You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ya...@apache.org on 2013/11/06 19:08:44 UTC
[5/5] git commit: updated refs/heads/master to 8f8ad3f
Squashed commit of the Palo Alto Networks firewall integration plugin.
This patch adds a network plugin to support Palo Alto Networks firewall (their appliance and their VM series firewall).
More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.
Signed-off-by: Sheng Yang <sh...@citrix.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8f8ad3f3
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8f8ad3f3
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8f8ad3f3
Branch: refs/heads/master
Commit: 8f8ad3f38ef3c9ee840ba5f86c92d722d2bb5393
Parents: 40a7839
Author: Will Stevens <ws...@cloudops.com>
Authored: Tue Nov 5 22:24:23 2013 -0500
Committer: Sheng Yang <sh...@citrix.com>
Committed: Wed Nov 6 10:08:22 2013 -0800
----------------------------------------------------------------------
api/src/com/cloud/network/Network.java | 1 +
.../admin/network/AddNetworkDeviceCmd.java | 3 +-
.../admin/network/ListNetworkDeviceCmd.java | 2 +-
.../network/ExternalNetworkDeviceManager.java | 1 +
.../classes/resources/messages.properties | 7 +
client/pom.xml | 5 +
client/tomcatconf/commands.properties.in | 11 +
plugins/network-elements/palo-alto/pom.xml | 29 +
.../cloudstack/paloalto/module.properties | 18 +
.../paloalto/spring-paloalto-context.xml | 33 +
.../api/commands/AddExternalFirewallCmd.java | 112 +
.../api/commands/AddPaloAltoFirewallCmd.java | 135 ++
.../commands/ConfigurePaloAltoFirewallCmd.java | 114 +
.../api/commands/DeleteExternalFirewallCmd.java | 88 +
.../api/commands/DeletePaloAltoFirewallCmd.java | 105 +
.../api/commands/ListExternalFirewallsCmd.java | 88 +
.../ListPaloAltoFirewallNetworksCmd.java | 95 +
.../api/commands/ListPaloAltoFirewallsCmd.java | 103 +
.../api/response/PaloAltoFirewallResponse.java | 142 ++
.../PaloAltoExternalFirewallElement.java | 538 +++++
.../element/PaloAltoFirewallElementService.java | 88 +
.../network/resource/PaloAltoResource.java | 2030 ++++++++++++++++++
.../cloud/network/utils/HttpClientWrapper.java | 69 +
.../resource/MockablePaloAltoResource.java | 460 ++++
.../network/resource/PaloAltoResourceTest.java | 507 +++++
plugins/pom.xml | 1 +
server/src/com/cloud/api/ApiResponseHelper.java | 2 +-
.../configuration/ConfigurationManagerImpl.java | 4 +
ui/dictionary.jsp | 7 +
ui/scripts/docs.js | 69 +
ui/scripts/system.js | 572 +++++
31 files changed, 5436 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/api/src/com/cloud/network/Network.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/Network.java b/api/src/com/cloud/network/Network.java
index bda3326..318ac19 100644
--- a/api/src/com/cloud/network/Network.java
+++ b/api/src/com/cloud/network/Network.java
@@ -116,6 +116,7 @@ public interface Network extends ControlledEntity, StateObject<Network.State>, I
public static final Provider VirtualRouter = new Provider("VirtualRouter", false);
public static final Provider JuniperContrail = new Provider("JuniperContrail", false);
public static final Provider JuniperSRX = new Provider("JuniperSRX", true);
+ public static final Provider PaloAlto = new Provider("PaloAlto", true);
public static final Provider F5BigIp = new Provider("F5BigIp", true);
public static final Provider Netscaler = new Provider("Netscaler", true);
public static final Provider ExternalDhcpServer = new Provider("ExternalDhcpServer", true);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java b/api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java
index 4983255..a7906f4 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java
@@ -47,8 +47,9 @@ public class AddNetworkDeviceCmd extends BaseCmd {
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
+
@Inject ExternalNetworkDeviceManager nwDeviceMgr;
- @Parameter(name = ApiConstants.NETWORK_DEVICE_TYPE, type = CommandType.STRING, description = "Network device type, now supports ExternalDhcp, PxeServer, NetscalerMPXLoadBalancer, NetscalerVPXLoadBalancer, NetscalerSDXLoadBalancer, F5BigIpLoadBalancer, JuniperSRXFirewall")
+ @Parameter(name = ApiConstants.NETWORK_DEVICE_TYPE, type = CommandType.STRING, description = "Network device type, now supports ExternalDhcp, PxeServer, NetscalerMPXLoadBalancer, NetscalerVPXLoadBalancer, NetscalerSDXLoadBalancer, F5BigIpLoadBalancer, JuniperSRXFirewall, PaloAltoFirewall")
private String type;
@Parameter(name = ApiConstants.NETWORK_DEVICE_PARAMETER_LIST, type = CommandType.MAP, description = "parameters for network device")
