merge with master
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8d53b1ef Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8d53b1ef Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8d53b1ef Branch: refs/heads/portablepublicip Commit: 8d53b1ef05a45604d76b2cf80094f688edf15b44 Parents: 941a9a5 78ffb7a Author: Nitin Mehta <[email protected]> Authored: Mon May 13 16:36:41 2013 +0530 Committer: Nitin Mehta <[email protected]> Committed: Mon May 13 16:36:41 2013 +0530 ---------------------------------------------------------------------- api/src/com/cloud/agent/api/to/NetworkACLTO.java | 49 +- api/src/com/cloud/event/EventTypes.java | 8 + api/src/com/cloud/network/Network.java | 3 + api/src/com/cloud/network/NetworkProfile.java | 12 + .../network/element/NetworkACLServiceProvider.java | 3 +- .../cloud/network/firewall/NetworkACLService.java | 51 -- api/src/com/cloud/network/vpc/NetworkACL.java | 36 + api/src/com/cloud/network/vpc/NetworkACLItem.java | 80 +++ .../com/cloud/network/vpc/NetworkACLService.java | 125 ++++ .../org/apache/cloudstack/api/ApiConstants.java | 2 + api/src/org/apache/cloudstack/api/BaseCmd.java | 2 +- .../apache/cloudstack/api/ResponseGenerator.java | 20 +- .../command/user/network/CreateNetworkACLCmd.java | 222 ++----- .../user/network/CreateNetworkACLListCmd.java | 120 ++++ .../api/command/user/network/CreateNetworkCmd.java | 15 +- .../command/user/network/DeleteNetworkACLCmd.java | 43 +- .../user/network/DeleteNetworkACLListCmd.java | 93 +++ .../user/network/ListNetworkACLListsCmd.java | 102 +++ .../command/user/network/ListNetworkACLsCmd.java | 46 +- .../user/network/ReplaceNetworkACLListCmd.java | 98 +++ .../user/network/UpdateNetworkACLItemCmd.java | 173 +++++ .../api/response/NetworkACLItemResponse.java | 122 ++++ .../api/response/NetworkACLResponse.java | 78 +-- client/tomcatconf/applicationContext.xml.in | 3 + client/tomcatconf/commands.properties.in | 6 + .../agent/api/routing/SetNetworkACLCommand.java | 19 +- docs/en-US/Installation_Guide.xml | 1 + docs/en-US/gslb.xml | 21 + docs/en-US/storage-setup.xml | 192 +++++ .../src/com/cloud/network/dao/NetworkDao.java | 2 + .../src/com/cloud/network/dao/NetworkDaoImpl.java | 9 + .../src/com/cloud/network/dao/NetworkVO.java | 13 + .../src/com/cloud/upgrade/dao/Upgrade410to420.java | 159 +++++ .../debian/config/opt/cloud/bin/vpc_acl.sh | 11 +- .../cloud/network/resource/CiscoVnmcResource.java | 8 +- .../network/resource/CiscoVnmcResourceTest.java | 13 +- server/src/com/cloud/api/ApiDBUtils.java | 31 +- server/src/com/cloud/api/ApiResponseHelper.java | 73 ++- .../src/com/cloud/api/query/QueryManagerImpl.java | 2 + .../src/com/cloud/network/NetworkManagerImpl.java | 36 +- .../src/com/cloud/network/NetworkServiceImpl.java | 37 +- .../network/element/VpcVirtualRouterElement.java | 8 +- .../network/firewall/FirewallManagerImpl.java | 4 +- .../router/VpcVirtualNetworkApplianceManager.java | 7 +- .../VpcVirtualNetworkApplianceManagerImpl.java | 29 +- .../com/cloud/network/vpc/NetworkACLItemDao.java | 37 + .../com/cloud/network/vpc/NetworkACLItemVO.java | 237 +++++++ .../com/cloud/network/vpc/NetworkACLManager.java | 120 +++- .../cloud/network/vpc/NetworkACLManagerImpl.java | 538 ++++++--------- .../cloud/network/vpc/NetworkACLServiceImpl.java | 448 ++++++++++++ server/src/com/cloud/network/vpc/NetworkACLVO.java | 79 +++ server/src/com/cloud/network/vpc/VpcManager.java | 3 +- .../src/com/cloud/network/vpc/VpcManagerImpl.java | 9 +- .../com/cloud/network/vpc/dao/NetworkACLDao.java | 23 + .../cloud/network/vpc/dao/NetworkACLDaoImpl.java | 35 + .../network/vpc/dao/NetworkACLItemDaoImpl.java | 113 +++ .../src/com/cloud/server/ManagementServerImpl.java | 40 +- .../com/cloud/tags/TaggedResourceManagerImpl.java | 4 + .../com/cloud/network/MockNetworkManagerImpl.java | 8 +- .../test/com/cloud/vpc/MockNetworkManagerImpl.java | 3 + server/test/com/cloud/vpc/MockVpcManagerImpl.java | 10 +- .../vpc/MockVpcVirtualNetworkApplianceManager.java | 10 +- .../test/com/cloud/vpc/NetworkACLManagerTest.java | 195 ++++++ .../test/com/cloud/vpc/NetworkACLServiceTest.java | 219 ++++++ .../test/com/cloud/vpc/dao/MockNetworkDaoImpl.java | 5 + setup/db/db/schema-410to420.sql | 43 ++ test/integration/smoke/test_network_acl.py | 119 ++++ tools/marvin/setup.py | 14 +- ui/scripts/events.js | 10 +- ui/scripts/vpc.js | 9 +- 70 files changed, 3687 insertions(+), 831 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/api/src/com/cloud/event/EventTypes.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/api/src/com/cloud/network/Network.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/api/src/com/cloud/network/NetworkProfile.java ---------------------------------------------------------------------- diff --cc api/src/com/cloud/network/NetworkProfile.java index 7358b1a,1807021..fa63ea2 --- a/api/src/com/cloud/network/NetworkProfile.java +++ b/api/src/com/cloud/network/NetworkProfile.java @@@ -52,7 -52,7 +52,8 @@@ public class NetworkProfile implements private boolean restartRequired; private boolean specifyIpRanges; private Long vpcId; + private boolean displayNetwork; + private Long networkAclId; public NetworkProfile(Network network) { this.id = network.getId(); @@@ -82,7 -82,7 +83,8 @@@ this.restartRequired = network.isRestartRequired(); this.specifyIpRanges = network.getSpecifyIpRanges(); this.vpcId = network.getVpcId(); + this.displayNetwork = network.getDisplayNetwork(); + this.networkAclId = network.getNetworkACLId(); } public String getDns1() { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/api/src/org/apache/cloudstack/api/ApiConstants.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/api/src/org/apache/cloudstack/api/BaseCmd.