VPC : completed setupNetworkACLCommand

2012-06-20 17:52:45 -07:00 · 2012-06-20 17:52:45 -07:00 · e5fd090053
parent f99c203aa0
commit e5fd090053
2 changed files with 89 additions and 2 deletions
--- a/api/src/com/cloud/agent/api/routing/SetNetworkACLCommand.java
+++ b/api/src/com/cloud/agent/api/routing/SetNetworkACLCommand.java
@ -12,8 +12,11 @@
 // Automatically generated by addcopyright.py at 04/03/2012
 package com.cloud.agent.api.routing;

+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;

+import com.cloud.agent.api.to.FirewallRuleTO;
 import com.cloud.agent.api.to.NetworkACLTO;

 /**
@ -32,4 +35,55 @@ public class SetNetworkACLCommand extends NetworkElementCommand{
    public NetworkACLTO[] getRules() {
        return rules;
    }
+    public String[][] generateFwRules() {
+        String [][] result = new String [2][];
+        Set<String> toAdd = new HashSet<String>();
+
+        
+        for (NetworkACLTO aclTO: rules) {
+        /*  example  :  Ingress:tcp:80:80:0.0.0.0/0:,Egress:tcp:220:220:0.0.0.0/0:, 
+         *  each entry format      Ingress/Egress:protocol:start port: end port:scidrs:
+         *  reverted entry format  Ingress/Egress:reverted:0:0:0:
+         */
+            if (aclTO.revoked() == true) 
+            {
+                StringBuilder sb = new StringBuilder();
+                /* This entry is added just to make sure atleast there will one entry in the list to get the ipaddress */
+                sb.append(aclTO.getTrafficType().toString()).append(":reverted:0:0:0:"); 
+                String fwRuleEntry = sb.toString();
+                toAdd.add(fwRuleEntry);
+                continue;
+            }
+            
+            List<String> cidr;
+            StringBuilder sb = new StringBuilder();
+            sb.append(aclTO.getTrafficType().toString()).append(":").append(aclTO.getProtocol()).append(":");
+            if ("icmp".compareTo(aclTO.getProtocol()) == 0)
+            {
+                sb.append(aclTO.getIcmpType()).append(":").append(aclTO.getIcmpCode()).append(":");
+            } else {
+                sb.append(aclTO.getStringPortRange()).append(":");
+            }
+            cidr = aclTO.getSourceCidrList();
+            if (cidr == null || cidr.isEmpty())
+            {
+                sb.append("0.0.0.0/0");
+            }else{
+                Boolean firstEntry = true;
+                for (String tag : cidr) {
+                    if (!firstEntry) sb.append("-"); 
+                   sb.append(tag);
+                   firstEntry = false;
+                }
+            }
+            sb.append(":");
+            String aclRuleEntry = sb.toString();
+        
+            toAdd.add(aclRuleEntry);
+            
+        }
+        result[0] = toAdd.toArray(new String[toAdd.size()]);
+        
+        return result;
+    }
 }
--- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@ -167,6 +167,7 @@ import com.cloud.agent.api.storage.DestroyCommand;
 import com.cloud.agent.api.storage.PrimaryStorageDownloadAnswer;
 import com.cloud.agent.api.storage.PrimaryStorageDownloadCommand;
 import com.cloud.agent.api.to.IpAddressTO;
+import com.cloud.agent.api.to.NetworkACLTO;
 import com.cloud.agent.api.to.NicTO;
 import com.cloud.agent.api.to.PortForwardingRuleTO;
 import com.cloud.agent.api.to.StaticNatRuleTO;
@ -7280,8 +7281,40 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
    }

    private SetNetworkACLAnswer execute(SetNetworkACLCommand cmd) {
-        // TODO - add implementation logic here
-        return null;
+        String[] results = new String[cmd.getRules().length];
+        String callResult;
+        Connection conn = getConnection();
+        String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
+
+        if (routerIp == null) {
+            return new SetNetworkACLAnswer(cmd, false, results);
+        }
+
+        String [][] rules = cmd.generateFwRules();
+        StringBuilder sb = new StringBuilder();
+        String[] aclRules = rules[0];
+        if (aclRules.length == 0) {
+            return new SetNetworkACLAnswer(cmd, true, results);
+        }
+        
+        for (int i = 0; i < aclRules.length; i++) {
+            sb.append(aclRules[i]).append(',');
+        }
+        
+        String args = "vpc_acl.sh " + routerIp;
+        args += routerIp + " -F ";
+        args += " -a " + sb.toString();
+
+        callResult = callHostPlugin(conn, "vmops", "routerProxy", "args", args);
+
+        if (callResult == null || callResult.isEmpty()) {
+            //FIXME - in the future we have to process each rule separately; now we temporarily set every rule to be false if single rule fails
+            for (int i=0; i < results.length; i++) {
+                results[i] = "Failed";
+            }
+            return new SetNetworkACLAnswer(cmd, false, results);
+        }
+        return new SetNetworkACLAnswer(cmd, true, results);
    }

    protected SetPortForwardingRulesAnswer execute(SetPortForwardingRulesVpcCommand cmd) {