mirror of https://github.com/apache/jclouds.git
JCLOUDS-195. Add egress firewall rules for CloudStack
This commit is contained in:
Andrew Bayer
parent
5ec05fed70
commit
2c6d8b2479
|
|
@ -109,6 +109,64 @@ public interface FirewallApi {
|
|||
@Fallback(VoidOnNotFoundOr404.class)
|
||||
void deleteFirewallRule(@QueryParam("id") String id);
|
||||
|
||||
/**
|
||||
* @see FirewallApi#listEgressFirewallRules
|
||||
*/
|
||||
@Named("listEgressFirewallRules")
|
||||
@GET
|
||||
@QueryParams(keys = { "command", "listAll" }, values = { "listEgressFirewallRules", "true" })
|
||||
@SelectJson("firewallrule")
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Fallback(EmptySetOnNotFoundOr404.class)
|
||||
Set<FirewallRule> listEgressFirewallRules(ListFirewallRulesOptions... options);
|
||||
|
||||
/**
|
||||
* @see FirewallApi#getEgressFirewallRule
|
||||
*/
|
||||
@Named("listEgressFirewallRules")
|
||||
@GET
|
||||
@QueryParams(keys = { "command", "listAll" }, values = { "listEgressFirewallRules", "true" })
|
||||
@SelectJson("firewallrule")
|
||||
@OnlyElement
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Fallback(NullOnNotFoundOr404.class)
|
||||
FirewallRule getEgressFirewallRule(@QueryParam("id") String id);
|
||||
|
||||
/**
|
||||
* @see FirewallApi#createEgressFirewallRuleForIpAndProtocol
|
||||
*/
|
||||
@Named("createEgressFirewallRule")
|
||||
@GET
|
||||
@QueryParams(keys = "command", values = "createEgressFirewallRule")
|
||||
@Unwrap
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
AsyncCreateResponse createEgressFirewallRuleForIpAndProtocol(@QueryParam("ipaddressid") String ipAddressId,
|
||||
@QueryParam("protocol") FirewallRule.Protocol protocol,
|
||||
CreateFirewallRuleOptions... options);
|
||||
|
||||
/**
|
||||
* @see FirewallApi#createEgressFirewallRuleForIpProtocolAndPort
|
||||
*/
|
||||
@Named("createEgressFirewallRule")
|
||||
@GET
|
||||
@QueryParams(keys = "command", values = "createEgressFirewallRule")
|
||||
@Unwrap
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
AsyncCreateResponse createEgressFirewallRuleForIpProtocolAndPort(@QueryParam("ipaddressid") String ipAddressId,
|
||||
@QueryParam("protocol") FirewallRule.Protocol protocol,
|
||||
@QueryParam("startPort") int startPort,
|
||||
@QueryParam("endPort") int endPort);
|
||||
|
||||
|
||||
/**
|
||||
* @see FirewallApi#deleteEgressFirewallRule
|
||||
*/
|
||||
@Named("deleteEgressFirewallRule")
|
||||
@GET
|
||||
@QueryParams(keys = "command", values = "deleteEgressFirewallRule")
|
||||
@Fallback(VoidOnNotFoundOr404.class)
|
||||
void deleteEgressFirewallRule(@QueryParam("id") String id);
|
||||
|
||||
/**
|
||||
* @see FirewallApi#listPortForwardingRules
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -281,7 +281,123 @@ public class FirewallApiExpectTest extends BaseCloudStackExpectTest<FirewallApi>
|
|||
|
||||
client.deletePortForwardingRule("2015");
|
||||
}
|
||||
|
||||
|
||||
public void testListEgressFirewallRulesWhenResponseIs2xx() {
|
||||
FirewallApi client = requestSendsResponse(
|
||||
HttpRequest.builder()
|
||||
.method("GET")
|
||||
.endpoint(
|
||||
URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
|
||||
"apiKey=identity&signature=j3OpRXs7mEwVKs9KIb4ncRKVO9A%3D"))
|
||||
.addHeader("Accept", "application/json")
|
||||
.build(),
|
||||
HttpResponse.builder()
|
||||
.statusCode(200)
|
||||
.payload(payloadFromResource("/listegressfirewallrulesresponse.json"))
|
||||
.build());
|
||||
|
||||
Set<String> CIDRs = ImmutableSet.of("0.0.0.0/0");
|
||||
assertEquals(client.listEgressFirewallRules(),
|
||||
ImmutableSet.of(
|
||||
FirewallRule.builder().id("2017").protocol(FirewallRule.Protocol.TCP).startPort(30)
|
||||
.endPort(35).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE)
|
||||
.CIDRs(CIDRs).build(),
|
||||
FirewallRule.builder().id("2016").protocol(FirewallRule.Protocol.TCP).startPort(22)