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/api/src/org/apache/cloudstack/api/ResponseGenerator.java ---------------------------------------------------------------------- diff --cc api/src/org/apache/cloudstack/api/ResponseGenerator.java index ab8f995,16760c0..10bf305 --- a/api/src/org/apache/cloudstack/api/ResponseGenerator.java +++ b/api/src/org/apache/cloudstack/api/ResponseGenerator.java @@@ -26,89 -33,7 +33,90 @@@ import com.cloud.network.vpc.VpcOfferin import org.apache.cloudstack.api.ApiConstants.HostDetails; import org.apache.cloudstack.api.ApiConstants.VMDetails; import org.apache.cloudstack.api.command.user.job.QueryAsyncJobResultCmd; +import org.apache.cloudstack.api.response.AccountResponse; +import org.apache.cloudstack.api.response.ApplicationLoadBalancerResponse; +import org.apache.cloudstack.api.response.AsyncJobResponse; +import org.apache.cloudstack.api.response.AutoScalePolicyResponse; +import org.apache.cloudstack.api.response.AutoScaleVmGroupResponse; +import org.apache.cloudstack.api.response.AutoScaleVmProfileResponse; +import org.apache.cloudstack.api.response.CapacityResponse; +import org.apache.cloudstack.api.response.ClusterResponse; +import org.apache.cloudstack.api.response.ConditionResponse; +import org.apache.cloudstack.api.response.ConfigurationResponse; +import org.apache.cloudstack.api.response.CounterResponse; +import org.apache.cloudstack.api.response.CreateCmdResponse; +import org.apache.cloudstack.api.response.DiskOfferingResponse; +import org.apache.cloudstack.api.response.DomainResponse; +import org.apache.cloudstack.api.response.DomainRouterResponse; +import org.apache.cloudstack.api.response.EventResponse; +import org.apache.cloudstack.api.response.ExtractResponse; +import org.apache.cloudstack.api.response.FirewallResponse; +import org.apache.cloudstack.api.response.FirewallRuleResponse; +import org.apache.cloudstack.api.response.GlobalLoadBalancerResponse; +import org.apache.cloudstack.api.response.GuestOSResponse; +import org.apache.cloudstack.api.response.GuestVlanRangeResponse; +import org.apache.cloudstack.api.response.HostForMigrationResponse; +import org.apache.cloudstack.api.response.HostResponse; +import org.apache.cloudstack.api.response.HypervisorCapabilitiesResponse; +import org.apache.cloudstack.api.response.IPAddressResponse; +import org.apache.cloudstack.api.response.InstanceGroupResponse; +import org.apache.cloudstack.api.response.InternalLoadBalancerElementResponse; +import org.apache.cloudstack.api.response.IpForwardingRuleResponse; +import org.apache.cloudstack.api.response.IsolationMethodResponse; +import org.apache.cloudstack.api.response.LBHealthCheckResponse; +import org.apache.cloudstack.api.response.LBStickinessResponse; +import org.apache.cloudstack.api.response.LDAPConfigResponse; +import org.apache.cloudstack.api.response.LoadBalancerResponse; +import org.apache.cloudstack.api.response.NetworkACLResponse; +import org.apache.cloudstack.api.response.NetworkOfferingResponse; +import org.apache.cloudstack.api.response.NetworkResponse; +import org.apache.cloudstack.api.response.NicResponse; +import org.apache.cloudstack.api.response.NicSecondaryIpResponse; +import org.apache.cloudstack.api.response.PhysicalNetworkResponse; +import org.apache.cloudstack.api.response.PodResponse; +import org.apache.cloudstack.api.response.PrivateGatewayResponse; +import org.apache.cloudstack.api.response.ProjectAccountResponse; +import org.apache.cloudstack.api.response.ProjectInvitationResponse; +import org.apache.cloudstack.api.response.ProjectResponse; +import org.apache.cloudstack.api.response.ProviderResponse; +import org.apache.cloudstack.api.response.RegionResponse; +import org.apache.cloudstack.api.response.RemoteAccessVpnResponse; +import org.apache.cloudstack.api.response.ResourceCountResponse; +import org.apache.cloudstack.api.response.ResourceLimitResponse; +import org.apache.cloudstack.api.response.ResourceTagResponse; +import org.apache.cloudstack.api.response.S3Response; +import org.apache.cloudstack.api.response.SecurityGroupResponse; +import org.apache.cloudstack.api.response.ServiceOfferingResponse; +import org.apache.cloudstack.api.response.ServiceResponse; +import org.apache.cloudstack.api.response.Site2SiteCustomerGatewayResponse; +import org.apache.cloudstack.api.response.Site2SiteVpnConnectionResponse; +import org.apache.cloudstack.api.response.Site2SiteVpnGatewayResponse; +import org.apache.cloudstack.api.response.SnapshotPolicyResponse; +import org.apache.cloudstack.api.response.SnapshotResponse; +import org.apache.cloudstack.api.response.SnapshotScheduleResponse; +import org.apache.cloudstack.api.response.StaticRouteResponse; +import org.apache.cloudstack.api.response.StorageNetworkIpRangeResponse; +import org.apache.cloudstack.api.response.StoragePoolForMigrationResponse; +import org.apache.cloudstack.api.response.StoragePoolResponse; +import org.apache.cloudstack.api.response.SwiftResponse; +import org.apache.cloudstack.api.response.SystemVmInstanceResponse; +import org.apache.cloudstack.api.response.SystemVmResponse; +import org.apache.cloudstack.api.response.TemplatePermissionsResponse; +import org.apache.cloudstack.api.response.TemplateResponse; +import org.apache.cloudstack.api.response.TrafficMonitorResponse; +import org.apache.cloudstack.api.response.TrafficTypeResponse; +import org.apache.cloudstack.api.response.UsageRecordResponse; +import org.apache.cloudstack.api.response.UserResponse; +import org.apache.cloudstack.api.response.UserVmResponse; +import org.apache.cloudstack.api.response.VMSnapshotResponse; +import org.apache.cloudstack.api.response.VirtualRouterProviderResponse; +import org.apache.cloudstack.api.response.VlanIpRangeResponse; +import org.apache.cloudstack.api.response.VolumeResponse; +import org.apache.cloudstack.api.response.VpcOfferingResponse; +import org.apache.cloudstack.api.response.VpcResponse; +import org.apache.cloudstack.api.response.VpnUsersResponse; +import org.apache.cloudstack.api.response.ZoneResponse; + import org.apache.cloudstack.api.response.