etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NaaS: added "subdomainAccess" parameter to domain level network object. The parameter defines whether the network can be accessed from the subdomains. If the parameter is not specified, it would be defaulted to allow.subdomain.network.access Global Config param

This commit is contained in:
Alena Prokharchyk 2011-11-14 18:12:03 -08:00
parent d7ae15beea
commit bb2a8cf7ea
19 changed files with 144 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
api/src/com/cloud/api/ApiConstants.java
View File

@ -303,5 +303,6 @@ public class ApiConstants {
public static final String NSP_ID= "nspid";
public static final String ACL_TYPE= "acltype";
public static final String IS_SOURCE_NAT_SHARED = "isshared";
public static final String SUBDOMAIN_ACCESS = "subdomainaccess";
}

7
api/src/com/cloud/api/commands/CreateNetworkCmd.java
View File

@ -94,6 +94,9 @@ public class CreateNetworkCmd extends BaseCmd {
@Parameter(name=ApiConstants.ACL_TYPE, type=CommandType.STRING, description="Access control type; supported values are account and domain. If not specified, defaulted to Account in Adavnce zone, and to Domain in Basic zone. Account means that only the account owner can use the network, domain - all accouns in the domain can use the network")
private String aclType;
@Parameter(name=ApiConstants.SUBDOMAIN_ACCESS, type=CommandType.BOOLEAN, description="Defines whether to allow subdomains to use networks dedicated to their parent domain(s). Should be used with aclType=Domain, defaulted to true if not specified")
private Boolean subdomainAccess;
@IdentityMapper(entityTableName="physical_network")
@Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.LONG, description="the Physical Network ID the network belongs to")
private Long physicalNetworkId;
@ -157,6 +160,10 @@ public class CreateNetworkCmd extends BaseCmd {
return aclType;
}
public Boolean getSubdomainAccess() {
return subdomainAccess;
}
public Long getZoneId() {
Long physicalNetworkId = getPhysicalNetworkId();

15
api/src/com/cloud/api/response/NetworkResponse.java
View File

@ -94,6 +94,12 @@ public class NetworkResponse extends BaseResponse implements ControlledEntityRes
@SerializedName(ApiConstants.VLAN) @Param(description="the vlan of the network")
private String vlan;
@SerializedName(ApiConstants.ACL_TYPE) @Param(description="acl type - access type to the network")
private String aclType;
@SerializedName(ApiConstants.SUBDOMAIN_ACCESS) @Param(description="true if users from subdomains can access the domain level network")
private Boolean subdomainAccess;
@SerializedName(ApiConstants.ACCOUNT) @Param(description="the owner of the network")
private String accountName;
@ -121,10 +127,6 @@ public class NetworkResponse extends BaseResponse implements ControlledEntityRes
@SerializedName(ApiConstants.PHYSICAL_NETWORK_ID) @Param(description="the physical network id")
private IdentityProxy physicalNetworkId = new IdentityProxy("physical_network");
@SerializedName(ApiConstants.ACL_TYPE) @Param(description="acl type - access type to the network")
private String aclType;
public void setId(Long id) {
this.id.setValue(id);
}
@ -254,5 +256,8 @@ public class NetworkResponse extends BaseResponse implements ControlledEntityRes
public void setAclType(String aclType) {
this.aclType = aclType;
}
public void setSubdomainAccess(Boolean subdomainAccess) {
this.subdomainAccess = subdomainAccess;
}
}

