Skip to content

Commit 0076307

Browse files
Syedmurali-reddy
Syed
authored and
murali-reddy
committed
Squashed merge of Ssl Termination feature
Bug: https://issues.apache.org/jira/browse/CLOUDSTACK-4821 FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSL+Termination+Support This patch implements the SSL offload feature for loadbalancers and includes the implementaion for this to work with Netscaler. The following are the new API's that this patch adds uploadSslCert deleteSslCert listSslCert assignCertToLoadBalancer removeCertFromLoadBalancer Unit tests are also included in the patch.
1 parent 07b6874 commit 0076307

58 files changed

Lines changed: 3265 additions & 42 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

CHANGES

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
12
Apache CloudStack CHANGES
23
======================================
34

api/src/com/cloud/agent/api/to/LoadBalancerTO.java

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@
3333
import com.cloud.network.lb.LoadBalancingRule.LbDestination;
3434
import com.cloud.network.lb.LoadBalancingRule.LbHealthCheckPolicy;
3535
import com.cloud.network.lb.LoadBalancingRule.LbStickinessPolicy;
36+
import com.cloud.network.lb.LoadBalancingRule.LbSslCert;
3637
import com.cloud.utils.Pair;
3738

3839

@@ -41,13 +42,15 @@ public class LoadBalancerTO {
4142
String srcIp;
4243
int srcPort;
4344
String protocol;
45+
String lbProtocol;
4446
String algorithm;
4547
boolean revoked;
4648
boolean alreadyAdded;
4749
boolean inline;
4850
DestinationTO[] destinations;
4951
private StickinessPolicyTO[] stickinessPolicies;
5052
private HealthCheckPolicyTO[] healthCheckPolicies;
53+
private LbSslCert sslCert; /* XXX: Should this be SslCertTO? */
5154
private AutoScaleVmGroupTO autoScaleVmGroupTO;
5255
final static int MAX_STICKINESS_POLICIES = 1;
5356
final static int MAX_HEALTHCHECK_POLICIES = 1;
@@ -66,6 +69,8 @@ public LoadBalancerTO(String uuid, String srcIp, int srcPort, String protocol, S
6669
this.inline = inline;
6770
this.destinations = new DestinationTO[destinations.size()];
6871
this.stickinessPolicies = null;
72+
this.sslCert = null;
73+
this.lbProtocol = null;
6974
int i = 0;
7075
for (LbDestination destination : destinations) {
7176
this.destinations[i++] = new DestinationTO(destination.getIpAddress(), destination.getDestinationPortStart(), destination.isRevoked(), false);
@@ -77,12 +82,12 @@ public LoadBalancerTO(String id, String srcIp, int srcPort, String protocol, Str
7782
List<LbStickinessPolicy> stickinessPolicies) {
7883

7984
this(id, srcIp, srcPort, protocol, algorithm, revoked, alreadyAdded, inline, arg_destinations,
80-
stickinessPolicies, null);
85+
stickinessPolicies, null, null, null);
8186
}
8287

8388
public LoadBalancerTO(String id, String srcIp, int srcPort, String protocol, String algorithm, boolean revoked,
8489
boolean alreadyAdded, boolean inline, List<LbDestination> arg_destinations,
85-
List<LbStickinessPolicy> stickinessPolicies, List<LbHealthCheckPolicy> healthCheckPolicies) {
90+
List<LbStickinessPolicy> stickinessPolicies, List<LbHealthCheckPolicy> healthCheckPolicies, LbSslCert sslCert, String lbProtocol) {
8691
this(id, srcIp, srcPort, protocol, algorithm, revoked, alreadyAdded, inline, arg_destinations);
8792
this.stickinessPolicies = null;
8893
this.healthCheckPolicies = null;
@@ -117,6 +122,9 @@ public LoadBalancerTO(String id, String srcIp, int srcPort, String protocol, Str
117122
if (index == 0)
118123
this.healthCheckPolicies = null;
119124
}
125+
126+
this.sslCert = sslCert;
127+
this.lbProtocol = lbProtocol;
120128
}
121129

