etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DisplayFlag update support for PF/Firewall/EgressFirewall rules

This commit is contained in:
Alena Prokharchyk 2014-02-21 11:06:52 -08:00
parent 8ec0190eee
commit 27a790bdc1
19 changed files with 153 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/src/com/cloud/network/firewall/FirewallService.java
View File

@ -50,6 +50,6 @@ public interface FirewallService {
boolean revokeRelatedFirewallRule(long ruleId, boolean apply);
FirewallRule updateFirewallRule(long ruleId, String customId);
FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay);
}

2
api/src/com/cloud/network/rules/FirewallRule.java
View File

@ -87,4 +87,6 @@ public interface FirewallRule extends ControlledEntity, Identity, InternalIdenti
*/
TrafficType getTrafficType();
boolean isDisplay();
}

5
api/src/com/cloud/network/rules/RulesService.java
View File

@ -41,11 +41,12 @@ public interface RulesService {
* vm to be linked to. If specified the destination ip address is ignored.
* @param openFirewall
* TODO
* @param forDisplay TODO
* @return PortForwardingRule if created.
* @throws NetworkRuleConflictException
* if conflicts in the network rules are detected.
*/
PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Ip vmIp, boolean openFirewall) throws NetworkRuleConflictException;
PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Ip vmIp, boolean openFirewall, Boolean forDisplay) throws NetworkRuleConflictException;
/**
* Revokes a port forwarding rule
@ -80,6 +81,6 @@ public interface RulesService {
boolean disableStaticNat(long ipId) throws ResourceUnavailableException, NetworkRuleConflictException, InsufficientAddressCapacityException;
PortForwardingRule updatePortForwardingRule(long id, String customId);
PortForwardingRule updatePortForwardingRule(long id, String customId, Boolean forDisplay);
}

16
api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
View File

@ -20,8 +20,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@ -33,6 +32,7 @@ import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.FirewallResponse;
import org.apache.cloudstack.api.response.NetworkResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
@ -84,6 +84,9 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F
@Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, description = "type of firewallrule: system/user")
private String type;
@Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
private Boolean display;
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@ -341,4 +344,13 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F
return null;
}
@Override
public boolean isDisplay() {
if (display != null) {
return display;
} else {
return true;
}
}
}

15
api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
View File

@ -19,8 +19,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@ -32,6 +31,7 @@ import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.FirewallResponse;
import org.apache.cloudstack.api.response.IPAddressResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
@ -83,6 +83,9 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal
@Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, description = "type of firewallrule: system/user")
private String type;
@Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
private Boolean display;
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@ -333,4 +336,12 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal
return FirewallRule.TrafficType.Ingress;
}
@Override
public boolean isDisplay() {
if (display != null) {
return display;
} else {
return true;
}
}
}

19
api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
View File

@ -18,9 +18,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import java.util.List;
import com.cloud.utils.net.NetUtils;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@ -34,6 +32,7 @@ import org.apache.cloudstack.api.response.IPAddressResponse;
import org.apache.cloudstack.api.response.NetworkResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
@ -43,6 +42,7 @@ import com.cloud.network.IpAddress;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.user.Account;
import com.cloud.utils.net.Ip;
import com.cloud.utils.net.NetUtils;
@APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class)
public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule {
@ -118,6 +118,9 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
description = "VM guest nic Secondary ip address for the port forwarding rule")
private String vmSecondaryIp;
@Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
private Boolean display;
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@ -341,7 +344,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
}
try {
PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, privateIp, getOpenFirewall());
PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, privateIp, getOpenFirewall(), isDisplay());
setEntityId(result.getId());
setEntityUuid(result.getUuid());
} catch (NetworkRuleConflictException ex) {
@ -416,4 +419,12 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
return null;
}
@Override
public boolean isDisplay() {
if (display != null) {
return display;
} else {
return true;
}
}
}

10
api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java
View File

@ -17,6 +17,7 @@
package org.apache.cloudstack.api.command.user.firewall;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCustomIdCmd;
@ -50,6 +51,9 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false)
private Long ownerId;
@Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
private Boolean display;
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@ -57,6 +61,10 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd {
public Long getId() {
return id;
}
public Boolean getDisplay() {
return display;
}
// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@ -69,7 +77,7 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Override
public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id);
FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId());
FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay());
FirewallResponse fwResponse = new FirewallResponse();
if (rule != null) {

