etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'laszlo/CLOUDSTACK-8279' 

This closes #90

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav 2015-03-02 16:35:27 +05:30
parent 62e179b16d df11bb2811
commit 541c23ed07
2 changed files with 124 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java
View File

@ -53,7 +53,7 @@ public class SetFirewallRulesCommand extends NetworkElementCommand {
* each entry format <ip>:protocol:srcport:destport:scidr:
* reverted entry format <ip>:reverted:0:0:0:
*/
if (fwTO.revoked() == true) {
if (fwTO.revoked()) {
StringBuilder sb = new StringBuilder();
/* This entry is added just to make sure atleast there will one entry in the list to get the ipaddress */
sb.append(fwTO.getSrcIp()).append(":reverted:0:0:0:");
@ -77,7 +77,7 @@ public class SetFirewallRulesCommand extends NetworkElementCommand {
if (cidr == null || cidr.isEmpty()) {
sb.append("0.0.0.0/0");
} else {
Boolean firstEntry = true;
boolean firstEntry = true;
for (String tag : cidr) {
if (!firstEntry)
sb.append("-");

212
core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
View File

@ -24,6 +24,8 @@ import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
@ -80,6 +82,9 @@ import com.cloud.network.vpc.NetworkACLItem.TrafficType;
import com.cloud.network.vpc.VpcGateway;
import com.cloud.utils.ExecutionResult;
import com.cloud.utils.net.NetUtils;
import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.collect.Collections2;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(loader = AnnotationConfigContextLoader.class)
@ -669,7 +674,13 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
private void verifyArgs(SetFirewallRulesCommand cmd, String script, String args) {
assertEquals(script, VRScripts.FIREWALL_INGRESS);
assertEquals(args, " -F -a 64.10.10.10:ICMP:0:0:10.10.1.1/24-10.10.1.2/24:,64.10.10.10:TCP:22:80:10.10.1.1/24-10.10.1.2/24:,64.10.10.10:reverted:0:0:0:,");
//Since the arguments are generated with a Set
//one can not make a bet on the order
assertTrue(args.startsWith(" -F -a "));
assertTrue(args.contains("64.10.10.10:ICMP:0:0:10.10.1.1/24-10.10.1.2/24:"));
assertTrue(args.contains("64.10.10.10:reverted:0:0:0:"));
assertTrue(args.contains("64.10.10.10:TCP:22:80:10.10.1.1/24-10.10.1.2/24:"));
}
@Test
@ -1003,95 +1014,116 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
assertEquals(path, "/var/cache/cloud/");
assertTrue(filename.startsWith("VR-"));
assertTrue(filename.endsWith(".cfg"));
assertEquals(content, "#Apache CloudStack Virtual Router Config File\n" +
"<version>\n" +
"1.0\n" +
"</version>\n" +
"<script>\n" +
"/opt/cloud/bin/ipassoc.sh -A -s -f -l 64.1.1.10/24 -c eth2 -g 64.1.1.1\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/ipassoc.sh -D -l 64.1.1.11/24 -c eth2 -g 64.1.1.1\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/ipassoc.sh -A -l 65.1.1.11/24 -c eth2 -g 65.1.1.1\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vpc_ipassoc.sh -A -l 64.1.1.10 -c eth2 -g 64.1.1.1 -m 24 -n 64.1.1.0\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vpc_privateGateway.sh -A -l 64.1.1.10 -c eth2\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vpc_ipassoc.sh -D -l 64.1.1.11 -c eth2 -g 64.1.1.1 -m 24 -n 64.1.1.0\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vpc_privateGateway.sh -D -l 64.1.1.11 -c eth2\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vpc_ipassoc.sh -A -l 65.1.1.11 -c eth2 -g 65.1.1.1 -m 24 -n 65.1.1.0\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/firewall_ingress.sh -F -a 64.10.10.10:ICMP:0:0:10.10.1.1/24-10.10.1.2/24:,64.10.10.10:TCP:22:80:10.10.1.1/24-10.10.1.2/24:,64.10.10.10:reverted:0:0:0:,\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/firewall_nat.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22:80\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/firewall_nat.