apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

cleanup validations for VPN connection creation (#9195)

Browse Source
This commit is contained in:
dahn 2024-10-01 10:25:31 +02:00 committed by GitHub
parent 67ce326a8e
commit 00fe5f1471
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 67 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
server/src/main/java/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
View File

@ -23,11 +23,12 @@ import java.util.Map;
import javax.inject.Inject; import javax.inject.Inject;
import javax.naming.ConfigurationException; import javax.naming.ConfigurationException;
import org.apache.cloudstack.annotation.AnnotationService; import org.apache.commons.collections.CollectionUtils;
import org.apache.cloudstack.annotation.dao.AnnotationDao;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.apache.cloudstack.annotation.AnnotationService;
import org.apache.cloudstack.annotation.dao.AnnotationDao;
import org.apache.cloudstack.api.command.user.vpn.CreateVpnConnectionCmd; import org.apache.cloudstack.api.command.user.vpn.CreateVpnConnectionCmd;
import org.apache.cloudstack.api.command.user.vpn.CreateVpnCustomerGatewayCmd; import org.apache.cloudstack.api.command.user.vpn.CreateVpnCustomerGatewayCmd;
import org.apache.cloudstack.api.command.user.vpn.CreateVpnGatewayCmd; import org.apache.cloudstack.api.command.user.vpn.CreateVpnGatewayCmd;
@ -46,7 +47,6 @@ import com.cloud.configuration.Config;
import com.cloud.event.ActionEvent; import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes; import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceUnavailableException; import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.Site2SiteCustomerGateway; import com.cloud.network.Site2SiteCustomerGateway;
@ -108,7 +108,6 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
@Inject @Inject
private AnnotationDao annotationDao; private AnnotationDao annotationDao;
String _name;
int _connLimit; int _connLimit;
int _subnetsLimit; int _subnetsLimit;
@ -255,7 +254,7 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
@Override @Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_CREATE, eventDescription = "creating s2s vpn connection", create = true) @ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_CREATE, eventDescription = "creating s2s vpn connection", create = true)
public Site2SiteVpnConnection createVpnConnection(CreateVpnConnectionCmd cmd) throws NetworkRuleConflictException { public Site2SiteVpnConnection createVpnConnection(CreateVpnConnectionCmd cmd) {
Account caller = CallContext.current().getCallingAccount(); Account caller = CallContext.current().getCallingAccount();
Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId()); Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
@ -263,27 +262,15 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
_accountMgr.checkAccess(caller, null, false, owner); _accountMgr.checkAccess(caller, null, false, owner);
Long customerGatewayId = cmd.getCustomerGatewayId(); Long customerGatewayId = cmd.getCustomerGatewayId();
Site2SiteCustomerGateway customerGateway = _customerGatewayDao.findById(customerGatewayId); Site2SiteCustomerGateway customerGateway = getAndValidateSite2SiteCustomerGateway(customerGatewayId, caller);
if (customerGateway == null) {
throw new InvalidParameterValueException("Unable to found specified Site to Site VPN customer gateway " + customerGatewayId + " !");
}
_accountMgr.checkAccess(caller, null, false, customerGateway);
Long vpnGatewayId = cmd.getVpnGatewayId(); Long vpnGatewayId = cmd.getVpnGatewayId();
Site2SiteVpnGateway vpnGateway = _vpnGatewayDao.findById(vpnGatewayId); Site2SiteVpnGateway vpnGateway = getAndValidateSite2SiteVpnGateway(vpnGatewayId, caller);
if (vpnGateway == null) {
throw new InvalidParameterValueException("Unable to found specified Site to Site VPN gateway " + vpnGatewayId + " !");
}
_accountMgr.checkAccess(caller, null, false, vpnGateway);
if (customerGateway.getAccountId() != vpnGateway.getAccountId() || customerGateway.getDomainId() != vpnGateway.getDomainId()) { validateVpnConnectionOfTheRightAccount(customerGateway, vpnGateway);
throw new InvalidParameterValueException("VPN connection can only be esitablished between same account's VPN gateway and customer gateway!"); validateVpnConnectionDoesntExist(vpnGatewayId, customerGatewayId);
} validatePrerequisiteVpnGateway(vpnGateway);
if (_vpnConnectionDao.findByVpnGatewayIdAndCustomerGatewayId(vpnGatewayId, customerGatewayId) != null) {
throw new InvalidParameterValueException("The vpn connection with customer gateway id " + customerGatewayId + " and vpn gateway id " + vpnGatewayId +
