Updated Branches: refs/heads/rbac c440d9046 -> 3b58a45e0
ExternalUUID control support for Firewall and Egress Firewall rules Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/aaa20947 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/aaa20947 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/aaa20947 Branch: refs/heads/rbac Commit: aaa20947a9b200f9a4abdb0977b5648c92931f68 Parents: 039b1c1 Author: Alena Prokharchyk <alena.prokharc...@citrix.com> Authored: Tue Feb 4 16:26:53 2014 -0800 Committer: Alena Prokharchyk <alena.prokharc...@citrix.com> Committed: Tue Feb 4 17:06:04 2014 -0800 ---------------------------------------------------------------------- api/src/com/cloud/event/EventTypes.java | 1 + .../cloud/network/firewall/FirewallService.java | 2 + .../firewall/UpdateEgressFirewallRuleCmd.java | 113 ++++++++++++++++++ .../user/firewall/UpdateFirewallRuleCmd.java | 114 +++++++++++++++++++ client/tomcatconf/commands.properties.in | 2 + .../network/firewall/FirewallManagerImpl.java | 31 ++++- .../com/cloud/server/ManagementServerImpl.java | 4 + .../cloud/network/MockFirewallManagerImpl.java | 6 + 8 files changed, 270 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aaa20947/api/src/com/cloud/event/EventTypes.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java index e88f010..fdbc21f 100755 --- a/api/src/com/cloud/event/EventTypes.java +++ b/api/src/com/cloud/event/EventTypes.java @@ -112,6 +112,7 @@ public class EventTypes { public static final String EVENT_NETWORK_UPDATE = "NETWORK.UPDATE"; public static final String EVENT_FIREWALL_OPEN = "FIREWALL.OPEN"; public static final String EVENT_FIREWALL_CLOSE = "FIREWALL.CLOSE"; + public static final String EVENT_FIREWALL_UPDATE = "FIREWALL.UPDATE"; //NIC Events public static final String EVENT_NIC_CREATE = "NIC.CREATE"; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aaa20947/api/src/com/cloud/network/firewall/FirewallService.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/network/firewall/FirewallService.java b/api/src/com/cloud/network/firewall/FirewallService.java index 917bda3..0e4f495 100644 --- a/api/src/com/cloud/network/firewall/FirewallService.java +++ b/api/src/com/cloud/network/firewall/FirewallService.java @@ -50,4 +50,6 @@ public interface FirewallService { boolean revokeRelatedFirewallRule(long ruleId, boolean apply); + FirewallRule updateFirewallRule(long ruleId, String customId); + } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aaa20947/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java new file mode 100644 index 0000000..690afe5 --- /dev/null +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateEgressFirewallRuleCmd.java @@ -0,0 +1,113 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License.package org.apache.cloudstack.api.command.user.firewall; + +package org.apache.cloudstack.api.command.user.firewall; + +import org.apache.cloudstack.api.APICommand; +import org.apache.cloudstack.api.ApiConstants; +import org.apache.cloudstack.api.BaseAsyncCustomIdCmd; +import org.apache.cloudstack.api.Parameter; +import org.apache.cloudstack.api.response.AccountResponse; +import org.apache.cloudstack.api.response.FirewallResponse; +import org.apache.cloudstack.api.response.FirewallRuleResponse; +import org.apache.cloudstack.context.CallContext; +import org.apache.log4j.Logger; + +import com.cloud.event.EventTypes; +import com.cloud.exception.InvalidParameterValueException; +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.FirewallRule.TrafficType; + +@APICommand(name = "updateEgressFirewallRule", description = "Updates egress firewall rule ", responseObject = FirewallResponse.class, since = "4.4") +public class UpdateEgressFirewallRuleCmd extends BaseAsyncCustomIdCmd { + public static final Logger s_logger = Logger.getLogger(UpdateEgressFirewallRuleCmd.class.getName()); + + private static final String s_name = "updateegressfirewallruleresponse"; + + // /////////////////////////////////////////////////// + // ////////////// API parameters ///////////////////// + // /////////////////////////////////////////////////// + + @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = FirewallRuleResponse.class, required = true, description = "the ID of the egress firewall rule") + private Long id; + + // unexposed parameter needed for events logging + @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false) + private Long ownerId; + + // /////////////////////////////////////////////////// + // ///////////////// Accessors /////////////////////// + // /////////////////////////////////////////////////// + + public Long getId() { + return id; + } + // /////////////////////////////////////////////////// + // ///////////// API Implementation/////////////////// + // /////////////////////////////////////////////////// + + @Override + public String getCommandName() { + return s_name; + } + + @Override + public void execute() throws ResourceUnavailableException { + CallContext.current().setEventDetails("Rule Id: " + id); + FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId()); + + FirewallResponse fwResponse = new FirewallResponse(); + if (rule != null) { + fwResponse = _responseGenerator.createFirewallResponse(rule); + setResponseObject(fwResponse); + } + fwResponse.setResponseName(getCommandName()); + } + + @Override + public void checkUuid() { + if (this.getCustomId() != null) { + _uuidMgr.checkUuid(this.getCustomId(), FirewallRule.class); + } + } + + @Override + public String getEventType() { + return EventTypes.EVENT_FIREWALL_UPDATE; + + } + + @Override + public String getEventDescription() { + return ("Updating egress firewall rule id=" + id); + + } + + @Override + public long getEntityOwnerId() { + if (ownerId == null) { + FirewallRule rule = _entityMgr.findById(FirewallRule.class, id); + if (rule == null || rule.getTrafficType() != TrafficType.Egress) { + throw new InvalidParameterValueException("Unable to find egress firewall rule by id"); + } else { + ownerId = _entityMgr.findById(FirewallRule.class, id).getAccountId(); + } + } + return ownerId; + } +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aaa20947/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java new file mode 100644 index 0000000..3fa3b9e --- /dev/null +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdateFirewallRuleCmd.java @@ -0,0 +1,114 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License.package org.apache.cloudstack.api.command.user.firewall; + +package org.apache.cloudstack.api.command.user.firewall; + +import org.apache.cloudstack.api.APICommand; +import org.apache.cloudstack.api.ApiConstants; +import org.apache.cloudstack.api.BaseAsyncCustomIdCmd; +import org.apache.cloudstack.api.Parameter; +import org.apache.cloudstack.api.response.AccountResponse; +import org.apache.cloudstack.api.response.FirewallResponse; +import org.apache.cloudstack.api.response.FirewallRuleResponse; +import org.apache.cloudstack.context.CallContext; +import org.apache.log4j.Logger; + +import com.cloud.event.EventTypes; +import com.cloud.exception.InvalidParameterValueException; +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.FirewallRule.TrafficType; + +@APICommand(name = "updateFirewallRule", description = "Updates firewall rule ", responseObject = FirewallResponse.class, since = "4.4") +public class UpdateFirewallRuleCmd extends BaseAsyncCustomIdCmd { + public static final Logger s_logger = Logger.getLogger(UpdateFirewallRuleCmd.class.getName()); + + private static final String s_name = "updatefirewallruleresponse"; + + // /////////////////////////////////////////////////// + // ////////////// API parameters ///////////////////// + // /////////////////////////////////////////////////// + + @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = FirewallRuleResponse.class, required = true, description = "the ID of the firewall rule") + private Long id; + + // unexposed parameter needed for events logging + @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, expose = false) + private Long ownerId; + + // /////////////////////////////////////////////////// + // ///////////////// Accessors /////////////////////// + // /////////////////////////////////////////////////// + + public Long getId() { + return id; + } + + // /////////////////////////////////////////////////// + // ///////////// API Implementation/////////////////// + // /////////////////////////////////////////////////// + + @Override + public String getCommandName() { + return s_name; + } + + @Override + public void execute() throws ResourceUnavailableException { + CallContext.current().setEventDetails("Rule Id: " + id); + FirewallRule rule = _firewallService.updateFirewallRule(id, this.getCustomId()); + + FirewallResponse fwResponse = new FirewallResponse(); + if (rule != null) { + fwResponse = _responseGenerator.createFirewallResponse(rule); + setResponseObject(fwResponse); + } + fwResponse.setResponseName(getCommandName()); + } + + @Override + public void checkUuid() { + if (this.getCustomId() != null) { + _uuidMgr.checkUuid(this.getCustomId(), FirewallRule.class); + } + } + + @Override + public String getEventType() { + return EventTypes.EVENT_FIREWALL_UPDATE; + + } + + @Override + public String getEventDescription() { + return ("Updating firewall rule id=" + id); + + } + + @Override + public long getEntityOwnerId() { + if (ownerId == null) { + FirewallRule rule = _entityMgr.findById(FirewallRule.class, id); + if (rule == null || rule.getTrafficType() != TrafficType.Ingress) { + throw new InvalidParameterValueException("Unable to find firewall rule by id"); + } else { + ownerId = _entityMgr.findById(FirewallRule.class, id).getAccountId(); + } + } + return ownerId; + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aaa20947/client/tomcatconf/commands.properties.in ---------------------------------------------------------------------- diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in index aecc912..27ed6cf 100644 --- a/client/tomcatconf/commands.properties.in +++ b/client/tomcatconf/commands.properties.in @@ -401,11 +401,13 @@ deleteProjectInvitation=15 createFirewallRule=15 deleteFirewallRule=15 listFirewallRules=15 +updateFirewallRule=15 #### createEgressFirewallRule=15 deleteEgressFirewallRule=15 listEgressFirewallRules=15 +updateEgressFirewallRule=15 #### hypervisor capabilities commands updateHypervisorCapabilities=1 http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aaa20947/server/src/com/cloud/network/firewall/FirewallManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index 448abe3..593c0b5 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -27,13 +27,12 @@ import javax.ejb.Local; import javax.inject.Inject; import javax.naming.ConfigurationException; -import org.apache.log4j.Logger; -import org.springframework.stereotype.Component; - import org.apache.cloudstack.api.command.user.firewall.ListFirewallRulesCmd; import org.apache.cloudstack.context.CallContext; import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService; import org.apache.cloudstack.framework.config.dao.ConfigurationDao; +import org.apache.log4j.Logger; +import org.springframework.stereotype.Component; import com.cloud.configuration.Config; import com.cloud.domain.dao.DomainDao; @@ -717,6 +716,32 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, } @Override + @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating firewall rule", async = true) + public FirewallRule updateFirewallRule(long ruleId, String customId) { + Account caller = CallContext.current().getCallingAccount(); + return updateFirewallRule(ruleId, customId, caller); + } + + protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller) { + FirewallRuleVO rule = _firewallDao.findById(ruleId); + if (rule == null || rule.getPurpose() != Purpose.Firewall) { + throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall); + } + + if (rule.getType() == FirewallRuleType.System && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { + throw new InvalidParameterValueException("Only root admin can update the system wide firewall rule"); + } + + _accountMgr.checkAccess(caller, null, true, rule); + + if (customId != null) { + rule.setUuid(customId); + _firewallDao.update(ruleId, rule); + } + return _firewallDao.findById(ruleId); + } + + @Override @DB public void revokeRule(final FirewallRuleVO rule, Account caller, long userId, final boolean needUsageEvent) { if (caller != null) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aaa20947/server/src/com/cloud/server/ManagementServerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 449e879..9dc9dda 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -255,6 +255,8 @@ import org.apache.cloudstack.api.command.user.firewall.DeletePortForwardingRuleC import org.apache.cloudstack.api.command.user.firewall.ListEgressFirewallRulesCmd; import org.apache.cloudstack.api.command.user.firewall.ListFirewallRulesCmd; import org.apache.cloudstack.api.command.user.firewall.ListPortForwardingRulesCmd; +import org.apache.cloudstack.api.command.user.firewall.UpdateEgressFirewallRuleCmd; +import org.apache.cloudstack.api.command.user.firewall.UpdateFirewallRuleCmd; import org.apache.cloudstack.api.command.user.firewall.UpdatePortForwardingRuleCmd; import org.apache.cloudstack.api.command.user.guest.ListGuestOsCategoriesCmd; import org.apache.cloudstack.api.command.user.guest.ListGuestOsCmd; @@ -2861,6 +2863,8 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe cmdList.add(ListOvsElementsCmd.class); cmdList.add(ConfigureOvsElementCmd.class); cmdList.add(GetVMUserDataCmd.class); + cmdList.add(UpdateEgressFirewallRuleCmd.class); + cmdList.add(UpdateFirewallRuleCmd.class); return cmdList; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aaa20947/server/test/com/cloud/network/MockFirewallManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/test/com/cloud/network/MockFirewallManagerImpl.java b/server/test/com/cloud/network/MockFirewallManagerImpl.java index 3fbbcdf..b306976 100644 --- a/server/test/com/cloud/network/MockFirewallManagerImpl.java +++ b/server/test/com/cloud/network/MockFirewallManagerImpl.java @@ -184,4 +184,10 @@ public class MockFirewallManagerImpl extends ManagerBase implements FirewallMana return null; } + @Override + public FirewallRule updateFirewallRule(long ruleId, String customId) { + // TODO Auto-generated method stub + return null; + } + }
