You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ja...@apache.org on 2014/06/17 08:39:58 UTC
git commit: updated refs/heads/4.4-forward to 2214bd2
Repository: cloudstack
Updated Branches:
refs/heads/4.4-forward 146867eb0 -> 2214bd250
CLOUDSTACK-6922: Updated events for firewall ingress and egress
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/2214bd25
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/2214bd25
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/2214bd25
Branch: refs/heads/4.4-forward
Commit: 2214bd2502a34ee8e671eb6b4efe8cd26e29ac5a
Parents: 146867e
Author: Jayapal <ja...@apache.org>
Authored: Tue Jun 17 12:06:03 2014 +0530
Committer: Jayapal <ja...@apache.org>
Committed: Tue Jun 17 12:08:18 2014 +0530
----------------------------------------------------------------------
api/src/com/cloud/event/EventTypes.java | 8 +++++
.../cloud/network/firewall/FirewallService.java | 8 +++--
.../firewall/CreateEgressFirewallRuleCmd.java | 4 +--
.../user/firewall/CreateFirewallRuleCmd.java | 4 +--
.../firewall/DeleteEgressFirewallRuleCmd.java | 4 +--
.../user/firewall/DeleteFirewallRuleCmd.java | 2 +-
.../firewall/UpdateEgressFirewallRuleCmd.java | 4 +--
.../user/firewall/UpdateFirewallRuleCmd.java | 2 +-
.../network/firewall/FirewallManagerImpl.java | 36 +++++++++++++++++---
.../cloud/network/MockFirewallManagerImpl.java | 35 ++++++++++++++-----
10 files changed, 83 insertions(+), 24 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2214bd25/api/src/com/cloud/event/EventTypes.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java
index 471b3f6..0fa3cd5 100755
--- a/api/src/com/cloud/event/EventTypes.java
+++ b/api/src/com/cloud/event/EventTypes.java
@@ -128,6 +128,10 @@ public class EventTypes {
public static final String EVENT_FIREWALL_CLOSE = "FIREWALL.CLOSE";
public static final String EVENT_FIREWALL_UPDATE = "FIREWALL.UPDATE";
+ public static final String EVENT_FIREWALL_EGRESS_OPEN = "FIREWALL.EGRESS.OPEN";
+ public static final String EVENT_FIREWALL_EGRESS_CLOSE = "FIREWALL.EGRESS.CLOSE";
+ public static final String EVENT_FIREWALL_EGRESS_UPDATE = "FIREWALL.EGRESS.UPDATE";
+
//NIC Events
public static final String EVENT_NIC_CREATE = "NIC.CREATE";
public static final String EVENT_NIC_DELETE = "NIC.DELETE";
@@ -556,6 +560,10 @@ public class EventTypes {
entityEventDetails.put(EVENT_NET_RULE_MODIFY, FirewallRule.class);
entityEventDetails.put(EVENT_FIREWALL_OPEN, FirewallRule.class);
entityEventDetails.put(EVENT_FIREWALL_CLOSE, FirewallRule.class);
+ entityEventDetails.put(EVENT_FIREWALL_EGRESS_OPEN, FirewallRule.class);
+ entityEventDetails.put(EVENT_FIREWALL_EGRESS_CLOSE, FirewallRule.class);
+ entityEventDetails.put(EVENT_FIREWALL_EGRESS_UPDATE, FirewallRule.class);
+
// Load Balancers
entityEventDetails.put(EVENT_ASSIGN_TO_LOAD_BALANCER_RULE, FirewallRule.class);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2214bd25/api/src/com/cloud/network/firewall/FirewallService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/firewall/FirewallService.java b/api/src/com/cloud/network/firewall/FirewallService.java
index 5ab7891..41b170d 100644
--- a/api/src/com/cloud/network/firewall/FirewallService.java
+++ b/api/src/com/cloud/network/firewall/FirewallService.java
@@ -40,7 +40,8 @@ public interface FirewallService {
* the id of the rule to revoke.
