You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Will Stevens <ws...@cloudops.com> on 2013/10/29 21:52:15 UTC
Review Request 15050: Add Palo Alto Networks Firewall Integration
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/
-----------------------------------------------------------
Review request for cloudstack and Sheng Yang.
Bugs: CLOUDSTACK-1275
https://issues.apache.org/jira/browse/CLOUDSTACK-1275
Repository: cloudstack-git
Description
-------
More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.
Diffs
-----
api/src/com/cloud/network/Network.java 49f380b
api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
client/WEB-INF/classes/resources/messages.properties c075bf8
client/pom.xml fd1f13a
client/tomcatconf/commands.properties.in 96e841a
client/tomcatconf/nonossComponentContext.xml.in 0502bbc
plugins/network-elements/palo-alto/pom.xml PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
plugins/pom.xml ca41dff
server/src/com/cloud/api/ApiResponseHelper.java f4ca112
server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1
ui/dictionary.jsp 80aab6f
ui/scripts/docs.js 3a4f8ca
ui/scripts/system.js 0af3952
Diff: https://reviews.apache.org/r/15050/diff/
Testing
-------
I have tested all of the functionality listed under 'supported features'.
Thanks,
Will Stevens
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Sheng Yang <sh...@yasker.org>.
> On Oct. 30, 2013, 5:34 p.m., Sheng Yang wrote:
> > Ship It!
No shipping for now.
Sorry, press the wrong one. I meant to ship the other patch.
Will, since it's a big change, could you send out a notice to the community about this merge?
Thanks!
- Sheng
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/#review27794
-----------------------------------------------------------
On Oct. 29, 2013, 8:52 p.m., Will Stevens wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15050/
> -----------------------------------------------------------
>
> (Updated Oct. 29, 2013, 8:52 p.m.)
>
>
> Review request for cloudstack and Sheng Yang.
>
>
> Bugs: CLOUDSTACK-1275
> https://issues.apache.org/jira/browse/CLOUDSTACK-1275
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
>
> This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
>
> Features supported are:
> - List/Add/Delete Palo Alto service provider
> - List/Add/Delete Palo Alto network service offering
> - List/Add/Delete Palo Alto network with above service offering
> - Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
> - List/Add/Delete Ingress Firewall rule
> - List/Add/Delete Egress Firewall rule
> - List/Add/Delete Port Forwarding rule
> - List/Add/Delete Static Nat rule
> - Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
> - Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
>
> Knowns limitations:
> - Only supports one public IP range in CloudStack.
> - Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
> - Currently not tracking usage on Public IPs.
>
>
> Diffs
> -----
>
> api/src/com/cloud/network/Network.java 49f380b
> api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
> api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
> api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
> client/WEB-INF/classes/resources/messages.properties c075bf8
> client/pom.xml fd1f13a
> client/tomcatconf/commands.properties.in 96e841a
> client/tomcatconf/nonossComponentContext.xml.in 0502bbc
> plugins/network-elements/palo-alto/pom.xml PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
> plugins/pom.xml ca41dff
> server/src/com/cloud/api/ApiResponseHelper.java f4ca112
> server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1
> ui/dictionary.jsp 80aab6f
> ui/scripts/docs.js 3a4f8ca
> ui/scripts/system.js 0af3952
>
> Diff: https://reviews.apache.org/r/15050/diff/
>
>
> Testing
> -------
>
> I have tested all of the functionality listed under 'supported features'.
>
>
> Thanks,
>
> Will Stevens
>
>
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Will Stevens <ws...@cloudops.com>.
> On Oct. 30, 2013, 5:34 p.m., Sheng Yang wrote:
> > Ship It!
>
> Sheng Yang wrote:
> No shipping for now.
>
> Sorry, press the wrong one. I meant to ship the other patch.
>
> Will, since it's a big change, could you send out a notice to the community about this merge?
>
> Thanks!
>
> Will Stevens wrote:
> Yes, no problem... What type of information would you like to be included in this notice?
>
> Thx...
