mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
VPC: CS-15553 and CS-15549 - more checks during automatic ip assoc to VPC network
Conflicts: api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java server/src/com/cloud/network/firewall/FirewallManagerImpl.java server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java server/src/com/cloud/network/rules/RulesManagerImpl.java
This commit is contained in:
Alena Prokharchyk
parent
1781f706f9
commit
ad80f426a0
@ -314,7 +314,7 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements
|
||||
throw new InvalidParameterValueException("Unable to find account " + account + " in domain id=" + domainId);
|
||||
}
|
||||
} else {
|
||||
throw new InvalidParameterValueException("Can't define IP owner. Either specify account/domainId or ipAddressId");
|
||||
throw new InvalidParameterValueException("Can't define IP owner. Either specify account/domainId or publicIpId");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -274,7 +274,7 @@ public interface NetworkManager extends NetworkService {
|
||||
|
||||
public Map<Provider, ArrayList<PublicIp>> getProviderToIpList(Network network, Map<PublicIp, Set<Service>> ipToServices);
|
||||
|
||||
public boolean checkIpForService(IPAddressVO ip, Service service);
|
||||
public boolean checkIpForService(IPAddressVO ip, Service service, Long networkId);
|
||||
|
||||
void checkVirtualNetworkCidrOverlap(Long zoneId, String cidr);
|
||||
|
||||
|
||||
@ -6954,8 +6954,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean checkIpForService(IPAddressVO userIp, Service service) {
|
||||
Long networkId = userIp.getAssociatedWithNetworkId();
|
||||
public boolean checkIpForService(IPAddressVO userIp, Service service, Long networkId) {
|
||||
if (networkId == null) {
|
||||
networkId = userIp.getAssociatedWithNetworkId();
|
||||
}
|
||||
|
||||
NetworkVO network = _networksDao.findById(networkId);
|
||||
NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
|
||||
if (offering.getGuestType() != GuestType.Isolated) {
|
||||
|
||||
@ -159,8 +159,8 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
|
||||
throw new InvalidParameterValueException("Unable to create firewall rule; ip id=" + ipAddrId +
|
||||
" doesn't exist in the system");
|
||||
}
|
||||
|
||||
_networkMgr.checkIpForService(ipAddress, Service.Firewall);
|
||||
|
||||
_networkMgr.checkIpForService(ipAddress, Service.Firewall, null);
|
||||
|
||||
validateFirewallRule(caller, ipAddress, portStart, portEnd, protocol, Purpose.Firewall, type);
|
||||
|
||||
|
||||
@ -743,20 +743,29 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
|
||||
|
||||
boolean performedIpAssoc = false;
|
||||
try {
|
||||
Network network = _networkMgr.getNetwork(lb.getNetworkId());
|
||||
if (ipVO != null) {
|
||||
if (ipVO.getAssociatedWithNetworkId() == null) {
|
||||
//set networkId just for verification purposes
|
||||
ipVO.setAssociatedWithNetworkId(lb.getNetworkId());
|
||||
_networkMgr.checkIpForService(ipVO, Service.Lb);
|
||||
|
||||
s_logger.debug("The ip is not associated with the network id="+ lb.getNetworkId() + " so assigning");
|
||||
ipVO = _networkMgr.associateIPToGuestNetwork(ipAddrId, lb.getNetworkId());
|
||||
performedIpAssoc = true;
|
||||
} else {
|
||||
_networkMgr.checkIpForService(ipVO, Service.Lb);
|
||||
}
|
||||
}
|
||||
|
||||
boolean assignToVpcNtwk = network.getVpcId() != null
|
||||
&& ipVO.getVpcId() != null && ipVO.getVpcId().longValue() == network.getVpcId();
|
||||
if (assignToVpcNtwk) {
|
||||
//set networkId just for verification purposes
|
||||
ipVO.setAssociatedWithNetworkId(lb.getNetworkId());
|
||||
