Skip to content

Commit 2d950e2

Browse files
JayapalUradiKishan Kavala
JayapalUradi
authored and
Kishan Kavala
committed
CLOUDSTACK-768: ACL on private gateway
1 parent bcc320f commit 2d950e2

34 files changed

Lines changed: 1116 additions & 73 deletions

File tree

api/src/com/cloud/network/NetworkService.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -163,7 +163,7 @@ IpAddress associateIPToNetwork(long ipId, long networkId) throws InsufficientAdd
163163
* @throws ResourceAllocationException
164164
*/
165165
Network createPrivateNetwork(String networkName, String displayText, long physicalNetworkId, String vlan,
166-
String startIp, String endIP, String gateway, String netmask, long networkOwnerId, Long vpcId, Boolean sourceNat)
166+
String startIp, String endIP, String gateway, String netmask, long networkOwnerId, Long vpcId, Boolean sourceNat)
167167
throws ResourceAllocationException, ConcurrentOperationException, InsufficientCapacityException;
168168

169169
/* Requests an IP address for the guest nic */

api/src/com/cloud/network/element/VpcProvider.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,4 +52,6 @@ boolean implementVpc(Vpc vpc, DeployDestination dest, ReservationContext context
5252
boolean deletePrivateGateway(PrivateGateway privateGateway) throws ConcurrentOperationException, ResourceUnavailableException;
5353

5454
boolean applyStaticRoutes(Vpc vpc, List<StaticRouteProfile> routes) throws ResourceUnavailableException;
55+
56+
boolean applyACLItemsToPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException;
5557
}

api/src/com/cloud/network/vpc/NetworkACLService.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -122,4 +122,14 @@ public interface NetworkACLService {
122122
NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList, NetworkACLItem.TrafficType trafficType,
123123
String action, Integer number, Integer sourcePortStart, Integer sourcePortEnd,
124124
Integer icmpCode, Integer icmpType) throws ResourceUnavailableException;
125+
126+
/**
127+
* Associates ACL with specified Network
128+
* @param aclId
129+
* @param privateGatewayId
130+
* @return
131+
* @throws ResourceUnavailableException
132+
*/
133+
boolean replaceNetworkACLonPrivateGw(long aclId, long privateGatewayId) throws ResourceUnavailableException;
134+
125135
}

api/src/com/cloud/network/vpc/VpcGateway.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,4 +81,9 @@ public enum State {
8181
* @return
8282
*/
8383
boolean getSourceNat();
84+
85+
/**
86+
* @return
87+
*/
88+
long getNetworkACLId();
8489
}

api/src/com/cloud/network/vpc/VpcService.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -172,13 +172,14 @@ boolean startVpc(long vpcId, boolean destroyOnFailure) throws ConcurrentOperatio
172172
* @param netmask
173173
* @param gatewayOwnerId
174174
* @param isSourceNat
175+
* @param aclId
175176
* @return
176177
* @throws InsufficientCapacityException
177178
* @throws ConcurrentOperationException
178179
* @throws ResourceAllocationException
179180
*/
180181
public PrivateGateway createVpcPrivateGateway(long vpcId, Long physicalNetworkId, String vlan, String ipAddress,
181-
String gateway, String netmask, long gatewayOwnerId, Boolean isSourceNat) throws ResourceAllocationException,
182+
String gateway, String netmask, long gatewayOwnerId, Boolean isSoruceNat, Long aclId) throws ResourceAllocationException,
182183
ConcurrentOperationException, InsufficientCapacityException;
183184

184185
/**

api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
import org.apache.cloudstack.api.BaseAsyncCreateCmd;
2424
import org.apache.cloudstack.api.Parameter;
2525
import org.apache.cloudstack.api.ServerApiException;
26+
import org.apache.cloudstack.api.response.NetworkACLResponse;
2627
import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
2728
import org.apache.cloudstack.api.response.PrivateGatewayResponse;
2829
import org.apache.cloudstack.api.response.VpcResponse;
@@ -74,6 +75,11 @@ public class CreatePrivateGatewayCmd extends BaseAsyncCreateCmd {
7475
" 'false': sourcenat is not supported")
7576
private Boolean isSourceNat;
7677

78+
@Parameter(name=ApiConstants.ACL_ID, type=CommandType.UUID, entityType = NetworkACLResponse.class,
79+
required=false, description="the ID of the network ACL")
80+
private Long aclId;
81+
82+
7783
/////////////////////////////////////////////////////
7884
/////////////////// Accessors ///////////////////////
7985
/////////////////////////////////////////////////////
@@ -109,6 +115,11 @@ public Boolean getIsSourceNat () {
109115
return true;
110116
}
111117

118+
public Long getAclId() {
119+
return aclId;
120+
}
121+
122+
112123
/////////////////////////////////////////////////////
113124
/////////////// API Implementation///////////////////
114125
/////////////////////////////////////////////////////
@@ -123,7 +134,7 @@ public void create() throws ResourceAllocationException {
123134
PrivateGateway result = null;
124135
try {
125136
result = _vpcService.createVpcPrivateGateway(getVpcId(), getPhysicalNetworkId(),
126-
getVlan(), getStartIp(), getGateway(), getNetmask(), getEntityOwnerId(), getIsSourceNat());
137+
getVlan(), getStartIp(), getGateway(), getNetmask(), getEntityOwnerId(), getIsSourceNat(), getAclId());
127138
} catch (InsufficientCapacityException ex){
128139
s_logger.info(ex);
129140
s_logger.trace(ex);

api/src/org/apache/cloudstack/api/command/user/network/ReplaceNetworkACLListCmd.java

