apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug 6361: this is a good point to commit; 1st round of refactor is done, code is clean compiling and ms is deploying

Browse Source
This commit is contained in:
abhishek 2010-12-15 18:45:52 -08:00
parent 032f321363
commit 5154ba1539
65 changed files with 961 additions and 969 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
View File

@ -109,8 +109,8 @@ import com.cloud.agent.api.MirrorCommand;
import com.cloud.agent.api.ModifySshKeysCommand;
import com.cloud.agent.api.ModifyStoragePoolAnswer;
import com.cloud.agent.api.ModifyStoragePoolCommand;
import com.cloud.agent.api.NetworkIngressRuleAnswer;
import com.cloud.agent.api.NetworkIngressRulesCmd;
import com.cloud.agent.api.SecurityIngressRuleAnswer;
import com.cloud.agent.api.SecurityIngressRulesCmd;
import com.cloud.agent.api.PingCommand;
import com.cloud.agent.api.PingRoutingCommand;
import com.cloud.agent.api.PingTestCommand;
@ -1094,8 +1094,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
return execute((CreatePrivateTemplateFromSnapshotCommand) cmd);
} else if (cmd instanceof ModifyStoragePoolCommand) {
return execute((ModifyStoragePoolCommand) cmd);
} else if (cmd instanceof NetworkIngressRulesCmd) {
return execute((NetworkIngressRulesCmd) cmd);
} else if (cmd instanceof SecurityIngressRulesCmd) {
return execute((SecurityIngressRulesCmd) cmd);
} else if (cmd instanceof DeleteStoragePoolCommand) {
return execute((DeleteStoragePoolCommand) cmd);
} else if (cmd instanceof FenceCommand ) {
@ -1777,8 +1777,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
}
return answer;
}
private Answer execute(NetworkIngressRulesCmd cmd) {
return new NetworkIngressRuleAnswer(cmd);
private Answer execute(SecurityIngressRulesCmd cmd) {
return new SecurityIngressRuleAnswer(cmd);
}
protected GetVncPortAnswer execute(GetVncPortCommand cmd) {

6
api/src/com/cloud/api/ApiConstants.java
View File

@ -100,8 +100,6 @@ public class ApiConstants {
public static final String MODE = "mode";
public static final String NAME = "name";
public static final String NETWORK_DOMAIN = "networkdomain";
public static final String NETWORK_GROUP_LIST = "networkgrouplist";
public static final String NETWORK_GROUP_NAME = "networkgroupname";
public static final String NETMASK = "netmask";
public static final String NEW_NAME = "newname";
public static final String OFFER_HA = "offerha";
@ -127,6 +125,8 @@ public class ApiConstants {
public static final String SCHEDULE = "schedule";
public static final String SCOPE = "scope";
public static final String SECRET_KEY = "secretkey";
public static final String SECURITY_GROUP_LIST = "securitygrouplist";
public static final String SECURITY_GROUP_NAME = "securitygroupname";
public static final String SENT = "sent";
public static final String SENT_BYTES = "sentbytes";
public static final String SERVICE_OFFERING_ID = "serviceofferingid";
@ -151,7 +151,7 @@ public class ApiConstants {
public static final String USER_DATA = "userdata";
public static final String USER_ID = "userid";
public static final String USERNAME = "username";
public static final String USER_NETWORK_GROUP_LIST = "usernetworkgrouplist";
public static final String USER_SECURITY_GROUP_LIST = "usersecuritygrouplist";
public static final String USE_VIRTUAL_NETWORK = "usevirtualnetwork";
public static final String VALUE = "value";
public static final String VIRTUAL_MACHINE_ID = "virtualmachineid";

6
api/src/com/cloud/api/BaseCmd.java
View File

@ -38,7 +38,7 @@ import com.cloud.network.DomainRouterService;
import com.cloud.network.NetworkService;
import com.cloud.network.lb.LoadBalancingRulesService;
import com.cloud.network.rules.RulesService;
import com.cloud.network.security.NetworkGroupService;
import com.cloud.network.security.SecurityGroupService;
import com.cloud.resource.ResourceService;
import com.cloud.server.ManagementService;
import com.cloud.storage.StorageService;
@ -96,7 +96,7 @@ public abstract class BaseCmd {
public static ResourceService _resourceService;
public static NetworkService _networkService;
public static TemplateService _templateService;
public static NetworkGroupService _networkGroupMgr;
public static SecurityGroupService _securityGroupMgr;
public static SnapshotService _snapshotMgr;
public static ConsoleProxyService _consoleProxyMgr;
public static DomainRouterService _routerService;
@ -116,7 +116,7 @@ public abstract class BaseCmd {
_resourceService = locator.getManager(ResourceService.class);
_networkService = locator.getManager(NetworkService.class);
_templateService = locator.getManager(TemplateService.class);
_networkGroupMgr = locator.getManager(NetworkGroupService.class);
_securityGroupMgr = locator.getManager(SecurityGroupService.class);
_snapshotMgr = locator.getManager(SnapshotService.class);
_consoleProxyMgr = locator.getManager(ConsoleProxyService.class);
_routerService = locator.getManager(DomainRouterService.class);

12
api/src/com/cloud/api/ResponseGenerator.java
View File

@ -40,7 +40,7 @@ import com.cloud.api.response.InstanceGroupResponse;
import com.cloud.api.response.IpForwardingRuleResponse;
import com.cloud.api.response.ListResponse;
import com.cloud.api.response.LoadBalancerResponse;
import com.cloud.api.response.NetworkGroupResponse;
import com.cloud.api.response.SecurityGroupResponse;
import com.cloud.api.response.NetworkOfferingResponse;
import com.cloud.api.response.NetworkResponse;
import com.cloud.api.response.PodResponse;
@ -78,8 +78,8 @@ import com.cloud.network.router.VirtualRouter;
import com.cloud.network.rules.LoadBalancer;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.security.IngressRule;
import com.cloud.network.security.NetworkGroup;
import com.cloud.network.security.NetworkGroupRules;
import com.cloud.network.security.SecurityGroup;
import com.cloud.network.security.SecurityGroupRules;
import com.cloud.offering.DiskOffering;
import com.cloud.offering.NetworkOffering;
import com.cloud.offering.ServiceOffering;
@ -171,11 +171,11 @@ public interface ResponseGenerator {
ListResponse<TemplateResponse> createIsoResponses(VirtualMachineTemplate template, Long zoneId);
ListResponse<NetworkGroupResponse> createNetworkGroupResponses(List<? extends NetworkGroupRules> networkGroups);
ListResponse<SecurityGroupResponse> createSecurityGroupResponses(List<? extends SecurityGroupRules> networkGroups);
NetworkGroupResponse createNetworkGroupResponseFromIngressRule(List<? extends IngressRule> ingressRules);
SecurityGroupResponse createSecurityGroupResponseFromIngressRule(List<? extends IngressRule> ingressRules);
NetworkGroupResponse createNetworkGroupResponse(NetworkGroup group);
SecurityGroupResponse createSecurityGroupResponse(SecurityGroup group);
ExtractResponse createExtractResponse(Long uploadId, Long id, Long zoneId, Long accountId, String mode);

40
api/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java → api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java
View File

@ -33,7 +33,7 @@ import com.cloud.api.Implementation;
import com.cloud.api.Parameter;
import com.cloud.api.ServerApiException;
import com.cloud.api.response.IngressRuleResponse;
import com.cloud.api.response.NetworkGroupResponse;
import com.cloud.api.response.SecurityGroupResponse;
import com.cloud.event.EventTypes;
import com.cloud.network.security.IngressRule;
import com.cloud.user.Account;
@ -42,10 +42,10 @@ import com.cloud.utils.StringUtils;
//FIXME - add description
@Implementation(responseObject=IngressRuleResponse.class) @SuppressWarnings("rawtypes")
public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AuthorizeNetworkGroupIngressCmd.class.getName());
public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName());
private static final String s_name = "authorizenetworkgroupingress";
private static final String s_name = "authorizesecuritygroupingress";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -71,16 +71,16 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
private Integer icmpCode;
//FIXME - add description
@Parameter(name=ApiConstants.NETWORK_GROUP_NAME, type=CommandType.STRING, required=true)
private String networkGroupName;
@Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, required=true)
private String securityGroupName;
//FIXME - add description
@Parameter(name=ApiConstants.CIDR_LIST, type=CommandType.LIST, collectionType=CommandType.STRING)
private List cidrList;
//FIXME - add description
@Parameter(name=ApiConstants.USER_NETWORK_GROUP_LIST, type=CommandType.MAP)
private Map userNetworkGroupList;
@Parameter(name=ApiConstants.USER_SECURITY_GROUP_LIST, type=CommandType.MAP)
private Map userSecurityGroupList;
//FIXME - add description
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING)
@ -119,8 +119,8 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
return icmpType;
}
public String getNetworkGroupName() {
return networkGroupName;
public String getSecurityGroupName() {
return securityGroupName;
}
public String getProtocol() {
@ -134,8 +134,8 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
return startPort;
}
public Map getUserNetworkGroupList() {
return userNetworkGroupList;
public Map getUserSecurityGroupList() {
return userSecurityGroupList;
}
@ -149,7 +149,7 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
}
public static String getResultObjectName() {
return "networkgroup";
return "securitygroup";
}
@Override
@ -173,15 +173,15 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
@Override
public String getEventType() {
return EventTypes.EVENT_NETWORK_GROUP_AUTHORIZE_INGRESS;
return EventTypes.EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS;
}
@Override
public String getEventDescription() {
StringBuilder sb = new StringBuilder();
if (getUserNetworkGroupList() != null) {
if (getUserSecurityGroupList() != null) {
sb.append("group list(group/account): ");
Collection userGroupCollection = getUserNetworkGroupList().values();
Collection userGroupCollection = getUserSecurityGroupList().values();
Iterator iter = userGroupCollection.iterator();
HashMap userGroup = (HashMap)iter.next();
@ -202,17 +202,17 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
sb.append("<error: no ingress parameters>");
}
return "authorizing ingress to group: " + getNetworkGroupName() + " to " + sb.toString();
return "authorizing ingress to group: " + getSecurityGroupName() + " to " + sb.toString();
}
@Override
public void execute(){
List<? extends IngressRule> ingressRules = _networkGroupMgr.authorizeNetworkGroupIngress(this);
List<? extends IngressRule> ingressRules = _securityGroupMgr.authorizeSecurityGroupIngress(this);
if (ingressRules != null && ! ingressRules.isEmpty()) {
NetworkGroupResponse response = _responseGenerator.createNetworkGroupResponseFromIngressRule(ingressRules);
SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponseFromIngressRule(ingressRules);
this.setResponseObject(response);
} else {
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize network group ingress rule(s)");
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize security group ingress rule(s)");
}
}

30
api/src/com/cloud/api/commands/CreateNetworkGroupCmd.java → api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java
View File

@ -24,13 +24,13 @@ import com.cloud.api.BaseCmd;
import com.cloud.api.Implementation;
import com.cloud.api.Parameter;
import com.cloud.api.ServerApiException;
import com.cloud.api.response.NetworkGroupResponse;
import com.cloud.network.security.NetworkGroup;
import com.cloud.api.response.SecurityGroupResponse;
import com.cloud.network.security.SecurityGroup;
//TODO - add description to implementation
@Implementation(responseObject=NetworkGroupResponse.class)
public class CreateNetworkGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateNetworkGroupCmd.class.getName());
@Implementation(responseObject=SecurityGroupResponse.class)
public class CreateSecurityGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateSecurityGroupCmd.class.getName());
private static final String s_name = "createsecuritygroupresponse";
@ -38,17 +38,17 @@ public class CreateNetworkGroupCmd extends BaseCmd {
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the network group. Must be used with domainId.")
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the security group. Must be used with domainId.")
private String accountName;
@Parameter(name=ApiConstants.DESCRIPTION, type=CommandType.STRING, description="the description of the network group")
@Parameter(name=ApiConstants.DESCRIPTION, type=CommandType.STRING, description="the description of the security group")
private String description;
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the network group. If the account parameter is used, domainId must also be used.")
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the security group. If the account parameter is used, domainId must also be used.")
private Long domainId;
@Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="name of the network group")
private String networkGroupName;
@Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="name of the security group")
private String securityGroupName;
/////////////////////////////////////////////////////
@ -67,8 +67,8 @@ public class CreateNetworkGroupCmd extends BaseCmd {
return domainId;
}
public String getNetworkGroupName() {
return networkGroupName;
public String getSecurityGroupName() {
return securityGroupName;
}
@ -83,13 +83,13 @@ public class CreateNetworkGroupCmd extends BaseCmd {
@Override
public void execute(){
NetworkGroup group = _networkGroupMgr.createNetworkGroup(this);
SecurityGroup group = _securityGroupMgr.createSecurityGroup(this);
if (group != null) {
NetworkGroupResponse response = _responseGenerator.createNetworkGroupResponse(group);
SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponse(group);
response.setResponseName(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create network group");
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create security group");
}
}
}

24
api/src/com/cloud/api/commands/DeleteNetworkGroupCmd.java → api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java
View File

@ -10,23 +10,23 @@ import com.cloud.api.ServerApiException;
import com.cloud.api.response.SuccessResponse;
import com.cloud.exception.ResourceInUseException;
@Implementation(description="Deletes network group", responseObject=SuccessResponse.class)
public class DeleteNetworkGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteNetworkGroupCmd.class.getName());
private static final String s_name = "deletenetworkgroupresponse";
@Implementation(description="Deletes security group", responseObject=SuccessResponse.class)
public class DeleteSecurityGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteSecurityGroupCmd.class.getName());
private static final String s_name = "deletesecuritygroupresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account of the network group. Must be specified with domain ID")
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account of the security group. Must be specified with domain ID")
private String accountName;
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID of account owning the network group")
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID of account owning the security group")
private Long domainId;
@Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="the network group name")
private String networkGroupName;
@Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="the security group name")
private String securityGroupName;
/////////////////////////////////////////////////////
@ -41,8 +41,8 @@ public class DeleteNetworkGroupCmd extends BaseCmd {
return domainId;
}
public String getNetworkGroupName() {
return networkGroupName;
public String getSecurityGroupName() {
return securityGroupName;
}
@ -58,12 +58,12 @@ public class DeleteNetworkGroupCmd extends BaseCmd {
@Override
public void execute(){
try{
boolean result = _networkGroupMgr.deleteNetworkGroup(this);
boolean result = _securityGroupMgr.deleteSecurityGroup(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete network group");
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete security group");
}
} catch (ResourceInUseException ex) {
s_logger.warn("Exception: ", ex);

8
api/src/com/cloud/api/commands/DeployVMCmd.java
View File

@ -70,8 +70,8 @@ public class DeployVMCmd extends BaseAsyncCreateCmd {
@Parameter(name=ApiConstants.HYPERVISOR, type=CommandType.STRING, description="the hypervisor on which to deploy the virtual machine")
private String hypervisor;
@Parameter(name=ApiConstants.NETWORK_GROUP_LIST, type=CommandType.LIST, collectionType=CommandType.STRING, description="comma separated list of network groups that going to be applied to the virtual machine. Should be passed only when vm is created from service offering with Direct Attach Network support")
private List<String> networkGroupList;
@Parameter(name=ApiConstants.SECURITY_GROUP_LIST, type=CommandType.LIST, collectionType=CommandType.STRING, description="comma separated list of security groups that going to be applied to the virtual machine. Should be passed only when vm is created from service offering with Direct Attach Network support")
private List<String> securityGroupList;
@Parameter(name=ApiConstants.SERVICE_OFFERING_ID, type=CommandType.LONG, required=true, description="the ID of the service offering for the virtual machine")
private Long serviceOfferingId;
@ -129,8 +129,8 @@ public class DeployVMCmd extends BaseAsyncCreateCmd {
return HypervisorType.getType(hypervisor);
}
public List<String> getNetworkGroupList() {
return networkGroupList;
public List<String> getSecurityGroupList() {
return securityGroupList;
}
public Long getServiceOfferingId() {

2
api/src/com/cloud/api/commands/ListCapabilitiesCmd.java
View File

@ -40,7 +40,7 @@ public class ListCapabilitiesCmd extends BaseCmd {
public void execute(){
Map<String, String> capabilities = _mgr.listCapabilities(this);
CapabilitiesResponse response = new CapabilitiesResponse();
response.setNetworkGroupsEnabled(capabilities.get("networkGroupsEnabled"));
response.setSecurityGroupsEnabled(capabilities.get("securityGroupsEnabled"));
response.setCloudStackVersion(capabilities.get("cloudStackVersion"));
response.setObjectName("capability");
response.setResponseName(getCommandName());

30
api/src/com/cloud/api/commands/ListNetworkGroupsCmd.java → api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java
View File

@ -26,29 +26,29 @@ import com.cloud.api.BaseListCmd;
import com.cloud.api.Implementation;
import com.cloud.api.Parameter;
import com.cloud.api.response.ListResponse;
import com.cloud.api.response.NetworkGroupResponse;
import com.cloud.network.security.NetworkGroupRules;
import com.cloud.api.response.SecurityGroupResponse;
import com.cloud.network.security.SecurityGroupRules;
@Implementation(description="Lists network groups", responseObject=NetworkGroupResponse.class)
public class ListNetworkGroupsCmd extends BaseListCmd {
public static final Logger s_logger = Logger.getLogger(ListNetworkGroupsCmd.class.getName());
@Implementation(description="Lists security groups", responseObject=SecurityGroupResponse.class)
public class ListSecurityGroupsCmd extends BaseListCmd {
public static final Logger s_logger = Logger.getLogger(ListSecurityGroupsCmd.class.getName());
private static final String s_name = "listnetworkgroupsresponse";
private static final String s_name = "listsecuritygroupsresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="lists all available port network groups for the account. Must be used with domainID parameter")
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="lists all available port security groups for the account. Must be used with domainID parameter")
private String accountName;
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="lists all available network groups for the domain ID. If used with the account parameter, lists all available network groups for the account in the specified domain ID.")
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="lists all available security groups for the domain ID. If used with the account parameter, lists all available security groups for the account in the specified domain ID.")
private Long domainId;
@Parameter(name=ApiConstants.NETWORK_GROUP_NAME, type=CommandType.STRING, description="lists network groups by name")
private String networkGroupName;
@Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="lists security groups by name")
private String securityGroupName;
@Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, description="lists network groups by virtual machine id")
@Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, description="lists security groups by virtual machine id")
private Long virtualMachineId;
/////////////////////////////////////////////////////
@ -63,8 +63,8 @@ public class ListNetworkGroupsCmd extends BaseListCmd {
return domainId;
}
public String getNetworkGroupName() {
return networkGroupName;
public String getSecurityGroupName() {
return securityGroupName;
}
public Long getVirtualMachineId() {
@ -82,9 +82,9 @@ public class ListNetworkGroupsCmd extends BaseListCmd {
@Override
public void execute(){
List<? extends NetworkGroupRules> networkGroups = _networkGroupMgr.searchForNetworkGroupRules(this);
List<? extends SecurityGroupRules> securityGroups = _securityGroupMgr.searchForSecurityGroupRules(this);
ListResponse<NetworkGroupResponse> response = _responseGenerator.createNetworkGroupResponses(networkGroups);
ListResponse<SecurityGroupResponse> response = _responseGenerator.createSecurityGroupResponses(securityGroups);
response.setResponseName(getCommandName());
this.setResponseObject(response);
}

34
api/src/com/cloud/api/commands/RevokeNetworkGroupIngressCmd.java → api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java
View File

@ -20,10 +20,10 @@ import com.cloud.user.UserContext;
@SuppressWarnings("rawtypes")
@Implementation(responseObject=SuccessResponse.class)
public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RevokeNetworkGroupIngressCmd.class.getName());
public class RevokeSecurityGroupIngressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupIngressCmd.class.getName());
private static final String s_name = "revokenetworkgroupingress";
private static final String s_name = "revokesecuritygroupingress";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -54,8 +54,8 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
private Integer icmpType;
//FIXME - add description
@Parameter(name=ApiConstants.NETWORK_GROUP_NAME, type=CommandType.STRING, required=true)
private String networkGroupName;
@Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, required=true)
private String securityGroupName;
//FIXME - add description
@Parameter(name=ApiConstants.PROTOCOL, type=CommandType.STRING)
@ -66,8 +66,8 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
private Integer startPort;
//FIXME - add description
@Parameter(name=ApiConstants.USER_NETWORK_GROUP_LIST, type=CommandType.MAP)
private Map userNetworkGroupList;
@Parameter(name=ApiConstants.USER_SECURITY_GROUP_LIST, type=CommandType.MAP)
private Map userSecurityGroupList;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
@ -97,8 +97,8 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
return icmpType;
}
public String getNetworkGroupName() {
return networkGroupName;
public String getSecurityGroupName() {
return securityGroupName;
}
public String getProtocol() {
@ -109,8 +109,8 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
return startPort;
}
public Map getUserNetworkGroupList() {
return userNetworkGroupList;
public Map getUserSecurityGroupList() {
return userSecurityGroupList;
}
/////////////////////////////////////////////////////
@ -123,7 +123,7 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
}
public static String getResultObjectName() {
return "revokenetworkgroupingress";
return "revokesecuritygroupingress";
}
@Override
@ -147,15 +147,15 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
@Override
public String getEventType() {
return EventTypes.EVENT_NETWORK_GROUP_REVOKE_INGRESS;
return EventTypes.EVENT_SECURITY_GROUP_REVOKE_INGRESS;
}
@Override
public String getEventDescription() {
StringBuilder sb = new StringBuilder();
if (getUserNetworkGroupList() != null) {
if (getUserSecurityGroupList() != null) {
sb.append("group list(group/account): ");
Collection userGroupCollection = getUserNetworkGroupList().values();
Collection userGroupCollection = getUserSecurityGroupList().values();
Iterator iter = userGroupCollection.iterator();
HashMap userGroup = (HashMap)iter.next();
@ -175,12 +175,12 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
sb.append("<error: no ingress parameters>");
}
return "revoking ingress from group: " + getNetworkGroupName() + " for " + sb.toString();
return "revoking ingress from group: " + getSecurityGroupName() + " for " + sb.toString();
}
@Override
public void execute(){
boolean result = _networkGroupMgr.revokeNetworkGroupIngress(this);
boolean result = _securityGroupMgr.revokeSecurityGroupIngress(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
this.setResponseObject(response);

12
api/src/com/cloud/api/response/CapabilitiesResponse.java
View File

@ -4,18 +4,18 @@ import com.cloud.serializer.Param;
import com.google.gson.annotations.SerializedName;
public class CapabilitiesResponse extends BaseResponse {
@SerializedName("networkgroupsenabled") @Param(description="true if network groups support is enabled, false otherwise")
private String networkGroupsEnabled;
@SerializedName("securitygroupsenabled") @Param(description="true if security groups support is enabled, false otherwise")
private String securityGroupsEnabled;
@SerializedName("cloudstackversion") @Param(description="version of the cloud stack")
private String cloudStackVersion;
public String getNetworkGroupsEnabled() {
return networkGroupsEnabled;
public String getSecurityGroupsEnabled() {
return securityGroupsEnabled;
}
public void setNetworkGroupsEnabled(String networkGroupsEnabled) {
this.networkGroupsEnabled = networkGroupsEnabled;
public void setSecurityGroupsEnabled(String securityGroupsEnabled) {
this.securityGroupsEnabled = securityGroupsEnabled;
}
public String getCloudStackVersion() {