13
server/src/com/cloud/api/ApiDBUtils.java
View File

@ -56,6 +56,7 @@ import com.cloud.network.LoadBalancerVO;
import com.cloud.network.Network.Capability;
import com.cloud.network.Network.Provider;
import com.cloud.network.Network.Service;
import com.cloud.network.NetworkDomainVO;
import com.cloud.network.NetworkManager;
import com.cloud.network.NetworkProfile;
import com.cloud.network.NetworkRuleConfigVO;
@ -65,6 +66,7 @@ import com.cloud.network.dao.FirewallRulesCidrsDao;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.LoadBalancerDao;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.NetworkDomainDao;
import com.cloud.network.dao.NetworkRuleConfigDao;
import com.cloud.network.security.SecurityGroup;
import com.cloud.network.security.SecurityGroupManager;
@ -116,6 +118,7 @@ import com.cloud.user.dao.UserDao;
import com.cloud.user.dao.UserStatisticsDao;
import com.cloud.uservm.UserVm;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.Pair;
import com.cloud.utils.component.ComponentLocator;
import com.cloud.vm.ConsoleProxyVO;
import com.cloud.vm.DomainRouterVO;
@ -180,6 +183,7 @@ public class ApiDBUtils {
private static ProjectService _projectMgr;
private static ResourceManager _resourceMgr;
private static AccountDetailsDao _accountDetailsDao;
private static NetworkDomainDao _networkDomainDao;
static {
_ms = (ManagementServer) ComponentLocator.getComponent(ManagementServer.Name);
@ -229,6 +233,7 @@ public class ApiDBUtils {
_projectMgr = locator.getManager(ProjectService.class);
_resourceMgr = locator.getManager(ResourceManager.class);
_accountDetailsDao = locator.getDao(AccountDetailsDao.class);
_networkDomainDao = locator.getDao(NetworkDomainDao.class);
// Note: stats collector should already have been initialized by this time, otherwise a null instance is returned
_statsCollector = StatsCollector.getInstance();
@ -687,4 +692,12 @@ public class ApiDBUtils {
public static boolean canElementEnableIndividualServices(Provider serviceProvider) {
return _networkMgr.canElementEnableIndividualServices(serviceProvider);
}
public static Pair<Long, Boolean> getDomainNetworkDetails(long networkId) {
NetworkDomainVO map = _networkDomainDao.getDomainNetworkMapByNetworkId(networkId);
boolean subdomainAccess = (map.isSubdomainAccess() != null) ? map.isSubdomainAccess() : _networkMgr.getAllowSubdomainAccessGlobal();
return new Pair<Long, Boolean>(map.getDomainId(), subdomainAccess);
}
}

3
server/src/com/cloud/api/ApiDispatcher.java
View File

@ -30,6 +30,7 @@ import java.util.regex.Matcher;
import org.apache.log4j.Logger;
import com.cloud.identity.dao.IdentityDao;
import com.cloud.api.BaseCmd.CommandType;
import com.cloud.api.commands.ListEventsCmd;
import com.cloud.async.AsyncCommandQueued;
@ -40,8 +41,6 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.identity.dao.IdentityDao;
import com.cloud.identity.dao.IdentityDaoImpl;
import com.cloud.server.ManagementServer;
import com.cloud.user.Account;
import com.cloud.user.UserContext;

11
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -32,6 +32,7 @@ import java.util.StringTokenizer;
import org.apache.log4j.Logger;
import com.cloud.acl.ControlledEntity;
import com.cloud.acl.ControlledEntity.ACLType;
import com.cloud.api.commands.QueryAsyncJobResultCmd;
import com.cloud.api.response.AccountResponse;
import com.cloud.api.response.ApiResponseSerializer;
@ -175,6 +176,7 @@ import com.cloud.user.UserContext;
import com.cloud.user.UserStatisticsVO;
import com.cloud.user.UserVO;
import com.cloud.uservm.UserVm;
import com.cloud.utils.Pair;
import com.cloud.utils.StringUtils;
import com.cloud.utils.net.NetUtils;
import com.cloud.vm.ConsoleProxyVO;
@ -2452,7 +2454,14 @@ public class ApiResponseHelper implements ResponseGenerator {
}
response.setServices(serviceResponses);
populateOwner(response, network);
if (network.getAclType() == null || network.getAclType() == ACLType.Account) {
populateOwner(response, network);
} else {
//get domain from network_domain table
Pair<Long, Boolean> domainNetworkDetails = ApiDBUtils.getDomainNetworkDetails(network.getId());
response.setDomainId(domainNetworkDetails.first());
response.setSubdomainAccess(domainNetworkDetails.second());
}
Long dedicatedDomainId = ApiDBUtils.getDedicatedNetworkDomain(network.getId());
if (dedicatedDomainId != null) {

3
server/src/com/cloud/configuration/ConfigurationManagerImpl.java
View File

@ -36,6 +36,7 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import com.cloud.acl.SecurityChecker;
import com.cloud.acl.ControlledEntity.ACLType;
import com.cloud.alert.AlertManager;
import com.cloud.api.commands.CreateCfgCmd;
import com.cloud.api.commands.CreateDiskOfferingCmd;
@ -1458,7 +1459,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
userNetwork.setBroadcastDomainType(broadcastDomainType);
userNetwork.setNetworkDomain(networkDomain);
_networkMgr.setupNetwork(systemAccount, offering, userNetwork, plan, null, null, isNetworkDefault, false, Domain.ROOT_DOMAIN, null);
_networkMgr.setupNetwork(systemAccount, offering, userNetwork, plan, null, null, isNetworkDefault, false, Domain.ROOT_DOMAIN, null, null);
}
}
}

