mirror of https://github.com/apache/jclouds.git
JCLOUDS-195. Add egress firewall rules for CloudStack in 1.6.x
This commit is contained in:
parent
b72f440a62
commit
4ffff04651
|
@ -159,4 +159,62 @@ public interface FirewallAsyncClient {
|
|||
@Fallback(VoidOnNotFoundOr404.class)
|
||||
ListenableFuture<Void> deletePortForwardingRule(@QueryParam("id") String id);
|
||||
|
||||
/**
|
||||
* @see FirewallClient#listEgressFirewallRules
|
||||
*/
|
||||
@Named("listEgressFirewallRules")
|
||||
@GET
|
||||
@QueryParams(keys = { "command", "listAll" }, values = { "listEgressFirewallRules", "true" })
|
||||
@SelectJson("firewallrule")
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Fallback(EmptySetOnNotFoundOr404.class)
|
||||
ListenableFuture<Set<FirewallRule>> listEgressFirewallRules(ListFirewallRulesOptions... options);
|
||||
|
||||
/**
|
||||
* @see FirewallClient#getEgressFirewallRule
|
||||
*/
|
||||
@Named("listEgressFirewallRules")
|
||||
@GET
|
||||
@QueryParams(keys = { "command", "listAll" }, values = { "listEgressFirewallRules", "true" })
|
||||
@SelectJson("firewallrule")
|
||||
@OnlyElement
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Fallback(NullOnNotFoundOr404.class)
|
||||
ListenableFuture<FirewallRule> getEgressFirewallRule(@QueryParam("id") String id);
|
||||
|
||||
/**
|
||||
* @see FirewallClient#createEgressFirewallRuleForIpAndProtocol
|
||||
*/
|
||||
@Named("createEgressFirewallRule")
|
||||
@GET
|
||||
@QueryParams(keys = "command", values = "createEgressFirewallRule")
|
||||
@Unwrap
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
ListenableFuture<AsyncCreateResponse> createEgressFirewallRuleForIpAndProtocol(@QueryParam("ipaddressid") String ipAddressId,
|
||||
@QueryParam("protocol") FirewallRule.Protocol protocol,
|
||||
CreateFirewallRuleOptions... options);
|
||||
|
||||
/**
|
||||
* @see FirewallClient#createEgressFirewallRuleForIpProtocolAndPort
|
||||
*/
|
||||
@Named("createEgressFirewallRule")
|
||||
@GET
|
||||
@QueryParams(keys = "command", values = "createEgressFirewallRule")
|
||||
@Unwrap
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
ListenableFuture<AsyncCreateResponse> createEgressFirewallRuleForIpProtocolAndPort(@QueryParam("ipaddressid") String ipAddressId,
|
||||
@QueryParam("protocol") FirewallRule.Protocol protocol,
|
||||
@QueryParam("startPort") int startPort,
|
||||
@QueryParam("endPort") int endPort);
|
||||
|
||||
|
||||
/**
|
||||
* @see FirewallClient#deleteEgressFirewallRule
|
||||
*/
|
||||
@Named("deleteEgressFirewallRule")
|
||||
@GET
|
||||
@QueryParams(keys = "command", values = "deleteEgressFirewallRule")
|
||||
@Fallback(VoidOnNotFoundOr404.class)
|
||||
ListenableFuture<Void> deleteEgressFirewallRule(@QueryParam("id") String id);
|
||||
|
||||
}
|
||||
|
|
|
@ -130,4 +130,55 @@ public interface FirewallClient {
|
|||
* the id of the forwarding rule
|
||||
*/
|
||||
Void deletePortForwardingRule(String id);
|
||||
|
||||
/**
|
||||
* List the egress firewall rules
|
||||
*
|
||||
* @param options
|
||||
* if present, how to constrain the list.