12
api/src/com/cloud/api/response/IngressRuleResponse.java
View File

@ -42,8 +42,8 @@ public class IngressRuleResponse extends BaseResponse {
@SerializedName(ApiConstants.END_PORT) @Param(description="the ending IP of the ingress rule ")
private Integer endPort;
@SerializedName(ApiConstants.NETWORK_GROUP_NAME) @Param(description="network group name")
private String networkGroupName;
@SerializedName(ApiConstants.SECURITY_GROUP_NAME) @Param(description="security group name")
private String securityGroupName;
@SerializedName(ApiConstants.ACCOUNT) @Param(description="account owning the ingress rule")
private String accountName;
@ -99,12 +99,12 @@ public class IngressRuleResponse extends BaseResponse {
this.endPort = endPort;
}
public String getNetworkGroupName() {
return networkGroupName;
public String getSecurityGroupName() {
return securityGroupName;
}
public void setNetworkGroupName(String networkGroupName) {
this.networkGroupName = networkGroupName;
public void setSecurityGroupName(String securityGroupName) {
this.securityGroupName = securityGroupName;
}
public String getAccountName() {

16
api/src/com/cloud/api/response/NetworkGroupResponse.java → api/src/com/cloud/api/response/SecurityGroupResponse.java
View File

@ -22,26 +22,26 @@ import java.util.List;
import com.cloud.serializer.Param;
import com.google.gson.annotations.SerializedName;
public class NetworkGroupResponse extends BaseResponse {
@SerializedName("id") @Param(description="the ID of the network group")
public class SecurityGroupResponse extends BaseResponse {
@SerializedName("id") @Param(description="the ID of the security group")
private Long id;
@SerializedName("name") @Param(description="the name of the network group")
@SerializedName("name") @Param(description="the name of the security group")
private String name;
@SerializedName("description") @Param(description="the description of the network group")
@SerializedName("description") @Param(description="the description of the security group")
private String description;
@SerializedName("account") @Param(description="the account owning the network group")
@SerializedName("account") @Param(description="the account owning the security group")
private String accountName;
@SerializedName("domainid") @Param(description="the domain ID of the network group")
@SerializedName("domainid") @Param(description="the domain ID of the security group")
private Long domainId;
@SerializedName("domain") @Param(description="the domain name of the network group")
@SerializedName("domain") @Param(description="the domain name of the security group")
private String domainName;
@SerializedName("ingressrule") @Param(description="the list of ingress rules associated with the network group")
@SerializedName("ingressrule") @Param(description="the list of ingress rules associated with the security group")
private List<IngressRuleResponse> ingressRules;
public Long getId() {

12
api/src/com/cloud/api/response/UserVmResponse.java
View File

@ -130,8 +130,8 @@ public class UserVmResponse extends BaseResponse {
@SerializedName("rootdevicetype") @Param(description="device type of the root volume")
private String rootDeviceType;
@SerializedName("networkgrouplist") @Param(description="list of network groups associated with the virtual machine")
private String networkGroupList;
@SerializedName("securitygrouplist") @Param(description="list of security groups associated with the virtual machine")
private String securityGroupList;
@SerializedName(ApiConstants.PASSWORD) @Param(description="the password (if exists) of the virtual machine")
private String password;
@ -421,12 +421,12 @@ public class UserVmResponse extends BaseResponse {
this.rootDeviceType = rootDeviceType;
}
public String getNetworkGroupList() {
return networkGroupList;
public String getSecurityGroupList() {
return securityGroupList;
}
public void setNetworkGroupList(String networkGroupList) {
this.networkGroupList = networkGroupList;
public void setSecurityGroupList(String securityGroupList) {
this.securityGroupList = securityGroupList;
}
public String getPassword() {

6
api/src/com/cloud/event/EventTypes.java
View File

@ -158,9 +158,9 @@ public class EventTypes {
// Configuration Table
public static final String EVENT_CONFIGURATION_VALUE_EDIT = "CONFIGURATION.VALUE.EDIT";
// Network Groups
public static final String EVENT_NETWORK_GROUP_AUTHORIZE_INGRESS = "NG.AUTH.INGRESS";
public static final String EVENT_NETWORK_GROUP_REVOKE_INGRESS = "NG.REVOKE.INGRESS";
// Security Groups
public static final String EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS = "SG.AUTH.INGRESS";
public static final String EVENT_SECURITY_GROUP_REVOKE_INGRESS = "SG.REVOKE.INGRESS";
// Host
public static final String EVENT_HOST_RECONNECT = "HOST.RECONNECT";

6
api/src/com/cloud/network/security/IngressRule.java
View File

@ -25,14 +25,14 @@ import com.cloud.async.AsyncInstanceCreateStatus;
*/
public interface IngressRule {
long getId();
long getNetworkGroupId();
long getSecurityGroupId();
int getStartPort();
int getEndPort();
String getProtocol();
AsyncInstanceCreateStatus getCreateStatus();
Long getAllowedNetworkId();
String getAllowedNetworkGroup();
String getAllowedNetGrpAcct();
String getAllowedSecurityGroup();
String getAllowedSecGrpAcct();
String getAllowedSourceIpCidr();
}

52
api/src/com/cloud/network/security/NetworkGroupService.java
View File

@ -1,52 +0,0 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.network.security;
import java.util.List;
import com.cloud.api.commands.AuthorizeNetworkGroupIngressCmd;
import com.cloud.api.commands.CreateNetworkGroupCmd;
import com.cloud.api.commands.DeleteNetworkGroupCmd;
import com.cloud.api.commands.ListNetworkGroupsCmd;
import com.cloud.api.commands.RevokeNetworkGroupIngressCmd;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceInUseException;
public interface NetworkGroupService {
/**
* Create a network group with the given name and description
* @param command the command specifying the name and description
* @return the created network group if successful, null otherwise
*/
public NetworkGroup createNetworkGroup(CreateNetworkGroupCmd command) throws PermissionDeniedException, InvalidParameterValueException;
boolean revokeNetworkGroupIngress(RevokeNetworkGroupIngressCmd cmd);
boolean deleteNetworkGroup(DeleteNetworkGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException;
/**
* Search for network groups and associated ingress rules for the given account, domain, group name, and/or keyword.
* The search terms are specified in the search criteria.
* @return the list of network groups and associated ingress rules
*/
public List<? extends NetworkGroupRules> searchForNetworkGroupRules(ListNetworkGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException;
public List<? extends IngressRule> authorizeNetworkGroupIngress(AuthorizeNetworkGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
}

2
api/src/com/cloud/network/security/NetworkGroup.java → api/src/com/cloud/network/security/SecurityGroup.java
View File

@ -20,7 +20,7 @@ package com.cloud.network.security;
import com.cloud.domain.PartOf;
import com.cloud.user.OwnedBy;
public interface NetworkGroup extends PartOf, OwnedBy {
public interface SecurityGroup extends PartOf, OwnedBy {
long getId();
String getName();
String getDescription();

6
api/src/com/cloud/network/security/NetworkGroupRules.java → api/src/com/cloud/network/security/SecurityGroupRules.java
View File

@ -17,7 +17,7 @@
*/
package com.cloud.network.security;
public interface NetworkGroupRules {
public interface SecurityGroupRules {
long getId();
String getName();
@ -40,9 +40,9 @@ public interface NetworkGroupRules {
Long getAllowedNetworkId();
String getAllowedNetworkGroup();
String getAllowedSecurityGroup();
String getAllowedNetGrpAcct();
String getAllowedSecGrpAcct();
String getAllowedSourceIpCidr();
}

52
api/src/com/cloud/network/security/SecurityGroupService.java Normal file
View File

@ -0,0 +1,52 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.network.security;
import java.util.List;
import com.cloud.api.commands.AuthorizeSecurityGroupIngressCmd;
import com.cloud.api.commands.CreateSecurityGroupCmd;
import com.cloud.api.commands.DeleteSecurityGroupCmd;
import com.cloud.api.commands.ListSecurityGroupsCmd;
import com.cloud.api.commands.RevokeSecurityGroupIngressCmd;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceInUseException;
public interface SecurityGroupService {
/**
* Create a network group with the given name and description
* @param command the command specifying the name and description
* @return the created security group if successful, null otherwise
*/
public SecurityGroup createSecurityGroup(CreateSecurityGroupCmd command) throws PermissionDeniedException, InvalidParameterValueException;
boolean revokeSecurityGroupIngress(RevokeSecurityGroupIngressCmd cmd);
boolean deleteSecurityGroup(DeleteSecurityGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException;
/**
* Search for security groups and associated ingress rules for the given account, domain, group name, and/or keyword.
* The search terms are specified in the search criteria.
* @return the list of security groups and associated ingress rules
*/
public List<? extends SecurityGroupRules> searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException;
public List<? extends IngressRule> authorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
}

8
core/src/com/cloud/agent/api/NetworkIngressRuleAnswer.java → core/src/com/cloud/agent/api/SecurityIngressRuleAnswer.java
View File

@ -17,20 +17,20 @@
*/
package com.cloud.agent.api;
public class NetworkIngressRuleAnswer extends Answer {
public class SecurityIngressRuleAnswer extends Answer {
Long logSequenceNumber = null;
Long vmId = null;
protected NetworkIngressRuleAnswer() {
protected SecurityIngressRuleAnswer() {
}
public NetworkIngressRuleAnswer(NetworkIngressRulesCmd cmd) {
public SecurityIngressRuleAnswer(SecurityIngressRulesCmd cmd) {
super(cmd);
this.logSequenceNumber = cmd.getSeqNum();
this.vmId = cmd.getVmId();
}
public NetworkIngressRuleAnswer(NetworkIngressRulesCmd cmd, boolean result, String detail) {
public SecurityIngressRuleAnswer(SecurityIngressRulesCmd cmd, boolean result, String detail) {
super(cmd, result, detail);
this.logSequenceNumber = cmd.getSeqNum();
this.vmId = cmd.getVmId();

12
core/src/com/cloud/agent/api/NetworkIngressRulesCmd.java → core/src/com/cloud/agent/api/SecurityIngressRulesCmd.java
View File

@ -20,7 +20,7 @@ package com.cloud.agent.api;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
public class NetworkIngressRulesCmd extends Command {
public class SecurityIngressRulesCmd extends Command {
public static class IpPortAndProto {
String proto;
int startPort;
@ -69,12 +69,12 @@ public class NetworkIngressRulesCmd extends Command {
Long vmId;
IpPortAndProto [] ruleSet;
public NetworkIngressRulesCmd() {
public SecurityIngressRulesCmd() {
super();
}
public NetworkIngressRulesCmd(String guestIp, String guestMac, String vmName, Long vmId, String signature, Long seqNum, IpPortAndProto[] ruleSet) {
public SecurityIngressRulesCmd(String guestIp, String guestMac, String vmName, Long vmId, String signature, Long seqNum, IpPortAndProto[] ruleSet) {
super();
this.guestIp = guestIp;
this.vmName = vmName;
@ -113,7 +113,7 @@ public class NetworkIngressRulesCmd extends Command {
public String stringifyRules() {
StringBuilder ruleBuilder = new StringBuilder();
for (NetworkIngressRulesCmd.IpPortAndProto ipPandP: getRuleSet()) {
for (SecurityIngressRulesCmd.IpPortAndProto ipPandP: getRuleSet()) {
ruleBuilder.append(ipPandP.getProto()).append(":").append(ipPandP.getStartPort()).append(":").append(ipPandP.getEndPort()).append(":");
for (String cidr: ipPandP.getAllowedCidrs()) {
ruleBuilder.append(cidr).append(",");
@ -130,10 +130,10 @@ public class NetworkIngressRulesCmd extends Command {
return json.toJson(this);
}
public static NetworkIngressRulesCmd fromJson(String jsonString) {
public static SecurityIngressRulesCmd fromJson(String jsonString) {
GsonBuilder gBuilder = new GsonBuilder();
Gson json = gBuilder.create();
return json.fromJson(jsonString, NetworkIngressRulesCmd.class);
return json.fromJson(jsonString, SecurityIngressRulesCmd.class);
}

16
core/src/com/cloud/hypervisor/xen/resource/XenServerResource.java
View File

@ -23,8 +23,8 @@ import org.apache.xmlrpc.XmlRpcException;
import com.cloud.agent.api.Answer;
import com.cloud.agent.api.Command;
import com.cloud.agent.api.NetworkIngressRuleAnswer;
import com.cloud.agent.api.NetworkIngressRulesCmd;
import com.cloud.agent.api.SecurityIngressRuleAnswer;
import com.cloud.agent.api.SecurityIngressRulesCmd;
import com.cloud.hypervisor.xen.resource.CitrixResourceBase;
import com.xensource.xenapi.VM;
import com.cloud.resource.ServerResource;
@ -42,8 +42,8 @@ public class XenServerResource extends CitrixResourceBase {
@Override
public Answer executeRequest(Command cmd) {
if (cmd instanceof NetworkIngressRulesCmd) {
return execute((NetworkIngressRulesCmd) cmd);
if (cmd instanceof SecurityIngressRulesCmd) {
return execute((SecurityIngressRulesCmd) cmd);
} else {
return super.executeRequest(cmd);
}
@ -69,7 +69,7 @@ public class XenServerResource extends CitrixResourceBase {
return Boolean.valueOf(callHostPlugin(conn, "vmops", "can_bridge_firewall", "host_uuid", _host.uuid));
}
private Answer execute(NetworkIngressRulesCmd cmd) {
private Answer execute(SecurityIngressRulesCmd cmd) {
Connection conn = getConnection();
if (s_logger.isTraceEnabled()) {
s_logger.trace("Sending network rules command to " + _host.ip);
@ -77,7 +77,7 @@ public class XenServerResource extends CitrixResourceBase {
if (!_canBridgeFirewall) {
s_logger.info("Host " + _host.ip + " cannot do bridge firewalling");
return new NetworkIngressRuleAnswer(cmd, false, "Host " + _host.ip + " cannot do bridge firewalling");
return new SecurityIngressRuleAnswer(cmd, false, "Host " + _host.ip + " cannot do bridge firewalling");
}
String result = callHostPlugin(conn, "vmops", "network_rules",
@ -91,10 +91,10 @@ public class XenServerResource extends CitrixResourceBase {
if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) {
s_logger.warn("Failed to program network rules for vm " + cmd.getVmName());
return new NetworkIngressRuleAnswer(cmd, false, "programming network rules failed");
return new SecurityIngressRuleAnswer(cmd, false, "programming network rules failed");
} else {
s_logger.info("Programmed network rules for vm " + cmd.getVmName() + " guestIp=" + cmd.getGuestIp() + ", numrules=" + cmd.getRuleSet().length);
return new NetworkIngressRuleAnswer(cmd);
return new SecurityIngressRuleAnswer(cmd);
}
}

38
core/src/com/cloud/network/security/IngressRuleVO.java
View File

@ -31,15 +31,15 @@ import com.cloud.async.AsyncInstanceCreateStatus;
import com.google.gson.annotations.Expose;
@Entity
@Table(name=("network_ingress_rule"))
@Table(name=("security_ingress_rule"))
public class IngressRuleVO implements IngressRule {
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
@Column(name="id")
private long id;
@Column(name="network_group_id")
private long networkGroupId;
@Column(name="security_group_id")
private long securityGroupId;
@Column(name="start_port")
private int startPort;
@ -53,11 +53,11 @@ public class IngressRuleVO implements IngressRule {
@Column(name="allowed_network_id", nullable=true)
private Long allowedNetworkId = null;
@Column(name="allowed_network_group")
private String allowedNetworkGroup;
@Column(name="allowed_security_group")
private String allowedSecurityGroup;
@Column(name="allowed_net_grp_acct")
private String allowedNetGrpAcct;
@Column(name="allowed_sec_grp_acct")
private String allowedSecGrpAcct;
@Column(name="allowed_ip_cidr", nullable=true)
private String allowedSourceIpCidr = null;
@ -69,18 +69,18 @@ public class IngressRuleVO implements IngressRule {
public IngressRuleVO() {}
public IngressRuleVO(long networkGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId, String allowedNetworkGroup, String allowedNetGrpAcct) {
this.networkGroupId = networkGroupId;
public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId, String allowedSecurityGroup, String allowedSecGrpAcct) {
this.securityGroupId = securityGroupId;
this.startPort = fromPort;
this.endPort = toPort;
this.protocol = protocol;
this.allowedNetworkId = allowedNetworkId;
this.allowedNetworkGroup = allowedNetworkGroup;
this.allowedNetGrpAcct = allowedNetGrpAcct;
this.allowedSecurityGroup = allowedSecurityGroup;
this.allowedSecGrpAcct = allowedSecGrpAcct;
}
public IngressRuleVO(long networkGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr) {
this.networkGroupId = networkGroupId;
public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr) {
this.securityGroupId = securityGroupId;
this.startPort = fromPort;
this.endPort = toPort;
this.protocol = protocol;
@ -93,8 +93,8 @@ public class IngressRuleVO implements IngressRule {
}
@Override
public long getNetworkGroupId() {
return networkGroupId;
public long getSecurityGroupId() {
return securityGroupId;
}
@Override
@ -127,13 +127,13 @@ public class IngressRuleVO implements IngressRule {
}
@Override
public String getAllowedNetworkGroup() {
return allowedNetworkGroup;
public String getAllowedSecurityGroup() {
return allowedSecurityGroup;
}
@Override
public String getAllowedNetGrpAcct() {
return allowedNetGrpAcct;
public String getAllowedSecGrpAcct() {
return allowedSecGrpAcct;
}
@Override

44
core/src/com/cloud/network/security/NetworkGroupRulesVO.java → core/src/com/cloud/network/security/SecurityGroupRulesVO.java
View File

@ -10,10 +10,10 @@ import javax.persistence.SecondaryTable;
import javax.persistence.Table;
@Entity
@Table(name=("network_group"))
@SecondaryTable(name="network_ingress_rule", join="left",
pkJoinColumns={@PrimaryKeyJoinColumn(name="id", referencedColumnName="network_group_id")})
public class NetworkGroupRulesVO implements NetworkGroupRules {
@Table(name=("security_group"))
@SecondaryTable(name="security_ingress_rule", join="left",
pkJoinColumns={@PrimaryKeyJoinColumn(name="id", referencedColumnName="security_group_id")})
public class SecurityGroupRulesVO implements SecurityGroupRules {
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
@Column(name="id")
@ -34,33 +34,33 @@ public class NetworkGroupRulesVO implements NetworkGroupRules {
@Column(name="account_name")
private String accountName;
@Column(name="id", table="network_ingress_rule", insertable=false, updatable=false)
@Column(name="id", table="security_ingress_rule", insertable=false, updatable=false)
private Long ruleId;
@Column(name="start_port", table="network_ingress_rule", insertable=false, updatable=false)
@Column(name="start_port", table="security_ingress_rule", insertable=false, updatable=false)
private int startPort;
@Column(name="end_port", table="network_ingress_rule", insertable=false, updatable=false)
@Column(name="end_port", table="security_ingress_rule", insertable=false, updatable=false)
private int endPort;
@Column(name="protocol", table="network_ingress_rule", insertable=false, updatable=false)
@Column(name="protocol", table="security_ingress_rule", insertable=false, updatable=false)
private String protocol;
@Column(name="allowed_network_id", table="network_ingress_rule", insertable=false, updatable=false, nullable=true)
@Column(name="allowed_network_id", table="security_ingress_rule", insertable=false, updatable=false, nullable=true)
private Long allowedNetworkId = null;
@Column(name="allowed_network_group", table="network_ingress_rule", insertable=false, updatable=false, nullable=true)
private String allowedNetworkGroup = null;
@Column(name="allowed_security_group", table="security_ingress_rule", insertable=false, updatable=false, nullable=true)
private String allowedSecurityGroup = null;
@Column(name="allowed_net_grp_acct", table="network_ingress_rule", insertable=false, updatable=false, nullable=true)
private String allowedNetGrpAcct = null;
@Column(name="allowed_sec_grp_acct", table="security_ingress_rule", insertable=false, updatable=false, nullable=true)
private String allowedSecGrpAcct = null;
@Column(name="allowed_ip_cidr", table="network_ingress_rule", insertable=false, updatable=false, nullable=true)
@Column(name="allowed_ip_cidr", table="security_ingress_rule", insertable=false, updatable=false, nullable=true)
private String allowedSourceIpCidr = null;
public NetworkGroupRulesVO() { }
public SecurityGroupRulesVO() { }
public NetworkGroupRulesVO(long id, String name, String description, Long domainId, Long accountId, String accountName, Long ruleId, int startPort, int endPort, String protocol, Long allowedNetworkId, String allowedNetworkGroup, String allowedNetGrpAcct, String allowedSourceIpCidr) {
public SecurityGroupRulesVO(long id, String name, String description, Long domainId, Long accountId, String accountName, Long ruleId, int startPort, int endPort, String protocol, Long allowedNetworkId, String allowedSecurityGroup, String allowedSecGrpAcct, String allowedSourceIpCidr) {
this.id = id;
this.name = name;
this.description = description;
@ -72,8 +72,8 @@ public class NetworkGroupRulesVO implements NetworkGroupRules {
this.endPort = endPort;
this.protocol = protocol;
this.allowedNetworkId = allowedNetworkId;
this.allowedNetworkGroup = allowedNetworkGroup;
this.allowedNetGrpAcct = allowedNetGrpAcct;
this.allowedSecurityGroup = allowedSecurityGroup;
this.allowedSecGrpAcct = allowedSecGrpAcct;
this.allowedSourceIpCidr = allowedSourceIpCidr;
}
@ -121,12 +121,12 @@ public class NetworkGroupRulesVO implements NetworkGroupRules {
return allowedNetworkId;
}
public String getAllowedNetworkGroup() {
return allowedNetworkGroup;
public String getAllowedSecurityGroup() {
return allowedSecurityGroup;
}
public String getAllowedNetGrpAcct() {
return allowedNetGrpAcct;
public String getAllowedSecGrpAcct() {
return allowedSecGrpAcct;
}
public String getAllowedSourceIpCidr() {

24
core/src/com/cloud/network/security/NetworkGroupVMMapVO.java → core/src/com/cloud/network/security/SecurityGroupVMMapVO.java
View File

@ -31,23 +31,23 @@ import javax.persistence.Table;
import com.cloud.vm.State;
@Entity
@Table(name=("network_group_vm_map"))
@Table(name=("security_group_vm_map"))
@SecondaryTables({
@SecondaryTable(name="user_vm",
pkJoinColumns={@PrimaryKeyJoinColumn(name="instance_id", referencedColumnName="id")}),
@SecondaryTable(name="vm_instance",
pkJoinColumns={@PrimaryKeyJoinColumn(name="instance_id", referencedColumnName="id")}),
@SecondaryTable(name="network_group",
pkJoinColumns={@PrimaryKeyJoinColumn(name="network_group_id", referencedColumnName="id")})
@SecondaryTable(name="security_group",
pkJoinColumns={@PrimaryKeyJoinColumn(name="security_group_id", referencedColumnName="id")})
})
public class NetworkGroupVMMapVO {
public class SecurityGroupVMMapVO {
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
@Column(name="id")
private Long id;
@Column(name="network_group_id")
private long networkGroupId;
@Column(name="security_group_id")
private long securityGroupId;
@Column(name="instance_id")
private long instanceId;
@ -58,13 +58,13 @@ public class NetworkGroupVMMapVO {
@Column(name="state", table="vm_instance", insertable=false, updatable=false)
private State vmState;
@Column(name="name", table="network_group", insertable=false, updatable=false)
@Column(name="name", table="security_group", insertable=false, updatable=false)
private String groupName;
public NetworkGroupVMMapVO() { }
public SecurityGroupVMMapVO() { }
public NetworkGroupVMMapVO(long networkGroupId, long instanceId) {
this.networkGroupId = networkGroupId;
public SecurityGroupVMMapVO(long securityGroupId, long instanceId) {
this.securityGroupId = securityGroupId;
this.instanceId = instanceId;
}
@ -72,8 +72,8 @@ public class NetworkGroupVMMapVO {
return id;
}
public long getNetworkGroupId() {
return networkGroupId;
public long getSecurityGroupId() {
return securityGroupId;
}
public String getGuestIpAddress() {

