diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java index 35df7ec0471..2c2a74fef95 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java @@ -82,9 +82,9 @@ public interface CiscoVnmcConnection { String identifier, String policyIdentifier) throws ExecutionException; - public boolean createTenantVDCIngressAclRuleForDNat(String tenantName, + public boolean createTenantVDCAclRuleForDNat(String tenantName, String identifier, String policyIdentifier, - String publicIp) + String ipAddress) throws ExecutionException; public boolean createTenantVDCDNatPolicy(String tenantName, String identifier) @@ -113,9 +113,9 @@ public interface CiscoVnmcConnection { String identifier, String policyIdentifier) throws ExecutionException; - public boolean createTenantVDCIngressAclRuleForPF(String tenantName, + public boolean createTenantVDCAclRuleForPF(String tenantName, String identifier, String policyIdentifier, - String protocol, String publicIp, + String protocol, String ipAddress, String startPort, String endPort) throws ExecutionException; @@ -152,8 +152,8 @@ public interface CiscoVnmcConnection { public boolean deleteTenantVDCAclRule(String tenantName, String identifier, String policyIdentifier) throws ExecutionException; - public boolean createTenantVDCAclPolicy(String tenantName, String identifier, - boolean ingress) throws ExecutionException; + public boolean createTenantVDCAclPolicy(String tenantName, + String identifier) throws ExecutionException; public boolean createTenantVDCAclPolicyRef(String tenantName, String identifier, boolean ingress) throws ExecutionException; @@ -178,9 +178,9 @@ public interface CiscoVnmcConnection { public Map listUnAssocAsa1000v() throws ExecutionException; - public boolean assocAsa1000v(String tenantName, String firewallDn) + public boolean assignAsa1000v(String tenantName, String firewallDn) throws ExecutionException; - public boolean disassocAsa1000v(String tenantName, String firewallDn) + public boolean unassignAsa1000v(String tenantName, String firewallDn) throws ExecutionException; } \ No newline at end of file diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java index 0b0b70cc547..29b5efea31b 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java @@ -79,9 +79,9 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { CREATE_IP_POOL("create-ip-pool.xml", "policy-mgr"), CREATE_PF_RULE("create-pf-rule.xml", "policy-mgr"), - CREATE_INGRESS_ACL_RULE_FOR_PF("create-ingress-acl-rule-for-pf.xml", "policy-mgr"), + CREATE_ACL_RULE_FOR_PF("create-ingress-acl-rule-for-pf.xml", "policy-mgr"), CREATE_DNAT_RULE("create-dnat-rule.xml", "policy-mgr"), - CREATE_INGRESS_ACL_RULE_FOR_DNAT("create-ingress-acl-rule-for-dnat.xml", "policy-mgr"), + CREATE_ACL_RULE_FOR_DNAT("create-ingress-acl-rule-for-dnat.xml", "policy-mgr"), CREATE_SOURCE_NAT_RULE("create-source-nat-rule.xml", "policy-mgr"), CREATE_ACL_POLICY_SET("create-acl-policy-set.xml", "policy-mgr"), @@ -583,13 +583,12 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } @Override - public boolean createTenantVDCAclPolicy(String tenantName, String identifier, boolean ingress) throws ExecutionException { + public boolean createTenantVDCAclPolicy(String tenantName, String identifier) throws ExecutionException { String xml = VnmcXml.CREATE_ACL_POLICY.getXml(); String service = VnmcXml.CREATE_ACL_POLICY.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, identifier)); xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier)); - xml = replaceXmlValue(xml, "aclpolicyrefdn", getDnForAclPolicyRef(tenantName, identifier, ingress)); String response = sendRequest(service, xml); return verifySuccess(response); @@ -972,19 +971,19 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } @Override - public boolean createTenantVDCIngressAclRuleForPF(String tenantName, + public boolean createTenantVDCAclRuleForPF(String tenantName, String identifier, String policyIdentifier, String protocol, - String publicIp, String startPort, String endPort) + String ipAddress, String startPort, String endPort) throws ExecutionException { - String xml = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_PF.getXml(); - String service = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_PF.getService(); + String xml = VnmcXml.CREATE_ACL_RULE_FOR_PF.getXml(); + String service = VnmcXml.CREATE_ACL_RULE_FOR_PF.