>
> Sheng Yang wrote:
> It would looks like e.g. http://www.mail-archive.com/dev@cloudstack.apache.org/msg17259.html , and the history of patch/related discussion is needed as well.
>
> The purpose is to let community notice that there is a new feature would be in, and check on it.
>
> Community would vote on it and after the vote pass we can merge it.
>
> And I think it would need some test cases or unit tests for such a big merge.
>
>
>
> Will Stevens wrote:
> Great! Thank you. I will put that together.
I have put together these details. They can be found at: http://markmail.org/message/m7ynuc2tbkyxojv3?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+%5BMerge%5D+Palo+Alto+Networks+firewall+integration+to+master
- Will
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/#review27794
-----------------------------------------------------------
On Oct. 31, 2013, 8:48 p.m., Will Stevens wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15050/
> -----------------------------------------------------------
>
> (Updated Oct. 31, 2013, 8:48 p.m.)
>
>
> Review request for cloudstack and Sheng Yang.
>
>
> Bugs: CLOUDSTACK-1275
> https://issues.apache.org/jira/browse/CLOUDSTACK-1275
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
>
> This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
>
> Features supported are:
> - List/Add/Delete Palo Alto service provider
> - List/Add/Delete Palo Alto network service offering
> - List/Add/Delete Palo Alto network with above service offering
> - Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
> - List/Add/Delete Ingress Firewall rule
> - List/Add/Delete Egress Firewall rule
> - List/Add/Delete Port Forwarding rule
> - List/Add/Delete Static Nat rule
> - Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
> - Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
>
> Knowns limitations:
> - Only supports one public IP range in CloudStack.
> - Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
> - Currently not tracking usage on Public IPs.
>
>
> Diffs
> -----
>
> api/src/com/cloud/network/Network.java 49f380b
> api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
> api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
> api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
> client/WEB-INF/classes/resources/messages.properties c075bf8
> client/pom.xml fd1f13a
> client/tomcatconf/commands.properties.in 96e841a
> client/tomcatconf/nonossComponentContext.xml.in 0502bbc
> plugins/network-elements/palo-alto/pom.xml PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
> plugins/pom.xml ca41dff
> server/src/com/cloud/api/ApiResponseHelper.java f4ca112
> server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1
> ui/dictionary.jsp 80aab6f
> ui/scripts/docs.js 3a4f8ca
> ui/scripts/system.js 0af3952
>
> Diff: https://reviews.apache.org/r/15050/diff/
>
>
> Testing
> -------
>
> I have tested all of the functionality listed under 'supported features'.
>
> Unit tests are in file 24 and 25 of this patch. The details of the tests can be found in the functional spec.
>
>
> Thanks,
>
> Will Stevens
>
>
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Sheng Yang <sh...@yasker.org>.
> On Oct. 30, 2013, 5:34 p.m., Sheng Yang wrote:
> > Ship It!
>
> Sheng Yang wrote:
> No shipping for now.
>
> Sorry, press the wrong one. I meant to ship the other patch.
>
> Will, since it's a big change, could you send out a notice to the community about this merge?
>
> Thanks!
>
> Will Stevens wrote:
> Yes, no problem... What type of information would you like to be included in this notice?
>
> Thx...
It would looks like e.g. http://www.mail-archive.com/dev@cloudstack.apache.org/msg17259.html , and the history of patch/related discussion is needed as well.
The purpose is to let community notice that there is a new feature would be in, and check on it.
Community would vote on it and after the vote pass we can merge it.
And I think it would need some test cases or unit tests for such a big merge.
- Sheng
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/#review27794
-----------------------------------------------------------
On Oct. 29, 2013, 8:52 p.m., Will Stevens wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15050/
> -----------------------------------------------------------
>
> (Updated Oct. 29, 2013, 8:52 p.m.)
>
>
> Review request for cloudstack and Sheng Yang.
