Updated Branches: refs/heads/master 5ec05fed7 -> 2c6d8b247
JCLOUDS-195. Add egress firewall rules for CloudStack Project: http://git-wip-us.apache.org/repos/asf/incubator-jclouds/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-jclouds/commit/2c6d8b24 Tree: http://git-wip-us.apache.org/repos/asf/incubator-jclouds/tree/2c6d8b24 Diff: http://git-wip-us.apache.org/repos/asf/incubator-jclouds/diff/2c6d8b24 Branch: refs/heads/master Commit: 2c6d8b24797ad87a8653e90db84aa6ebac8e9d67 Parents: 5ec05fe Author: Andrew Bayer <[email protected]> Authored: Sun Jul 21 12:29:34 2013 -0700 Committer: Andrew Bayer <[email protected]> Committed: Sun Jul 21 13:38:57 2013 -0700 ---------------------------------------------------------------------- .../cloudstack/features/FirewallApi.java | 58 +++++++++ .../features/FirewallApiExpectTest.java | 118 ++++++++++++++++++- .../features/FirewallApiLiveTest.java | 41 +++++++ .../createegressfirewallrulesresponse.json | 1 + .../deleteegressfirewallrulesresponse.json | 1 + .../getegressfirewallrulesresponse.json | 2 + .../listegressfirewallrulesresponse.json | 4 + 7 files changed, 224 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/main/java/org/jclouds/cloudstack/features/FirewallApi.java ---------------------------------------------------------------------- diff --git a/apis/cloudstack/src/main/java/org/jclouds/cloudstack/features/FirewallApi.java b/apis/cloudstack/src/main/java/org/jclouds/cloudstack/features/FirewallApi.java index 60bb6f8..386fc1b 100644 --- a/apis/cloudstack/src/main/java/org/jclouds/cloudstack/features/FirewallApi.java +++ b/apis/cloudstack/src/main/java/org/jclouds/cloudstack/features/FirewallApi.java @@ -110,6 +110,64 @@ public interface FirewallApi { void deleteFirewallRule(@QueryParam("id") String id); /** + * @see FirewallApi#listEgressFirewallRules + */ + @Named("listEgressFirewallRules") + @GET + @QueryParams(keys = { "command", "listAll" }, values = { "listEgressFirewallRules", "true" }) + @SelectJson("firewallrule") + @Consumes(MediaType.APPLICATION_JSON) + @Fallback(EmptySetOnNotFoundOr404.class) + Set<FirewallRule> listEgressFirewallRules(ListFirewallRulesOptions... options); + + /** + * @see FirewallApi#getEgressFirewallRule + */ + @Named("listEgressFirewallRules") + @GET + @QueryParams(keys = { "command", "listAll" }, values = { "listEgressFirewallRules", "true" }) + @SelectJson("firewallrule") + @OnlyElement + @Consumes(MediaType.APPLICATION_JSON) + @Fallback(NullOnNotFoundOr404.class) + FirewallRule getEgressFirewallRule(@QueryParam("id") String id); + + /** + * @see FirewallApi#createEgressFirewallRuleForIpAndProtocol + */ + @Named("createEgressFirewallRule") + @GET + @QueryParams(keys = "command", values = "createEgressFirewallRule") + @Unwrap + @Consumes(MediaType.APPLICATION_JSON) + AsyncCreateResponse createEgressFirewallRuleForIpAndProtocol(@QueryParam("ipaddressid") String ipAddressId, + @QueryParam("protocol") FirewallRule.Protocol protocol, + CreateFirewallRuleOptions... options); + + /** + * @see FirewallApi#createEgressFirewallRuleForIpProtocolAndPort + */ + @Named("createEgressFirewallRule") + @GET + @QueryParams(keys = "command", values = "createEgressFirewallRule") + @Unwrap + @Consumes(MediaType.APPLICATION_JSON) + AsyncCreateResponse createEgressFirewallRuleForIpProtocolAndPort(@QueryParam("ipaddressid") String ipAddressId, + @QueryParam("protocol") FirewallRule.Protocol protocol, + @QueryParam("startPort") int startPort, + @QueryParam("endPort") int endPort); + + + /** + * @see FirewallApi#deleteEgressFirewallRule + */ + @Named("deleteEgressFirewallRule") + @GET + @QueryParams(keys = "command", values = "deleteEgressFirewallRule") + @Fallback(VoidOnNotFoundOr404.class) + void deleteEgressFirewallRule(@QueryParam("id") String id); + + /** * @see FirewallApi#listPortForwardingRules */ @Named("listPortForwardingRules") http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiExpectTest.java ---------------------------------------------------------------------- diff --git a/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiExpectTest.java b/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiExpectTest.java index 979e4ed..ac7e205 100644 --- a/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiExpectTest.java +++ b/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiExpectTest.java @@ -281,7 +281,123 @@ public class FirewallApiExpectTest extends BaseCloudStackExpectTest<FirewallApi> client.deletePortForwardingRule("2015"); } - + + public void testListEgressFirewallRulesWhenResponseIs2xx() { + FirewallApi client = requestSendsResponse( + HttpRequest.builder() + .method("GET") + .endpoint( + URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&"; + + "apiKey=identity&signature=j3OpRXs7mEwVKs9KIb4ncRKVO9A%3D")) + .addHeader("Accept", "application/json") + .build(), + HttpResponse.builder() + .statusCode(200) + .payload(payloadFromResource("/listegressfirewallrulesresponse.json")) + .build()); + + Set<String> CIDRs = ImmutableSet.of("0.0.0.0/0"); + assertEquals(client.listEgressFirewallRules(), + ImmutableSet.of( + FirewallRule.builder().id("2017").protocol(FirewallRule.Protocol.TCP).startPort(30) + .endPort(35).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE) + .CIDRs(CIDRs).build(), + FirewallRule.builder().id("2016").protocol(FirewallRule.Protocol.TCP).startPort(22) + .endPort(22).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE) + .CIDRs(CIDRs).build(), + FirewallRule.builder().id("10").protocol(FirewallRule.Protocol.TCP).startPort(22) + .endPort(22).ipAddressId("8").ipAddress("10.27.27.57").state(FirewallRule.State.ACTIVE) + .CIDRs(CIDRs).build() + )); + } + + public void testListEgressFirewallRulesWhenReponseIs404() { + FirewallApi client = requestSendsResponse( + HttpRequest.builder() + .method("GET") + .endpoint( + URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&"; + + "apiKey=identity&signature=j3OpRXs7mEwVKs9KIb4ncRKVO9A%3D")) + .addHeader("Accept", "application/json") + .build(), + HttpResponse.builder() + .statusCode(404) + .build()); + + assertEquals(client.listEgressFirewallRules(), ImmutableSet.of()); + } + + public void testGetEgressFirewallRuleWhenResponseIs2xx() { + FirewallApi client = requestSendsResponse( + HttpRequest.builder() + .method("GET") + .endpoint( + URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&"; + + "id=2017&apiKey=identity&signature=Hi1K5VA3yd3mk0AmgJ2F6y%2BVzMo%3D")) + .addHeader("Accept", "application/json") + .build(), + HttpResponse.builder() + .statusCode(200) + .payload(payloadFromResource("/getegressfirewallrulesresponse.json")) + .build()); + + assertEquals(client.getEgressFirewallRule("2017"), + FirewallRule.builder().id("2017").protocol(FirewallRule.Protocol.TCP).startPort(30) + .endPort(35).