mirror of https://github.com/apache/cloudstack.git
VPC: removed NetworkACL interface; added getTrafficType() to Firewall
This commit is contained in:
Alena Prokharchyk
parent
93916abcff
commit
931c3eb78e
|
|
@ -109,7 +109,6 @@ import com.cloud.network.VpnUser;
|
|||
import com.cloud.network.router.VirtualRouter;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.rules.LoadBalancer;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.network.rules.PortForwardingRule;
|
||||
import com.cloud.network.rules.StaticNatRule;
|
||||
import com.cloud.network.rules.StickinessPolicy;
|
||||
|
|
@ -320,7 +319,7 @@ public interface ResponseGenerator {
|
|||
* @param networkACL
|
||||
* @return
|
||||
*/
|
||||
NetworkACLResponse createNetworkACLResponse(NetworkACL networkACL);
|
||||
NetworkACLResponse createNetworkACLResponse(FirewallRule networkACL);
|
||||
|
||||
/**
|
||||
* @param result
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@ import com.cloud.exception.NetworkRuleConflictException;
|
|||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.IpAddress;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.user.Account;
|
||||
import com.cloud.user.UserContext;
|
||||
import com.cloud.utils.net.NetUtils;
|
||||
|
|
@ -118,13 +117,13 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal
|
|||
public void execute() throws ResourceUnavailableException {
|
||||
UserContext callerContext = UserContext.current();
|
||||
boolean success = false;
|
||||
FirewallRule rule = _entityMgr.findById(NetworkACL.class, getEntityId());
|
||||
FirewallRule rule = _entityMgr.findById(FirewallRule.class, getEntityId());
|
||||
try {
|
||||
UserContext.current().setEventDetails("Rule Id: " + getEntityId());
|
||||
success = _firewallService.applyFirewallRules(rule.getSourceIpAddressId(), callerContext.getCaller());
|
||||
|
||||
// State is different after the rule is applied, so get new object here
|
||||
rule = _entityMgr.findById(NetworkACL.class, getEntityId());
|
||||
rule = _entityMgr.findById(FirewallRule.class, getEntityId());
|
||||
FirewallResponse fwResponse = new FirewallResponse();
|
||||
if (rule != null) {
|
||||
fwResponse = _responseGenerator.createFirewallResponse(rule);
|
||||
|
|
@ -313,5 +312,10 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal
|
|||
public AsyncJob.Type getInstanceType() {
|
||||
return AsyncJob.Type.FirewallRule;
|
||||
}
|
||||
|
||||
@Override
|
||||
public TrafficType getTrafficType() {
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -298,5 +298,10 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta
|
|||
public AsyncJob.Type getInstanceType() {
|
||||
return AsyncJob.Type.FirewallRule;
|
||||
}
|
||||
|
||||
@Override
|
||||
public TrafficType getTrafficType() {
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ import com.cloud.exception.NetworkRuleConflictException;
|
|||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.network.vpc.Vpc;
|
||||
import com.cloud.user.Account;
|
||||
import com.cloud.user.UserContext;
|
||||
|
|
@ -30,7 +29,7 @@ import com.cloud.utils.net.NetUtils;
|
|||
|
||||
@Implementation(description = "Creates a ACL rule the given network (the network has to belong to VPC)",
|
||||
responseObject = NetworkACLResponse.class)
|
||||
public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements NetworkACL {
|
||||
public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements FirewallRule {
|
||||
public static final Logger s_logger = Logger.getLogger(CreateNetworkACLCmd.class.getName());
|
||||
|
||||
private static final String s_name = "createnetworkaclresponse";
|
||||
|
|
@ -139,7 +138,7 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements NetworkAC
|
|||
public void execute() throws ResourceUnavailableException {
|
||||
