You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2012/12/04 20:32:06 UTC
[9/18] git commit: api_refactor: refactor firewall apis
api_refactor: refactor firewall apis
Signed-off-by: Rohit Yadav <bh...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/25b5aadb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/25b5aadb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/25b5aadb
Branch: refs/heads/api_refactoring
Commit: 25b5aadb4e313436e1b5e604ee1c236c28b21a64
Parents: 5cd1f4b
Author: Rohit Yadav <bh...@apache.org>
Authored: Tue Dec 4 11:17:06 2012 -0800
Committer: Rohit Yadav <bh...@apache.org>
Committed: Tue Dec 4 11:17:06 2012 -0800
----------------------------------------------------------------------
.../cloud/api/commands/CreateFirewallRuleCmd.java | 325 -------------
.../api/commands/CreatePortForwardingRuleCmd.java | 373 ---------------
.../cloud/api/commands/DeleteFirewallRuleCmd.java | 120 -----
.../api/commands/DeletePortForwardingRuleCmd.java | 122 -----
.../cloud/api/commands/ListFirewallRulesCmd.java | 86 ----
.../api/commands/ListPortForwardingRulesCmd.java | 88 ----
.../cloud/network/firewall/FirewallService.java | 2 +-
api/src/com/cloud/network/rules/RulesService.java | 2 +-
.../firewall/command/CreateFirewallRuleCmd.java | 325 +++++++++++++
.../command/CreatePortForwardingRuleCmd.java | 373 +++++++++++++++
.../firewall/command/DeleteFirewallRuleCmd.java | 120 +++++
.../command/DeletePortForwardingRuleCmd.java | 122 +++++
.../firewall/command/ListFirewallRulesCmd.java | 86 ++++
.../command/ListPortForwardingRulesCmd.java | 88 ++++
.../api/user/nat/command/DisableStaticNatCmd.java | 2 +-
client/tomcatconf/commands.properties.in | 12 +-
.../network/firewall/FirewallManagerImpl.java | 2 +-
.../com/cloud/network/rules/RulesManagerImpl.java | 2 +-
18 files changed, 1125 insertions(+), 1125 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java b/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java
deleted file mode 100644
index 877fd7e..0000000
--- a/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java
+++ /dev/null
@@ -1,325 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import com.cloud.api.response.FirewallResponse;
-import com.cloud.async.AsyncJob;
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.NetworkRuleConflictException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.network.IpAddress;
-import com.cloud.network.rules.FirewallRule;
-import com.cloud.user.Account;
-import com.cloud.user.UserContext;
-import com.cloud.utils.net.NetUtils;
-
-@Implementation(description = "Creates a firewall rule for a given ip address", responseObject = FirewallResponse.class)
-public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements FirewallRule {
- public static final Logger s_logger = Logger.getLogger(CreateFirewallRuleCmd.class.getName());
-
- private static final String s_name = "createfirewallruleresponse";
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @IdentityMapper(entityTableName="user_ip_address")
- @Parameter(name = ApiConstants.IP_ADDRESS_ID, type = CommandType.LONG, required=true, description = "the IP address id of the port forwarding rule")
- private Long ipAddressId;
-
- @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true, description = "the protocol for the firewall rule. Valid values are TCP/UDP/ICMP.")
- private String protocol;
-
- @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "the starting port of firewall rule")
- private Integer publicStartPort;
-
- @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "the ending port of firewall rule")
- private Integer publicEndPort;
-
- @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the cidr list to forward traffic from")
- private List<String> cidrlist;
-
- @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the icmp message being sent")
- private Integer icmpType;
-
- @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this icmp message")
- private Integer icmpCode;
-
- @Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, description = "type of firewallrule: system/user")
- private String type;
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getEntityTable() {
- return "firewall_rules";
- }
-
- public Long getIpAddressId() {
- return ipAddressId;
- }
-
- @Override
- public String getProtocol() {
- return protocol.trim();
- }
-
- public List<String> getSourceCidrList() {
- if (cidrlist != null) {
- return cidrlist;
- } else {
- List<String> oneCidrList = new ArrayList<String>();
- oneCidrList.add(NetUtils.ALL_CIDRS);
- return oneCidrList;
- }
-
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- public void setSourceCidrList(List<String> cidrs){
- cidrlist = cidrs;
- }
-
- @Override
- public void execute() throws ResourceUnavailableException {
- UserContext callerContext = UserContext.current();
- boolean success = false;
- FirewallRule rule = _entityMgr.findById(FirewallRule.class, getEntityId());
- try {
- UserContext.current().setEventDetails("Rule Id: " + getEntityId());
- success = _firewallService.applyFirewallRules(rule.getSourceIpAddressId(), callerContext.getCaller());
-
- // State is different after the rule is applied, so get new object here
- rule = _entityMgr.findById(FirewallRule.class, getEntityId());
- FirewallResponse fwResponse = new FirewallResponse();
- if (rule != null) {
- fwResponse = _responseGenerator.createFirewallResponse(rule);
- setResponseObject(fwResponse);
- }
- fwResponse.setResponseName(getCommandName());
- } finally {
- if (!success || rule == null) {
- _firewallService.revokeFirewallRule(getEntityId(), true);
- throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create firewall rule");
- }
- }
- }
-
- @Override
- public long getId() {
- throw new UnsupportedOperationException("database id can only provided by VO objects");
- }
-
- @Override
- public String getXid() {
- // FIXME: We should allow for end user to specify Xid.