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java b/api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java
index 0b7836d..5278ba9 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java
@@ -51,7 +51,7 @@ public class ListNetworkDeviceCmd extends BaseListCmd {
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
- @Parameter(name = ApiConstants.NETWORK_DEVICE_TYPE, type = CommandType.STRING, description = "Network device type, now supports ExternalDhcp, PxeServer, NetscalerMPXLoadBalancer, NetscalerVPXLoadBalancer, NetscalerSDXLoadBalancer, F5BigIpLoadBalancer, JuniperSRXFirewall")
+ @Parameter(name = ApiConstants.NETWORK_DEVICE_TYPE, type = CommandType.STRING, description = "Network device type, now supports ExternalDhcp, PxeServer, NetscalerMPXLoadBalancer, NetscalerVPXLoadBalancer, NetscalerSDXLoadBalancer, F5BigIpLoadBalancer, JuniperSRXFirewall, PaloAltoFirewall")
private String type;
@Parameter(name = ApiConstants.NETWORK_DEVICE_PARAMETER_LIST, type = CommandType.MAP, description = "parameters for network device")
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java b/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java
index 29ce2e3..32f13f8 100644
--- a/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java
+++ b/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java
@@ -42,6 +42,7 @@ public interface ExternalNetworkDeviceManager extends Manager {
public static final NetworkDevice NetscalerSDXLoadBalancer = new NetworkDevice("NetscalerSDXLoadBalancer", Network.Provider.Netscaler.getName());
public static final NetworkDevice F5BigIpLoadBalancer = new NetworkDevice("F5BigIpLoadBalancer", Network.Provider.F5BigIp.getName());
public static final NetworkDevice JuniperSRXFirewall = new NetworkDevice("JuniperSRXFirewall", Network.Provider.JuniperSRX.getName());
+ public static final NetworkDevice PaloAltoFirewall = new NetworkDevice("PaloAltoFirewall", Network.Provider.PaloAlto.getName());
public static final NetworkDevice NiciraNvp = new NetworkDevice("NiciraNvp", Network.Provider.NiciraNvp.getName());
public static final NetworkDevice CiscoVnmc = new NetworkDevice("CiscoVnmc", Network.Provider.CiscoVnmc.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/client/WEB-INF/classes/resources/messages.properties
----------------------------------------------------------------------
diff --git a/client/WEB-INF/classes/resources/messages.properties b/client/WEB-INF/classes/resources/messages.properties
index d548527..e450c29 100644
--- a/client/WEB-INF/classes/resources/messages.properties
+++ b/client/WEB-INF/classes/resources/messages.properties
@@ -304,6 +304,7 @@ label.add.new.F5=Add new F5
label.add.new.gateway=Add new gateway
label.add.new.NetScaler=Add new NetScaler
label.add.new.SRX=Add new SRX
+label.add.new.PA=Add new Palo Alto
label.add.new.tier=Add new tier
label.add.NiciraNvp.device=Add Nvp Controller
label.add.physical.network=Add physical network
@@ -318,6 +319,7 @@ label.add.secondary.storage=Add Secondary Storage
label.add.security.group=Add Security Group
label.add.service.offering=Add Service Offering
label.add.SRX.device=Add SRX device
+label.add.PA.device=Add Palo Alto device
label.add.static.nat.rule=Add static NAT rule
label.add.static.route=Add static route
label.add.system.service.offering=Add System Service Offering
@@ -479,6 +481,7 @@ label.delete.NetScaler=Delete NetScaler
label.delete.NiciraNvp=Remove Nvp Controller
label.delete.project=Delete project
label.delete.SRX=Delete SRX
+label.delete.PA=Delete Palo Alto
label.delete.VPN.connection=delete VPN connection
label.delete.VPN.customer.gateway=delete VPN Customer Gateway
label.delete.VPN.gateway=delete VPN Gateway
@@ -876,6 +879,8 @@ label.os.type=OS Type
label.owned.public.ips=Owned Public IP Addresses
label.owner.account=Owner Account
label.owner.domain=Owner Domain
+label.PA.log.profile=Palo Alto Log Profile
+label.PA.threat.profile=Palo Alto Threat Profile
label.parent.domain=Parent Domain
label.password.enabled=Password Enabled
label.password=Password
@@ -1048,6 +1053,7 @@ label.specify.vlan=Specify VLAN
label.specify.vxlan=Specify VXLAN
label.SR.name = SR Name-Label
label.srx=SRX
+label.PA=Palo Alto
label.start.IP=Start IP
label.start.port=Start Port
label.start.reserved.system.IP=Start Reserved system IP
@@ -1366,6 +1372,7 @@ message.confirm.action.force.reconnect=Please confirm that you want to force rec
message.confirm.delete.F5=Please confirm that you would like to delete F5
message.confirm.delete.NetScaler=Please confirm that you would like to delete NetScaler