2
server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
View File

@ -583,7 +583,7 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx
defaultNic.setDefaultNic(true);
defaultNic.setDeviceId(2);
networks.add(new Pair<NetworkVO, NicProfile>(_networkMgr.setupNetwork(systemAcct, _networkOfferingDao.findById(defaultNetwork.getNetworkOfferingId()), null, plan, null, null, false, false, null, null).get(0), defaultNic));
networks.add(new Pair<NetworkVO, NicProfile>(_networkMgr.setupNetwork(systemAcct, _networkOfferingDao.findById(defaultNetwork.getNetworkOfferingId()), plan, null, null, false).get(0), defaultNic));
for (NetworkOfferingVO offering : offerings) {
networks.add(new Pair<NetworkVO, NicProfile>(_networkMgr.setupNetwork(systemAcct, offering, plan, null, null, false).get(0), null));

11
server/src/com/cloud/network/NetworkDomainVO.java
View File

@ -42,13 +42,17 @@ public class NetworkDomainVO implements PartOf {
@Column(name="network_id")
long networkId;
@Column(name="subdomain_access")
Boolean subdomainAccess;
protected NetworkDomainVO() {
}
public NetworkDomainVO(long networkId, long domainId) {
public NetworkDomainVO(long networkId, long domainId, Boolean subdomainAccess) {
this.networkId = networkId;
this.domainId = domainId;
this.subdomainAccess = subdomainAccess;
}
@Override
@ -59,5 +63,8 @@ public class NetworkDomainVO implements PartOf {
public long getNetworkId() {
return networkId;
}
public Boolean isSubdomainAccess() {
return subdomainAccess;
}
}

7
server/src/com/cloud/network/NetworkManager.java
View File

@ -1,5 +1,6 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
@ -115,7 +116,7 @@ public interface NetworkManager extends NetworkService {
throws ConcurrentOperationException;
List<NetworkVO> setupNetwork(Account owner, NetworkOfferingVO offering, Network predefined, DeploymentPlan plan, String name, String displayText, boolean isDefault, boolean errorIfAlreadySetup,
Long domainId, ACLType aclType) throws ConcurrentOperationException;
Long domainId, ACLType aclType, Boolean subdomainAccess) throws ConcurrentOperationException;
List<NetworkOfferingVO> getSystemAccountNetworkOfferings(String... offeringNames);
@ -156,7 +157,7 @@ public interface NetworkManager extends NetworkService {
boolean destroyNetwork(long networkId, ReservationContext context);
Network createNetwork(long networkOfferingId, String name, String displayText, Boolean isDefault, String gateway, String cidr, String vlanId, String networkDomain, Account owner, boolean isSecurityGroupEnabled,
Long domainId, PhysicalNetwork physicalNetwork, long zoneId, ACLType aclType) throws ConcurrentOperationException, InsufficientCapacityException;
Long domainId, PhysicalNetwork physicalNetwork, long zoneId, ACLType aclType, Boolean subdomainAccess) throws ConcurrentOperationException, InsufficientCapacityException;
/**
* @throws InsufficientCapacityException
@ -248,4 +249,6 @@ public interface NetworkManager extends NetworkService {
Map<Capability, String> getNetworkOfferingServiceCapabilities(NetworkOffering offering, Service service);
Long getPhysicalNetworkId(Network network);
boolean getAllowSubdomainAccessGlobal();
}

