Example 1 with Domain
use of com.cloud.legacymodel.domain.Domain in project cosmic by MissionCriticalCloud.
the class DomainChecker method checkAccess.
@Override
public boolean checkAccess(final Account account, final Zone zone) throws PermissionDeniedException {
if (account == null || zone.getDomainId() == null) {
// public zone
return true;
} else {
// admin has all permissions
if (_accountService.isRootAdmin(account.getId())) {
return true;
} else // check if account's domain is a child of zone's domain
if (_accountService.isNormalUser(account.getId()) || account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
// if zone is dedicated to an account check that the accountId
// matches.
final DedicatedResourceVO dedicatedZone = _dedicatedDao.findByZoneId(zone.getId());
if (dedicatedZone != null) {
if (dedicatedZone.getAccountId() != null) {
if (dedicatedZone.getAccountId() == account.getId()) {
return true;
} else {
return false;
}
}
}
if (account.getDomainId() == zone.getDomainId()) {
// zone and account at exact node
return true;
} else {
Domain domainRecord = _domainDao.findById(account.getDomainId());
if (domainRecord != null) {
while (true) {
if (domainRecord.getId() == zone.getDomainId()) {
// found as a child
return true;
}
if (domainRecord.getParent() != null) {
domainRecord = _domainDao.findById(domainRecord.getParent());
} else {
break;
}
}
}
}
// not found
return false;
} else // check if the account's domain is either child of zone's domain, or if zone's domain is child of account's domain
if (_accountService.isDomainAdmin(account.getId())) {
if (account.getDomainId() == zone.getDomainId()) {
// zone and account at exact node
return true;
} else {
final Domain zoneDomainRecord = _domainDao.findById(zone.getDomainId());
final Domain accountDomainRecord = _domainDao.findById(account.getDomainId());
if (accountDomainRecord != null) {
Domain localRecord = accountDomainRecord;
while (true) {
if (localRecord.getId() == zone.getDomainId()) {
// found as a child
return true;
}
if (localRecord.getParent() != null) {
localRecord = _domainDao.findById(localRecord.getParent());
} else {
break;
}
}
}
// didn't find in upper tree
if (zoneDomainRecord != null && accountDomainRecord != null && zoneDomainRecord.getPath().contains(accountDomainRecord.getPath())) {
return true;
}
}
// not found
return false;
}
}
return false;
}
Also used :
DedicatedResourceVO(com.cloud.dc.DedicatedResourceVO)
Domain(com.cloud.legacymodel.domain.Domain)
Example 2 with Domain
use of com.cloud.legacymodel.domain.Domain in project cosmic by MissionCriticalCloud.
the class ConfigurationManagerImpl method createVlanAndPublicIpRange.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_VLAN_IP_RANGE_CREATE, eventDescription = "creating vlan ip range", async = false)
public Vlan createVlanAndPublicIpRange(final CreateVlanIpRangeCmd cmd) throws InsufficientCapacityException, ConcurrentOperationException, ResourceUnavailableException, ResourceAllocationException {
Long zoneId = cmd.getZoneId();
final Long podId = cmd.getPodId();
final String startIP = cmd.getStartIp();
String endIP = cmd.getEndIp();
final String newVlanGateway = cmd.getGateway();
final String newVlanNetmask = cmd.getNetmask();
String vlanId = cmd.getVlan();
// TODO decide if we should be forgiving or demand a valid and complete URI
if (!(vlanId == null || "".equals(vlanId) || vlanId.startsWith(BroadcastDomainType.Vlan.scheme()))) {
vlanId = BroadcastDomainType.Vlan.toUri(vlanId).toString();
}
final Boolean forVirtualNetwork = cmd.isForVirtualNetwork();
Long networkId = cmd.getNetworkID();
Long physicalNetworkId = cmd.getPhysicalNetworkId();
final String accountName = cmd.getAccountName();
final Long projectId = cmd.getProjectId();
final Long domainId = cmd.getDomainId();
final String startIPv6 = cmd.getStartIpv6();
String endIPv6 = cmd.getEndIpv6();
final String ip6Gateway = cmd.getIp6Gateway();
