[
https://issues.apache.org/jira/browse/CLOUDSTACK-9403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15870496#comment-15870496
]
ASF GitHub Bot commented on CLOUDSTACK-9403:
--------------------------------------------
Github user mike-tutkowski commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/1579#discussion_r101596817
--- Diff: server/src/com/cloud/configuration/ConfigurationManagerImpl.java
---
@@ -2909,51 +2911,21 @@ public Vlan doInTransaction(final TransactionStatus
status) {
String vlanGateway = null;
String vlanNetmask = null;
boolean sameSubnet = false;
- if (vlans != null && vlans.size() > 0) {
+ if (CollectionUtils.isNotEmpty(vlans)) {
for (final VlanVO vlan : vlans) {
- if (ipv4) {
- vlanGateway = vlan.getVlanGateway();
- vlanNetmask = vlan.getVlanNetmask();
- // check if subset or super set or neither.
- final NetUtils.SupersetOrSubset val =
checkIfSubsetOrSuperset(newVlanGateway, newVlanNetmask, vlan, startIP, endIP);
- if (val == NetUtils.SupersetOrSubset.isSuperset) {
- // this means that new cidr is a superset of the
- // existing subnet.
- throw new InvalidParameterValueException("The
subnet you are trying to add is a superset of the existing subnet having
gateway" + vlan.getVlanGateway()
- + " and netmask " +
vlan.getVlanNetmask());
- } else if (val ==
NetUtils.SupersetOrSubset.neitherSubetNorSuperset) {
- // this implies the user is trying to add a new
subnet
- // which is not a superset or subset of this
subnet.
- // checking with the other subnets.
- continue;
- } else if (val == NetUtils.SupersetOrSubset.isSubset) {
- // this means he is trying to add to the same
subnet.
- throw new InvalidParameterValueException("The
subnet you are trying to add is a subset of the existing subnet having gateway"
+ vlan.getVlanGateway()
- + " and netmask " +
vlan.getVlanNetmask());
- } else if (val ==
NetUtils.SupersetOrSubset.sameSubnet) {
- sameSubnet = true;
- //check if the gateway provided by the user is
same as that of the subnet.
- if (newVlanGateway != null &&
!newVlanGateway.equals(vlanGateway)) {
- throw new InvalidParameterValueException("The
gateway of the subnet should be unique. The subnet alreaddy has a gateway " +
vlanGateway);
- }
- break;
- }
- }
- if (ipv6) {
- if (ip6Gateway != null &&
!ip6Gateway.equals(network.getIp6Gateway())) {
- throw new InvalidParameterValueException("The
input gateway " + ip6Gateway + " is not same as network gateway " +
network.getIp6Gateway());
- }
- if (ip6Cidr != null &&
!ip6Cidr.equals(network.getIp6Cidr())) {
- throw new InvalidParameterValueException("The
input cidr " + ip6Cidr + " is not same as network ciddr " +
network.getIp6Cidr());
- }
- ip6Gateway = network.getIp6Gateway();
- ip6Cidr = network.getIp6Cidr();
- _networkModel.checkIp6Parameters(startIPv6, endIPv6,
ip6Gateway, ip6Cidr);
- sameSubnet = true;
- }
+ vlanGateway = vlan.getVlanGateway();
+ vlanNetmask = vlan.getVlanNetmask();
+ sameSubnet = hasSameSubnet(ipv4, vlanGateway, vlanNetmask,
newVlanGateway, newVlanNetmask, startIP, endIP,
+ ipv6, ip6Gateway, ip6Cidr, startIPv6, endIPv6,
network);
+ if (sameSubnet) break;
}
+ } else {
+ vlanGateway = network.getGateway();
+ vlanNetmask = NetUtils.getCidrNetmask(network.getCidr());
--- End diff --
I believe this is the root of the following blocker for 4.10:
https://issues.apache.org/jira/browse/CLOUDSTACK-9790
> Nuage VSP Plugin : Support for SharedNetwork fuctionality including Marvin
> test coverage
> ----------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-9403
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9403
> Project: CloudStack
> Issue Type: Task
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Automation, Network Controller
> Reporter: Rahul Singal
> Assignee: Nick Livens
>
> This is first phase of support of Shared Network in cloudstack through
> NuageVsp Network Plugin. A shared network is a type of virtual network that
> is shared between multiple accounts i.e. a shared network can be accessed by
> virtual machines that belong to many different accounts. This basic
> functionality will be supported with the below common use case:
> - shared network can be used for monitoring purposes. A shared network can be
> assigned to a domain and can be used for monitoring VMs belonging to all
> accounts in that domain.
