Examples with VspAclRule - net.nuage.vsp.acs.client.api.model.VspAclRule

Example 1 with VspAclRule

use of net.nuage.vsp.acs.client.api.model.VspAclRule in project cloudstack by apache.

the class NuageVspEntityBuilderTest method testBuildVspAclRule.

@Test
public void testBuildVspAclRule() {
    VspAclRule vspAclRule = _nuageVspEntityBuilder.buildVspAclRule(_mockedFirewallRule, _mockedNetwork);
    validateVspAclRule(vspAclRule, true);
    vspAclRule = _nuageVspEntityBuilder.buildVspAclRule(_mockedNetworkAclItem);
    validateVspAclRule(vspAclRule, false);
}

Also used : VspAclRule(net.nuage.vsp.acs.client.api.model.VspAclRule) NuageTest(com.cloud.NuageTest) Test(org.junit.Test)

Example 2 with VspAclRule

use of net.nuage.vsp.acs.client.api.model.VspAclRule in project cloudstack by apache.

the class NuageVspElement method getFirewallRulesToApply.

private List<VspAclRule> getFirewallRulesToApply(final Network network, FirewallRule.TrafficType trafficType) {
    List<FirewallRuleVO> firewallRulesToApply = _firewallRulesDao.listByNetworkPurposeTrafficType(network.getId(), FirewallRule.Purpose.Firewall, trafficType);
    List<VspAclRule> vspAclRulesToApply = Lists.newArrayListWithExpectedSize(firewallRulesToApply.size());
    for (FirewallRuleVO rule : firewallRulesToApply) {
        rule.setSourceCidrList(_firewallRulesCidrsDao.getSourceCidrs(rule.getId()));
        VspAclRule vspAclRule = _nuageVspEntityBuilder.buildVspAclRule(rule, network);
        vspAclRulesToApply.add(vspAclRule);
    }
    return vspAclRulesToApply;
}

Also used : VspAclRule(net.nuage.vsp.acs.client.api.model.VspAclRule) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)

Example 3 with VspAclRule

use of net.nuage.vsp.acs.client.api.model.VspAclRule in project cloudstack by apache.

the class NuageVspElement method applyACLRules.

protected boolean applyACLRules(final Network network, List<? extends InternalIdentity> rules, boolean isNetworkAcl, boolean networkReset) throws ResourceUnavailableException {
    VspNetwork vspNetwork = _nuageVspEntityBuilder.buildVspNetwork(network);
    List<VspAclRule> vspAclRules = Lists.transform(rules, new Function<InternalIdentity, VspAclRule>() {

        @Nullable
        @Override
        public VspAclRule apply(@Nullable InternalIdentity input) {
            if (input instanceof FirewallRule) {
                return _nuageVspEntityBuilder.buildVspAclRule((FirewallRule) input, network);
            }
            return _nuageVspEntityBuilder.buildVspAclRule((NetworkACLItem) input);
        }
    });
    HostVO nuageVspHost = _nuageVspManager.getNuageVspHost(network.getPhysicalNetworkId());
    VspAclRule.ACLType vspAclType = isNetworkAcl ? VspAclRule.ACLType.NetworkACL : VspAclRule.ACLType.Firewall;
    ApplyAclRuleVspCommand cmd = new ApplyAclRuleVspCommand(vspAclType, vspNetwork, vspAclRules, networkReset);
    Answer answer = _agentMgr.easySend(nuageVspHost.getId(), cmd);
    if (answer == null || !answer.getResult()) {
        s_logger.error("ApplyAclRuleNuageVspCommand for network " + network.getUuid() + " failed on Nuage VSD " + nuageVspHost.getDetail("hostname"));
        if ((null != answer) && (null != answer.getDetails())) {
            throw new ResourceUnavailableException(answer.getDetails(), Network.class, network.getId());
        }
    }
    return true;
}

Also used : HostVO(com.cloud.host.HostVO) Answer(com.cloud.agent.api.Answer) NetworkACLItem(com.cloud.network.vpc.NetworkACLItem) ApplyAclRuleVspCommand(com.cloud.agent.api.element.ApplyAclRuleVspCommand) VspAclRule(net.nuage.vsp.acs.client.api.model.VspAclRule) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) VspNetwork(net.nuage.vsp.acs.client.api.model.VspNetwork) InternalIdentity(org.apache.cloudstack.api.InternalIdentity) FirewallRule(com.cloud.network.rules.FirewallRule) Nullable(javax.annotation.Nullable)

Example 4 with VspAclRule

use of net.nuage.vsp.acs.client.api.model.VspAclRule in project cloudstack by apache.

the class NuageVspElement method implement.

