From b0aa28032c732168fece81bc72bb35fa7cec78a1 Mon Sep 17 00:00:00 2001 From: alena Date: Wed, 8 Sep 2010 19:03:42 -0700 Subject: [PATCH] Refactored DeleteIPForwardingRule/UpdateIPForwardingRule commands to new api framework. --- .../commands/DeleteIPForwardingRuleCmd.java | 136 ++--- .../commands/UpdateIPForwardingRuleCmd.java | 190 +++--- .../src/com/cloud/network/NetworkManager.java | 31 +- .../com/cloud/network/NetworkManagerImpl.java | 130 +++- .../com/cloud/server/ManagementServer.java | 15 +- .../cloud/server/ManagementServerImpl.java | 574 ++++++++++-------- .../com/cloud/storage/StorageManagerImpl.java | 1 - .../com/cloud/template/TemplateManager.java | 13 +- .../cloud/template/TemplateManagerImpl.java | 23 +- server/src/com/cloud/vm/UserVmManager.java | 3 +- .../src/com/cloud/vm/UserVmManagerImpl.java | 10 +- 11 files changed, 633 insertions(+), 493 deletions(-) diff --git a/server/src/com/cloud/api/commands/DeleteIPForwardingRuleCmd.java b/server/src/com/cloud/api/commands/DeleteIPForwardingRuleCmd.java index d25f75c6828..8410325f0a4 100644 --- a/server/src/com/cloud/api/commands/DeleteIPForwardingRuleCmd.java +++ b/server/src/com/cloud/api/commands/DeleteIPForwardingRuleCmd.java @@ -18,35 +18,17 @@ package com.cloud.api.commands; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - import org.apache.log4j.Logger; import com.cloud.api.BaseCmd; +import com.cloud.api.Implementation; import com.cloud.api.Parameter; -import com.cloud.api.ServerApiException; -import com.cloud.exception.InternalErrorException; -import com.cloud.exception.InvalidParameterValueException; -import com.cloud.exception.PermissionDeniedException; -import com.cloud.network.FirewallRuleVO; -import com.cloud.network.IPAddressVO; -import com.cloud.user.Account; -import com.cloud.user.User; -import com.cloud.utils.Pair; - +import com.cloud.api.BaseCmd.Manager; + +@Implementation(method="deleteIpForwardingRule", manager=Manager.NetworkManager) public class DeleteIPForwardingRuleCmd extends BaseCmd { public static final Logger s_logger = Logger.getLogger(DeleteIPForwardingRuleCmd.class.getName()); - private static final String s_name = "deleteportforwardingruleresponse"; - private static final List> s_properties = new ArrayList>(); - - static { - s_properties.add(new Pair(BaseCmd.Properties.USER_ID, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.ACCOUNT_OBJ, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.ID, Boolean.TRUE)); - } ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// @@ -64,7 +46,6 @@ public class DeleteIPForwardingRuleCmd extends BaseCmd { return id; } - ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// @@ -72,58 +53,61 @@ public class DeleteIPForwardingRuleCmd extends BaseCmd { public String getName() { return s_name; } - public List> getProperties() { - return s_properties; - } - @Override - public List> execute(Map params) { - Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName()); - Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName()); - Long ruleId = (Long)params.get(BaseCmd.Properties.ID.getName()); - - if (userId == null) { - userId = Long.valueOf(User.UID_SYSTEM); - } - - FirewallRuleVO fwRule = getManagementServer().findForwardingRuleById(ruleId); - if (fwRule == null) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find port forwarding rule " + ruleId); - } - - IPAddressVO ipAddress = getManagementServer().findIPAddressById(fwRule.getPublicIpAddress()); - if (ipAddress == null) { - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to find IP address for port forwarding rule " + ruleId); - } - - Account ruleOwner = getManagementServer().findAccountById(ipAddress.getAccountId()); - if (ruleOwner == null) { - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to find owning account for port forwarding rule " + ruleId); - } - - // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters - if (account != null) { - if (isAdmin(account.getType())) { - if (!getManagementServer().isChildDomain(account.getDomainId(), ruleOwner.getDomainId())) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to delete port forwarding rule " + ruleId + ", permission denied."); - } - } else if (account.getId().longValue() != ruleOwner.getId().longValue()) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to delete port forwarding rule " + ruleId + ", permission denied."); - } - } - - try { - getManagementServer().deleteRule(ruleId.longValue(), userId.longValue(), ruleOwner.getId().longValue()); - } catch (InvalidParameterValueException ex1) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to delete port forwarding rule " + ruleId + ", internal error."); - } catch (PermissionDeniedException ex2) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to delete port forwarding rule " + ruleId + ", permission denied."); - } catch (InternalErrorException ex3) { - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to delete port forwarding rule " + ruleId + ", internal error."); - } - - List> returnValues = new ArrayList>(); - returnValues.add(new Pair(BaseCmd.Properties.SUCCESS.getName(), "true")); - return returnValues; - } +// @Override +// public List> execute(Map params) { +// Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName()); +// Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName()); +// Long ruleId = (Long)params.get(BaseCmd.Properties.ID.getName()); +// +// if (userId == null) { +// userId = Long.valueOf(User.UID_SYSTEM); +// } +// +// FirewallRuleVO fwRule = getManagementServer().findForwardingRuleById(ruleId); +// if (fwRule == null) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find port forwarding rule " + ruleId); +// } +// +// IPAddressVO ipAddress = getManagementServer().findIPAddressById(fwRule.getPublicIpAddress()); +// if (ipAddress == null) { +// throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to find IP address for port forwarding rule " + ruleId); +// } +// +// Account ruleOwner = getManagementServer().findAccountById(ipAddress.getAccountId()); +// if (ruleOwner == null) { +// throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to find owning account for port forwarding rule " + ruleId); +// } +// +// // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters +// if (account != null) { +// if (isAdmin(account.getType())) { +// if (!getManagementServer().isChildDomain(account.getDomainId(), ruleOwner.getDomainId())) { +// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to delete port forwarding rule " + ruleId + ", permission denied."); +// } +// } else if (account.getId().longValue() != ruleOwner.getId().longValue()) { +// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to delete port forwarding rule " + ruleId + ", permission denied."); +// } +// } +// +// try { +// getManagementServer().deleteRule(ruleId.longValue(), userId.longValue(), ruleOwner.getId().longValue()); +// } catch (InvalidParameterValueException ex1) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to delete port forwarding rule " + ruleId + ", internal error."); +// } catch (PermissionDeniedException ex2) { +// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to delete port forwarding rule " + ruleId + ", permission denied."); +// } catch (InternalErrorException ex3) { +// throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to delete port forwarding rule " + ruleId + ", internal error."); +// } +// +// List> returnValues = new ArrayList>(); +// returnValues.add(new Pair(BaseCmd.Properties.SUCCESS.getName(), "true")); +// return returnValues; +// } + + @Override + public String getResponse() { + // TODO Auto-generated method stub + return null; + } } diff --git a/server/src/com/cloud/api/commands/UpdateIPForwardingRuleCmd.java b/server/src/com/cloud/api/commands/UpdateIPForwardingRuleCmd.java index 0a0502447dd..608592662b1 100644 --- a/server/src/com/cloud/api/commands/UpdateIPForwardingRuleCmd.java +++ b/server/src/com/cloud/api/commands/UpdateIPForwardingRuleCmd.java @@ -1,39 +1,16 @@ package com.cloud.api.commands; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - import org.apache.log4j.Logger; -import com.cloud.api.BaseCmd; +import com.cloud.api.BaseAsyncCmd; +import com.cloud.api.BaseCmd.Manager; +import com.cloud.api.Implementation; import com.cloud.api.Parameter; -import com.cloud.api.ServerApiException; -import com.cloud.network.IPAddressVO; -import com.cloud.server.Criteria; -import com.cloud.user.Account; -import com.cloud.user.User; -import com.cloud.utils.Pair; -import com.cloud.utils.net.NetUtils; -import com.cloud.vm.UserVmVO; -public class UpdateIPForwardingRuleCmd extends BaseCmd { +@Implementation(method="updatePortForwardingRule", manager=Manager.ManagementServer) +public class UpdateIPForwardingRuleCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(UpdateIPForwardingRuleCmd.class.getName()); - private static final String s_name = "updateportforwardingruleresponse"; - private static final List> s_properties = new ArrayList>(); - - static { - s_properties.add(new