*; import org.apache.cloudstack.network.lb.ApplicationLoadBalancerRule; import org.apache.cloudstack.region.Region; import org.apache.cloudstack.usage.Usage; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java ---------------------------------------------------------------------- diff --cc api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java index 8c0f75e,e88aca7..667c4c8 --- a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java @@@ -126,9 -120,9 +120,12 @@@ public class CreateNetworkCmd extends B @Parameter(name=ApiConstants.IP6_CIDR, type=CommandType.STRING, description="the CIDR of IPv6 network, must be at least /64") private String ip6Cidr; + @Parameter(name=ApiConstants.DISPLAY_NETWORK, type=CommandType.BOOLEAN, description="an optional field, whether to the display the network to the end user or not.") + private Boolean displayNetwork; + + @Parameter(name=ApiConstants.ACL_ID, type=CommandType.UUID, entityType = NetworkACLResponse.class, + description="Network ACL Id associated for the network") + private Long aclId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/client/tomcatconf/applicationContext.xml.in ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/client/tomcatconf/commands.properties.in ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/docs/en-US/gslb.xml ---------------------------------------------------------------------- diff --cc docs/en-US/gslb.xml index 2303331,8070e30..1b692df --- a/docs/en-US/gslb.xml +++ b/docs/en-US/gslb.xml @@@ -157,29 -157,15 +157,41 @@@ </section> <section id="gslb-workflow"> <title>Configuring GSLB</title> ++<<<<<<< HEAD + <para>A GSLB deployment is the logical collection of GSLB virtual server, GSLB service, LB + virtual server, service, domain, and ADNS service. To create a GSLB site, you must configure + load balancing in the zone. You must create GSLB vservers and GSLB services for each site. You + must bind GSLB services to GSLB vservers. You must then create an ADNS service that provides + the IP address of the best performing site to the client's request. A GSLB vserver is an + entity that performs load balancing for the domains bound to it by returning the IP address of + the best GSLB service. A GSLB service is a representation of the load balancing/content + switching vserver. An LB vserver load balances incoming traffic by identifying the best + server, then directs traffic to the corresponding service. It can also load-balance external + DNS name servers. Services are entities that represent the servers. The domain is the domain + name for which the system is the authoritative DNS server. By creating an ADNS service, the + system can be configured as an authoritative DNS server.</para> + <para>To configure GSLB in your cloud environment, as a cloud administrator you must perform the + following.</para> + <para>To configure such a GSLB setup, you must first configure a standard load balancing setup + for each zone. This enables you to balance load across the different servers in each zone in + the region. Then, configure both NetScaler appliances that you plan to add to each zone as + authoritative DNS (ADNS) servers. Next, create a GSLB site for each zone, configure GSLB + virtual servers for each site, create GLSB services, and bind the GSLB services to the GSLB + virtual servers. Finally, bind the domain to the GSLB virtual servers. The GSLB configurations + on the two appliances at the two different sites are identical, although each sites + load-balancing configuration is specific to that site.</para> + <para>Perform the following as a cloud administrator. As per the above example, the ++======= + <para>To configure a GSLB deployment, you must first configure a standard load balancing setup + for each zone. This enables you to balance load across the different servers in each zone in + the region. Then on the NetScaler side, configure both NetScaler appliances that you plan to + add to each zone as authoritative DNS (ADNS) servers. Next, create a GSLB site for each zone, + configure GSLB virtual servers for each site, create GLSB services, and bind the GSLB services + to the GSLB virtual servers. Finally, bind the domain to the GSLB virtual servers. The GSLB + configurations on the two appliances at the two different zones are identical, although each + sites load-balancing configuration is specific to that site.</para> + <para>Perform the following as a cloud administrator. As per the example given above, the ++>>>>>>> master administrator of xyztelco is the one who sets up GSLB:</para> <orderedlist> <listitem> @@@ -200,7 -186,9 +212,13 @@@ >Configuring an Authoritative DNS Service</ulink>.</para> </listitem> <listitem> ++<<<<<<< HEAD + <para>Configure a GSLB site with site name formed from the domain name details.</para> ++======= + <para>Configure a GSLB site with the site name formed from the domain name.</para> + <para>As per the example given above, the site names are A.xyztelco.com and + B.xyztelco.com.</para> ++>>>>>>> master <para>For more information, see <ulink url="http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-basic-site-tsk.html"; >Configuring a Basic GSLB Site</ulink>.