apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-2809: Assign acl_id to VPC tier only when NetworkACL service is supported

Browse Source
This commit is contained in:
Kishan Kavala 2013-06-04 20:07:48 +05:30
parent cb595cafc7
commit b5148af0c6
7 changed files with 43 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/src/com/cloud/network/NetworkServiceImpl.java
View File

@ -1285,10 +1285,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
throw new InvalidParameterValueException("Network offering can't be used for VPC networks");
}
if(aclId == null){
//Use default deny all ACL, when aclId is not specified
aclId = NetworkACL.DEFAULT_DENY;
} else {
if(aclId != null){
NetworkACL acl = _networkACLDao.findById(aclId);
if(acl == null){
throw new InvalidParameterValueException("Unable to find specified NetworkACL");
@ -1938,7 +1935,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
//perform below validation if the network is vpc network
if (network.getVpcId() != null && networkOfferingId != null) {
Vpc vpc = _vpcMgr.getVpc(network.getVpcId());
_vpcMgr.validateNtwkOffForNtwkInVpc(networkId, networkOfferingId, null, null, vpc, null, _accountMgr.getAccount(network.getAccountId()));
_vpcMgr.validateNtwkOffForNtwkInVpc(networkId, networkOfferingId, null, null, vpc, null, _accountMgr.getAccount(network.getAccountId()), null);
}
// don't allow to update network in Destroy state

18
server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
View File

@ -16,8 +16,10 @@
// under the License.
package com.cloud.network.vpc;
import com.cloud.configuration.ConfigurationManager;
import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.Network;
import com.cloud.network.Network.Service;
@ -29,6 +31,7 @@ import com.cloud.network.element.VpcProvider;
import com.cloud.network.vpc.NetworkACLItem.State;
import com.cloud.network.vpc.dao.NetworkACLDao;
import com.cloud.network.vpc.dao.VpcGatewayDao;
import com.cloud.offering.NetworkOffering;
import com.cloud.tags.dao.ResourceTagDao;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
@ -73,6 +76,8 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
VpcGatewayDao _vpcGatewayDao;
@Inject
NetworkModel _ntwkModel;
@Inject
ConfigurationManager _configMgr;
@Override
public NetworkACL createNetworkACL(String name, String description, long vpcId) {
@ -133,9 +138,22 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
@Override
public boolean replaceNetworkACL(NetworkACL acl, NetworkVO network) throws ResourceUnavailableException {
NetworkOffering guestNtwkOff = _configMgr.getNetworkOffering(network.getNetworkOfferingId());
if (guestNtwkOff == null) {
throw new InvalidParameterValueException("Can't find network offering associated with network: "+network.getUuid());
}
//verify that ACLProvider is supported by network offering
if(!_ntwkModel.areServicesSupportedByNetworkOffering(guestNtwkOff.getId(), Service.NetworkACL)){
throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering does not support NetworkACL service");
}
network.setNetworkACLId(acl.getId());
//Update Network ACL
if(_networkDao.update(network.getId(), network)){
s_logger.debug("Updated network: "+network.getId()+ "with Network ACL Id: "+acl.getId()+", Applying ACL items");
//Apply ACL to network
return applyACLToNetwork(network.getId());
}

2
server/src/com/cloud/network/vpc/VpcManager.java
View File

@ -164,7 +164,7 @@ public interface VpcManager extends VpcService{
* @param gateway
* @param networkOwner TODO
*/
void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner);
void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner, Long aclId);
List<PrivateGateway> getVpcPrivateGateways(long vpcId);
}

