You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ch...@apache.org on 2013/01/17 01:38:52 UTC
[6/15] git commit: WIP : edge security policy
WIP : edge security policy
Signed-off-by: Chiradeep Vittal <ch...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/6a0964af
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/6a0964af
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/6a0964af
Branch: refs/heads/cisco-vnmc-api-integration
Commit: 6a0964af00437e2175c95f76e913683393ee8988
Parents: e32295e
Author: Chiradeep Vittal <ch...@apache.org>
Authored: Wed Jan 16 15:30:30 2013 -0800
Committer: Chiradeep Vittal <ch...@apache.org>
Committed: Wed Jan 16 15:30:30 2013 -0800
----------------------------------------------------------------------
.../network/cisco/associate-nat-policy-set.xml | 19 +
.../network/cisco/create-edge-security-profile.xml | 23 ++
.../network/cisco/create-nat-policy-set.xml | 32 ++
.../network/cisco/create-source-nat-policy.xml | 109 ++++++
.../network/cisco/create-source-nat-pool.xml | 41 ++
.../cisco-vnmc/scripts/network/cisco/xml | 1 +
.../cloud/network/resource/CiscoVnmcResource.java | 302 ++++++++++-----
.../resource/test/CiscoVnmcResourceTest.java | 66 +++-
8 files changed, 489 insertions(+), 104 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6a0964af/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml
new file mode 100644
index 0000000..a16c8ae
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml
@@ -0,0 +1,19 @@
+<configConfMos
+ cookie="%cookie%"
+ inHierarchical="false">
+ <inConfigs>
+ <pair key="%espdn%" >
+ <policyVirtualNetworkEdgeProfile
+ connTimeoutRef=""
+ descr="%descr%"
+ dn="%espdn%"
+ egressAclPsetRef="default-egress"
+ ingressAclPsetRef="default-ingress"
+ inspectRef=""
+ name="%name%"
+ natPsetRef="%natpolicysetname%"
+ status="modified"
+ vpnRef=""/>
+ </pair>
+ </inConfigs>
+</configConfMos>
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6a0964af/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-security-profile.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-security-profile.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-security-profile.xml
new file mode 100644
index 0000000..4827711
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-security-profile.xml
@@ -0,0 +1,23 @@
+<configConfMo
+ dn=""
+ cookie="%cookie%"
+ inHierarchical="false">
+ <inConfig>
+ <policyVirtualNetworkEdgeProfile
+ descr="%descr%"
+ dn="%espdn%"
+ egressAclPsetRef="%egressref%"
+ ingressAclPsetRef="%ingressref%"
+ name="%name%"
+ status="created"
+ vpnRef=""/>
+ </inConfig>
+</configConfMo>
+
+<!--
+ descr="Edge Security Profile for Tenant3"
+ dn="org-root/org-TestTenant3/org-Tenant3-VDC/vnep-Tenant3-ESSP"
+ egressAclPsetRef="default-egress"
+ ingressAclPsetRef="default-ingress"
+ name="Tenant3-ESSP"
+--!>
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6a0964af/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-set.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-set.xml
new file mode 100644
index 0000000..1f48366
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-set.xml
@@ -0,0 +1,32 @@
+<configConfMos
+ cookie="%cookie%"
+ inHierarchical="false">
+ <inConfigs>
+ <pair key="%natpolicyrefdn%" >
+ <policyPolicyNameRef
+ dn="%natpolicyrefdn%"
+ order="100"
+ policyName="%natpolicyname%"
+
+ status="created"/>
+ </pair>
+
+ <pair key="%natpolicysetdn%">
+ <natpolicyNatPolicySet
+ adminState="enabled"
+ descr=""
+ dn="%natpolicysetdn%"
+ name="%natpolicysetname%"
+ status="created"/>
+ </pair>
+
+ </inConfigs>
+</configConfMos>
+
+<!--
+ natpolicyrefdn="org-root/org-TenantD/org-VDC-TenantD/natpset-TenantD-NAT-Policy-Set/polref-Source-NAT-Policy-TenantD"
