From 24772bcb4eef19c4a46ee6a74f87e6b891ce8a46 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Thu, 28 Jun 2012 14:15:09 -0700 Subject: [PATCH] VPC: createPF/createLBrule: 1) don't allow to pass openFirewall=true 2) when no openFirewall is passed in, defaulted to false if the public ip belongs to VPC --- .../api/commands/AssociateIPAddrCmd.java | 3 +++ .../commands/CreateLoadBalancerRuleCmd.java | 24 ++++++++++++++++++- .../commands/CreatePortForwardingRuleCmd.java | 22 ++++++++++++++++- .../cloud/network/rules/RulesManagerImpl.java | 3 +-- 4 files changed, 48 insertions(+), 4 deletions(-) diff --git a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java index 75044cc8215..6ac4a1d9ca2 100644 --- a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java +++ b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java @@ -180,6 +180,9 @@ public class AssociateIPAddrCmd extends BaseAsyncCreateCmd { return network.getAccountId(); } else if (vpcId != null) { Vpc vpc = _vpcService.getVpc(getVpcId()); + if (vpc == null) { + throw new InvalidParameterValueException("Can't find Enabled vpc by id specified"); + } return vpc.getAccountId(); } diff --git a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java index 6c1e3b7a872..852d9a9a5d0 100644 --- a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java @@ -77,7 +77,9 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements @Parameter(name=ApiConstants.PUBLIC_PORT, type=CommandType.INTEGER, required=true, description="the public port from where the network traffic will be load balanced from") private Integer publicPort; - @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for source/end pubic port is automatically created; if false - firewall rule has to be created explicitely. Has value true by default") + @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for" + + " source/end pubic port is automatically created; if false - firewall rule has to be created explicitely. If not specified 1) defaulted to false when LB" + + " rule is being created for VPC guest network 2) in all other cases defaulted to true") private Boolean openFirewall; @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the load balancer. Must be used with the domainId parameter.") @@ -133,6 +135,19 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements return publicIpId; } + private Long getVpcId() { + if (publicIpId != null) { + IpAddress ipAddr = _networkService.getIp(publicIpId); + if (ipAddr == null || !ipAddr.readyToUse()) { + throw new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address id " + ipAddr.getId()); + } else { + return ipAddr.getVpcId(); + } + } + return null; + } + + public Long getNetworkId() { if (networkId != null) { return networkId; @@ -189,9 +204,16 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements } public Boolean getOpenFirewall() { + boolean isVpc = getVpcId() == null ? false : true; if (openFirewall != null) { + if (isVpc && openFirewall) { + throw new InvalidParameterValueException("Can't have openFirewall=true when IP address belongs to VPC"); + } return openFirewall; } else { + if (isVpc) { + return false; + } return true; } } diff --git a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java index 4ced43dea17..f60d840f885 100644 --- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java @@ -78,7 +78,8 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for source/end pubic port is automatically created; " + - "if false - firewall rule has to be created explicitely. Has value true by default") + "if false - firewall rule has to be created explicitely. If not specified 1) defaulted to false when PF" + + " rule is being created for VPC guest network 2) in all other cases defaulted to true") private Boolean openFirewall; @IdentityMapper(entityTableName="networks") @@ -118,12 +119,31 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P } public Boolean getOpenFirewall() { + boolean isVpc = getVpcId() == null ? false : true; if (openFirewall != null) { + if (isVpc && openFirewall) { + throw new InvalidParameterValueException("Can't have openFirewall=true when IP address belongs to VPC"); + } return openFirewall; } else { + if (isVpc) { + return false; + } return true; } } + + private Long getVpcId() { + if (ipAddressId != null) { + IpAddress ipAddr = _networkService.getIp(ipAddressId); + if (ipAddr == null || !ipAddr.readyToUse()) { + throw new InvalidParameterValueException("Unable to create PF rule, invalid IP address id " + ipAddr.getId()); + } else { + return ipAddr.getVpcId(); + } + } + return null; + } // /////////////////////////////////////////////////// // ///////////// API Implementation/////////////////// diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 7709ccc9808..3ce19c7f4a4 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -178,9 +178,8 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { try { ipAddress = _networkMgr.associateIPToGuestNetwork(ipAddrId, networkId); } catch (Exception ex) { - s_logger.warn("Failed to associate ip id=" + ipAddrId + " to network id=" + networkId + " as " + + throw new CloudRuntimeException("Failed to associate ip to network as " + "a part of port forwarding rule creation"); - return null; } }