mirror of
https://github.com/apache/cloudstack.git
synced 2025-11-02 20:02:29 +01:00
refactored the delete port forwarding service rule cmd
This commit is contained in:
abhishek
parent
126da4baf7
commit
0ea56e1504
@ -25,23 +25,19 @@ import java.util.Map;
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import com.cloud.api.BaseCmd;
|
||||
import com.cloud.api.Implementation;
|
||||
import com.cloud.api.Parameter;
|
||||
import com.cloud.api.ServerApiException;
|
||||
import com.cloud.api.BaseCmd.Manager;
|
||||
import com.cloud.exception.PermissionDeniedException;
|
||||
import com.cloud.user.Account;
|
||||
import com.cloud.utils.Pair;
|
||||
|
||||
|
||||
@Implementation(method="deleteNetworkRuleConfig", manager=Manager.NetworkManager)
|
||||
public class DeletePortForwardingServiceRuleCmd extends BaseCmd {
|
||||
public static final Logger s_logger = Logger.getLogger(DeletePortForwardingServiceRuleCmd.class.getName());
|
||||
|
||||
private static final String s_name = "deleteportforwardingserviceruleresponse";
|
||||
private static final List<Pair<Enum, Boolean>> s_properties = new ArrayList<Pair<Enum, Boolean>>();
|
||||
|
||||
static {
|
||||
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.USER_ID, Boolean.FALSE));
|
||||
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ACCOUNT_OBJ, Boolean.FALSE));
|
||||
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ID, Boolean.TRUE));
|
||||
}
|
||||
|
||||
/////////////////////////////////////////////////////
|
||||
//////////////// API parameters /////////////////////
|
||||
@ -68,10 +64,6 @@ public class DeletePortForwardingServiceRuleCmd extends BaseCmd {
|
||||
return s_name;
|
||||
}
|
||||
|
||||
public List<Pair<Enum, Boolean>> getProperties() {
|
||||
return s_properties;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Pair<String, Object>> execute(Map<String, Object> params) {
|
||||
Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName());
|
||||
@ -99,5 +91,12 @@ public class DeletePortForwardingServiceRuleCmd extends BaseCmd {
|
||||
} catch (PermissionDeniedException ex) {
|
||||
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, ex.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public String getResponse() {
|
||||
// TODO Auto-generated method stub
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@ -23,6 +23,7 @@ import java.util.Map;
|
||||
import com.cloud.api.commands.AssignToLoadBalancerRuleCmd;
|
||||
import com.cloud.api.commands.CreateIPForwardingRuleCmd;
|
||||
import com.cloud.api.commands.CreateLoadBalancerRuleCmd;
|
||||
import com.cloud.api.commands.DeletePortForwardingServiceRuleCmd;
|
||||
import com.cloud.api.commands.RemoveFromLoadBalancerRuleCmd;
|
||||
import com.cloud.dc.DataCenterVO;
|
||||
import com.cloud.dc.HostPodVO;
|
||||
@ -237,5 +238,7 @@ public interface NetworkManager extends Manager {
|
||||
* @return - list of IP addresses
|
||||
*/
|
||||
List<IPAddressVO> listPublicIpAddressesInVirtualNetwork(long accountId, long dcId, Boolean sourceNat);
|
||||
|
||||
public boolean deleteNetworkRuleConfig(DeletePortForwardingServiceRuleCmd cmd) throws PermissionDeniedException;
|
||||
|
||||
}
|
||||
|
||||
@ -61,6 +61,7 @@ import com.cloud.api.ServerApiException;
|
||||
import com.cloud.api.commands.AssignToLoadBalancerRuleCmd;
|
||||
import com.cloud.api.commands.CreateIPForwardingRuleCmd;
|
||||
import com.cloud.api.commands.CreateLoadBalancerRuleCmd;
|
||||
import com.cloud.api.commands.DeletePortForwardingServiceRuleCmd;
|
||||
import com.cloud.api.commands.RemoveFromLoadBalancerRuleCmd;
|
||||
import com.cloud.async.AsyncJobExecutor;
|
||||
import com.cloud.async.AsyncJobManager;
|
||||
@ -106,6 +107,7 @@ import com.cloud.network.dao.FirewallRulesDao;
|
||||
import com.cloud.network.dao.IPAddressDao;
|
||||
import com.cloud.network.dao.LoadBalancerDao;
|
||||
import com.cloud.network.dao.LoadBalancerVMMapDao;
|
||||
import com.cloud.network.dao.NetworkRuleConfigDao;
|
||||
import com.cloud.network.dao.SecurityGroupDao;
|
||||
import com.cloud.network.dao.SecurityGroupVMMapDao;
|
||||
import com.cloud.offering.ServiceOffering.GuestIpType;
|
||||
@ -198,6 +200,8 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
|
||||
@Inject ServiceOfferingDao _serviceOfferingDao = null;
