Search in sources :

Example 1 with ACLType

use of com.cloud.legacymodel.acl.ControlledEntity.ACLType in project cosmic by MissionCriticalCloud.

the class AffinityGroupServiceImpl method createAffinityGroup.

@DB
@Override
public AffinityGroup createAffinityGroup(final String accountName, final Long projectId, final Long domainId, final String affinityGroupName, final String affinityGroupType, final String description) {
    // validate the affinityGroupType
    final Map<String, AffinityGroupProcessor> typeProcessorMap = getAffinityTypeToProcessorMap();
    if (typeProcessorMap == null || typeProcessorMap.isEmpty()) {
        throw new InvalidParameterValueException("Unable to create affinity group, no Affinity Group Types configured");
    }
    final AffinityGroupProcessor processor = typeProcessorMap.get(affinityGroupType);
    if (processor == null) {
        throw new InvalidParameterValueException("Unable to create affinity group, invalid affinity group type" + affinityGroupType);
    }
    final Account caller = CallContext.current().getCallingAccount();
    if (processor.isAdminControlledGroup() && !_accountMgr.isRootAdmin(caller.getId())) {
        throw new PermissionDeniedException("Cannot create the affinity group");
    }
    final ControlledEntity.ACLType aclType;
    final Account owner;
    boolean domainLevel = false;
    if (projectId == null && domainId != null && accountName == null) {
        verifyAccessToDomainWideProcessor(caller, processor);
        final DomainVO domain = getDomain(domainId);
        _accountMgr.checkAccess(caller, domain);
        // domain level group, owner is SYSTEM.
        owner = _accountMgr.getAccount(Account.ACCOUNT_ID_SYSTEM);
        aclType = ControlledEntity.ACLType.Domain;
        domainLevel = true;
    } else {
        owner = _accountMgr.finalizeOwner(caller, accountName, domainId, projectId);
        aclType = ControlledEntity.ACLType.Account;
    }
    verifyAffinityGroupNameInUse(owner.getAccountId(), owner.getDomainId(), affinityGroupName);
    verifyDomainLevelAffinityGroupName(domainLevel, owner.getDomainId(), affinityGroupName);
    final AffinityGroupVO group = createAffinityGroup(processor, owner, aclType, affinityGroupName, affinityGroupType, description, domainLevel, domainId);
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Created affinity group =" + affinityGroupName);
    }
    return group;
}
Also used : Account(com.cloud.legacymodel.user.Account) DomainVO(com.cloud.domain.DomainVO) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) ControlledEntity(com.cloud.legacymodel.acl.ControlledEntity) ACLType(com.cloud.legacymodel.acl.ControlledEntity.ACLType) PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException) DB(com.cloud.utils.db.DB)

Example 2 with ACLType

use of com.cloud.legacymodel.acl.ControlledEntity.ACLType in project cosmic by MissionCriticalCloud.

