/// <summary>
/// Process the record
/// </summary>
protected override void ProcessRecord()
{
base.ProcessRecord();
try
{
AclRuleType aclRule = CreateAclRule();
if (aclRule != null)
{
WriteObject(aclRule);
}
}
catch (AggregateException ae)
{
ae.Handle(
e =>
{
if (e is ComputeApiException)
{
WriteError(new ErrorRecord(e, "-2", ErrorCategory.InvalidOperation, Connection));
}
else
{
// if (e is HttpRequestException)
ThrowTerminatingError(new ErrorRecord(e, "-1", ErrorCategory.ConnectionError, Connection));
}
return(true);
});
}
}
public AdminAclRule RegisterAdminAclRule(AclRuleType aclRuleParams)
{
try
{
return(new AdminAclRule(this.VcloudClient, SdkUtil.Post <AclRuleType>(this.VcloudClient, this.Resource.href + "/aclrules", SerializationUtil.SerializeObject <AclRuleType>(aclRuleParams, "com.vmware.vcloud.api.rest.schema"), "application/vnd.vmware.admin.aclRule+xml", 201)));
}
catch (Exception ex)
{
throw new VCloudException(ex.Message);
}
}
public AdminAclRule RegisterACLRule(
string ruleName,
AclAccessType serviceAclAccess,
AclAccessType orgAccess,
AclAccessType principalAccess)
{
try
{
AclRuleType aclRuleParams = new AclRuleType();
aclRuleParams.name = ruleName;
aclRuleParams.ServiceResourceAccess = serviceAclAccess;
aclRuleParams.OrganizationAccess = orgAccess;
aclRuleParams.PrincipalAccess = principalAccess;
return(this.RegisterAdminAclRule(aclRuleParams));
}
catch (Exception ex)
{
throw new VCloudException(ex.Message);
}
}
/// <summary>
/// The create acl rule.
/// </summary>
/// <param name="networkId">
/// The network id.
/// </param>
/// <param name="aclRuleName">
/// The acl rule name.
/// </param>
/// <param name="position">
/// The position.
/// </param>
/// <param name="action">
/// The action.
/// </param>
/// <param name="protocol">
/// The protocol.
/// </param>
/// <param name="portRangeType">
/// The port range type.
/// </param>
/// <param name="sourceIpAddress">
/// The source ip address.
/// </param>
/// <param name="sourceNetmask">
/// The source netmask.
/// </param>
/// <param name="destIpAddress">
/// The dest ip address.
/// </param>
/// <param name="destNetmask">
/// The dest netmask.
/// </param>
/// <param name="port1">
/// The port 1.
/// </param>
/// <param name="port2">
/// The port 2.
/// </param>
/// <param name="aclType">
/// The acl type.
/// </param>
/// <returns>
/// The <see cref="Task"/>.
/// </returns>
/// <exception cref="ArgumentOutOfRangeException">
/// </exception>
public async Task <AclRuleType> CreateAclRule(
string networkId,
string aclRuleName,
int position,
AclActionType action,
AclProtocolType protocol,
PortRangeTypeType portRangeType,
IPAddress sourceIpAddress = null,
IPAddress sourceNetmask = null,
IPAddress destIpAddress = null,
IPAddress destNetmask = null,
int port1 = 0,
int port2 = 0,
AclType aclType = AclType.OUTSIDE_ACL)
{
var portRange = new PortRangeType {
type = portRangeType
};
// Validate that the ports are specified when needed
switch (portRangeType)
{
case PortRangeTypeType.EQUAL_TO:
case PortRangeTypeType.GREATER_THAN:
case PortRangeTypeType.LESS_THAN:
{
if (port1 < 1 || port1 > 65535)
{
throw new ArgumentOutOfRangeException(
"port1",
port1,
string.Format(
"Port1 must be between 1-65535 when the port range type is {0}",
portRangeType));
}
portRange.port1 = port1;
portRange.port1Specified = true;
break;
}
case PortRangeTypeType.RANGE:
{
if (port1 < 1 || port1 > 65535)
{
throw new ArgumentOutOfRangeException(
"port1",
port1,
string.Format(
"Port1 must be between 1-65535 when the port range type is {0}",
portRangeType));
}
if (port2 < 1 || port2 > 65535)
{
throw new ArgumentOutOfRangeException(
"port2",
port2,
string.Format(
"Port2 must be between 1-65535 when the port range type is {0}",
portRangeType));
}
portRange.port1 = port1;
portRange.port2 = port2;
portRange.port1Specified = portRange.port2Specified = true;
break;
}
}
// create the acl rule object
var rule = new AclRuleType
{
name = aclRuleName,
action = action,
position = position,
protocol = protocol.ToString(),
portRange = portRange,
type = aclType
};
if (sourceIpAddress != null)
{
rule.sourceIpRange = new IpRangeType {
ipAddress = sourceIpAddress.ToString()
};
if (sourceNetmask != null)
{
rule.sourceIpRange.netmask = sourceNetmask.ToString();
}
}
if (destIpAddress != null)
{
rule.destinationIpRange = new IpRangeType {
ipAddress = destIpAddress.ToString()
};
if (destNetmask != null)
{
rule.destinationIpRange.netmask = destNetmask.ToString();
}
}
return
(await
_apiClient.PostAsync <AclRuleType, AclRuleType>(
ApiUris.CreateAclRule(_apiClient.OrganizationId, networkId),
rule));
}
/// <summary>
/// The create acl rule.
