etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,813 Commits 323 Branches 325 Tags 929 MiB
Commit Graph

54 Commits

Author SHA1 Message Date
Alena Prokharchyk c0fb2fece9 VPC: CS-15638: Plug nic for the public ip address if the ip address from the diff vlan range than sourceNat ip 2012-07-20 13:25:09 -07:00
Alena Prokharchyk f9552f4707 VPC: CS-15562 - get info about VR's guest networks from nics table 2012-07-13 13:06:36 -07:00
Alena Prokharchyk 7e73ae8e74 VPC: CS-15553 and CS-15549 - more checks during automatic ip assoc to VPC network 2012-07-12 10:04:39 -07:00
Vijayendra Bhamidipati f2c8a59983 CS-15217: Security: Malicious user is able to get the size of the cloud by enumerating IDs 
Description:

	More changes to remove DB IDs from exception messages,
 2012-07-11 15:46:17 -07:00
Alena Prokharchyk 1011dfd31c Resource tags: 1) Remove tag records when correspdonding cloudStack object gets removed 
2) added "tags" request parameter to the banch of list* Api commands (listVirtualMachines, listSnapshots - all commands are listed in the resource tags functional spec)
 2012-07-03 14:47:07 -07:00
Alena Prokharchyk 481f59df3b VPC: multiple fixes: 
* Separate service for NetworkACL - "NetworkACL" service
* allow having just one network supporting LB in the VPC
* perform check against VPC when upgrade network to the new network offering (the same set of checks when you add new network to the VPC)
 2012-07-02 14:14:34 -07:00
Alena Prokharchyk 37f29ccb11 VPC: set networkId to be null for IP address when the last PF/LB rule is removed for it and the IP belongs to VPC 2012-06-29 13:46:20 -07:00
Alena Prokharchyk bc9b23dfcd VPC: implemented vpc cleanup thread that cleans up Inactive VPCs (that were failed to delete) 2012-06-27 15:12:56 -07:00
Alena Prokharchyk 9d88781e8c VPC: implementation for Add/delete/list StaticRoute. Agent implementation is yet to be done 2012-06-26 11:11:26 -07:00
Alena Prokharchyk d1700606dd VPC: fixed NPE in network ACL delete (ip address is null for the rule of this type_ 2012-06-22 15:06:58 -07:00
Alena Prokharchyk 0dbd487a22 VPC: implemented delete and list Network ACL(s) 2012-06-20 14:24:30 -07:00
Alena Prokharchyk bb30a6b6bb VPC: initial checkin for network ACLs 2012-06-20 12:48:00 -07:00
Alena Prokharchyk ddae550a55 AssociateIpAddress to VPC - the ip gets associated to the network only when the first rule for the ip gets created. 
When the last rule is removed for vpc ip, networkId is set to null
 2012-05-30 19:46:40 -07:00
frank 72d284de7d Switch to Apache license 2012-04-03 04:54:14 -07:00
Alena Prokharchyk cad392cd68 bug 13335: fixed listProjectInvitations by projectId 
status 13335: resolved fixed
 2012-02-07 13:16:27 -08:00
Alena Prokharchyk 1490e45a1c Fixed format style in a bunch of files (replaced tabs with spaces as a part of it) 2012-02-03 13:49:11 -08:00
Alena Prokharchyk 83400cd15f bug 12776: if there are multiple objects involved in resource creation, verify that they belong to the same account 
status 12776: resolved fixed
 2012-01-17 13:40:37 -08:00
Alena Prokharchyk f0c4980dff bug 13110: use Ternary data structure when build search criteria 
status 13110: resolved fixed
 2012-01-16 14:15:28 -08:00
Naredula Janardhana Reddy eb1b709193 Bug 12606: firewall rule validation for icmp source cidr for duplicate entry. 2012-01-12 15:36:42 +05:30
Sheng Yang 73dbaf4c9f bug 12997: Prevent creating LB and firewall rule on different provider 
status 12997: resolved fixed
 2012-01-10 19:02:31 -08:00
Alena Prokharchyk c581506103 bug 12306: list* command revamp 2012-01-09 10:07:42 -08:00
kishan 6afaf4ff69 Bug 12723: Fixed typo 
Status 12723: resolved fixed
Reviewed-By: Nitin
 2012-01-05 14:06:54 +05:30
Alena Prokharchyk a19b1d92ce Do services validation when create PF/LB/Firewall rules 2011-12-19 14:24:35 -08:00
Edison Su b2a5e26c06 bug 10792: add default system wide firewall rule 
status 10792: resolved fixed
 2011-11-15 16:51:30 -08:00
alena 3a845d2d75 Keep Service/Provider map per network as well as per networkOffering (to handle the case when there are multiple providers defined for the same service in the network offering, and only one is picked when the network is created) 2011-11-07 16:16:03 -08:00
alena 525a0a7675 1)Changed implementation for restart network: call shutdown/implement methods as a part of it 
2)Re-apply all existing firewall rules as a part of implement call. TODO: Cleanup all existing rules from the backend (leave them in the DB) as a part of shutdown call
 2011-10-25 18:24:24 -07:00
prachi 780e0efe79 Removing references to DataCenter - providers, using the networkoffering -> providers map instead. 
TODO:
- Still leaving the provider columns in data_center schema as-is for CloudKit and BareMetal
- ExternalNetworkDeviceMgrImpl still needs to fix the dataCenter.setProviders calls and externalNetworkApplicance usage checks to see if zone has external networking.
 2011-10-24 18:06:33 -07:00
alena 6379c9c61e Return false when failed to apply the rules on the backend 2011-10-24 17:55:04 -07:00
alena 25c2734e03 More stuff to Projects feature - added support for adding resources (vms, templates, isos) to the project 2011-10-05 13:24:25 -07:00
alena 12e25fb988 Implemented vm* api commands to be executed against the project 2011-09-29 10:20:51 -07:00
alena a1cab92ae1 bug 11537: revoke related FirewallRules when do vmExpunge and ipAddress release. 
status 11537: resolved fixed