the class NetworkServiceImpl method createGuestNetwork.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_NETWORK_CREATE, eventDescription = "creating network")
public Network createGuestNetwork(final CreateNetworkCmd cmd) throws InsufficientCapacityException, ConcurrentOperationException, ResourceAllocationException {
    final Long networkOfferingId = cmd.getNetworkOfferingId();
    String gateway = cmd.getGateway();
    final String startIP = cmd.getStartIp();
    String endIP = cmd.getEndIp();
    final String netmask = cmd.getNetmask();
    final String networkDomain = cmd.getNetworkDomain();
    final String vlanId = cmd.getVlan();
    final String name = cmd.getNetworkName();
    final String displayText = cmd.getDisplayText();
    final Account caller = CallContext.current().getCallingAccount();
    final Long physicalNetworkId = cmd.getPhysicalNetworkId();
    Long zoneId = cmd.getZoneId();
    final String aclTypeStr = cmd.getAclType();
    final Long domainId = cmd.getDomainId();
    boolean isDomainSpecific = false;
    final Boolean subdomainAccess = cmd.getSubdomainAccess();
    final Long vpcId = cmd.getVpcId();
    final String startIPv6 = cmd.getStartIpv6();
    String endIPv6 = cmd.getEndIpv6();
    String ip6Gateway = cmd.getIp6Gateway();
    final String ip6Cidr = cmd.getIp6Cidr();
    Boolean displayNetwork = cmd.getDisplayNetwork();
    final Long aclId = cmd.getAclId();
    final String isolatedPvlan = cmd.getIsolatedPvlan();
    final String dns1 = cmd.getDns1();
    final String dns2 = cmd.getDns2();
    final String ipExclusionList = cmd.getIpExclusionList();
    final String getDhcpTftpServer = cmd.getDhcpTftpServer();
    final String getDhcpBootfileName = cmd.getDhcpBootfileName();
    // Validate network offering
    final NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(networkOfferingId);
    if (ntwkOff == null || ntwkOff.isSystemOnly()) {
        final InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find network offering by specified id");
        if (ntwkOff != null) {
            ex.addProxyObject(ntwkOff.getUuid(), "networkOfferingId");
        }
        throw ex;
    }
    if (!GuestType.Private.equals(ntwkOff.getGuestType()) && vpcId == null) {
        throw new InvalidParameterValueException("VPC ID is required");
    }
    if (GuestType.Private.equals(ntwkOff.getGuestType()) && (startIP != null || endIP != null || vpcId != null || gateway != null || netmask != null)) {
        throw new InvalidParameterValueException("StartIp/endIp/vpcId/gateway/netmask can't be specified for guest type " + GuestType.Private);
    }
    // validate physical network and zone
    // Check if physical network exists
    PhysicalNetwork pNtwk = null;
    if (physicalNetworkId != null) {
        pNtwk = _physicalNetworkDao.findById(physicalNetworkId);
        if (pNtwk == null) {
            throw new InvalidParameterValueException("Unable to find a physical network having the specified physical network id");
        }
    }
    if (zoneId == null) {
        zoneId = pNtwk.getDataCenterId();
    }
    if (displayNetwork == null) {
        displayNetwork = true;
    }
    final Zone zone = zoneRepository.findById(zoneId).orElse(null);
    if (zone == null) {
        throw new InvalidParameterValueException("Specified zone id was not found");
    }
    if (AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
        // See DataCenterVO.java
        final PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation since specified Zone is currently disabled");
        ex.addProxyObject(zone.getUuid(), "zoneId");
        throw ex;
    }
    // Only domain and account ACL types are supported in Acton.
    ACLType aclType = null;
    if (aclTypeStr != null) {
        if (aclTypeStr.equalsIgnoreCase(ACLType.Account.toString())) {
            aclType = ACLType.Account;
        } else if (aclTypeStr.equalsIgnoreCase(ACLType.Domain.toString())) {
            aclType = ACLType.Domain;
        } else {
            throw new InvalidParameterValueException("Incorrect aclType specified. Check the API documentation for supported types");
        }
        // In 3.0 all Shared networks should have aclType == Domain, all Isolated networks aclType==Account
        if (ntwkOff.getGuestType() != GuestType.Shared) {
            if (aclType != ACLType.Account) {
                throw new InvalidParameterValueException("AclType should be " + ACLType.Account + " for network of type " + ntwkOff.getGuestType());