+ natpolicysetdn="org-root/org-TenantD/org-VDC-TenantD/natpset-TenantD-NAT-Policy-Set"
+ natpolicyname="Source-NAT-Policy-TenantD"
+ natpolicysetname
+
+--!>
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6a0964af/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-policy.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-policy.xml
new file mode 100644
index 0000000..995e766
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-policy.xml
@@ -0,0 +1,109 @@
+<configConfMos
+ cookie="%cookie%"
+ inHierarchical="false">
+ <inConfigs>
+
+ <pair key="%natruleruledn%" >
+ <policyRuleCondition
+ dn="%natruleruledn%"
+ id="2"
+ order="unspecified"
+ status="created"/>
+ </pair>
+
+ <pair key="%natsnatruleconddn%" >
+ <policyNwAttrQualifier
+ attrEp="source"
+ dn="%natsnatruleconddn%"
+ status="created"/>
+ </pair>
+
+ <pair key="%natpoldn%" >
+ <natpolicyNatRuleBasedPolicy
+ adminState="enabled"
+ descr="%natpoldescr%"
+ dn="%natpoldn%"
+ name="%natpolname%"
+ status="created"/>
+ </pair>
+
+ <pair key="%natipdn2%" >
+ <policyIPAddress
+ dataType="string"
+ descr=""
+ dn="%natipdn2%"
+ id="2"
+ name=""
+ placement="begin"
+ status="created"
+ value="%sourcestartip%"/>
+ </pair>
+
+ <pair key="%natipdn3%" >
+ <policyIPAddress
+ dataType="string"
+ descr=""
+ dn="%natipdn3%"
+ id="3"
+ name=""
+ placement="end"
+ status="created"
+ value="%sourceendip%"/>
+ </pair>
+
+ <pair key="%natrangedn%" >
+ <policyNetworkExpression
+ dn="%natrangedn%"
+ id="2"
+ opr="range"
+ status="created"/>
+ </pair>
+
+ <pair key="%natruledn%" >
+ <policyRule
+ descr="%natruledescr%"
+ dn="%natrulen%"
+ name="%natrulename%"
+ order="100"
+ status="created"/>
+ </pair>
+
+ <pair key="%natactiondn%" >
+ <natpolicyNatAction
+ actionType="static"
+ destTranslatedIpPool=""
+ destTranslatedPortPool=""
+ dn="%natactiondn%"
+ id="0"
+ isBidirectionalEnabled="yes"
+ isDnsEnabled="yes"
+ isNoProxyArpEnabled="no"
+ isRoundRobinIpEnabled="no"
+
+ srcTranslatedIpPatPool=""
+ srcTranslatedIpPool="%sourcenatpoolname%"
+ srcTranslatedPortPool=""
+ status="created"/>
+ </pair>
+
+ </inConfigs>
+</configConfMos>
+
+<!--
+ natactiondn="org-root/org-TestTenant3/org-Tenant3-VDC/natpol-Source-NAT-For-Tenant3/rule-Source-NAT-Policy-Rule/nat-action"
+ srcTranslatedIpPool="Source-NAT-Pool-For-Tenant3"
+ natruledn="org-root/org-TestTenant3/org-Tenant3-VDC/natpol-Source-NAT-For-Tenant3/rule-Source-NAT-Policy-Rule"
+ natrulename="Source-NAT-Policy-Rule"
+ natruledescr="Source NAT Policy Rule for Tenant3"
+ natrangedn="org-root/org-TestTenant3/org-Tenant3-VDC/natpol-Source-NAT-For-Tenant3/rule-Source-NAT-Policy-Rule/rule-cond-2/nw-expr2"
+ natipdn="org-root/org-TestTenant3/org-Tenant3-VDC/natpol-Source-NAT-For-Tenant3/rule-Source-NAT-Policy-Rule/rule-cond-2/nw-expr2/nw-ip-3"
+ natpoldn="org-root/org-TestTenant3/org-Tenant3-VDC/natpol-Source-NAT-For-Tenant3"
+ natpolname="Source-NAT-For-Tenant3"
+ natpoldescr="%natpoldescr%"
+ natsnatruleconddn="org-root/org-TestTenant3/org-Tenant3-VDC/natpol-Source-NAT-For-Tenant3/rule-Source-NAT-Policy-Rule/rule-cond-2/nw-expr2/nw-attr-qual"
+ natruleruledn="org-root/org-TestTenant3/org-Tenant3-VDC/natpol-Source-NAT-For-Tenant3/rule-Source-NAT-Policy-Rule/rule-cond-2"
+ natipdn2="org-root/org-TestTenant3/org-Tenant3-VDC/natpol-Source-NAT-For-Tenant3/rule-Source-NAT-Policy-Rule/rule-cond-2/nw-expr2/nw-ip-2"
+ value="%sourcestartip%"
+ value="%sourceendip%"
+
+--!>
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6a0964af/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-pool.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-pool.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-pool.xml
new file mode 100644
index 0000000..da5a7bd
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-pool.xml