Pair(BaseCmd.Properties.USER_ID, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.ACCOUNT_OBJ, Boolean.FALSE)); - - s_properties.add(new Pair(BaseCmd.Properties.PRIVATE_IP, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.PRIVATE_PORT, Boolean.TRUE)); - s_properties.add(new Pair(BaseCmd.Properties.PROTOCOL, Boolean.TRUE)); - s_properties.add(new Pair(BaseCmd.Properties.PUBLIC_IP, Boolean.TRUE)); - s_properties.add(new Pair(BaseCmd.Properties.PUBLIC_PORT, Boolean.TRUE)); - s_properties.add(new Pair(BaseCmd.Properties.VIRTUAL_MACHINE_ID, Boolean.FALSE)); - } ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// @@ -92,82 +69,85 @@ public class UpdateIPForwardingRuleCmd extends BaseCmd { public String getName() { return s_name; } - public List> getProperties() { - return s_properties; - } - @Override - public List> execute(Map params) { - Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName()); - Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName()); - String publicIp = (String)params.get(BaseCmd.Properties.PUBLIC_IP.getName()); - String publicPort = (String)params.get(BaseCmd.Properties.PUBLIC_PORT.getName()); - String privateIp = (String)params.get(BaseCmd.Properties.PRIVATE_IP.getName()); - String privatePort = (String)params.get(BaseCmd.Properties.PRIVATE_PORT.getName()); - String protocol = (String)params.get(BaseCmd.Properties.PROTOCOL.getName()); - Long vmId = (Long)params.get(BaseCmd.Properties.VIRTUAL_MACHINE_ID.getName()); - UserVmVO userVM = null; - - if (userId == null) { - userId = Long.valueOf(User.UID_SYSTEM); - } - - IPAddressVO ipAddressVO = getManagementServer().findIPAddressById(publicIp); - if (ipAddressVO == null) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find IP address " + publicIp); - } - - if (ipAddressVO.getAccountId() == null) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to update port forwarding rule, owner of IP address " + publicIp + " not found."); - } - - if (privateIp != null) { - if (!NetUtils.isValidIp(privateIp)) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp); - } - Criteria c = new Criteria(); - c.addCriteria(Criteria.ACCOUNTID, new Object[] {ipAddressVO.getAccountId()}); - c.addCriteria(Criteria.DATACENTERID, ipAddressVO.getDataCenterId()); - c.addCriteria(Criteria.IPADDRESS, privateIp); - List userVMs = getManagementServer().searchForUserVMs(c); - if ((userVMs == null) || userVMs.isEmpty()) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp + ", no virtual machine instances running with that address."); - } - userVM = userVMs.get(0); - } else if (vmId != null) { - userVM = getManagementServer().findUserVMInstanceById(vmId); - if (userVM == null) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find virtual machine with id " + vmId); - } - - if ((ipAddressVO.getAccountId() == null) || (ipAddressVO.getAccountId().longValue() != userVM.getAccountId())) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); - } - - if (ipAddressVO.getDataCenterId() != userVM.getDataCenterId()) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to update port forwarding rule, IP address " + publicIp + " is not in the same availability zone as virtual machine " + userVM.toString()); - } - - privateIp = userVM.getGuestIpAddress(); - } else { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "No private IP address (privateip) or virtual machine instance id (virtualmachineid) specified, unable to update port forwarding rule"); - } - - // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters - if (account != null) { - if (isAdmin(account.getType())) { - if (!getManagementServer().isChildDomain(account.getDomainId(), ipAddressVO.getDomainId())) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); - } - } else if (account.getId().longValue() != ipAddressVO.getAccountId()) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); - } - } - - long jobId = getManagementServer().updatePortForwardingRuleAsync(userId, ipAddressVO.getAccountId().longValue(), publicIp, privateIp, publicPort, privatePort, protocol); - - List> returnValues = new ArrayList>(); - returnValues.add(new Pair(BaseCmd.Properties.JOB_ID.getName(), Long.valueOf(jobId).toString())); - return returnValues; - } +// @Override +// public List> execute(Map params) { +// Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName()); +// Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName()); +// String publicIp = (String)params.get(BaseCmd.Properties.PUBLIC_IP.getName()); +// String publicPort = (String)params.get(BaseCmd.Properties.PUBLIC_PORT.getName()); +// String privateIp = (String)params.get(BaseCmd.Properties.PRIVATE_IP.getName()); +// String privatePort = (String)params.get(BaseCmd.Properties.PRIVATE_PORT.getName()); +// String protocol = (String)params.get(BaseCmd.Properties.PROTOCOL.getName()); +// Long vmId = (Long)params.get(BaseCmd.Properties.VIRTUAL_MACHINE_ID.getName()); +// UserVmVO userVM = null; +// +// if (userId == null) { +// userId = Long.valueOf(User.UID_SYSTEM); +// } +// +// IPAddressVO ipAddressVO = getManagementServer().findIPAddressById(publicIp); +// if (ipAddressVO == null) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find IP address " + publicIp); +// } +// +// if (ipAddressVO.getAccountId() == null) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to update port forwarding rule, owner of IP address " + publicIp + " not found."); +// } +// +// if (privateIp != null) { +// if (!NetUtils.isValidIp(privateIp)) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp); +// } +// Criteria c = new Criteria(); +// c.addCriteria(Criteria.ACCOUNTID, new Object[] {ipAddressVO.getAccountId()}); +// c.addCriteria(Criteria.DATACENTERID, ipAddressVO.getDataCenterId()); +// c.addCriteria(Criteria.IPADDRESS, privateIp); +// List userVMs = getManagementServer().searchForUserVMs(c); +// if ((userVMs == null) || userVMs.isEmpty()) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp + ", no virtual machine instances running with that address."); +// } +// userVM = userVMs.get(0); +// } else if (vmId != null) { +// userVM = getManagementServer().findUserVMInstanceById(vmId); +// if (userVM == null) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find virtual machine with id " + vmId); +// } +// +// if ((ipAddressVO.getAccountId() == null) || (ipAddressVO.getAccountId().longValue() != userVM.getAccountId())) { +// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); +// } +// +// if (ipAddressVO.getDataCenterId() != userVM.getDataCenterId()) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to update port forwarding rule, IP address " + publicIp + " is not in the same availability zone as virtual machine " + userVM.toString()); +// } +// +// privateIp = userVM.getGuestIpAddress(); +// } else { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "No private IP address (privateip) or virtual machine instance id (virtualmachineid) specified, unable to update port forwarding rule"); +// } +// +// // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters +// if (account != null) { +// if (isAdmin(account.getType())) { +// if (!getManagementServer().isChildDomain(account.getDomainId(), ipAddressVO.getDomainId())) { +// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); +// } +// } else if (account.getId().longValue() != ipAddressVO.getAccountId()) { +// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); +// } +// } +// +// long jobId = getManagementServer().updatePortForwardingRuleAsync(userId, ipAddressVO.getAccountId().longValue(), publicIp, privateIp, publicPort, privatePort, protocol); +// +// List> returnValues = new ArrayList>(); +// returnValues.add(new Pair(BaseCmd.Properties.JOB_ID.getName(), Long.valueOf(jobId).toString())); +// return returnValues; +// } + + @Override + public String getResponse() { + // TODO Auto-generated method stub + return null; + } } diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java index 013d9100282..cf346c4ad2d 100644 --- a/server/src/com/cloud/network/NetworkManager.java +++ b/server/src/com/cloud/network/NetworkManager.java @@ -24,6 +24,7 @@ import com.cloud.api.commands.AssignToLoadBalancerRuleCmd; import com.cloud.api.commands.AssociateIPAddrCmd; import com.cloud.api.commands.CreateIPForwardingRuleCmd; import com.cloud.api.commands.CreateLoadBalancerRuleCmd; +import com.cloud.api.commands.DeleteIPForwardingRuleCmd; import com.cloud.api.commands.DeleteLoadBalancerRuleCmd; import com.cloud.api.commands.DeletePortForwardingServiceRuleCmd; import com.cloud.api.commands.DisassociateIPAddrCmd; @@ -32,6 +33,7 @@ import com.cloud.api.commands.RebootRouterCmd; import com.cloud.api.commands.RemoveFromLoadBalancerRuleCmd; import com.cloud.api.commands.StartRouterCmd; import com.cloud.api.commands.StopRouterCmd; +import com.cloud.api.commands.UpdateIPForwardingRuleCmd; import com.cloud.api.commands.UpdateLoadBalancerRuleCmd; import com.cloud.dc.DataCenterVO; import com.cloud.dc.HostPodVO; @@ -112,7 +114,12 @@ public interface NetworkManager extends Manager { DomainRouterVO