Search in sources :

Example 66 with ActionEvent

use of com.cloud.event.ActionEvent in project cloudstack by apache.

the class NetworkACLServiceImpl method deleteNetworkACL.

@Override
@ActionEvent(eventType = EventTypes.EVENT_NETWORK_ACL_DELETE, eventDescription = "Deleting Network ACL List", async = true)
public boolean deleteNetworkACL(final long id) {
    final Account caller = CallContext.current().getCallingAccount();
    final NetworkACL acl = _networkACLDao.findById(id);
    if (acl == null) {
        throw new InvalidParameterValueException("Unable to find specified ACL");
    }
    //Do not allow deletion of default ACLs
    if (acl.getId() == NetworkACL.DEFAULT_ALLOW || acl.getId() == NetworkACL.DEFAULT_DENY) {
        throw new InvalidParameterValueException("Default ACL cannot be removed");
    }
    final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId());
    if (vpc == null) {
        throw new InvalidParameterValueException("Unable to find specified VPC associated with the ACL");
    }
    _accountMgr.checkAccess(caller, null, true, vpc);
    return _networkAclMgr.deleteNetworkACL(acl);
}
Also used : Account(com.cloud.user.Account) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) ActionEvent(com.cloud.event.ActionEvent)

Example 67 with ActionEvent

use of com.cloud.event.ActionEvent in project cloudstack by apache.

the class NetworkACLServiceImpl method updateNetworkACL.

@Override
@ActionEvent(eventType = EventTypes.EVENT_NETWORK_ACL_UPDATE, eventDescription = "updating network acl", async = true)
public NetworkACL updateNetworkACL(final Long id, final String customId, final Boolean forDisplay) {
    final NetworkACLVO acl = _networkACLDao.findById(id);
    final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId());
    final Account caller = CallContext.current().getCallingAccount();
    _accountMgr.checkAccess(caller, null, true, vpc);
    if (customId != null) {
        acl.setUuid(customId);
    }
    if (forDisplay != null) {
        acl.setDisplay(forDisplay);
    }
    _networkACLDao.update(id, acl);
    return _networkACLDao.findById(id);
}
Also used : Account(com.cloud.user.Account) ActionEvent(com.cloud.event.ActionEvent)

Example 68 with ActionEvent

use of com.cloud.event.ActionEvent in project cloudstack by apache.

the class RulesManagerImpl method revokePortForwardingRule.

@Override
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_DELETE, eventDescription = "revoking forwarding rule", async = true)
public boolean revokePortForwardingRule(long ruleId, boolean apply) {
    CallContext ctx = CallContext.current();
    Account caller = ctx.getCallingAccount();
    PortForwardingRuleVO rule = _portForwardingDao.findById(ruleId);
    if (rule == null) {
        throw new InvalidParameterValueException("Unable to find " + ruleId);
    }
    _accountMgr.checkAccess(caller, null, true, rule);
    if (!revokePortForwardingRuleInternal(ruleId, caller, ctx.getCallingUserId(), apply)) {
        throw new CloudRuntimeException("Failed to delete port forwarding rule");
    }
    return true;
}
Also used : Account(com.cloud.user.Account) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) CallContext(org.apache.cloudstack.context.CallContext) ActionEvent(com.cloud.event.ActionEvent)

Example 69 with ActionEvent

use of com.cloud.event.ActionEvent in project cloudstack by apache.

