This is an automated email from the ASF dual-hosted git repository.
nvazquez pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new e3d0ce9 Improve default network offering setting for egress policy
(#5970)
e3d0ce9 is described below
commit e3d0ce9304e959b5afba916fa8dbcd89cceb1638
Author: Pearl Dsilva <[email protected]>
AuthorDate: Tue Feb 22 04:12:35 2022 +0530
Improve default network offering setting for egress policy (#5970)
* Improve default network offering setting for egress policy
* descriptive info + restrict to only isolated n/ws
* add translation
---
.../org/apache/cloudstack/api/response/NetworkResponse.java | 12 ++++++++++++
server/src/main/java/com/cloud/api/ApiResponseHelper.java | 3 +++
ui/public/locales/en.json | 5 +++++
ui/src/components/view/DetailsTab.vue | 3 +++
ui/src/config/section/network.js | 2 +-
ui/src/views/network/EgressRulesTab.vue | 4 ++++
ui/src/views/offering/AddNetworkOffering.vue | 2 +-
7 files changed, 29 insertions(+), 2 deletions(-)
diff --git
a/api/src/main/java/org/apache/cloudstack/api/response/NetworkResponse.java
b/api/src/main/java/org/apache/cloudstack/api/response/NetworkResponse.java
index 4b41610..b673788 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/NetworkResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/NetworkResponse.java
@@ -263,6 +263,10 @@ public class NetworkResponse extends
BaseResponseWithAnnotations implements Cont
@Param(description = "the total number of network traffic bytes sent")
private Long bytesSent;
+ @SerializedName((ApiConstants.EGRESS_DEFAULT_POLICY))
+ @Param(description = "true if guest network default egress policy is
allow; false if default egress policy is deny")
+ private Boolean egressDefaultPolicy;
+
public Boolean getDisplayNetwork() {
return displayNetwork;
}
@@ -528,4 +532,12 @@ public class NetworkResponse extends
BaseResponseWithAnnotations implements Cont
public void setBytesSent(final Long bytesSent) {
this.bytesSent = bytesSent;
}
+
+ public boolean getEgressDefaultPolicy() {
+ return egressDefaultPolicy;
+ }
+
+ public void setEgressDefaultPolicy(Boolean egressDefaultPolicy) {
+ this.egressDefaultPolicy = egressDefaultPolicy;
+ }
}
diff --git a/server/src/main/java/com/cloud/api/ApiResponseHelper.java
b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
index 60530c2..5df3c17 100644
--- a/server/src/main/java/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
@@ -2302,6 +2302,9 @@ public class ApiResponseHelper implements
ResponseGenerator {
response.setIsSystem(networkOffering.isSystemOnly());
response.setNetworkOfferingAvailability(networkOffering.getAvailability().toString());
response.setIsPersistent(networkOffering.isPersistent());
+ if (Network.GuestType.Isolated.equals(network.getGuestType())) {
+
response.setEgressDefaultPolicy(networkOffering.isEgressDefaultPolicy());
+ }
}
if (network.getAclType() != null) {
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 9253ae3..c3ee434 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -2669,6 +2669,7 @@
"message.after.enable.s3": "S3-backed Secondary Storage configured. Note: When
you leave this page, you will not be able to re-configure S3 again.",
"message.after.enable.swift": "Swift configured. Note: When you leave this
page, you will not be able to re-configure Swift again.",
"message.alert.state.detected": "Alert state detected",
+"message.allowed": "Allowed",
"message.allow.vpn.access": "Please enter a username and password of the user
that you want to allow VPN access.",
"message.apply.snapshot.policy": "You have successfully updated your current
snapshot policy.",
"message.apply.success": "Apply Successfully",
@@ -2838,6 +2839,7 @@
"message.delete.vpn.gateway": "Please confirm that you want to delete this VPN
Gateway",
"message.deleting.node": "Deleting Node",
"message.deleting.vm": "Deleting VM",
+"message.denied": "Denied",
"message.deployasis": "Selected template is Deploy As-Is i.e., the VM is
deployed by importing an OVA with vApps directly into vCenter. Root disk(s)
