From 987cf9bc93370a782cab4acaeb8b33ad5aadb2fb Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Fri, 6 Jul 2012 15:04:28 -0700 Subject: [PATCH] CS-15447: Don't enable s2s vpn when provider is disabled --- .../element/VpcVirtualRouterElement.java | 39 +++++++++++-------- .../src/com/cloud/network/vpc/VpcManager.java | 6 +++ .../com/cloud/network/vpc/VpcManagerImpl.java | 18 +++++---- 3 files changed, 39 insertions(+), 24 deletions(-) diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java index 29a82dd2d34..ec97961f9eb 100644 --- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java @@ -85,7 +85,6 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc private static final Map> capabilities = setCapabilities(); - @Override protected boolean canHandle(Network network, Service service) { Long physicalNetworkId = _networkMgr.getPhysicalNetworkId(network); @@ -441,21 +440,24 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc Site2SiteVpnGateway vpnGw = _vpnGatewayDao.findById(conn.getVpnGatewayId()); IpAddress ip = _ipAddressDao.findById(vpnGw.getAddrId()); - /* - if (!canHandle(network, Service.Vpn)) { - return false; - } - */ - Map vpnCapabilities = capabilities.get(Service.Vpn); if (!vpnCapabilities.get(Capability.VpnTypes).contains("s2svpn")) { + s_logger.error("try to start site 2 site vpn on unsupported network element?"); return false; } + + Long vpcId = ip.getVpcId(); + Vpc vpc = _vpcMgr.getVpc(vpcId); + + if (!_vpcMgr.vpcProviderEnabledInZone(vpc.getZoneId())) { + throw new ResourceUnavailableException("VPC provider is not enabled in zone " + vpc.getZoneId(), + DataCenter.class, vpc.getZoneId()); + } List routers = _vpcMgr.getVpcRouters(ip.getVpcId()); if (routers == null || routers.size() != 1) { - s_logger.debug("Cannot enable site-to-site VPN on the backend; virtual router doesn't exist in the vpc " + ip.getVpcId()); - return true; + throw new ResourceUnavailableException("Cannot enable site-to-site VPN on the backend; virtual router doesn't exist in the vpc " + ip.getVpcId(), + DataCenter.class, vpc.getZoneId()); } return _vpcRouterMgr.startSite2SiteVpn(conn, routers.get(0)); @@ -466,21 +468,24 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc Site2SiteVpnGateway vpnGw = _vpnGatewayDao.findById(conn.getVpnGatewayId()); IpAddress ip = _ipAddressDao.findById(vpnGw.getAddrId()); - /* - if (!canHandle(network, Service.Vpn)) { - return false; - } - */ - Map vpnCapabilities = capabilities.get(Service.Vpn); if (!vpnCapabilities.get(Capability.VpnTypes).contains("s2svpn")) { + s_logger.error("try to stop site 2 site vpn on unsupported network element?"); return false; } + + Long vpcId = ip.getVpcId(); + Vpc vpc = _vpcMgr.getVpc(vpcId); + + if (!_vpcMgr.vpcProviderEnabledInZone(vpc.getZoneId())) { + throw new ResourceUnavailableException("VPC provider is not enabled in zone " + vpc.getZoneId(), + DataCenter.class, vpc.getZoneId()); + } List routers = _vpcMgr.getVpcRouters(ip.getVpcId()); if (routers == null || routers.size() != 1) { - s_logger.debug("Cannot disable site-to-site VPN on the backend; virtual router doesn't exist in the vpc " + ip.getVpcId()); - return true; + throw new ResourceUnavailableException("Cannot enable site-to-site VPN on the backend; virtual router doesn't exist in the vpc " + ip.getVpcId(), + DataCenter.class, vpc.getZoneId()); } return _vpcRouterMgr.stopSite2SiteVpn(conn, routers.get(0)); diff --git a/server/src/com/cloud/network/vpc/VpcManager.java b/server/src/com/cloud/network/vpc/VpcManager.java index e42bf84961a..ebad3b4548b 100644 --- a/server/src/com/cloud/network/vpc/VpcManager.java +++ b/server/src/com/cloud/network/vpc/VpcManager.java @@ -96,4 +96,10 @@ public interface VpcManager extends VpcService{ * @return */ List getVpcRouters(long vpcId); + + /** + * @param zoneId + * @return + */ + boolean vpcProviderEnabledInZone(long zoneId); } diff --git a/server/src/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/com/cloud/network/vpc/VpcManagerImpl.java index aa1ddc45b82..0a6a9b318a6 100644 --- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java +++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java @@ -516,19 +516,23 @@ public class VpcManagerImpl implements VpcManager, Manager{ } @Override - public Vpc createVpc(long zoneId, long vpcOffId, Account vpcOwner, String vpcName, String displayText, String cidr, - String networkDomain) { - + public boolean vpcProviderEnabledInZone(long zoneId) + { //the provider has to be enabled at least in one network in the zone - boolean providerEnabled = false; for (PhysicalNetwork pNtwk : _pNtwkDao.listByZone(zoneId)) { if (_ntwkMgr.isProviderEnabledInPhysicalNetwork(pNtwk.getId(), Provider.VPCVirtualRouter.getName())) { - providerEnabled = true; - break; + return true; } } - if (!providerEnabled) { + return false; + } + + @Override + public Vpc createVpc(long zoneId, long vpcOffId, Account vpcOwner, String vpcName, String displayText, String cidr, + String networkDomain) { + + if (!vpcProviderEnabledInZone(zoneId)) { throw new InvalidParameterValueException("Provider " + Provider.VPCVirtualRouter.getName() + " should be enabled in at least one physical network of the zone specified"); }