JCLOUDS-195. Add egress firewall rules for CloudStack in 1.6.x

This commit is contained in:
Andrew Bayer 2013-07-21 12:20:46 -07:00
parent b72f440a62
commit 4ffff04651
8 changed files with 276 additions and 1 deletions

View File

@ -159,4 +159,62 @@ public interface FirewallAsyncClient {
@Fallback(VoidOnNotFoundOr404.class)
ListenableFuture<Void> deletePortForwardingRule(@QueryParam("id") String id);
/**
* @see FirewallClient#listEgressFirewallRules
*/
@Named("listEgressFirewallRules")
@GET
@QueryParams(keys = { "command", "listAll" }, values = { "listEgressFirewallRules", "true" })
@SelectJson("firewallrule")
@Consumes(MediaType.APPLICATION_JSON)
@Fallback(EmptySetOnNotFoundOr404.class)
ListenableFuture<Set<FirewallRule>> listEgressFirewallRules(ListFirewallRulesOptions... options);
/**
* @see FirewallClient#getEgressFirewallRule
*/
@Named("listEgressFirewallRules")
@GET
@QueryParams(keys = { "command", "listAll" }, values = { "listEgressFirewallRules", "true" })
@SelectJson("firewallrule")
@OnlyElement
@Consumes(MediaType.APPLICATION_JSON)
@Fallback(NullOnNotFoundOr404.class)
ListenableFuture<FirewallRule> getEgressFirewallRule(@QueryParam("id") String id);
/**
* @see FirewallClient#createEgressFirewallRuleForIpAndProtocol
*/
@Named("createEgressFirewallRule")
@GET
@QueryParams(keys = "command", values = "createEgressFirewallRule")
@Unwrap
@Consumes(MediaType.APPLICATION_JSON)
ListenableFuture<AsyncCreateResponse> createEgressFirewallRuleForIpAndProtocol(@QueryParam("ipaddressid") String ipAddressId,
@QueryParam("protocol") FirewallRule.Protocol protocol,
CreateFirewallRuleOptions... options);
/**
* @see FirewallClient#createEgressFirewallRuleForIpProtocolAndPort
*/
@Named("createEgressFirewallRule")
@GET
@QueryParams(keys = "command", values = "createEgressFirewallRule")
@Unwrap
@Consumes(MediaType.APPLICATION_JSON)
ListenableFuture<AsyncCreateResponse> createEgressFirewallRuleForIpProtocolAndPort(@QueryParam("ipaddressid") String ipAddressId,
@QueryParam("protocol") FirewallRule.Protocol protocol,
@QueryParam("startPort") int startPort,
@QueryParam("endPort") int endPort);
/**
* @see FirewallClient#deleteEgressFirewallRule
*/
@Named("deleteEgressFirewallRule")
@GET
@QueryParams(keys = "command", values = "deleteEgressFirewallRule")
@Fallback(VoidOnNotFoundOr404.class)
ListenableFuture<Void> deleteEgressFirewallRule(@QueryParam("id") String id);
}

View File

@ -130,4 +130,55 @@ public interface FirewallClient {
* the id of the forwarding rule
*/
Void deletePortForwardingRule(String id);
/**
* List the egress firewall rules
*
* @param options
* if present, how to constrain the list.
* @return
* set of egress firewall rules or empty set if no rules are found
*/
Set<FirewallRule> listEgressFirewallRules(ListFirewallRulesOptions... options);
/**
* Get an egress firewall rule by ID
*
* @param id
* the ID of the egress firewall rule
* @return
* egress firewall rule instance or null
*/
FirewallRule getEgressFirewallRule(String id);
/**
* Create new egress firewall rule for a specific IP address
*
* @param ipAddressId
* the IP address id of the egress firewall rule
* @param protocol
* the protocol for the egress firewall rule. Valid values are TCP/UDP/ICMP
* @param options
* optional arguments for egress firewall rule creation
* @return
*/
AsyncCreateResponse createEgressFirewallRuleForIpAndProtocol(String ipAddressId,
FirewallRule.Protocol protocol,
CreateFirewallRuleOptions... options);
AsyncCreateResponse createEgressFirewallRuleForIpProtocolAndPort(String ipAddressId,
FirewallRule.Protocol protocol,
int startPort,
int endPort);
/**
* Deletes an egress firewall rule
*
* @param id
* the ID of the egress firewall rule
*/
Void deleteEgressFirewallRule(String id);
}