- return null;
- }
-
- @Override
- public Long getSourceIpAddressId() {
- return ipAddressId;
- }
-
- @Override
- public Integer getSourcePortStart() {
- if (publicStartPort != null) {
- return publicStartPort.intValue();
- }
- return null;
- }
-
- @Override
- public Integer getSourcePortEnd() {
- if (publicEndPort == null) {
- if (publicStartPort != null) {
- return publicStartPort.intValue();
- }
- } else {
- return publicEndPort.intValue();
- }
-
- return null;
- }
-
- @Override
- public Purpose getPurpose() {
- return Purpose.Firewall;
- }
-
- @Override
- public State getState() {
- throw new UnsupportedOperationException("Should never call me to find the state");
- }
-
- @Override
- public long getNetworkId() {
- IpAddress ip = _entityMgr.findById(IpAddress.class, getIpAddressId());
- Long ntwkId = null;
-
- if (ip.getAssociatedWithNetworkId() != null) {
- ntwkId = ip.getAssociatedWithNetworkId();
- }
-
- if (ntwkId == null) {
- throw new InvalidParameterValueException("Unable to create firewall rule for the ipAddress id=" + ipAddressId +
- " as ip is not associated with any network and no networkId is passed in");
- }
- return ntwkId;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = UserContext.current().getCaller();
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public long getDomainId() {
- IpAddress ip = _networkService.getIp(ipAddressId);
- return ip.getDomainId();
- }
-
- @Override
- public void create() {
- if (getSourceCidrList() != null) {
- for (String cidr: getSourceCidrList()){
- if (!NetUtils.isValidCIDR(cidr)){
- throw new ServerApiException(BaseCmd.PARAM_ERROR, "Source cidrs formatting error " + cidr);
- }
- }
- }
-
- try {
- FirewallRule result = _firewallService.createFirewallRule(this);
- setEntityId(result.getId());
- } catch (NetworkRuleConflictException ex) {
- s_logger.info("Network rule conflict: " + ex.getMessage());
- s_logger.trace("Network Rule Conflict: ", ex);
- throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_FIREWALL_OPEN;
- }
-
- @Override
- public String getEventDescription() {
- IpAddress ip = _networkService.getIp(ipAddressId);
- return ("Createing firewall rule for Ip: " + ip.getAddress() + " for protocol:" + this.getProtocol());
- }
-
- @Override
- public long getAccountId() {
- IpAddress ip = _networkService.getIp(ipAddressId);
- return ip.getAccountId();
- }
-
- @Override
- public String getSyncObjType() {
- return BaseAsyncCmd.networkSyncObject;
- }
-
- @Override
- public Long getSyncObjId() {
- return getIp().getAssociatedWithNetworkId();
- }
-
- private IpAddress getIp() {
- IpAddress ip = _networkService.getIp(ipAddressId);
- if (ip == null) {
- throw new InvalidParameterValueException("Unable to find ip address by id " + ipAddressId);
- }
- return ip;
- }
-
- @Override
- public Integer getIcmpCode() {
- if (icmpCode != null) {
- return icmpCode;
- } else if (protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO)) {
- return -1;
- }
- return null;
- }
-
- @Override
- public Integer getIcmpType() {
- if (icmpType != null) {
- return icmpType;
- } else if (protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO)) {
- return -1;
-
- }
- return null;
- }
-
- @Override
- public Long getRelated() {
- return null;
- }
-
- @Override
- public FirewallRuleType getType() {
- if (type != null && type.equalsIgnoreCase("system")) {
- return FirewallRuleType.System;
- } else {
- return FirewallRuleType.User;
- }
- }
-
- @Override
- public AsyncJob.Type getInstanceType() {
- return AsyncJob.Type.FirewallRule;
- }
-
- @Override
- public TrafficType getTrafficType() {
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
deleted file mode 100644
index 3579da2..0000000
--- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
+++ /dev/null
@@ -1,373 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import com.cloud.api.response.FirewallRuleResponse;
-import com.cloud.async.AsyncJob;
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.NetworkRuleConflictException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.network.IpAddress;
-import com.cloud.network.rules.PortForwardingRule;
-import com.cloud.user.Account;
-import com.cloud.user.UserContext;
-import com.cloud.utils.net.Ip;
-
-@Implementation(description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class)
-public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule {
- public static final Logger s_logger = Logger.getLogger(CreatePortForwardingRuleCmd.class.getName());
-
- private static final String s_name = "createportforwardingruleresponse";
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @IdentityMapper(entityTableName = "user_ip_address")
- @Parameter(name = ApiConstants.IP_ADDRESS_ID, type = CommandType.LONG, required = true,
- description = "the IP address id of the port forwarding rule")
- private Long ipAddressId;
-
- @Parameter(name = ApiConstants.PRIVATE_START_PORT, type = CommandType.INTEGER, required = true,
- description = "the starting port of port forwarding rule's private port range")
- private Integer privateStartPort;
-
- @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true,
- description = "the protocol for the port fowarding rule. Valid values are TCP or UDP.")
- private String protocol;
-
- @Parameter(name = ApiConstants.PRIVATE_END_PORT, type = CommandType.INTEGER, required = false, description = "the ending port of port forwarding rule's private port range")
- private Integer privateEndPort;
-
- @Parameter(name = ApiConstants.PUBLIC_START_PORT, type = CommandType.INTEGER, required = true,
- description = "the starting port of port forwarding rule's public port range")
- private Integer publicStartPort;
-
- @Parameter(name = ApiConstants.PUBLIC_END_PORT, type = CommandType.INTEGER, required = false, description = "the ending port of port forwarding rule's private port range")
- private Integer publicEndPort;
-
- @IdentityMapper(entityTableName = "vm_instance")
- @Parameter(name = ApiConstants.VIRTUAL_MACHINE_ID, type = CommandType.LONG, required = true,
- description = "the ID of the virtual machine for the port forwarding rule")
- private Long virtualMachineId;
-
- @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING,
- description = "the cidr list to forward traffic from")
- private List<String> cidrlist;
-
- @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN,
- description = "if true, firewall rule for source/end pubic port is automatically created; " +
- "if false - firewall rule has to be created explicitely. If not specified 1) defaulted to false when PF" +
- " rule is being created for VPC guest network 2) in all other cases defaulted to true")
- private Boolean openFirewall;
-
- @IdentityMapper(entityTableName="networks")
- @Parameter(name=ApiConstants.NETWORK_ID, type=CommandType.LONG,
- description="The network of the vm the Port Forwarding rule will be created for. " +
- "Required when public Ip address is not associated with any Guest network yet (VPC case)")
- private Long networkId;
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getEntityTable() {
- return "firewall_rules";
- }
-
- public Long getIpAddressId() {
- return ipAddressId;
- }
-
- @Override
- public String getProtocol() {
- return protocol.trim();
- }
-
- @Override
- public long getVirtualMachineId() {
- return virtualMachineId;
- }
-
- public List<String> getSourceCidrList() {
- if (cidrlist != null) {
- throw new InvalidParameterValueException("Parameter cidrList is deprecated; if you need to open firewall " +
- "rule for the specific cidr, please refer to createFirewallRule command");
- }
- return null;
- }
-
- public Boolean getOpenFirewall() {
- boolean isVpc = getVpcId() == null ? false : true;
- if (openFirewall != null) {
- if (isVpc && openFirewall) {
- throw new InvalidParameterValueException("Can't have openFirewall=true when IP address belongs to VPC");
- }
- return openFirewall;
- } else {
- if (isVpc) {
- return false;
- }
- return true;
- }
- }
-
- private Long getVpcId() {
- if (ipAddressId != null) {
- IpAddress ipAddr = _networkService.getIp(ipAddressId);
- if (ipAddr == null || !ipAddr.readyToUse()) {
- throw new InvalidParameterValueException("Unable to create PF rule, invalid IP address id " + ipAddr.getId());
- } else {
- return ipAddr.getVpcId();
- }
- }
- return null;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public void execute() throws ResourceUnavailableException {
- UserContext callerContext = UserContext.current();
- boolean success = true;
- PortForwardingRule rule = null;
- try {
- UserContext.current().setEventDetails("Rule Id: " + getEntityId());
-
- if (getOpenFirewall()) {
- success = success && _firewallService.applyFirewallRules(ipAddressId, callerContext.getCaller());
- }
-
- success = success && _rulesService.applyPortForwardingRules(ipAddressId, callerContext.getCaller());
-
- // State is different after the rule is applied, so get new object here
- rule = _entityMgr.findById(PortForwardingRule.class, getEntityId());
- FirewallRuleResponse fwResponse = new FirewallRuleResponse();
- if (rule != null) {
- fwResponse = _responseGenerator.createPortForwardingRuleResponse(rule);
- setResponseObject(fwResponse);
- }
- fwResponse.setResponseName(getCommandName());
- } finally {
- if (!success || rule == null) {
-
- if (getOpenFirewall()) {
- _firewallService.revokeRelatedFirewallRule(getEntityId(), true);
- }
-
- _rulesService.revokePortForwardingRule(getEntityId(), true);
-
- throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to apply port forwarding rule");
- }
- }
- }
-
- @Override
- public long getId() {
- throw new UnsupportedOperationException("database id can only provided by VO objects");
- }
-
- @Override
- public String getXid() {
- // FIXME: We should allow for end user to specify Xid.
