public Set<FirewallRule> apply(PublicIPAddress ip, String protocol, Iterable<Integer> ports) { checkState(ip.getVirtualMachineId() != null, "ip %s should be static NATed to a virtual machine before applying rules", ip); if (Iterables.isEmpty(ports)) return ImmutableSet.<FirewallRule> of(); Builder<AsyncCreateResponse> responses = ImmutableSet.builder(); for (int port : ports) { AsyncCreateResponse response = client.getFirewallApi().createFirewallRuleForIpAndProtocol(ip.getId(), FirewallRule.Protocol.fromValue(protocol), CreateFirewallRuleOptions.Builder.startPort(port).endPort(port)); logger.debug(">> creating firewall rule IPAddress(%s) for protocol(%s), port(%s); response(%s)", ip.getId(), protocol, port, response); responses.add(response); } Builder<FirewallRule> rules = ImmutableSet.builder(); for (AsyncCreateResponse response : responses.build()) { FirewallRule rule = blockUntilJobCompletesAndReturnResult.<FirewallRule> apply(response); rules.add(rule); getFirewallRulesByVirtualMachine.asMap().put(ip.getVirtualMachineId(), ImmutableSet.of(rule)); } return rules.build(); } }
public Set<String> deleteFirewallRulesForVMAndReturnDistinctIPs(String virtualMachineId) { // immutable doesn't permit duplicates Set<String> ipAddresses = Sets.newLinkedHashSet(); String publicIpId = client.getVirtualMachineApi().getVirtualMachine(virtualMachineId).getPublicIPId(); if (publicIpId != null) { Set<FirewallRule> firewallRules = client.getFirewallApi() .listFirewallRules(ListFirewallRulesOptions.Builder.ipAddressId(client.getVirtualMachineApi().getVirtualMachine(virtualMachineId).getPublicIPId())); for (FirewallRule rule : firewallRules) { if (rule.getState() != FirewallRule.State.DELETING) { ipAddresses.add(rule.getIpAddressId()); client.getFirewallApi().deleteFirewallRule(rule.getId()); logger.debug(">> deleting FirewallRule(%s)", rule.getId()); } } } return ipAddresses; }
@Test(dependsOnMethods = "testCreatePortForwardingRule") public void testListPortForwardingRules() throws Exception { Set<PortForwardingRule> response = client.getFirewallApi().listPortForwardingRules(); assert null != response; assertTrue(response.size() > 0); for (final PortForwardingRule rule : response) { checkPortForwardingRule(rule); } }
@Test(dependsOnMethods = "testCreatePortForwardingRule") public void testCreateEgressFirewallRule() { if (networksDisabled) return; AsyncCreateResponse job = client.getFirewallApi().createEgressFirewallRuleForNetworkAndProtocol( network.getId(), FirewallRule.Protocol.TCP, CreateFirewallRuleOptions.Builder.startPort(30).endPort(35)); assertTrue(jobComplete.apply(job.getJobId())); egressFirewallRule = client.getFirewallApi().getEgressFirewallRule(job.getId()); assertEquals(egressFirewallRule.getStartPort(), 30); assertEquals(egressFirewallRule.getEndPort(), 35); assertEquals(egressFirewallRule.getProtocol(), FirewallRule.Protocol.TCP); checkEgressFirewallRule(egressFirewallRule); }
@Test(dependsOnMethods = "testCreatePortForwardingRule") public void testCreateFirewallRule() { if (networksDisabled) return; AsyncCreateResponse job = client.getFirewallApi().createFirewallRuleForIpAndProtocol( ip.getId(), FirewallRule.Protocol.TCP, CreateFirewallRuleOptions.Builder.startPort(30).endPort(35)); assertTrue(jobComplete.apply(job.getJobId())); firewallRule = client.getFirewallApi().getFirewallRule(job.getId()); assertEquals(firewallRule.getStartPort(), 30); assertEquals(firewallRule.getEndPort(), 35); assertEquals(firewallRule.getProtocol(), FirewallRule.Protocol.TCP); checkFirewallRule(firewallRule); }
@AfterGroups(groups = "live") @Override protected void tearDownContext() { if (firewallRule != null) { client.getFirewallApi().deleteFirewallRule(firewallRule.getId()); } if (egressFirewallRule != null) { client.getFirewallApi().deleteEgressFirewallRule(egressFirewallRule.getId()); } if (portForwardingRule != null) { client.getFirewallApi().deletePortForwardingRule(portForwardingRule.getId()); } if (vm != null) { jobComplete.apply(client.getVirtualMachineApi().destroyVirtualMachine(vm.getId())); } if (ip != null) { client.getAddressApi().disassociateIPAddress(ip.getId()); } super.tearDownContext(); }