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080:8080\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vpc_portforwarding.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22-80\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vpc_portforwarding.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080-8080\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/createIpAlias.sh 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/deleteIpAlias.sh 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-- 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/dnsmasq.sh 10.1.20.2:10.1.20.1:255.255.255.0:10.1.20.5-10.1.21.2:10.1.21.1:255.255.255.0:10.1.21.5-\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vpn_l2tp.sh -r 10.10.1.10-10.10.1.20 -p sharedkey -s 124.10.10.10 -l 10.10.1.1 -c -C 10.1.1.1/24 -i eth2\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vpn_l2tp.sh -d -s 124.10.10.10 -C 10.1.1.1/24 -i eth2\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vpn_l2tp.sh -r 10.10.1.10-10.10.1.20 -p sharedkey -s 124.10.10.10 -l 10.10.1.1 -c -C 10.1.1.1/24 -i eth1\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/firewall_nat.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22:80\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/firewall_nat.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080:8080\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vpc_portforwarding.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22-80\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vpc_portforwarding.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080-8080\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/edithosts.sh -m 12:34:56:78:90:AB -4 10.1.10.2 -h vm1\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/edithosts.sh -m 12:34:56:78:90:AB -h vm1 -6 2001:db8:0:0:0:ff00:42:8329 -u 00:03:00:01:12:34:56:78:90:AB\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/edithosts.sh -m 12:34:56:78:90:AB -4 10.1.10.2 -h vm1 -6 2001:db8:0:0:0:ff00:42:8329 -u 00:03:00:01:12:34:56:78:90:AB\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/savepassword.sh -v 10.1.10.4 -p 123pass\n" +
"</script>\n" +
"<script>\n" +
"/opt/cloud/bin/vmdata.py -d eyIxMC4xLjEwLjQiOltbInVzZXJkYXRhIiwidXNlci1kYXRhIiwidXNlci1kYXRhIl0sWyJtZXRhZGF0YSIsInNlcnZpY2Utb2ZmZXJpbmciLCJzZXJ2aWNlT2ZmZXJpbmciXSxbIm1ldGFkYXRhIiwiYXZhaWxhYmlsaXR5LXpvbmUiLCJ6b25lTmFtZSJdLFsibWV0YWRhdGEiLCJsb2NhbC1pcHY0IiwiMTAuMS4xMC40Il0sWyJtZXRhZGF0YSIsImxvY2FsLWhvc3RuYW1lIiwidGVzdC12bSJdLFsibWV0YWRhdGEiLCJwdWJsaWMtaXB2NCIsIjExMC4xLjEwLjQiXSxbIm1ldGFkYXRhIiwicHVibGljLWhvc3RuYW1lIiwiaG9zdG5hbWUiXSxbIm1ldGFkYXRhIiwiaW5zdGFuY2UtaWQiLCJpLTQtVk0iXSxbIm1ldGFkYXRhIiwidm0taWQiLCI0Il0sWyJtZXRhZGF0YSIsInB1YmxpYy1rZXlzIiwicHVibGlja2V5Il0sWyJtZXRhZGF0YSIsImNsb3VkLWlkZW50aWZpZXIiLCJDbG91ZFN0YWNrLXt0ZXN0fSJdXX0=\n" +
"</script>" +
"\n");
Collection<String> filteredScripts = Collections2.transform(Collections2.filter (
Arrays.asList(content.split("</?script>")), new Predicate<String>() {
@Override
public boolean apply(String str) {
return str.trim().startsWith("/opt/cloud");
}
}), new Function<String, String>() {
@Override
public String apply(String str) {
return str.trim();
}
});
String[] scripts = filteredScripts.toArray(new String[filteredScripts
.size()]);
assertEquals(
"/opt/cloud/bin/ipassoc.sh -A -s -f -l 64.1.1.10/24 -c eth2 -g 64.1.1.1",
scripts[0]);
assertEquals(
"/opt/cloud/bin/ipassoc.sh -D -l 64.1.1.11/24 -c eth2 -g 64.1.1.1",
scripts[1]);
assertEquals(
"/opt/cloud/bin/ipassoc.sh -A -l 65.1.1.11/24 -c eth2 -g 65.1.1.1",
scripts[2]);
assertEquals(
"/opt/cloud/bin/vpc_ipassoc.sh -A -l 64.1.1.10 -c eth2 -g 64.1.1.1 -m 24 -n 64.1.1.0",
scripts[3]);
assertEquals(
"/opt/cloud/bin/vpc_privateGateway.sh -A -l 64.1.1.10 -c eth2",
