Re: Review Request 15050: Add Palo Alto Networks Firewall Integration

Tue, 05 Nov 2013 19:43:51 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15050/
-----------------------------------------------------------

(Updated Nov. 6, 2013, 3:42 a.m.)


Review request for cloudstack and Sheng Yang.


Changes
-------

Here is a new patch which is based off the latest master branch.

I have moved the plugin from being built using the depreciated 'nonoss' flag 
into the core build because this plugin does not depend on any 3rd party 
libraries at build or runtime.

I have also added a more detailed commit message to give an overview of the 
features covered in the commit.


Bugs: CLOUDSTACK-1275
    https://issues.apache.org/jira/browse/CLOUDSTACK-1275


Repository: cloudstack-git


Description
-------

More information in the FS: 
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration

This patch adds a network plugin which adds support for the Palo Alto Networks 
firewall (their appliance and their VM series firewall).

Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private 
gateway/cidr on the PA as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device 
(additional docs to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally 
per device (additional docs to come)

Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between 
CloudStack and the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.


Diffs (updated)
-----

  api/src/com/cloud/network/Network.java bda3326 
  
api/src/org/apache/cloudstack/api/command/admin/network/AddNetworkDeviceCmd.java
 4983255 
  
api/src/org/apache/cloudstack/api/command/admin/network/ListNetworkDeviceCmd.java
 0b7836d 
  api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java 
29ce2e3 
  client/WEB-INF/classes/resources/messages.properties d548527 
  client/pom.xml 54cb667 
  client/tomcatconf/commands.properties.in 8cbe972 
  plugins/network-elements/palo-alto/pom.xml PRE-CREATION 
  
plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/module.properties
 PRE-CREATION 
  
plugins/network-elements/palo-alto/resources/META-INF/cloudstack/paloalto/spring-paloalto-context.xml
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddExternalFirewallCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/AddPaloAltoFirewallCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ConfigurePaloAltoFirewallCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeleteExternalFirewallCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/DeletePaloAltoFirewallCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListExternalFirewallsCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallsCmd.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/api/response/PaloAltoFirewallResponse.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoExternalFirewallElement.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/network/element/PaloAltoFirewallElementService.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/network/resource/PaloAltoResource.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java
 PRE-CREATION 
  
plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java
 PRE-CREATION 
  plugins/pom.xml 4f193bc 
  server/src/com/cloud/api/ApiResponseHelper.java 769d345 
  server/src/com/cloud/configuration/ConfigurationManagerImpl.java e3aa4fa 
  ui/dictionary.jsp 85f24c6 
  ui/scripts/docs.js 3a4f8ca 
  ui/scripts/system.js 1579d16 

Diff: https://reviews.apache.org/r/15050/diff/


Testing
-------

I have tested all of the functionality listed under 'supported features'.

Unit tests are in file 24 and 25 of this patch.  The details of the tests can 
be found in the functional spec.


Thanks,

Will Stevens

Reply via email to