UserContext callerContext = UserContext.current();
|
||||
boolean success = false;
|
||||
NetworkACL rule = _networkACLService.getNetworkACL(getEntityId());
|
||||
FirewallRule rule = _networkACLService.getNetworkACL(getEntityId());
|
||||
try {
|
||||
UserContext.current().setEventDetails("Rule Id: " + getEntityId());
|
||||
success = _networkACLService.applyNetworkACLs(rule.getNetworkId(), callerContext.getCaller());
|
||||
|
|
@ -239,7 +238,7 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements NetworkAC
|
|||
}
|
||||
|
||||
try {
|
||||
NetworkACL result = _networkACLService.createNetworkACL(this);
|
||||
FirewallRule result = _networkACLService.createNetworkACL(this);
|
||||
setEntityId(result.getId());
|
||||
} catch (NetworkRuleConflictException ex) {
|
||||
s_logger.info("Network rule conflict: " + ex.getMessage());
|
||||
|
|
|
|||
|
|
@ -354,4 +354,9 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
|
|||
return AsyncJob.Type.FirewallRule;
|
||||
}
|
||||
|
||||
@Override
|
||||
public TrafficType getTrafficType() {
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ import com.cloud.event.EventTypes;
|
|||
import com.cloud.exception.InvalidParameterValueException;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.user.UserContext;
|
||||
|
||||
@Implementation(description="Deletes a firewall rule", responseObject=SuccessResponse.class)
|
||||
|
|
@ -76,11 +75,11 @@ public class DeleteFirewallRuleCmd extends BaseAsyncCmd {
|
|||
@Override
|
||||
public long getEntityOwnerId() {
|
||||
if (ownerId == null) {
|
||||
FirewallRule rule = _entityMgr.findById(NetworkACL.class, id);
|
||||
FirewallRule rule = _entityMgr.findById(FirewallRule.class, id);
|
||||
if (rule == null) {
|
||||
throw new InvalidParameterValueException("Unable to find firewall rule by id=" + id);
|
||||
} else {
|
||||
ownerId = _entityMgr.findById(NetworkACL.class, id).getAccountId();
|
||||
ownerId = _entityMgr.findById(FirewallRule.class, id).getAccountId();
|
||||
}
|
||||
}
|
||||
return ownerId;
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ import com.cloud.async.AsyncJob;
|
|||
import com.cloud.event.EventTypes;
|
||||
import com.cloud.exception.InvalidParameterValueException;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.user.UserContext;
|
||||
|
||||
@Implementation(description="Deletes a Network ACL", responseObject=SuccessResponse.class)
|
||||
|
|
@ -78,7 +78,7 @@ public class DeleteNetworkACLCmd extends BaseAsyncCmd {
|
|||
@Override
|
||||
public long getEntityOwnerId() {
|
||||
if (ownerId == null) {
|
||||
NetworkACL rule = _networkACLService.getNetworkACL(id);
|
||||
FirewallRule rule = _networkACLService.getNetworkACL(id);
|
||||
if (rule == null) {
|
||||
throw new InvalidParameterValueException("Unable to find network ACL by id=" + id);
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -26,10 +26,9 @@ import com.cloud.api.BaseListProjectAndAccountResourcesCmd;
|
|||
import com.cloud.api.IdentityMapper;
|
||||
import com.cloud.api.Implementation;
|
||||
import com.cloud.api.Parameter;
|
||||
import com.cloud.api.response.FirewallResponse;
|
||||
import com.cloud.api.response.ListResponse;
|
||||
import com.cloud.api.response.NetworkACLResponse;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
|
||||
@Implementation(description="Lists all network ACLs", responseObject=NetworkACLResponse.class)
|
||||
public class ListNetworkACLsCmd extends BaseListProjectAndAccountResourcesCmd {
|
||||
|
|
@ -78,11 +77,11 @@ public class ListNetworkACLsCmd extends BaseListProjectAndAccountResourcesCmd {
|
|||
|
||||
@Override
|
||||
public void execute(){
|
||||
List<? extends NetworkACL> result = _networkACLService.listNetworkACLs(this);
|
||||
List<? extends FirewallRule> result = _networkACLService.listNetworkACLs(this);
