diff --git a/api/src/com/cloud/api/commands/CreateVpnConnectionCmd.java b/api/src/com/cloud/api/commands/CreateVpnConnectionCmd.java index 3c2465affc6..f1033a0ec13 100644 --- a/api/src/com/cloud/api/commands/CreateVpnConnectionCmd.java +++ b/api/src/com/cloud/api/commands/CreateVpnConnectionCmd.java @@ -98,10 +98,6 @@ public class CreateVpnConnectionCmd extends BaseAsyncCreateCmd { if (accountId == null) { accountId = UserContext.current().getCaller().getId(); } - - if (accountId == null) { - accountId = Account.ACCOUNT_ID_SYSTEM; - } return accountId; } @@ -112,7 +108,7 @@ public class CreateVpnConnectionCmd extends BaseAsyncCreateCmd { @Override public String getEventType() { - return EventTypes.EVENT_S2S_CONNECTION_CREATE; + return EventTypes.EVENT_S2S_VPN_CONNECTION_CREATE; } @Override diff --git a/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java b/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java index bcabcdbc6e6..e29a4f75079 100644 --- a/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java +++ b/api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java @@ -125,10 +125,6 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd { if (accountId == null) { accountId = UserContext.current().getCaller().getId(); } - - if (accountId == null) { - accountId = Account.ACCOUNT_ID_SYSTEM; - } return accountId; } @@ -139,7 +135,7 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd { @Override public String getEventType() { - return EventTypes.EVENT_S2S_CUSTOMER_GATEWAY_CREATE; + return EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_CREATE; } @Override diff --git a/api/src/com/cloud/api/commands/CreateVpnGatewayCmd.java b/api/src/com/cloud/api/commands/CreateVpnGatewayCmd.java index c6cc76568c7..1582459a425 100644 --- a/api/src/com/cloud/api/commands/CreateVpnGatewayCmd.java +++ b/api/src/com/cloud/api/commands/CreateVpnGatewayCmd.java @@ -84,10 +84,6 @@ public class CreateVpnGatewayCmd extends BaseAsyncCmd { if (accountId == null) { accountId = UserContext.current().getCaller().getId(); } - - if (accountId == null) { - accountId = Account.ACCOUNT_ID_SYSTEM; - } return accountId; } diff --git a/api/src/com/cloud/api/commands/DeleteVpnConnectionCmd.java b/api/src/com/cloud/api/commands/DeleteVpnConnectionCmd.java index d08e952a302..b506fb0d66a 100644 --- a/api/src/com/cloud/api/commands/DeleteVpnConnectionCmd.java +++ b/api/src/com/cloud/api/commands/DeleteVpnConnectionCmd.java @@ -41,13 +41,6 @@ public class DeleteVpnConnectionCmd extends BaseAsyncCmd { @Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="id of vpn connection") private Long id; - @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for connection. Must be used with domainId.") - private String accountName; - - @IdentityMapper(entityTableName="domain") - @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for connection. If the account parameter is used, domainId must also be used.") - private Long domainId; - ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -56,14 +49,6 @@ public class DeleteVpnConnectionCmd extends BaseAsyncCmd { return "s2s_vpn_connection"; } - public Long getDomainId() { - return domainId; - } - - public Long getAccountId() { - return getEntityOwnerId(); - } - public Long getId() { return id; } @@ -80,9 +65,9 @@ public class DeleteVpnConnectionCmd extends BaseAsyncCmd { @Override public long getEntityOwnerId() { - Long accountId = finalyzeAccountId(accountName, domainId, null, true); - if (accountId == null) { - return UserContext.current().getCaller().getId(); + Site2SiteVpnConnection conn = _entityMgr.findById(Site2SiteVpnConnection.class, getId()); + if (conn != null) { + return conn.getAccountId(); } return Account.ACCOUNT_ID_SYSTEM; } @@ -94,7 +79,7 @@ public class DeleteVpnConnectionCmd extends BaseAsyncCmd { @Override public String getEventType() { - return EventTypes.EVENT_S2S_CONNECTION_DELETE; + return EventTypes.EVENT_S2S_VPN_CONNECTION_DELETE; } @Override diff --git a/api/src/com/cloud/api/commands/DeleteVpnCustomerGatewayCmd.java b/api/src/com/cloud/api/commands/DeleteVpnCustomerGatewayCmd.java index 705e62c229b..2e133f0fba2 100644 --- a/api/src/com/cloud/api/commands/DeleteVpnCustomerGatewayCmd.java +++ b/api/src/com/cloud/api/commands/DeleteVpnCustomerGatewayCmd.java @@ -25,7 +25,6 @@ import com.cloud.api.response.SuccessResponse; import com.cloud.event.EventTypes; import com.cloud.network.Site2SiteCustomerGateway; import com.cloud.user.Account; -import com.cloud.user.UserContext; @Implementation(description="Delete site to site vpn customer gateway", responseObject=SuccessResponse.class) public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd { @@ -40,13 +39,6 @@ public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd { @Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="id of customer gateway") private Long id; - @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for gateway. Must be used with domainId.") - private String accountName; - - @IdentityMapper(entityTableName="domain") - @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId fo: gateway. If the account parameter is used, domainId must also be used.") - private Long domainId; - ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -55,14 +47,6 @@ public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd { return "s2s_customer_gateway"; } - public Long getDomainId() { - return domainId; - } - - public Long getAccountId() { - return getEntityOwnerId(); - } - public Long getId() { return id; } @@ -79,9 +63,9 @@ public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd { @Override public long getEntityOwnerId() { - Long accountId = finalyzeAccountId(accountName, domainId, null, true); - if (accountId == null) { - return UserContext.current().getCaller().getId(); + Site2SiteCustomerGateway gw = _entityMgr.findById(Site2SiteCustomerGateway.class, getId()); + if (gw != null) { + return gw.getAccountId(); } return Account.ACCOUNT_ID_SYSTEM; } @@ -93,7 +77,7 @@ public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd { @Override public String getEventType() { - return EventTypes.EVENT_S2S_CUSTOMER_GATEWAY_DELETE; + return EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_DELETE; } @Override diff --git a/api/src/com/cloud/api/commands/DeleteVpnGatewayCmd.java b/api/src/com/cloud/api/commands/DeleteVpnGatewayCmd.java index 334a77c62d2..9d76af88214 100644 --- a/api/src/com/cloud/api/commands/DeleteVpnGatewayCmd.java +++ b/api/src/com/cloud/api/commands/DeleteVpnGatewayCmd.java @@ -23,8 +23,8 @@ import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.SuccessResponse; import com.cloud.event.EventTypes; +import com.cloud.network.Site2SiteVpnGateway; import com.cloud.user.Account; -import com.cloud.user.UserContext; @Implementation(description="Delete site to site vpn gateway", responseObject=SuccessResponse.class) public class DeleteVpnGatewayCmd extends BaseAsyncCmd { @@ -39,13 +39,6 @@ public class DeleteVpnGatewayCmd extends BaseAsyncCmd { @Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="id of customer gateway") private Long id; - @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for gateway. Must be used with domainId.") - private String accountName; - - @IdentityMapper(entityTableName="domain") - @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId fo: gateway. If the account parameter is used, domainId must also be used.") - private Long domainId; - ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -54,14 +47,6 @@ public class DeleteVpnGatewayCmd extends BaseAsyncCmd { return "s2s_vpn_gateway"; } - public Long getDomainId() { - return domainId; - } - - public Long getAccountId() { - return getEntityOwnerId(); - } - public Long getId() { return id; } @@ -78,9 +63,9 @@ public class DeleteVpnGatewayCmd extends BaseAsyncCmd { @Override public long getEntityOwnerId() { - Long accountId = finalyzeAccountId(accountName, domainId, null, true); - if (accountId == null) { - return UserContext.current().getCaller().getId(); + Site2SiteVpnGateway gw = _entityMgr.findById(Site2SiteVpnGateway.class, getId()); + if (gw != null) { + return gw.getAccountId(); } return Account.ACCOUNT_ID_SYSTEM; } diff --git a/api/src/com/cloud/api/commands/ResetVpnConnectionCmd.java b/api/src/com/cloud/api/commands/ResetVpnConnectionCmd.java index e904fb0ed9f..5a2f845a2f8 100644 --- a/api/src/com/cloud/api/commands/ResetVpnConnectionCmd.java +++ b/api/src/com/cloud/api/commands/ResetVpnConnectionCmd.java @@ -95,7 +95,7 @@ public class ResetVpnConnectionCmd extends BaseAsyncCmd { @Override public String getEventType() { - return EventTypes.EVENT_S2S_CONNECTION_RESET; + return EventTypes.EVENT_S2S_VPN_CONNECTION_RESET; } @Override diff --git a/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java b/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java index 98b7ea93ac3..a3a9d8e249f 100644 --- a/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java +++ b/api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java @@ -122,7 +122,7 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd { @Override public String getEventType() { - return EventTypes.EVENT_S2S_CUSTOMER_GATEWAY_UPDATE; + return EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_UPDATE; } @Override diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java index c69e804ac00..611de42ccf5 100755 --- a/api/src/com/cloud/event/EventTypes.java +++ b/api/src/com/cloud/event/EventTypes.java @@ -198,12 +198,12 @@ public class EventTypes { public static final String EVENT_VPN_USER_REMOVE = "VPN.USER.REMOVE"; public static final String EVENT_S2S_VPN_GATEWAY_CREATE = "VPN.S2S.VPN.GATEWAY.CREATE"; public static final String EVENT_S2S_VPN_GATEWAY_DELETE = "VPN.S2S.VPN.GATEWAY.DELETE"; - public static final String EVENT_S2S_CUSTOMER_GATEWAY_CREATE = "VPN.S2S.CUSTOMER.GATEWAY.CREATE"; - public static final String EVENT_S2S_CUSTOMER_GATEWAY_DELETE = "VPN.S2S.CUSTOMER.GATEWAY.DELETE"; - public static final String EVENT_S2S_CUSTOMER_GATEWAY_UPDATE = "VPN.S2S.CUSTOMER.GATEWAY.UPDATE"; - public static final String EVENT_S2S_CONNECTION_CREATE = "VPN.S2S.CONNECTION.CREATE"; - public static final String EVENT_S2S_CONNECTION_DELETE = "VPN.S2S.CONNECTION.DELETE"; - public static final String EVENT_S2S_CONNECTION_RESET = "VPN.S2S.CONNECTION.RESET"; + public static final String EVENT_S2S_VPN_CUSTOMER_GATEWAY_CREATE = "VPN.S2S.CUSTOMER.GATEWAY.CREATE"; + public static final String EVENT_S2S_VPN_CUSTOMER_GATEWAY_DELETE = "VPN.S2S.CUSTOMER.GATEWAY.DELETE"; + public static final String EVENT_S2S_VPN_CUSTOMER_GATEWAY_UPDATE = "VPN.S2S.CUSTOMER.GATEWAY.UPDATE"; + public static final String EVENT_S2S_VPN_CONNECTION_CREATE = "VPN.S2S.CONNECTION.CREATE"; + public static final String EVENT_S2S_VPN_CONNECTION_DELETE = "VPN.S2S.CONNECTION.DELETE"; + public static final String EVENT_S2S_VPN_CONNECTION_RESET = "VPN.S2S.CONNECTION.RESET"; // Network public static final String EVENT_NETWORK_RESTART = "NETWORK.RESTART"; diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in index 01de0cd766f..2577fcd86fe 100755 --- a/client/tomcatconf/commands.properties.in +++ b/client/tomcatconf/commands.properties.in @@ -388,14 +388,14 @@ deleteStaticRoute=com.cloud.api.commands.DeleteStaticRouteCmd;15 listStaticRoutes=com.cloud.api.commands.ListStaticRoutesCmd;15 ### Site-to-site VPN commands -createVpnCustomerGateway=com.cloud.api.commands.CreateVpnCustomerGatewayCmd;1 -createVpnGateway=com.cloud.api.commands.CreateVpnGatewayCmd;1 -createVpnConnection=com.cloud.api.commands.CreateVpnConnectionCmd;1 -deleteVpnCustomerGateway=com.cloud.api.commands.DeleteVpnCustomerGatewayCmd;1 -deleteVpnGateway=com.cloud.api.commands.DeleteVpnGatewayCmd;1 -deleteVpnConnection=com.cloud.api.commands.DeleteVpnConnectionCmd;1 -updateVpnCustomerGateway=com.cloud.api.commands.UpdateVpnCustomerGatewayCmd;1 -resetVpnConnection=com.cloud.api.commands.ResetVpnConnectionCmd;1 +createVpnCustomerGateway=com.cloud.api.commands.CreateVpnCustomerGatewayCmd;15 +createVpnGateway=com.cloud.api.commands.CreateVpnGatewayCmd;15 +createVpnConnection=com.cloud.api.commands.CreateVpnConnectionCmd;15 +deleteVpnCustomerGateway=com.cloud.api.commands.DeleteVpnCustomerGatewayCmd;15 +deleteVpnGateway=com.cloud.api.commands.DeleteVpnGatewayCmd;15 +deleteVpnConnection=com.cloud.api.commands.DeleteVpnConnectionCmd;15 +updateVpnCustomerGateway=com.cloud.api.commands.UpdateVpnCustomerGatewayCmd;15 +resetVpnConnection=com.cloud.api.commands.ResetVpnConnectionCmd;15 listVpnCustomerGateways=com.cloud.api.commands.ListVpnCustomerGatewaysCmd;15 listVpnGateways=com.cloud.api.commands.ListVpnGatewaysCmd;15 listVpnConnections=com.cloud.api.commands.ListVpnConnectionsCmd;15 diff --git a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java index 899e3af55ec..af2e3756eef 100644 --- a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java +++ b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java @@ -21,6 +21,8 @@ import com.cloud.api.commands.ListVpnGatewaysCmd; import com.cloud.api.commands.ResetVpnConnectionCmd; import com.cloud.api.commands.UpdateVpnCustomerGatewayCmd; import com.cloud.domain.Domain; +import com.cloud.event.ActionEvent; +import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.ResourceUnavailableException; @@ -42,6 +44,9 @@ import com.cloud.network.element.Site2SiteVpnServiceProvider; import com.cloud.network.vpc.VpcManager; import com.cloud.network.vpc.VpcVO; import com.cloud.network.vpc.Dao.VpcDao; +import com.cloud.user.Account; +import com.cloud.user.AccountManager; +import com.cloud.user.UserContext; import com.cloud.user.dao.AccountDao; import com.cloud.utils.component.Inject; import com.cloud.utils.component.Manager; @@ -60,6 +65,7 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { @Inject IPAddressDao _ipAddressDao; @Inject AccountDao _accountDao; @Inject VpcManager _vpcMgr; + @Inject AccountManager _accountMgr; String _name; @@ -85,7 +91,14 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { } @Override + @ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_GATEWAY_CREATE, eventDescription = "creating s2s vpn gateway", create=true) public Site2SiteVpnGateway createVpnGateway(CreateVpnGatewayCmd cmd) { + Account caller = UserContext.current().getCaller(); + Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId()); + + //Verify that caller can perform actions in behalf of vpc owner + _accountMgr.checkAccess(caller, null, false, owner); + Long vpcId = cmd.getVpcId(); VpcVO vpc = _vpcDao.findById(vpcId); if (vpc == null) { @@ -112,7 +125,14 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { } @Override + @ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_CREATE, eventDescription = "creating s2s customer gateway", create=true) public Site2SiteCustomerGateway createCustomerGateway(CreateVpnCustomerGatewayCmd cmd) { + Account caller = UserContext.current().getCaller(); + Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId()); + + //Verify that caller can perform actions in behalf of vpc owner + _accountMgr.checkAccess(caller, null, false, owner); + String name = cmd.getName(); String gatewayIp = cmd.getGatewayIp(); if (!NetUtils.isValidIp(gatewayIp)) { @@ -160,17 +180,28 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { } @Override + @ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_CREATE, eventDescription = "creating s2s vpn connection", create=true) public Site2SiteVpnConnection createVpnConnection(CreateVpnConnectionCmd cmd) throws NetworkRuleConflictException { + Account caller = UserContext.current().getCaller(); + Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId()); + + //Verify that caller can perform actions in behalf of vpc owner + _accountMgr.checkAccess(caller, null, false, owner); + Long customerGatewayId = cmd.getCustomerGatewayId(); Site2SiteCustomerGateway customerGateway = _customerGatewayDao.findById(customerGatewayId); if (customerGateway == null) { throw new InvalidParameterValueException("Unable to found specified Site to Site VPN customer gateway " + customerGatewayId + " !"); } + _accountMgr.checkAccess(caller, null, false, customerGateway); + Long vpnGatewayId = cmd.getVpnGatewayId(); Site2SiteVpnGateway vpnGateway = _vpnGatewayDao.findById(vpnGatewayId); if (vpnGateway == null) { throw new InvalidParameterValueException("Unable to found specified Site to Site VPN gateway " + vpnGatewayId + " !"); } + _accountMgr.checkAccess(caller, null, false, vpnGateway); + if (_vpnConnectionDao.findByVpnGatewayIdAndCustomerGatewayId(vpnGatewayId, customerGatewayId) != null) { throw new InvalidParameterValueException("The vpn connection with customer gateway id " + customerGatewayId + " or vpn gateway id " + vpnGatewayId + " already existed!"); @@ -219,12 +250,18 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { } @Override + @ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_DELETE, eventDescription = "deleting s2s vpn customer gateway", create=true) public boolean deleteCustomerGateway(DeleteVpnCustomerGatewayCmd cmd) { + UserContext.current().setEventDetails(" Id: " + cmd.getId()); + Account caller = UserContext.current().getCaller(); + Long id = cmd.getId(); Site2SiteCustomerGateway customerGateway = _customerGatewayDao.findById(id); if (customerGateway == null) { throw new InvalidParameterValueException("Fail to find customer gateway with " + id + " !"); } + _accountMgr.checkAccess(caller, null, false, customerGateway); + List vpnConnections = _vpnConnectionDao.listByCustomerGatewayId(id); if (vpnConnections != null && vpnConnections.size() != 0) { throw new InvalidParameterValueException("Unable to delete VPN customer gateway " + id + " because there is still related VPN connections!"); @@ -233,32 +270,45 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { return true; } - protected void doDeleteVpnGateway(long id) { + protected void doDeleteVpnGateway(Site2SiteVpnGateway gw) { + List conns = _vpnConnectionDao.listByVpnGatewayId(gw.getId()); + if (conns != null && conns.size() != 0) { + throw new InvalidParameterValueException("Unable to delete VPN gateway " + gw.getId() + " because there is still related VPN connections!"); + } + _vpnGatewayDao.remove(gw.getId()); + } + + @Override + @ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_GATEWAY_DELETE, eventDescription = "deleting s2s vpn gateway", create=true) + public boolean deleteVpnGateway(DeleteVpnGatewayCmd cmd) { + UserContext.current().setEventDetails(" Id: " + cmd.getId()); + Account caller = UserContext.current().getCaller(); + + Long id = cmd.getId(); Site2SiteVpnGateway vpnGateway = _vpnGatewayDao.findById(id); if (vpnGateway == null) { throw new InvalidParameterValueException("Fail to find vpn gateway with " + id + " !"); } - List conns = _vpnConnectionDao.listByVpnGatewayId(id); - if (conns != null && conns.size() != 0) { - throw new InvalidParameterValueException("Unable to delete VPN gateway " + id + " because there is still related VPN connections!"); - } - _vpnGatewayDao.remove(id); - } - - @Override - public boolean deleteVpnGateway(DeleteVpnGatewayCmd cmd) { - Long id = cmd.getId(); - doDeleteVpnGateway(id); + + _accountMgr.checkAccess(caller, null, false, vpnGateway); + + doDeleteVpnGateway(vpnGateway); return true; } @Override + @ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_UPDATE, eventDescription = "update s2s vpn customer gateway", create=true) public Site2SiteCustomerGateway updateCustomerGateway(UpdateVpnCustomerGatewayCmd cmd) { + UserContext.current().setEventDetails(" Id: " + cmd.getId()); + Account caller = UserContext.current().getCaller(); + Long id = cmd.getId(); Site2SiteCustomerGatewayVO gw = _customerGatewayDao.findById(id); if (gw == null) { throw new InvalidParameterValueException("Find to find customer gateway with id " + id); } + _accountMgr.checkAccess(caller, null, false, gw); + List conns = _vpnConnectionDao.listByCustomerGatewayId(id); if (conns != null) { for (Site2SiteVpnConnection conn : conns) { @@ -303,12 +353,19 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { } @Override + @ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_DELETE, eventDescription = "deleting s2s vpn connection", create=true) public boolean deleteVpnConnection(DeleteVpnConnectionCmd cmd) throws ResourceUnavailableException { + UserContext.current().setEventDetails(" Id: " + cmd.getId()); + Account caller = UserContext.current().getCaller(); + Long id = cmd.getId(); Site2SiteVpnConnectionVO conn = _vpnConnectionDao.findById(id); if (conn == null) { throw new InvalidParameterValueException("Fail to find site to site VPN connection " + id + " to delete!"); } + + _accountMgr.checkAccess(caller, null, false, conn); + if (conn.getState() == State.Connected) { stopVpnConnection(id); } @@ -338,12 +395,18 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { } @Override + @ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_RESET, eventDescription = "reseting s2s vpn connection", create=true) public Site2SiteVpnConnection resetVpnConnection(ResetVpnConnectionCmd cmd) throws ResourceUnavailableException { + UserContext.current().setEventDetails(" Id: " + cmd.getId()); + Account caller = UserContext.current().getCaller(); + Long id = cmd.getId(); Site2SiteVpnConnectionVO conn = _vpnConnectionDao.findById(id); if (conn == null) { throw new InvalidParameterValueException("Fail to find site to site VPN connection " + id + " to reset!"); } + _accountMgr.checkAccess(caller, null, false, conn); + if (conn.getState() == State.Pending) { throw new InvalidParameterValueException("VPN connection " + id + " cannot be reseted when state is Pending!"); } @@ -414,7 +477,7 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { if (gw == null) { return true; } - doDeleteVpnGateway(gw.getId()); + doDeleteVpnGateway(gw); return true; }