|
||||
@Inject UserStatisticsDao _statsDao;
|
||||
@Inject UserVmDao _userVmDao;
|
||||
@Inject FirewallRulesDao _firewallRulesDao;
|
||||
@Inject NetworkRuleConfigDao _networkRuleConfigDao;
|
||||
|
||||
long _routerTemplateId = -1;
|
||||
int _routerRamSize;
|
||||
@ -2892,4 +2896,87 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
|
||||
(accountType == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN));
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteNetworkRuleConfig(DeletePortForwardingServiceRuleCmd cmd) throws PermissionDeniedException {
|
||||
|
||||
Long userId = UserContext.current().getUserId();
|
||||
Long netRuleId = cmd.getId();
|
||||
Account account = (Account)UserContext.current().getAccountObject();
|
||||
|
||||
//If command is executed via 8096 port, set userId to the id of System account (1)
|
||||
if (userId == null) {
|
||||
userId = Long.valueOf(1);
|
||||
}
|
||||
|
||||
// do a quick permissions check to make sure the account is either an
|
||||
// admin or the owner of the security group to which the network rule
|
||||
// belongs
|
||||
NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(netRuleId);
|
||||
long accountId = Account.ACCOUNT_ID_SYSTEM;
|
||||
if (netRule != null) {
|
||||
SecurityGroupVO sg = _securityGroupDao.findById(netRule.getSecurityGroupId());
|
||||
if (account != null) {
|
||||
if (!BaseCmd.isAdmin(account.getType())) {
|
||||
if ((sg.getAccountId() == null) || (sg.getAccountId().longValue() != account.getId().longValue())) {
|
||||
throw new PermissionDeniedException("Unable to delete port forwarding service rule " + netRuleId + "; account: " + account.getAccountName() + " is not the owner");
|
||||
}
|
||||
} else if (!_domainDao.isChildDomain(account.getDomainId(), sg.getDomainId())) {
|
||||
throw new PermissionDeniedException("Unable to delete port forwarding service rule " + netRuleId + "; account: " + account.getAccountName() + " is not an admin in the domain hierarchy.");
|
||||
}
|
||||
}
|
||||
if (sg != null) {
|
||||
accountId = sg.getAccountId().longValue();
|
||||
}
|
||||
} else {
|
||||
return false; // failed to delete due to netRule not found
|
||||
}
|
||||
|
||||
return deleteNetworkRuleConfigInternal(userId, netRuleId);
|
||||
|
||||
}
|
||||
|
||||
private boolean deleteNetworkRuleConfigInternal(long userId, long networkRuleId) {
|
||||
try {
|
||||
NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(networkRuleId);
|
||||
if (netRule != null) {
|
||||
List<SecurityGroupVMMapVO> sgMappings = _securityGroupVMMapDao.listBySecurityGroup(netRule.getSecurityGroupId());
|
||||
if ((sgMappings != null) && !sgMappings.isEmpty()) {
|
||||
for (SecurityGroupVMMapVO sgMapping : sgMappings) {
|
||||
UserVm userVm = _userVmDao.findById(sgMapping.getInstanceId());
|
||||
if (userVm != null) {
|
||||
List<FirewallRuleVO> fwRules = _firewallRulesDao.listIPForwarding(sgMapping.getIpAddress(), netRule.getPublicPort(), true);
|
||||
FirewallRuleVO rule = null;
|
||||
for (FirewallRuleVO fwRule : fwRules) {
|
||||
if (fwRule.getPrivatePort().equals(netRule.getPrivatePort()) && fwRule.getPrivateIpAddress().equals(userVm.getGuestIpAddress())) {
|
||||
rule = fwRule;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (rule != null) {
|
||||
rule.setEnabled(false);
|
||||
updateFirewallRule(rule, null, null);
|
||||
|
||||
// Save and create the event
|
||||
Account account = _accountDao.findById(userVm.getAccountId());
|
||||
|
||||
_firewallRulesDao.remove(rule.getId());
|
||||
String description = "deleted ip forwarding rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress()
|
||||
+ ":" + rule.getPrivatePort() + "]" + " " + rule.getProtocol();
|
||||
|
||||
EventUtils.saveEvent(Long.valueOf(userId), account.getId(), EventVO.LEVEL_INFO, EventTypes.EVENT_NET_RULE_DELETE, description);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
_networkRuleConfigDao.remove(netRule.getId());
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
s_logger.error("Unexpected exception deleting port forwarding service rule " + networkRuleId, ex);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1748,8 +1748,8 @@ public interface ManagementServer {
|
||||
boolean isSecurityGroupNameInUse(Long domainId, Long accountId, String name);
