You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jclouds.apache.org by ab...@apache.org on 2013/07/21 23:46:34 UTC
git commit: JCLOUDS-195. Add egress firewall rules for CloudStack
Updated Branches:
refs/heads/master 5ec05fed7 -> 2c6d8b247
JCLOUDS-195. Add egress firewall rules for CloudStack
Project: http://git-wip-us.apache.org/repos/asf/incubator-jclouds/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-jclouds/commit/2c6d8b24
Tree: http://git-wip-us.apache.org/repos/asf/incubator-jclouds/tree/2c6d8b24
Diff: http://git-wip-us.apache.org/repos/asf/incubator-jclouds/diff/2c6d8b24
Branch: refs/heads/master
Commit: 2c6d8b24797ad87a8653e90db84aa6ebac8e9d67
Parents: 5ec05fe
Author: Andrew Bayer <an...@gmail.com>
Authored: Sun Jul 21 12:29:34 2013 -0700
Committer: Andrew Bayer <an...@gmail.com>
Committed: Sun Jul 21 13:38:57 2013 -0700
----------------------------------------------------------------------
.../cloudstack/features/FirewallApi.java | 58 +++++++++
.../features/FirewallApiExpectTest.java | 118 ++++++++++++++++++-
.../features/FirewallApiLiveTest.java | 41 +++++++
.../createegressfirewallrulesresponse.json | 1 +
.../deleteegressfirewallrulesresponse.json | 1 +
.../getegressfirewallrulesresponse.json | 2 +
.../listegressfirewallrulesresponse.json | 4 +
7 files changed, 224 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/main/java/org/jclouds/cloudstack/features/FirewallApi.java
----------------------------------------------------------------------
diff --git a/apis/cloudstack/src/main/java/org/jclouds/cloudstack/features/FirewallApi.java b/apis/cloudstack/src/main/java/org/jclouds/cloudstack/features/FirewallApi.java
index 60bb6f8..386fc1b 100644
--- a/apis/cloudstack/src/main/java/org/jclouds/cloudstack/features/FirewallApi.java
+++ b/apis/cloudstack/src/main/java/org/jclouds/cloudstack/features/FirewallApi.java
@@ -110,6 +110,64 @@ public interface FirewallApi {
void deleteFirewallRule(@QueryParam("id") String id);
/**
+ * @see FirewallApi#listEgressFirewallRules
+ */
+ @Named("listEgressFirewallRules")
+ @GET
+ @QueryParams(keys = { "command", "listAll" }, values = { "listEgressFirewallRules", "true" })
+ @SelectJson("firewallrule")
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Fallback(EmptySetOnNotFoundOr404.class)
+ Set<FirewallRule> listEgressFirewallRules(ListFirewallRulesOptions... options);
+
+ /**
+ * @see FirewallApi#getEgressFirewallRule
+ */
+ @Named("listEgressFirewallRules")
+ @GET
+ @QueryParams(keys = { "command", "listAll" }, values = { "listEgressFirewallRules", "true" })
+ @SelectJson("firewallrule")
+ @OnlyElement
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Fallback(NullOnNotFoundOr404.class)
+ FirewallRule getEgressFirewallRule(@QueryParam("id") String id);
+
+ /**
+ * @see FirewallApi#createEgressFirewallRuleForIpAndProtocol
+ */
+ @Named("createEgressFirewallRule")
+ @GET
+ @QueryParams(keys = "command", values = "createEgressFirewallRule")
+ @Unwrap
+ @Consumes(MediaType.APPLICATION_JSON)
+ AsyncCreateResponse createEgressFirewallRuleForIpAndProtocol(@QueryParam("ipaddressid") String ipAddressId,
+ @QueryParam("protocol") FirewallRule.Protocol protocol,
+ CreateFirewallRuleOptions... options);
+
+ /**
+ * @see FirewallApi#createEgressFirewallRuleForIpProtocolAndPort
+ */
+ @Named("createEgressFirewallRule")
+ @GET
+ @QueryParams(keys = "command", values = "createEgressFirewallRule")
+ @Unwrap
+ @Consumes(MediaType.APPLICATION_JSON)
+ AsyncCreateResponse createEgressFirewallRuleForIpProtocolAndPort(@QueryParam("ipaddressid") String ipAddressId,
+ @QueryParam("protocol") FirewallRule.Protocol protocol,