|
||||
.endPort(22).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE)
|
||||
.CIDRs(CIDRs).build(),
|
||||
FirewallRule.builder().id("10").protocol(FirewallRule.Protocol.TCP).startPort(22)
|
||||
.endPort(22).ipAddressId("8").ipAddress("10.27.27.57").state(FirewallRule.State.ACTIVE)
|
||||
.CIDRs(CIDRs).build()
|
||||
));
|
||||
}
|
||||
|
||||
public void testListEgressFirewallRulesWhenReponseIs404() {
|
||||
FirewallApi client = requestSendsResponse(
|
||||
HttpRequest.builder()
|
||||
.method("GET")
|
||||
.endpoint(
|
||||
URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
|
||||
"apiKey=identity&signature=j3OpRXs7mEwVKs9KIb4ncRKVO9A%3D"))
|
||||
.addHeader("Accept", "application/json")
|
||||
.build(),
|
||||
HttpResponse.builder()
|
||||
.statusCode(404)
|
||||
.build());
|
||||
|
||||
assertEquals(client.listEgressFirewallRules(), ImmutableSet.of());
|
||||
}
|
||||
|
||||
public void testGetEgressFirewallRuleWhenResponseIs2xx() {
|
||||
FirewallApi client = requestSendsResponse(
|
||||
HttpRequest.builder()
|
||||
.method("GET")
|
||||
.endpoint(
|
||||
URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
|
||||
"id=2017&apiKey=identity&signature=Hi1K5VA3yd3mk0AmgJ2F6y%2BVzMo%3D"))
|
||||
.addHeader("Accept", "application/json")
|
||||
.build(),
|
||||
HttpResponse.builder()
|
||||
.statusCode(200)
|
||||
.payload(payloadFromResource("/getegressfirewallrulesresponse.json"))
|
||||
.build());
|
||||
|
||||
assertEquals(client.getEgressFirewallRule("2017"),
|
||||
FirewallRule.builder().id("2017").protocol(FirewallRule.Protocol.TCP).startPort(30)
|
||||
.endPort(35).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE)
|
||||
.CIDRs(ImmutableSet.of("0.0.0.0/0")).build()
|
||||
);
|
||||
}
|
||||
|
||||
public void testGetEgressFirewallRuleWhenResponseIs404() {
|
||||
FirewallApi client = requestSendsResponse(
|
||||
HttpRequest.builder()
|
||||
.method("GET")
|
||||
.endpoint(
|
||||
URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
|
||||
"id=4&apiKey=identity&signature=dzb5azKxXZsuGrNRJbRHfna7FMo%3D"))
|
||||
.addHeader("Accept", "application/json")
|
||||
.build(),
|
||||
HttpResponse.builder()
|
||||
.statusCode(404)
|
||||
.build());
|
||||
|
||||
assertNull(client.getEgressFirewallRule("4"));
|
||||
}
|
||||
|
||||
public void testCreateEgressFirewallRuleForIpAndProtocol() {
|
||||
FirewallApi client = requestSendsResponse(
|
||||
HttpRequest.builder()
|
||||
.method("GET")
|
||||
.endpoint(
|
||||
URI.create("http://localhost:8080/client/api?response=json&command=createEgressFirewallRule&" +
|
||||
"ipaddressid=2&protocol=TCP&apiKey=identity&signature=%2BlfEJ5zB7lxqRAn0rY0Rcfg9buw%3D"))
|
||||
.addHeader("Accept", "application/json")
|
||||
.build(),
|
||||
HttpResponse.builder()
|
||||
.statusCode(200)
|
||||
.payload(payloadFromResource("/createegressfirewallrulesresponse.json"))
|
||||
.build());
|
||||
|
||||
AsyncCreateResponse response = client.createEgressFirewallRuleForIpAndProtocol("2", FirewallRule.Protocol.TCP);
|
||||
assertEquals(response.getJobId(), "2036");
|
||||
assertEquals(response.getId(), "2017");
|
||||
}
|
||||
|
||||
public void testDeleteEgressFirewallRule() {
|
||||
FirewallApi client = requestSendsResponse(
|
||||
HttpRequest.builder()
|
||||
.method("GET")
|
||||
.endpoint(
|
||||
URI.create("http://localhost:8080/client/api?response=json&" +
|
||||
"command=deleteEgressFirewallRule&id=2015&apiKey=identity&signature=S119WNmamKwc5d9qvvkIJznXytg%3D"))
|
||||
.build(),
|
||||
HttpResponse.builder()
|
||||
.statusCode(200)
|
||||
.payload(payloadFromResource("/deleteegressfirewallrulesresponse.json"))
|
||||
.build());
|
||||
|
||||
client.deleteEgressFirewallRule("2015");
|
||||
}
|
||||
@Override
|
||||
protected FirewallApi clientFrom(CloudStackContext context) {
|
||||
return context.getApi().getFirewallApi();