/** * @throws org.jclouds.rest.ResourceNotFoundException * when there is no ip forwarding rule available for the VM */ @Override public Set<FirewallRule> load(String input) { String publicIPId = client.getVirtualMachineApi().getVirtualMachine(input).getPublicIPId(); Set<FirewallRule> rules = client.getFirewallApi() .listFirewallRules(ListFirewallRulesOptions.Builder.ipAddressId(publicIPId)); return rules != null ? rules : ImmutableSet.<FirewallRule>of(); } }
public void testCreatePortForwardingRule() throws Exception { if (networksDisabled) return; while (portForwardingRule == null) { ip = reuseOrAssociate.apply(network); try { AsyncCreateResponse job = client.getFirewallApi() .createPortForwardingRuleForVirtualMachine(ip.getId(), PortForwardingRule.Protocol.TCP, 22, vm.getId(), 22); assertTrue(jobComplete.apply(job.getJobId())); portForwardingRule = client.getFirewallApi().getPortForwardingRule(job.getId()); } catch (IllegalStateException e) { Logger.CONSOLE.error("Failed while trying to allocate ip: " + e); // very likely an ip conflict, so retry; } } assertEquals(portForwardingRule.getIPAddressId(), ip.getId()); assertEquals(portForwardingRule.getVirtualMachineId(), vm.getId()); assertEquals(portForwardingRule.getPublicPort(), 22); assertEquals(portForwardingRule.getProtocol(), PortForwardingRule.Protocol.TCP); checkPortForwardingRule(portForwardingRule); checkSSH(HostAndPort.fromParts(ip.getIPAddress(), 22)); }
public void testDeleteFirewallRule() { FirewallApi client = requestSendsResponse( HttpRequest.builder() .method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "deleteFirewallRule") .addQueryParam("id", "2015") .addQueryParam("apiKey", "identity"). addQueryParam("signature", "/T5FAO2yGPctaPmg7TEtIEFW3EU=") .build(), HttpResponse.builder() .statusCode(200) .payload(payloadFromResource("/deletefirewallrulesresponse.json")) .build()); client.deleteFirewallRule("2015"); }
protected void checkEgressFirewallRule(FirewallRule rule) { assertEquals(rule, client.getFirewallApi().getEgressFirewallRule(rule.getId())); assert rule.getId() != null : rule; assert rule.getStartPort() > 0 : rule; assert rule.getEndPort() >= rule.getStartPort() : rule; assert rule.getProtocol() != null; }
public void testCreateEgressFirewallRuleForNetworkAndProtocol() { FirewallApi client = requestSendsResponse( HttpRequest.builder() .method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "createEgressFirewallRule") .addQueryParam("networkid", "2") .addQueryParam("protocol", "TCP") .addQueryParam("apiKey", "identity") .addQueryParam("signature", "I/OJEqiLp8ZHlZskKUiT5uTRE3M=") .addHeader("Accept", "application/json") .build(), HttpResponse.builder() .statusCode(200) .payload(payloadFromResource("/createegressfirewallrulesresponse.json")) .build()); AsyncCreateResponse response = client.createEgressFirewallRuleForNetworkAndProtocol("2", FirewallRule.Protocol.TCP); assertEquals(response.getJobId(), "2036"); assertEquals(response.getId(), "2017"); }
public void testDeletePortForwardingRule() { FirewallApi client = requestSendsResponse( HttpRequest.builder() .method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "deletePortForwardingRule") .addQueryParam("id", "2015") .addQueryParam("apiKey", "identity") .addQueryParam("signature", "2UE7KB3wm5ocmR+GMNFKPKfiDo8=") .build(), HttpResponse.builder() .statusCode(200) .payload(payloadFromResource("/deleteportforwardingrulesresponse.json")) .build()); client.deletePortForwardingRule("2015"); }
public void testDeleteEgressFirewallRule() { FirewallApi client = requestSendsResponse( HttpRequest.builder() .method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "deleteEgressFirewallRule") .addQueryParam("id", "2015") .addQueryParam("apiKey", "identity") .addQueryParam("signature", "S119WNmamKwc5d9qvvkIJznXytg=") .build(), HttpResponse.builder() .statusCode(200) .payload(payloadFromResource("/deleteegressfirewallrulesresponse.json")) .build()); client.deleteEgressFirewallRule("2015"); } @Override