@@ -0,0 +1,41 @@
+<configConfMos
+cookie="%cookie%"
+inHierarchical="false">
+ <inConfigs>
+ <pair key="%snatpoolexprdn%" >
+ <policyObjectGroupExpression
+ dn="%snatpoolexprdn%"
+ opr="eq"
+ order="unspecified"
+ status="created"/>
+ </pair>
+
+ <pair key="%publicipdn%" >
+ <policyIPAddress
+ dataType="string"
+ descr=""
+ dn="%publicipdn%"
+ name=""
+ placement="none"
+ status="created"
+ value="%publicip%"/>
+ </pair>
+
+ <pair key="%snatpooldn%">
+ <policyObjectGroup
+ descr="%descr%"
+ dn="%snatpooldn%"
+ name="%name%"
+ status="created"/>
+ </pair>
+
+ </inConfigs>
+</configConfMos>
+
+<!--
+ snatpoolexprdn dn="org-root/org-TestTenant3/org-Tenant3-VDC/objgrp-Source-NAT-Pool-For-Tenant3/objgrp-expr-2"
+ publicipdn dn="org-root/org-TestTenant3/org-Tenant3-VDC/objgrp-Source-NAT-Pool-For-Tenant3/objgrp-expr-2/nw-ip-2"
+ snatpooldn= "org-root/org-TestTenant3/org-Tenant3-VDC/objgrp-Source-NAT-Pool-For-Tenant3"
+ value="10.223.136.10"/>
+
+--!>
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6a0964af/plugins/network-elements/cisco-vnmc/scripts/network/cisco/xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/xml
new file mode 100644
index 0000000..eca3705
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/xml
@@ -0,0 +1 @@
+<configConfMoscookie="1349308528/b3cb56de-5d62-4d81-bf32-76f7148891eb" inHierarchical="false"> <inConfigs> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE" > <policyRuleCondition dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE" id="2" order="unspecified" status="created"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2/nw-attr-qual" > <policyNwAttrQualifier attrEp="source" dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2/nw-attr-qual" status="created"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE" > <natpolicyNatR
uleBasedPolicy adminState="enabled" descr="Source NAT Rule for Tenant TenantE" dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE" name="Source-NAT-For-TenantE" status="created"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2/nw-ip-2" <policyIPAddress dataType="string" descr="" dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2/nw-ip-2" id="2" name="" placement="begin" status="created" value="10.1.1.2"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2/nw-ip-2" > <policyIPAddress dataType="string" descr="" dn="org-
root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2/nw-ip-2" id="3" name="" placement="end" status="created" value="10.1.1.254"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2" > <policyNetworkExpression dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2" id="2" opr="range" status="created"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2" > <policyRule descr="Source NAT Policy for Tenant TenantE" dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE"
name="%natrulerulename%" order="100" status="created"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/nat-action" > <natpolicyNatAction actionType="static" destTranslatedIpPool="" destTranslatedPortPool="" dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/nat-action" id="0" isBidirectionalEnabled="yes" isDnsEnabled="yes" isNoProxyArpEnabled="no" isRoundRobinIpEnabled="no" srcTranslatedIpPatPool="" srcTranslatedIpPool="Source-NAT-Pool-For-TenantE" srcTranslatedPortPool="" status="created"/> </pair> </inConfigs></configConfMos>
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6a0964af/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
index 1d5b76d..f9a4eae 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@@ -89,7 +89,15 @@ public class CiscoVnmcResource implements ServerResource {
RESOLVE_EDGE_ROUTE_POLICY("associate-route-policy.xml", "policy-mgr"),