final String ip6Cidr = cmd.getIp6Cidr();
Account vlanOwner = null;
final boolean ipv4 = startIP != null;
final boolean ipv6 = startIPv6 != null;
if (!ipv4 && !ipv6) {
throw new InvalidParameterValueException("StartIP or StartIPv6 is missing in the parameters!");
}
if (ipv4) {
// if end ip is not specified, default it to startIp
if (endIP == null && startIP != null) {
endIP = startIP;
}
}
if (ipv6) {
// if end ip is not specified, default it to startIp
if (endIPv6 == null && startIPv6 != null) {
endIPv6 = startIPv6;
}
}
if (projectId != null) {
if (accountName != null) {
throw new InvalidParameterValueException("Account and projectId are mutually exclusive");
}
final Project project = _projectMgr.getProject(projectId);
if (project == null) {
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
vlanOwner = _accountMgr.getAccount(project.getProjectAccountId());
if (vlanOwner == null) {
throw new InvalidParameterValueException("Please specify a valid projectId");
}
}
Domain domain = null;
if (accountName != null && domainId != null) {
vlanOwner = _accountDao.findActiveAccount(accountName, domainId);
if (vlanOwner == null) {
throw new InvalidParameterValueException("Please specify a valid account.");
} else if (vlanOwner.getId() == Account.ACCOUNT_ID_SYSTEM) {
// by default vlan is dedicated to system account
vlanOwner = null;
}
} else if (domainId != null) {
domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Please specify a valid domain id");
}
}
// Verify that network exists
Network network = null;
if (networkId != null) {
network = _networkDao.findById(networkId);
if (network == null) {
throw new InvalidParameterValueException("Unable to find network by id " + networkId);
} else {
zoneId = network.getDataCenterId();
physicalNetworkId = network.getPhysicalNetworkId();
}
} else if (ipv6) {
throw new InvalidParameterValueException("Only support IPv6 on extending existed network");
}
// Verify that zone exists
final DataCenterVO zone = _zoneDao.findById(zoneId);
if (zone == null) {
throw new InvalidParameterValueException("Unable to find zone by id " + zoneId);
}
if (ipv6) {
if (network.getGuestType() != GuestType.Shared) {
throw new InvalidParameterValueException("Only support IPv6 on extending existed share network without SG");
}
}
// verify that physical network exists
final PhysicalNetworkVO pNtwk;
if (physicalNetworkId != null) {
pNtwk = _physicalNetworkDao.findById(physicalNetworkId);
if (pNtwk == null) {
throw new InvalidParameterValueException("Unable to find Physical Network with id=" + physicalNetworkId);
}
if (zoneId == null) {
zoneId = pNtwk.getDataCenterId();
}
} else {
if (zoneId == null) {
throw new InvalidParameterValueException("");
}
// deduce physicalNetworkFrom Zone or Network.
if (network != null && network.getPhysicalNetworkId() != null) {
physicalNetworkId = network.getPhysicalNetworkId();
} else {
if (forVirtualNetwork) {
// default physical network with public traffic in the zone
physicalNetworkId = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Public).getId();
} else {
if (zone.getNetworkType() == NetworkType.Basic) {
// default physical network with guest traffic in the
// zone
physicalNetworkId = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Guest).getId();
} else if (zone.getNetworkType() == NetworkType.Advanced) {
throw new InvalidParameterValueException("Physical Network Id is null, please provide the Network id for Direct vlan creation ");
}
}
}
}
// Check if zone is enabled
final Account caller = CallContext.current().getCallingAccount();
if (AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zoneId);
}
// Untagged, try to locate default networks
if (forVirtualNetwork) {
if (network == null) {
// find default public network in the zone
networkId = _networkModel.getSystemNetworkByZoneAndTrafficType(zoneId, TrafficType.Public).getId();
network = _networkModel.getNetwork(networkId);