125
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -975,7 +975,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
NicForTrafficTypeSearch.done();
_executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("Network-Scavenger"));
_allowSubdomainNetworkAccess = Boolean.valueOf(_configs.get(Config.SubDomainNetworkAccess.key()));
_agentMgr.registerForHostEvents(this, true, false, true);
@ -1051,13 +1051,13 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
@Override
public List<NetworkVO> setupNetwork(Account owner, NetworkOfferingVO offering, DeploymentPlan plan, String name, String displayText, boolean isDefault)
throws ConcurrentOperationException {
return setupNetwork(owner, offering, null, plan, name, displayText, isDefault, false, null, null);
return setupNetwork(owner, offering, null, plan, name, displayText, isDefault, false, null, null, null);
}
@Override
@DB
public List<NetworkVO> setupNetwork(Account owner, NetworkOfferingVO offering, Network predefined, DeploymentPlan plan, String name, String displayText, boolean isDefault, boolean errorIfAlreadySetup,
Long domainId, ACLType aclType) throws ConcurrentOperationException {
Long domainId, ACLType aclType, Boolean subdomainAccess) throws ConcurrentOperationException {
Account locked = _accountDao.acquireInLockTable(owner.getId());
if (locked == null) {
throw new ConcurrentOperationException("Unable to acquire lock on " + owner);
@ -1120,8 +1120,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
predefined.getNetworkDomain(), offering.getGuestType(), plan.getDataCenterId(), plan.getPhysicalNetworkId(), aclType);
networks.add(_networksDao.persist(vo, vo.getGuestType() == Network.GuestType.Isolated, finalizeServicesAndProvidersForNetwork(offering, plan.getPhysicalNetworkId())));
if (domainId != null) {
_networksDao.addDomainToNetwork(id, domainId);
if (domainId != null && aclType == ACLType.Domain) {
_networksDao.addDomainToNetwork(id, domainId, subdomainAccess);
}
}
@ -1724,6 +1724,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
String aclTypeStr = cmd.getAclType();
Long domainId = cmd.getDomainId();
boolean isDomainSpecific = false;
Boolean subdomainAccess = cmd.getSubdomainAccess();
// Validate network offering
NetworkOfferingVO networkOffering = _networkOfferingDao.findById(networkOfferingId);
@ -1803,6 +1804,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
_accountMgr.checkAccess(caller, domain);
}
isDomainSpecific = true;
} else if (subdomainAccess != null) {
throw new InvalidParameterValueException("Parameter subDomainAccess can be specified only with aclType=Domain");
}
@ -1880,7 +1883,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
}
}
Network network = createNetwork(networkOfferingId, name, displayText, isDefault, gateway, cidr, vlanId, networkDomain, owner, false, sharedDomainId, pNtwk, zoneId, aclType);
Network network = createNetwork(networkOfferingId, name, displayText, isDefault, gateway, cidr, vlanId, networkDomain, owner, false, sharedDomainId, pNtwk, zoneId, aclType, subdomainAccess);
//Vlan is created in 2 cases - works in Advance zone only:
//1) GuestType is Shared
@ -1900,7 +1903,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
@Override
@DB
public Network createNetwork(long networkOfferingId, String name, String displayText, Boolean isDefault, String gateway, String cidr, String vlanId, String networkDomain, Account owner,
boolean isSecurityGroupEnabled, Long domainId, PhysicalNetwork pNtwk, long zoneId, ACLType aclType) throws ConcurrentOperationException, InsufficientCapacityException {
boolean isSecurityGroupEnabled, Long domainId, PhysicalNetwork pNtwk, long zoneId, ACLType aclType, Boolean subdomainAccess) throws ConcurrentOperationException, InsufficientCapacityException {
NetworkOfferingVO networkOffering = _networkOfferingDao.findById(networkOfferingId);
DataCenterVO zone = _dcDao.findById(zoneId);
@ -2046,7 +2049,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
}
}
List<NetworkVO> networks = setupNetwork(owner, networkOffering, userNetwork, plan, name, displayText, isDefault, true, domainId, aclType);
List<NetworkVO> networks = setupNetwork(owner, networkOffering, userNetwork, plan, name, displayText, isDefault, true, domainId, aclType, subdomainAccess);
Network network = null;
if (networks == null || networks.isEmpty()) {
@ -2086,7 +2089,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
Long projectId = cmd.getProjectId();
List<Long> permittedAccounts = new ArrayList<Long>();