            }
        } else if (ntwkOff.getGuestType() == GuestType.Shared) {
            if (!(aclType == ACLType.Domain || aclType == ACLType.Account)) {
                throw new InvalidParameterValueException("AclType should be " + ACLType.Domain + " or " + ACLType.Account + " for network of type " + GuestType.Shared);
            }
        }
    } else {
        aclType = (ntwkOff.getGuestType() == GuestType.Shared) ? ACLType.Domain : ACLType.Account;
    }
    // Only Admin can create Shared networks
    if (ntwkOff.getGuestType() == GuestType.Shared && !_accountMgr.isAdmin(caller.getId())) {
        throw new InvalidParameterValueException("Only Admins can create network with guest type " + GuestType.Shared);
    }
    // Check if the network is domain specific
    if (aclType == ACLType.Domain) {
        // only Admin can create domain with aclType=Domain
        if (!_accountMgr.isAdmin(caller.getId())) {
            throw new PermissionDeniedException("Only admin can create networks with aclType=Domain");
        }
        // only shared networks can be Domain specific
        if (ntwkOff.getGuestType() != GuestType.Shared) {
            throw new InvalidParameterValueException("Only " + GuestType.Shared + " networks can have aclType=" + ACLType.Domain);
        }
        if (domainId != null) {
            if (ntwkOff.getTrafficType() != TrafficType.Guest || ntwkOff.getGuestType() != GuestType.Shared) {
                throw new InvalidParameterValueException("Domain level networks are supported just for traffic type " + TrafficType.Guest + " and guest type " + GuestType.Shared);
            }
            final DomainVO domain = _domainDao.findById(domainId);
            if (domain == null) {
                throw new InvalidParameterValueException("Unable to find domain by specified id");
            }
            _accountMgr.checkAccess(caller, domain);
        }
        isDomainSpecific = true;
    } else if (subdomainAccess != null) {
        throw new InvalidParameterValueException("Parameter subDomainAccess can be specified only with aclType=Domain");
    }
    Account owner = null;
    if (cmd.getAccountName() != null && domainId != null || cmd.getProjectId() != null) {
        owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), domainId, cmd.getProjectId());
    } else {
        owner = caller;
    }
    boolean ipv4 = true, ipv6 = false;
    if (startIP != null) {
        ipv4 = true;
    }
    if (startIPv6 != null) {
        ipv6 = true;
    }
    if (gateway != null) {
        try {
            // getByName on a literal representation will only check validity of the address
            // http://docs.oracle.com/javase/6/docs/api/java/net/InetAddress.html#getByName(java.lang.String)
            final InetAddress gatewayAddress = InetAddress.getByName(gateway);
            if (gatewayAddress instanceof Inet6Address) {
                ipv6 = true;
            } else {
                ipv4 = true;
            }
        } catch (final UnknownHostException e) {
            s_logger.error("Unable to convert gateway IP to a InetAddress", e);
            throw new InvalidParameterValueException("Gateway parameter is invalid");
        }
    }
    String cidr = cmd.getCidr();
    if (ipv4) {
        // validate the CIDR
        if (cidr != null && !NetUtils.isValidIp4Cidr(cidr)) {
            throw new InvalidParameterValueException("Invalid format for the CIDR parameter");
        }
        // validate gateway with cidr
        if (cidr != null && gateway != null && !NetUtils.isIpWithtInCidrRange(gateway, cidr)) {
            throw new InvalidParameterValueException("The gateway ip " + gateway + " should be part of the CIDR of the network " + cidr);
        }
        // if end ip is not specified, default it to startIp
        if (startIP != null) {
            if (!NetUtils.isValidIp4(startIP)) {
                throw new InvalidParameterValueException("Invalid format for the startIp parameter");
            }
            if (endIP == null) {
                endIP = startIP;
            } else if (!NetUtils.isValidIp4(endIP)) {
                throw new InvalidParameterValueException("Invalid format for the endIp parameter");
            }
        }
        if (startIP != null && endIP != null) {
            if (!(gateway != null && netmask != null)) {