>
>
> Bugs: CLOUDSTACK-1275
> https://issues.apache.org/jira/browse/CLOUDSTACK-1275
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
>
> This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
>
> Features supported are:
> - List/Add/Delete Palo Alto service provider
> - List/Add/Delete Palo Alto network service offering
> - List/Add/Delete Palo Alto network with above service offering
> - Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
> - List/Add/Delete Ingress Firewall rule
> - List/Add/Delete Egress Firewall rule
> - List/Add/Delete Port Forwarding rule
> - List/Add/Delete Static Nat rule
> - Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
> - Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
>
> Knowns limitations:
> - Only supports one public IP range in CloudStack.
> - Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
> - Currently not tracking usage on Public IPs.
>
>
> Diffs
> -----
>
> api/src/com/cloud/network/Network.java 49f380b
> api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
> api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
> api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
> client/WEB-INF/classes/resources/messages.properties c075bf8
> client/pom.xml fd1f13a
> client/tomcatconf/commands.properties.in 96e841a
> client/tomcatconf/nonossComponentContext.xml.in 0502bbc
> plugins/network-elements/palo-alto/pom.xml PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
> plugins/pom.xml ca41dff
> server/src/com/cloud/api/ApiResponseHelper.java f4ca112
> server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1
> ui/dictionary.jsp 80aab6f
> ui/scripts/docs.js 3a4f8ca
> ui/scripts/system.js 0af3952
>
> Diff: https://reviews.apache.org/r/15050/diff/
>
>
> Testing
> -------
>
> I have tested all of the functionality listed under 'supported features'.
>
>
> Thanks,
>
> Will Stevens
>
>
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Will Stevens <ws...@cloudops.com>.
> On Oct. 30, 2013, 5:34 p.m., Sheng Yang wrote:
> > Ship It!
>
> Sheng Yang wrote:
> No shipping for now.
>
> Sorry, press the wrong one. I meant to ship the other patch.
>
> Will, since it's a big change, could you send out a notice to the community about this merge?
>
> Thanks!
>
> Will Stevens wrote:
> Yes, no problem... What type of information would you like to be included in this notice?
>
> Thx...
>
> Sheng Yang wrote:
> It would looks like e.g. http://www.mail-archive.com/dev@cloudstack.apache.org/msg17259.html , and the history of patch/related discussion is needed as well.
>
> The purpose is to let community notice that there is a new feature would be in, and check on it.
>
> Community would vote on it and after the vote pass we can merge it.
>
> And I think it would need some test cases or unit tests for such a big merge.
>
>
Great! Thank you. I will put that together.
- Will
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/#review27794
-----------------------------------------------------------
On Oct. 31, 2013, 8:45 p.m., Will Stevens wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15050/
> -----------------------------------------------------------
>
> (Updated Oct. 31, 2013, 8:45 p.m.)
>
>
> Review request for cloudstack and Sheng Yang.
>
>
> Bugs: CLOUDSTACK-1275
> https://issues.apache.org/jira/browse/CLOUDSTACK-1275
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
>
> This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
>
> Features supported are:
> - List/Add/Delete Palo Alto service provider
> - List/Add/Delete Palo Alto network service offering
> - List/Add/Delete Palo Alto network with above service offering
> - Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
> - List/Add/Delete Ingress Firewall rule
> - List/Add/Delete Egress Firewall rule
> - List/Add/Delete Port Forwarding rule
> - List/Add/Delete Static Nat rule
> - Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
> - Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
>
> Knowns limitations:
> - Only supports one public IP range in CloudStack.
> - Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
> - Currently not tracking usage on Public IPs.
>
>
> Diffs
> -----
>
> api/src/com/cloud/network/Network.java 49f380b
> api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
> api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
> api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
> client/WEB-INF/classes/resources/messages.properties c075bf8
> client/pom.xml fd1f13a
> client/tomcatconf/commands.properties.in 96e841a
> client/tomcatconf/nonossComponentContext.xml.in 0502bbc
> plugins/network-elements/palo-alto/pom.xml PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
> plugins/pom.xml ca41dff
> server/src/com/cloud/api/ApiResponseHelper.java f4ca112
> server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1
> ui/dictionary.jsp 80aab6f
> ui/scripts/docs.js 3a4f8ca
> ui/scripts/system.js 0af3952
>
> Diff: https://reviews.apache.org/r/15050/diff/
>
>
> Testing
> -------
>
> I have tested all of the functionality listed under 'supported features'.
