VPC: createPF/createLBrule: 1) don't allow to pass openFirewall=true 2) when no openFirewall is passed in, defaulted to false if the public ip belongs to VPC
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/24772bcb Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/24772bcb Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/24772bcb Branch: refs/heads/vpc Commit: 24772bcb4eef19c4a46ee6a74f87e6b891ce8a46 Parents: c19639e Author: Alena Prokharchyk <[email protected]> Authored: Thu Jun 28 14:15:09 2012 -0700 Committer: Alena Prokharchyk <[email protected]> Committed: Thu Jun 28 17:18:15 2012 -0700 ---------------------------------------------------------------------- .../com/cloud/api/commands/AssociateIPAddrCmd.java | 3 ++ .../api/commands/CreateLoadBalancerRuleCmd.java | 24 ++++++++++++++- .../api/commands/CreatePortForwardingRuleCmd.java | 22 +++++++++++++- .../com/cloud/network/rules/RulesManagerImpl.java | 3 +- 4 files changed, 48 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/24772bcb/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java index 75044cc..6ac4a1d 100644 --- a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java +++ b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java @@ -180,6 +180,9 @@ public class AssociateIPAddrCmd extends BaseAsyncCreateCmd { return network.getAccountId(); } else if (vpcId != null) { Vpc vpc = _vpcService.getVpc(getVpcId()); + if (vpc == null) { + throw new InvalidParameterValueException("Can't find Enabled vpc by id specified"); + } return vpc.getAccountId(); } http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/24772bcb/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java index 6c1e3b7..852d9a9 100644 --- a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java @@ -77,7 +77,9 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements @Parameter(name=ApiConstants.PUBLIC_PORT, type=CommandType.INTEGER, required=true, description="the public port from where the network traffic will be load balanced from") private Integer publicPort; - @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for source/end pubic port is automatically created; if false - firewall rule has to be created explicitely. Has value true by default") + @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for" + + " source/end pubic port is automatically created; if false - firewall rule has to be created explicitely. If not specified 1) defaulted to false when LB" + + " rule is being created for VPC guest network 2) in all other cases defaulted to true") private Boolean openFirewall; @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the load balancer. Must be used with the domainId parameter.") @@ -133,6 +135,19 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements return publicIpId; } + private Long getVpcId() { + if (publicIpId != null) { + IpAddress ipAddr = _networkService.getIp(publicIpId); + if (ipAddr == null || !ipAddr.readyToUse()) { + throw new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address id " + ipAddr.getId()); + } else { + return ipAddr.getVpcId(); + } + } + return null; + } + + public Long getNetworkId() { if (networkId != null) { return networkId; @@ -189,9 +204,16 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements } public Boolean getOpenFirewall() { + boolean isVpc = getVpcId() == null ? false : true; if (openFirewall != null) { + if (isVpc && openFirewall) { + throw new InvalidParameterValueException("Can't have openFirewall=true when IP address belongs to VPC"); + } return openFirewall; } else { + if (isVpc) { + return false; + } return true; } } http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/24772bcb/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java index 4ced43d..f60d840 100644 --- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java @@ -78,7 +78,8 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for source/end pubic port is automatically created; " + - "if false - firewall rule has to be created explicitely. Has value true by default") + "if false - firewall rule has to be created explicitely. If not specified 1) defaulted to false when PF" + + " rule is being created for VPC guest network 2) in all other cases defaulted to true") private Boolean openFirewall; @IdentityMapper(entityTableName="networks") @@ -118,12 +119,31 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P } public Boolean getOpenFirewall() { + boolean isVpc = getVpcId() == null ? false : true; if (openFirewall != null) { + if (isVpc && openFirewall) { + throw new InvalidParameterValueException("Can't have openFirewall=true when IP address belongs to VPC"); + } return openFirewall; } else { + if (isVpc) { + return false; + } return true; } } + + private Long getVpcId() { + if (ipAddressId != null) { + IpAddress ipAddr = _networkService.getIp(ipAddressId); + if (ipAddr == null || !ipAddr.readyToUse()) { + throw new InvalidParameterValueException("Unable to create PF rule, invalid IP address id " + ipAddr.getId()); + } else { + return ipAddr.getVpcId(); + } + } + return null; + } // /////////////////////////////////////////////////// // ///////////// API Implementation/////////////////// http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/24772bcb/server/src/com/cloud/network/rules/RulesManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 7709ccc..3ce19c7 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -178,9 +178,8 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { try { ipAddress = _networkMgr.associateIPToGuestNetwork(ipAddrId, networkId); } catch (Exception ex) { - s_logger.warn("Failed to associate ip id=" + ipAddrId + " to network id=" + networkId + " as " + + throw new CloudRuntimeException("Failed to associate ip to network as " + "a part of port forwarding rule creation"); - return null; } }
