Examples with LoadBalancerCertMapVO com.cloud.network.dao.LoadBalancerCertMapVO used on opensource projects

Example 6 with LoadBalancerCertMapVO

use of com.cloud.network.dao.LoadBalancerCertMapVO in project cosmic by MissionCriticalCloud.

the class LoadBalancingRulesManagerImpl method getLbSslCert.

@Override
public LbSslCert getLbSslCert(final long lbRuleId) {
    final LoadBalancerCertMapVO lbCertMap = _lbCertMapDao.findByLbRuleId(lbRuleId);
    if (lbCertMap == null) {
        return null;
    }
    final SslCertVO certVO = _entityMgr.findById(SslCertVO.class, lbCertMap.getCertId());
    if (certVO == null) {
        s_logger.warn("Cert rule with cert ID " + lbCertMap.getCertId() + " but Cert is not found");
        return null;
    }
    return new LbSslCert(certVO.getCertificate(), certVO.getKey(), certVO.getPassword(), certVO.getChain(), certVO.getFingerPrint(), lbCertMap.isRevoke());
}

Example 7 with LoadBalancerCertMapVO

use of com.cloud.network.dao.LoadBalancerCertMapVO in project cosmic by MissionCriticalCloud.

the class CertServiceImpl method listSslCerts.

@Override
public List<SslCertResponse> listSslCerts(final ListSslCertsCmd listSslCertCmd) {
    final CallContext ctx = CallContext.current();
    final Account caller = ctx.getCallingAccount();
    final Long certId = listSslCertCmd.getCertId();
    final Long accountId = listSslCertCmd.getAccountId();
    final Long lbRuleId = listSslCertCmd.getLbId();
    final Long projectId = listSslCertCmd.getProjectId();
    final List<SslCertResponse> certResponseList = new ArrayList<>();
    if (certId == null && accountId == null && lbRuleId == null && projectId == null) {
        throw new InvalidParameterValueException("Invalid parameters either certificate ID or Account ID or Loadbalancer ID or Project ID required");
    }
    List<LoadBalancerCertMapVO> certLbMap = null;
    SslCertVO certVO = null;
    if (certId != null) {
        certVO = _sslCertDao.findById(certId);
        if (certVO == null) {
            throw new InvalidParameterValueException("Invalid certificate id: " + certId);
        }
        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, certVO);
        certLbMap = _lbCertDao.listByCertId(certId);
        certResponseList.add(createCertResponse(certVO, certLbMap));
        return certResponseList;
    }
    if (lbRuleId != null) {
        final LoadBalancer lb = _entityMgr.findById(LoadBalancerVO.class, lbRuleId);
        if (lb == null) {
            throw new InvalidParameterValueException("Found no loadbalancer with id: " + lbRuleId);
        }
        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, lb);
        // get the cert id
        final LoadBalancerCertMapVO lbCertMapRule;
        lbCertMapRule = _lbCertDao.findByLbRuleId(lbRuleId);
        if (lbCertMapRule == null) {
            s_logger.debug("No certificate bound to loadbalancer id: " + lbRuleId);
            return certResponseList;
        }
        certVO = _sslCertDao.findById(lbCertMapRule.getCertId());
        certLbMap = _lbCertDao.listByCertId(lbCertMapRule.getCertId());
        certResponseList.add(createCertResponse(certVO, certLbMap));
        return certResponseList;
    }
    if (projectId != null) {
        final Project project = _projectMgr.getProject(projectId);
        if (project == null) {
            throw new InvalidParameterValueException("Found no project with id: " + projectId);
        }
        final List<SslCertVO> projectCertVOList = _sslCertDao.listByAccountId(project.getProjectAccountId());
        if (projectCertVOList == null || projectCertVOList.isEmpty()) {
            return certResponseList;
        }
        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, projectCertVOList.get(0));
        for (final SslCertVO cert : projectCertVOList) {
            certLbMap = _lbCertDao.listByCertId(cert.getId());
            certResponseList.add(createCertResponse(cert, certLbMap));
        }
        return certResponseList;
    }
    // reached here look by accountId
    final List<SslCertVO> certVOList = _sslCertDao.listByAccountId(accountId);
    if (certVOList == null || certVOList.isEmpty()) {
        return certResponseList;
    }
    _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, certVOList.get(0));
    for (final SslCertVO cert : certVOList) {
        certLbMap = _lbCertDao.listByCertId(cert.getId());
        certResponseList.add(createCertResponse(cert, certLbMap));
    }
    return certResponseList;
}