- return null;
- }
-
- @Override
- public Long getSourceIpAddressId() {
- return ipAddressId;
- }
-
- @Override
- public Integer getSourcePortStart() {
- return publicStartPort.intValue();
- }
-
- @Override
- public Integer getSourcePortEnd() {
- return (publicEndPort == null)? publicStartPort.intValue() : publicEndPort.intValue();
- }
-
- @Override
- public Purpose getPurpose() {
- return Purpose.PortForwarding;
- }
-
- @Override
- public State getState() {
- throw new UnsupportedOperationException("Should never call me to find the state");
- }
-
- @Override
- public long getNetworkId() {
- IpAddress ip = _entityMgr.findById(IpAddress.class, getIpAddressId());
- Long ntwkId = null;
-
- if (ip.getAssociatedWithNetworkId() != null) {
- ntwkId = ip.getAssociatedWithNetworkId();
- } else {
- ntwkId = networkId;
- }
- if (ntwkId == null) {
- throw new InvalidParameterValueException("Unable to create port forwarding rule for the ipAddress id=" + ipAddressId +
- " as ip is not associated with any network and no networkId is passed in");
- }
- return ntwkId;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = UserContext.current().getCaller();
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are
- // tracked
- }
-
- @Override
- public long getDomainId() {
- IpAddress ip = _networkService.getIp(ipAddressId);
- return ip.getDomainId();
- }
-
- @Override
- public Ip getDestinationIpAddress() {
- return null;
- }
-
- @Override
- public void setDestinationIpAddress(Ip destinationIpAddress) {
- return;
- }
-
- @Override
- public int getDestinationPortStart() {
- return privateStartPort.intValue();
- }
-
- @Override
- public int getDestinationPortEnd() {
- return (privateEndPort == null)? privateStartPort.intValue() : privateEndPort.intValue();
- }
-
- @Override
- public void create() {
- // cidr list parameter is deprecated
- if (cidrlist != null) {
- throw new InvalidParameterValueException("Parameter cidrList is deprecated; if you need to open firewall rule for the specific cidr, please refer to createFirewallRule command");
- }
-
- try {
- PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, getOpenFirewall());
- setEntityId(result.getId());
- } catch (NetworkRuleConflictException ex) {
- s_logger.info("Network rule conflict: " , ex);
- s_logger.trace("Network Rule Conflict: ", ex);
- throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_NET_RULE_ADD;
- }
-
- @Override
- public String getEventDescription() {
- IpAddress ip = _networkService.getIp(ipAddressId);
- return ("Applying port forwarding rule for Ip: " + ip.getAddress() + " with virtual machine:" + virtualMachineId);
- }
-
- @Override
- public long getAccountId() {
- IpAddress ip = _networkService.getIp(ipAddressId);
- return ip.getAccountId();
- }
-
- @Override
- public String getSyncObjType() {
- return BaseAsyncCmd.networkSyncObject;
- }
-
- @Override
- public Long getSyncObjId() {
- return getIp().getAssociatedWithNetworkId();
- }
-
- private IpAddress getIp() {
- IpAddress ip = _networkService.getIp(ipAddressId);
- if (ip == null) {
- throw new InvalidParameterValueException("Unable to find ip address by id " + ipAddressId);
- }
- return ip;
- }
-
- @Override
- public Integer getIcmpCode() {
- return null;
- }
-
- @Override
- public Integer getIcmpType() {
- return null;
- }
-
- @Override
- public Long getRelated() {
- return null;
- }
-
- @Override
- public FirewallRuleType getType() {
- return FirewallRuleType.User;
- }
-
- @Override
- public AsyncJob.Type getInstanceType() {
- return AsyncJob.Type.FirewallRule;
- }
-
- @Override
- public TrafficType getTrafficType() {
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/com/cloud/api/commands/DeleteFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/DeleteFirewallRuleCmd.java b/api/src/com/cloud/api/commands/DeleteFirewallRuleCmd.java
deleted file mode 100644
index 7ce390f..0000000
--- a/api/src/com/cloud/api/commands/DeleteFirewallRuleCmd.java
+++ /dev/null
@@ -1,120 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import com.cloud.api.response.SuccessResponse;
-import com.cloud.async.AsyncJob;
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.network.rules.FirewallRule;
-import com.cloud.user.UserContext;
-
-@Implementation(description="Deletes a firewall rule", responseObject=SuccessResponse.class)
-public class DeleteFirewallRuleCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteFirewallRuleCmd.class.getName());
- private static final String s_name = "deletefirewallruleresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @IdentityMapper(entityTableName="firewall_rules")
- @Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="the ID of the firewall rule")
- private Long id;
-
- // unexposed parameter needed for events logging
- @IdentityMapper(entityTableName="account")
- @Parameter(name=ApiConstants.ACCOUNT_ID, type=CommandType.LONG, expose=false)
- private Long ownerId;
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_FIREWALL_CLOSE;
- }
-
- @Override
- public String getEventDescription() {
- return ("Deleting firewall rule id=" + id);
- }
-
- @Override
- public long getEntityOwnerId() {
- if (ownerId == null) {
- FirewallRule rule = _entityMgr.findById(FirewallRule.class, id);
- if (rule == null) {
- throw new InvalidParameterValueException("Unable to find firewall rule by id=" + id);
- } else {
- ownerId = _entityMgr.findById(FirewallRule.class, id).getAccountId();
- }
- }
- return ownerId;
- }
-
- @Override
- public void execute() throws ResourceUnavailableException {
- UserContext.current().setEventDetails("Rule Id: " + id);
- boolean result = _firewallService.revokeFirewallRule(id, true);
-
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- this.setResponseObject(response);
- } else {
- throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete firewall rule");
- }
- }
-
-
- @Override
- public String getSyncObjType() {