>
>
> Thanks,
>
> Will Stevens
>
>
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Will Stevens <ws...@cloudops.com>.
> On Oct. 30, 2013, 5:34 p.m., Sheng Yang wrote:
> > Ship It!
>
> Sheng Yang wrote:
> No shipping for now.
>
> Sorry, press the wrong one. I meant to ship the other patch.
>
> Will, since it's a big change, could you send out a notice to the community about this merge?
>
> Thanks!
Yes, no problem... What type of information would you like to be included in this notice?
Thx...
- Will
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/#review27794
-----------------------------------------------------------
On Oct. 29, 2013, 8:52 p.m., Will Stevens wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15050/
> -----------------------------------------------------------
>
> (Updated Oct. 29, 2013, 8:52 p.m.)
>
>
> Review request for cloudstack and Sheng Yang.
>
>
> Bugs: CLOUDSTACK-1275
> https://issues.apache.org/jira/browse/CLOUDSTACK-1275
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
>
> This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
>
> Features supported are:
> - List/Add/Delete Palo Alto service provider
> - List/Add/Delete Palo Alto network service offering
> - List/Add/Delete Palo Alto network with above service offering
> - Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
> - List/Add/Delete Ingress Firewall rule
> - List/Add/Delete Egress Firewall rule
> - List/Add/Delete Port Forwarding rule
> - List/Add/Delete Static Nat rule
> - Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
> - Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
>
> Knowns limitations:
> - Only supports one public IP range in CloudStack.
> - Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
> - Currently not tracking usage on Public IPs.
>
>
> Diffs
> -----
>
> api/src/com/cloud/network/Network.java 49f380b
> api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
> api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
> api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
> client/WEB-INF/classes/resources/messages.properties c075bf8
> client/pom.xml fd1f13a
> client/tomcatconf/commands.properties.in 96e841a
> client/tomcatconf/nonossComponentContext.xml.in 0502bbc
> plugins/network-elements/palo-alto/pom.xml PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
> plugins/pom.xml ca41dff
> server/src/com/cloud/api/ApiResponseHelper.java f4ca112
> server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1
> ui/dictionary.jsp 80aab6f
> ui/scripts/docs.js 3a4f8ca
> ui/scripts/system.js 0af3952
>
> Diff: https://reviews.apache.org/r/15050/diff/
>
>
> Testing
> -------
>
> I have tested all of the functionality listed under 'supported features'.
>
>
> Thanks,
>
> Will Stevens
>
>
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Sheng Yang <sh...@yasker.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/#review27794
-----------------------------------------------------------
Ship it!
Ship It!
- Sheng Yang
On Oct. 29, 2013, 8:52 p.m., Will Stevens wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15050/
> -----------------------------------------------------------
>
> (Updated Oct. 29, 2013, 8:52 p.m.)
>
>
> Review request for cloudstack and Sheng Yang.
>
>
> Bugs: CLOUDSTACK-1275
> https://issues.apache.org/jira/browse/CLOUDSTACK-1275
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
>
> This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
>
> Features supported are:
> - List/Add/Delete Palo Alto service provider
> - List/Add/Delete Palo Alto network service offering
> - List/Add/Delete Palo Alto network with above service offering
> - Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
> - List/Add/Delete Ingress Firewall rule
> - List/Add/Delete Egress Firewall rule
> - List/Add/Delete Port Forwarding rule
> - List/Add/Delete Static Nat rule
> - Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
> - Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
>
> Knowns limitations:
> - Only supports one public IP range in CloudStack.
> - Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
> - Currently not tracking usage on Public IPs.