Reviewed-by: edison@cloud.com

Conflicts:

	server/src/com/cloud/network/firewall/FirewallManagerImpl.java
	server/src/com/cloud/vm/UserVmManagerImpl.java
 2011-09-22 14:01:02 -07:00
alena a1331d1cfc Intermidiate checkin to Project feature: 
1) Introduce new managers - ProjectManager and DomainManager. Moved all domain related code from AccountManager to DomainManager.
2) Moved some code from ManagementServerImpl to the correct managers.
3) New resource limit for Domain - Project
 2011-09-20 18:35:28 -07:00
alena b6f58b77b8 bug 11462: 1) when delete PF rule, revoke corresponding firewall first (if exists) 2) never remove PF rule from the table when corresponding firewall rule wasn't removed yet 
status 11462: resolved fixed

Reviewed-by: edison@cloud.com

Conflicts:

	server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
 2011-09-20 10:32:57 -07:00
alena 8c53dbcdd7 bug 11185: support multiple CIDR on overlapping port ranges for firewall rules 
status 11185: resolved fixed

Conflicts:

	server/src/com/cloud/network/firewall/FirewallManagerImpl.java

Conflicts:

	api/src/com/cloud/network/firewall/FirewallService.java
	server/src/com/cloud/network/firewall/FirewallManagerImpl.java
	server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
	server/src/com/cloud/network/rules/RulesManagerImpl.java
 2011-08-25 12:21:11 -07:00
alena e3f179844e bug 11236: domainAdmin/regularUser can edit/delete/copy/extract Public template/iso only if it was created by them. They still can use/see public template/iso when execute list/deploy/attachIso commands. Root admin can operate with other people templates w/o any restrictions. 
status 11236: resolved fixed
 2011-08-24 14:48:35 -07:00
alena 8a7feb8ec1 Merge branch '2.2.y' 
Conflicts:
	agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
	api/src/com/cloud/agent/api/routing/LoadBalancerConfigCommand.java
	api/src/com/cloud/agent/api/to/FirewallRuleTO.java
	api/src/com/cloud/agent/api/to/IpAddressTO.java
	api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java
	api/src/com/cloud/api/ApiConstants.java
	api/src/com/cloud/api/BaseCmd.java
	api/src/com/cloud/api/ResponseGenerator.java
	api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java
	api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
	api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
	api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
	api/src/com/cloud/api/commands/DeleteLoadBalancerRuleCmd.java
	api/src/com/cloud/api/commands/ListCapabilitiesCmd.java
	api/src/com/cloud/api/commands/UpdateNetworkCmd.java
	api/src/com/cloud/api/response/CapabilitiesResponse.java
	api/src/com/cloud/network/Network.java
	api/src/com/cloud/network/NetworkService.java
	api/src/com/cloud/network/firewall/FirewallService.java
	api/src/com/cloud/network/lb/LoadBalancingRule.java
	api/src/com/cloud/network/lb/LoadBalancingRulesService.java
	api/src/com/cloud/network/rules/FirewallRule.java
	api/src/com/cloud/network/rules/RulesService.java
	api/src/com/cloud/offering/NetworkOffering.java
	client/tomcatconf/commands.properties.in
	cloud.spec
	core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
	core/src/com/cloud/hypervisor/xen/resource/CitrixHelper.java
	core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
	core/src/com/cloud/storage/template/DownloadManagerImpl.java
	core/src/com/cloud/vm/DomainRouterVO.java
	debian/cloud-deps.install
	patches/systemvm/debian/config/etc/init.d/cloud-early-config
	patches/systemvm/debian/config/root/ipassoc.sh
	patches/systemvm/debian/config/root/loadbalancer.sh
	scripts/vm/hypervisor/kvm/rundomrpre.sh
	scripts/vm/hypervisor/xenserver/vmops
	server/src/com/cloud/agent/manager/AgentAttache.java
	server/src/com/cloud/agent/manager/AgentManagerImpl.java