message.confirm.delete.SRX=Please confirm that you would like to delete SRX
+message.confirm.delete.PA=Please confirm that you would like to delete Palo Alto
message.confirm.destroy.router=Please confirm that you would like to destroy this router
message.confirm.disable.provider=Please confirm that you would like to disable this provider
message.confirm.enable.provider=Please confirm that you would like to enable this provider
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/client/pom.xml
----------------------------------------------------------------------
diff --git a/client/pom.xml b/client/pom.xml
index 54cb667..a15a409 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -92,6 +92,11 @@
</dependency>
<dependency>
<groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloud-plugin-network-palo-alto</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cloudstack</groupId>
<artifactId>cloud-plugin-network-ovs</artifactId>
<version>${project.version}</version>
</dependency>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/client/tomcatconf/commands.properties.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in
index 8cbe972..087d8b9 100644
--- a/client/tomcatconf/commands.properties.in
+++ b/client/tomcatconf/commands.properties.in
@@ -533,6 +533,17 @@ configureSrxFirewall=1
listSrxFirewalls=1
listSrxFirewallNetworks=1
+#### Palo Alto firewall commands
+addExternalFirewall=1
+deleteExternalFirewall=1
+listExternalFirewalls=1
+
+addPaloAltoFirewall=1
+deletePaloAltoFirewall=1
+configurePaloAltoFirewall=1
+listPaloAltoFirewalls=1
+listPaloAltoFirewallNetworks=1
+
####Netapp integration commands
createVolumeOnFiler=15
destroyVolumeOnFiler=15
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/plugins/network-elements/palo-alto/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/pom.xml b/plugins/network-elements/palo-alto/pom.xml
new file mode 100644
index 0000000..50b4c13
--- /dev/null
+++ b/plugins/network-elements/palo-alto/pom.xml
@@ -0,0 +1,29 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>cloud-plugin-network-palo-alto</artifactId>
+ <name>Apache CloudStack Plugin - Palo Alto</name>
+ <parent>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloudstack-plugins</artifactId>
+ <version>4.3.0-SNAPSHOT</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+</project>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/module.properties
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/module.properties b/plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/module.properties
new file mode 100644
index 0000000..960fdba
--- /dev/null
+++ b/plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/module.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+name=paloalto
+parent=network
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/spring-paloalto-context.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/spring-paloalto-context.xml b/plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/spring-paloalto-context.xml
new file mode 100644
index 0000000..251f444
--- /dev/null
+++ b/plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/spring-paloalto-context.xml
@@ -0,0 +1,33 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+ >
+
+ <bean id="PaloAlto" class="com.cloud.network.element.PaloAltoExternalFirewallElement">
+ <property name="name" value="PaloAlto" />
+ </bean>
+</beans>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java
new file mode 100644
index 0000000..84ee869
--- /dev/null
+++ b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java
@@ -0,0 +1,112 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.response.ZoneResponse;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.host.Host;
+import com.cloud.network.element.PaloAltoFirewallElementService;
+import org.apache.cloudstack.api.response.ExternalFirewallResponse;
+import com.cloud.user.Account;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name = "addExternalFirewall", description="Adds an external firewall appliance", responseObject = ExternalFirewallResponse.class)
+public class AddExternalFirewallCmd extends BaseCmd {
+ public static final Logger s_logger = Logger.getLogger(AddExternalFirewallCmd.class.getName());
+ private static final String s_name = "addexternalfirewallresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name=ApiConstants.ZONE_ID, type=CommandType.UUID, entityType = ZoneResponse.class,
+ required = true, description="Zone in which to add the external firewall appliance.")
