Search in sources :

Example 1 with Domain

use of com.cloud.legacymodel.domain.Domain in project cosmic by MissionCriticalCloud.

the class DomainChecker method checkAccess.

@Override
public boolean checkAccess(final Account account, final Zone zone) throws PermissionDeniedException {
    if (account == null || zone.getDomainId() == null) {
        // public zone
        return true;
    } else {
        // admin has all permissions
        if (_accountService.isRootAdmin(account.getId())) {
            return true;
        } else // check if account's domain is a child of zone's domain
        if (_accountService.isNormalUser(account.getId()) || account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
            // if zone is dedicated to an account check that the accountId
            // matches.
            final DedicatedResourceVO dedicatedZone = _dedicatedDao.findByZoneId(zone.getId());
            if (dedicatedZone != null) {
                if (dedicatedZone.getAccountId() != null) {
                    if (dedicatedZone.getAccountId() == account.getId()) {
                        return true;
                    } else {
                        return false;
                    }
                }
            }
            if (account.getDomainId() == zone.getDomainId()) {
                // zone and account at exact node
                return true;
            } else {
                Domain domainRecord = _domainDao.findById(account.getDomainId());
                if (domainRecord != null) {
                    while (true) {
                        if (domainRecord.getId() == zone.getDomainId()) {
                            // found as a child
                            return true;
                        }
                        if (domainRecord.getParent() != null) {
                            domainRecord = _domainDao.findById(domainRecord.getParent());
                        } else {
                            break;
                        }
                    }
                }
            }
            // not found
            return false;
        } else // check if the account's domain is either child of zone's domain, or if zone's domain is child of account's domain
        if (_accountService.isDomainAdmin(account.getId())) {
            if (account.getDomainId() == zone.getDomainId()) {
                // zone and account at exact node
                return true;
            } else {
                final Domain zoneDomainRecord = _domainDao.findById(zone.getDomainId());
                final Domain accountDomainRecord = _domainDao.findById(account.getDomainId());
                if (accountDomainRecord != null) {
                    Domain localRecord = accountDomainRecord;
                    while (true) {
                        if (localRecord.getId() == zone.getDomainId()) {
                            // found as a child
                            return true;
                        }
                        if (localRecord.getParent() != null) {
                            localRecord = _domainDao.findById(localRecord.getParent());
                        } else {
                            break;
                        }
                    }
                }
                // didn't find in upper tree
                if (zoneDomainRecord != null && accountDomainRecord != null && zoneDomainRecord.getPath().contains(accountDomainRecord.getPath())) {
                    return true;
                }
            }
            // not found
            return false;
        }
    }
    return false;
}
Also used : DedicatedResourceVO(com.cloud.dc.DedicatedResourceVO) Domain(com.cloud.legacymodel.domain.Domain)

Example 2 with Domain

use of com.cloud.legacymodel.domain.Domain in project cosmic by MissionCriticalCloud.