View File

@ -281,7 +281,124 @@ public class FirewallClientExpectTest extends BaseCloudStackExpectTest<FirewallC
client.deletePortForwardingRule("2015");
}
public void testListEgressFirewallRulesWhenResponseIs2xx() {
FirewallClient client = requestSendsResponse(
HttpRequest.builder()
.method("GET")
.endpoint(
URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
"apiKey=identity&signature=j3OpRXs7mEwVKs9KIb4ncRKVO9A%3D"))
.addHeader("Accept", "application/json")
.build(),
HttpResponse.builder()
.statusCode(200)
.payload(payloadFromResource("/listegressfirewallrulesresponse.json"))
.build());
Set<String> CIDRs = ImmutableSet.of("0.0.0.0/0");
assertEquals(client.listEgressFirewallRules(),
ImmutableSet.of(
FirewallRule.builder().id("2017").protocol(FirewallRule.Protocol.TCP).startPort(30)
.endPort(35).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE)
.CIDRs(CIDRs).build(),
FirewallRule.builder().id("2016").protocol(FirewallRule.Protocol.TCP).startPort(22)
.endPort(22).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE)
.CIDRs(CIDRs).build(),
FirewallRule.builder().id("10").protocol(FirewallRule.Protocol.TCP).startPort(22)
.endPort(22).ipAddressId("8").ipAddress("10.27.27.57").state(FirewallRule.State.ACTIVE)
.CIDRs(CIDRs).build()
));
}
public void testListEgressFirewallRulesWhenReponseIs404() {
FirewallClient client = requestSendsResponse(
HttpRequest.builder()
.method("GET")
.endpoint(
URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
"apiKey=identity&signature=j3OpRXs7mEwVKs9KIb4ncRKVO9A%3D"))
.addHeader("Accept", "application/json")
.build(),
HttpResponse.builder()
.statusCode(404)
.build());
assertEquals(client.listEgressFirewallRules(), ImmutableSet.of());
}
public void testGetEgressFirewallRuleWhenResponseIs2xx() {
FirewallClient client = requestSendsResponse(
HttpRequest.builder()
.method("GET")
.endpoint(
URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
"id=2017&apiKey=identity&signature=Hi1K5VA3yd3mk0AmgJ2F6y%2BVzMo%3D"))
.addHeader("Accept", "application/json")
.build(),
HttpResponse.builder()
.statusCode(200)
.payload(payloadFromResource("/getegressfirewallrulesresponse.json"))
.build());
assertEquals(client.getEgressFirewallRule("2017"),
FirewallRule.builder().id("2017").protocol(FirewallRule.Protocol.TCP).startPort(30)
.endPort(35).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE)
.CIDRs(ImmutableSet.of("0.0.0.0/0")).build()
);
}
public void testGetEgressFirewallRuleWhenResponseIs404() {
FirewallClient client = requestSendsResponse(
HttpRequest.builder()
.method("GET")
.endpoint(
URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
"id=4&apiKey=identity&signature=dzb5azKxXZsuGrNRJbRHfna7FMo%3D"))
.addHeader("Accept", "application/json")
.build(),
HttpResponse.builder()
.statusCode(404)
.build());
assertNull(client.getEgressFirewallRule("4"));
}
public void testCreateEgressFirewallRuleForIpAndProtocol() {
FirewallClient client = requestSendsResponse(
HttpRequest.builder()
.method("GET")
.endpoint(
URI.create("http://localhost:8080/client/api?response=json&command=createEgressFirewallRule&" +
"ipaddressid=2&protocol=TCP&apiKey=identity&signature=%2BlfEJ5zB7lxqRAn0rY0Rcfg9buw%3D"))
.addHeader("Accept", "application/json")
.build(),
HttpResponse.builder()
.statusCode(200)
.payload(payloadFromResource("/createegressfirewallrulesresponse.json"))
.build());
AsyncCreateResponse response = client.createEgressFirewallRuleForIpAndProtocol("2", FirewallRule.Protocol.TCP);
assertEquals(response.getJobId(), "2036");
assertEquals(response.getId(), "2017");
}
public void testDeleteEgressFirewallRule() {
FirewallClient client = requestSendsResponse(
HttpRequest.builder()
.method("GET")
.endpoint(
URI.create("http://localhost:8080/client/api?response=json&" +
"command=deleteEgressFirewallRule&id=2015&apiKey=identity&signature=S119WNmamKwc5d9qvvkIJznXytg%3D"))
.build(),
HttpResponse.builder()
.statusCode(200)
.payload(payloadFromResource("/deleteegressfirewallrulesresponse.json"))
.build());
client.deleteEgressFirewallRule("2015");
}
@Override
protected FirewallClient clientFrom(CloudStackContext context) {
return context.unwrap(CloudStackApiMetadata.CONTEXT_TOKEN).getApi().getFirewallClient();