- return BaseAsyncCmd.networkSyncObject;
- }
-
- @Override
- public Long getSyncObjId() {
- return _firewallService.getFirewallRule(id).getNetworkId();
- }
-
- @Override
- public AsyncJob.Type getInstanceType() {
- return AsyncJob.Type.FirewallRule;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java
deleted file mode 100644
index 0ca9435..0000000
--- a/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java
+++ /dev/null
@@ -1,122 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import com.cloud.api.response.SuccessResponse;
-import com.cloud.async.AsyncJob;
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.network.rules.PortForwardingRule;
-import com.cloud.user.UserContext;
-
-@Implementation(description="Deletes a port forwarding rule", responseObject=SuccessResponse.class)
-public class DeletePortForwardingRuleCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeletePortForwardingRuleCmd.class.getName());
- private static final String s_name = "deleteportforwardingruleresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @IdentityMapper(entityTableName="firewall_rules")
- @Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="the ID of the port forwarding rule")
- private Long id;
-
- // unexposed parameter needed for events logging
- @IdentityMapper(entityTableName="account")
- @Parameter(name=ApiConstants.ACCOUNT_ID, type=CommandType.LONG, expose=false)
- private Long ownerId;
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_NET_RULE_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return ("Deleting port forwarding rule for id=" + id);
- }
-
- @Override
- public long getEntityOwnerId() {
- if (ownerId == null) {
- PortForwardingRule rule = _entityMgr.findById(PortForwardingRule.class, id);
- if (rule == null) {
- throw new InvalidParameterValueException("Unable to find port forwarding rule by id=" + id);
- } else {
- ownerId = _entityMgr.findById(PortForwardingRule.class, id).getAccountId();
- }
-
- }
- return ownerId;
- }
-
- @Override
- public void execute(){
- UserContext.current().setEventDetails("Rule Id: "+id);
- //revoke corresponding firewall rule first
- boolean result = _firewallService.revokeRelatedFirewallRule(id, true);
- result = result && _rulesService.revokePortForwardingRule(id, true);
-
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- this.setResponseObject(response);
- } else {
- throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete port forwarding rule");
- }
- }
-
-
- @Override
- public String getSyncObjType() {
- return BaseAsyncCmd.networkSyncObject;
- }
-
- @Override
- public Long getSyncObjId() {
- return _rulesService.getPortForwardigRule(id).getNetworkId();
- }
-
- @Override
- public AsyncJob.Type getInstanceType() {
- return AsyncJob.Type.FirewallRule;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/com/cloud/api/commands/ListFirewallRulesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/ListFirewallRulesCmd.java b/api/src/com/cloud/api/commands/ListFirewallRulesCmd.java
deleted file mode 100644
index 027a6b9..0000000
--- a/api/src/com/cloud/api/commands/ListFirewallRulesCmd.java
+++ /dev/null
@@ -1,86 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import com.cloud.api.response.FirewallResponse;
-import com.cloud.api.response.ListResponse;
-import com.cloud.network.rules.FirewallRule;
-import com.cloud.utils.Pair;
-
-@Implementation(description="Lists all firewall rules for an IP address.", responseObject=FirewallResponse.class)
-public class ListFirewallRulesCmd extends BaseListTaggedResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListFirewallRulesCmd.class.getName());
- private static final String s_name = "listfirewallrulesresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
- @IdentityMapper(entityTableName="firewall_rules")
- @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="Lists rule with the specified ID.")
- private Long id;
-
- @IdentityMapper(entityTableName="user_ip_address")
- @Parameter(name=ApiConstants.IP_ADDRESS_ID, type=CommandType.LONG, description="the id of IP address of the firwall services")
- private Long ipAddressId;
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getIpAddressId() {
- return ipAddressId;
- }
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
- Pair<List<? extends FirewallRule>, Integer> result = _firewallService.listFirewallRules(this);
- ListResponse<FirewallResponse> response = new ListResponse<FirewallResponse>();
- List<FirewallResponse> fwResponses = new ArrayList<FirewallResponse>();
-
- for (FirewallRule fwRule : result.first()) {
- FirewallResponse ruleData = _responseGenerator.createFirewallResponse(fwRule);
- ruleData.setObjectName("firewallrule");
- fwResponses.add(ruleData);
- }
- response.setResponses(fwResponses, result.second());
- response.setResponseName(getCommandName());
- this.setResponseObject(response);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java b/api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java
deleted file mode 100644
index 37bbd14..0000000
--- a/api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java
+++ /dev/null
@@ -1,88 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import com.cloud.api.response.FirewallRuleResponse;
-import com.cloud.api.response.ListResponse;
-import com.cloud.network.rules.PortForwardingRule;
-import com.cloud.utils.Pair;
-
-@Implementation(description="Lists all port forwarding rules for an IP address.", responseObject=FirewallRuleResponse.class)
-public class ListPortForwardingRulesCmd extends BaseListTaggedResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListPortForwardingRulesCmd.class.getName());
-
- private static final String s_name = "listportforwardingrulesresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @IdentityMapper(entityTableName="firewall_rules")
- @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="Lists rule with the specified ID.")
