etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CS-15670: Allow normal users to configure S2S VPN

This commit is contained in:
Sheng Yang 2012-07-23 21:47:21 -07:00
parent 237065e039
commit c4dff1e204
11 changed files with 106 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/src/com/cloud/api/commands/CreateVpnConnectionCmd.java
View File

@ -98,10 +98,6 @@ public class CreateVpnConnectionCmd extends BaseAsyncCreateCmd {
if (accountId == null) {
accountId = UserContext.current().getCaller().getId();
}
if (accountId == null) {
accountId = Account.ACCOUNT_ID_SYSTEM;
}
return accountId;
}
@ -112,7 +108,7 @@ public class CreateVpnConnectionCmd extends BaseAsyncCreateCmd {
@Override
public String getEventType() {
return EventTypes.EVENT_S2S_CONNECTION_CREATE;
return EventTypes.EVENT_S2S_VPN_CONNECTION_CREATE;
}
@Override

6
api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java
View File

@ -125,10 +125,6 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
if (accountId == null) {
accountId = UserContext.current().getCaller().getId();
}
if (accountId == null) {
accountId = Account.ACCOUNT_ID_SYSTEM;
}
return accountId;
}
@ -139,7 +135,7 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Override
public String getEventType() {
return EventTypes.EVENT_S2S_CUSTOMER_GATEWAY_CREATE;
return EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_CREATE;
}
@Override

4
api/src/com/cloud/api/commands/CreateVpnGatewayCmd.java
View File

@ -84,10 +84,6 @@ public class CreateVpnGatewayCmd extends BaseAsyncCmd {
if (accountId == null) {
accountId = UserContext.current().getCaller().getId();
}
if (accountId == null) {
accountId = Account.ACCOUNT_ID_SYSTEM;
}
return accountId;
}

23
api/src/com/cloud/api/commands/DeleteVpnConnectionCmd.java
View File

@ -41,13 +41,6 @@ public class DeleteVpnConnectionCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="id of vpn connection")
private Long id;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for connection. Must be used with domainId.")
private String accountName;
@IdentityMapper(entityTableName="domain")
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for connection. If the account parameter is used, domainId must also be used.")
private Long domainId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
@ -56,14 +49,6 @@ public class DeleteVpnConnectionCmd extends BaseAsyncCmd {
return "s2s_vpn_connection";
}
public Long getDomainId() {
return domainId;
}
public Long getAccountId() {
return getEntityOwnerId();
}
public Long getId() {
return id;
}
@ -80,9 +65,9 @@ public class DeleteVpnConnectionCmd extends BaseAsyncCmd {
@Override
public long getEntityOwnerId() {
Long accountId = finalyzeAccountId(accountName, domainId, null, true);
if (accountId == null) {
return UserContext.current().getCaller().getId();
Site2SiteVpnConnection conn = _entityMgr.findById(Site2SiteVpnConnection.class, getId());
if (conn != null) {
return conn.getAccountId();
}
return Account.ACCOUNT_ID_SYSTEM;
}
@ -94,7 +79,7 @@ public class DeleteVpnConnectionCmd extends BaseAsyncCmd {
@Override
public String getEventType() {
return EventTypes.EVENT_S2S_CONNECTION_DELETE;
return EventTypes.EVENT_S2S_VPN_CONNECTION_DELETE;
}
@Override