</para> @@@ -459,7 -447,6 +477,10 @@@ </section> <section id="assign-lb-gslb"> <title>Assigning Load Balancing Rules to GSLB</title> ++<<<<<<< HEAD + <para/> ++======= ++>>>>>>> master <orderedlist> <listitem> <para>Log in to the &PRODUCT; UI as a domain administrator or user.</para> http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/engine/schema/src/com/cloud/network/dao/NetworkVO.java ---------------------------------------------------------------------- diff --cc engine/schema/src/com/cloud/network/dao/NetworkVO.java index 9b0eec5,ee44349..6580ea0 --- a/engine/schema/src/com/cloud/network/dao/NetworkVO.java +++ b/engine/schema/src/com/cloud/network/dao/NetworkVO.java @@@ -160,9 -160,9 +160,12 @@@ public class NetworkVO implements Netwo @Column(name="ip6_cidr") String ip6Cidr; + @Column(name="display_network", updatable=true, nullable=false) + protected boolean displayNetwork = true; + + @Column(name="network_acl_id") + Long networkACLId; + public NetworkVO() { this.uuid = UUID.randomUUID().toString(); } @@@ -541,12 -541,13 +544,22 @@@ this.ip6Gateway = ip6Gateway; } + @Override() + public boolean getDisplayNetwork() { + return displayNetwork; + } + + public void setDisplayNetwork(boolean displayNetwork) { + this.displayNetwork = displayNetwork; + } ++ + @Override + public void setNetworkACLId(Long networkACLId) { + this.networkACLId = networkACLId; + } + + @Override + public Long getNetworkACLId() { + return networkACLId; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java ---------------------------------------------------------------------- diff --cc engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java index 3a164c4,6f36e21..1bd9abe --- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java +++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java @@@ -438,6 -596,6 +596,7 @@@ public class Upgrade410to420 implement } ++ private void upgradePhysicalNtwksWithInternalLbProvider(Connection conn) { PreparedStatement pstmt = null; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/server/src/com/cloud/api/ApiDBUtils.java ---------------------------------------------------------------------- diff --cc server/src/com/cloud/api/ApiDBUtils.java index fce1f71,4264c93..94c873e --- a/server/src/com/cloud/api/ApiDBUtils.java +++ b/server/src/com/cloud/api/ApiDBUtils.java @@@ -25,6 -25,20 +25,21 @@@ import java.util.Set import javax.annotation.PostConstruct; import javax.inject.Inject; ++ + import com.cloud.network.rules.LoadBalancer; + import com.cloud.network.vpc.NetworkACL; + import com.cloud.network.vpc.StaticRouteVO; + import com.cloud.network.vpc.VpcGatewayVO; + import com.cloud.network.vpc.VpcManager; + import com.cloud.network.vpc.VpcOffering; + import com.cloud.network.vpc.VpcProvisioningService; + import com.cloud.network.vpc.VpcVO; + import com.cloud.network.vpc.dao.NetworkACLDao; + import com.cloud.network.vpc.dao.StaticRouteDao; + import com.cloud.network.vpc.dao.VpcDao; + import com.cloud.network.vpc.dao.VpcGatewayDao; + import com.cloud.network.vpc.dao.VpcOfferingDao; + import com.cloud.region.ha.GlobalLoadBalancingRulesService; import org.apache.cloudstack.affinity.AffinityGroup; import org.apache.cloudstack.affinity.AffinityGroupResponse; import org.apache.cloudstack.affinity.dao.AffinityGroupDao; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/server/src/com/cloud/api/ApiResponseHelper.java ---------------------------------------------------------------------- diff --cc server/src/com/cloud/api/ApiResponseHelper.java index 39327cf,7b4c1f9..7b2bb03 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@@ -3809,7 -3823,6 +3824,7 @@@ public class ApiResponseHelper implemen } } - ++ @Override public InternalLoadBalancerElementResponse createInternalLbElementResponse(VirtualRouterProvider result) { if (result.getType() != VirtualRouterProvider.VirtualRouterProviderType.InternalLbVm) { @@@ -3827,7 -3840,6 +3842,7 @@@ return response; } - ++ @Override public IsolationMethodResponse createIsolationMethodResponse(IsolationType method) { IsolationMethodResponse response = new IsolationMethodResponse(); @@@ -3835,4 -3847,17 +3850,18 @@@ response.setObjectName("isolationmethod"); return response; } + ++ + public NetworkACLResponse createNetworkACLResponse(NetworkACL networkACL) { + NetworkACLResponse response = new NetworkACLResponse(); + response.setId(networkACL.getUuid()); + response.setName(networkACL.getName()); + response.setDescription(networkACL.getDescription()); + Vpc vpc = ApiDBUtils.findVpcById(networkACL.getVpcId()); + if(vpc != null){ + response.setVpcId(vpc.getUuid()); + } + response.setObjectName("networkacllist"); + return response; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/server/src/com/cloud/api/query/QueryManagerImpl.java ---------------------------------------------------------------------- diff --cc server/src/com/cloud/api/query/QueryManagerImpl.java index ebf9cac,808b1ef..54b7d7c --- a/server/src/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/com/cloud/api/query/QueryManagerImpl.java @@@ -30,8 -29,6 +30,9 @@@ import com.cloud.vm.dao.NicDetailDao import org.apache.cloudstack.affinity.AffinityGroupResponse; import org.apache.cloudstack.affinity.AffinityGroupVMMapVO; import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao; +import com.cloud.storage.VolumeDetailVO; +import com.cloud.storage.dao.VolumeDetailsDao; ++ import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd; import org.apache.cloudstack.api.command.admin.host.ListHostsCmd; import org.apache.cloudstack.api.command.admin.internallb.ListInternalLBVMsCmd; @@@ -992,6 -992,6 +993,7 @@@ public class QueryManagerImpl extends M response.setResponses(routerResponses, result.second()); return response; } ++ @Override public ListResponse<DomainRouterResponse> searchForInternalLbVms(ListInternalLBVMsCmd cmd) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/server/src/com/cloud/network/NetworkManagerImpl.