Search in sources :

Example 46 with Account

use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.

the class Site2SiteVpnManagerImpl method createVpnGateway.

@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_GATEWAY_CREATE, eventDescription = "creating s2s vpn gateway", async = true)
public Site2SiteVpnGateway createVpnGateway(final CreateVpnGatewayCmd cmd) {
    final Account caller = CallContext.current().getCallingAccount();
    final Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
    // Verify that caller can perform actions in behalf of vpc owner
    _accountMgr.checkAccess(caller, null, false, owner);
    final Long vpcId = cmd.getVpcId();
    final VpcVO vpc = _vpcDao.findById(vpcId);
    if (vpc == null) {
        throw new InvalidParameterValueException("Invalid VPC " + vpcId + " for site to site vpn gateway creation!");
    }
    final Site2SiteVpnGatewayVO gws = _vpnGatewayDao.findByVpcId(vpcId);
    if (gws != null) {
        throw new InvalidParameterValueException("The VPN gateway of VPC " + vpcId + " already exists!");
    }
    // Use source NAT ip for VPC
    final List<IPAddressVO> ips = _ipAddressDao.listByVpc(vpcId, true);
    if (ips.size() != 1) {
        throw new CloudRuntimeException("Vpc " + vpcId + " does not have a Public IP address with SourceNat, so no VPN is possible.");
    }
    final Site2SiteVpnGatewayVO gw = new Site2SiteVpnGatewayVO(owner.getAccountId(), owner.getDomainId(), ips.get(0).getId(), vpcId);
    if (cmd.getDisplay() != null) {
        gw.setDisplay(cmd.getDisplay());
    }
    _vpnGatewayDao.persist(gw);
    return gw;
}
Also used : Account(com.cloud.legacymodel.user.Account) VpcVO(com.cloud.network.vpc.VpcVO) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException) Site2SiteVpnGatewayVO(com.cloud.network.dao.Site2SiteVpnGatewayVO) IPAddressVO(com.cloud.network.dao.IPAddressVO) ActionEvent(com.cloud.event.ActionEvent)

Example 47 with Account

use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.

the class Site2SiteVpnManagerImpl method searchForVpnConnections.

@Override
public Pair<List<? extends Site2SiteVpnConnection>, Integer> searchForVpnConnections(final ListVpnConnectionsCmd cmd) {
    final Long id = cmd.getId();
    final Long vpcId = cmd.getVpcId();
    final Boolean display = cmd.getDisplay();
    Long domainId = cmd.getDomainId();
    boolean isRecursive = cmd.isRecursive();
    final String accountName = cmd.getAccountName();
    final boolean listAll = cmd.listAll();
    final long startIndex = cmd.getStartIndex();
    final long pageSizeVal = cmd.getPageSizeVal();
    final Account caller = CallContext.current().getCallingAccount();
    final List<Long> permittedAccounts = new ArrayList<>();
    final Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<>(domainId, isRecursive, null);
    _accountMgr.buildACLSearchParameters(caller, id, accountName, cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, listAll, false);
    domainId = domainIdRecursiveListProject.first();
    isRecursive = domainIdRecursiveListProject.second();
    final ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
    final Filter searchFilter = new Filter(Site2SiteVpnConnectionVO.class, "id", false, startIndex, pageSizeVal);
    final SearchBuilder<Site2SiteVpnConnectionVO> sb = _vpnConnectionDao.createSearchBuilder();
    _accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
    sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
    sb.and("display", sb.entity().isDisplay(), SearchCriteria.Op.EQ);
    if (vpcId != null) {
        final SearchBuilder<Site2SiteVpnGatewayVO> gwSearch = _vpnGatewayDao.createSearchBuilder();
        gwSearch.and("vpcId", gwSearch.entity().getVpcId(), SearchCriteria.Op.EQ);
        sb.join("gwSearch", gwSearch, sb.entity().getVpnGatewayId(), gwSearch.entity().getId(), JoinBuilder.JoinType.INNER);
    }
    final SearchCriteria<Site2SiteVpnConnectionVO> sc = sb.create();
    _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
    if (display != null) {
        sc.setParameters("display", display);
    }
    if (id != null) {
        sc.addAnd("id", SearchCriteria.Op.EQ, id);
    }
    if (vpcId != null) {
        sc.setJoinParameters("gwSearch", "vpcId", vpcId);
    }
    final Pair<List<Site2SiteVpnConnectionVO>, Integer> result = _vpnConnectionDao.searchAndCount(sc, searchFilter);
    return new Pair<>(result.first(), result.second());
}
Also used : Account(com.cloud.legacymodel.user.Account) Ternary(com.cloud.legacymodel.utils.Ternary) ArrayList(java.util.ArrayList) Site2SiteVpnConnectionVO(com.cloud.network.dao.Site2SiteVpnConnectionVO) ListProjectResourcesCriteria(com.cloud.projects.Project.ListProjectResourcesCriteria) Filter(com.cloud.utils.db.Filter) Site2SiteVpnGatewayVO(com.cloud.network.dao.Site2SiteVpnGatewayVO) List(java.util.List) ArrayList(java.util.ArrayList) LinkedList(java.util.LinkedList) Pair(com.cloud.legacymodel.utils.Pair)

Example 48 with Account

use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.

the class Site2SiteVpnManagerImpl method searchForCustomerGateways.