24
api/src/com/cloud/api/commands/DeleteVpnCustomerGatewayCmd.java
View File

@ -25,7 +25,6 @@ import com.cloud.api.response.SuccessResponse;
import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteCustomerGateway;
import com.cloud.user.Account;
import com.cloud.user.UserContext;
@Implementation(description="Delete site to site vpn customer gateway", responseObject=SuccessResponse.class)
public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd {
@ -40,13 +39,6 @@ public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="id of customer gateway")
private Long id;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for gateway. Must be used with domainId.")
private String accountName;
@IdentityMapper(entityTableName="domain")
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId fo: gateway. If the account parameter is used, domainId must also be used.")
private Long domainId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
@ -55,14 +47,6 @@ public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd {
return "s2s_customer_gateway";
}
public Long getDomainId() {
return domainId;
}
public Long getAccountId() {
return getEntityOwnerId();
}
public Long getId() {
return id;
}
@ -79,9 +63,9 @@ public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Override
public long getEntityOwnerId() {
Long accountId = finalyzeAccountId(accountName, domainId, null, true);
if (accountId == null) {
return UserContext.current().getCaller().getId();
Site2SiteCustomerGateway gw = _entityMgr.findById(Site2SiteCustomerGateway.class, getId());
if (gw != null) {
return gw.getAccountId();
}
return Account.ACCOUNT_ID_SYSTEM;
}
@ -93,7 +77,7 @@ public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Override
public String getEventType() {
return EventTypes.EVENT_S2S_CUSTOMER_GATEWAY_DELETE;
return EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_DELETE;
}
@Override

23
api/src/com/cloud/api/commands/DeleteVpnGatewayCmd.java
View File

@ -23,8 +23,8 @@ import com.cloud.api.Parameter;
import com.cloud.api.ServerApiException;
import com.cloud.api.response.SuccessResponse;
import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.user.Account;
import com.cloud.user.UserContext;
@Implementation(description="Delete site to site vpn gateway", responseObject=SuccessResponse.class)
public class DeleteVpnGatewayCmd extends BaseAsyncCmd {
@ -39,13 +39,6 @@ public class DeleteVpnGatewayCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="id of customer gateway")
private Long id;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for gateway. Must be used with domainId.")
private String accountName;
@IdentityMapper(entityTableName="domain")
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId fo: gateway. If the account parameter is used, domainId must also be used.")
private Long domainId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
@ -54,14 +47,6 @@ public class DeleteVpnGatewayCmd extends BaseAsyncCmd {
return "s2s_vpn_gateway";
}
public Long getDomainId() {
return domainId;
}
public Long getAccountId() {
return getEntityOwnerId();
}
public Long getId() {
return id;
}
@ -78,9 +63,9 @@ public class DeleteVpnGatewayCmd extends BaseAsyncCmd {
@Override
public long getEntityOwnerId() {
Long accountId = finalyzeAccountId(accountName, domainId, null, true);
if (accountId == null) {
return UserContext.current().getCaller().getId();
Site2SiteVpnGateway gw = _entityMgr.findById(Site2SiteVpnGateway.class, getId());
if (gw != null) {
return gw.getAccountId();
}
return Account.ACCOUNT_ID_SYSTEM;
}

2
api/src/com/cloud/api/commands/ResetVpnConnectionCmd.java
View File

@ -95,7 +95,7 @@ public class ResetVpnConnectionCmd extends BaseAsyncCmd {
@Override
public String getEventType() {
return EventTypes.EVENT_S2S_CONNECTION_RESET;
return EventTypes.EVENT_S2S_VPN_CONNECTION_RESET;
}
@Override

2
api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java
View File

@ -122,7 +122,7 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Override
public String getEventType() {
return EventTypes.EVENT_S2S_CUSTOMER_GATEWAY_UPDATE;
return EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_UPDATE;
}
@Override