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/server/src/com/cloud/network/NetworkServiceImpl.java ---------------------------------------------------------------------- diff --cc server/src/com/cloud/network/NetworkServiceImpl.java index addd853,92d52da..4a57321 --- a/server/src/com/cloud/network/NetworkServiceImpl.java +++ b/server/src/com/cloud/network/NetworkServiceImpl.java @@@ -42,13 -44,23 +44,26 @@@ import org.apache.cloudstack.acl.Securi import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.api.command.admin.network.DedicateGuestVlanRangeCmd; import org.apache.cloudstack.api.command.admin.network.ListDedicatedGuestVlanRangesCmd; +import org.apache.cloudstack.api.command.admin.usage.ListTrafficTypeImplementorsCmd; +import org.apache.cloudstack.api.command.user.network.*; + import com.cloud.network.vpc.NetworkACL; + import com.cloud.network.vpc.dao.NetworkACLDao; + import org.apache.cloudstack.acl.ControlledEntity.ACLType; + import org.apache.cloudstack.acl.SecurityChecker.AccessType; + import org.apache.cloudstack.api.command.admin.usage.ListTrafficTypeImplementorsCmd; + import org.apache.cloudstack.api.command.user.network.CreateNetworkCmd; + import org.apache.cloudstack.api.command.user.network.ListNetworksCmd; + import org.apache.cloudstack.api.command.user.network.RestartNetworkCmd; import org.apache.cloudstack.api.command.user.vm.ListNicsCmd; import org.apache.cloudstack.network.element.InternalLoadBalancerElementService; import org.apache.log4j.Logger; import org.springframework.stereotype.Component; + + import org.apache.log4j.Logger; + import org.springframework.stereotype.Component; + import org.apache.cloudstack.api.command.user.vm.ListNicsCmd; + import org.bouncycastle.util.IPAddress; + import com.cloud.configuration.Config; import com.cloud.configuration.ConfigurationManager; import com.cloud.configuration.dao.ConfigurationDao; @@@ -928,7 -942,7 +945,8 @@@ public class NetworkServiceImpl extend String endIPv6 = cmd.getEndIpv6(); String ip6Gateway = cmd.getIp6Gateway(); String ip6Cidr = cmd.getIp6Cidr(); + Boolean displayNetwork = cmd.getDisplayNetwork(); + Long aclId = cmd.getAclId(); // Validate network offering NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(networkOfferingId); @@@ -1218,8 -1224,21 +1236,23 @@@ if (!_configMgr.isOfferingForVpc(ntwkOff)){ throw new InvalidParameterValueException("Network offering can't be used for VPC networks"); } + network = _vpcMgr.createVpcGuestNetwork(networkOfferingId, name, displayText, gateway, cidr, vlanId, - networkDomain, owner, sharedDomainId, pNtwk, zoneId, aclType, subdomainAccess, vpcId, caller, displayNetwork); ++ networkDomain, owner, sharedDomainId, pNtwk, zoneId, aclType, subdomainAccess, vpcId, aclId, caller, displayNetwork); + if(aclId == null){ + //Use default deny all ACL, when aclId is not specified + aclId = NetworkACL.DEFAULT_DENY; + } else { + NetworkACL acl = _networkACLDao.findById(aclId); + if(acl == null){ + throw new InvalidParameterValueException("Unable to find specified NetworkACL"); + } + + if(vpcId != acl.getVpcId()){ + throw new InvalidParameterValueException("ACL: "+aclId+" do not belong to the VPC"); + } + } + network = _vpcMgr.createVpcGuestNetwork(networkOfferingId, name, displayText, gateway, cidr, vlanId, - networkDomain, owner, sharedDomainId, pNtwk, zoneId, aclType, subdomainAccess, vpcId, aclId, caller); ++ networkDomain, owner, sharedDomainId, pNtwk, zoneId, aclType, subdomainAccess, vpcId, aclId, caller, displayNetwork); } else { if (_configMgr.isOfferingForVpc(ntwkOff)){ throw new InvalidParameterValueException("Network offering can be used for VPC networks only"); @@@ -1841,7 -1860,7 +1874,8 @@@ @DB @ActionEvent(eventType = EventTypes.EVENT_NETWORK_UPDATE, eventDescription = "updating network", async = true) public Network updateGuestNetwork(long networkId, String name, String displayText, Account callerAccount, - User callerUser, String domainSuffix, Long networkOfferingId, Boolean changeCidr, String guestVmCidr) { + User callerUser, String domainSuffix, Long networkOfferingId, Boolean changeCidr, String guestVmCidr, Boolean displayNetwork) { ++ boolean restartNetwork = false; // verify input parameters @@@ -3775,7 -3787,7 +3809,8 @@@ if (privateNetwork == null) { //create Guest network privateNetwork = _networkMgr.createGuestNetwork(ntwkOff.getId(), networkName, displayText, gateway, cidr, vlan, - null, owner, null, pNtwk, pNtwk.getDataCenterId(), ACLType.Account, null, null, null, null); + null, owner, null, pNtwk, pNtwk.getDataCenterId(), ACLType.Account, null, null, null, null, true); ++ s_logger.debug("Created private network " + privateNetwork); } else { s_logger.debug("Private network already exists: " + privateNetwork); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/server/src/com/cloud/network/vpc/VpcManager.java ---------------------------------------------------------------------- diff --cc server/src/com/cloud/network/vpc/VpcManager.java index 3fad1aa,07b9494..f3b4bbc --- a/server/src/com/cloud/network/vpc/VpcManager.java +++ b/server/src/com/cloud/network/vpc/VpcManager.java @@@ -104,9 -102,9 +104,10 @@@ public interface VpcManager extends Vpc * @throws InsufficientCapacityException * @throws ResourceAllocationException */ - Network createVpcGuestNetwork(long ntwkOffId, String name, String displayText, String gateway, String cidr, - String vlanId, String networkDomain, Account owner, Long domainId, PhysicalNetwork pNtwk, long zoneId, - ACLType aclType, Boolean subdomainAccess, long vpcId, long aclId, Account