	server/src/com/cloud/agent/manager/AgentMonitor.java
	server/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
	server/src/com/cloud/alert/ClusterAlertAdapter.java
	server/src/com/cloud/api/ApiResponseHelper.java
	server/src/com/cloud/api/ApiServer.java
	server/src/com/cloud/cluster/ClusterManagerImpl.java
	server/src/com/cloud/configuration/Config.java
	server/src/com/cloud/configuration/ConfigurationManager.java
	server/src/com/cloud/configuration/ConfigurationManagerImpl.java
	server/src/com/cloud/configuration/DefaultComponentLibrary.java
	server/src/com/cloud/deploy/FirstFitPlanner.java
	server/src/com/cloud/ha/HighAvailabilityManagerImpl.java
	server/src/com/cloud/host/dao/HostDaoImpl.java
	server/src/com/cloud/hypervisor/xen/discoverer/XcpServerDiscoverer.java
	server/src/com/cloud/network/LoadBalancerVO.java
	server/src/com/cloud/network/NetworkManager.java
	server/src/com/cloud/network/NetworkManagerImpl.java
	server/src/com/cloud/network/dao/FirewallRulesDao.java
	server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java
	server/src/com/cloud/network/element/DhcpElement.java
	server/src/com/cloud/network/element/VirtualRouterElement.java
	server/src/com/cloud/network/firewall/FirewallManagerImpl.java
	server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
	server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
	server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
	server/src/com/cloud/network/rules/FirewallManager.java
	server/src/com/cloud/network/rules/FirewallRuleVO.java
	server/src/com/cloud/network/rules/PortForwardingRuleVO.java
	server/src/com/cloud/network/rules/RulesManagerImpl.java
	server/src/com/cloud/network/rules/StaticNatRuleImpl.java
	server/src/com/cloud/network/security/SecurityGroupListener.java
	server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
	server/src/com/cloud/offerings/NetworkOfferingVO.java
	server/src/com/cloud/server/ConfigurationServerImpl.java
	server/src/com/cloud/server/ManagementServerImpl.java
	server/src/com/cloud/storage/StorageManager.java
	server/src/com/cloud/storage/StorageManagerImpl.java
	server/src/com/cloud/storage/dao/VMTemplateHostDaoImpl.java
	server/src/com/cloud/storage/download/DownloadMonitorImpl.java
	server/src/com/cloud/upgrade/DatabaseUpgradeChecker.java
	server/src/com/cloud/upgrade/dao/Upgrade228to229.java
	server/src/com/cloud/upgrade/dao/Upgrade229to2210.java
	server/src/com/cloud/user/AccountManagerImpl.java
	server/src/com/cloud/vm/UserVmManagerImpl.java
	server/src/com/cloud/vm/VirtualMachineManagerImpl.java
	server/src/com/cloud/vm/dao/DomainRouterDao.java
	server/src/com/cloud/vm/dao/DomainRouterDaoImpl.java
	setup/db/create-index-fk.sql
	setup/db/create-schema.sql
	setup/db/db/schema-222to224.sql
	setup/db/db/schema-227to228.sql
	setup/db/db/schema-228to229.sql
	setup/db/db/schema-229to2210.sql
	tools/testClient/README
	ui/scripts/cloud.core.instance.js
	utils/src/com/cloud/utils/SerialVersionUID.java
	utils/src/com/cloud/utils/db/ConnectionConcierge.java
	utils/src/com/cloud/utils/db/Merovingian2.java
	utils/src/com/cloud/utils/db/Transaction.java
	utils/src/com/cloud/utils/nio/Link.java
	utils/src/com/cloud/utils/nio/NioConnection.java
	utils/src/com/cloud/utils/time/InaccurateClock.java
 2011-08-22 20:28:30 -07:00
alena 11d06f3d6a Added missing license headers 2011-08-15 14:24:46 -07:00
alena 5fd0ff5610 Added missing license headers 2011-08-15 14:24:28 -07:00
alena 47e8d2b29c Fixed error message 2011-08-15 10:18:44 -07:00
Naredula Janardhana Reddy c63f9fbca2 bug 10561: allowing to create a firewall rule with sameport range but different protocols 2011-08-15 10:18:10 -07:00
alena 803255b0ba bug 11029: db upgrade from 2.2.9 to 2.2.10 includes firewall_rule upgrade now 
status 11029: resolved fixed