8
core/src/com/cloud/network/security/NetworkGroupVO.java → core/src/com/cloud/network/security/SecurityGroupVO.java
View File

@ -26,8 +26,8 @@ import javax.persistence.Id;
import javax.persistence.Table;
@Entity
@Table(name=("network_group"))
public class NetworkGroupVO implements NetworkGroup {
@Table(name=("security_group"))
public class SecurityGroupVO implements SecurityGroup {
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
@Column(name="id")
@ -48,9 +48,9 @@ public class NetworkGroupVO implements NetworkGroup {
@Column(name="account_name")
private String accountName = null;
public NetworkGroupVO() {}
public SecurityGroupVO() {}
public NetworkGroupVO(String name, String description, long domainId, long accountId, String accountName) {
public SecurityGroupVO(String name, String description, long domainId, long accountId, String accountName) {
this.name = name;
this.description = description;
this.domainId = domainId;

6
core/src/com/cloud/network/security/NetworkGroupWorkVO.java → core/src/com/cloud/network/security/SecurityGroupWorkVO.java
View File

@ -34,7 +34,7 @@ import com.cloud.utils.db.GenericDao;
@Entity
@Table(name="op_nwgrp_work")
public class NetworkGroupWorkVO {
public class SecurityGroupWorkVO {
public enum Step {
Scheduled,
Processing,
@ -70,7 +70,7 @@ public class NetworkGroupWorkVO {
private Long logsequenceNumber = null;
protected NetworkGroupWorkVO() {
protected SecurityGroupWorkVO() {
}
public Long getId() {
@ -97,7 +97,7 @@ public class NetworkGroupWorkVO {
public NetworkGroupWorkVO(Long instanceId, Long serverId, Date created,
public SecurityGroupWorkVO(Long instanceId, Long serverId, Date created,
Step step, Date dateTaken) {
super();
this.instanceId = instanceId;

18
server/src/com/cloud/api/ApiDBUtils.java
View File

@ -36,9 +36,9 @@ import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.LoadBalancerDao;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.NetworkRuleConfigDao;
import com.cloud.network.security.NetworkGroup;
import com.cloud.network.security.NetworkGroupManager;
import com.cloud.network.security.dao.NetworkGroupDao;
import com.cloud.network.security.SecurityGroup;
import com.cloud.network.security.SecurityGroupManager;
import com.cloud.network.security.dao.SecurityGroupDao;
import com.cloud.offering.ServiceOffering;
import com.cloud.offerings.NetworkOfferingVO;
import com.cloud.offerings.dao.NetworkOfferingDao;
@ -97,7 +97,7 @@ public class ApiDBUtils {
private static AccountManager _accountMgr;
private static AgentManager _agentMgr;
public static AsyncJobManager _asyncMgr;
private static NetworkGroupManager _networkGroupMgr;
private static SecurityGroupManager _networkGroupMgr;
private static SnapshotManager _snapMgr;
private static StorageManager _storageMgr;
private static UserVmManager _userVmMgr;
@ -115,7 +115,7 @@ public class ApiDBUtils {
private static HostDao _hostDao;
private static IPAddressDao _ipAddressDao;
private static LoadBalancerDao _loadBalancerDao;
private static NetworkGroupDao _networkGroupDao;
private static SecurityGroupDao _networkGroupDao;
private static NetworkRuleConfigDao _networkRuleConfigDao;
private static HostPodDao _podDao;
private static ServiceOfferingDao _serviceOfferingDao;
@ -140,7 +140,7 @@ public class ApiDBUtils {
_accountMgr = locator.getManager(AccountManager.class);
_agentMgr = locator.getManager(AgentManager.class);
_asyncMgr = locator.getManager(AsyncJobManager.class);
_networkGroupMgr = locator.getManager(NetworkGroupManager.class);
_networkGroupMgr = locator.getManager(SecurityGroupManager.class);
_snapMgr = locator.getManager(SnapshotManager.class);
_storageMgr = locator.getManager(StorageManager.class);
_userVmMgr = locator.getManager(UserVmManager.class);
@ -171,7 +171,7 @@ public class ApiDBUtils {
_vlanDao = locator.getDao(VlanDao.class);
_volumeDao = locator.getDao(VolumeDao.class);
_zoneDao = locator.getDao(DataCenterDao.class);
_networkGroupDao = locator.getDao(NetworkGroupDao.class);
_networkGroupDao = locator.getDao(SecurityGroupDao.class);
_networkOfferingDao = locator.getDao(NetworkOfferingDao.class);
_networkDao = locator.getDao(NetworkDao.class);
@ -240,7 +240,7 @@ public class ApiDBUtils {
}
public static String getNetworkGroupsNamesForVm(long vmId) {
return _networkGroupMgr.getNetworkGroupsNamesForVm(vmId);
return _networkGroupMgr.getSecurityGroupsNamesForVm(vmId);
}
public static String getSnapshotIntervalTypes(long snapshotId) {
@ -351,7 +351,7 @@ public class ApiDBUtils {
return _networkRuleConfigDao.findById(ruleId);
}
public static NetworkGroup findNetworkGroupById(Long groupId) {
public static SecurityGroup findNetworkGroupById(Long groupId) {
return _networkGroupDao.findById(groupId);
}

58
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -51,7 +51,7 @@ import com.cloud.api.response.InstanceGroupResponse;
import com.cloud.api.response.IpForwardingRuleResponse;
import com.cloud.api.response.ListResponse;
import com.cloud.api.response.LoadBalancerResponse;
import com.cloud.api.response.NetworkGroupResponse;
import com.cloud.api.response.SecurityGroupResponse;
import com.cloud.api.response.NetworkOfferingResponse;
import com.cloud.api.response.NetworkResponse;
import com.cloud.api.response.NicResponse;
@ -75,7 +75,7 @@ import com.cloud.api.response.ZoneResponse;
import com.cloud.async.AsyncJob;
import com.cloud.async.AsyncJobResult;
import com.cloud.async.executor.IngressRuleResultObject;
import com.cloud.async.executor.NetworkGroupResultObject;
import com.cloud.async.executor.SecurityGroupResultObject;
import com.cloud.capacity.Capacity;
import com.cloud.capacity.CapacityVO;
import com.cloud.configuration.Configuration;
@ -105,8 +105,8 @@ import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.LoadBalancer;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.security.IngressRule;
import com.cloud.network.security.NetworkGroup;
import com.cloud.network.security.NetworkGroupRules;
import com.cloud.network.security.SecurityGroup;
import com.cloud.network.security.SecurityGroupRules;
import com.cloud.offering.DiskOffering;
import com.cloud.offering.NetworkOffering;
import com.cloud.offering.NetworkOffering.GuestIpType;
@ -1035,7 +1035,7 @@ public class ApiResponseHelper implements ResponseGenerator {
userVmResponse.setGuestOsId(userVm.getGuestOSId());
// network groups
userVmResponse.setNetworkGroupList(ApiDBUtils.getNetworkGroupsNamesForVm(userVm.getId()));
userVmResponse.setSecurityGroupList(ApiDBUtils.getNetworkGroupsNamesForVm(userVm.getId()));
List<? extends Nic> nics = ApiDBUtils.getNics(userVm);
List<NicResponse> nicResponses = new ArrayList<NicResponse>();
@ -1483,13 +1483,13 @@ public class ApiResponseHelper implements ResponseGenerator {
}
@Override
public ListResponse<NetworkGroupResponse> createNetworkGroupResponses(List<? extends NetworkGroupRules> networkGroups) {
List<NetworkGroupResultObject> groupResultObjs = NetworkGroupResultObject.transposeNetworkGroups(networkGroups);
public ListResponse<SecurityGroupResponse> createSecurityGroupResponses(List<? extends SecurityGroupRules> networkGroups) {
List<SecurityGroupResultObject> groupResultObjs = SecurityGroupResultObject.transposeNetworkGroups(networkGroups);
ListResponse<NetworkGroupResponse> response = new ListResponse<NetworkGroupResponse>();
List<NetworkGroupResponse> netGrpResponses = new ArrayList<NetworkGroupResponse>();
for (NetworkGroupResultObject networkGroup : groupResultObjs) {
NetworkGroupResponse netGrpResponse = new NetworkGroupResponse();
ListResponse<SecurityGroupResponse> response = new ListResponse<SecurityGroupResponse>();
List<SecurityGroupResponse> netGrpResponses = new ArrayList<SecurityGroupResponse>();
for (SecurityGroupResultObject networkGroup : groupResultObjs) {
SecurityGroupResponse netGrpResponse = new SecurityGroupResponse();
netGrpResponse.setId(networkGroup.getId());
netGrpResponse.setName(networkGroup.getName());
netGrpResponse.setDescription(networkGroup.getDescription());
@ -1514,9 +1514,9 @@ public class ApiResponseHelper implements ResponseGenerator {
ingressData.setEndPort(ingressRule.getEndPort());
}
if (ingressRule.getAllowedNetworkGroup() != null) {
ingressData.setNetworkGroupName(ingressRule.getAllowedNetworkGroup());
ingressData.setAccountName(ingressRule.getAllowedNetGroupAcct());
if (ingressRule.getAllowedSecurityGroup() != null) {
ingressData.setSecurityGroupName(ingressRule.getAllowedSecurityGroup());
ingressData.setAccountName(ingressRule.getAllowedSecGroupAcct());
} else {
ingressData.setCidr(ingressRule.getAllowedSourceIpCidr());
}
@ -1535,8 +1535,8 @@ public class ApiResponseHelper implements ResponseGenerator {
}
@Override
public NetworkGroupResponse createNetworkGroupResponse(NetworkGroup group) {
NetworkGroupResponse response = new NetworkGroupResponse();
public SecurityGroupResponse createSecurityGroupResponse(SecurityGroup group) {
SecurityGroupResponse response = new SecurityGroupResponse();
response.setAccountName(group.getAccountName());
response.setDescription(group.getDescription());
response.setDomainId(group.getDomainId());
@ -2084,17 +2084,17 @@ public class ApiResponseHelper implements ResponseGenerator {
@Override
public NetworkGroupResponse createNetworkGroupResponseFromIngressRule(List<? extends IngressRule> ingressRules) {
NetworkGroupResponse response = new NetworkGroupResponse();
public SecurityGroupResponse createSecurityGroupResponseFromIngressRule(List<? extends IngressRule> ingressRules) {
SecurityGroupResponse response = new SecurityGroupResponse();
if ((ingressRules != null) && !ingressRules.isEmpty()) {
NetworkGroup networkGroup = ApiDBUtils.findNetworkGroupById(ingressRules.get(0).getNetworkGroupId());
response.setId(networkGroup.getId());
response.setName(networkGroup.getName());
response.setDescription(networkGroup.getDescription());
response.setAccountName(networkGroup.getAccountName());
response.setDomainId(networkGroup.getDomainId());
response.setDomainName(ApiDBUtils.findDomainById(networkGroup.getDomainId()).getName());
SecurityGroup securityGroup = ApiDBUtils.findNetworkGroupById(ingressRules.get(0).getSecurityGroupId());
response.setId(securityGroup.getId());
response.setName(securityGroup.getName());
response.setDescription(securityGroup.getDescription());
response.setAccountName(securityGroup.getAccountName());
response.setDomainId(securityGroup.getDomainId());
response.setDomainName(ApiDBUtils.findDomainById(securityGroup.getDomainId()).getName());
List<IngressRuleResponse> responses = new ArrayList<IngressRuleResponse>();
for (IngressRule ingressRule : ingressRules) {
@ -2110,9 +2110,9 @@ public class ApiResponseHelper implements ResponseGenerator {
ingressData.setEndPort(ingressRule.getEndPort());
}
if (ingressRule.getAllowedNetworkGroup() != null) {
ingressData.setNetworkGroupName(ingressRule.getAllowedNetworkGroup());
ingressData.setAccountName(ingressRule.getAllowedNetGrpAcct());
if (ingressRule.getAllowedSecurityGroup() != null) {
ingressData.setSecurityGroupName(ingressRule.getAllowedSecurityGroup());
ingressData.setAccountName(ingressRule.getAllowedSecGrpAcct());
} else {
ingressData.setCidr(ingressRule.getAllowedSourceIpCidr());
}
@ -2121,7 +2121,7 @@ public class ApiResponseHelper implements ResponseGenerator {
responses.add(ingressData);
}
response.setIngressRules(responses);
response.setObjectName("networkgroup");
response.setObjectName("securitygroup");
}
return response;

8
server/src/com/cloud/api/ApiServer.java
View File

@ -655,9 +655,9 @@ public class ApiServer implements HttpRequestHandler {
if (hypervisorType == null)
hypervisorType = "kvm";
String directAttachNetworkGroupsEnabled = _ms.getConfigurationValue("direct.attach.network.groups.enabled");
if(directAttachNetworkGroupsEnabled == null)
directAttachNetworkGroupsEnabled = "false";
String directAttachSecurityGroupsEnabled = _ms.getConfigurationValue("direct.attach.security.groups.enabled");
if(directAttachSecurityGroupsEnabled == null)
directAttachSecurityGroupsEnabled = "false";
String systemVmUseLocalStorage = _ms.getConfigurationValue("system.vm.use.local.storage");
if (systemVmUseLocalStorage == null)
@ -674,7 +674,7 @@ public class ApiServer implements HttpRequestHandler {
session.setAttribute("type", Short.valueOf(account.getType()).toString());
// session.setAttribute("networktype", networkType);
session.setAttribute("hypervisortype", hypervisorType);
session.setAttribute("directattachnetworkgroupsenabled", directAttachNetworkGroupsEnabled);
session.setAttribute("directattachsecuritygroupsenabled", directAttachSecurityGroupsEnabled);
session.setAttribute("systemvmuselocalstorage", systemVmUseLocalStorage);
if (timezone != null) {

26
server/src/com/cloud/async/executor/AuthorizeNetworkGroupIngressExecutor.java → server/src/com/cloud/async/executor/AuthorizeSecurityGroupIngressExecutor.java
View File

@ -11,15 +11,15 @@ import com.cloud.async.AsyncJobResult;
import com.cloud.async.AsyncJobVO;
import com.cloud.async.BaseAsyncJobExecutor;
import com.cloud.network.security.IngressRuleVO;
import com.cloud.network.security.NetworkGroupRulesVO;
import com.cloud.network.security.NetworkGroupVO;
import com.cloud.network.security.SecurityGroupRulesVO;
import com.cloud.network.security.SecurityGroupVO;
import com.cloud.serializer.GsonHelper;
import com.cloud.server.ManagementServer;
import com.cloud.user.AccountVO;
import com.google.gson.Gson;
public class AuthorizeNetworkGroupIngressExecutor extends BaseAsyncJobExecutor {
public static final Logger s_logger = Logger.getLogger(AuthorizeNetworkGroupIngressExecutor.class.getName());
public class AuthorizeSecurityGroupIngressExecutor extends BaseAsyncJobExecutor {
public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressExecutor.class.getName());
@Override
public boolean execute() {
@ -27,17 +27,17 @@ public class AuthorizeNetworkGroupIngressExecutor extends BaseAsyncJobExecutor {
AsyncJobManager asyncMgr = getAsyncJobMgr();
AsyncJobVO job = getJob();
ManagementServer managementServer = asyncMgr.getExecutorContext().getManagementServer();
NetworkGroupIngressParam param = gson.fromJson(job.getCmdInfo(), NetworkGroupIngressParam.class);
SecurityGroupIngressParam param = gson.fromJson(job.getCmdInfo(), SecurityGroupIngressParam.class);
AccountVO account = param.getAccount();
/*
if (getSyncSource() == null) {
NetworkGroupVO networkGroup = managementServer.findNetworkGroupByName(param.getAccount().getId(), param.getGroupName());
SecurityGroupVO networkGroup = managementServer.findNetworkGroupByName(param.getAccount().getId(), param.getGroupName());
if(networkGroup == null) {
asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED,
BaseCmd.PARAM_ERROR, "Unable to find network group " + param.getGroupName() + " for account " + account.getAccountName() + " (id: " + account.getId() + ")");
} else {
asyncMgr.syncAsyncJobExecution(job.getId(), "NetworkGroup", networkGroup.getId());
asyncMgr.syncAsyncJobExecution(job.getId(), "SecurityGroup", networkGroup.getId());
}
return true;
} else {
@ -65,17 +65,17 @@ public class AuthorizeNetworkGroupIngressExecutor extends BaseAsyncJobExecutor {
return true;
}
private NetworkGroupResultObject composeResultObject(ManagementServer ms, Long accountId, String groupName, List<IngressRuleVO> addedRules) {
NetworkGroupVO networkGroup = ms.findNetworkGroupByName(accountId, groupName);
List<NetworkGroupRulesVO> groupRules = new ArrayList<NetworkGroupRulesVO>();
private SecurityGroupResultObject composeResultObject(ManagementServer ms, Long accountId, String groupName, List<IngressRuleVO> addedRules) {
SecurityGroupVO networkGroup = ms.findNetworkGroupByName(accountId, groupName);
List<SecurityGroupRulesVO> groupRules = new ArrayList<SecurityGroupRulesVO>();
for (IngressRuleVO ingressRule : addedRules) {
NetworkGroupRulesVO groupRule = new NetworkGroupRulesVO(networkGroup.getId(), networkGroup.getName(), networkGroup.getDescription(), networkGroup.getDomainId(),
SecurityGroupRulesVO groupRule = new SecurityGroupRulesVO(networkGroup.getId(), networkGroup.getName(), networkGroup.getDescription(), networkGroup.getDomainId(),
networkGroup.getAccountId(), networkGroup.getAccountName(), ingressRule.getId(), ingressRule.getStartPort(), ingressRule.getEndPort(),
ingressRule.getProtocol(), ingressRule.getAllowedNetworkId(), ingressRule.getAllowedNetworkGroup(), ingressRule.getAllowedNetGrpAcct(),
ingressRule.getProtocol(), ingressRule.getAllowedNetworkId(), ingressRule.getAllowedSecurityGroup(), ingressRule.getAllowedSecGrpAcct(),
ingressRule.getAllowedSourceIpCidr());
groupRules.add(groupRule);
}
List<NetworkGroupResultObject> results = NetworkGroupResultObject.transposeNetworkGroups(groupRules);
List<SecurityGroupResultObject> results = SecurityGroupResultObject.transposeNetworkGroups(groupRules);
if ((results != null) && !results.isEmpty()) {
return results.get(0);
}

12
server/src/com/cloud/async/executor/DeployVMResultObject.java
View File

@ -121,8 +121,8 @@ public class DeployVMResultObject {
@Param(name="hostid")
private Long hostid;
@Param(name="networkgrouplist")
private String networkGroupList;
@Param(name="securitygrouplist")
private String securityGroupList;
@Param(name="rootdeviceid")
private Long rootDeviceId;
@ -146,12 +146,12 @@ public class DeployVMResultObject {
this.rootDeviceType = deviceType;
}
public String getNetworkGroupList(){
return this.networkGroupList;
public String getSecurityGroupList(){
return this.securityGroupList;
}
public void setNetworkGroupList(String nGroups){
this.networkGroupList = nGroups;
public void setSecurityGroupList(String nGroups){
this.securityGroupList = nGroups;
}
public String getIsoDisplayText() {

28
server/src/com/cloud/async/executor/IngressRuleResultObject.java
View File

@ -15,24 +15,24 @@ public class IngressRuleResultObject {
@Param(name="protocol")
private String protocol;
@Param(name="networkgroup")
private String allowedNetworkGroup = null;
@Param(name="securitygroup")
private String allowedSecurityGroup = null;
@Param(name="account")
private String allowedNetGroupAcct = null;
private String allowedSecGroupAcct = null;
@Param(name="cidr")
private String allowedSourceIpCidr = null;
public IngressRuleResultObject() { }
public IngressRuleResultObject(Long id, int startPort, int endPort, String protocol, String allowedNetworkGroup, String allowedNetGroupAcct, String allowedSourceIpCidr) {
public IngressRuleResultObject(Long id, int startPort, int endPort, String protocol, String allowedSecurityGroup, String allowedSecGroupAcct, String allowedSourceIpCidr) {
this.id = id;
this.startPort = startPort;
this.endPort = endPort;
this.protocol = protocol;
this.allowedNetworkGroup = allowedNetworkGroup;
this.allowedNetGroupAcct = allowedNetGroupAcct;
this.allowedSecurityGroup = allowedSecurityGroup;
this.allowedSecGroupAcct = allowedSecGroupAcct;
this.allowedSourceIpCidr = allowedSourceIpCidr;
}
@ -68,20 +68,20 @@ public class IngressRuleResultObject {
this.protocol = protocol;
}
public String getAllowedNetworkGroup() {
return allowedNetworkGroup;
public String getAllowedSecurityGroup() {
return allowedSecurityGroup;
}
public void setAllowedNetworkGroup(String allowedNetworkGroup) {
this.allowedNetworkGroup = allowedNetworkGroup;
public void setAllowedSecurityGroup(String allowedSecurityGroup) {
this.allowedSecurityGroup = allowedSecurityGroup;
}
public String getAllowedNetGroupAcct() {
return allowedNetGroupAcct;
public String getAllowedSecGroupAcct() {
return allowedSecGroupAcct;
}
public void setAllowedNetGroupAcct(String allowedNetGroupAcct) {
this.allowedNetGroupAcct = allowedNetGroupAcct;
public void setAllowedSecGroupAcct(String allowedSecGroupAcct) {
this.allowedSecGroupAcct = allowedSecGroupAcct;
}
public String getAllowedSourceIpCidr() {

8
server/src/com/cloud/async/executor/RevokeNetworkGroupIngressExecutor.java
View File

@ -7,7 +7,7 @@ import com.cloud.async.AsyncJobManager;
import com.cloud.async.AsyncJobResult;
import com.cloud.async.AsyncJobVO;
import com.cloud.async.BaseAsyncJobExecutor;
import com.cloud.network.security.NetworkGroupVO;
import com.cloud.network.security.SecurityGroupVO;
import com.cloud.serializer.GsonHelper;
import com.cloud.server.ManagementServer;
import com.cloud.user.AccountVO;
@ -22,17 +22,17 @@ public class RevokeNetworkGroupIngressExecutor extends BaseAsyncJobExecutor {
AsyncJobManager asyncMgr = getAsyncJobMgr();
AsyncJobVO job = getJob();
ManagementServer managementServer = asyncMgr.getExecutorContext().getManagementServer();
NetworkGroupIngressParam param = gson.fromJson(job.getCmdInfo(), NetworkGroupIngressParam.class);
SecurityGroupIngressParam param = gson.fromJson(job.getCmdInfo(), SecurityGroupIngressParam.class);
AccountVO account = param.getAccount();
/*
if (getSyncSource() == null) {
NetworkGroupVO networkGroup = managementServer.findNetworkGroupByName(param.getAccount().getId(), param.getGroupName());
SecurityGroupVO networkGroup = managementServer.findNetworkGroupByName(param.getAccount().getId(), param.getGroupName());
if(networkGroup == null) {
asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED,
BaseCmd.PARAM_ERROR, "Unable to find network group " + param.getGroupName() + " for account " + account.getAccountName() + " (id: " + account.getId() + ")");
} else {
asyncMgr.syncAsyncJobExecution(job.getId(), "NetworkGroup", networkGroup.getId());
asyncMgr.syncAsyncJobExecution(job.getId(), "SecurityGroup", networkGroup.getId());
}
return true;
} else {

