apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 20:02:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactored DeleteIPForwardingRule/UpdateIPForwardingRule commands to new api framework.

Browse Source
This commit is contained in:
alena 2010-09-08 19:03:42 -07:00
parent 5170c215f8
commit b0aa28032c
11 changed files with 633 additions and 493 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
server/src/com/cloud/api/commands/DeleteIPForwardingRuleCmd.java
View File

@ -18,35 +18,17 @@
package com.cloud.api.commands;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;
import com.cloud.api.BaseCmd;
import com.cloud.api.Implementation;
import com.cloud.api.Parameter;
import com.cloud.api.ServerApiException;
import com.cloud.exception.InternalErrorException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.network.FirewallRuleVO;
import com.cloud.network.IPAddressVO;
import com.cloud.user.Account;
import com.cloud.user.User;
import com.cloud.utils.Pair;
import com.cloud.api.BaseCmd.Manager;
@Implementation(method="deleteIpForwardingRule", manager=Manager.NetworkManager)
public class DeleteIPForwardingRuleCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteIPForwardingRuleCmd.class.getName());
private static final String s_name = "deleteportforwardingruleresponse";
private static final List<Pair<Enum, Boolean>> s_properties = new ArrayList<Pair<Enum, Boolean>>();
static {
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.USER_ID, Boolean.FALSE));
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ACCOUNT_OBJ, Boolean.FALSE));
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ID, Boolean.TRUE));
}
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -64,7 +46,6 @@ public class DeleteIPForwardingRuleCmd extends BaseCmd {
return id;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@ -72,58 +53,61 @@ public class DeleteIPForwardingRuleCmd extends BaseCmd {
public String getName() {
return s_name;
}
public List<Pair<Enum, Boolean>> getProperties() {
return s_properties;
}
@Override
public List<Pair<String, Object>> execute(Map<String, Object> params) {
Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName());
Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName());
Long ruleId = (Long)params.get(BaseCmd.Properties.ID.getName());
if (userId == null) {
userId = Long.valueOf(User.UID_SYSTEM);
}
FirewallRuleVO fwRule = getManagementServer().findForwardingRuleById(ruleId);
if (fwRule == null) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find port forwarding rule " + ruleId);
}
IPAddressVO ipAddress = getManagementServer().findIPAddressById(fwRule.getPublicIpAddress());
if (ipAddress == null) {
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to find IP address for port forwarding rule " + ruleId);
}
Account ruleOwner = getManagementServer().findAccountById(ipAddress.getAccountId());
if (ruleOwner == null) {
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to find owning account for port forwarding rule " + ruleId);
}
// if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
if (account != null) {
if (isAdmin(account.getType())) {
if (!getManagementServer().isChildDomain(account.getDomainId(), ruleOwner.getDomainId())) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to delete port forwarding rule " + ruleId + ", permission denied.");
}
} else if (account.getId().longValue() != ruleOwner.getId().longValue()) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to delete port forwarding rule " + ruleId + ", permission denied.");
}
}
try {
getManagementServer().deleteRule(ruleId.longValue(), userId.longValue(), ruleOwner.getId().longValue());
} catch (InvalidParameterValueException ex1) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to delete port forwarding rule " + ruleId + ", internal error.");
} catch (PermissionDeniedException ex2) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to delete port forwarding rule " + ruleId + ", permission denied.");
} catch (InternalErrorException ex3) {
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to delete port forwarding rule " + ruleId + ", internal error.");
}
List<Pair<String, Object>> returnValues = new ArrayList<Pair<String, Object>>();
returnValues.add(new Pair<String, Object>(BaseCmd.Properties.SUCCESS.getName(), "true"));
return returnValues;
}
// @Override
// public List<Pair<String, Object>> execute(Map<String, Object> params) {
// Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName());
// Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName());
// Long ruleId = (Long)params.get(BaseCmd.Properties.ID.getName());
//
// if (userId == null) {
// userId = Long.valueOf(User.UID_SYSTEM);
// }
//
// FirewallRuleVO fwRule = getManagementServer().findForwardingRuleById(ruleId);
// if (fwRule == null) {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find port forwarding rule " + ruleId);
// }
//
// IPAddressVO ipAddress = getManagementServer().findIPAddressById(fwRule.getPublicIpAddress());
// if (ipAddress == null) {
// throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to find IP address for port forwarding rule " + ruleId);
// }
//
// Account ruleOwner = getManagementServer().findAccountById(ipAddress.getAccountId());
// if (ruleOwner == null) {
// throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to find owning account for port forwarding rule " + ruleId);
// }
//
// // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
// if (account != null) {
// if (isAdmin(account.getType())) {
// if (!getManagementServer().isChildDomain(account.getDomainId(), ruleOwner.getDomainId())) {
// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to delete port forwarding rule " + ruleId + ", permission denied.");
// }
// } else if (account.getId().longValue() != ruleOwner.getId().longValue()) {
// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to delete port forwarding rule " + ruleId + ", permission denied.");
// }
// }
//
// try {
// getManagementServer().deleteRule(ruleId.longValue(), userId.longValue(), ruleOwner.getId().longValue());
// } catch (InvalidParameterValueException ex1) {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to delete port forwarding rule " + ruleId + ", internal error.");
// } catch (PermissionDeniedException ex2) {
// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to delete port forwarding rule " + ruleId + ", permission denied.");
// } catch (InternalErrorException ex3) {
// throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to delete port forwarding rule " + ruleId + ", internal error.");
// }
//
// List<Pair<String, Object>> returnValues = new ArrayList<Pair<String, Object>>();
// returnValues.add(new Pair<String, Object>(BaseCmd.Properties.SUCCESS.getName(), "true"));
// return returnValues;
// }
@Override
public String getResponse() {
// TODO Auto-generated method stub
return null;
}
}

