apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 20:02:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

VPC: CS-15553 and CS-15549 - more checks during automatic ip assoc to VPC network

Browse Source 
Conflicts:

	api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
	server/src/com/cloud/network/firewall/FirewallManagerImpl.java
	server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
	server/src/com/cloud/network/rules/RulesManagerImpl.java
This commit is contained in:
Alena Prokharchyk 2012-07-12 10:00:29 -07:00
parent 1781f706f9
commit ad80f426a0
8 changed files with 85 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
View File

@ -314,7 +314,7 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements
throw new InvalidParameterValueException("Unable to find account " + account + " in domain id=" + domainId);
}
} else {
throw new InvalidParameterValueException("Can't define IP owner. Either specify account/domainId or ipAddressId");
throw new InvalidParameterValueException("Can't define IP owner. Either specify account/domainId or publicIpId");
}
}

2
server/src/com/cloud/network/NetworkManager.java
View File

@ -274,7 +274,7 @@ public interface NetworkManager extends NetworkService {
public Map<Provider, ArrayList<PublicIp>> getProviderToIpList(Network network, Map<PublicIp, Set<Service>> ipToServices);
public boolean checkIpForService(IPAddressVO ip, Service service);
public boolean checkIpForService(IPAddressVO ip, Service service, Long networkId);
void checkVirtualNetworkCidrOverlap(Long zoneId, String cidr);

7
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -6954,8 +6954,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
}
@Override
public boolean checkIpForService(IPAddressVO userIp, Service service) {
Long networkId = userIp.getAssociatedWithNetworkId();
public boolean checkIpForService(IPAddressVO userIp, Service service, Long networkId) {
if (networkId == null) {
networkId = userIp.getAssociatedWithNetworkId();
}
NetworkVO network = _networksDao.findById(networkId);
NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
if (offering.getGuestType() != GuestType.Isolated) {

2
server/src/com/cloud/network/firewall/FirewallManagerImpl.java
View File

@ -160,7 +160,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
" doesn't exist in the system");
}
_networkMgr.checkIpForService(ipAddress, Service.Firewall);
_networkMgr.checkIpForService(ipAddress, Service.Firewall, null);
validateFirewallRule(caller, ipAddress, portStart, portEnd, protocol, Purpose.Firewall, type);

23
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
View File

@ -743,20 +743,29 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
boolean performedIpAssoc = false;
try {
Network network = _networkMgr.getNetwork(lb.getNetworkId());
if (ipVO != null) {
if (ipVO.getAssociatedWithNetworkId() == null) {
//set networkId just for verification purposes
ipVO.setAssociatedWithNetworkId(lb.getNetworkId());
_networkMgr.checkIpForService(ipVO, Service.Lb);
boolean assignToVpcNtwk = network.getVpcId() != null
&& ipVO.getVpcId() != null && ipVO.getVpcId().longValue() == network.getVpcId();
if (assignToVpcNtwk) {
//set networkId just for verification purposes
ipVO.setAssociatedWithNetworkId(lb.getNetworkId());
_networkMgr.checkIpForService(ipVO, Service.Lb, lb.getNetworkId());
s_logger.debug("The ip is not associated with the network id="+ lb.getNetworkId() + " so assigning");
ipVO = _networkMgr.associateIPToGuestNetwork(ipAddrId, lb.getNetworkId());
performedIpAssoc = true;
s_logger.debug("The ip is not associated with the VPC network id="+ lb.getNetworkId() + " so assigning");
ipVO = _networkMgr.associateIPToGuestNetwork(ipAddrId, lb.getNetworkId());
performedIpAssoc = true;
}
} else {
_networkMgr.checkIpForService(ipVO, Service.Lb);
_networkMgr.checkIpForService(ipVO, Service.Lb, null);
}
}
if (ipVO.getAssociatedWithNetworkId() == null) {
throw new InvalidParameterValueException("Ip address " + ipVO + " is not assigned to the network " + network);
}
if (lb.getSourceIpAddressId() == null) {
throw new CloudRuntimeException("No ip address is defined to assign the LB to");
}