- private Long id;
-
- @IdentityMapper(entityTableName="user_ip_address")
- @Parameter(name=ApiConstants.IP_ADDRESS_ID, type=CommandType.LONG, description="the id of IP address of the port forwarding services")
- private Long ipAddressId;
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getIpAddressId() {
- return ipAddressId;
- }
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
- Pair<List<? extends PortForwardingRule>, Integer> result = _rulesService.listPortForwardingRules(this);
- ListResponse<FirewallRuleResponse> response = new ListResponse<FirewallRuleResponse>();
- List<FirewallRuleResponse> fwResponses = new ArrayList<FirewallRuleResponse>();
-
- for (PortForwardingRule fwRule : result.first()) {
- FirewallRuleResponse ruleData = _responseGenerator.createPortForwardingRuleResponse(fwRule);
- ruleData.setObjectName("portforwardingrule");
- fwResponses.add(ruleData);
- }
- response.setResponses(fwResponses, result.second());
- response.setResponseName(getCommandName());
- this.setResponseObject(response);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/com/cloud/network/firewall/FirewallService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/firewall/FirewallService.java b/api/src/com/cloud/network/firewall/FirewallService.java
index bb35313..066d5fb 100644
--- a/api/src/com/cloud/network/firewall/FirewallService.java
+++ b/api/src/com/cloud/network/firewall/FirewallService.java
@@ -19,7 +19,7 @@ package com.cloud.network.firewall;
import java.util.List;
-import com.cloud.api.commands.ListFirewallRulesCmd;
+import org.apache.cloudstack.api.user.firewall.command.ListFirewallRulesCmd;
import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.rules.FirewallRule;
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/com/cloud/network/rules/RulesService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/rules/RulesService.java b/api/src/com/cloud/network/rules/RulesService.java
index ddebcd0..613929b 100644
--- a/api/src/com/cloud/network/rules/RulesService.java
+++ b/api/src/com/cloud/network/rules/RulesService.java
@@ -18,7 +18,7 @@ package com.cloud.network.rules;
import java.util.List;
-import com.cloud.api.commands.ListPortForwardingRulesCmd;
+import org.apache.cloudstack.api.user.firewall.command.ListPortForwardingRulesCmd;
import com.cloud.exception.InsufficientAddressCapacityException;
import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.ResourceUnavailableException;
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/org/apache/cloudstack/api/user/firewall/command/CreateFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/user/firewall/command/CreateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/user/firewall/command/CreateFirewallRuleCmd.java
new file mode 100644
index 0000000..17f2d2a
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/user/firewall/command/CreateFirewallRuleCmd.java
@@ -0,0 +1,325 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.user.firewall.command;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.IdentityMapper;
+import org.apache.cloudstack.api.Implementation;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import com.cloud.api.response.FirewallResponse;
+import com.cloud.async.AsyncJob;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.IpAddress;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.user.Account;
+import com.cloud.user.UserContext;
+import com.cloud.utils.net.NetUtils;
+
+@Implementation(description = "Creates a firewall rule for a given ip address", responseObject = FirewallResponse.class)
+public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements FirewallRule {
+ public static final Logger s_logger = Logger.getLogger(CreateFirewallRuleCmd.class.getName());
+
+ private static final String s_name = "createfirewallruleresponse";
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @IdentityMapper(entityTableName="user_ip_address")
+ @Parameter(name = ApiConstants.IP_ADDRESS_ID, type = CommandType.LONG, required=true, description = "the IP address id of the port forwarding rule")
+ private Long ipAddressId;
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true, description = "the protocol for the firewall rule. Valid values are TCP/UDP/ICMP.")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "the starting port of firewall rule")
+ private Integer publicStartPort;
+
+ @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "the ending port of firewall rule")
+ private Integer publicEndPort;
+
+ @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the cidr list to forward traffic from")
+ private List<String> cidrlist;
+
+ @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the icmp message being sent")
+ private Integer icmpType;
+
+ @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this icmp message")
+ private Integer icmpCode;
+
+ @Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, description = "type of firewallrule: system/user")
+ private String type;
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getEntityTable() {
+ return "firewall_rules";
+ }
+
+ public Long getIpAddressId() {
+ return ipAddressId;
+ }
+
+ @Override
+ public String getProtocol() {
+ return protocol.trim();
+ }
+
+ public List<String> getSourceCidrList() {
+ if (cidrlist != null) {
+ return cidrlist;
+ } else {
+ List<String> oneCidrList = new ArrayList<String>();
+ oneCidrList.add(NetUtils.ALL_CIDRS);
+ return oneCidrList;
+ }
+
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ public void setSourceCidrList(List<String> cidrs){
+ cidrlist = cidrs;
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException {
+ UserContext callerContext = UserContext.current();
+ boolean success = false;
+ FirewallRule rule = _entityMgr.findById(FirewallRule.class, getEntityId());
+ try {
+ UserContext.current().setEventDetails("Rule Id: " + getEntityId());
+ success = _firewallService.applyFirewallRules(rule.getSourceIpAddressId(), callerContext.getCaller());
+
+ // State is different after the rule is applied, so get new object here
+ rule = _entityMgr.findById(FirewallRule.class, getEntityId());
+ FirewallResponse fwResponse = new FirewallResponse();
+ if (rule != null) {
+ fwResponse = _responseGenerator.createFirewallResponse(rule);
+ setResponseObject(fwResponse);
+ }
+ fwResponse.setResponseName(getCommandName());
+ } finally {
+ if (!success || rule == null) {
+ _firewallService.revokeFirewallRule(getEntityId(), true);
+ throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create firewall rule");
+ }
+ }
+ }
+
+ @Override
+ public long getId() {
+ throw new UnsupportedOperationException("database id can only provided by VO objects");
+ }
+
+ @Override
+ public String getXid() {
+ // FIXME: We should allow for end user to specify Xid.