_networkMgr.checkIpForService(ipVO, Service.Lb, lb.getNetworkId());
|
||||
|
||||
s_logger.debug("The ip is not associated with the VPC network id="+ lb.getNetworkId() + " so assigning");
|
||||
ipVO = _networkMgr.associateIPToGuestNetwork(ipAddrId, lb.getNetworkId());
|
||||
performedIpAssoc = true;
|
||||
}
|
||||
} else {
|
||||
_networkMgr.checkIpForService(ipVO, Service.Lb, null);
|
||||
}
|
||||
}
|
||||
|
||||
if (ipVO.getAssociatedWithNetworkId() == null) {
|
||||
throw new InvalidParameterValueException("Ip address " + ipVO + " is not assigned to the network " + network);
|
||||
}
|
||||
|
||||
if (lb.getSourceIpAddressId() == null) {
|
||||
throw new CloudRuntimeException("No ip address is defined to assign the LB to");
|
||||
}
|
||||
|
||||
@ -180,23 +180,32 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
}
|
||||
|
||||
Long networkId = rule.getNetworkId();
|
||||
Network network = _networkMgr.getNetwork(networkId);
|
||||
//associate ip address to network (if needed)
|
||||
boolean performedIpAssoc = false;
|
||||
if (ipAddress.getAssociatedWithNetworkId() == null) {
|
||||
//set networkId just for verification purposes
|
||||
ipAddress.setAssociatedWithNetworkId(networkId);
|
||||
_networkMgr.checkIpForService(ipAddress, Service.PortForwarding);
|
||||
|
||||
s_logger.debug("The ip is not associated with the network id="+ networkId + " so assigning");
|
||||
try {
|
||||
ipAddress = _networkMgr.associateIPToGuestNetwork(ipAddrId, networkId);
|
||||
performedIpAssoc = true;
|
||||
} catch (Exception ex) {
|
||||
throw new CloudRuntimeException("Failed to associate ip to network as " +
|
||||
"a part of port forwarding rule creation");
|
||||
boolean assignToVpcNtwk = network.getVpcId() != null
|
||||
&& ipAddress.getVpcId() != null && ipAddress.getVpcId().longValue() == network.getVpcId();
|
||||
if (assignToVpcNtwk) {
|
||||
//set networkId just for verification purposes
|
||||
ipAddress.setAssociatedWithNetworkId(networkId);
|
||||
_networkMgr.checkIpForService(ipAddress, Service.PortForwarding, networkId);
|
||||
|
||||
s_logger.debug("The ip is not associated with the VPC network id="+ networkId + ", so assigning");
|
||||
try {
|
||||
ipAddress = _networkMgr.associateIPToGuestNetwork(ipAddrId, networkId);
|
||||
performedIpAssoc = true;
|
||||
} catch (Exception ex) {
|
||||
throw new CloudRuntimeException("Failed to associate ip to VPC network as " +
|
||||
"a part of port forwarding rule creation");
|
||||
}
|
||||
}
|
||||
} else {
|
||||
_networkMgr.checkIpForService(ipAddress, Service.PortForwarding);
|
||||
_networkMgr.checkIpForService(ipAddress, Service.PortForwarding, null);
|
||||
}
|
||||
|
||||
if (ipAddress.getAssociatedWithNetworkId() == null) {
|
||||
throw new InvalidParameterValueException("Ip address " + ipAddress + " is not assigned to the network " + network);
|
||||
}
|
||||
|
||||
try {
|
||||
@ -313,7 +322,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
Long accountId = ipAddress.getAllocatedToAccountId();
|
||||
Long domainId = ipAddress.getAllocatedInDomainId();
|
||||
|
||||
_networkMgr.checkIpForService(ipAddress, Service.StaticNat);
|
||||
_networkMgr.checkIpForService(ipAddress, Service.StaticNat, null);
|
||||
|
||||
Network network = _networkMgr.getNetwork(networkId);
|
||||
NetworkOffering off = _configMgr.getNetworkOffering(network.getNetworkOfferingId());
|
||||
@ -379,27 +388,43 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
}
|
||||
|
||||
boolean setNetworkId = false;
|
||||
//associate ip address to network (if needed)
|
||||
if (ipAddress.getAssociatedWithNetworkId() == null) {
|
||||