caller) + Network createVpcGuestNetwork(long ntwkOffId, String name, String displayText, String gateway, String cidr, + String vlanId, String networkDomain, Account owner, Long domainId, PhysicalNetwork pNtwk, long zoneId, - ACLType aclType, Boolean subdomainAccess, long vpcId, Account caller, Boolean displayNetworkEnabled) ++ ACLType aclType, Boolean subdomainAccess, long vpcId, Long aclId, Account caller, Boolean displayNetworkEnabled) ++ throws ConcurrentOperationException, InsufficientCapacityException, ResourceAllocationException; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/server/src/com/cloud/network/vpc/VpcManagerImpl.java ---------------------------------------------------------------------- diff --cc server/src/com/cloud/network/vpc/VpcManagerImpl.java index 552332e,9993c06..b70ede8 --- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java +++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java @@@ -1967,9 -1967,9 +1967,9 @@@ public class VpcManagerImpl extends Man @DB @Override - public Network createVpcGuestNetwork(long ntwkOffId, String name, String displayText, String gateway, - String cidr, String vlanId, String networkDomain, Account owner, Long domainId, - PhysicalNetwork pNtwk, long zoneId, ACLType aclType, Boolean subdomainAccess, long vpcId, long aclId, Account caller) + public Network createVpcGuestNetwork(long ntwkOffId, String name, String displayText, String gateway, + String cidr, String vlanId, String networkDomain, Account owner, Long domainId, - PhysicalNetwork pNtwk, long zoneId, ACLType aclType, Boolean subdomainAccess, long vpcId, Account caller, Boolean isDisplayNetworkEnabled) ++ PhysicalNetwork pNtwk, long zoneId, ACLType aclType, Boolean subdomainAccess, long vpcId, Long aclId, Account caller, Boolean isDisplayNetworkEnabled) throws ConcurrentOperationException, InsufficientCapacityException, ResourceAllocationException { Vpc vpc = getActiveVpc(vpcId); @@@ -1993,9 -1993,12 +1993,14 @@@ validateNtwkOffForNtwkInVpc(null, ntwkOffId, cidr, networkDomain, vpc, gateway, owner); //2) Create network -- Network guestNetwork = _ntwkMgr.createGuestNetwork(ntwkOffId, name, displayText, gateway, cidr, vlanId, - networkDomain, owner, domainId, pNtwk, zoneId, aclType, subdomainAccess, vpcId, null, null); ++ Network guestNetwork = _ntwkMgr.createGuestNetwork(ntwkOffId, name, displayText, gateway, cidr, vlanId, + networkDomain, owner, domainId, pNtwk, zoneId, aclType, subdomainAccess, vpcId, null, null, isDisplayNetworkEnabled); + ++ + if(guestNetwork != null){ + guestNetwork.setNetworkACLId(aclId); + _ntwkDao.update(guestNetwork.getId(), (NetworkVO)guestNetwork); + } return guestNetwork; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/server/src/com/cloud/server/ManagementServerImpl.java ---------------------------------------------------------------------- diff --cc server/src/com/cloud/server/ManagementServerImpl.java index 6018138,3c8fa29..425ecf0 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@@ -276,7 -276,20 +276,22 @@@ import org.apache.cloudstack.api.comman import org.apache.cloudstack.api.command.user.nat.DisableStaticNatCmd; import org.apache.cloudstack.api.command.user.nat.EnableStaticNatCmd; import org.apache.cloudstack.api.command.user.nat.ListIpForwardingRulesCmd; +import org.apache.cloudstack.api.command.user.network.*; ++ + import org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd; + import org.apache.cloudstack.api.command.user.network.CreateNetworkACLListCmd; + import org.apache.cloudstack.api.command.user.network.CreateNetworkCmd; + import org.apache.cloudstack.api.command.user.network.DeleteNetworkACLCmd; + import org.apache.cloudstack.api.command.user.network.DeleteNetworkACLListCmd; + import org.apache.cloudstack.api.command.user.network.DeleteNetworkCmd; + import org.apache.cloudstack.api.command.user.network.ListNetworkACLListsCmd; + import org.apache.cloudstack.api.command.user.network.ListNetworkACLsCmd; + import org.apache.cloudstack.api.command.user.network.ListNetworkOfferingsCmd; + import org.apache.cloudstack.api.command.user.network.ListNetworksCmd; + import org.apache.cloudstack.api.command.user.network.ReplaceNetworkACLListCmd; + import org.apache.cloudstack.api.command.user.network.RestartNetworkCmd; + import org.apache.cloudstack.api.command.user.network.UpdateNetworkACLItemCmd; + import org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd; import org.apache.cloudstack.api.command.user.offering.ListDiskOfferingsCmd; import org.apache.cloudstack.api.command.user.offering.ListServiceOfferingsCmd; import org.apache.cloudstack.api.command.user.project.ActivateProjectCmd; @@@ -355,7 -368,15 +370,16 @@@ import org.apache.cloudstack.api.comman import org.apache.cloudstack.api.command.user.vmsnapshot.DeleteVMSnapshotCmd; import org.apache.cloudstack.api.command.user.vmsnapshot.ListVMSnapshotCmd; import org.apache.cloudstack.api.command.user.vmsnapshot.RevertToVMSnapshotCmd; +import org.apache.cloudstack.api.command.user.volume.