apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-12-16 10:32:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-2809: Assign acl_id to VPC tier only when NetworkACL service is supported

Browse Source
This commit is contained in:
Kishan Kavala 2013-06-04 20:07:48 +05:30
parent cb595cafc7
commit b5148af0c6
7 changed files with 43 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/src/com/cloud/network/NetworkServiceImpl.java
View File

@ -1285,10 +1285,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
throw new InvalidParameterValueException("Network offering can't be used for VPC networks"); throw new InvalidParameterValueException("Network offering can't be used for VPC networks");
} }
if(aclId == null){ if(aclId != null){
//Use default deny all ACL, when aclId is not specified
aclId = NetworkACL.DEFAULT_DENY;
} else {
NetworkACL acl = _networkACLDao.findById(aclId); NetworkACL acl = _networkACLDao.findById(aclId);
if(acl == null){ if(acl == null){
throw new InvalidParameterValueException("Unable to find specified NetworkACL"); throw new InvalidParameterValueException("Unable to find specified NetworkACL");
@ -1938,7 +1935,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
//perform below validation if the network is vpc network //perform below validation if the network is vpc network
if (network.getVpcId() != null && networkOfferingId != null) { if (network.getVpcId() != null && networkOfferingId != null) {
Vpc vpc = _vpcMgr.getVpc(network.getVpcId()); Vpc vpc = _vpcMgr.getVpc(network.getVpcId());
_vpcMgr.validateNtwkOffForNtwkInVpc(networkId, networkOfferingId, null, null, vpc, null, _accountMgr.getAccount(network.getAccountId())); _vpcMgr.validateNtwkOffForNtwkInVpc(networkId, networkOfferingId, null, null, vpc, null, _accountMgr.getAccount(network.getAccountId()), null);
} }
// don't allow to update network in Destroy state // don't allow to update network in Destroy state

18
server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
View File

@ -16,8 +16,10 @@
// under the License. // under the License.
package com.cloud.network.vpc; package com.cloud.network.vpc;
import com.cloud.configuration.ConfigurationManager;
import com.cloud.event.ActionEvent; import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes; import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException; import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.Network; import com.cloud.network.Network;
import com.cloud.network.Network.Service; import com.cloud.network.Network.Service;
@ -29,6 +31,7 @@ import com.cloud.network.element.VpcProvider;
import com.cloud.network.vpc.NetworkACLItem.State; import com.cloud.network.vpc.NetworkACLItem.State;
import com.cloud.network.vpc.dao.NetworkACLDao; import com.cloud.network.vpc.dao.NetworkACLDao;
import com.cloud.network.vpc.dao.VpcGatewayDao; import com.cloud.network.vpc.dao.VpcGatewayDao;
import com.cloud.offering.NetworkOffering;
import com.cloud.tags.dao.ResourceTagDao; import com.cloud.tags.dao.ResourceTagDao;
import com.cloud.user.Account; import com.cloud.user.Account;
import com.cloud.user.AccountManager; import com.cloud.user.AccountManager;
@ -73,6 +76,8 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
VpcGatewayDao _vpcGatewayDao; VpcGatewayDao _vpcGatewayDao;
@Inject @Inject
NetworkModel _ntwkModel; NetworkModel _ntwkModel;
@Inject
ConfigurationManager _configMgr;
@Override @Override
public NetworkACL createNetworkACL(String name, String description, long vpcId) { public NetworkACL createNetworkACL(String name, String description, long vpcId) {
@ -133,9 +138,22 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
@Override @Override
public boolean replaceNetworkACL(NetworkACL acl, NetworkVO network) throws ResourceUnavailableException { public boolean replaceNetworkACL(NetworkACL acl, NetworkVO network) throws ResourceUnavailableException {
NetworkOffering guestNtwkOff = _configMgr.getNetworkOffering(network.getNetworkOfferingId());
if (guestNtwkOff == null) {
throw new InvalidParameterValueException("Can't find network offering associated with network: "+network.getUuid());
}
//verify that ACLProvider is supported by network offering
if(!_ntwkModel.areServicesSupportedByNetworkOffering(guestNtwkOff.getId(), Service.NetworkACL)){
throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering does not support NetworkACL service");
}
network.setNetworkACLId(acl.getId()); network.setNetworkACLId(acl.getId());
//Update Network ACL //Update Network ACL
if(_networkDao.update(network.getId(), network)){ if(_networkDao.update(network.getId(), network)){
s_logger.debug("Updated network: "+network.getId()+ "with Network ACL Id: "+acl.getId()+", Applying ACL items");
//Apply ACL to network //Apply ACL to network
return applyACLToNetwork(network.getId()); return applyACLToNetwork(network.getId());
} }

2
server/src/com/cloud/network/vpc/VpcManager.java
View File

@ -164,7 +164,7 @@ public interface VpcManager extends VpcService{
* @param gateway * @param gateway
* @param networkOwner TODO * @param networkOwner TODO
*/ */
void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner); void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner, Long aclId);
List<PrivateGateway> getVpcPrivateGateways(long vpcId); List<PrivateGateway> getVpcPrivateGateways(long vpcId);
} }