122130
protected LoadBalancerTO() {
@@ -142,6 +150,10 @@ public String getProtocol() {
142150
return protocol;
143151
}
144152

153+
public String getLbProtocol() {
154+
return lbProtocol;
155+
}
156+
145157
public boolean isRevoked() {
146158
return revoked;
147159
}
@@ -178,6 +190,10 @@ public boolean isAutoScaleVmGroupTO() {
178190
return this.autoScaleVmGroupTO != null;
179191
}
180192

193+
public LbSslCert getSslCert(){
194+
return this.sslCert;
195+
}
196+
181197
public static class StickinessPolicyTO {
182198
private String _methodName;
183199
private List<Pair<String, String>> _paramsList;
@@ -294,6 +310,8 @@ public void setMonitorState(String state) {
294310
public String getMonitorState() {
295311
return monitorState;
296312
}
313+
314+
297315
}
298316
public static class CounterTO implements Serializable {
299317
private final String name;
@@ -558,5 +576,4 @@ public void setAutoScaleVmGroup(LbAutoScaleVmGroup lbAutoScaleVmGroup)
558576
autoScaleVmGroupTO = new AutoScaleVmGroupTO(autoScaleVmGroup.getUuid(), autoScaleVmGroup.getMinMembers(), autoScaleVmGroup.getMaxMembers(), autoScaleVmGroup.getMemberPort(),
559577
autoScaleVmGroup.getInterval(), autoScalePolicyTOs, autoScaleVmProfileTO, autoScaleVmGroup.getState(), lbAutoScaleVmGroup.getCurrentState());
560578
}
561-
562579
}

api/src/com/cloud/event/EventTypes.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,10 @@ public class EventTypes {
133133
public static final String EVENT_LB_HEALTHCHECKPOLICY_CREATE = "LB.HEALTHCHECKPOLICY.CREATE";
134134
public static final String EVENT_LB_HEALTHCHECKPOLICY_DELETE = "LB.HEALTHCHECKPOLICY.DELETE";
135135
public static final String EVENT_LOAD_BALANCER_UPDATE = "LB.UPDATE";
136+
public static final String EVENT_LB_CERT_UPLOAD = "LB.CERT.UPLOAD";
137+
public static final String EVENT_LB_CERT_DELETE = "LB.CERT.DELETE";
138+
public static final String EVENT_LB_CERT_ASSIGN = "LB.CERT.ASSIGN";
139+
public static final String EVENT_LB_CERT_REMOVE = "LB.CERT.REMOVE";
136140

137141
// Global Load Balancer rules
138142
public static final String EVENT_ASSIGN_TO_GLOBAL_LOAD_BALANCER_RULE = "GLOBAL.LB.ASSIGN";
@@ -511,6 +515,10 @@ public class EventTypes {
511515
entityEventDetails.put(EVENT_LB_STICKINESSPOLICY_CREATE, LoadBalancer.class.getName());
512516
entityEventDetails.put(EVENT_LB_STICKINESSPOLICY_DELETE, LoadBalancer.class.getName());
513517
entityEventDetails.put(EVENT_LOAD_BALANCER_UPDATE, LoadBalancer.class.getName());
518+
entityEventDetails.put(EVENT_LB_CERT_UPLOAD, LoadBalancer.class.getName());
519+
entityEventDetails.put(EVENT_LB_CERT_DELETE, LoadBalancer.class.getName());
520+
entityEventDetails.put(EVENT_LB_CERT_ASSIGN, LoadBalancer.class.getName());
521+
entityEventDetails.put(EVENT_LB_CERT_REMOVE, LoadBalancer.class.getName());
514522