+ private Long zoneId;
+
+ @Parameter(name=ApiConstants.URL, type=CommandType.STRING, required = true, description="URL of the external firewall appliance.")
+ private String url;
+
+ @Parameter(name=ApiConstants.USERNAME, type=CommandType.STRING, required = true, description="Username of the external firewall appliance.")
+ private String username;
+
+ @Parameter(name=ApiConstants.PASSWORD, type=CommandType.STRING, required = true, description="Password of the external firewall appliance.")
+ private String password;
+
+ ///////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getZoneId() {
+ return zoneId;
+ }
+
+ public String getUrl() {
+ return url;
+ }
+
+ public String getUsername() {
+ return username;
+ }
+
+ public String getPassword() {
+ return password;
+ }
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Inject PaloAltoFirewallElementService _paElementService;
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+ @SuppressWarnings("deprecation")
+ @Override
+ public void execute(){
+ try {
+ Host externalFirewall = _paElementService.addExternalFirewall(this);
+ ExternalFirewallResponse response = _paElementService.createExternalFirewallResponse(externalFirewall);
+ response.setObjectName("externalfirewall");
+ response.setResponseName(getCommandName());
+ this.setResponseObject(response);
+ } catch (InvalidParameterValueException ipve) {
+ throw new ServerApiException(ApiErrorCode.PARAM_ERROR, ipve.getMessage());
+ } catch (CloudRuntimeException cre) {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, cre.getMessage());
+ }
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java
new file mode 100644
index 0000000..faf28e2
--- /dev/null
+++ b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java
@@ -0,0 +1,135 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import com.cloud.api.response.PaloAltoFirewallResponse;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.dao.ExternalFirewallDeviceVO;
+import com.cloud.network.element.PaloAltoFirewallElementService;
+import org.apache.cloudstack.context.CallContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name = "addPaloAltoFirewall", responseObject=PaloAltoFirewallResponse.class, description="Adds a Palo Alto firewall device")
+public class AddPaloAltoFirewallCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AddPaloAltoFirewallCmd.class.getName());
+ private static final String s_name = "addpaloaltofirewallresponse";
+ @Inject PaloAltoFirewallElementService _paFwService;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class,
+ required=true, description="the Physical Network ID")
+ private Long physicalNetworkId;
+
+ @Parameter(name=ApiConstants.URL, type=CommandType.STRING, required = true, description="URL of the Palo Alto appliance.")