+ return null;
+ }
+
+ @Override
+ public Long getSourceIpAddressId() {
+ return ipAddressId;
+ }
+
+ @Override
+ public Integer getSourcePortStart() {
+ if (publicStartPort != null) {
+ return publicStartPort.intValue();
+ }
+ return null;
+ }
+
+ @Override
+ public Integer getSourcePortEnd() {
+ if (publicEndPort == null) {
+ if (publicStartPort != null) {
+ return publicStartPort.intValue();
+ }
+ } else {
+ return publicEndPort.intValue();
+ }
+
+ return null;
+ }
+
+ @Override
+ public Purpose getPurpose() {
+ return Purpose.Firewall;
+ }
+
+ @Override
+ public State getState() {
+ throw new UnsupportedOperationException("Should never call me to find the state");
+ }
+
+ @Override
+ public long getNetworkId() {
+ IpAddress ip = _entityMgr.findById(IpAddress.class, getIpAddressId());
+ Long ntwkId = null;
+
+ if (ip.getAssociatedWithNetworkId() != null) {
+ ntwkId = ip.getAssociatedWithNetworkId();
+ }
+
+ if (ntwkId == null) {
+ throw new InvalidParameterValueException("Unable to create firewall rule for the ipAddress id=" + ipAddressId +
+ " as ip is not associated with any network and no networkId is passed in");
+ }
+ return ntwkId;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = UserContext.current().getCaller();
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public long getDomainId() {
+ IpAddress ip = _networkService.getIp(ipAddressId);
+ return ip.getDomainId();
+ }
+
+ @Override
+ public void create() {
+ if (getSourceCidrList() != null) {
+ for (String cidr: getSourceCidrList()){
+ if (!NetUtils.isValidCIDR(cidr)){
+ throw new ServerApiException(BaseCmd.PARAM_ERROR, "Source cidrs formatting error " + cidr);
+ }
+ }
+ }
+
+ try {
+ FirewallRule result = _firewallService.createFirewallRule(this);
+ setEntityId(result.getId());
+ } catch (NetworkRuleConflictException ex) {
+ s_logger.info("Network rule conflict: " + ex.getMessage());
+ s_logger.trace("Network Rule Conflict: ", ex);
+ throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_FIREWALL_OPEN;
+ }
+
+ @Override
+ public String getEventDescription() {
+ IpAddress ip = _networkService.getIp(ipAddressId);
+ return ("Createing firewall rule for Ip: " + ip.getAddress() + " for protocol:" + this.getProtocol());
+ }
+
+ @Override
+ public long getAccountId() {
+ IpAddress ip = _networkService.getIp(ipAddressId);
+ return ip.getAccountId();
+ }
+
+ @Override
+ public String getSyncObjType() {
+ return BaseAsyncCmd.networkSyncObject;
+ }
+
+ @Override
+ public Long getSyncObjId() {
+ return getIp().getAssociatedWithNetworkId();
+ }
+
+ private IpAddress getIp() {
+ IpAddress ip = _networkService.getIp(ipAddressId);
+ if (ip == null) {
+ throw new InvalidParameterValueException("Unable to find ip address by id " + ipAddressId);
+ }
+ return ip;
+ }
+
+ @Override
+ public Integer getIcmpCode() {
+ if (icmpCode != null) {
+ return icmpCode;
+ } else if (protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO)) {
+ return -1;
+ }
+ return null;
+ }
+
+ @Override
+ public Integer getIcmpType() {
+ if (icmpType != null) {
+ return icmpType;
+ } else if (protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO)) {
+ return -1;
+
+ }
+ return null;
+ }
+
+ @Override
+ public Long getRelated() {
+ return null;
+ }
+
+ @Override
+ public FirewallRuleType getType() {
+ if (type != null && type.equalsIgnoreCase("system")) {
+ return FirewallRuleType.System;
+ } else {
+ return FirewallRuleType.User;
+ }
+ }
+
+ @Override
+ public AsyncJob.Type getInstanceType() {
+ return AsyncJob.Type.FirewallRule;
+ }
+
+ @Override
+ public TrafficType getTrafficType() {
+ return null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/org/apache/cloudstack/api/user/firewall/command/CreatePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/user/firewall/command/CreatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/user/firewall/command/CreatePortForwardingRuleCmd.java
new file mode 100644
index 0000000..df0f441
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/user/firewall/command/CreatePortForwardingRuleCmd.java
@@ -0,0 +1,373 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.user.firewall.command;
+
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.IdentityMapper;
+import org.apache.cloudstack.api.Implementation;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import com.cloud.api.response.FirewallRuleResponse;
+import com.cloud.async.AsyncJob;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.IpAddress;
+import com.cloud.network.rules.PortForwardingRule;
+import com.cloud.user.Account;
+import com.cloud.user.UserContext;
+import com.cloud.utils.net.Ip;
+
+@Implementation(description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class)
+public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule {
+ public static final Logger s_logger = Logger.getLogger(CreatePortForwardingRuleCmd.class.getName());
+
+ private static final String s_name = "createportforwardingruleresponse";
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @IdentityMapper(entityTableName = "user_ip_address")
+ @Parameter(name = ApiConstants.IP_ADDRESS_ID, type = CommandType.LONG, required = true,
+ description = "the IP address id of the port forwarding rule")
+ private Long ipAddressId;
+
+ @Parameter(name = ApiConstants.PRIVATE_START_PORT, type = CommandType.INTEGER, required = true,
+ description = "the starting port of port forwarding rule's private port range")
+ private Integer privateStartPort;
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true,
+ description = "the protocol for the port fowarding rule. Valid values are TCP or UDP.")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.PRIVATE_END_PORT, type = CommandType.INTEGER, required = false, description = "the ending port of port forwarding rule's private port range")
+ private Integer privateEndPort;
+
+ @Parameter(name = ApiConstants.PUBLIC_START_PORT, type = CommandType.INTEGER, required = true,
+ description = "the starting port of port forwarding rule's public port range")
+ private Integer publicStartPort;
+
+ @Parameter(name = ApiConstants.PUBLIC_END_PORT, type = CommandType.INTEGER, required = false, description = "the ending port of port forwarding rule's private port range")
+ private Integer publicEndPort;
+
+ @IdentityMapper(entityTableName = "vm_instance")
+ @Parameter(name = ApiConstants.VIRTUAL_MACHINE_ID, type = CommandType.LONG, required = true,
+ description = "the ID of the virtual machine for the port forwarding rule")
+ private Long virtualMachineId;
+
+ @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING,
+ description = "the cidr list to forward traffic from")
+ private List<String> cidrlist;
+
+ @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN,
+ description = "if true, firewall rule for source/end pubic port is automatically created; " +
+ "if false - firewall rule has to be created explicitely. If not specified 1) defaulted to false when PF" +
+ " rule is being created for VPC guest network 2) in all other cases defaulted to true")
+ private Boolean openFirewall;
+
+ @IdentityMapper(entityTableName="networks")
+ @Parameter(name=ApiConstants.NETWORK_ID, type=CommandType.LONG,
+ description="The network of the vm the Port Forwarding rule will be created for. " +