} else if (network.getGuestType() != null || network.getTrafficType() != TrafficType.Public) {
throw new InvalidParameterValueException("Can't find Public network by id=" + networkId);
}
} else {
if (network == null) {
if (zone.getNetworkType() == NetworkType.Basic) {
networkId = _networkModel.getExclusiveGuestNetwork(zoneId).getId();
network = _networkModel.getNetwork(networkId);
}
} else if (network.getGuestType() == null || network.getGuestType() == GuestType.Isolated && _ntwkOffServiceMapDao.areServicesSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SourceNat)) {
throw new InvalidParameterValueException("Can't create direct vlan for network id=" + networkId + " with type: " + network.getGuestType());
}
}
Pair<Boolean, Pair<String, String>> sameSubnet = null;
// Can add vlan range only to the network which allows it
if (!network.getSpecifyIpRanges()) {
throw new InvalidParameterValueException("Network " + network + " doesn't support adding ip ranges");
}
if (zone.getNetworkType() == NetworkType.Advanced) {
if (network.getTrafficType() == TrafficType.Guest) {
if (network.getGuestType() != GuestType.Shared) {
throw new InvalidParameterValueException("Can execute createVLANIpRanges on shared guest network, but type of this guest network " + network.getId() + " is " + network.getGuestType());
}
final List<VlanVO> vlans = _vlanDao.listVlansByNetworkId(network.getId());
if (vlans != null && vlans.size() > 0) {
final VlanVO vlan = vlans.get(0);
if (vlanId == null || vlanId.contains(Vlan.UNTAGGED)) {
vlanId = vlan.getVlanTag();
} else if (!NetUtils.isSameIsolationId(vlan.getVlanTag(), vlanId)) {
throw new InvalidParameterValueException("there is already one vlan " + vlan.getVlanTag() + " on network :" + +network.getId() + ", only one vlan is allowed on guest network");
}
}
sameSubnet = validateIpRange(startIP, endIP, newVlanGateway, newVlanNetmask, vlans, ipv4, ipv6, ip6Gateway, ip6Cidr, startIPv6, endIPv6, network);
}
} else if (network.getTrafficType() == TrafficType.Management) {
throw new InvalidParameterValueException("Cannot execute createVLANIpRanges on management network");
} else if (zone.getNetworkType() == NetworkType.Basic) {
final List<VlanVO> vlans = _vlanDao.listVlansByNetworkId(network.getId());
sameSubnet = validateIpRange(startIP, endIP, newVlanGateway, newVlanNetmask, vlans, ipv4, ipv6, ip6Gateway, ip6Cidr, startIPv6, endIPv6, network);
}
if (zoneId == null || ipv6 && (ip6Gateway == null || ip6Cidr == null)) {
throw new InvalidParameterValueException("Gateway, netmask and zoneId have to be passed in for virtual and direct untagged networks");
}
if (forVirtualNetwork) {
if (vlanOwner != null) {
final long accountIpRange = NetUtils.ip2Long(endIP) - NetUtils.ip2Long(startIP) + 1;
// check resource limits
_resourceLimitMgr.checkResourceLimit(vlanOwner, ResourceType.public_ip, accountIpRange);
}
}
// Check if the IP range overlaps with the private ip
if (ipv4) {
checkOverlapPrivateIpRange(zoneId, startIP, endIP);
}
return commitVlan(zoneId, podId, startIP, endIP, newVlanGateway, newVlanNetmask, vlanId, forVirtualNetwork, networkId, physicalNetworkId, startIPv6, endIPv6, ip6Gateway, ip6Cidr, domain, vlanOwner, network, sameSubnet);
}
Also used :
DataCenterVO(com.cloud.dc.DataCenterVO)
Account(com.cloud.legacymodel.user.Account)
Project(com.cloud.projects.Project)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
PhysicalNetwork(com.cloud.network.PhysicalNetwork)
Network(com.cloud.legacymodel.network.Network)
PhysicalNetworkVO(com.cloud.network.dao.PhysicalNetworkVO)
PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException)
Domain(com.cloud.legacymodel.domain.Domain)
VlanVO(com.cloud.dc.VlanVO)
Pair(com.cloud.legacymodel.utils.Pair)
ActionEvent(com.cloud.event.ActionEvent)
DB(com.cloud.utils.db.DB)
Example 3 with Domain
use of com.cloud.legacymodel.domain.Domain in project cosmic by MissionCriticalCloud.