>
>
> Diffs
> -----
>
> api/src/com/cloud/network/Network.java 49f380b
> api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
> api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
> api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
> client/WEB-INF/classes/resources/messages.properties c075bf8
> client/pom.xml fd1f13a
> client/tomcatconf/commands.properties.in 96e841a
> client/tomcatconf/nonossComponentContext.xml.in 0502bbc
> plugins/network-elements/palo-alto/pom.xml PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
> plugins/pom.xml ca41dff
> server/src/com/cloud/api/ApiResponseHelper.java f4ca112
> server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1
> ui/dictionary.jsp 80aab6f
> ui/scripts/docs.js 3a4f8ca
> ui/scripts/system.js 0af3952
>
> Diff: https://reviews.apache.org/r/15050/diff/
>
>
> Testing
> -------
>
> I have tested all of the functionality listed under 'supported features'.
>
>
> Thanks,
>
> Will Stevens
>
>
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Sheng Yang <sh...@yasker.org>.
> On Nov. 6, 2013, 6:08 p.m., Sheng Yang wrote:
> > Ship It!
Committed to MASTER.
Thank you Will!
- Sheng
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/#review28280
-----------------------------------------------------------
On Nov. 6, 2013, 3:42 a.m., Will Stevens wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15050/
> -----------------------------------------------------------
>
> (Updated Nov. 6, 2013, 3:42 a.m.)
>
>
> Review request for cloudstack and Sheng Yang.
>
>
> Bugs: CLOUDSTACK-1275
> https://issues.apache.org/jira/browse/CLOUDSTACK-1275
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
>
> This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
>
> Features supported are:
> - List/Add/Delete Palo Alto service provider
> - List/Add/Delete Palo Alto network service offering
> - List/Add/Delete Palo Alto network with above service offering
> - Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
> - List/Add/Delete Ingress Firewall rule
> - List/Add/Delete Egress Firewall rule
> - List/Add/Delete Port Forwarding rule
> - List/Add/Delete Static Nat rule
> - Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
> - Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
>
> Knowns limitations:
> - Only supports one public IP range in CloudStack.
> - Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
> - Currently not tracking usage on Public IPs.
>
>
> Diffs
> -----
>
> api/src/com/cloud/network/Network.java bda3326
> api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
> api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
> api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
> client/WEB-INF/classes/resources/messages.properties d548527
> client/pom.xml 54cb667
> client/tomcatconf/commands.properties.in 8cbe972
> plugins/network-elements/palo-alto/pom.xml PRE-CREATION
> plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/module.properties PRE-CREATION
> plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/spring-paloalto-context.xml PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
> plugins/pom.xml 4f193bc
> server/src/com/cloud/api/ApiResponseHelper.java 769d345
> server/src/com/cloud/configuration/ConfigurationManagerImpl.java e3aa4fa
> ui/dictionary.jsp 85f24c6
> ui/scripts/docs.js 3a4f8ca
> ui/scripts/system.js 1579d16
>
> Diff: https://reviews.apache.org/r/15050/diff/
>
>
> Testing
> -------
>
> I have tested all of the functionality listed under 'supported features'.
>
> Unit tests are in file 24 and 25 of this patch. The details of the tests can be found in the functional spec.
>
>
> Thanks,
>
> Will Stevens
>
>
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Sheng Yang <sh...@yasker.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/#review28280
-----------------------------------------------------------
Ship it!
Ship It!
- Sheng Yang
On Nov. 6, 2013, 3:42 a.m., Will Stevens wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15050/
> -----------------------------------------------------------
>
> (Updated Nov. 6, 2013, 3:42 a.m.)
>
>
> Review request for cloudstack and Sheng Yang.
>
>
> Bugs: CLOUDSTACK-1275
> https://issues.apache.org/jira/browse/CLOUDSTACK-1275
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
>
> This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
>
> Features supported are:
> - List/Add/Delete Palo Alto service provider
> - List/Add/Delete Palo Alto network service offering
> - List/Add/Delete Palo Alto network with above service offering
> - Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
> - List/Add/Delete Ingress Firewall rule
> - List/Add/Delete Egress Firewall rule
> - List/Add/Delete Port Forwarding rule
> - List/Add/Delete Static Nat rule
> - Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
> - Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
>
> Knowns limitations:
> - Only supports one public IP range in CloudStack.
> - Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
> - Currently not tracking usage on Public IPs.
>
>
> Diffs
> -----
>
> api/src/com/cloud/network/Network.java bda3326
> api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
> api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
> api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
> client/WEB-INF/classes/resources/messages.properties d548527
> client/pom.xml 54cb667
> client/tomcatconf/commands.properties.in 8cbe972
> plugins/network-elements/palo-alto/pom.xml PRE-CREATION
> plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/module.properties PRE-CREATION
> plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/spring-paloalto-context.xml PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
> plugins/pom.xml 4f193bc
> server/src/com/cloud/api/ApiResponseHelper.java 769d345
> server/src/com/cloud/configuration/ConfigurationManagerImpl.java e3aa4fa
> ui/dictionary.jsp 85f24c6
> ui/scripts/docs.js 3a4f8ca
> ui/scripts/system.js 1579d16
>
> Diff: https://reviews.apache.org/r/15050/diff/
>
>
> Testing
> -------
>
> I have tested all of the functionality listed under 'supported features'.
>
> Unit tests are in file 24 and 25 of this patch. The details of the tests can be found in the functional spec.
>
>
> Thanks,
>
> Will Stevens
>
>
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Will Stevens <ws...@cloudops.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/
-----------------------------------------------------------
(Updated Nov. 6, 2013, 3:42 a.m.)
Review request for cloudstack and Sheng Yang.
Changes
-------
Here is a new patch which is based off the latest master branch.
I have moved the plugin from being built using the depreciated 'nonoss' flag into the core build because this plugin does not depend on any 3rd party libraries at build or runtime.
I have also added a more detailed commit message to give an overview of the features covered in the commit.
Bugs: CLOUDSTACK-1275
https://issues.apache.org/jira/browse/CLOUDSTACK-1275
Repository: cloudstack-git
Description
-------
More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.
Diffs (updated)
-----
api/src/com/cloud/network/Network.java bda3326
api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
client/WEB-INF/classes/resources/messages.properties d548527
client/pom.xml 54cb667
client/tomcatconf/commands.properties.in 8cbe972
plugins/network-elements/palo-alto/pom.xml PRE-CREATION
plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/module.properties PRE-CREATION
plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/spring-paloalto-context.xml PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
plugins/pom.xml 4f193bc
server/src/com/cloud/api/ApiResponseHelper.java 769d345
server/src/com/cloud/configuration/ConfigurationManagerImpl.java e3aa4fa
ui/dictionary.jsp 85f24c6
ui/scripts/docs.js 3a4f8ca
ui/scripts/system.js 1579d16
Diff: https://reviews.apache.org/r/15050/diff/
Testing
-------
I have tested all of the functionality listed under 'supported features'.
Unit tests are in file 24 and 25 of this patch. The details of the tests can be found in the functional spec.
Thanks,
Will Stevens
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Sheng Yang <sh...@yasker.org>.
> On Nov. 4, 2013, 10:44 p.m., Sheng Yang wrote:
> > Hi Will,
> >
> > I think you need to rebase the patch to the latest MASTER, the current patch cannot apply to MASTER now.
> >
> > Also, you can add description to the patch(e.g. the description you added in the review board)
By applying, I meant using git-am.
- Sheng
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/#review28146
-----------------------------------------------------------
On Nov. 1, 2013, 9:10 p.m., Will Stevens wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15050/
> -----------------------------------------------------------
>
> (Updated Nov. 1, 2013, 9:10 p.m.)
>
>
> Review request for cloudstack and Sheng Yang.
>
>
> Bugs: CLOUDSTACK-1275
> https://issues.apache.org/jira/browse/CLOUDSTACK-1275
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
>
> This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
>
> Features supported are:
> - List/Add/Delete Palo Alto service provider
> - List/Add/Delete Palo Alto network service offering
> - List/Add/Delete Palo Alto network with above service offering
> - Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
> - List/Add/Delete Ingress Firewall rule
> - List/Add/Delete Egress Firewall rule
> - List/Add/Delete Port Forwarding rule
> - List/Add/Delete Static Nat rule
> - Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
> - Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
>
> Knowns limitations:
> - Only supports one public IP range in CloudStack.
> - Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
> - Currently not tracking usage on Public IPs.
>
>
> Diffs
> -----
>
> api/src/com/cloud/network/Network.java 49f380b
> api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
> api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
> api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
> client/WEB-INF/classes/resources/messages.properties c075bf8
> client/pom.xml fd1f13a
> client/tomcatconf/commands.properties.in 96e841a
> client/tomcatconf/nonossComponentContext.xml.in 0502bbc
> plugins/network-elements/palo-alto/pom.xml PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
> plugins/pom.xml ca41dff
> server/src/com/cloud/api/ApiResponseHelper.java f4ca112
> server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1
> ui/dictionary.jsp 80aab6f
> ui/scripts/docs.js 3a4f8ca
> ui/scripts/system.js 0af3952
>
> Diff: https://reviews.apache.org/r/15050/diff/
>
>
> Testing
> -------
>
> I have tested all of the functionality listed under 'supported features'.
>
> Unit tests are in file 24 and 25 of this patch. The details of the tests can be found in the functional spec.
>
>
> Thanks,
>
> Will Stevens
>
>
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Sheng Yang <sh...@yasker.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/#review28146
-----------------------------------------------------------
Hi Will,
I think you need to rebase the patch to the latest MASTER, the current patch cannot apply to MASTER now.
Also, you can add description to the patch(e.g. the description you added in the review board)
- Sheng Yang
On Nov. 1, 2013, 9:10 p.m., Will Stevens wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15050/
> -----------------------------------------------------------
>
> (Updated Nov. 1, 2013, 9:10 p.m.)
>
>
> Review request for cloudstack and Sheng Yang.
>
>
> Bugs: CLOUDSTACK-1275
> https://issues.apache.org/jira/browse/CLOUDSTACK-1275
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
>
> This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
>
> Features supported are:
> - List/Add/Delete Palo Alto service provider
> - List/Add/Delete Palo Alto network service offering
> - List/Add/Delete Palo Alto network with above service offering
> - Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
> - List/Add/Delete Ingress Firewall rule
> - List/Add/Delete Egress Firewall rule
> - List/Add/Delete Port Forwarding rule
> - List/Add/Delete Static Nat rule
> - Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
> - Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
>
> Knowns limitations:
> - Only supports one public IP range in CloudStack.
> - Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
> - Currently not tracking usage on Public IPs.
>
>
> Diffs
> -----
>
> api/src/com/cloud/network/Network.java 49f380b
> api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
> api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
> api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
> client/WEB-INF/classes/resources/messages.properties c075bf8
> client/pom.xml fd1f13a
> client/tomcatconf/commands.properties.in 96e841a
> client/tomcatconf/nonossComponentContext.xml.in 0502bbc
> plugins/network-elements/palo-alto/pom.xml PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
> plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
> plugins/pom.xml ca41dff
> server/src/com/cloud/api/ApiResponseHelper.java f4ca112
> server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1
> ui/dictionary.jsp 80aab6f
> ui/scripts/docs.js 3a4f8ca
> ui/scripts/system.js 0af3952
>
> Diff: https://reviews.apache.org/r/15050/diff/
>
>
> Testing
> -------
>
> I have tested all of the functionality listed under 'supported features'.
>
> Unit tests are in file 24 and 25 of this patch. The details of the tests can be found in the functional spec.
>
>
> Thanks,
>
> Will Stevens
>
>
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Will Stevens <ws...@cloudops.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/
-----------------------------------------------------------
(Updated Nov. 1, 2013, 9:10 p.m.)
Review request for cloudstack and Sheng Yang.
Changes
-------
I built the patch with 'git format-patch' instead of 'git diff'. I have uploaded the new patch file as the diff for this request.