the class RulesManagerImpl method createStaticNatRule.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating static nat rule", create = true)
public StaticNatRule createStaticNatRule(final StaticNatRule rule, final boolean openFirewall) throws NetworkRuleConflictException {
    final Account caller = CallContext.current().getCallingAccount();
    final Long ipAddrId = rule.getSourceIpAddressId();
    IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId);
    // Validate ip address
    if (ipAddress == null) {
        throw new InvalidParameterValueException("Unable to create static nat rule; ip id=" + ipAddrId + " doesn't exist in the system");
    } else if (ipAddress.isSourceNat() || !ipAddress.isOneToOneNat() || ipAddress.getAssociatedWithVmId() == null) {
        throw new NetworkRuleConflictException("Can't do static nat on ip address: " + ipAddress.getAddress());
    }
    _firewallMgr.validateFirewallRule(caller, ipAddress, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), Purpose.StaticNat, FirewallRuleType.User, null, rule.getTrafficType());
    final Long networkId = ipAddress.getAssociatedWithNetworkId();
    final Long accountId = ipAddress.getAllocatedToAccountId();
    final Long domainId = ipAddress.getAllocatedInDomainId();
    _networkModel.checkIpForService(ipAddress, Service.StaticNat, null);
    Network network = _networkModel.getNetwork(networkId);
    NetworkOffering off = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId());
    if (off.getElasticIp()) {
        throw new InvalidParameterValueException("Can't create ip forwarding rules for the network where elasticIP service is enabled");
    }
    //String dstIp = _networkModel.getIpInNetwork(ipAddress.getAssociatedWithVmId(), networkId);
    final String dstIp = ipAddress.getVmIp();
    return Transaction.execute(new TransactionCallbackWithException<StaticNatRule, NetworkRuleConflictException>() {

        @Override
        public StaticNatRule doInTransaction(TransactionStatus status) throws NetworkRuleConflictException {
            FirewallRuleVO newRule = new FirewallRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, rule.getPurpose(), null, null, null, null, null);
            newRule = _firewallDao.persist(newRule);
            // create firewallRule for 0.0.0.0/0 cidr
            if (openFirewall) {
                _firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null, newRule.getId(), networkId);
            }
            try {
                _firewallMgr.detectRulesConflict(newRule);
                if (!_firewallDao.setStateToAdd(newRule)) {
                    throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
                }
                CallContext.current().setEventDetails("Rule Id: " + newRule.getId());
                UsageEventUtils.publishUsageEvent(EventTypes.EVENT_NET_RULE_ADD, newRule.getAccountId(), 0, newRule.getId(), null, FirewallRule.class.getName(), newRule.getUuid());
                StaticNatRule staticNatRule = new StaticNatRuleImpl(newRule, dstIp);
                return staticNatRule;
            } catch (Exception e) {
                if (newRule != null) {
                    // no need to apply the rule as it wasn't programmed on the backend yet
                    _firewallMgr.revokeRelatedFirewallRule(newRule.getId(), false);
                    _firewallMgr.removeRule(newRule);
                }
                if (e instanceof NetworkRuleConflictException) {
                    throw (NetworkRuleConflictException) e;
                }
                throw new CloudRuntimeException("Unable to add static nat rule for the ip id=" + newRule.getSourceIpAddressId(), e);
            }
        }
    });
}
Also used : Account(com.cloud.user.Account) NetworkOffering(com.cloud.offering.NetworkOffering) TransactionStatus(com.cloud.utils.db.TransactionStatus) NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) TransactionCallbackWithException(com.cloud.utils.db.TransactionCallbackWithException) NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException) InsufficientAddressCapacityException(com.cloud.exception.InsufficientAddressCapacityException) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) Network(com.cloud.network.Network) IPAddressVO(com.cloud.network.dao.IPAddressVO) ActionEvent(com.cloud.event.ActionEvent) DB(com.cloud.utils.db.DB)

Example 70 with ActionEvent

use of com.cloud.event.ActionEvent in project cloudstack by apache.

the class RulesManagerImpl method updatePortForwardingRule.