" already existed!");
}
String[] cidrList = customerGateway.getGuestCidrList().split(","); String[] cidrList = customerGateway.getGuestCidrList().split(",");
// Remote sub nets cannot overlap VPC's sub net // Remote sub nets cannot overlap VPC's sub net
@ -326,13 +313,51 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
return conn; return conn;
} }
private Site2SiteCustomerGateway getAndValidateSite2SiteCustomerGateway(Long customerGatewayId, Account caller) {
Site2SiteCustomerGateway customerGateway = _customerGatewayDao.findById(customerGatewayId);
if (customerGateway == null) {
throw new InvalidParameterValueException(String.format("Unable to find specified Site to Site VPN customer gateway %s !", customerGatewayId));
}
_accountMgr.checkAccess(caller, null, false, customerGateway);
return customerGateway;
}
private Site2SiteVpnGateway getAndValidateSite2SiteVpnGateway(Long vpnGatewayId, Account caller) {
Site2SiteVpnGateway vpnGateway = _vpnGatewayDao.findById(vpnGatewayId);
if (vpnGateway == null) {
throw new InvalidParameterValueException(String.format("Unable to find specified Site to Site VPN gateway %s !", vpnGatewayId));
}
_accountMgr.checkAccess(caller, null, false, vpnGateway);
return vpnGateway;
}
private void validateVpnConnectionOfTheRightAccount(Site2SiteCustomerGateway customerGateway, Site2SiteVpnGateway vpnGateway) {
if (customerGateway.getAccountId() != vpnGateway.getAccountId() || customerGateway.getDomainId() != vpnGateway.getDomainId()) {
throw new InvalidParameterValueException("VPN connection can only be established between same account's VPN gateway and customer gateway!");
}
}
private void validateVpnConnectionDoesntExist(Long vpnGatewayId, Long customerGatewayId) {
if (_vpnConnectionDao.findByVpnGatewayIdAndCustomerGatewayId(vpnGatewayId, customerGatewayId) != null) {
throw new InvalidParameterValueException("The vpn connection with customer gateway id " + customerGatewayId + " and vpn gateway id " + vpnGatewayId +
" already existed!");
}
}
private void validatePrerequisiteVpnGateway(Site2SiteVpnGateway vpnGateway) {
// check if gateway has been defined on the VPC
if (_vpnGatewayDao.findByVpcId(vpnGateway.getVpcId()) == null) {
throw new InvalidParameterValueException("we can not create a VPN connection for a VPC that does not have a VPN gateway defined");
}
}
@Override @Override
@DB @DB
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_CREATE, eventDescription = "starting s2s vpn connection", async = true) @ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_CREATE, eventDescription = "starting s2s vpn connection", async = true)
public Site2SiteVpnConnection startVpnConnection(long id) throws ResourceUnavailableException { public Site2SiteVpnConnection startVpnConnection(long id) throws ResourceUnavailableException {
Site2SiteVpnConnectionVO conn = _vpnConnectionDao.acquireInLockTable(id); Site2SiteVpnConnectionVO conn = _vpnConnectionDao.acquireInLockTable(id);
if (conn == null) { if (conn == null) {
throw new CloudRuntimeException("Unable to acquire lock on " + conn); throw new CloudRuntimeException("Unable to acquire lock for starting of VPN connection with ID " + id);
} }
try { try {
if (conn.getState() != State.Pending && conn.getState() != State.Disconnected) { if (conn.getState() != State.Pending && conn.getState() != State.Disconnected) {
@ -382,11 +407,7 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
Account caller = CallContext.current().getCallingAccount(); Account caller = CallContext.current().getCallingAccount();
Long id = cmd.getId(); Long id = cmd.getId();
Site2SiteCustomerGateway customerGateway = _customerGatewayDao.findById(id); Site2SiteCustomerGateway customerGateway = getAndValidateSite2SiteCustomerGateway(id, caller);
if (customerGateway == null) {
throw new InvalidParameterValueException("Fail to find customer gateway with " + id + " !");
}
_accountMgr.checkAccess(caller, null, false, customerGateway);
return doDeleteCustomerGateway(customerGateway); return doDeleteCustomerGateway(customerGateway);
} }
@ -394,7 +415,7 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
protected boolean doDeleteCustomerGateway(Site2SiteCustomerGateway gw) { protected boolean doDeleteCustomerGateway(Site2SiteCustomerGateway gw) {
long id = gw.getId(); long id = gw.getId();
List<Site2SiteVpnConnectionVO> vpnConnections = _vpnConnectionDao.listByCustomerGatewayId(id); List<Site2SiteVpnConnectionVO> vpnConnections = _vpnConnectionDao.listByCustomerGatewayId(id);