Bugs: CLOUDSTACK-1275
https://issues.apache.org/jira/browse/CLOUDSTACK-1275
Repository: cloudstack-git
Description
-------
More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.
Diffs (updated)
-----
api/src/com/cloud/network/Network.java 49f380b
api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
client/WEB-INF/classes/resources/messages.properties c075bf8
client/pom.xml fd1f13a
client/tomcatconf/commands.properties.in 96e841a
client/tomcatconf/nonossComponentContext.xml.in 0502bbc
plugins/network-elements/palo-alto/pom.xml PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
plugins/pom.xml ca41dff
server/src/com/cloud/api/ApiResponseHelper.java f4ca112
server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1
ui/dictionary.jsp 80aab6f
ui/scripts/docs.js 3a4f8ca
ui/scripts/system.js 0af3952
Diff: https://reviews.apache.org/r/15050/diff/
Testing
-------
I have tested all of the functionality listed under 'supported features'.
Unit tests are in file 24 and 25 of this patch. The details of the tests can be found in the functional spec.
Thanks,
Will Stevens
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Will Stevens <ws...@cloudops.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/
-----------------------------------------------------------
(Updated Oct. 31, 2013, 8:48 p.m.)
Review request for cloudstack and Sheng Yang.
Bugs: CLOUDSTACK-1275
https://issues.apache.org/jira/browse/CLOUDSTACK-1275
Repository: cloudstack-git
Description
-------
More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.
Diffs
-----
api/src/com/cloud/network/Network.java 49f380b
api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
client/WEB-INF/classes/resources/messages.properties c075bf8
client/pom.xml fd1f13a
client/tomcatconf/commands.properties.in 96e841a
client/tomcatconf/nonossComponentContext.xml.in 0502bbc
plugins/network-elements/palo-alto/pom.xml PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
plugins/pom.xml ca41dff
server/src/com/cloud/api/ApiResponseHelper.java f4ca112
server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1
ui/dictionary.jsp 80aab6f
ui/scripts/docs.js 3a4f8ca
ui/scripts/system.js 0af3952
Diff: https://reviews.apache.org/r/15050/diff/
Testing (updated)
-------
I have tested all of the functionality listed under 'supported features'.
Unit tests are in file 24 and 25 of this patch. The details of the tests can be found in the functional spec.
Thanks,
Will Stevens
Re: Review Request 15050: Add Palo Alto Networks Firewall Integration
Posted by Will Stevens <ws...@cloudops.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/
-----------------------------------------------------------
(Updated Oct. 31, 2013, 8:45 p.m.)
Review request for cloudstack and Sheng Yang.
Changes
-------
Turned off the detailed unit test logging by default. Fixed a couple issues I thought had gotten in the original patch.
Bugs: CLOUDSTACK-1275
https://issues.apache.org/jira/browse/CLOUDSTACK-1275
Repository: cloudstack-git
Description
-------
More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
This patch adds a network plugin which adds support for the Palo Alto Networks firewall (their appliance and their VM series firewall).
Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.
Diffs (updated)
-----
api/src/com/cloud/network/Network.java 49f380b
api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java 4983255
api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java 0b7836d
api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 29ce2e3
client/WEB-INF/classes/resources/messages.properties c075bf8
client/pom.xml fd1f13a
client/tomcatconf/commands.properties.in 96e841a
client/tomcatconf/nonossComponentContext.xml.in 0502bbc
plugins/network-elements/palo-alto/pom.xml PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java PRE-CREATION
plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java PRE-CREATION
plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java PRE-CREATION
plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java PRE-CREATION
plugins/pom.xml ca41dff
server/src/com/cloud/api/ApiResponseHelper.java f4ca112
server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1
ui/dictionary.jsp 80aab6f
ui/scripts/docs.js 3a4f8ca
ui/scripts/system.js 0af3952
Diff: https://reviews.apache.org/r/15050/diff/
Testing
-------
I have tested all of the functionality listed under 'supported features'.
Thanks,
Will Stevens