diff --git a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java index 852d9a9a5d0..80a86847a7e 100644 --- a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java @@ -314,7 +314,7 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements throw new InvalidParameterValueException("Unable to find account " + account + " in domain id=" + domainId); } } else { - throw new InvalidParameterValueException("Can't define IP owner. Either specify account/domainId or ipAddressId"); + throw new InvalidParameterValueException("Can't define IP owner. Either specify account/domainId or publicIpId"); } } diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java index 6aa5bea31d8..2b78238b979 100755 --- a/server/src/com/cloud/network/NetworkManager.java +++ b/server/src/com/cloud/network/NetworkManager.java @@ -274,7 +274,7 @@ public interface NetworkManager extends NetworkService { public Map> getProviderToIpList(Network network, Map> ipToServices); - public boolean checkIpForService(IPAddressVO ip, Service service); + public boolean checkIpForService(IPAddressVO ip, Service service, Long networkId); void checkVirtualNetworkCidrOverlap(Long zoneId, String cidr); diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 850051aa2dd..bf5260a0cb9 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -6954,8 +6954,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } @Override - public boolean checkIpForService(IPAddressVO userIp, Service service) { - Long networkId = userIp.getAssociatedWithNetworkId(); + public boolean checkIpForService(IPAddressVO userIp, Service service, Long networkId) { + if (networkId == null) { + networkId = userIp.getAssociatedWithNetworkId(); + } + NetworkVO network = _networksDao.findById(networkId); NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId()); if (offering.getGuestType() != GuestType.Isolated) { diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index 2d297584396..aa29740bcfe 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -159,8 +159,8 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma throw new InvalidParameterValueException("Unable to create firewall rule; ip id=" + ipAddrId + " doesn't exist in the system"); } - - _networkMgr.checkIpForService(ipAddress, Service.Firewall); + + _networkMgr.checkIpForService(ipAddress, Service.Firewall, null); validateFirewallRule(caller, ipAddress, portStart, portEnd, protocol, Purpose.Firewall, type); diff --git a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java index 58907272e7f..d4ba141d532 100755 --- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java +++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java @@ -743,20 +743,29 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesMa boolean performedIpAssoc = false; try { + Network network = _networkMgr.getNetwork(lb.getNetworkId()); if (ipVO != null) { if (ipVO.getAssociatedWithNetworkId() == null) { - //set networkId just for verification purposes - ipVO.setAssociatedWithNetworkId(lb.getNetworkId()); - _networkMgr.checkIpForService(ipVO, Service.Lb); - - s_logger.debug("The ip is not associated with the network id="+ lb.getNetworkId() + " so assigning"); - ipVO = _networkMgr.associateIPToGuestNetwork(ipAddrId, lb.getNetworkId()); - performedIpAssoc = true; - } else { - _networkMgr.checkIpForService(ipVO, Service.Lb); - } - } - + boolean assignToVpcNtwk = network.getVpcId() != null + && ipVO.getVpcId() != null && ipVO.getVpcId().longValue() == network.getVpcId(); + if (assignToVpcNtwk) { + //set networkId just for verification purposes + ipVO.setAssociatedWithNetworkId(lb.getNetworkId()); + _networkMgr.checkIpForService(ipVO, Service.Lb, lb.getNetworkId()); + + s_logger.debug("The ip is not associated with the VPC network id="+ lb.getNetworkId() + " so assigning"); + ipVO = _networkMgr.associateIPToGuestNetwork(ipAddrId, lb.getNetworkId()); + performedIpAssoc = true; + } + } else { + _networkMgr.checkIpForService(ipVO, Service.Lb, null); + } + } + + if (ipVO.getAssociatedWithNetworkId() == null) { + throw new InvalidParameterValueException("Ip address " + ipVO + " is not assigned to the network " + network); + } + if (lb.getSourceIpAddressId() == null) { throw new CloudRuntimeException("No ip address is defined to assign the LB to"); } diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index cda37d34ef5..5f3d58ae0d2 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -180,23 +180,32 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { } Long networkId = rule.getNetworkId(); + Network network = _networkMgr.getNetwork(networkId); //associate ip address to network (if needed) boolean performedIpAssoc = false; if (ipAddress.getAssociatedWithNetworkId() == null) { - //set networkId just for verification purposes - ipAddress.setAssociatedWithNetworkId(networkId); - _networkMgr.checkIpForService(ipAddress, Service.PortForwarding); - - s_logger.debug("The ip is not associated with the network id="+ networkId + " so assigning"); - try { - ipAddress = _networkMgr.associateIPToGuestNetwork(ipAddrId, networkId); - performedIpAssoc = true; - } catch (Exception ex) { - throw new CloudRuntimeException("Failed to associate ip to network as " + - "a part of port forwarding rule creation"); + boolean assignToVpcNtwk = network.getVpcId() != null + && ipAddress.getVpcId() != null && ipAddress.getVpcId().longValue() == network.getVpcId(); + if (assignToVpcNtwk) { + //set networkId just for verification purposes + ipAddress.setAssociatedWithNetworkId(networkId); + _networkMgr.checkIpForService(ipAddress, Service.PortForwarding, networkId); + + s_logger.debug("The ip is not associated with the VPC network id="+ networkId + ", so assigning"); + try { + ipAddress = _networkMgr.associateIPToGuestNetwork(ipAddrId, networkId); + performedIpAssoc = true; + } catch (Exception ex) { + throw new CloudRuntimeException("Failed to associate ip to VPC network as " + + "a part of port forwarding rule creation"); + } } } else { - _networkMgr.checkIpForService(ipAddress, Service.PortForwarding); + _networkMgr.checkIpForService(ipAddress, Service.PortForwarding, null); + } + + if (ipAddress.getAssociatedWithNetworkId() == null) { + throw new InvalidParameterValueException("Ip address " + ipAddress + " is not assigned to the network " + network); } try { @@ -313,7 +322,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { Long accountId = ipAddress.getAllocatedToAccountId(); Long domainId = ipAddress.getAllocatedInDomainId(); - _networkMgr.checkIpForService(ipAddress, Service.StaticNat); + _networkMgr.checkIpForService(ipAddress, Service.StaticNat, null); Network network = _networkMgr.getNetwork(networkId); NetworkOffering off = _configMgr.getNetworkOffering(network.getNetworkOfferingId()); @@ -379,27 +388,43 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { } boolean setNetworkId = false; - //associate ip address to network (if needed) - if (ipAddress.getAssociatedWithNetworkId() == null) { - s_logger.debug("The ip is not associated with the network id="+ networkId + " so assigning"); - try { - ipAddress = _networkMgr.associateIPToGuestNetwork(ipId, networkId); - } catch (Exception ex) { - s_logger.warn("Failed to associate ip id=" + ipId + " to network id=" + networkId + " as " + - "a part of enable static nat"); - return false; - } - setNetworkId = true; + Network network = _networkMgr.getNetwork(networkId); + if (network == null) { + throw new InvalidParameterValueException("Unable to find network by id"); } - _networkMgr.checkIpForService(ipAddress, Service.StaticNat); - - // Verify input parameters if (!isSystemVm) { UserVmVO vm = _vmDao.findById(vmId); if (vm == null) { - throw new InvalidParameterValueException("Can't enable static nat for the address id=" + ipId + ", invalid virtual machine id specified (" + vmId + ")."); + throw new InvalidParameterValueException("Can't enable static nat for the address id=" + ipId + + ", invalid virtual machine id specified (" + vmId + ")."); } + //associate ip address to network (if needed) + if (ipAddress.getAssociatedWithNetworkId() == null) { + boolean assignToVpcNtwk = network.getVpcId() != null + && ipAddress.getVpcId() != null && ipAddress.getVpcId().longValue() == network.getVpcId(); + if (assignToVpcNtwk) { + _networkMgr.checkIpForService(ipAddress, Service.StaticNat, networkId); + + s_logger.debug("The ip is not associated with the VPC network id="+ networkId + ", so assigning"); + try { + ipAddress = _networkMgr.associateIPToGuestNetwork(ipId, networkId); + } catch (Exception ex) { + s_logger.warn("Failed to associate ip id=" + ipId + " to VPC network id=" + networkId + " as " + + "a part of enable static nat"); + return false; + } + setNetworkId = true; + } + } else { + _networkMgr.checkIpForService(ipAddress, Service.StaticNat, null); + } + + + if (ipAddress.getAssociatedWithNetworkId() == null) { + throw new InvalidParameterValueException("Ip address " + ipAddress + " is not assigned to the network " + network); + } + // Check permissions checkIpAndUserVm(ipAddress, vm, caller); } @@ -410,7 +435,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { throw new InvalidParameterValueException("Vm doesn't belong to the network " + networkId); } - Network network = _networkMgr.getNetwork(networkId); if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.StaticNat)) { throw new InvalidParameterValueException("Unable to create static nat rule; StaticNat service is not " + "supported in network id=" + networkId); diff --git a/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java index 51aed4c6bc7..7f861445bfc 100755 --- a/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java +++ b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java @@ -124,7 +124,7 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag } IPAddressVO ipAddress = _ipAddressDao.findById(publicIpId); - _networkMgr.checkIpForService(ipAddress, Service.Vpn); + _networkMgr.checkIpForService(ipAddress, Service.Vpn, null); RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIpId); diff --git a/server/test/com/cloud/network/MockNetworkManagerImpl.java b/server/test/com/cloud/network/MockNetworkManagerImpl.java index f8a657cf73c..8012b09e2f4 100755 --- a/server/test/com/cloud/network/MockNetworkManagerImpl.java +++ b/server/test/com/cloud/network/MockNetworkManagerImpl.java @@ -740,7 +740,7 @@ public class MockNetworkManagerImpl implements NetworkManager, Manager, NetworkS } @Override - public boolean checkIpForService(IPAddressVO ip, Service service) { + public boolean checkIpForService(IPAddressVO ip, Service service, Long networkId) { // TODO Auto-generated method stub return false; }