|
||||
ListResponse<NetworkACLResponse> response = new ListResponse<NetworkACLResponse>();
|
||||
List<NetworkACLResponse> aclResponses = new ArrayList<NetworkACLResponse>();
|
||||
|
||||
for (NetworkACL acl : result) {
|
||||
for (FirewallRule acl : result) {
|
||||
NetworkACLResponse ruleData = _responseGenerator.createNetworkACLResponse(acl);
|
||||
aclResponses.add(ruleData);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,21 +17,21 @@ import java.util.List;
|
|||
import com.cloud.api.commands.ListNetworkACLsCmd;
|
||||
import com.cloud.exception.NetworkRuleConflictException;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.user.Account;
|
||||
|
||||
/**
|
||||
* @author Alena Prokharchyk
|
||||
*/
|
||||
public interface NetworkACLService {
|
||||
NetworkACL getNetworkACL(long ruleId);
|
||||
FirewallRule getNetworkACL(long ruleId);
|
||||
boolean applyNetworkACLs(long networkId, Account caller) throws ResourceUnavailableException;
|
||||
|
||||
/**
|
||||
* @param createNetworkACLCmd
|
||||
* @return
|
||||
*/
|
||||
NetworkACL createNetworkACL(NetworkACL acl) throws NetworkRuleConflictException;
|
||||
FirewallRule createNetworkACL(FirewallRule acl) throws NetworkRuleConflictException;
|
||||
/**
|
||||
* @param ruleId
|
||||
* @param apply
|
||||
|
|
@ -42,6 +42,6 @@ public interface NetworkACLService {
|
|||
* @param listNetworkACLsCmd
|
||||
* @return
|
||||
*/
|
||||
List<? extends NetworkACL> listNetworkACLs(ListNetworkACLsCmd cmd);
|
||||
List<? extends FirewallRule> listNetworkACLs(ListNetworkACLsCmd cmd);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -214,4 +214,9 @@ public class LoadBalancingRule implements FirewallRule, LoadBalancer{
|
|||
public FirewallRuleType getType() {
|
||||
return FirewallRuleType.User;
|
||||
}
|
||||
|
||||
@Override
|
||||
public TrafficType getTrafficType() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ package com.cloud.network.rules;
|
|||
import java.util.List;
|
||||
|
||||
import com.cloud.acl.ControlledEntity;
|
||||
import com.cloud.network.rules.FirewallRule.TrafficType;
|
||||
|
||||
public interface FirewallRule extends ControlledEntity {
|
||||
enum Purpose {
|
||||
|
|
@ -86,4 +87,9 @@ public interface FirewallRule extends ControlledEntity {
|
|||
|
||||
FirewallRuleType getType();
|
||||
|
||||
/**
|
||||
* @return
|
||||
*/
|
||||
TrafficType getTrafficType();
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,26 +0,0 @@
|
|||
// Copyright 2012 Citrix Systems, Inc. Licensed under the
|
||||
// Apache License, Version 2.0 (the "License"); you may not use this
|
||||
// file except in compliance with the License. Citrix Systems, Inc.
|
||||
// reserves all rights not expressly granted by the License.
|
||||
// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
//
|
||||
// Automatically generated by addcopyright.py at 04/03/2012
|
||||
package com.cloud.network.rules;
|
||||
|
||||
|
||||
/**
|
||||
* @author Alena Prokharchyk
|
||||
*/
|
||||
public interface NetworkACL extends FirewallRule{
|
||||
|
||||
/**
|
||||
* @return
|
||||
*/
|
||||
TrafficType getTrafficType();
|
||||
|
||||
}
|
||||
|
|
@ -149,7 +149,6 @@ import com.cloud.network.VpnUser;
|
|||
import com.cloud.network.router.VirtualRouter;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.rules.LoadBalancer;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.network.rules.PortForwardingRule;
|
||||
import com.cloud.network.rules.StaticNatRule;
|
||||
import com.cloud.network.rules.StickinessPolicy;
|
||||
|
|
@ -3095,7 +3094,7 @@ public class ApiResponseHelper implements ResponseGenerator {
|
|||
}
|
||||
|
||||
@Override
|
||||
public NetworkACLResponse createNetworkACLResponse(NetworkACL networkACL) {
|
||||