12
api/src/com/cloud/event/EventTypes.java
View File

@ -198,12 +198,12 @@ public class EventTypes {
public static final String EVENT_VPN_USER_REMOVE = "VPN.USER.REMOVE";
public static final String EVENT_S2S_VPN_GATEWAY_CREATE = "VPN.S2S.VPN.GATEWAY.CREATE";
public static final String EVENT_S2S_VPN_GATEWAY_DELETE = "VPN.S2S.VPN.GATEWAY.DELETE";
public static final String EVENT_S2S_CUSTOMER_GATEWAY_CREATE = "VPN.S2S.CUSTOMER.GATEWAY.CREATE";
public static final String EVENT_S2S_CUSTOMER_GATEWAY_DELETE = "VPN.S2S.CUSTOMER.GATEWAY.DELETE";
public static final String EVENT_S2S_CUSTOMER_GATEWAY_UPDATE = "VPN.S2S.CUSTOMER.GATEWAY.UPDATE";
public static final String EVENT_S2S_CONNECTION_CREATE = "VPN.S2S.CONNECTION.CREATE";
public static final String EVENT_S2S_CONNECTION_DELETE = "VPN.S2S.CONNECTION.DELETE";
public static final String EVENT_S2S_CONNECTION_RESET = "VPN.S2S.CONNECTION.RESET";
public static final String EVENT_S2S_VPN_CUSTOMER_GATEWAY_CREATE = "VPN.S2S.CUSTOMER.GATEWAY.CREATE";
public static final String EVENT_S2S_VPN_CUSTOMER_GATEWAY_DELETE = "VPN.S2S.CUSTOMER.GATEWAY.DELETE";
public static final String EVENT_S2S_VPN_CUSTOMER_GATEWAY_UPDATE = "VPN.S2S.CUSTOMER.GATEWAY.UPDATE";
public static final String EVENT_S2S_VPN_CONNECTION_CREATE = "VPN.S2S.CONNECTION.CREATE";
public static final String EVENT_S2S_VPN_CONNECTION_DELETE = "VPN.S2S.CONNECTION.DELETE";
public static final String EVENT_S2S_VPN_CONNECTION_RESET = "VPN.S2S.CONNECTION.RESET";
// Network
public static final String EVENT_NETWORK_RESTART = "NETWORK.RESTART";

16
client/tomcatconf/commands.properties.in
View File

@ -388,14 +388,14 @@ deleteStaticRoute=com.cloud.api.commands.DeleteStaticRouteCmd;15
listStaticRoutes=com.cloud.api.commands.ListStaticRoutesCmd;15
### Site-to-site VPN commands
createVpnCustomerGateway=com.cloud.api.commands.CreateVpnCustomerGatewayCmd;1
createVpnGateway=com.cloud.api.commands.CreateVpnGatewayCmd;1
createVpnConnection=com.cloud.api.commands.CreateVpnConnectionCmd;1
deleteVpnCustomerGateway=com.cloud.api.commands.DeleteVpnCustomerGatewayCmd;1
deleteVpnGateway=com.cloud.api.commands.DeleteVpnGatewayCmd;1
deleteVpnConnection=com.cloud.api.commands.DeleteVpnConnectionCmd;1
updateVpnCustomerGateway=com.cloud.api.commands.UpdateVpnCustomerGatewayCmd;1
resetVpnConnection=com.cloud.api.commands.ResetVpnConnectionCmd;1
createVpnCustomerGateway=com.cloud.api.commands.CreateVpnCustomerGatewayCmd;15
createVpnGateway=com.cloud.api.commands.CreateVpnGatewayCmd;15
createVpnConnection=com.cloud.api.commands.CreateVpnConnectionCmd;15
deleteVpnCustomerGateway=com.cloud.api.commands.DeleteVpnCustomerGatewayCmd;15
deleteVpnGateway=com.cloud.api.commands.DeleteVpnGatewayCmd;15
deleteVpnConnection=com.cloud.api.commands.DeleteVpnConnectionCmd;15
updateVpnCustomerGateway=com.cloud.api.commands.UpdateVpnCustomerGatewayCmd;15
resetVpnConnection=com.cloud.api.commands.ResetVpnConnectionCmd;15
listVpnCustomerGateways=com.cloud.api.commands.ListVpnCustomerGatewaysCmd;15
listVpnGateways=com.cloud.api.commands.ListVpnGatewaysCmd;15
listVpnConnections=com.cloud.api.commands.ListVpnConnectionsCmd;15

