VPC: more validation for static route rules: 1) Can't belong to guest cidr defined on Vpc 2) Can't belong to link local cidr

Conflicts: server/src/com/cloud/network/vpc/VpcManagerImpl.java
2012-08-03 15:22:25 -07:00 · 2012-08-03 15:22:25 -07:00 · 972fe01aec
parent 435480cb5a
commit 972fe01aec
3 changed files with 26 additions and 9 deletions
--- a/api/src/com/cloud/api/commands/CreateVPCCmd.java
+++ b/api/src/com/cloud/api/commands/CreateVPCCmd.java
@ -52,6 +52,10 @@ public class CreateVPCCmd extends BaseAsyncCreateCmd{
    		"If used with the account parameter returns the VPC associated with the account for the specified domain.")
    private Long domainId;
    
+    @IdentityMapper(entityTableName="projects")
+    @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="create VPC for the project")
+    private Long projectId;
+    
    @IdentityMapper(entityTableName="data_center")
    @Parameter(name=ApiConstants.ZONE_ID, type=CommandType.LONG, required=true, description="the ID of the availability zone")
    private Long zoneId;
@ -72,7 +76,8 @@ public class CreateVPCCmd extends BaseAsyncCreateCmd{
    @Parameter(name=ApiConstants.VPC_OFF_ID, type=CommandType.LONG, required=true, description="the ID of the VPC offering")
    private Long vpcOffering;
    
-    @Parameter(name=ApiConstants.NETWORK_DOMAIN, type=CommandType.STRING, description="network domain")
+    @Parameter(name=ApiConstants.NETWORK_DOMAIN, type=CommandType.STRING, 
+            description="VPC network domain. All networks inside the VPC will belong to this domain")
    private String networkDomain;
    
    /////////////////////////////////////////////////////
@ -174,7 +179,7 @@ public class CreateVPCCmd extends BaseAsyncCreateCmd{

    @Override
    public long getEntityOwnerId() {
-        Long accountId = finalyzeAccountId(accountName, domainId, null, true);
+        Long accountId = finalyzeAccountId(accountName, domainId, projectId, true);
        if (accountId == null) {
            return UserContext.current().getCaller().getId();
        }
--- a/api/src/com/cloud/api/response/VpcResponse.java
+++ b/api/src/com/cloud/api/response/VpcResponse.java
@ -74,10 +74,10 @@ public class VpcResponse extends BaseResponse implements ControlledEntityRespons
    @SerializedName(ApiConstants.NETWORK) @Param(description="the list of networks belongign to the VPC", responseObject = NetworkResponse.class)
    private List<NetworkResponse> networks;
    
-    @SerializedName(ApiConstants.RESTART_REQUIRED) @Param(description="true network requires restart")
+    @SerializedName(ApiConstants.RESTART_REQUIRED) @Param(description="true VPC requires restart")
    private Boolean restartRequired;
    
-    @SerializedName(ApiConstants.NETWORK_DOMAIN) @Param(description="the network domain")
+    @SerializedName(ApiConstants.NETWORK_DOMAIN) @Param(description="the network domain of the VPC")
    private String networkDomain;
    
    @SerializedName(ApiConstants.TAGS)  @Param(description="the list of resource tags associated with the project", responseObject = ResourceTagResponse.class)
--- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java
@ -1376,11 +1376,12 @@ public class VpcManagerImpl implements VpcManager, Manager{
        Account caller = UserContext.current().getCaller();
        List<Long> permittedAccounts = new ArrayList<Long>();
        String state = cmd.getState();
-        
+        Long projectId = cmd.getProjectId();
+
        Filter searchFilter = new Filter(VpcGatewayVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal());
        Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, 
                ListProjectResourcesCriteria>(domainId, isRecursive, null);
-        _accountMgr.buildACLSearchParameters(caller, null, accountName, null, permittedAccounts, domainIdRecursiveListProject,
+        _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject,
                listAll, false);
        domainId = domainIdRecursiveListProject.first();
        isRecursive = domainIdRecursiveListProject.second();
@ -1553,7 +1554,17 @@ public class VpcManagerImpl implements VpcManager, Manager{
            throw new InvalidParameterValueException("Invalid format for cidr " + cidr);
        }
        
-        //TODO - check cidr for the conflicts
+        //validate the cidr
+        //1) CIDR should be outside of VPC cidr for guest networks
+        if (NetUtils.isNetworksOverlap(vpc.getCidr(), cidr)) {
+            throw new InvalidParameterValueException("CIDR should be outside of VPC cidr " + vpc.getCidr());
+        }
+        
+        //2) CIDR should be outside of link-local cidr
+        if (NetUtils.isNetworksOverlap(vpc.getCidr(), NetUtils.getLinkLocalCIDR())) {
+            throw new InvalidParameterValueException("CIDR should be outside of link local cidr " + NetUtils.getLinkLocalCIDR());
+        }
+
        Transaction txn = Transaction.currentTxn();
        txn.start();
        
@ -1585,10 +1596,11 @@ public class VpcManagerImpl implements VpcManager, Manager{
        Account caller = UserContext.current().getCaller();
        List<Long> permittedAccounts = new ArrayList<Long>();
        Map<String, String> tags = cmd.getTags();
-        
+        Long projectId = cmd.getProjectId();
+
        Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, 
                ListProjectResourcesCriteria>(domainId, isRecursive, null);
-        _accountMgr.buildACLSearchParameters(caller, id, accountName, null, permittedAccounts, domainIdRecursiveListProject,
+        _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject,
                listAll, false);
        domainId = domainIdRecursiveListProject.first();
        isRecursive = domainIdRecursiveListProject.second();