the class ConfigurationManagerImpl method dedicatePublicIpRange.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_VLAN_IP_RANGE_DEDICATE, eventDescription = "dedicating vlan ip range", async = false)
public Vlan dedicatePublicIpRange(final DedicatePublicIpRangeCmd cmd) throws ResourceAllocationException {
final Long vlanDbId = cmd.getId();
final String accountName = cmd.getAccountName();
final Long domainId = cmd.getDomainId();
final Long projectId = cmd.getProjectId();
// Check if account is valid
Account vlanOwner = null;
if (projectId != null) {
if (accountName != null) {
throw new InvalidParameterValueException("accountName and projectId are mutually exclusive");
}
final Project project = _projectMgr.getProject(projectId);
if (project == null) {
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
vlanOwner = _accountMgr.getAccount(project.getProjectAccountId());
if (vlanOwner == null) {
throw new InvalidParameterValueException("Please specify a valid projectId");
}
}
Domain domain = null;
if (accountName != null && domainId != null) {
vlanOwner = _accountDao.findActiveAccount(accountName, domainId);
if (vlanOwner == null) {
throw new InvalidParameterValueException("Unable to find account by name " + accountName);
} else if (vlanOwner.getId() == Account.ACCOUNT_ID_SYSTEM) {
throw new InvalidParameterValueException("Please specify a valid account. Cannot dedicate IP range to system account");
}
} else if (domainId != null) {
domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Please specify a valid domain id");
}
}
// Check if range is valid
final VlanVO vlan = _vlanDao.findById(vlanDbId);
if (vlan == null) {
throw new InvalidParameterValueException("Unable to find vlan by id " + vlanDbId);
}
// Check if range has already been dedicated
final List<AccountVlanMapVO> maps = _accountVlanMapDao.listAccountVlanMapsByVlan(vlanDbId);
if (maps != null && !maps.isEmpty()) {
throw new InvalidParameterValueException("Specified Public IP range has already been dedicated");
}
final List<DomainVlanMapVO> domainmaps = _domainVlanMapDao.listDomainVlanMapsByVlan(vlanDbId);
if (domainmaps != null && !domainmaps.isEmpty()) {
throw new InvalidParameterValueException("Specified Public IP range has already been dedicated to a domain");
}
// Verify that zone exists and is advanced
final Long zoneId = vlan.getDataCenterId();
final DataCenterVO zone = _zoneDao.findById(zoneId);
if (zone == null) {
throw new InvalidParameterValueException("Unable to find zone by id " + zoneId);
}
if (zone.getNetworkType() == NetworkType.Basic) {
throw new InvalidParameterValueException("Public IP range can be dedicated to an account only in the zone of type " + NetworkType.Advanced);
}
// Check Public IP resource limits
if (vlanOwner != null) {
final int accountPublicIpRange = _publicIpAddressDao.countIPs(zoneId, vlanDbId, false);
_resourceLimitMgr.checkResourceLimit(vlanOwner, ResourceType.public_ip, accountPublicIpRange);
}
// Check if any of the Public IP addresses is allocated to another
// account
final List<IPAddressVO> ips = _publicIpAddressDao.listByVlanId(vlanDbId);
for (final IPAddressVO ip : ips) {
final Long allocatedToAccountId = ip.getAllocatedToAccountId();
if (allocatedToAccountId != null) {
final Account accountAllocatedTo = _accountMgr.getActiveAccountById(allocatedToAccountId);
if (!accountAllocatedTo.getAccountName().equalsIgnoreCase(accountName)) {
throw new InvalidParameterValueException(ip.getAddress() + " Public IP address in range is allocated to another account ");
}
if (vlanOwner == null && domain != null && domain.getId() != accountAllocatedTo.getDomainId()) {
throw new InvalidParameterValueException(ip.getAddress() + " Public IP address in range is allocated to another domain/account ");
}
}
}
if (vlanOwner != null) {
// Create an AccountVlanMapVO entry
final AccountVlanMapVO accountVlanMapVO = new AccountVlanMapVO(vlanOwner.getId(), vlan.getId());
_accountVlanMapDao.persist(accountVlanMapVO);
} else if (domain != null) {
// Create an DomainVlanMapVO entry
final DomainVlanMapVO domainVlanMapVO = new DomainVlanMapVO(domain.getId(), vlan.getId());
_domainVlanMapDao.persist(domainVlanMapVO);
}
// increment resource count for dedicated public ip's
if (vlanOwner != null) {
_resourceLimitMgr.incrementResourceCount(vlanOwner.getId(), ResourceType.public_ip, new Long(ips.size()));
}
return vlan;
}
Also used :
DataCenterVO(com.cloud.dc.DataCenterVO)
Account(com.cloud.legacymodel.user.Account)
AccountVlanMapVO(com.cloud.dc.AccountVlanMapVO)
DomainVlanMapVO(com.cloud.dc.DomainVlanMapVO)
Project(com.cloud.projects.Project)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
Domain(com.cloud.legacymodel.domain.Domain)
VlanVO(com.cloud.dc.VlanVO)
ActionEvent(com.cloud.event.ActionEvent)
DB(com.cloud.utils.db.DB)
Example 4 with Domain
use of com.cloud.legacymodel.domain.Domain in project cosmic by MissionCriticalCloud.