12
server/src/com/cloud/async/executor/NetworkGroupIngressParam.java → server/src/com/cloud/async/executor/SecurityGroupIngressParam.java
View File

@ -2,21 +2,21 @@ package com.cloud.async.executor;
import java.util.List;
import com.cloud.network.security.NetworkGroupVO;
import com.cloud.network.security.SecurityGroupVO;
import com.cloud.user.AccountVO;
public class NetworkGroupIngressParam {
public class SecurityGroupIngressParam {
private AccountVO account;
private String groupName;
private String protocol;
private int startPort;
private int endPort;
private String[] cidrList;
private List<NetworkGroupVO> authorizedGroups;
private List<SecurityGroupVO> authorizedGroups;
protected NetworkGroupIngressParam() { }
protected SecurityGroupIngressParam() { }
public NetworkGroupIngressParam(AccountVO account, String groupName, String protocol, int startPort, int endPort, String[] cidrList, List<NetworkGroupVO> authorizedGroups) {
public SecurityGroupIngressParam(AccountVO account, String groupName, String protocol, int startPort, int endPort, String[] cidrList, List<SecurityGroupVO> authorizedGroups) {
this.account = account;
this.groupName = groupName;
this.protocol = protocol;
@ -50,7 +50,7 @@ public class NetworkGroupIngressParam {
return cidrList;
}
public List<NetworkGroupVO> getAuthorizedGroups() {
public List<SecurityGroupVO> getAuthorizedGroups() {
return authorizedGroups;
}
}

24
server/src/com/cloud/async/executor/NetworkGroupResultObject.java → server/src/com/cloud/async/executor/SecurityGroupResultObject.java
View File

@ -3,10 +3,10 @@ package com.cloud.async.executor;
import java.util.ArrayList;
import java.util.List;
import com.cloud.network.security.NetworkGroupRules;
import com.cloud.network.security.SecurityGroupRules;
import com.cloud.serializer.Param;
public class NetworkGroupResultObject {
public class SecurityGroupResultObject {
@Param(name="id")
private Long id;
@ -28,9 +28,9 @@ public class NetworkGroupResultObject {
@Param(name="ingressrules")
private List<IngressRuleResultObject> ingressRules = null;
public NetworkGroupResultObject() {}
public SecurityGroupResultObject() {}
public NetworkGroupResultObject(Long id, String name, String description, Long domainId, Long accountId, String accountName, List<IngressRuleResultObject> ingressRules) {
public SecurityGroupResultObject(Long id, String name, String description, Long domainId, Long accountId, String accountName, List<IngressRuleResultObject> ingressRules) {
this.id = id;
this.name = name;
this.description = description;
@ -96,15 +96,15 @@ public class NetworkGroupResultObject {
this.ingressRules = ingressRules;
}
public static List<NetworkGroupResultObject> transposeNetworkGroups(List<? extends NetworkGroupRules> groups) {
List<NetworkGroupResultObject> resultObjects = new ArrayList<NetworkGroupResultObject>();
public static List<SecurityGroupResultObject> transposeNetworkGroups(List<? extends SecurityGroupRules> groups) {
List<SecurityGroupResultObject> resultObjects = new ArrayList<SecurityGroupResultObject>();
if ((groups != null) && !groups.isEmpty()) {
List<IngressRuleResultObject> ingressDataList = new ArrayList<IngressRuleResultObject>();
NetworkGroupResultObject currentGroup = null;
SecurityGroupResultObject currentGroup = null;
List<Long> processedGroups = new ArrayList<Long>();
for (NetworkGroupRules netGroupRule : groups) {
for (SecurityGroupRules netGroupRule : groups) {
Long groupId = netGroupRule.getId();
if (!processedGroups.contains(groupId)) {
processedGroups.add(groupId);
@ -118,7 +118,7 @@ public class NetworkGroupResultObject {
}
// start a new group
NetworkGroupResultObject groupResult = new NetworkGroupResultObject();
SecurityGroupResultObject groupResult = new SecurityGroupResultObject();
groupResult.setId(netGroupRule.getId());
groupResult.setName(netGroupRule.getName());
groupResult.setDescription(netGroupRule.getDescription());
@ -137,9 +137,9 @@ public class NetworkGroupResultObject {
ingressData.setId(netGroupRule.getRuleId());
ingressData.setProtocol(netGroupRule.getProtocol());
if (netGroupRule.getAllowedNetworkGroup() != null) {
ingressData.setAllowedNetworkGroup(netGroupRule.getAllowedNetworkGroup());
ingressData.setAllowedNetGroupAcct(netGroupRule.getAllowedNetGrpAcct());
if (netGroupRule.getAllowedSecurityGroup() != null) {
ingressData.setAllowedSecurityGroup(netGroupRule.getAllowedSecurityGroup());
ingressData.setAllowedSecGroupAcct(netGroupRule.getAllowedSecGrpAcct());
} else if (netGroupRule.getAllowedSourceIpCidr() != null) {
ingressData.setAllowedSourceIpCidr(netGroupRule.getAllowedSourceIpCidr());
}

12
server/src/com/cloud/async/executor/VMOperationResultObject.java
View File

@ -117,8 +117,8 @@ public class VMOperationResultObject {
@Param(name="hostid")
private Long hostid;
@Param(name="networkgrouplist")
private String networkGroupList;
@Param(name="securitygrouplist")
private String securityGroupList;
@Param(name="rootdeviceid")
private Long rootDeviceId;
@ -142,12 +142,12 @@ public class VMOperationResultObject {
this.rootDeviceType = deviceType;
}
public String getNetworkGroupList(){
return this.networkGroupList;
public String getSecurityGroupList(){
return this.securityGroupList;
}
public void setNetworkGroupList(String nGroups){
this.networkGroupList = nGroups;
public void setSecurityGroupList(String nGroups){
this.securityGroupList = nGroups;
}
public long getId() {

2
server/src/com/cloud/configuration/Config.java
View File

@ -152,7 +152,7 @@ public enum Config {
SecStorageAllowedInternalDownloadSites("Advanced", ManagementServer.class, String.class, "secstorage.allowed.internal.sites", null, "Comma separated list of cidrs internal to the datacenter that can host template download servers", null),
SecStorageEncryptCopy("Advanced", ManagementServer.class, Boolean.class, "secstorage.encrypt.copy", "false", "Use SSL method used to encrypt copy traffic between zones", "true,false"),
SecStorageSecureCopyCert("Advanced", ManagementServer.class, Boolean.class, "secstorage.ssl.cert.domain", "realhostip.com", "SSL certificate used to encrypt copy traffic between zones", "realhostip.com"),
DirectAttachNetworkGroupsEnabled("Advanced", ManagementServer.class, Boolean.class, "direct.attach.network.groups.enabled", "false", "Ec2-style distributed firewall for direct-attach VMs", "true,false"),
DirectAttachSecurityGroupsEnabled("Advanced", ManagementServer.class, Boolean.class, "direct.attach.security.groups.enabled", "false", "Ec2-style distributed firewall for direct-attach VMs", "true,false"),
DirectAttachNetworkEnabled("Advanced", ManagementServer.class, Boolean.class, "direct.attach.network.externalIpAllocator.enabled", "false", "Direct-attach VMs using external DHCP server", "true,false"),
DirectAttachNetworkExternalAPIURL("Advanced", ManagementServer.class, String.class, "direct.attach.network.externalIpAllocator.url", null, "Direct-attach VMs using external DHCP server (API url)", null),
CheckPodCIDRs("Advanced", ManagementServer.class, String.class, "check.pod.cidrs", "true", "If true, different pods must belong to different CIDR subnets.", "true,false"),

20
server/src/com/cloud/configuration/DefaultComponentLibrary.java
View File

@ -73,12 +73,12 @@ import com.cloud.network.lb.LoadBalancingRulesManagerImpl;
import com.cloud.network.router.DomainRouterManagerImpl;
import com.cloud.network.rules.RulesManagerImpl;
import com.cloud.network.rules.dao.PortForwardingRulesDaoImpl;
import com.cloud.network.security.NetworkGroupManagerImpl;
import com.cloud.network.security.SecurityGroupManagerImpl;
import com.cloud.network.security.dao.IngressRuleDaoImpl;
import com.cloud.network.security.dao.NetworkGroupDaoImpl;
import com.cloud.network.security.dao.NetworkGroupRulesDaoImpl;
import com.cloud.network.security.dao.NetworkGroupVMMapDaoImpl;
import com.cloud.network.security.dao.NetworkGroupWorkDaoImpl;
import com.cloud.network.security.dao.SecurityGroupDaoImpl;
import com.cloud.network.security.dao.SecurityGroupRulesDaoImpl;
import com.cloud.network.security.dao.SecurityGroupVMMapDaoImpl;
import com.cloud.network.security.dao.SecurityGroupWorkDaoImpl;
import com.cloud.network.security.dao.VmRulesetLogDaoImpl;
import com.cloud.offerings.dao.NetworkOfferingDaoImpl;
import com.cloud.service.dao.ServiceOfferingDaoImpl;
@ -180,11 +180,11 @@ public class DefaultComponentLibrary implements ComponentLibrary {
addDao("NetworkRuleConfigDao", NetworkRuleConfigDaoImpl.class);
addDao("LoadBalancerVMMapDao", LoadBalancerVMMapDaoImpl.class);
addDao("DataCenterIpAddressDao", DataCenterIpAddressDaoImpl.class);
addDao("NetworkGroupDao", NetworkGroupDaoImpl.class);
addDao("SecurityGroupDao", SecurityGroupDaoImpl.class);
addDao("IngressRuleDao", IngressRuleDaoImpl.class);
addDao("NetworkGroupVMMapDao", NetworkGroupVMMapDaoImpl.class);
addDao("NetworkGroupRulesDao", NetworkGroupRulesDaoImpl.class);
addDao("NetworkGroupWorkDao", NetworkGroupWorkDaoImpl.class);
addDao("SecurityGroupVMMapDao", SecurityGroupVMMapDaoImpl.class);
addDao("SecurityGroupRulesDao", SecurityGroupRulesDaoImpl.class);
addDao("SecurityGroupWorkDao", SecurityGroupWorkDaoImpl.class);
addDao("VmRulesetLogDao", VmRulesetLogDaoImpl.class);
addDao("AlertDao", AlertDaoImpl.class);
addDao("CapacityDao", CapacityDaoImpl.class);
@ -278,7 +278,7 @@ public class DefaultComponentLibrary implements ComponentLibrary {
addManager("Template Manager", TemplateManagerImpl.class);
addManager("Snapshot Manager", SnapshotManagerImpl.class);
addManager("SnapshotScheduler", SnapshotSchedulerImpl.class);
addManager("NetworkGroupManager", NetworkGroupManagerImpl.class);
addManager("SecurityGroupManager", SecurityGroupManagerImpl.class);
addManager("VmManager", VirtualMachineManagerImpl.class);
addManager("DomainRouterManager", DomainRouterManagerImpl.class);
addManager("EntityManager", EntityManagerImpl.class);

28
server/src/com/cloud/network/security/NetworkGroupListener.java → server/src/com/cloud/network/security/SecurityGroupListener.java
View File

@ -29,30 +29,30 @@ import com.cloud.agent.api.AgentControlAnswer;
import com.cloud.agent.api.AgentControlCommand;
import com.cloud.agent.api.Answer;
import com.cloud.agent.api.Command;
import com.cloud.agent.api.NetworkIngressRuleAnswer;
import com.cloud.agent.api.SecurityIngressRuleAnswer;
import com.cloud.agent.api.PingRoutingWithNwGroupsCommand;
import com.cloud.agent.api.StartupCommand;
import com.cloud.host.HostVO;
import com.cloud.host.Status;
import com.cloud.network.security.NetworkGroupWorkVO.Step;
import com.cloud.network.security.dao.NetworkGroupWorkDao;
import com.cloud.network.security.SecurityGroupWorkVO.Step;
import com.cloud.network.security.dao.SecurityGroupWorkDao;
/**
* Listens for answers to ingress rules modification commands
*
*/
public class NetworkGroupListener implements Listener {
public static final Logger s_logger = Logger.getLogger(NetworkGroupListener.class.getName());
public class SecurityGroupListener implements Listener {
public static final Logger s_logger = Logger.getLogger(SecurityGroupListener.class.getName());
NetworkGroupManagerImpl _networkGroupManager;
SecurityGroupManagerImpl _securityGroupManager;
AgentManager _agentMgr;
NetworkGroupWorkDao _workDao;
SecurityGroupWorkDao _workDao;
public NetworkGroupListener(NetworkGroupManagerImpl networkGroupManager,
AgentManager agentMgr, NetworkGroupWorkDao workDao) {
public SecurityGroupListener(SecurityGroupManagerImpl securityGroupManager,
AgentManager agentMgr, SecurityGroupWorkDao workDao) {
super();
_networkGroupManager = networkGroupManager;
_securityGroupManager = securityGroupManager;
_agentMgr = agentMgr;
_workDao = workDao;
}
@ -75,8 +75,8 @@ public class NetworkGroupListener implements Listener {
Set<Long> affectedVms = new HashSet<Long>();
int commandNum = 0;
for (Answer ans: answers) {
if (ans instanceof NetworkIngressRuleAnswer) {
NetworkIngressRuleAnswer ruleAnswer = (NetworkIngressRuleAnswer) ans;
if (ans instanceof SecurityIngressRuleAnswer) {
SecurityIngressRuleAnswer ruleAnswer = (SecurityIngressRuleAnswer) ans;
if (ans.getResult()) {
s_logger.debug("Successfully programmed rule " + ruleAnswer.toString() + " into host " + agentId);
_workDao.updateStep(ruleAnswer.getVmId(), ruleAnswer.getLogSequenceNumber(), Step.Done);
@ -89,7 +89,7 @@ public class NetworkGroupListener implements Listener {
commandNum++;
}
}
_networkGroupManager.scheduleRulesetUpdateToHosts(affectedVms, false, new Long(10*1000l));
_securityGroupManager.scheduleRulesetUpdateToHosts(affectedVms, false, new Long(10*1000l));
return true;
}
@ -101,7 +101,7 @@ public class NetworkGroupListener implements Listener {
if (cmd instanceof PingRoutingWithNwGroupsCommand) {
PingRoutingWithNwGroupsCommand ping = (PingRoutingWithNwGroupsCommand)cmd;
if (ping.getNewGroupStates().size() > 0) {
_networkGroupManager.fullSync(agentId, ping.getNewGroupStates());
_securityGroupManager.fullSync(agentId, ping.getNewGroupStates());
}
processed = true;
}

12
server/src/com/cloud/network/security/NetworkGroupManager.java → server/src/com/cloud/network/security/SecurityGroupManager.java
View File

@ -28,22 +28,22 @@ import com.cloud.vm.State;
* Ensures that network firewall rules stay updated as VMs go up and down
*
*/
public interface NetworkGroupManager {
public interface SecurityGroupManager {
public static final String DEFAULT_GROUP_NAME = "default";
public static final String DEFAULT_GROUP_DESCRIPTION = "Default Network Group";
public static final String DEFAULT_GROUP_DESCRIPTION = "Default Security Group";
public void handleVmStateTransition(UserVm userVm, State vmState);
public NetworkGroupVO createNetworkGroup(String name, String description, Long domainId, Long accountId, String accountName);
public SecurityGroupVO createSecurityGroup(String name, String description, Long domainId, Long accountId, String accountName);
public NetworkGroupVO createDefaultNetworkGroup( Long accountId);
public SecurityGroupVO createDefaultSecurityGroup( Long accountId);
public boolean addInstanceToGroups(Long userVmId, List<NetworkGroupVO> groups);
public boolean addInstanceToGroups(Long userVmId, List<SecurityGroupVO> groups);
public void removeInstanceFromGroups(Long userVmId);
public void fullSync(long agentId, HashMap<String, Pair<Long, Long>> newGroupStates);
public String getNetworkGroupsNamesForVm(long vmId);
public String getSecurityGroupsNamesForVm(long vmId);
}

310
server/src/com/cloud/network/security/NetworkGroupManagerImpl.java → server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
View File