Example 8 with LoadBalancerCertMapVO

use of com.cloud.network.dao.LoadBalancerCertMapVO in project cosmic by MissionCriticalCloud.

the class CertServiceImpl method createCertResponse.

public SslCertResponse createCertResponse(final SslCertVO cert, final List<LoadBalancerCertMapVO> lbCertMap) {
    final SslCertResponse response = new SslCertResponse();
    final Account account = _accountDao.findByIdIncludingRemoved(cert.getAccountId());
    if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
        // find the project
        final Project project = _projectMgr.findByProjectAccountIdIncludingRemoved(account.getId());
        if (project != null) {
            response.setProjectId(project.getUuid());
            response.setProjectName(project.getName());
        } else {
            response.setAccountName(account.getAccountName());
        }
    } else {
        response.setAccountName(account.getAccountName());
    }
    final DomainVO domain = _domainDao.findByIdIncludingRemoved(cert.getDomainId());
    response.setDomainId(domain.getUuid());
    response.setDomainName(domain.getName());
    response.setObjectName("sslcert");
    response.setId(cert.getUuid());
    response.setCertificate(cert.getCertificate());
    response.setFingerprint(cert.getFingerPrint());
    if (cert.getChain() != null) {
        response.setCertchain(cert.getChain());
    }
    if (lbCertMap != null && !lbCertMap.isEmpty()) {
        final List<String> lbIds = new ArrayList<>();
        for (final LoadBalancerCertMapVO mapVO : lbCertMap) {
            final LoadBalancer lb = _entityMgr.findById(LoadBalancerVO.class, mapVO.getLbId());
            if (lb != null) {
                lbIds.add(lb.getUuid());
            }
        }
        response.setLbIds(lbIds);
    }
    return response;
}

Example 9 with LoadBalancerCertMapVO

use of com.cloud.network.dao.LoadBalancerCertMapVO in project cosmic by MissionCriticalCloud.

the class LoadBalancingRulesManagerImpl method assignCertToLoadBalancer.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_LB_CERT_ASSIGN, eventDescription = "assigning certificate to load balancer", async = true)
public boolean assignCertToLoadBalancer(final long lbRuleId, final Long certId) {
    final CallContext caller = CallContext.current();
    final LoadBalancerVO loadBalancer = _lbDao.findById(Long.valueOf(lbRuleId));
    if (loadBalancer == null) {
        throw new InvalidParameterException("Invalid load balancer id: " + lbRuleId);
    }
    final SslCertVO certVO = _entityMgr.findById(SslCertVO.class, certId);
    if (certVO == null) {
        throw new InvalidParameterException("Invalid certificate id: " + certId);
    }
    _accountMgr.checkAccess(caller.getCallingAccount(), null, true, loadBalancer);
    // check if LB and Cert belong to the same account
    if (loadBalancer.getAccountId() != certVO.getAccountId()) {
        throw new InvalidParameterValueException("Access denied for account " + certVO.getAccountId());
    }
    final String capability = getLBCapability(loadBalancer.getNetworkId(), Capability.SslTermination.getName());
    if (capability == null) {
        throw new InvalidParameterValueException("Ssl termination not supported by the loadbalancer");
    }
    // check if the lb is already bound
    final LoadBalancerCertMapVO certMapRule = _lbCertMapDao.findByLbRuleId(loadBalancer.getId());
    if (certMapRule != null) {
        throw new InvalidParameterValueException("Another certificate is already bound to the LB");
    }
    // check for correct port
    if (loadBalancer.getLbProtocol() == null || !(loadBalancer.getLbProtocol().equals(NetUtils.SSL_PROTO))) {
        throw new InvalidParameterValueException("Bad LB protocol: Expected ssl got " + loadBalancer.getLbProtocol());
    }
    boolean success = false;
    final FirewallRule.State backupState = loadBalancer.getState();
    try {
        loadBalancer.setState(FirewallRule.State.Add);
        _lbDao.persist(loadBalancer);
        final LoadBalancerCertMapVO certMap = new LoadBalancerCertMapVO(lbRuleId, certId, false);
        _lbCertMapDao.persist(certMap);
        applyLoadBalancerConfig(loadBalancer.getId());
        success = true;
    } catch (final ResourceUnavailableException e) {
        if (isRollBackAllowedForProvider(loadBalancer)) {
            loadBalancer.setState(backupState);
            _lbDao.persist(loadBalancer);
            final LoadBalancerCertMapVO certMap = _lbCertMapDao.findByLbRuleId(lbRuleId);
            _lbCertMapDao.remove(certMap.getId());
            s_logger.debug("LB Rollback rule id: " + loadBalancer.getId() + " while adding cert");
        }
        s_logger.warn("Unable to apply the load balancer config because resource is unavaliable.", e);
    }
    return success;
}

Example 10 with LoadBalancerCertMapVO

use of com.cloud.network.dao.LoadBalancerCertMapVO in project cosmic by MissionCriticalCloud.

the class LoadBalancingRulesManagerImpl method deleteLoadBalancerRule.