89
server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
View File

@ -21,6 +21,8 @@ import com.cloud.api.commands.ListVpnGatewaysCmd;
import com.cloud.api.commands.ResetVpnConnectionCmd;
import com.cloud.api.commands.UpdateVpnCustomerGatewayCmd;
import com.cloud.domain.Domain;
import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.ResourceUnavailableException;
@ -42,6 +44,9 @@ import com.cloud.network.element.Site2SiteVpnServiceProvider;
import com.cloud.network.vpc.VpcManager;
import com.cloud.network.vpc.VpcVO;
import com.cloud.network.vpc.Dao.VpcDao;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
import com.cloud.user.UserContext;
import com.cloud.user.dao.AccountDao;
import com.cloud.utils.component.Inject;
import com.cloud.utils.component.Manager;
@ -60,6 +65,7 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
@Inject IPAddressDao _ipAddressDao;
@Inject AccountDao _accountDao;
@Inject VpcManager _vpcMgr;
@Inject AccountManager _accountMgr;
String _name;
@ -85,7 +91,14 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_GATEWAY_CREATE, eventDescription = "creating s2s vpn gateway", create=true)
public Site2SiteVpnGateway createVpnGateway(CreateVpnGatewayCmd cmd) {
Account caller = UserContext.current().getCaller();
Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
//Verify that caller can perform actions in behalf of vpc owner
_accountMgr.checkAccess(caller, null, false, owner);
Long vpcId = cmd.getVpcId();
VpcVO vpc = _vpcDao.findById(vpcId);
if (vpc == null) {
@ -112,7 +125,14 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_CREATE, eventDescription = "creating s2s customer gateway", create=true)
public Site2SiteCustomerGateway createCustomerGateway(CreateVpnCustomerGatewayCmd cmd) {
Account caller = UserContext.current().getCaller();
Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
//Verify that caller can perform actions in behalf of vpc owner
_accountMgr.checkAccess(caller, null, false, owner);
String name = cmd.getName();
String gatewayIp = cmd.getGatewayIp();
if (!NetUtils.isValidIp(gatewayIp)) {
@ -160,17 +180,28 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_CREATE, eventDescription = "creating s2s vpn connection", create=true)
public Site2SiteVpnConnection createVpnConnection(CreateVpnConnectionCmd cmd) throws NetworkRuleConflictException {
Account caller = UserContext.current().getCaller();
Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
//Verify that caller can perform actions in behalf of vpc owner
_accountMgr.checkAccess(caller, null, false, owner);
Long customerGatewayId = cmd.getCustomerGatewayId();
Site2SiteCustomerGateway customerGateway = _customerGatewayDao.findById(customerGatewayId);
if (customerGateway == null) {
throw new InvalidParameterValueException("Unable to found specified Site to Site VPN customer gateway " + customerGatewayId + " !");
}
_accountMgr.checkAccess(caller, null, false, customerGateway);
Long vpnGatewayId = cmd.getVpnGatewayId();
Site2SiteVpnGateway vpnGateway = _vpnGatewayDao.findById(vpnGatewayId);
if (vpnGateway == null) {
throw new InvalidParameterValueException("Unable to found specified Site to Site VPN gateway " + vpnGatewayId + " !");
}
_accountMgr.checkAccess(caller, null, false, vpnGateway);
if (_vpnConnectionDao.findByVpnGatewayIdAndCustomerGatewayId(vpnGatewayId, customerGatewayId) != null) {
throw new InvalidParameterValueException("The vpn connection with customer gateway id " + customerGatewayId + " or vpn gateway id "
+ vpnGatewayId + " already existed!");
@ -219,12 +250,18 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_DELETE, eventDescription = "deleting s2s vpn customer gateway", create=true)
public boolean deleteCustomerGateway(DeleteVpnCustomerGatewayCmd cmd) {
UserContext.current().setEventDetails(" Id: " + cmd.getId());
Account caller = UserContext.current().getCaller();
Long id = cmd.getId();
Site2SiteCustomerGateway customerGateway = _customerGatewayDao.findById(id);
if (customerGateway == null) {
throw new InvalidParameterValueException("Fail to find customer gateway with " + id + " !");
}
_accountMgr.checkAccess(caller, null, false, customerGateway);