@ -40,16 +40,16 @@ import org.apache.commons.codec.digest.DigestUtils;
import org.apache.log4j.Logger;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.NetworkIngressRulesCmd;
import com.cloud.agent.api.NetworkIngressRulesCmd.IpPortAndProto;
import com.cloud.agent.api.SecurityIngressRulesCmd;
import com.cloud.agent.api.SecurityIngressRulesCmd.IpPortAndProto;
import com.cloud.agent.manager.Commands;
import com.cloud.api.BaseCmd;
import com.cloud.api.ServerApiException;
import com.cloud.api.commands.AuthorizeNetworkGroupIngressCmd;
import com.cloud.api.commands.CreateNetworkGroupCmd;
import com.cloud.api.commands.DeleteNetworkGroupCmd;
import com.cloud.api.commands.ListNetworkGroupsCmd;
import com.cloud.api.commands.RevokeNetworkGroupIngressCmd;
import com.cloud.api.commands.AuthorizeSecurityGroupIngressCmd;
import com.cloud.api.commands.CreateSecurityGroupCmd;
import com.cloud.api.commands.DeleteSecurityGroupCmd;
import com.cloud.api.commands.ListSecurityGroupsCmd;
import com.cloud.api.commands.RevokeSecurityGroupIngressCmd;
import com.cloud.configuration.dao.ConfigurationDao;
import com.cloud.domain.DomainVO;
import com.cloud.domain.dao.DomainDao;
@ -57,12 +57,12 @@ import com.cloud.exception.AgentUnavailableException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceInUseException;
import com.cloud.network.security.NetworkGroupWorkVO.Step;
import com.cloud.network.security.SecurityGroupWorkVO.Step;
import com.cloud.network.security.dao.IngressRuleDao;
import com.cloud.network.security.dao.NetworkGroupDao;
import com.cloud.network.security.dao.NetworkGroupRulesDao;
import com.cloud.network.security.dao.NetworkGroupVMMapDao;
import com.cloud.network.security.dao.NetworkGroupWorkDao;
import com.cloud.network.security.dao.SecurityGroupDao;
import com.cloud.network.security.dao.SecurityGroupRulesDao;
import com.cloud.network.security.dao.SecurityGroupVMMapDao;
import com.cloud.network.security.dao.SecurityGroupWorkDao;
import com.cloud.network.security.dao.VmRulesetLogDao;
import com.cloud.server.ManagementServer;
import com.cloud.user.Account;
@ -87,18 +87,18 @@ import com.cloud.vm.State;
import com.cloud.vm.UserVmVO;
import com.cloud.vm.dao.UserVmDao;
@Local(value={NetworkGroupManager.class, NetworkGroupService.class})
public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGroupService, Manager {
public static final Logger s_logger = Logger.getLogger(NetworkGroupManagerImpl.class);
@Local(value={SecurityGroupManager.class, SecurityGroupService.class})
public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityGroupService, Manager {
public static final Logger s_logger = Logger.getLogger(SecurityGroupManagerImpl.class);
@Inject NetworkGroupDao _networkGroupDao;
@Inject SecurityGroupDao _securityGroupDao;
@Inject IngressRuleDao _ingressRuleDao;
@Inject NetworkGroupVMMapDao _networkGroupVMMapDao;
@Inject NetworkGroupRulesDao _networkGroupRulesDao;
@Inject SecurityGroupVMMapDao _securityGroupVMMapDao;
@Inject SecurityGroupRulesDao _securityGroupRulesDao;
@Inject UserVmDao _userVMDao;
@Inject AccountDao _accountDao;
@Inject ConfigurationDao _configDao;
@Inject NetworkGroupWorkDao _workDao;
@Inject SecurityGroupWorkDao _workDao;
@Inject VmRulesetLogDao _rulesetLogDao;
@Inject DomainDao _domainDao;
@Inject AgentManager _agentMgr;
@ -111,13 +111,13 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
boolean _enabled = false;
NetworkGroupListener _answerListener;
SecurityGroupListener _answerListener;
private final class NetworkGroupVOComparator implements
Comparator<NetworkGroupVO> {
private final class SecurityGroupVOComparator implements
Comparator<SecurityGroupVO> {
@Override
public int compare(NetworkGroupVO o1, NetworkGroupVO o2) {
public int compare(SecurityGroupVO o1, SecurityGroupVO o2) {
return o1.getId() == o2.getId() ? 0 : o1.getId() < o2.getId() ? -1 : 1;
}
}
@ -268,9 +268,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
Map<PortAndProto, Set<String>> allowed = new TreeMap<PortAndProto, Set<String>>();
List<NetworkGroupVMMapVO> groupsForVm = _networkGroupVMMapDao.listByInstanceId(userVmId);
for (NetworkGroupVMMapVO mapVO: groupsForVm) {
List<IngressRuleVO> rules = _ingressRuleDao.listByNetworkGroupId(mapVO.getNetworkGroupId());
List<SecurityGroupVMMapVO> groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVmId);
for (SecurityGroupVMMapVO mapVO: groupsForVm) {
List<IngressRuleVO> rules = _ingressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId());
for (IngressRuleVO rule: rules){
PortAndProto portAndProto = new PortAndProto(rule.getProtocol(), rule.getStartPort(), rule.getEndPort());
Set<String> cidrs = allowed.get(portAndProto );
@ -278,8 +278,8 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
cidrs = new TreeSet<String>(new CidrComparator());
}
if (rule.getAllowedNetworkId() != null){
List<NetworkGroupVMMapVO> allowedInstances = _networkGroupVMMapDao.listByNetworkGroup(rule.getAllowedNetworkId(), State.Running);
for (NetworkGroupVMMapVO ngmapVO: allowedInstances){
List<SecurityGroupVMMapVO> allowedInstances = _securityGroupVMMapDao.listBySecurityGroup(rule.getAllowedNetworkId(), State.Running);
for (SecurityGroupVMMapVO ngmapVO: allowedInstances){
String cidr = ngmapVO.getGuestIpAddress();
if (cidr != null) {
cidr = cidr + "/32";
@ -320,7 +320,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
Transaction txn = Transaction.currentTxn();
txn.start();
VmRulesetLogVO log = null;
NetworkGroupWorkVO work = null;
SecurityGroupWorkVO work = null;
UserVm vm = null;
try {
vm = _userVMDao.acquireInLockTable(vmId);
@ -340,7 +340,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
}
work = _workDao.findByVmIdStep(vmId, Step.Scheduled);
if (work == null) {
work = new NetworkGroupWorkVO(vmId, null, null, NetworkGroupWorkVO.Step.Scheduled, null);
work = new SecurityGroupWorkVO(vmId, null, null, SecurityGroupWorkVO.Step.Scheduled, null);
work = _workDao.persist(work);
}
@ -362,10 +362,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
protected Set<Long> getAffectedVmsForVmStart(UserVm userVm) {
Set<Long> affectedVms = new HashSet<Long>();
affectedVms.add(userVm.getId());
List<NetworkGroupVMMapVO> groupsForVm = _networkGroupVMMapDao.listByInstanceId(userVm.getId());
List<SecurityGroupVMMapVO> groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVm.getId());
//For each group, find the ingress rules that allow the group
for (NetworkGroupVMMapVO mapVO: groupsForVm) {//FIXME: use custom sql in the dao
List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedNetworkGroupId(mapVO.getNetworkGroupId());
for (SecurityGroupVMMapVO mapVO: groupsForVm) {//FIXME: use custom sql in the dao
List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedSecurityGroupId(mapVO.getSecurityGroupId());
//For each ingress rule that allows a group that the vm belongs to, find the group it belongs to
affectedVms.addAll(getAffectedVmsForIngressRules(allowingRules));
}
@ -374,10 +374,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
protected Set<Long> getAffectedVmsForVmStop(UserVm userVm) {
Set<Long> affectedVms = new HashSet<Long>();
List<NetworkGroupVMMapVO> groupsForVm = _networkGroupVMMapDao.listByInstanceId(userVm.getId());
List<SecurityGroupVMMapVO> groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVm.getId());
//For each group, find the ingress rules that allow the group
for (NetworkGroupVMMapVO mapVO: groupsForVm) {//FIXME: use custom sql in the dao
List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedNetworkGroupId(mapVO.getNetworkGroupId());
for (SecurityGroupVMMapVO mapVO: groupsForVm) {//FIXME: use custom sql in the dao
List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedSecurityGroupId(mapVO.getSecurityGroupId());
//For each ingress rule that allows a group that the vm belongs to, find the group it belongs to
affectedVms.addAll(getAffectedVmsForIngressRules(allowingRules));
}
@ -390,27 +390,27 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
Set<Long> affectedVms = new HashSet<Long>();
for (IngressRuleVO allowingRule: allowingRules){
distinctGroups.add(allowingRule.getNetworkGroupId());
distinctGroups.add(allowingRule.getSecurityGroupId());
}
for (Long groupId: distinctGroups){
//allVmUpdates.putAll(generateRulesetForGroupMembers(groupId));
affectedVms.addAll(_networkGroupVMMapDao.listVmIdsByNetworkGroup(groupId));
affectedVms.addAll(_securityGroupVMMapDao.listVmIdsBySecurityGroup(groupId));
}
return affectedVms;
}
protected NetworkIngressRulesCmd generateRulesetCmd(String vmName, String guestIp, String guestMac, Long vmId, String signature, long seqnum, Map<PortAndProto, Set<String>> rules) {
protected SecurityIngressRulesCmd generateRulesetCmd(String vmName, String guestIp, String guestMac, Long vmId, String signature, long seqnum, Map<PortAndProto, Set<String>> rules) {
List<IpPortAndProto> result = new ArrayList<IpPortAndProto>();
for (PortAndProto pAp : rules.keySet()) {
Set<String> cidrs = rules.get(pAp);
if (cidrs.size() > 0) {
IpPortAndProto ipPortAndProto = new NetworkIngressRulesCmd.IpPortAndProto(pAp.getProto(), pAp.getStartPort(), pAp.getEndPort(), cidrs.toArray(new String[cidrs.size()]));
IpPortAndProto ipPortAndProto = new SecurityIngressRulesCmd.IpPortAndProto(pAp.getProto(), pAp.getStartPort(), pAp.getEndPort(), cidrs.toArray(new String[cidrs.size()]));
result.add(ipPortAndProto);
}
}
return new NetworkIngressRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqnum, result.toArray(new IpPortAndProto[result.size()]));
return new SecurityIngressRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqnum, result.toArray(new IpPortAndProto[result.size()]));
}
protected void handleVmStopped(UserVm userVm) {
@ -420,15 +420,15 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
@Override @DB @SuppressWarnings("rawtypes")
public List<IngressRuleVO> authorizeNetworkGroupIngress(AuthorizeNetworkGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
String groupName = cmd.getNetworkGroupName();
public List<IngressRuleVO> authorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
String groupName = cmd.getSecurityGroupName();
String protocol = cmd.getProtocol();
Integer startPort = cmd.getStartPort();
Integer endPort = cmd.getEndPort();
Integer icmpType = cmd.getIcmpType();
Integer icmpCode = cmd.getIcmpCode();
List<String> cidrList = cmd.getCidrList();
Map groupList = cmd.getUserNetworkGroupList();
Map groupList = cmd.getUserSecurityGroupList();
Account account = UserContext.current().getAccount();
String accountName = cmd.getAccountName();
Long domainId = cmd.getDomainId();
@ -445,7 +445,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
protocol = "all";
}
if (!NetUtils.isValidNetworkGroupProto(protocol)) {
if (!NetUtils.isValidSecurityGroupProto(protocol)) {
s_logger.debug("Invalid protocol specified " + protocol);
throw new InvalidParameterValueException("Invalid protocol " + protocol);
}
@ -497,9 +497,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
// if it's an admin account, do a quick permission check
if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Unable to find rules for network security group id = " + groupName + ", permission denied.");
s_logger.debug("Unable to find rules for security group id = " + groupName + ", permission denied.");
}
throw new PermissionDeniedException("Unable to find rules for network security group id = " + groupName + ", permission denied.");
throw new PermissionDeniedException("Unable to find rules for security group id = " + groupName + ", permission denied.");
}
Account groupOwner = _accountDao.findActiveAccount(accountName, domainId);
@ -521,7 +521,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
}
if (accountId == null) {
throw new InvalidParameterValueException("Unable to find account for network security group " + groupName + "; failed to authorize ingress.");
throw new InvalidParameterValueException("Unable to find account for security group " + groupName + "; failed to authorize ingress.");
}
@ -532,7 +532,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
throw new InvalidParameterValueException("At least one cidr or at least one security group needs to be specified");
}
List<NetworkGroupVO> authorizedGroups = new ArrayList<NetworkGroupVO> ();
List<SecurityGroupVO> authorizedGroups = new ArrayList<SecurityGroupVO> ();
if (groupList != null) {
Collection userGroupCollection = groupList.values();
Iterator iter = userGroupCollection.iterator();
@ -552,7 +552,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
throw new InvalidParameterValueException("Nonexistent account: " + authorizedAccountName + " when trying to authorize ingress for " + groupName + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode);
}
NetworkGroupVO groupVO = _networkGroupDao.findByAccountAndName(authorizedAccount.getId(), group);
SecurityGroupVO groupVO = _securityGroupDao.findByAccountAndName(authorizedAccount.getId(), group);
if (groupVO == null) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Nonexistent group " + group + " for account " + authorizedAccountName + "/" + domainId);
@ -564,79 +564,79 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
}
final Transaction txn = Transaction.currentTxn();
final Set<NetworkGroupVO> authorizedGroups2 = new TreeSet<NetworkGroupVO>(new NetworkGroupVOComparator());
final Set<SecurityGroupVO> authorizedGroups2 = new TreeSet<SecurityGroupVO>(new SecurityGroupVOComparator());
authorizedGroups2.addAll(authorizedGroups); //Ensure we don't re-lock the same row
txn.start();
NetworkGroupVO networkGroup = _networkGroupDao.findByAccountAndName(accountId, groupName);
if (networkGroup == null) {
s_logger.warn("Network security group not found: name= " + groupName);
SecurityGroupVO securityGroup = _securityGroupDao.findByAccountAndName(accountId, groupName);
if (securityGroup == null) {
s_logger.warn("Security group not found: name= " + groupName);
return null;
}
//Prevents other threads/management servers from creating duplicate ingress rules
NetworkGroupVO networkGroupLock = _networkGroupDao.acquireInLockTable(networkGroup.getId());
if (networkGroupLock == null) {
SecurityGroupVO securityGroupLock = _securityGroupDao.acquireInLockTable(securityGroup.getId());
if (securityGroupLock == null) {
s_logger.warn("Could not acquire lock on network security group: name= " + groupName);
return null;
}
List<IngressRuleVO> newRules = new ArrayList<IngressRuleVO>();
try {
//Don't delete the group from under us.
networkGroup = _networkGroupDao.lockRow(networkGroup.getId(), false);
if (networkGroup == null) {
securityGroup = _securityGroupDao.lockRow(securityGroup.getId(), false);
if (securityGroup == null) {
s_logger.warn("Could not acquire lock on network group " + groupName);
return null;
}
for (final NetworkGroupVO ngVO: authorizedGroups2) {
for (final SecurityGroupVO ngVO: authorizedGroups2) {
final Long ngId = ngVO.getId();
//Don't delete the referenced group from under us
if (ngVO.getId() != networkGroup.getId()) {
final NetworkGroupVO tmpGrp = _networkGroupDao.lockRow(ngId, false);
if (ngVO.getId() != securityGroup.getId()) {
final SecurityGroupVO tmpGrp = _securityGroupDao.lockRow(ngId, false);
if (tmpGrp == null) {
s_logger.warn("Failed to acquire lock on network group: " + ngId);
s_logger.warn("Failed to acquire lock on security group: " + ngId);
txn.rollback();
return null;
}
}
IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndAllowedGroupId(networkGroup.getId(), protocol, startPort, endPort, ngVO.getId());
IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndAllowedGroupId(securityGroup.getId(), protocol, startPort, endPort, ngVO.getId());
if (ingressRule != null) {
continue; //rule already exists.
}
ingressRule = new IngressRuleVO(networkGroup.getId(), startPort, endPort, protocol, ngVO.getId(), ngVO.getName(), ngVO.getAccountName());
ingressRule = new IngressRuleVO(securityGroup.getId(), startPort, endPort, protocol, ngVO.getId(), ngVO.getName(), ngVO.getAccountName());
ingressRule = _ingressRuleDao.persist(ingressRule);
newRules.add(ingressRule);
}
for (String cidr: cidrList) {
IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndCidr(networkGroup.getId(),protocol, startPort, endPort, cidr);
IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndCidr(securityGroup.getId(),protocol, startPort, endPort, cidr);
if (ingressRule != null) {
continue;
}
ingressRule = new IngressRuleVO(networkGroup.getId(), startPort, endPort, protocol, cidr);
ingressRule = new IngressRuleVO(securityGroup.getId(), startPort, endPort, protocol, cidr);
ingressRule = _ingressRuleDao.persist(ingressRule);
newRules.add(ingressRule);
}
if (s_logger.isDebugEnabled()) {
s_logger.debug("Added " + newRules.size() + " rules to network group " + groupName);
s_logger.debug("Added " + newRules.size() + " rules to security group " + groupName);
}
txn.commit();
final Set<Long> affectedVms = new HashSet<Long>();
affectedVms.addAll(_networkGroupVMMapDao.listVmIdsByNetworkGroup(networkGroup.getId()));
affectedVms.addAll(_securityGroupVMMapDao.listVmIdsBySecurityGroup(securityGroup.getId()));
scheduleRulesetUpdateToHosts(affectedVms, true, null);
return newRules;
} catch (Exception e){
s_logger.warn("Exception caught when adding ingress rules ", e);
throw new CloudRuntimeException("Exception caught when adding ingress rules", e);
} finally {
if (networkGroupLock != null) {
_networkGroupDao.releaseFromLockTable(networkGroupLock.getId());
if (securityGroupLock != null) {
_securityGroupDao.releaseFromLockTable(securityGroupLock.getId());
}
}
}
@Override
@DB @SuppressWarnings("rawtypes")
public boolean revokeNetworkGroupIngress(RevokeNetworkGroupIngressCmd cmd) {
public boolean revokeSecurityGroupIngress(RevokeSecurityGroupIngressCmd cmd) {
//input validation
Account account = UserContext.current().getAccount();
@ -648,9 +648,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
Integer icmpType = cmd.getIcmpType();
Integer icmpCode = cmd.getIcmpCode();
String protocol = cmd.getProtocol();
String networkGroup = cmd.getNetworkGroupName();
String securityGroup = cmd.getSecurityGroupName();
String cidrList = cmd.getCidrList();
Map groupList = cmd.getUserNetworkGroupList();
Map groupList = cmd.getUserSecurityGroupList();
String [] cidrs = null;
Long accountId = null;
Integer startPortOrType = null;
@ -659,7 +659,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
protocol = "all";
}
//FIXME: for exceptions below, add new enums to BaseCmd.PARAM_ to reflect the error condition more precisely
if (!NetUtils.isValidNetworkGroupProto(protocol)) {
if (!NetUtils.isValidSecurityGroupProto(protocol)) {
s_logger.debug("Invalid protocol specified " + protocol);
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid protocol " + protocol);
}
@ -709,9 +709,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
// if it's an admin account, do a quick permission check
if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Unable to find rules for network security group id = " + networkGroup + ", permission denied.");
s_logger.debug("Unable to find rules for network security group id = " + securityGroup + ", permission denied.");
}
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find rules for network security group id = " + networkGroup + ", permission denied.");
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find rules for network security group id = " + securityGroup + ", permission denied.");
}
Account groupOwner = _accountDao.findActiveAccount(accountName, domainId);
if (groupOwner == null) {
@ -732,13 +732,13 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
}
if (accountId == null) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find account for network security group " + networkGroup + "; failed to revoke ingress.");
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find account for network security group " + securityGroup + "; failed to revoke ingress.");
}
NetworkGroupVO sg = _networkGroupDao.findByAccountAndName(accountId, networkGroup);
SecurityGroupVO sg = _securityGroupDao.findByAccountAndName(accountId, securityGroup);
if (sg == null) {
s_logger.debug("Unable to find network security group with id " + networkGroup);
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find network security group with id " + networkGroup);
s_logger.debug("Unable to find network security group with id " + securityGroup);
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find network security group with id " + securityGroup);
}
if (cidrList == null && groupList == null) {
@ -760,7 +760,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
}
}
List<NetworkGroupVO> authorizedGroups = new ArrayList<NetworkGroupVO> ();
List<SecurityGroupVO> authorizedGroups = new ArrayList<SecurityGroupVO> ();
if (groupList != null) {
Collection userGroupCollection = groupList.values();
Iterator iter = userGroupCollection.iterator();
@ -775,12 +775,12 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
Account authorizedAccount = _accountDao.findActiveAccount(authorizedAccountName, domainId);
if (authorizedAccount == null) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Nonexistent account: " + authorizedAccountName + ", domainid: " + domainId + " when trying to revoke ingress for " + networkGroup + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode);
s_logger.debug("Nonexistent account: " + authorizedAccountName + ", domainid: " + domainId + " when trying to revoke ingress for " + securityGroup + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode);
}
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Nonexistent account: " + authorizedAccountName + " when trying to revoke ingress for " + networkGroup + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode);
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Nonexistent account: " + authorizedAccountName + " when trying to revoke ingress for " + securityGroup + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode);
}
NetworkGroupVO groupVO = _networkGroupDao.findByAccountAndName(authorizedAccount.getId(), group);
SecurityGroupVO groupVO = _securityGroupDao.findByAccountAndName(authorizedAccount.getId(), group);
if (groupVO == null) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Nonexistent group and/or accountId: " + accountId + ", groupName=" + group);
@ -803,29 +803,29 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
final int numToDelete = cidrList.length() + authorizedGroups.size();
final Transaction txn = Transaction.currentTxn();
NetworkGroupVO networkGroupHandle = _networkGroupDao.findByAccountAndName(accountId, networkGroup);
if (networkGroupHandle == null) {
s_logger.warn("Network security group not found: name= " + networkGroup);
SecurityGroupVO securityGroupHandle = _securityGroupDao.findByAccountAndName(accountId, securityGroup);
if (securityGroupHandle == null) {
s_logger.warn("Network security group not found: name= " + securityGroup);
return false;
}
try {
txn.start();
networkGroupHandle = _networkGroupDao.acquireInLockTable(networkGroupHandle.getId());
if (networkGroupHandle == null) {
s_logger.warn("Could not acquire lock on network security group: name= " + networkGroup);
securityGroupHandle = _securityGroupDao.acquireInLockTable(securityGroupHandle.getId());
if (securityGroupHandle == null) {
s_logger.warn("Could not acquire lock on network security group: name= " + securityGroup);
return false;
}
for (final NetworkGroupVO ngVO: authorizedGroups) {
numDeleted += _ingressRuleDao.deleteByPortProtoAndGroup(networkGroupHandle.getId(), protocol, startPort, endPort, ngVO.getId());
for (final SecurityGroupVO ngVO: authorizedGroups) {
numDeleted += _ingressRuleDao.deleteByPortProtoAndGroup(securityGroupHandle.getId(), protocol, startPort, endPort, ngVO.getId());
}
for (final String cidr: cidrs) {
numDeleted += _ingressRuleDao.deleteByPortProtoAndCidr(networkGroupHandle.getId(), protocol, startPort, endPort, cidr);
numDeleted += _ingressRuleDao.deleteByPortProtoAndCidr(securityGroupHandle.getId(), protocol, startPort, endPort, cidr);
}
s_logger.debug("revokeNetworkGroupIngress for group: " + networkGroup + ", numToDelete=" + numToDelete + ", numDeleted=" + numDeleted);
s_logger.debug("revokeSecurityGroupIngress for group: " + securityGroup + ", numToDelete=" + numToDelete + ", numDeleted=" + numDeleted);
final Set<Long> affectedVms = new HashSet<Long>();
affectedVms.addAll(_networkGroupVMMapDao.listVmIdsByNetworkGroup(networkGroupHandle.getId()));
affectedVms.addAll(_securityGroupVMMapDao.listVmIdsBySecurityGroup(securityGroupHandle.getId()));
scheduleRulesetUpdateToHosts(affectedVms, true, null);
return true;
@ -833,8 +833,8 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
s_logger.warn("Exception caught when deleting ingress rules ", e);
throw new CloudRuntimeException("Exception caught when deleting ingress rules", e);
} finally {
if (networkGroup != null) {
_networkGroupDao.releaseFromLockTable(networkGroupHandle.getId());
if (securityGroup != null) {
_securityGroupDao.releaseFromLockTable(securityGroupHandle.getId());
}
txn.commit();
}
@ -848,7 +848,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
}
@Override
public NetworkGroupVO createNetworkGroup(CreateNetworkGroupCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
public SecurityGroupVO createSecurityGroup(CreateSecurityGroupCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
if (!_enabled) {
return null;
}
@ -862,17 +862,17 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
if ((domainId != null) && (accountName != null)) {
if (!_domainDao.isChildDomain(account.getDomainId(), domainId)) {
throw new PermissionDeniedException("Unable to create network group in domain " + domainId + ", permission denied.");
throw new PermissionDeniedException("Unable to create security group in domain " + domainId + ", permission denied.");
}
Account userAccount = _accountDao.findActiveAccount(accountName, domainId);
if (userAccount == null) {
throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create network group " + cmd.getNetworkGroupName());
throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create security group " + cmd.getSecurityGroupName());
}
accountId = userAccount.getId();
} else {
// the admin must be creating a network group for himself/herself
// the admin must be creating a security group for himself/herself
if (account != null) {
accountId = account.getId();
domainId = account.getDomainId();
@ -893,23 +893,23 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
if (userAccount != null) {
accountId = userAccount.getId();
} else {
throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create network group " + cmd.getNetworkGroupName());
throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create security group " + cmd.getSecurityGroupName());
}
} else {
throw new InvalidParameterValueException("Missing account information (account: " + accountName + ", domain: " + domainId + "), failed to create network group " + cmd.getNetworkGroupName());
throw new InvalidParameterValueException("Missing account information (account: " + accountName + ", domain: " + domainId + "), failed to create security group " + cmd.getSecurityGroupName());
}
}
if (_networkGroupDao.isNameInUse(accountId, domainId, cmd.getNetworkGroupName())) {
throw new InvalidParameterValueException("Unable to create network group, a group with name " + cmd.getNetworkGroupName() + " already exisits.");
if (_securityGroupDao.isNameInUse(accountId, domainId, cmd.getSecurityGroupName())) {
throw new InvalidParameterValueException("Unable to create security group, a group with name " + cmd.getSecurityGroupName() + " already exisits.");
}
return createNetworkGroup(cmd.getNetworkGroupName(), cmd.getDescription(), domainId, accountId, accountName);
return createSecurityGroup(cmd.getSecurityGroupName(), cmd.getDescription(), domainId, accountId, accountName);
}
@DB
@Override
public NetworkGroupVO createNetworkGroup(String name, String description, Long domainId, Long accountId, String accountName) {
public SecurityGroupVO createSecurityGroup(String name, String description, Long domainId, Long accountId, String accountName) {
if (!_enabled) {
return null;
}
@ -922,10 +922,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
s_logger.warn("Failed to acquire lock on account");
return null;
}
NetworkGroupVO group = _networkGroupDao.findByAccountAndName(accountId, name);
SecurityGroupVO group = _securityGroupDao.findByAccountAndName(accountId, name);
if (group == null){
group = new NetworkGroupVO(name, description, domainId, accountId, accountName);
group = _networkGroupDao.persist(group);
group = new SecurityGroupVO(name, description, domainId, accountId, accountName);
group = _securityGroupDao.persist(group);
}
return group;
} finally {
@ -940,14 +940,14 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
@Override
public boolean configure(String name, Map<String, Object> params)
throws ConfigurationException {
String enabled =_configDao.getValue("direct.attach.network.groups.enabled");
String enabled =_configDao.getValue("direct.attach.security.groups.enabled");
if ("true".equalsIgnoreCase(enabled)) {
_enabled = true;
}
if (!_enabled) {
return false;
}
_answerListener = new NetworkGroupListener(this, _agentMgr, _workDao);
_answerListener = new SecurityGroupListener(this, _agentMgr, _workDao);
_agentMgr.registerForHostEvents(_answerListener, true, true, true);
_serverId = ((ManagementServer)ComponentLocator.getComponent(ManagementServer.Name)).getId();
@ -981,15 +981,15 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
}
@Override
public NetworkGroupVO createDefaultNetworkGroup(Long accountId) {
public SecurityGroupVO createDefaultSecurityGroup(Long accountId) {
if (!_enabled) {
return null;
}
NetworkGroupVO groupVO = _networkGroupDao.findByAccountAndName(accountId, NetworkGroupManager.DEFAULT_GROUP_NAME);
SecurityGroupVO groupVO = _securityGroupDao.findByAccountAndName(accountId, SecurityGroupManager.DEFAULT_GROUP_NAME);
if (groupVO == null ) {
Account accVO = _accountDao.findById(accountId);
if (accVO != null) {
return createNetworkGroup(NetworkGroupManager.DEFAULT_GROUP_NAME, NetworkGroupManager.DEFAULT_GROUP_DESCRIPTION, accVO.getDomainId(), accVO.getId(), accVO.getAccountName());
return createSecurityGroup(SecurityGroupManager.DEFAULT_GROUP_NAME, SecurityGroupManager.DEFAULT_GROUP_DESCRIPTION, accVO.getDomainId(), accVO.getId(), accVO.getAccountName());
}
}
return groupVO;
@ -1000,7 +1000,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
if (s_logger.isTraceEnabled()) {
s_logger.trace("Checking the database");
}
final NetworkGroupWorkVO work = _workDao.take(_serverId);
final SecurityGroupWorkVO work = _workDao.take(_serverId);
if (work == null) {
return;
}
@ -1029,7 +1029,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
agentId = vm.getHostId();
if (agentId != null ) {
_rulesetLogDao.findByVmId(work.getInstanceId());
NetworkIngressRulesCmd cmd = generateRulesetCmd(vm.getInstanceName(), vm.getGuestIpAddress(), vm.getGuestMacAddress(), vm.getId(), generateRulesetSignature(rules), seqnum, rules);
SecurityIngressRulesCmd cmd = generateRulesetCmd(vm.getInstanceName(), vm.getGuestIpAddress(), vm.getGuestMacAddress(), vm.getId(), generateRulesetSignature(rules), seqnum, rules);
Commands cmds = new Commands(cmd);
try {
_agentMgr.send(agentId, cmds, _answerListener);
@ -1052,12 +1052,12 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
@Override
@DB
public boolean addInstanceToGroups(final Long userVmId, final List<NetworkGroupVO> groups) {
public boolean addInstanceToGroups(final Long userVmId, final List<SecurityGroupVO> groups) {
if (!_enabled) {
return true;
}
if (groups != null) {
final Set<NetworkGroupVO> uniqueGroups = new TreeSet<NetworkGroupVO>(new NetworkGroupVOComparator());
final Set<SecurityGroupVO> uniqueGroups = new TreeSet<SecurityGroupVO>(new SecurityGroupVOComparator());
uniqueGroups.addAll(groups);
final Transaction txn = Transaction.currentTxn();
txn.start();
@ -1066,17 +1066,17 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
s_logger.warn("Failed to acquire lock on user vm id=" + userVmId);
}
try {
for (NetworkGroupVO networkGroup:uniqueGroups) {
for (SecurityGroupVO networkGroup:uniqueGroups) {
//don't let the group be deleted from under us.
NetworkGroupVO ngrpLock = _networkGroupDao.lockRow(networkGroup.getId(), false);
SecurityGroupVO ngrpLock = _securityGroupDao.lockRow(networkGroup.getId(), false);
if (ngrpLock == null) {
s_logger.warn("Failed to acquire lock on network group id=" + networkGroup.getId() + " name=" + networkGroup.getName());
txn.rollback();
return false;
}
if (_networkGroupVMMapDao.findByVmIdGroupId(userVmId, networkGroup.getId()) == null) {
NetworkGroupVMMapVO groupVmMapVO = new NetworkGroupVMMapVO(networkGroup.getId(), userVmId);
_networkGroupVMMapDao.persist(groupVmMapVO);
if (_securityGroupVMMapDao.findByVmIdGroupId(userVmId, networkGroup.getId()) == null) {
SecurityGroupVMMapVO groupVmMapVO = new SecurityGroupVMMapVO(networkGroup.getId(), userVmId);
_securityGroupVMMapDao.persist(groupVmMapVO);
}
}
txn.commit();
@ -1105,7 +1105,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
if (userVm == null) {
s_logger.warn("Failed to acquire lock on user vm id=" + userVmId);
}
int n = _networkGroupVMMapDao.deleteVM(userVmId);
int n = _securityGroupVMMapDao.deleteVM(userVmId);
s_logger.info("Disassociated " + n + " network groups " + " from uservm " + userVmId);
_userVMDao.releaseFromLockTable(userVmId);
txn.commit();
@ -1113,8 +1113,8 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
@DB
@Override
public boolean deleteNetworkGroup(DeleteNetworkGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException{
String name = cmd.getNetworkGroupName();
public boolean deleteSecurityGroup(DeleteSecurityGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException{
String name = cmd.getSecurityGroupName();
String accountName = cmd.getAccountName();
Long domainId = cmd.getDomainId();
Account account = UserContext.current().getAccount();
@ -1157,7 +1157,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
throw new InvalidParameterValueException("Unable to find account for network group " + name + "; failed to delete group.");
}
NetworkGroupVO sg = _networkGroupDao.findByAccountAndName(accountId, name);
SecurityGroupVO sg = _securityGroupDao.findByAccountAndName(accountId, name);
if (sg == null) {
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find network group " + name + "; failed to delete group.");
}
@ -1167,41 +1167,41 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
final Transaction txn = Transaction.currentTxn();
txn.start();
final NetworkGroupVO group = _networkGroupDao.lockRow(groupId, true);
final SecurityGroupVO group = _securityGroupDao.lockRow(groupId, true);
if (group == null) {
s_logger.info("Not deleting group -- cannot find id " + groupId);
return false;
}
if (group.getName().equalsIgnoreCase(NetworkGroupManager.DEFAULT_GROUP_NAME)) {
if (group.getName().equalsIgnoreCase(SecurityGroupManager.DEFAULT_GROUP_NAME)) {
txn.rollback();
throw new PermissionDeniedException("The network group default is reserved");
}
List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedNetworkGroupId(groupId);
List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedSecurityGroupId(groupId);
if (allowingRules.size() != 0) {
txn.rollback();
throw new ResourceInUseException("Cannot delete group when there are ingress rules that allow this group");
}
List<IngressRuleVO> rulesInGroup = _ingressRuleDao.listByNetworkGroupId(groupId);
List<IngressRuleVO> rulesInGroup = _ingressRuleDao.listBySecurityGroupId(groupId);
if (rulesInGroup.size() != 0) {
txn.rollback();
throw new ResourceInUseException("Cannot delete group when there are ingress rules in this group");
}
_networkGroupDao.expunge(groupId);
_securityGroupDao.expunge(groupId);
txn.commit();
return true;
}
@Override
public List<NetworkGroupRulesVO> searchForNetworkGroupRules(ListNetworkGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
public List<SecurityGroupRulesVO> searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
Account account = UserContext.current().getAccount();
Long domainId = cmd.getDomainId();
String accountName = cmd.getAccountName();
Long accountId = null;
Long instanceId = cmd.getVirtualMachineId();
String networkGroup = cmd.getNetworkGroupName();
String networkGroup = cmd.getSecurityGroupName();
Boolean recursive = Boolean.FALSE;
// permissions check
@ -1253,10 +1253,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
}
}
Filter searchFilter = new Filter(NetworkGroupVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal());
Filter searchFilter = new Filter(SecurityGroupVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal());
Object keyword = cmd.getKeyword();
SearchBuilder<NetworkGroupVO> sb = _networkGroupDao.createSearchBuilder();
SearchBuilder<SecurityGroupVO> sb = _securityGroupDao.createSearchBuilder();
sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);
@ -1268,13 +1268,13 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER);
}
SearchCriteria<NetworkGroupVO> sc = sb.create();
SearchCriteria<SecurityGroupVO> sc = sb.create();
if (accountId != null) {
sc.setParameters("accountId", accountId);
if (networkGroup != null) {
sc.setParameters("name", networkGroup);
} else if (keyword != null) {
SearchCriteria<NetworkGroupRulesVO> ssc = _networkGroupRulesDao.createSearchCriteria();
SearchCriteria<SecurityGroupRulesVO> ssc = _securityGroupRulesDao.createSearchCriteria();
ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
ssc.addOr("description", SearchCriteria.Op.LIKE, "%" + keyword + "%");
sc.addAnd("name", SearchCriteria.Op.SC, ssc);
@ -1288,10 +1288,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
}
}
List<NetworkGroupVO> networkGroups = _networkGroupDao.search(sc, searchFilter);
List<NetworkGroupRulesVO> networkRulesList = new ArrayList<NetworkGroupRulesVO>();
for (NetworkGroupVO group : networkGroups) {
networkRulesList.addAll(_networkGroupRulesDao.listNetworkRulesByGroupId(group.getId()));
List<SecurityGroupVO> networkGroups = _securityGroupDao.search(sc, searchFilter);
List<SecurityGroupRulesVO> networkRulesList = new ArrayList<SecurityGroupRulesVO>();
for (SecurityGroupVO group : networkGroups) {
networkRulesList.addAll(_securityGroupRulesDao.listSecurityRulesByGroupId(group.getId()));
}
if (instanceId != null) {
@ -1301,13 +1301,13 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
return networkRulesList;
}
private List<NetworkGroupRulesVO> listNetworkGroupRulesByVM(long vmId) {
List<NetworkGroupRulesVO> results = new ArrayList<NetworkGroupRulesVO>();
List<NetworkGroupVMMapVO> networkGroupMappings = _networkGroupVMMapDao.listByInstanceId(vmId);
private List<SecurityGroupRulesVO> listNetworkGroupRulesByVM(long vmId) {
List<SecurityGroupRulesVO> results = new ArrayList<SecurityGroupRulesVO>();
List<SecurityGroupVMMapVO> networkGroupMappings = _securityGroupVMMapDao.listByInstanceId(vmId);
if (networkGroupMappings != null) {
for (NetworkGroupVMMapVO networkGroupMapping : networkGroupMappings) {
NetworkGroupVO group = _networkGroupDao.findById(networkGroupMapping.getNetworkGroupId());
List<NetworkGroupRulesVO> rules = _networkGroupRulesDao.listNetworkGroupRules(group.getAccountId(), networkGroupMapping.getGroupName());
for (SecurityGroupVMMapVO networkGroupMapping : networkGroupMappings) {
SecurityGroupVO group = _securityGroupDao.findById(networkGroupMapping.getSecurityGroupId());
List<SecurityGroupRulesVO> rules = _securityGroupRulesDao.listSecurityGroupRules(group.getAccountId(), networkGroupMapping.getGroupName());
if (rules != null) {
results.addAll(rules);
}
@ -1348,11 +1348,11 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
private void cleanupUnfinishedWork() {
Date before = new Date(System.currentTimeMillis() - 30*1000l);
List<NetworkGroupWorkVO> unfinished = _workDao.findUnfinishedWork(before);
List<SecurityGroupWorkVO> unfinished = _workDao.findUnfinishedWork(before);
if (unfinished.size() > 0) {
s_logger.info("Network Group Work cleanup found " + unfinished.size() + " unfinished work items older than " + before.toString());
Set<Long> affectedVms = new HashSet<Long>();
for (NetworkGroupWorkVO work: unfinished) {
for (SecurityGroupWorkVO work: unfinished) {
affectedVms.add(work.getInstanceId());
}
scheduleRulesetUpdateToHosts(affectedVms, false, null);
@ -1362,11 +1362,11 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
}
@Override
public String getNetworkGroupsNamesForVm(long vmId)
public String getSecurityGroupsNamesForVm(long vmId)
{
try
{
List<NetworkGroupVMMapVO>networkGroupsToVmMap = _networkGroupVMMapDao.listByInstanceId(vmId);
List<SecurityGroupVMMapVO>networkGroupsToVmMap = _securityGroupVMMapDao.listByInstanceId(vmId);
int size = 0;
int j=0;
StringBuilder networkGroupNames = new StringBuilder();
@ -1375,10 +1375,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
{
size = networkGroupsToVmMap.size();
for(NetworkGroupVMMapVO nG: networkGroupsToVmMap)
for(SecurityGroupVMMapVO nG: networkGroupsToVmMap)
{
//get the group id and look up for the group name
NetworkGroupVO currentNetworkGroup = _networkGroupDao.findById(nG.getNetworkGroupId());
SecurityGroupVO currentNetworkGroup = _securityGroupDao.findById(nG.getSecurityGroupId());
networkGroupNames.append(currentNetworkGroup.getName());
if(j<(size-1))

