You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by al...@apache.org on 2012/06/16 00:38:02 UTC

[6/51] [abbrv] git commit: Added new capabilities to VPN and Firewall services defining if VPN is S2S or Remote access, and if the Firewall rules should be created per cidr or per public ip address

Added new capabilities to VPN and Firewall services defining if VPN is S2S or Remote access, and if the Firewall rules should be created per cidr or per public ip address


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/b3985a3b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/b3985a3b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/b3985a3b

Branch: refs/heads/vpc
Commit: b3985a3b48c1f356faa122683c643952a0ab19fc
Parents: 2deba9b
Author: Alena Prokharchyk <al...@citrix.com>
Authored: Wed Jun 13 10:17:04 2012 -0700
Committer: Alena Prokharchyk <al...@citrix.com>
Committed: Fri Jun 15 14:33:06 2012 -0700

----------------------------------------------------------------------
 api/src/com/cloud/network/Network.java             |    9 ++++++---
 .../element/JuniperSRXExternalFirewallElement.java |    1 +
 .../cloud/network/element/NetscalerElement.java    |    2 +-
 .../network/element/VirtualRouterElement.java      |    5 +++--
 .../network/element/VpcVirtualRouterElement.java   |   10 ++++++++++
 5 files changed, 21 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/b3985a3b/api/src/com/cloud/network/Network.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/Network.java b/api/src/com/cloud/network/Network.java
index f1318d9..8dd9e13 100644
--- a/api/src/com/cloud/network/Network.java
+++ b/api/src/com/cloud/network/Network.java
@@ -41,12 +41,12 @@ public interface Network extends ControlledEntity {
     public static class Service {
         private static List<Service> supportedServices = new ArrayList<Service>();
 
-        public static final Service Vpn = new Service("Vpn", Capability.SupportedVpnTypes);
+        public static final Service Vpn = new Service("Vpn", Capability.SupportedVpnProtocols, Capability.VpnTypes);
         public static final Service Dhcp = new Service("Dhcp");
         public static final Service Dns = new Service("Dns", Capability.AllowDnsSuffixModification);
         public static final Service Gateway = new Service("Gateway");
         public static final Service Firewall = new Service("Firewall", Capability.SupportedProtocols, 
-                Capability.MultipleIps, Capability.TrafficStatistics);
+                Capability.MultipleIps, Capability.TrafficStatistics, Capability.FirewallType);
         public static final Service Lb = new Service("Lb", Capability.SupportedLBAlgorithms, Capability.SupportedLBIsolation,
                 Capability.SupportedProtocols, Capability.TrafficStatistics, Capability.LoadBalancingSupportedIps, 
                 Capability.SupportedStickinessMethods, Capability.ElasticLb);
@@ -156,13 +156,16 @@ public interface Network extends ControlledEntity {
         public static final Capability SupportedStickinessMethods = new Capability("SupportedStickinessMethods");
         public static final Capability MultipleIps = new Capability("MultipleIps");
         public static final Capability SupportedSourceNatTypes = new Capability("SupportedSourceNatTypes");
-        public static final Capability SupportedVpnTypes = new Capability("SupportedVpnTypes");
+        public static final Capability SupportedVpnProtocols = new Capability("SupportedVpnTypes");
+        public static final Capability VpnTypes = new Capability("VpnTypes");
         public static final Capability TrafficStatistics = new Capability("TrafficStatistics");
         public static final Capability LoadBalancingSupportedIps = new Capability("LoadBalancingSupportedIps");
         public static final Capability AllowDnsSuffixModification = new Capability("AllowDnsSuffixModification");
         public static final Capability RedundantRouter = new Capability("RedundantRouter");
         public static final Capability ElasticIp = new Capability("ElasticIp");
         public static final Capability ElasticLb = new Capability("ElasticLb");
+        public static final Capability FirewallType = new Capability("FirewallType");
+
 
         private String name;
 

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/b3985a3b/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java b/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
index 0473291..1aa23da 100644
--- a/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
+++ b/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
@@ -266,6 +266,7 @@ public class JuniperSRXExternalFirewallElement extends ExternalFirewallDeviceMan
         firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp");
         firewallCapabilities.put(Capability.MultipleIps, "true");
         firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
+        firewallCapabilities.put(Capability.FirewallType, "perpublicip");
         capabilities.put(Service.Firewall, firewallCapabilities);
 
         // Disabling VPN for Juniper in Acton as it 1) Was never tested 2) probably just doesn't work

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/b3985a3b/server/src/com/cloud/network/element/NetscalerElement.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/element/NetscalerElement.java b/server/src/com/cloud/network/element/NetscalerElement.java
index 7fcb6d0..0526274 100644
--- a/server/src/com/cloud/network/element/NetscalerElement.java
+++ b/server/src/com/cloud/network/element/NetscalerElement.java
@@ -279,7 +279,7 @@ public class NetscalerElement extends ExternalLoadBalancerDeviceManagerImpl impl
         firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
         firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
         firewallCapabilities.put(Capability.MultipleIps, "true");
-
+        firewallCapabilities.put(Capability.FirewallType, "perpublicip");
         capabilities.put(Service.Firewall, firewallCapabilities);
 
         return capabilities;

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/b3985a3b/server/src/com/cloud/network/element/VirtualRouterElement.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java
index dc1a247..0feaa98 100755
--- a/server/src/com/cloud/network/element/VirtualRouterElement.java
+++ b/server/src/com/cloud/network/element/VirtualRouterElement.java
@@ -559,12 +559,13 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
         firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
         firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
         firewallCapabilities.put(Capability.MultipleIps, "true");
-
+        firewallCapabilities.put(Capability.FirewallType, "perpublicip");
         capabilities.put(Service.Firewall, firewallCapabilities);
 
         // Set capabilities for vpn
         Map<Capability, String> vpnCapabilities = new HashMap<Capability, String>();
-        vpnCapabilities.put(Capability.SupportedVpnTypes, "pptp,l2tp,ipsec");
+        vpnCapabilities.put(Capability.SupportedVpnProtocols, "pptp,l2tp,ipsec");
+        vpnCapabilities.put(Capability.VpnTypes, "removeaccessvpn");
         capabilities.put(Service.Vpn, vpnCapabilities);
 
         Map<Capability, String> dnsCapabilities = new HashMap<Capability, String>();

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/b3985a3b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
index ca5f920..e5ae27e 100644
--- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
+++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
@@ -89,6 +89,8 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
                 s_logger.trace("Element " + getProvider().getName() + " doesn't support service " + service.getName() 
                         + " in the network " + network);
                 return false;
+            } else if (service == Service.Firewall) {
+                //todo - get capability here
             }
         }
 
@@ -239,6 +241,14 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
         sourceNatCapabilities.put(Capability.RedundantRouter, "false");
         capabilities.put(Service.SourceNat, sourceNatCapabilities);
         
+        Map<Capability, String> vpnCapabilities = capabilities.get(Service.Vpn);
+        vpnCapabilities.put(Capability.VpnTypes, "s2svpn");
+        capabilities.put(Service.Vpn, vpnCapabilities);
+        
+        Map<Capability, String> firewallCapabilities = capabilities.get(Service.Firewall);
+        firewallCapabilities.put(Capability.FirewallType, "percidr");
+        capabilities.put(Service.Firewall, firewallCapabilities);
+
         return capabilities;
     }