You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by al...@apache.org on 2014/02/21 20:06:25 UTC
git commit: updated refs/heads/master to 27a790b
Repository: cloudstack
Updated Branches:
refs/heads/master 8ec0190ee -> 27a790bdc
DisplayFlag update support for PF/Firewall/EgressFirewall rules
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/27a790bd
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/27a790bd
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/27a790bd
Branch: refs/heads/master
Commit: 27a790bdc1d11713c532ebad62dd5bbae8a976d0
Parents: 8ec0190
Author: Alena Prokharchyk <al...@citrix.com>
Authored: Fri Feb 21 11:06:52 2014 -0800
Committer: Alena Prokharchyk <al...@citrix.com>
Committed: Fri Feb 21 11:06:52 2014 -0800
----------------------------------------------------------------------
.../cloud/network/firewall/FirewallService.java | 2 +-
.../com/cloud/network/rules/FirewallRule.java | 2 ++
.../com/cloud/network/rules/RulesService.java | 5 ++--
.../firewall/CreateEgressFirewallRuleCmd.java | 16 +++++++++--
.../user/firewall/CreateFirewallRuleCmd.java | 15 +++++++++--
.../firewall/CreatePortForwardingRuleCmd.java | 19 ++++++++++---
.../firewall/UpdateEgressFirewallRuleCmd.java | 10 ++++++-
.../user/firewall/UpdateFirewallRuleCmd.java | 10 ++++++-
.../firewall/UpdatePortForwardingRuleCmd.java | 10 ++++++-
.../user/nat/CreateIpForwardingRuleCmd.java | 7 +++--
.../api/response/FirewallResponse.java | 12 +++++++--
.../api/response/FirewallRuleResponse.java | 12 +++++++--
.../cloud/network/rules/StaticNatRuleImpl.java | 6 +++++
.../com/cloud/network/rules/FirewallRuleVO.java | 12 +++++++++
server/src/com/cloud/api/ApiResponseHelper.java | 3 +++
.../network/firewall/FirewallManagerImpl.java | 28 +++++++++++++-------
.../cloud/network/rules/RulesManagerImpl.java | 13 +++++++--
.../cloud/network/MockFirewallManagerImpl.java | 2 +-
setup/db/db/schema-430to440.sql | 1 +
19 files changed, 153 insertions(+), 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/com/cloud/network/firewall/FirewallService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/firewall/FirewallService.java b/api/src/com/cloud/network/firewall/FirewallService.java
index 0e4f495..5ab7891 100644
--- a/api/src/com/cloud/network/firewall/FirewallService.java
+++ b/api/src/com/cloud/network/firewall/FirewallService.java
@@ -50,6 +50,6 @@ public interface FirewallService {
boolean revokeRelatedFirewallRule(long ruleId, boolean apply);
- FirewallRule updateFirewallRule(long ruleId, String customId);
+ FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/com/cloud/network/rules/FirewallRule.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/rules/FirewallRule.java b/api/src/com/cloud/network/rules/FirewallRule.java
index 274242a..b02257b 100644
--- a/api/src/com/cloud/network/rules/FirewallRule.java
+++ b/api/src/com/cloud/network/rules/FirewallRule.java
@@ -87,4 +87,6 @@ public interface FirewallRule extends ControlledEntity, Identity, InternalIdenti
*/
TrafficType getTrafficType();
+ boolean isDisplay();
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/com/cloud/network/rules/RulesService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/rules/RulesService.java b/api/src/com/cloud/network/rules/RulesService.java
index 1bd9cfe..2dd0182 100644
--- a/api/src/com/cloud/network/rules/RulesService.java
+++ b/api/src/com/cloud/network/rules/RulesService.java
@@ -41,11 +41,12 @@ public interface RulesService {
* vm to be linked to. If specified the destination ip address is ignored.
* @param openFirewall
* TODO
+ * @param forDisplay TODO
* @return PortForwardingRule if created.
* @throws NetworkRuleConflictException
* if conflicts in the network rules are detected.
