Re: Review Request 15050: Add Palo Alto Networks Firewall Integration

Fri, 01 Nov 2013 14:11:07 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/
-----------------------------------------------------------

(Updated Nov. 1, 2013, 9:10 p.m.)


Review request for cloudstack and Sheng Yang.


Changes
-------

I built the patch with 'git format-patch' instead of 'git diff'.  I have 
uploaded the new patch file as the diff for this request.


Bugs: CLOUDSTACK-1275
    https://issues.apache.org/jira/browse/CLOUDSTACK-1275


Repository: cloudstack-git


Description
-------

More information in the FS: 
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration

This patch adds a network plugin which adds support for the Palo Alto Networks 
firewall (their appliance and their VM series firewall).

Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private 
gateway/cidr on the PA as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device 
(additional docs to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally 
per device (additional docs to come)

Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between 
CloudStack and the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.


Diffs (updated)
-----

  api/src/com/cloud/network/Network.java 49f380b 
  
api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java
 4983255 
  
api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java
 0b7836d 
  api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 
29ce2e3 
  client/WEB-INF/classes/resources/messages.properties c075bf8 
  client/pom.xml fd1f13a 
  client/tomcatconf/commands.properties.in 96e841a 
  client/tomcatconf/nonossComponentContext.xml.in 0502bbc 
  plugins/network-elements/palo-alto/pom.xml PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java
 PRE-CREATION 
  plugins/pom.xml ca41dff 
  server/src/com/cloud/api/ApiResponseHelper.java f4ca112 
  server/src/com/cloud/configuration/ConfigurationManagerImpl.java 4fda3b1 
  ui/dictionary.jsp 80aab6f 
  ui/scripts/docs.js 3a4f8ca 
  ui/scripts/system.js 0af3952 

Diff: https://reviews.apache.org/r/15050/diff/


Testing
-------

I have tested all of the functionality listed under 'supported features'.

Unit tests are in file 24 and 25 of this patch.  The details of the tests can 
be found in the functional spec.


Thanks,

Will Stevens

Reply via email to