RESOLVE_EDGE_DHCP_POLICY("associate-dhcp-policy.xml", "policy-mgr"),
CREATE_DHCP_POLICY("create-dhcp-policy.xml", "policy-mgr"),
- RESOLVE_EDGE_DHCP_SERVER_POLICY("associate-dhcp-server.xml", "policy-mgr");
+ RESOLVE_EDGE_DHCP_SERVER_POLICY("associate-dhcp-server.xml", "policy-mgr"),
+ CREATE_EDGE_SECURITY_PROFILE("create-edge-security-profile.xml", "policy-mgr"),
+ CREATE_SOURCE_NAT_POOL("create-source-nat-pool.xml", "policy-mgr"),
+ CREATE_SOURCE_NAT_POLICY("create-source-nat-policy.xml", "policy-mgr"),
+ CREATE_NAT_POLICY_SET("create-nat-policy-set.xml", "policy-mgr"),
+ RESOLVE_NAT_POLICY_SET("associate-nat-policy-set.xml", "policy-mgr");
+
+
+
private String scriptsDir = "scripts/network/cisco";
private String xml;
@@ -119,7 +127,8 @@ public class CiscoVnmcResource implements ServerResource {
String xml = "";
String line;
while ((line = br.readLine()) != null) {
- xml += line.replaceAll("\n"," ");
+ //xml += line.replaceAll("\n"," ");
+ xml += line;
}
return xml;
@@ -337,6 +346,10 @@ public class CiscoVnmcResource implements ServerResource {
return getDnForTenantVDC(tenantName) + "/edsp-" + getNameForEdgeDeviceServiceProfile(tenantName);
}
+ private String getDnForTenantVDCEdgeSecurityProfile(String tenantName) {
+ return getDnForTenantVDC(tenantName) + "/vnep-" + getNameForEdgeDeviceSecurityProfile(tenantName);
+ }
+
private String getDnForEdgeDeviceRoutingPolicy(String tenantName) {
return getDnForTenantVDC(tenantName) + "/routing-policy-" + getNameForEdgeDeviceRoutePolicy(tenantName);
//FIXME: any other construct is unreliable. why?
@@ -391,6 +404,10 @@ public class CiscoVnmcResource implements ServerResource {
return "EDSP-" + tenantName;
}
+ private String getNameForEdgeDeviceSecurityProfile(String tenantName) {
+ return "ESP-" + tenantName;
+ }
+
private String getNameForEdgeDeviceRoutePolicy(String tenantName) {
return "EDSP-" + tenantName + "-Routes";//FIXME: this has to match DN somehow?
}
@@ -404,17 +421,7 @@ public class CiscoVnmcResource implements ServerResource {
xml = replaceXmlValue(xml, "dn", getDnForTenant(tenantName));
String response = sendRequest(service, xml);
- Map<String, String> checked = checkResponse(response, "errorCode", "response");
-
- if (checked.get("errorCode") != null) {
- String errorCode = checked.get("errorCode");
- if (errorCode.equals("103")) {
- //tenant already exists
- return true;
- }
- return false;
- }
- return true;
+ return verifySuccess(response);
}
public boolean createTenantVDC(String tenantName) throws ExecutionException {
@@ -426,17 +433,8 @@ public class CiscoVnmcResource implements ServerResource {
xml = replaceXmlValue(xml, "dn", getDnForTenantVDC(tenantName));
String response = sendRequest(service, xml);
- Map<String, String> checked = checkResponse(response, "errorCode", "response");
- if (checked.get("errorCode") != null) {
- String errorCode = checked.get("errorCode");
- if (errorCode.equals("103")) {
- //tenant already exists
- return true;
- }
- return false;
- }
- return true;
+ return verifySuccess(response);
}
public boolean createTenantVDCEdgeDeviceProfile(String tenantName) throws ExecutionException {
@@ -448,17 +446,8 @@ public class CiscoVnmcResource implements ServerResource {
xml = replaceXmlValue(xml, "dn", getDnForTenantVDCEdgeDeviceProfile(tenantName));
String response = sendRequest(service, xml);
- Map<String, String> checked = checkResponse(response, "errorCode", "response");
- if (checked.get("errorCode") != null) {
- String errorCode = checked.get("errorCode");
- if (errorCode.equals("103")) {
- //tenant already exists
- return true;
- }
- return false;
- }
- return true;
+ return verifySuccess(response);
}
public boolean createTenantVDCEdgeStaticRoutePolicy(String tenantName) throws ExecutionException {