Lines changed: 27 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -26,10 +26,11 @@
2626
import org.apache.cloudstack.api.*;
2727
import org.apache.cloudstack.api.response.NetworkACLResponse;
2828
import org.apache.cloudstack.api.response.NetworkResponse;
29+
import org.apache.cloudstack.api.response.PrivateGatewayResponse;
2930
import org.apache.cloudstack.api.response.SuccessResponse;
3031
import org.apache.log4j.Logger;
3132

32-
@APICommand(name = "replaceNetworkACLList", description="Replaces ACL associated with a Network", responseObject=SuccessResponse.class)
33+
@APICommand(name = "replaceNetworkACLList", description="Replaces ACL associated with a Network or private gateway", responseObject=SuccessResponse.class)
3334
public class ReplaceNetworkACLListCmd extends BaseAsyncCmd {
3435
public static final Logger s_logger = Logger.getLogger(ReplaceNetworkACLListCmd.class.getName());
3536
private static final String s_name = "replacenetworkacllistresponse";
@@ -43,8 +44,12 @@ public class ReplaceNetworkACLListCmd extends BaseAsyncCmd {
4344
private long aclId;
4445

4546
@Parameter(name=ApiConstants.NETWORK_ID, type=CommandType.UUID, entityType = NetworkResponse.class,
46-
required=true, description="the ID of the network")
47-
private long networkId;
47+
description="the ID of the network")
48+
private Long networkId;
49+
50+
@Parameter(name=ApiConstants.GATEWAY_ID, type=CommandType.UUID, entityType = PrivateGatewayResponse.class,
51+
description="the ID of the private gateway")
52+
private Long privateGatewayId;
4853

4954
/////////////////////////////////////////////////////
5055
/////////////////// Accessors ///////////////////////
@@ -54,10 +59,14 @@ public long getAclId() {
5459
return aclId;
5560
}
5661

57-
public long getNetworkId(){
62+
public Long getNetworkId(){
5863
return networkId;
5964
}
6065

66+
public Long getPrivateGatewayId() {
67+
return privateGatewayId;
68+
}
69+
6170
/////////////////////////////////////////////////////
6271
/////////////// API Implementation///////////////////
6372
/////////////////////////////////////////////////////
@@ -84,8 +93,21 @@ public long getEntityOwnerId() {
8493

8594
@Override
8695
public void execute() throws ResourceUnavailableException {
96+
if (getNetworkId() == null && getPrivateGatewayId() == null) {
97+
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Network id and private gateway can't be null at the same time");
98+
}
99+
100+
if (getNetworkId() != null && getPrivateGatewayId() != null) {
101+
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Network id and private gateway can't be passed at the same time");
102+
}
103+
87104
UserContext.current().setEventDetails("Network ACL Id: " + aclId);
88-
boolean result = _networkACLService.replaceNetworkACL(aclId, networkId);
105+
boolean result = false;
106+
if (getPrivateGatewayId() != null) {
107+
result = _networkACLService.replaceNetworkACLonPrivateGw(aclId, privateGatewayId);
108+
} else {
109+
result = _networkACLService.replaceNetworkACL(aclId, networkId);
110+
}
89111

90112
if (result) {
91113
SuccessResponse response = new SuccessResponse(getCommandName());

api/src/org/apache/cloudstack/api/response/PrivateGatewayResponse.java

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,10 @@ public class PrivateGatewayResponse extends BaseResponse implements ControlledEn
8080
private Boolean sourceNat;
8181

8282

83+
@SerializedName(ApiConstants.ACL_ID) @Param(description = "ACL Id set for private gateway")
84+
private String aclId;
85+
86+
8387
@Override
8488
public String getObjectId() {
8589
return this.id;
@@ -154,6 +158,11 @@ public void setSourceNat(Boolean sourceNat) {
154158
this.sourceNat = sourceNat;
155159
}
156160

161+
public void setAclId(String aclId) {
162+
this.aclId = aclId;
163+
}
164+
165+
157166

158167
}
159168

core/src/com/cloud/agent/api/routing/NetworkElementCommand.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,8 @@ public abstract class NetworkElementCommand extends Command {
3232
public static final String ROUTER_GUEST_IP = "router.guest.ip";
3333
public static final String ZONE_NETWORK_TYPE = "zone.network.type";
3434
public static final String GUEST_BRIDGE = "guest.bridge";
35+
public static final String VPC_PRIVATE_GATEWAY = "vpc.gateway.private";
36+
3537

3638
protected NetworkElementCommand() {
3739
super();

core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -892,12 +892,17 @@ public String assignGuestNetwork(final String dev, final String routerIP,
892892
}
893893

894894
public String assignNetworkACL(final String routerIP, final String dev,
895-
final String routerGIP, final String netmask, final String rule){
895+
final String routerGIP, final String netmask, final String rule, String privateGw){
896896
String args = " -d " + dev;
897-
args += " -i " + routerGIP;
898-
args += " -m " + netmask;
899-
args += " -a " + rule;
900-
return routerProxy("vpc_acl.sh", routerIP, args);
897+
if (privateGw != null) {
898+
args += " -a " + rule;
899+
return routerProxy("vpc_privategw_acl.sh", routerIP, args);
900+
} else {
901+
args += " -i " + routerGIP;
902+
args += " -m " + netmask;
903+
args += " -a " + rule;
904+
return routerProxy("vpc_acl.sh", routerIP, args);
905+
}
901906
}
902907

903908
public String assignSourceNat(final String routerIP, final String pubIP, final String dev) {

0 commit comments

Comments
 (0)