the class ConfigurationManagerImpl method createVlanAndPublicIpRange.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_VLAN_IP_RANGE_CREATE, eventDescription = "creating vlan ip range", async = false)
public Vlan createVlanAndPublicIpRange(final CreateVlanIpRangeCmd cmd) throws InsufficientCapacityException, ConcurrentOperationException, ResourceUnavailableException, ResourceAllocationException {
    Long zoneId = cmd.getZoneId();
    final Long podId = cmd.getPodId();
    final String startIP = cmd.getStartIp();
    String endIP = cmd.getEndIp();
    final String newVlanGateway = cmd.getGateway();
    final String newVlanNetmask = cmd.getNetmask();
    String vlanId = cmd.getVlan();
    // TODO decide if we should be forgiving or demand a valid and complete URI
    if (!(vlanId == null || "".equals(vlanId) || vlanId.startsWith(BroadcastDomainType.Vlan.scheme()))) {
        vlanId = BroadcastDomainType.Vlan.toUri(vlanId).toString();
    }
    final Boolean forVirtualNetwork = cmd.isForVirtualNetwork();
    Long networkId = cmd.getNetworkID();
    Long physicalNetworkId = cmd.getPhysicalNetworkId();
    final String accountName = cmd.getAccountName();
    final Long projectId = cmd.getProjectId();
    final Long domainId = cmd.getDomainId();
    final String startIPv6 = cmd.getStartIpv6();
    String endIPv6 = cmd.getEndIpv6();
    final String ip6Gateway = cmd.getIp6Gateway();
    final String ip6Cidr = cmd.getIp6Cidr();
    Account vlanOwner = null;
    final boolean ipv4 = startIP != null;
    final boolean ipv6 = startIPv6 != null;
    if (!ipv4 && !ipv6) {
        throw new InvalidParameterValueException("StartIP or StartIPv6 is missing in the parameters!");
    }
    if (ipv4) {
        // if end ip is not specified, default it to startIp
        if (endIP == null && startIP != null) {
            endIP = startIP;
        }
    }
    if (ipv6) {
        // if end ip is not specified, default it to startIp
        if (endIPv6 == null && startIPv6 != null) {
            endIPv6 = startIPv6;
        }
    }
    if (projectId != null) {
        if (accountName != null) {
            throw new InvalidParameterValueException("Account and projectId are mutually exclusive");
        }
        final Project project = _projectMgr.getProject(projectId);
        if (project == null) {
            throw new InvalidParameterValueException("Unable to find project by id " + projectId);
        }
        vlanOwner = _accountMgr.getAccount(project.getProjectAccountId());
        if (vlanOwner == null) {
            throw new InvalidParameterValueException("Please specify a valid projectId");
        }
    }
    Domain domain = null;
    if (accountName != null && domainId != null) {
        vlanOwner = _accountDao.findActiveAccount(accountName, domainId);
        if (vlanOwner == null) {
            throw new InvalidParameterValueException("Please specify a valid account.");
        } else if (vlanOwner.getId() == Account.ACCOUNT_ID_SYSTEM) {
            // by default vlan is dedicated to system account
            vlanOwner = null;
        }
    } else if (domainId != null) {
        domain = _domainDao.findById(domainId);
        if (domain == null) {
            throw new InvalidParameterValueException("Please specify a valid domain id");
        }
    }
    // Verify that network exists
    Network network = null;
    if (networkId != null) {
        network = _networkDao.findById(networkId);
        if (network == null) {
            throw new InvalidParameterValueException("Unable to find network by id " + networkId);
        } else {
            zoneId = network.getDataCenterId();
            physicalNetworkId = network.getPhysicalNetworkId();
        }
    } else if (ipv6) {
        throw new InvalidParameterValueException("Only support IPv6 on extending existed network");
    }
    // Verify that zone exists
    final DataCenterVO zone = _zoneDao.findById(zoneId);
    if (zone == null) {
        throw new InvalidParameterValueException("Unable to find zone by id " + zoneId);
    }
    if (ipv6) {
        if (network.getGuestType() != GuestType.Shared) {
            throw new InvalidParameterValueException("Only support IPv6 on extending existed share network without SG");
        }
    }
    // verify that physical network exists
    final PhysicalNetworkVO pNtwk;
    if (physicalNetworkId != null) {
        pNtwk = _physicalNetworkDao.findById(physicalNetworkId);
        if (pNtwk == null) {
            throw new InvalidParameterValueException("Unable to find Physical Network with id=" + physicalNetworkId);
        }
        if (zoneId == null) {
            zoneId = pNtwk.getDataCenterId();
        }
    } else {
        if (zoneId == null) {
            throw new InvalidParameterValueException("");
        }
        // deduce physicalNetworkFrom Zone or Network.
        if (network != null && network.getPhysicalNetworkId() != null) {
            physicalNetworkId = network.getPhysicalNetworkId();
        } else {
            if (forVirtualNetwork) {
                // default physical network with public traffic in the zone
                physicalNetworkId = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Public).getId();
            } else {
                if (zone.getNetworkType() == NetworkType.Basic) {