|
||||
SecurityGroupVO findSecurityGroupById(Long groupId);
|
||||
|
||||
boolean deleteNetworkRuleConfig(long userId, long networkRuleId);
|
||||
long deleteNetworkRuleConfigAsync(long userId, Account account, Long networkRuleId) throws PermissionDeniedException;
|
||||
// boolean deleteNetworkRuleConfig(long userId, long networkRuleId);
|
||||
// long deleteNetworkRuleConfigAsync(long userId, Account account, Long networkRuleId) throws PermissionDeniedException;
|
||||
|
||||
LoadBalancerVO findLoadBalancer(Long accountId, String name);
|
||||
LoadBalancerVO findLoadBalancerById(long loadBalancerId);
|
||||
|
||||
@ -3466,86 +3466,86 @@ public class ManagementServerImpl implements ManagementServer {
|
||||
return newFwRule;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteNetworkRuleConfig(long userId, long networkRuleId) {
|
||||
try {
|
||||
NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(networkRuleId);
|
||||
if (netRule != null) {
|
||||
List<SecurityGroupVMMapVO> sgMappings = _securityGroupVMMapDao.listBySecurityGroup(netRule.getSecurityGroupId());
|
||||
if ((sgMappings != null) && !sgMappings.isEmpty()) {
|
||||
for (SecurityGroupVMMapVO sgMapping : sgMappings) {
|
||||
UserVm userVm = _userVmDao.findById(sgMapping.getInstanceId());
|
||||
if (userVm != null) {
|
||||
List<FirewallRuleVO> fwRules = _firewallRulesDao.listIPForwarding(sgMapping.getIpAddress(), netRule.getPublicPort(), true);
|
||||
FirewallRuleVO rule = null;
|
||||
for (FirewallRuleVO fwRule : fwRules) {
|
||||
if (fwRule.getPrivatePort().equals(netRule.getPrivatePort()) && fwRule.getPrivateIpAddress().equals(userVm.getGuestIpAddress())) {
|
||||
rule = fwRule;
|
||||
break;
|
||||
}
|
||||
}
|
||||
// @Override
|
||||
// public boolean deleteNetworkRuleConfig(long userId, long networkRuleId) {
|
||||
// try {
|
||||
// NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(networkRuleId);
|
||||
// if (netRule != null) {
|
||||
// List<SecurityGroupVMMapVO> sgMappings = _securityGroupVMMapDao.listBySecurityGroup(netRule.getSecurityGroupId());
|
||||
// if ((sgMappings != null) && !sgMappings.isEmpty()) {
|
||||
// for (SecurityGroupVMMapVO sgMapping : sgMappings) {
|
||||
// UserVm userVm = _userVmDao.findById(sgMapping.getInstanceId());
|
||||
// if (userVm != null) {
|
||||
// List<FirewallRuleVO> fwRules = _firewallRulesDao.listIPForwarding(sgMapping.getIpAddress(), netRule.getPublicPort(), true);
|
||||
// FirewallRuleVO rule = null;
|
||||
// for (FirewallRuleVO fwRule : fwRules) {
|
||||
// if (fwRule.getPrivatePort().equals(netRule.getPrivatePort()) && fwRule.getPrivateIpAddress().equals(userVm.getGuestIpAddress())) {
|
||||
// rule = fwRule;
|
||||
// break;
|
||||
// }
|
||||
// }
|
||||
//
|
||||
// if (rule != null) {
|
||||
// rule.setEnabled(false);
|
||||
// _networkMgr.updateFirewallRule(rule, null, null);
|
||||
//
|
||||
// // Save and create the event
|
||||
// Account account = _accountDao.findById(userVm.getAccountId());
|
||||
//
|
||||
// _firewallRulesDao.remove(rule.getId());
|
||||
// String description = "deleted ip forwarding rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress()
|
||||
// + ":" + rule.getPrivatePort() + "]" + " " + rule.getProtocol();
|
||||
//
|
||||
// EventUtils.saveEvent(Long.valueOf(userId), account.getId(), EventVO.LEVEL_INFO, EventTypes.EVENT_NET_RULE_DELETE, description);
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
// _networkRuleConfigDao.remove(netRule.getId());
|
||||
// }
|
||||
// } catch (Exception ex) {
|
||||
// s_logger.error("Unexpected exception deleting port forwarding service rule " + networkRuleId, ex);
|
||||
// return false;
|
||||
// }
|
||||
//
|
||||
// return true;
|
||||
// }
|
||||
|
||||
if (rule != null) {
|
||||
rule.setEnabled(false);
|
||||
_networkMgr.updateFirewallRule(rule, null, null);
|
||||
|
||||
// Save and create the event
|
||||
Account account = _accountDao.findById(userVm.getAccountId());
|
||||
|
||||
_firewallRulesDao.remove(rule.getId());
|
||||
String description = "deleted ip forwarding rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress()
|
||||
+ ":" + rule.getPrivatePort() + "]" + " " + rule.getProtocol();
|
||||
|
||||