@Override
public Pair<List<? extends Site2SiteCustomerGateway>, Integer> searchForCustomerGateways(final ListVpnCustomerGatewaysCmd cmd) {
    final Long id = cmd.getId();
    Long domainId = cmd.getDomainId();
    boolean isRecursive = cmd.isRecursive();
    final String accountName = cmd.getAccountName();
    final boolean listAll = cmd.listAll();
    final long startIndex = cmd.getStartIndex();
    final long pageSizeVal = cmd.getPageSizeVal();
    String keyword = cmd.getKeyword();
    final Account caller = CallContext.current().getCallingAccount();
    final List<Long> permittedAccounts = new ArrayList<>();
    final Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<>(domainId, isRecursive, null);
    _accountMgr.buildACLSearchParameters(caller, id, accountName, cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, listAll, false);
    domainId = domainIdRecursiveListProject.first();
    isRecursive = domainIdRecursiveListProject.second();
    final ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
    final Filter searchFilter = new Filter(Site2SiteCustomerGatewayVO.class, "id", false, startIndex, pageSizeVal);
    final SearchBuilder<Site2SiteCustomerGatewayVO> sb = _customerGatewayDao.createSearchBuilder();
    _accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
    sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
    sb.and("name", sb.entity().getName(), SearchCriteria.Op.LIKE);
    final SearchCriteria<Site2SiteCustomerGatewayVO> sc = sb.create();
    _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
    if (id != null) {
        sc.setParameters("id", id);
    }
    if (keyword != null && !keyword.isEmpty()) {
        sc.setParameters("name", "%" + keyword + "%");
    }
    final Pair<List<Site2SiteCustomerGatewayVO>, Integer> result = _customerGatewayDao.searchAndCount(sc, searchFilter);
    return new Pair<>(result.first(), result.second());
}
Also used : Account(com.cloud.legacymodel.user.Account) Ternary(com.cloud.legacymodel.utils.Ternary) Site2SiteCustomerGatewayVO(com.cloud.network.dao.Site2SiteCustomerGatewayVO) ArrayList(java.util.ArrayList) ListProjectResourcesCriteria(com.cloud.projects.Project.ListProjectResourcesCriteria) Filter(com.cloud.utils.db.Filter) List(java.util.List) ArrayList(java.util.ArrayList) LinkedList(java.util.LinkedList) Pair(com.cloud.legacymodel.utils.Pair)

Example 49 with Account

use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.

the class Site2SiteVpnManagerImpl method createVpnConnection.