                    // default physical network with guest traffic in the
                    // zone
                    physicalNetworkId = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Guest).getId();
                } else if (zone.getNetworkType() == NetworkType.Advanced) {
                    throw new InvalidParameterValueException("Physical Network Id is null, please provide the Network id for Direct vlan creation ");
                }
            }
        }
    }
    // Check if zone is enabled
    final Account caller = CallContext.current().getCallingAccount();
    if (AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
        throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zoneId);
    }
    // Untagged, try to locate default networks
    if (forVirtualNetwork) {
        if (network == null) {
            // find default public network in the zone
            networkId = _networkModel.getSystemNetworkByZoneAndTrafficType(zoneId, TrafficType.Public).getId();
            network = _networkModel.getNetwork(networkId);
        } else if (network.getGuestType() != null || network.getTrafficType() != TrafficType.Public) {
            throw new InvalidParameterValueException("Can't find Public network by id=" + networkId);
        }
    } else {
        if (network == null) {
            if (zone.getNetworkType() == NetworkType.Basic) {
                networkId = _networkModel.getExclusiveGuestNetwork(zoneId).getId();
                network = _networkModel.getNetwork(networkId);
            }
        } else if (network.getGuestType() == null || network.getGuestType() == GuestType.Isolated && _ntwkOffServiceMapDao.areServicesSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SourceNat)) {
            throw new InvalidParameterValueException("Can't create direct vlan for network id=" + networkId + " with type: " + network.getGuestType());
        }
    }
    Pair<Boolean, Pair<String, String>> sameSubnet = null;
    // Can add vlan range only to the network which allows it
    if (!network.getSpecifyIpRanges()) {
        throw new InvalidParameterValueException("Network " + network + " doesn't support adding ip ranges");
    }
    if (zone.getNetworkType() == NetworkType.Advanced) {
        if (network.getTrafficType() == TrafficType.Guest) {
            if (network.getGuestType() != GuestType.Shared) {
                throw new InvalidParameterValueException("Can execute createVLANIpRanges on shared guest network, but type of this guest network " + network.getId() + " is " + network.getGuestType());
            }
            final List<VlanVO> vlans = _vlanDao.listVlansByNetworkId(network.getId());
            if (vlans != null && vlans.size() > 0) {
                final VlanVO vlan = vlans.get(0);
                if (vlanId == null || vlanId.contains(Vlan.UNTAGGED)) {
                    vlanId = vlan.getVlanTag();
                } else if (!NetUtils.isSameIsolationId(vlan.getVlanTag(), vlanId)) {
                    throw new InvalidParameterValueException("there is already one vlan " + vlan.getVlanTag() + " on network :" + +network.getId() + ", only one vlan is allowed on guest network");
                }
            }
            sameSubnet = validateIpRange(startIP, endIP, newVlanGateway, newVlanNetmask, vlans, ipv4, ipv6, ip6Gateway, ip6Cidr, startIPv6, endIPv6, network);
        }
    } else if (network.getTrafficType() == TrafficType.Management) {
        throw new InvalidParameterValueException("Cannot execute createVLANIpRanges on management network");
    } else if (zone.getNetworkType() == NetworkType.Basic) {
        final List<VlanVO> vlans = _vlanDao.listVlansByNetworkId(network.getId());
        sameSubnet = validateIpRange(startIP, endIP, newVlanGateway, newVlanNetmask, vlans, ipv4, ipv6, ip6Gateway, ip6Cidr, startIPv6, endIPv6, network);
    }
    if (zoneId == null || ipv6 && (ip6Gateway == null || ip6Cidr == null)) {
        throw new InvalidParameterValueException("Gateway, netmask and zoneId have to be passed in for virtual and direct untagged networks");
    }
    if (forVirtualNetwork) {
        if (vlanOwner != null) {
            final long accountIpRange = NetUtils.ip2Long(endIP) - NetUtils.ip2Long(startIP) + 1;
            // check resource limits
            _resourceLimitMgr.checkResourceLimit(vlanOwner, ResourceType.public_ip, accountIpRange);
        }
    }
    // Check if the IP range overlaps with the private ip
    if (ipv4) {
        checkOverlapPrivateIpRange(zoneId, startIP, endIP);
    }
    return commitVlan(zoneId, podId, startIP, endIP, newVlanGateway, newVlanNetmask, vlanId, forVirtualNetwork, networkId, physicalNetworkId, startIPv6, endIPv6, ip6Gateway, ip6Cidr, domain, vlanOwner, network, sameSubnet);
}
Also used : DataCenterVO(com.cloud.dc.DataCenterVO) Account(com.cloud.legacymodel.user.Account) Project(com.cloud.projects.Project) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) PhysicalNetwork(com.cloud.network.PhysicalNetwork) Network(com.cloud.legacymodel.network.Network) PhysicalNetworkVO(com.cloud.network.dao.PhysicalNetworkVO) PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException) Domain(com.cloud.legacymodel.domain.Domain) VlanVO(com.cloud.dc.VlanVO) Pair(com.cloud.legacymodel.utils.Pair) ActionEvent(com.cloud.event.ActionEvent) DB(com.cloud.utils.db.DB)