190
server/src/com/cloud/api/commands/UpdateIPForwardingRuleCmd.java
View File

@ -1,39 +1,16 @@
package com.cloud.api.commands;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;
import com.cloud.api.BaseCmd;
import com.cloud.api.BaseAsyncCmd;
import com.cloud.api.BaseCmd.Manager;
import com.cloud.api.Implementation;
import com.cloud.api.Parameter;
import com.cloud.api.ServerApiException;
import com.cloud.network.IPAddressVO;
import com.cloud.server.Criteria;
import com.cloud.user.Account;
import com.cloud.user.User;
import com.cloud.utils.Pair;
import com.cloud.utils.net.NetUtils;
import com.cloud.vm.UserVmVO;
public class UpdateIPForwardingRuleCmd extends BaseCmd {
@Implementation(method="updatePortForwardingRule", manager=Manager.ManagementServer)
public class UpdateIPForwardingRuleCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateIPForwardingRuleCmd.class.getName());
private static final String s_name = "updateportforwardingruleresponse";
private static final List<Pair<Enum, Boolean>> s_properties = new ArrayList<Pair<Enum, Boolean>>();
static {
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.USER_ID, Boolean.FALSE));
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ACCOUNT_OBJ, Boolean.FALSE));
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.PRIVATE_IP, Boolean.FALSE));
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.PRIVATE_PORT, Boolean.TRUE));
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.PROTOCOL, Boolean.TRUE));
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.PUBLIC_IP, Boolean.TRUE));
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.PUBLIC_PORT, Boolean.TRUE));
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.VIRTUAL_MACHINE_ID, Boolean.FALSE));
}
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -92,82 +69,85 @@ public class UpdateIPForwardingRuleCmd extends BaseCmd {
public String getName() {
return s_name;
}
public List<Pair<Enum, Boolean>> getProperties() {
return s_properties;
}
@Override
public List<Pair<String, Object>> execute(Map<String, Object> params) {
Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName());
Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName());
String publicIp = (String)params.get(BaseCmd.Properties.PUBLIC_IP.getName());
String publicPort = (String)params.get(BaseCmd.Properties.PUBLIC_PORT.getName());
String privateIp = (String)params.get(BaseCmd.Properties.PRIVATE_IP.getName());
String privatePort = (String)params.get(BaseCmd.Properties.PRIVATE_PORT.getName());
String protocol = (String)params.get(BaseCmd.Properties.PROTOCOL.getName());
Long vmId = (Long)params.get(BaseCmd.Properties.VIRTUAL_MACHINE_ID.getName());
UserVmVO userVM = null;
if (userId == null) {
userId = Long.valueOf(User.UID_SYSTEM);
}
IPAddressVO ipAddressVO = getManagementServer().findIPAddressById(publicIp);
if (ipAddressVO == null) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find IP address " + publicIp);
}
if (ipAddressVO.getAccountId() == null) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to update port forwarding rule, owner of IP address " + publicIp + " not found.");
}
if (privateIp != null) {
if (!NetUtils.isValidIp(privateIp)) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp);
}
Criteria c = new Criteria();
c.addCriteria(Criteria.ACCOUNTID, new Object[] {ipAddressVO.getAccountId()});
c.addCriteria(Criteria.DATACENTERID, ipAddressVO.getDataCenterId());
c.addCriteria(Criteria.IPADDRESS, privateIp);
List<UserVmVO> userVMs = getManagementServer().searchForUserVMs(c);
if ((userVMs == null) || userVMs.isEmpty()) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp + ", no virtual machine instances running with that address.");
}
userVM = userVMs.get(0);
} else if (vmId != null) {
userVM = getManagementServer().findUserVMInstanceById(vmId);
if (userVM == null) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find virtual machine with id " + vmId);
}
if ((ipAddressVO.getAccountId() == null) || (ipAddressVO.getAccountId().longValue() != userVM.getAccountId())) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update port forwarding rule on IP address " + publicIp + ", permission denied.");
}
if (ipAddressVO.getDataCenterId() != userVM.getDataCenterId()) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to update port forwarding rule, IP address " + publicIp + " is not in the same availability zone as virtual machine " + userVM.toString());
}
privateIp = userVM.getGuestIpAddress();
} else {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "No private IP address (privateip) or virtual machine instance id (virtualmachineid) specified, unable to update port forwarding rule");
}
// if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
if (account != null) {
if (isAdmin(account.getType())) {
if (!getManagementServer().isChildDomain(account.getDomainId(), ipAddressVO.getDomainId())) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update port forwarding rule on IP address " + publicIp + ", permission denied.");
}
} else if (account.getId().longValue() != ipAddressVO.getAccountId()) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update port forwarding rule on IP address " + publicIp + ", permission denied.");
}
}
long jobId = getManagementServer().updatePortForwardingRuleAsync(userId, ipAddressVO.getAccountId().longValue(), publicIp, privateIp, publicPort, privatePort, protocol);
List<Pair<String, Object>> returnValues = new ArrayList<Pair<String, Object>>();
returnValues.add(new Pair<String, Object>(BaseCmd.Properties.JOB_ID.getName(), Long.valueOf(jobId).toString()));
return returnValues;
}
// @Override
// public List<Pair<String, Object>> execute(Map<String, Object> params) {
// Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName());
// Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName());
// String publicIp = (String)params.get(BaseCmd.Properties.PUBLIC_IP.getName());
// String publicPort = (String)params.get(BaseCmd.Properties.PUBLIC_PORT.getName());
// String privateIp = (String)params.get(BaseCmd.Properties.PRIVATE_IP.getName());
// String privatePort = (String)params.get(BaseCmd.Properties.PRIVATE_PORT.getName());
// String protocol = (String)params.get(BaseCmd.Properties.PROTOCOL.getName());
// Long vmId = (Long)params.get(BaseCmd.Properties.VIRTUAL_MACHINE_ID.getName());
// UserVmVO userVM = null;
//
// if (userId == null) {
// userId = Long.valueOf(User.UID_SYSTEM);
// }
//
// IPAddressVO ipAddressVO = getManagementServer().findIPAddressById(publicIp);
// if (ipAddressVO == null) {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find IP address " + publicIp);
// }
//
// if (ipAddressVO.getAccountId() == null) {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to update port forwarding rule, owner of IP address " + publicIp + " not found.");
// }
//
// if (privateIp != null) {
// if (!NetUtils.isValidIp(privateIp)) {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp);
// }
// Criteria c = new Criteria();
// c.addCriteria(Criteria.ACCOUNTID, new Object[] {ipAddressVO.getAccountId()});
// c.addCriteria(Criteria.DATACENTERID, ipAddressVO.getDataCenterId());
// c.addCriteria(Criteria.IPADDRESS, privateIp);
// List<UserVmVO> userVMs = getManagementServer().searchForUserVMs(c);
// if ((userVMs == null) || userVMs.isEmpty()) {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp + ", no virtual machine instances running with that address.");
// }
// userVM = userVMs.get(0);
// } else if (vmId != null) {
// userVM = getManagementServer().findUserVMInstanceById(vmId);
// if (userVM == null) {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find virtual machine with id " + vmId);
// }
//
// if ((ipAddressVO.getAccountId() == null) || (ipAddressVO.getAccountId().longValue() != userVM.getAccountId())) {
// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update port forwarding rule on IP address " + publicIp + ", permission denied.");
// }
//
// if (ipAddressVO.getDataCenterId() != userVM.getDataCenterId()) {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to update port forwarding rule, IP address " + publicIp + " is not in the same availability zone as virtual machine " + userVM.toString());
// }
//
// privateIp = userVM.getGuestIpAddress();
// } else {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "No private IP address (privateip) or virtual machine instance id (virtualmachineid) specified, unable to update port forwarding rule");
// }
//
// // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
// if (account != null) {
// if (isAdmin(account.getType())) {
// if (!getManagementServer().isChildDomain(account.getDomainId(), ipAddressVO.getDomainId())) {
// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update port forwarding rule on IP address " + publicIp + ", permission denied.");
// }
// } else if (account.getId().longValue() != ipAddressVO.getAccountId()) {
// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update port forwarding rule on IP address " + publicIp + ", permission denied.");
// }
// }
//
// long jobId = getManagementServer().updatePortForwardingRuleAsync(userId, ipAddressVO.getAccountId().longValue(), publicIp, privateIp, publicPort, privatePort, protocol);
//
// List<Pair<String, Object>> returnValues = new ArrayList<Pair<String, Object>>();
// returnValues.add(new Pair<String, Object>(BaseCmd.Properties.JOB_ID.getName(), Long.valueOf(jobId).toString()));
// return returnValues;
// }
@Override
public String getResponse() {
// TODO Auto-generated method stub
return null;
}
}

31
server/src/com/cloud/network/NetworkManager.java
View File

@ -24,6 +24,7 @@ import com.cloud.api.commands.AssignToLoadBalancerRuleCmd;
import com.cloud.api.commands.AssociateIPAddrCmd;
import com.cloud.api.commands.CreateIPForwardingRuleCmd;
import com.cloud.api.commands.CreateLoadBalancerRuleCmd;
import com.cloud.api.commands.DeleteIPForwardingRuleCmd;
import com.cloud.api.commands.DeleteLoadBalancerRuleCmd;
import com.cloud.api.commands.DeletePortForwardingServiceRuleCmd;
import com.cloud.api.commands.DisassociateIPAddrCmd;
@ -32,6 +33,7 @@ import com.cloud.api.commands.RebootRouterCmd;
import com.cloud.api.commands.RemoveFromLoadBalancerRuleCmd;
import com.cloud.api.commands.StartRouterCmd;
import com.cloud.api.commands.StopRouterCmd;
import com.cloud.api.commands.UpdateIPForwardingRuleCmd;
import com.cloud.api.commands.UpdateLoadBalancerRuleCmd;
import com.cloud.dc.DataCenterVO;
import com.cloud.dc.HostPodVO;
@ -112,7 +114,12 @@ public interface NetworkManager extends Manager {
DomainRouterVO startRouter(long routerId, long eventId);
DomainRouterVO startRouter(StartRouterCmd cmd) throws InvalidParameterValueException;
/**
* Starts domain router
* @param cmd the command specifying router's id
* @return DomainRouter object
*/
DomainRouterVO startRouter(StartRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
boolean releaseRouter(long routerId);
@ -120,13 +127,23 @@ public interface NetworkManager extends Manager {
boolean stopRouter(long routerId, long eventId);
boolean stopRouter(StopRouterCmd cmd) throws InvalidParameterValueException;
/**
* Stops domain router
* @param cmd the command specifying router's id
* @return success or failure
*/
boolean stopRouter(StopRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
boolean getRouterStatistics(long vmId, Map<String, long[]> netStats, Map<String, long[]> diskStats);
boolean rebootRouter(long routerId, long eventId);
boolean rebootRouter(RebootRouterCmd cmd) throws InvalidParameterValueException;
/**
* Reboots domain router
* @param cmd the command specifying router's id
* @return success or failure
*/
boolean rebootRouter(RebootRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
/**
* @param hostId get all of the virtual machine routers on a host.
* @return collection of VirtualMachineRouter
@ -232,8 +249,8 @@ public interface NetworkManager extends Manager {
public boolean removeFromLoadBalancer(RemoveFromLoadBalancerRuleCmd cmd) throws InvalidParameterValueException;
public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd) throws InvalidParameterValueException;
public LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException;
public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
public LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
/**
* Add a DHCP entry on the domr dhcp server
@ -273,6 +290,8 @@ public interface NetworkManager extends Manager {
public boolean deleteNetworkRuleConfig(DeletePortForwardingServiceRuleCmd cmd) throws PermissionDeniedException;
boolean disassociateIpAddress(DisassociateIPAddrCmd cmd) throws PermissionDeniedException;
public boolean disassociateIpAddress(DisassociateIPAddrCmd cmd) throws PermissionDeniedException;
public boolean deleteIpForwardingRule(DeleteIPForwardingRuleCmd cmd) throws PermissionDeniedException, InvalidParameterValueException;
}