515523
// Account events
516524
entityEventDetails.put(EVENT_ACCOUNT_DISABLE, Account.class.getName());

api/src/com/cloud/network/Network.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,7 @@ public static class Capability {
181181
public static final Capability SupportedTrafficDirection = new Capability("SupportedTrafficDirection");
182182
public static final Capability SupportedEgressProtocols = new Capability("SupportedEgressProtocols");
183183
public static final Capability HealthCheckPolicy = new Capability("HealthCheckPolicy");
184+
public static final Capability SslTermination = new Capability("SslTermination");
184185
public static final Capability LbSchemes = new Capability("LbSchemes");
185186
public static final Capability DhcpAccrossMultipleSubnets = new Capability("DhcpAccrossMultipleSubnets");
186187

api/src/com/cloud/network/lb/CertService.java

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
// Licensed to the Apache Software Foundation (ASF) under one
2+
// or more contributor license agreements. See the NOTICE file
3+
// distributed with this work for additional information
4+
// regarding copyright ownership. The ASF licenses this file
5+
// to you under the Apache License, Version 2.0 (the
6+
// "License"); you may not use this file except in compliance
7+
// with the License. You may obtain a copy of the License at
8+
//
9+
// http://www.apache.org/licenses/LICENSE-2.0
10+
//
11+
// Unless required by applicable law or agreed to in writing,
12+
// software distributed under the License is distributed on an
13+
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14+
// KIND, either express or implied. See the License for the
15+
// specific language governing permissions and limitations
16+
// under the License.
17+
package com.cloud.network.lb;
18+
19+
20+
import org.apache.cloudstack.api.command.user.loadbalancer.DeleteSslCertCmd;
21+
import org.apache.cloudstack.api.command.user.loadbalancer.ListSslCertsCmd;
22+
import org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd;
23+
import org.apache.cloudstack.api.response.SslCertResponse;
24+
25+
import java.util.List;
26+
27+
public interface CertService {
28+
29+
public SslCertResponse uploadSslCert(UploadSslCertCmd certCmd);
30+
public void deleteSslCert(DeleteSslCertCmd deleteSslCertCmd);
31+
public List<SslCertResponse> listSslCerts(ListSslCertsCmd listSslCertCmd);
32+
}

api/src/com/cloud/network/lb/LoadBalancingRule.java

Lines changed: 60 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,16 +36,29 @@ public class LoadBalancingRule {
3636
private List<LbStickinessPolicy> stickinessPolicies;
3737
private LbAutoScaleVmGroup autoScaleVmGroup;
3838
private List<LbHealthCheckPolicy> healthCheckPolicies;
39+
private LbSslCert sslCert;
40+
private String lbProtocol;
3941

4042
public LoadBalancingRule(LoadBalancer lb, List<LbDestination> destinations,
41-
List<LbStickinessPolicy> stickinessPolicies, List<LbHealthCheckPolicy> healthCheckPolicies, Ip sourceIp) {
43+
List<LbStickinessPolicy> stickinessPolicies, List<LbHealthCheckPolicy> healthCheckPolicies, Ip sourceIp) {
4244
this.lb = lb;
4345
this.destinations = destinations;
4446
this.stickinessPolicies = stickinessPolicies;
4547
this.healthCheckPolicies = healthCheckPolicies;
4648
this.sourceIp = sourceIp;
4749
}
4850

51+
public LoadBalancingRule(LoadBalancer lb, List<LbDestination> destinations,
52+
List<LbStickinessPolicy> stickinessPolicies, List<LbHealthCheckPolicy> healthCheckPolicies, Ip sourceIp, LbSslCert sslCert, String lbProtocol) {
53+
this.lb = lb;
54+
this.destinations = destinations;
55+
this.stickinessPolicies = stickinessPolicies;
56+
this.healthCheckPolicies = healthCheckPolicies;
57+
this.sourceIp = sourceIp;
58+
this.sslCert = sslCert;
59+
this.lbProtocol = lbProtocol;
60+
}
61+
4962
public long getId() {
5063
return lb.getId();
5164
}
@@ -90,6 +103,10 @@ public String getProtocol() {
90103
return lb.getProtocol();
91104
}
92105

106+
public String getLbProtocol() {
107+
return this.lbProtocol;
108+
}
109+
93110
public FirewallRule.Purpose getPurpose() {
94111
return FirewallRule.Purpose.LoadBalancing;
95112
}
@@ -123,6 +140,10 @@ public List<LbHealthCheckPolicy> getHealthCheckPolicies() {
123140
return healthCheckPolicies;
124141
}
125142