Example 3 with Domain

use of com.cloud.legacymodel.domain.Domain in project cosmic by MissionCriticalCloud.

the class ConfigurationManagerImpl method dedicatePublicIpRange.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_VLAN_IP_RANGE_DEDICATE, eventDescription = "dedicating vlan ip range", async = false)
public Vlan dedicatePublicIpRange(final DedicatePublicIpRangeCmd cmd) throws ResourceAllocationException {
    final Long vlanDbId = cmd.getId();
    final String accountName = cmd.getAccountName();
    final Long domainId = cmd.getDomainId();
    final Long projectId = cmd.getProjectId();
    // Check if account is valid
    Account vlanOwner = null;
    if (projectId != null) {
        if (accountName != null) {
            throw new InvalidParameterValueException("accountName and projectId are mutually exclusive");
        }
        final Project project = _projectMgr.getProject(projectId);
        if (project == null) {
            throw new InvalidParameterValueException("Unable to find project by id " + projectId);
        }
        vlanOwner = _accountMgr.getAccount(project.getProjectAccountId());
        if (vlanOwner == null) {
            throw new InvalidParameterValueException("Please specify a valid projectId");
        }
    }
    Domain domain = null;
    if (accountName != null && domainId != null) {
        vlanOwner = _accountDao.findActiveAccount(accountName, domainId);
        if (vlanOwner == null) {
            throw new InvalidParameterValueException("Unable to find account by name " + accountName);
        } else if (vlanOwner.getId() == Account.ACCOUNT_ID_SYSTEM) {
            throw new InvalidParameterValueException("Please specify a valid account. Cannot dedicate IP range to system account");
        }
    } else if (domainId != null) {
        domain = _domainDao.findById(domainId);
        if (domain == null) {
            throw new InvalidParameterValueException("Please specify a valid domain id");
        }
    }
    // Check if range is valid
    final VlanVO vlan = _vlanDao.findById(vlanDbId);
    if (vlan == null) {
        throw new InvalidParameterValueException("Unable to find vlan by id " + vlanDbId);
    }
    // Check if range has already been dedicated
    final List<AccountVlanMapVO> maps = _accountVlanMapDao.listAccountVlanMapsByVlan(vlanDbId);
    if (maps != null && !maps.isEmpty()) {
        throw new InvalidParameterValueException("Specified Public IP range has already been dedicated");
    }
    final List<DomainVlanMapVO> domainmaps = _domainVlanMapDao.listDomainVlanMapsByVlan(vlanDbId);
    if (domainmaps != null && !domainmaps.isEmpty()) {
        throw new InvalidParameterValueException("Specified Public IP range has already been dedicated to a domain");
    }
    // Verify that zone exists and is advanced
    final Long zoneId = vlan.getDataCenterId();
    final DataCenterVO zone = _zoneDao.findById(zoneId);
    if (zone == null) {
        throw new InvalidParameterValueException("Unable to find zone by id " + zoneId);
    }
    if (zone.getNetworkType() == NetworkType.Basic) {
        throw new InvalidParameterValueException("Public IP range can be dedicated to an account only in the zone of type " + NetworkType.Advanced);
    }
    // Check Public IP resource limits
    if (vlanOwner != null) {
        final int accountPublicIpRange = _publicIpAddressDao.countIPs(zoneId, vlanDbId, false);
        _resourceLimitMgr.checkResourceLimit(vlanOwner, ResourceType.public_ip, accountPublicIpRange);
    }
    // Check if any of the Public IP addresses is allocated to another
    // account
    final List<IPAddressVO> ips = _publicIpAddressDao.listByVlanId(vlanDbId);
    for (final IPAddressVO ip : ips) {
        final Long allocatedToAccountId = ip.getAllocatedToAccountId();
        if (allocatedToAccountId != null) {
            final Account accountAllocatedTo = _accountMgr.getActiveAccountById(allocatedToAccountId);
            if (!accountAllocatedTo.getAccountName().equalsIgnoreCase(accountName)) {
                throw new InvalidParameterValueException(ip.getAddress() + " Public IP address in range is allocated to another account ");
            }
            if (vlanOwner == null && domain != null && domain.getId() != accountAllocatedTo.getDomainId()) {
                throw new InvalidParameterValueException(ip.getAddress() + " Public IP address in range is allocated to another domain/account ");
            }
        }
    }
    if (vlanOwner != null) {
        // Create an AccountVlanMapVO entry
        final AccountVlanMapVO accountVlanMapVO = new AccountVlanMapVO(vlanOwner.getId(), vlan.getId());
        _accountVlanMapDao.persist(accountVlanMapVO);
    } else if (domain != null) {
        // Create an DomainVlanMapVO entry
        final DomainVlanMapVO domainVlanMapVO = new DomainVlanMapVO(domain.getId(), vlan.getId());
        _domainVlanMapDao.persist(domainVlanMapVO);
    }
    // increment resource count for dedicated public ip's
    if (vlanOwner != null) {
        _resourceLimitMgr.incrementResourceCount(vlanOwner.getId(), ResourceType.public_ip, new Long(ips.size()));
    }
    return vlan;
}
Also used : DataCenterVO(com.cloud.dc.DataCenterVO) Account(com.cloud.legacymodel.user.Account) AccountVlanMapVO(com.cloud.dc.AccountVlanMapVO) DomainVlanMapVO(com.cloud.dc.DomainVlanMapVO) Project(com.cloud.projects.Project) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) IPAddressVO(com.cloud.network.dao.IPAddressVO) Domain(com.cloud.legacymodel.domain.Domain) VlanVO(com.cloud.dc.VlanVO) ActionEvent(com.cloud.event.ActionEvent) DB(com.cloud.utils.db.DB)