130
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -62,15 +62,16 @@ import com.cloud.api.commands.AssignToLoadBalancerRuleCmd;
import com.cloud.api.commands.AssociateIPAddrCmd;
import com.cloud.api.commands.CreateIPForwardingRuleCmd;
import com.cloud.api.commands.CreateLoadBalancerRuleCmd;
import com.cloud.api.commands.DeleteIPForwardingRuleCmd;
import com.cloud.api.commands.DeleteLoadBalancerRuleCmd;
import com.cloud.api.commands.DeletePortForwardingServiceRuleCmd;
import com.cloud.api.commands.DisassociateIPAddrCmd;
import com.cloud.api.commands.ListPortForwardingRulesCmd;
import com.cloud.api.commands.LoadBalancerVO;
import com.cloud.api.commands.RebootRouterCmd;
import com.cloud.api.commands.RemoveFromLoadBalancerRuleCmd;
import com.cloud.api.commands.StartRouterCmd;
import com.cloud.api.commands.StopRouterCmd;
import com.cloud.api.commands.UpdateIPForwardingRuleCmd;
import com.cloud.api.commands.UpdateLoadBalancerRuleCmd;
import com.cloud.async.AsyncJobExecutor;
import com.cloud.async.AsyncJobManager;
@ -800,17 +801,17 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
}
@Override
public DomainRouterVO startRouter(StartRouterCmd cmd) throws InvalidParameterValueException{
public DomainRouterVO startRouter(StartRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
Long routerId = cmd.getId();
Account account = (Account)UserContext.current().getAccountObject();
//verify parameters
DomainRouterVO router = _routerDao.findById(routerId);
if (router == null) {
throw new InvalidParameterValueException ("Unable to find a domain router with id " + routerId);
throw new PermissionDeniedException ("Unable to start router with id " + routerId + ". Permisssion denied");
}
if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), router.getDomainId())) {
throw new ServerApiException (BaseCmd.PARAM_ERROR, "Invalid domain router id (" + routerId + ") given, unable to start router.");
throw new PermissionDeniedException ("Unable to start router with id " + routerId + ". Permission denied.");
}
long eventId = EventUtils.saveScheduledEvent(User.UID_SYSTEM, Account.ACCOUNT_ID_SYSTEM, EventTypes.EVENT_ROUTER_START, "starting Router with Id: "+routerId);
@ -1236,18 +1237,18 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
@Override
public boolean stopRouter(StopRouterCmd cmd) throws InvalidParameterValueException{
public boolean stopRouter(StopRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
Long routerId = cmd.getId();
Account account = (Account)UserContext.current().getAccountObject();
// verify parameters
DomainRouterVO router = _routerDao.findById(routerId);
if (router == null) {
throw new InvalidParameterValueException ("Unable to find a domain router with id " + routerId);
throw new PermissionDeniedException ("Unable to stop router with id " + routerId + ". Permission denied.");
}
if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), router.getDomainId())) {
throw new InvalidParameterValueException ("Invalid domain router id (" + routerId + ") given, unable to stop router.");
throw new PermissionDeniedException ("Unable to stop router with id " + routerId + ". Permission denied");
}
long eventId = EventUtils.saveScheduledEvent(User.UID_SYSTEM, Account.ACCOUNT_ID_SYSTEM, EventTypes.EVENT_ROUTER_STOP, "stopping Router with Id: "+routerId);
@ -1379,18 +1380,18 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
}
@Override
public boolean rebootRouter(RebootRouterCmd cmd) throws InvalidParameterValueException{
public boolean rebootRouter(RebootRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
Long routerId = cmd.getId();
Account account = (Account)UserContext.current().getAccountObject();
//verify parameters
DomainRouterVO router = _routerDao.findById(routerId);
if (router == null) {
throw new InvalidParameterValueException("Unable to find a domain router with id " + routerId);
throw new PermissionDeniedException("Unable to reboot domain router with id " + routerId + ". Permission denied");
}
if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), router.getDomainId())) {
throw new InvalidParameterValueException("Invalid domain router id (" + routerId + ") given, unable to reboot router.");
throw new PermissionDeniedException("Unable to reboot domain router with id " + routerId + ". Permission denied");
}
long eventId = EventUtils.saveScheduledEvent(User.UID_SYSTEM, Account.ACCOUNT_ID_SYSTEM, EventTypes.EVENT_ROUTER_REBOOT, "rebooting Router with Id: "+routerId);
@ -3136,7 +3137,7 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
}
@Override @DB
public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd) throws InvalidParameterValueException{
public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
Long loadBalancerId = cmd.getId();
Long userId = UserContext.current().getUserId();
Account account = (Account)UserContext.current().getAccountObject();
@ -3150,10 +3151,10 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
if (account != null) {
if (!isAdmin(account.getType())) {
if (loadBalancer.getAccountId() != account.getId().longValue()) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + ")");
throw new PermissionDeniedException("Account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + "), permission denied");
}
} else if (!_domainDao.isChildDomain(account.getDomainId(), loadBalancer.getDomainId())) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to delete load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + "), permission denied.");
throw new PermissionDeniedException("Unable to delete load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + "), permission denied.");
}
}
@ -3229,7 +3230,7 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
boolean success = _loadBalancerDao.remove(loadBalancerId);
// save off an event for removing the security group
// save off an event for removing the load balancer
EventVO event = new EventVO();
event.setUserId(userId);
event.setAccountId(loadBalancer.getAccountId());
@ -3249,7 +3250,7 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
@Override @DB
public LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException{
public LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
Long loadBalancerId = cmd.getId();
String privatePort = cmd.getPrivatePort();
String algorithm = cmd.getAlgorithm();
@ -3281,10 +3282,10 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
if (account != null) {
if (!isAdmin(account.getType())) {
if (account.getId().longValue() != accountId.longValue()) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update load balancer rule, permission denied");
throw new PermissionDeniedException("Unable to update load balancer rule, permission denied");
}
} else if (!_domainDao.isChildDomain(account.getDomainId(), lbOwner.getDomainId())) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update load balancer rule, permission denied.");
throw new PermissionDeniedException("Unable to update load balancer rule, permission denied.");
}
}
@ -3522,5 +3523,100 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
throw new IllegalArgumentException("Disassociate IP address threw an exception");
}
}
@Override @DB
public boolean deleteIpForwardingRule(DeleteIPForwardingRuleCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
Long ruleId = cmd.getId();
Long userId = UserContext.current().getUserId();
Account account = (Account)UserContext.current().getAccountObject();
//verify input parameters here
FirewallRuleVO rule = _firewallRulesDao.findById(ruleId);
if (rule == null) {
throw new InvalidParameterValueException("Unable to find port forwarding rule " + ruleId);
}
IPAddressVO ipAddress = _ipAddressDao.findById(rule.getPublicIpAddress());
if (ipAddress == null) {
throw new InvalidParameterValueException("Unable to find IP address for port forwarding rule " + ruleId);
}
// although we are not writing these values to the DB, we will check
// them out of an abundance
// of caution (may not be warranted)
String privatePort = rule.getPrivatePort();
String publicPort = rule.getPublicPort();
if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) {
throw new InvalidParameterValueException("Invalid value for port");
}
String proto = rule.getProtocol();
if (!NetUtils.isValidProto(proto)) {
throw new InvalidParameterValueException("Invalid protocol");
}
Account ruleOwner = _accountDao.findById(ipAddress.getAccountId());
if (ruleOwner == null) {
throw new InvalidParameterValueException("Unable to find owning account for port forwarding rule " + ruleId);
}
// if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
if (account != null) {
if (isAdmin(account.getType())) {
if (!_domainDao.isChildDomain(account.getDomainId(), ruleOwner.getDomainId())) {
throw new PermissionDeniedException("Unable to delete port forwarding rule " + ruleId + ", permission denied.");
}
} else if (account.getId().longValue() != ruleOwner.getId().longValue()) {
throw new PermissionDeniedException("Unable to delete port forwarding rule " + ruleId + ", permission denied.");
}
}
Transaction txn = Transaction.currentTxn();
boolean success = false;
try {
txn.start();
String privateIp = rule.getPrivateIpAddress();
String publicIp = rule.getPublicIpAddress();
List<FirewallRuleVO> fwdings = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, proto);
FirewallRuleVO fwRule = null;
if (fwdings.size() == 0) {
throw new InvalidParameterValueException("No such rule");
} else if (fwdings.size() == 1) {
fwRule = fwdings.get(0);
if (fwRule.getPrivateIpAddress().equalsIgnoreCase(privateIp) && fwRule.getPrivatePort().equals(privatePort)) {
_firewallRulesDao.delete(fwRule.getId());
} else {
throw new InvalidParameterValueException("No such rule");
}
} else {
throw new InternalErrorException("Multiple matches. Please contact support");
}
fwRule.setEnabled(false);
success = updateFirewallRule(fwRule, null, null);
String description;
String type = EventTypes.EVENT_NET_RULE_DELETE;
String level = EventVO.LEVEL_INFO;
String ruleName = rule.isForwarding() ? "ip forwarding" : "load balancer";
if (success) {
description = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":"
+ rule.getPrivatePort() + "] " + rule.getProtocol();
} else {
level = EventVO.LEVEL_ERROR;
description = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":"
+ rule.getPrivatePort() + "] " + rule.getProtocol();
}
EventUtils.saveEvent(userId, ipAddress.getAccountId(), level, type, description);
txn.commit();
}catch (Exception ex) {
txn.rollback();
s_logger.error("Unexpected exception deleting port forwarding rule " + ruleId, ex);
return false;
}finally {
txn.close();
}
return success;
}
}