10
server/src/com/cloud/network/security/dao/IngressRuleDao.java
View File

@ -24,13 +24,13 @@ import com.cloud.network.security.IngressRuleVO;
import com.cloud.utils.db.GenericDao;
public interface IngressRuleDao extends GenericDao<IngressRuleVO, Long> {
List<IngressRuleVO> listByNetworkGroupId(long networkGroupId);
List<IngressRuleVO> listByAllowedNetworkGroupId(long networkGroupId);
List<IngressRuleVO> listBySecurityGroupId(long networkGroupId);
List<IngressRuleVO> listByAllowedSecurityGroupId(long networkGroupId);
IngressRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort, int endPort, String cidr);
IngressRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String networkGroup);
IngressRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto, int startPort, int endPort, Long allowedGroupId);
int deleteByNetworkGroup(long networkGroupId);
int deleteByPortProtoAndGroup(long networkGroupId, String protocol, int startPort,int endPort, Long id);
int deleteByPortProtoAndCidr(long networkGroupId, String protocol, int startPort,int endPort, String cidr);
int deleteBySecurityGroup(long securityGroupId);
int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort,int endPort, Long id);
int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort,int endPort, String cidr);
}

96
server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java
View File

@ -25,7 +25,7 @@ import javax.ejb.Local;
import javax.naming.ConfigurationException;
import com.cloud.network.security.IngressRuleVO;
import com.cloud.network.security.NetworkGroupVO;
import com.cloud.network.security.SecurityGroupVO;
import com.cloud.utils.component.Inject;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.JoinBuilder;
@ -35,66 +35,66 @@ import com.cloud.utils.db.SearchCriteria;
@Local(value={IngressRuleDao.class})
public class IngressRuleDaoImpl extends GenericDaoBase<IngressRuleVO, Long> implements IngressRuleDao {
@Inject NetworkGroupDao _networkGroupDao;
@Inject SecurityGroupDao _securityGroupDao;
protected SearchBuilder<IngressRuleVO> networkGroupIdSearch;
protected SearchBuilder<IngressRuleVO> allowedNetworkGroupIdSearch;
protected SearchBuilder<IngressRuleVO> securityGroupIdSearch;
protected SearchBuilder<IngressRuleVO> allowedSecurityGroupIdSearch;
protected SearchBuilder<IngressRuleVO> protoPortsAndCidrSearch;
protected SearchBuilder<IngressRuleVO> protoPortsAndNetworkGroupNameSearch;
protected SearchBuilder<IngressRuleVO> protoPortsAndNetworkGroupIdSearch;
protected SearchBuilder<IngressRuleVO> protoPortsAndSecurityGroupNameSearch;
protected SearchBuilder<IngressRuleVO> protoPortsAndSecurityGroupIdSearch;
protected IngressRuleDaoImpl() {
networkGroupIdSearch = createSearchBuilder();
networkGroupIdSearch.and("networkGroupId", networkGroupIdSearch.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
networkGroupIdSearch.done();
securityGroupIdSearch = createSearchBuilder();
securityGroupIdSearch.and("securityGroupId", securityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
securityGroupIdSearch.done();
allowedNetworkGroupIdSearch = createSearchBuilder();
allowedNetworkGroupIdSearch.and("allowedNetworkId", allowedNetworkGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
allowedNetworkGroupIdSearch.done();
allowedSecurityGroupIdSearch = createSearchBuilder();
allowedSecurityGroupIdSearch.and("allowedNetworkId", allowedSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
allowedSecurityGroupIdSearch.done();
protoPortsAndCidrSearch = createSearchBuilder();
protoPortsAndCidrSearch.and("networkGroupId", protoPortsAndCidrSearch.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
protoPortsAndCidrSearch.and("securityGroupId", protoPortsAndCidrSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
protoPortsAndCidrSearch.and("proto", protoPortsAndCidrSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
protoPortsAndCidrSearch.and("startPort", protoPortsAndCidrSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
protoPortsAndCidrSearch.and("endPort", protoPortsAndCidrSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
protoPortsAndCidrSearch.and("cidr", protoPortsAndCidrSearch.entity().getAllowedSourceIpCidr(), SearchCriteria.Op.EQ);
protoPortsAndCidrSearch.done();
protoPortsAndNetworkGroupIdSearch = createSearchBuilder();
protoPortsAndNetworkGroupIdSearch.and("networkGroupId", protoPortsAndNetworkGroupIdSearch.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
protoPortsAndNetworkGroupIdSearch.and("proto", protoPortsAndNetworkGroupIdSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
protoPortsAndNetworkGroupIdSearch.and("startPort", protoPortsAndNetworkGroupIdSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
protoPortsAndNetworkGroupIdSearch.and("endPort", protoPortsAndNetworkGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
protoPortsAndNetworkGroupIdSearch.and("allowedNetworkId", protoPortsAndNetworkGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
protoPortsAndSecurityGroupIdSearch = createSearchBuilder();
protoPortsAndSecurityGroupIdSearch.and("securityGroupId", protoPortsAndSecurityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
protoPortsAndSecurityGroupIdSearch.and("proto", protoPortsAndSecurityGroupIdSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
protoPortsAndSecurityGroupIdSearch.and("startPort", protoPortsAndSecurityGroupIdSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
protoPortsAndSecurityGroupIdSearch.and("endPort", protoPortsAndSecurityGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
protoPortsAndSecurityGroupIdSearch.and("allowedNetworkId", protoPortsAndSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
}
public List<IngressRuleVO> listByNetworkGroupId(long networkGroupId) {
SearchCriteria<IngressRuleVO> sc = networkGroupIdSearch.create();
sc.setParameters("networkGroupId", networkGroupId);
public List<IngressRuleVO> listBySecurityGroupId(long securityGroupId) {
SearchCriteria<IngressRuleVO> sc = securityGroupIdSearch.create();
sc.setParameters("securityGroupId", securityGroupId);
return listBy(sc);
}
public int deleteByNetworkGroup(long networkGroupId) {
SearchCriteria<IngressRuleVO> sc = networkGroupIdSearch.create();
sc.setParameters("networkGroupId", networkGroupId);
public int deleteBySecurityGroup(long securityGroupId) {
SearchCriteria<IngressRuleVO> sc = securityGroupIdSearch.create();
sc.setParameters("securityGroupId", securityGroupId);
return expunge(sc);
}
@Override
public List<IngressRuleVO> listByAllowedNetworkGroupId(long networkGroupId) {
SearchCriteria<IngressRuleVO> sc = allowedNetworkGroupIdSearch.create();
sc.setParameters("allowedNetworkId", networkGroupId);
public List<IngressRuleVO> listByAllowedSecurityGroupId(long securityGroupId) {
SearchCriteria<IngressRuleVO> sc = allowedSecurityGroupIdSearch.create();
sc.setParameters("allowedNetworkId", securityGroupId);
return listBy(sc);
}
@Override
public IngressRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort,
public IngressRuleVO findByProtoPortsAndCidr(long securityGroupId, String proto, int startPort,
int endPort, String cidr) {
SearchCriteria<IngressRuleVO> sc = protoPortsAndCidrSearch.create();
sc.setParameters("networkGroupId", networkGroupId);
sc.setParameters("securityGroupId", securityGroupId);
sc.setParameters("proto", proto);
sc.setParameters("startPort", startPort);
sc.setParameters("endPort", endPort);
@ -104,33 +104,33 @@ public class IngressRuleDaoImpl extends GenericDaoBase<IngressRuleVO, Long> impl
@Override
public IngressRuleVO findByProtoPortsAndGroup(String proto, int startPort,
int endPort, String networkGroup) {
SearchCriteria<IngressRuleVO> sc = protoPortsAndNetworkGroupNameSearch.create();
int endPort, String securityGroup) {
SearchCriteria<IngressRuleVO> sc = protoPortsAndSecurityGroupNameSearch.create();
sc.setParameters("proto", proto);
sc.setParameters("startPort", startPort);
sc.setParameters("endPort", endPort);
sc.setJoinParameters("groupName", "groupName", networkGroup);
sc.setJoinParameters("groupName", "groupName", securityGroup);
return findOneIncludingRemovedBy(sc);
}
@Override
public boolean configure(String name, Map<String, Object> params)
throws ConfigurationException {
protoPortsAndNetworkGroupNameSearch = createSearchBuilder();
protoPortsAndNetworkGroupNameSearch.and("proto", protoPortsAndNetworkGroupNameSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
protoPortsAndNetworkGroupNameSearch.and("startPort", protoPortsAndNetworkGroupNameSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
protoPortsAndNetworkGroupNameSearch.and("endPort", protoPortsAndNetworkGroupNameSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
SearchBuilder<NetworkGroupVO> ngSb = _networkGroupDao.createSearchBuilder();
protoPortsAndSecurityGroupNameSearch = createSearchBuilder();
protoPortsAndSecurityGroupNameSearch.and("proto", protoPortsAndSecurityGroupNameSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
protoPortsAndSecurityGroupNameSearch.and("startPort", protoPortsAndSecurityGroupNameSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
protoPortsAndSecurityGroupNameSearch.and("endPort", protoPortsAndSecurityGroupNameSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
SearchBuilder<SecurityGroupVO> ngSb = _securityGroupDao.createSearchBuilder();
ngSb.and("groupName", ngSb.entity().getName(), SearchCriteria.Op.EQ);
protoPortsAndNetworkGroupNameSearch.join("groupName", ngSb, protoPortsAndNetworkGroupNameSearch.entity().getAllowedNetworkId(), ngSb.entity().getId(), JoinBuilder.JoinType.INNER);
protoPortsAndNetworkGroupNameSearch.done();
protoPortsAndSecurityGroupNameSearch.join("groupName", ngSb, protoPortsAndSecurityGroupNameSearch.entity().getAllowedNetworkId(), ngSb.entity().getId(), JoinBuilder.JoinType.INNER);
protoPortsAndSecurityGroupNameSearch.done();
return super.configure(name, params);
}
@Override
public int deleteByPortProtoAndGroup(long networkGroupId, String protocol, int startPort, int endPort, Long allowedGroupId) {
SearchCriteria<IngressRuleVO> sc = protoPortsAndNetworkGroupIdSearch.create();
sc.setParameters("networkGroupId", networkGroupId);
public int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort, int endPort, Long allowedGroupId) {
SearchCriteria<IngressRuleVO> sc = protoPortsAndSecurityGroupIdSearch.create();
sc.setParameters("securityGroupId", securityGroupId);
sc.setParameters("proto", protocol);
sc.setParameters("startPort", startPort);
sc.setParameters("endPort", endPort);
@ -141,9 +141,9 @@ public class IngressRuleDaoImpl extends GenericDaoBase<IngressRuleVO, Long> impl
}
@Override
public int deleteByPortProtoAndCidr(long networkGroupId, String protocol, int startPort, int endPort, String cidr) {
public int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort, int endPort, String cidr) {
SearchCriteria<IngressRuleVO> sc = protoPortsAndCidrSearch.create();
sc.setParameters("networkGroupId", networkGroupId);
sc.setParameters("securityGroupId", securityGroupId);
sc.setParameters("proto", protocol);
sc.setParameters("startPort", startPort);
sc.setParameters("endPort", endPort);
@ -153,10 +153,10 @@ public class IngressRuleDaoImpl extends GenericDaoBase<IngressRuleVO, Long> impl
}
@Override
public IngressRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto,
public IngressRuleVO findByProtoPortsAndAllowedGroupId(long securityGroupId, String proto,
int startPort, int endPort, Long allowedGroupId) {
SearchCriteria<IngressRuleVO> sc = protoPortsAndNetworkGroupIdSearch.create();
sc.addAnd("networkGroupId", SearchCriteria.Op.EQ, networkGroupId);
SearchCriteria<IngressRuleVO> sc = protoPortsAndSecurityGroupIdSearch.create();
sc.addAnd("securityGroupId", SearchCriteria.Op.EQ, securityGroupId);
sc.setParameters("proto", proto);
sc.setParameters("startPort", startPort);
sc.setParameters("endPort", endPort);

35
server/src/com/cloud/network/security/dao/NetworkGroupRulesDao.java
View File

@ -1,35 +0,0 @@
package com.cloud.network.security.dao;
import java.util.List;
import com.cloud.network.security.NetworkGroupRulesVO;
import com.cloud.utils.db.GenericDao;
public interface NetworkGroupRulesDao extends GenericDao<NetworkGroupRulesVO, Long> {
/**
* List a network group and associated ingress rules
* @param accountId the account id of the owner of the network group
* @param groupName the name of the group for which to list rules
* @return the list of ingress rules associated with the network group (and network group info)
*/
List<NetworkGroupRulesVO> listNetworkGroupRules(long accountId, String groupName);
/**
* List network groups and associated ingress rules
* @param accountId the id of the account for which to list groups and associated rules
* @return the list of network groups with associated ingress rules
*/
List<NetworkGroupRulesVO> listNetworkGroupRules(long accountId);
/**
* List all network groups and associated ingress rules
* @return the list of network groups with associated ingress rules
*/
List<NetworkGroupRulesVO> listNetworkGroupRules();
/**
* List all network rules belonging to the specific group
* @return the network group with associated ingress rules
*/
List<NetworkGroupRulesVO> listNetworkRulesByGroupId(long groupId);
}

