt(), Matchers.any(NetworkACLItem.TrafficType.class), Matchers.anyLong(), Matchers.anyString(), Matchers.anyInt(), Matchers.anyBoolean())).thenReturn(new NetworkACLItemVO());
Mockito.when(_networkACLItemDao.findByAclAndNumber(Matchers.anyLong(), Matchers.anyInt())).thenReturn(null);
assertNotNull(_aclService.createNetworkACLItem(createACLItemCmd));
}
Also used :
VpcVO(com.cloud.network.vpc.VpcVO)
Vpc(com.cloud.network.vpc.Vpc)
NetworkACLItemVO(com.cloud.network.vpc.NetworkACLItemVO)
Test(org.junit.Test)
Example 10 with NetworkACLItemVO
use of com.cloud.network.vpc.NetworkACLItemVO in project cloudstack by apache.
the class NetworkACLServiceTest method testCreateACLItemDuplicateNumber.
@Test(expected = InvalidParameterValueException.class)
public void testCreateACLItemDuplicateNumber() throws Exception {
Mockito.when(_entityMgr.findById(Matchers.eq(Vpc.class), Matchers.anyLong())).thenReturn(new VpcVO());
Mockito.when(_networkAclMgr.getNetworkACL(Matchers.anyLong())).thenReturn(acl);
Mockito.when(_networkACLItemDao.findByAclAndNumber(Matchers.anyLong(), Matchers.anyInt())).thenReturn(new NetworkACLItemVO());
_aclService.createNetworkACLItem(createACLItemCmd);
}
Also used :
VpcVO(com.cloud.network.vpc.VpcVO)
Vpc(com.cloud.network.vpc.Vpc)
NetworkACLItemVO(com.cloud.network.vpc.NetworkACLItemVO)
Test(org.junit.Test)
Aggregations
NetworkACLItemVO (com.cloud.network.vpc.NetworkACLItemVO)14
VpcVO (com.cloud.network.vpc.VpcVO)6
Network (com.cloud.network.Network)4
ArrayList (java.util.ArrayList)4
ConcurrentOperationException (com.cloud.exception.ConcurrentOperationException)2
InsufficientCapacityException (com.cloud.exception.InsufficientCapacityException)2
InternalErrorException (com.cloud.exception.InternalErrorException)2
ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)2
NetworkACLVO (com.cloud.network.vpc.NetworkACLVO)2
Vpc (com.cloud.network.vpc.Vpc)2
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)2
DomainRouterVO (com.cloud.vm.DomainRouterVO)2
IOException (java.io.IOException)2
NetworkPolicyModel (org.apache.cloudstack.network.contrail.model.NetworkPolicyModel)2
Test (org.junit.Test)2
Command (com.cloud.agent.api.Command)1
NetworkUsageCommand (com.cloud.agent.api.NetworkUsageCommand)1
OvsVpcRoutingPolicyConfigCommand (com.cloud.agent.api.OvsVpcRoutingPolicyConfigCommand)1
PlugNicCommand (com.cloud.agent.api.PlugNicCommand)1
SetupGuestNetworkCommand (com.cloud.agent.api.SetupGuestNetworkCommand)1