|
||||
* @return
|
||||
* set of egress firewall rules or empty set if no rules are found
|
||||
*/
|
||||
Set<FirewallRule> listEgressFirewallRules(ListFirewallRulesOptions... options);
|
||||
|
||||
/**
|
||||
* Get an egress firewall rule by ID
|
||||
*
|
||||
* @param id
|
||||
* the ID of the egress firewall rule
|
||||
* @return
|
||||
* egress firewall rule instance or null
|
||||
*/
|
||||
FirewallRule getEgressFirewallRule(String id);
|
||||
|
||||
/**
|
||||
* Create new egress firewall rule for a specific IP address
|
||||
*
|
||||
* @param ipAddressId
|
||||
* the IP address id of the egress firewall rule
|
||||
* @param protocol
|
||||
* the protocol for the egress firewall rule. Valid values are TCP/UDP/ICMP
|
||||
* @param options
|
||||
* optional arguments for egress firewall rule creation
|
||||
* @return
|
||||
*/
|
||||
AsyncCreateResponse createEgressFirewallRuleForIpAndProtocol(String ipAddressId,
|
||||
FirewallRule.Protocol protocol,
|
||||
CreateFirewallRuleOptions... options);
|
||||
|
||||
|
||||
AsyncCreateResponse createEgressFirewallRuleForIpProtocolAndPort(String ipAddressId,
|
||||
FirewallRule.Protocol protocol,
|
||||
int startPort,
|
||||
int endPort);
|
||||
|
||||
|
||||
/**
|
||||
* Deletes an egress firewall rule
|
||||
*
|
||||
* @param id
|
||||
* the ID of the egress firewall rule
|
||||
*/
|
||||
Void deleteEgressFirewallRule(String id);
|
||||
|
||||
}
|
||||
|
|
|
@ -281,7 +281,124 @@ public class FirewallClientExpectTest extends BaseCloudStackExpectTest<FirewallC
|
|||
|
||||
client.deletePortForwardingRule("2015");
|
||||
}
|
||||
|
||||
|
||||
public void testListEgressFirewallRulesWhenResponseIs2xx() {
|
||||
FirewallClient client = requestSendsResponse(
|
||||
HttpRequest.builder()
|
||||
.method("GET")
|
||||
.endpoint(
|
||||
URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
|
||||
"apiKey=identity&signature=j3OpRXs7mEwVKs9KIb4ncRKVO9A%3D"))
|
||||
.addHeader("Accept", "application/json")
|
||||
.build(),
|
||||
HttpResponse.builder()
|
||||
.statusCode(200)
|
||||
.payload(payloadFromResource("/listegressfirewallrulesresponse.json"))
|
||||
.build());
|
||||
|
||||
Set<String> CIDRs = ImmutableSet.of("0.0.0.0/0");
|
||||
assertEquals(client.listEgressFirewallRules(),
|
||||
ImmutableSet.of(
|
||||
FirewallRule.builder().id("2017").protocol(FirewallRule.Protocol.TCP).startPort(30)
|
||||
.endPort(35).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE)
|
||||
.CIDRs(CIDRs).build(),
|
||||
FirewallRule.builder().id("2016").protocol(FirewallRule.Protocol.TCP).startPort(22)
|
||||
.endPort(22).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE)
|
||||
.CIDRs(CIDRs).build(),
|
||||
FirewallRule.builder().id("10").protocol(FirewallRule.Protocol.TCP).startPort(22)
|
||||
.endPort(22).ipAddressId("8").ipAddress("10.27.27.57").state(FirewallRule.State.ACTIVE)
|
||||
.CIDRs(CIDRs).build()
|
||||
));
|
||||
}
|
||||
|
||||
public void testListEgressFirewallRulesWhenReponseIs404() {
|
||||
FirewallClient client = requestSendsResponse(
|
||||
HttpRequest.builder()
|
||||
.method("GET")
|
||||
.endpoint(
|
||||
URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
|
||||
"apiKey=identity&signature=j3OpRXs7mEwVKs9KIb4ncRKVO9A%3D"))
|
||||
.addHeader("Accept", "application/json")
|
||||
.build(),
|
||||
HttpResponse.builder()
|
||||
.statusCode(404)
|
||||
.build());
|
||||
|
||||
assertEquals(client.listEgressFirewallRules(), ImmutableSet.of());
