Updated Branches: refs/heads/cisco-vnmc-api-integration fb23c5036 -> ef069b332
Added logic for revoking ACL, PF and Static NAT rules Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/ef069b33 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/ef069b33 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/ef069b33 Branch: refs/heads/cisco-vnmc-api-integration Commit: ef069b33235c9d9864749fcfec878c2c255b8c10 Parents: 4c65b70 Author: Koushik Das <[email protected]> Authored: Fri Mar 8 15:26:26 2013 +0530 Committer: Koushik Das <[email protected]> Committed: Fri Mar 8 15:26:26 2013 +0530 ---------------------------------------------------------------------- .../network/cisco/create-acl-policy-set.xml | 2 +- .../scripts/network/cisco/delete-rule.xml | 12 +-- .../cloud/network/cisco/CiscoVnmcConnection.java | 15 ++- .../network/cisco/CiscoVnmcConnectionImpl.java | 48 ++++++-- .../cloud/network/resource/CiscoVnmcResource.java | 95 +++++++-------- 5 files changed, 97 insertions(+), 75 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ef069b33/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml index a8aeaba..f2045a1 100755 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml @@ -4,7 +4,7 @@ <inConfigs> <pair key="%aclpolicysetdn%"> <policyPolicySet - descr="" + descr="%descr%" dn="%aclpolicysetdn%" name="%aclpolicysetname%" status="created"/> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ef069b33/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml index 92354b0..2c8da08 100755 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml @@ -1,17 +1,13 @@ - <configConfMos cookie="%cookie%" inHierarchical="false"> <inConfigs> - - <pair key="%aclruledn%"> + <pair key="%ruledn%"> <policyRule descr="" - dn="%aclruledn%" - name="%aclrulename%" - order="300" + dn="%ruledn%" + name="%rulename%" status="deleted"/> </pair> - </inConfigs> -</configConfMos> \ No newline at end of file +</configConfMos> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ef069b33/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java index abad8ad..59a605e 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java @@ -78,6 +78,10 @@ public interface CiscoVnmcConnection { String publicIp) throws ExecutionException; + public boolean deleteTenantVDCDNatRule(String tenantName, + String identifier, String policyIdentifier) + throws ExecutionException; + public boolean createTenantVDCIngressAclRuleForDNat(String tenantName, String identifier, String policyIdentifier, String publicIp) @@ -105,6 +109,10 @@ public interface CiscoVnmcConnection { String startPort, String endPort) throws ExecutionException; + public boolean deleteTenantVDCPFRule(String tenantName, + String identifier, String policyIdentifier) + throws ExecutionException; + public boolean createTenantVDCIngressAclRuleForPF(String tenantName, String identifier, String policyIdentifier, String protocol, String publicIp, @@ -129,15 +137,14 @@ public interface CiscoVnmcConnection { public boolean associateNatPolicySet(String tenantName) throws ExecutionException; - public boolean createIngressAclRule(String tenantName, + public boolean createTenantVDCIngressAclRule(String tenantName, String identifier, String policyIdentifier, String protocol, String sourceStartIp, String sourceEndIp, String destStartPort, String destEndPort, String destIp) throws ExecutionException; - public boolean deleteAclRule(String policyIdentifier, - String identifier, String destIp) - throws ExecutionException; + public boolean deleteTenantVDCAclRule(String tenantName, + String identifier, String policyIdentifier) throws ExecutionException; public boolean createTenantVDCAclPolicy(String tenantName, String identifier, boolean ingress) throws ExecutionException; http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ef069b33/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java index 5a1755c..e7c7091 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java @@ -92,7 +92,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { LIST_ACL_POLICIES("list-acl-policies.xml", "policy-mgr"), CREATE_ACL_POLICY_REF("create-acl-policy-ref.xml", "policy-mgr"), CREATE_INGRESS_ACL_RULE("create-ingress-acl-rule.xml", "policy-mgr"), - DELETE_ACL_RULE("delete-acl-rule.xml", "policy-mgr"), + + DELETE_RULE("delete-rule.xml", "policy-mgr"), LIST_CHILDREN("list-children.xml", "policy-mgr"), @@ -632,7 +633,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { String xml = VnmcXml.CREATE_ACL_POLICY_SET.getXml(); String service = VnmcXml.CREATE_ACL_POLICY_SET.