CLOUDSTACK-763: Added API updateNetworkACLItem to update an existing ACL Item
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/49fbff21 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/49fbff21 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/49fbff21 Branch: refs/heads/portablepublicip Commit: 49fbff21fa75bd0e9b6bf7babd389666cd7c6afb Parents: a1023e4 Author: Kishan Kavala <[email protected]> Authored: Tue May 7 00:14:09 2013 +0530 Committer: Kishan Kavala <[email protected]> Committed: Mon May 13 12:03:39 2013 +0530 ---------------------------------------------------------------------- api/src/com/cloud/event/EventTypes.java | 2 +- .../cloud/network/firewall/NetworkACLService.java | 4 +- .../command/user/network/CreateNetworkACLCmd.java | 2 +- client/tomcatconf/commands.properties.in | 1 + .../com/cloud/network/vpc/NetworkACLItemVO.java | 40 +++++++++- .../com/cloud/network/vpc/NetworkACLManager.java | 3 + .../cloud/network/vpc/NetworkACLManagerImpl.java | 59 ++++++++++++++- .../cloud/network/vpc/NetworkACLServiceImpl.java | 52 +++++++++++++- .../src/com/cloud/server/ManagementServerImpl.java | 2 +- .../vpc/MockVpcVirtualNetworkApplianceManager.java | 10 +-- .../test/com/cloud/vpc/dao/MockNetworkDaoImpl.java | 5 + 11 files changed, 163 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/api/src/com/cloud/event/EventTypes.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java index 8839887..71822e9 100755 --- a/api/src/com/cloud/event/EventTypes.java +++ b/api/src/com/cloud/event/EventTypes.java @@ -346,10 +346,10 @@ public class EventTypes { // Network ACL public static final String EVENT_NETWORK_ACL_CREATE = "NETWORK.ACL.CREATE"; - public static final String EVENT_NETWORK_ACL_UPDATE = "NETWORK.ACL.UPDATE"; public static final String EVENT_NETWORK_ACL_DELETE = "NETWORK.ACL.DELETE"; public static final String EVENT_NETWORK_ACL_REPLACE = "NETWORK.ACL.REPLACE"; public static final String EVENT_NETWORK_ACL_ITEM_CREATE = "NETWORK.ACL.ITEM.CREATE"; + public static final String EVENT_NETWORK_ACL_ITEM_UPDATE = "NETWORK.ACL.ITEM.UPDATE"; public static final String EVENT_NETWORK_ACL_ITEM_DELETE = "NETWORK.ACL.ITEM.DELETE"; // VPC offerings http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/api/src/com/cloud/network/firewall/NetworkACLService.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/network/firewall/NetworkACLService.java b/api/src/com/cloud/network/firewall/NetworkACLService.java index 5f068a3..cd25da3 100644 --- a/api/src/com/cloud/network/firewall/NetworkACLService.java +++ b/api/src/com/cloud/network/firewall/NetworkACLService.java @@ -112,5 +112,7 @@ public interface NetworkACLService { boolean revokeNetworkACLItem(long ruleId); - + NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList, NetworkACLItem.TrafficType trafficType, + String action, Integer number, Integer sourcePortStart, Integer sourcePortEnd, + Integer icmpCode, Integer icmpType) throws ResourceUnavailableException; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java index e78fe44..1ed6445 100644 --- a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java @@ -44,7 +44,7 @@ import com.cloud.user.Account; import com.cloud.user.UserContext; import com.cloud.utils.net.NetUtils; -@APICommand(name = "createNetworkACL", description = "Creates a ACL rule the given network (the network has to belong to VPC)", +@APICommand(name = "createNetworkACL", description = "Creates a ACL rule in the given network (the network has to belong to VPC)", responseObject = NetworkACLItemResponse.class) public class CreateNetworkACLCmd extends BaseAsyncCreateCmd { public static final Logger s_logger = Logger.getLogger(CreateNetworkACLCmd.class.getName()); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/client/tomcatconf/commands.properties.in ---------------------------------------------------------------------- diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in index cb7965b..47b92a4 100644 --- a/client/tomcatconf/commands.properties.in +++ b/client/tomcatconf/commands.properties.in @@ -433,6 +433,7 @@ deletePrivateGateway=1 #### Network ACL commands createNetworkACL=15 +updateNetworkACLItem=15 deleteNetworkACL=15 listNetworkACLs=15 createNetworkACLList=15 http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/src/com/cloud/network/vpc/NetworkACLItemVO.