+ @QueryParam("startPort") int startPort,
+ @QueryParam("endPort") int endPort);
+
+
+ /**
+ * @see FirewallApi#deleteEgressFirewallRule
+ */
+ @Named("deleteEgressFirewallRule")
+ @GET
+ @QueryParams(keys = "command", values = "deleteEgressFirewallRule")
+ @Fallback(VoidOnNotFoundOr404.class)
+ void deleteEgressFirewallRule(@QueryParam("id") String id);
+
+ /**
* @see FirewallApi#listPortForwardingRules
*/
@Named("listPortForwardingRules")
http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiExpectTest.java
----------------------------------------------------------------------
diff --git a/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiExpectTest.java b/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiExpectTest.java
index 979e4ed..ac7e205 100644
--- a/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiExpectTest.java
+++ b/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiExpectTest.java
@@ -281,7 +281,123 @@ public class FirewallApiExpectTest extends BaseCloudStackExpectTest<FirewallApi>
client.deletePortForwardingRule("2015");
}
-
+
+ public void testListEgressFirewallRulesWhenResponseIs2xx() {
+ FirewallApi client = requestSendsResponse(
+ HttpRequest.builder()
+ .method("GET")
+ .endpoint(
+ URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
+ "apiKey=identity&signature=j3OpRXs7mEwVKs9KIb4ncRKVO9A%3D"))
+ .addHeader("Accept", "application/json")
+ .build(),
+ HttpResponse.builder()
+ .statusCode(200)
+ .payload(payloadFromResource("/listegressfirewallrulesresponse.json"))
+ .build());
+
+ Set<String> CIDRs = ImmutableSet.of("0.0.0.0/0");
+ assertEquals(client.listEgressFirewallRules(),
+ ImmutableSet.of(
+ FirewallRule.builder().id("2017").protocol(FirewallRule.Protocol.TCP).startPort(30)
+ .endPort(35).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE)
+ .CIDRs(CIDRs).build(),
+ FirewallRule.builder().id("2016").protocol(FirewallRule.Protocol.TCP).startPort(22)
+ .endPort(22).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE)
+ .CIDRs(CIDRs).build(),
+ FirewallRule.builder().id("10").protocol(FirewallRule.Protocol.TCP).startPort(22)
+ .endPort(22).ipAddressId("8").ipAddress("10.27.27.57").state(FirewallRule.State.ACTIVE)
+ .CIDRs(CIDRs).build()
+ ));
+ }
+
+ public void testListEgressFirewallRulesWhenReponseIs404() {
+ FirewallApi client = requestSendsResponse(
+ HttpRequest.builder()
+ .method("GET")
+ .endpoint(
+ URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
+ "apiKey=identity&signature=j3OpRXs7mEwVKs9KIb4ncRKVO9A%3D"))
+ .addHeader("Accept", "application/json")
+ .build(),
+ HttpResponse.builder()
+ .statusCode(404)
+ .build());
+
+ assertEquals(client.listEgressFirewallRules(), ImmutableSet.of());
+ }
+
+ public void testGetEgressFirewallRuleWhenResponseIs2xx() {
+ FirewallApi client = requestSendsResponse(
+ HttpRequest.builder()
+ .method("GET")
+ .endpoint(
+ URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
+ "id=2017&apiKey=identity&signature=Hi1K5VA3yd3mk0AmgJ2F6y%2BVzMo%3D"))
+ .addHeader("Accept", "application/json")
+ .build(),
+ HttpResponse.builder()
+ .statusCode(200)
+ .payload(payloadFromResource("/getegressfirewallrulesresponse.json"))
+ .build());
+
+ assertEquals(client.getEgressFirewallRule("2017"),
+ FirewallRule.builder().id("2017").protocol(FirewallRule.Protocol.TCP).startPort(30)
+ .endPort(35).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE)
+ .CIDRs(ImmutableSet.of("0.0.0.0/0")).build()
+ );
+ }
+
+ public void testGetEgressFirewallRuleWhenResponseIs404() {
+ FirewallApi client = requestSendsResponse(
+ HttpRequest.builder()
+ .method("GET")
+ .endpoint(
+ URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
+ "id=4&apiKey=identity&signature=dzb5azKxXZsuGrNRJbRHfna7FMo%3D"))
+ .addHeader("Accept", "application/json")
+ .build(),
+ HttpResponse.builder()
+ .statusCode(404)
+ .build());
+
+ assertNull(client.getEgressFirewallRule("4"));
+ }
+
+ public void testCreateEgressFirewallRuleForIpAndProtocol() {
+ FirewallApi client = requestSendsResponse(
+ HttpRequest.builder()
+ .method("GET")
+ .endpoint(
+ URI.create("http://localhost:8080/client/api?response=json&command=createEgressFirewallRule&" +
+ "ipaddressid=2&protocol=TCP&apiKey=identity&signature=%2BlfEJ5zB7lxqRAn0rY0Rcfg9buw%3D"))
+ .addHeader("Accept", "application/json")
+ .build(),
+ HttpResponse.builder()
+ .statusCode(200)
+ .payload(payloadFromResource("/createegressfirewallrulesresponse.json"))
+ .build());
+
+ AsyncCreateResponse response = client.createEgressFirewallRuleForIpAndProtocol("2", FirewallRule.Protocol.TCP);
+ assertEquals(response.getJobId(), "2036");
+ assertEquals(response.getId(), "2017");
+ }
+
+ public void testDeleteEgressFirewallRule() {
+ FirewallApi client = requestSendsResponse(
+ HttpRequest.builder()
+ .method("GET")
+ .endpoint(
+ URI.create("http://localhost:8080/client/api?response=json&" +
+ "command=deleteEgressFirewallRule&id=2015&apiKey=identity&signature=S119WNmamKwc5d9qvvkIJznXytg%3D"))
+ .build(),
+ HttpResponse.builder()
+ .statusCode(200)
+ .payload(payloadFromResource("/deleteegressfirewallrulesresponse.json"))
+ .build());
+
+ client.deleteEgressFirewallRule("2015");
+ }
@Override
protected FirewallApi clientFrom(CloudStackContext context) {
return context.getApi().getFirewallApi();
http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiLiveTest.java
----------------------------------------------------------------------
diff --git a/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiLiveTest.java b/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiLiveTest.java
index 64cdf44..8defd85 100644
--- a/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiLiveTest.java
+++ b/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiLiveTest.java
@@ -52,6 +52,7 @@ public class FirewallApiLiveTest extends BaseCloudStackApiLiveTest {
private VirtualMachine vm;
private FirewallRule firewallRule;
+ private FirewallRule egressFirewallRule;
private PortForwardingRule portForwardingRule;
private Network network;
@@ -151,12 +152,43 @@ public class FirewallApiLiveTest extends BaseCloudStackApiLiveTest {
}
}
+ @Test(dependsOnMethods = "testCreatePortForwardingRule")
+ public void testCreateEgressFirewallRule() {
+ if (networksDisabled)
+ return;
+
+ AsyncCreateResponse job = client.getFirewallApi().createEgressFirewallRuleForIpAndProtocol(
+ ip.getId(), FirewallRule.Protocol.TCP, CreateFirewallRuleOptions.Builder.startPort(30).endPort(35));
+ assertTrue(jobComplete.apply(job.getJobId()));
+ egressFirewallRule = client.getFirewallApi().getEgressFirewallRule(job.getId());
+
+ assertEquals(egressFirewallRule.getStartPort(), 30);
+ assertEquals(egressFirewallRule.getEndPort(), 35);
+ assertEquals(egressFirewallRule.getProtocol(), FirewallRule.Protocol.TCP);
+
+ checkEgressFirewallRule(egressFirewallRule);
+ }
+
+ @Test(dependsOnMethods = "testCreateEgressFirewallRule")
+ public void testListEgressFirewallRules() {
+ Set<FirewallRule> rules = client.getFirewallApi().listEgressFirewallRules();
+
+ assert rules != null;
+ assertTrue(rules.size() > 0);
+
+ for(FirewallRule rule : rules) {
+ checkEgressFirewallRule(rule);
+ }
+ }
@AfterGroups(groups = "live")
@Override
protected void tearDownContext() {
if (firewallRule != null) {
client.getFirewallApi().deleteFirewallRule(firewallRule.getId());