10
api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java
View File

@ -17,6 +17,7 @@
package org.apache.cloudstack.api.command.user.firewall;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCustomIdCmd;
@ -50,6 +51,9 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false)
private Long ownerId;
@Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
private Boolean display;
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@ -58,6 +62,10 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd {
return id;
}
public Boolean getDisplay() {
return display;
}
// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@ -70,7 +78,7 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd {
@Override
public void execute() throws ResourceUnavailableException {
CallContext.current().setEventDetails("Rule Id: " + id);
FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId());
FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay());
FirewallResponse fwResponse = new FirewallResponse();
if (rule != null) {

10
api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
View File

@ -16,6 +16,7 @@
// under the License.
package org.apache.cloudstack.api.command.user.firewall;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCmd;
@ -72,6 +73,9 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd {
description = "the ID of the virtual machine for the port forwarding rule")
private Long virtualMachineId;
@Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
private Boolean display;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
@ -100,6 +104,10 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd {
return virtualMachineId;
}
public Boolean getDisplay() {
return display;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@ -139,7 +147,7 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd {
@Override
public void execute() {
PortForwardingRule rule = _rulesService.updatePortForwardingRule(id, this.getCustomId());
PortForwardingRule rule = _rulesService.updatePortForwardingRule(id, this.getCustomId(), getDisplay());
FirewallRuleResponse fwResponse = new FirewallRuleResponse();
if (rule != null) {
fwResponse = _responseGenerator.createPortForwardingRuleResponse(rule);

7
api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
View File

@ -18,8 +18,6 @@ package org.apache.cloudstack.api.command.user.nat;
import java.util.List;
import org.apache.log4j.Logger;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@ -32,6 +30,7 @@ import org.apache.cloudstack.api.response.FirewallRuleResponse;
import org.apache.cloudstack.api.response.IPAddressResponse;
import org.apache.cloudstack.api.response.IpForwardingRuleResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
@ -317,4 +316,8 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta
return null;
}
@Override
public boolean isDisplay() {
return true;
}
}

12
api/src/org/apache/cloudstack/api/response/FirewallResponse.java
View File

@ -18,12 +18,12 @@ package org.apache.cloudstack.api.response;
import java.util.List;
import com.google.gson.annotations.SerializedName;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import com.cloud.serializer.Param;
import com.google.gson.annotations.SerializedName;
@SuppressWarnings("unused")
public class FirewallResponse extends BaseResponse {
@ -75,6 +75,10 @@ public class FirewallResponse extends BaseResponse {
@Param(description = "the list of resource tags associated with the rule", responseObject = ResourceTagResponse.class)
private List<ResourceTagResponse> tags;
@SerializedName(ApiConstants.FOR_DISPLAY)
@Param(description = "is vpc for display to the regular user", since = "4.4", authorized = {RoleType.Admin})
private Boolean forDisplay;
public void setId(String id) {
this.id = id;
}
@ -122,4 +126,8 @@ public class FirewallResponse extends BaseResponse {
public void setTags(List<ResourceTagResponse> tags) {
this.tags = tags;
}
public void setForDisplay(Boolean forDisplay) {
this.forDisplay = forDisplay;
}
}

12
api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java
View File

@ -18,14 +18,14 @@ package org.apache.cloudstack.api.response;
import java.util.List;
import com.google.gson.annotations.SerializedName;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.api.EntityReference;
import com.cloud.network.rules.FirewallRule;
import com.cloud.serializer.Param;
import com.google.gson.annotations.SerializedName;
@EntityReference(value = FirewallRule.class)
@SuppressWarnings("unused")
@ -94,6 +94,10 @@ public class FirewallRuleResponse extends BaseResponse {
@Param(description = "the id of the guest network the port forwarding rule belongs to")
private String networkId;
@SerializedName(ApiConstants.FOR_DISPLAY)
@Param(description = "is firewall for display to the regular user", since = "4.4", authorized = {RoleType.Admin})
private Boolean forDisplay;
public String getDestNatVmIp() {
return destNatVmIp;
}
@ -218,4 +222,8 @@ public class FirewallRuleResponse extends BaseResponse {
public void setNetworkId(String networkId) {
this.networkId = networkId;
}
public void setForDisplay(Boolean forDisplay) {
this.forDisplay = forDisplay;
}
}