                throw new InvalidParameterValueException("gateway and netmask should be defined when startIP/endIP are passed in");
            }
        }
        if (gateway != null && netmask != null) {
            if (NetUtils.isNetworkorBroadcastIP(gateway, netmask)) {
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("The gateway IP provided is " + gateway + " and netmask is " + netmask + ". The IP is either broadcast or network IP.");
                }
                throw new InvalidParameterValueException("Invalid gateway IP provided. Either the IP is broadcast or network IP.");
            }
            if (!NetUtils.isValidIp4(gateway)) {
                throw new InvalidParameterValueException("Invalid gateway");
            }
            if (!NetUtils.isValidIp4Netmask(netmask)) {
                throw new InvalidParameterValueException("Invalid netmask");
            }
            cidr = NetUtils.ipAndNetMaskToCidr(gateway, netmask);
        }
        checkIpExclusionList(ipExclusionList, cidr, null);
    }
    if (ipv6) {
        // validate the ipv6 CIDR
        if (ip6Cidr != null && !NetUtils.isValidIp4Cidr(ip6Cidr)) {
            throw new InvalidParameterValueException("Invalid format for the CIDR parameter");
        }
        if (endIPv6 == null) {
            endIPv6 = startIPv6;
        }
        _networkModel.checkIp6Parameters(startIPv6, endIPv6, ip6Gateway, ip6Cidr);
        if (zone.getNetworkType() != NetworkType.Advanced || ntwkOff.getGuestType() != GuestType.Shared) {
            throw new InvalidParameterValueException("Can only support create IPv6 network with advance shared network!");
        }
    }
    if (isolatedPvlan != null && (zone.getNetworkType() != NetworkType.Advanced || ntwkOff.getGuestType() != GuestType.Shared)) {
        throw new InvalidParameterValueException("Can only support create Private VLAN network with advance shared network!");
    }
    if (isolatedPvlan != null && ipv6) {
        throw new InvalidParameterValueException("Can only support create Private VLAN network with IPv4!");
    }
    // Regular user can create Guest Isolated Source Nat enabled network only
    if (_accountMgr.isNormalUser(caller.getId()) && (ntwkOff.getTrafficType() != TrafficType.Guest || ntwkOff.getGuestType() != GuestType.Isolated && areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat))) {
        throw new InvalidParameterValueException("Regular user can create a network only from the network offering having traffic type " + TrafficType.Guest + " and network type " + GuestType.Isolated + " with a service " + Service.SourceNat.getName() + " enabled");
    }
    // Don't allow to specify vlan if the caller is a normal user
    if (_accountMgr.isNormalUser(caller.getId()) && (ntwkOff.getSpecifyVlan() || vlanId != null)) {
        throw new InvalidParameterValueException("Only ROOT admin and domain admins are allowed to specify vlanId");
    }
    if (ipv4) {
        // For non-root admins check cidr limit - if it's allowed by global config value
        if (!_accountMgr.isRootAdmin(caller.getId()) && cidr != null) {
            final String[] cidrPair = cidr.split("\\/");
            final int cidrSize = Integer.parseInt(cidrPair[1]);
            if (cidrSize < _cidrLimit) {
                throw new InvalidParameterValueException("Cidr size can't be less than " + _cidrLimit);
            }
        }
    }
    // Vlan is created in 1 cases - works in Advance zone only:
    // 1) GuestType is Shared
    boolean createVlan = startIP != null && endIP != null && zone.getNetworkType() == NetworkType.Advanced && (ntwkOff.getGuestType() == GuestType.Shared || !areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat));
    if (!createVlan) {
        // Only support advance shared network in IPv6, which means createVlan is a must
        if (ipv6) {
            createVlan = true;
        }
    }
    // Can add vlan range only to the network which allows it
    if (createVlan && !ntwkOff.getSpecifyIpRanges()) {
        final InvalidParameterValueException ex = new InvalidParameterValueException("Network offering with specified id doesn't support adding multiple ip ranges");
        ex.addProxyObject(ntwkOff.getUuid(), "networkOfferingId");
        throw ex;
    }
    if (ntwkOff.getGuestType() != GuestType.Private && gateway == null && cidr != null) {
        gateway = NetUtils.getCidrHostAddress(cidr);
    }
