[jira] [Commented] (CLOUDSTACK-9694) Unable to limit the Public IPs in VPC

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9694?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15767809#comment-15767809
 ] 

ASF GitHub Bot commented on CLOUDSTACK-9694:
--------------------------------------------

GitHub user sudhansu7 opened a pull request:

    https://github.com/apache/cloudstack/pull/1850

    CLOUDSTACK-9694: Unable to limit the Public IPs in VPC

    
    
    Unable to limit the Public IPs in VPC.
    In VPC network, while acquiring the IP addresses, in the resource_count 
table, count for the domain is getting increased. However, when the resource 
count is updated at Domain level, resource count is getting reverted to only 
non-vpc ip count.
    
    Steps to Reproduce:
    
    1. Create a VPC
    2. Create a VPC tier.
    3. Check resource_count table and note the ip address count. (say 1)
    4. Keep acquiring the IP addresses, (say 4 IP addresses). Now new ip 
address count resource_count table is 5.
    5. update the resource count at domain level.
    6. the resource_count is updated back 1
    
    Root Cause: Update resource count command recalculates the resource count. 
While computing public IP we are not considering the ips allocated to VPC.
    
    ResourceLimitManagerImpl.java -> calculatePublicIpForAccount() -> 
IPAddressDaoImpl.countAllocatedIPsForAccount()
    
    Currently we have below query builder. Which does not consider vpc_id 
column.
    ```
            AllocatedIpCountForAccount = createSearchBuilder(Long.class);
            AllocatedIpCountForAccount.select(null, Func.COUNT, 
AllocatedIpCountForAccount.entity().getAddress());
            AllocatedIpCountForAccount.and("account", 
AllocatedIpCountForAccount.entity().getAllocatedToAccountId(), Op.EQ);
            AllocatedIpCountForAccount.and("allocated", 
AllocatedIpCountForAccount.entity().getAllocatedTime(), Op.NNULL);
            AllocatedIpCountForAccount.and("network", 
AllocatedIpCountForAccount.entity().getAssociatedWithNetworkId(), Op.NNULL);
            AllocatedIpCountForAccount.done();
    ```
    it generates below sql query
    ```
    SELECT COUNT(user_ip_address.public_ip_address) FROM user_ip_address WHERE 
user_ip_address.account_id = 6  AND user_ip_address.allocated IS NOT NULL  AND 
user_ip_address.network_id IS NOT NULL  AND user_ip_address.removed IS NULL
    ```
    Fix:
    Add vpc_id check in query.
    ```
            AllocatedIpCountForAccount = createSearchBuilder(Long.class);
            AllocatedIpCountForAccount.select(null, Func.COUNT, 
AllocatedIpCountForAccount.entity().getAddress());
            AllocatedIpCountForAccount.and("account", 
AllocatedIpCountForAccount.entity().getAllocatedToAccountId(), Op.EQ);
            AllocatedIpCountForAccount.and("allocated", 
AllocatedIpCountForAccount.entity().getAllocatedTime(), Op.NNULL);
            AllocatedIpCountForAccount.and().op("network", 
AllocatedIpCountForAccount.entity().getAssociatedWithNetworkId(), Op.NNULL);
            AllocatedIpCountForAccount.or("vpc", 
AllocatedIpCountForAccount.entity().getVpcId(), Op.NNULL);
            AllocatedIpCountForAccount.cp();
            AllocatedIpCountForAccount.done();
    ```
    SQL:
    ```
    SELECT COUNT(user_ip_address.public_ip_address) FROM user_ip_address WHERE 
user_ip_address.account_id = 6  AND user_ip_address.allocated IS NOT NULL  AND 
( user_ip_address.network_id IS NOT NULL or user_ip_address.vpc_id IS NOT NULL) 
AND user_ip_address.removed IS NULL
    ```


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/sudhansu7/cloudstack CLOUDSTACK-9694

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/1850.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1850
    
----
commit 24837f655033583388bb608f63039f8e341c16d3
Author: Sudhansu <sudhansu.s...@accelerite.com>
Date:   2016-12-21T18:24:01Z

    CLOUDSTACK-9694: Unable to limit the Public IPs in VPC
    
    Added missing clause to check for vpc_id

----


> Unable to limit the Public IPs in VPC
> -------------------------------------
>
>                 Key: CLOUDSTACK-9694
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9694
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server
>    Affects Versions: 4.9.0
>            Reporter: Sudhansu Sahu
>            Assignee: Sudhansu Sahu
>
> Unable to limit the Public IPs in VPC.
> In VPC network, while acquiring the IP addresses, in the resource_count 
> table, count for the domain is getting increased. However, when the resource 
> count is updated at Domain level, resource count is getting reverted to only 
> non-vpc ip count.
> Steps to Reproduce:
> 1. Create a VPC
> 2. Create a VPC tier.
> 3. Check resource_count table and note the ip address count. (say 1) 
> 4. Keep acquiring the IP addresses, (say 4 IP addresses). Now new ip address 
> count resource_count table is 5.
> 5. update the resource count at domain level.
> 6. the resource_count is updated back 1



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)