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@ public class FirewallApiLiveTest extends BaseCloudStackApiLiveTest {
|
|||
private VirtualMachine vm;
|
||||
|
||||
private FirewallRule firewallRule;
|
||||
private FirewallRule egressFirewallRule;
|
||||
private PortForwardingRule portForwardingRule;
|
||||
|
||||
private Network network;
|
||||
|
|
@ -151,12 +152,43 @@ public class FirewallApiLiveTest extends BaseCloudStackApiLiveTest {
|
|||
}
|
||||
}
|
||||
|
||||
@Test(dependsOnMethods = "testCreatePortForwardingRule")
|
||||
public void testCreateEgressFirewallRule() {
|
||||
if (networksDisabled)
|
||||
return;
|
||||
|
||||
AsyncCreateResponse job = client.getFirewallApi().createEgressFirewallRuleForIpAndProtocol(
|
||||
ip.getId(), FirewallRule.Protocol.TCP, CreateFirewallRuleOptions.Builder.startPort(30).endPort(35));
|
||||
assertTrue(jobComplete.apply(job.getJobId()));
|
||||
egressFirewallRule = client.getFirewallApi().getEgressFirewallRule(job.getId());
|
||||
|
||||
assertEquals(egressFirewallRule.getStartPort(), 30);
|
||||
assertEquals(egressFirewallRule.getEndPort(), 35);
|
||||
assertEquals(egressFirewallRule.getProtocol(), FirewallRule.Protocol.TCP);
|
||||
|
||||
checkEgressFirewallRule(egressFirewallRule);
|
||||
}
|
||||
|
||||
@Test(dependsOnMethods = "testCreateEgressFirewallRule")
|
||||
public void testListEgressFirewallRules() {
|
||||
Set<FirewallRule> rules = client.getFirewallApi().listEgressFirewallRules();
|
||||
|
||||
assert rules != null;
|
||||
assertTrue(rules.size() > 0);
|
||||
|
||||
for(FirewallRule rule : rules) {
|
||||
checkEgressFirewallRule(rule);
|
||||
}
|
||||
}
|
||||
@AfterGroups(groups = "live")
|
||||
@Override
|
||||
protected void tearDownContext() {
|
||||
if (firewallRule != null) {
|
||||
client.getFirewallApi().deleteFirewallRule(firewallRule.getId());
|
||||
}
|
||||
if (egressFirewallRule != null) {
|
||||
client.getFirewallApi().deleteEgressFirewallRule(egressFirewallRule.getId());
|
||||
}
|
||||
if (portForwardingRule != null) {
|
||||
client.getFirewallApi().deletePortForwardingRule(portForwardingRule.getId());
|
||||
}
|
||||
|
|
@ -178,6 +210,15 @@ public class FirewallApiLiveTest extends BaseCloudStackApiLiveTest {
|
|||
assert rule.getProtocol() != null;
|
||||
}
|
||||
|
||||
protected void checkEgressFirewallRule(FirewallRule rule) {
|
||||
assertEquals(rule,
|
||||
client.getFirewallApi().getEgressFirewallRule(rule.getId()));
|
||||
assert rule.getId() != null : rule;
|
||||
assert rule.getStartPort() > 0 : rule;
|
||||
assert rule.getEndPort() >= rule.getStartPort() : rule;
|
||||
assert rule.getProtocol() != null;
|
||||
}
|
||||
|
||||
protected void checkPortForwardingRule(PortForwardingRule rule) {
|
||||
assertEquals(rule,
|
||||
client.getFirewallApi().getPortForwardingRule(rule.getId()));
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
{ "createegressfirewallruleresponse" : {"jobid":2036,"id":2017} }
|
||||
|
|
@ -0,0 +1 @@
|
|||
{ "deleteegressfirewallruleresponse" : {"jobid":2037} }
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
{ "listegressfirewallrulesresponse" : { "count":1 ,"firewallrule" : [
|
||||
{"id":2017,"protocol":"tcp","startport":"30","endport":"35","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"} ] } }
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
{ "listegressfirewallrulesresponse" : { "count":3 ,"firewallrule" : [
|
||||
{"id":2017,"protocol":"tcp","startport":"30","endport":"35","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"},
|
||||
{"id":2016,"protocol":"tcp","startport":"22","endport":"22","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"},
|
||||
{"id":10,"protocol":"tcp","startport":"22","endport":"22","ipaddressid":8,"ipaddress":"10.27.27.57","state":"Active","cidrlist":"0.0.0.0/0"} ] } }
|
||||
Loading…
Reference in New Issue