From 27a790bdc1d11713c532ebad62dd5bbae8a976d0 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Fri, 21 Feb 2014 11:06:52 -0800 Subject: [PATCH] DisplayFlag update support for PF/Firewall/EgressFirewall rules --- .../network/firewall/FirewallService.java | 2 +- .../com/cloud/network/rules/FirewallRule.java | 2 ++ .../com/cloud/network/rules/RulesService.java | 5 ++-- .../firewall/CreateEgressFirewallRuleCmd.java | 16 +++++++++-- .../user/firewall/CreateFirewallRuleCmd.java | 15 ++++++++-- .../firewall/CreatePortForwardingRuleCmd.java | 19 ++++++++++--- .../firewall/UpdateEgressFirewallRuleCmd.java | 10 ++++++- .../user/firewall/UpdateFirewallRuleCmd.java | 10 ++++++- .../firewall/UpdatePortForwardingRuleCmd.java | 10 ++++++- .../user/nat/CreateIpForwardingRuleCmd.java | 7 +++-- .../api/response/FirewallResponse.java | 12 ++++++-- .../api/response/FirewallRuleResponse.java | 12 ++++++-- .../network/rules/StaticNatRuleImpl.java | 6 ++++ .../cloud/network/rules/FirewallRuleVO.java | 12 ++++++++ .../src/com/cloud/api/ApiResponseHelper.java | 3 ++ .../network/firewall/FirewallManagerImpl.java | 28 +++++++++++++------ .../cloud/network/rules/RulesManagerImpl.java | 13 +++++++-- .../network/MockFirewallManagerImpl.java | 2 +- setup/db/db/schema-430to440.sql | 1 + 19 files changed, 153 insertions(+), 32 deletions(-) diff --git a/api/src/com/cloud/network/firewall/FirewallService.java b/api/src/com/cloud/network/firewall/FirewallService.java index 0e4f4953ec7..5ab789121ad 100644 --- a/api/src/com/cloud/network/firewall/FirewallService.java +++ b/api/src/com/cloud/network/firewall/FirewallService.java @@ -50,6 +50,6 @@ public interface FirewallService { boolean revokeRelatedFirewallRule(long ruleId, boolean apply); - FirewallRule updateFirewallRule(long ruleId, String customId); + FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay); } diff --git a/api/src/com/cloud/network/rules/FirewallRule.java b/api/src/com/cloud/network/rules/FirewallRule.java index 274242ad394..b02257b7c89 100644 --- a/api/src/com/cloud/network/rules/FirewallRule.java +++ b/api/src/com/cloud/network/rules/FirewallRule.java @@ -87,4 +87,6 @@ public interface FirewallRule extends ControlledEntity, Identity, InternalIdenti */ TrafficType getTrafficType(); + boolean isDisplay(); + } diff --git a/api/src/com/cloud/network/rules/RulesService.java b/api/src/com/cloud/network/rules/RulesService.java index 1bd9cfe3400..2dd0182dbc4 100644 --- a/api/src/com/cloud/network/rules/RulesService.java +++ b/api/src/com/cloud/network/rules/RulesService.java @@ -41,11 +41,12 @@ public interface RulesService { * vm to be linked to. If specified the destination ip address is ignored. * @param openFirewall * TODO + * @param forDisplay TODO * @return PortForwardingRule if created. * @throws NetworkRuleConflictException * if conflicts in the network rules are detected. */ - PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Ip vmIp, boolean openFirewall) throws NetworkRuleConflictException; + PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Ip vmIp, boolean openFirewall, Boolean forDisplay) throws NetworkRuleConflictException; /** * Revokes a port forwarding rule @@ -80,6 +81,6 @@ public interface RulesService { boolean disableStaticNat(long ipId) throws ResourceUnavailableException, NetworkRuleConflictException, InsufficientAddressCapacityException; - PortForwardingRule updatePortForwardingRule(long id, String customId); + PortForwardingRule updatePortForwardingRule(long id, String customId, Boolean forDisplay); } diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java index 778a18bc07c..22c8860b417 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java @@ -20,8 +20,7 @@ package org.apache.cloudstack.api.command.user.firewall; import java.util.ArrayList; import java.util.List; -import org.apache.log4j.Logger; - +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; import org.apache.cloudstack.api.ApiConstants; @@ -33,6 +32,7 @@ import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.FirewallResponse; import org.apache.cloudstack.api.response.NetworkResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.log4j.Logger; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; @@ -84,6 +84,9 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F @Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, description = "type of firewallrule: system/user") private String type; + @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin}) + private Boolean display; + // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// // /////////////////////////////////////////////////// @@ -341,4 +344,13 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F return null; } + @Override + public boolean isDisplay() { + if (display != null) { + return display; + } else { + return true; + } + } + } diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java index 44aa26fa519..40a8fe63ab9 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java @@ -19,8 +19,7 @@ package org.apache.cloudstack.api.command.user.firewall; import java.util.ArrayList; import java.util.List; -import org.apache.log4j.Logger; - +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; import org.apache.cloudstack.api.ApiConstants; @@ -32,6 +31,7 @@ import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.FirewallResponse; import org.apache.cloudstack.api.response.IPAddressResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.log4j.Logger; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; @@ -83,6 +83,9 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal @Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, description = "type of firewallrule: system/user") private String type; + @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin}) + private Boolean display; + // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// // /////////////////////////////////////////////////// @@ -333,4 +336,12 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal return FirewallRule.TrafficType.Ingress; } + @Override + public boolean isDisplay() { + if (display != null) { + return display; + } else { + return true; + } + } } diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java index de8237749ba..d4412710c63 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java @@ -18,9 +18,7 @@ package org.apache.cloudstack.api.command.user.firewall; import java.util.List; -import com.cloud.utils.net.NetUtils; -import org.apache.log4j.Logger; - +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; import org.apache.cloudstack.api.ApiConstants; @@ -34,6 +32,7 @@ import org.apache.cloudstack.api.response.IPAddressResponse; import org.apache.cloudstack.api.response.NetworkResponse; import org.apache.cloudstack.api.response.UserVmResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.log4j.Logger; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; @@ -43,6 +42,7 @@ import com.cloud.network.IpAddress; import com.cloud.network.rules.PortForwardingRule; import com.cloud.user.Account; import com.cloud.utils.net.Ip; +import com.cloud.utils.net.NetUtils; @APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class) public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule { @@ -118,6 +118,9 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P description = "VM guest nic Secondary ip address for the port forwarding rule") private String vmSecondaryIp; + @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin}) + private Boolean display; + // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// // /////////////////////////////////////////////////// @@ -341,7 +344,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P } try { - PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, privateIp, getOpenFirewall()); + PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, privateIp, getOpenFirewall(), isDisplay()); setEntityId(result.getId()); setEntityUuid(result.getUuid()); } catch (NetworkRuleConflictException ex) { @@ -416,4 +419,12 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P return null; } + @Override + public boolean isDisplay() { + if (display != null) { + return display; + } else { + return true; + } + } } diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java index 690afe583b0..43b9a616e91 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java @@ -17,6 +17,7 @@ package org.apache.cloudstack.api.command.user.firewall; +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseAsyncCustomIdCmd; @@ -50,6 +51,9 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd { @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false) private Long ownerId; + @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin}) + private Boolean display; + // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// // /////////////////////////////////////////////////// @@ -57,6 +61,10 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd { public Long getId() { return id; } + + public Boolean getDisplay() { + return display; + } // /////////////////////////////////////////////////// // ///////////// API Implementation/////////////////// // /////////////////////////////////////////////////// @@ -69,7 +77,7 @@ public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd { @Override public void execute() throws ResourceUnavailableException { CallContext.current().setEventDetails("Rule Id: " + id); - FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId()); + FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay()); FirewallResponse fwResponse = new FirewallResponse(); if (rule != null) { diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java index 3fa3b9eb9bb..f6411d0cc7d 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java @@ -17,6 +17,7 @@ package org.apache.cloudstack.api.command.user.firewall; +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseAsyncCustomIdCmd; @@ -50,6 +51,9 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd { @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false) private Long ownerId; + @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin}) + private Boolean display; + // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// // /////////////////////////////////////////////////// @@ -58,6 +62,10 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd { return id; } + public Boolean getDisplay() { + return display; + } + // /////////////////////////////////////////////////// // ///////////// API Implementation/////////////////// // /////////////////////////////////////////////////// @@ -70,7 +78,7 @@ public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd { @Override public void execute() throws ResourceUnavailableException { CallContext.current().setEventDetails("Rule Id: " + id); - FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId()); + FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId(), getDisplay()); FirewallResponse fwResponse = new FirewallResponse(); if (rule != null) { diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java index a7bb7e3c4c7..f7ee86ff963 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java @@ -16,6 +16,7 @@ // under the License. package org.apache.cloudstack.api.command.user.firewall; +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseAsyncCmd; @@ -72,6 +73,9 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd { description = "the ID of the virtual machine for the port forwarding rule") private Long virtualMachineId; + @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin}) + private Boolean display; + ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -100,6 +104,10 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd { return virtualMachineId; } + public Boolean getDisplay() { + return display; + } + ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// @@ -139,7 +147,7 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd { @Override public void execute() { - PortForwardingRule rule = _rulesService.updatePortForwardingRule(id, this.getCustomId()); + PortForwardingRule rule = _rulesService.updatePortForwardingRule(id, this.getCustomId(), getDisplay()); FirewallRuleResponse fwResponse = new FirewallRuleResponse(); if (rule != null) { fwResponse = _responseGenerator.createPortForwardingRuleResponse(rule); diff --git a/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java index 0917d526b13..320375c27f0 100644 --- a/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java @@ -18,8 +18,6 @@ package org.apache.cloudstack.api.command.user.nat; import java.util.List; -import org.apache.log4j.Logger; - import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; import org.apache.cloudstack.api.ApiConstants; @@ -32,6 +30,7 @@ import org.apache.cloudstack.api.response.FirewallRuleResponse; import org.apache.cloudstack.api.response.IPAddressResponse; import org.apache.cloudstack.api.response.IpForwardingRuleResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.log4j.Logger; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; @@ -317,4 +316,8 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta return null; } + @Override + public boolean isDisplay() { + return true; + } } diff --git a/api/src/org/apache/cloudstack/api/response/FirewallResponse.java b/api/src/org/apache/cloudstack/api/response/FirewallResponse.java index e3aaec567e1..14fabfc7390 100644 --- a/api/src/org/apache/cloudstack/api/response/FirewallResponse.java +++ b/api/src/org/apache/cloudstack/api/response/FirewallResponse.java @@ -18,12 +18,12 @@ package org.apache.cloudstack.api.response; import java.util.List; -import com.google.gson.annotations.SerializedName; - +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseResponse; import com.cloud.serializer.Param; +import com.google.gson.annotations.SerializedName; @SuppressWarnings("unused") public class FirewallResponse extends BaseResponse { @@ -75,6 +75,10 @@ public class FirewallResponse extends BaseResponse { @Param(description = "the list of resource tags associated with the rule", responseObject = ResourceTagResponse.class) private List tags; + @SerializedName(ApiConstants.FOR_DISPLAY) + @Param(description = "is vpc for display to the regular user", since = "4.4", authorized = {RoleType.Admin}) + private Boolean forDisplay; + public void setId(String id) { this.id = id; } @@ -122,4 +126,8 @@ public class FirewallResponse extends BaseResponse { public void setTags(List tags) { this.tags = tags; } + + public void setForDisplay(Boolean forDisplay) { + this.forDisplay = forDisplay; + } } diff --git a/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java b/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java index 71a3097688c..0d11e85af66 100644 --- a/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java +++ b/api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java @@ -18,14 +18,14 @@ package org.apache.cloudstack.api.response; import java.util.List; -import com.google.gson.annotations.SerializedName; - +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseResponse; import org.apache.cloudstack.api.EntityReference; import com.cloud.network.rules.FirewallRule; import com.cloud.serializer.Param; +import com.google.gson.annotations.SerializedName; @EntityReference(value = FirewallRule.class) @SuppressWarnings("unused") @@ -94,6 +94,10 @@ public class FirewallRuleResponse extends BaseResponse { @Param(description = "the id of the guest network the port forwarding rule belongs to") private String networkId; + @SerializedName(ApiConstants.FOR_DISPLAY) + @Param(description = "is firewall for display to the regular user", since = "4.4", authorized = {RoleType.Admin}) + private Boolean forDisplay; + public String getDestNatVmIp() { return destNatVmIp; } @@ -218,4 +222,8 @@ public class FirewallRuleResponse extends BaseResponse { public void setNetworkId(String