+ private String url;
+
+ @Parameter(name=ApiConstants.USERNAME, type=CommandType.STRING, required = true, description="Credentials to reach Palo Alto firewall device")
+ private String username;
+
+ @Parameter(name=ApiConstants.PASSWORD, type=CommandType.STRING, required = true, description="Credentials to reach Palo Alto firewall device")
+ private String password;
+
+ @Parameter(name = ApiConstants.NETWORK_DEVICE_TYPE, type = CommandType.STRING, required = true, description = "supports only PaloAltoFirewall")
+ private String deviceType;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getPhysicalNetworkId() {
+ return physicalNetworkId;
+ }
+
+ public String getUrl() {
+ return url;
+ }
+
+ public String getUsername() {
+ return username;
+ }
+
+ public String getPassword() {
+ return password;
+ }
+
+ public String getDeviceType() {
+ return deviceType;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+ try {
+ ExternalFirewallDeviceVO fwDeviceVO = _paFwService.addPaloAltoFirewall(this);
+ if (fwDeviceVO != null) {
+ PaloAltoFirewallResponse response = _paFwService.createPaloAltoFirewallResponse(fwDeviceVO);
+ response.setObjectName("pafirewall");
+ response.setResponseName(getCommandName());
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add Palo Alto firewall due to internal error.");
+ }
+ } catch (InvalidParameterValueException invalidParamExcp) {
+ throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+ } catch (CloudRuntimeException runtimeExcp) {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+ }
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Adding a Palo Alto firewall device";
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_EXTERNAL_FIREWALL_DEVICE_ADD;
+ }
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return CallContext.current().getCallingAccount().getId();
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java
new file mode 100644
index 0000000..199bb83
--- /dev/null
+++ b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java
@@ -0,0 +1,114 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import com.cloud.api.response.PaloAltoFirewallResponse;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.dao.ExternalFirewallDeviceVO;
+import com.cloud.network.element.PaloAltoFirewallElementService;
+import org.apache.cloudstack.context.CallContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name = "configurePaloAltoFirewall", responseObject=PaloAltoFirewallResponse.class, description="Configures a Palo Alto firewall device")
+public class ConfigurePaloAltoFirewallCmd extends BaseAsyncCmd {
+
+ public static final Logger s_logger = Logger.getLogger(ConfigurePaloAltoFirewallCmd.class.getName());
+ private static final String s_name = "configurepaloaltofirewallresponse";
+ @Inject PaloAltoFirewallElementService _paFwService;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name=ApiConstants.FIREWALL_DEVICE_ID, type=CommandType.UUID, entityType = PaloAltoFirewallResponse.class,
+ required=true, description="Palo Alto firewall device ID")
+ private Long fwDeviceId;
+
+ @Parameter(name=ApiConstants.FIREWALL_DEVICE_CAPACITY, type=CommandType.LONG, required=false, description="capacity of the firewall device, Capacity will be interpreted as number of networks device can handle")
+ private Long capacity;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getFirewallDeviceId() {
+ return fwDeviceId;
+ }
+
+ public Long getFirewallCapacity() {
+ return capacity;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+ try {
+ ExternalFirewallDeviceVO fwDeviceVO = _paFwService.configurePaloAltoFirewall(this);
+ if (fwDeviceVO != null) {
+ PaloAltoFirewallResponse response = _paFwService.createPaloAltoFirewallResponse(fwDeviceVO);
+ response.setObjectName("pafirewall");
+ response.setResponseName(getCommandName());
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to configure Palo Alto firewall device due to internal error.");
+ }
+ } catch (InvalidParameterValueException invalidParamExcp) {
+ throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+ } catch (CloudRuntimeException runtimeExcp) {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+ }
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Configuring a Palo Alto firewall device";
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_EXTERNAL_FIREWALL_DEVICE_CONFIGURE;
+ }
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return CallContext.current().getCallingAccount().getId();
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java
new file mode 100644
index 0000000..93f752a
--- /dev/null
+++ b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.response.HostResponse;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.network.element.PaloAltoFirewallElementService;
+import com.cloud.user.Account;
+
+@APICommand(name = "deleteExternalFirewall", description="Deletes an external firewall appliance.", responseObject = SuccessResponse.class)
+public class DeleteExternalFirewallCmd extends BaseCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteExternalFirewallCmd.class.getName());
+ private static final String s_name = "deleteexternalfirewallresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name=ApiConstants.ID, type=CommandType.UUID, entityType = HostResponse.class,
+ required = true, description="Id of the external firewall appliance.")
