diff --git a/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java b/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java index c2d4d97ceca..aa4d21431ae 100644 --- a/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java +++ b/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java @@ -109,8 +109,8 @@ import com.cloud.agent.api.MirrorCommand; import com.cloud.agent.api.ModifySshKeysCommand; import com.cloud.agent.api.ModifyStoragePoolAnswer; import com.cloud.agent.api.ModifyStoragePoolCommand; -import com.cloud.agent.api.NetworkIngressRuleAnswer; -import com.cloud.agent.api.NetworkIngressRulesCmd; +import com.cloud.agent.api.SecurityIngressRuleAnswer; +import com.cloud.agent.api.SecurityIngressRulesCmd; import com.cloud.agent.api.PingCommand; import com.cloud.agent.api.PingRoutingCommand; import com.cloud.agent.api.PingTestCommand; @@ -1094,8 +1094,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv return execute((CreatePrivateTemplateFromSnapshotCommand) cmd); } else if (cmd instanceof ModifyStoragePoolCommand) { return execute((ModifyStoragePoolCommand) cmd); - } else if (cmd instanceof NetworkIngressRulesCmd) { - return execute((NetworkIngressRulesCmd) cmd); + } else if (cmd instanceof SecurityIngressRulesCmd) { + return execute((SecurityIngressRulesCmd) cmd); } else if (cmd instanceof DeleteStoragePoolCommand) { return execute((DeleteStoragePoolCommand) cmd); } else if (cmd instanceof FenceCommand ) { @@ -1777,8 +1777,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv } return answer; } - private Answer execute(NetworkIngressRulesCmd cmd) { - return new NetworkIngressRuleAnswer(cmd); + private Answer execute(SecurityIngressRulesCmd cmd) { + return new SecurityIngressRuleAnswer(cmd); } protected GetVncPortAnswer execute(GetVncPortCommand cmd) { diff --git a/api/src/com/cloud/api/ApiConstants.java b/api/src/com/cloud/api/ApiConstants.java index 98d8b07217c..a89fd2b4f93 100755 --- a/api/src/com/cloud/api/ApiConstants.java +++ b/api/src/com/cloud/api/ApiConstants.java @@ -100,8 +100,6 @@ public class ApiConstants { public static final String MODE = "mode"; public static final String NAME = "name"; public static final String NETWORK_DOMAIN = "networkdomain"; - public static final String NETWORK_GROUP_LIST = "networkgrouplist"; - public static final String NETWORK_GROUP_NAME = "networkgroupname"; public static final String NETMASK = "netmask"; public static final String NEW_NAME = "newname"; public static final String OFFER_HA = "offerha"; @@ -127,6 +125,8 @@ public class ApiConstants { public static final String SCHEDULE = "schedule"; public static final String SCOPE = "scope"; public static final String SECRET_KEY = "secretkey"; + public static final String SECURITY_GROUP_LIST = "securitygrouplist"; + public static final String SECURITY_GROUP_NAME = "securitygroupname"; public static final String SENT = "sent"; public static final String SENT_BYTES = "sentbytes"; public static final String SERVICE_OFFERING_ID = "serviceofferingid"; @@ -151,7 +151,7 @@ public class ApiConstants { public static final String USER_DATA = "userdata"; public static final String USER_ID = "userid"; public static final String USERNAME = "username"; - public static final String USER_NETWORK_GROUP_LIST = "usernetworkgrouplist"; + public static final String USER_SECURITY_GROUP_LIST = "usersecuritygrouplist"; public static final String USE_VIRTUAL_NETWORK = "usevirtualnetwork"; public static final String VALUE = "value"; public static final String VIRTUAL_MACHINE_ID = "virtualmachineid"; diff --git a/api/src/com/cloud/api/BaseCmd.java b/api/src/com/cloud/api/BaseCmd.java index f7d484748c1..e8935de598a 100755 --- a/api/src/com/cloud/api/BaseCmd.java +++ b/api/src/com/cloud/api/BaseCmd.java @@ -38,7 +38,7 @@ import com.cloud.network.DomainRouterService; import com.cloud.network.NetworkService; import com.cloud.network.lb.LoadBalancingRulesService; import com.cloud.network.rules.RulesService; -import com.cloud.network.security.NetworkGroupService; +import com.cloud.network.security.SecurityGroupService; import com.cloud.resource.ResourceService; import com.cloud.server.ManagementService; import com.cloud.storage.StorageService; @@ -96,7 +96,7 @@ public abstract class BaseCmd { public static ResourceService _resourceService; public static NetworkService _networkService; public static TemplateService _templateService; - public static NetworkGroupService _networkGroupMgr; + public static SecurityGroupService _securityGroupMgr; public static SnapshotService _snapshotMgr; public static ConsoleProxyService _consoleProxyMgr; public static DomainRouterService _routerService; @@ -116,7 +116,7 @@ public abstract class BaseCmd { _resourceService = locator.getManager(ResourceService.class); _networkService = locator.getManager(NetworkService.class); _templateService = locator.getManager(TemplateService.class); - _networkGroupMgr = locator.getManager(NetworkGroupService.class); + _securityGroupMgr = locator.getManager(SecurityGroupService.class); _snapshotMgr = locator.getManager(SnapshotService.class); _consoleProxyMgr = locator.getManager(ConsoleProxyService.class); _routerService = locator.getManager(DomainRouterService.class); diff --git a/api/src/com/cloud/api/ResponseGenerator.java b/api/src/com/cloud/api/ResponseGenerator.java index a2ef2b39587..e156bb953e4 100644 --- a/api/src/com/cloud/api/ResponseGenerator.java +++ b/api/src/com/cloud/api/ResponseGenerator.java @@ -40,7 +40,7 @@ import com.cloud.api.response.InstanceGroupResponse; import com.cloud.api.response.IpForwardingRuleResponse; import com.cloud.api.response.ListResponse; import com.cloud.api.response.LoadBalancerResponse; -import com.cloud.api.response.NetworkGroupResponse; +import com.cloud.api.response.SecurityGroupResponse; import com.cloud.api.response.NetworkOfferingResponse; import com.cloud.api.response.NetworkResponse; import com.cloud.api.response.PodResponse; @@ -78,8 +78,8 @@ import com.cloud.network.router.VirtualRouter; import com.cloud.network.rules.LoadBalancer; import com.cloud.network.rules.PortForwardingRule; import com.cloud.network.security.IngressRule; -import com.cloud.network.security.NetworkGroup; -import com.cloud.network.security.NetworkGroupRules; +import com.cloud.network.security.SecurityGroup; +import com.cloud.network.security.SecurityGroupRules; import com.cloud.offering.DiskOffering; import com.cloud.offering.NetworkOffering; import com.cloud.offering.ServiceOffering; @@ -171,11 +171,11 @@ public interface ResponseGenerator { ListResponse createIsoResponses(VirtualMachineTemplate template, Long zoneId); - ListResponse createNetworkGroupResponses(List networkGroups); + ListResponse createSecurityGroupResponses(List networkGroups); - NetworkGroupResponse createNetworkGroupResponseFromIngressRule(List ingressRules); + SecurityGroupResponse createSecurityGroupResponseFromIngressRule(List ingressRules); - NetworkGroupResponse createNetworkGroupResponse(NetworkGroup group); + SecurityGroupResponse createSecurityGroupResponse(SecurityGroup group); ExtractResponse createExtractResponse(Long uploadId, Long id, Long zoneId, Long accountId, String mode); diff --git a/api/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java b/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java similarity index 82% rename from api/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java rename to api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java index faaa3e66bde..057e268404c 100644 --- a/api/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java +++ b/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java @@ -33,7 +33,7 @@ import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.IngressRuleResponse; -import com.cloud.api.response.NetworkGroupResponse; +import com.cloud.api.response.SecurityGroupResponse; import com.cloud.event.EventTypes; import com.cloud.network.security.IngressRule; import com.cloud.user.Account; @@ -42,10 +42,10 @@ import com.cloud.utils.StringUtils; //FIXME - add description @Implementation(responseObject=IngressRuleResponse.class) @SuppressWarnings("rawtypes") -public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd { - public static final Logger s_logger = Logger.getLogger(AuthorizeNetworkGroupIngressCmd.class.getName()); +public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd { + public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName()); - private static final String s_name = "authorizenetworkgroupingress"; + private static final String s_name = "authorizesecuritygroupingress"; ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// @@ -71,16 +71,16 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd { private Integer icmpCode; //FIXME - add description - @Parameter(name=ApiConstants.NETWORK_GROUP_NAME, type=CommandType.STRING, required=true) - private String networkGroupName; + @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, required=true) + private String securityGroupName; //FIXME - add description @Parameter(name=ApiConstants.CIDR_LIST, type=CommandType.LIST, collectionType=CommandType.STRING) private List cidrList; //FIXME - add description - @Parameter(name=ApiConstants.USER_NETWORK_GROUP_LIST, type=CommandType.MAP) - private Map userNetworkGroupList; + @Parameter(name=ApiConstants.USER_SECURITY_GROUP_LIST, type=CommandType.MAP) + private Map userSecurityGroupList; //FIXME - add description @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING) @@ -119,8 +119,8 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd { return icmpType; } - public String getNetworkGroupName() { - return networkGroupName; + public String getSecurityGroupName() { + return securityGroupName; } public String getProtocol() { @@ -134,8 +134,8 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd { return startPort; } - public Map getUserNetworkGroupList() { - return