startRouter(long routerId, long eventId); - DomainRouterVO startRouter(StartRouterCmd cmd) throws InvalidParameterValueException; + /** + * Starts domain router + * @param cmd the command specifying router's id + * @return DomainRouter object + */ + DomainRouterVO startRouter(StartRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; boolean releaseRouter(long routerId); @@ -120,13 +127,23 @@ public interface NetworkManager extends Manager { boolean stopRouter(long routerId, long eventId); - boolean stopRouter(StopRouterCmd cmd) throws InvalidParameterValueException; + /** + * Stops domain router + * @param cmd the command specifying router's id + * @return success or failure + */ + boolean stopRouter(StopRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; boolean getRouterStatistics(long vmId, Map netStats, Map diskStats); boolean rebootRouter(long routerId, long eventId); - boolean rebootRouter(RebootRouterCmd cmd) throws InvalidParameterValueException; + /** + * Reboots domain router + * @param cmd the command specifying router's id + * @return success or failure + */ + boolean rebootRouter(RebootRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; /** * @param hostId get all of the virtual machine routers on a host. * @return collection of VirtualMachineRouter @@ -232,8 +249,8 @@ public interface NetworkManager extends Manager { public boolean removeFromLoadBalancer(RemoveFromLoadBalancerRuleCmd cmd) throws InvalidParameterValueException; - public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd) throws InvalidParameterValueException; - public LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException; + public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; + public LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; /** * Add a DHCP entry on the domr dhcp server @@ -273,6 +290,8 @@ public interface NetworkManager extends Manager { public boolean deleteNetworkRuleConfig(DeletePortForwardingServiceRuleCmd cmd) throws PermissionDeniedException; - boolean disassociateIpAddress(DisassociateIPAddrCmd cmd) throws PermissionDeniedException; + public boolean disassociateIpAddress(DisassociateIPAddrCmd cmd) throws PermissionDeniedException; + + public boolean deleteIpForwardingRule(DeleteIPForwardingRuleCmd cmd) throws PermissionDeniedException, InvalidParameterValueException; } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 5b6d8bbf5b5..2d418e171cd 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -62,15 +62,16 @@ import com.cloud.api.commands.AssignToLoadBalancerRuleCmd; import com.cloud.api.commands.AssociateIPAddrCmd; import com.cloud.api.commands.CreateIPForwardingRuleCmd; import com.cloud.api.commands.CreateLoadBalancerRuleCmd; +import com.cloud.api.commands.DeleteIPForwardingRuleCmd; import com.cloud.api.commands.DeleteLoadBalancerRuleCmd; import com.cloud.api.commands.DeletePortForwardingServiceRuleCmd; import com.cloud.api.commands.DisassociateIPAddrCmd; import com.cloud.api.commands.ListPortForwardingRulesCmd; -import com.cloud.api.commands.LoadBalancerVO; import com.cloud.api.commands.RebootRouterCmd; import com.cloud.api.commands.RemoveFromLoadBalancerRuleCmd; import com.cloud.api.commands.StartRouterCmd; import com.cloud.api.commands.StopRouterCmd; +import com.cloud.api.commands.UpdateIPForwardingRuleCmd; import com.cloud.api.commands.UpdateLoadBalancerRuleCmd; import com.cloud.async.AsyncJobExecutor; import com.cloud.async.AsyncJobManager; @@ -800,17 +801,17 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager } @Override - public DomainRouterVO startRouter(StartRouterCmd cmd) throws InvalidParameterValueException{ + public DomainRouterVO startRouter(StartRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ Long routerId = cmd.getId(); Account account = (Account)UserContext.current().getAccountObject(); //verify parameters DomainRouterVO router = _routerDao.findById(routerId); if (router == null) { - throw new InvalidParameterValueException ("Unable to find a domain router with id " + routerId); + throw new PermissionDeniedException ("Unable to start router with id " + routerId + ". Permisssion denied"); } if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), router.getDomainId())) { - throw new ServerApiException (BaseCmd.PARAM_ERROR, "Invalid domain router id (" + routerId + ") given, unable to start router."); + throw new PermissionDeniedException ("Unable to start router with id " + routerId + ". Permission denied."); } long eventId = EventUtils.saveScheduledEvent(User.UID_SYSTEM, Account.ACCOUNT_ID_SYSTEM, EventTypes.EVENT_ROUTER_START, "starting Router with Id: "+routerId); @@ -1236,18 +1237,18 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager @Override - public boolean stopRouter(StopRouterCmd cmd) throws InvalidParameterValueException{ + public boolean stopRouter(StopRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ Long routerId = cmd.getId(); Account account = (Account)UserContext.current().getAccountObject(); // verify parameters DomainRouterVO router = _routerDao.findById(routerId); if (router == null) { - throw new InvalidParameterValueException ("Unable to find a domain router with id " + routerId); + throw new PermissionDeniedException ("Unable to stop router with id " + routerId + ". Permission denied."); } if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), router.getDomainId())) { - throw new InvalidParameterValueException ("Invalid domain router id (" + routerId + ") given, unable to stop router."); + throw new PermissionDeniedException ("Unable to stop router with id " + routerId + ". Permission denied"); } long eventId = EventUtils.saveScheduledEvent(User.UID_SYSTEM, Account.ACCOUNT_ID_SYSTEM, EventTypes.EVENT_ROUTER_STOP, "stopping Router with Id: "+routerId); @@ -1379,18 +1380,18 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager } @Override - public boolean rebootRouter(RebootRouterCmd cmd) throws InvalidParameterValueException{ + public boolean rebootRouter(RebootRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ Long routerId = cmd.getId(); Account account = (Account)UserContext.current().getAccountObject(); //verify parameters DomainRouterVO router = _routerDao.findById(routerId); if (router == null) { - throw new InvalidParameterValueException("Unable to find a domain router with id " + routerId); + throw new PermissionDeniedException("Unable to reboot domain router with id " + routerId + ". Permission denied"); } if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), router.getDomainId())) { - throw new InvalidParameterValueException("Invalid domain router id (" + routerId + ") given, unable to reboot router."); + throw new PermissionDeniedException("Unable to reboot domain router with id " + routerId + ". Permission denied"); } long eventId = EventUtils.saveScheduledEvent(User.UID_SYSTEM, Account.ACCOUNT_ID_SYSTEM, EventTypes.EVENT_ROUTER_REBOOT, "rebooting Router with Id: "+routerId); @@ -3136,7 +3137,7 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager } @Override @DB - public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd) throws InvalidParameterValueException{ + public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ Long loadBalancerId = cmd.getId(); Long userId = UserContext.current().getUserId(); Account account = (Account)UserContext.current().getAccountObject(); @@ -3150,10 +3151,10 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager if (account != null) { if (!isAdmin(account.getType())) { if (loadBalancer.getAccountId() != account.getId().longValue()) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + ")"); + throw new PermissionDeniedException("Account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + "), permission denied"); } } else if (!_domainDao.isChildDomain(account.getDomainId(), loadBalancer.getDomainId())) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to delete load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + "), permission denied."); + throw new PermissionDeniedException("Unable to delete load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + "), permission denied."); } } @@ -3229,7 +3230,7 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager boolean success = _loadBalancerDao.remove(loadBalancerId); - // save off an event for removing the security group + // save off an event for removing the load balancer EventVO event = new EventVO(); event.setUserId(userId); event.setAccountId(loadBalancer.getAccountId()); @@ -3249,7 +3250,7 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager @Override @DB - public LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException{ + public LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ Long loadBalancerId = cmd.getId(); String privatePort = cmd.getPrivatePort(); String algorithm = cmd.getAlgorithm(); @@ -3281,10 +3282,10 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager if (account != null) { if (!isAdmin(account.getType())) { if (account.getId().longValue() != accountId.longValue()) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update load balancer rule, permission denied"); + throw new PermissionDeniedException("Unable to update load balancer rule, permission denied"); } } else if (!