@@ -471,17 +460,7 @@ public class CiscoVnmcResource implements ServerResource {
String response = sendRequest(service, xml);
- Map<String, String> checked = checkResponse(response, "errorCode", "response");
-
- if (checked.get("errorCode") != null) {
- String errorCode = checked.get("errorCode");
- if (errorCode.equals("103")) {
- //already exists
- return true;
- }
- return false;
- }
- return true;
+ return verifySuccess(response);
}
public boolean createTenantVDCEdgeStaticRoute(String tenantName,
@@ -500,17 +479,7 @@ public class CiscoVnmcResource implements ServerResource {
//TODO: this adds default route, make it more generic
String response = sendRequest(service, xml);
- Map<String, String> checked = checkResponse(response, "errorCode", "response");
-
- if (checked.get("errorCode") != null) {
- String errorCode = checked.get("errorCode");
- if (errorCode.equals("103")) {
- //tenant already exists
- return true;
- }
- return false;
- }
- return true;
+ return verifySuccess(response);
}
public boolean associateTenantVDCEdgeStaticRoutePolicy(String tenantName) throws ExecutionException {
@@ -522,17 +491,7 @@ public class CiscoVnmcResource implements ServerResource {
xml = replaceXmlValue(xml, "routepolicyname", getNameForEdgeDeviceRoutePolicy(tenantName));
String response = sendRequest(service, xml);
- Map<String, String> checked = checkResponse(response, "errorCode", "response");
-
- if (checked.get("errorCode") != null) {
- String errorCode = checked.get("errorCode");
- if (errorCode.equals("103")) {
- //already exists
- return true;
- }
- return false;
- }
- return true;
+ return verifySuccess(response);
}
public boolean associateTenantVDCEdgeDhcpPolicy(String tenantName, String intfName) throws ExecutionException {
@@ -543,17 +502,8 @@ public class CiscoVnmcResource implements ServerResource {
xml = replaceXmlValue(xml, "insideintf", intfName);
String response = sendRequest(service, xml);
- Map<String, String> checked = checkResponse(response, "errorCode", "response");
- if (checked.get("errorCode") != null) {
- String errorCode = checked.get("errorCode");
- if (errorCode.equals("103")) {
- //already exists
- return true;
- }
- return false;
- }
- return true;
+ return verifySuccess(response);
}
public boolean createTenantVDCEdgeDhcpPolicy(String tenantName,
@@ -575,17 +525,7 @@ public class CiscoVnmcResource implements ServerResource {
xml = replaceXmlValue(xml, "nameserverdn", getDnForDnsServer(tenantName, nameServerIp));
String response = sendRequest(service, xml);
- Map<String, String> checked = checkResponse(response, "errorCode", "response");
-
- if (checked.get("errorCode") != null) {
- String errorCode = checked.get("errorCode");
- if (errorCode.equals("103")) {
- //already exists
- return true;
- }
- return false;
- }
- return true;
+ return verifySuccess(response);
}
public boolean associateTenantVDCEdgeDhcpServerPolicy(String tenantName, String intfName) throws ExecutionException {
@@ -597,18 +537,167 @@ public class CiscoVnmcResource implements ServerResource {
xml = replaceXmlValue(xml, "dhcpserverpolicyname", getNameForDhcpServer(tenantName));
String response = sendRequest(service, xml);
- Map<String, String> checked = checkResponse(response, "errorCode", "response");
-
- if (checked.get("errorCode") != null) {
- String errorCode = checked.get("errorCode");
- if (errorCode.equals("103")) {
- //already exists
- return true;
- }
- return false;
- }
- return true;
- }
+ return verifySuccess(response);
+ }
+
+ public boolean createTenantVDCEdgeSecurityProfile(String tenantName) throws ExecutionException {
+ String xml = VnmcXml.CREATE_EDGE_SECURITY_PROFILE.getXml();