Commit also includes the following:

* map firewall rule to pf/lb/staticNat/vpn when the firewall rule is created as a part of pf/lb/staticNat/vpn rule creation
* when delete firewall rules, also delete related firewall rule
 2011-08-15 10:18:09 -07:00
Chiradeep Vittal 51af0db682 mass merge 2.2.10 2011-08-11 16:41:52 -07:00
alena 10034bc196 Fixed rule validation for static nat rules 2011-08-11 14:03:49 -07:00
alena 278f2a401f bug 10561: intermediate checkin for enable/disableStaticNat. 
1) On enableStaticNat command we actually send the command to the backend (we used to just upgrade the DB in the past). The backend command carries sourceIp and destIp, and creates IP to IP mapping on the domR.
2) On disableStaticNat for the Ip address in addition to cleaning up port ranges, we also delete IP to IP mapping on the domR.
 2011-08-11 10:19:22 -07:00
Chiradeep Vittal 17a8234140 should be able to apply firewall rules to static natted ips 2011-08-10 22:53:07 -07:00
alena e874109839 bug 11071: when elb service is enabled, don't check supported protocols as the provider is NULL in data_center table 
status 11071: resolved fixed
 2011-08-10 19:25:04 -07:00
alena 0805dbd3fb Fixed rule validation for ICMP protocol 2011-08-10 19:11:26 -07:00
alena 13a9c1d589 Fixed capability check in rule validation 2011-08-10 18:23:13 -07:00
alena fe3dd44bec ICMP protocol is supported in createFirewallRule command only; throw an error if specified in createPF/StaticNat/LB rule 2011-08-10 12:56:25 -07:00
Abhinandan Prateek 949ad3f4c4 bug 10561: readding source cidr changes to firewall rules 2011-08-10 13:55:37 +05:30