List<Site2SiteVpnConnectionVO> vpnConnections = _vpnConnectionDao.listByCustomerGatewayId(id);
if (vpnConnections != null && vpnConnections.size() != 0) {
throw new InvalidParameterValueException("Unable to delete VPN customer gateway " + id + " because there is still related VPN connections!");
@ -233,32 +270,45 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
return true;
}
protected void doDeleteVpnGateway(long id) {
protected void doDeleteVpnGateway(Site2SiteVpnGateway gw) {
List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByVpnGatewayId(gw.getId());
if (conns != null && conns.size() != 0) {
throw new InvalidParameterValueException("Unable to delete VPN gateway " + gw.getId() + " because there is still related VPN connections!");
}
_vpnGatewayDao.remove(gw.getId());
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_GATEWAY_DELETE, eventDescription = "deleting s2s vpn gateway", create=true)
public boolean deleteVpnGateway(DeleteVpnGatewayCmd cmd) {
UserContext.current().setEventDetails(" Id: " + cmd.getId());
Account caller = UserContext.current().getCaller();
Long id = cmd.getId();
Site2SiteVpnGateway vpnGateway = _vpnGatewayDao.findById(id);
if (vpnGateway == null) {
throw new InvalidParameterValueException("Fail to find vpn gateway with " + id + " !");
}
List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByVpnGatewayId(id);
if (conns != null && conns.size() != 0) {
throw new InvalidParameterValueException("Unable to delete VPN gateway " + id + " because there is still related VPN connections!");
}
_vpnGatewayDao.remove(id);
}
@Override
public boolean deleteVpnGateway(DeleteVpnGatewayCmd cmd) {
Long id = cmd.getId();
doDeleteVpnGateway(id);
_accountMgr.checkAccess(caller, null, false, vpnGateway);
doDeleteVpnGateway(vpnGateway);
return true;
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_UPDATE, eventDescription = "update s2s vpn customer gateway", create=true)
public Site2SiteCustomerGateway updateCustomerGateway(UpdateVpnCustomerGatewayCmd cmd) {
UserContext.current().setEventDetails(" Id: " + cmd.getId());
Account caller = UserContext.current().getCaller();
Long id = cmd.getId();
Site2SiteCustomerGatewayVO gw = _customerGatewayDao.findById(id);
if (gw == null) {
throw new InvalidParameterValueException("Find to find customer gateway with id " + id);
}
_accountMgr.checkAccess(caller, null, false, gw);
List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByCustomerGatewayId(id);
if (conns != null) {
for (Site2SiteVpnConnection conn : conns) {
@ -303,12 +353,19 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_DELETE, eventDescription = "deleting s2s vpn connection", create=true)
public boolean deleteVpnConnection(DeleteVpnConnectionCmd cmd) throws ResourceUnavailableException {
UserContext.current().setEventDetails(" Id: " + cmd.getId());
Account caller = UserContext.current().getCaller();
Long id = cmd.getId();
Site2SiteVpnConnectionVO conn = _vpnConnectionDao.findById(id);
if (conn == null) {
throw new InvalidParameterValueException("Fail to find site to site VPN connection " + id + " to delete!");
}
_accountMgr.checkAccess(caller, null, false, conn);
if (conn.getState() == State.Connected) {
stopVpnConnection(id);
}
@ -338,12 +395,18 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_RESET, eventDescription = "reseting s2s vpn connection", create=true)
public Site2SiteVpnConnection resetVpnConnection(ResetVpnConnectionCmd cmd) throws ResourceUnavailableException {
UserContext.current().setEventDetails(" Id: " + cmd.getId());
Account caller = UserContext.current().getCaller();
Long id = cmd.getId();
Site2SiteVpnConnectionVO conn = _vpnConnectionDao.findById(id);
if (conn == null) {
throw new InvalidParameterValueException("Fail to find site to site VPN connection " + id + " to reset!");
}
_accountMgr.checkAccess(caller, null, false, conn);
if (conn.getState() == State.Pending) {
throw new InvalidParameterValueException("VPN connection " + id + " cannot be reseted when state is Pending!");
}
@ -414,7 +477,7 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
if (gw == null) {
return true;
}
doDeleteVpnGateway(gw.getId());
doDeleteVpnGateway(gw);
return true;
}