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); - //xml = replaceXmlValue(xml, "descr", "ACL policy set for Tenant VDC " + tenantName); + xml = replaceXmlValue(xml, "descr", "ACL policy set for Tenant VDC " + tenantName); xml = replaceXmlValue(xml, "aclpolicysetname", getNameForAclPolicySet(tenantName, ingress)); xml = replaceXmlValue(xml, "aclpolicysetdn", getDnForAclPolicySet(tenantName, ingress)); @@ -670,7 +671,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } @Override - public boolean createIngressAclRule(String tenantName, + public boolean createTenantVDCIngressAclRule(String tenantName, String identifier, String policyIdentifier, String protocol, String sourceStartIp, String sourceEndIp, String destStartPort, String destEndPort, String destIp) throws ExecutionException { @@ -700,15 +701,10 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } @Override - public boolean deleteAclRule(String tenantName, String identifier, String policyIdentifier) throws ExecutionException { - String xml = VnmcXml.DELETE_ACL_RULE.getXml(); - String service = VnmcXml.DELETE_ACL_RULE.getService(); - xml = replaceXmlValue(xml, "cookie", _cookie); - xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier)); - xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier)); - - String response = sendRequest(service, xml); - return verifySuccess(response); + public boolean deleteTenantVDCAclRule(String tenantName, String identifier, String policyIdentifier) throws ExecutionException { + return deleteTenantVDCRule( + getDnForAclRule(tenantName, identifier, policyIdentifier), + getNameForAclRule(tenantName, identifier)); } private String getNameForPFPortPool(String tenantName, String identifier) { @@ -796,6 +792,17 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return verifySuccess(response); } + private boolean deleteTenantVDCRule(String ruledn, String ruleName) throws ExecutionException { + String xml = VnmcXml.DELETE_RULE.getXml(); + String service = VnmcXml.DELETE_RULE.getService(); + xml = replaceXmlValue(xml, "cookie", _cookie); + xml = replaceXmlValue(xml, "ruledn", ruledn); + xml = replaceXmlValue(xml, "rulename", ruleName); + + String response = sendRequest(service, xml); + return verifySuccess(response); + } + private List<String> listNatPolicies(String tenantName) throws ExecutionException { String xml = VnmcXml.LIST_NAT_POLICIES.getXml(); @@ -929,6 +936,14 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } @Override + public boolean deleteTenantVDCPFRule(String tenantName, String identifier, + String policyIdentifier) throws ExecutionException { + return deleteTenantVDCRule( + getDnForPFRule(tenantName, identifier, policyIdentifier), + getNameForPFRule(tenantName, identifier)); + } + + @Override public boolean createTenantVDCIngressAclRuleForPF(String tenantName, String identifier, String policyIdentifier, String protocol, String publicIp, String startPort, String endPort) @@ -1041,6 +1056,15 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } @Override + public boolean deleteTenantVDCDNatRule(String tenantName, + String identifier, String policyIdentifier) + throws ExecutionException { + return deleteTenantVDCRule( + getDnForDNatRule(tenantName, identifier, policyIdentifier), + getNameForDNatRule(tenantName, identifier)); + } + + @Override public boolean createTenantVDCIngressAclRuleForDNat(String tenantName, String identifier, String policyIdentifier, String publicIp) throws ExecutionException { http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ef069b33/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java index 16aaed2..321046b 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java @@ -71,10 +71,6 @@ public class CiscoVnmcResource implements ServerResource{ private String _password; private String _guid; private Integer _numRetries; - private String _publicZone; - private String _privateZone; - private String _publicInterface; - private String _privateInterface; CiscoVnmcConnectionImpl _connection; @@ -140,26 +136,6 @@ public class CiscoVnmcResource implements ServerResource{ throw new ConfigurationException("Unable to find password"); } - _publicInterface = (String) params.get("publicinterface"); - if (_publicInterface == null) { - //throw new ConfigurationException("Unable to find public interface."); - } - - _privateInterface = (String) params.get("privateinterface"); - if (_privateInterface == null) { - //throw new ConfigurationException("Unable to find private interface."); - } - - _publicZone = (String) params.get("publiczone"); - if (_publicZone == null) { - _publicZone = "untrust"; - } - - _privateZone = (String) params.get("privatezone"); - if (_privateZone == null) { - _privateZone = "trust"; - } - _guid = (String)params.get("guid"); if (_guid == null) { throw new ConfigurationException("Unable to find the guid"); @@ -265,6 +241,20 @@ public class CiscoVnmcResource implements ServerResource{ return new IpAssocAnswer(cmd, results); } + private String[] getIpRangeFromCidr(String cidr) { + String[] result = new String[2]; + String[] cidrData = cidr.split("\\/"); + assert (cidrData.length == 2) : "Something is wrong with source cidr " + cidr; + long size = Long.valueOf(cidrData[1]); + result[0] = cidrData[0]; + result[1] = cidrData[0]; + if (size < 32) { + result[0] = NetUtils.getIpRangeStartIpFromCidr(cidrData[0], size); + result[1] = NetUtils.getIpRangeEndIpFromCidr(cidrData[0], size); + } + return result; + } + /* * Source NAT */ @@ -285,6 +275,7 @@ public class CiscoVnmcResource implements ServerResource{ if (!_connection.createTenantVDCSourceNatPolicy(tenant, policyIdentifier)) { throw new Exception("Failed to create source NAT policy in VNMC for guest network with vlan " + vlanId); } + if (!