public NetworkACLResponse createNetworkACLResponse(FirewallRule networkACL) {
|
||||
NetworkACLResponse response = new NetworkACLResponse();
|
||||
|
||||
response.setId(networkACL.getId());
|
||||
|
|
|
|||
|
|
@ -46,7 +46,6 @@ import com.cloud.network.router.VirtualRouter;
|
|||
import com.cloud.network.router.VirtualRouter.Role;
|
||||
import com.cloud.network.router.VpcVirtualNetworkApplianceManager;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.network.vpc.PrivateGateway;
|
||||
import com.cloud.network.vpc.StaticRouteProfile;
|
||||
import com.cloud.network.vpc.Vpc;
|
||||
|
|
@ -406,7 +405,7 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
|
|||
return true;
|
||||
}
|
||||
|
||||
if (!_vpcRouterMgr.applyNetworkACLs(config, (List<NetworkACL>)rules, routers)) {
|
||||
if (!_vpcRouterMgr.applyNetworkACLs(config, rules, routers)) {
|
||||
throw new CloudRuntimeException("Failed to apply firewall rules in network " + config.getId());
|
||||
} else {
|
||||
return true;
|
||||
|
|
|
|||
|
|
@ -22,10 +22,10 @@ import com.cloud.exception.ResourceUnavailableException;
|
|||
import com.cloud.network.Network;
|
||||
import com.cloud.network.Site2SiteVpnConnection;
|
||||
import com.cloud.network.VpcVirtualNetworkApplianceService;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.vpc.PrivateGateway;
|
||||
import com.cloud.network.vpc.StaticRouteProfile;
|
||||
import com.cloud.network.vpc.Vpc;
|
||||
import com.cloud.network.vpc.PrivateGateway;
|
||||
import com.cloud.user.Account;
|
||||
import com.cloud.vm.DomainRouterVO;
|
||||
import com.cloud.vm.VirtualMachineProfile.Param;
|
||||
|
|
@ -56,7 +56,7 @@ public interface VpcVirtualNetworkApplianceManager extends VirtualNetworkApplian
|
|||
* @return
|
||||
* @throws ResourceUnavailableException
|
||||
*/
|
||||
boolean applyNetworkACLs(Network network, List<? extends NetworkACL> rules, List<? extends VirtualRouter> routers)
|
||||
boolean applyNetworkACLs(Network network, List<? extends FirewallRule> rules, List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ import com.cloud.network.VirtualRouterProvider.VirtualRouterProviderType;
|
|||
import com.cloud.network.VpcVirtualNetworkApplianceService;
|
||||
import com.cloud.network.addr.PublicIp;
|
||||
import com.cloud.network.dao.PhysicalNetworkDao;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.vpc.NetworkACLManager;
|
||||
import com.cloud.network.vpc.PrivateGateway;
|
||||
import com.cloud.network.vpc.PrivateIpAddress;
|
||||
|
|
@ -687,7 +687,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
|
|||
}
|
||||
|
||||
@Override
|
||||
public boolean applyNetworkACLs(Network network, final List<? extends NetworkACL> rules, List<? extends VirtualRouter> routers)
|
||||
public boolean applyNetworkACLs(Network network, final List<? extends FirewallRule> rules, List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException {
|
||||
if (rules == null || rules.isEmpty()) {
|
||||
s_logger.debug("No network ACLs to be applied for network " + network.getId());
|
||||
|
|
@ -696,20 +696,20 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
|
|||
return applyRules(network, routers, "network acls", false, null, false, new RuleApplier() {
|
||||
@Override
|
||||
public boolean execute(Network network, VirtualRouter router) throws ResourceUnavailableException {
|
||||
return sendNetworkACLs(router, (List<NetworkACL>)rules, network.getId());
|
||||
return sendNetworkACLs(router, rules, network.getId());
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
protected boolean sendNetworkACLs(VirtualRouter router, List<NetworkACL> rules, long guestNetworkId)
|
||||
protected boolean sendNetworkACLs(VirtualRouter router, List<? extends FirewallRule> rules, long guestNetworkId)
|
||||
throws ResourceUnavailableException {
|
||||