String path = null;
Long sharedNetworkDomainId = null;
Long physicalNetworkId = cmd.getPhysicalNetworkId();
List<String> supportedServicesStr = cmd.getSupportedServices();
@ -2121,7 +2123,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
if (!_accountMgr.isAdmin(caller.getType())) {
permittedAccounts.add(caller.getId());
sharedNetworkDomainId = caller.getDomainId();
domainId = caller.getDomainId();
}
//set project information
@ -2141,14 +2143,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
path = _domainDao.findById(caller.getDomainId()).getPath();
if ((isSystem == null || !isSystem) && (aclType != null && aclType.equalsIgnoreCase(ACLType.Domain.toString()))) {
if (domainId == null) {
sharedNetworkDomainId = domainId;
} else {
sharedNetworkDomainId = caller.getDomainId();
}
}
Filter searchFilter = new Filter(NetworkVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal());
SearchBuilder<NetworkVO> sb = _networksDao.createSearchBuilder();
@ -2163,36 +2157,32 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
SearchBuilder<DataCenterVO> zoneSearch = _dcDao.createSearchBuilder();
zoneSearch.and("networkType", zoneSearch.entity().getNetworkType(), SearchCriteria.Op.EQ);
sb.join("zoneSearch", zoneSearch, sb.entity().getDataCenterId(), zoneSearch.entity().getId(), JoinBuilder.JoinType.INNER);
//domain level networks
if (sharedNetworkDomainId != null) {
SearchBuilder<NetworkDomainVO> domainNetworkSearch = _networkDomainDao.createSearchBuilder();
sb.join("domainNetworkSearch", domainNetworkSearch, sb.entity().getId(), domainNetworkSearch.entity().getNetworkId(), JoinBuilder.JoinType.LEFTOUTER);
}
sb.and("removed", sb.entity().getRemoved(), Op.NULL);
if (permittedAccounts.isEmpty()) {
SearchBuilder<DomainVO> domainSearch = _domainDao.createSearchBuilder();
domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER);
}
List<NetworkVO> networksToReturn = new ArrayList<NetworkVO>();
if (isSystem == null || !isSystem) {
//Get domain level + account level networks
if (sharedNetworkDomainId != null) {
networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, isDefault, trafficType, physicalNetworkId, ACLType.Domain.toString()), searchFilter, sharedNetworkDomainId));
//Get domain level networks
if (domainId != null) {
networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, isDefault, trafficType, physicalNetworkId, aclType), searchFilter, domainId));
} else if (permittedAccounts.isEmpty()){
SearchBuilder<DomainVO> domainSearch = _domainDao.createSearchBuilder();
domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER);
networksToReturn.addAll(listDomainSpecificNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, isDefault, trafficType, physicalNetworkId, aclType), searchFilter, path));
networksToReturn.addAll(listAccountSpecificNetworksByDomainPath(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, isDefault, trafficType, physicalNetworkId, aclType), searchFilter, path));
}
if (!permittedAccounts.isEmpty()) {
networksToReturn.addAll(listAccountSpecificNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, isDefault, trafficType, physicalNetworkId, ACLType.Account.toString()), searchFilter, path, permittedAccounts));
//get account specific networks
if (!permittedAccounts.isEmpty()){
networksToReturn.addAll(listAccountSpecificNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, isDefault, trafficType, physicalNetworkId, aclType), searchFilter, permittedAccounts));
}
} else {
networksToReturn = _networksDao.search(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, isDefault, trafficType, physicalNetworkId, null), searchFilter);
}
if (supportedServicesStr != null && !supportedServicesStr.isEmpty() && !networksToReturn.isEmpty()) {
List<NetworkVO> supportedNetworks = new ArrayList<NetworkVO>();
Service[] suppportedServices = new Service[supportedServicesStr.size()];
@ -2259,48 +2249,51 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
if (physicalNetworkId != null) {
sc.addAnd("physicalNetworkId", SearchCriteria.Op.EQ, physicalNetworkId);
}
return sc;
}
private List<NetworkVO> listDomainLevelNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, long domainId) {
Set<Long> allowedDomains = new HashSet<Long>();
if (_allowSubdomainNetworkAccess) {
allowedDomains = _domainMgr.getDomainParentIds(domainId);
} else {
allowedDomains.add(domainId);
}
sc.addJoinAnd("domainNetworkSearch", "domainId", SearchCriteria.Op.IN, allowedDomains.toArray());