*/
- PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Ip vmIp, boolean openFirewall) throws NetworkRuleConflictException;
+ PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Ip vmIp, boolean openFirewall, Boolean forDisplay) throws NetworkRuleConflictException;
/**
* Revokes a port forwarding rule
@@ -80,6 +81,6 @@ public interface RulesService {
boolean disableStaticNat(long ipId) throws ResourceUnavailableException, NetworkRuleConflictException, InsufficientAddressCapacityException;
- PortForwardingRule updatePortForwardingRule(long id, String customId);
+ PortForwardingRule updatePortForwardingRule(long id, String customId, Boolean forDisplay);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
index 778a18b..22c8860 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
@@ -20,8 +20,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import java.util.ArrayList;
import java.util.List;
-import org.apache.log4j.Logger;
-
+import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -33,6 +32,7 @@ import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.FirewallResponse;
import org.apache.cloudstack.api.response.NetworkResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
@@ -84,6 +84,9 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F
@Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, description = "type of firewallrule: system/user")
private String type;
+ @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
+ private Boolean display;
+
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@@ -341,4 +344,13 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F
return null;
}
+ @Override
+ public boolean isDisplay() {
+ if (display != null) {
+ return display;
+ } else {
+ return true;
+ }
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
index 44aa26f..40a8fe6 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
@@ -19,8 +19,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import java.util.ArrayList;
import java.util.List;
-import org.apache.log4j.Logger;
-
+import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -32,6 +31,7 @@ import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.FirewallResponse;
import org.apache.cloudstack.api.response.IPAddressResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
@@ -83,6 +83,9 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal
@Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, description = "type of firewallrule: system/user")
private String type;
+ @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
+ private Boolean display;
+
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@@ -333,4 +336,12 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal
return FirewallRule.TrafficType.Ingress;
}
+ @Override
+ public boolean isDisplay() {
+ if (display != null) {
+ return display;
+ } else {
+ return true;
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
index de82377..d441271 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
@@ -18,9 +18,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import java.util.List;
-import com.cloud.utils.net.NetUtils;
-import org.apache.log4j.Logger;
-
+import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -34,6 +32,7 @@ import org.apache.cloudstack.api.response.IPAddressResponse;
import org.apache.cloudstack.api.response.NetworkResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
@@ -43,6 +42,7 @@ import com.cloud.network.IpAddress;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.user.Account;
import com.cloud.utils.net.Ip;
+import com.cloud.utils.net.NetUtils;
@APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class)
public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule {
@@ -118,6 +118,9 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
description = "VM guest nic Secondary ip address for the port forwarding rule")
private String vmSecondaryIp;
+ @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
+ private Boolean display;
+
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@@ -341,7 +344,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
}
try {
- PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, privateIp, getOpenFirewall());
+ PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, privateIp, getOpenFirewall(), isDisplay());
setEntityId(result.getId());
setEntityUuid(result.getUuid());
} catch (NetworkRuleConflictException ex) {
@@ -416,4 +419,12 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
return null;
}
+ @Override
+ public boolean isDisplay() {
+ if (display != null) {
+ return display;
+ } else {
+ return true;
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java
index 690afe5..43b9a61 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java
@@ -17,6 +17,7 @@
package org.apache.cloudstack.api.command.user.firewall;
+import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCustomIdCmd;
@@ -50,6 +51,9 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false)
private Long ownerId;
+ @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
+ private Boolean display;
+
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@@ -57,6 +61,10 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd {
public Long getId() {
return id;
}
+
+ public Boolean getDisplay() {
+ return display;
+ }
// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@@ -69,7 +77,7 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Override
public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id);
- FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId());
+ FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay());
FirewallResponse fwResponse = new FirewallResponse();
if (rule != null) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java
index 3fa3b9e..f6411d0 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java
@@ -17,6 +17,7 @@
package org.apache.cloudstack.api.command.user.firewall;
+import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCustomIdCmd;
@@ -50,6 +51,9 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false)
private Long ownerId;
+ @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
+ private Boolean display;
+
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@@ -58,6 +62,10 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd {
return id;
}
+ public Boolean getDisplay() {
+ return display;
+ }
+
// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@@ -70,7 +78,7 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Override
public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id);
- FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId());
+ FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay());
FirewallResponse fwResponse = new FirewallResponse();
if (rule != null) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
index a7bb7e3..f7ee86f 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
@@ -16,6 +16,7 @@
// under the License.