@Override
public boolean implement(Network network, NetworkOffering offering, DeployDestination dest, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Entering NuageElement implement function for network " + network.getDisplayText() + " (state " + network.getState() + ")");
    }
    if (network.getVpcId() != null) {
        return applyACLRulesForVpc(network, offering);
    }
    if (!canHandle(network, offering, Service.Connectivity)) {
        return false;
    }
    if (network.getBroadcastUri() == null) {
        s_logger.error("Nic has no broadcast Uri with the virtual router IP");
        return false;
    }
    VspNetwork vspNetwork = _nuageVspEntityBuilder.buildVspNetwork(network);
    List<VspAclRule> ingressFirewallRules = getFirewallRulesToApply(network, FirewallRule.TrafficType.Ingress);
    List<VspAclRule> egressFirewallRules = getFirewallRulesToApply(network, FirewallRule.TrafficType.Egress);
    List<IPAddressVO> ips = _ipAddressDao.listStaticNatPublicIps(network.getId());
    List<String> floatingIpUuids = new ArrayList<String>();
    for (IPAddressVO ip : ips) {
        floatingIpUuids.add(ip.getUuid());
    }
    VspDhcpDomainOption vspDhcpOptions = _nuageVspEntityBuilder.buildNetworkDhcpOption(network, offering);
    HostVO nuageVspHost = _nuageVspManager.getNuageVspHost(network.getPhysicalNetworkId());
    ImplementVspCommand cmd = new ImplementVspCommand(vspNetwork, ingressFirewallRules, egressFirewallRules, floatingIpUuids, vspDhcpOptions);
    Answer answer = _agentMgr.easySend(nuageVspHost.getId(), cmd);
    if (answer == null || !answer.getResult()) {
        s_logger.error("ImplementVspCommand for network " + network.getUuid() + " failed on Nuage VSD " + nuageVspHost.getDetail("hostname"));
        if ((null != answer) && (null != answer.getDetails())) {
            throw new ResourceUnavailableException(answer.getDetails(), Network.class, network.getId());
        }
    }
    return true;
}

Also used : ArrayList(java.util.ArrayList) VspDhcpDomainOption(net.nuage.vsp.acs.client.api.model.VspDhcpDomainOption) HostVO(com.cloud.host.HostVO) Answer(com.cloud.agent.api.Answer) VspAclRule(net.nuage.vsp.acs.client.api.model.VspAclRule) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) IPAddressVO(com.cloud.network.dao.IPAddressVO) ImplementVspCommand(com.cloud.agent.api.element.ImplementVspCommand) VspNetwork(net.nuage.vsp.acs.client.api.model.VspNetwork)

Example 5 with VspAclRule

use of net.nuage.vsp.acs.client.api.model.VspAclRule in project cloudstack by apache.

the class NuageVspEntityBuilder method buildVspAclRule.

public VspAclRule buildVspAclRule(FirewallRule firewallRule, Network network) {
    VspAclRule.Builder vspAclRuleBuilder = new VspAclRule.Builder().uuid(firewallRule.getUuid()).protocol(firewallRule.getProtocol()).startPort(firewallRule.getSourcePortStart()).endPort(firewallRule.getSourcePortEnd()).sourceCidrList(firewallRule.getSourceCidrList()).priority(-1).type(VspAclRule.ACLType.Firewall);
    switch(firewallRule.getState()) {
        case Active:
            vspAclRuleBuilder.state(VspAclRule.ACLState.Active);
            break;
        case Add:
            vspAclRuleBuilder.state(VspAclRule.ACLState.Add);
            break;
        case Revoke:
            vspAclRuleBuilder.state(VspAclRule.ACLState.Revoke);
    }
    switch(firewallRule.getTrafficType()) {
        case Ingress:
            vspAclRuleBuilder.trafficType(VspAclRule.ACLTrafficType.Ingress);
            break;
        case Egress:
            vspAclRuleBuilder.trafficType(VspAclRule.ACLTrafficType.Egress);
    }
    NetworkOfferingVO networkOffering = _networkOfferingDao.findById(network.getNetworkOfferingId());
    if (firewallRule.getTrafficType() == FirewallRule.TrafficType.Egress && networkOffering.getEgressDefaultPolicy()) {
        vspAclRuleBuilder.action(VspAclRule.ACLAction.Deny);
    } else {
        vspAclRuleBuilder.action(VspAclRule.ACLAction.Allow);
    }
    if (firewallRule.getSourceIpAddressId() != null) {
        IPAddressVO ipAddress = _ipAddressDao.findById(firewallRule.getSourceIpAddressId());
        if (ipAddress != null) {
            vspAclRuleBuilder.sourceIpAddress(ipAddress.getVmIp() + "/32");
        }
    }
    return vspAclRuleBuilder.build();
}

Also used : VspAclRule(net.nuage.vsp.acs.client.api.model.VspAclRule) NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO) IPAddressVO(com.cloud.network.dao.IPAddressVO)

Aggregations

VspAclRule (net.nuage.vsp.acs.client.api.model.VspAclRule)7 VspNetwork (net.nuage.vsp.acs.client.api.model.VspNetwork)4 Answer (com.cloud.agent.api.Answer)3 ApplyAclRuleVspCommand (com.cloud.agent.api.element.ApplyAclRuleVspCommand)3 Test (org.junit.Test)3 NuageTest (com.cloud.NuageTest)2 ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)2 HostVO (com.cloud.host.HostVO)2 IPAddressVO (com.cloud.network.dao.IPAddressVO)2 ImplementVspCommand (com.cloud.agent.api.element.ImplementVspCommand)1 FirewallRule (com.cloud.network.rules.FirewallRule)1 FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)1 NetworkACLItem (com.cloud.network.vpc.NetworkACLItem)1 NetworkOfferingVO (com.cloud.offerings.NetworkOfferingVO)1 ArrayList (java.util.ArrayList)1 Nullable (javax.annotation.Nullable)1 VspDhcpDomainOption (net.nuage.vsp.acs.client.api.model.VspDhcpDomainOption)1 InternalIdentity (org.apache.cloudstack.api.InternalIdentity)1