s_logger.debug("The ip is not associated with the network id="+ networkId + " so assigning");
|
||||
try {
|
||||
ipAddress = _networkMgr.associateIPToGuestNetwork(ipId, networkId);
|
||||
} catch (Exception ex) {
|
||||
s_logger.warn("Failed to associate ip id=" + ipId + " to network id=" + networkId + " as " +
|
||||
"a part of enable static nat");
|
||||
return false;
|
||||
}
|
||||
setNetworkId = true;
|
||||
Network network = _networkMgr.getNetwork(networkId);
|
||||
if (network == null) {
|
||||
throw new InvalidParameterValueException("Unable to find network by id");
|
||||
}
|
||||
|
||||
_networkMgr.checkIpForService(ipAddress, Service.StaticNat);
|
||||
|
||||
// Verify input parameters
|
||||
if (!isSystemVm) {
|
||||
UserVmVO vm = _vmDao.findById(vmId);
|
||||
if (vm == null) {
|
||||
throw new InvalidParameterValueException("Can't enable static nat for the address id=" + ipId + ", invalid virtual machine id specified (" + vmId + ").");
|
||||
throw new InvalidParameterValueException("Can't enable static nat for the address id=" + ipId +
|
||||
", invalid virtual machine id specified (" + vmId + ").");
|
||||
}
|
||||
//associate ip address to network (if needed)
|
||||
if (ipAddress.getAssociatedWithNetworkId() == null) {
|
||||
boolean assignToVpcNtwk = network.getVpcId() != null
|
||||
&& ipAddress.getVpcId() != null && ipAddress.getVpcId().longValue() == network.getVpcId();
|
||||
if (assignToVpcNtwk) {
|
||||
_networkMgr.checkIpForService(ipAddress, Service.StaticNat, networkId);
|
||||
|
||||
s_logger.debug("The ip is not associated with the VPC network id="+ networkId + ", so assigning");
|
||||
try {
|
||||
ipAddress = _networkMgr.associateIPToGuestNetwork(ipId, networkId);
|
||||
} catch (Exception ex) {
|
||||
s_logger.warn("Failed to associate ip id=" + ipId + " to VPC network id=" + networkId + " as " +
|
||||
"a part of enable static nat");
|
||||
return false;
|
||||
}
|
||||
setNetworkId = true;
|
||||
}
|
||||
} else {
|
||||
_networkMgr.checkIpForService(ipAddress, Service.StaticNat, null);
|
||||
}
|
||||
|
||||
|
||||
if (ipAddress.getAssociatedWithNetworkId() == null) {
|
||||
throw new InvalidParameterValueException("Ip address " + ipAddress + " is not assigned to the network " + network);
|
||||
}
|
||||
|
||||
// Check permissions
|
||||
checkIpAndUserVm(ipAddress, vm, caller);
|
||||
}
|
||||
@ -410,7 +435,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
throw new InvalidParameterValueException("Vm doesn't belong to the network " + networkId);
|
||||
}
|
||||
|
||||
Network network = _networkMgr.getNetwork(networkId);
|
||||
if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.StaticNat)) {
|
||||
throw new InvalidParameterValueException("Unable to create static nat rule; StaticNat service is not " +
|
||||
"supported in network id=" + networkId);
|
||||
|
||||
@ -124,7 +124,7 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag
|
||||
}
|
||||
|
||||
IPAddressVO ipAddress = _ipAddressDao.findById(publicIpId);
|
||||
_networkMgr.checkIpForService(ipAddress, Service.Vpn);
|
||||
_networkMgr.checkIpForService(ipAddress, Service.Vpn, null);
|
||||
|
||||
RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIpId);
|
||||
|
||||
|
||||
@ -740,7 +740,7 @@ public class MockNetworkManagerImpl implements NetworkManager, Manager, NetworkS
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean checkIpForService(IPAddressVO ip, Service service) {
|
||||
public boolean checkIpForService(IPAddressVO ip, Service service, Long networkId) {
|
||||
// TODO Auto-generated method stub
|
||||
return false;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user