15
server/src/com/cloud/server/ManagementServer.java
View File

@ -65,6 +65,7 @@ import com.cloud.api.commands.StartSystemVMCmd;
import com.cloud.api.commands.StopSystemVmCmd;
import com.cloud.api.commands.UpdateAccountCmd;
import com.cloud.api.commands.UpdateDomainCmd;
import com.cloud.api.commands.UpdateIPForwardingRuleCmd;
import com.cloud.api.commands.UpdateTemplateOrIsoCmd;
import com.cloud.api.commands.UpdateTemplateOrIsoPermissionsCmd;
import com.cloud.api.commands.UpdateUserCmd;
@ -381,8 +382,8 @@ public interface ManagementServer {
* @param primaryStorageId id of the storage to bring up.
* @return true if the operation succeeds.
*/
boolean cancelPrimaryStorageMaintenance(long primaryStorageId, long userId);
long cancelPrimaryStorageMaintenanceAsync(long primaryStorageId) throws InvalidParameterValueException;
// boolean cancelPrimaryStorageMaintenance(long primaryStorageId, long userId);
// long cancelPrimaryStorageMaintenanceAsync(long primaryStorageId) throws InvalidParameterValueException;
/**
@ -1139,8 +1140,8 @@ public interface ManagementServer {
* @param protocol protocol of the rule to update
* @return the new firewall rule if updated, null if no rule on public IP / public port of that protocol could be found
*/
FirewallRuleVO updatePortForwardingRule(long userId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol);
long updatePortForwardingRuleAsync(long userId, long accountId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol);
FirewallRuleVO updatePortForwardingRule(UpdateIPForwardingRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
// long updatePortForwardingRuleAsync(long userId, long accountId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol);
/**
* Find a firewall rule by rule id
@ -1319,8 +1320,8 @@ public interface ManagementServer {
* @throws PermissionDeniedException
* @throws InternalErrorException
*/
void deleteRule(long id, long userId, long accountId) throws InvalidParameterValueException, PermissionDeniedException, InternalErrorException;
long deleteRuleAsync(long id, long userId, long accountId);
// void deleteRule(long id, long userId, long accountId) throws InvalidParameterValueException, PermissionDeniedException, InternalErrorException;
// long deleteRuleAsync(long id, long userId, long accountId);
ConsoleProxyInfo getConsoleProxy(long dataCenterId, long userVmId);
ConsoleProxyVO startConsoleProxy(long instanceId, long startEventId) throws InternalErrorException;
@ -1800,7 +1801,7 @@ public interface ManagementServer {
* @param algorithm the target algorithm of the load balancer rule (the rule will be updated from the existing algorithm to this algorithm)
* @return the updated load balancer rule
*/
long updateLoadBalancerRuleAsync(long userId, long accountId, long loadBalancerId, String name, String description, String privatePort, String algorithm);
// long updateLoadBalancerRuleAsync(long userId, long accountId, long loadBalancerId, String name, String description, String privatePort, String algorithm);
String[] getApiConfig();
StoragePoolVO findPoolById(Long id);