+ private Long id;
+
+ ///////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Inject PaloAltoFirewallElementService _paElementService;
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+ @SuppressWarnings("deprecation")
+ @Override
+ public void execute(){
+ try {
+ boolean result = _paElementService.deleteExternalFirewall(this);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ response.setResponseName(getCommandName());
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete external firewall.");
+ }
+ } catch (InvalidParameterValueException e) {
+ throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Failed to delete external firewall.");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java
new file mode 100644
index 0000000..8614981
--- /dev/null
+++ b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java
@@ -0,0 +1,105 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import com.cloud.api.response.PaloAltoFirewallResponse;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.element.PaloAltoFirewallElementService;
+import org.apache.cloudstack.context.CallContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name = "deletePaloAltoFirewall", responseObject=SuccessResponse.class, description=" delete a Palo Alto firewall device")
+public class DeletePaloAltoFirewallCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeletePaloAltoFirewallCmd.class.getName());
+ private static final String s_name = "deletepaloaltofirewallresponse";
+ @Inject PaloAltoFirewallElementService _paElementService;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name=ApiConstants.FIREWALL_DEVICE_ID, type=CommandType.UUID, entityType = PaloAltoFirewallResponse.class,
+ required=true, description="Palo Alto firewall device ID")
+ private Long fwDeviceId;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getFirewallDeviceId() {
+ return fwDeviceId;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+ try {
+ boolean result = _paElementService.deletePaloAltoFirewall(this);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ response.setResponseName(getCommandName());
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete Palo Alto firewall device");
+ }
+ } catch (InvalidParameterValueException invalidParamExcp) {
+ throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+ } catch (CloudRuntimeException runtimeExcp) {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+ }
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Deleting Palo Alto firewall device";
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_EXTERNAL_FIREWALL_DEVICE_DELETE;
+ }
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return CallContext.current().getCallingAccount().getId();
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java
new file mode 100644
index 0000000..ebced7e
--- /dev/null
+++ b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.command.user.offering.ListServiceOfferingsCmd;
+import org.apache.cloudstack.api.response.ZoneResponse;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.ListResponse;
+import com.cloud.host.Host;
+import com.cloud.network.element.PaloAltoFirewallElementService;
+import org.apache.cloudstack.api.response.ExternalFirewallResponse;
+
+@APICommand(name = "listExternalFirewalls", description="List external firewall appliances.", responseObject = ExternalFirewallResponse.class)
+public class ListExternalFirewallsCmd extends BaseListCmd {
+ public static final Logger s_logger = Logger.getLogger(ListServiceOfferingsCmd.class.getName());
+ private static final String s_name = "listexternalfirewallsresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name=ApiConstants.ZONE_ID, type=CommandType.UUID, entityType = ZoneResponse.class,
+ required = true, description="zone Id")
+ private long zoneId;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public long getZoneId() {
+ return zoneId;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Inject PaloAltoFirewallElementService _paElementService;
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @SuppressWarnings("deprecation")
+ @Override
+ public void execute(){
+
+ List<? extends Host> externalFirewalls = _paElementService.listExternalFirewalls(this);
+
+ ListResponse<ExternalFirewallResponse> listResponse = new ListResponse<ExternalFirewallResponse>();
+ List<ExternalFirewallResponse> responses = new ArrayList<ExternalFirewallResponse>();
+ for (Host externalFirewall : externalFirewalls) {
+ ExternalFirewallResponse response = _paElementService.createExternalFirewallResponse(externalFirewall);
+ response.setObjectName("externalfirewall");
+ response.setResponseName(getCommandName());