_domainDao.isChildDomain(account.getDomainId(), lbOwner.getDomainId())) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to update load balancer rule, permission denied."); + throw new PermissionDeniedException("Unable to update load balancer rule, permission denied."); } } @@ -3522,5 +3523,100 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager throw new IllegalArgumentException("Disassociate IP address threw an exception"); } } + + @Override @DB + public boolean deleteIpForwardingRule(DeleteIPForwardingRuleCmd cmd) throws PermissionDeniedException, InvalidParameterValueException { + Long ruleId = cmd.getId(); + Long userId = UserContext.current().getUserId(); + Account account = (Account)UserContext.current().getAccountObject(); + + //verify input parameters here + FirewallRuleVO rule = _firewallRulesDao.findById(ruleId); + if (rule == null) { + throw new InvalidParameterValueException("Unable to find port forwarding rule " + ruleId); + } + + IPAddressVO ipAddress = _ipAddressDao.findById(rule.getPublicIpAddress()); + if (ipAddress == null) { + throw new InvalidParameterValueException("Unable to find IP address for port forwarding rule " + ruleId); + } + + // although we are not writing these values to the DB, we will check + // them out of an abundance + // of caution (may not be warranted) + String privatePort = rule.getPrivatePort(); + String publicPort = rule.getPublicPort(); + if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) { + throw new InvalidParameterValueException("Invalid value for port"); + } + + String proto = rule.getProtocol(); + if (!NetUtils.isValidProto(proto)) { + throw new InvalidParameterValueException("Invalid protocol"); + } + + Account ruleOwner = _accountDao.findById(ipAddress.getAccountId()); + if (ruleOwner == null) { + throw new InvalidParameterValueException("Unable to find owning account for port forwarding rule " + ruleId); + } + + // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters + if (account != null) { + if (isAdmin(account.getType())) { + if (!_domainDao.isChildDomain(account.getDomainId(), ruleOwner.getDomainId())) { + throw new PermissionDeniedException("Unable to delete port forwarding rule " + ruleId + ", permission denied."); + } + } else if (account.getId().longValue() != ruleOwner.getId().longValue()) { + throw new PermissionDeniedException("Unable to delete port forwarding rule " + ruleId + ", permission denied."); + } + } + + Transaction txn = Transaction.currentTxn(); + boolean success = false; + try { + txn.start(); + String privateIp = rule.getPrivateIpAddress(); + String publicIp = rule.getPublicIpAddress(); + List fwdings = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, proto); + FirewallRuleVO fwRule = null; + if (fwdings.size() == 0) { + throw new InvalidParameterValueException("No such rule"); + } else if (fwdings.size() == 1) { + fwRule = fwdings.get(0); + if (fwRule.getPrivateIpAddress().equalsIgnoreCase(privateIp) && fwRule.getPrivatePort().equals(privatePort)) { + _firewallRulesDao.delete(fwRule.getId()); + } else { + throw new InvalidParameterValueException("No such rule"); + } + } else { + throw new InternalErrorException("Multiple matches. Please contact support"); + } + fwRule.setEnabled(false); + success = updateFirewallRule(fwRule, null, null); + + String description; + String type = EventTypes.EVENT_NET_RULE_DELETE; + String level = EventVO.LEVEL_INFO; + String ruleName = rule.isForwarding() ? "ip forwarding" : "load balancer"; + + if (success) { + description = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":" + + rule.getPrivatePort() + "] " + rule.getProtocol(); + } else { + level = EventVO.LEVEL_ERROR; + description = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":" + + rule.getPrivatePort() + "] " + rule.getProtocol(); + } + EventUtils.saveEvent(userId, ipAddress.getAccountId(), level, type, description); + txn.commit(); + }catch (Exception ex) { + txn.rollback(); + s_logger.error("Unexpected exception deleting port forwarding rule " + ruleId, ex); + return false; + }finally { + txn.close(); + } + return success; + } } diff --git a/server/src/com/cloud/server/ManagementServer.java b/server/src/com/cloud/server/ManagementServer.java index 21f0b177200..010cab1d56e 100644 --- a/server/src/com/cloud/server/ManagementServer.java +++ b/server/src/com/cloud/server/ManagementServer.java @@ -65,6 +65,7 @@ import com.cloud.api.commands.StartSystemVMCmd; import com.cloud.api.commands.StopSystemVmCmd; import com.cloud.api.commands.UpdateAccountCmd; import com.cloud.api.commands.UpdateDomainCmd; +import com.cloud.api.commands.UpdateIPForwardingRuleCmd; import com.cloud.api.commands.UpdateTemplateOrIsoCmd; import com.cloud.api.commands.UpdateTemplateOrIsoPermissionsCmd; import com.cloud.api.commands.UpdateUserCmd; @@ -381,8 +382,8 @@ public interface ManagementServer { * @param primaryStorageId id of the storage to bring up. * @return true if the operation succeeds. */ - boolean cancelPrimaryStorageMaintenance(long primaryStorageId, long userId); - long cancelPrimaryStorageMaintenanceAsync(long primaryStorageId) throws InvalidParameterValueException; +// boolean cancelPrimaryStorageMaintenance(long primaryStorageId, long userId); +// long cancelPrimaryStorageMaintenanceAsync(long primaryStorageId) throws InvalidParameterValueException; /** @@ -1139,8 +1140,8 @@ public interface ManagementServer { * @param protocol protocol of the rule to update * @return the new firewall rule if updated, null if no rule on public IP / public port of that protocol could be found */ - FirewallRuleVO updatePortForwardingRule(long userId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol); - long updatePortForwardingRuleAsync(long userId, long accountId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol); + FirewallRuleVO updatePortForwardingRule(UpdateIPForwardingRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; +// long updatePortForwardingRuleAsync(long userId, long accountId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol); /** * Find a firewall rule by rule id @@ -1319,8 +1320,8 @@ public interface ManagementServer { * @throws PermissionDeniedException * @throws InternalErrorException */ - void deleteRule(long id, long userId, long accountId) throws InvalidParameterValueException, PermissionDeniedException, InternalErrorException; - long deleteRuleAsync(long id, long userId, long accountId); +// void deleteRule(long id, long userId, long accountId) throws InvalidParameterValueException, PermissionDeniedException, InternalErrorException; +// long deleteRuleAsync(long id, long userId, long accountId); ConsoleProxyInfo getConsoleProxy(long dataCenterId, long userVmId); ConsoleProxyVO startConsoleProxy(long instanceId, long startEventId) throws InternalErrorException; @@ -1800,7 +1801,7 @@ public interface ManagementServer { * @param algorithm the target algorithm of the load balancer rule (the rule will be updated from the existing algorithm to this algorithm) * @return the updated load balancer rule */ - long updateLoadBalancerRuleAsync(long userId, long accountId, long loadBalancerId, String name, String description, String privatePort, String algorithm); +// long updateLoadBalancerRuleAsync(long userId, long accountId, long loadBalancerId, String name, String description, String privatePort, String algorithm); String[] getApiConfig(); StoragePoolVO findPoolById(Long id); diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 354695cd4a3..e2af54e0212 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -55,8 +55,6 @@ import com.cloud.alert.dao.AlertDao; import com.cloud.api.BaseCmd; import com.cloud.api.ServerApiException; import com.cloud.api.commands.AuthorizeNetworkGroupIngressCmd; -import com.cloud.api.commands.CancelMaintenanceCmd; -import com.cloud.api.commands.CancelPrimaryStorageMaintenanceCmd; import com.cloud.api.commands.CreateDomainCmd; import com.cloud.api.commands.CreatePortForwardingServiceCmd; import com.cloud.api.commands.CreatePortForwardingServiceRuleCmd; @@ -94,8 +92,6 @@ import com.cloud.api.commands.ListSnapshotsCmd; import com.cloud.api.commands.ListTemplatesCmd; import com.cloud.api.commands.LockAccountCmd; import com.cloud.api.commands.LockUserCmd; -import com.cloud.api.commands.PrepareForMaintenanceCmd; -import com.cloud.api.commands.PreparePrimaryStorageForMaintenanceCmd; import com.cloud.api.commands.RebootSystemVmCmd; import com.cloud.api.commands.RegisterCmd; import com.cloud.api.commands.RemovePortForwardingServiceCmd; @@ -103,6 +99,7 @@ import com.cloud.api.commands.StartSystemVMCmd; import com.cloud.api.commands.StopSystemVmCmd; import com.cloud.api.commands.UpdateAccountCmd; import com.cloud.api.commands.UpdateDomainCmd; +import com.cloud.api.commands.UpdateIPForwardingRuleCmd; import com.cloud.api.commands.UpdateIsoPermissionsCmd; import