Example 4 with Domain

use of com.cloud.legacymodel.domain.Domain in project cosmic by MissionCriticalCloud.

the class LdapManagerImpl method linkDomainToLdap.

@Override
public LinkDomainToLdapResponse linkDomainToLdap(final Long domainId, final String type, final String name, final short accountType) {
    Validate.notNull(type, "type cannot be null. It should either be GROUP or OU");
    Validate.notNull(domainId, "domainId cannot be null.");
    Validate.notEmpty(name, "GROUP or OU name cannot be empty");
    // Account type should be 0 or 2. check the constants in com.cloud.legacymodel.user.Account
    Validate.isTrue(accountType == 0 || accountType == 2, "accountype should be either 0(normal user) or 2(domain admin)");
    final Domain domain = _domainManager.getDomain(domainId);
    final LinkType linkType = LdapManager.LinkType.valueOf(type.toUpperCase());
    final LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(domainId, linkType, name, accountType));
    final LinkDomainToLdapResponse response = new LinkDomainToLdapResponse(domain.getUuid(), vo.getType().toString(), vo.getName(), vo.getAccountType());
    return response;
}
Also used : LinkDomainToLdapResponse(com.cloud.api.response.LinkDomainToLdapResponse) Domain(com.cloud.legacymodel.domain.Domain)

Example 5 with Domain

use of com.cloud.legacymodel.domain.Domain in project cosmic by MissionCriticalCloud.

the class ListDomainChildrenCmd method execute.

// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@Override
public void execute() {
    final Pair<List<? extends Domain>, Integer> result = _domainService.searchForDomainChildren(this);
    final ListResponse<DomainResponse> response = new ListResponse<>();
    final List<DomainResponse> domainResponses = new ArrayList<>();
    for (final Domain domain : result.first()) {
        final DomainResponse domainResponse = _responseGenerator.createDomainResponse(domain);
        domainResponse.setObjectName("domain");
        domainResponses.add(domainResponse);
    }
    response.setResponses(domainResponses, result.second());
    response.setResponseName(getCommandName());
    this.setResponseObject(response);
}
Also used : ListResponse(com.cloud.api.response.ListResponse) DomainResponse(com.cloud.api.response.DomainResponse) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) Domain(com.cloud.legacymodel.domain.Domain)

Aggregations

Domain (com.cloud.legacymodel.domain.Domain)55 Account (com.cloud.legacymodel.user.Account)37 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)20 UserAccount (com.cloud.legacymodel.user.UserAccount)19 ArrayList (java.util.ArrayList)16 PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)11 Project (com.cloud.projects.Project)11 DomainVO (com.cloud.domain.DomainVO)10 Network (com.cloud.legacymodel.network.Network)10 DomainResponse (com.cloud.api.response.DomainResponse)8 Pair (com.cloud.legacymodel.utils.Pair)7 PhysicalNetworkVO (com.cloud.network.dao.PhysicalNetworkVO)7 HostVO (com.cloud.host.HostVO)6 List (java.util.List)6 Filter (com.cloud.utils.db.Filter)5 HashSet (java.util.HashSet)5 Test (org.junit.Test)5 AffinityGroupResponse (com.cloud.affinity.AffinityGroupResponse)4 CloudAuthenticationException (com.cloud.legacymodel.exceptions.CloudAuthenticationException)4 NetworkVO (com.cloud.network.dao.NetworkVO)4