List<Long> networkIds = new ArrayList<Long>();
Set<Long> allowedDomains = _domainMgr.getDomainParentIds(domainId);
List<NetworkDomainVO> maps = _networkDomainDao.listDomainNetworkMapByDomain(allowedDomains.toArray());
for (NetworkDomainVO map : maps) {
boolean subdomainAccess = (map.isSubdomainAccess() != null) ? map.isSubdomainAccess() : getAllowSubdomainAccessGlobal();
if (map.getDomainId() == domainId || subdomainAccess) {
networkIds.add(map.getNetworkId());
}
}
SearchCriteria<NetworkVO> domainSC = _networksDao.createSearchCriteria();
domainSC.addAnd("id", SearchCriteria.Op.IN, networkIds.toArray());
domainSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Domain.toString());
sc.addAnd("id", SearchCriteria.Op.SC, domainSC);
return _networksDao.search(sc, searchFilter);
}
private List<NetworkVO> listAccountSpecificNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, String path, List<Long> permittedAccounts) {
//account level networks
private List<NetworkVO> listAccountSpecificNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, List<Long> permittedAccounts) {
SearchCriteria<NetworkVO> accountSC = _networksDao.createSearchCriteria();
if (!permittedAccounts.isEmpty()) {
accountSC.addAnd("accountId", SearchCriteria.Op.IN, permittedAccounts.toArray());
}
accountSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Account.toString());
if (path != null) {
Set<Long> allowedDomains = _domainMgr.getDomainChildrenIds(path);
accountSC.addAnd("domainId", SearchCriteria.Op.IN, allowedDomains.toArray());
}
sc.addAnd("id", SearchCriteria.Op.SC, accountSC);
return _networksDao.search(sc, searchFilter);
}
private List<NetworkVO> listDomainSpecificNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, String path) {
private List<NetworkVO> listAccountSpecificNetworksByDomainPath(SearchCriteria<NetworkVO> sc, Filter searchFilter, String path) {
SearchCriteria<NetworkVO> accountSC = _networksDao.createSearchCriteria();
accountSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Account.toString());
if (path != null) {
sc.setJoinParameters("domainSearch", "path", path + "%");
}
return _networksDao.search(sc, searchFilter);
}
@ -2957,7 +2950,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
if (createNetwork) {
List<? extends NetworkOffering> offerings = _configMgr.listNetworkOfferings(TrafficType.Guest, false);
PhysicalNetwork physicalNetwork = translateZoneIdToPhysicalNetwork(zoneId);
network = createNetwork(offerings.get(0).getId(), owner.getAccountName() + "-network", owner.getAccountName() + "-network", null, null, null, null, null, owner, false, null, physicalNetwork, zoneId, ACLType.Account);
network = createNetwork(offerings.get(0).getId(), owner.getAccountName() + "-network", owner.getAccountName() + "-network", null, null, null, null, null, owner, false, null, physicalNetwork, zoneId, ACLType.Account, null);
if (network == null) {
s_logger.warn("Failed to create default Virtual network for the account " + accountId + "in zone " + zoneId);
@ -3235,19 +3228,19 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
return false;
}
List<NetworkDomainVO> networkDomainMap = _networkDomainDao.listDomainNetworkMapByNetworkId(networkId);
if (networkDomainMap.isEmpty()) {
NetworkDomainVO networkDomainMap = _networkDomainDao.getDomainNetworkMapByNetworkId(networkId);
if (networkDomainMap == null) {
s_logger.trace("Network id=" + networkId + " is shared, but not domain specific");
return true;
} else {
networkDomainId = networkDomainMap.get(0).getDomainId();
networkDomainId = networkDomainMap.getDomainId();
}
if (domainId == networkDomainId.longValue()) {
return true;
}
if (_allowSubdomainNetworkAccess) {
if (networkDomainMap.subdomainAccess) {
Set<Long> parentDomains = _domainMgr.getDomainParentIds(domainId);
if (parentDomains.contains(domainId)) {
@ -3260,9 +3253,9 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
@Override
public Long getDedicatedNetworkDomain(long networkId) {
List<NetworkDomainVO> networkMaps = _networkDomainDao.listDomainNetworkMapByNetworkId(networkId);
if (!networkMaps.isEmpty()) {
return networkMaps.get(0).getDomainId();
NetworkDomainVO networkMaps = _networkDomainDao.getDomainNetworkMapByNetworkId(networkId);
if (networkMaps != null) {
return networkMaps.getDomainId();
} else {
return null;
}
@ -4976,4 +4969,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
return physicalNetworkId;
}
@Override
public boolean getAllowSubdomainAccessGlobal() {
return _allowSubdomainNetworkAccess;
}
}

