Address public IP limit validations

Author: winterhazel

engine/schema/src/main/java/com/cloud/dc/dao/AccountVlanMapDao.java

@@ -27,6 +27,6 @@ public interface AccountVlanMapDao extends GenericDao<AccountVlanMapVO, Long> {
 
     public List<AccountVlanMapVO> listAccountVlanMapsByVlan(long vlanDbId);
 
-    public AccountVlanMapVO findAccountVlanMap(long accountId, long vlanDbId);
+    public AccountVlanMapVO findAccountVlanMap(Long accountId, long vlanDbId);
 
 }

engine/schema/src/main/java/com/cloud/dc/dao/AccountVlanMapDaoImpl.java

@@ -48,9 +48,9 @@ public List<AccountVlanMapVO> listAccountVlanMapsByVlan(long vlanDbId) {
     }
 
     @Override
-    public AccountVlanMapVO findAccountVlanMap(long accountId, long vlanDbId) {
+    public AccountVlanMapVO findAccountVlanMap(Long accountId, long vlanDbId) {
         SearchCriteria<AccountVlanMapVO> sc = AccountVlanSearch.create();
-        sc.setParameters("accountId", accountId);
+        sc.setParametersIfNotNull("accountId", accountId);
         sc.setParameters("vlanDbId", vlanDbId);
         return findOneIncludingRemovedBy(sc);
     }

engine/schema/src/main/java/com/cloud/dc/dao/DomainVlanMapDao.java

@@ -24,5 +24,5 @@
 public interface DomainVlanMapDao extends GenericDao<DomainVlanMapVO, Long> {
     public List<DomainVlanMapVO> listDomainVlanMapsByDomain(long domainId);
     public List<DomainVlanMapVO> listDomainVlanMapsByVlan(long vlanDbId);
-    public DomainVlanMapVO findDomainVlanMap(long domainId, long vlanDbId);
+    public DomainVlanMapVO findDomainVlanMap(Long domainId, long vlanDbId);
 }

engine/schema/src/main/java/com/cloud/dc/dao/DomainVlanMapDaoImpl.java

@@ -46,9 +46,9 @@ public List<DomainVlanMapVO> listDomainVlanMapsByVlan(long vlanDbId) {
     }
 
     @Override
-    public DomainVlanMapVO findDomainVlanMap(long domainId, long vlanDbId) {
+    public DomainVlanMapVO findDomainVlanMap(Long domainId, long vlanDbId) {
         SearchCriteria<DomainVlanMapVO> sc = DomainVlanSearch.create();
-        sc.setParameters("domainId", domainId);
+        sc.setParametersIfNotNull("domainId", domainId);
         sc.setParameters("vlanDbId", vlanDbId);
         return findOneIncludingRemovedBy(sc);
     }

server/src/main/java/com/cloud/api/ApiDBUtils.java

@@ -2291,6 +2291,10 @@ public static boolean isAdmin(Account account) {
         return s_accountService.isAdmin(account.getId());
     }
 
+    public static Account getSystemAccount() {
+        return s_accountService.getSystemAccount();
+    }
+
     public static List<ResourceTagJoinVO> listResourceTagViewByResourceUUID(String resourceUUID, ResourceObjectType resourceType) {
         return s_tagJoinDao.listBy(resourceUUID, resourceType);
     }

server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java

@@ -41,6 +41,7 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+import com.cloud.resourcelimit.CheckedReservation;
 import org.apache.cloudstack.acl.ControlledEntity.ACLType;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.alert.AlertService;
@@ -76,6 +77,7 @@
 import org.apache.cloudstack.network.RoutedIpv4Manager;
 import org.apache.cloudstack.network.dao.NetworkPermissionDao;
 import org.apache.cloudstack.network.element.InternalLoadBalancerElementService;
+import org.apache.cloudstack.reservation.dao.ReservationDao;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang3.BooleanUtils;
@@ -335,6 +337,8 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
     @Inject
     ResourceLimitService _resourceLimitMgr;
     @Inject
+    ReservationDao reservationDao;
+    @Inject
     DomainManager _domainMgr;
     @Inject
     ProjectManager _projectMgr;
@@ -1152,15 +1156,10 @@ public IpAddress reserveIpAddress(Account account, Boolean displayIp, Long ipAdd
         if (ipDedicatedAccountId != null && !ipDedicatedAccountId.equals(account.getAccountId())) {
             throw new InvalidParameterValueException("Unable to reserve a IP because it is dedicated to another account.");
         }
-        if (ipDedicatedAccountId == null) {
-            // Check that the maximum number of public IPs for the given accountId will not be exceeded
-            try {
-                _resourceLimitMgr.checkResourceLimit(account, Resource.ResourceType.public_ip);
-            } catch (ResourceAllocationException ex) {
-                logger.warn("Failed to allocate resource of type " + ex.getResourceType() + " for account " + account);
-                throw new AccountLimitException("Maximum number of public IP addresses for account: " + account.getAccountName() + " has been exceeded.");
-            }
-        }
+
+        long reservedIpAddressesAmount = ipDedicatedAccountId == null ? 1L : 0L;
+        try (CheckedReservation publicIpAddressReservation = new CheckedReservation(account, Resource.ResourceType.public_ip, reservedIpAddressesAmount, reservationDao, _resourceLimitMgr)) {
+
         List<AccountVlanMapVO> maps = _accountVlanMapDao.listAccountVlanMapsByVlan(ipVO.getVlanId());
         ipVO.setAllocatedTime(new Date());
         ipVO.setAllocatedToAccountId(account.getAccountId());
@@ -1170,10 +1169,15 @@ public IpAddress reserveIpAddress(Account account, Boolean displayIp, Long ipAdd
             ipVO.setDisplay(displayIp);
         }
         ipVO = _ipAddressDao.persist(ipVO);
-        if (ipDedicatedAccountId == null) {
+        if (reservedIpAddressesAmount > 0) {
             _resourceLimitMgr.incrementResourceCount(account.getId(), Resource.ResourceType.public_ip);
         }
         return ipVO;
+
+        } catch (ResourceAllocationException ex) {
+            logger.warn("Failed to allocate resource of type " + ex.getResourceType() + " for account " + account);
+            throw new AccountLimitException("Maximum number of public IP addresses for account: " + account.getAccountName() + " has been exceeded.");
+        }
     }
 
     @Override

server/src/main/java/com/cloud/network/NetworkServiceImpl.java

@@ -23,6 +23,7 @@
 import java.util.Objects;
 import java.util.stream.Collectors;
 
+import com.cloud.api.ApiDBUtils;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.reservation.ReservationVO;
 import org.apache.cloudstack.reservation.dao.ReservationDao;
@@ -146,6 +147,11 @@ public CheckedReservation(Account account, Long domainId, ResourceType resourceT
 
         this.reservationDao = reservationDao;
         this.resourceLimitService = resourceLimitService;
+
+        // When allocating to a domain instead of a specific account, consider the system account as the owner for the validations here.
+        if (account == null) {
+            account = ApiDBUtils.getSystemAccount();
+        }
         this.account = account;
 
         if (domainId == null) {