scripts[4]);
assertEquals(
"/opt/cloud/bin/vpc_ipassoc.sh -D -l 64.1.1.11 -c eth2 -g 64.1.1.1 -m 24 -n 64.1.1.0",
scripts[5]);
assertEquals(
"/opt/cloud/bin/vpc_privateGateway.sh -D -l 64.1.1.11 -c eth2",
scripts[6]);
assertEquals(
"/opt/cloud/bin/vpc_ipassoc.sh -A -l 65.1.1.11 -c eth2 -g 65.1.1.1 -m 24 -n 65.1.1.0",
scripts[7]);
//the list generated by SetFirewallCmd is actually generated through a Set
//therefore we can not bet on the order of the parameters
assertTrue(
scripts[8].matches("/opt/cloud/bin/firewall_ingress.sh -F -a .*"));
assertTrue(
scripts[8].contains("64.10.10.10:ICMP:0:0:10.10.1.1/24-10.10.1.2/24:"));
assertTrue(
scripts[8].contains("64.10.10.10:TCP:22:80:10.10.1.1/24-10.10.1.2/24:"));
assertTrue(
scripts[8].contains("64.10.10.10:reverted:0:0:0:"));
assertEquals(
"/opt/cloud/bin/firewall_nat.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22:80",
scripts[9]);
assertEquals(
"/opt/cloud/bin/firewall_nat.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080:8080",
scripts[10]);
assertEquals(
"/opt/cloud/bin/vpc_portforwarding.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22-80",
scripts[11]);
assertEquals(
"/opt/cloud/bin/vpc_portforwarding.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080-8080",
scripts[12]);
assertEquals(
"/opt/cloud/bin/createIpAlias.sh 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-",
scripts[13]);
assertEquals(
"/opt/cloud/bin/deleteIpAlias.sh 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-- 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-",
scripts[14]);
assertEquals(
"/opt/cloud/bin/dnsmasq.sh 10.1.20.2:10.1.20.1:255.255.255.0:10.1.20.5-10.1.21.2:10.1.21.1:255.255.255.0:10.1.21.5-",
scripts[15]);
assertEquals(
"/opt/cloud/bin/vpn_l2tp.sh -r 10.10.1.10-10.10.1.20 -p sharedkey -s 124.10.10.10 -l 10.10.1.1 -c -C 10.1.1.1/24 -i eth2",
scripts[16]);
assertEquals(
"/opt/cloud/bin/vpn_l2tp.sh -d -s 124.10.10.10 -C 10.1.1.1/24 -i eth2",
scripts[17]);
assertEquals(
"/opt/cloud/bin/vpn_l2tp.sh -r 10.10.1.10-10.10.1.20 -p sharedkey -s 124.10.10.10 -l 10.10.1.1 -c -C 10.1.1.1/24 -i eth1",
scripts[18]);
assertEquals(
"/opt/cloud/bin/firewall_nat.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22:80",
scripts[19]);
assertEquals(
"/opt/cloud/bin/firewall_nat.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080:8080",
scripts[20]);
assertEquals(
"/opt/cloud/bin/vpc_portforwarding.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22-80",
scripts[21]);
assertEquals(
"/opt/cloud/bin/vpc_portforwarding.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080-8080",
scripts[22]);
assertEquals(
"/opt/cloud/bin/edithosts.sh -m 12:34:56:78:90:AB -4 10.1.10.2 -h vm1",
scripts[23]);
assertEquals(
"/opt/cloud/bin/edithosts.sh -m 12:34:56:78:90:AB -h vm1 -6 2001:db8:0:0:0:ff00:42:8329 -u 00:03:00:01:12:34:56:78:90:AB",
scripts[24]);
assertEquals(
"/opt/cloud/bin/edithosts.sh -m 12:34:56:78:90:AB -4 10.1.10.2 -h vm1 -6 2001:db8:0:0:0:ff00:42:8329 -u 00:03:00:01:12:34:56:78:90:AB",
scripts[25]);
assertEquals("/opt/cloud/bin/savepassword.sh -v 10.1.10.4 -p 123pass",
scripts[26]);
assertEquals(
"/opt/cloud/bin/vmdata.py -d eyIxMC4xLjEwLjQiOltbInVzZXJkYXRhIiwidXNlci1kYXRhIiwidXNlci1kYXRhIl0sWyJtZXRhZGF0YSIsInNlcnZpY2Utb2ZmZXJpbmciLCJzZXJ2aWNlT2ZmZXJpbmciXSxbIm1ldGFkYXRhIiwiYXZhaWxhYmlsaXR5LXpvbmUiLCJ6b25lTmFtZSJdLFsibWV0YWRhdGEiLCJsb2NhbC1pcHY0IiwiMTAuMS4xMC40Il0sWyJtZXRhZGF0YSIsImxvY2FsLWhvc3RuYW1lIiwidGVzdC12bSJdLFsibWV0YWRhdGEiLCJwdWJsaWMtaXB2NCIsIjExMC4xLjEwLjQiXSxbIm1ldGFkYXRhIiwicHVibGljLWhvc3RuYW1lIiwiaG9zdG5hbWUiXSxbIm1ldGFkYXRhIiwiaW5zdGFuY2UtaWQiLCJpLTQtVk0iXSxbIm1ldGFkYXRhIiwidm0taWQiLCI0Il0sWyJtZXRhZGF0YSIsInB1YmxpYy1rZXlzIiwicHVibGlja2V5Il0sWyJtZXRhZGF0YSIsImNsb3VkLWlkZW50aWZpZXIiLCJDbG91ZFN0YWNrLXt0ZXN0fSJdXX0=",
scripts[27]);
}
}