2
server/src/com/cloud/network/dao/NetworkDao.java
View File

@ -72,7 +72,7 @@ public interface NetworkDao extends GenericDao<NetworkVO, Long> {
List<NetworkVO> listByZoneSecurityGroup(Long zoneId);
void addDomainToNetwork(long networkId, long domainId);
void addDomainToNetwork(long networkId, long domainId, Boolean subdomainAccess);
Long getNetworkCountByOfferingId(long offeringId);

8
server/src/com/cloud/network/dao/NetworkDaoImpl.java
View File

@ -321,12 +321,12 @@ public class NetworkDaoImpl extends GenericDaoBase<NetworkVO, Long> implements N
}
@Override
public void addDomainToNetwork(long networkId, long domainId) {
addDomainToNetworknetwork(networkId, domainId);
public void addDomainToNetwork(long networkId, long domainId, Boolean subdomainAccess) {
addDomainToNetworknetwork(networkId, domainId, subdomainAccess);
}
protected void addDomainToNetworknetwork(long networkId, long domainId) {
NetworkDomainVO domain = new NetworkDomainVO(networkId, domainId);
protected void addDomainToNetworknetwork(long networkId, long domainId, Boolean subdomainAccess) {
NetworkDomainVO domain = new NetworkDomainVO(networkId, domainId, subdomainAccess);
_domainsDao.persist(domain);
}

4
server/src/com/cloud/network/dao/NetworkDomainDao.java
View File

@ -24,7 +24,7 @@ import com.cloud.network.NetworkDomainVO;
import com.cloud.utils.db.GenericDao;
public interface NetworkDomainDao extends GenericDao<NetworkDomainVO, Long>{
List<NetworkDomainVO> listDomainNetworkMapByDomain(long domainId);
List<NetworkDomainVO> listDomainNetworkMapByNetworkId(long networkId);
List<NetworkDomainVO> listDomainNetworkMapByDomain(Object... domainId);
NetworkDomainVO getDomainNetworkMapByNetworkId(long networkId);
List<Long> listNetworkIdsByDomain(long domainId);
}

19
server/src/com/cloud/network/dao/NetworkDomainDaoImpl.java
View File

@ -32,7 +32,7 @@ import com.cloud.utils.db.SearchCriteria.Op;
@Local(value=NetworkDomainDao.class) @DB(txn=false)
public class NetworkDomainDaoImpl extends GenericDaoBase<NetworkDomainVO, Long> implements NetworkDomainDao {
final SearchBuilder<NetworkDomainVO> AllFieldsSearch;
final SearchBuilder<NetworkDomainVO> DomainsSearch;
protected NetworkDomainDaoImpl() {
super();
@ -42,22 +42,24 @@ public class NetworkDomainDaoImpl extends GenericDaoBase<NetworkDomainVO, Long>
AllFieldsSearch.and("networkId", AllFieldsSearch.entity().getNetworkId(), Op.EQ);
AllFieldsSearch.done();
DomainsSearch = createSearchBuilder();
DomainsSearch.and("domainId", DomainsSearch.entity().getDomainId(), Op.IN);
DomainsSearch.done();
}
@Override
public List<NetworkDomainVO> listDomainNetworkMapByDomain(long domainId) {
SearchCriteria<NetworkDomainVO> sc = AllFieldsSearch.create();
sc.setParameters("domainId", domainId);
public List<NetworkDomainVO> listDomainNetworkMapByDomain(Object... domainId) {
SearchCriteria<NetworkDomainVO> sc = DomainsSearch.create();
sc.setParameters("domainId", (Object[])domainId);
return listBy(sc);
}
@Override
public List<NetworkDomainVO> listDomainNetworkMapByNetworkId(long networkId) {
public NetworkDomainVO getDomainNetworkMapByNetworkId(long networkId) {
SearchCriteria<NetworkDomainVO> sc = AllFieldsSearch.create();
sc.setParameters("networkId", networkId);
return listBy(sc);
return findOneBy(sc);
}
@Override
@ -66,8 +68,7 @@ public class NetworkDomainDaoImpl extends GenericDaoBase<NetworkDomainVO, Long>
List<NetworkDomainVO> maps = listDomainNetworkMapByDomain(domainId);
for (NetworkDomainVO map : maps) {
networkIdsToReturn.add(map.getNetworkId());
}
}
return networkIdsToReturn;
}
}

2
server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
View File

@ -541,7 +541,7 @@ public class SecondaryStorageManagerImpl implements SecondaryStorageVmManager, V
defaultNic.setDefaultNic(true);
defaultNic.setDeviceId(2);
try {
networks.add(new Pair<NetworkVO, NicProfile>(_networkMgr.setupNetwork(systemAcct, _networkOfferingDao.findById(defaultNetwork.getNetworkOfferingId()), null, plan, null, null, false, false, null, null).get(0), defaultNic));
networks.add(new Pair<NetworkVO, NicProfile>(_networkMgr.setupNetwork(systemAcct, _networkOfferingDao.findById(defaultNetwork.getNetworkOfferingId()), plan, null, null, false).get(0), defaultNic));
for (NetworkOfferingVO offering : offerings) {
networks.add(new Pair<NetworkVO, NicProfile>(_networkMgr.setupNetwork(systemAcct, offering, plan, null, null, false).get(0), null));
}

