api/utils/ui: List protocol numbers and icmp types (#8293)

This PR contains the following changes

* adds a new API to list network procotols and details/types/codes, etc
* get network protocols on UI and add dropdowns for procotol numbers and icmp types/codes
* validate icmp types/codes when add network ACL

Author: weizhouapache

api/src/main/java/org/apache/cloudstack/api/ApiConstants.java

@@ -321,6 +321,7 @@ public class ApiConstants {
     public static final String IS_DEFAULT_USE = "defaultuse";
     public static final String OLD_FORMAT = "oldformat";
     public static final String OP = "op";
+    public static final String OPTION = "option";
     public static final String OPTIONS = "options";
     public static final String OS_CATEGORY_ID = "oscategoryid";
     public static final String OS_CATEGORY_NAME = "oscategoryname";

api/src/main/java/org/apache/cloudstack/api/command/user/network/ListNetworkProtocolsCmd.java

@@ -0,0 +1,109 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.network;
+
+import com.cloud.utils.net.NetworkProtocols;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.NetworkProtocolResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@APICommand(name = "listNetworkProtocols", description = "Lists details of network protocols", responseObject = NetworkProtocolResponse.class,
+        requestHasSensitiveInfo = false, responseHasSensitiveInfo = false,
+        authorized = { RoleType.Admin, RoleType.DomainAdmin, RoleType.ResourceAdmin, RoleType.User}, since = "4.19.0")
+public class ListNetworkProtocolsCmd extends BaseCmd {
+    public static final Logger s_logger = Logger.getLogger(ListNetworkProtocolsCmd.class.getName());
+
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name = ApiConstants.OPTION, type = CommandType.STRING, required = true,
+            description = "The option of network protocols. Supported values are: protocolnumber, icmptype.")
+    private String option;
+
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+
+    public String getOption() {
+        return option;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() {
+        ListResponse<NetworkProtocolResponse> response = new ListResponse<>();
+        List<NetworkProtocolResponse> networkProtocolResponses = new ArrayList<>();
+
+        NetworkProtocols.Option option = NetworkProtocols.Option.getOption(getOption());
+        switch (option) {
+            case ProtocolNumber:
+                updateResponseWithProtocolNumbers(networkProtocolResponses);
+                break;
+            case IcmpType:
+                updateResponseWithIcmpTypes(networkProtocolResponses);
+                break;
+            default:
+                break;
+        }
+
+        response.setResponses(networkProtocolResponses);
+        response.setResponseName(getCommandName());
+        setResponseObject(response);
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return CallContext.current().getCallingAccount().getId();
+    }
+
+    private void updateResponseWithProtocolNumbers(List<NetworkProtocolResponse> responses) {
+        for (NetworkProtocols.ProtocolNumber protocolNumber : NetworkProtocols.ProtocolNumbers) {
+            NetworkProtocolResponse networkProtocolResponse = new NetworkProtocolResponse(protocolNumber.getNumber(),
+                    protocolNumber.getKeyword(), protocolNumber.getProtocol());
+            networkProtocolResponse.setObjectName("networkprotocol");
+            responses.add(networkProtocolResponse);
+        }
+    }
+
+    private void updateResponseWithIcmpTypes(List<NetworkProtocolResponse> responses) {
+        for (NetworkProtocols.IcmpType icmpType : NetworkProtocols.IcmpTypes) {
+            NetworkProtocolResponse networkProtocolResponse = new NetworkProtocolResponse(icmpType.getType(),
+                    null, icmpType.getDescription());
+            for (NetworkProtocols.IcmpCode code : icmpType.getIcmpCodes()) {
+                networkProtocolResponse.addDetail(String.valueOf(code.getCode()), code.getDescription());
+            }
+            networkProtocolResponse.setObjectName("networkprotocol");
+            responses.add(networkProtocolResponse);
+        }
+    }
+}

api/src/main/java/org/apache/cloudstack/api/response/NetworkProtocolResponse.java