6
engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
View File

@ -31,6 +31,7 @@ public class StaticNatRuleImpl implements StaticNatRule {
long networkId;
long sourceIpAddressId;
String destIpAddress;
boolean forDisplay;
public StaticNatRuleImpl(FirewallRuleVO rule, String dstIp) {
this.id = rule.getId();
@ -45,6 +46,7 @@ public class StaticNatRuleImpl implements StaticNatRule {
this.networkId = rule.getNetworkId();
this.sourceIpAddressId = rule.getSourceIpAddressId();
this.destIpAddress = dstIp;
this.forDisplay = rule.isDisplay();
}
@Override
@ -142,4 +144,8 @@ public class StaticNatRuleImpl implements StaticNatRule {
return null;
}
@Override
public boolean isDisplay() {
return forDisplay;
}
}

12
engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
View File

@ -101,6 +101,9 @@ public class FirewallRuleVO implements FirewallRule {
@Enumerated(value = EnumType.STRING)
TrafficType trafficType;
@Column(name = "display", updatable = true, nullable = false)
protected boolean display = true;
// This is a delayed load value. If the value is null,
// then this field has not been loaded yet.
// Call firewallrules dao to load it.
@ -268,4 +271,13 @@ public class FirewallRuleVO implements FirewallRule {
public TrafficType getTrafficType() {
return trafficType;
}
public void setDisplay(boolean display) {
this.display = display;
}
@Override
public boolean isDisplay() {
return display;
}
}

3
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -1017,6 +1017,7 @@ public class ApiResponseHelper implements ResponseGenerator {
Network guestNtwk = ApiDBUtils.findNetworkById(fwRule.getNetworkId());
response.setNetworkId(guestNtwk.getUuid());
IpAddress ip = ApiDBUtils.findIpAddressById(fwRule.getSourceIpAddressId());
response.setPublicIpAddressId(ip.getUuid());
response.setPublicIpAddress(ip.getAddress().addr());
@ -1051,6 +1052,7 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setTags(tagResponses);
response.setState(stateToSet);
response.setForDisplay(fwRule.isDisplay());
response.setObjectName("portforwardingrule");
return response;
}
@ -2241,6 +2243,7 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setIcmpCode(fwRule.getIcmpCode());
response.setIcmpType(fwRule.getIcmpType());
response.setForDisplay(fwRule.isDisplay());
// set tag information
List<? extends ResourceTag> tags = ApiDBUtils.listByResourceTypeAndId(ResourceObjectType.FirewallRule, fwRule.getId());