resize is allowed only on stopped VMs for such templates.",
"message.desc.add.new.lb.sticky.rule": "Add new LB sticky rule",
"message.desc.advanced.zone": "This is recommended and allows more
sophisticated network topologies. This network model provides the most
flexibility in defining guest networks and providing custom network offerings
such as firewall, VPN, or load balancer support.",
@@ -2881,6 +2883,9 @@
"message.edit.rule.failed": "Failed to edit rule",
"message.edit.rule.processing": "Updating rule...",
"message.edit.traffic.type": "Please specify the traffic label you want
associated with this traffic type.",
+"message.egress.rules.allow": "Allow (traffic matching the egress rules added
will be denied)",
+"message.egress.rules.deny": "Deny (traffic matching the egress rules added
will be allowed)",
+"message.egress.rules.info.for.network": "The default egress policy of this
network is %x. <br><br> Outgoing traffic matching the following rules will be
%y",
"message.enable.account": "Please confirm that you want to enable this
account.",
"message.enable.netsacler.provider.failed": "failed to enable Netscaler
provider",
"message.enable.securitygroup.provider.failed": "failed to enable security
group provider",
diff --git a/ui/src/components/view/DetailsTab.vue
b/ui/src/components/view/DetailsTab.vue
index 14508ba..b23f589 100644
--- a/ui/src/components/view/DetailsTab.vue
+++ b/ui/src/components/view/DetailsTab.vue
@@ -45,6 +45,9 @@
<div v-else-if="['created', 'sent', 'lastannotated'].includes(item)">
{{ $toLocaleDate(resource[item]) }}
</div>
+ <div v-else-if="$route.meta.name === 'guestnetwork' && item ===
'egressdefaultpolicy'">
+ {{ resource[item]? $t('message.egress.rules.allow') :
$t('message.egress.rules.deny') }}
+ </div>
<div v-else>{{ resource[item] }}</div>
</div>
</a-list-item>
diff --git a/ui/src/config/section/network.js b/ui/src/config/section/network.js
index 43992e8..b55312d 100644
--- a/ui/src/config/section/network.js
+++ b/ui/src/config/section/network.js
@@ -38,7 +38,7 @@ export default {
return fields
},
details: () => {
- var fields = ['name', 'id', 'description', 'type', 'traffictype',
'vpcid', 'vlan', 'broadcasturi', 'cidr', 'ip6cidr', 'netmask', 'gateway',
'aclname', 'ispersistent', 'restartrequired', 'reservediprange',
'redundantrouter', 'networkdomain', 'zonename', 'account', 'domain']
+ var fields = ['name', 'id', 'description', 'type', 'traffictype',
'vpcid', 'vlan', 'broadcasturi', 'cidr', 'ip6cidr', 'netmask', 'gateway',
'aclname', 'ispersistent', 'restartrequired', 'reservediprange',
'redundantrouter', 'networkdomain', 'egressdefaultpolicy', 'zonename',
'account', 'domain']
if (!isAdmin()) {
fields = fields.filter(function (e) { return e !== 'broadcasturi' })
}
diff --git a/ui/src/views/network/EgressRulesTab.vue
b/ui/src/views/network/EgressRulesTab.vue
index a935f4c..ba76ee9 100644
--- a/ui/src/views/network/EgressRulesTab.vue
+++ b/ui/src/views/network/EgressRulesTab.vue
@@ -18,6 +18,10 @@
<template>
<div>
<div>
+ <div
+ v-html="$t('message.egress.rules.info.for.network').replace('%x',
resource.egressdefaultpolicy ? '<b>' + $t('label.allow') + '</b>' :
+ '<b>' + $t('label.deny') + '</b>').replace('%y',
resource.egressdefaultpolicy ? '<b>' + $t('message.denied') + '</b>' : '<b>' +
$t('message.allowed') + '</b>')"> </div>
+ <a-divider />
<div class="form" v-ctrl-enter="addRule">
<div class="form__item">
<div class="form__label">{{ $t('label.sourcecidr') }}</div>
diff --git a/ui/src/views/offering/AddNetworkOffering.vue
b/ui/src/views/offering/AddNetworkOffering.vue
index d114ceb..c01a940 100644
--- a/ui/src/views/offering/AddNetworkOffering.vue
+++ b/ui/src/views/offering/AddNetworkOffering.vue
@@ -342,7 +342,7 @@
<tooltip-label slot="label" :title="$t('label.egressdefaultpolicy')"
:tooltip="apiParams.egressdefaultpolicy.description"/>
<a-radio-group
v-decorator="['egressdefaultpolicy', {
- initialValue: 'allow'
+ initialValue: 'deny'
}]"
buttonStyle="solid">
<a-radio-button value="allow">