com.cloud.api.commands.UpdateTemplateOrIsoCmd; import com.cloud.api.commands.UpdateTemplateOrIsoPermissionsCmd; @@ -117,12 +114,9 @@ import com.cloud.async.BaseAsyncJobExecutor; import com.cloud.async.dao.AsyncJobDao; import com.cloud.async.executor.CreateOrUpdateRuleParam; import com.cloud.async.executor.DeleteDomainParam; -import com.cloud.async.executor.DeleteRuleParam; import com.cloud.async.executor.DeployVMParam; -import com.cloud.async.executor.LoadBalancerParam; import com.cloud.async.executor.NetworkGroupIngressParam; import com.cloud.async.executor.SecurityGroupParam; -import com.cloud.async.executor.UpdateLoadBalancerParam; import com.cloud.async.executor.VMOperationParam; import com.cloud.async.executor.VMOperationParam.VmOp; import com.cloud.async.executor.VolumeOperationParam; @@ -170,10 +164,10 @@ import com.cloud.exception.ResourceInUseException; import com.cloud.exception.StorageUnavailableException; import com.cloud.host.HostStats; import com.cloud.host.HostVO; -import com.cloud.host.Status; import com.cloud.host.dao.HostDao; import com.cloud.hypervisor.Hypervisor; import com.cloud.info.ConsoleProxyInfo; +import com.cloud.network.Criteria; import com.cloud.network.FirewallRuleVO; import com.cloud.network.IPAddressVO; import com.cloud.network.LoadBalancerVMMapVO; @@ -3546,175 +3540,175 @@ public class ManagementServerImpl implements ManagementServer { // return _asyncMgr.submitAsyncJob(job); // } - @DB - protected boolean deleteIpForwardingRule(long userId, long accountId, String publicIp, String publicPort, String privateIp, String privatePort, String proto) - throws PermissionDeniedException, InvalidParameterValueException, InternalErrorException { - - Transaction txn = Transaction.currentTxn(); - boolean locked = false; - try { - AccountVO accountVO = _accountDao.findById(accountId); - if (accountVO == null) { - // throw this exception because hackers can use the api to probe - // for existing user ids - throw new PermissionDeniedException("Account does not own supplied address"); - } - // although we are not writing these values to the DB, we will check - // them out of an abundance - // of caution (may not be warranted) - if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) { - throw new InvalidParameterValueException("Invalid value for port"); - } -// if (!NetUtils.isValidPrivateIp(privateIp, _configs.get("guest.ip.network"))) { -// throw new InvalidParameterValueException("Invalid private ip address"); +// @DB +// protected boolean deleteIpForwardingRule(long userId, long accountId, String publicIp, String publicPort, String privateIp, String privatePort, String proto) +// throws PermissionDeniedException, InvalidParameterValueException, InternalErrorException { +// +// Transaction txn = Transaction.currentTxn(); +// boolean locked = false; +// try { +// AccountVO accountVO = _accountDao.findById(accountId); +// if (accountVO == null) { +// // throw this exception because hackers can use the api to probe +// // for existing user ids +// throw new PermissionDeniedException("Account does not own supplied address"); // } - if (!NetUtils.isValidProto(proto)) { - throw new InvalidParameterValueException("Invalid protocol"); - } - IPAddressVO ipVO = _publicIpAddressDao.acquire(publicIp); - if (ipVO == null) { - // throw this exception because hackers can use the api to probe for allocated ips - throw new PermissionDeniedException("User does not own supplied address"); - } - - locked = true; - if ((ipVO.getAllocated() == null) || (ipVO.getAccountId() == null) || (ipVO.getAccountId().longValue() != accountId)) { - // FIXME: if admin account, make sure the user is visible in the - // admin's domain, or has that checking been done by this point? - if (!BaseCmd.isAdmin(accountVO.getType())) { - throw new PermissionDeniedException("User/account does not own supplied address"); - } - } - - txn.start(); - - List fwdings = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, proto); - FirewallRuleVO fwRule = null; - if (fwdings.size() == 0) { - throw new InvalidParameterValueException("No such rule"); - } else if (fwdings.size() == 1) { - fwRule = fwdings.get(0); - if (fwRule.getPrivateIpAddress().equalsIgnoreCase(privateIp) && fwRule.getPrivatePort().equals(privatePort)) { - _firewallRulesDao.delete(fwRule.getId()); - } else { - throw new InvalidParameterValueException("No such rule"); - } - } else { - throw new InternalErrorException("Multiple matches. Please contact support"); - } - fwRule.setEnabled(false); - boolean success = _networkMgr.updateFirewallRule(fwRule, null, null); - if (!success) { - throw new InternalErrorException("Failed to update router"); - } - txn.commit(); - return success; - } catch (Throwable e) { - if (e instanceof InvalidParameterValueException) { - throw (InvalidParameterValueException) e; - } else if (e instanceof PermissionDeniedException) { - throw (PermissionDeniedException) e; - } else if (e instanceof InternalErrorException) { - s_logger.warn("ManagementServer error", e); - throw (InternalErrorException) e; - } - s_logger.warn("ManagementServer error", e); - } finally { - if (locked) { - _publicIpAddressDao.release(publicIp); - } - } - return false; - } - - @DB - private boolean deleteLoadBalancingRule(long userId, long accountId, String publicIp, String publicPort, String privateIp, String privatePort, String algo) - throws PermissionDeniedException, InvalidParameterValueException, InternalErrorException { - Transaction txn = Transaction.currentTxn(); - boolean locked = false; - try { - AccountVO accountVO = _accountDao.findById(accountId); - if (accountVO == null) { - // throw this exception because hackers can use the api to probe - // for existing user ids - throw new PermissionDeniedException("Account does not own supplied address"); - } - // although we are not writing these values to the DB, we will check - // them out of an abundance - // of caution (may not be warranted) - if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) { - throw new InvalidParameterValueException("Invalid value for port"); - } -// if (!NetUtils.isValidPrivateIp(privateIp, _configs.get("guest.ip.network"))) { -// throw new InvalidParameterValueException("Invalid private ip address"); +// // although we are not writing these values to the DB, we will check +// // them out of an abundance +// // of caution (may not be warranted) +// if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) { +// throw new InvalidParameterValueException("Invalid value for port"); // } - if (!NetUtils.isValidAlgorithm(algo)) { - throw new InvalidParameterValueException("Invalid protocol"); - } +//// if (!NetUtils.isValidPrivateIp(privateIp, _configs.get("guest.ip.network"))) { +//// throw new InvalidParameterValueException("Invalid private ip address"); +//// } +// if (!NetUtils.isValidProto(proto)) { +// throw new InvalidParameterValueException("Invalid protocol"); +// } +// IPAddressVO ipVO = _publicIpAddressDao.acquire(publicIp); +// if (ipVO == null) { +// // throw this exception because hackers can use the api to probe for allocated ips +// throw new PermissionDeniedException("User does not own supplied address"); +// } +// +// locked = true; +// if ((ipVO.getAllocated() == null) || (ipVO.getAccountId() == null) || (ipVO.getAccountId().longValue() != accountId)) { +// // FIXME: if admin account, make sure the user is visible in the +// // admin's domain, or has that checking been done by this point? +// if (!BaseCmd.isAdmin(accountVO.getType())) { +// throw new PermissionDeniedException("User/account does not own supplied address"); +// } +// } +// +// txn.start(); +// +// List fwdings = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, proto); +// FirewallRuleVO fwRule = null; +// if (fwdings.size() == 0) { +// throw new InvalidParameterValueException("No such rule"); +// } else if (fwdings.size() == 1) { +// fwRule = fwdings.get(0); +// if (fwRule.getPrivateIpAddress().equalsIgnoreCase(privateIp) && fwRule.getPrivatePort().equals(privatePort)) { +// _firewallRulesDao.delete(fwRule.getId()); +// } else { +// throw new InvalidParameterValueException("No such rule"); +// } +// } else { +// throw new InternalErrorException("Multiple matches. Please contact support"); +// } +// fwRule.setEnabled(false); +// boolean success = _networkMgr.updateFirewallRule(fwRule, null, null); +// if (!success) { +// throw new InternalErrorException("Failed to update router"); +// } +// txn.commit(); +// return success; +// } catch (Throwable e) { +// if (e instanceof InvalidParameterValueException) { +// throw (InvalidParameterValueException) e; +// } else if (e instanceof PermissionDeniedException) { +// throw (PermissionDeniedException) e; +// } else if (e instanceof InternalErrorException) { +// s_logger.warn("ManagementServer error", e); +// throw (InternalErrorException) e; +// } +// s_logger.warn("ManagementServer error", e); +// } finally { +// if (locked) { +// _publicIpAddressDao.release(publicIp); +// } +// } +// return