@@ -0,0 +1,89 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+
+import com.cloud.serializer.Param;
+import com.google.gson.annotations.SerializedName;
+
+public class NetworkProtocolResponse extends BaseResponse {
+    @SerializedName(ApiConstants.INDEX)
+    @Param(description = "the index (ID, Value, Code, Type, Option, etc) of the protocol parameter")
+    private Integer index;
+
+    @SerializedName(ApiConstants.NAME)
+    @Param(description = "the name of the protocol parameter")
+    private String name;
+
+    @SerializedName(ApiConstants.DESCRIPTION)
+    @Param(description = "the description of the protocol parameter")
+    private String description;
+
+    @SerializedName(ApiConstants.DETAILS)
+    @Param(description = "the details of the protocol parameter")
+    private Map details;
+
+    public NetworkProtocolResponse(Integer index, String name, String description) {
+        this.index = index;
+        this.name = name;
+        this.description = description;
+    }
+
+    public Integer getIndex() {
+        return index;
+    }
+
+    public void setIndex(Integer index) {
+        this.index = index;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    public Map getDetails() {
+        return details;
+    }
+
+    public void setDetails(Map details) {
+        this.details = details;
+    }
+
+    public void addDetail(String key, String value) {
+        if (this.details == null) {
+            this.details = new LinkedHashMap();
+        }
+        this.details.put(key, value);
+    }
+}

api/src/test/java/org/apache/cloudstack/api/command/user/network/ListNetworkProtocolsCmdTest.java

@@ -0,0 +1,95 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.user.network;
+
+import com.cloud.utils.net.NetworkProtocols;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.NetworkProtocolResponse;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.test.util.ReflectionTestUtils;
+
+@RunWith(MockitoJUnitRunner.class)
+public class ListNetworkProtocolsCmdTest {
+
+    @Test
+    public void testListNetworkProtocolNumbers() {
+        ListNetworkProtocolsCmd cmd = new ListNetworkProtocolsCmd();
+        String option = NetworkProtocols.Option.ProtocolNumber.toString();
+        ReflectionTestUtils.setField(cmd, "option", option);
+        Assert.assertEquals(cmd.getOption(), option);
+
+        try {
+            cmd.execute();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        Object response = cmd.getResponseObject();
+        Assert.assertTrue(response instanceof ListResponse);
+        ListResponse listResponse = (ListResponse) response;
+        Assert.assertEquals(BaseCmd.getResponseNameByClass(cmd.getClass()), listResponse.getResponseName());
+        Assert.assertNotNull(listResponse.getResponses());
+        Assert.assertNotEquals(0, listResponse.getResponses().size());
+        Object firstResponse = listResponse.getResponses().get(0);
+        Assert.assertTrue(firstResponse instanceof NetworkProtocolResponse);
+        Assert.assertEquals("networkprotocol", ((NetworkProtocolResponse) firstResponse).getObjectName());
+        Assert.assertEquals(Integer.valueOf(0), ((NetworkProtocolResponse) firstResponse).getIndex());
+        Assert.assertEquals("HOPOPT", ((NetworkProtocolResponse) firstResponse).getName());
+    }
+
+    @Test
+    public void testListIcmpTypes() {
+        ListNetworkProtocolsCmd cmd = new ListNetworkProtocolsCmd();
+        String option = NetworkProtocols.Option.IcmpType.toString();
+        ReflectionTestUtils.setField(cmd, "option", option);
+        Assert.assertEquals(cmd.getOption(), option);
+
+        try {
+            cmd.execute();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        Object response = cmd.getResponseObject();
+        Assert.assertTrue(response instanceof ListResponse);
+        ListResponse listResponse = (ListResponse) response;
+        Assert.assertEquals(BaseCmd.getResponseNameByClass(cmd.getClass()), listResponse.getResponseName());
+        Assert.assertNotNull(listResponse.getResponses());
+        Assert.assertNotEquals(0, listResponse.getResponses().size());
+        Object firstResponse = listResponse.getResponses().get(0);
+        Assert.assertTrue(firstResponse instanceof NetworkProtocolResponse);
+        Assert.assertEquals("networkprotocol", ((NetworkProtocolResponse) firstResponse).getObjectName());
+        Assert.assertEquals(Integer.valueOf(0), ((NetworkProtocolResponse) firstResponse).getIndex());
+        Assert.assertNotNull(((NetworkProtocolResponse) firstResponse).getDetails());
+        System.out.println(((NetworkProtocolResponse) firstResponse).getDetails());
+        Assert.assertEquals("Echo reply", ((NetworkProtocolResponse) firstResponse).getDetails().get("0"));
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testListInvalidOption() {
+        ListNetworkProtocolsCmd cmd = new ListNetworkProtocolsCmd();
+        String option = "invalid-option";
+        ReflectionTestUtils.setField(cmd, "option", option);
+        Assert.assertEquals(cmd.getOption(), option);
+
+        cmd.execute();
+    }
+}

