@Override public boolean applyDefaultEgressFirewallRule(Long networkId, boolean defaultPolicy, boolean add) throws ResourceUnavailableException { s_logger.debug("applying default firewall egress rules "); NetworkVO network = _networkDao.findById(networkId); List<String> sourceCidr = new ArrayList<String>(); List<String> destCidr = new ArrayList<String>(); sourceCidr.add(network.getCidr()); destCidr.add(NetUtils.ALL_IP4_CIDRS); FirewallRuleVO ruleVO = new FirewallRuleVO(null, null, null, null, "all", networkId, network.getAccountId(), network.getDomainId(), Purpose.Firewall, sourceCidr, destCidr, null, null, null, FirewallRule.TrafficType.Egress, FirewallRuleType.System); ruleVO.setState(add ? State.Add : State.Revoke); List<FirewallRuleVO> rules = new ArrayList<FirewallRuleVO>(); rules.add(ruleVO); try { //this is not required to store in db because we don't to add this rule along with the normal rules if (!applyRules(rules, false, false)) { return false; } } catch (ResourceUnavailableException ex) { s_logger.warn("Failed to apply default egress rules for guest network due to ", ex); return false; } return true; }
private void createDefaultEgressFirewallRule(final List<FirewallRule> rules, final long networkId) { final NetworkVO network = _networkDao.findById(networkId); final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId()); final Boolean defaultEgressPolicy = offering.isEgressDefaultPolicy(); // The default on the router is set to Deny all. So, if the default configuration in the offering is set to true (Allow), we change the Egress here if (defaultEgressPolicy) { final List<String> sourceCidr = new ArrayList<String>(); final List<String> destCidr = new ArrayList<String>(); sourceCidr.add(network.getCidr()); destCidr.add(NetUtils.ALL_IP4_CIDRS); final FirewallRule rule = new FirewallRuleVO(null, null, null, null, "all", networkId, network.getAccountId(), network.getDomainId(), Purpose.Firewall, sourceCidr, destCidr, null, null, null, FirewallRule.TrafficType.Egress, FirewallRule.FirewallRuleType.System); rules.add(rule); } else { s_logger.debug("Egress policy for the Network " + networkId + " is already defined as Deny. So, no need to default the rule to Allow. "); } }
@Override @DB public NetworkVO persist(final NetworkVO network, final boolean gc, final Map<String, String> serviceProviderMap) { final TransactionLegacy txn = TransactionLegacy.currentTxn(); txn.start(); // 1) create network final NetworkVO newNetwork = super.persist(network); // 2) add account to the network addAccountToNetwork(network.getId(), network.getAccountId(), true); // 3) add network to gc monitor table final NetworkOpVO op = new NetworkOpVO(network.getId(), gc); _opDao.persist(op); // 4) add services/providers for the network persistNetworkServiceProviders(newNetwork.getId(), serviceProviderMap); txn.commit(); return newNetwork; }
final boolean updateResourceCount = resourceCountNeedsUpdate(ntwkOff, networkFinal.getAclType()); if (updateResourceCount) { _resourceLimitMgr.decrementResourceCount(networkFinal.getAccountId(), ResourceType.network, networkFinal.getDisplayNetwork());
@Override @ActionEvent(eventType = EventTypes.EVENT_NETWORK_DELETE, eventDescription = "deleting network", async = true) public boolean deleteNetwork(long networkId, boolean forced) { Account caller = CallContext.current().getCallingAccount(); // Verify network id NetworkVO network = _networksDao.findById(networkId); if (network == null) { // see NetworkVO.java throwInvalidIdException("unable to find network with specified id", String.valueOf(networkId), "networkId"); } // don't allow to delete system network if (isNetworkSystem(network)) { throwInvalidIdException("Network with specified id is system and can't be removed", network.getUuid(), "networkId"); } Account owner = _accountMgr.getAccount(network.getAccountId()); // Only Admin can delete Shared and L2 networks if ((network.getGuestType() == GuestType.Shared || network.getGuestType() == GuestType.L2) && !_accountMgr.isAdmin(caller.getId())) { throw new InvalidParameterValueException("Only Admins can delete network with guest type " + network.getGuestType()); } // Perform permission check _accountMgr.checkAccess(caller, null, true, network); if (forced && !_accountMgr.isRootAdmin(caller.getId())) { throw new InvalidParameterValueException("Delete network with 'forced' option can only be called by root admins"); } User callerUser = _accountMgr.getActiveUser(CallContext.current().getCallingUserId()); ReservationContext context = new ReservationContextImpl(null, null, callerUser, owner); return _networkMgr.destroyNetwork(networkId, context, forced); }
accountSearch.and("typeEQ", accountSearch.entity().getType(), SearchCriteria.Op.EQ); sb.join("accountSearch", accountSearch, sb.entity().getAccountId(), accountSearch.entity().getId(), JoinBuilder.JoinType.INNER);
_vpcMgr.validateNtwkOffForNtwkInVpc(networkId, networkOfferingId, null, null, vpc, null, _accountMgr.getAccount(network.getAccountId()), network.getNetworkACLId()); _resourceLimitMgr.changeResourceCount(network.getAccountId(), Resource.ResourceType.network, displayNetwork);
long gurusImplementing = 0; network.setBroadcastUri(null); AccountVO networkAccount = _accountDao.findById(network.getAccountId()); DataCenterDeployment plan = new DataCenterDeployment(network.getDataCenterId(), null, null, null, null, newPhysicalNetworkId); for (final NetworkGuru guru : _networkMgr.getNetworkGurus()) {
&& !(network.getAclType() == ACLType.Account && network.getAccountId() == accountId)) { throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vm");
&& !(network.getAclType() == ACLType.Account && network.getAccountId() == vmInstance.getAccountId())) { throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vmId: " + vmId);
AllFieldsSearch.and("offering", AllFieldsSearch.entity().getNetworkOfferingId(), Op.EQ); AllFieldsSearch.and("datacenter", AllFieldsSearch.entity().getDataCenterId(), Op.EQ); AllFieldsSearch.and("account", AllFieldsSearch.entity().getAccountId(), Op.EQ); AllFieldsSearch.and("related", AllFieldsSearch.entity().getRelated(), Op.EQ); AllFieldsSearch.and("guestType", AllFieldsSearch.entity().getGuestType(), Op.EQ); SourceNATSearch.and("account", SourceNATSearch.entity().getAccountId(), Op.EQ); SourceNATSearch.and("datacenter", SourceNATSearch.entity().getDataCenterId(), Op.EQ); SourceNATSearch.and("guestType", SourceNATSearch.entity().getGuestType(), Op.EQ);