false; +// } - IPAddressVO ipVO = _publicIpAddressDao.acquire(publicIp); - - if (ipVO == null) { - // throw this exception because hackers can use the api to probe - // for allocated ips - throw new PermissionDeniedException("User does not own supplied address"); - } - - locked = true; - if ((ipVO.getAllocated() == null) || (ipVO.getAccountId() == null) || (ipVO.getAccountId().longValue() != accountId)) { - // FIXME: the user visible from the admin account's domain? has - // that check been done already? - if (!BaseCmd.isAdmin(accountVO.getType())) { - throw new PermissionDeniedException("User does not own supplied address"); - } - } - - List fwdings = _firewallRulesDao.listLoadBalanceRulesForUpdate(publicIp, publicPort, algo); - FirewallRuleVO fwRule = null; - if (fwdings.size() == 0) { - throw new InvalidParameterValueException("No such rule"); - } - for (FirewallRuleVO frv : fwdings) { - if (frv.getPrivateIpAddress().equalsIgnoreCase(privateIp) && frv.getPrivatePort().equals(privatePort)) { - fwRule = frv; - break; - } - } - - if (fwRule == null) { - throw new InvalidParameterValueException("No such rule"); - } - - txn.start(); - - fwRule.setEnabled(false); - _firewallRulesDao.update(fwRule.getId(), fwRule); - - boolean success = _networkMgr.updateFirewallRule(fwRule, null, null); - if (!success) { - throw new InternalErrorException("Failed to update router"); - } - _firewallRulesDao.delete(fwRule.getId()); - - txn.commit(); - return success; - } catch (Throwable e) { - if (e instanceof InvalidParameterValueException) { - throw (InvalidParameterValueException) e; - } else if (e instanceof PermissionDeniedException) { - throw (PermissionDeniedException) e; - } else if (e instanceof InternalErrorException) { - s_logger.warn("ManagementServer error", e); - throw (InternalErrorException) e; - } - s_logger.warn("ManagementServer error", e); - } finally { - if (locked) { - _publicIpAddressDao.release(publicIp); - } - } - return false; - } +// @DB +// private boolean deleteLoadBalancingRule(long userId, long accountId, String publicIp, String publicPort, String privateIp, String privatePort, String algo) +// throws PermissionDeniedException, InvalidParameterValueException, InternalErrorException { +// Transaction txn = Transaction.currentTxn(); +// boolean locked = false; +// try { +// AccountVO accountVO = _accountDao.findById(accountId); +// if (accountVO == null) { +// // throw this exception because hackers can use the api to probe +// // for existing user ids +// throw new PermissionDeniedException("Account does not own supplied address"); +// } +// // although we are not writing these values to the DB, we will check +// // them out of an abundance +// // of caution (may not be warranted) +// if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) { +// throw new InvalidParameterValueException("Invalid value for port"); +// } +//// if (!NetUtils.isValidPrivateIp(privateIp, _configs.get("guest.ip.network"))) { +//// throw new InvalidParameterValueException("Invalid private ip address"); +//// } +// if (!NetUtils.isValidAlgorithm(algo)) { +// throw new InvalidParameterValueException("Invalid protocol"); +// } +// +// IPAddressVO ipVO = _publicIpAddressDao.acquire(publicIp); +// +// if (ipVO == null) { +// // throw this exception because hackers can use the api to probe +// // for allocated ips +// throw new PermissionDeniedException("User does not own supplied address"); +// } +// +// locked = true; +// if ((ipVO.getAllocated() == null) || (ipVO.getAccountId() == null) || (ipVO.getAccountId().longValue() != accountId)) { +// // FIXME: the user visible from the admin account's domain? has +// // that check been done already? +// if (!BaseCmd.isAdmin(accountVO.getType())) { +// throw new PermissionDeniedException("User does not own supplied address"); +// } +// } +// +// List fwdings = _firewallRulesDao.listLoadBalanceRulesForUpdate(publicIp, publicPort, algo); +// FirewallRuleVO fwRule = null; +// if (fwdings.size() == 0) { +// throw new InvalidParameterValueException("No such rule"); +// } +// for (FirewallRuleVO frv : fwdings) { +// if (frv.getPrivateIpAddress().equalsIgnoreCase(privateIp) && frv.getPrivatePort().equals(privatePort)) { +// fwRule = frv; +// break; +// } +// } +// +// if (fwRule == null) { +// throw new InvalidParameterValueException("No such rule"); +// } +// +// txn.start(); +// +// fwRule.setEnabled(false); +// _firewallRulesDao.update(fwRule.getId(), fwRule); +// +// boolean success = _networkMgr.updateFirewallRule(fwRule, null, null); +// if (!success) { +// throw new InternalErrorException("Failed to update router"); +// } +// _firewallRulesDao.delete(fwRule.getId()); +// +// txn.commit(); +// return success; +// } catch (Throwable e) { +// if (e instanceof InvalidParameterValueException) { +// throw (InvalidParameterValueException) e; +// } else if (e instanceof PermissionDeniedException) { +// throw (PermissionDeniedException) e; +// } else if (e instanceof InternalErrorException) { +// s_logger.warn("ManagementServer error", e); +// throw (InternalErrorException) e; +// } +// s_logger.warn("ManagementServer error", e); +// } finally { +// if (locked) { +// _publicIpAddressDao.release(publicIp); +// } +// } +// return false; +// } @Override public List getEvents(long userId, long accountId, Long domainId, String type, String level, Date startDate, Date endDate) { @@ -5003,7 +4997,73 @@ public class ManagementServerImpl implements ManagementServer { } @Override - public FirewallRuleVO updatePortForwardingRule(long userId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol) { + public FirewallRuleVO updatePortForwardingRule(UpdateIPForwardingRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ + String publicIp = cmd.getPublicIp(); + String privateIp = cmd.getPrivateIp(); + String privatePort = cmd.getPrivatePort(); + String publicPort = cmd.getPublicPort(); + String protocol = cmd.getProtocol(); + Long vmId = cmd.getVirtualMachineId(); + Long userId = UserContext.current().getUserId(); + Account account = (Account)UserContext.current().getAccountObject(); + UserVmVO userVM = null; + + if (userId == null) { + userId = Long.valueOf(User.UID_SYSTEM); + } + + IPAddressVO ipAddressVO = findIPAddressById(publicIp); + if (ipAddressVO == null) { + throw new InvalidParameterValueException("Unable to find IP address " + publicIp); + } + + if (ipAddressVO.getAccountId() == null) { + throw new InvalidParameterValueException("Unable to update port forwarding rule, owner of IP address " + publicIp + " not found."); + } + + if (privateIp != null) { + if (!NetUtils.isValidIp(privateIp)) { + throw new InvalidParameterValueException("Invalid private IP address specified: " + privateIp); + } + Criteria c = new Criteria(); + c.addCriteria(Criteria.ACCOUNTID, new Object[] {ipAddressVO.getAccountId()}); + c.addCriteria(Criteria.DATACENTERID, ipAddressVO.getDataCenterId()); + c.addCriteria(Criteria.IPADDRESS, privateIp); + List userVMs = searchForUserVMs(c); + if ((userVMs == null) || userVMs.isEmpty()) { + throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp + ", no virtual machine instances running with that address."); + } + userVM = userVMs.get(0); + } else if (vmId != null) { + userVM = findUserVMInstanceById(vmId); + if (userVM == null) { + throw new InvalidParameterValueException("Unable to find virtual machine with id " + vmId); + } + + if ((ipAddressVO.getAccountId() == null) || (ipAddressVO.getAccountId().longValue() != userVM.getAccountId())) { + throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); + } + + if (ipAddressVO.getDataCenterId() != userVM.getDataCenterId()) { + throw new PermissionDeniedException("Unable to update port forwarding rule, IP address " + publicIp + " is not in the same availability zone as virtual machine " + userVM.toString()); + } + + privateIp = userVM.getGuestIpAddress(); + } else { + throw new InvalidParameterValueException("No private IP address (privateip) or virtual machine instance id (virtualmachineid) specified, unable to update port forwarding rule"); + } + + // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters + if (account != null) { + if (isAdmin(account.getType())) { + if (!