68
server/src/com/cloud/network/security/dao/NetworkGroupRulesDaoImpl.java
View File

@ -1,68 +0,0 @@
package com.cloud.network.security.dao;
import java.util.List;
import javax.ejb.Local;
import com.cloud.network.security.NetworkGroupRulesVO;
import com.cloud.utils.db.Filter;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Local(value={NetworkGroupRulesDao.class})
public class NetworkGroupRulesDaoImpl extends GenericDaoBase<NetworkGroupRulesVO, Long> implements NetworkGroupRulesDao {
private SearchBuilder<NetworkGroupRulesVO> AccountGroupNameSearch;
private SearchBuilder<NetworkGroupRulesVO> AccountSearch;
private SearchBuilder<NetworkGroupRulesVO> GroupSearch;
protected NetworkGroupRulesDaoImpl() {
AccountGroupNameSearch = createSearchBuilder();
AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
AccountGroupNameSearch.and("name", AccountGroupNameSearch.entity().getName(), SearchCriteria.Op.EQ);
AccountGroupNameSearch.done();
AccountSearch = createSearchBuilder();
AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
AccountSearch.done();
GroupSearch = createSearchBuilder();
GroupSearch.and("groupId", GroupSearch.entity().getId(), SearchCriteria.Op.EQ);
GroupSearch.done();
}
@Override
public List<NetworkGroupRulesVO> listNetworkGroupRules() {
Filter searchFilter = new Filter(NetworkGroupRulesVO.class, "id", true, null, null);
return listAll(searchFilter);
}
@Override
public List<NetworkGroupRulesVO> listNetworkGroupRules(long accountId, String groupName) {
Filter searchFilter = new Filter(NetworkGroupRulesVO.class, "id", true, null, null);
SearchCriteria<NetworkGroupRulesVO> sc = AccountGroupNameSearch.create();
sc.setParameters("accountId", accountId);
sc.setParameters("name", groupName);
return listBy(sc, searchFilter);
}
@Override
public List<NetworkGroupRulesVO> listNetworkGroupRules(long accountId) {
Filter searchFilter = new Filter(NetworkGroupRulesVO.class, "id", true, null, null);
SearchCriteria<NetworkGroupRulesVO> sc = AccountSearch.create();
sc.setParameters("accountId", accountId);
return listBy(sc, searchFilter);
}
@Override
public List<NetworkGroupRulesVO> listNetworkRulesByGroupId(long groupId) {
Filter searchFilter = new Filter(NetworkGroupRulesVO.class, "id", true, null, null);
SearchCriteria<NetworkGroupRulesVO> sc = GroupSearch.create();
sc.setParameters("groupId", groupId);
return listBy(sc, searchFilter);
}
}

136
server/src/com/cloud/network/security/dao/NetworkGroupVMMapDaoImpl.java
View File

@ -1,136 +0,0 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.network.security.dao;
import java.util.List;
import javax.ejb.Local;
import com.cloud.network.security.NetworkGroupVMMapVO;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.GenericSearchBuilder;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
import com.cloud.vm.State;
@Local(value={NetworkGroupVMMapDao.class})
public class NetworkGroupVMMapDaoImpl extends GenericDaoBase<NetworkGroupVMMapVO, Long> implements NetworkGroupVMMapDao {
private SearchBuilder<NetworkGroupVMMapVO> ListByIpAndVmId;
private SearchBuilder<NetworkGroupVMMapVO> ListByVmId;
private SearchBuilder<NetworkGroupVMMapVO> ListByVmIdGroupId;
private GenericSearchBuilder<NetworkGroupVMMapVO, Long> ListVmIdByNetworkGroup;
private SearchBuilder<NetworkGroupVMMapVO> ListByIp;
private SearchBuilder<NetworkGroupVMMapVO> ListByNetworkGroup;
private SearchBuilder<NetworkGroupVMMapVO> ListByNetworkGroupAndStates;
protected NetworkGroupVMMapDaoImpl() {
ListByIpAndVmId = createSearchBuilder();
ListByIpAndVmId.and("ipAddress", ListByIpAndVmId.entity().getGuestIpAddress(), SearchCriteria.Op.EQ);
ListByIpAndVmId.and("instanceId", ListByIpAndVmId.entity().getInstanceId(), SearchCriteria.Op.EQ);
ListByIpAndVmId.done();
ListVmIdByNetworkGroup = createSearchBuilder(Long.class);
ListVmIdByNetworkGroup.and("networkGroupId", ListVmIdByNetworkGroup.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
ListVmIdByNetworkGroup.selectField(ListVmIdByNetworkGroup.entity().getInstanceId());
ListVmIdByNetworkGroup.done();
ListByNetworkGroup = createSearchBuilder();
ListByNetworkGroup.and("networkGroupId", ListByNetworkGroup.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
ListByNetworkGroup.done();
ListByIp = createSearchBuilder();
ListByIp.and("ipAddress", ListByIp.entity().getGuestIpAddress(), SearchCriteria.Op.EQ);
ListByIp.done();
ListByVmId = createSearchBuilder();
ListByVmId.and("instanceId", ListByVmId.entity().getInstanceId(), SearchCriteria.Op.EQ);
ListByVmId.done();
ListByNetworkGroupAndStates = createSearchBuilder();
ListByNetworkGroupAndStates.and("networkGroupId", ListByNetworkGroupAndStates.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
ListByNetworkGroupAndStates.and("states", ListByNetworkGroupAndStates.entity().getVmState(), SearchCriteria.Op.IN);
ListByNetworkGroupAndStates.done();
ListByVmIdGroupId = createSearchBuilder();
ListByVmIdGroupId.and("instanceId", ListByVmIdGroupId.entity().getInstanceId(), SearchCriteria.Op.EQ);
ListByVmIdGroupId.and("networkGroupId", ListByVmIdGroupId.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
ListByVmIdGroupId.done();
}
public List<NetworkGroupVMMapVO> listByIpAndInstanceId(String ipAddress, long vmId) {
SearchCriteria<NetworkGroupVMMapVO> sc = ListByIpAndVmId.create();
sc.setParameters("ipAddress", ipAddress);
sc.setParameters("instanceId", vmId);
return listBy(sc);
}
@Override
public List<NetworkGroupVMMapVO> listByNetworkGroup(long networkGroupId) {
SearchCriteria<NetworkGroupVMMapVO> sc = ListByNetworkGroup.create();
sc.setParameters("networkGroupId", networkGroupId);
return listBy(sc);
}
@Override
public List<NetworkGroupVMMapVO> listByIp(String ipAddress) {
SearchCriteria<NetworkGroupVMMapVO> sc = ListByIp.create();
sc.setParameters("ipAddress", ipAddress);
return listBy(sc);
}
@Override
public List<NetworkGroupVMMapVO> listByInstanceId(long vmId) {
SearchCriteria<NetworkGroupVMMapVO> sc = ListByVmId.create();
sc.setParameters("instanceId", vmId);
return listBy(sc);
}
@Override
public int deleteVM(long instanceId) {
SearchCriteria<NetworkGroupVMMapVO> sc = ListByVmId.create();
sc.setParameters("instanceId", instanceId);
return super.expunge(sc);
}
@Override
public List<NetworkGroupVMMapVO> listByNetworkGroup(long networkGroupId, State... vmStates) {
SearchCriteria<NetworkGroupVMMapVO> sc = ListByNetworkGroupAndStates.create();
sc.setParameters("networkGroupId", networkGroupId);
sc.setParameters("states", (Object[])vmStates);
return listBy(sc);
}
@Override
public List<Long> listVmIdsByNetworkGroup(long networkGroupId) {
SearchCriteria<Long> sc = ListVmIdByNetworkGroup.create();
sc.setParameters("networkGroupId", networkGroupId);
return searchIncludingRemoved(sc, null);
}
@Override
public NetworkGroupVMMapVO findByVmIdGroupId(long instanceId, long networkGroupId) {
SearchCriteria<NetworkGroupVMMapVO> sc = ListByVmIdGroupId.create();
sc.setParameters("networkGroupId", networkGroupId);
sc.setParameters("instanceId", instanceId);
return findOneIncludingRemovedBy(sc);
}
}

10
server/src/com/cloud/network/security/dao/NetworkGroupDao.java → server/src/com/cloud/network/security/dao/SecurityGroupDao.java
View File

@ -20,12 +20,12 @@ package com.cloud.network.security.dao;
import java.util.List;
import com.cloud.network.security.NetworkGroupVO;
import com.cloud.network.security.SecurityGroupVO;
import com.cloud.utils.db.GenericDao;
public interface NetworkGroupDao extends GenericDao<NetworkGroupVO, Long> {
List<NetworkGroupVO> listByAccountId(long accountId);
public interface SecurityGroupDao extends GenericDao<SecurityGroupVO, Long> {
List<SecurityGroupVO> listByAccountId(long accountId);
boolean isNameInUse(Long accountId, Long domainId, String name);
NetworkGroupVO findByAccountAndName(Long accountId, String name);
List<NetworkGroupVO> findByAccountAndNames(Long accountId, String... names);
SecurityGroupVO findByAccountAndName(Long accountId, String name);
List<SecurityGroupVO> findByAccountAndNames(Long accountId, String... names);
}

30
server/src/com/cloud/network/security/dao/NetworkGroupDaoImpl.java → server/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java
View File

@ -22,18 +22,18 @@ import java.util.List;
import javax.ejb.Local;
import com.cloud.network.security.NetworkGroupVO;
import com.cloud.network.security.SecurityGroupVO;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Local(value={NetworkGroupDao.class})
public class NetworkGroupDaoImpl extends GenericDaoBase<NetworkGroupVO, Long> implements NetworkGroupDao {
private SearchBuilder<NetworkGroupVO> AccountIdSearch;
private SearchBuilder<NetworkGroupVO> AccountIdNameSearch;
private SearchBuilder<NetworkGroupVO> AccountIdNamesSearch;
@Local(value={SecurityGroupDao.class})
public class SecurityGroupDaoImpl extends GenericDaoBase<SecurityGroupVO, Long> implements SecurityGroupDao {
private SearchBuilder<SecurityGroupVO> AccountIdSearch;
private SearchBuilder<SecurityGroupVO> AccountIdNameSearch;
private SearchBuilder<SecurityGroupVO> AccountIdNamesSearch;
protected NetworkGroupDaoImpl() {
protected SecurityGroupDaoImpl() {
AccountIdSearch = createSearchBuilder();
AccountIdSearch.and("accountId", AccountIdSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
AccountIdSearch.done();
@ -49,15 +49,15 @@ public class NetworkGroupDaoImpl extends GenericDaoBase<NetworkGroupVO, Long> im
}
@Override
public List<NetworkGroupVO> listByAccountId(long accountId) {
SearchCriteria<NetworkGroupVO> sc = AccountIdSearch.create();
public List<SecurityGroupVO> listByAccountId(long accountId) {
SearchCriteria<SecurityGroupVO> sc = AccountIdSearch.create();
sc.setParameters("accountId", accountId);
return listBy(sc);
}
@Override
public boolean isNameInUse(Long accountId, Long domainId, String name) {
SearchCriteria<NetworkGroupVO> sc = createSearchCriteria();
SearchCriteria<SecurityGroupVO> sc = createSearchCriteria();
sc.addAnd("name", SearchCriteria.Op.EQ, name);
if (accountId != null) {
sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId);
@ -66,13 +66,13 @@ public class NetworkGroupDaoImpl extends GenericDaoBase<NetworkGroupVO, Long> im
sc.addAnd("accountId", SearchCriteria.Op.NULL);
}
List<NetworkGroupVO> securityGroups = listBy(sc);
List<SecurityGroupVO> securityGroups = listBy(sc);
return ((securityGroups != null) && !securityGroups.isEmpty());
}
@Override
public NetworkGroupVO findByAccountAndName(Long accountId, String name) {
SearchCriteria<NetworkGroupVO> sc = AccountIdNameSearch.create();
public SecurityGroupVO findByAccountAndName(Long accountId, String name) {
SearchCriteria<SecurityGroupVO> sc = AccountIdNameSearch.create();
sc.setParameters("accountId", accountId);
sc.setParameters("groupName", name);
@ -80,8 +80,8 @@ public class NetworkGroupDaoImpl extends GenericDaoBase<NetworkGroupVO, Long> im
}
@Override
public List<NetworkGroupVO> findByAccountAndNames(Long accountId, String... names) {
SearchCriteria<NetworkGroupVO> sc = AccountIdNamesSearch.create();
public List<SecurityGroupVO> findByAccountAndNames(Long accountId, String... names) {
SearchCriteria<SecurityGroupVO> sc = AccountIdNamesSearch.create();
sc.setParameters("accountId", accountId);
sc.setParameters("groupNames", (Object [])names);

35
server/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java Normal file
View File

@ -0,0 +1,35 @@
package com.cloud.network.security.dao;
import java.util.List;
import com.cloud.network.security.SecurityGroupRulesVO;
import com.cloud.utils.db.GenericDao;
public interface SecurityGroupRulesDao extends GenericDao<SecurityGroupRulesVO, Long> {
/**
* List a security group and associated ingress rules
* @param accountId the account id of the owner of the security group
* @param groupName the name of the group for which to list rules
* @return the list of ingress rules associated with the security group (and security group info)
*/
List<SecurityGroupRulesVO> listSecurityGroupRules(long accountId, String groupName);
/**
* List security groups and associated ingress rules
* @param accountId the id of the account for which to list groups and associated rules
* @return the list of security groups with associated ingress rules
*/
List<SecurityGroupRulesVO> listSecurityGroupRules(long accountId);
/**
* List all security groups and associated ingress rules
* @return the list of security groups with associated ingress rules
*/
List<SecurityGroupRulesVO> listSecurityGroupRules();
/**
* List all security rules belonging to the specific group
* @return the security group with associated ingress rules
*/
List<SecurityGroupRulesVO> listSecurityRulesByGroupId(long groupId);
}

68
server/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java Normal file
View File

@ -0,0 +1,68 @@
package com.cloud.network.security.dao;
import java.util.List;
import javax.ejb.Local;
import com.cloud.network.security.SecurityGroupRulesVO;
import com.cloud.utils.db.Filter;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Local(value={SecurityGroupRulesDao.class})
public class SecurityGroupRulesDaoImpl extends GenericDaoBase<SecurityGroupRulesVO, Long> implements SecurityGroupRulesDao {
private SearchBuilder<SecurityGroupRulesVO> AccountGroupNameSearch;
private SearchBuilder<SecurityGroupRulesVO> AccountSearch;
private SearchBuilder<SecurityGroupRulesVO> GroupSearch;
protected SecurityGroupRulesDaoImpl() {
AccountGroupNameSearch = createSearchBuilder();
AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
AccountGroupNameSearch.and("name", AccountGroupNameSearch.entity().getName(), SearchCriteria.Op.EQ);
AccountGroupNameSearch.done();
AccountSearch = createSearchBuilder();
AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
AccountSearch.done();
GroupSearch = createSearchBuilder();
GroupSearch.and("groupId", GroupSearch.entity().getId(), SearchCriteria.Op.EQ);
GroupSearch.done();
}
@Override
public List<SecurityGroupRulesVO> listSecurityGroupRules() {
Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null);
return listAll(searchFilter);
}
@Override
public List<SecurityGroupRulesVO> listSecurityGroupRules(long accountId, String groupName) {
Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null);
SearchCriteria<SecurityGroupRulesVO> sc = AccountGroupNameSearch.create();
sc.setParameters("accountId", accountId);
sc.setParameters("name", groupName);
return listBy(sc, searchFilter);
}
@Override
public List<SecurityGroupRulesVO> listSecurityGroupRules(long accountId) {
Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null);
SearchCriteria<SecurityGroupRulesVO> sc = AccountSearch.create();
sc.setParameters("accountId", accountId);
return listBy(sc, searchFilter);
}
@Override
public List<SecurityGroupRulesVO> listSecurityRulesByGroupId(long groupId) {
Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null);
SearchCriteria<SecurityGroupRulesVO> sc = GroupSearch.create();
sc.setParameters("groupId", groupId);
return listBy(sc, searchFilter);
}
}

18
server/src/com/cloud/network/security/dao/NetworkGroupVMMapDao.java → server/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java
View File

@ -20,17 +20,17 @@ package com.cloud.network.security.dao;
import java.util.List;
import com.cloud.network.security.NetworkGroupVMMapVO;
import com.cloud.network.security.SecurityGroupVMMapVO;
import com.cloud.utils.db.GenericDao;
import com.cloud.vm.State;
public interface NetworkGroupVMMapDao extends GenericDao<NetworkGroupVMMapVO, Long> {
List<NetworkGroupVMMapVO> listByIpAndInstanceId(String ipAddress, long instanceId);
List<NetworkGroupVMMapVO> listByInstanceId(long instanceId);
List<NetworkGroupVMMapVO> listByIp(String ipAddress);
List<NetworkGroupVMMapVO> listByNetworkGroup(long networkGroupId);
List<NetworkGroupVMMapVO> listByNetworkGroup(long networkGroupId, State ... vmStates);
public interface SecurityGroupVMMapDao extends GenericDao<SecurityGroupVMMapVO, Long> {
List<SecurityGroupVMMapVO> listByIpAndInstanceId(String ipAddress, long instanceId);
List<SecurityGroupVMMapVO> listByInstanceId(long instanceId);
List<SecurityGroupVMMapVO> listByIp(String ipAddress);
List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId);
List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId, State ... vmStates);
int deleteVM(long instanceid);
List<Long> listVmIdsByNetworkGroup(long networkGroupId);
NetworkGroupVMMapVO findByVmIdGroupId(long instanceId, long networkGroupId);
List<Long> listVmIdsBySecurityGroup(long securityGroupId);
SecurityGroupVMMapVO findByVmIdGroupId(long instanceId, long securityGroupId);
}

136
server/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java Normal file
View File

@ -0,0 +1,136 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.network.security.dao;
import java.util.List;
import javax.ejb.Local;
import com.cloud.network.security.SecurityGroupVMMapVO;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.GenericSearchBuilder;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
import com.cloud.vm.State;
@Local(value={SecurityGroupVMMapDao.class})
public class SecurityGroupVMMapDaoImpl extends GenericDaoBase<SecurityGroupVMMapVO, Long> implements SecurityGroupVMMapDao {
private SearchBuilder<SecurityGroupVMMapVO> ListByIpAndVmId;
private SearchBuilder<SecurityGroupVMMapVO> ListByVmId;
private SearchBuilder<SecurityGroupVMMapVO> ListByVmIdGroupId;
private GenericSearchBuilder<SecurityGroupVMMapVO, Long> ListVmIdBySecurityGroup;
private SearchBuilder<SecurityGroupVMMapVO> ListByIp;
private SearchBuilder<SecurityGroupVMMapVO> ListBySecurityGroup;
private SearchBuilder<SecurityGroupVMMapVO> ListBySecurityGroupAndStates;
protected SecurityGroupVMMapDaoImpl() {
ListByIpAndVmId = createSearchBuilder();
ListByIpAndVmId.and("ipAddress", ListByIpAndVmId.entity().getGuestIpAddress(), SearchCriteria.Op.EQ);
ListByIpAndVmId.and("instanceId", ListByIpAndVmId.entity().getInstanceId(), SearchCriteria.Op.EQ);
ListByIpAndVmId.done();
ListVmIdBySecurityGroup = createSearchBuilder(Long.class);
ListVmIdBySecurityGroup.and("securityGroupId", ListVmIdBySecurityGroup.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
ListVmIdBySecurityGroup.selectField(ListVmIdBySecurityGroup.entity().getInstanceId());
ListVmIdBySecurityGroup.done();
ListBySecurityGroup = createSearchBuilder();
ListBySecurityGroup.and("securityGroupId", ListBySecurityGroup.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
ListBySecurityGroup.done();
ListByIp = createSearchBuilder();
ListByIp.and("ipAddress", ListByIp.entity().getGuestIpAddress(), SearchCriteria.Op.EQ);
ListByIp.done();
ListByVmId = createSearchBuilder();
ListByVmId.and("instanceId", ListByVmId.entity().getInstanceId(), SearchCriteria.Op.EQ);
ListByVmId.done();
ListBySecurityGroupAndStates = createSearchBuilder();
ListBySecurityGroupAndStates.and("securityGroupId", ListBySecurityGroupAndStates.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
ListBySecurityGroupAndStates.and("states", ListBySecurityGroupAndStates.entity().getVmState(), SearchCriteria.Op.IN);
ListBySecurityGroupAndStates.done();
ListByVmIdGroupId = createSearchBuilder();
ListByVmIdGroupId.and("instanceId", ListByVmIdGroupId.entity().getInstanceId(), SearchCriteria.Op.EQ);
ListByVmIdGroupId.and("securityGroupId", ListByVmIdGroupId.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
ListByVmIdGroupId.done();
}
public List<SecurityGroupVMMapVO> listByIpAndInstanceId(String ipAddress, long vmId) {
SearchCriteria<SecurityGroupVMMapVO> sc = ListByIpAndVmId.create();
sc.setParameters("ipAddress", ipAddress);
sc.setParameters("instanceId", vmId);
return listBy(sc);
}
@Override
public List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId) {
SearchCriteria<SecurityGroupVMMapVO> sc = ListBySecurityGroup.create();
sc.setParameters("securityGroupId", securityGroupId);
return listBy(sc);
}
@Override
public List<SecurityGroupVMMapVO> listByIp(String ipAddress) {
SearchCriteria<SecurityGroupVMMapVO> sc = ListByIp.create();
sc.setParameters("ipAddress", ipAddress);
return listBy(sc);
}
@Override
public List<SecurityGroupVMMapVO> listByInstanceId(long vmId) {
SearchCriteria<SecurityGroupVMMapVO> sc = ListByVmId.create();
sc.setParameters("instanceId", vmId);
return listBy(sc);
}
@Override
public int deleteVM(long instanceId) {
SearchCriteria<SecurityGroupVMMapVO> sc = ListByVmId.create();
sc.setParameters("instanceId", instanceId);
return super.expunge(sc);
}
@Override
public List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId, State... vmStates) {
SearchCriteria<SecurityGroupVMMapVO> sc = ListBySecurityGroupAndStates.create();
sc.setParameters("securityGroupId", securityGroupId);
sc.setParameters("states", (Object[])vmStates);
return listBy(sc);
}
@Override
public List<Long> listVmIdsBySecurityGroup(long securityGroupId) {
SearchCriteria<Long> sc = ListVmIdBySecurityGroup.create();
sc.setParameters("securityGroupId", securityGroupId);
return searchIncludingRemoved(sc, null);
}
@Override
public SecurityGroupVMMapVO findByVmIdGroupId(long instanceId, long securityGroupId) {
SearchCriteria<SecurityGroupVMMapVO> sc = ListByVmIdGroupId.create();
sc.setParameters("securityGroupId", securityGroupId);
sc.setParameters("instanceId", instanceId);
return findOneIncludingRemovedBy(sc);
}
}

14
server/src/com/cloud/network/security/dao/NetworkGroupWorkDao.java → server/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java
View File