/// </summary>
/// <param name="networkId">
/// The network id.
/// </param>
/// <param name="aclRuleName">
/// The acl rule name.
/// </param>
/// <param name="position">
/// The position.
/// </param>
/// <param name="action">
/// The action.
/// </param>
/// <param name="protocol">
/// The protocol.
/// </param>
/// <param name="portRangeType">
/// The port range type.
/// </param>
/// <param name="sourceIpAddress">
/// The source ip address.
/// </param>
/// <param name="sourceNetmask">
/// The source netmask.
/// </param>
/// <param name="destIpAddress">
/// The dest ip address.
/// </param>
/// <param name="destNetmask">
/// The dest netmask.
/// </param>
/// <param name="port1">
/// The port 1.
/// </param>
/// <param name="port2">
/// The port 2.
/// </param>
/// <param name="aclType">
/// The acl type.
/// </param>
/// <returns>
/// The <see cref="Task"/>.
/// </returns>
/// <exception cref="ArgumentOutOfRangeException">
/// </exception>
public async Task <AclRuleType> CreateAclRule(
string networkId,
string aclRuleName,
int position,
AclActionType action,
AclProtocolType protocol,
PortRangeTypeType portRangeType,
IPAddress sourceIpAddress = null,
IPAddress sourceNetmask = null,
IPAddress destIpAddress = null,
IPAddress destNetmask = null,
int port1 = 0,
int port2 = 0,
AclType aclType = AclType.OUTSIDE_ACL)
{
Contract.Requires(!string.IsNullOrEmpty(aclRuleName), "The ACL rule name must NOT be empty or null!");
Contract.Requires(aclRuleName.Length < 60, "ACL rule name cannot exceed 60 chars");
Contract.Requires(position >= 100 && position <= 500, "Position must be between 100 and 500 inclusive");
Contract.Requires(aclType == AclType.INSIDE_ACL || aclType == AclType.OUTSIDE_ACL,
"ACL Type must be one of (OUTSIDE_ACL, INSIDE_ACL)");
var portRange = new PortRangeType {
type = portRangeType
};
// Validate that the ports are specified when needed
switch (portRangeType)
{
case PortRangeTypeType.EQUAL_TO:
case PortRangeTypeType.GREATER_THAN:
case PortRangeTypeType.LESS_THAN:
{
if (port1 < 1 || port1 > 65535)
{
throw new ArgumentOutOfRangeException(
"port1",
port1,
string.Format(
"Port1 must be between 1-65535 when the port range type is {0}",
portRangeType));
}
portRange.port1 = port1;
portRange.port1Specified = true;
break;
}
case PortRangeTypeType.RANGE:
{
if (port1 < 1 || port1 > 65535)
{
throw new ArgumentOutOfRangeException(
"port1",
port1,
string.Format(
"Port1 must be between 1-65535 when the port range type is {0}",
portRangeType));
}
if (port2 < 1 || port2 > 65535)
{
throw new ArgumentOutOfRangeException(
"port2",
port2,
string.Format(
"Port2 must be between 1-65535 when the port range type is {0}",
portRangeType));
}
portRange.port1 = port1;
portRange.port2 = port2;
portRange.port1Specified = portRange.port2Specified = true;
break;
}
}
// create the acl rule object
var rule = new AclRuleType
{
name = aclRuleName,
action = action,
position = position,
protocol = protocol.ToString(),
portRange = portRange,
type = aclType
};
if (sourceIpAddress != null)
{
rule.sourceIpRange = new IpRangeType {
ipAddress = sourceIpAddress.ToString()
};
if (sourceNetmask != null)
{
rule.sourceIpRange.netmask = sourceNetmask.ToString();
}
}
if (destIpAddress != null)
{
rule.destinationIpRange = new IpRangeType {
ipAddress = destIpAddress.ToString()
};
if (destNetmask != null)
{
rule.destinationIpRange.netmask = destNetmask.ToString();
}
}
return
(await
_apiClient.PostAsync <AclRuleType, AclRuleType>(
ApiUris.CreateAclRule(_apiClient.OrganizationId, networkId),
rule));
}
/// <summary>
/// Creates a new ACL rule at a specified line using your organization ID and the ID of the target network.
/// It is possible to create both inbound (OUTSIDE_ACL) and outbound (INSIDE_ACL) rule types.