    if (ntwkOff.getGuestType() != GuestType.Private && ip6Gateway == null && ip6Cidr != null) {
        ip6Gateway = NetUtils.getCidrHostAddress6(ip6Cidr);
    }
    if (ntwkOff.getGuestType() == GuestType.Private && (dns1 != null || dns2 != null)) {
        throw new InvalidParameterValueException("Network of type Private does not support setting DNS servers");
    }
    Network network = commitNetwork(networkOfferingId, gateway, startIP, endIP, netmask, networkDomain, vlanId, name, displayText, caller, physicalNetworkId, zoneId, domainId, isDomainSpecific, subdomainAccess, vpcId, startIPv6, endIPv6, ip6Gateway, ip6Cidr, displayNetwork, aclId, isolatedPvlan, ntwkOff, pNtwk, aclType, owner, cidr, createVlan, dns1, dns2, ipExclusionList, getDhcpTftpServer, getDhcpBootfileName);
    // if the network offering has persistent set to true, implement the network
    if (ntwkOff.getIsPersistent()) {
        try {
            if (network.getState() == Network.State.Setup) {
                s_logger.debug("Network id=" + network.getId() + " is already provisioned");
                return network;
            }
            final DeployDestination dest = new DeployDestination(zone, null, null, null);
            final UserVO callerUser = _userDao.findById(CallContext.current().getCallingUserId());
            final Journal journal = new Journal.LogJournal("Implementing " + network, s_logger);
            final ReservationContext context = new ReservationContextImpl(UUID.randomUUID().toString(), journal, callerUser, caller);
            s_logger.debug("Implementing network " + network + " as a part of network provision for persistent network");
            final Pair<? extends NetworkGuru, ? extends Network> implementedNetwork = _networkMgr.implementNetwork(network.getId(), dest, context);
            if (implementedNetwork == null || implementedNetwork.first() == null) {
                s_logger.warn("Failed to provision the network " + network);
            }
            network = implementedNetwork.second();
        } catch (final ResourceUnavailableException ex) {
            s_logger.warn("Failed to implement persistent guest network " + network + "due to: " + ex.getMessage());
            final CloudRuntimeException e = new CloudRuntimeException("Failed to implement persistent guest network", ex);
            e.addProxyObject(network.getUuid(), "networkId");
            throw e;
        }
    }
    return network;
}
Also used : Account(com.cloud.legacymodel.user.Account) Journal(com.cloud.utils.Journal) ReservationContextImpl(com.cloud.vm.ReservationContextImpl) ReservationContext(com.cloud.vm.ReservationContext) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException) Network(com.cloud.legacymodel.network.Network) ACLType(com.cloud.legacymodel.acl.ControlledEntity.ACLType) UnknownHostException(java.net.UnknownHostException) Zone(com.cloud.db.model.Zone) Inet6Address(java.net.Inet6Address) NetworkDomainVO(com.cloud.network.dao.NetworkDomainVO) DomainVO(com.cloud.domain.DomainVO) UserVO(com.cloud.user.UserVO) DeployDestination(com.cloud.deploy.DeployDestination) ResourceUnavailableException(com.cloud.legacymodel.exceptions.ResourceUnavailableException) NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO) PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException) InetAddress(java.net.InetAddress) ActionEvent(com.cloud.event.ActionEvent) DB(com.cloud.utils.db.DB)

Aggregations

DomainVO (com.cloud.domain.DomainVO)2 ACLType (com.cloud.legacymodel.acl.ControlledEntity.ACLType)2 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)2 PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)2 Account (com.cloud.legacymodel.user.Account)2 DB (com.cloud.utils.db.DB)2 Zone (com.cloud.db.model.Zone)1 DeployDestination (com.cloud.deploy.DeployDestination)1 ActionEvent (com.cloud.event.ActionEvent)1 ControlledEntity (com.cloud.legacymodel.acl.ControlledEntity)1 CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)1 ResourceUnavailableException (com.cloud.legacymodel.exceptions.ResourceUnavailableException)1 Network (com.cloud.legacymodel.network.Network)1 NetworkDomainVO (com.cloud.network.dao.NetworkDomainVO)1 NetworkOfferingVO (com.cloud.offerings.NetworkOfferingVO)1 UserVO (com.cloud.user.UserVO)1 Journal (com.cloud.utils.Journal)1 ReservationContext (com.cloud.vm.ReservationContext)1 ReservationContextImpl (com.cloud.vm.ReservationContextImpl)1 Inet6Address (java.net.Inet6Address)1