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier)); xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier)); xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName); xml = replaceXmlValue(xml, "actiontype", "permit"); xml = replaceXmlValue(xml, "protocolvalue", protocol); - xml = replaceXmlValue(xml, "ip", publicIp); + xml = replaceXmlValue(xml, "ip", ipAddress); xml = replaceXmlValue(xml, "startport", startPort); xml = replaceXmlValue(xml, "endport", endPort); @@ -1093,17 +1092,17 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } @Override - public boolean createTenantVDCIngressAclRuleForDNat(String tenantName, - String identifier, String policyIdentifier, String publicIp) + public boolean createTenantVDCAclRuleForDNat(String tenantName, + String identifier, String policyIdentifier, String ipAddress) throws ExecutionException { - String xml = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_DNAT.getXml(); - String service = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_DNAT.getService(); + String xml = VnmcXml.CREATE_ACL_RULE_FOR_DNAT.getXml(); + String service = VnmcXml.CREATE_ACL_RULE_FOR_DNAT.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier)); xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier)); xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName); xml = replaceXmlValue(xml, "actiontype", "permit"); - xml = replaceXmlValue(xml, "ip", publicIp); + xml = replaceXmlValue(xml, "ip", ipAddress); List rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier)); int order = 100; @@ -1229,7 +1228,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } @Override - public boolean assocAsa1000v(String tenantName, String firewallDn) throws ExecutionException { + public boolean assignAsa1000v(String tenantName, String firewallDn) throws ExecutionException { String xml = VnmcXml.ASSIGN_ASA1000V.getXml(); String service = VnmcXml.ASSIGN_ASA1000V.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); @@ -1241,7 +1240,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } @Override - public boolean disassocAsa1000v(String tenantName, String firewallDn) throws ExecutionException { + public boolean unassignAsa1000v(String tenantName, String firewallDn) throws ExecutionException { String xml = VnmcXml.UNASSIGN_ASA1000V.getXml(); String service = VnmcXml.UNASSIGN_ASA1000V.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java index e4fe10dd20c..39ae60b8360 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java @@ -334,8 +334,6 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro } // create logical edge firewall in VNMC - //String insideIp = _networkMgr.acquireGuestIpAddress(network, null); - //if (!createLogicalEdgeFirewall(vlanId, insideIp, sourceNatIp.getAddress().addr(), ciscoVnmcHost.getId())) { if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), sourceNatIp.getAddress().addr(), publicGateways, ciscoVnmcHost.getId())) { s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName()); return false; @@ -420,7 +418,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro List devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId()); if (!devices.isEmpty()) { CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0); - HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId()); + HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId()); cleanupLogicalEdgeFirewall(vlanId, ciscoVnmcHost.getId()); } diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java index 79dd92959bd..57c0ed115da 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java @@ -346,21 +346,14 @@ public class CiscoVnmcResource implements ServerResource { for (String publicIp : publicIpRulesMap.keySet()) { String policyIdentifier = publicIp.replace('.', '-'); - /*if (!_connection.deleteTenantVDCAclPolicy(tenant, policyIdentifier)) { - throw new Exception("Failed to delete ACL ingress policy in VNMC for guest network with vlan " + vlanId); - }*/ - - if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier, true)) { - throw new Exception("Failed to create ACL ingress policy in VNMC for guest network with vlan " + vlanId); + if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) { + throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId); } if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) { - throw new Exception("Failed to associate ACL ingress policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId); - } - if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier, false)) { - throw new Exception("Failed to create ACL egress policy in VNMC for guest network with vlan " + vlanId); + throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId); } if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) { - throw new Exception("Failed to associate ACL egress policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId); + throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId); } for (FirewallRuleTO rule : publicIpRulesMap.get(publicIp)) { @@ -437,10 +430,6 @@ public class CiscoVnmcResource implements ServerResource { for (String publicIp : publicIpRulesMap.keySet()) { String policyIdentifier = publicIp.replace('.', '-'); - /*if (!