server/src/main/java/com/cloud/network/security/SecurityGroupManagerImpl.java

@@ -658,10 +658,14 @@ public List<SecurityGroupRuleVO> authorizeSecurityGroupRule(final Long securityG
         if(StringUtils.isNumeric(protocol)){
             int protoNumber = Integer.parseInt(protocol);
             // Deal with ICMP(protocol number 1) specially because it need to be paired with icmp type and code
-            if (protoNumber == 1) {
-                protocol = "icmp";
-                icmpCode = -1;
-                icmpType = -1;
+            if (protoNumber == NetUtils.ICMP_PROTO_NUMBER) {
+                protocol = NetUtils.ICMP_PROTO;
+                if (icmpCode == null) {
+                    icmpCode = -1;
+                }
+                if (icmpType == null) {
+                    icmpType = -1;
+                }
             } else if(protoNumber < 0 || protoNumber > 255){
                 throw new InvalidParameterValueException("Invalid protocol number: " + protoNumber);
             }
@@ -673,18 +677,7 @@ public List<SecurityGroupRuleVO> authorizeSecurityGroupRule(final Long securityG
             }
         }
         if (protocol.equals(NetUtils.ICMP_PROTO)) {
-            if ((icmpType == null) || (icmpCode == null)) {
-                throw new InvalidParameterValueException("Invalid ICMP type/code specified, icmpType = " + icmpType + ", icmpCode = " + icmpCode);
-            }
-            if (icmpType == -1 && icmpCode != -1) {
-                throw new InvalidParameterValueException("Invalid icmp code");
-            }
-            if (icmpType != -1 && icmpCode == -1) {
-                throw new InvalidParameterValueException("Invalid icmp code: need non-negative icmp code ");
-            }
-            if (icmpCode > 255 || icmpType > 255 || icmpCode < -1 || icmpType < -1) {
-                throw new InvalidParameterValueException("Invalid icmp type/code ");
-            }
+            NetUtils.validateIcmpTypeAndCode(icmpType, icmpCode);
             startPortOrType = icmpType;
             endPortOrCode = icmpCode;
         } else if (protocol.equals(NetUtils.ALL_PROTO)) {
@@ -785,6 +778,7 @@ public List<SecurityGroupRuleVO> doInTransaction(TransactionStatus status) {
                         SecurityGroupRuleVO securityGroupRule = _securityGroupRuleDao.findByProtoPortsAndAllowedGroupId(securityGroup.getId(), protocolFinal, startPortOrTypeFinal,
                                 endPortOrCodeFinal, ngVO.getId());
                         if ((securityGroupRule != null) && (securityGroupRule.getRuleType() == ruleType)) {
+                            s_logger.warn("The rule already exists. id= " + securityGroupRule.getUuid());
                             continue; // rule already exists.
                         }
                         securityGroupRule = new SecurityGroupRuleVO(ruleType, securityGroup.getId(), startPortOrTypeFinal, endPortOrCodeFinal, protocolFinal, ngVO.getId());