80
server/src/com/cloud/network/rules/RulesManagerImpl.java
View File

@ -180,23 +180,32 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
Long networkId = rule.getNetworkId();
Network network = _networkMgr.getNetwork(networkId);
//associate ip address to network (if needed)
boolean performedIpAssoc = false;
if (ipAddress.getAssociatedWithNetworkId() == null) {
//set networkId just for verification purposes
ipAddress.setAssociatedWithNetworkId(networkId);
_networkMgr.checkIpForService(ipAddress, Service.PortForwarding);
boolean assignToVpcNtwk = network.getVpcId() != null
&& ipAddress.getVpcId() != null && ipAddress.getVpcId().longValue() == network.getVpcId();
if (assignToVpcNtwk) {
//set networkId just for verification purposes
ipAddress.setAssociatedWithNetworkId(networkId);
_networkMgr.checkIpForService(ipAddress, Service.PortForwarding, networkId);
s_logger.debug("The ip is not associated with the network id="+ networkId + " so assigning");
try {
ipAddress = _networkMgr.associateIPToGuestNetwork(ipAddrId, networkId);
performedIpAssoc = true;
} catch (Exception ex) {
throw new CloudRuntimeException("Failed to associate ip to network as " +
"a part of port forwarding rule creation");
s_logger.debug("The ip is not associated with the VPC network id="+ networkId + ", so assigning");
try {
ipAddress = _networkMgr.associateIPToGuestNetwork(ipAddrId, networkId);
performedIpAssoc = true;
} catch (Exception ex) {
throw new CloudRuntimeException("Failed to associate ip to VPC network as " +
"a part of port forwarding rule creation");
}
}
} else {
_networkMgr.checkIpForService(ipAddress, Service.PortForwarding);
_networkMgr.checkIpForService(ipAddress, Service.PortForwarding, null);
}
if (ipAddress.getAssociatedWithNetworkId() == null) {
throw new InvalidParameterValueException("Ip address " + ipAddress + " is not assigned to the network " + network);
}
try {
@ -313,7 +322,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
Long accountId = ipAddress.getAllocatedToAccountId();
Long domainId = ipAddress.getAllocatedInDomainId();
_networkMgr.checkIpForService(ipAddress, Service.StaticNat);
_networkMgr.checkIpForService(ipAddress, Service.StaticNat, null);
Network network = _networkMgr.getNetwork(networkId);
NetworkOffering off = _configMgr.getNetworkOffering(network.getNetworkOfferingId());
@ -379,27 +388,43 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
boolean setNetworkId = false;
//associate ip address to network (if needed)
if (ipAddress.getAssociatedWithNetworkId() == null) {
s_logger.debug("The ip is not associated with the network id="+ networkId + " so assigning");
try {
ipAddress = _networkMgr.associateIPToGuestNetwork(ipId, networkId);
} catch (Exception ex) {
s_logger.warn("Failed to associate ip id=" + ipId + " to network id=" + networkId + " as " +
"a part of enable static nat");
return false;
}
setNetworkId = true;
Network network = _networkMgr.getNetwork(networkId);
if (network == null) {
throw new InvalidParameterValueException("Unable to find network by id");
}
_networkMgr.checkIpForService(ipAddress, Service.StaticNat);
// Verify input parameters
if (!isSystemVm) {
UserVmVO vm = _vmDao.findById(vmId);
if (vm == null) {
throw new InvalidParameterValueException("Can't enable static nat for the address id=" + ipId + ", invalid virtual machine id specified (" + vmId + ").");
throw new InvalidParameterValueException("Can't enable static nat for the address id=" + ipId +
", invalid virtual machine id specified (" + vmId + ").");
}
//associate ip address to network (if needed)
if (ipAddress.getAssociatedWithNetworkId() == null) {
boolean assignToVpcNtwk = network.getVpcId() != null
&& ipAddress.getVpcId() != null && ipAddress.getVpcId().longValue() == network.getVpcId();
if (assignToVpcNtwk) {
_networkMgr.checkIpForService(ipAddress, Service.StaticNat, networkId);
s_logger.debug("The ip is not associated with the VPC network id="+ networkId + ", so assigning");
try {
ipAddress = _networkMgr.associateIPToGuestNetwork(ipId, networkId);
} catch (Exception ex) {
s_logger.warn("Failed to associate ip id=" + ipId + " to VPC network id=" + networkId + " as " +
"a part of enable static nat");
return false;
}
setNetworkId = true;
}
} else {
_networkMgr.checkIpForService(ipAddress, Service.StaticNat, null);
}
if (ipAddress.getAssociatedWithNetworkId() == null) {
throw new InvalidParameterValueException("Ip address " + ipAddress + " is not assigned to the network " + network);
}
// Check permissions
checkIpAndUserVm(ipAddress, vm, caller);
}
@ -410,7 +435,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
throw new InvalidParameterValueException("Vm doesn't belong to the network " + networkId);
}
Network network = _networkMgr.getNetwork(networkId);
if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.StaticNat)) {
throw new InvalidParameterValueException("Unable to create static nat rule; StaticNat service is not " +
"supported in network id=" + networkId);

2
server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java
View File

@ -124,7 +124,7 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag
}
IPAddressVO ipAddress = _ipAddressDao.findById(publicIpId);
_networkMgr.checkIpForService(ipAddress, Service.Vpn);
_networkMgr.checkIpForService(ipAddress, Service.Vpn, null);
RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIpId);

2
server/test/com/cloud/network/MockNetworkManagerImpl.java
View File

@ -740,7 +740,7 @@ public class MockNetworkManagerImpl implements NetworkManager, Manager, NetworkS
}
@Override
public boolean checkIpForService(IPAddressVO ip, Service service) {
public boolean checkIpForService(IPAddressVO ip, Service service, Long networkId) {
// TODO Auto-generated method stub
return false;
}