574
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -55,8 +55,6 @@ import com.cloud.alert.dao.AlertDao;
import com.cloud.api.BaseCmd;
import com.cloud.api.ServerApiException;
import com.cloud.api.commands.AuthorizeNetworkGroupIngressCmd;
import com.cloud.api.commands.CancelMaintenanceCmd;
import com.cloud.api.commands.CancelPrimaryStorageMaintenanceCmd;
import com.cloud.api.commands.CreateDomainCmd;
import com.cloud.api.commands.CreatePortForwardingServiceCmd;
import com.cloud.api.commands.CreatePortForwardingServiceRuleCmd;
@ -94,8 +92,6 @@ import com.cloud.api.commands.ListSnapshotsCmd;
import com.cloud.api.commands.ListTemplatesCmd;
import com.cloud.api.commands.LockAccountCmd;
import com.cloud.api.commands.LockUserCmd;
import com.cloud.api.commands.PrepareForMaintenanceCmd;
import com.cloud.api.commands.PreparePrimaryStorageForMaintenanceCmd;
import com.cloud.api.commands.RebootSystemVmCmd;
import com.cloud.api.commands.RegisterCmd;
import com.cloud.api.commands.RemovePortForwardingServiceCmd;
@ -103,6 +99,7 @@ import com.cloud.api.commands.StartSystemVMCmd;
import com.cloud.api.commands.StopSystemVmCmd;
import com.cloud.api.commands.UpdateAccountCmd;
import com.cloud.api.commands.UpdateDomainCmd;
import com.cloud.api.commands.UpdateIPForwardingRuleCmd;
import com.cloud.api.commands.UpdateIsoPermissionsCmd;
import com.cloud.api.commands.UpdateTemplateOrIsoCmd;
import com.cloud.api.commands.UpdateTemplateOrIsoPermissionsCmd;
@ -117,12 +114,9 @@ import com.cloud.async.BaseAsyncJobExecutor;
import com.cloud.async.dao.AsyncJobDao;
import com.cloud.async.executor.CreateOrUpdateRuleParam;
import com.cloud.async.executor.DeleteDomainParam;
import com.cloud.async.executor.DeleteRuleParam;
import com.cloud.async.executor.DeployVMParam;
import com.cloud.async.executor.LoadBalancerParam;
import com.cloud.async.executor.NetworkGroupIngressParam;
import com.cloud.async.executor.SecurityGroupParam;
import com.cloud.async.executor.UpdateLoadBalancerParam;
import com.cloud.async.executor.VMOperationParam;
import com.cloud.async.executor.VMOperationParam.VmOp;
import com.cloud.async.executor.VolumeOperationParam;
@ -170,10 +164,10 @@ import com.cloud.exception.ResourceInUseException;
import com.cloud.exception.StorageUnavailableException;
import com.cloud.host.HostStats;
import com.cloud.host.HostVO;
import com.cloud.host.Status;
import com.cloud.host.dao.HostDao;
import com.cloud.hypervisor.Hypervisor;
import com.cloud.info.ConsoleProxyInfo;
import com.cloud.network.Criteria;
import com.cloud.network.FirewallRuleVO;
import com.cloud.network.IPAddressVO;
import com.cloud.network.LoadBalancerVMMapVO;
@ -3546,175 +3540,175 @@ public class ManagementServerImpl implements ManagementServer {
// return _asyncMgr.submitAsyncJob(job);
// }
@DB
protected boolean deleteIpForwardingRule(long userId, long accountId, String publicIp, String publicPort, String privateIp, String privatePort, String proto)
throws PermissionDeniedException, InvalidParameterValueException, InternalErrorException {
Transaction txn = Transaction.currentTxn();
boolean locked = false;
try {
AccountVO accountVO = _accountDao.findById(accountId);
if (accountVO == null) {
// throw this exception because hackers can use the api to probe
// for existing user ids
throw new PermissionDeniedException("Account does not own supplied address");
}
// although we are not writing these values to the DB, we will check
// them out of an abundance
// of caution (may not be warranted)
if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) {
throw new InvalidParameterValueException("Invalid value for port");
}
// if (!NetUtils.isValidPrivateIp(privateIp, _configs.get("guest.ip.network"))) {
// throw new InvalidParameterValueException("Invalid private ip address");
// @DB
// protected boolean deleteIpForwardingRule(long userId, long accountId, String publicIp, String publicPort, String privateIp, String privatePort, String proto)
// throws PermissionDeniedException, InvalidParameterValueException, InternalErrorException {
//
// Transaction txn = Transaction.currentTxn();
// boolean locked = false;
// try {
// AccountVO accountVO = _accountDao.findById(accountId);
// if (accountVO == null) {
// // throw this exception because hackers can use the api to probe
// // for existing user ids
// throw new PermissionDeniedException("Account does not own supplied address");
// }
if (!NetUtils.isValidProto(proto)) {
throw new InvalidParameterValueException("Invalid protocol");
}
IPAddressVO ipVO = _publicIpAddressDao.acquire(publicIp);
if (ipVO == null) {
// throw this exception because hackers can use the api to probe for allocated ips
throw new PermissionDeniedException("User does not own supplied address");
}
locked = true;
if ((ipVO.getAllocated() == null) || (ipVO.getAccountId() == null) || (ipVO.getAccountId().longValue() != accountId)) {
// FIXME: if admin account, make sure the user is visible in the
// admin's domain, or has that checking been done by this point?
if (!BaseCmd.isAdmin(accountVO.getType())) {
throw new PermissionDeniedException("User/account does not own supplied address");
}
}
txn.start();
List<FirewallRuleVO> fwdings = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, proto);
FirewallRuleVO fwRule = null;
if (fwdings.size() == 0) {
throw new InvalidParameterValueException("No such rule");
} else if (fwdings.size() == 1) {
fwRule = fwdings.get(0);
if (fwRule.getPrivateIpAddress().equalsIgnoreCase(privateIp) && fwRule.getPrivatePort().equals(privatePort)) {
_firewallRulesDao.delete(fwRule.getId());
} else {
throw new InvalidParameterValueException("No such rule");
}
} else {
throw new InternalErrorException("Multiple matches. Please contact support");
}
fwRule.setEnabled(false);
boolean success = _networkMgr.updateFirewallRule(fwRule, null, null);
if (!success) {
throw new InternalErrorException("Failed to update router");
}
txn.commit();
return success;
} catch (Throwable e) {
if (e instanceof InvalidParameterValueException) {
throw (InvalidParameterValueException) e;
} else if (e instanceof PermissionDeniedException) {
throw (PermissionDeniedException) e;
} else if (e instanceof InternalErrorException) {
s_logger.warn("ManagementServer error", e);
throw (InternalErrorException) e;
}
s_logger.warn("ManagementServer error", e);
} finally {
if (locked) {
_publicIpAddressDao.release(publicIp);
}
}
return false;
}
@DB
private boolean deleteLoadBalancingRule(long userId, long accountId, String publicIp, String publicPort, String privateIp, String privatePort, String algo)
throws PermissionDeniedException, InvalidParameterValueException, InternalErrorException {
Transaction txn = Transaction.currentTxn();
boolean locked = false;
try {
AccountVO accountVO = _accountDao.findById(accountId);
if (accountVO == null) {
// throw this exception because hackers can use the api to probe
// for existing user ids
throw new PermissionDeniedException("Account does not own supplied address");
}
// although we are not writing these values to the DB, we will check
// them out of an abundance
// of caution (may not be warranted)
if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) {
throw new InvalidParameterValueException("Invalid value for port");
}
// if (!NetUtils.isValidPrivateIp(privateIp, _configs.get("guest.ip.network"))) {
// throw new InvalidParameterValueException("Invalid private ip address");
// // although we are not writing these values to the DB, we will check
// // them out of an abundance
// // of caution (may not be warranted)
// if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) {
// throw new InvalidParameterValueException("Invalid value for port");
// }
if (!NetUtils.isValidAlgorithm(algo)) {
throw new InvalidParameterValueException("Invalid protocol");
}
//// if (!NetUtils.isValidPrivateIp(privateIp, _configs.get("guest.ip.network"))) {
//// throw new InvalidParameterValueException("Invalid private ip address");
//// }
// if (!NetUtils.isValidProto(proto)) {
// throw new InvalidParameterValueException("Invalid protocol");
// }
// IPAddressVO ipVO = _publicIpAddressDao.acquire(publicIp);
// if (ipVO == null) {
// // throw this exception because hackers can use the api to probe for allocated ips
// throw new PermissionDeniedException("User does not own supplied address");
// }
//
// locked = true;
// if ((ipVO.getAllocated() == null) || (ipVO.getAccountId() == null) || (ipVO.getAccountId().longValue() != accountId)) {
// // FIXME: if admin account, make sure the user is visible in the
// // admin's domain, or has that checking been done by this point?
// if (!BaseCmd.isAdmin(accountVO.getType())) {
// throw new PermissionDeniedException("User/account does not own supplied address");
// }
// }
//
// txn.start();
//
// List<FirewallRuleVO> fwdings = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, proto);
// FirewallRuleVO fwRule = null;
// if (fwdings.size() == 0) {
// throw new InvalidParameterValueException("No such rule");
// } else if (fwdings.size() == 1) {
// fwRule = fwdings.get(0);
// if (fwRule.getPrivateIpAddress().equalsIgnoreCase(privateIp) && fwRule.getPrivatePort().equals(privatePort)) {
// _firewallRulesDao.delete(fwRule.getId());
// } else {
// throw new InvalidParameterValueException("No such rule");
// }
// } else {
// throw new InternalErrorException("Multiple matches. Please contact support");
// }
// fwRule.setEnabled(false);
// boolean success = _networkMgr.updateFirewallRule(fwRule, null, null);
// if (!success) {
// throw new InternalErrorException("Failed to update router");
// }
// txn.commit();
// return success;
// } catch (Throwable e) {
// if (e instanceof InvalidParameterValueException) {
// throw (InvalidParameterValueException) e;
// } else if (e instanceof PermissionDeniedException) {
// throw (PermissionDeniedException) e;
// } else if (e instanceof InternalErrorException) {
// s_logger.warn("ManagementServer error", e);
// throw (InternalErrorException) e;
// }
// s_logger.warn("ManagementServer error", e);
// } finally {
// if (locked) {
// _publicIpAddressDao.release(publicIp);
// }
// }
// return false;
// }
IPAddressVO ipVO = _publicIpAddressDao.acquire(publicIp);
if (ipVO == null) {
// throw this exception because hackers can use the api to probe
// for allocated ips
throw new PermissionDeniedException("User does not own supplied address");
}
locked = true;
if ((ipVO.getAllocated() == null) || (ipVO.getAccountId() == null) || (ipVO.getAccountId().longValue() != accountId)) {
// FIXME: the user visible from the admin account's domain? has
// that check been done already?
if (!BaseCmd.isAdmin(accountVO.getType())) {
throw new PermissionDeniedException("User does not own supplied address");
}
}
List<FirewallRuleVO> fwdings = _firewallRulesDao.listLoadBalanceRulesForUpdate(publicIp, publicPort, algo);
FirewallRuleVO fwRule = null;
if (fwdings.size() == 0) {
throw new InvalidParameterValueException("No such rule");
}
for (FirewallRuleVO frv : fwdings) {
if (frv.getPrivateIpAddress().equalsIgnoreCase(privateIp) && frv.getPrivatePort().equals(privatePort)) {
fwRule = frv;
break;
}
}
if (fwRule == null) {
throw new InvalidParameterValueException("No such rule");
}
txn.start();
fwRule.setEnabled(false);
_firewallRulesDao.update(fwRule.getId(), fwRule);
boolean success = _networkMgr.updateFirewallRule(fwRule, null, null);
if (!success) {
throw new InternalErrorException("Failed to update router");
}
_firewallRulesDao.delete(fwRule.getId());
txn.commit();
return success;
} catch (Throwable e) {
if (e instanceof InvalidParameterValueException) {
throw (InvalidParameterValueException) e;
} else if (e instanceof PermissionDeniedException) {
throw (PermissionDeniedException) e;
} else if (e instanceof InternalErrorException) {
s_logger.warn("ManagementServer error", e);
throw (InternalErrorException) e;
}
s_logger.warn("ManagementServer error", e);
} finally {
if (locked) {
_publicIpAddressDao.release(publicIp);
}
}
return false;
}
// @DB
// private boolean deleteLoadBalancingRule(long userId, long accountId, String publicIp, String publicPort, String privateIp, String privatePort, String algo)
// throws PermissionDeniedException, InvalidParameterValueException, InternalErrorException {
// Transaction txn = Transaction.currentTxn();
// boolean locked = false;
// try {
// AccountVO accountVO = _accountDao.findById(accountId);
// if (accountVO == null) {