+ responses.add(response);
+ }
+
+ listResponse.setResponses(responses);
+ listResponse.setResponseName(getCommandName());
+ this.setResponseObject(listResponse);
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java
new file mode 100644
index 0000000..15c5bfc
--- /dev/null
+++ b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java
@@ -0,0 +1,95 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.*;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import com.cloud.api.response.PaloAltoFirewallResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Network;
+import com.cloud.network.element.PaloAltoFirewallElementService;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name = "listPaloAltoFirewallNetworks", responseObject=NetworkResponse.class, description="lists network that are using Palo Alto firewall device")
+public class ListPaloAltoFirewallNetworksCmd extends BaseListCmd {
+
+ public static final Logger s_logger = Logger.getLogger(ListPaloAltoFirewallNetworksCmd.class.getName());
+ private static final String s_name = "listpaloaltofirewallnetworksresponse";
+ @Inject PaloAltoFirewallElementService _paFwService;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name=ApiConstants.LOAD_BALANCER_DEVICE_ID, type=CommandType.UUID, entityType = PaloAltoFirewallResponse.class,
+ required = true, description="palo alto balancer device ID")
+ private Long fwDeviceId;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getFirewallDeviceId() {
+ return fwDeviceId;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+ try {
+ List<? extends Network> networks = _paFwService.listNetworks(this);
+ ListResponse<NetworkResponse> response = new ListResponse<NetworkResponse>();
+ List<NetworkResponse> networkResponses = new ArrayList<NetworkResponse>();
+
+ if (networks != null && !networks.isEmpty()) {
+ for (Network network : networks) {
+ NetworkResponse networkResponse = _responseGenerator.createNetworkResponse(network);
+ networkResponses.add(networkResponse);
+ }
+ }
+
+ response.setResponses(networkResponses);
+ response.setResponseName(getCommandName());
+ this.setResponseObject(response);
+ } catch (InvalidParameterValueException invalidParamExcp) {
+ throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+ } catch (CloudRuntimeException runtimeExcp) {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+ }
+ }
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java
new file mode 100644
index 0000000..b788aca
--- /dev/null
+++ b/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java
@@ -0,0 +1,103 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.*;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.response.ListResponse;
+import com.cloud.api.response.PaloAltoFirewallResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.dao.ExternalFirewallDeviceVO;
+import com.cloud.network.element.PaloAltoFirewallElementService;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name = "listPaloAltoFirewalls", responseObject=PaloAltoFirewallResponse.class, description="lists Palo Alto firewall devices in a physical network")
+public class ListPaloAltoFirewallsCmd extends BaseListCmd {
+
+ public static final Logger s_logger = Logger.getLogger(ListPaloAltoFirewallsCmd.class.getName());
+ private static final String s_name = "listpaloaltofirewallresponse";
+ @Inject PaloAltoFirewallElementService _paFwService;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class,
+ description="the Physical Network ID")
+ private Long physicalNetworkId;
+
+ @Parameter(name=ApiConstants.FIREWALL_DEVICE_ID, type=CommandType.UUID, entityType = PaloAltoFirewallResponse.class,
+ description="Palo Alto firewall device ID")
+ private Long fwDeviceId;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getFirewallDeviceId() {
+ return fwDeviceId;
+ }
+
+ public Long getPhysicalNetworkId() {
+ return physicalNetworkId;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+ try {
+ List<ExternalFirewallDeviceVO> fwDevices = _paFwService.listPaloAltoFirewalls(this);
+ ListResponse<PaloAltoFirewallResponse> response = new ListResponse<PaloAltoFirewallResponse>();
+ List<PaloAltoFirewallResponse> fwDevicesResponse = new ArrayList<PaloAltoFirewallResponse>();
+
+ if (fwDevices != null && !fwDevices.isEmpty()) {
+ for (ExternalFirewallDeviceVO fwDeviceVO : fwDevices) {
+ PaloAltoFirewallResponse deviceResponse = _paFwService.createPaloAltoFirewallResponse(fwDeviceVO);
+ fwDevicesResponse.add(deviceResponse);
+ }
+ }
+
+ response.setResponses(fwDevicesResponse);
+ response.setResponseName(getCommandName());
+ this.setResponseObject(response);
+ } catch (InvalidParameterValueException invalidParamExcp) {
+ throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+ } catch (CloudRuntimeException runtimeExcp) {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+ }
+ }
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8f8ad3f3/plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java b/plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java
new file mode 100644
index 0000000..cda018d
--- /dev/null
+++ b/plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java
@@ -0,0 +1,142 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.response;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.EntityReference;
+import com.cloud.serializer.Param;
+import com.google.gson.annotations.SerializedName;
+import org.apache.cloudstack.api.BaseResponse;
+
+import com.cloud.network.dao.ExternalFirewallDeviceVO;
+
+@EntityReference(value=ExternalFirewallDeviceVO.class)
+@SuppressWarnings("unused")
+public class PaloAltoFirewallResponse extends BaseResponse {
+
+ @SerializedName(ApiConstants.FIREWALL_DEVICE_ID) @Param(description="device id of the Palo Alto firewall")
+ private String id;
+
+ @SerializedName(ApiConstants.PHYSICAL_NETWORK_ID) @Param(description="the physical network to which this Palo Alto firewall belongs to")
+ private String physicalNetworkId;
+
+ @SerializedName(ApiConstants.PROVIDER) @Param(description="name of the provider")
+ private String providerName;
+
+ @SerializedName(ApiConstants.FIREWALL_DEVICE_NAME) @Param(description="device name")
+ private String deviceName;
+
+ @SerializedName(ApiConstants.FIREWALL_DEVICE_STATE) @Param(description="device state")
+ private String deviceState;
+
+ @SerializedName(ApiConstants.FIREWALL_DEVICE_CAPACITY) @Param(description="device capacity")
+ private Long deviceCapacity;
+
+ @SerializedName(ApiConstants.ZONE_ID) @Param(description="the zone ID of the external firewall")
+ private String zoneId;
+
+ @SerializedName(ApiConstants.IP_ADDRESS) @Param(description="the management IP address of the external firewall")
+ private String ipAddress;
+
+ @SerializedName(ApiConstants.USERNAME) @Param(description="the username that's used to log in to the external firewall")
+ private String username;
+
+ @SerializedName(ApiConstants.PUBLIC_INTERFACE) @Param(description="the public interface of the external firewall")
+ private String publicInterface;
+
+ @SerializedName(ApiConstants.USAGE_INTERFACE) @Param(description="the usage interface of the external firewall")
+ private String usageInterface;
+
+ @SerializedName(ApiConstants.PRIVATE_INTERFACE) @Param(description="the private interface of the external firewall")
+ private String privateInterface;
+
+ @SerializedName(ApiConstants.PUBLIC_ZONE) @Param(description="the public security zone of the external firewall")
+ private String publicZone;
+
+ @SerializedName(ApiConstants.PRIVATE_ZONE) @Param(description="the private security zone of the external firewall")
+ private String privateZone;
+
+ @SerializedName(ApiConstants.NUM_RETRIES) @Param(description="the number of times to retry requests to the external firewall")
+ private String numRetries;
+
+ @SerializedName(ApiConstants.TIMEOUT) @Param(description="the timeout (in seconds) for requests to the external firewall")
+ private String timeout;
+
+ public void setId(String lbDeviceId) {
+ this.id = lbDeviceId;
+ }
+
+ public void setPhysicalNetworkId(String physicalNetworkId) {
+ this.physicalNetworkId = physicalNetworkId;
+ }
+
+ public void setProvider(String provider) {
+ this.providerName = provider;
+ }
+
+ public void setDeviceName(String deviceName) {
+ this.deviceName = deviceName;
+ }
+
+ public void setDeviceCapacity(long deviceCapacity) {
+ this.deviceCapacity = deviceCapacity;
+ }
+
+ public void setDeviceState(String deviceState) {
+ this.deviceState = deviceState;
+ }
+
+ public void setIpAddress(String ipAddress) {
+ this.ipAddress = ipAddress;
+ }
+
+ public void setPublicInterface(String publicInterface) {
+ this.publicInterface = publicInterface;
+ }
+
+ public void setUsageInterface(String usageInterface) {
+ this.usageInterface = usageInterface;
+ }
+
+ public void setPrivateInterface(String privateInterface) {
+ this.privateInterface = privateInterface;
+ }
+
+ public void setPublicZone(String publicZone) {
+ this.publicZone = publicZone;
+ }
+
+ public void setPrivateZone(String privateZone) {
+ this.privateZone = privateZone;
+ }
+
+ public String getNumRetries() {
+ return numRetries;
+ }
+
+ public void setNumRetries(String numRetries) {
+ this.numRetries = numRetries;
+ }
+
+ public String getTimeout() {
+ return timeout;
+ }
+
+ public void setTimeout(String timeout) {
+ this.timeout = timeout;
+ }
+}