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE) + .CIDRs(ImmutableSet.of("0.0.0.0/0")).build() + ); + } + + public void testGetEgressFirewallRuleWhenResponseIs404() { + FirewallApi client = requestSendsResponse( + HttpRequest.builder() + .method("GET") + .endpoint( + URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&"; + + "id=4&apiKey=identity&signature=dzb5azKxXZsuGrNRJbRHfna7FMo%3D")) + .addHeader("Accept", "application/json") + .build(), + HttpResponse.builder() + .statusCode(404) + .build()); + + assertNull(client.getEgressFirewallRule("4")); + } + + public void testCreateEgressFirewallRuleForIpAndProtocol() { + FirewallApi client = requestSendsResponse( + HttpRequest.builder() + .method("GET") + .endpoint( + URI.create("http://localhost:8080/client/api?response=json&command=createEgressFirewallRule&"; + + "ipaddressid=2&protocol=TCP&apiKey=identity&signature=%2BlfEJ5zB7lxqRAn0rY0Rcfg9buw%3D")) + .addHeader("Accept", "application/json") + .build(), + HttpResponse.builder() + .statusCode(200) + .payload(payloadFromResource("/createegressfirewallrulesresponse.json")) + .build()); + + AsyncCreateResponse response = client.createEgressFirewallRuleForIpAndProtocol("2", FirewallRule.Protocol.TCP); + assertEquals(response.getJobId(), "2036"); + assertEquals(response.getId(), "2017"); + } + + public void testDeleteEgressFirewallRule() { + FirewallApi client = requestSendsResponse( + HttpRequest.builder() + .method("GET") + .endpoint( + URI.create("http://localhost:8080/client/api?response=json&"; + + "command=deleteEgressFirewallRule&id=2015&apiKey=identity&signature=S119WNmamKwc5d9qvvkIJznXytg%3D")) + .build(), + HttpResponse.builder() + .statusCode(200) + .payload(payloadFromResource("/deleteegressfirewallrulesresponse.json")) + .build()); + + client.deleteEgressFirewallRule("2015"); + } @Override protected FirewallApi clientFrom(CloudStackContext context) { return context.getApi().getFirewallApi(); http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiLiveTest.java ---------------------------------------------------------------------- diff --git a/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiLiveTest.java b/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiLiveTest.java index 64cdf44..8defd85 100644 --- a/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiLiveTest.java +++ b/apis/cloudstack/src/test/java/org/jclouds/cloudstack/features/FirewallApiLiveTest.java @@ -52,6 +52,7 @@ public class FirewallApiLiveTest extends BaseCloudStackApiLiveTest { private VirtualMachine vm; private FirewallRule firewallRule; + private FirewallRule egressFirewallRule; private PortForwardingRule portForwardingRule; private Network network; @@ -151,12 +152,43 @@ public class FirewallApiLiveTest extends BaseCloudStackApiLiveTest { } } + @Test(dependsOnMethods = "testCreatePortForwardingRule") + public void testCreateEgressFirewallRule() { + if (networksDisabled) + return; + + AsyncCreateResponse job = client.getFirewallApi().createEgressFirewallRuleForIpAndProtocol( + ip.getId(), FirewallRule.Protocol.TCP, CreateFirewallRuleOptions.Builder.startPort(30).endPort(35)); + assertTrue(jobComplete.apply(job.getJobId())); + egressFirewallRule = client.getFirewallApi().getEgressFirewallRule(job.getId()); + + assertEquals(egressFirewallRule.getStartPort(), 30); + assertEquals(egressFirewallRule.getEndPort(), 35); + assertEquals(egressFirewallRule.getProtocol(), FirewallRule.Protocol.TCP); + + checkEgressFirewallRule(egressFirewallRule); + } + + @Test(dependsOnMethods = "testCreateEgressFirewallRule") + public void testListEgressFirewallRules() { + Set<FirewallRule> rules = client.getFirewallApi().listEgressFirewallRules(); + + assert rules != null; + assertTrue(rules.size() > 0); + + for(FirewallRule rule : rules) { + checkEgressFirewallRule(rule); + } + } @AfterGroups(groups = "live") @Override protected void tearDownContext() { if (firewallRule != null) { client.getFirewallApi().deleteFirewallRule(firewallRule.getId()); } + if (egressFirewallRule != null) { + client.getFirewallApi().deleteEgressFirewallRule(egressFirewallRule.getId()); + } if (portForwardingRule != null) { client.getFirewallApi().deletePortForwardingRule(portForwardingRule.getId()); } @@ -178,6 +210,15 @@ public class FirewallApiLiveTest extends BaseCloudStackApiLiveTest { assert rule.getProtocol() != null; } + protected void checkEgressFirewallRule(FirewallRule rule) { + assertEquals(rule, + client.getFirewallApi().getEgressFirewallRule(rule.getId())); + assert rule.getId() != null : rule; + assert rule.getStartPort() > 0 : rule; + assert rule.getEndPort() >= rule.getStartPort() : rule; + assert rule.getProtocol() != null; + } + protected void checkPortForwardingRule(PortForwardingRule rule) { assertEquals(rule, client.getFirewallApi().getPortForwardingRule(rule.getId())); http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/test/resources/createegressfirewallrulesresponse.json ---------------------------------------------------------------------- diff --git a/apis/cloudstack/src/test/resources/createegressfirewallrulesresponse.json b/apis/cloudstack/src/test/resources/createegressfirewallrulesresponse.json new file mode 100644 index 0000000..728952a --- /dev/null +++ b/apis/cloudstack/src/test/resources/createegressfirewallrulesresponse.json @@ -0,0 +1 @@ +{ "createegressfirewallruleresponse" : {"jobid":2036,"id":2017} } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/test/resources/deleteegressfirewallrulesresponse.json ---------------------------------------------------------------------- diff --git a/apis/cloudstack/src/test/resources/deleteegressfirewallrulesresponse.json b/apis/cloudstack/src/test/resources/deleteegressfirewallrulesresponse.json new file mode 100644 index 0000000..bde4289 --- /dev/null +++ b/apis/cloudstack/src/test/resources/deleteegressfirewallrulesresponse.json @@ -0,0 +1 @@ +{ "deleteegressfirewallruleresponse" : {"jobid":2037} } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/test/resources/getegressfirewallrulesresponse.json ---------------------------------------------------------------------- diff --git a/apis/cloudstack/src/test/resources/getegressfirewallrulesresponse.json b/apis/cloudstack/src/test/resources/getegressfirewallrulesresponse.json new file mode 100644 index 0000000..bc14994 --- /dev/null +++ b/apis/cloudstack/src/test/resources/getegressfirewallrulesresponse.json @@ -0,0 +1,2 @@ +{ "listegressfirewallrulesresponse" : { "count":1 ,"firewallrule" : [ + {"id":2017,"protocol":"tcp","startport":"30","endport":"35","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"} ] } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/2c6d8b24/apis/cloudstack/src/test/resources/listegressfirewallrulesresponse.json ---------------------------------------------------------------------- diff --git a/apis/cloudstack/src/test/resources/listegressfirewallrulesresponse.json b/apis/cloudstack/src/test/resources/listegressfirewallrulesresponse.json new file mode 100644 index 0000000..c76b216 --- /dev/null +++ b/apis/cloudstack/src/test/resources/listegressfirewallrulesresponse.json @@ -0,0 +1,4 @@ +{ "listegressfirewallrulesresponse" : { "count":3 ,"firewallrule" : [ + {"id":2017,"protocol":"tcp","startport":"30","endport":"35","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"}, + {"id":2016,"protocol":"tcp","startport":"22","endport":"22","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"}, + {"id":10,"protocol":"tcp","startport":"22","endport":"22","ipaddressid":8,"ipaddress":"10.27.27.57","state":"Active","cidrlist":"0.0.0.0/0"} ] } } \ No newline at end of file