the class LdapManagerImpl method linkDomainToLdap.
@Override
public LinkDomainToLdapResponse linkDomainToLdap(final Long domainId, final String type, final String name, final short accountType) {
Validate.notNull(type, "type cannot be null. It should either be GROUP or OU");
Validate.notNull(domainId, "domainId cannot be null.");
Validate.notEmpty(name, "GROUP or OU name cannot be empty");
// Account type should be 0 or 2. check the constants in com.cloud.legacymodel.user.Account
Validate.isTrue(accountType == 0 || accountType == 2, "accountype should be either 0(normal user) or 2(domain admin)");
final Domain domain = _domainManager.getDomain(domainId);
final LinkType linkType = LdapManager.LinkType.valueOf(type.toUpperCase());
final LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(domainId, linkType, name, accountType));
final LinkDomainToLdapResponse response = new LinkDomainToLdapResponse(domain.getUuid(), vo.getType().toString(), vo.getName(), vo.getAccountType());
return response;
}
Also used :
LinkDomainToLdapResponse(com.cloud.api.response.LinkDomainToLdapResponse)
Domain(com.cloud.legacymodel.domain.Domain)
Example 5 with Domain
use of com.cloud.legacymodel.domain.Domain in project cosmic by MissionCriticalCloud.
the class ListDomainChildrenCmd method execute.
// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@Override
public void execute() {
final Pair<List<? extends Domain>, Integer> result = _domainService.searchForDomainChildren(this);
final ListResponse<DomainResponse> response = new ListResponse<>();
final List<DomainResponse> domainResponses = new ArrayList<>();
for (final Domain domain : result.first()) {
final DomainResponse domainResponse = _responseGenerator.createDomainResponse(domain);
domainResponse.setObjectName("domain");
domainResponses.add(domainResponse);
}
response.setResponses(domainResponses, result.second());
response.setResponseName(getCommandName());
this.setResponseObject(response);
}
Also used :
ListResponse(com.cloud.api.response.ListResponse)
DomainResponse(com.cloud.api.response.DomainResponse)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
Domain(com.cloud.legacymodel.domain.Domain)
Aggregations
Domain (com.cloud.legacymodel.domain.Domain)55
Account (com.cloud.legacymodel.user.Account)37
InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)20
UserAccount (com.cloud.legacymodel.user.UserAccount)19
ArrayList (java.util.ArrayList)16
PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)11
Project (com.cloud.projects.Project)11
DomainVO (com.cloud.domain.DomainVO)10
Network (com.cloud.legacymodel.network.Network)10
DomainResponse (com.cloud.api.response.DomainResponse)8
Pair (com.cloud.legacymodel.utils.Pair)7
PhysicalNetworkVO (com.cloud.network.dao.PhysicalNetworkVO)7
HostVO (com.cloud.host.HostVO)6
List (java.util.List)6
Filter (com.cloud.utils.db.Filter)5
HashSet (java.util.HashSet)5
Test (org.junit.Test)5
AffinityGroupResponse (com.cloud.affinity.AffinityGroupResponse)4
CloudAuthenticationException (com.cloud.legacymodel.exceptions.CloudAuthenticationException)4
NetworkVO (com.cloud.network.dao.NetworkVO)4