EventUtils.saveEvent(Long.valueOf(userId), account.getId(), EventVO.LEVEL_INFO, EventTypes.EVENT_NET_RULE_DELETE, description);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
_networkRuleConfigDao.remove(netRule.getId());
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
s_logger.error("Unexpected exception deleting port forwarding service rule " + networkRuleId, ex);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public long deleteNetworkRuleConfigAsync(long userId, Account account, Long networkRuleId) throws PermissionDeniedException {
|
||||
// do a quick permissions check to make sure the account is either an
|
||||
// admin or the owner of the security group to which the network rule
|
||||
// belongs
|
||||
NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(networkRuleId);
|
||||
long accountId = Account.ACCOUNT_ID_SYSTEM;
|
||||
if (netRule != null) {
|
||||
SecurityGroupVO sg = _securityGroupDao.findById(netRule.getSecurityGroupId());
|
||||
if (account != null) {
|
||||
if (!BaseCmd.isAdmin(account.getType())) {
|
||||
if ((sg.getAccountId() == null) || (sg.getAccountId().longValue() != account.getId().longValue())) {
|
||||
throw new PermissionDeniedException("Unable to delete port forwarding service rule " + networkRuleId + "; account: " + account.getAccountName() + " is not the owner");
|
||||
}
|
||||
} else if (!isChildDomain(account.getDomainId(), sg.getDomainId())) {
|
||||
throw new PermissionDeniedException("Unable to delete port forwarding service rule " + networkRuleId + "; account: " + account.getAccountName() + " is not an admin in the domain hierarchy.");
|
||||
}
|
||||
}
|
||||
if (sg != null) {
|
||||
accountId = sg.getAccountId().longValue();
|
||||
}
|
||||
} else {
|
||||
return 0L; // failed to delete due to netRule not found
|
||||
}
|
||||
|
||||
Gson gson = GsonHelper.getBuilder().create();
|
||||
|
||||
AsyncJobVO job = new AsyncJobVO();
|
||||
job.setUserId(UserContext.current().getUserId());
|
||||
job.setAccountId(accountId);
|
||||
job.setCmd("DeleteNetworkRuleConfig");
|
||||
job.setCmdInfo(gson.toJson(networkRuleId));
|
||||
|
||||
return _asyncMgr.submitAsyncJob(job);
|
||||
}
|
||||
// @Override
|
||||
// public long deleteNetworkRuleConfigAsync(long userId, Account account, Long networkRuleId) throws PermissionDeniedException {
|
||||
// // do a quick permissions check to make sure the account is either an
|
||||
// // admin or the owner of the security group to which the network rule
|
||||
// // belongs
|
||||
// NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(networkRuleId);
|
||||
// long accountId = Account.ACCOUNT_ID_SYSTEM;
|
||||
// if (netRule != null) {
|
||||
// SecurityGroupVO sg = _securityGroupDao.findById(netRule.getSecurityGroupId());
|
||||
// if (account != null) {
|
||||
// if (!BaseCmd.isAdmin(account.getType())) {
|
||||
// if ((sg.getAccountId() == null) || (sg.getAccountId().longValue() != account.getId().longValue())) {
|
||||
// throw new PermissionDeniedException("Unable to delete port forwarding service rule " + networkRuleId + "; account: " + account.getAccountName() + " is not the owner");
|
||||
// }
|
||||
// } else if (!isChildDomain(account.getDomainId(), sg.getDomainId())) {
|
||||
// throw new PermissionDeniedException("Unable to delete port forwarding service rule " + networkRuleId + "; account: " + account.getAccountName() + " is not an admin in the domain hierarchy.");
|
||||
// }
|
||||
// }
|
||||
// if (sg != null) {
|
||||
// accountId = sg.getAccountId().longValue();
|
||||
// }
|
||||
// } else {
|
||||
// return 0L; // failed to delete due to netRule not found
|
||||
// }
|
||||
//
|
||||
// Gson gson = GsonHelper.getBuilder().create();
|
||||
//
|
||||
// AsyncJobVO job = new AsyncJobVO();
|
||||
// job.setUserId(UserContext.current().getUserId());
|
||||
// job.setAccountId(accountId);
|
||||
// job.setCmd("DeleteNetworkRuleConfig");
|
||||
// job.setCmdInfo(gson.toJson(networkRuleId));
|
||||
//
|
||||
// return _asyncMgr.submitAsyncJob(job);
|
||||
// }
|
||||
|
||||
@DB
|
||||
protected boolean deleteIpForwardingRule(long userId, long accountId, String publicIp, String publicPort, String privateIp, String privatePort, String proto)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user