From a5f0b645625a801731a1731b568843351b6473fe Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Wed, 13 Jun 2012 10:17:04 -0700 Subject: [PATCH] Added new capabilities to VPN and Firewall services defining if VPN is S2S or Remote access, and if the Firewall rules should be created per cidr or per public ip address --- api/src/com/cloud/network/Network.java | 9 ++++++--- .../element/JuniperSRXExternalFirewallElement.java | 1 + .../com/cloud/network/element/NetscalerElement.java | 2 +- .../cloud/network/element/VirtualRouterElement.java | 5 +++-- .../cloud/network/element/VpcVirtualRouterElement.java | 10 ++++++++++ 5 files changed, 21 insertions(+), 6 deletions(-) diff --git a/api/src/com/cloud/network/Network.java b/api/src/com/cloud/network/Network.java index 5c643b25f7e..236a5a84e37 100644 --- a/api/src/com/cloud/network/Network.java +++ b/api/src/com/cloud/network/Network.java @@ -37,12 +37,12 @@ public interface Network extends ControlledEntity { public static class Service { private static List supportedServices = new ArrayList(); - public static final Service Vpn = new Service("Vpn", Capability.SupportedVpnTypes); + public static final Service Vpn = new Service("Vpn", Capability.SupportedVpnProtocols, Capability.VpnTypes); public static final Service Dhcp = new Service("Dhcp"); public static final Service Dns = new Service("Dns", Capability.AllowDnsSuffixModification); public static final Service Gateway = new Service("Gateway"); public static final Service Firewall = new Service("Firewall", Capability.SupportedProtocols, - Capability.MultipleIps, Capability.TrafficStatistics); + Capability.MultipleIps, Capability.TrafficStatistics, Capability.FirewallType); public static final Service Lb = new Service("Lb", Capability.SupportedLBAlgorithms, Capability.SupportedLBIsolation, Capability.SupportedProtocols, Capability.TrafficStatistics, Capability.LoadBalancingSupportedIps, Capability.SupportedStickinessMethods, Capability.ElasticLb); @@ -152,13 +152,16 @@ public interface Network extends ControlledEntity { public static final Capability SupportedStickinessMethods = new Capability("SupportedStickinessMethods"); public static final Capability MultipleIps = new Capability("MultipleIps"); public static final Capability SupportedSourceNatTypes = new Capability("SupportedSourceNatTypes"); - public static final Capability SupportedVpnTypes = new Capability("SupportedVpnTypes"); + public static final Capability SupportedVpnProtocols = new Capability("SupportedVpnTypes"); + public static final Capability VpnTypes = new Capability("VpnTypes"); public static final Capability TrafficStatistics = new Capability("TrafficStatistics"); public static final Capability LoadBalancingSupportedIps = new Capability("LoadBalancingSupportedIps"); public static final Capability AllowDnsSuffixModification = new Capability("AllowDnsSuffixModification"); public static final Capability RedundantRouter = new Capability("RedundantRouter"); public static final Capability ElasticIp = new Capability("ElasticIp"); public static final Capability ElasticLb = new Capability("ElasticLb"); + public static final Capability FirewallType = new Capability("FirewallType"); + private String name; diff --git a/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java b/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java index 0473291d15d..1aa23daef4a 100644 --- a/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java +++ b/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java @@ -266,6 +266,7 @@ public class JuniperSRXExternalFirewallElement extends ExternalFirewallDeviceMan firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp"); firewallCapabilities.put(Capability.MultipleIps, "true"); firewallCapabilities.put(Capability.TrafficStatistics, "per public ip"); + firewallCapabilities.put(Capability.FirewallType, "perpublicip"); capabilities.put(Service.Firewall, firewallCapabilities); // Disabling VPN for Juniper in Acton as it 1) Was never tested 2) probably just doesn't work diff --git a/server/src/com/cloud/network/element/NetscalerElement.java b/server/src/com/cloud/network/element/NetscalerElement.java index 81d5424d4ab..33a82d479c6 100644 --- a/server/src/com/cloud/network/element/NetscalerElement.java +++ b/server/src/com/cloud/network/element/NetscalerElement.java @@ -270,7 +270,7 @@ public class NetscalerElement extends ExternalLoadBalancerDeviceManagerImpl impl firewallCapabilities.put(Capability.TrafficStatistics, "per public ip"); firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp"); firewallCapabilities.put(Capability.MultipleIps, "true"); - + firewallCapabilities.put(Capability.FirewallType, "perpublicip"); capabilities.put(Service.Firewall, firewallCapabilities); return capabilities; diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java index dc1a2470cb1..0feaa984c28 100755 --- a/server/src/com/cloud/network/element/VirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VirtualRouterElement.java @@ -559,12 +559,13 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl firewallCapabilities.put(Capability.TrafficStatistics, "per public ip"); firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp"); firewallCapabilities.put(Capability.MultipleIps, "true"); - + firewallCapabilities.put(Capability.FirewallType, "perpublicip"); capabilities.put(Service.Firewall, firewallCapabilities); // Set capabilities for vpn Map vpnCapabilities = new HashMap(); - vpnCapabilities.put(Capability.SupportedVpnTypes, "pptp,l2tp,ipsec"); + vpnCapabilities.put(Capability.SupportedVpnProtocols, "pptp,l2tp,ipsec"); + vpnCapabilities.put(Capability.VpnTypes, "removeaccessvpn"); capabilities.put(Service.Vpn, vpnCapabilities); Map dnsCapabilities = new HashMap(); diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java index ca5f920cfa1..e5ae27e2675 100644 --- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java @@ -89,6 +89,8 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc s_logger.trace("Element " + getProvider().getName() + " doesn't support service " + service.getName() + " in the network " + network); return false; + } else if (service == Service.Firewall) { + //todo - get capability here } } @@ -239,6 +241,14 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc sourceNatCapabilities.put(Capability.RedundantRouter, "false"); capabilities.put(Service.SourceNat, sourceNatCapabilities); + Map vpnCapabilities = capabilities.get(Service.Vpn); + vpnCapabilities.put(Capability.VpnTypes, "s2svpn"); + capabilities.put(Service.Vpn, vpnCapabilities); + + Map firewallCapabilities = capabilities.get(Service.Firewall); + firewallCapabilities.put(Capability.FirewallType, "percidr"); + capabilities.put(Service.Firewall, firewallCapabilities); + return capabilities; }