From ceb444516645d677ad54d0aadf41e3883666d2f1 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Thu, 28 Jun 2012 14:15:09 -0700 Subject: [PATCH] VPC: createPF/createLBrule: 1) don't allow to pass openFirewall=true 2) when no openFirewall is passed in, defaulted to false if the public ip belongs to VPC --- .../api/commands/AssociateIPAddrCmd.java | 3 +++ .../commands/CreateLoadBalancerRuleCmd.java | 24 ++++++++++++++++++- .../commands/CreatePortForwardingRuleCmd.java | 22 ++++++++++++++++- .../cloud/network/rules/RulesManagerImpl.java | 3 +-- 4 files changed, 48 insertions(+), 4 deletions(-) diff --git a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java index ea3272c8c0c..e87548765cd 100644 --- a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java +++ b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java @@ -176,6 +176,9 @@ public class AssociateIPAddrCmd extends BaseAsyncCreateCmd { return network.getAccountId(); } else if (vpcId != null) { Vpc vpc = _vpcService.getVpc(getVpcId()); + if (vpc == null) { + throw new InvalidParameterValueException("Can't find Enabled vpc by id specified"); + } return vpc.getAccountId(); } diff --git a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java index fc6cf8b4ac3..c2ff39665f7 100644 --- a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java @@ -73,7 +73,9 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements @Parameter(name=ApiConstants.PUBLIC_PORT, type=CommandType.INTEGER, required=true, description="the public port from where the network traffic will be load balanced from") private Integer publicPort; - @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for source/end pubic port is automatically created; if false - firewall rule has to be created explicitely. Has value true by default") + @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for" + + " source/end pubic port is automatically created; if false - firewall rule has to be created explicitely. If not specified 1) defaulted to false when LB" + + " rule is being created for VPC guest network 2) in all other cases defaulted to true") private Boolean openFirewall; @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the load balancer. Must be used with the domainId parameter.") @@ -129,6 +131,19 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements return publicIpId; } + private Long getVpcId() { + if (publicIpId != null) { + IpAddress ipAddr = _networkService.getIp(publicIpId); + if (ipAddr == null || !ipAddr.readyToUse()) { + throw new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address id " + ipAddr.getId()); + } else { + return ipAddr.getVpcId(); + } + } + return null; + } + + public Long getNetworkId() { if (networkId != null) { return networkId; @@ -185,9 +200,16 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements } public Boolean getOpenFirewall() { + boolean isVpc = getVpcId() == null ? false : true; if (openFirewall != null) { + if (isVpc && openFirewall) { + throw new InvalidParameterValueException("Can't have openFirewall=true when IP address belongs to VPC"); + } return openFirewall; } else { + if (isVpc) { + return false; + } return true; } } diff --git a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java index 2553d7eada3..50650810cc7 100644 --- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java @@ -74,7 +74,8 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for source/end pubic port is automatically created; " + - "if false - firewall rule has to be created explicitely. Has value true by default") + "if false - firewall rule has to be created explicitely. If not specified 1) defaulted to false when PF" + + " rule is being created for VPC guest network 2) in all other cases defaulted to true") private Boolean openFirewall; @IdentityMapper(entityTableName="networks") @@ -114,12 +115,31 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P } public Boolean getOpenFirewall() { + boolean isVpc = getVpcId() == null ? false : true; if (openFirewall != null) { + if (isVpc && openFirewall) { + throw new InvalidParameterValueException("Can't have openFirewall=true when IP address belongs to VPC"); + } return openFirewall; } else { + if (isVpc) { + return false; + } return true; } } + + private Long getVpcId() { + if (ipAddressId != null) { + IpAddress ipAddr = _networkService.getIp(ipAddressId); + if (ipAddr == null || !ipAddr.readyToUse()) { + throw new InvalidParameterValueException("Unable to create PF rule, invalid IP address id " + ipAddr.getId()); + } else { + return ipAddr.getVpcId(); + } + } + return null; + } // /////////////////////////////////////////////////// // ///////////// API Implementation/////////////////// diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 63ced1b13e3..0de7cf1a775 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -178,9 +178,8 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { try { ipAddress = _networkMgr.associateIPToGuestNetwork(ipAddrId, networkId); } catch (Exception ex) { - s_logger.warn("Failed to associate ip id=" + ipAddrId + " to network id=" + networkId + " as " + + throw new CloudRuntimeException("Failed to associate ip to network as " + "a part of port forwarding rule creation"); - return null; } }