// // throw this exception because hackers can use the api to probe
// // for existing user ids
// throw new PermissionDeniedException("Account does not own supplied address");
// }
// // although we are not writing these values to the DB, we will check
// // them out of an abundance
// // of caution (may not be warranted)
// if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) {
// throw new InvalidParameterValueException("Invalid value for port");
// }
//// if (!NetUtils.isValidPrivateIp(privateIp, _configs.get("guest.ip.network"))) {
//// throw new InvalidParameterValueException("Invalid private ip address");
//// }
// if (!NetUtils.isValidAlgorithm(algo)) {
// throw new InvalidParameterValueException("Invalid protocol");
// }
//
// IPAddressVO ipVO = _publicIpAddressDao.acquire(publicIp);
//
// if (ipVO == null) {
// // throw this exception because hackers can use the api to probe
// // for allocated ips
// throw new PermissionDeniedException("User does not own supplied address");
// }
//
// locked = true;
// if ((ipVO.getAllocated() == null) || (ipVO.getAccountId() == null) || (ipVO.getAccountId().longValue() != accountId)) {
// // FIXME: the user visible from the admin account's domain? has
// // that check been done already?
// if (!BaseCmd.isAdmin(accountVO.getType())) {
// throw new PermissionDeniedException("User does not own supplied address");
// }
// }
//
// List<FirewallRuleVO> fwdings = _firewallRulesDao.listLoadBalanceRulesForUpdate(publicIp, publicPort, algo);
// FirewallRuleVO fwRule = null;
// if (fwdings.size() == 0) {
// throw new InvalidParameterValueException("No such rule");
// }
// for (FirewallRuleVO frv : fwdings) {
// if (frv.getPrivateIpAddress().equalsIgnoreCase(privateIp) && frv.getPrivatePort().equals(privatePort)) {
// fwRule = frv;
// break;
// }
// }
//
// if (fwRule == null) {
// throw new InvalidParameterValueException("No such rule");
// }
//
// txn.start();
//
// fwRule.setEnabled(false);
// _firewallRulesDao.update(fwRule.getId(), fwRule);
//
// boolean success = _networkMgr.updateFirewallRule(fwRule, null, null);
// if (!success) {
// throw new InternalErrorException("Failed to update router");
// }
// _firewallRulesDao.delete(fwRule.getId());
//
// txn.commit();
// return success;
// } catch (Throwable e) {
// if (e instanceof InvalidParameterValueException) {
// throw (InvalidParameterValueException) e;
// } else if (e instanceof PermissionDeniedException) {
// throw (PermissionDeniedException) e;
// } else if (e instanceof InternalErrorException) {
// s_logger.warn("ManagementServer error", e);
// throw (InternalErrorException) e;
// }
// s_logger.warn("ManagementServer error", e);
// } finally {
// if (locked) {
// _publicIpAddressDao.release(publicIp);
// }
// }
// return false;
// }
@Override
public List<EventVO> getEvents(long userId, long accountId, Long domainId, String type, String level, Date startDate, Date endDate) {
@ -5003,7 +4997,73 @@ public class ManagementServerImpl implements ManagementServer {
}
@Override
public FirewallRuleVO updatePortForwardingRule(long userId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol) {
public FirewallRuleVO updatePortForwardingRule(UpdateIPForwardingRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
String publicIp = cmd.getPublicIp();
String privateIp = cmd.getPrivateIp();
String privatePort = cmd.getPrivatePort();
String publicPort = cmd.getPublicPort();
String protocol = cmd.getProtocol();
Long vmId = cmd.getVirtualMachineId();
Long userId = UserContext.current().getUserId();
Account account = (Account)UserContext.current().getAccountObject();
UserVmVO userVM = null;
if (userId == null) {
userId = Long.valueOf(User.UID_SYSTEM);
}
IPAddressVO ipAddressVO = findIPAddressById(publicIp);
if (ipAddressVO == null) {
throw new InvalidParameterValueException("Unable to find IP address " + publicIp);
}
if (ipAddressVO.getAccountId() == null) {
throw new InvalidParameterValueException("Unable to update port forwarding rule, owner of IP address " + publicIp + " not found.");
}
if (privateIp != null) {
if (!NetUtils.isValidIp(privateIp)) {
throw new InvalidParameterValueException("Invalid private IP address specified: " + privateIp);
}
Criteria c = new Criteria();
c.addCriteria(Criteria.ACCOUNTID, new Object[] {ipAddressVO.getAccountId()});
c.addCriteria(Criteria.DATACENTERID, ipAddressVO.getDataCenterId());
c.addCriteria(Criteria.IPADDRESS, privateIp);
List<UserVmVO> userVMs = searchForUserVMs(c);
if ((userVMs == null) || userVMs.isEmpty()) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp + ", no virtual machine instances running with that address.");
}
userVM = userVMs.get(0);
} else if (vmId != null) {
userVM = findUserVMInstanceById(vmId);
if (userVM == null) {
throw new InvalidParameterValueException("Unable to find virtual machine with id " + vmId);
}
if ((ipAddressVO.getAccountId() == null) || (ipAddressVO.getAccountId().longValue() != userVM.getAccountId())) {
throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied.");
}
if (ipAddressVO.getDataCenterId() != userVM.getDataCenterId()) {
throw new PermissionDeniedException("Unable to update port forwarding rule, IP address " + publicIp + " is not in the same availability zone as virtual machine " + userVM.toString());
}
privateIp = userVM.getGuestIpAddress();
} else {
throw new InvalidParameterValueException("No private IP address (privateip) or virtual machine instance id (virtualmachineid) specified, unable to update port forwarding rule");
}
// if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
if (account != null) {
if (isAdmin(account.getType())) {
if (!_domainDao.isChildDomain(account.getDomainId(), ipAddressVO.getDomainId())) {
throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied.");
}
} else if (account.getId().longValue() != ipAddressVO.getAccountId()) {
throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied.");
}
}
List<FirewallRuleVO> fwRules = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, protocol);
if ((fwRules != null) && (fwRules.size() == 1)) {
FirewallRuleVO fwRule = fwRules.get(0);
@ -5017,21 +5077,21 @@ public class ManagementServerImpl implements ManagementServer {
}
return null;
}
@Override
public long updatePortForwardingRuleAsync(long userId, long accountId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol) {
CreateOrUpdateRuleParam param = new CreateOrUpdateRuleParam(true, userId, Long.valueOf(accountId), publicIp, publicPort, privateIp, privatePort, protocol, null, null, null);
Gson gson = GsonHelper.getBuilder().create();
AsyncJobVO job = new AsyncJobVO();
job.setUserId(UserContext.current().getUserId());
job.setAccountId(accountId);
job.setCmd("UpdatePortForwardingRule");
job.setCmdInfo(gson.toJson(param));
job.setCmdOriginator("portforwardingrule");
return _asyncMgr.submitAsyncJob(job);
}
//
// @Override
// public long updatePortForwardingRuleAsync(long userId, long accountId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol) {
// CreateOrUpdateRuleParam param = new CreateOrUpdateRuleParam(true, userId, Long.valueOf(accountId), publicIp, publicPort, privateIp, privatePort, protocol, null, null, null);
// Gson gson = GsonHelper.getBuilder().create();
//
// AsyncJobVO job = new AsyncJobVO();
// job.setUserId(UserContext.current().getUserId());
// job.setAccountId(accountId);
// job.setCmd("UpdatePortForwardingRule");
// job.setCmdInfo(gson.toJson(param));
// job.setCmdOriginator("portforwardingrule");
//
// return _asyncMgr.submitAsyncJob(job);
// }
// @Override @DB
// public LoadBalancerVO updateLoadBalancerRule(long userId, LoadBalancerVO loadBalancer, String privatePort, String algorithm) {
@ -5953,74 +6013,74 @@ public class ManagementServerImpl implements ManagementServer {
return netRule;
}
public void deleteRule(long ruleId, long userId, long accountId) throws InvalidParameterValueException, PermissionDeniedException, InternalErrorException {
Exception e = null;
try {
FirewallRuleVO rule = _firewallRulesDao.findById(ruleId);
if (rule != null) {
boolean success = false;
// public void deleteRule(long ruleId, long userId, long accountId) throws InvalidParameterValueException, PermissionDeniedException, InternalErrorException {
// Exception e = null;
// try {
// FirewallRuleVO rule = _firewallRulesDao.findById(ruleId);
// if (rule != null) {
// boolean success = false;
//
// try {
// if (rule.isForwarding()) {
// success = deleteIpForwardingRule(userId, accountId, rule.getPublicIpAddress(), rule.getPublicPort(), rule.getPrivateIpAddress(), rule.getPrivatePort(),
// rule.getProtocol());
// } else {
// success = deleteLoadBalancingRule(userId, accountId, rule.getPublicIpAddress(), rule.getPublicPort(), rule.getPrivateIpAddress(), rule.getPrivatePort(),
// rule.getAlgorithm());
// }
// } catch (Exception ex) {
// e = ex;
// }
//
// String description;
// String type = EventTypes.EVENT_NET_RULE_DELETE;
// String level = EventVO.LEVEL_INFO;
// String ruleName = rule.isForwarding() ? "ip forwarding" : "load balancer";
//
// if (success) {
// String desc = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":"
// + rule.getPrivatePort() + "] " + rule.getProtocol();
// if (!rule.isForwarding()) {
// desc = desc + ", algorithm = " + rule.getAlgorithm();
// }
// description = desc;
// } else {
// level = EventVO.LEVEL_ERROR;
// String desc = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":"
// + rule.getPrivatePort() + "] " + rule.getProtocol();
// if (!rule.isForwarding()) {
// desc = desc + ", algorithm = " + rule.getAlgorithm();
// }
// description = desc;
// }
//
// EventUtils.saveEvent(userId, accountId, level, type, description);
// }
// } finally {
// if (e != null) {
// if (e instanceof InvalidParameterValueException) {
// throw (InvalidParameterValueException) e;
// } else if (e instanceof PermissionDeniedException) {
// throw (PermissionDeniedException) e;
// } else if (e instanceof InternalErrorException) {
// throw (InternalErrorException) e;
// }
// }
// }
// }
try {
if (rule.isForwarding()) {
success = deleteIpForwardingRule(userId, accountId, rule.getPublicIpAddress(), rule.getPublicPort(), rule.getPrivateIpAddress(), rule.getPrivatePort(),
rule.getProtocol());
} else {
success = deleteLoadBalancingRule(userId, accountId, rule.getPublicIpAddress(), rule.getPublicPort(), rule.getPrivateIpAddress(), rule.getPrivatePort(),
rule.getAlgorithm());
}
} catch (Exception ex) {
e = ex;
}
String description;
String type = EventTypes.EVENT_NET_RULE_DELETE;
String level = EventVO.LEVEL_INFO;
String ruleName = rule.isForwarding() ? "ip forwarding" : "load balancer";
if (success) {
String desc = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":"
+ rule.getPrivatePort() + "] " + rule.getProtocol();
if (!rule.isForwarding()) {
desc = desc + ", algorithm = " + rule.getAlgorithm();
}
description = desc;
} else {
level = EventVO.LEVEL_ERROR;
String desc = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":"
+ rule.getPrivatePort() + "] " + rule.getProtocol();
if (!rule.isForwarding()) {
desc = desc + ", algorithm = " + rule.getAlgorithm();
}
description = desc;
}
EventUtils.saveEvent(userId, accountId, level, type, description);
}
} finally {
if (e != null) {
if (e instanceof InvalidParameterValueException) {
throw (InvalidParameterValueException) e;
} else if (e instanceof PermissionDeniedException) {
throw (PermissionDeniedException) e;
} else if (e instanceof InternalErrorException) {
throw (InternalErrorException) e;
}
}
}
}
public long deleteRuleAsync(long id, long userId, long accountId) {
DeleteRuleParam param = new DeleteRuleParam(id, userId, accountId);
Gson gson = GsonHelper.getBuilder().create();
AsyncJobVO job = new AsyncJobVO();
job.setUserId(UserContext.current().getUserId());
job.setAccountId(accountId);
job.setCmd("DeleteRule");
job.setCmdInfo(gson.toJson(param));
return _asyncMgr.submitAsyncJob(job);
}
// public long deleteRuleAsync(long id, long userId, long accountId) {
// DeleteRuleParam param = new DeleteRuleParam(id, userId, accountId);
// Gson gson = GsonHelper.getBuilder().create();
//
// AsyncJobVO job = new AsyncJobVO();
// job.setUserId(UserContext.current().getUserId());
// job.setAccountId(accountId);
// job.setCmd("DeleteRule");
// job.setCmdInfo(gson.toJson(param));
//
// return _asyncMgr.submitAsyncJob(job);
// }
public List<VMTemplateVO> listAllTemplates() {
return _templateDao.listAll();