10
server/src/com/cloud/network/vpc/VpcManagerImpl.java
View File

@ -1039,7 +1039,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
@DB
@Override
public void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr,
String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner) {
String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner, Long aclId) {
NetworkOffering guestNtwkOff = _configMgr.getNetworkOffering(newNtwkOffId);
@ -1084,6 +1084,12 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
}
}
}
//5) When aclId is provided, verify that ACLProvider is supported by network offering
if(aclId != null && (!_ntwkModel.areServicesSupportedByNetworkOffering(guestNtwkOff.getId(), Service.NetworkACL))){
throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering does not support NetworkACL service");
}
}
@Override
@ -2034,7 +2040,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
}
//1) Validate if network can be created for VPC
validateNtwkOffForNtwkInVpc(null, ntwkOffId, cidr, networkDomain, vpc, gateway, owner);
validateNtwkOffForNtwkInVpc(null, ntwkOffId, cidr, networkDomain, vpc, gateway, owner, aclId);
//2) Create network
Network guestNetwork = _ntwkMgr.createGuestNetwork(ntwkOffId, name, displayText, gateway, cidr, vlanId,

2
server/test/com/cloud/vpc/MockVpcManagerImpl.java
View File

@ -373,7 +373,7 @@ public class MockVpcManagerImpl extends ManagerBase implements VpcManager {
}
@Override
public void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner) {
public void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner, Long aclId) {
// TODO Auto-generated method stub
}

8
server/test/com/cloud/vpc/NetworkACLManagerTest.java
View File

@ -15,6 +15,7 @@
package com.cloud.vpc;
import com.cloud.configuration.ConfigurationManager;
import com.cloud.network.Network;
import com.cloud.network.NetworkManager;
import com.cloud.network.NetworkModel;
@ -78,6 +79,8 @@ public class NetworkACLManagerTest extends TestCase{
@Inject
NetworkDao _networkDao;
@Inject
ConfigurationManager _configMgr;
@Inject
NetworkModel _networkModel;
@Inject
List<NetworkACLServiceProvider> _networkAclElements;
@ -178,6 +181,11 @@ public class NetworkACLManagerTest extends TestCase{
return Mockito.mock(NetworkDao.class);
}
@Bean
public ConfigurationManager configMgr() {
return Mockito.mock(ConfigurationManager.class);
}
@Bean
public NetworkACLServiceProvider networkElements() {
return Mockito.mock(NetworkACLServiceProvider.class);

10
server/test/com/cloud/vpc/VpcApiUnitTest.java
View File

@ -87,7 +87,7 @@ public class VpcApiUnitTest extends TestCase{
//1) correct network offering
boolean result = false;
try {
_vpcService.validateNtwkOffForNtwkInVpc(2L, 1, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO());
_vpcService.validateNtwkOffForNtwkInVpc(2L, 1, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null);
result = true;
} catch (Exception ex) {
} finally {
@ -97,7 +97,7 @@ public class VpcApiUnitTest extends TestCase{
//2) invalid offering - source nat is not included
result = false;
try {
_vpcService.validateNtwkOffForNtwkInVpc(2L, 2, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO());
_vpcService.validateNtwkOffForNtwkInVpc(2L, 2, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null);
result = true;
} catch (InvalidParameterValueException ex) {
} finally {
@ -107,7 +107,7 @@ public class VpcApiUnitTest extends TestCase{
//3) invalid offering - conserve mode is off
result = false;
try {
_vpcService.validateNtwkOffForNtwkInVpc(2L, 3, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO());
_vpcService.validateNtwkOffForNtwkInVpc(2L, 3, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null);
result = true;
} catch (InvalidParameterValueException ex) {
} finally {
@ -117,7 +117,7 @@ public class VpcApiUnitTest extends TestCase{
//4) invalid offering - guest type shared
result = false;
try {
_vpcService.validateNtwkOffForNtwkInVpc(2L, 4, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO());
_vpcService.validateNtwkOffForNtwkInVpc(2L, 4, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null);
result = true;
} catch (InvalidParameterValueException ex) {
} finally {
@ -127,7 +127,7 @@ public class VpcApiUnitTest extends TestCase{
//5) Invalid offering - no redundant router support
result = false;
try {
_vpcService.validateNtwkOffForNtwkInVpc(2L, 5, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO());
_vpcService.validateNtwkOffForNtwkInVpc(2L, 5, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null);
result = true;
} catch (InvalidParameterValueException ex) {
} finally {