View File

@ -52,6 +52,7 @@ public class FirewallClientLiveTest extends BaseCloudStackClientLiveTest {
private VirtualMachine vm;
private FirewallRule firewallRule;
private FirewallRule egressFirewallRule;
private PortForwardingRule portForwardingRule;
private Network network;
@ -151,12 +152,43 @@ public class FirewallClientLiveTest extends BaseCloudStackClientLiveTest {
}
}
@Test(dependsOnMethods = "testCreatePortForwardingRule")
public void testCreateEgressFirewallRule() {
if (networksDisabled)
return;
AsyncCreateResponse job = client.getFirewallClient().createEgressFirewallRuleForIpAndProtocol(
ip.getId(), FirewallRule.Protocol.TCP, CreateFirewallRuleOptions.Builder.startPort(30).endPort(35));
assertTrue(jobComplete.apply(job.getJobId()));
egressFirewallRule = client.getFirewallClient().getEgressFirewallRule(job.getId());
assertEquals(egressFirewallRule.getStartPort(), 30);
assertEquals(egressFirewallRule.getEndPort(), 35);
assertEquals(egressFirewallRule.getProtocol(), FirewallRule.Protocol.TCP);
checkEgressFirewallRule(egressFirewallRule);
}
@Test(dependsOnMethods = "testCreateEgressFirewallRule")
public void testListEgressFirewallRules() {
Set<FirewallRule> rules = client.getFirewallClient().listEgressFirewallRules();
assert rules != null;
assertTrue(rules.size() > 0);
for(FirewallRule rule : rules) {
checkEgressFirewallRule(rule);
}
}
@AfterGroups(groups = "live")
@Override
protected void tearDownContext() {
if (firewallRule != null) {
client.getFirewallClient().deleteFirewallRule(firewallRule.getId());
}
if (egressFirewallRule != null) {
client.getFirewallClient().deleteEgressFirewallRule(egressFirewallRule.getId());
}
if (portForwardingRule != null) {
client.getFirewallClient().deletePortForwardingRule(portForwardingRule.getId());
}
@ -178,6 +210,15 @@ public class FirewallClientLiveTest extends BaseCloudStackClientLiveTest {
assert rule.getProtocol() != null;
}
protected void checkEgressFirewallRule(FirewallRule rule) {
assertEquals(rule,
client.getFirewallClient().getEgressFirewallRule(rule.getId()));
assert rule.getId() != null : rule;
assert rule.getStartPort() > 0 : rule;
assert rule.getEndPort() >= rule.getStartPort() : rule;
assert rule.getProtocol() != null;
}
protected void checkPortForwardingRule(PortForwardingRule rule) {
assertEquals(rule,
client.getFirewallClient().getPortForwardingRule(rule.getId()));

View File

@ -0,0 +1 @@
{ "createegressfirewallruleresponse" : {"jobid":2036,"id":2017} }

View File

@ -0,0 +1 @@
{ "deleteegressfirewallruleresponse" : {"jobid":2037} }

View File

@ -0,0 +1,2 @@
{ "listegressfirewallrulesresponse" : { "count":1 ,"firewallrule" : [
{"id":2017,"protocol":"tcp","startport":"30","endport":"35","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"} ] } }

View File

@ -0,0 +1,4 @@
{ "listegressfirewallrulesresponse" : { "count":3 ,"firewallrule" : [
{"id":2017,"protocol":"tcp","startport":"30","endport":"35","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"},
{"id":2016,"protocol":"tcp","startport":"22","endport":"22","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"},
{"id":10,"protocol":"tcp","startport":"22","endport":"22","ipaddressid":8,"ipaddress":"10.27.27.57","state":"Active","cidrlist":"0.0.0.0/0"} ] } }