Updated Branches: refs/heads/master cb595cafc -> b5148af0c
CLOUDSTACK-2809: Assign acl_id to VPC tier only when NetworkACL service is supported Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b5148af0 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b5148af0 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b5148af0 Branch: refs/heads/master Commit: b5148af0c6dfc583bcd1a52a7510df80e9eaa163 Parents: cb595ca Author: Kishan Kavala <kis...@cloud.com> Authored: Tue Jun 4 20:07:48 2013 +0530 Committer: Kishan Kavala <kis...@cloud.com> Committed: Tue Jun 4 20:08:26 2013 +0530 ---------------------------------------------------------------------- .../src/com/cloud/network/NetworkServiceImpl.java | 7 +---- .../cloud/network/vpc/NetworkACLManagerImpl.java | 18 +++++++++++++++ server/src/com/cloud/network/vpc/VpcManager.java | 2 +- .../src/com/cloud/network/vpc/VpcManagerImpl.java | 10 ++++++- server/test/com/cloud/vpc/MockVpcManagerImpl.java | 2 +- .../test/com/cloud/vpc/NetworkACLManagerTest.java | 8 ++++++ server/test/com/cloud/vpc/VpcApiUnitTest.java | 10 ++++---- 7 files changed, 43 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b5148af0/server/src/com/cloud/network/NetworkServiceImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java index 9899284..2bf9f40 100755 --- a/server/src/com/cloud/network/NetworkServiceImpl.java +++ b/server/src/com/cloud/network/NetworkServiceImpl.java @@ -1285,10 +1285,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { throw new InvalidParameterValueException("Network offering can't be used for VPC networks"); } - if(aclId == null){ - //Use default deny all ACL, when aclId is not specified - aclId = NetworkACL.DEFAULT_DENY; - } else { + if(aclId != null){ NetworkACL acl = _networkACLDao.findById(aclId); if(acl == null){ throw new InvalidParameterValueException("Unable to find specified NetworkACL"); @@ -1938,7 +1935,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { //perform below validation if the network is vpc network if (network.getVpcId() != null && networkOfferingId != null) { Vpc vpc = _vpcMgr.getVpc(network.getVpcId()); - _vpcMgr.validateNtwkOffForNtwkInVpc(networkId, networkOfferingId, null, null, vpc, null, _accountMgr.getAccount(network.getAccountId())); + _vpcMgr.validateNtwkOffForNtwkInVpc(networkId, networkOfferingId, null, null, vpc, null, _accountMgr.getAccount(network.getAccountId()), null); } // don't allow to update network in Destroy state http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b5148af0/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java index cef6454..171b8b9 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java @@ -16,8 +16,10 @@ // under the License. package com.cloud.network.vpc; +import com.cloud.configuration.ConfigurationManager; import com.cloud.event.ActionEvent; import com.cloud.event.EventTypes; +import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.Network; import com.cloud.network.Network.Service; @@ -29,6 +31,7 @@ import com.cloud.network.element.VpcProvider; import com.cloud.network.vpc.NetworkACLItem.State; import com.cloud.network.vpc.dao.NetworkACLDao; import com.cloud.network.vpc.dao.VpcGatewayDao; +import com.cloud.offering.NetworkOffering; import com.cloud.tags.dao.ResourceTagDao; import com.cloud.user.Account; import com.cloud.user.AccountManager; @@ -73,6 +76,8 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana VpcGatewayDao _vpcGatewayDao; @Inject NetworkModel _ntwkModel; + @Inject + ConfigurationManager _configMgr; @Override public NetworkACL createNetworkACL(String name, String description, long vpcId) { @@ -133,9 +138,22 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana @Override public boolean replaceNetworkACL(NetworkACL acl, NetworkVO network) throws ResourceUnavailableException { + + NetworkOffering guestNtwkOff = _configMgr.getNetworkOffering(network.getNetworkOfferingId()); + + if (guestNtwkOff == null) { + throw new InvalidParameterValueException("Can't find network offering associated with network: "+network.getUuid()); + } + + //verify that ACLProvider is supported by network offering + if(!_ntwkModel.areServicesSupportedByNetworkOffering(guestNtwkOff.getId(), Service.NetworkACL)){ + throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering does not support NetworkACL service"); + } + network.setNetworkACLId(acl.getId()); //Update Network ACL if(_networkDao.update(network.getId(), network)){ + s_logger.debug("Updated network: "+network.getId()+ "with Network ACL Id: "+acl.getId()+", Applying ACL items"); //Apply ACL to network return applyACLToNetwork(network.getId()); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b5148af0/server/src/com/cloud/network/vpc/VpcManager.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/VpcManager.java b/server/src/com/cloud/network/vpc/VpcManager.java index f22e7e4..e01413f 100644 --- a/server/src/com/cloud/network/vpc/VpcManager.java +++ b/server/src/com/cloud/network/vpc/VpcManager.java @@ -164,7 +164,7 @@ public interface VpcManager extends VpcService{ * @param gateway * @param networkOwner TODO */ - void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner); + void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner, Long aclId); List<PrivateGateway> getVpcPrivateGateways(long vpcId); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b5148af0/server/src/com/cloud/network/vpc/VpcManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/com/cloud/network/vpc/VpcManagerImpl.java index 380a95e..1c4adde 100644 --- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java +++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java @@ -1039,7 +1039,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @DB @Override public void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, - String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner) { + String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner, Long aclId) { NetworkOffering guestNtwkOff = _configMgr.getNetworkOffering(newNtwkOffId); @@ -1084,6 +1084,12 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } } } + + //5) When aclId is provided, verify that ACLProvider is supported by network offering + if(aclId != null && (!