143+
public LbSslCert getLbSslCert(){
144+
return sslCert;
145+
}
146+
126147
public interface Destination {
127148
String getIpAddress();
128149

@@ -415,6 +436,44 @@ public String getCurrentState() {
415436
}
416437
}
417438

439+
public static class LbSslCert {
440+
private String cert;
441+
private String key;
442+
private String password=null;
443+
private String chain=null;
444+
private boolean revoked;
445+
446+
447+
public LbSslCert(String cert, String key, String password, String chain, boolean revoked) {
448+
this.cert = cert;
449+
this.key = key;
450+
this.password = password;
451+
this.chain = chain;
452+
this.revoked = revoked;
453+
}
454+
455+
public String getCert() {
456+
457+
return cert;
458+
}
459+
460+
public String getKey() {
461+
return key;
462+
}
463+
464+
public String getPassword() {
465+
return password;
466+
}
467+
468+
public String getChain() {
469+
return chain;
470+
}
471+
472+
public boolean isRevoked(){
473+
return revoked;
474+
}
475+
}
476+
418477
public Ip getSourceIp() {
419478
return sourceIp;
420479
}

api/src/com/cloud/network/lb/LoadBalancingRulesService.java

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ public interface LoadBalancingRulesService {
5252
*/
5353
LoadBalancer createPublicLoadBalancerRule(String xId, String name, String description,
5454
int srcPortStart, int srcPortEnd, int defPortStart, int defPortEnd, Long ipAddrId, String protocol, String algorithm,
55-
long networkId, long lbOwnerId, boolean openFirewall) throws NetworkRuleConflictException, InsufficientAddressCapacityException;
55+
long networkId, long lbOwnerId, boolean openFirewall, String lbProtocol) throws NetworkRuleConflictException, InsufficientAddressCapacityException;
5656

5757
LoadBalancer updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd);
5858

@@ -94,10 +94,16 @@ LoadBalancer createPublicLoadBalancerRule(String xId, String name, String descri
9494
*/
9595
boolean assignToLoadBalancer(long lbRuleId, List<Long> vmIds);
9696

97+
boolean assignSSLCertToLoadBalancerRule(Long lbRuleId, String certName, String publicCert, String privateKey);
98+
9799
boolean removeFromLoadBalancer(long lbRuleId, List<Long> vmIds);
98100

99101
boolean applyLoadBalancerConfig(long lbRuleId) throws ResourceUnavailableException;
100102

103+
boolean assignCertToLoadBalancer(long lbRuleId, Long CertId);
104+
boolean removeCertFromLoadBalancer(long lbRuleId);
105+
106+
101107
/**
102108
* List instances that have either been applied to a load balancer or are eligible to be assigned to a load
103109
* balancer.

api/src/com/cloud/network/lb/SslCert.java

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
package com.cloud.network.lb;
2+
3+
4+
import org.apache.cloudstack.acl.ControlledEntity;
5+
import org.apache.cloudstack.api.Identity;
6+
import org.apache.cloudstack.api.InternalIdentity;
7+
8+
public interface SslCert extends InternalIdentity, Identity, ControlledEntity {
9+
10+
public String getCertificate();
11+
public String getKey() ;
12+
public String getChain();
13+
public String getPassword();
14+
public String getFingerPrint();
15+
16+
}

api/src/org/apache/cloudstack/api/ApiConstants.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,9 @@ public class ApiConstants {
3636
public static final String CATEGORY = "category";
3737
public static final String CAN_REVERT = "canrevert";
3838
public static final String CERTIFICATE = "certificate";
39+
public static final String CERTIFICATE_CHAIN = "certchain";
40+
public static final String CERTIFICATE_FINGERPRINT = "fingerprint";
41+
public static final String CERTIFICATE_ID = "certid";
3942
public static final String PRIVATE_KEY = "privatekey";
4043
public static final String DOMAIN_SUFFIX = "domainsuffix";
4144
public static final String DNS_SEARCH_ORDER = "dnssearchorder";

0 commit comments

Comments
 (0)