_connection.deleteTenantVDCDNatPolicy(tenant, policyIdentifier)) { - throw new Exception("Failed to delete DNAT policy in VNMC for guest network with vlan " + vlanId); - }*/ - if (!_connection.createTenantVDCDNatPolicy(tenant, policyIdentifier)) { throw new Exception("Failed to create DNAT policy in VNMC for guest network with vlan " + vlanId); } @@ -448,11 +437,14 @@ public class CiscoVnmcResource implements ServerResource { throw new Exception("Failed to associate DNAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId); } - if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier, true)) { - throw new Exception("Failed to create ACL ingress policy in VNMC for guest network with vlan " + vlanId); + if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) { + throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId); } if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) { - throw new Exception("Failed to associate ACL ingress policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId); + throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId); + } + if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) { + throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId); } for (StaticNatRuleTO rule : publicIpRulesMap.get(publicIp)) { @@ -474,9 +466,9 @@ public class CiscoVnmcResource implements ServerResource { throw new Exception("Failed to create DNAT rule in VNMC for guest network with vlan " + vlanId); } - if (!_connection.createTenantVDCIngressAclRuleForDNat(tenant, - Long.toString(rule.getId()), policyIdentifier, rule.getSrcIp())) { - throw new Exception("Failed to create ACL ingress rule for DNAT in VNMC for guest network with vlan " + vlanId); + if (!_connection.createTenantVDCAclRuleForDNat(tenant, + Long.toString(rule.getId()), policyIdentifier, rule.getDstIp())) { + throw new Exception("Failed to create ACL rule for DNAT in VNMC for guest network with vlan " + vlanId); } } } @@ -526,13 +518,13 @@ public class CiscoVnmcResource implements ServerResource { throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId); } + if (!_connection.createTenantVDCAclPolicySet(tenant, false)) { + throw new Exception("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId); + } + for (String publicIp : publicIpRulesMap.keySet()) { String policyIdentifier = publicIp.replace('.', '-'); - /*if (!_connection.deleteTenantVDCPFPolicy(tenant, policyIdentifier)) { - throw new Exception("Failed to delete ACL ingress policy in VNMC for guest network with vlan " + vlanId); - }*/ - if (!_connection.createTenantVDCPFPolicy(tenant, policyIdentifier)) { throw new Exception("Failed to create PF policy in VNMC for guest network with vlan " + vlanId); } @@ -540,11 +532,14 @@ public class CiscoVnmcResource implements ServerResource { throw new Exception("Failed to associate PF policy with NAT policy set in VNMC for guest network with vlan " + vlanId); } - if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier, true)) { - throw new Exception("Failed to create ACL ingress policy in VNMC for guest network with vlan " + vlanId); + if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) { + throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId); } if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) { - throw new Exception("Failed to associate ACL ingress policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId); + throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId); + } + if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) { + throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId); } for (PortForwardingRuleTO rule : publicIpRulesMap.get(publicIp)) { @@ -572,11 +567,11 @@ public class CiscoVnmcResource implements ServerResource { throw new Exception("Failed to create PF rule in VNMC for guest network with vlan " + vlanId); } - if (!_connection.createTenantVDCIngressAclRuleForPF(tenant, + if (!