1
server/src/com/cloud/storage/StorageManagerImpl.java
View File

@ -40,7 +40,6 @@ import java.util.concurrent.TimeUnit;
import javax.ejb.Local;
import javax.naming.ConfigurationException;
import org.GNOME.Accessibility._DocumentStub;
import org.apache.log4j.Logger;
import com.cloud.agent.api.Answer;

13
server/src/com/cloud/template/TemplateManager.java
View File

@ -31,6 +31,7 @@ import com.cloud.api.commands.RegisterIsoCmd;
import com.cloud.api.commands.RegisterTemplateCmd;
import com.cloud.exception.InternalErrorException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.StorageUnavailableException;
import com.cloud.storage.Storage.FileSystem;
@ -112,8 +113,8 @@ public interface TemplateManager extends Manager {
* @throws InvalidParameterValueException
*/
boolean copy(long userId, long templateId, long sourceZoneId, long destZoneId, long startEventId) throws InternalErrorException, StorageUnavailableException, InvalidParameterValueException;
boolean copyIso(CopyIsoCmd cmd) throws InvalidParameterValueException, StorageUnavailableException;
boolean copyTemplate(CopyTemplateCmd cmd) throws InvalidParameterValueException, StorageUnavailableException;
boolean copyIso(CopyIsoCmd cmd) throws InvalidParameterValueException, StorageUnavailableException, PermissionDeniedException;
boolean copyTemplate(CopyTemplateCmd cmd) throws InvalidParameterValueException, StorageUnavailableException, PermissionDeniedException;
/**
* Deletes a template from secondary storage servers
@ -124,9 +125,9 @@ public interface TemplateManager extends Manager {
*/
boolean delete(long userId, long templateId, Long zoneId) throws InternalErrorException;
boolean detachIso(DetachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException;
boolean detachIso(DetachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException, PermissionDeniedException;
boolean attachIso(AttachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException;
boolean attachIso(AttachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException, PermissionDeniedException;
/**
* Lists templates in the specified storage pool that are not being used by any VM.
@ -147,12 +148,12 @@ public interface TemplateManager extends Manager {
* Deletes a template
* @param cmd
*/
boolean deleteTemplate(DeleteTemplateCmd cmd) throws InvalidParameterValueException, InternalErrorException;
boolean deleteTemplate(DeleteTemplateCmd cmd) throws InvalidParameterValueException, InternalErrorException, PermissionDeniedException;
/**
* Deletes a template
* @param cmd
*/
boolean deleteIso(DeleteIsoCmd cmd) throws InvalidParameterValueException, InternalErrorException;
boolean deleteIso(DeleteIsoCmd cmd) throws InvalidParameterValueException, InternalErrorException, PermissionDeniedException;
}