_domainDao.isChildDomain(account.getDomainId(), ipAddressVO.getDomainId())) { + throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); + } + } else if (account.getId().longValue() != ipAddressVO.getAccountId()) { + throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); + } + } + List fwRules = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, protocol); if ((fwRules != null) && (fwRules.size() == 1)) { FirewallRuleVO fwRule = fwRules.get(0); @@ -5017,21 +5077,21 @@ public class ManagementServerImpl implements ManagementServer { } return null; } - - @Override - public long updatePortForwardingRuleAsync(long userId, long accountId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol) { - CreateOrUpdateRuleParam param = new CreateOrUpdateRuleParam(true, userId, Long.valueOf(accountId), publicIp, publicPort, privateIp, privatePort, protocol, null, null, null); - Gson gson = GsonHelper.getBuilder().create(); - - AsyncJobVO job = new AsyncJobVO(); - job.setUserId(UserContext.current().getUserId()); - job.setAccountId(accountId); - job.setCmd("UpdatePortForwardingRule"); - job.setCmdInfo(gson.toJson(param)); - job.setCmdOriginator("portforwardingrule"); - - return _asyncMgr.submitAsyncJob(job); - } +// +// @Override +// public long updatePortForwardingRuleAsync(long userId, long accountId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol) { +// CreateOrUpdateRuleParam param = new CreateOrUpdateRuleParam(true, userId, Long.valueOf(accountId), publicIp, publicPort, privateIp, privatePort, protocol, null, null, null); +// Gson gson = GsonHelper.getBuilder().create(); +// +// AsyncJobVO job = new AsyncJobVO(); +// job.setUserId(UserContext.current().getUserId()); +// job.setAccountId(accountId); +// job.setCmd("UpdatePortForwardingRule"); +// job.setCmdInfo(gson.toJson(param)); +// job.setCmdOriginator("portforwardingrule"); +// +// return _asyncMgr.submitAsyncJob(job); +// } // @Override @DB // public LoadBalancerVO updateLoadBalancerRule(long userId, LoadBalancerVO loadBalancer, String privatePort, String algorithm) { @@ -5953,74 +6013,74 @@ public class ManagementServerImpl implements ManagementServer { return netRule; } - public void deleteRule(long ruleId, long userId, long accountId) throws InvalidParameterValueException, PermissionDeniedException, InternalErrorException { - Exception e = null; - try { - FirewallRuleVO rule = _firewallRulesDao.findById(ruleId); - if (rule != null) { - boolean success = false; +// public void deleteRule(long ruleId, long userId, long accountId) throws InvalidParameterValueException, PermissionDeniedException, InternalErrorException { +// Exception e = null; +// try { +// FirewallRuleVO rule = _firewallRulesDao.findById(ruleId); +// if (rule != null) { +// boolean success = false; +// +// try { +// if (rule.isForwarding()) { +// success = deleteIpForwardingRule(userId, accountId, rule.getPublicIpAddress(), rule.getPublicPort(), rule.getPrivateIpAddress(), rule.getPrivatePort(), +// rule.getProtocol()); +// } else { +// success = deleteLoadBalancingRule(userId, accountId, rule.getPublicIpAddress(), rule.getPublicPort(), rule.getPrivateIpAddress(), rule.getPrivatePort(), +// rule.getAlgorithm()); +// } +// } catch (Exception ex) { +// e = ex; +// } +// +// String description; +// String type = EventTypes.EVENT_NET_RULE_DELETE; +// String level = EventVO.LEVEL_INFO; +// String ruleName = rule.isForwarding() ? "ip forwarding" : "load balancer"; +// +// if (success) { +// String desc = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":" +// + rule.getPrivatePort() + "] " + rule.getProtocol(); +// if (!rule.isForwarding()) { +// desc = desc + ", algorithm = " + rule.getAlgorithm(); +// } +// description = desc; +// } else { +// level = EventVO.LEVEL_ERROR; +// String desc = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":" +// + rule.getPrivatePort() + "] " + rule.getProtocol(); +// if (!rule.isForwarding()) { +// desc = desc + ", algorithm = " + rule.getAlgorithm(); +// } +// description = desc; +// } +// +// EventUtils.saveEvent(userId, accountId, level, type, description); +// } +// } finally { +// if (e != null) { +// if (e instanceof InvalidParameterValueException) { +// throw (InvalidParameterValueException) e; +// } else if (e instanceof PermissionDeniedException) { +// throw (PermissionDeniedException) e; +// } else if (e instanceof InternalErrorException) { +// throw (InternalErrorException) e; +// } +// } +// } +// } - try { - if (rule.isForwarding()) { - success = deleteIpForwardingRule(userId, accountId, rule.getPublicIpAddress(), rule.getPublicPort(), rule.getPrivateIpAddress(), rule.getPrivatePort(), - rule.getProtocol()); - } else { - success = deleteLoadBalancingRule(userId, accountId, rule.getPublicIpAddress(), rule.getPublicPort(), rule.getPrivateIpAddress(), rule.getPrivatePort(), - rule.getAlgorithm()); - } - } catch (Exception ex) { - e = ex; - } - - String description; - String type = EventTypes.EVENT_NET_RULE_DELETE; - String level = EventVO.LEVEL_INFO; - String ruleName = rule.isForwarding() ? "ip forwarding" : "load balancer"; - - if (success) { - String desc = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":" - + rule.getPrivatePort() + "] " + rule.getProtocol(); - if (!rule.isForwarding()) { - desc = desc + ", algorithm = " + rule.getAlgorithm(); - } - description = desc; - } else { - level = EventVO.LEVEL_ERROR; - String desc = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":" - + rule.getPrivatePort() + "] " + rule.getProtocol(); - if (!rule.isForwarding()) { - desc = desc + ", algorithm = " + rule.getAlgorithm(); - } - description = desc; - } - - EventUtils.saveEvent(userId, accountId, level, type, description); - } - } finally { - if (e != null) { - if (e instanceof InvalidParameterValueException) { - throw (InvalidParameterValueException) e; - } else if (e instanceof PermissionDeniedException) { - throw (PermissionDeniedException) e; - } else if (e instanceof InternalErrorException) { - throw (InternalErrorException) e; - } - } - } - } - - public long deleteRuleAsync(long id, long userId, long accountId) { - DeleteRuleParam param = new DeleteRuleParam(id, userId, accountId); - Gson gson = GsonHelper.getBuilder().create(); - - AsyncJobVO job = new AsyncJobVO(); - job.setUserId(UserContext.current().getUserId()); - job.setAccountId(accountId); - job.setCmd("DeleteRule"); - job.setCmdInfo(gson.toJson(param)); - - return _asyncMgr.submitAsyncJob(job); - } +// public long deleteRuleAsync(long id, long userId, long accountId) { +// DeleteRuleParam param = new DeleteRuleParam(id, userId, accountId); +// Gson gson = GsonHelper.getBuilder().create(); +// +// AsyncJobVO job = new AsyncJobVO(); +// job.setUserId(UserContext.current().getUserId()); +// job.setAccountId(accountId); +// job.setCmd("DeleteRule"); +// job.setCmdInfo(gson.toJson(param)); +// +// return _asyncMgr.submitAsyncJob(job); +// } public List listAllTemplates() { return _templateDao.listAll(); diff --git a/server/src/com/cloud/storage/StorageManagerImpl.java b/server/src/com/cloud/storage/StorageManagerImpl.java index 969ef2303aa..9ba7d80ec48 100644 --- a/server/src/com/cloud/storage/StorageManagerImpl.java +++ b/server/src/com/cloud/storage/StorageManagerImpl.java @@ -40,7 +40,6 @@ import java.util.concurrent.TimeUnit; import javax.ejb.Local; import javax.naming.ConfigurationException; -import org.GNOME.Accessibility._DocumentStub; import org.apache.log4j.Logger; import com.cloud.agent.api.Answer; diff --git a/server/src/com/cloud/template/TemplateManager.java b/server/src/com/cloud/template/TemplateManager.java index 3a10d7d1087..2deafc4504a 100644 --- a/server/src/com/cloud/template/TemplateManager.java +++ b/server/src/com/cloud/template/TemplateManager.java @@ -31,6 +31,7 @@ import com.cloud.api.commands.RegisterIsoCmd; import com.cloud.api.commands.RegisterTemplateCmd; import com.cloud.exception.InternalErrorException; import com.cloud.exception.InvalidParameterValueException; +import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.StorageUnavailableException; import com.cloud.storage.Storage.FileSystem; @@ -112,8 +113,8 @@ public interface TemplateManager extends Manager { * @throws InvalidParameterValueException */ boolean copy(long userId, long templateId, long sourceZoneId, long destZoneId, long startEventId) throws InternalErrorException, StorageUnavailableException, InvalidParameterValueException; - boolean copyIso(CopyIsoCmd cmd) throws InvalidParameterValueException, StorageUnavailableException; - boolean copyTemplate(CopyTemplateCmd cmd) throws InvalidParameterValueException, StorageUnavailableException; + boolean copyIso(CopyIsoCmd cmd) throws InvalidParameterValueException, StorageUnavailableException, PermissionDeniedException; + boolean copyTemplate(CopyTemplateCmd cmd) throws InvalidParameterValueException, StorageUnavailableException, PermissionDeniedException; /** * Deletes a template from secondary storage servers @@ -124,9 +125,9 @@ public interface TemplateManager extends Manager { */ boolean delete(long userId, long templateId, Long zoneId) throws InternalErrorException; - boolean detachIso(DetachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException; + boolean detachIso(DetachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException, PermissionDeniedException; - boolean attachIso(AttachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException; + boolean attachIso(AttachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException, PermissionDeniedException; /** * Lists templates in the specified storage pool that are not being used by any VM. @@ -147,12 +148,12 @@ public interface TemplateManager extends Manager { * Deletes a template * @param cmd */ - boolean deleteTemplate(DeleteTemplateCmd cmd) throws InvalidParameterValueException, InternalErrorException; + boolean