if (vpnConnections != null && vpnConnections.size() != 0) { if (!CollectionUtils.isEmpty(vpnConnections)) {
throw new InvalidParameterValueException("Unable to delete VPN customer gateway with id " + id + " because there is still related VPN connections!"); throw new InvalidParameterValueException("Unable to delete VPN customer gateway with id " + id + " because there is still related VPN connections!");
} }
annotationDao.removeByEntityType(AnnotationService.EntityType.VPN_CUSTOMER_GATEWAY.name(), gw.getUuid()); annotationDao.removeByEntityType(AnnotationService.EntityType.VPN_CUSTOMER_GATEWAY.name(), gw.getUuid());
@ -404,7 +425,7 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
protected void doDeleteVpnGateway(Site2SiteVpnGateway gw) { protected void doDeleteVpnGateway(Site2SiteVpnGateway gw) {
List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByVpnGatewayId(gw.getId()); List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByVpnGatewayId(gw.getId());
if (conns != null && conns.size() != 0) { if (!CollectionUtils.isEmpty(conns)) {
throw new InvalidParameterValueException("Unable to delete VPN gateway " + gw.getId() + " because there is still related VPN connections!"); throw new InvalidParameterValueException("Unable to delete VPN gateway " + gw.getId() + " because there is still related VPN connections!");
} }
_vpnGatewayDao.remove(gw.getId()); _vpnGatewayDao.remove(gw.getId());
@ -417,12 +438,7 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
Account caller = CallContext.current().getCallingAccount(); Account caller = CallContext.current().getCallingAccount();
Long id = cmd.getId(); Long id = cmd.getId();
Site2SiteVpnGateway vpnGateway = _vpnGatewayDao.findById(id); Site2SiteVpnGateway vpnGateway = getAndValidateSite2SiteVpnGateway(id, caller);
if (vpnGateway == null) {
throw new InvalidParameterValueException("Fail to find vpn gateway with " + id + " !");
}
_accountMgr.checkAccess(caller, null, false, vpnGateway);
doDeleteVpnGateway(vpnGateway); doDeleteVpnGateway(vpnGateway);
return true; return true;
@ -578,7 +594,7 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
private void stopVpnConnection(Long id) throws ResourceUnavailableException { private void stopVpnConnection(Long id) throws ResourceUnavailableException {
Site2SiteVpnConnectionVO conn = _vpnConnectionDao.acquireInLockTable(id); Site2SiteVpnConnectionVO conn = _vpnConnectionDao.acquireInLockTable(id);
if (conn == null) { if (conn == null) {
throw new CloudRuntimeException("Unable to acquire lock on " + conn); throw new CloudRuntimeException("Unable to acquire lock for stopping of VPN connection with ID " + id);
} }
try { try {
if (conn.getState() == State.Pending) { if (conn.getState() == State.Pending) {
@ -639,10 +655,9 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
String keyword = cmd.getKeyword(); String keyword = cmd.getKeyword();
Account caller = CallContext.current().getCallingAccount(); Account caller = CallContext.current().getCallingAccount();
List<Long> permittedAccounts = new ArrayList<Long>(); List<Long> permittedAccounts = new ArrayList<>();
Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<>(domainId, isRecursive, null);
ListProjectResourcesCriteria>(domainId, isRecursive, null);
_accountMgr.buildACLSearchParameters(caller, id, accountName, cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, listAll, false); _accountMgr.buildACLSearchParameters(caller, id, accountName, cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, listAll, false);
domainId = domainIdRecursiveListProject.first(); domainId = domainIdRecursiveListProject.first();
isRecursive = domainIdRecursiveListProject.second(); isRecursive = domainIdRecursiveListProject.second();
@ -667,7 +682,7 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
} }
Pair<List<Site2SiteCustomerGatewayVO>, Integer> result = _customerGatewayDao.searchAndCount(sc, searchFilter); Pair<List<Site2SiteCustomerGatewayVO>, Integer> result = _customerGatewayDao.searchAndCount(sc, searchFilter);
return new Pair<List<? extends Site2SiteCustomerGateway>, Integer>(result.first(), result.second()); return new Pair<>(result.first(), result.second());
} }
@Override @Override
@ -684,10 +699,9 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
long pageSizeVal = cmd.getPageSizeVal(); long pageSizeVal = cmd.getPageSizeVal();
Account caller = CallContext.current().getCallingAccount(); Account caller = CallContext.current().getCallingAccount();
List<Long> permittedAccounts = new ArrayList<Long>(); List<Long> permittedAccounts = new ArrayList<>();
Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<>(domainId, isRecursive, null);