networkId) { this.networkId = networkId; } + + public void setForDisplay(Boolean forDisplay) { + this.forDisplay = forDisplay; + } } diff --git a/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java b/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java index 1c67047a7eb..7104715e482 100644 --- a/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java +++ b/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java @@ -31,6 +31,7 @@ public class StaticNatRuleImpl implements StaticNatRule { long networkId; long sourceIpAddressId; String destIpAddress; + boolean forDisplay; public StaticNatRuleImpl(FirewallRuleVO rule, String dstIp) { this.id = rule.getId(); @@ -45,6 +46,7 @@ public class StaticNatRuleImpl implements StaticNatRule { this.networkId = rule.getNetworkId(); this.sourceIpAddressId = rule.getSourceIpAddressId(); this.destIpAddress = dstIp; + this.forDisplay = rule.isDisplay(); } @Override @@ -142,4 +144,8 @@ public class StaticNatRuleImpl implements StaticNatRule { return null; } + @Override + public boolean isDisplay() { + return forDisplay; + } } diff --git a/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java b/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java index a8aef2c0ef8..4fa751d6e22 100644 --- a/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java +++ b/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java @@ -101,6 +101,9 @@ public class FirewallRuleVO implements FirewallRule { @Enumerated(value = EnumType.STRING) TrafficType trafficType; + @Column(name = "display", updatable = true, nullable = false) + protected boolean display = true; + // This is a delayed load value. If the value is null, // then this field has not been loaded yet. // Call firewallrules dao to load it. @@ -268,4 +271,13 @@ public class FirewallRuleVO implements FirewallRule { public TrafficType getTrafficType() { return trafficType; } + + public void setDisplay(boolean display) { + this.display = display; + } + + @Override + public boolean isDisplay() { + return display; + } } diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index c566a5d5a88..e802ec3902b 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -1017,6 +1017,7 @@ public class ApiResponseHelper implements ResponseGenerator { Network guestNtwk = ApiDBUtils.findNetworkById(fwRule.getNetworkId()); response.setNetworkId(guestNtwk.getUuid()); + IpAddress ip = ApiDBUtils.findIpAddressById(fwRule.getSourceIpAddressId()); response.setPublicIpAddressId(ip.getUuid()); response.setPublicIpAddress(ip.getAddress().addr()); @@ -1051,6 +1052,7 @@ public class ApiResponseHelper implements ResponseGenerator { response.setTags(tagResponses); response.setState(stateToSet); + response.setForDisplay(fwRule.isDisplay()); response.setObjectName("portforwardingrule"); return response; } @@ -2241,6 +2243,7 @@ public class ApiResponseHelper implements ResponseGenerator { response.setIcmpCode(fwRule.getIcmpCode()); response.setIcmpType(fwRule.getIcmpType()); + response.setForDisplay(fwRule.isDisplay()); // set tag information List tags = ApiDBUtils.listByResourceTypeAndId(ResourceObjectType.FirewallRule, fwRule.getId()); diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index 593c0b570de..853de4495c3 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -170,7 +170,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, } return createFirewallRule(null, caller, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(), - rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType()); + rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType(), rule.isDisplay()); } @Override @@ -180,13 +180,14 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, Long sourceIpAddressId = rule.getSourceIpAddressId(); return createFirewallRule(sourceIpAddressId, caller, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), - rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType()); + rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType(), rule.isDisplay()); } @DB protected FirewallRule createFirewallRule(final Long ipAddrId, Account caller, final String xId, final Integer portStart, final Integer portEnd, final String protocol, final List sourceCidrList, final Integer icmpCode, final Integer icmpType, final Long relatedRuleId, - final FirewallRule.FirewallRuleType type, final Long networkId, final FirewallRule.TrafficType trafficType) throws NetworkRuleConflictException { + final FirewallRule.FirewallRuleType type, + final Long networkId, final FirewallRule.TrafficType trafficType, final Boolean forDisplay) throws NetworkRuleConflictException { IPAddressVO ipAddress = null; if (ipAddrId != null) { @@ -233,6 +234,9 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, new FirewallRuleVO(xId, ipAddrId, portStart, portEnd, protocol.toLowerCase(), networkId, accountIdFinal, domainIdFinal, Purpose.Firewall, sourceCidrList, icmpCode, icmpType, relatedRuleId, trafficType); newRule.setType(type); + if (forDisplay != null) { + newRule.setDisplay(forDisplay); + } newRule = _firewallDao.persist(newRule); if (type == FirewallRuleType.User) @@ -717,12 +721,12 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, @Override @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating firewall rule", async = true) - public