userNetworkGroupList; + public Map getUserSecurityGroupList() { + return userSecurityGroupList; } @@ -149,7 +149,7 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd { } public static String getResultObjectName() { - return "networkgroup"; + return "securitygroup"; } @Override @@ -173,15 +173,15 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd { @Override public String getEventType() { - return EventTypes.EVENT_NETWORK_GROUP_AUTHORIZE_INGRESS; + return EventTypes.EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS; } @Override public String getEventDescription() { StringBuilder sb = new StringBuilder(); - if (getUserNetworkGroupList() != null) { + if (getUserSecurityGroupList() != null) { sb.append("group list(group/account): "); - Collection userGroupCollection = getUserNetworkGroupList().values(); + Collection userGroupCollection = getUserSecurityGroupList().values(); Iterator iter = userGroupCollection.iterator(); HashMap userGroup = (HashMap)iter.next(); @@ -202,17 +202,17 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd { sb.append(""); } - return "authorizing ingress to group: " + getNetworkGroupName() + " to " + sb.toString(); + return "authorizing ingress to group: " + getSecurityGroupName() + " to " + sb.toString(); } @Override public void execute(){ - List ingressRules = _networkGroupMgr.authorizeNetworkGroupIngress(this); + List ingressRules = _securityGroupMgr.authorizeSecurityGroupIngress(this); if (ingressRules != null && ! ingressRules.isEmpty()) { - NetworkGroupResponse response = _responseGenerator.createNetworkGroupResponseFromIngressRule(ingressRules); + SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponseFromIngressRule(ingressRules); this.setResponseObject(response); } else { - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize network group ingress rule(s)"); + throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize security group ingress rule(s)"); } } diff --git a/api/src/com/cloud/api/commands/CreateNetworkGroupCmd.java b/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java similarity index 72% rename from api/src/com/cloud/api/commands/CreateNetworkGroupCmd.java rename to api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java index 38a0f61205b..6191b104245 100644 --- a/api/src/com/cloud/api/commands/CreateNetworkGroupCmd.java +++ b/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java @@ -24,13 +24,13 @@ import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; -import com.cloud.api.response.NetworkGroupResponse; -import com.cloud.network.security.NetworkGroup; +import com.cloud.api.response.SecurityGroupResponse; +import com.cloud.network.security.SecurityGroup; //TODO - add description to implementation -@Implementation(responseObject=NetworkGroupResponse.class) -public class CreateNetworkGroupCmd extends BaseCmd { - public static final Logger s_logger = Logger.getLogger(CreateNetworkGroupCmd.class.getName()); +@Implementation(responseObject=SecurityGroupResponse.class) +public class CreateSecurityGroupCmd extends BaseCmd { + public static final Logger s_logger = Logger.getLogger(CreateSecurityGroupCmd.class.getName()); private static final String s_name = "createsecuritygroupresponse"; @@ -38,17 +38,17 @@ public class CreateNetworkGroupCmd extends BaseCmd { //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// - @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the network group. Must be used with domainId.") + @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the security group. Must be used with domainId.") private String accountName; - @Parameter(name=ApiConstants.DESCRIPTION, type=CommandType.STRING, description="the description of the network group") + @Parameter(name=ApiConstants.DESCRIPTION, type=CommandType.STRING, description="the description of the security group") private String description; - @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the network group. If the account parameter is used, domainId must also be used.") + @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the security group. If the account parameter is used, domainId must also be used.") private Long domainId; - @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="name of the network group") - private String networkGroupName; + @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="name of the security group") + private String securityGroupName; ///////////////////////////////////////////////////// @@ -67,8 +67,8 @@ public class CreateNetworkGroupCmd extends BaseCmd { return domainId; } - public String getNetworkGroupName() { - return networkGroupName; + public String getSecurityGroupName() { + return securityGroupName; } @@ -83,13 +83,13 @@ public class CreateNetworkGroupCmd extends BaseCmd { @Override public void execute(){ - NetworkGroup group = _networkGroupMgr.createNetworkGroup(this); + SecurityGroup group = _securityGroupMgr.createSecurityGroup(this); if (group != null) { - NetworkGroupResponse response = _responseGenerator.createNetworkGroupResponse(group); + SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponse(group); response.setResponseName(getCommandName()); this.setResponseObject(response); } else { - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create network group"); + throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create security group"); } } } diff --git a/api/src/com/cloud/api/commands/DeleteNetworkGroupCmd.java b/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java similarity index 71% rename from api/src/com/cloud/api/commands/DeleteNetworkGroupCmd.java rename to api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java index c57a8c0a94d..817652f5b4f 100644 --- a/api/src/com/cloud/api/commands/DeleteNetworkGroupCmd.java +++ b/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java @@ -10,23 +10,23 @@ import com.cloud.api.ServerApiException; import com.cloud.api.response.SuccessResponse; import com.cloud.exception.ResourceInUseException; -@Implementation(description="Deletes network group", responseObject=SuccessResponse.class) -public class DeleteNetworkGroupCmd extends BaseCmd { - public static final Logger s_logger = Logger.getLogger(DeleteNetworkGroupCmd.class.getName()); - private static final String s_name = "deletenetworkgroupresponse"; +@Implementation(description="Deletes security group", responseObject=SuccessResponse.class) +public class DeleteSecurityGroupCmd extends BaseCmd { + public static final Logger s_logger = Logger.getLogger(DeleteSecurityGroupCmd.class.getName()); + private static final String s_name = "deletesecuritygroupresponse"; ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// - @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account of the network group. Must be specified with domain ID") + @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account of the security group. Must be specified with domain ID") private String accountName; - @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID of account owning the network group") + @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID of account owning the security group") private Long domainId; - @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="the network group name") - private String networkGroupName; + @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="the security group name") + private String securityGroupName; ///////////////////////////////////////////////////// @@ -41,8 +41,8 @@ public class DeleteNetworkGroupCmd extends BaseCmd { return domainId; } - public String getNetworkGroupName() { - return networkGroupName; + public String getSecurityGroupName() { + return securityGroupName; } @@ -58,12 +58,12 @@ public class DeleteNetworkGroupCmd extends BaseCmd { @Override public void execute(){ try{ - boolean result = _networkGroupMgr.deleteNetworkGroup(this); + boolean result = _securityGroupMgr.deleteSecurityGroup(this); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); this.setResponseObject(response); } else { - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete network group"); + throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete security group"); } } catch (ResourceInUseException ex) { s_logger.warn("Exception: ", ex); diff --git a/api/src/com/cloud/api/commands/DeployVMCmd.java b/api/src/com/cloud/api/commands/DeployVMCmd.java index b344ef82ec1..e96a92be249 100644 --- a/api/src/com/cloud/api/commands/DeployVMCmd.java +++ b/api/src/com/cloud/api/commands/DeployVMCmd.java @@ -70,8 +70,8 @@ public class DeployVMCmd extends BaseAsyncCreateCmd { @Parameter(name=ApiConstants.HYPERVISOR, type=CommandType.STRING, description="the hypervisor on which to deploy the virtual machine") private String hypervisor; - @Parameter(name=ApiConstants.NETWORK_GROUP_LIST, type=CommandType.LIST, collectionType=CommandType.STRING, description="comma separated list of network groups that going to be applied to the virtual machine. Should be passed only when vm is created from service offering with Direct Attach Network support") - private List networkGroupList; + @Parameter(name=ApiConstants.SECURITY_GROUP_LIST, type=CommandType.LIST, collectionType=CommandType.STRING, description="comma separated list of security groups that going to be applied to the virtual machine. Should be passed only when vm is created from service offering with Direct Attach Network support") + private List securityGroupList; @Parameter(name=ApiConstants.SERVICE_OFFERING_ID, type=CommandType.LONG, required=true, description="the ID of the service offering for the virtual machine") private Long serviceOfferingId; @@ -129,8 +129,8 @@ public class DeployVMCmd extends BaseAsyncCreateCmd { return HypervisorType.getType(hypervisor); } - public List getNetworkGroupList() { - return networkGroupList; + public List getSecurityGroupList() { + return securityGroupList; } public