From b7ccae0dde6f6949e5314036a7aa71460d676316 Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Wed, 17 Oct 2012 16:34:28 -0700 Subject: [PATCH 1/3] cloudstack UI - Static NAT, Port Forwarding and Firewall Implementation on JuniperSRX - IP Address page - configuration - Firewall - exclude ICMP from Protocol dropdown. --- ui/scripts/network.js | 42 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/ui/scripts/network.js b/ui/scripts/network.js index 3ff35b43cf6..e8ee8618edb 100644 --- a/ui/scripts/network.js +++ b/ui/scripts/network.js @@ -2003,14 +2003,40 @@ $icmpFields.parent().find('label.error').hide(); } }); - - args.response.success({ - data: [ - { name: 'tcp', description: 'TCP' }, - { name: 'udp', description: 'UDP' }, - { name: 'icmp', description: 'ICMP' } - ] - }); + + var data = [ + { name: 'tcp', description: 'TCP' }, + { name: 'udp', description: 'UDP' } + ]; + //ICMP portocol is not supported in Firewall provided by JuniperSRX + $.ajax({ + url: createURL('listNetworkOfferings'), + data: { + id: args.context.networks[0].networkofferingid + }, + async: false, + success: function(json) { + var serviceArray = json.listnetworkofferingsresponse.networkoffering[0].service; + var FirewallProviderArrayIncludesJuniperSRX = false; + for(var i = 0; i < serviceArray.length; i++) { + if(serviceArray[i].name == "Firewall") { + var providerArray = serviceArray[i].provider; + for(var k = 0; k < providerArray.length; k++) { + if(providerArray[k].name == "JuniperSRX") { + FirewallProviderArrayIncludesJuniperSRX = true; + break; + } + } + break; + } + } + if(FirewallProviderArrayIncludesJuniperSRX == false) { + data.push({ name: 'icmp', description: 'ICMP' }); //show ICMP option only when provider is not JuniperSRX + } + } + }); + + args.response.success({data: data}); } }, 'startport': { edit: true, label: 'label.start.port' }, From a8e18f05298218d858c1833e52d2d3e4dd1ab5df Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Thu, 18 Oct 2012 11:27:06 -0700 Subject: [PATCH 2/3] cloudstack UI - Static NAT, Port Forwarding and Firewall Implementation on JuniperSRX - IP Address page - configuration - Firewall - call listNetworkOfferings API only when the screen is navigated from Guest Network section, but not from VPC section. --- ui/scripts/network.js | 58 +++++++++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/ui/scripts/network.js b/ui/scripts/network.js index e8ee8618edb..299b70b6f97 100644 --- a/ui/scripts/network.js +++ b/ui/scripts/network.js @@ -2008,34 +2008,38 @@ { name: 'tcp', description: 'TCP' }, { name: 'udp', description: 'UDP' } ]; - //ICMP portocol is not supported in Firewall provided by JuniperSRX - $.ajax({ - url: createURL('listNetworkOfferings'), - data: { - id: args.context.networks[0].networkofferingid - }, - async: false, - success: function(json) { - var serviceArray = json.listnetworkofferingsresponse.networkoffering[0].service; - var FirewallProviderArrayIncludesJuniperSRX = false; - for(var i = 0; i < serviceArray.length; i++) { - if(serviceArray[i].name == "Firewall") { - var providerArray = serviceArray[i].provider; - for(var k = 0; k < providerArray.length; k++) { - if(providerArray[k].name == "JuniperSRX") { - FirewallProviderArrayIncludesJuniperSRX = true; - break; - } - } - break; - } - } - if(FirewallProviderArrayIncludesJuniperSRX == false) { - data.push({ name: 'icmp', description: 'ICMP' }); //show ICMP option only when provider is not JuniperSRX - } - } - }); + //ICMP portocol is not supported in Firewall provided by JuniperSRX + var FirewallProviderArrayIncludesJuniperSRX = false; + if('networks' in args.context) { + $.ajax({ + url: createURL('listNetworkOfferings'), + data: { + id: args.context.networks[0].networkofferingid + }, + async: false, + success: function(json) { + var serviceArray = json.listnetworkofferingsresponse.networkoffering[0].service; + + for(var i = 0; i < serviceArray.length; i++) { + if(serviceArray[i].name == "Firewall") { + var providerArray = serviceArray[i].provider; + for(var k = 0; k < providerArray.length; k++) { + if(providerArray[k].name == "JuniperSRX") { + FirewallProviderArrayIncludesJuniperSRX = true; + break; + } + } + break; + } + } + } + }); + } + if(FirewallProviderArrayIncludesJuniperSRX == false) { + data.push({ name: 'icmp', description: 'ICMP' }); //show ICMP option only when provider is not JuniperSRX + } + args.response.success({data: data}); } }, From 714b0593d3dfaa81af3c13d19a8105d1036954f7 Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Thu, 18 Oct 2012 14:00:32 -0700 Subject: [PATCH 3/3] cloudstack UI - Static NAT, Port Forwarding and Firewall Implementation on JuniperSRX - IP Address page - configuration - if Firewall is provided by JuniperSRX, hide Firewall icon when Port forwarding is configured on IP Address. --- ui/scripts/network.js | 44 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 37 insertions(+), 7 deletions(-) diff --git a/ui/scripts/network.js b/ui/scripts/network.js index 299b70b6f97..c4454810074 100644 --- a/ui/scripts/network.js +++ b/ui/scripts/network.js @@ -1820,8 +1820,10 @@ var havingFirewallService = false; var havingPortForwardingService = false; var havingLbService = false; - var havingVpnService = false; - + var havingVpnService = false; + + var FirewallProviderArrayIncludesJuniperSRX = false; + if('networks' in args.context && args.context.networks[0].vpcid == null) { //a non-VPC network from Guest Network section $.ajax({ url: createURL('listNetworkOfferings'), @@ -1834,14 +1836,25 @@ var networkoffering = json.listnetworkofferingsresponse.networkoffering[0]; $(networkoffering.service).each(function(){ var thisService = this; - if(thisService.name == "Firewall") + if(thisService.name == "Firewall") { havingFirewallService = true; - if(thisService.name == "PortForwarding") + var providerArray = thisService.provider; + for(var k = 0; k < providerArray.length; k++) { + if(providerArray[k].name == "JuniperSRX") { + FirewallProviderArrayIncludesJuniperSRX = true; + break; + } + } + } + if(thisService.name == "PortForwarding") { havingPortForwardingService = true; - if(thisService.name == "Lb") + } + if(thisService.name == "Lb") { havingLbService = true; - if(thisService.name == "Vpn") + } + if(thisService.name == "Vpn") { havingVpnService = true; + } }); } }); @@ -1960,7 +1973,24 @@ }); } } - + + if(FirewallProviderArrayIncludesJuniperSRX == true) { //if Firewall is provided by JuniperSRX + $.ajax({ + url: createURL('listPortForwardingRules'), + data: { + ipaddressid: args.context.ipAddresses[0].id, + listAll: true + }, + async: false, + success: function(json) { + var rules = json.listportforwardingrulesresponse.portforwardingrule; + if(rules != null && rules.length > 0) { + disallowedActions.push("firewall"); //hide Firewall icon when Port forwarding is configured on IP Address + } + } + }); + } + return disallowedActions; },