public Set<FirewallRule> apply(PublicIPAddress ip, String protocol, Iterable<Integer> ports) { checkState(ip.getVirtualMachineId() != null, "ip %s should be static NATed to a virtual machine before applying rules", ip); if (Iterables.isEmpty(ports)) return ImmutableSet.<FirewallRule> of(); Builder<AsyncCreateResponse> responses = ImmutableSet.builder(); for (int port : ports) { AsyncCreateResponse response = client.getFirewallApi().createFirewallRuleForIpAndProtocol(ip.getId(), FirewallRule.Protocol.fromValue(protocol), CreateFirewallRuleOptions.Builder.startPort(port).endPort(port)); logger.debug(">> creating firewall rule IPAddress(%s) for protocol(%s), port(%s); response(%s)", ip.getId(), protocol, port, response); responses.add(response); } Builder<FirewallRule> rules = ImmutableSet.builder(); for (AsyncCreateResponse response : responses.build()) { FirewallRule rule = blockUntilJobCompletesAndReturnResult.<FirewallRule> apply(response); rules.add(rule); getFirewallRulesByVirtualMachine.asMap().put(ip.getVirtualMachineId(), ImmutableSet.of(rule)); } return rules.build(); } }
protected boolean systemOpenFirewall(String publicIpId, Cidr cidr, int lowerBoundPort, int upperBoundPort, FirewallRule.Protocol protocol) { try { boolean success = true; CreateFirewallRuleOptions options = CreateFirewallRuleOptions.Builder. startPort(lowerBoundPort).endPort(upperBoundPort).CIDRs(ImmutableSet.of(cidr.toString())); AsyncCreateResponse job = cloudstackClient.getCloudstackGlobalClient().getFirewallApi().createFirewallRuleForIpAndProtocol( publicIpId, protocol, options); success &= cloudstackClient.waitForJobsSuccess(Arrays.asList(job.getJobId())); if (!success) { log.error("Failed creating firewall rule on "+this+" to "+publicIpId+":"+lowerBoundPort+"-"+upperBoundPort); // it might already be created, so don't crash and burn too hard! return false; } } catch (Exception e) { log.error("Failed creating firewall rule on "+this+" to "+publicIpId+":"+lowerBoundPort+"-"+upperBoundPort); // it might already be created, so don't crash and burn too hard! return false; } return true; }
@Test(dependsOnMethods = "testCreatePortForwardingRule") public void testCreateFirewallRule() { if (networksDisabled) return; AsyncCreateResponse job = client.getFirewallApi().createFirewallRuleForIpAndProtocol( ip.getId(), FirewallRule.Protocol.TCP, CreateFirewallRuleOptions.Builder.startPort(30).endPort(35)); assertTrue(jobComplete.apply(job.getJobId())); firewallRule = client.getFirewallApi().getFirewallRule(job.getId()); assertEquals(firewallRule.getStartPort(), 30); assertEquals(firewallRule.getEndPort(), 35); assertEquals(firewallRule.getProtocol(), FirewallRule.Protocol.TCP); checkFirewallRule(firewallRule); }
options = CreateFirewallRuleOptions.Builder. startPort(publicPort).endPort(publicPort).CIDRs(ImmutableSet.of(cidr.toString())); AsyncCreateResponse job = client.getCloudstackGlobalClient().getFirewallApi().createFirewallRuleForIpAndProtocol( publicIpId, FirewallRule.Protocol.TCP, options); client.waitForJobSuccess(job.getJobId());
public void testCreateFirewallRuleForIpAndProtocol() { FirewallApi client = requestSendsResponse( HttpRequest.builder() .method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "createFirewallRule") .addQueryParam("ipaddressid", "2") .addQueryParam("protocol", "TCP") .addQueryParam("apiKey", "identity") .addQueryParam("signature", "d0MZ/yhQPAaV+YQmfZsQtQL2C28=") .addHeader("Accept", "application/json") .build(), HttpResponse.builder() .statusCode(200) .payload(payloadFromResource("/createfirewallrulesresponse.json")) .build()); AsyncCreateResponse response = client.createFirewallRuleForIpAndProtocol("2", FirewallRule.Protocol.TCP); assertEquals(response.getJobId(), "2036"); assertEquals(response.getId(), "2017"); }