Skip to content

Commit daadc45

Browse files
minchen07minchen07
committed
CLOUDSTACK-6628:[Automation] Create PF rulw API failing with error
"database id can only provided by VO objects".
1 parent 5c3858b commit daadc45

2 files changed

Lines changed: 9 additions & 3 deletions

File tree

api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,11 @@
1919
import java.util.List;
2020

2121
import org.apache.log4j.Logger;
22+
import org.bouncycastle.util.IPAddress;
2223

2324
import org.apache.cloudstack.acl.RoleType;
25+
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
26+
import org.apache.cloudstack.api.ACL;
2427
import org.apache.cloudstack.api.APICommand;
2528
import org.apache.cloudstack.api.ApiCommandJobType;
2629
import org.apache.cloudstack.api.ApiConstants;
@@ -48,7 +51,7 @@
4851
import com.cloud.vm.VirtualMachine;
4952

5053
@APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class, entityType = {FirewallRule.class,
51-
VirtualMachine.class},
54+
VirtualMachine.class, IPAddress.class},
5255
requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
5356
public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule {
5457
public static final Logger s_logger = Logger.getLogger(CreatePortForwardingRuleCmd.class.getName());
@@ -59,6 +62,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
5962
// ////////////// API parameters /////////////////////
6063
// ///////////////////////////////////////////////////
6164

65+
@ACL(accessType = AccessType.OperateEntry)
6266
@Parameter(name = ApiConstants.IP_ADDRESS_ID,
6367
type = CommandType.UUID,
6468
entityType = IPAddressResponse.class,
@@ -96,6 +100,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
96100
description = "the ending port of port forwarding rule's private port range")
97101
private Integer publicEndPort;
98102

103+
@ACL(accessType = AccessType.OperateEntry)
99104
@Parameter(name = ApiConstants.VIRTUAL_MACHINE_ID,
100105
type = CommandType.UUID,
101106
entityType = UserVmResponse.class,

server/src/com/cloud/network/rules/RulesManagerImpl.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -195,6 +195,7 @@ public void checkRuleAndUserVm(FirewallRule rule, UserVm userVm, Account caller)
195195
throw new InvalidParameterValueException("Invalid user vm: " + userVm.getId());
196196
}
197197

198+
// This same owner check is actually not needed, since multiple entities OperateEntry trick guarantee that
198199
if (rule.getAccountId() != userVm.getAccountId()) {
199200
throw new InvalidParameterValueException("New rule " + rule + " and vm id=" + userVm.getId() + " belong to different accounts");
200201
}
@@ -267,8 +268,8 @@ public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule
267268
if (vm == null) {
268269
throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" +
269270
vmId + ").");
270-
} else {
271-
checkRuleAndUserVm(rule, vm, caller);
271+
} else if (vm.getState() == VirtualMachine.State.Destroyed || vm.getState() == VirtualMachine.State.Expunging) {
272+
throw new InvalidParameterValueException("Invalid user vm: " + vm.getId());
272273
}
273274

274275
// Verify that vm has nic in the network

0 commit comments

Comments
 (0)