// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.user.nat;
import java.util.List;
import org.apache.log4j.Logger;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.BaseAsyncCreateCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.FirewallRuleResponse;
import org.apache.cloudstack.api.response.IPAddressResponse;
import org.apache.cloudstack.api.response.IpForwardingRuleResponse;
import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.IpAddress;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.StaticNatRule;
import com.cloud.user.Account;
@APICommand(name = "createIpForwardingRule", description = "Creates an IP forwarding rule", responseObject = FirewallRuleResponse.class,
requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements StaticNatRule {
public static final Logger s_logger = Logger.getLogger(CreateIpForwardingRuleCmd.class.getName());
private static final String s_name = "createipforwardingruleresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name = ApiConstants.IP_ADDRESS_ID,
type = CommandType.UUID,
entityType = IPAddressResponse.class,
required = true,
description = "the public IP address ID of the forwarding rule, already associated via associateIp")
private Long ipAddressId;
@Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, required = true, description = "the start port for the rule")
private Integer startPort;
@Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "the end port for the rule")
private Integer endPort;
@Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true, description = "the protocol for the rule. Valid values are TCP or UDP.")
private String protocol;
@Parameter(name = ApiConstants.OPEN_FIREWALL,
type = CommandType.BOOLEAN,
description = "if true, firewall rule for source/end public port is automatically created; if false - firewall rule has to be created explicitly. Has value true by default")
private Boolean openFirewall;
@Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the CIDR list to forward traffic from")
private List<String> cidrlist;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getIpAddressId() {
return ipAddressId;
}
public int getStartPort() {
return startPort;
}
public int getEndPort() {
return endPort;
}
public Boolean getOpenFirewall() {
if (openFirewall != null) {
return openFirewall;
} else {
return true;
}
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public void execute() throws ResourceUnavailableException {
boolean result = true;
FirewallRule rule = null;
try {
CallContext.current().setEventDetails("Rule ID: " + getEntityId());
if (getOpenFirewall()) {
result = result && _firewallService.applyIngressFirewallRules(ipAddressId, CallContext.current().getCallingAccount());
}
result = result && _rulesService.applyStaticNatRules(ipAddressId, CallContext.current().getCallingAccount());
rule = _entityMgr.findById(FirewallRule.class, getEntityId());
StaticNatRule staticNatRule = _rulesService.buildStaticNatRule(rule, false);
IpForwardingRuleResponse fwResponse = _responseGenerator.createIpForwardingRuleResponse(staticNatRule);
fwResponse.setResponseName(getCommandName());
setResponseObject(fwResponse);
} finally {
if (!result || rule == null) {
if (getOpenFirewall()) {
_firewallService.revokeRelatedFirewallRule(getEntityId(), true);
}
_rulesService.revokeStaticNatRule(getEntityId(), true);
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Error in creating IP forwarding rule on the domr");
}
}
}
@Override
public void create() {
//cidr list parameter is deprecated
if (cidrlist != null) {
throw new InvalidParameterValueException(
"Parameter cidrList is deprecated; if you need to open firewall rule for the specific CIDR, please refer to createFirewallRule command");
}
try {
StaticNatRule rule = _rulesService.createStaticNatRule(this, getOpenFirewall());
setEntityId(rule.getId());
setEntityUuid(rule.getUuid());
} catch (NetworkRuleConflictException e) {
s_logger.info("Unable to create static NAT rule due to ", e);
throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, e.getMessage());
}
}
@Override
public long getEntityOwnerId() {
Account account = CallContext.current().getCallingAccount();
if (account != null) {
return account.getId();
}
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
}
@Override
public String getEventType() {
return EventTypes.EVENT_NET_RULE_ADD;
}
@Override
public String getEventDescription() {
IpAddress ip = _networkService.getIp(ipAddressId);
return ("Applying an ipforwarding 1:1 NAT rule for IP: " + ip.getAddress() + " with virtual machine:" + getVirtualMachineId());
}
private long getVirtualMachineId() {
Long vmId = _networkService.getIp(ipAddressId).getAssociatedWithVmId();
if (vmId == null) {
throw new InvalidParameterValueException("IP address is not associated with any network, unable to create static NAT rule");
}
return vmId;
}
@Override
public String getDestIpAddress() {
return null;
}
@Override
public long getId() {
throw new UnsupportedOperationException("Don't call me");
}
@Override
public Long getSourceIpAddressId() {
return ipAddressId;
}
@Override
public Integer getSourcePortStart() {
return startPort;
}
@Override
public Integer getSourcePortEnd() {
if (endPort == null) {
return startPort;
} else {
return endPort;
}
}
@Override
public String getProtocol() {
return protocol;
}
@Override
public FirewallRule.Purpose getPurpose() {
return FirewallRule.Purpose.StaticNat;
}
@Override
public FirewallRule.State getState() {
throw new UnsupportedOperationException("Don't call me");
}
@Override
public long getNetworkId() {
return -1;
}
@Override
public long getDomainId() {
IpAddress ip = _networkService.getIp(ipAddressId);
return ip.getDomainId();
}
@Override
public long getAccountId() {
IpAddress ip = _networkService.getIp(ipAddressId);
return ip.getAccountId();
}
@Override
public String getXid() {
// FIXME: We should allow for end user to specify Xid.
return null;
}
@Override
public String getUuid() {
// TODO Auto-generated method stub
return null;
}
@Override
public String getSyncObjType() {
return BaseAsyncCmd.networkSyncObject;
}
@Override
public Long getSyncObjId() {
return getIp().getAssociatedWithNetworkId();
}
private IpAddress getIp() {
IpAddress ip = _networkService.getIp(ipAddressId);
if (ip == null) {
throw new InvalidParameterValueException("Unable to find IP address by ID " + ipAddressId);
}
return ip;
}
@Override
public Integer getIcmpCode() {
return null;
}
@Override
public Integer getIcmpType() {
return null;
}
@Override
public List<String> getSourceCidrList() {
return null;
}
@Override
public Long getRelated() {
return null;
}
@Override
public FirewallRuleType getType() {
return FirewallRuleType.User;
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.FirewallRule;
}
@Override
public TrafficType getTrafficType() {
return null;
}
@Override
public boolean isDisplay() {
return true;
}
@Override
public Class<?> getEntityType() {
return FirewallRule.class;
}
}