23
server/src/com/cloud/template/TemplateManagerImpl.java
View File

@ -58,6 +58,7 @@ import com.cloud.event.EventVO;
import com.cloud.event.dao.EventDao;
import com.cloud.exception.InternalErrorException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.StorageUnavailableException;
import com.cloud.host.HostVO;
@ -613,7 +614,7 @@ public class TemplateManagerImpl implements TemplateManager {
}
@Override
public boolean copyIso(CopyIsoCmd cmd) throws InvalidParameterValueException, StorageUnavailableException {
public boolean copyIso(CopyIsoCmd cmd) throws InvalidParameterValueException, StorageUnavailableException, PermissionDeniedException {
Long isoId = cmd.getId();
Long userId = UserContext.current().getUserId();
Long sourceZoneId = cmd.getSourceZoneId();
@ -641,7 +642,7 @@ public class TemplateManagerImpl implements TemplateManager {
@Override
public boolean copyTemplate(CopyTemplateCmd cmd) throws InvalidParameterValueException, StorageUnavailableException {
public boolean copyTemplate(CopyTemplateCmd cmd) throws InvalidParameterValueException, StorageUnavailableException, PermissionDeniedException {
Long templateId = cmd.getId();
Long userId = UserContext.current().getUserId();
Long sourceZoneId = cmd.getSourceZoneId();
@ -955,7 +956,7 @@ public class TemplateManagerImpl implements TemplateManager {
}
@Override
public boolean detachIso(DetachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException {
public boolean detachIso(DetachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException, PermissionDeniedException {
Account account = (Account) UserContext.current().getAccountObject();
Long userId = UserContext.current().getUserId();
Long vmId = cmd.getVirtualMachineId();
@ -989,7 +990,7 @@ public class TemplateManagerImpl implements TemplateManager {
}
@Override
public boolean attachIso(AttachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException {
public boolean attachIso(AttachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException, PermissionDeniedException {
Account account = (Account) UserContext.current().getAccountObject();
Long userId = UserContext.current().getUserId();
Long vmId = cmd.getVirtualMachineId();
@ -1053,28 +1054,28 @@ public class TemplateManagerImpl implements TemplateManager {
return success;
}
private Long accountAndUserValidation(Account account, Long userId, UserVmVO vmInstanceCheck, VMTemplateVO template, String msg) {
private Long accountAndUserValidation(Account account, Long userId, UserVmVO vmInstanceCheck, VMTemplateVO template, String msg) throws PermissionDeniedException{
if (account != null) {
if (!isAdmin(account.getType())) {
if ((vmInstanceCheck != null) && (account.getId().longValue() != vmInstanceCheck.getAccountId())) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, msg + ". Permission denied.");
throw new PermissionDeniedException(msg + ". Permission denied.");
}
if ((template != null) && (!template.isPublicTemplate() && (account.getId().longValue() != template.getAccountId()) && (!template.getName().startsWith("xs-tools")))) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, msg + ". Permission denied.");
throw new PermissionDeniedException(msg + ". Permission denied.");
}
} else {
if ((vmInstanceCheck != null) && !_domainDao.isChildDomain(account.getDomainId(), vmInstanceCheck.getDomainId())) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, msg + ". Permission denied.");
throw new PermissionDeniedException(msg + ". Permission denied.");
}
// FIXME: if template/ISO owner is null we probably need to throw some kind of exception
if (template != null) {
Account templateOwner = _accountDao.findById(template.getId());
if ((templateOwner != null) && !_domainDao.isChildDomain(account.getDomainId(), templateOwner.getDomainId())) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, msg + ". Permission denied.");
throw new PermissionDeniedException(msg + ". Permission denied.");
}
}
}
@ -1093,7 +1094,7 @@ public class TemplateManagerImpl implements TemplateManager {
}
@Override
public boolean deleteTemplate(DeleteTemplateCmd cmd) throws InvalidParameterValueException, InternalErrorException{
public boolean deleteTemplate(DeleteTemplateCmd cmd) throws InvalidParameterValueException, InternalErrorException, PermissionDeniedException{
Long templateId = cmd.getId();
Long userId = UserContext.current().getUserId();
@ -1127,7 +1128,7 @@ public class TemplateManagerImpl implements TemplateManager {
}
@Override
public boolean deleteIso(DeleteIsoCmd cmd) throws InvalidParameterValueException, InternalErrorException{
public boolean deleteIso(DeleteIsoCmd cmd) throws InvalidParameterValueException, InternalErrorException, PermissionDeniedException{
Long templateId = cmd.getId();
Long userId = UserContext.current().getUserId();

3
server/src/com/cloud/vm/UserVmManager.java
View File

@ -33,7 +33,6 @@ import com.cloud.api.commands.StartVMCmd;
import com.cloud.api.commands.StopVMCmd;
import com.cloud.api.commands.UpdateVMCmd;
import com.cloud.api.commands.UpgradeVMCmd;
import com.cloud.async.executor.DestroyVMExecutor;
import com.cloud.async.executor.OperationResponse;
import com.cloud.async.executor.RebootVMExecutor;
import com.cloud.async.executor.StartVMExecutor;
@ -123,7 +122,7 @@ public interface UserVmManager extends Manager, VirtualMachineManager<UserVmVO>
* @param cmd
* @throws InternalErrorException, InvalidParameterValueException
*/
void attachVolumeToVM(AttachVolumeCmd cmd) throws InternalErrorException, InvalidParameterValueException;
void attachVolumeToVM(AttachVolumeCmd cmd) throws InternalErrorException, InvalidParameterValueException, PermissionDeniedException;
/**
* Detaches the specified volume from the VM it is currently attached to.

10
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -345,7 +345,7 @@ public class UserVmManagerImpl implements UserVmManager {
}
@Override
public void attachVolumeToVM(AttachVolumeCmd command) throws InternalErrorException, InvalidParameterValueException {
public void attachVolumeToVM(AttachVolumeCmd command) throws InternalErrorException, InvalidParameterValueException, PermissionDeniedException {
Long vmId = command.getVirtualMachineId();
Long volumeId = command.getId();
Long deviceId = command.getDeviceId();
@ -404,21 +404,21 @@ public class UserVmManagerImpl implements UserVmManager {
//Verify account information
if (volume.getAccountId() != vm.getAccountId()) {
throw new ServerApiException (BaseCmd.VM_INVALID_PARAM_ERROR, "virtual machine and volume belong to different accounts, can not attach");
throw new PermissionDeniedException ("Virtual machine and volume belong to different accounts, can not attach. Permission denied.");
}
// If the account is not an admin, check that the volume and the virtual machine are owned by the account that was passed in
if (account != null) {
if (!isAdmin(account.getType())) {
if (account.getId().longValue() != volume.getAccountId())
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find volume with ID: " + volumeId + " for account: " + account.getAccountName());
throw new PermissionDeniedException("Unable to find volume with ID: " + volumeId + " for account: " + account.getAccountName() + ". Permission denied.");
if (account.getId().longValue() != vm.getAccountId())
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find VM with ID: " + vmId + " for account: " + account.getAccountName());
throw new PermissionDeniedException("Unable to find VM with ID: " + vmId + " for account: " + account.getAccountName() + ". Permission denied");
} else {
if (!_domainDao.isChildDomain(account.getDomainId(), volume.getDomainId()) ||
!_domainDao.isChildDomain(account.getDomainId(), vm.getDomainId())) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to attach volume " + volumeId + " to virtual machine instance " + vmId + ", permission denied.");
throw new PermissionDeniedException("Unable to attach volume " + volumeId + " to virtual machine instance " + vmId + ". Permission denied.");
}
}
}