@ -21,17 +21,17 @@ package com.cloud.network.security.dao;
import java.util.Date;
import java.util.List;
import com.cloud.network.security.NetworkGroupWorkVO;
import com.cloud.network.security.NetworkGroupWorkVO.Step;
import com.cloud.network.security.SecurityGroupWorkVO;
import com.cloud.network.security.SecurityGroupWorkVO.Step;
import com.cloud.utils.db.GenericDao;
public interface NetworkGroupWorkDao extends GenericDao<NetworkGroupWorkVO, Long> {
NetworkGroupWorkVO findByVmId(long vmId, boolean taken);
public interface SecurityGroupWorkDao extends GenericDao<SecurityGroupWorkVO, Long> {
SecurityGroupWorkVO findByVmId(long vmId, boolean taken);
NetworkGroupWorkVO findByVmIdStep(long vmId, Step step);
SecurityGroupWorkVO findByVmIdStep(long vmId, Step step);
NetworkGroupWorkVO take(long serverId);
SecurityGroupWorkVO take(long serverId);
void updateStep(Long vmId, Long logSequenceNumber, Step done);
@ -39,7 +39,7 @@ public interface NetworkGroupWorkDao extends GenericDao<NetworkGroupWorkVO, Long
int deleteFinishedWork(Date timeBefore);
List<NetworkGroupWorkVO> findUnfinishedWork(Date timeBefore);
List<SecurityGroupWorkVO> findUnfinishedWork(Date timeBefore);
}

62
server/src/com/cloud/network/security/dao/NetworkGroupWorkDaoImpl.java → server/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java
View File

@ -24,8 +24,8 @@ import java.util.List;
import javax.ejb.Local;
import com.cloud.ha.HaWorkVO;
import com.cloud.network.security.NetworkGroupWorkVO;
import com.cloud.network.security.NetworkGroupWorkVO.Step;
import com.cloud.network.security.SecurityGroupWorkVO;
import com.cloud.network.security.SecurityGroupWorkVO.Step;
import com.cloud.utils.db.Filter;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
@ -34,17 +34,17 @@ import com.cloud.utils.db.Transaction;
import com.cloud.utils.db.SearchCriteria.Op;
import com.cloud.utils.exception.CloudRuntimeException;
@Local(value={NetworkGroupWorkDao.class})
public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO, Long> implements NetworkGroupWorkDao {
private SearchBuilder<NetworkGroupWorkVO> VmIdTakenSearch;
private SearchBuilder<NetworkGroupWorkVO> VmIdSeqNumSearch;
private SearchBuilder<NetworkGroupWorkVO> VmIdUnTakenSearch;
private SearchBuilder<NetworkGroupWorkVO> UntakenWorkSearch;
private SearchBuilder<NetworkGroupWorkVO> VmIdStepSearch;
private SearchBuilder<NetworkGroupWorkVO> CleanupSearch;
@Local(value={SecurityGroupWorkDao.class})
public class SecurityGroupWorkDaoImpl extends GenericDaoBase<SecurityGroupWorkVO, Long> implements SecurityGroupWorkDao {
private SearchBuilder<SecurityGroupWorkVO> VmIdTakenSearch;
private SearchBuilder<SecurityGroupWorkVO> VmIdSeqNumSearch;
private SearchBuilder<SecurityGroupWorkVO> VmIdUnTakenSearch;
private SearchBuilder<SecurityGroupWorkVO> UntakenWorkSearch;
private SearchBuilder<SecurityGroupWorkVO> VmIdStepSearch;
private SearchBuilder<SecurityGroupWorkVO> CleanupSearch;
protected NetworkGroupWorkDaoImpl() {
protected SecurityGroupWorkDaoImpl() {
VmIdTakenSearch = createSearchBuilder();
VmIdTakenSearch.and("vmId", VmIdTakenSearch.entity().getInstanceId(), SearchCriteria.Op.EQ);
VmIdTakenSearch.and("taken", VmIdTakenSearch.entity().getDateTaken(), SearchCriteria.Op.NNULL);
@ -86,29 +86,29 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
}
@Override
public NetworkGroupWorkVO findByVmId(long vmId, boolean taken) {
SearchCriteria<NetworkGroupWorkVO> sc = taken?VmIdTakenSearch.create():VmIdUnTakenSearch.create();
public SecurityGroupWorkVO findByVmId(long vmId, boolean taken) {
SearchCriteria<SecurityGroupWorkVO> sc = taken?VmIdTakenSearch.create():VmIdUnTakenSearch.create();
sc.setParameters("vmId", vmId);
return findOneIncludingRemovedBy(sc);
}
@Override
public NetworkGroupWorkVO take(long serverId) {
public SecurityGroupWorkVO take(long serverId) {
final Transaction txn = Transaction.currentTxn();
try {
final SearchCriteria<NetworkGroupWorkVO> sc = UntakenWorkSearch.create();
final SearchCriteria<SecurityGroupWorkVO> sc = UntakenWorkSearch.create();
sc.setParameters("step", Step.Scheduled);
final Filter filter = new Filter(NetworkGroupWorkVO.class, null, true, 0l, 1l);//FIXME: order desc by update time?
final Filter filter = new Filter(SecurityGroupWorkVO.class, null, true, 0l, 1l);//FIXME: order desc by update time?
txn.start();
final List<NetworkGroupWorkVO> vos = lockRows(sc, filter, true);
final List<SecurityGroupWorkVO> vos = lockRows(sc, filter, true);
if (vos.size() == 0) {
txn.commit();
return null;
}
NetworkGroupWorkVO work = null;
for (NetworkGroupWorkVO w: vos) {
SecurityGroupWorkVO work = null;
for (SecurityGroupWorkVO w: vos) {
//ensure that there is no job in Processing state for the same VM
if ( findByVmIdStep(w.getInstanceId(), Step.Processing) == null) {
work = w;
@ -121,7 +121,7 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
}
work.setServerId(serverId);
work.setDateTaken(new Date());
work.setStep(NetworkGroupWorkVO.Step.Processing);
work.setStep(SecurityGroupWorkVO.Step.Processing);
update(work.getId(), work);
@ -138,18 +138,18 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
public void updateStep(Long vmId, Long logSequenceNumber, Step step) {
final Transaction txn = Transaction.currentTxn();
txn.start();
SearchCriteria<NetworkGroupWorkVO> sc = VmIdSeqNumSearch.create();
SearchCriteria<SecurityGroupWorkVO> sc = VmIdSeqNumSearch.create();
sc.setParameters("vmId", vmId);
sc.setParameters("seqno", logSequenceNumber);
final Filter filter = new Filter(HaWorkVO.class, null, true, 0l, 1l);
final List<NetworkGroupWorkVO> vos = lockRows(sc, filter, true);
final List<SecurityGroupWorkVO> vos = lockRows(sc, filter, true);
if (vos.size() == 0) {
txn.commit();
return;
}
NetworkGroupWorkVO work = vos.get(0);
SecurityGroupWorkVO work = vos.get(0);
work.setStep(step);
update(work.getId(), work);
@ -157,8 +157,8 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
}
@Override
public NetworkGroupWorkVO findByVmIdStep(long vmId, Step step) {
SearchCriteria<NetworkGroupWorkVO> sc = VmIdStepSearch.create();
public SecurityGroupWorkVO findByVmIdStep(long vmId, Step step) {
SearchCriteria<SecurityGroupWorkVO> sc = VmIdStepSearch.create();
sc.setParameters("vmId", vmId);
sc.setParameters("step", step);
return findOneIncludingRemovedBy(sc);
@ -169,7 +169,7 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
final Transaction txn = Transaction.currentTxn();
txn.start();
NetworkGroupWorkVO work = lockRow(workId, true);
SecurityGroupWorkVO work = lockRow(workId, true);
if (work == null) {
txn.commit();
return;
@ -183,7 +183,7 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
@Override
public int deleteFinishedWork(Date timeBefore) {
final SearchCriteria<NetworkGroupWorkVO> sc = CleanupSearch.create();
final SearchCriteria<SecurityGroupWorkVO> sc = CleanupSearch.create();
sc.setParameters("taken", timeBefore);
sc.setParameters("step", Step.Done);
@ -191,14 +191,14 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
}
@Override
public List<NetworkGroupWorkVO> findUnfinishedWork(Date timeBefore) {
final SearchCriteria<NetworkGroupWorkVO> sc = CleanupSearch.create();
public List<SecurityGroupWorkVO> findUnfinishedWork(Date timeBefore) {
final SearchCriteria<SecurityGroupWorkVO> sc = CleanupSearch.create();
sc.setParameters("taken", timeBefore);
sc.setParameters("step", Step.Processing);
List<NetworkGroupWorkVO> result = listIncludingRemovedBy(sc);
List<SecurityGroupWorkVO> result = listIncludingRemovedBy(sc);
NetworkGroupWorkVO work = createForUpdate();
SecurityGroupWorkVO work = createForUpdate();
work.setStep(Step.Error);
update(work, sc);

6
server/src/com/cloud/server/ManagementServer.java
View File

@ -35,7 +35,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.host.HostVO;
import com.cloud.info.ConsoleProxyInfo;
import com.cloud.network.IPAddressVO;
import com.cloud.network.security.NetworkGroupVO;
import com.cloud.network.security.SecurityGroupVO;
import com.cloud.service.ServiceOfferingVO;
import com.cloud.storage.DiskOfferingVO;
import com.cloud.storage.GuestOSVO;
@ -529,14 +529,14 @@ public interface ManagementServer extends ManagementService {
List<SecondaryStorageVmVO> searchForSecondaryStorageVm(Criteria c);
NetworkGroupVO findNetworkGroupByName(Long accountId, String groupName);
SecurityGroupVO findNetworkGroupByName(Long accountId, String groupName);
/**
* Find a network group by id
* @param networkGroupId id of group to lookup
* @return the network group if found, null otherwise
*/
NetworkGroupVO findNetworkGroupById(long networkGroupId);
SecurityGroupVO findNetworkGroupById(long networkGroupId);
/**
* Is the hypervisor snapshot capable.

24
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -188,8 +188,8 @@ import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.RemoteAccessVpnDao;
import com.cloud.network.dao.VpnUserDao;
import com.cloud.network.router.DomainRouterManager;
import com.cloud.network.security.NetworkGroupVO;
import com.cloud.network.security.dao.NetworkGroupDao;
import com.cloud.network.security.SecurityGroupVO;
import com.cloud.network.security.dao.SecurityGroupDao;
import com.cloud.offering.NetworkOffering;
import com.cloud.offering.ServiceOffering;
import com.cloud.server.auth.UserAuthenticator;
@ -283,7 +283,7 @@ public class ManagementServerImpl implements ManagementServer {
private final AccountManager _accountMgr;
private final AgentManager _agentMgr;
private final ConfigurationManager _configMgr;
private final NetworkGroupDao _networkSecurityGroupDao;
private final SecurityGroupDao _networkSecurityGroupDao;
private final IPAddressDao _publicIpAddressDao;
private final DataCenterIpAddressDao _privateIpAddressDao;
private final DomainRouterDao _routerDao;
@ -383,7 +383,7 @@ public class ManagementServerImpl implements ManagementServer {
_consoleProxyMgr = locator.getManager(ConsoleProxyManager.class);
_secStorageVmMgr = locator.getManager(SecondaryStorageVmManager.class);
_storageMgr = locator.getManager(StorageManager.class);
_networkSecurityGroupDao = locator.getDao(NetworkGroupDao.class);
_networkSecurityGroupDao = locator.getDao(SecurityGroupDao.class);
_publicIpAddressDao = locator.getDao(IPAddressDao.class);
_privateIpAddressDao = locator.getDao(DataCenterIpAddressDao.class);
_consoleProxyDao = locator.getDao(ConsoleProxyDao.class);
@ -4362,14 +4362,14 @@ public class ManagementServerImpl implements ManagementServer {
}
@Override
public NetworkGroupVO findNetworkGroupByName(Long accountId, String groupName) {
NetworkGroupVO groupVO = _networkSecurityGroupDao.findByAccountAndName(accountId, groupName);
public SecurityGroupVO findNetworkGroupByName(Long accountId, String groupName) {
SecurityGroupVO groupVO = _networkSecurityGroupDao.findByAccountAndName(accountId, groupName);
return groupVO;
}
@Override
public NetworkGroupVO findNetworkGroupById(long networkGroupId) {
NetworkGroupVO groupVO = _networkSecurityGroupDao.findById(networkGroupId);
public SecurityGroupVO findNetworkGroupById(long networkGroupId) {
SecurityGroupVO groupVO = _networkSecurityGroupDao.findById(networkGroupId);
return groupVO;
}
@ -4467,12 +4467,12 @@ public class ManagementServerImpl implements ManagementServer {
public Map<String, String> listCapabilities(ListCapabilitiesCmd cmd) {
Map<String, String> capabilities = new HashMap<String, String>();
String networkGroupsEnabled = _configs.get("direct.attach.network.groups.enabled");
if(networkGroupsEnabled == null) {
networkGroupsEnabled = "false";
String securityGroupsEnabled = _configs.get("direct.attach.security.groups.enabled");
if(securityGroupsEnabled == null) {
securityGroupsEnabled = "false";
}
capabilities.put("networkGroupsEnabled", networkGroupsEnabled);
capabilities.put("securityGroupsEnabled", securityGroupsEnabled);
capabilities.put("cloudStackVersion", getVersion());
return capabilities;
}

6
server/src/com/cloud/user/AccountManagerImpl.java
View File

@ -71,7 +71,7 @@ import com.cloud.network.NetworkVO;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.router.DomainRouterManager;
import com.cloud.network.security.NetworkGroupManager;
import com.cloud.network.security.SecurityGroupManager;
import com.cloud.server.Criteria;
import com.cloud.storage.StorageManager;
import com.cloud.storage.VMTemplateVO;
@ -121,7 +121,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
@Inject private NetworkDao _networkDao;
@Inject private NetworkGroupManager _networkGroupMgr;
@Inject private SecurityGroupManager _networkGroupMgr;
@Inject private NetworkManager _networkMgr;
@Inject private SnapshotManager _snapMgr;
@Inject private UserVmManager _vmMgr;
@ -1049,7 +1049,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
UserVO dbUser = _userDao.persist(user);
_networkGroupMgr.createDefaultNetworkGroup(accountId);
_networkGroupMgr.createDefaultSecurityGroup(accountId);
if (!user.getPassword().equals(dbUser.getPassword())) {
throw new CloudRuntimeException("The user " + username + " being creating is using a password that is different than what's in the db");

6
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -132,7 +132,9 @@ import com.cloud.network.dao.LoadBalancerVMMapDao;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.router.DomainRouterManager;
import com.cloud.network.rules.RulesManager;
import com.cloud.network.security.NetworkGroupManager;
import com.cloud.network.router.VirtualRouter.Role;
import com.cloud.network.security.SecurityGroupManager;
import com.cloud.network.security.SecurityGroupVO;
import com.cloud.offering.NetworkOffering;
import com.cloud.offering.ServiceOffering;
import com.cloud.offerings.dao.NetworkOfferingDao;
@ -241,7 +243,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
@Inject AccountVlanMapDao _accountVlanMapDao;
@Inject StoragePoolDao _storagePoolDao;
@Inject VMTemplateHostDao _vmTemplateHostDao;
@Inject NetworkGroupManager _networkGroupMgr;
@Inject SecurityGroupManager _networkGroupMgr;
@Inject ServiceOfferingDao _serviceOfferingDao;
@Inject NetworkOfferingDao _networkOfferingDao;
@Inject EventDao _eventDao = null;

16
setup/db/create-index-fk.sql
View File

@ -224,17 +224,17 @@ ALTER TABLE `cloud`.`launch_permission` ADD INDEX `i_launch_permission_template_
ALTER TABLE `cloud`.`guest_os` ADD CONSTRAINT `fk_guest_os__category_id` FOREIGN KEY `fk_guest_os__category_id` (`category_id`) REFERENCES `guest_os_category` (`id`) ON DELETE CASCADE;
ALTER TABLE `cloud`.`network_group` ADD CONSTRAINT `fk_network_group___account_id` FOREIGN KEY `fk_network_group__account_id` (`account_id`) REFERENCES `account` (`id`);
ALTER TABLE `cloud`.`network_group` ADD CONSTRAINT `fk_network_group__domain_id` FOREIGN KEY `fk_network_group__domain_id` (`domain_id`) REFERENCES `domain` (`id`);
ALTER TABLE `cloud`.`network_group` ADD INDEX `i_network_group_name`(`name`);
ALTER TABLE `cloud`.`security_group` ADD CONSTRAINT `fk_security_group___account_id` FOREIGN KEY `fk_security_group__account_id` (`account_id`) REFERENCES `account` (`id`);
ALTER TABLE `cloud`.`security_group` ADD CONSTRAINT `fk_security_group__domain_id` FOREIGN KEY `fk_security_group__domain_id` (`domain_id`) REFERENCES `domain` (`id`);
ALTER TABLE `cloud`.`security_group` ADD INDEX `i_security_group_name`(`name`);
ALTER TABLE `cloud`.`network_ingress_rule` ADD CONSTRAINT `fk_network_ingress_rule___network_group_id` FOREIGN KEY `fk_network_ingress_rule__network_group_id` (`network_group_id`) REFERENCES `network_group` (`id`);
ALTER TABLE `cloud`.`network_ingress_rule` ADD CONSTRAINT `fk_network_ingress_rule___allowed_network_id` FOREIGN KEY `fk_network_ingress_rule__allowed_network_id` (`allowed_network_id`) REFERENCES `network_group` (`id`);
ALTER TABLE `cloud`.`network_ingress_rule` ADD INDEX `i_network_ingress_rule_network_id`(`network_group_id`);
ALTER TABLE `cloud`.`network_ingress_rule` ADD CONSTRAINT `fk_network_ingress_rule___security_group_id` FOREIGN KEY `fk_network_ingress_rule__security_group_id` (`security_group_id`) REFERENCES `security_group` (`id`);
ALTER TABLE `cloud`.`network_ingress_rule` ADD CONSTRAINT `fk_network_ingress_rule___allowed_network_id` FOREIGN KEY `fk_network_ingress_rule__allowed_network_id` (`allowed_network_id`) REFERENCES `security_group` (`id`);
ALTER TABLE `cloud`.`network_ingress_rule` ADD INDEX `i_network_ingress_rule_network_id`(`security_group_id`);
ALTER TABLE `cloud`.`network_ingress_rule` ADD INDEX `i_network_ingress_rule_allowed_network`(`allowed_network_id`);
ALTER TABLE `cloud`.`network_group_vm_map` ADD CONSTRAINT `fk_network_group_vm_map___network_group_id` FOREIGN KEY `fk_network_group_vm_map___network_group_id` (`network_group_id`) REFERENCES `network_group` (`id`) ON DELETE CASCADE;
ALTER TABLE `cloud`.`network_group_vm_map` ADD CONSTRAINT `fk_network_group_vm_map___instance_id` FOREIGN KEY `fk_network_group_vm_map___instance_id` (`instance_id`) REFERENCES `user_vm` (`id`) ON DELETE CASCADE;
ALTER TABLE `cloud`.`security_group_vm_map` ADD CONSTRAINT `fk_security_group_vm_map___security_group_id` FOREIGN KEY `fk_security_group_vm_map___security_group_id` (`security_group_id`) REFERENCES `security_group` (`id`) ON DELETE CASCADE;
ALTER TABLE `cloud`.`security_group_vm_map` ADD CONSTRAINT `fk_security_group_vm_map___instance_id` FOREIGN KEY `fk_security_group_vm_map___instance_id` (`instance_id`) REFERENCES `user_vm` (`id`) ON DELETE CASCADE;
ALTER TABLE `cloud`.`op_nwgrp_work` ADD INDEX `i_op_nwgrp_work__instance_id`(`instance_id`);
ALTER TABLE `cloud`.`op_nwgrp_work` ADD INDEX `i_op_nwgrp_work__mgmt_server_id`(`mgmt_server_id`);

31
setup/db/create-schema.sql
View File

@ -1013,15 +1013,6 @@ CREATE TABLE `cloud`.`service_offering` (
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`security_group` (
`id` bigint unsigned NOT NULL auto_increment,
`name` varchar(255) NOT NULL,
`description` varchar(4096) NULL,
`domain_id` bigint unsigned NOT NULL,
`account_id` bigint unsigned NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`network_rule_config` (
`id` bigint unsigned NOT NULL auto_increment,
`security_group_id` bigint unsigned NOT NULL,
@ -1032,14 +1023,6 @@ CREATE TABLE `cloud`.`network_rule_config` (
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`security_group_vm_map` (
`id` bigint unsigned NOT NULL auto_increment,
`security_group_id` bigint unsigned NOT NULL,
`ip_address` varchar(15) NOT NULL,
`instance_id` bigint unsigned NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`load_balancer` (
`id` bigint unsigned NOT NULL auto_increment,
`name` varchar(255) NOT NULL,
@ -1193,7 +1176,7 @@ CREATE TABLE `cloud`.`op_pod_vlan_alloc` (
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`network_group` (
CREATE TABLE `cloud`.`security_group` (
`id` bigint unsigned NOT NULL auto_increment,
`name` varchar(255) NOT NULL,
`description` varchar(4096) NULL,
@ -1203,23 +1186,23 @@ CREATE TABLE `cloud`.`network_group` (
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`network_ingress_rule` (
CREATE TABLE `cloud`.`security_ingress_rule` (
`id` bigint unsigned NOT NULL auto_increment,
`network_group_id` bigint unsigned NOT NULL,
`security_group_id` bigint unsigned NOT NULL,
`start_port` varchar(10) default NULL,
`end_port` varchar(10) default NULL,
`protocol` varchar(16) NOT NULL default 'TCP',
`allowed_network_id` bigint unsigned,
`allowed_network_group` varchar(255) COMMENT 'data duplicated from network_group table to avoid lots of joins when listing rules (the name of the group should be displayed rather than just id)',
`allowed_net_grp_acct` varchar(100) COMMENT 'data duplicated from network_group table to avoid lots of joins when listing rules (the name of the group owner should be displayed)',
`allowed_security_group` varchar(255) COMMENT 'data duplicated from security_group table to avoid lots of joins when listing rules (the name of the group should be displayed rather than just id)',
`allowed_sec_grp_acct` varchar(100) COMMENT 'data duplicated from security_group table to avoid lots of joins when listing rules (the name of the group owner should be displayed)',
`allowed_ip_cidr` varchar(44),
`create_status` varchar(32) COMMENT 'rule creation status',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`network_group_vm_map` (
CREATE TABLE `cloud`.`security_group_vm_map` (
`id` bigint unsigned NOT NULL auto_increment,
`network_group_id` bigint unsigned NOT NULL,
`security_group_id` bigint unsigned NOT NULL,
`instance_id` bigint unsigned NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

7
setup/db/schema-21to22.sql
View File

@ -6,3 +6,10 @@ SET foreign_key_checks = 0;
ALTER TABLE `cloud`.`template_host_ref` ADD COLUMN `physical_size` bigint unsigned NOT NULL DEFAULT 0
ALTER TABLE `cloud`.`snapshots` MODIFY COLUMN `id` bigint unsigned UNIQUE NOT NULL
ALTER TABLE `vm_instance` DROP COLUMN `group`
-- NOTE for tables below
-- these 2 tables were used in 2.1, but are not in 2.2
-- we will need a migration script for these tables when the migration is written
DROP TABLE `cloud`.`security_group`;
DROP TABLE `cloud`.`security_group_vm_map`;

2
utils/src/com/cloud/utils/net/NetUtils.java
View File

@ -731,7 +731,7 @@ public class NetUtils {
return (proto.equals("tcp") || proto.equals("udp") || proto.equals("icmp"));
}
public static boolean isValidNetworkGroupProto(String p) {
public static boolean isValidSecurityGroupProto(String p) {
String proto = p.toLowerCase();
return (proto.equals("tcp") || proto.equals("udp") || proto.equals("icmp") || proto.equals("all"));
}