|
||||
}
|
||||
|
||||
public void testGetEgressFirewallRuleWhenResponseIs2xx() {
|
||||
FirewallClient client = requestSendsResponse(
|
||||
HttpRequest.builder()
|
||||
.method("GET")
|
||||
.endpoint(
|
||||
URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
|
||||
"id=2017&apiKey=identity&signature=Hi1K5VA3yd3mk0AmgJ2F6y%2BVzMo%3D"))
|
||||
.addHeader("Accept", "application/json")
|
||||
.build(),
|
||||
HttpResponse.builder()
|
||||
.statusCode(200)
|
||||
.payload(payloadFromResource("/getegressfirewallrulesresponse.json"))
|
||||
.build());
|
||||
|
||||
assertEquals(client.getEgressFirewallRule("2017"),
|
||||
FirewallRule.builder().id("2017").protocol(FirewallRule.Protocol.TCP).startPort(30)
|
||||
.endPort(35).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE)
|
||||
.CIDRs(ImmutableSet.of("0.0.0.0/0")).build()
|
||||
);
|
||||
}
|
||||
|
||||
public void testGetEgressFirewallRuleWhenResponseIs404() {
|
||||
FirewallClient client = requestSendsResponse(
|
||||
HttpRequest.builder()
|
||||
.method("GET")
|
||||
.endpoint(
|
||||
URI.create("http://localhost:8080/client/api?response=json&command=listEgressFirewallRules&listAll=true&" +
|
||||
"id=4&apiKey=identity&signature=dzb5azKxXZsuGrNRJbRHfna7FMo%3D"))
|
||||
.addHeader("Accept", "application/json")
|
||||
.build(),
|
||||
HttpResponse.builder()
|
||||
.statusCode(404)
|
||||
.build());
|
||||
|
||||
assertNull(client.getEgressFirewallRule("4"));
|
||||
}
|
||||
|
||||
public void testCreateEgressFirewallRuleForIpAndProtocol() {
|
||||
FirewallClient client = requestSendsResponse(
|
||||
HttpRequest.builder()
|
||||
.method("GET")
|
||||
.endpoint(
|
||||
URI.create("http://localhost:8080/client/api?response=json&command=createEgressFirewallRule&" +
|
||||
"ipaddressid=2&protocol=TCP&apiKey=identity&signature=%2BlfEJ5zB7lxqRAn0rY0Rcfg9buw%3D"))
|
||||
.addHeader("Accept", "application/json")
|
||||
.build(),
|
||||
HttpResponse.builder()
|
||||
.statusCode(200)
|
||||
.payload(payloadFromResource("/createegressfirewallrulesresponse.json"))
|
||||
.build());
|
||||
|
||||
AsyncCreateResponse response = client.createEgressFirewallRuleForIpAndProtocol("2", FirewallRule.Protocol.TCP);
|
||||
assertEquals(response.getJobId(), "2036");
|
||||
assertEquals(response.getId(), "2017");
|
||||
}
|
||||
|
||||
public void testDeleteEgressFirewallRule() {
|
||||
FirewallClient client = requestSendsResponse(
|
||||
HttpRequest.builder()
|
||||
.method("GET")
|
||||
.endpoint(
|
||||
URI.create("http://localhost:8080/client/api?response=json&" +
|
||||
"command=deleteEgressFirewallRule&id=2015&apiKey=identity&signature=S119WNmamKwc5d9qvvkIJznXytg%3D"))
|
||||
.build(),
|
||||
HttpResponse.builder()
|
||||
.statusCode(200)
|
||||
.payload(payloadFromResource("/deleteegressfirewallrulesresponse.json"))
|
||||
.build());
|
||||
|
||||
client.deleteEgressFirewallRule("2015");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected FirewallClient clientFrom(CloudStackContext context) {
|
||||
return context.unwrap(CloudStackApiMetadata.CONTEXT_TOKEN).getApi().getFirewallClient();
|
||||
|
|
|
@ -52,6 +52,7 @@ public class FirewallClientLiveTest extends BaseCloudStackClientLiveTest {
|
|||
private VirtualMachine vm;
|
||||
|
||||
private FirewallRule firewallRule;
|
||||
private FirewallRule egressFirewallRule;
|
||||
private PortForwardingRule portForwardingRule;
|
||||
|
||||
private Network network;
|
||||
|