10
server/src/com/cloud/network/vpc/VpcManagerImpl.java
View File

@ -1039,7 +1039,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
@DB @DB
@Override @Override
public void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, public void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr,
String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner) { String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner, Long aclId) {
NetworkOffering guestNtwkOff = _configMgr.getNetworkOffering(newNtwkOffId); NetworkOffering guestNtwkOff = _configMgr.getNetworkOffering(newNtwkOffId);
@ -1084,6 +1084,12 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
} }
} }
} }
//5) When aclId is provided, verify that ACLProvider is supported by network offering
if(aclId != null && (!_ntwkModel.areServicesSupportedByNetworkOffering(guestNtwkOff.getId(), Service.NetworkACL))){
throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering does not support NetworkACL service");
}
} }
@Override @Override
@ -2034,7 +2040,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
} }
//1) Validate if network can be created for VPC //1) Validate if network can be created for VPC
validateNtwkOffForNtwkInVpc(null, ntwkOffId, cidr, networkDomain, vpc, gateway, owner); validateNtwkOffForNtwkInVpc(null, ntwkOffId, cidr, networkDomain, vpc, gateway, owner, aclId);
//2) Create network //2) Create network
Network guestNetwork = _ntwkMgr.createGuestNetwork(ntwkOffId, name, displayText, gateway, cidr, vlanId, Network guestNetwork = _ntwkMgr.createGuestNetwork(ntwkOffId, name, displayText, gateway, cidr, vlanId,

2
server/test/com/cloud/vpc/MockVpcManagerImpl.java
View File

@ -373,7 +373,7 @@ public class MockVpcManagerImpl extends ManagerBase implements VpcManager {
} }
@Override @Override
public void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner) { public void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner, Long aclId) {
// TODO Auto-generated method stub // TODO Auto-generated method stub
} }

8
server/test/com/cloud/vpc/NetworkACLManagerTest.java
View File

@ -15,6 +15,7 @@
package com.cloud.vpc; package com.cloud.vpc;
import com.cloud.configuration.ConfigurationManager;
import com.cloud.network.Network; import com.cloud.network.Network;
import com.cloud.network.NetworkManager; import com.cloud.network.NetworkManager;
import com.cloud.network.NetworkModel; import com.cloud.network.NetworkModel;
@ -78,6 +79,8 @@ public class NetworkACLManagerTest extends TestCase{
@Inject @Inject
NetworkDao _networkDao; NetworkDao _networkDao;
@Inject @Inject
ConfigurationManager _configMgr;
@Inject
NetworkModel _networkModel; NetworkModel _networkModel;
@Inject @Inject
List<NetworkACLServiceProvider> _networkAclElements; List<NetworkACLServiceProvider> _networkAclElements;
@ -178,6 +181,11 @@ public class NetworkACLManagerTest extends TestCase{
return Mockito.mock(NetworkDao.class); return Mockito.mock(NetworkDao.class);
} }
@Bean
public ConfigurationManager configMgr() {
return Mockito.mock(ConfigurationManager.class);
}
@Bean @Bean
public NetworkACLServiceProvider networkElements() { public NetworkACLServiceProvider networkElements() {
return Mockito.mock(NetworkACLServiceProvider.class); return Mockito.mock(NetworkACLServiceProvider.class);

10
server/test/com/cloud/vpc/VpcApiUnitTest.java
View File

@ -87,7 +87,7 @@ public class VpcApiUnitTest extends TestCase{
//1) correct network offering //1) correct network offering
boolean result = false; boolean result = false;
try { try {
_vpcService.validateNtwkOffForNtwkInVpc(2L, 1, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO()); _vpcService.validateNtwkOffForNtwkInVpc(2L, 1, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null);
result = true; result = true;
} catch (Exception ex) { } catch (Exception ex) {
} finally { } finally {
@ -97,7 +97,7 @@ public class VpcApiUnitTest extends TestCase{
//2) invalid offering - source nat is not included //2) invalid offering - source nat is not included
result = false; result = false;
try { try {
_vpcService.validateNtwkOffForNtwkInVpc(2L, 2, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO()); _vpcService.validateNtwkOffForNtwkInVpc(2L, 2, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null);
result = true; result = true;
} catch (InvalidParameterValueException ex) { } catch (InvalidParameterValueException ex) {
} finally { } finally {
@ -107,7 +107,7 @@ public class VpcApiUnitTest extends TestCase{
//3) invalid offering - conserve mode is off //3) invalid offering - conserve mode is off
result = false; result = false;
try { try {
_vpcService.validateNtwkOffForNtwkInVpc(2L, 3, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO()); _vpcService.validateNtwkOffForNtwkInVpc(2L, 3, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null);
result = true; result = true;
} catch (InvalidParameterValueException ex) { } catch (InvalidParameterValueException ex) {
} finally { } finally {
@ -117,7 +117,7 @@ public class VpcApiUnitTest extends TestCase{
//4) invalid offering - guest type shared //4) invalid offering - guest type shared
result = false; result = false;
try { try {
_vpcService.validateNtwkOffForNtwkInVpc(2L, 4, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO()); _vpcService.validateNtwkOffForNtwkInVpc(2L, 4, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null);
result = true; result = true;
} catch (InvalidParameterValueException ex) { } catch (InvalidParameterValueException ex) {
} finally { } finally {
@ -127,7 +127,7 @@ public class VpcApiUnitTest extends TestCase{
//5) Invalid offering - no redundant router support //5) Invalid offering - no redundant router support
result = false; result = false;
try { try {
_vpcService.validateNtwkOffForNtwkInVpc(2L, 5, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO()); _vpcService.validateNtwkOffForNtwkInVpc(2L, 5, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null);
result = true; result = true;
} catch (InvalidParameterValueException ex) { } catch (InvalidParameterValueException ex) {
} finally { } finally {