package org.apache.cloudstack.api.command.user.firewall;
+import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCmd;
@@ -72,6 +73,9 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd {
description = "the ID of the virtual machine for the port forwarding rule")
private Long virtualMachineId;
+ @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
+ private Boolean display;
+
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
@@ -100,6 +104,10 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd {
return virtualMachineId;
}
+ public Boolean getDisplay() {
+ return display;
+ }
+
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@@ -139,7 +147,7 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd {
@Override
public void execute() {
- PortForwardingRule rule = _rulesService.updatePortForwardingRule(id, this.getCustomId());
+ PortForwardingRule rule = _rulesService.updatePortForwardingRule(id, this.getCustomId(), getDisplay());
FirewallRuleResponse fwResponse = new FirewallRuleResponse();
if (rule != null) {
fwResponse = _responseGenerator.createPortForwardingRuleResponse(rule);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
index 0917d52..320375c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
@@ -18,8 +18,6 @@ package org.apache.cloudstack.api.command.user.nat;
import java.util.List;
-import org.apache.log4j.Logger;
-
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -32,6 +30,7 @@ import org.apache.cloudstack.api.response.FirewallRuleResponse;
import org.apache.cloudstack.api.response.IPAddressResponse;
import org.apache.cloudstack.api.response.IpForwardingRuleResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
@@ -317,4 +316,8 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta
return null;
}
+ @Override
+ public boolean isDisplay() {
+ return true;
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/response/FirewallResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/FirewallResponse.java b/api/src/org/apache/cloudstack/api/response/FirewallResponse.java
index e3aaec5..14fabfc 100644
--- a/api/src/org/apache/cloudstack/api/response/FirewallResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/FirewallResponse.java
@@ -18,12 +18,12 @@ package org.apache.cloudstack.api.response;
import java.util.List;
-import com.google.gson.annotations.SerializedName;
-
+import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import com.cloud.serializer.Param;
+import com.google.gson.annotations.SerializedName;
@SuppressWarnings("unused")
public class FirewallResponse extends BaseResponse {
@@ -75,6 +75,10 @@ public class FirewallResponse extends BaseResponse {
@Param(description = "the list of resource tags associated with the rule", responseObject = ResourceTagResponse.class)
private List<ResourceTagResponse> tags;
+ @SerializedName(ApiConstants.FOR_DISPLAY)
+ @Param(description = "is vpc for display to the regular user", since = "4.4", authorized = {RoleType.Admin})
+ private Boolean forDisplay;
+
public void setId(String id) {
this.id = id;
}
@@ -122,4 +126,8 @@ public class FirewallResponse extends BaseResponse {
public void setTags(List<ResourceTagResponse> tags) {
this.tags = tags;
}
+
+ public void setForDisplay(Boolean forDisplay) {
+ this.forDisplay = forDisplay;
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java b/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java
index 71a3097..0d11e85 100644
--- a/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java
@@ -18,14 +18,14 @@ package org.apache.cloudstack.api.response;
import java.util.List;
-import com.google.gson.annotations.SerializedName;
-
+import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.api.EntityReference;
import com.cloud.network.rules.FirewallRule;
import com.cloud.serializer.Param;
+import com.google.gson.annotations.SerializedName;
@EntityReference(value = FirewallRule.class)
@SuppressWarnings("unused")
@@ -94,6 +94,10 @@ public class FirewallRuleResponse extends BaseResponse {
@Param(description = "the id of the guest network the port forwarding rule belongs to")
private String networkId;
+ @SerializedName(ApiConstants.FOR_DISPLAY)
+ @Param(description = "is firewall for display to the regular user", since = "4.4", authorized = {RoleType.Admin})
+ private Boolean forDisplay;
+
public String getDestNatVmIp() {
return destNatVmIp;
}
@@ -218,4 +222,8 @@ public class FirewallRuleResponse extends BaseResponse {
public void setNetworkId(String networkId) {
this.networkId = networkId;
}
+
+ public void setForDisplay(Boolean forDisplay) {
+ this.forDisplay = forDisplay;
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
----------------------------------------------------------------------
diff --git a/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java b/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
index 1c67047..7104715 100644
--- a/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
+++ b/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
@@ -31,6 +31,7 @@ public class StaticNatRuleImpl implements StaticNatRule {
long networkId;
long sourceIpAddressId;
String destIpAddress;
+ boolean forDisplay;
public StaticNatRuleImpl(FirewallRuleVO rule, String dstIp) {
this.id = rule.getId();
@@ -45,6 +46,7 @@ public class StaticNatRuleImpl implements StaticNatRule {
this.networkId = rule.getNetworkId();
this.sourceIpAddressId = rule.getSourceIpAddressId();
this.destIpAddress = dstIp;
+ this.forDisplay = rule.isDisplay();
}
@Override
@@ -142,4 +144,8 @@ public class StaticNatRuleImpl implements StaticNatRule {
return null;
}
+ @Override
+ public boolean isDisplay() {
+ return forDisplay;
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java b/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
index a8aef2c..4fa751d 100644
--- a/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
+++ b/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
@@ -101,6 +101,9 @@ public class FirewallRuleVO implements FirewallRule {
@Enumerated(value = EnumType.STRING)
TrafficType trafficType;
+ @Column(name = "display", updatable = true, nullable = false)
+ protected boolean display = true;
+
// This is a delayed load value. If the value is null,
// then this field has not been loaded yet.