28
server/src/com/cloud/network/firewall/FirewallManagerImpl.java
View File

@ -170,7 +170,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
}
return createFirewallRule(null, caller, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(),
rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType());
rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType(), rule.isDisplay());
}
@Override
@ -180,13 +180,14 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
Long sourceIpAddressId = rule.getSourceIpAddressId();
return createFirewallRule(sourceIpAddressId, caller, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(),
rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType());
rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType(), rule.isDisplay());
}
@DB
protected FirewallRule createFirewallRule(final Long ipAddrId, Account caller, final String xId, final Integer portStart, final Integer portEnd,
final String protocol, final List<String> sourceCidrList, final Integer icmpCode, final Integer icmpType, final Long relatedRuleId,
final FirewallRule.FirewallRuleType type, final Long networkId, final FirewallRule.TrafficType trafficType) throws NetworkRuleConflictException {
final FirewallRule.FirewallRuleType type,
final Long networkId, final FirewallRule.TrafficType trafficType, final Boolean forDisplay) throws NetworkRuleConflictException {
IPAddressVO ipAddress = null;
if (ipAddrId != null) {
@ -233,6 +234,9 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
new FirewallRuleVO(xId, ipAddrId, portStart, portEnd, protocol.toLowerCase(), networkId, accountIdFinal, domainIdFinal, Purpose.Firewall,
sourceCidrList, icmpCode, icmpType, relatedRuleId, trafficType);
newRule.setType(type);
if (forDisplay != null) {
newRule.setDisplay(forDisplay);
}
newRule = _firewallDao.persist(newRule);
if (type == FirewallRuleType.User)
@ -717,12 +721,12 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
@Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating firewall rule", async = true)
public FirewallRule updateFirewallRule(long ruleId, String customId) {
public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) {
Account caller = CallContext.current().getCallingAccount();
return updateFirewallRule(ruleId, customId, caller);
return updateFirewallRule(ruleId, customId, caller, forDisplay);
}
protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller) {
protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller, Boolean forDisplay) {
FirewallRuleVO rule = _firewallDao.findById(ruleId);
if (rule == null || rule.getPurpose() != Purpose.Firewall) {
throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall);
@ -736,8 +740,14 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
if (customId != null) {
rule.setUuid(customId);
_firewallDao.update(ruleId, rule);
}
if (forDisplay != null) {
rule.setDisplay(forDisplay);
}
_firewallDao.update(ruleId, rule);
return _firewallDao.findById(ruleId);
}
@ -822,7 +832,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
List<String> oneCidr = new ArrayList<String>();
oneCidr.add(NetUtils.ALL_CIDRS);
return createFirewallRule(ipAddrId, caller, null, startPort, endPort, protocol, oneCidr, icmpCode, icmpType, relatedRuleId, FirewallRule.FirewallRuleType.User,
networkId, FirewallRule.TrafficType.Ingress);
networkId, FirewallRule.TrafficType.Ingress, true);
}
@Override
@ -936,7 +946,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
_firewallDao.loadSourceCidrs(rule);
}
createFirewallRule(ip.getId(), acct, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(),
rule.getIcmpCode(), rule.getIcmpType(), rule.getRelated(), FirewallRuleType.System, rule.getNetworkId(), rule.getTrafficType());
rule.getIcmpCode(), rule.getIcmpType(), rule.getRelated(), FirewallRuleType.System, rule.getNetworkId(), rule.getTrafficType(), true);
} catch (Exception e) {
s_logger.debug("Failed to add system wide firewall rule, due to:" + e.toString());
}

13
server/src/com/cloud/network/rules/RulesManagerImpl.java
View File

@ -201,7 +201,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating forwarding rule", create = true)
public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule, final Long vmId, Ip vmIp, final boolean openFirewall)
public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule, final Long vmId, Ip vmIp, final boolean openFirewall, final Boolean forDisplay)
throws NetworkRuleConflictException {
CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
@ -316,6 +316,10 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules
PortForwardingRuleVO newRule =
new PortForwardingRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), dstIpFinal,
rule.getDestinationPortStart(), rule.getDestinationPortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, vmId);
if (forDisplay != null) {
newRule.setDisplay(forDisplay);
}
newRule = _portForwardingDao.persist(newRule);
// create firewallRule for 0.0.0.0/0 cidr
@ -1486,7 +1490,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules
@Override
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_MODIFY, eventDescription = "updating forwarding rule", async = true)
public PortForwardingRule updatePortForwardingRule(long id, String customId) {
public PortForwardingRule updatePortForwardingRule(long id, String customId, Boolean forDisplay) {
Account caller = CallContext.current().getCallingAccount();
PortForwardingRuleVO rule = _portForwardingDao.findById(id);
if (rule == null) {
@ -1497,6 +1501,11 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules
if (customId != null) {
rule.setUuid(customId);
}
if (forDisplay != null) {
rule.setDisplay(forDisplay);
}
_portForwardingDao.update(id, rule);
return _portForwardingDao.findById(id);
}

2
server/test/com/cloud/network/MockFirewallManagerImpl.java
View File

@ -185,7 +185,7 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana
}
@Override
public FirewallRule updateFirewallRule(long ruleId, String customId) {
public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) {
// TODO Auto-generated method stub
return null;
}

1
setup/db/db/schema-430to440.sql
View File

@ -531,6 +531,7 @@ UPDATE `cloud`.`vpc_gateway_details` set `display`=1 where id> 0;
ALTER TABLE `cloud`.`user_ip_address` ADD COLUMN `display` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'True if the ip address can be displayed to the end user';
ALTER TABLE `cloud`.`vpc` ADD COLUMN `display` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'True if the vpc can be displayed to the end user';
ALTER TABLE `cloud`.`firewall_rules` ADD COLUMN `display` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'True if the rule can be displayed to the end user';