server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java

@@ -583,7 +583,7 @@ protected void validateProtocol(NetworkACLItemVO networkACLItemVO) {
         Integer icmpCode = networkACLItemVO.getIcmpCode();
         Integer icmpType = networkACLItemVO.getIcmpType();
         // icmp code and icmp type can't be passed in for any other protocol rather than icmp
-        boolean isIcmpProtocol = protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO);
+        boolean isIcmpProtocol = protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) || protocol.equalsIgnoreCase(String.valueOf(NetUtils.ICMP_PROTO_NUMBER));
         if (!isIcmpProtocol && (icmpCode != null || icmpType != null)) {
             throw new InvalidParameterValueException("Can specify icmpCode and icmpType for ICMP protocol only");
         }

server/src/main/java/com/cloud/server/ManagementServerImpl.java

@@ -446,6 +446,7 @@
 import org.apache.cloudstack.api.command.user.network.ListNetworkACLsCmd;
 import org.apache.cloudstack.api.command.user.network.ListNetworkOfferingsCmd;
 import org.apache.cloudstack.api.command.user.network.ListNetworkPermissionsCmd;
+import org.apache.cloudstack.api.command.user.network.ListNetworkProtocolsCmd;
 import org.apache.cloudstack.api.command.user.network.ListNetworksCmd;
 import org.apache.cloudstack.api.command.user.network.MoveNetworkAclItemCmd;
 import org.apache.cloudstack.api.command.user.network.RemoveNetworkPermissionsCmd;
@@ -3621,6 +3622,7 @@ public List<Class<?>> getCommands() {
         cmdList.add(DeleteNetworkCmd.class);
         cmdList.add(ListNetworkACLsCmd.class);
         cmdList.add(ListNetworkOfferingsCmd.class);
+        cmdList.add(ListNetworkProtocolsCmd.class);
         cmdList.add(ListNetworksCmd.class);
         cmdList.add(RestartNetworkCmd.class);
         cmdList.add(UpdateNetworkCmd.class);

server/src/test/java/com/cloud/network/vpc/NetworkACLServiceImplTest.java

@@ -622,8 +622,8 @@ public void validateProtocolTestProtocolIsStringValid() {
 
     @Test(expected = InvalidParameterValueException.class)
     public void validateProtocolTestProtocolNotIcmpWithIcmpConfigurations() {
-        Mockito.when(networkAclItemVoMock.getIcmpCode()).thenReturn(1);
-        Mockito.when(networkAclItemVoMock.getIcmpType()).thenReturn(1);
+        Mockito.when(networkAclItemVoMock.getIcmpCode()).thenReturn(2);
+        Mockito.when(networkAclItemVoMock.getIcmpType()).thenReturn(3);
 
         Mockito.when(networkAclItemVoMock.getProtocol()).thenReturn("tcp");
         networkAclServiceImpl.validateProtocol(networkAclItemVoMock);
@@ -647,8 +647,8 @@ public void validateProtocolTestProtocolNotIcmpWithSourcePorts() {
 
     @Test
     public void validateProtocolTestProtocolIcmpWithIcmpConfigurations() {
-        Mockito.when(networkAclItemVoMock.getIcmpCode()).thenReturn(1);
-        Mockito.when(networkAclItemVoMock.getIcmpType()).thenReturn(1);
+        Mockito.when(networkAclItemVoMock.getIcmpCode()).thenReturn(2);
+        Mockito.when(networkAclItemVoMock.getIcmpType()).thenReturn(3);
 
         Mockito.when(networkAclItemVoMock.getSourcePortStart()).thenReturn(null);
         Mockito.when(networkAclItemVoMock.getSourcePortEnd()).thenReturn(null);