Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 6334F200D37 for ; Thu, 9 Nov 2017 07:42:01 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 58975160C02; Thu, 9 Nov 2017 06:42:01 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 9F1541609E5 for ; Thu, 9 Nov 2017 07:42:00 +0100 (CET) Received: (qmail 17963 invoked by uid 500); 9 Nov 2017 06:41:59 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 17954 invoked by uid 99); 9 Nov 2017 06:41:59 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Nov 2017 06:41:59 +0000 From: GitBox To: commits@cloudstack.apache.org Subject: [GitHub] nitin-maharana commented on a change in pull request #2048: CLOUDSTACK-9880: Expansion of Management IP Range. Message-ID: <151020971907.6877.1168309651872345347.gitbox@gitbox.apache.org> archived-at: Thu, 09 Nov 2017 06:42:01 -0000 nitin-maharana commented on a change in pull request #2048: CLOUDSTACK-9880: Expansion of Management IP Range. URL: https://github.com/apache/cloudstack/pull/2048#discussion_r149877368 ########## File path: server/src/com/cloud/configuration/ConfigurationManagerImpl.java ########## @@ -1097,8 +1095,243 @@ public void doInTransactionWithoutResult(final TransactionStatus status) { } @Override + @DB + public Pod createPodIpRange(final CreateManagementNetworkIpRangeCmd cmd) { + + //Check if calling account is root admin. + final Account account = CallContext.current().getCallingAccount(); + + if(!_accountMgr.isRootAdmin(account.getId())) { + throw new PermissionDeniedException("Cannot perform this operation, Calling account is not root admin: " + account.getId()); + } + + final long podId = cmd.getPodId(); + final String gateway = cmd.getGateWay(); + final String netmask = cmd.getNetmask(); + final String startIp = cmd.getStartIp(); + String endIp = cmd.getEndIp(); + + final HostPodVO pod = _podDao.findById(podId); + + if(pod == null) { + throw new InvalidParameterValueException("Unable to find pod by ID: " + podId); + } + + final long zoneId = pod.getDataCenterId(); + + //Check if gateway is a valid IP address. + if(!NetUtils.isValidIp(gateway)) { + throw new InvalidParameterValueException("The gateway IP address is invalid."); + } + + //Check if netmask is valid. + if(!NetUtils.isValidNetmask(netmask)) { + throw new InvalidParameterValueException("The netmask IP address is invalid."); + } + + if(endIp == null) { + endIp = startIp; + } + + final String cidr = NetUtils.ipAndNetMaskToCidr(gateway, netmask); + + if(!NetUtils.isValidCIDR(cidr)) { + throw new InvalidParameterValueException("The CIDR is invalid " + cidr); + } + + final String cidrAddress = pod.getCidrAddress(); + final long cidrSize = pod.getCidrSize(); + + // Because each pod has only one Gateway and Netmask. + if (!gateway.equals(pod.getGateway())) { + throw new InvalidParameterValueException("Multiple gateways for the POD: " + pod.getId() + " are not allowed. The Gateway should be same as the existing Gateway " + pod.getGateway()); + } + + if (!netmask.equals(NetUtils.getCidrNetmask(cidrSize))) { + throw new InvalidParameterValueException("Multiple subnets for the POD: " + pod.getId() + " are not allowed. The Netmask should be same as the existing Netmask " + NetUtils.getCidrNetmask(cidrSize)); + } + + // Check if the IP range is valid. + checkIpRange(startIp, endIp, cidrAddress, cidrSize); + + // Check if the IP range overlaps with the public ip. + checkOverlapPublicIpRange(zoneId, startIp, endIp); + + // Check if the gateway is in the CIDR subnet + if (!NetUtils.getCidrSubNet(gateway, cidrSize).equalsIgnoreCase(NetUtils.getCidrSubNet(cidrAddress, cidrSize))) { + throw new InvalidParameterValueException("The gateway is not in the CIDR subnet."); + } + + if (NetUtils.ipRangesOverlap(startIp, endIp, gateway, gateway)) { + throw new InvalidParameterValueException("The gateway shouldn't overlap start/end ip addresses"); + } + + final String[] existingPodIpRanges = pod.getDescription().split(","); + + for(String podIpRange: existingPodIpRanges) { + final String[] existingPodIpRange = podIpRange.split("-"); + + if (existingPodIpRange.length > 1) { + if (!NetUtils.isValidIp(existingPodIpRange[0]) || !NetUtils.isValidIp(existingPodIpRange[1])) { + continue; + } + // Check if the range overlaps with any existing range. + if (NetUtils.ipRangesOverlap(startIp, endIp, existingPodIpRange[0], existingPodIpRange[1])) { + throw new InvalidParameterValueException("The new range overlaps with existing range. Please add a mutually exclusive range."); + } + } + } + + try { Review comment: @rhtyd, I am not getting how can we modify our case with try-with-resources statement. Can you suggest the change? Basically we need to release the lock (_podDao.releaseFromLockTable(podId)). Btw, Do you think there is any advantage of using try-with-resources statement instead of try-finally? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: users@infra.apache.org With regards, Apache Git Services