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/NetworkACLItemVO.java b/server/src/com/cloud/network/vpc/NetworkACLItemVO.java index 71ccebf..74d0445 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLItemVO.java +++ b/server/src/com/cloud/network/vpc/NetworkACLItemVO.java @@ -194,12 +194,44 @@ public class NetworkACLItemVO implements NetworkACLItem { return number; } - public void setUuid(String uuid) { - this.uuid = uuid; - } - @Override public TrafficType getTrafficType() { return trafficType; } + + public void setSourcePortStart(Integer sourcePortStart) { + this.sourcePortStart = sourcePortStart; + } + + public void setSourcePortEnd(Integer sourcePortEnd) { + this.sourcePortEnd = sourcePortEnd; + } + + public void setProtocol(String protocol) { + this.protocol = protocol; + } + + public void setIcmpCode(Integer icmpCode) { + this.icmpCode = icmpCode; + } + + public void setIcmpType(Integer icmpType) { + this.icmpType = icmpType; + } + + public void setTrafficType(TrafficType trafficType) { + this.trafficType = trafficType; + } + + public void setSourceCidrs(String sourceCidrs) { + this.sourceCidrs = sourceCidrs; + } + + public void setNumber(int number) { + this.number = number; + } + + public void setAction(Action action) { + this.action = action; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/src/com/cloud/network/vpc/NetworkACLManager.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/NetworkACLManager.java b/server/src/com/cloud/network/vpc/NetworkACLManager.java index 1b1e958..fc2b1a8 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLManager.java +++ b/server/src/com/cloud/network/vpc/NetworkACLManager.java @@ -114,4 +114,7 @@ public interface NetworkACLManager{ boolean applyACLToNetwork(long networkId) throws ResourceUnavailableException; + NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList, NetworkACLItem.TrafficType trafficType, + String action, Integer number, Integer sourcePortStart, Integer sourcePortEnd, + Integer icmpCode, Integer icmpType) throws ResourceUnavailableException; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java index 67547c6..28f5af2 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java @@ -131,7 +131,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana Integer icmpCode, Integer icmpType, NetworkACLItem.TrafficType trafficType, Long aclId, String action, Integer number) { NetworkACLItem.Action ruleAction = NetworkACLItem.Action.Allow; - if("deny".equals(action)){ + if("deny".equalsIgnoreCase(action)){ ruleAction = NetworkACLItem.Action.Deny; } // If number is null, set it to currentMax + 1 @@ -240,6 +240,63 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana return applyACLItemsToNetwork(networkId, rules); } + @Override + public NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList, NetworkACLItem.TrafficType trafficType, + String action, Integer number, Integer sourcePortStart, Integer sourcePortEnd, Integer icmpCode, + Integer icmpType) throws ResourceUnavailableException { + NetworkACLItemVO aclItem = _networkACLItemDao.findById(id); + aclItem.setState(State.Add); + + if(protocol != null){ + aclItem.setProtocol(protocol); + } + + if(sourceCidrList != null){ + aclItem.setSourceCidrList(sourceCidrList); + } + + if(trafficType != null){ + aclItem.setTrafficType(trafficType); + } + + if(action != null){ + NetworkACLItem.Action ruleAction = NetworkACLItem.Action.Allow; + if("deny".equalsIgnoreCase(action)){ + ruleAction = NetworkACLItem.Action.Deny; + } + aclItem.setAction(ruleAction); + } + + if(number != null){ + aclItem.setNumber(number); + } + + if(sourcePortStart != null){ + aclItem.setSourcePortStart(sourcePortStart); + } + + if(sourcePortEnd != null){ + aclItem.setSourcePortEnd(sourcePortEnd); + } + + if(icmpCode != null){ + aclItem.setIcmpCode(icmpCode); + } + + if(icmpType != null){ + aclItem.setIcmpType(icmpType); + } + + if(_networkACLItemDao.update(id, aclItem)){ + if(applyNetworkACL(aclItem.getAclId())){ + return aclItem; + } else { + throw new CloudRuntimeException("Failed to apply Network ACL Item: "+aclItem.getUuid()); + } + } + return null; + } + public boolean applyACLItemsToNetwork(long networkId, List<NetworkACLItemVO> rules) throws ResourceUnavailableException { Network network = _networkDao.findById(networkId); boolean handled = false; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java index 2844dcb..ae9b8f9 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java @@ -142,6 +142,11 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ if(acl == null) { throw new InvalidParameterValueException("Unable to find specified ACL"); } + + if(acl.getId() == NetworkACL.DEFAULT_ALLOW || acl.getId() == NetworkACL.DEFAULT_DENY){ + throw new InvalidParameterValueException("Default ACL cannot be removed"); + } + Vpc vpc = _vpcMgr.getVpc(acl.getVpcId()); if(vpc == null){ throw new InvalidParameterValueException("Unable to find specified VPC associated with the ACL"); @@ -298,7 +303,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ try { NetworkACLItem.Action.valueOf(action); } catch (IllegalArgumentException ex) { - throw new InvalidParameterValueException("Invalid action. Allowed actions are Aloow and Deny"); + throw new InvalidParameterValueException("Invalid action. Allowed actions are Allow and Deny"); } } } @@ -400,7 +405,52 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ @Override public boolean revokeNetworkACLItem(long ruleId) { + NetworkACLItemVO