Repository: cloudstack Updated Branches: refs/heads/4.4-forward f447a2c38 -> a7dd5aae5
CLOUDSTACK-6628:[Automation] Create PF rulw API failing with error "database id can only provided by VO objects". Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a7dd5aae Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a7dd5aae Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a7dd5aae Branch: refs/heads/4.4-forward Commit: a7dd5aae55c1f6059aea324760f2800537f5d294 Parents: f447a2c Author: Min Chen <min.c...@citrix.com> Authored: Fri May 9 18:24:54 2014 -0700 Committer: Min Chen <min.c...@citrix.com> Committed: Fri May 9 18:24:54 2014 -0700 ---------------------------------------------------------------------- .../command/user/firewall/CreatePortForwardingRuleCmd.java | 7 ++++++- server/src/com/cloud/network/rules/RulesManagerImpl.java | 5 +++-- 2 files changed, 9 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a7dd5aae/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java index f18767e..91146ac 100644 --- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java @@ -19,8 +19,11 @@ package org.apache.cloudstack.api.command.user.firewall; import java.util.List; import org.apache.log4j.Logger; +import org.bouncycastle.util.IPAddress; import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.acl.SecurityChecker.AccessType; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; import org.apache.cloudstack.api.ApiConstants; @@ -48,7 +51,7 @@ import com.cloud.utils.net.NetUtils; import com.cloud.vm.VirtualMachine; @APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class, entityType = {FirewallRule.class, - VirtualMachine.class}, + VirtualMachine.class, IPAddress.class}, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false) public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule { public static final Logger s_logger = Logger.getLogger(CreatePortForwardingRuleCmd.class.getName()); @@ -59,6 +62,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P // ////////////// API parameters ///////////////////// // /////////////////////////////////////////////////// + @ACL(accessType = AccessType.OperateEntry) @Parameter(name = ApiConstants.IP_ADDRESS_ID, type = CommandType.UUID, entityType = IPAddressResponse.class, @@ -96,6 +100,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P description = "the ending port of port forwarding rule's private port range") private Integer publicEndPort; + @ACL(accessType = AccessType.OperateEntry) @Parameter(name = ApiConstants.VIRTUAL_MACHINE_ID, type = CommandType.UUID, entityType = UserVmResponse.class, http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a7dd5aae/server/src/com/cloud/network/rules/RulesManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 573c820..f6a87bf 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -195,6 +195,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules throw new InvalidParameterValueException("Invalid user vm: " + userVm.getId()); } + // This same owner check is actually not needed, since multiple entities OperateEntry trick guarantee that if (rule.getAccountId() != userVm.getAccountId()) { throw new InvalidParameterValueException("New rule " + rule + " and vm id=" + userVm.getId() + " belong to different accounts"); } @@ -267,8 +268,8 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules if (vm == null) { throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ")."); - } else { - checkRuleAndUserVm(rule, vm, caller); + } else if (vm.getState() == VirtualMachine.State.Destroyed || vm.getState() == VirtualMachine.State.Expunging) { + throw new InvalidParameterValueException("Invalid user vm: " + vm.getId()); } // Verify that vm has nic in the network