+ String service = VnmcXml.CREATE_EDGE_SECURITY_PROFILE.getService();
+ xml = replaceXmlValue(xml, "cookie", _cookie);
+ xml = replaceXmlValue(xml, "descr", "Edge Security Profile for Tenant VDC" + tenantName);
+ xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName));
+ xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName));
+ xml = replaceXmlValue(xml, "egressref", "default-egress");
+ xml = replaceXmlValue(xml, "ingressref", "default-ingress"); //FIXME: allows everything
+
+ String response = sendRequest(service, xml);
+
+ return verifySuccess(response);
+ }
+
+ private String getNameForSourceNatPool(String tenantName) {
+ return "Source-NAT-Pool-For-" + tenantName;
+ }
+
+ private String getDnForSourceNatPool(String tenantName) {
+ return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForSourceNatPool(tenantName);
+ }
+
+ private String getDnForSourceNatPoolExpr(String tenantName) {
+ return getDnForSourceNatPool(tenantName) + "/objgrp-expr-2";
+ }
+
+ private String getDnForSourceNatPublicIp(String tenantName) {
+ return getDnForSourceNatPoolExpr(tenantName) + "/nw-ip-2";
+ }
+
+ public boolean createTenantVDCSourceNATPool(String tenantName, String publicIp) throws ExecutionException {
+ String xml = VnmcXml.CREATE_SOURCE_NAT_POOL.getXml();
+ String service = VnmcXml.CREATE_SOURCE_NAT_POOL.getService();
+ xml = replaceXmlValue(xml, "cookie", _cookie);
+ xml = replaceXmlValue(xml, "descr", "Source NAT pool for Tenant VDC " + tenantName);
+ xml = replaceXmlValue(xml, "name", getNameForSourceNatPool(tenantName));
+ xml = replaceXmlValue(xml, "snatpooldn", getDnForSourceNatPool(tenantName));
+ xml = replaceXmlValue(xml, "snatpoolexprdn", getDnForSourceNatPoolExpr(tenantName));
+ xml = replaceXmlValue(xml, "publicipdn", getDnForSourceNatPublicIp(tenantName));
+ xml = replaceXmlValue(xml, "publicip", publicIp);
+
+ String response = sendRequest(service, xml);
+
+ return verifySuccess(response);
+ }
+
+
+ private String getNameForSourceNatPolicy(String tenantName) {
+ return "Source-NAT-For-" + tenantName;
+ }
+
+ private String getDnForSourceNatPolicy(String tenantName) {
+ return getDnForTenantVDC(tenantName) + "/natpol-" + getNameForSourceNatPolicy(tenantName);
+ }
+
+ private String getNameForSourceNatRule(String tenantName) {
+ return "Source-NAT-Policy-Rule-" + tenantName;
+ }
+
+ private String getDnForSourceNatRule(String tenantName) {
+ return getDnForSourceNatPolicy(tenantName) + "/rule-" + getNameForSourceNatRule(tenantName);
+ }
+
+ private String getDnForSourceNatRuleAction(String tenantName) {
+ return getDnForSourceNatRule(tenantName) + "/nat-action";
+ }
+
+ private String getDnForSourceNatRuleRule(String tenantName) {
+ return getDnForSourceNatRule(tenantName) + "/rule-cond-2";
+ }
+
+ private String getDnForSourceNatRuleRange(String tenantName) {
+ return getDnForSourceNatRuleRule(tenantName) + "/nw-expr2";
+ }
+
+ private String getDnForSourceNatRuleRangeIp(String tenantName, int id) {
+ return getDnForSourceNatRuleRange(tenantName) + "/nw-ip-" + id;
+ }
+
+ private String getDnForSourceNatRuleRangeAttr(String tenantName) {
+ return getDnForSourceNatRuleRange(tenantName) + "/nw-attr-qual";
+ }
+
+ public boolean createTenantVDCSourceNATPolicy(String tenantName,
+ String startSourceIp, String endSourceIp) throws ExecutionException {
+
+ String xml = VnmcXml.CREATE_SOURCE_NAT_POLICY.getXml();
+ String service = VnmcXml.CREATE_SOURCE_NAT_POLICY.getService();
+ xml = replaceXmlValue(xml, "cookie", _cookie);
+ xml = replaceXmlValue(xml, "descr", "Source NAT Policy for Tenant VDC " + tenantName);
+ xml = replaceXmlValue(xml, "srcTranslatedIpPool", getNameForSourceNatPool(tenantName));
+ xml = replaceXmlValue(xml, "natrulename", getNameForSourceNatRule(tenantName));