+ "Required when public Ip address is not associated with any Guest network yet (VPC case)")
+ private Long networkId;
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getEntityTable() {
+ return "firewall_rules";
+ }
+
+ public Long getIpAddressId() {
+ return ipAddressId;
+ }
+
+ @Override
+ public String getProtocol() {
+ return protocol.trim();
+ }
+
+ @Override
+ public long getVirtualMachineId() {
+ return virtualMachineId;
+ }
+
+ public List<String> getSourceCidrList() {
+ if (cidrlist != null) {
+ throw new InvalidParameterValueException("Parameter cidrList is deprecated; if you need to open firewall " +
+ "rule for the specific cidr, please refer to createFirewallRule command");
+ }
+ return null;
+ }
+
+ public Boolean getOpenFirewall() {
+ boolean isVpc = getVpcId() == null ? false : true;
+ if (openFirewall != null) {
+ if (isVpc && openFirewall) {
+ throw new InvalidParameterValueException("Can't have openFirewall=true when IP address belongs to VPC");
+ }
+ return openFirewall;
+ } else {
+ if (isVpc) {
+ return false;
+ }
+ return true;
+ }
+ }
+
+ private Long getVpcId() {
+ if (ipAddressId != null) {
+ IpAddress ipAddr = _networkService.getIp(ipAddressId);
+ if (ipAddr == null || !ipAddr.readyToUse()) {
+ throw new InvalidParameterValueException("Unable to create PF rule, invalid IP address id " + ipAddr.getId());
+ } else {
+ return ipAddr.getVpcId();
+ }
+ }
+ return null;
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public void execute() throws ResourceUnavailableException {
+ UserContext callerContext = UserContext.current();
+ boolean success = true;
+ PortForwardingRule rule = null;
+ try {
+ UserContext.current().setEventDetails("Rule Id: " + getEntityId());
+
+ if (getOpenFirewall()) {
+ success = success && _firewallService.applyFirewallRules(ipAddressId, callerContext.getCaller());
+ }
+
+ success = success && _rulesService.applyPortForwardingRules(ipAddressId, callerContext.getCaller());
+
+ // State is different after the rule is applied, so get new object here
+ rule = _entityMgr.findById(PortForwardingRule.class, getEntityId());
+ FirewallRuleResponse fwResponse = new FirewallRuleResponse();
+ if (rule != null) {
+ fwResponse = _responseGenerator.createPortForwardingRuleResponse(rule);
+ setResponseObject(fwResponse);
+ }
+ fwResponse.setResponseName(getCommandName());
+ } finally {
+ if (!success || rule == null) {
+
+ if (getOpenFirewall()) {
+ _firewallService.revokeRelatedFirewallRule(getEntityId(), true);
+ }
+
+ _rulesService.revokePortForwardingRule(getEntityId(), true);
+
+ throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to apply port forwarding rule");
+ }
+ }
+ }
+
+ @Override
+ public long getId() {
+ throw new UnsupportedOperationException("database id can only provided by VO objects");
+ }
+
+ @Override
+ public String getXid() {
+ // FIXME: We should allow for end user to specify Xid.
+ return null;
+ }
+
+ @Override
+ public Long getSourceIpAddressId() {
+ return ipAddressId;
+ }
+
+ @Override
+ public Integer getSourcePortStart() {
+ return publicStartPort.intValue();
+ }
+
+ @Override
+ public Integer getSourcePortEnd() {
+ return (publicEndPort == null)? publicStartPort.intValue() : publicEndPort.intValue();
+ }
+
+ @Override
+ public Purpose getPurpose() {
+ return Purpose.PortForwarding;
+ }
+
+ @Override
+ public State getState() {
+ throw new UnsupportedOperationException("Should never call me to find the state");
+ }
+
+ @Override
+ public long getNetworkId() {
+ IpAddress ip = _entityMgr.findById(IpAddress.class, getIpAddressId());
+ Long ntwkId = null;
+
+ if (ip.getAssociatedWithNetworkId() != null) {
+ ntwkId = ip.getAssociatedWithNetworkId();
+ } else {
+ ntwkId = networkId;
+ }
+ if (ntwkId == null) {
+ throw new InvalidParameterValueException("Unable to create port forwarding rule for the ipAddress id=" + ipAddressId +
+ " as ip is not associated with any network and no networkId is passed in");
+ }
+ return ntwkId;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = UserContext.current().getCaller();
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are
+ // tracked
+ }
+
+ @Override
+ public long getDomainId() {
+ IpAddress ip = _networkService.getIp(ipAddressId);
+ return ip.getDomainId();
+ }
+
+ @Override
+ public Ip getDestinationIpAddress() {
+ return null;
+ }
+
+ @Override
+ public void setDestinationIpAddress(Ip destinationIpAddress) {
+ return;
+ }
+
+ @Override
+ public int getDestinationPortStart() {
+ return privateStartPort.intValue();
+ }
+
+ @Override
+ public int getDestinationPortEnd() {
+ return (privateEndPort == null)? privateStartPort.intValue() : privateEndPort.intValue();
+ }
+
+ @Override
+ public void create() {
+ // cidr list parameter is deprecated
+ if (cidrlist != null) {
+ throw new InvalidParameterValueException("Parameter cidrList is deprecated; if you need to open firewall rule for the specific cidr, please refer to createFirewallRule command");
+ }
+
+ try {
+ PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, getOpenFirewall());
+ setEntityId(result.getId());
+ } catch (NetworkRuleConflictException ex) {
+ s_logger.info("Network rule conflict: " , ex);
+ s_logger.trace("Network Rule Conflict: ", ex);
+ throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_NET_RULE_ADD;
+ }
+
+ @Override
+ public String getEventDescription() {
+ IpAddress ip = _networkService.getIp(ipAddressId);
+ return ("Applying port forwarding rule for Ip: " + ip.getAddress() + " with virtual machine:" + virtualMachineId);
+ }
+
+ @Override
+ public long getAccountId() {
+ IpAddress ip = _networkService.getIp(ipAddressId);
+ return ip.getAccountId();
+ }
+
+ @Override
+ public String getSyncObjType() {
+ return BaseAsyncCmd.networkSyncObject;
+ }
+
+ @Override
+ public Long getSyncObjId() {
+ return getIp().getAssociatedWithNetworkId();
+ }
+
+ private IpAddress getIp() {
+ IpAddress ip = _networkService.getIp(ipAddressId);
+ if (ip == null) {
+ throw new InvalidParameterValueException("Unable to find ip address by id " + ipAddressId);
+ }
+ return ip;
+ }
+
+ @Override
+ public Integer getIcmpCode() {
+ return null;
+ }
+
+ @Override
+ public Integer getIcmpType() {
+ return null;
+ }
+
+ @Override
+ public Long getRelated() {
+ return null;
+ }
+
+ @Override
+ public FirewallRuleType getType() {
+ return FirewallRuleType.User;
+ }
+
+ @Override
+ public AsyncJob.Type getInstanceType() {
+ return AsyncJob.Type.FirewallRule;
+ }
+
+ @Override
+ public TrafficType getTrafficType() {
+ return null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/org/apache/cloudstack/api/user/firewall/command/DeleteFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/user/firewall/command/DeleteFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/user/firewall/command/DeleteFirewallRuleCmd.java
new file mode 100644
index 0000000..7d7ff58
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/user/firewall/command/DeleteFirewallRuleCmd.java
@@ -0,0 +1,120 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.user.firewall.command;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.IdentityMapper;
+import org.apache.cloudstack.api.Implementation;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import com.cloud.api.response.SuccessResponse;
