Sync javelin with master up to 894cb8f7d9fc8b5561754a9fa541fef8f235148a
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/7bd8bec6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/7bd8bec6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/7bd8bec6 Branch: refs/heads/master Commit: 7bd8bec68afa3ac89cf1b2e857c82280d64e42be Parents: 64d794e 894cb8f Author: Kelven Yang <[email protected]> Authored: Thu Jan 31 17:20:19 2013 -0800 Committer: Kelven Yang <[email protected]> Committed: Thu Jan 31 17:20:19 2013 -0800 ---------------------------------------------------------------------- INSTALL.md | 3 +- .../cloud/agent/api/routing/DhcpEntryCommand.java | 35 ++- api/src/com/cloud/dc/Vlan.java | 5 + api/src/com/cloud/network/Network.java | 30 ++ api/src/com/cloud/network/NetworkModel.java | 1 + api/src/com/cloud/network/NetworkProfile.java | 14 + api/src/com/cloud/network/Networks.java | 2 +- api/src/com/cloud/vm/Nic.java | 6 + api/src/com/cloud/vm/NicProfile.java | 42 ++- api/src/com/cloud/vm/UserVmService.java | 14 +- .../org/apache/cloudstack/api/ApiConstants.java | 5 + .../api/command/user/network/CreateNetworkCmd.java | 44 +++ .../api/command/user/vm/DeployVMCmd.java | 45 ++- .../cloudstack/api/response/NetworkResponse.java | 14 + .../cloudstack/api/response/NicResponse.java | 22 ++- .../api/response/VlanIpRangeResponse.java | 33 ++ .../com/cloud/bridge/model/CloudStackUserVO.java | 49 +++ .../bridge/persist/dao/CloudStackUserDao.java | 26 ++ .../bridge/persist/dao/CloudStackUserDaoImpl.java | 66 ++++ .../com/cloud/bridge/service/EC2RestServlet.java | 103 +++--- .../cloud/bridge/service/EC2SoapServiceImpl.java | 4 +- .../service/core/ec2/EC2AddressFilterSet.java | 17 +- .../cloud/bridge/service/core/ec2/EC2Engine.java | 148 +++++---- .../service/core/ec2/EC2KeyPairFilterSet.java | 6 +- awsapi/src/com/cloud/stack/CloudStackApi.java | 9 +- client/tomcatconf/componentContext.xml.in | 2 +- client/tomcatconf/components.xml.in | 1 + .../virtualnetwork/VirtualRoutingResource.java | 7 + patches/systemvm/debian/config/etc/dnsmasq.conf | 278 ++++++++++++--- .../debian/config/etc/init.d/cloud-early-config | 67 +++- patches/systemvm/debian/config/etc/sysctl.conf | 6 +- patches/systemvm/debian/config/root/edithosts.sh | 116 +++++-- .../networkservice/BaremetalDhcpManagerImpl.java | 4 +- .../hypervisor/vmware/resource/VmwareResource.java | 19 +- .../xen/resource/CitrixResourceBase.java | 7 + pom.xml | 1 + scripts/network/domr/dhcp_entry.sh | 68 ++-- server/src/com/cloud/api/ApiResponseHelper.java | 15 + .../src/com/cloud/api/query/QueryManagerImpl.java | 12 +- .../cloud/baremetal/ExternalDhcpManagerImpl.java | 2 +- .../cloud/configuration/ConfigurationManager.java | 2 +- .../configuration/ConfigurationManagerImpl.java | 74 ++++- server/src/com/cloud/dc/VlanVO.java | 43 +++- .../src/com/cloud/network/Ipv6AddressManager.java | 28 ++ .../com/cloud/network/Ipv6AddressManagerImpl.java | 109 ++++++ server/src/com/cloud/network/NetworkManager.java | 4 +- .../src/com/cloud/network/NetworkManagerImpl.java | 84 ++++- server/src/com/cloud/network/NetworkModelImpl.java | 31 ++- .../src/com/cloud/network/NetworkServiceImpl.java | 81 ++++- server/src/com/cloud/network/UserIpv6Address.java | 52 +++ .../src/com/cloud/network/UserIpv6AddressVO.java | 188 ++++++++++ server/src/com/cloud/network/addr/PublicIp.java | 15 + server/src/com/cloud/network/dao/NetworkVO.java | 24 ++ .../com/cloud/network/dao/UserIpv6AddressDao.java | 23 ++ .../cloud/network/dao/UserIpv6AddressDaoImpl.java | 98 +++++ .../network/element/VirtualRouterElement.java | 5 + .../com/cloud/network/guru/DirectNetworkGuru.java | 33 ++- .../network/guru/DirectPodBasedNetworkGuru.java | 2 +- .../network/guru/ExternalGuestNetworkGuru.java | 2 +- .../com/cloud/network/guru/GuestNetworkGuru.java | 4 +- .../cloud/network/guru/PodBasedNetworkGuru.java | 2 +- .../com/cloud/network/guru/PublicNetworkGuru.java | 2 +- .../router/VirtualNetworkApplianceManagerImpl.java | 22 +- .../src/com/cloud/network/vpc/VpcManagerImpl.java | 2 +- server/src/com/cloud/user/AccountManagerImpl.java | 2 +- server/src/com/cloud/vm/NicVO.java | 25 ++ server/src/com/cloud/vm/UserVmManagerImpl.java | 130 +++---- .../com/cloud/network/MockNetworkManagerImpl.java | 4 +- .../com/cloud/network/MockNetworkModelImpl.java | 6 + .../com/cloud/user/MockAccountManagerImpl.java | 2 +- .../test/com/cloud/vm/MockUserVmManagerImpl.java | 9 +- .../cloud/vpc/MockConfigurationManagerImpl.java | 2 +- .../test/com/cloud/vpc/MockNetworkManagerImpl.java | 10 +- .../test/com/cloud/vpc/MockNetworkModelImpl.java | 6 + setup/db/create-schema.sql | 32 ++ ui/scripts/ui-custom/instanceWizard.js | 3 + utils/pom.xml | 5 + utils/src/com/cloud/utils/net/NetUtils.java | 114 ++++++ utils/test/com/cloud/utils/net/NetUtilsTest.java | 34 ++ .../com/cloud/utils/xmlobject/TestXmlObject.java | 4 + 80 files changed, 2244 insertions(+), 422 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7bd8bec6/api/src/com/cloud/network/Network.java ---------------------------------------------------------------------- diff --cc api/src/com/cloud/network/Network.java index df7a3da,f0f3f18..27977f9 --- a/api/src/com/cloud/network/Network.java +++ b/api/src/com/cloud/network/Network.java @@@ -255,7 -254,33 +255,33 @@@ public interface Network extends Contro s_fsm.addTransition(State.Shutdown, Event.OperationFailed, State.Implemented); } } - + + public class IpAddresses { + private String ip4Address; + private String ip6Address; + + public IpAddresses(String ip4Address, String ip6Address) { + this.setIp4Address(ip4Address); + this.setIp6Address(ip6Address); + } + + public String getIp4Address() { + return ip4Address; + } + + public void setIp4Address(String ip4Address) { + this.ip4Address = ip4Address; + } + + public String getIp6Address() { + return ip6Address; + } + + public void setIp6Address(String ip6Address) { + this.ip6Address = ip6Address; + } + } + String getName(); Mode getMode(); @@@ -267,7 -292,11 +293,11 @@@ String getGateway(); String getCidr(); - + + String getIp6Gateway(); + + String getIp6Cidr(); + long getDataCenterId(); long getNetworkOfferingId(); http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7bd8bec6/api/src/com/cloud/network/NetworkProfile.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7bd8bec6/api/src/com/cloud/vm/Nic.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7bd8bec6/api/src/com/cloud/vm/NicProfile.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7bd8bec6/api/src/com/cloud/vm/UserVmService.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7bd8bec6/api/src/org/apache/cloudstack/api/ApiConstants.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7bd8bec6/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java ---------------------------------------------------------------------- diff --cc api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java index 678b0e8,bbd8b5a..5ec7cef --- a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java @@@ -207,7 -219,35 +219,35 @@@ public class CreateNetworkCmd extends B } } + public String getStartIpv6() { + if (startIpv6 == null) { + return null; + } + return startIpv6.toLowerCase(); + } + + public String getEndIpv6() { + if (endIpv6 == null) { + return null; + } + return endIpv6.toLowerCase(); + } + + public String getIp6Gateway() { + if (ip6Gateway == null) { + return null; + } + return ip6Gateway.toLowerCase(); + } + + public String getIp6Cidr() { + if (ip6Cidr == null) { + return null; + } + return ip6Cidr.toLowerCase(); + } + - ///////////////////////////////////////////////////// + ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// @Override http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7bd8bec6/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java ---------------------------------------------------------------------- diff --cc api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java index 567d171,b21b53c..70a263d --- a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java @@@ -304,7 -312,14 +316,14 @@@ public class DeployVMCmd extends BaseAs return ipToNetworkMap; } - + + public String getIp6Address() { + if (ip6Address == null) { + return null; + } + return ip6Address.toLowerCase(); + } + ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// @@@ -425,23 -448,28 +448,24 @@@ } UserVm vm = null; - if (getHypervisor() == HypervisorType.BareMetal) { - vm = _bareMetalVmService.createVirtualMachine(this); - } else { - IpAddresses addrs = new IpAddresses(ipAddress, getIp6Address()); - if (zone.getNetworkType() == NetworkType.Basic) { - if (getNetworkIds() != null) { - throw new InvalidParameterValueException("Can't specify network Ids in Basic zone"); - } else { - vm = _userVmService.createBasicSecurityGroupVirtualMachine(zone, serviceOffering, template, getSecurityGroupIdList(), owner, name, - displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), addrs, keyboard); - } ++ IpAddresses addrs = new IpAddresses(ipAddress, getIp6Address()); + if (zone.getNetworkType() == NetworkType.Basic) { + if (getNetworkIds() != null) { + throw new InvalidParameterValueException("Can't specify network Ids in Basic zone"); } else { - if (zone.isSecurityGroupEnabled()) { - vm = _userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, template, getNetworkIds(), getSecurityGroupIdList(), + vm = _userVmService.createBasicSecurityGroupVirtualMachine(zone, serviceOffering, template, getSecurityGroupIdList(), owner, name, - displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard); ++ displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), addrs, keyboard); + } + } else { + if (zone.isSecurityGroupEnabled()) { + vm = _userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, template, getNetworkIds(), getSecurityGroupIdList(), - owner, name, displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard); + owner, name, displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), addrs, keyboard); - } else { - if (getSecurityGroupIdList() != null && !getSecurityGroupIdList().isEmpty()) { - throw new InvalidParameterValueException("Can't create vm with security groups; security group feature is not enabled per zone"); - } - vm = _userVmService.createAdvancedVirtualMachine(zone, serviceOffering, template, getNetworkIds(), owner, name, displayName, - diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), addrs, keyboard); + } else { + if (getSecurityGroupIdList() != null && !getSecurityGroupIdList().isEmpty()) { + throw new InvalidParameterValueException("Can't create vm with security groups; security group feature is not enabled per zone"); } + vm = _userVmService.createAdvancedVirtualMachine(zone, serviceOffering, template, getNetworkIds(), owner, name, displayName, - diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard); ++ diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), addrs, keyboard); } } http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7bd8bec6/api/src/org/apache/cloudstack/api/response/NetworkResponse.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7bd8bec6/api/src/org/apache/cloudstack/api/response/NicResponse.java ---------------------------------------------------------------------- diff --cc api/src/org/apache/cloudstack/api/response/NicResponse.java index 25131d2,36cf506..a7d1a0d --- a/api/src/org/apache/cloudstack/api/response/NicResponse.java +++ b/api/src/org/apache/cloudstack/api/response/NicResponse.java @@@ -119,7 -124,19 +128,19 @@@ public class NicResponse extends BaseRe public void setMacAddress(String macAddress) { this.macAddress = macAddress; } - + + public void setIp6Gateway(String ip6Gateway) { + this.ip6Gateway = ip6Gateway; + } + + public void setIp6Cidr(String ip6Cidr) { + this.ip6Cidr = ip6Cidr; + } + + public void setIp6Address(String ip6Address) { + this.ip6Address = ip6Address; + } + @Override public int hashCode() { final int prime = 31; http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7bd8bec6/api/src/org/apache/cloudstack/api/response/VlanIpRangeResponse.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7bd8bec6/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java ---------------------------------------------------------------------- diff --cc awsapi/src/com/cloud/bridge/service/EC2RestServlet.java index 15df24e,4260e9f..57a32a4 --- a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java +++ b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java @@@ -39,8 -39,6 +39,7 @@@ import java.util.List import java.util.Properties; import java.util.UUID; - import javax.annotation.PostConstruct; +import javax.inject.Inject; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; @@@ -98,8 -95,9 +97,10 @@@ import com.amazon.ec2.RunInstancesRespo import com.amazon.ec2.StartInstancesResponse; import com.amazon.ec2.StopInstancesResponse; import com.amazon.ec2.TerminateInstancesResponse; + import com.cloud.bridge.model.CloudStackUserVO; import com.cloud.bridge.model.UserCredentialsVO; +import com.cloud.bridge.persist.dao.CloudStackConfigurationDao; + import com.cloud.bridge.persist.dao.CloudStackUserDaoImpl; import com.cloud.bridge.persist.dao.OfferingDaoImpl; import com.cloud.bridge.persist.dao.UserCredentialsDaoImpl; import com.cloud.bridge.service.controller.s3.ServiceProvider; @@@ -143,74 -140,74 +144,75 @@@ import com.cloud.bridge.service.excepti import com.cloud.bridge.util.AuthenticationUtils; import com.cloud.bridge.util.ConfigurationHelper; import com.cloud.bridge.util.EC2RestAuth; -import com.cloud.bridge.util.EncryptionSecretKeyCheckerUtil; import com.cloud.stack.models.CloudStackAccount; -import com.cloud.utils.component.ComponentLocator; import com.cloud.utils.db.Transaction; - +@Component("EC2RestServlet") public class EC2RestServlet extends HttpServlet { - private static final long serialVersionUID = -6168996266762804888L; - protected final UserCredentialsDaoImpl ucDao = ComponentLocator.inject(UserCredentialsDaoImpl.class); - protected