}
+ if (egressFirewallRule != null) {
+ client.getFirewallApi().deleteEgressFirewallRule(egressFirewallRule.getId());
+ }
if (portForwardingRule != null) {
client.getFirewallApi().deletePortForwardingRule(portForwardingRule.getId());
}
@@ -178,6 +210,15 @@ public class FirewallApiLiveTest extends BaseCloudStackApiLiveTest {
assert rule.getProtocol() != null;
}
+ protected void checkEgressFirewallRule(FirewallRule rule) {
+ assertEquals(rule,
+ client.getFirewallApi().getEgressFirewallRule(rule.getId()));
+ assert rule.getId() != null : rule;
+ assert rule.getStartPort() > 0 : rule;
+ assert rule.getEndPort() >= rule.getStartPort() : rule;
+ assert rule.getProtocol() != null;
+ }
+
protected void checkPortForwardingRule(PortForwardingRule rule) {
assertEquals(rule,
client.getFirewallApi().getPortForwardingRule(rule.getId()));
http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/test/resources/createegressfirewallrulesresponse.json
----------------------------------------------------------------------
diff --git a/apis/cloudstack/src/test/resources/createegressfirewallrulesresponse.json b/apis/cloudstack/src/test/resources/createegressfirewallrulesresponse.json
new file mode 100644
index 0000000..728952a
--- /dev/null
+++ b/apis/cloudstack/src/test/resources/createegressfirewallrulesresponse.json
@@ -0,0 +1 @@
+{ "createegressfirewallruleresponse" : {"jobid":2036,"id":2017} }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/test/resources/deleteegressfirewallrulesresponse.json
----------------------------------------------------------------------
diff --git a/apis/cloudstack/src/test/resources/deleteegressfirewallrulesresponse.json b/apis/cloudstack/src/test/resources/deleteegressfirewallrulesresponse.json
new file mode 100644
index 0000000..bde4289
--- /dev/null
+++ b/apis/cloudstack/src/test/resources/deleteegressfirewallrulesresponse.json
@@ -0,0 +1 @@
+{ "deleteegressfirewallruleresponse" : {"jobid":2037} }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/test/resources/getegressfirewallrulesresponse.json
----------------------------------------------------------------------
diff --git a/apis/cloudstack/src/test/resources/getegressfirewallrulesresponse.json b/apis/cloudstack/src/test/resources/getegressfirewallrulesresponse.json
new file mode 100644
index 0000000..bc14994
--- /dev/null
+++ b/apis/cloudstack/src/test/resources/getegressfirewallrulesresponse.json
@@ -0,0 +1,2 @@
+{ "listegressfirewallrulesresponse" : { "count":1 ,"firewallrule" : [
+ {"id":2017,"protocol":"tcp","startport":"30","endport":"35","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"} ] } }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/test/resources/listegressfirewallrulesresponse.json
----------------------------------------------------------------------
diff --git a/apis/cloudstack/src/test/resources/listegressfirewallrulesresponse.json b/apis/cloudstack/src/test/resources/listegressfirewallrulesresponse.json
new file mode 100644
index 0000000..c76b216
--- /dev/null
+++ b/apis/cloudstack/src/test/resources/listegressfirewallrulesresponse.json
@@ -0,0 +1,4 @@
+{ "listegressfirewallrulesresponse" : { "count":3 ,"firewallrule" : [
+ {"id":2017,"protocol":"tcp","startport":"30","endport":"35","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"},
+ {"id":2016,"protocol":"tcp","startport":"22","endport":"22","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"},
+ {"id":10,"protocol":"tcp","startport":"22","endport":"22","ipaddressid":8,"ipaddress":"10.27.27.57","state":"Active","cidrlist":"0.0.0.0/0"} ] } }
\ No newline at end of file