From 972fe01aec6ab18779a9641055d455cf07d9bf09 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Fri, 3 Aug 2012 15:22:25 -0700 Subject: [PATCH] VPC: more validation for static route rules: 1) Can't belong to guest cidr defined on Vpc 2) Can't belong to link local cidr Conflicts: server/src/com/cloud/network/vpc/VpcManagerImpl.java --- .../com/cloud/api/commands/CreateVPCCmd.java | 9 ++++++-- .../com/cloud/api/response/VpcResponse.java | 4 ++-- .../com/cloud/network/vpc/VpcManagerImpl.java | 22 ++++++++++++++----- 3 files changed, 26 insertions(+), 9 deletions(-) diff --git a/api/src/com/cloud/api/commands/CreateVPCCmd.java b/api/src/com/cloud/api/commands/CreateVPCCmd.java index 8a67f9ff8a1..35b526dc5af 100644 --- a/api/src/com/cloud/api/commands/CreateVPCCmd.java +++ b/api/src/com/cloud/api/commands/CreateVPCCmd.java @@ -52,6 +52,10 @@ public class CreateVPCCmd extends BaseAsyncCreateCmd{ "If used with the account parameter returns the VPC associated with the account for the specified domain.") private Long domainId; + @IdentityMapper(entityTableName="projects") + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="create VPC for the project") + private Long projectId; + @IdentityMapper(entityTableName="data_center") @Parameter(name=ApiConstants.ZONE_ID, type=CommandType.LONG, required=true, description="the ID of the availability zone") private Long zoneId; @@ -72,7 +76,8 @@ public class CreateVPCCmd extends BaseAsyncCreateCmd{ @Parameter(name=ApiConstants.VPC_OFF_ID, type=CommandType.LONG, required=true, description="the ID of the VPC offering") private Long vpcOffering; - @Parameter(name=ApiConstants.NETWORK_DOMAIN, type=CommandType.STRING, description="network domain") + @Parameter(name=ApiConstants.NETWORK_DOMAIN, type=CommandType.STRING, + description="VPC network domain. All networks inside the VPC will belong to this domain") private String networkDomain; ///////////////////////////////////////////////////// @@ -174,7 +179,7 @@ public class CreateVPCCmd extends BaseAsyncCreateCmd{ @Override public long getEntityOwnerId() { - Long accountId = finalyzeAccountId(accountName, domainId, null, true); + Long accountId = finalyzeAccountId(accountName, domainId, projectId, true); if (accountId == null) { return UserContext.current().getCaller().getId(); } diff --git a/api/src/com/cloud/api/response/VpcResponse.java b/api/src/com/cloud/api/response/VpcResponse.java index 7cccfba4ca6..bb79e53e942 100644 --- a/api/src/com/cloud/api/response/VpcResponse.java +++ b/api/src/com/cloud/api/response/VpcResponse.java @@ -74,10 +74,10 @@ public class VpcResponse extends BaseResponse implements ControlledEntityRespons @SerializedName(ApiConstants.NETWORK) @Param(description="the list of networks belongign to the VPC", responseObject = NetworkResponse.class) private List networks; - @SerializedName(ApiConstants.RESTART_REQUIRED) @Param(description="true network requires restart") + @SerializedName(ApiConstants.RESTART_REQUIRED) @Param(description="true VPC requires restart") private Boolean restartRequired; - @SerializedName(ApiConstants.NETWORK_DOMAIN) @Param(description="the network domain") + @SerializedName(ApiConstants.NETWORK_DOMAIN) @Param(description="the network domain of the VPC") private String networkDomain; @SerializedName(ApiConstants.TAGS) @Param(description="the list of resource tags associated with the project", responseObject = ResourceTagResponse.class) diff --git a/server/src/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/com/cloud/network/vpc/VpcManagerImpl.java index 66d18aad130..1712ab9dadb 100644 --- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java +++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java @@ -1376,11 +1376,12 @@ public class VpcManagerImpl implements VpcManager, Manager{ Account caller = UserContext.current().getCaller(); List permittedAccounts = new ArrayList(); String state = cmd.getState(); - + Long projectId = cmd.getProjectId(); + Filter searchFilter = new Filter(VpcGatewayVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal()); Ternary domainIdRecursiveListProject = new Ternary(domainId, isRecursive, null); - _accountMgr.buildACLSearchParameters(caller, null, accountName, null, permittedAccounts, domainIdRecursiveListProject, + _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, listAll, false); domainId = domainIdRecursiveListProject.first(); isRecursive = domainIdRecursiveListProject.second(); @@ -1553,7 +1554,17 @@ public class VpcManagerImpl implements VpcManager, Manager{ throw new InvalidParameterValueException("Invalid format for cidr " + cidr); } - //TODO - check cidr for the conflicts + //validate the cidr + //1) CIDR should be outside of VPC cidr for guest networks + if (NetUtils.isNetworksOverlap(vpc.getCidr(), cidr)) { + throw new InvalidParameterValueException("CIDR should be outside of VPC cidr " + vpc.getCidr()); + } + + //2) CIDR should be outside of link-local cidr + if (NetUtils.isNetworksOverlap(vpc.getCidr(), NetUtils.getLinkLocalCIDR())) { + throw new InvalidParameterValueException("CIDR should be outside of link local cidr " + NetUtils.getLinkLocalCIDR()); + } + Transaction txn = Transaction.currentTxn(); txn.start(); @@ -1585,10 +1596,11 @@ public class VpcManagerImpl implements VpcManager, Manager{ Account caller = UserContext.current().getCaller(); List permittedAccounts = new ArrayList(); Map tags = cmd.getTags(); - + Long projectId = cmd.getProjectId(); + Ternary domainIdRecursiveListProject = new Ternary(domainId, isRecursive, null); - _accountMgr.buildACLSearchParameters(caller, id, accountName, null, permittedAccounts, domainIdRecursiveListProject, + _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, listAll, false); domainId = domainIdRecursiveListProject.first(); isRecursive = domainIdRecursiveListProject.second();