* @return
*/
- boolean revokeFirewallRule(long ruleId, boolean apply);
+ boolean revokeIngressFirewallRule(long ruleId, boolean apply);
+ boolean revokeEgressFirewallRule(long ruleId, boolean apply);
boolean applyEgressFirewallRules(FirewallRule rule, Account caller) throws ResourceUnavailableException;
@@ -50,6 +51,9 @@ public interface FirewallService {
boolean revokeRelatedFirewallRule(long ruleId, boolean apply);
- FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay);
+ FirewallRule updateIngressFirewallRule(long ruleId, String customId, Boolean forDisplay);
+ FirewallRule updateEgressFirewallRule(long ruleId, String customId, Boolean forDisplay);
+ boolean applyIngressFwRules(long ipId, Account caller) throws ResourceUnavailableException;
+ boolean revokeIngressFwRule(long ruleId, boolean apply);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2214bd25/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
index 579cccb..90aed5e 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
@@ -154,7 +154,7 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F
fwResponse.setResponseName(getCommandName());
} finally {
if (!success || rule == null) {
- _firewallService.revokeFirewallRule(getEntityId(), true);
+ _firewallService.revokeEgressFirewallRule(getEntityId(), true);
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create firewall rule");
}
}
@@ -270,7 +270,7 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F
@Override
public String getEventType() {
- return EventTypes.EVENT_FIREWALL_OPEN;
+ return EventTypes.EVENT_FIREWALL_EGRESS_OPEN;
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2214bd25/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
index b09d3a7..0666935 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
@@ -134,7 +134,7 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal
FirewallRule rule = _entityMgr.findById(FirewallRule.class, getEntityId());
try {
CallContext.current().setEventDetails("Rule Id: " + getEntityId());
- success = _firewallService.applyIngressFirewallRules(rule.getSourceIpAddressId(), callerContext.getCallingAccount());
+ success = _firewallService.applyIngressFwRules(rule.getSourceIpAddressId(), callerContext.getCallingAccount());
// State is different after the rule is applied, so get new object here
rule = _entityMgr.findById(FirewallRule.class, getEntityId());
@@ -146,7 +146,7 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal
fwResponse.setResponseName(getCommandName());
} finally {
if (!success || rule == null) {
- _firewallService.revokeFirewallRule(getEntityId(), true);
+ _firewallService.revokeIngressFwRule(getEntityId(), true);
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create firewall rule");
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2214bd25/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
index 4d22772..17968fc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
@@ -74,7 +74,7 @@ public class DeleteEgressFirewallRuleCmd extends BaseAsyncCmd {
@Override
public String getEventType() {
- return EventTypes.EVENT_FIREWALL_CLOSE;
+ return EventTypes.EVENT_FIREWALL_EGRESS_CLOSE;
}
@Override
@@ -98,7 +98,7 @@ public class DeleteEgressFirewallRuleCmd extends BaseAsyncCmd {
@Override
public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id);
- boolean result = _firewallService.revokeFirewallRule(id, true);
+ boolean result = _firewallService.revokeEgressFirewallRule(id, true);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2214bd25/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
index 66dcc03..f8d1c18 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
@@ -96,7 +96,7 @@ public class DeleteFirewallRuleCmd extends BaseAsyncCmd {
@Override
public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id);
- boolean result = _firewallService.revokeFirewallRule(id, true);
+ boolean result = _firewallService.revokeIngressFwRule(id, true);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2214bd25/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java
index 0795396..b597a89 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java
@@ -78,7 +78,7 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Override
public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id);
- FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay());
+ FirewallRule rule = _firewallService.updateEgressFirewallRule(id, this.getCustomId(), getDisplay());
FirewallResponse fwResponse = new FirewallResponse();
if (rule != null) {
@@ -97,7 +97,7 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Override
public String getEventType() {
- return EventTypes.EVENT_FIREWALL_UPDATE;
+ return EventTypes.EVENT_FIREWALL_EGRESS_UPDATE;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2214bd25/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java
index f684371..e9c87d0 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java
@@ -79,7 +79,7 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Override
public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id);
- FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay());
+ FirewallRule rule = _firewallService.updateIngressFirewallRule(id, this.getCustomId(), getDisplay());
FirewallResponse fwResponse = new FirewallResponse();
if (rule != null) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2214bd25/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
index 4f853b3..dd928d8 100644
--- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
@@ -161,7 +161,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
}
@Override
- @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewall rule", create = true)
