Added new capabilities to VPN and Firewall services defining if VPN is S2S or Remote access, and if the Firewall rules should be created per cidr or per public ip address
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/b3985a3b Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/b3985a3b Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/b3985a3b Branch: refs/heads/vpc Commit: b3985a3b48c1f356faa122683c643952a0ab19fc Parents: 2deba9b Author: Alena Prokharchyk <[email protected]> Authored: Wed Jun 13 10:17:04 2012 -0700 Committer: Alena Prokharchyk <[email protected]> Committed: Fri Jun 15 14:33:06 2012 -0700 ---------------------------------------------------------------------- api/src/com/cloud/network/Network.java | 9 ++++++--- .../element/JuniperSRXExternalFirewallElement.java | 1 + .../cloud/network/element/NetscalerElement.java | 2 +- .../network/element/VirtualRouterElement.java | 5 +++-- .../network/element/VpcVirtualRouterElement.java | 10 ++++++++++ 5 files changed, 21 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/b3985a3b/api/src/com/cloud/network/Network.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/network/Network.java b/api/src/com/cloud/network/Network.java index f1318d9..8dd9e13 100644 --- a/api/src/com/cloud/network/Network.java +++ b/api/src/com/cloud/network/Network.java @@ -41,12 +41,12 @@ public interface Network extends ControlledEntity { public static class Service { private static List<Service> supportedServices = new ArrayList<Service>(); - public static final Service Vpn = new Service("Vpn", Capability.SupportedVpnTypes); + public static final Service Vpn = new Service("Vpn", Capability.SupportedVpnProtocols, Capability.VpnTypes); public static final Service Dhcp = new Service("Dhcp"); public static final Service Dns = new Service("Dns", Capability.AllowDnsSuffixModification); public static final Service Gateway = new Service("Gateway"); public static final Service Firewall = new Service("Firewall", Capability.SupportedProtocols, - Capability.MultipleIps, Capability.TrafficStatistics); + Capability.MultipleIps, Capability.TrafficStatistics, Capability.FirewallType); public static final Service Lb = new Service("Lb", Capability.SupportedLBAlgorithms, Capability.SupportedLBIsolation, Capability.SupportedProtocols, Capability.TrafficStatistics, Capability.LoadBalancingSupportedIps, Capability.SupportedStickinessMethods, Capability.ElasticLb); @@ -156,13 +156,16 @@ public interface Network extends ControlledEntity { public static final Capability SupportedStickinessMethods = new Capability("SupportedStickinessMethods"); public static final Capability MultipleIps = new Capability("MultipleIps"); public static final Capability SupportedSourceNatTypes = new Capability("SupportedSourceNatTypes"); - public static final Capability SupportedVpnTypes = new Capability("SupportedVpnTypes"); + public static final Capability SupportedVpnProtocols = new Capability("SupportedVpnTypes"); + public static final Capability VpnTypes = new Capability("VpnTypes"); public static final Capability TrafficStatistics = new Capability("TrafficStatistics"); public static final Capability LoadBalancingSupportedIps = new Capability("LoadBalancingSupportedIps"); public static final Capability AllowDnsSuffixModification = new Capability("AllowDnsSuffixModification"); public static final Capability RedundantRouter = new Capability("RedundantRouter"); public static final Capability ElasticIp = new Capability("ElasticIp"); public static final Capability ElasticLb = new Capability("ElasticLb"); + public static final Capability FirewallType = new Capability("FirewallType"); + private String name; http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/b3985a3b/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java b/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java index 0473291..1aa23da 100644 --- a/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java +++ b/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java @@ -266,6 +266,7 @@ public class JuniperSRXExternalFirewallElement extends ExternalFirewallDeviceMan firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp"); firewallCapabilities.put(Capability.MultipleIps, "true"); firewallCapabilities.put(Capability.TrafficStatistics, "per public ip"); + firewallCapabilities.put(Capability.FirewallType, "perpublicip"); capabilities.put(Service.Firewall, firewallCapabilities); // Disabling VPN for Juniper in Acton as it 1) Was never tested 2) probably just doesn't work http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/b3985a3b/server/src/com/cloud/network/element/NetscalerElement.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/element/NetscalerElement.java b/server/src/com/cloud/network/element/NetscalerElement.java index 7fcb6d0..0526274 100644 --- a/server/src/com/cloud/network/element/NetscalerElement.java +++ b/server/src/com/cloud/network/element/NetscalerElement.java @@ -279,7 +279,7 @@ public class NetscalerElement extends ExternalLoadBalancerDeviceManagerImpl impl firewallCapabilities.put(Capability.TrafficStatistics, "per public ip"); firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp"); firewallCapabilities.put(Capability.MultipleIps, "true"); - + firewallCapabilities.put(Capability.FirewallType, "perpublicip"); capabilities.put(Service.Firewall, firewallCapabilities); return capabilities; http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/b3985a3b/server/src/com/cloud/network/element/VirtualRouterElement.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java index dc1a247..0feaa98 100755 --- a/server/src/com/cloud/network/element/VirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VirtualRouterElement.java @@ -559,12 +559,13 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl firewallCapabilities.put(Capability.TrafficStatistics, "per public ip"); firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp"); firewallCapabilities.put(Capability.MultipleIps, "true"); - + firewallCapabilities.put(Capability.FirewallType, "perpublicip"); capabilities.put(Service.Firewall, firewallCapabilities); // Set capabilities for vpn Map<Capability, String> vpnCapabilities = new HashMap<Capability, String>(); - vpnCapabilities.put(Capability.SupportedVpnTypes, "pptp,l2tp,ipsec"); + vpnCapabilities.put(Capability.SupportedVpnProtocols, "pptp,l2tp,ipsec"); + vpnCapabilities.put(Capability.VpnTypes, "removeaccessvpn"); capabilities.put(Service.Vpn, vpnCapabilities); Map<Capability, String> dnsCapabilities = new HashMap<Capability, String>(); http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/b3985a3b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java index ca5f920..e5ae27e 100644 --- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java @@ -89,6 +89,8 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc s_logger.trace("Element " + getProvider().getName() + " doesn't support service " + service.getName() + " in the network " + network); return false; + } else if (service == Service.Firewall) { + //todo - get capability here } } @@ -239,6 +241,14 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc sourceNatCapabilities.put(Capability.RedundantRouter, "false"); capabilities.put(Service.SourceNat, sourceNatCapabilities); + Map<Capability, String> vpnCapabilities = capabilities.get(Service.Vpn); + vpnCapabilities.put(Capability.VpnTypes, "s2svpn"); + capabilities.put(Service.Vpn, vpnCapabilities); + + Map<Capability, String> firewallCapabilities = capabilities.get(Service.Firewall); + firewallCapabilities.put(Capability.FirewallType, "percidr"); + capabilities.put(Service.Firewall, firewallCapabilities); + return capabilities; }
