VPC: createPF/createLBrule: 1) don't allow to pass openFirewall=true 2) when no openFirewall is passed in, defaulted to false if the public ip belongs to VPC

2012-06-28 14:15:09 -07:00 · 2012-06-28 14:15:09 -07:00 · ceb4445166
parent 27eceaabdf
commit ceb4445166
4 changed files with 48 additions and 4 deletions
--- a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java
+++ b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java
@ -176,6 +176,9 @@ public class AssociateIPAddrCmd extends BaseAsyncCreateCmd {
            return network.getAccountId();
    	} else if (vpcId != null) {
    	    Vpc vpc = _vpcService.getVpc(getVpcId());
+    	    if (vpc == null) {
+    	        throw new InvalidParameterValueException("Can't find Enabled vpc by id specified");
+    	    }
    	    return vpc.getAccountId();
    	}
    	
--- a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
+++ b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
@ -73,7 +73,9 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd  /*implements
    @Parameter(name=ApiConstants.PUBLIC_PORT, type=CommandType.INTEGER, required=true, description="the public port from where the network traffic will be load balanced from")
    private Integer publicPort;

-    @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for source/end pubic port is automatically created; if false - firewall rule has to be created explicitely. Has value true by default")
+    @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for" +
+    		" source/end pubic port is automatically created; if false - firewall rule has to be created explicitely. If not specified 1) defaulted to false when LB" +
+                    " rule is being created for VPC guest network 2) in all other cases defaulted to true")
    private Boolean openFirewall;

    @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the load balancer. Must be used with the domainId parameter.")
@ -129,6 +131,19 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd  /*implements
    	return publicIpId;
    }
    
+    private Long getVpcId() {
+        if (publicIpId != null) {
+            IpAddress ipAddr = _networkService.getIp(publicIpId);
+            if (ipAddr == null || !ipAddr.readyToUse()) {
+                throw new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address id " + ipAddr.getId());
+            } else {
+                return ipAddr.getVpcId();
+            }
+        }
+        return null;
+    }
+    
+    
    public Long getNetworkId() {
        if (networkId != null) {
            return networkId;
@ -185,9 +200,16 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd  /*implements
    }
    
    public Boolean getOpenFirewall() {
+        boolean isVpc = getVpcId() == null ? false : true;
        if (openFirewall != null) {
+            if (isVpc && openFirewall) {
+                throw new InvalidParameterValueException("Can't have openFirewall=true when IP address belongs to VPC");
+            }
            return openFirewall;
        } else {
+            if (isVpc) {
+                return false;
+            }
            return true;
        }
    }
--- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
+++ b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
@ -74,7 +74,8 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P

    @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, 
            description = "if true, firewall rule for source/end pubic port is automatically created; " +
-            		"if false - firewall rule has to be created explicitely. Has value true by default")
+            		"if false - firewall rule has to be created explicitely. If not specified 1) defaulted to false when PF" +
+            		" rule is being created for VPC guest network 2) in all other cases defaulted to true")
    private Boolean openFirewall;
    
    @IdentityMapper(entityTableName="networks")
@ -114,12 +115,31 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
    }

    public Boolean getOpenFirewall() {
+        boolean isVpc = getVpcId() == null ? false : true;
        if (openFirewall != null) {
+            if (isVpc && openFirewall) {
+                throw new InvalidParameterValueException("Can't have openFirewall=true when IP address belongs to VPC");
+            }
            return openFirewall;
        } else {
+            if (isVpc) {
+                return false;
+            }
            return true;
        }
    }
+    
+    private Long getVpcId() {
+        if (ipAddressId != null) {
+            IpAddress ipAddr = _networkService.getIp(ipAddressId);
+            if (ipAddr == null || !ipAddr.readyToUse()) {
+                throw new InvalidParameterValueException("Unable to create PF rule, invalid IP address id " + ipAddr.getId());
+            } else {
+                return ipAddr.getVpcId();
+            }
+        }
+        return null;
+    }

    // ///////////////////////////////////////////////////
    // ///////////// API Implementation///////////////////
--- a/server/src/com/cloud/network/rules/RulesManagerImpl.java
+++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java
@ -178,9 +178,8 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
            try {
                ipAddress = _networkMgr.associateIPToGuestNetwork(ipAddrId, networkId);
            } catch (Exception ex) {
-                s_logger.warn("Failed to associate ip id=" + ipAddrId + " to network id=" + networkId + " as " +
+                throw new CloudRuntimeException("Failed to associate ip to network as " +
                        "a part of port forwarding rule creation");
-                return null;
            }
        }