_connection.createTenantVDCAclRuleForPF(tenant, Long.toString(rule.getId()), policyIdentifier, - rule.getProtocol().toUpperCase(), rule.getSrcIp(), - Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) { - throw new Exception("Failed to create ACL ingress rule for PF in VNMC for guest network with vlan " + vlanId); + rule.getProtocol().toUpperCase(), rule.getDstIp(), + Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1]))) { + throw new Exception("Failed to create ACL rule for PF in VNMC for guest network with vlan " + vlanId); } } } @@ -702,7 +697,7 @@ public class CiscoVnmcResource implements ServerResource { throw new Exception("Requested ASA 1000v (" + cmd.getAsaMgmtIp() + ") is not available"); } - if (!_connection.assocAsa1000v(tenant, asaInstanceDn)) { + if (!_connection.assignAsa1000v(tenant, asaInstanceDn)) { throw new Exception("Failed to associate ASA 1000v (" + cmd.getAsaMgmtIp() + ") with logical edge firewall for guest vlan " + cmd.getVlanId()); } } catch (Throwable e) { diff --git a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java index ac7ddb9b43a..bf52356779e 100644 --- a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java +++ b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java @@ -238,7 +238,7 @@ public class CiscoVnmcConnectionTest { @Test public void assocAsa1000v() { try { - boolean result = connection.assocAsa1000v(tenantName, fwDns.get(0)); + boolean result = connection.assignAsa1000v(tenantName, fwDns.get(0)); assertTrue(result); } catch (ExecutionException e) { // TODO Auto-generated catch block diff --git a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java index 69ef046506b..d232b01de21 100755 --- a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java +++ b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java @@ -165,7 +165,7 @@ public class CiscoVnmcResourceTest { _resource.configure("CiscoVnmcResource", _parameters); _resource.setConnection(_connection); when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true); - when(_connection.createTenantVDCAclPolicy(anyString(), anyString(), anyBoolean())).thenReturn(true); + when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true); when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true); when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true); when(_connection.createTenantVDCIngressAclRule( @@ -204,14 +204,14 @@ public class CiscoVnmcResourceTest { when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true); when(_connection.createTenantVDCDNatPolicy(anyString(), anyString())).thenReturn(true); when(_connection.createTenantVDCDNatPolicyRef(anyString(), anyString())).thenReturn(true); - when(_connection.createTenantVDCAclPolicy(anyString(), anyString(), anyBoolean())).thenReturn(true); + when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true); when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true); when(_connection.deleteTenantVDCDNatRule(anyString(), anyString(), anyString())).thenReturn(true); when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true); when(_connection.createTenantVDCDNatIpPool(anyString(), anyString(), anyString())).thenReturn(true); when(_connection.createTenantVDCDNatRule(anyString(), anyString(), anyString(), anyString())).thenReturn(true); - when(_connection.createTenantVDCIngressAclRuleForDNat(anyString(), + when(_connection.createTenantVDCAclRuleForDNat(anyString(), anyString(), anyString(), anyString())).thenReturn(true); when(_connection.associateNatPolicySet(anyString())).thenReturn(true); @@ -241,7 +241,7 @@ public class CiscoVnmcResourceTest { when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true); when(_connection.createTenantVDCPFPolicy(anyString(), anyString())).thenReturn(true); when(_connection.createTenantVDCPFPolicyRef(anyString(), anyString())).thenReturn(true); - when(_connection.createTenantVDCAclPolicy(anyString(), anyString(), anyBoolean())).thenReturn(true); + when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true); when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true); when(_connection.deleteTenantVDCPFRule(anyString(), anyString(), anyString())).thenReturn(true); when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true); @@ -250,7 +250,7 @@ public class CiscoVnmcResourceTest { when(_connection.createTenantVDCPFRule(anyString(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString())).thenReturn(true); - when(_connection.createTenantVDCIngressAclRuleForPF(anyString(), + when(_connection.createTenantVDCAclRuleForPF(anyString(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString())).thenReturn(true); when(_connection.associateNatPolicySet(anyString())).thenReturn(true);