+ xml = replaceXmlValue(xml, "natpolname", getNameForSourceNatPolicy(tenantName));
+ xml = replaceXmlValue(xml, "natruleruledescr", "Source NAT Policy for Tenant " + tenantName);
+ xml = replaceXmlValue(xml, "natpoldescr", "Source NAT Rule for Tenant " + tenantName);
+ xml = replaceXmlValue(xml, "natpoldn", getDnForSourceNatPolicy(tenantName));
+ xml = replaceXmlValue(xml, "natruledn", getDnForSourceNatRule(tenantName));
+ xml = replaceXmlValue(xml, "sourcestartip", startSourceIp);
+ xml = replaceXmlValue(xml, "sourceendip", endSourceIp);
+ xml = replaceXmlValue(xml, "sourcenatpoolname", getNameForSourceNatPool(tenantName));
+
+
+ xml = replaceXmlValue(xml, "natactiondn", getDnForSourceNatRuleAction(tenantName));
+ xml = replaceXmlValue(xml, "natruleruledn", getDnForSourceNatRuleRule(tenantName));
+ xml = replaceXmlValue(xml, "natrangedn", getDnForSourceNatRuleRange(tenantName));
+ xml = replaceXmlValue(xml, "natipdn2", getDnForSourceNatRuleRangeIp(tenantName, 2));
+ xml = replaceXmlValue(xml, "natipdn3", getDnForSourceNatRuleRangeIp(tenantName, 3));
+
+ xml = replaceXmlValue(xml, "natsnatruleconddn", getDnForSourceNatRuleRangeAttr(tenantName));
+
+ String response = sendRequest(service, xml);
+
+ return verifySuccess(response);
+ }
+
+ private String getNameForNatPolicySet(String tenantName) {
+ return "NAT-Policy-Set-" + tenantName;
+ }
+
+ private String getDnForNatPolicySet(String tenantName) {
+ return getDnForTenantVDC(tenantName) + "/natpset-" + getNameForNatPolicySet(tenantName) ;
+ }
+
+ private String getDnForNatPolicySetRef(String tenantName) {
+ return getDnForNatPolicySet(tenantName) + "/polref-" + getNameForSourceNatPolicy(tenantName) ;
+ }
+
+ public boolean createTenantVDCNatPolicySet(String tenantName) throws ExecutionException {
+ String xml = VnmcXml.CREATE_NAT_POLICY_SET.getXml();
+ String service = VnmcXml.CREATE_NAT_POLICY_SET.getService();
+ xml = replaceXmlValue(xml, "cookie", _cookie);
+ //xml = replaceXmlValue(xml, "descr", "Nat Policy Set for Tenant VDC " + tenantName);
+ xml = replaceXmlValue(xml, "natpolicyname", getNameForSourceNatPolicy(tenantName));
+ xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName));
+ xml = replaceXmlValue(xml, "natpolicysetdn", getDnForNatPolicySet(tenantName));
+ xml = replaceXmlValue(xml, "natpolicyrefdn", getDnForNatPolicySetRef(tenantName));
+
+ String response = sendRequest(service, xml);
+
+ return verifySuccess(response);
+ }
+
+ public boolean associateNatPolicySet(String tenantName) throws ExecutionException {
+ String xml = VnmcXml.RESOLVE_NAT_POLICY_SET.getXml();
+ String service = VnmcXml.RESOLVE_NAT_POLICY_SET.getService();
+ xml = replaceXmlValue(xml, "cookie", _cookie);
+ xml = replaceXmlValue(xml, "descr", "Edge Security Profile for Tenant VDC" + tenantName);
+ xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName));
+ xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName));
+ xml = replaceXmlValue(xml, "egressref", "default-egress");
+ xml = replaceXmlValue(xml, "ingressref", "default-ingress");
+ xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName));
+
+ String response = sendRequest(service, xml);
+
+ return verifySuccess(response);
+ }
private String sendRequest(String service, String xmlRequest) throws ExecutionException {
org.apache.commons.httpclient.protocol.Protocol myhttps =
@@ -629,6 +718,7 @@ public class CiscoVnmcResource implements ServerResource {
response = method.getResponseBody();
}catch(Exception e){
System.out.println(e.getMessage());
+ throw new ExecutionException(e.getMessage());
}
System.out.println(new String(response));
return new String(response);
@@ -702,8 +792,20 @@ public class CiscoVnmcResource implements ServerResource {