*; + import org.apache.cloudstack.api.command.user.volume.AttachVolumeCmd; + import org.apache.cloudstack.api.command.user.volume.CreateVolumeCmd; + import org.apache.cloudstack.api.command.user.volume.DeleteVolumeCmd; + import org.apache.cloudstack.api.command.user.volume.DetachVolumeCmd; + import org.apache.cloudstack.api.command.user.volume.ExtractVolumeCmd; + import org.apache.cloudstack.api.command.user.volume.ListVolumesCmd; + import org.apache.cloudstack.api.command.user.volume.MigrateVolumeCmd; + import org.apache.cloudstack.api.command.user.volume.ResizeVolumeCmd; + import org.apache.cloudstack.api.command.user.volume.UploadVolumeCmd; import org.apache.cloudstack.api.command.user.vpc.CreateStaticRouteCmd; import org.apache.cloudstack.api.command.user.vpc.CreateVPCCmd; import org.apache.cloudstack.api.command.user.vpc.DeleteStaticRouteCmd; @@@ -1609,6 -1630,6 +1633,7 @@@ public class ManagementServerImpl exten paramCountCheck++; } ++ if (paramCountCheck > 1) { throw new InvalidParameterValueException("cannot handle multiple IDs, provide only one ID corresponding to the scope"); } @@@ -2858,17 -2878,6 +2883,10 @@@ cmdList.add(ListAffinityGroupsCmd.class); cmdList.add(UpdateVMAffinityGroupCmd.class); cmdList.add(ListAffinityGroupTypesCmd.class); - cmdList.add(AddVolumeDetailCmd.class); - cmdList.add(UpdateVolumeDetailCmd.class); - cmdList.add(RemoveVolumeDetailCmd.class); - cmdList.add(ListVolumeDetailsCmd.class); - cmdList.add(AddNicDetailCmd.class); - cmdList.add(UpdateNicDetailCmd.class); - cmdList.add(RemoveNicDetailCmd.class); - cmdList.add(ListNicDetailsCmd.class); ++ + cmdList.add(AddResourceDetailCmd.class); + cmdList.add(RemoveResourceDetailCmd.class); + cmdList.add(ListResourceDetailsCmd.class); cmdList.add(StopInternalLBVMCmd.class); cmdList.add(StartInternalLBVMCmd.class); cmdList.add(ListInternalLBVMsCmd.class); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/server/src/com/cloud/tags/TaggedResourceManagerImpl.java ---------------------------------------------------------------------- diff --cc server/src/com/cloud/tags/TaggedResourceManagerImpl.java index 2385806,daffe93..f58c5d7 --- a/server/src/com/cloud/tags/TaggedResourceManagerImpl.java +++ b/server/src/com/cloud/tags/TaggedResourceManagerImpl.java @@@ -25,7 -25,7 +25,8 @@@ import javax.ejb.Local import javax.inject.Inject; import javax.naming.ConfigurationException; +import com.cloud.vm.dao.NicDao; + import com.cloud.network.vpc.NetworkACLItemDao; import org.apache.log4j.Logger; import org.springframework.stereotype.Component; @@@ -119,8 -119,8 +120,10 @@@ public class TaggedResourceManagerImpl @Inject VMSnapshotDao _vmSnapshotDao; @Inject + NicDao _nicDao; + NetworkACLItemDao _networkACLItemDao; + + @Override public boolean configure(String name, Map<String, Object> params) throws ConfigurationException { _daoMap.put(TaggedResourceType.UserVm, _userVmDao); @@@ -136,8 -136,7 +139,9 @@@ _daoMap.put(TaggedResourceType.PublicIpAddress, _publicIpDao); _daoMap.put(TaggedResourceType.Project, _projectDao); _daoMap.put(TaggedResourceType.Vpc, _vpcDao); + _daoMap.put(TaggedResourceType.NetworkACL, _firewallDao); + _daoMap.put(TaggedResourceType.Nic, _nicDao); + _daoMap.put(TaggedResourceType.NetworkACL, _networkACLItemDao); _daoMap.put(TaggedResourceType.StaticRoute, _staticRouteDao); _daoMap.put(TaggedResourceType.VMSnapshot, _vmSnapshotDao); _daoMap.put(TaggedResourceType.RemoteAccessVpn, _vpnDao); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/server/test/com/cloud/network/MockNetworkManagerImpl.java ---------------------------------------------------------------------- diff --cc server/test/com/cloud/network/MockNetworkManagerImpl.java index cfd7149,eb5fc25..a0c0850 --- a/server/test/com/cloud/network/MockNetworkManagerImpl.java +++ b/server/test/com/cloud/network/MockNetworkManagerImpl.java @@@ -639,9 -635,15 +639,13 @@@ public class MockNetworkManagerImpl ext return null; } - /* (non-Javadoc) - * @see com.cloud.network.NetworkService#createPrivateNetwork(java.lang.String, java.lang.String, long, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, long, java.lang.Long) - */ @Override - public Network createPrivateNetwork(String s, String s2, long l, String s3, String s4, String s5, String s6, String s7, long l2, Long aLong, Boolean aBoolean) throws ResourceAllocationException, ConcurrentOperationException, InsufficientCapacityException { - return null; //To change body of implemented methods use File | Settings | File Templates. ++ + public Network createPrivateNetwork(String networkName, String displayText, long physicalNetworkId, String vlan, + String startIp, String endIP, String gateway, String netmask, long networkOwnerId, Long vpcId, Boolean sourceNat) + throws ResourceAllocationException, ConcurrentOperationException, InsufficientCapacityException { + // TODO Auto-generated method stub + return null; } /* (non-Javadoc) http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/server/test/com/cloud/vpc/MockNetworkManagerImpl.java ---------------------------------------------------------------------- diff --cc server/test/com/cloud/vpc/MockNetworkManagerImpl.java index 5d19cf4,84ae818..52a375c --- a/server/test/com/cloud/vpc/MockNetworkManagerImpl.java +++ b/server/test/com/cloud/vpc/MockNetworkManagerImpl.java @@@ -84,7 -83,15 +84,10 @@@ import com.cloud.user.Account import com.cloud.user.User; import com.cloud.utils.Pair; import com.cloud.utils.component.ManagerBase; -import com.cloud.vm.Nic; -import com.cloud.vm.NicProfile; -import com.cloud.vm.NicSecondaryIp; -import com.cloud.vm.NicVO; -import com.cloud.vm.ReservationContext; -import com.cloud.vm.VMInstanceVO; -import com.cloud.vm.VirtualMachine; import com.cloud.vm.VirtualMachine.Type; ++ + import com.cloud.vm.VirtualMachineProfile; ++ import org.apache.cloudstack.acl.ControlledEntity.ACLType; import org.apache.cloudstack.api.command.admin.network.DedicateGuestVlanRangeCmd; import org.apache.cloudstack.api.command.admin.network.ListDedicatedGuestVlanRangesCmd; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/server/test/com/cloud/vpc/MockVpcManagerImpl.java ---------------------------------------------------------------------- diff --cc server/test/com/cloud/vpc/MockVpcManagerImpl.java index de4169c,b4851d6..3835c2e --- a/server/test/com/cloud/vpc/MockVpcManagerImpl.java +++ b/server/test/com/cloud/vpc/MockVpcManagerImpl.java @@@ -24,6 -24,6 +24,7 @@@ import javax.ejb.Local import javax.inject.Inject; import javax.naming.ConfigurationException; ++import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.ControlledEntity.ACLType; import org.apache.cloudstack.api.command.user.vpc.ListPrivateGatewaysCmd; import org.apache.cloudstack.api.command.user.vpc.ListStaticRoutesCmd; @@@ -298,14 -298,14 +299,9 @@@ public class MockVpcManagerImpl extend } -- /* (non-Javadoc) -- * @see com.cloud.network.vpc.VpcManager#createVpcGuestNetwork(long, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, com.cloud.user.Account, java.lang.Long, com.cloud.network.PhysicalNetwork, long, org.apache.cloudstack.acl.ControlledEntity.ACLType, java.lang.Boolean, long, com.cloud.user.Account) -- */ @Override -- public Network createVpcGuestNetwork(long ntwkOffId, String name, String displayText, String gateway, String cidr, String vlanId, String networkDomain, Account owner, Long domainId, PhysicalNetwork pNtwk, - long zoneId, ACLType aclType, Boolean subdomainAccess, long vpcId, Account caller, Boolean displayNetworkEnabled) throws ConcurrentOperationException, InsufficientCapacityException, ResourceAllocationException { - // TODO Auto-generated method stub - return null; - long zoneId, ACLType aclType, Boolean subdomainAccess, long vpcId, long aclId, Account caller) throws ConcurrentOperationException, InsufficientCapacityException, ResourceAllocationException { - // TODO Auto-generated method stub - return null; ++ public Network createVpcGuestNetwork(long ntwkOffId, String name, String displayText, String gateway, String cidr, String vlanId, String networkDomain, Account owner, Long domainId, PhysicalNetwork pNtwk, long zoneId, ACLType aclType, Boolean subdomainAccess, long vpcId, Long aclId, Account caller, Boolean displayNetworkEnabled) throws ConcurrentOperationException, InsufficientCapacityException, ResourceAllocationException { ++ return null; //To change body of implemented methods use File | Settings | File Templates. } /* (non-Javadoc) http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8d53b1ef/setup/db/db/schema-410to420.sql ---------------------------------------------------------------------- diff --cc setup/db/db/schema-410to420.sql index 30b96fd,6e74537..096ca33 --- a/setup/db/db/schema-410to420.sql +++ b/setup/db/db/schema-410to420.sql @@@ -1539,3 -1178,45 +1539,46 @@@ CREATE TABLE `cloud`.`account_vnet_map ALTER TABLE `cloud`.`op_dc_vnet_alloc` ADD COLUMN account_vnet_map_id bigint unsigned; ALTER TABLE `cloud`.`op_dc_vnet_alloc` ADD CONSTRAINT `fk_op_dc_vnet_alloc__account_vnet_map_id` FOREIGN KEY `fk_op_dc_vnet_alloc__account_vnet_map_id` (`account_vnet_map_id`) REFERENCES `account_vnet_map` (`id`); + + CREATE TABLE `cloud`.`network_acl` ( + `id` bigint unsigned NOT NULL auto_increment COMMENT 'id', + `name` varchar(255) NOT NULL COMMENT 'name of the network acl', + `uuid` varchar(40), + `vpc_id` bigint unsigned COMMENT 'vpc this network acl belongs to', + `description` varchar(1024), + PRIMARY KEY (`id`) + ) ENGINE=InnoDB DEFAULT CHARSET=utf8; + + CREATE TABLE `cloud`.`network_acl_item` ( + `id` bigint unsigned NOT NULL auto_increment COMMENT 'id', + `uuid` varchar(40), + `acl_id` bigint unsigned NOT NULL COMMENT 'network acl id', + `start_port` int(10) COMMENT 'starting port of a port range', + `end_port` int(10) COMMENT 'end port of a port range', + `state` char(32) NOT NULL COMMENT 'current state of this rule', + `protocol` char(16) NOT NULL default 'TCP' COMMENT 'protocol to open these ports for', + `created` datetime COMMENT 'Date created', + `icmp_code` int(10) COMMENT 'The ICMP code (if protocol=ICMP). A value of -1 means all codes for the given ICMP type.', + `icmp_type` int(10) COMMENT 'The ICMP type (if protocol=ICMP). A value of -1 means all types.', + `traffic_type` char(32) COMMENT 'the traffic type of the rule, can be Ingress or Egress', + `cidr` varchar(255) COMMENT 'comma seperated cidr list', + `number` int(10) NOT NULL COMMENT 'priority number of the acl item', + `action` varchar(10) NOT NULL COMMENT 'rule action, allow or deny', + PRIMARY KEY (`id`), + UNIQUE KEY (`acl_id`, `number`), + CONSTRAINT `fk_network_acl_item__acl_id` FOREIGN KEY(`acl_id`) REFERENCES `network_acl`(`id`) ON DELETE CASCADE, + CONSTRAINT `uc_network_acl_item__uuid` UNIQUE (`uuid`) + ) ENGINE=InnoDB DEFAULT CHARSET=utf8; + + ALTER TABLE `cloud`.`networks` add column `network_acl_id` bigint unsigned COMMENT 'network acl id'; + + -- Add Default ACL deny_all + INSERT INTO `cloud`.`network_acl` (id, uuid, vpc_id, description, name) values (1, UUID(), 0, "Default Network ACL Deny All", "default_deny"); + INSERT INTO `cloud`.`network_acl_item` (id, uuid, acl_id, state, protocol, created, traffic_type, cidr, number, action) values (1, UUID(), 1, "Active", "all", now(), "Ingress", "0.0.0.0/0", 1, "Deny"); + INSERT INTO `cloud`.`network_acl_item` (id, uuid, acl_id, state, protocol, created, traffic_type, cidr, number, action) values (2, UUID(), 1, "Active", "all", now(), "Egress", "0.0.0.0/0", 2, "Deny"); + + -- Add Default ACL allow_all + INSERT INTO `cloud`.`network_acl` (id, uuid, vpc_id, description, name) values (2, UUID(), 0, "Default Network ACL Allow All", "default_allow"); + INSERT INTO `cloud`.`network_acl_item` (id, uuid, acl_id, state, protocol, created, traffic_type, cidr, number, action) values (3, UUID(), 2, "Active", "all", now(), "Ingress", "0.0.0.0/0", 1, "Allow"); + INSERT INTO `cloud`.`network_acl_item` (id, uuid, acl_id, state, protocol, created, traffic_type, cidr, number, action) values (4, UUID(), 2, "Active", "all", now(), "Egress", "0.0.0.0/0", 2, "Allow"); ++>>>>>>> master