+ @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_OPEN, eventDescription = "creating egress firewall rule for network", create = true)
public FirewallRule createEgressFirewallRule(FirewallRule rule) throws NetworkRuleConflictException {
Account caller = CallContext.current().getCallingAccount();
@@ -613,12 +613,19 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
}
@Override
+ @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewall rule", async = true)
+ public boolean applyIngressFwRules(long ipId, Account caller) throws ResourceUnavailableException {
+ return applyIngressFirewallRules(ipId, caller);
+ }
+
+ @Override
public boolean applyIngressFirewallRules(long ipId, Account caller) throws ResourceUnavailableException {
List<FirewallRuleVO> rules = _firewallDao.listByIpAndPurpose(ipId, Purpose.Firewall);
return applyFirewallRules(rules, false, caller);
}
@Override
+ @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_OPEN, eventDescription = "creating egress firewall rule", async = true)
public boolean applyEgressFirewallRules(FirewallRule rule, Account caller) throws ResourceUnavailableException {
List<FirewallRuleVO> rules = _firewallDao.listByNetworkPurposeTrafficType(rule.getNetworkId(), Purpose.Firewall, FirewallRule.TrafficType.Egress);
return applyFirewallRules(rules, false, caller);
@@ -719,7 +726,21 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
@Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_CLOSE, eventDescription = "revoking firewall rule", async = true)
- public boolean revokeFirewallRule(long ruleId, boolean apply) {
+ public boolean revokeIngressFwRule(long ruleId, boolean apply) {
+ return revokeIngressFirewallRule(ruleId, apply);
+ }
+
+
+ @Override
+ public boolean revokeIngressFirewallRule(long ruleId, boolean apply) {
+ Account caller = CallContext.current().getCallingAccount();
+ long userId = CallContext.current().getCallingUserId();
+ return revokeFirewallRule(ruleId, apply, caller, userId);
+ }
+
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_CLOSE, eventDescription = "revoking egress firewall rule", async = true)
+ public boolean revokeEgressFirewallRule(long ruleId, boolean apply) {
Account caller = CallContext.current().getCallingAccount();
long userId = CallContext.current().getCallingUserId();
return revokeFirewallRule(ruleId, apply, caller, userId);
@@ -727,7 +748,14 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
@Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating firewall rule", async = true)
- public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) {
+ public FirewallRule updateIngressFirewallRule(long ruleId, String customId, Boolean forDisplay) {
+ Account caller = CallContext.current().getCallingAccount();
+ return updateFirewallRule(ruleId, customId, caller, forDisplay);
+ }
+
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_UPDATE, eventDescription = "updating egress firewall rule", async = true)
+ public FirewallRule updateEgressFirewallRule(long ruleId, String customId, Boolean forDisplay) {
Account caller = CallContext.current().getCallingAccount();
return updateFirewallRule(ruleId, customId, caller, forDisplay);
}
@@ -881,7 +909,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
}
s_logger.debug("Revoking Firewall rule id=" + fwRule.getId() + " as a part of rule delete id=" + ruleId + " with apply=" + apply);
- return revokeFirewallRule(fwRule.getId(), apply);
+ return revokeIngressFirewallRule(fwRule.getId(), apply);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2214bd25/server/test/com/cloud/network/MockFirewallManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/network/MockFirewallManagerImpl.java b/server/test/com/cloud/network/MockFirewallManagerImpl.java
index 3c02613..e484e61 100644
--- a/server/test/com/cloud/network/MockFirewallManagerImpl.java
+++ b/server/test/com/cloud/network/MockFirewallManagerImpl.java
@@ -70,9 +70,13 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana
}
@Override
- public boolean revokeFirewallRule(long ruleId, boolean apply) {
- // TODO Auto-generated method stub
- return false;
+ public boolean revokeIngressFirewallRule(long ruleId, boolean apply) {
+ return false; //To change body of implemented methods use File | Settings | File Templates.
+ }
+
+ @Override
+ public boolean revokeEgressFirewallRule(long ruleId, boolean apply) {
+ return false; //To change body of implemented methods use File | Settings | File Templates.
}
@Override
@@ -88,6 +92,26 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana
}
@Override
+ public FirewallRule updateIngressFirewallRule(long ruleId, String customId, Boolean forDisplay) {
+ return null; //To change body of implemented methods use File | Settings | File Templates.
+ }
+
+ @Override
+ public FirewallRule updateEgressFirewallRule(long ruleId, String customId, Boolean forDisplay) {
+ return null; //To change body of implemented methods use File | Settings | File Templates.
+ }
+
+ @Override
+ public boolean applyIngressFwRules(long ipId, Account caller) throws ResourceUnavailableException {
+ return false; //To change body of implemented methods use File | Settings | File Templates.
+ }
+
+ @Override
+ public boolean revokeIngressFwRule(long ruleId, boolean apply) {
+ return false; //To change body of implemented methods use File | Settings | File Templates.
+ }
+
+ @Override
public void detectRulesConflict(FirewallRule newRule) throws NetworkRuleConflictException {
// TODO Auto-generated method stub
@@ -184,10 +208,5 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana
return null;
}
- @Override
- public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) {
- // TODO Auto-generated method stub
- return null;
- }
}