You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2014/05/10 03:57:05 UTC
[3/3] git commit: updated refs/heads/master to daadc45
CLOUDSTACK-6628:[Automation] Create PF rulw API failing with error
"database id can only provided by VO objects".
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/daadc451
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/daadc451
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/daadc451
Branch: refs/heads/master
Commit: daadc45122b9ee6010f7cbe79d3b960b04a0efba
Parents: 5c3858b
Author: Min Chen <mi...@citrix.com>
Authored: Fri May 9 18:24:54 2014 -0700
Committer: Min Chen <mi...@citrix.com>
Committed: Fri May 9 18:48:08 2014 -0700
----------------------------------------------------------------------
.../command/user/firewall/CreatePortForwardingRuleCmd.java | 7 ++++++-
server/src/com/cloud/network/rules/RulesManagerImpl.java | 5 +++--
2 files changed, 9 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/daadc451/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
index f18767e..91146ac 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
@@ -19,8 +19,11 @@ package org.apache.cloudstack.api.command.user.firewall;
import java.util.List;
import org.apache.log4j.Logger;
+import org.bouncycastle.util.IPAddress;
import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -48,7 +51,7 @@ import com.cloud.utils.net.NetUtils;
import com.cloud.vm.VirtualMachine;
@APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class, entityType = {FirewallRule.class,
- VirtualMachine.class},
+ VirtualMachine.class, IPAddress.class},
requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule {
public static final Logger s_logger = Logger.getLogger(CreatePortForwardingRuleCmd.class.getName());
@@ -59,6 +62,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
+ @ACL(accessType = AccessType.OperateEntry)
@Parameter(name = ApiConstants.IP_ADDRESS_ID,
type = CommandType.UUID,
entityType = IPAddressResponse.class,
@@ -96,6 +100,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
description = "the ending port of port forwarding rule's private port range")
private Integer publicEndPort;
+ @ACL(accessType = AccessType.OperateEntry)
@Parameter(name = ApiConstants.VIRTUAL_MACHINE_ID,
type = CommandType.UUID,
entityType = UserVmResponse.class,
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/daadc451/server/src/com/cloud/network/rules/RulesManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java
index 5d56451..a0d6cd6 100755
--- a/server/src/com/cloud/network/rules/RulesManagerImpl.java
+++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java
@@ -195,6 +195,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules
throw new InvalidParameterValueException("Invalid user vm: " + userVm.getId());
}
+ // This same owner check is actually not needed, since multiple entities OperateEntry trick guarantee that
if (rule.getAccountId() != userVm.getAccountId()) {
throw new InvalidParameterValueException("New rule " + rule + " and vm id=" + userVm.getId() + " belong to different accounts");
}
@@ -267,8 +268,8 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules
if (vm == null) {
throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" +
vmId + ").");
- } else {
- checkRuleAndUserVm(rule, vm, caller);
+ } else if (vm.getState() == VirtualMachine.State.Destroyed || vm.getState() == VirtualMachine.State.Expunging) {
+ throw new InvalidParameterValueException("Invalid user vm: " + vm.getId());
}
// Verify that vm has nic in the network