ListProjectResourcesCriteria>(domainId, isRecursive, null);
_accountMgr.buildACLSearchParameters(caller, id, accountName, cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, listAll, false); _accountMgr.buildACLSearchParameters(caller, id, accountName, cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, listAll, false);
domainId = domainIdRecursiveListProject.first(); domainId = domainIdRecursiveListProject.first();
isRecursive = domainIdRecursiveListProject.second(); isRecursive = domainIdRecursiveListProject.second();
@ -717,7 +731,7 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
} }
Pair<List<Site2SiteVpnGatewayVO>, Integer> result = _vpnGatewayDao.searchAndCount(sc, searchFilter); Pair<List<Site2SiteVpnGatewayVO>, Integer> result = _vpnGatewayDao.searchAndCount(sc, searchFilter);
return new Pair<List<? extends Site2SiteVpnGateway>, Integer>(result.first(), result.second()); return new Pair<>(result.first(), result.second());
} }
@Override @Override
@ -734,10 +748,9 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
long pageSizeVal = cmd.getPageSizeVal(); long pageSizeVal = cmd.getPageSizeVal();
Account caller = CallContext.current().getCallingAccount(); Account caller = CallContext.current().getCallingAccount();
List<Long> permittedAccounts = new ArrayList<Long>(); List<Long> permittedAccounts = new ArrayList<>();
Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<>(domainId, isRecursive, null);
ListProjectResourcesCriteria>(domainId, isRecursive, null);
_accountMgr.buildACLSearchParameters(caller, id, accountName, cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, listAll, false); _accountMgr.buildACLSearchParameters(caller, id, accountName, cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, listAll, false);
domainId = domainIdRecursiveListProject.first(); domainId = domainIdRecursiveListProject.first();
isRecursive = domainIdRecursiveListProject.second(); isRecursive = domainIdRecursiveListProject.second();
@ -771,7 +784,7 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
} }
Pair<List<Site2SiteVpnConnectionVO>, Integer> result = _vpnConnectionDao.searchAndCount(sc, searchFilter); Pair<List<Site2SiteVpnConnectionVO>, Integer> result = _vpnConnectionDao.searchAndCount(sc, searchFilter);
return new Pair<List<? extends Site2SiteVpnConnection>, Integer>(result.first(), result.second()); return new Pair<>(result.first(), result.second());
} }
@Override @Override
@ -818,7 +831,7 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
@Override @Override
public List<Site2SiteVpnConnectionVO> getConnectionsForRouter(DomainRouterVO router) { public List<Site2SiteVpnConnectionVO> getConnectionsForRouter(DomainRouterVO router) {
List<Site2SiteVpnConnectionVO> conns = new ArrayList<Site2SiteVpnConnectionVO>(); List<Site2SiteVpnConnectionVO> conns = new ArrayList<>();
// One router for one VPC // One router for one VPC
Long vpcId = router.getVpcId(); Long vpcId = router.getVpcId();
if (router.getVpcId() == null) { if (router.getVpcId() == null) {
@ -831,7 +844,6 @@ public class Site2SiteVpnManagerImpl extends ManagerBase implements Site2SiteVpn
@Override @Override
public boolean deleteCustomerGatewayByAccount(long accountId) { public boolean deleteCustomerGatewayByAccount(long accountId) {
boolean result = true; boolean result = true;
;
List<Site2SiteCustomerGatewayVO> gws = _customerGatewayDao.listByAccountId(accountId); List<Site2SiteCustomerGatewayVO> gws = _customerGatewayDao.listByAccountId(accountId);
for (Site2SiteCustomerGatewayVO gw : gws) { for (Site2SiteCustomerGatewayVO gw : gws) {
result = result & doDeleteCustomerGateway(gw); result = result & doDeleteCustomerGateway(gw);

8
ui/src/views/network/VpcTab.vue
View File

@ -795,12 +795,12 @@ export default {
this.formRef.value.validate().then(() => { this.formRef.value.validate().then(() => {
const values = toRaw(this.form) const values = toRaw(this.form)
const params = {
api('createVpnConnection', { s2svpngatewayid: this.vpnGateways[0] ? this.vpnGateways[0].id : null,
s2svpngatewayid: this.vpnGateways[0].id,
s2scustomergatewayid: values.vpncustomergateway, s2scustomergatewayid: values.vpncustomergateway,
passive: values.passive ? values.passive : false passive: values.passive ? values.passive : false
}).then(response => { }
api('createVpnConnection', params).then(response => {
this.$pollJob({ this.$pollJob({
jobId: response.createvpnconnectionresponse.jobid, jobId: response.createvpnconnectionresponse.jobid,
title: this.$t('label.vpn.connection'), title: this.$t('label.vpn.connection'),