// Call firewallrules dao to load it.
@@ -268,4 +271,13 @@ public class FirewallRuleVO implements FirewallRule {
public TrafficType getTrafficType() {
return trafficType;
}
+
+ public void setDisplay(boolean display) {
+ this.display = display;
+ }
+
+ @Override
+ public boolean isDisplay() {
+ return display;
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index c566a5d..e802ec3 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -1017,6 +1017,7 @@ public class ApiResponseHelper implements ResponseGenerator {
Network guestNtwk = ApiDBUtils.findNetworkById(fwRule.getNetworkId());
response.setNetworkId(guestNtwk.getUuid());
+
IpAddress ip = ApiDBUtils.findIpAddressById(fwRule.getSourceIpAddressId());
response.setPublicIpAddressId(ip.getUuid());
response.setPublicIpAddress(ip.getAddress().addr());
@@ -1051,6 +1052,7 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setTags(tagResponses);
response.setState(stateToSet);
+ response.setForDisplay(fwRule.isDisplay());
response.setObjectName("portforwardingrule");
return response;
}
@@ -2241,6 +2243,7 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setIcmpCode(fwRule.getIcmpCode());
response.setIcmpType(fwRule.getIcmpType());
+ response.setForDisplay(fwRule.isDisplay());
// set tag information
List<? extends ResourceTag> tags = ApiDBUtils.listByResourceTypeAndId(ResourceObjectType.FirewallRule, fwRule.getId());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
index 593c0b5..853de44 100644
--- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
@@ -170,7 +170,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
}
return createFirewallRule(null, caller, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(),
- rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType());
+ rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType(), rule.isDisplay());
}
@Override
@@ -180,13 +180,14 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
Long sourceIpAddressId = rule.getSourceIpAddressId();
return createFirewallRule(sourceIpAddressId, caller, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(),
- rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType());
+ rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType(), rule.isDisplay());
}
@DB
protected FirewallRule createFirewallRule(final Long ipAddrId, Account caller, final String xId, final Integer portStart, final Integer portEnd,
final String protocol, final List<String> sourceCidrList, final Integer icmpCode, final Integer icmpType, final Long relatedRuleId,
- final FirewallRule.FirewallRuleType type, final Long networkId, final FirewallRule.TrafficType trafficType) throws NetworkRuleConflictException {
+ final FirewallRule.FirewallRuleType type,
+ final Long networkId, final FirewallRule.TrafficType trafficType, final Boolean forDisplay) throws NetworkRuleConflictException {
IPAddressVO ipAddress = null;
if (ipAddrId != null) {
@@ -233,6 +234,9 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
new FirewallRuleVO(xId, ipAddrId, portStart, portEnd, protocol.toLowerCase(), networkId, accountIdFinal, domainIdFinal, Purpose.Firewall,
sourceCidrList, icmpCode, icmpType, relatedRuleId, trafficType);
newRule.setType(type);
+ if (forDisplay != null) {
+ newRule.setDisplay(forDisplay);
+ }
newRule = _firewallDao.persist(newRule);
if (type == FirewallRuleType.User)
@@ -717,12 +721,12 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
@Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating firewall rule", async = true)
- public FirewallRule updateFirewallRule(long ruleId, String customId) {
+ public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) {
Account caller = CallContext.current().getCallingAccount();
- return updateFirewallRule(ruleId, customId, caller);
+ return updateFirewallRule(ruleId, customId, caller, forDisplay);
}
- protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller) {
+ protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller, Boolean forDisplay) {
FirewallRuleVO rule = _firewallDao.findById(ruleId);
if (rule == null || rule.getPurpose() != Purpose.Firewall) {
throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall);
@@ -736,8 +740,14 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
if (customId != null) {
rule.setUuid(customId);
- _firewallDao.update(ruleId, rule);
}
+
+ if (forDisplay != null) {
+ rule.setDisplay(forDisplay);
+ }
+
+ _firewallDao.update(ruleId, rule);
+
return _firewallDao.findById(ruleId);
}
@@ -822,7 +832,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