> - Public accessible of shared Network.
> With the current implementation with NuageVsp plugin, It support over-lapping
> of Ip address, Public Access and also adding Ip ranges in shared Network.
> In VSD, it is implemented in below manner:
> - In order to have tenant isolation for shared networks, we will have to
> create a Shared L3 Subnet for each shared network, and instantiate it across
> the relevant enterprises. A shared network will only exist under an
> enterprise when it is needed, so when the first VM is spinned under that ACS
> domain inside that shared network.
> - For public shared Network it will also create a floating ip subnet pool in
> VSD along with all the things mentioned in above point.
> PR contents:
> 1) Support for shared networks with tenant isolation on master with Nuage VSP
> SDN Plugin.
> 2) Support of shared network with publicly accessible ip ranges.
> 2) Marvin test coverage for shared networks on master with Nuage VSP SDN
> Plugin.
> 3) Enhancements on our exiting Marvin test code (nuagevsp plugins directory).
> 4) PEP8 & PyFlakes compliance with our Marvin test code.
> Test Results are:-
> Valiate that ROOT admin is NOT able to deploy a VM for a user in ROOT domain
> in a shared network with ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_account_ROOTuser | Status :
> SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for a admin user in a
> shared network with ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_account_differentdomain |
> Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for admin user in the same
> domain but in a ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_account_domainadminuser |
> Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for user in the same
> domain but in a different ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_account_domainuser | Status :
> SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for regular user in a shared
> network with scope=account ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_account_user | Status : SUCCESS
> ===
> ok
> Valiate that ROOT admin is able to deploy a VM for user in ROOT domain in a
> shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_all_ROOTuser | Status : SUCCESS
> ===
> ok
> Valiate that ROOT admin is able to deploy a VM for a domain admin users in a
> shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_all_domainadminuser | Status :
> SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for other users in a shared
> network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_all_domainuser | Status :
> SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for admin user in a domain in
> a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_all_subdomainadminuser | Status
> : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for any user in a subdomain in
> a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_all_subdomainuser | Status :
> SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin
> user in a shared network with scope=domain with no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_ROOTuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for domain admin user in a
> shared network with scope=domain with no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_domainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for domain user in a shared
> network with scope=domain with no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_domainuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin
> user in a shared network with scope=domain with no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_parentdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain user in
> a shared network with scope=domain with no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_parentdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for sub domain admin user
> in a shared network with scope=domain with no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_subdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for sub domain user in a
> shared network with scope=domain with no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_subdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for user in ROOT domain in
> a shared network with scope=domain with subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_ROOTuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for domain admin user in a
> shared network with scope=domain with subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_domainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for domain user in a shared
> network with scope=domain with subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_domainuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin
> user in a shared network with scope=domain with subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_parentdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain user in
> a shared network with scope=domain with subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_parentdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for subdomain admin user in a
> shared network with scope=domain with subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_subdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for subdomain user in a shared
> network with scope=domain with subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_subdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for an regular user in
> ROOT domain in a shared network with scope=account ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_ROOTuser | Status
> : SUCCESS ===
> ok
> Valiate that Domain admin is able NOT able to deploy a VM for an regular user
> from a differnt domain in a shared network with scope=account ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_differentdomain |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for an admin user in the
> same domain but belonging ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_domainadminuser |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in the same
> domain but belonging to a ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_domainuser |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for an regular user in a
> shared network with scope=account ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_user | Status :
> SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain
> in a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_ROOTuser | Status :
> SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in other domain
> in a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_crossdomainuser |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for a domain admin user in a
> shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_domainadminuser |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for a domain user in a
> shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_domainuser | Status :
> SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for a sub domain admin user
> in a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_subdomainadminuser |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for a sub domain user in a
> shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_subdomainuser |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain
> in a shared network with scope=Domain and no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_ROOTuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for domain admin user in a
> shared network with scope=Domain and no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_domainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for domain user in a shared
> network with scope=Domain and no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_domainuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy VM for parent domain admin
> user in shared network with scope=Domain and no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_parentdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for parent domain user
> in a shared network with scope=Domain and no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_parentdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for sub domain admin
> user in a shared network with scope=Domain and no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_subdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for sub domain user in a
> shared network with scope=Domain and no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_subdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain
> in a shared network with scope=Domain and subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_ROOTuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for admin user in domain in
> a shared network with scope=Domain and subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_domainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for regular user in domain
> in a shared network with scope=Domain and subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_domainuser
> | Status : SUCCESS ===
> ok
> Validate that Domain admin is NOT able to deploy VM for admin user in parent
> domain in shared network with scope=Domain subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_parentdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin NOT able to deploy VM for regular user in parent
> domain in shared network with scope=Domain subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_parentdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for admin user in subdomain
> in a shared network with scope=Domain and subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_subdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for regular user in
> subdomain in a shared network with scope=Domain and subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_subdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that regular user is able NOT able to deploy a VM for another user in
> the same domain in a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_regularuser_scope_all_anotherusersamedomain
> | Status : SUCCESS ===
> ok
> Valiate that regular user is able NOT able to deploy a VM for another user in
> a different domain in a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_regularuser_scope_all_crossdomain | Status
> : SUCCESS ===
> ok
> ----------------------------------------------------------------------
> Ran 51 tests in 3192.356s
> OK
> For monitoring useCase test runs are:-
> Valiate that Normal user in the same domain able to add NIC in a shared
> network with scope=all ... === TestName:
> test_01_addNic_in_sharedNetwork_scope_all_as_domainuser | Status : SUCCESS ===
> ok
> Valiate that Parent domain admin is able to add a NIC in a shared network
> with scope=all ... === TestName:
> test_02_addNic_in_sharedNetwork_scope_all_as_domain_parentAdmin | Status :
> SUCCESS ===
> ok
> Valiate that User can enable staticNat on VPC NIC where second nicn is in a
> shared network with scope=all ... === TestName:
> test_03_staticNat_in_VPC_secondNic_sharedNetwork_scope_all | Status : SUCCESS
> ===
> ok
> Validate that reboot VM is done successfully without any Error ... ===
> TestName: test_04_rebootVM_after_sharedNetwork_nic | Status : SUCCESS ===
> ok
> Validate that restart Tier Network is done successfully with cleanup ... ===
> TestName: test_05_restart_Tier_VPC_Network_sharedNetwork_nic | Status :
> SUCCESS ===
> ok
> Validate that restart Shared Network is done successfully without any Error
> ... === TestName: test_06_restart_sharedNetwork_scope_all | Status : SUCCESS
> ===
> ok
> Valiate that Normal user in the same domain able to remove NIC in a shared
> network which is added by Parent Domain Admin ... === TestName:
> test_07_removeNic_in_sharedNetwork_scope_all_as_domainuser | Status : SUCCESS
> ===
> ok
> Valiate that Parent domain admin is able to remove a NIC which is added by
> child domain user ... === TestName:
> test_08_removeNic_in_sharedNetwork_scope_all_as_domain_parentAdmin | Status :
> SUCCESS ===
> ok
> Valiate that Normal user in the same domain able to add NIC in a shared
> network with scope=domain without subdomain Access ... === TestName:
> test_09_addNic_in_sharedNetwork_scope_domain_as_domainuser | Status : SUCCESS
> ===
> ok
> Valiate that Normal user in the same domain able to add NIC in a shared
> network with scope=domain with subdomain Access ... === TestName:
> test_10_addNic_in_sharedNetwork_scope_domain_subdomain_as_domainuser | Status
> : SUCCESS ===
> ok
> ----------------------------------------------------------------------
> Ran 10 tests in 744.354s
> OK
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