@DB
public boolean deleteLoadBalancerRule(final long loadBalancerId, final boolean apply, final Account caller, final long callerUserId, final boolean rollBack) {
    final LoadBalancerVO lb = _lbDao.findById(loadBalancerId);
    final FirewallRule.State backupState = lb.getState();
    // remove any ssl certs associated with this LB rule before trying to delete it.
    final LoadBalancerCertMapVO lbCertMap = _lbCertMapDao.findByLbRuleId(loadBalancerId);
    if (lbCertMap != null) {
        final boolean removeResult = removeCertFromLoadBalancer(loadBalancerId);
        if (!removeResult) {
            throw new CloudRuntimeException("Unable to remove certificate from load balancer rule " + loadBalancerId);
        }
    }
    final List<LoadBalancerVMMapVO> backupMaps = Transaction.execute(new TransactionCallback<List<LoadBalancerVMMapVO>>() {

        @Override
        public List<LoadBalancerVMMapVO> doInTransaction(final TransactionStatus status) {
            if (lb.getState() == FirewallRule.State.Staged) {
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("Found a rule that is still in stage state so just removing it: " + lb);
                }
            } else if (lb.getState() == FirewallRule.State.Add || lb.getState() == FirewallRule.State.Active) {
                lb.setState(FirewallRule.State.Revoke);
                _lbDao.persist(lb);
            }
            final List<LoadBalancerVMMapVO> backupMaps = _lb2VmMapDao.listByLoadBalancerId(loadBalancerId);
            final List<LoadBalancerVMMapVO> maps = _lb2VmMapDao.listByLoadBalancerId(loadBalancerId);
            if (maps != null) {
                for (final LoadBalancerVMMapVO map : maps) {
                    map.setRevoke(true);
                    _lb2VmMapDao.persist(map);
                    s_logger.debug("Set load balancer rule for revoke: rule id " + loadBalancerId + ", vmId " + map.getInstanceId());
                }
            }
            final List<LBHealthCheckPolicyVO> hcPolicies = _lb2healthcheckDao.listByLoadBalancerIdAndDisplayFlag(loadBalancerId, null);
            for (final LBHealthCheckPolicyVO lbHealthCheck : hcPolicies) {
                lbHealthCheck.setRevoke(true);
                _lb2healthcheckDao.persist(lbHealthCheck);
            }
            return backupMaps;
        }
    });
    // gather external network usage stats for this lb rule
    final NetworkVO network = _networkDao.findById(lb.getNetworkId());
    if (apply) {
        try {
            if (!applyLoadBalancerConfig(loadBalancerId)) {
                s_logger.warn("Unable to apply the load balancer config");
                return false;
            }
        } catch (final ResourceUnavailableException e) {
            if (rollBack && isRollBackAllowedForProvider(lb)) {
                if (backupMaps != null) {
                    for (final LoadBalancerVMMapVO map : backupMaps) {
                        _lb2VmMapDao.persist(map);
                        s_logger.debug("LB Rollback rule id: " + loadBalancerId + ", vmId " + map.getInstanceId());
                    }
                }
                lb.setState(backupState);
                _lbDao.persist(lb);
                s_logger.debug("LB Rollback rule id: " + loadBalancerId + " while deleting LB rule.");
            } else {
                s_logger.warn("Unable to apply the load balancer config because resource is unavaliable.", e);
            }
            return false;
        }
    }
    final FirewallRuleVO relatedRule = _firewallDao.findByRelatedId(lb.getId());
    if (relatedRule != null) {
        s_logger.warn("Unable to remove firewall rule id=" + lb.getId() + " as it has related firewall rule id=" + relatedRule.getId() + "; leaving it in Revoke state");
        return false;
    } else {
        _firewallMgr.removeRule(lb);
    }
    s_logger.debug("Load balancer with id " + lb.getId() + " is removed successfully");
    return true;
}