Commands cmds = new Commands(OnError.Continue);
|
||||
createNetworkACLsCommands(rules, router, cmds, guestNetworkId);
|
||||
return sendCommandsToRouter(router, cmds);
|
||||
}
|
||||
|
||||
private void createNetworkACLsCommands(List<NetworkACL> rules, VirtualRouter router, Commands cmds, long guestNetworkId) {
|
||||
private void createNetworkACLsCommands(List<? extends FirewallRule> rules, VirtualRouter router, Commands cmds, long guestNetworkId) {
|
||||
List<NetworkACLTO> rulesTO = null;
|
||||
String guestVlan = null;
|
||||
Network guestNtwk = _networkDao.findById(guestNetworkId);
|
||||
|
|
@ -721,7 +721,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
|
|||
if (rules != null) {
|
||||
rulesTO = new ArrayList<NetworkACLTO>();
|
||||
|
||||
for (NetworkACL rule : rules) {
|
||||
for (FirewallRule rule : rules) {
|
||||
NetworkACLTO ruleTO = new NetworkACLTO(rule, guestVlan, rule.getTrafficType());
|
||||
rulesTO.add(ruleTO);
|
||||
}
|
||||
|
|
@ -898,11 +898,11 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
|
|||
super.finalizeNetworkRulesForNetwork(cmds, router, provider, guestNetworkId);
|
||||
|
||||
if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.NetworkACL, Provider.VPCVirtualRouter)) {
|
||||
List<? extends NetworkACL> networkACLs = _networkACLMgr.listNetworkACLs(guestNetworkId);
|
||||
List<? extends FirewallRule> networkACLs = _networkACLMgr.listNetworkACLs(guestNetworkId);
|
||||
s_logger.debug("Found " + networkACLs.size() + " network ACLs to apply as a part of VPC VR " + router
|
||||
+ " start for guest network id=" + guestNetworkId);
|
||||
if (!networkACLs.isEmpty()) {
|
||||
createNetworkACLsCommands((List<NetworkACL>)networkACLs, router, cmds, guestNetworkId);
|
||||
createNetworkACLsCommands(networkACLs, router, cmds, guestNetworkId);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ import com.cloud.utils.net.NetUtils;
|
|||
@Table(name="firewall_rules")
|
||||
@Inheritance(strategy=InheritanceType.JOINED)
|
||||
@DiscriminatorColumn(name="purpose", discriminatorType=DiscriminatorType.STRING, length=32)
|
||||
public class FirewallRuleVO implements Identity, NetworkACL {
|
||||
public class FirewallRuleVO implements Identity, FirewallRule {
|
||||
protected final FirewallRulesCidrsDaoImpl _firewallRulesCidrsDao = ComponentLocator.inject(FirewallRulesCidrsDaoImpl.class);
|
||||
|
||||
@Id
|
||||
|
|
|
|||
|
|
@ -14,8 +14,6 @@ package com.cloud.network.rules;
|
|||
|
||||
import java.util.List;
|
||||
|
||||
import com.cloud.network.rules.FirewallRule.FirewallRuleType;
|
||||
|
||||
|
||||
public class StaticNatRuleImpl implements StaticNatRule{
|
||||
long id;
|
||||
|
|
@ -128,5 +126,10 @@ public class StaticNatRuleImpl implements StaticNatRule{
|
|||
public FirewallRuleType getType() {
|
||||
return FirewallRuleType.User;
|
||||
}
|
||||
|
||||
@Override
|
||||
public TrafficType getTrafficType() {
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ import java.util.List;
|
|||
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.firewall.NetworkACLService;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.user.Account;
|
||||
|
||||
/**
|
||||
|
|
@ -33,6 +33,6 @@ public interface NetworkACLManager extends NetworkACLService{
|
|||
*/
|
||||
boolean revokeAllNetworkACLsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException;
|
||||
|
||||
List<? extends NetworkACL> listNetworkACLs(long guestNtwkId);
|
||||
List<? extends FirewallRule> listNetworkACLs(long guestNtwkId);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -42,7 +42,6 @@ import com.cloud.network.rules.FirewallRule;
|
|||
import com.cloud.network.rules.FirewallRule.Purpose;
|
||||
import com.cloud.network.rules.FirewallRule.TrafficType;
|
||||
import com.cloud.network.rules.FirewallRuleVO;
|
||||