return result;
}
-
+ private boolean verifySuccess(String xmlResponse) throws ExecutionException {
+ Map<String, String> checked = checkResponse(xmlResponse, "errorCode", "errorDescr");
+ if (checked.get("errorCode") != null) {
+ String errorCode = checked.get("errorCode");
+ if (errorCode.equals("103")) {
+ //tenant already exists
+ return true;
+ }
+ String errorDescr = checked.get("errorDescr");
+ throw new ExecutionException(errorDescr);
+ }
+ return true;
+ }
/*
* XML utils
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6a0964af/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/test/CiscoVnmcResourceTest.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/test/CiscoVnmcResourceTest.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/test/CiscoVnmcResourceTest.java
index b7d69d0..f1e6d28 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/test/CiscoVnmcResourceTest.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/test/CiscoVnmcResourceTest.java
@@ -19,6 +19,7 @@ package com.cloud.network.resource.test;
import static org.junit.Assert.assertTrue;
import org.junit.BeforeClass;
+import org.junit.Ignore;
import org.junit.Test;
import com.cloud.network.resource.CiscoVnmcResource;
@@ -41,7 +42,8 @@ public class CiscoVnmcResourceTest {
}
}
- //@Test
+ @Ignore
+ @Test
public void testLogin() {
//fail("Not yet implemented");
try {
@@ -53,6 +55,7 @@ public class CiscoVnmcResourceTest {
}
}
+ @Ignore
@Test
public void testCreateTenant() {
//fail("Not yet implemented");
@@ -65,6 +68,7 @@ public class CiscoVnmcResourceTest {
}
}
+ @Ignore
@Test
public void testCreateTenantVDC() {
//fail("Not yet implemented");
@@ -77,7 +81,7 @@ public class CiscoVnmcResourceTest {
}
}
-
+ @Ignore
@Test
public void testCreateTenantVDCEdgeDeviceProfile() {
//fail("Not yet implemented");
@@ -90,6 +94,7 @@ public class CiscoVnmcResourceTest {
}
}
+ @Ignore
@Test
public void testCreateTenantVDCEdgeDeviceRoutePolicy() {
try {
@@ -101,6 +106,7 @@ public class CiscoVnmcResourceTest {
}
}
+ @Ignore
@Test
public void testCreateTenantVDCEdgeDeviceRoute() {
try {
@@ -113,6 +119,7 @@ public class CiscoVnmcResourceTest {
}
}
+ @Ignore
@Test
public void testAssociateRoutePolicyWithEdgeProfile() {
try {
@@ -124,6 +131,7 @@ public class CiscoVnmcResourceTest {
}
}
+ @Ignore
@Test
public void testAssociateTenantVDCEdgeDhcpPolicy() {
try {
@@ -135,6 +143,7 @@ public class CiscoVnmcResourceTest {
}
}
+ @Ignore
@Test
public void testCreateTenantVDCEdgeDhcpPolicy() {
try {
@@ -147,14 +156,63 @@ public class CiscoVnmcResourceTest {
}
}
+ @Ignore
+ @Test
+ public void testCreateTenantVDCEdgeSecurityProfile() {
+ try {
+ boolean response = resource.createTenantVDCEdgeSecurityProfile(tenantName);
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Ignore
+ @Test
+ public void testCreateTenantVDCSourceNATPool() {
+ try {
+ boolean response = resource.createTenantVDCSourceNATPool(tenantName, "10.223.136.10");
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Ignore
@Test
- public void testAssociateTenantVDCEdgeDhcpServerPolicy() {
+ public void testCreateTenantVDCSourceNATPolicy() {
try {
- boolean response = resource.associateTenantVDCEdgeDhcpServerPolicy(tenantName, "Edge_Inside");
+ boolean response = resource.createTenantVDCSourceNATPolicy(tenantName, "10.1.1.2", "10.1.1.254");
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
+
+ @Ignore
+ @Test
+ public void testCreateTenantVDCNatPolicySet() {
+ try {
+ boolean response = resource.createTenantVDCNatPolicySet(tenantName);
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testAssociateNatPolicySet() {
+ try {
+ boolean response = resource.associateNatPolicySet(tenantName);
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
}