final CloudStackUserDaoImpl userDao = ComponentLocator.inject(CloudStackUserDaoImpl.class); - protected final OfferingDaoImpl ofDao = ComponentLocator.inject(OfferingDaoImpl.class); - - public static final Logger logger = Logger.getLogger(EC2RestServlet.class); - - private OMFactory factory = OMAbstractFactory.getOMFactory(); - private XMLOutputFactory xmlOutFactory = XMLOutputFactory.newInstance(); - - private String pathToKeystore = null; - private String keystorePassword = null; - private String wsdlVersion = null; - private String version = null; - - boolean debug=true; - - - /** - * We build the path to where the keystore holding the WS-Security X509 certificates - * are stored. - */ - @Override - public void init( ServletConfig config ) throws ServletException { - File propertiesFile = ConfigurationHelper.findConfigurationFile("ec2-service.properties"); - Properties EC2Prop = null; - - if (null != propertiesFile) { - logger.info("Use EC2 properties file: " + propertiesFile.getAbsolutePath()); - EC2Prop = new Properties(); - try { - EC2Prop.load( new FileInputStream( propertiesFile )); - } catch (FileNotFoundException e) { - logger.warn("Unable to open properties file: " + propertiesFile.getAbsolutePath(), e); - } catch (IOException e) { - logger.warn("Unable to read properties file: " + propertiesFile.getAbsolutePath(), e); - } - String keystore = EC2Prop.getProperty( "keystore" ); - keystorePassword = EC2Prop.getProperty( "keystorePass" ); - wsdlVersion = EC2Prop.getProperty( "WSDLVersion", "2010-11-15" ); - version = EC2Prop.getProperty( "cloudbridgeVersion", "UNKNOWN VERSION" ); - - String installedPath = System.getenv("CATALINA_HOME"); - if (installedPath == null) installedPath = System.getenv("CATALINA_BASE"); - if (installedPath == null) installedPath = System.getProperty("catalina.home"); - String webappPath = config.getServletContext().getRealPath("/"); - //pathToKeystore = new String( installedPath + File.separator + "webapps" + File.separator + webappName + File.separator + "WEB-INF" + File.separator + "classes" + File.separator + keystore ); - pathToKeystore = new String( webappPath + "WEB-INF" + File.separator + "classes" + File.separator + keystore ); - } + private static final long serialVersionUID = -6168996266762804888L; + @Inject UserCredentialsDaoImpl ucDao; + @Inject OfferingDaoImpl ofDao; ++ @Inject CloudStackUserDaoImpl userDao; + + public static final Logger logger = Logger.getLogger(EC2RestServlet.class); + + private final OMFactory factory = OMAbstractFactory.getOMFactory(); + private final XMLOutputFactory xmlOutFactory = XMLOutputFactory.newInstance(); + + private String pathToKeystore = null; + private String keystorePassword = null; + private String wsdlVersion = null; + private String version = null; + + boolean debug=true; + + public EC2RestServlet() { } - - @Override - protected void doGet(HttpServletRequest req, HttpServletResponse resp) { - doGetOrPost(req, resp); + + /** + * We build the path to where the keystore holding the WS-Security X509 certificates + * are stored. + */ + @Override + public void init( ServletConfig config ) throws ServletException { + SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this, config.getServletContext()); + + File propertiesFile = ConfigurationHelper.findConfigurationFile("ec2-service.properties"); + Properties EC2Prop = null; + + if (null != propertiesFile) { + logger.info("Use EC2 properties file: " + propertiesFile.getAbsolutePath()); + EC2Prop = new Properties(); + try { + EC2Prop.load( new FileInputStream( propertiesFile )); + } catch (FileNotFoundException e) { + logger.warn("Unable to open properties file: " + propertiesFile.getAbsolutePath(), e); + } catch (IOException e) { + logger.warn("Unable to read properties file: " + propertiesFile.getAbsolutePath(), e); + } + String keystore = EC2Prop.getProperty( "keystore" ); + keystorePassword = EC2Prop.getProperty( "keystorePass" ); + wsdlVersion = EC2Prop.getProperty( "WSDLVersion", "2010-11-15" ); + version = EC2Prop.getProperty( "cloudbridgeVersion", "UNKNOWN VERSION" ); + + String installedPath = System.getenv("CATALINA_HOME"); + if (installedPath == null) installedPath = System.getenv("CATALINA_BASE"); + if (installedPath == null) installedPath = System.getProperty("catalina.home"); + String webappPath = config.getServletContext().getRealPath("/"); + //pathToKeystore = new String( installedPath + File.separator + "webapps" + File.separator + webappName + File.separator + "WEB-INF" + File.separator + "classes" + File.separator + keystore ); + pathToKeystore = new String( webappPath + File.separator + "\\WEB-INF" + File.separator + "classes" + File.separator + keystore ); + } } - + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) { + doGetOrPost(req, resp); + } + @Override - protected void doPost(HttpServletRequest req, HttpServletResponse resp) { - doGetOrPost(req, resp); + protected void doPost(HttpServletRequest req, HttpServletResponse resp) { + doGetOrPost(req, resp); } protected void doGetOrPost(HttpServletRequest request, HttpServletResponse response) { @@@ -682,53 -679,70 +684,70 @@@ EC2AuthorizeRevokeSecurityGroup EC2request = new EC2AuthorizeRevokeSecurityGroup(); String[] groupName = request.getParameterValues( "GroupName" ); - if ( null != groupName && 0 < groupName.length ) - EC2request.setName( groupName[0] ); + if ( null != groupName && 0 < groupName.length ) + EC2request.setName( groupName[0] ); else { response.sendError(530, "Missing GroupName parameter" ); return; } + // -> not clear how many parameters there are until we fail to get IpPermissions.n.IpProtocol + int nCount = 1, mCount; + do { - EC2IpPermission perm = new EC2IpPermission(); + EC2IpPermission perm = new EC2IpPermission(); - String[] protocol = request.getParameterValues( "IpProtocol" ); + String[] protocol = request.getParameterValues( "IpPermissions." + nCount + ".IpProtocol" ); - if ( null != protocol && 0 < protocol.length ) + if ( null != protocol && 0 < protocol.length ) - perm.setProtocol( protocol[0] ); - else { response.sendError(530, "Missing IpProtocol parameter" ); return; } + perm.setProtocol( protocol[0]); + else break; - String[] fromPort = request.getParameterValues( "FromPort" ); - if ( null != fromPort && 0 < fromPort.length ) - perm.setProtocol( fromPort[0] ); - else { response.sendError(530, "Missing FromPort parameter" ); return; } + String[] fromPort = request.getParameterValues( "IpPermissions." + nCount + ".FromPort" ); + if ( null != fromPort && 0 < fromPort.length) + perm.setFromPort( Integer.parseInt( fromPort[0])); - String[] toPort = request.getParameterValues( "ToPort" ); - if ( null != toPort && 0 < toPort.length ) - perm.setProtocol( toPort[0] ); - else { response.sendError(530, "Missing ToPort parameter" ); return; } + String[] toPort = request.getParameterValues( "IpPermissions." + nCount + ".ToPort" ); + if ( null != toPort && 0 < toPort.length) + perm.setToPort( Integer.parseInt( toPort[0])); - String[] ranges = request.getParameterValues( "CidrIp" ); + // -> list: IpPermissions.n.IpRanges.m.CidrIp + mCount = 1; + do { + String[] ranges = request.getParameterValues( "IpPermissions." + nCount + ".IpRanges." + mCount + ".CidrIp" ); - if ( null != ranges && 0 < ranges.length) + if ( null != ranges && 0 < ranges.length) - perm.addIpRange( ranges[0] ); - else { response.sendError(530, "Missing CidrIp parameter" ); return; } - - String[] user = request.getParameterValues( "SourceSecurityGroupOwnerId" ); - if ( null == user || 0 == user.length) { - response.sendError(530, "Missing SourceSecurityGroupOwnerId parameter" ); - return; - } + perm.addIpRange( ranges[0]); + else break; + mCount++; + } while( true ); + + // -> list: IpPermissions.n.Groups.m.UserId and IpPermissions.n.Groups.m.GroupName + mCount = 1; + do { + EC2SecurityGroup group = new EC2SecurityGroup(); + + String[] user = request.getParameterValues( "IpPermissions." + nCount + ".Groups." + mCount + ".UserId" ); + if ( null != user && 0 < user.length) + group.setAccount( user[0]); + else break; + + String[] name = request.getParameterValues( "IpPermissions." + nCount + ".Groups." + mCount + ".GroupName" ); + if ( null != name && 0 < name.length) + group.setName( name[0]); + else break; + + perm.addUser( group); + mCount++; + } while( true ); + + // -> multiple IP permissions can be specified per group name + EC2request.addIpPermission( perm); + nCount++; + } while( true ); - String[] name = request.getParameterValues( "SourceSecurityGroupName" ); - if ( null == name || 0 == name.length) { - response.sendError(530, "Missing SourceSecurityGroupName parameter" ); + if (1 == nCount) { + response.sendError(530, "At least one IpPermissions required" ); - return; + return; } - EC2SecurityGroup group = new EC2SecurityGroup(); - group.setAccount( user[0] ); - group.setName( name[0] ); - perm.addUser( group ); - EC2request.addIpPermission( perm ); - - // -> execute the request + // -> execute the request RevokeSecurityGroupIngressResponse EC2response = EC2SoapServiceImpl.toRevokeSecurityGroupIngressResponse( - ServiceProvider.getInstance().getEC2Engine().revokeSecurityGroup( EC2request )); + ServiceProvider.getInstance().getEC2Engine().revokeSecurityGroup( EC2request )); serializeResponse(response, EC2response); } @@@ -738,77 -752,79 +757,79 @@@ EC2AuthorizeRevokeSecurityGroup EC2request = new EC2AuthorizeRevokeSecurityGroup(); String[] groupName = request.getParameterValues( "GroupName" ); - if ( null != groupName && 0 < groupName.length ) - EC2request.setName( groupName[0] ); + if ( null != groupName && 0 < groupName.length ) + EC2request.setName( groupName[0] ); else { response.sendError(530, "Missing GroupName parameter" ); return; } - // -> not clear how many parameters there are until we fail to get IpPermissions.n.IpProtocol - int nCount = 1; - do - { EC2IpPermission perm = new EC2IpPermission(); + // -> not clear how many parameters there are until we fail to get IpPermissions.n.IpProtocol + int nCount = 1; + do + { EC2IpPermission perm = new EC2IpPermission(); - String[] protocol = request.getParameterValues( "IpPermissions." + nCount + ".IpProtocol" ); - if ( null != protocol && 0 < protocol.length ) - perm.setProtocol( protocol[0] ); - else break; + String[] protocol = request.getParameterValues( "IpPermissions." + nCount + ".IpProtocol" ); + if ( null != protocol && 0 < protocol.length ) + perm.setProtocol( protocol[0] ); + else break; - String[] fromPort = request.getParameterValues( "IpPermissions." + nCount + ".FromPort" ); + String[] fromPort = request.getParameterValues( "IpPermissions." + nCount + ".FromPort" ); - if (null != fromPort && 0 < fromPort.length) perm.setProtocol( fromPort[0] ); + if ( null != fromPort && 0 < fromPort.length) + perm.setFromPort( Integer.parseInt( fromPort[0])); - String[] toPort = request.getParameterValues( "IpPermissions." + nCount + ".ToPort" ); + String[] toPort = request.getParameterValues( "IpPermissions." + nCount + ".ToPort" ); - if (null != toPort && 0 < toPort.length) perm.setProtocol( toPort[0] ); + if ( null != toPort && 0 < toPort.length) + perm.setToPort( Integer.parseInt( toPort[0])); - // -> list: IpPermissions.n.IpRanges.m.CidrIp - int mCount = 1; - do - { String[] ranges = request.getParameterValues( "IpPermissions." + nCount + ".IpRanges." + mCount + ".CidrIp" ); - if ( null != ranges && 0 < ranges.length) - perm.addIpRange( ranges[0] ); - else break; - mCount++; - - } while( true ); - - // -> list: IpPermissions.n.Groups.m.UserId and IpPermissions.n.Groups.m.GroupName - mCount = 1; - do - { String[] user = request.getParameterValues( "IpPermissions." + nCount + ".Groups." + mCount + ".UserId" ); - if ( null == user || 0 == user.length) break; - - String[] name = request.getParameterValues( "IpPermissions." + nCount + ".Groups." + mCount + ".GroupName" ); - if ( null == name || 0 == name.length) break; - - EC2SecurityGroup group = new EC2SecurityGroup(); - group.setAccount( user[0] ); - group.setName( name[0] ); - perm.addUser( group ); - mCount++; - - } while( true ); - - // -> multiple IP permissions can be specified per group name - EC2request.addIpPermission( perm ); - nCount++; - - } while( true ); - - if (1 == nCount) { response.sendError(530, "At least one IpPermissions required" ); return; } - - - // -> execute the request + // -> list: IpPermissions.n.IpRanges.m.CidrIp + int mCount = 1; + do + { String[] ranges = request.getParameterValues( "IpPermissions." + nCount + ".IpRanges." + mCount + ".CidrIp" ); + if ( null != ranges && 0 < ranges.length) + perm.addIpRange( ranges[0] ); + else break; + mCount++; + + } while( true ); + + // -> list: IpPermissions.n.Groups.m.UserId and IpPermissions.n.Groups.m.GroupName + mCount = 1; + do + { String[] user = request.getParameterValues( "IpPermissions." + nCount + ".Groups." + mCount + ".UserId" ); + if ( null == user || 0 == user.length) break; + + String[] name = request.getParameterValues( "IpPermissions." + nCount + ".Groups." + mCount + ".GroupName" ); + if ( null == name || 0 == name.length) break; + + EC2SecurityGroup group = new EC2SecurityGroup(); + group.setAccount( user[0] ); + group.setName( name[0] ); + perm.addUser( group ); + mCount++; + + } while( true ); + + // -> multiple IP permissions can be specified per group name + EC2request.addIpPermission( perm ); + nCount++; + + } while( true ); + + if (1 == nCount) { response.sendError(530, "At least one IpPermissions required" ); return; } + + + // -> execute the request AuthorizeSecurityGroupIngressResponse EC2response = EC2SoapServiceImpl.toAuthorizeSecurityGroupIngressResponse( - ServiceProvider.getInstance().getEC2Engine().authorizeSecurityGroup( EC2request )); + ServiceProvider.getInstance().getEC2Engine().authorizeSecurityGroup( EC2request )); serializeResponse(response, EC2response); } - + private void detachVolume( HttpServletRequest request, HttpServletResponse