/// </summary>
/// <param name="client">The <see cref="ComputeApiClient"/> object.</param>
/// <param name="networkId">The target network id.</param>
/// <param name="aclRuleName">The name of the ACL rule.</param>
/// <param name="position">The position of the rule between 100-500 inclusive.</param>
/// <param name="action">The action (Permit/deny) of the ACL rule.</param>
/// <param name="protocol">The protocol to use (IP, ICMP, TCP, UDP).</param>
/// <param name="portRangeType">The port range type (ALL, EQUAL_TO, RANGE, GREATER_THAN, LESS_THAN).</param>
/// <param name="sourceIpAddress">
/// Optional. If no source IP Address is supplied, the assumption is that any source IP address is allowed.
/// If a source IP address is supplied without the <paramref name="sourceNetmask"/>, source IP Address represent a single host.
/// </param>
/// <param name="sourceNetmask">
/// Optional. When specified, the <paramref name="sourceIpAddress"/> must be the CIDR boundary for the network.
/// </param>
/// <param name="destIpAddress">
/// Optional. If no destination IP Address is supplied, the assumption is that any destination IP address is allowed.
/// If a destination IP address is supplied without the <paramref name="destNetmask"/>, source IP Address represent a single host.
/// </param>
/// <param name="destNetmask">
/// Optional. When specified, the <paramref name="destIpAddress"/> must be the CIDR boundary for the network.
/// </param>
/// <param name="port1">Optional depending on <paramref name="portRangeType"/>. Value within a range of 1-65535.</param>
/// <param name="port2">Optional depending on <paramref name="portRangeType"/>. Value within a range of 1-65535.</param>
/// <param name="aclType">Optional. One of (OUTSIDE_ACL, INSIDE_ACL). Default if not specified is OUTSIDE_ACL.</param>
/// <returns>The ACL rules.</returns>
public static async Task <AclRuleType> CreateAclRuleAsync(
this IComputeApiClient client,
string networkId,
string aclRuleName,
int position,
AclActionType action,
AclProtocolType protocol,
PortRangeTypeType portRangeType,
IPAddress sourceIpAddress = null,
IPAddress sourceNetmask = null,
IPAddress destIpAddress = null,
IPAddress destNetmask = null,
int port1 = 0,
int port2 = 0,
AclType aclType = AclType.OUTSIDE_ACL)
{
if (string.IsNullOrWhiteSpace(networkId))
{
throw new ArgumentException("argument cannot be null, empty or composed of whitespaces only!", "networkId");
}
if (string.IsNullOrWhiteSpace(aclRuleName))
{
throw new ArgumentException("argument cannot be null, empty or composed of whitespaces only!", "aclRuleName");
}
if (aclRuleName.Length >= 60)
{
throw new ArgumentException("ACL rule name cannot exceed 60 chars", "aclRuleName");
}
if (position < 100 || position > 500)
{
throw new ArgumentException("Position must be between 100 and 500 inclusive", "position");
}
if (aclType != AclType.INSIDE_ACL && aclType != AclType.OUTSIDE_ACL)
{
throw new ArgumentException("ACL Type must be one of (OUTSIDE_ACL, INSIDE_ACL)", "aclType");
}
var portRange = new PortRangeType {
type = portRangeType
};
// Validate that the ports are specified when needed
switch (portRangeType)
{
case PortRangeTypeType.EQUAL_TO:
case PortRangeTypeType.GREATER_THAN:
case PortRangeTypeType.LESS_THAN:
{
if (port1 < 1 || port1 > 65535)
{
throw new ArgumentOutOfRangeException(
"port1",
port1,
string.Format(
"Port1 must be between 1-65535 when the port range type is {0}",
portRangeType));
}
portRange.port1 = port1;
portRange.port1Specified = true;
break;
}
case PortRangeTypeType.RANGE:
{
if (port1 < 1 || port1 > 65535)
{
throw new ArgumentOutOfRangeException(
"port1",
port1,
string.Format(
"Port1 must be between 1-65535 when the port range type is {0}",
portRangeType));
}
if (port2 < 1 || port2 > 65535)
{
throw new ArgumentOutOfRangeException(
"port2",
port2,
string.Format(
"Port2 must be between 1-65535 when the port range type is {0}",
portRangeType));
}
portRange.port1 = port1;
portRange.port2 = port2;
portRange.port1Specified = portRange.port2Specified = true;
break;
}
}
// create the acl rule object
var rule = new AclRuleType
{
name = aclRuleName,
action = action,
position = position,
protocol = protocol.ToString(),
portRange = portRange,
type = aclType
};
if (sourceIpAddress != null)
{
rule.sourceIpRange = new IpRangeType {
ipAddress = sourceIpAddress.ToString()
};
if (sourceNetmask != null)
{
rule.sourceIpRange.netmask = sourceNetmask.ToString();
}
}
if (destIpAddress != null)
{
rule.destinationIpRange = new IpRangeType {
ipAddress = destIpAddress.ToString()
};
if (destNetmask != null)
{
rule.destinationIpRange.netmask = destNetmask.ToString();
}
}
return
(await
client.WebApi.ApiPostAsync <AclRuleType, AclRuleType>(
ApiUris.CreateAclRule(client.Account.OrganizationId, networkId),
rule));
}