+import com.cloud.async.AsyncJob;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.user.UserContext;
+
+@Implementation(description="Deletes a firewall rule", responseObject=SuccessResponse.class)
+public class DeleteFirewallRuleCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteFirewallRuleCmd.class.getName());
+ private static final String s_name = "deletefirewallruleresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @IdentityMapper(entityTableName="firewall_rules")
+ @Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="the ID of the firewall rule")
+ private Long id;
+
+ // unexposed parameter needed for events logging
+ @IdentityMapper(entityTableName="account")
+ @Parameter(name=ApiConstants.ACCOUNT_ID, type=CommandType.LONG, expose=false)
+ private Long ownerId;
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_FIREWALL_CLOSE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return ("Deleting firewall rule id=" + id);
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ if (ownerId == null) {
+ FirewallRule rule = _entityMgr.findById(FirewallRule.class, id);
+ if (rule == null) {
+ throw new InvalidParameterValueException("Unable to find firewall rule by id=" + id);
+ } else {
+ ownerId = _entityMgr.findById(FirewallRule.class, id).getAccountId();
+ }
+ }
+ return ownerId;
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException {
+ UserContext.current().setEventDetails("Rule Id: " + id);
+ boolean result = _firewallService.revokeFirewallRule(id, true);
+
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete firewall rule");
+ }
+ }
+
+
+ @Override
+ public String getSyncObjType() {
+ return BaseAsyncCmd.networkSyncObject;
+ }
+
+ @Override
+ public Long getSyncObjId() {
+ return _firewallService.getFirewallRule(id).getNetworkId();
+ }
+
+ @Override
+ public AsyncJob.Type getInstanceType() {
+ return AsyncJob.Type.FirewallRule;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/org/apache/cloudstack/api/user/firewall/command/DeletePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/user/firewall/command/DeletePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/user/firewall/command/DeletePortForwardingRuleCmd.java
new file mode 100644
index 0000000..880b87b
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/user/firewall/command/DeletePortForwardingRuleCmd.java
@@ -0,0 +1,122 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.user.firewall.command;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.IdentityMapper;
+import org.apache.cloudstack.api.Implementation;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import com.cloud.api.response.SuccessResponse;
+import com.cloud.async.AsyncJob;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.network.rules.PortForwardingRule;
+import com.cloud.user.UserContext;
+
+@Implementation(description="Deletes a port forwarding rule", responseObject=SuccessResponse.class)
+public class DeletePortForwardingRuleCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeletePortForwardingRuleCmd.class.getName());
+ private static final String s_name = "deleteportforwardingruleresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @IdentityMapper(entityTableName="firewall_rules")
+ @Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="the ID of the port forwarding rule")
+ private Long id;
+
+ // unexposed parameter needed for events logging
+ @IdentityMapper(entityTableName="account")
+ @Parameter(name=ApiConstants.ACCOUNT_ID, type=CommandType.LONG, expose=false)
+ private Long ownerId;
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_NET_RULE_DELETE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return ("Deleting port forwarding rule for id=" + id);
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ if (ownerId == null) {
+ PortForwardingRule rule = _entityMgr.findById(PortForwardingRule.class, id);
+ if (rule == null) {
+ throw new InvalidParameterValueException("Unable to find port forwarding rule by id=" + id);
+ } else {
+ ownerId = _entityMgr.findById(PortForwardingRule.class, id).getAccountId();
+ }
+
+ }
+ return ownerId;
+ }
+
+ @Override
+ public void execute(){
+ UserContext.current().setEventDetails("Rule Id: "+id);
+ //revoke corresponding firewall rule first
+ boolean result = _firewallService.revokeRelatedFirewallRule(id, true);
+ result = result && _rulesService.revokePortForwardingRule(id, true);
+
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete port forwarding rule");
+ }
+ }
+
+
+ @Override
+ public String getSyncObjType() {
+ return BaseAsyncCmd.networkSyncObject;
+ }
+
+ @Override
+ public Long getSyncObjId() {
+ return _rulesService.getPortForwardigRule(id).getNetworkId();
+ }
+
+ @Override
+ public AsyncJob.Type getInstanceType() {
+ return AsyncJob.Type.FirewallRule;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/25b5aadb/api/src/org/apache/cloudstack/api/user/firewall/command/ListFirewallRulesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/user/firewall/command/ListFirewallRulesCmd.java b/api/src/org/apache/cloudstack/api/user/firewall/command/ListFirewallRulesCmd.java
new file mode 100644
index 0000000..2317a9f
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/user/firewall/command/ListFirewallRulesCmd.java
@@ -0,0 +1,86 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.user.firewall.command;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
+import org.apache.cloudstack.api.IdentityMapper;
+import org.apache.cloudstack.api.Implementation;
+import org.apache.cloudstack.api.Parameter;
+import com.cloud.api.response.FirewallResponse;
+import com.cloud.api.response.ListResponse;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.utils.Pair;
+
+@Implementation(description="Lists all firewall rules for an IP address.", responseObject=FirewallResponse.class)
+public class ListFirewallRulesCmd extends BaseListTaggedResourcesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListFirewallRulesCmd.class.getName());
+ private static final String s_name = "listfirewallrulesresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+ @IdentityMapper(entityTableName="firewall_rules")
+ @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="Lists rule with the specified ID.")
+ private Long id;
+
+ @IdentityMapper(entityTableName="user_ip_address")
+ @Parameter(name=ApiConstants.IP_ADDRESS_ID, type=CommandType.LONG, description="the id of IP address of the firwall services")
+ private Long ipAddressId;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getIpAddressId() {
+ return ipAddressId;
+ }
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public void execute(){
+ Pair<List<? extends FirewallRule>, Integer> result = _firewallService.listFirewallRules(this);
+ ListResponse<FirewallResponse> response = new ListResponse<FirewallResponse>();
+ List<FirewallResponse> fwResponses = new ArrayList<FirewallResponse>();
+
+ for (FirewallRule fwRule : result.first()) {
+ FirewallResponse ruleData = _responseGenerator.createFirewallResponse(fwRule);
+ ruleData.setObjectName("firewallrule");
+ fwResponses.add(ruleData);
+ }
+ response.setResponses(fwResponses, result.second());
+ response.setResponseName(getCommandName());
+ this.setResponseObject(response);
+ }
+}