_connection.createTenantVDCSourceNatPolicyRef(tenant, policyIdentifier)) { throw new Exception("Failed to associate source NAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId); } @@ -293,13 +284,8 @@ public class CiscoVnmcResource implements ServerResource{ throw new Exception("Failed to create source NAT ip pool in VNMC for guest network with vlan " + vlanId); } - String cidr = cmd.getContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR); - String[] result = cidr.split("\\/"); - assert (result.length == 2) : "Something is wrong with guest cidr " + cidr; - long size = Long.valueOf(result[1]); - String startIp = NetUtils.getIpRangeStartIpFromCidr(result[0], size); - String endIp = NetUtils.getIpRangeEndIpFromCidr(result[0], size); - if (!_connection.createTenantVDCSourceNatRule(tenant, policyIdentifier, startIp, endIp)) { + String[] ipRange = getIpRangeFromCidr(cmd.getContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR)); + if (!_connection.createTenantVDCSourceNatRule(tenant, policyIdentifier, ipRange[0], ipRange[1])) { throw new Exception("Failed to create source NAT rule in VNMC for guest network with vlan " + vlanId); } @@ -362,22 +348,14 @@ public class CiscoVnmcResource implements ServerResource{ for (FirewallRuleTO rule : publicIpRulesMap.get(publicIp)) { if (rule.revoked()) { - //_connection.deleteAclRule(tenant, Long.toString(rule.getId()), publicIp); - } else { - String cidr = rule.getSourceCidrList().get(0); - String[] result = cidr.split("\\/"); - assert (result.length == 2) : "Something is wrong with source cidr " + cidr; - long size = Long.valueOf(result[1]); - String externalStartIp = result[0]; - String externalEndIp = result[0]; - if (size < 32) { - externalStartIp = NetUtils.getIpRangeStartIpFromCidr(result[0], size); - externalEndIp = NetUtils.getIpRangeEndIpFromCidr(result[0], size); + if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), publicIp)) { + throw new Exception("Failed to delete ACL ingress rule in VNMC for guest network with vlan " + vlanId); } - - if (!_connection.createIngressAclRule(tenant, + } else { + String[] externalIpRange = getIpRangeFromCidr(rule.getSourceCidrList().get(0)); + if (!_connection.createTenantVDCIngressAclRule(tenant, Long.toString(rule.getId()), policyIdentifier, - rule.getProtocol().toUpperCase(), externalStartIp, externalEndIp, + rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1], Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp)) { throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId); } @@ -426,6 +404,10 @@ public class CiscoVnmcResource implements ServerResource{ throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId); } + if (!_connection.createTenantVDCAclPolicySet(tenant, true)) { + throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId); + } + for (String publicIp : publicIpRulesMap.keySet()) { String policyIdentifier = publicIp.replace('.', '-'); @@ -449,8 +431,13 @@ public class CiscoVnmcResource implements ServerResource{ for (StaticNatRuleTO rule : publicIpRulesMap.get(publicIp)) { if (rule.revoked()) { - //_connection.deleteDNatRule(tenant, Long.toString(rule.getId()), policyIdentifier); - //_connection.deleteAclRule(tenant, Long.toString(rule.getId()), policyIdentifier); + if (!_connection.deleteTenantVDCDNatRule(tenant, Long.toString(rule.getId()), policyIdentifier)) { + throw new Exception("Failed to delete DNAT rule in VNMC for guest network with vlan " + vlanId); + } + + if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) { + throw new Exception("Failed to delete ACL ingress rule for DNAT in VNMC for guest network with vlan " + vlanId); + } } else { if (!_connection.createTenantVDCDNatIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) { throw new Exception("Failed to create DNAT ip pool in VNMC for guest network with vlan " + vlanId); @@ -509,6 +496,10 @@ public class CiscoVnmcResource implements ServerResource{ throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId); } + if (!_connection.createTenantVDCAclPolicySet(tenant, true)) { + throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId); + } + for (String publicIp : publicIpRulesMap.keySet()) { String policyIdentifier = publicIp.replace('.', '-'); @@ -532,13 +523,17 @@ public class CiscoVnmcResource implements ServerResource{ for (PortForwardingRuleTO rule : publicIpRulesMap.get(publicIp)) { if (rule.revoked()) { - //_connection.deletePFRule(tenant, Long.toString(rule.getId()), policyIdentifier); - //_connection.deleteAclRule(tenant, Long.toString(rule.getId()), policyIdentifier); + if (!_connection.deleteTenantVDCPFRule(tenant, Long.toString(rule.getId()), policyIdentifier)) { + throw new Exception("Failed to delete PF rule in VNMC for guest network with vlan " + vlanId); + } + + if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) { + throw new Exception("Failed to delete ACL ingress rule for PF in VNMC for guest network with vlan " + vlanId); + } } else { if (!_connection.createTenantVDCPFIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) { throw new Exception("Failed to create PF ip pool in VNMC for guest network with vlan " + vlanId); } - if (!_connection.createTenantVDCPFPortPool(tenant, policyIdentifier + "-" + rule.getId(), Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1]))) { throw new Exception("Failed to create PF port pool in VNMC for guest network with vlan " + vlanId);