6
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -2217,7 +2217,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
if (virtualNetworks.isEmpty()) {
s_logger.debug("Creating default Virtual network for account " + owner + " as a part of deployVM process");
Network newNetwork = _networkMgr.createNetwork(defaultVirtualOffering.get(0).getId(), owner.getAccountName() + "-network", owner.getAccountName() + "-network", null, null,
null, null, null, owner, false, null, physicalNetwork, zone.getId(), ACLType.Account);
null, null, null, owner, false, null, physicalNetwork, zone.getId(), ACLType.Account, null);
defaultNetwork = _networkDao.findById(newNetwork.getId());
} else if (virtualNetworks.size() > 1) {
throw new InvalidParameterValueException("More than 1 default Virtaul networks are found for account " + owner + "; please specify networkIds");
@ -2230,7 +2230,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
if (defaultVirtualOffering.get(0).getAvailability() == Availability.Optional) {
s_logger.debug("Creating default Virtual network for account " + owner + " as a part of deployVM process");
Network newNetwork = _networkMgr.createNetwork(defaultVirtualOffering.get(0).getId(), owner.getAccountName() + "-network", owner.getAccountName() + "-network", null, null,
null, null, null, owner, false, null, physicalNetwork, zone.getId(), ACLType.Account);
null, null, null, owner, false, null, physicalNetwork, zone.getId(), ACLType.Account, null);
defaultNetwork = _networkDao.findById(newNetwork.getId());
} else {
throw new InvalidParameterValueException("Unable to find default networks for account " + owner);
@ -3427,7 +3427,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
List<NetworkVO> virtualNetworks = _networkMgr.listNetworksForAccount(newAccount.getId(), zone.getId(), Network.GuestType.Isolated, true);
if (virtualNetworks.isEmpty()) {
Network newNetwork = _networkMgr.createNetwork(networkOffering, newAccount.getAccountName() + "-network", newAccount.getAccountName() + "-network", null, null,
null, null, null, newAccount, false, null, physicalNetwork, zone.getId(), ACLType.Account);
null, null, null, newAccount, false, null, physicalNetwork, zone.getId(), ACLType.Account, null);
defaultNetwork = _networkDao.findById(newNetwork.getId());
} else if (virtualNetworks.size() > 1) {
throw new InvalidParameterValueException("More than 1 default Virtaul networks are found for account " + newAccount + "; please specify networkIds");

4
server/test/com/cloud/network/MockNetworkManagerImpl.java
View File

@ -197,7 +197,7 @@ public class MockNetworkManagerImpl implements NetworkManager, Manager, NetworkS
@Override
public List<NetworkVO> setupNetwork(Account owner, NetworkOfferingVO offering, Network predefined, DeploymentPlan plan, String name, String displayText, boolean isDefault, boolean errorIfAlreadySetup,
Long domainId, ACLType aclType) throws ConcurrentOperationException {
Long domainId, ACLType aclType, Boolean subdomainAccess) throws ConcurrentOperationException {
// TODO Auto-generated method stub
return null;
}
@ -308,7 +308,7 @@ public class MockNetworkManagerImpl implements NetworkManager, Manager, NetworkS
@Override
public Network createNetwork(long networkOfferingId, String name, String displayText, Boolean isDefault, String gateway, String cidr, String vlanId, String networkDomain, Account owner,
boolean isSecurityGroupEnabled, Long domainId, PhysicalNetwork physicalNetwork, long zoneId, ACLType aclType) throws ConcurrentOperationException, InsufficientCapacityException {
boolean isSecurityGroupEnabled, Long domainId, PhysicalNetwork physicalNetwork, long zoneId, ACLType aclType, Boolean subdomainAccess) throws ConcurrentOperationException, InsufficientCapacityException {
// TODO Auto-generated method stub
return null;
}

1
setup/db/create-schema.sql
View File

@ -1710,6 +1710,7 @@ CREATE TABLE `cloud`.`domain_network_ref` (
`id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id',
`domain_id` bigint unsigned NOT NULL COMMENT 'domain id',
`network_id` bigint unsigned NOT NULL COMMENT 'network id',
`subdomain_access` int(1) unsigned COMMENT '1 if network can be accessible from the subdomain',
PRIMARY KEY (`id`),
CONSTRAINT `fk_domain_network_ref__domain_id` FOREIGN KEY (`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE,
CONSTRAINT `fk_domain_network_ref__networks_id` FOREIGN KEY (`network_id`) REFERENCES `networks`(`id`) ON DELETE CASCADE