import com.cloud.network.rules.NetworkACL;
|
||||
import com.cloud.projects.Project.ListProjectResourcesCriteria;
|
||||
import com.cloud.user.Account;
|
||||
import com.cloud.user.AccountManager;
|
||||
|
|
@ -111,7 +110,7 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
|
|||
}
|
||||
|
||||
@Override
|
||||
public NetworkACL createNetworkACL(NetworkACL acl) throws NetworkRuleConflictException {
|
||||
public FirewallRule createNetworkACL(FirewallRule acl) throws NetworkRuleConflictException {
|
||||
return createNetworkACL(UserContext.current().getCaller(), acl.getXid(), acl.getSourcePortStart(),
|
||||
acl.getSourcePortEnd(), acl.getProtocol(), acl.getSourceCidrList(), acl.getIcmpCode(),
|
||||
acl.getIcmpType(), null, acl.getType(), acl.getNetworkId(), acl.getTrafficType());
|
||||
|
|
@ -119,7 +118,7 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
|
|||
|
||||
@DB
|
||||
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewall rule", create = true)
|
||||
protected NetworkACL createNetworkACL(Account caller, String xId, Integer portStart,
|
||||
protected FirewallRule createNetworkACL(Account caller, String xId, Integer portStart,
|
||||
Integer portEnd, String protocol, List<String> sourceCidrList, Integer icmpCode, Integer icmpType,
|
||||
Long relatedRuleId, FirewallRule.FirewallRuleType type, long networkId, TrafficType trafficType) throws NetworkRuleConflictException {
|
||||
|
||||
|
|
@ -173,7 +172,7 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
|
|||
|
||||
txn.commit();
|
||||
|
||||
return newRule;
|
||||
return getNetworkACL(newRule.getId());
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -210,9 +209,13 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
|
|||
}
|
||||
}
|
||||
|
||||
protected void detectNetworkACLConflict(NetworkACL newRule) throws NetworkRuleConflictException {
|
||||
|
||||
List<FirewallRuleVO> rules = _firewallDao.listByNetworkPurposeTrafficTypeAndNotRevoked(newRule.getNetworkId(), Purpose.NetworkACL, newRule.getTrafficType());
|
||||
protected void detectNetworkACLConflict(FirewallRuleVO newRule) throws NetworkRuleConflictException {
|
||||
if (newRule.getPurpose() != Purpose.NetworkACL) {
|
||||
return;
|
||||
}
|
||||
|
||||
List<FirewallRuleVO> rules = _firewallDao.listByNetworkPurposeTrafficTypeAndNotRevoked(newRule.getNetworkId(),
|
||||
Purpose.NetworkACL, newRule.getTrafficType());
|
||||
assert (rules.size() >= 1) : "For network ACLs, we now always first persist the rule and then check for " +
|
||||
"network conflicts so we should at least have one rule at this point.";
|
||||
|
||||
|
|
@ -301,8 +304,8 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
|
|||
}
|
||||
|
||||
@Override
|
||||
public NetworkACL getNetworkACL(long ACLId) {
|
||||
FirewallRuleVO rule = _firewallDao.findById(ACLId);
|
||||
public FirewallRule getNetworkACL(long ACLId) {
|
||||
FirewallRule rule = _firewallDao.findById(ACLId);
|
||||
if (rule != null && rule.getPurpose() == Purpose.NetworkACL) {
|
||||
return rule;
|
||||
}
|
||||
|
|
@ -310,7 +313,7 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<? extends NetworkACL> listNetworkACLs(ListNetworkACLsCmd cmd) {
|
||||
public List<? extends FirewallRule> listNetworkACLs(ListNetworkACLsCmd cmd) {
|
||||
Long networkId = cmd.getNetworkId();
|
||||
Long id = cmd.getId();
|
||||
String trafficType = cmd.getTrafficType();
|
||||
|
|
@ -357,7 +360,7 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
|
|||
|
||||
|
||||
@Override
|
||||
public List<? extends NetworkACL> listNetworkACLs(long guestNtwkId) {
|
||||
public List<? extends FirewallRule> listNetworkACLs(long guestNtwkId) {
|
||||
return _firewallDao.listByNetworkAndPurpose(guestNtwkId, Purpose.NetworkACL);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue