etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CS-15217: Security: Malicious user is able to get the size of the cloud by enumerating IDs 

Description:

	Removing more DB IDs from exception messages,
This commit is contained in:
Vijayendra Bhamidipati 2012-07-11 17:16:25 -07:00
parent 16e0ccd4c0
commit c5be9daa95
2 changed files with 131 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
server/src/com/cloud/configuration/ConfigurationManagerImpl.java
View File

@ -2144,7 +2144,9 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
networkId = network.getId();
}
} else if (network.getGuestType() == null || network.getGuestType() == Network.GuestType.Isolated) {
throw new InvalidParameterValueException("Can't create direct vlan for network id=" + networkId + " with type: " + network.getGuestType());
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(network, networkId, "networkId"));
throw new InvalidParameterValueException("Can't create direct vlan for network with specified id, with type: " + network.getGuestType(), idList);
}
}
@ -2259,7 +2261,10 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
throw new InvalidParameterValueException("Please specify a valid pod.", null);
}
if (pod.getDataCenterId() != zoneId) {
throw new InvalidParameterValueException("Pod id=" + podId + " doesn't belong to zone id=" + zoneId);
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(pod, podId, "podId"));
idList.add(new IdentityProxy(zone, zoneId, "zoneId"));
throw new InvalidParameterValueException("Pod with specified podId doesn't belong to zone with specified zoneId", idList);
}
//pod vlans can be created in basic zone only
if (zone.getNetworkType() != NetworkType.Basic || network.getTrafficType() != TrafficType.Guest) {
@ -2372,7 +2377,9 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
boolean vlansUntaggedAndVirtual = (vlanId.equals(Vlan.UNTAGGED) && vlanId.equals(vlan.getVlanTag()) && forVirtualNetwork && vlan.getVlanType() == VlanType.VirtualNetwork);
if (vlansUntaggedAndVirtual && !newVlanSubnet.equals(otherVlanSubnet)) {
throw new InvalidParameterValueException("The Untagged ip range with different subnet already exists in zone " + zone.getId());
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(zone, zone.getId(), "zoneId"));
throw new InvalidParameterValueException("The Untagged ip range with different subnet already exists in zone with specified zoneId", idList);
}
if (vlanId.equals(vlan.getVlanTag()) && newVlanSubnet.equals(otherVlanSubnet)) {
@ -2390,7 +2397,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
// Check if a guest VLAN is using the same tag
if (_zoneDao.findVnet(zoneId, physicalNetworkId, vlanId).size() > 0) {
throw new InvalidParameterValueException("The VLAN tag " + vlanId + " is already being used for the guest network in zone " + zone.getName());
throw new InvalidParameterValueException("The VLAN tag " + vlanId + " is already being used for the guest network in zone " + zone.getName(), null);
}
// For untagged vlan check if vlan per pod already exists. If yes,
@ -2400,9 +2407,19 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
if (podVlans != null && !podVlans.isEmpty()) {
VlanVO podVlan = podVlans.get(0);
if (!podVlan.getVlanNetmask().equals(vlanNetmask)) {
throw new InvalidParameterValueException("Vlan netmask is different from the netmask of Untagged vlan id=" + podVlan.getId() + " existing in the pod " + podId);
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(podVlan, podVlan.getId(), "vlanId"));
Pod pod = _podDao.findById(podId);
idList.add(new IdentityProxy(pod, podId, "podId"));
throw new InvalidParameterValueException("Vlan netmask is different from the netmask of Untagged vlan with specified vlanId " +
"existing in the pod with specified podId", idList);
} else if (!podVlan.getVlanGateway().equals(vlanGateway)) {
throw new InvalidParameterValueException("Vlan gateway is different from the gateway of Untagged vlan id=" + podVlan.getId() + " existing in the pod " + podId);
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(podVlan, podVlan.getId(), "vlanId"));
Pod pod = _podDao.findById(podId);
idList.add(new IdentityProxy(pod, podId, "podId"));
throw new InvalidParameterValueException("Vlan gateway is different from the gateway of Untagged vlan with specified vlanId " +
"existing in the pod with specified podId", idList);
}
}
}
@ -2473,19 +2490,30 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
for (IPAddressVO ip : ips) {
if (ip.isOneToOneNat()) {
throw new InvalidParameterValueException("Can't delete account specific vlan " + vlanDbId +
" as ip " + ip + " belonging to the range is used for static nat purposes. Cleanup the rules first");
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(ip, ip.getId(), "ipId"));
idList.add(new IdentityProxy(vlan, vlanDbId, "vlanId"));
throw new InvalidParameterValueException("Can't delete account specific vlan with specified id" +
" as ip with specified id belonging to the range is used for static nat purposes. Cleanup the rules first", idList);
}
if (ip.isSourceNat() && _networkMgr.getNetwork(ip.getAssociatedWithNetworkId()) != null) {
throw new InvalidParameterValueException("Can't delete account specific vlan " + vlanDbId +
" as ip " + ip + " belonging to the range is a source nat ip for the network id=" + ip.getSourceNetworkId() +
". IP range with the source nat ip address can be removed either as a part of Network, or account removal");
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(ip, ip.getId(), "ipId"));
idList.add(new IdentityProxy(vlan, vlanDbId, "vlanId"));
idList.add(new IdentityProxy("network", ip.getSourceNetworkId(), "networkId"));
throw new InvalidParameterValueException("Can't delete account specific vlan with specified id" +
" as ip with specified id belonging to the range is a source nat ip for the network with" +
" specified id. IP range with the source nat ip address can be removed either as a part of" +
" Network, or account removal", idList);
}
if (_firewallDao.countRulesByIpId(ip.getId()) > 0) {
throw new InvalidParameterValueException("Can't delete account specific vlan " + vlanDbId +
" as ip " + ip + " belonging to the range has firewall rules applied. Cleanup the rules first");
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(ip, ip.getId(), "ipId"));
idList.add(new IdentityProxy(vlan, vlanDbId, "vlanId"));
throw new InvalidParameterValueException("Can't delete account specific vlan with specified vlanId" +
" as ip with specified ipId belonging to the range has firewall rules applied. Cleanup the rules first", idList);
}
//release public ip address here
success = success && _networkMgr.disassociatePublicIpAddress(ip.getId(), userId, caller);
@ -2937,7 +2965,9 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
throw new InvalidParameterValueException("Cannot find specified service offering by id", null);
}
if (!VirtualMachine.Type.DomainRouter.toString().equalsIgnoreCase(offering.getSystemVmType())) {
throw new InvalidParameterValueException("The specified service offering " + serviceOfferingId + " cannot be used by virtual router!");
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(offering, serviceOfferingId, "offeringId"));
throw new InvalidParameterValueException("The service offering with specified id cannot be used by virtual router!", idList);
}
}
@ -3174,8 +3204,10 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
// only one network offering in the system can be Required
List<NetworkOfferingVO> offerings = _networkOfferingDao.listByAvailability(Availability.Required, false);
if (!offerings.isEmpty()) {
throw new InvalidParameterValueException("System already has network offering id=" + offerings.get(0).getId()
+ " with availability " + Availability.Required);
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(offerings.get(0), offerings.get(0).getId(), "networkOfferingId"));
throw new InvalidParameterValueException("System already has network offering of specified id " +
" with availability " + Availability.Required, idList);
}
}
@ -3509,8 +3541,10 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
// though)
int networkCount = _networkDao.getNetworkCountByNetworkOffId(offeringId);
if (networkCount > 0) {
throw new InvalidParameterValueException("Can't delete network offering " + offeringId + " as its used by " + networkCount + " networks. " +
"To make the network offering unavaiable, disable it");
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(offering, offeringId, "networkOfferingId"));
throw new InvalidParameterValueException("Can't delete network offering with specified id as its used by " +
networkCount + " networks. To make the network offering unavaiable, disable it", idList);
}
if (_networkOfferingDao.remove(offeringId)) {
@ -3593,8 +3627,10 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
// only one network offering in the system can be Required
List<NetworkOfferingVO> offerings = _networkOfferingDao.listByAvailability(Availability.Required, false);
if (!offerings.isEmpty() && offerings.get(0).getId() != offeringToUpdate.getId()) {
throw new InvalidParameterValueException("System already has network offering id=" +
offerings.get(0).getId() + " with availability " + Availability.Required);
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(offerings.get(0), offerings.get(0).getId(), "networkOfferingId"));
throw new InvalidParameterValueException("System already has network offering with specified id" +
" with availability " + Availability.Required, idList);
}
}
offering.setAvailability(availability);
@ -3617,7 +3653,9 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
Account account = _accountDao.findEnabledAccount(accountName, domainId);
if (account == null) {
s_logger.error("Unable to find account by name: " + accountName + " in domain " + domainId);
throw new InvalidParameterValueException("Account by name: " + accountName + " doesn't exist in domain " + domainId);
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy("domain", domainId, "domainId"));
throw new InvalidParameterValueException("Account by name: " + accountName + " doesn't exist in domain with specified id", idList);
}
// Don't allow modification of system account

130
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
View File

@ -90,6 +90,7 @@ import com.cloud.user.DomainService;
import com.cloud.user.UserContext;
import com.cloud.user.dao.AccountDao;
import com.cloud.uservm.UserVm;
import com.cloud.utils.IdentityProxy;
import com.cloud.utils.Ternary;
import com.cloud.utils.component.Inject;
import com.cloud.utils.component.Manager;
@ -196,7 +197,9 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
boolean methodMatch = false;
if (stickinessMethodList == null) {
throw new InvalidParameterValueException("Failed: No Stickiness method available for LB rule:" + cmd.getLbRuleId());
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy("firewall_rules", cmd.getLbRuleId(), "ruleId"));
throw new InvalidParameterValueException("Failed: No Stickiness method available for LB rule with specified id", idList);
}
for (LbStickinessMethod method : stickinessMethodList) {
if (method.getMethodName().equalsIgnoreCase(cmd.getStickinessMethodName())) {
@ -223,14 +226,14 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
for (LbStickinessMethodParam param : methodParamList) {
if (param.getParamName().equalsIgnoreCase(paramName)) {
if ((param.getIsflag() == false) && (paramValue == null)) {
throw new InvalidParameterValueException("Failed : Value expected for the Param :" + param.getParamName());
throw new InvalidParameterValueException("Failed : Value expected for the Param :" + param.getParamName(), null);
}
found = true;
break;
}
}
if (!found) {
throw new InvalidParameterValueException("Failed : Stickiness policy does not support param name :" + paramName);
throw new InvalidParameterValueException("Failed : Stickiness policy does not support param name :" + paramName, null);
}
}
}
@ -239,7 +242,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
for (LbStickinessMethodParam param : methodParamList) {
if (param.getRequired()) {
if (tempParamList.get(param.getParamName()) == null) {
throw new InvalidParameterValueException("Failed : Missing Manadatory Param :" + param.getParamName());
throw new InvalidParameterValueException("Failed : Missing Manadatory Param :" + param.getParamName(), null);
}
}
}
@ -248,13 +251,17 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
}
}
if (methodMatch == false) {
throw new InvalidParameterValueException("Failed to match Stickiness method name for LB rule:" + cmd.getLbRuleId());
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy("firewall_rules", cmd.getLbRuleId(), "ruleId"));
throw new InvalidParameterValueException("Failed to match Stickiness method name for LB rule whose id is specified", idList);
}
/* Validation : check for the multiple policies to the rule id */
List<LBStickinessPolicyVO> stickinessPolicies = _lb2stickinesspoliciesDao.listByLoadBalancerId(cmd.getLbRuleId(), false);
if (stickinessPolicies.size() > 0) {
throw new InvalidParameterValueException("Failed to create Stickiness policy: Already policy attached " + cmd.getLbRuleId());
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy("firewall_rules", cmd.getLbRuleId(), "ruleId"));
throw new InvalidParameterValueException("Failed to create Stickiness policy: Policy already attached", idList);
}
return true;
}
@ -269,17 +276,21 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
/* Validation : check corresponding load balancer rule exist */
LoadBalancerVO loadBalancer = _lbDao.findById(cmd.getLbRuleId());
if (loadBalancer == null) {
throw new InvalidParameterValueException("Failed: LB rule id: " + cmd.getLbRuleId() + " not present ");
throw new InvalidParameterValueException("Failed: LB rule provided not present", null);
}
_accountMgr.checkAccess(caller.getCaller(), null, true, loadBalancer);
if (loadBalancer.getState() == FirewallRule.State.Revoke) {
throw new InvalidParameterValueException("Failed: LB rule id: " + cmd.getLbRuleId() + " is in deleting state: ");
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy("firewall_rules", cmd.getLbRuleId(), "ruleId"));
throw new InvalidParameterValueException("Failed: LB rule with specified id is in deleting state: ", idList);
}
/* Generic validations */
if (!genericValidator(cmd)) {
throw new InvalidParameterValueException("Failed to create Stickiness policy: Validation Failed " + cmd.getLbRuleId());
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy("firewall_rules", cmd.getLbRuleId(), "ruleId"));
throw new InvalidParameterValueException("Failed to create Stickiness policy: Validation of rule with specified id failed", idList);
}
/* Specific validations using network element validator for specific validations */
@ -288,7 +299,9 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
policyList.add(new LbStickinessPolicy(cmd.getStickinessMethodName(), lbpolicy.getParams()));
LoadBalancingRule lbRule = new LoadBalancingRule(loadBalancer, getExistingDestinations(lbpolicy.getId()), policyList);
if (!_networkMgr.validateRule(lbRule)) {
throw new InvalidParameterValueException("Failed to create Stickiness policy: Validation Failed " + cmd.getLbRuleId());
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy("firewall_rules", cmd.getLbRuleId(), "ruleId"));
throw new InvalidParameterValueException("Failed to create Stickiness policy: Validation of rule with specified id failed ", idList);
}
/* Finally Insert into DB */
@ -303,7 +316,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
@ActionEvent(eventType = EventTypes.EVENT_LB_STICKINESSPOLICY_CREATE, eventDescription = "Apply Stickinesspolicy to load balancer ", async = true)
public boolean applyLBStickinessPolicy(CreateLBStickinessPolicyCmd cmd) {
boolean success = true;
LoadBalancerVO loadBalancer = _lbDao.findById(cmd.getLbRuleId());
if (loadBalancer == null) {
throw new InvalidParameterException("Invalid Load balancer Id:" + cmd.getLbRuleId());
@ -331,7 +344,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
@ActionEvent(eventType = EventTypes.EVENT_LB_STICKINESSPOLICY_DELETE, eventDescription = "revoking LB Stickiness policy ", async = true)
public boolean deleteLBStickinessPolicy(long stickinessPolicyId, boolean apply) {
boolean success = true;
UserContext caller = UserContext.current();
LBStickinessPolicyVO stickinessPolicy = _lb2stickinesspoliciesDao.findById(stickinessPolicyId);
@ -357,7 +370,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
stickinessPolicy.setRevoke(true);
_lb2stickinesspoliciesDao.persist(stickinessPolicy);
s_logger.debug("Set load balancer rule for revoke: rule id " + loadBalancerId + ", stickinesspolicyID " + stickinessPolicyId);
try {
if (!applyLoadBalancerConfig(loadBalancerId)) {
s_logger.warn("Failed to remove load balancer rule id " + loadBalancerId + " for stickinesspolicyID " + stickinessPolicyId);
@ -395,7 +408,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
LoadBalancerVO loadBalancer = _lbDao.findById(loadBalancerId);
if (loadBalancer == null) {
throw new InvalidParameterValueException("Failed to assign to load balancer " + loadBalancerId + ", the load balancer was not found.");
throw new InvalidParameterValueException("Failed to assign to load balancer; the load balancer was not found.", null);
}
List<LoadBalancerVMMapVO> mappedInstances = _lb2VmMapDao.listByLoadBalancerId(loadBalancerId, false);
@ -408,14 +421,14 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
for (Long instanceId : instanceIds) {
if (mappedInstanceIds.contains(instanceId)) {
throw new InvalidParameterValueException("VM " + instanceId + " is already mapped to load balancer.");
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy("user_vm", instanceId, "vmId"));
throw new InvalidParameterValueException("VM with specified id is already mapped to load balancer", idList);
}
UserVm vm = _vmDao.findById(instanceId);
if (vm == null || vm.getState() == State.Destroyed || vm.getState() == State.Expunging) {
InvalidParameterValueException ex = new InvalidParameterValueException("Invalid instance id specified");
ex.addProxyObject(vm, instanceId, "instanceId");
throw ex;
throw new InvalidParameterValueException("Couldn't locate vm instance by id", null);
}
_rulesMgr.checkRuleAndUserVm(loadBalancer, vm, caller);
@ -435,9 +448,10 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
}
if (nicInSameNetwork == null) {
InvalidParameterValueException ex = new InvalidParameterValueException("VM " + instanceId + " cannot be added because it doesn't belong in the same network.");
ex.addProxyObject(vm, instanceId, "instanceId");
throw ex;
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(vm, instanceId, "vmId"));
throw new InvalidParameterValueException("VM with specified id cannot be added because it doesn't belong in the same network.", idList);
}
if (s_logger.isDebugEnabled()) {
@ -453,7 +467,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
map = _lb2VmMapDao.persist(map);
}
txn.commit();
boolean success = false;
FirewallRule.State backupState = loadBalancer.getState();
try {
@ -479,10 +493,10 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
}
s_logger.warn("Unable to apply the load balancer config because resource is unavaliable.", e);
}
if(!success){
CloudRuntimeException ex = new CloudRuntimeException("Failed to add specified loadbalancerruleid for vms " + instanceIds);
ex.addProxyObject(loadBalancer, loadBalancerId, "loadBalancerId");
CloudRuntimeException ex = new CloudRuntimeException("Failed to add specified loadbalancerruleid for vms " + instanceIds);
ex.addProxyObject(loadBalancer, loadBalancerId, "loadBalancerId");
// TBD: Also pack in the instanceIds in the exception using the right VO object or table name.
throw ex;
}
@ -528,14 +542,14 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
success = true;
} catch (ResourceUnavailableException e) {
if (rollBack && isRollBackAllowedForProvider(loadBalancer)) {
for (long instanceId : instanceIds) {
LoadBalancerVMMapVO map = _lb2VmMapDao.findByLoadBalancerIdAndVmId(loadBalancerId, instanceId);
map.setRevoke(false);
_lb2VmMapDao.persist(map);
s_logger.debug("LB Rollback rule id: " + loadBalancerId + ",while removing vmId " + instanceId);
}
loadBalancer.setState(backupState);
_lbDao.persist(loadBalancer);
s_logger.debug("LB Rollback rule id: " + loadBalancerId + " while removing vm instances");
@ -543,10 +557,10 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
s_logger.warn("Unable to apply the load balancer config because resource is unavaliable.", e);
}
if(!success){
CloudRuntimeException ex = new CloudRuntimeException("Failed to remove specified load balancer rule id for vms " + instanceIds);
ex.addProxyObject(loadBalancer, loadBalancerId, "loadBalancerId");
CloudRuntimeException ex = new CloudRuntimeException("Failed to remove specified load balancer rule id for vms " + instanceIds);
ex.addProxyObject(loadBalancer, loadBalancerId, "loadBalancerId");
throw ex;
}
}
return success;
}
@ -594,7 +608,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
LoadBalancerVO rule = _lbDao.findById(loadBalancerId);
if (rule == null) {
throw new InvalidParameterValueException("Unable to find load balancer rule " + loadBalancerId);
throw new InvalidParameterValueException("Unable to find load balancer rule by id", null);
}
_accountMgr.checkAccess(caller, null, true, rule);
@ -613,7 +627,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
boolean generateUsageEvent = false;
boolean success = true;
FirewallRule.State backupState = lb.getState();
txn.start();
if (lb.getState() == FirewallRule.State.Staged) {
if (s_logger.isDebugEnabled()) {
@ -701,13 +715,13 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
int defPortEnd = lb.getDefaultPortEnd();
if (!NetUtils.isValidPort(defPortEnd)) {
throw new InvalidParameterValueException("privatePort is an invalid value: " + defPortEnd);
throw new InvalidParameterValueException("privatePort is an invalid value: " + defPortEnd, null);
}
if (defPortStart > defPortEnd) {
throw new InvalidParameterValueException("private port range is invalid: " + defPortStart + "-" + defPortEnd);
throw new InvalidParameterValueException("private port range is invalid: " + defPortStart + "-" + defPortEnd, null);
}
if ((lb.getAlgorithm() == null) || !NetUtils.isValidAlgorithm(lb.getAlgorithm())) {
throw new InvalidParameterValueException("Invalid algorithm: " + lb.getAlgorithm());
throw new InvalidParameterValueException("Invalid algorithm: " + lb.getAlgorithm(), null);
}
Long ipAddrId = lb.getSourceIpAddressId();
@ -717,8 +731,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
// Validate ip address
if (ipVO == null) {
throw new InvalidParameterValueException("Unable to create load balance rule; ip id=" + ipAddrId + "" +
" doesn't exist in the system");
throw new InvalidParameterValueException("Unable to create load balance rule; source ip doesn't exist in the system", null);
} else if (ipVO.isOneToOneNat()) {
throw new NetworkRuleConflictException("Can't do load balance on ip address: " + ipVO.getAddress());
}
@ -734,14 +747,14 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
systemIp = _networkMgr.assignSystemIp(lb.getNetworkId(), lbOwner, true, false);
lb.setSourceIpAddressId(systemIp.getId());
}
try {
if (ipVO != null) {
if (ipVO.getAssociatedWithNetworkId() == null) {
//set networkId just for verification purposes
ipVO.setAssociatedWithNetworkId(lb.getNetworkId());
_networkMgr.checkIpForService(ipVO, Service.Lb);
s_logger.debug("The ip is not associated with the network id="+ lb.getNetworkId() + " so assigning");
ipVO = _networkMgr.associateIPToGuestNetwork(ipAddrId, lb.getNetworkId());
performedIpAssoc = true;
@ -749,7 +762,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
_networkMgr.checkIpForService(ipVO, Service.Lb);
}
}
if (lb.getSourceIpAddressId() == null) {
throw new CloudRuntimeException("No ip address is defined to assign the LB to");
}
@ -783,6 +796,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
return result;
}
@Override
@DB
public LoadBalancer createLoadBalancer(CreateLoadBalancerRuleCmd lb, boolean openFirewall) throws NetworkRuleConflictException {
UserContext caller = UserContext.current();
@ -794,12 +808,12 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
IPAddressVO ipAddr = _ipAddressDao.findById(sourceIpId);
// make sure ip address exists
if (ipAddr == null || !ipAddr.readyToUse()) {
InvalidParameterValueException ex = new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address id specified");
ex.addProxyObject(ipAddr, sourceIpId, "sourceIpId");
InvalidParameterValueException ex = new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address id specified", null);
ex.addProxyObject(ipAddr, sourceIpId, "sourceIpId");
throw ex;
} else if (ipAddr.isOneToOneNat()) {
InvalidParameterValueException ex = new InvalidParameterValueException("Unable to create load balancer rule; specified sourceip id has static nat enabled");
ex.addProxyObject(ipAddr, sourceIpId, "sourceIpId");
InvalidParameterValueException ex = new InvalidParameterValueException("Unable to create load balancer rule; specified sourceip id has static nat enabled", null);
ex.addProxyObject(ipAddr, sourceIpId, "sourceIpId");
throw ex;
}
@ -808,9 +822,9 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
Long networkId = ipAddr.getAssociatedWithNetworkId();
if (networkId == null) {
InvalidParameterValueException ex = new InvalidParameterValueException("Unable to create load balancer rule ; specified sourceip id is not associated with any network");
ex.addProxyObject(ipAddr, sourceIpId, "sourceIpId");
throw ex;
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(ipAddr, sourceIpId, "sourceIpid"));
throw new InvalidParameterValueException("Unable to create load balancer rule ; specified sourceip id is not associated with any network", idList);
}
NetworkVO network = _networkDao.findById(networkId);
@ -819,9 +833,9 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
// verify that lb service is supported by the network
if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.Lb)) {
InvalidParameterValueException ex = new InvalidParameterValueException("LB service is not supported in specified network id");
ex.addProxyObject(network, networkId, "networkId");
throw ex;
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(network, networkId, "networkId"));
throw new InvalidParameterValueException("LB service is not supported in network with specified id", idList);
}
Transaction txn = Transaction.currentTxn();
@ -1082,9 +1096,9 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
String algorithm = cmd.getAlgorithm();
LoadBalancerVO lb = _lbDao.findById(lbRuleId);
LoadBalancerVO lbBackup = _lbDao.findById(lbRuleId);
if (lb == null) {
throw new InvalidParameterValueException("Unable to find lb rule by id=" + lbRuleId);
throw new InvalidParameterValueException("Unable to find lb rule by id", null);
}
// check permissions
@ -1112,7 +1126,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
applyLoadBalancerConfig(lbRuleId);
} catch (ResourceUnavailableException e) {
if (isRollBackAllowedForProvider(lb)) {
/* NOTE : We use lb object to update db instead of lbBackup object since db layer will fail to update if there is no change in the object.
/* NOTE : We use lb object to update db instead of lbBackup object since db layer will fail to update if there is no change in the object.
*/
if (lbBackup.getName() != null) {
lb.setName(lbBackup.getName());
@ -1126,7 +1140,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
lb.setState(lbBackup.getState());
_lbDao.update(lb.getId(), lb);
_lbDao.persist(lb);
s_logger.debug("LB Rollback rule id: " + lbRuleId + " while updating LB rule.");
}
s_logger.warn("Unable to apply the load balancer config because resource is unavaliable.", e);
@ -1137,7 +1151,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
if (!success) {
throw new CloudRuntimeException("Failed to update load balancer rule: " + lbRuleId);
}
return lb;
}
@ -1259,7 +1273,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
ipSearch.and("zoneId", ipSearch.entity().getDataCenterId(), SearchCriteria.Op.EQ);
sb.join("ipSearch", ipSearch, sb.entity().getSourceIpAddressId(), ipSearch.entity().getId(), JoinBuilder.JoinType.INNER);
}
if (tags != null && !tags.isEmpty()) {
SearchBuilder<ResourceTagVO> tagSearch = _resourceTagDao.createSearchBuilder();
for (int count=0; count < tags.size(); count++) {
@ -1301,7 +1315,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
if (zoneId != null) {
sc.setJoinParameters("ipSearch", "zoneId", zoneId);
}
if (tags != null && !tags.isEmpty()) {
int count = 0;
@ -1344,7 +1358,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
if (ip != null && ip.getVpcId() != null && _firewallDao.listByIp(ip.getId()).isEmpty()) {
_networkMgr.unassignIPFromVpcNetwork(ip.getId());
}
txn.commit();
}
}