public void testCreatePortForwardingRuleForVirtualMachine() { FirewallApi client = requestSendsResponse( HttpRequest.builder().method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "createPortForwardingRule") .addQueryParam("ipaddressid", "2") .addQueryParam("protocol", "tcp") .addQueryParam("publicport", "22") .addQueryParam("virtualmachineid", "1234") .addQueryParam("privateport", "22") .addQueryParam("apiKey", "identity") .addQueryParam("signature", "84dtGzQp0G6k3z3Gkc3F/HBNS2Y=") .addHeader("Accept", "application/json") .build(), HttpResponse.builder() .statusCode(200) .payload(payloadFromResource("/createportforwardingrulesresponse.json")) .build()); AsyncCreateResponse response = client.createPortForwardingRuleForVirtualMachine( "2", PortForwardingRule.Protocol.TCP, 22, "1234", 22); assertEquals(response.getJobId(), "2035"); assertEquals(response.getId(), "2015"); }
@Test(dependsOnMethods = "testCreateFirewallRule") public void testListFirewallRules() { Set<FirewallRule> rules = client.getFirewallApi().listFirewallRules(); assert rules != null; assertTrue(!rules.isEmpty()); for (FirewallRule rule : rules) { checkFirewallRule(rule); } }
public void testGetEgressFirewallRuleWhenResponseIs404() { FirewallApi client = requestSendsResponse( HttpRequest.builder() .method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "listEgressFirewallRules") .addQueryParam("listAll", "true") .addQueryParam("id", "4") .addQueryParam("apiKey", "identity") .addQueryParam("signature", "dzb5azKxXZsuGrNRJbRHfna7FMo=") .addHeader("Accept", "application/json") .build(), HttpResponse.builder() .statusCode(404) .build()); assertNull(client.getEgressFirewallRule("4")); }
protected boolean systemOpenFirewall(String publicIpId, Cidr cidr, int lowerBoundPort, int upperBoundPort, FirewallRule.Protocol protocol) { try { boolean success = true; CreateFirewallRuleOptions options = CreateFirewallRuleOptions.Builder. startPort(lowerBoundPort).endPort(upperBoundPort).CIDRs(ImmutableSet.of(cidr.toString())); AsyncCreateResponse job = cloudstackClient.getCloudstackGlobalClient().getFirewallApi().createFirewallRuleForIpAndProtocol( publicIpId, protocol, options); success &= cloudstackClient.waitForJobsSuccess(Arrays.asList(job.getJobId())); if (!success) { log.error("Failed creating firewall rule on "+this+" to "+publicIpId+":"+lowerBoundPort+"-"+upperBoundPort); // it might already be created, so don't crash and burn too hard! return false; } } catch (Exception e) { log.error("Failed creating firewall rule on "+this+" to "+publicIpId+":"+lowerBoundPort+"-"+upperBoundPort); // it might already be created, so don't crash and burn too hard! return false; } return true; }
public void testListFirewallRulesWhenReponseIs404() { FirewallApi client = requestSendsResponse( HttpRequest.builder() .method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "listFirewallRules") .addQueryParam("listAll", "true") .addQueryParam("apiKey", "identity") .addQueryParam("signature", "9+tdTXe2uYLzAexPNgrMy5Tq8hE=") .addHeader("Accept", "application/json") .build(), HttpResponse.builder() .statusCode(404) .build()); assertEquals(client.listFirewallRules(), ImmutableSet.of()); }
public Maybe<PublicIPAddress> findPublicIpAddressByVmId(final String vmId) { Set<PortForwardingRule> portForwardingRules = getCloudstackGlobalClient().getFirewallApi().listPortForwardingRules(); Optional<PortForwardingRule> pfr = Iterables.tryFind(portForwardingRules, new Predicate<PortForwardingRule>() { @Override public boolean apply(PortForwardingRule portForwardingRule) { return portForwardingRule.getVirtualMachineId().equals(vmId); } }); if (pfr.isPresent()) { return Maybe.of(getCloudstackGlobalClient().getAddressApi().getPublicIPAddress(pfr.get().getIPAddressId())); } else { return Maybe.absent(); } } }
public void testGetEgressFirewallRuleWhenResponseIs2xx() { FirewallApi client = requestSendsResponse( HttpRequest.builder() .method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "listEgressFirewallRules") .addQueryParam("listAll", "true") .addQueryParam("id", "2017") .addQueryParam("apiKey", "identity") .addQueryParam("signature", "Hi1K5VA3yd3mk0AmgJ2F6y+VzMo=") .addHeader("Accept", "application/json") .build(), HttpResponse.builder() .statusCode(200) .payload(payloadFromResource("/getegressfirewallrulesresponse.json")) .build()); assertEquals(client.getEgressFirewallRule("2017"), FirewallRule.builder().id("2017").protocol(FirewallRule.Protocol.TCP).startPort(30) .endPort(35).ipAddressId("2").ipAddress("10.27.27.51").state(FirewallRule.State.ACTIVE) .CIDRs(ImmutableSet.of("0.0.0.0/0")).build() ); }