aclItem = _networkACLItemDao.findById(ruleId); + if(aclItem != null){ + if((aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW) || (aclItem.getAclId() == NetworkACL.DEFAULT_DENY)){ + throw new InvalidParameterValueException("ACL Items in default ACL cannot be deleted"); + } + } return _networkAclMgr.revokeNetworkACLItem(ruleId); } + @Override + public NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList, NetworkACLItem.TrafficType trafficType, + String action, Integer number, Integer sourcePortStart, Integer sourcePortEnd, Integer icmpCode, + Integer icmpType) throws ResourceUnavailableException { + NetworkACLItemVO aclItem = _networkACLItemDao.findById(id); + if(aclItem == null){ + throw new InvalidParameterValueException("Unable to find ACL Item cannot be found"); + } + + if(aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW || aclItem.getAclId() == NetworkACL.DEFAULT_DENY){ + throw new InvalidParameterValueException("Default ACL Items cannot be updated"); + } + + NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId()); + + Vpc vpc = _vpcMgr.getVpc(acl.getVpcId()); + + Account caller = UserContext.current().getCaller(); + + _accountMgr.checkAccess(caller, null, true, vpc); + + Account aclOwner = _accountMgr.getAccount(vpc.getAccountId()); + _accountMgr.checkAccess(aclOwner, SecurityChecker.AccessType.ModifyEntry, false, acl); + + if(number != null){ + //Check if ACL Item with specified number already exists + NetworkACLItemVO aclNumber = _networkACLItemDao.findByAclAndNumber(acl.getId(), number); + if((aclNumber != null) && (aclNumber.getId() != id)){ + throw new InvalidParameterValueException("ACL item with number "+number+" already exists in ACL: "+acl.getUuid()); + } + } + + validateNetworkACLItem((sourcePortStart == null) ? aclItem.getSourcePortStart() : sourcePortStart, (sourcePortEnd == null) ? aclItem.getSourcePortEnd() : sourcePortEnd, + sourceCidrList, protocol, icmpCode, (icmpType == null) ? aclItem.getIcmpType() : icmpType, action); + + return _networkAclMgr.updateNetworkACLItem(id, protocol, sourceCidrList, trafficType, action, number, sourcePortStart, + sourcePortEnd, icmpCode, icmpType); + } + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/src/com/cloud/server/ManagementServerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index b7085af..1b20d6d 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -2878,11 +2878,11 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe cmdList.add(ListInternalLBVMsCmd.class); cmdList.add(ListNetworkIsolationMethodsCmd.class); cmdList.add(ListNetworkIsolationMethodsCmd.class); - cmdList.add(CreateNetworkACLListCmd.class); cmdList.add(DeleteNetworkACLListCmd.class); cmdList.add(ListNetworkACLListsCmd.class); cmdList.add(ReplaceNetworkACLListCmd.class); + cmdList.add(UpdateNetworkACLItemCmd.class); return cmdList; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java ---------------------------------------------------------------------- diff --git a/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java b/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java index 9010f1f..2886af4 100644 --- a/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java +++ b/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java @@ -23,6 +23,7 @@ import java.util.Map; import javax.ejb.Local; import javax.naming.ConfigurationException; +import com.cloud.network.vpc.NetworkACLItem; import org.apache.cloudstack.api.command.admin.router.UpgradeRouterCmd; import org.springframework.stereotype.Component; @@ -336,14 +337,9 @@ VpcVirtualNetworkApplianceService { return null; } - /* (non-Javadoc) - * @see com.cloud.network.router.VpcVirtualNetworkApplianceManager#applyNetworkACLs(com.cloud.network.Network, java.util.List, java.util.List) - */ @Override - public boolean applyNetworkACLs(Network network, List<? extends FirewallRule> rules, - List<? extends VirtualRouter> routers) throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; + public boolean applyNetworkACLs(Network network, List<? extends NetworkACLItem> rules, List<? extends VirtualRouter> routers) throws ResourceUnavailableException { + return false; //To change body of implemented methods use File | Settings | File Templates. } /* (non-Javadoc) http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/test/com/cloud/vpc/dao/MockNetworkDaoImpl.java ---------------------------------------------------------------------- diff --git a/server/test/com/cloud/vpc/dao/MockNetworkDaoImpl.java b/server/test/com/cloud/vpc/dao/MockNetworkDaoImpl.java index a483291..4747e70 100644 --- a/server/test/com/cloud/vpc/dao/MockNetworkDaoImpl.java +++ b/server/test/com/cloud/vpc/dao/MockNetworkDaoImpl.java @@ -362,4 +362,9 @@ public class MockNetworkDaoImpl extends GenericDaoBase<NetworkVO, Long> implemen return null; } + @Override + public List<NetworkVO> listByAclId(long aclId) { + return null; + } + }