response ) - throws ADBException, XMLStreamException, IOException { - EC2Volume EC2request = new EC2Volume(); - + throws ADBException, XMLStreamException, IOException { + EC2Volume EC2request = new EC2Volume(); + String[] volumeId = request.getParameterValues( "VolumeId" ); - if ( null != volumeId && 0 < volumeId.length ) - EC2request.setId(volumeId[0]); - else { response.sendError(530, "Missing VolumeId parameter" ); return; } + if ( null != volumeId && 0 < volumeId.length ) + EC2request.setId(volumeId[0]); + else { response.sendError(530, "Missing VolumeId parameter" ); return; } String[] instanceId = request.getParameterValues( "InstanceId" ); if ( null != instanceId && 0 < instanceId.length ) @@@ -1654,113 -1670,109 +1675,109 @@@ * parameter to see if the signature has expired and if so the request fails. */ private boolean authenticateRequest( HttpServletRequest request, HttpServletResponse response ) - throws SignatureException, IOException, InstantiationException, IllegalAccessException, ClassNotFoundException, SQLException, ParseException - { - String cloudSecretKey = null; - String cloudAccessKey = null; - String signature = null; - String sigMethod = null; - - // [A] Basic parameters required for an authenticated rest request - // -> note that the Servlet engine will un-URL encode all parameters we extract via "getParameterValues()" calls + throws SignatureException, IOException, InstantiationException, IllegalAccessException, ClassNotFoundException, SQLException, ParseException + { + String cloudSecretKey = null; + String cloudAccessKey = null; + String signature = null; + String sigMethod = null; + + // [A] Basic parameters required for an authenticated rest request + // -> note that the Servlet engine will un-URL encode all parameters we extract via "getParameterValues()" calls String[] awsAccess = request.getParameterValues( "AWSAccessKeyId" ); - if ( null != awsAccess && 0 < awsAccess.length ) - cloudAccessKey = awsAccess[0]; - else { response.sendError(530, "Missing AWSAccessKeyId parameter" ); return false; } + if ( null != awsAccess && 0 < awsAccess.length ) + cloudAccessKey = awsAccess[0]; + else { response.sendError(530, "Missing AWSAccessKeyId parameter" ); return false; } String[] clientSig = request.getParameterValues( "Signature" ); - if ( null != clientSig && 0 < clientSig.length ) - signature = clientSig[0]; - else { response.sendError(530, "Missing Signature parameter" ); return false; } + if ( null != clientSig && 0 < clientSig.length ) + signature = clientSig[0]; + else { response.sendError(530, "Missing Signature parameter" ); return false; } String[] method = request.getParameterValues( "SignatureMethod" ); - if ( null != method && 0 < method.length ) - { - sigMethod = method[0]; - if (!sigMethod.equals( "HmacSHA256" ) && !sigMethod.equals( "HmacSHA1" )) { - response.sendError(531, "Unsupported SignatureMethod value: " + sigMethod + " expecting: HmacSHA256 or HmacSHA1" ); - return false; - } - } - else { response.sendError(530, "Missing SignatureMethod parameter" ); return false; } + if ( null != method && 0 < method.length ) + { + sigMethod = method[0]; + if (!sigMethod.equals( "HmacSHA256" ) && !sigMethod.equals( "HmacSHA1" )) { + response.sendError(531, "Unsupported SignatureMethod value: " + sigMethod + " expecting: HmacSHA256 or HmacSHA1" ); + return false; + } + } + else { response.sendError(530, "Missing SignatureMethod parameter" ); return false; } String[] version = request.getParameterValues( "Version" ); - if ( null != version && 0 < version.length ) - { - if (!version[0].equals( wsdlVersion )) { - response.sendError(531, "Unsupported Version value: " + version[0] + " expecting: " + wsdlVersion ); - return false; - } - } - else { response.sendError(530, "Missing Version parameter" ); return false; } + if ( null != version && 0 < version.length ) + { + if (!version[0].equals( wsdlVersion )) { + response.sendError(531, "Unsupported Version value: " + version[0] + " expecting: " + wsdlVersion ); + return false; + } + } + else { response.sendError(530, "Missing Version parameter" ); return false; } String[] sigVersion = request.getParameterValues( "SignatureVersion" ); - if ( null != sigVersion && 0 < sigVersion.length ) - { - if (!sigVersion[0].equals( "2" )) { - response.sendError(531, "Unsupported SignatureVersion value: " + sigVersion[0] + " expecting: 2" ); - return false; - } - } - else { response.sendError(530, "Missing SignatureVersion parameter" ); return false; } - - // -> can have only one but not both { Expires | Timestamp } headers + if ( null != sigVersion && 0 < sigVersion.length ) + { + if (!sigVersion[0].equals( "2" )) { + response.sendError(531, "Unsupported SignatureVersion value: " + sigVersion[0] + " expecting: 2" ); + return false; + } + } + else { response.sendError(530, "Missing SignatureVersion parameter" ); return false; } + + // -> can have only one but not both { Expires | Timestamp } headers String[] expires = request.getParameterValues( "Expires" ); - if ( null != expires && 0 < expires.length ) - { - // -> contains the date and time at which the signature included in the request EXPIRES - if (hasSignatureExpired( expires[0] )) { - response.sendError(531, "Expires parameter indicates signature has expired: " + expires[0] ); - return false; - } - } - else - { // -> contains the date and time at which the request is SIGNED - String[] time = request.getParameterValues( "Timestamp" ); - if ( null == time || 0 == time.length ) { - response.sendError(530, "Missing Timestamp and Expires parameter, one is required" ); - return false; - } - } - + if ( null != expires && 0 < expires.length ) + { + // -> contains the date and time at which the signature included in the request EXPIRES + if (hasSignatureExpired( expires[0] )) { + response.sendError(531, "Expires parameter indicates signature has expired: " + expires[0] ); + return false; + } + } + else + { // -> contains the date and time at which the request is SIGNED + String[] time = request.getParameterValues( "Timestamp" ); + if ( null == time || 0 == time.length ) { + response.sendError(530, "Missing Timestamp and Expires parameter, one is required" ); + return false; + } + } + - // [B] Use the cloudAccessKey to get the users secret key in the db - UserCredentialsVO cloudKeys = ucDao.getByAccessKey( cloudAccessKey ); - - if ( null == cloudKeys ) - { - logger.debug( cloudAccessKey + " is not defined in the EC2 service - call SetUserKeys" ); - response.sendError(404, cloudAccessKey + " is not defined in the EC2 service - call SetUserKeys" ); - return false; + // [B] Use the access key to get the users secret key from the cloud DB + cloudSecretKey = userDao.getSecretKeyByAccessKey( cloudAccessKey ); + if ( cloudSecretKey == null ) { + logger.debug("No Secret key found for Access key '" + cloudAccessKey + "' in the the EC2 service"); + throw new EC2ServiceException( ClientError.AuthFailure, "No Secret key found for Access key '" + cloudAccessKey + + "' in the the EC2 service" ); } - else cloudSecretKey = cloudKeys.getSecretKey(); - - // [C] Verify the signature - // -> getting the query-string in this way maintains its URL encoding - EC2RestAuth restAuth = new EC2RestAuth(); - restAuth.setHostHeader( request.getHeader( "Host" )); - String requestUri = request.getRequestURI(); - - // If forwarded from another basepath: - String forwardedPath = (String) request.getAttribute("javax.servlet.forward.request_uri"); - if(forwardedPath!=null){ - requestUri=forwardedPath; - } - restAuth.setHTTPRequestURI( requestUri); - - String queryString = request.getQueryString(); - // getQueryString returns null (does it ever NOT return null for these), - // we need to construct queryString to avoid changing the auth code... - if (queryString == null) { - // construct our idea of a queryString with parameters! - Enumeration<?> params = request.getParameterNames(); - if (params != null) { + // [C] Verify the signature + // -> getting the query-string in this way maintains its URL encoding + EC2RestAuth restAuth = new EC2RestAuth(); + restAuth.setHostHeader( request.getHeader( "Host" )); + String requestUri = request.getRequestURI(); + + // If forwarded from another basepath: + String forwardedPath = (String) request.getAttribute("javax.servlet.forward.request_uri"); + if(forwardedPath!=null){ + requestUri=forwardedPath; + } + restAuth.setHTTPRequestURI( requestUri); + + String queryString = request.getQueryString(); + // getQueryString returns null (does it ever NOT return null for these), + // we need to construct queryString to avoid changing the auth code... + if (queryString == null) { + // construct our idea of a queryString with parameters! + Enumeration<?> params = request.getParameterNames(); + if (params != null) { while(params.hasMoreElements()) { String paramName = (String) params.nextElement(); // exclude the signature string obviously. ;) if (paramName.equalsIgnoreCase("Signature")) continue; - if (queryString == null) + if (queryString == null) - queryString = paramName + "=" + request.getParameter(paramName); + queryString = paramName + "=" + URLEncoder.encode(request.getParameter(paramName), "UTF-8"); else queryString = queryString + "&" + paramName + "=" + URLEncoder.encode(request.getParameter(paramName), "UTF-8"); }