@Override
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_MODIFY, eventDescription = "updating forwarding rule", async = true)
public PortForwardingRule updatePortForwardingRule(long id, Integer privatePort, Long virtualMachineId, Ip vmGuestIp, String customId, Boolean forDisplay) {
    Account caller = CallContext.current().getCallingAccount();
    PortForwardingRuleVO rule = _portForwardingDao.findById(id);
    if (rule == null) {
        throw new InvalidParameterValueException("Unable to find " + id);
    }
    _accountMgr.checkAccess(caller, null, true, rule);
    if (customId != null) {
        rule.setUuid(customId);
    }
    if (forDisplay != null) {
        rule.setDisplay(forDisplay);
    }
    if (!rule.getSourcePortStart().equals(rule.getSourcePortEnd()) && privatePort != null) {
        throw new InvalidParameterValueException("Unable to update the private port of port forwarding rule as  the rule has port range : " + rule.getSourcePortStart() + " to " + rule.getSourcePortEnd());
    }
    if (virtualMachineId == null && vmGuestIp != null) {
        throw new InvalidParameterValueException("vmguestip should be set along with virtualmachineid");
    }
    Ip dstIp = rule.getDestinationIpAddress();
    if (virtualMachineId != null) {
        // Verify that vm has nic in the network
        Nic guestNic = _networkModel.getNicInNetwork(virtualMachineId, rule.getNetworkId());
        if (guestNic == null || guestNic.getIPv4Address() == null) {
            throw new InvalidParameterValueException("Vm doesn't belong to network associated with ipAddress");
        } else {
            dstIp = new Ip(guestNic.getIPv4Address());
        }
        if (vmGuestIp != null) {
            //vm ip is passed so it can be primary or secondary ip addreess.
            if (!dstIp.equals(vmGuestIp)) {
                //the vm ip is secondary ip to the nic.
                // is vmIp is secondary ip or not
                NicSecondaryIp secondaryIp = _nicSecondaryDao.findByIp4AddressAndNicId(vmGuestIp.toString(), guestNic.getId());
                if (secondaryIp == null) {
                    throw new InvalidParameterValueException("IP Address is not in the VM nic's network ");
                }
                dstIp = vmGuestIp;
            }
        }
    }
    // revoke old rules at first
    List<PortForwardingRuleVO> rules = new ArrayList<PortForwardingRuleVO>();
    rule.setState(State.Revoke);
    _portForwardingDao.update(id, rule);
    rules.add(rule);
    try {
        if (!_firewallMgr.applyRules(rules, true, false)) {
            throw new CloudRuntimeException("Failed to revoke the existing port forwarding rule:" + id);
        }
    } catch (ResourceUnavailableException ex) {
        throw new CloudRuntimeException("Failed to revoke the existing port forwarding rule:" + id + " due to ", ex);
    }
    rule = _portForwardingDao.findById(id);
    rule.setState(State.Add);
    if (privatePort != null) {
        rule.setDestinationPortStart(privatePort.intValue());
        rule.setDestinationPortEnd(privatePort.intValue());
    }
    if (virtualMachineId != null) {
        rule.setVirtualMachineId(virtualMachineId);
        rule.setDestinationIpAddress(dstIp);
    }
    _portForwardingDao.update(id, rule);
    //apply new rules
    if (!applyPortForwardingRules(rule.getSourceIpAddressId(), false, caller)) {
        throw new CloudRuntimeException("Failed to apply the new port forwarding rule:" + id);
    }
    return _portForwardingDao.findById(id);
}
Also used : Account(com.cloud.user.Account) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) Ip(com.cloud.utils.net.Ip) NicSecondaryIp(com.cloud.vm.NicSecondaryIp) NicSecondaryIp(com.cloud.vm.NicSecondaryIp) ArrayList(java.util.ArrayList) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) Nic(com.cloud.vm.Nic) ActionEvent(com.cloud.event.ActionEvent)

Aggregations

ActionEvent (com.cloud.event.ActionEvent)209 InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)174 Account (com.cloud.user.Account)114 CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)80 DB (com.cloud.utils.db.DB)79 TransactionStatus (com.cloud.utils.db.TransactionStatus)40 PermissionDeniedException (com.cloud.exception.PermissionDeniedException)32 ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)32 ArrayList (java.util.ArrayList)31 CallContext (org.apache.cloudstack.context.CallContext)22 ConcurrentOperationException (com.cloud.exception.ConcurrentOperationException)20 TransactionCallbackNoReturn (com.cloud.utils.db.TransactionCallbackNoReturn)20 DataCenterVO (com.cloud.dc.DataCenterVO)18 Network (com.cloud.network.Network)18 LoadBalancerVO (com.cloud.network.dao.LoadBalancerVO)17 InvalidParameterException (java.security.InvalidParameterException)16 List (java.util.List)16 NetworkVO (com.cloud.network.dao.NetworkVO)15 ConfigurationException (javax.naming.ConfigurationException)15 ResourceAllocationException (com.cloud.exception.ResourceAllocationException)14