FirewallRule updateFirewallRule(long ruleId, String customId) { + public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) { Account caller = CallContext.current().getCallingAccount(); - return updateFirewallRule(ruleId, customId, caller); + return updateFirewallRule(ruleId, customId, caller, forDisplay); } - protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller) { + protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller, Boolean forDisplay) { FirewallRuleVO rule = _firewallDao.findById(ruleId); if (rule == null || rule.getPurpose() != Purpose.Firewall) { throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall); @@ -736,8 +740,14 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, if (customId != null) { rule.setUuid(customId); - _firewallDao.update(ruleId, rule); } + + if (forDisplay != null) { + rule.setDisplay(forDisplay); + } + + _firewallDao.update(ruleId, rule); + return _firewallDao.findById(ruleId); } @@ -822,7 +832,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, List oneCidr = new ArrayList(); oneCidr.add(NetUtils.ALL_CIDRS); return createFirewallRule(ipAddrId, caller, null, startPort, endPort, protocol, oneCidr, icmpCode, icmpType, relatedRuleId, FirewallRule.FirewallRuleType.User, - networkId, FirewallRule.TrafficType.Ingress); + networkId, FirewallRule.TrafficType.Ingress, true); } @Override @@ -936,7 +946,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, _firewallDao.loadSourceCidrs(rule); } createFirewallRule(ip.getId(), acct, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(), - rule.getIcmpCode(), rule.getIcmpType(), rule.getRelated(), FirewallRuleType.System, rule.getNetworkId(), rule.getTrafficType()); + rule.getIcmpCode(), rule.getIcmpType(), rule.getRelated(), FirewallRuleType.System, rule.getNetworkId(), rule.getTrafficType(), true); } catch (Exception e) { s_logger.debug("Failed to add system wide firewall rule, due to:" + e.toString()); } diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 2fa72a7d53f..06c478cf9b2 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -201,7 +201,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules @Override @DB @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating forwarding rule", create = true) - public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule, final Long vmId, Ip vmIp, final boolean openFirewall) + public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule, final Long vmId, Ip vmIp, final boolean openFirewall, final Boolean forDisplay) throws NetworkRuleConflictException { CallContext ctx = CallContext.current(); final Account caller = ctx.getCallingAccount(); @@ -316,6 +316,10 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules PortForwardingRuleVO newRule = new PortForwardingRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), dstIpFinal, rule.getDestinationPortStart(), rule.getDestinationPortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, vmId); + + if (forDisplay != null) { + newRule.setDisplay(forDisplay); + } newRule = _portForwardingDao.persist(newRule); // create firewallRule for 0.0.0.0/0 cidr @@ -1486,7 +1490,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules @Override @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_MODIFY, eventDescription = "updating forwarding rule", async = true) - public PortForwardingRule updatePortForwardingRule(long id, String customId) { + public PortForwardingRule updatePortForwardingRule(long id, String customId, Boolean forDisplay) { Account caller = CallContext.current().getCallingAccount(); PortForwardingRuleVO rule = _portForwardingDao.findById(id); if (rule == null) { @@ -1497,6 +1501,11 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules if (customId != null) { rule.setUuid(customId); } + + if (forDisplay != null) { + rule.setDisplay(forDisplay); + } + _portForwardingDao.update(id, rule); return _portForwardingDao.findById(id); } diff --git a/server/test/com/cloud/network/MockFirewallManagerImpl.java b/server/test/com/cloud/network/MockFirewallManagerImpl.java index b3069763537..3c026135dab 100644 --- a/server/test/com/cloud/network/MockFirewallManagerImpl.java +++ b/server/test/com/cloud/network/MockFirewallManagerImpl.java @@ -185,7 +185,7 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana } @Override - public FirewallRule updateFirewallRule(long ruleId, String customId) { + public FirewallRule updateFirewallRule(long ruleId, String customId, Boolean forDisplay) { // TODO Auto-generated method stub return null; } diff --git a/setup/db/db/schema-430to440.sql b/setup/db/db/schema-430to440.sql index c11f446ad3f..9c0cc2642b0 100644 --- a/setup/db/db/schema-430to440.sql +++ b/setup/db/db/schema-430to440.sql @@ -531,6 +531,7 @@ UPDATE `cloud`.`vpc_gateway_details` set `display`=1 where id> 0; ALTER TABLE `cloud`.`user_ip_address` ADD COLUMN `display` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'True if the ip address can be displayed to the end user'; ALTER TABLE `cloud`.`vpc` ADD COLUMN `display` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'True if the vpc can be displayed to the end user'; +ALTER TABLE `cloud`.`firewall_rules` ADD COLUMN `display` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'True if the rule can be displayed to the end user';