Improve default network offering setting for egress policy (#5970)

* Improve default network offering setting for egress policy * descriptive info + restrict to only isolated n/ws * add translation
2022-02-22 04:12:35 +05:30 · 2022-02-22 04:12:35 +05:30 · e3d0ce9304
parent b9e973ab9b
commit e3d0ce9304
7 changed files with 29 additions and 2 deletions
--- a/api/src/main/java/org/apache/cloudstack/api/response/NetworkResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/NetworkResponse.java
@ -263,6 +263,10 @@ public class NetworkResponse extends BaseResponseWithAnnotations implements Cont
    @Param(description = "the total number of network traffic bytes sent")
    private Long bytesSent;

+    @SerializedName((ApiConstants.EGRESS_DEFAULT_POLICY))
+    @Param(description = "true if guest network default egress policy is allow; false if default egress policy is deny")
+    private Boolean egressDefaultPolicy;
+
    public Boolean getDisplayNetwork() {
        return displayNetwork;
    }
@ -528,4 +532,12 @@ public class NetworkResponse extends BaseResponseWithAnnotations implements Cont
    public void setBytesSent(final Long bytesSent) {
        this.bytesSent = bytesSent;
    }
+
+    public boolean getEgressDefaultPolicy() {
+        return egressDefaultPolicy;
+    }
+
+    public void setEgressDefaultPolicy(Boolean egressDefaultPolicy) {
+        this.egressDefaultPolicy = egressDefaultPolicy;
+    }
 }
--- a/server/src/main/java/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
@ -2302,6 +2302,9 @@ public class ApiResponseHelper implements ResponseGenerator {
            response.setIsSystem(networkOffering.isSystemOnly());
            response.setNetworkOfferingAvailability(networkOffering.getAvailability().toString());
            response.setIsPersistent(networkOffering.isPersistent());
+            if (Network.GuestType.Isolated.equals(network.getGuestType())) {
+                response.setEgressDefaultPolicy(networkOffering.isEgressDefaultPolicy());
+            }
        }

        if (network.getAclType() != null) {
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@ -2669,6 +2669,7 @@
 "message.after.enable.s3": "S3-backed Secondary Storage configured. Note: When you leave this page, you will not be able to re-configure S3 again.",
 "message.after.enable.swift": "Swift configured. Note: When you leave this page, you will not be able to re-configure Swift again.",
 "message.alert.state.detected": "Alert state detected",
+"message.allowed": "Allowed",
 "message.allow.vpn.access": "Please enter a username and password of the user that you want to allow VPN access.",
 "message.apply.snapshot.policy": "You have successfully updated your current snapshot policy.",
 "message.apply.success": "Apply Successfully",
@ -2838,6 +2839,7 @@
 "message.delete.vpn.gateway": "Please confirm that you want to delete this VPN Gateway",
 "message.deleting.node": "Deleting Node",
 "message.deleting.vm": "Deleting VM",
+"message.denied": "Denied",
 "message.deployasis": "Selected template is Deploy As-Is i.e., the VM is deployed by importing an OVA with vApps directly into vCenter. Root disk(s) resize is allowed only on stopped VMs for such templates.",
 "message.desc.add.new.lb.sticky.rule": "Add new LB sticky rule",
 "message.desc.advanced.zone": "This is recommended and allows more sophisticated network topologies. This network model provides the most flexibility in defining guest networks and providing custom network offerings such as firewall, VPN, or load balancer support.",
@ -2881,6 +2883,9 @@
 "message.edit.rule.failed": "Failed to edit rule",
 "message.edit.rule.processing": "Updating rule...",
 "message.edit.traffic.type": "Please specify the traffic label you want associated with this traffic type.",
+"message.egress.rules.allow": "Allow (traffic matching the egress rules added will be denied)",
+"message.egress.rules.deny": "Deny (traffic matching the egress rules added will be allowed)",
+"message.egress.rules.info.for.network": "The default egress policy of this network is %x. <br><br> Outgoing traffic matching the following rules will be %y",
 "message.enable.account": "Please confirm that you want to enable this account.",
 "message.enable.netsacler.provider.failed": "failed to enable Netscaler provider",
 "message.enable.securitygroup.provider.failed": "failed to enable security group provider",
--- a/ui/src/components/view/DetailsTab.vue
+++ b/ui/src/components/view/DetailsTab.vue
@ -45,6 +45,9 @@
        <div v-else-if="['created', 'sent', 'lastannotated'].includes(item)">
          {{ $toLocaleDate(resource[item]) }}
        </div>
+        <div v-else-if="$route.meta.name === 'guestnetwork' && item === 'egressdefaultpolicy'">
+          {{ resource[item]? $t('message.egress.rules.allow') : $t('message.egress.rules.deny') }}
+        </div>
        <div v-else>{{ resource[item] }}</div>
      </div>
    </a-list-item>
--- a/ui/src/config/section/network.js
+++ b/ui/src/config/section/network.js
@ -38,7 +38,7 @@ export default {
        return fields
      },
      details: () => {
-        var fields = ['name', 'id', 'description', 'type', 'traffictype', 'vpcid', 'vlan', 'broadcasturi', 'cidr', 'ip6cidr', 'netmask', 'gateway', 'aclname', 'ispersistent', 'restartrequired', 'reservediprange', 'redundantrouter', 'networkdomain', 'zonename', 'account', 'domain']
+        var fields = ['name', 'id', 'description', 'type', 'traffictype', 'vpcid', 'vlan', 'broadcasturi', 'cidr', 'ip6cidr', 'netmask', 'gateway', 'aclname', 'ispersistent', 'restartrequired', 'reservediprange', 'redundantrouter', 'networkdomain', 'egressdefaultpolicy', 'zonename', 'account', 'domain']
        if (!isAdmin()) {
          fields = fields.filter(function (e) { return e !== 'broadcasturi' })
        }
--- a/ui/src/views/network/EgressRulesTab.vue
+++ b/ui/src/views/network/EgressRulesTab.vue
@ -18,6 +18,10 @@
 <template>
  <div>
    <div>
+      <div
+        v-html="$t('message.egress.rules.info.for.network').replace('%x', resource.egressdefaultpolicy ? '<b>' + $t('label.allow') + '</b>' :
+        '<b>' + $t('label.deny') + '</b>').replace('%y', resource.egressdefaultpolicy ? '<b>' + $t('message.denied') + '</b>' : '<b>' + $t('message.allowed') + '</b>')"> </div>
+        <a-divider />
      <div class="form" v-ctrl-enter="addRule">
        <div class="form__item">
          <div class="form__label">{{ $t('label.sourcecidr') }}</div>
--- a/ui/src/views/offering/AddNetworkOffering.vue
+++ b/ui/src/views/offering/AddNetworkOffering.vue
@ -342,7 +342,7 @@
          <tooltip-label slot="label" :title="$t('label.egressdefaultpolicy')" :tooltip="apiParams.egressdefaultpolicy.description"/>
          <a-radio-group
            v-decorator="['egressdefaultpolicy', {
-              initialValue: 'allow'
+              initialValue: 'deny'
            }]"
            buttonStyle="solid">
            <a-radio-button value="allow">