@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_CREATE, eventDescription = "creating s2s vpn connection", create = true)
public Site2SiteVpnConnection createVpnConnection(final CreateVpnConnectionCmd cmd) throws NetworkRuleConflictException {
    final Account caller = CallContext.current().getCallingAccount();
    final Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
    // Verify that caller can perform actions in behalf of vpc owner
    _accountMgr.checkAccess(caller, null, false, owner);
    final Long customerGatewayId = cmd.getCustomerGatewayId();
    final Site2SiteCustomerGateway customerGateway = _customerGatewayDao.findById(customerGatewayId);
    if (customerGateway == null) {
        throw new InvalidParameterValueException("Unable to found specified Site to Site VPN customer gateway " + customerGatewayId + " !");
    }
    _accountMgr.checkAccess(caller, null, false, customerGateway);
    final Long vpnGatewayId = cmd.getVpnGatewayId();
    final Site2SiteVpnGateway vpnGateway = _vpnGatewayDao.findById(vpnGatewayId);
    if (vpnGateway == null) {
        throw new InvalidParameterValueException("Unable to found specified Site to Site VPN gateway " + vpnGatewayId + " !");
    }
    _accountMgr.checkAccess(caller, null, false, vpnGateway);
    if (customerGateway.getAccountId() != vpnGateway.getAccountId() || customerGateway.getDomainId() != vpnGateway.getDomainId()) {
        throw new InvalidParameterValueException("VPN connection can only be esitablished between same account's VPN gateway and customer gateway!");
    }
    if (_vpnConnectionDao.findByVpnGatewayIdAndCustomerGatewayId(vpnGatewayId, customerGatewayId) != null) {
        throw new InvalidParameterValueException("The vpn connection with customer gateway id " + customerGatewayId + " and vpn gateway id " + vpnGatewayId + " already existed!");
    }
    final String[] cidrList = customerGateway.getGuestCidrList().split(",");
    // Remote sub nets cannot overlap VPC's sub net
    final String vpcCidr = _vpcDao.findById(vpnGateway.getVpcId()).getCidr();
    for (final String cidr : cidrList) {
        if (NetUtils.isNetworksOverlap(vpcCidr, cidr)) {
            throw new InvalidParameterValueException("The subnets of customer gateway " + customerGatewayId + "'s subnet " + cidr + " is overlapped with VPC cidr " + vpcCidr + "!");
        }
    }
    // We also need to check if the new connection's remote CIDR is overlapped with existed connections
    final List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByVpnGatewayId(vpnGatewayId);
    if (conns.size() >= _connLimit) {
        throw new InvalidParameterValueException("There are too many VPN connections with current VPN gateway! The limit is " + _connLimit);
    }
    for (final Site2SiteVpnConnectionVO vc : conns) {
        if (vc == null) {
            continue;
        }
        final Site2SiteCustomerGatewayVO gw = _customerGatewayDao.findById(vc.getCustomerGatewayId());
        final String[] oldCidrList = gw.getGuestCidrList().split(",");
        for (final String oldCidr : oldCidrList) {
            for (final String cidr : cidrList) {
                if (NetUtils.isNetworksOverlap(cidr, oldCidr)) {
                    throw new InvalidParameterValueException("The new connection's remote subnet " + cidr + " is overlapped with existed VPN connection to customer gateway " + gw.getName() + "'s subnet " + oldCidr);
                }
            }
        }
    }
    final Site2SiteVpnConnectionVO conn = new Site2SiteVpnConnectionVO(owner.getAccountId(), owner.getDomainId(), vpnGatewayId, customerGatewayId, cmd.isPassive());
    conn.setState(State.Pending);
    if (cmd.getDisplay() != null) {
        conn.setDisplay(cmd.getDisplay());
    }
    _vpnConnectionDao.persist(conn);
    return conn;
}
Also used : Account(com.cloud.legacymodel.user.Account) Site2SiteVpnGateway(com.cloud.network.Site2SiteVpnGateway) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) Site2SiteCustomerGatewayVO(com.cloud.network.dao.Site2SiteCustomerGatewayVO) Site2SiteVpnConnectionVO(com.cloud.network.dao.Site2SiteVpnConnectionVO) Site2SiteCustomerGateway(com.cloud.network.Site2SiteCustomerGateway) ActionEvent(com.cloud.event.ActionEvent)

Example 50 with Account

use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.

the class Site2SiteVpnManagerImpl method deleteCustomerGateway.

@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_DELETE, eventDescription = "deleting s2s vpn customer gateway", create = true)
public boolean deleteCustomerGateway(final DeleteVpnCustomerGatewayCmd cmd) {
    CallContext.current().setEventDetails(" Id: " + cmd.getId());
    final Account caller = CallContext.current().getCallingAccount();
    final Long id = cmd.getId();
    final Site2SiteCustomerGateway customerGateway = _customerGatewayDao.findById(id);
    if (customerGateway == null) {
        throw new InvalidParameterValueException("Fail to find customer gateway with " + id + " !");
    }
    _accountMgr.checkAccess(caller, null, false, customerGateway);
    return doDeleteCustomerGateway(customerGateway);
}
Also used : Account(com.cloud.legacymodel.user.Account) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) Site2SiteCustomerGateway(com.cloud.network.Site2SiteCustomerGateway) ActionEvent(com.cloud.event.ActionEvent)

Aggregations

Account (com.cloud.legacymodel.user.Account)435 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)229 ActionEvent (com.cloud.event.ActionEvent)120 ArrayList (java.util.ArrayList)103 CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)98 PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)78 User (com.cloud.legacymodel.user.User)73 DB (com.cloud.utils.db.DB)59 List (java.util.List)58 Pair (com.cloud.legacymodel.utils.Pair)53 Network (com.cloud.legacymodel.network.Network)48 CallContext (com.cloud.context.CallContext)47 DomainVO (com.cloud.domain.DomainVO)47 UserAccount (com.cloud.legacymodel.user.UserAccount)47 Filter (com.cloud.utils.db.Filter)47 TransactionStatus (com.cloud.utils.db.TransactionStatus)40 Domain (com.cloud.legacymodel.domain.Domain)39 ResourceUnavailableException (com.cloud.legacymodel.exceptions.ResourceUnavailableException)37 Test (org.junit.Test)36 Ternary (com.cloud.legacymodel.utils.Ternary)34