deleteTemplate(DeleteTemplateCmd cmd) throws InvalidParameterValueException, InternalErrorException, PermissionDeniedException; /** * Deletes a template * @param cmd */ - boolean deleteIso(DeleteIsoCmd cmd) throws InvalidParameterValueException, InternalErrorException; + boolean deleteIso(DeleteIsoCmd cmd) throws InvalidParameterValueException, InternalErrorException, PermissionDeniedException; } diff --git a/server/src/com/cloud/template/TemplateManagerImpl.java b/server/src/com/cloud/template/TemplateManagerImpl.java index 2a145753be8..544de7eba1e 100644 --- a/server/src/com/cloud/template/TemplateManagerImpl.java +++ b/server/src/com/cloud/template/TemplateManagerImpl.java @@ -58,6 +58,7 @@ import com.cloud.event.EventVO; import com.cloud.event.dao.EventDao; import com.cloud.exception.InternalErrorException; import com.cloud.exception.InvalidParameterValueException; +import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.StorageUnavailableException; import com.cloud.host.HostVO; @@ -613,7 +614,7 @@ public class TemplateManagerImpl implements TemplateManager { } @Override - public boolean copyIso(CopyIsoCmd cmd) throws InvalidParameterValueException, StorageUnavailableException { + public boolean copyIso(CopyIsoCmd cmd) throws InvalidParameterValueException, StorageUnavailableException, PermissionDeniedException { Long isoId = cmd.getId(); Long userId = UserContext.current().getUserId(); Long sourceZoneId = cmd.getSourceZoneId(); @@ -641,7 +642,7 @@ public class TemplateManagerImpl implements TemplateManager { @Override - public boolean copyTemplate(CopyTemplateCmd cmd) throws InvalidParameterValueException, StorageUnavailableException { + public boolean copyTemplate(CopyTemplateCmd cmd) throws InvalidParameterValueException, StorageUnavailableException, PermissionDeniedException { Long templateId = cmd.getId(); Long userId = UserContext.current().getUserId(); Long sourceZoneId = cmd.getSourceZoneId(); @@ -955,7 +956,7 @@ public class TemplateManagerImpl implements TemplateManager { } @Override - public boolean detachIso(DetachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException { + public boolean detachIso(DetachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException, PermissionDeniedException { Account account = (Account) UserContext.current().getAccountObject(); Long userId = UserContext.current().getUserId(); Long vmId = cmd.getVirtualMachineId(); @@ -989,7 +990,7 @@ public class TemplateManagerImpl implements TemplateManager { } @Override - public boolean attachIso(AttachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException { + public boolean attachIso(AttachIsoCmd cmd) throws InternalErrorException, InvalidParameterValueException, PermissionDeniedException { Account account = (Account) UserContext.current().getAccountObject(); Long userId = UserContext.current().getUserId(); Long vmId = cmd.getVirtualMachineId(); @@ -1053,28 +1054,28 @@ public class TemplateManagerImpl implements TemplateManager { return success; } - private Long accountAndUserValidation(Account account, Long userId, UserVmVO vmInstanceCheck, VMTemplateVO template, String msg) { + private Long accountAndUserValidation(Account account, Long userId, UserVmVO vmInstanceCheck, VMTemplateVO template, String msg) throws PermissionDeniedException{ if (account != null) { if (!isAdmin(account.getType())) { if ((vmInstanceCheck != null) && (account.getId().longValue() != vmInstanceCheck.getAccountId())) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, msg + ". Permission denied."); + throw new PermissionDeniedException(msg + ". Permission denied."); } if ((template != null) && (!template.isPublicTemplate() && (account.getId().longValue() != template.getAccountId()) && (!template.getName().startsWith("xs-tools")))) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, msg + ". Permission denied."); + throw new PermissionDeniedException(msg + ". Permission denied."); } } else { if ((vmInstanceCheck != null) && !_domainDao.isChildDomain(account.getDomainId(), vmInstanceCheck.getDomainId())) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, msg + ". Permission denied."); + throw new PermissionDeniedException(msg + ". Permission denied."); } // FIXME: if template/ISO owner is null we probably need to throw some kind of exception if (template != null) { Account templateOwner = _accountDao.findById(template.getId()); if ((templateOwner != null) && !_domainDao.isChildDomain(account.getDomainId(), templateOwner.getDomainId())) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, msg + ". Permission denied."); + throw new PermissionDeniedException(msg + ". Permission denied."); } } } @@ -1093,7 +1094,7 @@ public class TemplateManagerImpl implements TemplateManager { } @Override - public boolean deleteTemplate(DeleteTemplateCmd cmd) throws InvalidParameterValueException, InternalErrorException{ + public boolean deleteTemplate(DeleteTemplateCmd cmd) throws InvalidParameterValueException, InternalErrorException, PermissionDeniedException{ Long templateId = cmd.getId(); Long userId = UserContext.current().getUserId(); @@ -1127,7 +1128,7 @@ public class TemplateManagerImpl implements TemplateManager { } @Override - public boolean deleteIso(DeleteIsoCmd cmd) throws InvalidParameterValueException, InternalErrorException{ + public boolean deleteIso(DeleteIsoCmd cmd) throws InvalidParameterValueException, InternalErrorException, PermissionDeniedException{ Long templateId = cmd.getId(); Long userId = UserContext.current().getUserId(); diff --git a/server/src/com/cloud/vm/UserVmManager.java b/server/src/com/cloud/vm/UserVmManager.java index 224bea38c60..71e49a260c5 100644 --- a/server/src/com/cloud/vm/UserVmManager.java +++ b/server/src/com/cloud/vm/UserVmManager.java @@ -33,7 +33,6 @@ import com.cloud.api.commands.StartVMCmd; import com.cloud.api.commands.StopVMCmd; import com.cloud.api.commands.UpdateVMCmd; import com.cloud.api.commands.UpgradeVMCmd; -import com.cloud.async.executor.DestroyVMExecutor; import com.cloud.async.executor.OperationResponse; import com.cloud.async.executor.RebootVMExecutor; import com.cloud.async.executor.StartVMExecutor; @@ -123,7 +122,7 @@ public interface UserVmManager extends Manager, VirtualMachineManager * @param cmd * @throws InternalErrorException, InvalidParameterValueException */ - void attachVolumeToVM(AttachVolumeCmd cmd) throws InternalErrorException, InvalidParameterValueException; + void attachVolumeToVM(AttachVolumeCmd cmd) throws InternalErrorException, InvalidParameterValueException, PermissionDeniedException; /** * Detaches the specified volume from the VM it is currently attached to. diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index 4e2a78dbc71..121e9433eb5 100644 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -345,7 +345,7 @@ public class UserVmManagerImpl implements UserVmManager { } @Override - public void attachVolumeToVM(AttachVolumeCmd command) throws InternalErrorException, InvalidParameterValueException { + public void attachVolumeToVM(AttachVolumeCmd command) throws InternalErrorException, InvalidParameterValueException, PermissionDeniedException { Long vmId = command.getVirtualMachineId(); Long volumeId = command.getId(); Long deviceId = command.getDeviceId(); @@ -404,21 +404,21 @@ public class UserVmManagerImpl implements UserVmManager { //Verify account information if (volume.getAccountId() != vm.getAccountId()) { - throw new ServerApiException (BaseCmd.VM_INVALID_PARAM_ERROR, "virtual machine and volume belong to different accounts, can not attach"); + throw new PermissionDeniedException ("Virtual machine and volume belong to different accounts, can not attach. Permission denied."); } // If the account is not an admin, check that the volume and the virtual machine are owned by the account that was passed in if (account != null) { if (!isAdmin(account.getType())) { if (account.getId().longValue() != volume.getAccountId()) - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find volume with ID: " + volumeId + " for account: " + account.getAccountName()); + throw new PermissionDeniedException("Unable to find volume with ID: " + volumeId + " for account: " + account.getAccountName() + ". Permission denied."); if (account.getId().longValue() != vm.getAccountId()) - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find VM with ID: " + vmId + " for account: " + account.getAccountName()); + throw new PermissionDeniedException("Unable to find VM with ID: " + vmId + " for account: " + account.getAccountName() + ". Permission denied"); } else { if (!_domainDao.isChildDomain(account.getDomainId(), volume.getDomainId()) || !_domainDao.isChildDomain(account.getDomainId(), vm.getDomainId())) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to attach volume " + volumeId + " to virtual machine instance " + vmId + ", permission denied."); + throw new PermissionDeniedException("Unable to attach volume " + volumeId + " to virtual machine instance " + vmId + ". Permission denied."); } } }