_ntwkModel.areServicesSupportedByNetworkOffering(guestNtwkOff.getId(), Service.NetworkACL))){ + throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering does not support NetworkACL service"); + } + } @Override @@ -2034,7 +2040,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } //1) Validate if network can be created for VPC - validateNtwkOffForNtwkInVpc(null, ntwkOffId, cidr, networkDomain, vpc, gateway, owner); + validateNtwkOffForNtwkInVpc(null, ntwkOffId, cidr, networkDomain, vpc, gateway, owner, aclId); //2) Create network Network guestNetwork = _ntwkMgr.createGuestNetwork(ntwkOffId, name, displayText, gateway, cidr, vlanId, http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b5148af0/server/test/com/cloud/vpc/MockVpcManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/test/com/cloud/vpc/MockVpcManagerImpl.java b/server/test/com/cloud/vpc/MockVpcManagerImpl.java index 921321f..7e40083 100644 --- a/server/test/com/cloud/vpc/MockVpcManagerImpl.java +++ b/server/test/com/cloud/vpc/MockVpcManagerImpl.java @@ -373,7 +373,7 @@ public class MockVpcManagerImpl extends ManagerBase implements VpcManager { } @Override - public void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner) { + public void validateNtwkOffForNtwkInVpc(Long networkId, long newNtwkOffId, String newCidr, String newNetworkDomain, Vpc vpc, String gateway, Account networkOwner, Long aclId) { // TODO Auto-generated method stub } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b5148af0/server/test/com/cloud/vpc/NetworkACLManagerTest.java ---------------------------------------------------------------------- diff --git a/server/test/com/cloud/vpc/NetworkACLManagerTest.java b/server/test/com/cloud/vpc/NetworkACLManagerTest.java index 76b811f..ddcfe7f 100644 --- a/server/test/com/cloud/vpc/NetworkACLManagerTest.java +++ b/server/test/com/cloud/vpc/NetworkACLManagerTest.java @@ -15,6 +15,7 @@ package com.cloud.vpc; +import com.cloud.configuration.ConfigurationManager; import com.cloud.network.Network; import com.cloud.network.NetworkManager; import com.cloud.network.NetworkModel; @@ -78,6 +79,8 @@ public class NetworkACLManagerTest extends TestCase{ @Inject NetworkDao _networkDao; @Inject + ConfigurationManager _configMgr; + @Inject NetworkModel _networkModel; @Inject List<NetworkACLServiceProvider> _networkAclElements; @@ -179,6 +182,11 @@ public class NetworkACLManagerTest extends TestCase{ } @Bean + public ConfigurationManager configMgr() { + return Mockito.mock(ConfigurationManager.class); + } + + @Bean public NetworkACLServiceProvider networkElements() { return Mockito.mock(NetworkACLServiceProvider.class); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b5148af0/server/test/com/cloud/vpc/VpcApiUnitTest.java ---------------------------------------------------------------------- diff --git a/server/test/com/cloud/vpc/VpcApiUnitTest.java b/server/test/com/cloud/vpc/VpcApiUnitTest.java index e141c96..400e00c 100644 --- a/server/test/com/cloud/vpc/VpcApiUnitTest.java +++ b/server/test/com/cloud/vpc/VpcApiUnitTest.java @@ -87,7 +87,7 @@ public class VpcApiUnitTest extends TestCase{ //1) correct network offering boolean result = false; try { - _vpcService.validateNtwkOffForNtwkInVpc(2L, 1, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO()); + _vpcService.validateNtwkOffForNtwkInVpc(2L, 1, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null); result = true; } catch (Exception ex) { } finally { @@ -97,7 +97,7 @@ public class VpcApiUnitTest extends TestCase{ //2) invalid offering - source nat is not included result = false; try { - _vpcService.validateNtwkOffForNtwkInVpc(2L, 2, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO()); + _vpcService.validateNtwkOffForNtwkInVpc(2L, 2, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null); result = true; } catch (InvalidParameterValueException ex) { } finally { @@ -107,7 +107,7 @@ public class VpcApiUnitTest extends TestCase{ //3) invalid offering - conserve mode is off result = false; try { - _vpcService.validateNtwkOffForNtwkInVpc(2L, 3, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO()); + _vpcService.validateNtwkOffForNtwkInVpc(2L, 3, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null); result = true; } catch (InvalidParameterValueException ex) { } finally { @@ -117,7 +117,7 @@ public class VpcApiUnitTest extends TestCase{ //4) invalid offering - guest type shared result = false; try { - _vpcService.validateNtwkOffForNtwkInVpc(2L, 4, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO()); + _vpcService.validateNtwkOffForNtwkInVpc(2L, 4, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null); result = true; } catch (InvalidParameterValueException ex) { } finally { @@ -127,7 +127,7 @@ public class VpcApiUnitTest extends TestCase{ //5) Invalid offering - no redundant router support result = false; try { - _vpcService.validateNtwkOffForNtwkInVpc(2L, 5, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO()); + _vpcService.validateNtwkOffForNtwkInVpc(2L, 5, "0.0.0.0", "111-", _vpcService.getVpc(1), "10.1.1.1", new AccountVO(), null); result = true; } catch (InvalidParameterValueException ex) { } finally {