@ -151,12 +152,43 @@ public class FirewallClientLiveTest extends BaseCloudStackClientLiveTest {
|
|||
}
|
||||
}
|
||||
|
||||
@Test(dependsOnMethods = "testCreatePortForwardingRule")
|
||||
public void testCreateEgressFirewallRule() {
|
||||
if (networksDisabled)
|
||||
return;
|
||||
|
||||
AsyncCreateResponse job = client.getFirewallClient().createEgressFirewallRuleForIpAndProtocol(
|
||||
ip.getId(), FirewallRule.Protocol.TCP, CreateFirewallRuleOptions.Builder.startPort(30).endPort(35));
|
||||
assertTrue(jobComplete.apply(job.getJobId()));
|
||||
egressFirewallRule = client.getFirewallClient().getEgressFirewallRule(job.getId());
|
||||
|
||||
assertEquals(egressFirewallRule.getStartPort(), 30);
|
||||
assertEquals(egressFirewallRule.getEndPort(), 35);
|
||||
assertEquals(egressFirewallRule.getProtocol(), FirewallRule.Protocol.TCP);
|
||||
|
||||
checkEgressFirewallRule(egressFirewallRule);
|
||||
}
|
||||
|
||||
@Test(dependsOnMethods = "testCreateEgressFirewallRule")
|
||||
public void testListEgressFirewallRules() {
|
||||
Set<FirewallRule> rules = client.getFirewallClient().listEgressFirewallRules();
|
||||
|
||||
assert rules != null;
|
||||
assertTrue(rules.size() > 0);
|
||||
|
||||
for(FirewallRule rule : rules) {
|
||||
checkEgressFirewallRule(rule);
|
||||
}
|
||||
}
|
||||
@AfterGroups(groups = "live")
|
||||
@Override
|
||||
protected void tearDownContext() {
|
||||
if (firewallRule != null) {
|
||||
client.getFirewallClient().deleteFirewallRule(firewallRule.getId());
|
||||
}
|
||||
if (egressFirewallRule != null) {
|
||||
client.getFirewallClient().deleteEgressFirewallRule(egressFirewallRule.getId());
|
||||
}
|
||||
if (portForwardingRule != null) {
|
||||
client.getFirewallClient().deletePortForwardingRule(portForwardingRule.getId());
|
||||
}
|
||||
|
@ -178,6 +210,15 @@ public class FirewallClientLiveTest extends BaseCloudStackClientLiveTest {
|
|||
assert rule.getProtocol() != null;
|
||||
}
|
||||
|
||||
protected void checkEgressFirewallRule(FirewallRule rule) {
|
||||
assertEquals(rule,
|
||||
client.getFirewallClient().getEgressFirewallRule(rule.getId()));
|
||||
assert rule.getId() != null : rule;
|
||||
assert rule.getStartPort() > 0 : rule;
|
||||
assert rule.getEndPort() >= rule.getStartPort() : rule;
|
||||
assert rule.getProtocol() != null;
|
||||
}
|
||||
|
||||
protected void checkPortForwardingRule(PortForwardingRule rule) {
|
||||
assertEquals(rule,
|
||||
client.getFirewallClient().getPortForwardingRule(rule.getId()));
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
{ "createegressfirewallruleresponse" : {"jobid":2036,"id":2017} }
|
|
@ -0,0 +1 @@
|
|||
{ "deleteegressfirewallruleresponse" : {"jobid":2037} }
|
|
@ -0,0 +1,2 @@
|
|||
{ "listegressfirewallrulesresponse" : { "count":1 ,"firewallrule" : [
|
||||
{"id":2017,"protocol":"tcp","startport":"30","endport":"35","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"} ] } }
|
|
@ -0,0 +1,4 @@
|
|||
{ "listegressfirewallrulesresponse" : { "count":3 ,"firewallrule" : [
|
||||
{"id":2017,"protocol":"tcp","startport":"30","endport":"35","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"},
|
||||
{"id":2016,"protocol":"tcp","startport":"22","endport":"22","ipaddressid":2,"ipaddress":"10.27.27.51","state":"Active","cidrlist":"0.0.0.0/0"},
|
||||
{"id":10,"protocol":"tcp","startport":"22","endport":"22","ipaddressid":8,"ipaddress":"10.27.27.57","state":"Active","cidrlist":"0.0.0.0/0"} ] } }
|
Loading…
Reference in New Issue