List<String> oneCidr = new ArrayList<String>();
oneCidr.add(NetUtils.ALL_CIDRS);
return createFirewallRule(ipAddrId, caller, null, startPort, endPort, protocol, oneCidr, icmpCode, icmpType, relatedRuleId, FirewallRule.FirewallRuleType.User,
- networkId, FirewallRule.TrafficType.Ingress);
+ networkId, FirewallRule.TrafficType.Ingress, true);
}
@Override
@@ -936,7 +946,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
_firewallDao.loadSourceCidrs(rule);
}
createFirewallRule(ip.getId(), acct, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(),
- rule.getIcmpCode(), rule.getIcmpType(), rule.getRelated(), FirewallRuleType.System, rule.getNetworkId(), rule.getTrafficType());
+ rule.getIcmpCode(), rule.getIcmpType(), rule.getRelated(), FirewallRuleType.System, rule.getNetworkId(), rule.getTrafficType(), true);
} catch (Exception e) {
s_logger.debug("Failed to add system wide firewall rule, due to:" + e.toString());
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/server/src/com/cloud/network/rules/RulesManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java
index 2fa72a7..06c478c 100755
--- a/server/src/com/cloud/network/rules/RulesManagerImpl.java
+++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java
@@ -201,7 +201,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating forwarding rule", create = true)
- public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule, final Long vmId, Ip vmIp, final boolean openFirewall)
+ public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule, final Long vmId, Ip vmIp, final boolean openFirewall, final Boolean forDisplay)
throws NetworkRuleConflictException {
CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
@@ -316,6 +316,10 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules
PortForwardingRuleVO newRule =
new PortForwardingRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), dstIpFinal,
rule.getDestinationPortStart(), rule.getDestinationPortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, vmId);
+
+ if (forDisplay != null) {
+ newRule.setDisplay(forDisplay);
+ }
newRule = _portForwardingDao.persist(newRule);
// create firewallRule for 0.0.0.0/0 cidr
@@ -1486,7 +1490,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules
@Override
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_MODIFY, eventDescription = "updating forwarding rule", async = true)
- public PortForwardingRule updatePortForwardingRule(long id, String customId) {
+ public PortForwardingRule updatePortForwardingRule(long id, String customId, Boolean forDisplay) {
Account caller = CallContext.current().getCallingAccount();
PortForwardingRuleVO rule = _portForwardingDao.findById(id);
if (rule == null) {
@@ -1497,6 +1501,11 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules
if (customId != null) {
rule.setUuid(customId);
}
+
+ if (forDisplay != null) {
+ rule.setDisplay(forDisplay);
+ }
+
_portForwardingDao.update(id, rule);
return _portForwardingDao.findById(id);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/server/test/com/cloud/network/MockFirewallManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/network/MockFirewallManagerImpl.java b/server/test/com/cloud/network/MockFirewallManagerImpl.java
index b306976..3c02613 100644
--- a/server/test/com/cloud/network/MockFirewallManagerImpl.java
+++ b/server/test/com/cloud/network/MockFirewallManagerImpl.java
@@ -185,7 +185,7 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana
}
@Override
- public FirewallRule updateFirewallRule(long ruleId, String customId) {
+ public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) {
// TODO Auto-generated method stub
return null;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27a790bd/setup/db/db/schema-430to440.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-430to440.sql b/setup/db/db/schema-430to440.sql
index c11f446..9c0cc26 100644
--- a/setup/db/db/schema-430to440.sql
+++ b/setup/db/db/schema-430to440.sql
@@ -531,6 +531,7 @@ UPDATE `cloud`.`vpc_gateway_details` set `display`=1 where id> 0;
ALTER TABLE `cloud`.`user_ip_address` ADD COLUMN `display` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'True if the ip address can be displayed to the end user';
ALTER TABLE `cloud`.`vpc` ADD COLUMN `display` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'True if the vpc can be displayed to the end user';
+ALTER TABLE `cloud`.`firewall_rules` ADD COLUMN `display` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'True if the rule can be displayed to the end user';