Long getServiceOfferingId() { diff --git a/api/src/com/cloud/api/commands/ListCapabilitiesCmd.java b/api/src/com/cloud/api/commands/ListCapabilitiesCmd.java index edb8c967310..f6aa1dcd849 100644 --- a/api/src/com/cloud/api/commands/ListCapabilitiesCmd.java +++ b/api/src/com/cloud/api/commands/ListCapabilitiesCmd.java @@ -40,7 +40,7 @@ public class ListCapabilitiesCmd extends BaseCmd { public void execute(){ Map capabilities = _mgr.listCapabilities(this); CapabilitiesResponse response = new CapabilitiesResponse(); - response.setNetworkGroupsEnabled(capabilities.get("networkGroupsEnabled")); + response.setSecurityGroupsEnabled(capabilities.get("securityGroupsEnabled")); response.setCloudStackVersion(capabilities.get("cloudStackVersion")); response.setObjectName("capability"); response.setResponseName(getCommandName()); diff --git a/api/src/com/cloud/api/commands/ListNetworkGroupsCmd.java b/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java similarity index 62% rename from api/src/com/cloud/api/commands/ListNetworkGroupsCmd.java rename to api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java index fbc25af7735..f45d8c9e771 100644 --- a/api/src/com/cloud/api/commands/ListNetworkGroupsCmd.java +++ b/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java @@ -26,29 +26,29 @@ import com.cloud.api.BaseListCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.response.ListResponse; -import com.cloud.api.response.NetworkGroupResponse; -import com.cloud.network.security.NetworkGroupRules; +import com.cloud.api.response.SecurityGroupResponse; +import com.cloud.network.security.SecurityGroupRules; -@Implementation(description="Lists network groups", responseObject=NetworkGroupResponse.class) -public class ListNetworkGroupsCmd extends BaseListCmd { - public static final Logger s_logger = Logger.getLogger(ListNetworkGroupsCmd.class.getName()); +@Implementation(description="Lists security groups", responseObject=SecurityGroupResponse.class) +public class ListSecurityGroupsCmd extends BaseListCmd { + public static final Logger s_logger = Logger.getLogger(ListSecurityGroupsCmd.class.getName()); - private static final String s_name = "listnetworkgroupsresponse"; + private static final String s_name = "listsecuritygroupsresponse"; ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// - @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="lists all available port network groups for the account. Must be used with domainID parameter") + @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="lists all available port security groups for the account. Must be used with domainID parameter") private String accountName; - @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="lists all available network groups for the domain ID. If used with the account parameter, lists all available network groups for the account in the specified domain ID.") + @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="lists all available security groups for the domain ID. If used with the account parameter, lists all available security groups for the account in the specified domain ID.") private Long domainId; - @Parameter(name=ApiConstants.NETWORK_GROUP_NAME, type=CommandType.STRING, description="lists network groups by name") - private String networkGroupName; + @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="lists security groups by name") + private String securityGroupName; - @Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, description="lists network groups by virtual machine id") + @Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, description="lists security groups by virtual machine id") private Long virtualMachineId; ///////////////////////////////////////////////////// @@ -63,8 +63,8 @@ public class ListNetworkGroupsCmd extends BaseListCmd { return domainId; } - public String getNetworkGroupName() { - return networkGroupName; + public String getSecurityGroupName() { + return securityGroupName; } public Long getVirtualMachineId() { @@ -82,9 +82,9 @@ public class ListNetworkGroupsCmd extends BaseListCmd { @Override public void execute(){ - List networkGroups = _networkGroupMgr.searchForNetworkGroupRules(this); + List securityGroups = _securityGroupMgr.searchForSecurityGroupRules(this); - ListResponse response = _responseGenerator.createNetworkGroupResponses(networkGroups); + ListResponse response = _responseGenerator.createSecurityGroupResponses(securityGroups); response.setResponseName(getCommandName()); this.setResponseObject(response); } diff --git a/api/src/com/cloud/api/commands/RevokeNetworkGroupIngressCmd.java b/api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java similarity index 79% rename from api/src/com/cloud/api/commands/RevokeNetworkGroupIngressCmd.java rename to api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java index 66f77bbb024..61e7cea80b5 100644 --- a/api/src/com/cloud/api/commands/RevokeNetworkGroupIngressCmd.java +++ b/api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java @@ -20,10 +20,10 @@ import com.cloud.user.UserContext; @SuppressWarnings("rawtypes") @Implementation(responseObject=SuccessResponse.class) -public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd { - public static final Logger s_logger = Logger.getLogger(RevokeNetworkGroupIngressCmd.class.getName()); +public class RevokeSecurityGroupIngressCmd extends BaseAsyncCmd { + public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupIngressCmd.class.getName()); - private static final String s_name = "revokenetworkgroupingress"; + private static final String s_name = "revokesecuritygroupingress"; ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// @@ -54,8 +54,8 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd { private Integer icmpType; //FIXME - add description - @Parameter(name=ApiConstants.NETWORK_GROUP_NAME, type=CommandType.STRING, required=true) - private String networkGroupName; + @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, required=true) + private String securityGroupName; //FIXME - add description @Parameter(name=ApiConstants.PROTOCOL, type=CommandType.STRING) @@ -66,8 +66,8 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd { private Integer startPort; //FIXME - add description - @Parameter(name=ApiConstants.USER_NETWORK_GROUP_LIST, type=CommandType.MAP) - private Map userNetworkGroupList; + @Parameter(name=ApiConstants.USER_SECURITY_GROUP_LIST, type=CommandType.MAP) + private Map userSecurityGroupList; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -97,8 +97,8 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd { return icmpType; } - public String getNetworkGroupName() { - return networkGroupName; + public String getSecurityGroupName() { + return securityGroupName; } public String getProtocol() { @@ -109,8 +109,8 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd { return startPort; } - public Map getUserNetworkGroupList() { - return userNetworkGroupList; + public Map getUserSecurityGroupList() { + return userSecurityGroupList; } ///////////////////////////////////////////////////// @@ -123,7 +123,7 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd { } public static String getResultObjectName() { - return "revokenetworkgroupingress"; + return "revokesecuritygroupingress"; } @Override @@ -147,15 +147,15 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd { @Override public String getEventType() { - return EventTypes.EVENT_NETWORK_GROUP_REVOKE_INGRESS; + return EventTypes.EVENT_SECURITY_GROUP_REVOKE_INGRESS; } @Override public String getEventDescription() { StringBuilder sb = new StringBuilder(); - if (getUserNetworkGroupList() != null) { + if (getUserSecurityGroupList() != null) { sb.append("group list(group/account): "); - Collection userGroupCollection = getUserNetworkGroupList().values(); + Collection userGroupCollection = getUserSecurityGroupList().values(); Iterator iter = userGroupCollection.iterator(); HashMap userGroup = (HashMap)iter.next(); @@ -175,12 +175,12 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd { sb.append(""); } - return "revoking ingress from group: " + getNetworkGroupName() + " for " + sb.toString(); + return "revoking ingress from group: " + getSecurityGroupName() + " for " + sb.toString(); } @Override public void execute(){ - boolean result = _networkGroupMgr.revokeNetworkGroupIngress(this); + boolean result = _securityGroupMgr.revokeSecurityGroupIngress(this); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); this.setResponseObject(response); diff --git a/api/src/com/cloud/api/response/CapabilitiesResponse.java b/api/src/com/cloud/api/response/CapabilitiesResponse.java index 8f6a08c809b..3b025abfdf8 100644 --- a/api/src/com/cloud/api/response/CapabilitiesResponse.java +++ b/api/src/com/cloud/api/response/CapabilitiesResponse.java @@ -4,18 +4,18 @@ import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; public class CapabilitiesResponse extends BaseResponse { - @SerializedName("networkgroupsenabled") @Param(description="true if network groups support is enabled, false otherwise") - private String networkGroupsEnabled; + @SerializedName("securitygroupsenabled") @Param(description="true if security groups support is enabled, false otherwise") + private String securityGroupsEnabled; @SerializedName("cloudstackversion") @Param(description="version of the cloud stack") private String cloudStackVersion; - public String getNetworkGroupsEnabled() { - return networkGroupsEnabled; + public String getSecurityGroupsEnabled() { + return securityGroupsEnabled; } - public void setNetworkGroupsEnabled(String networkGroupsEnabled) { - this.networkGroupsEnabled = networkGroupsEnabled; + public void setSecurityGroupsEnabled(String securityGroupsEnabled) { + this.securityGroupsEnabled = securityGroupsEnabled; } public String getCloudStackVersion() { diff --git a/api/src/com/cloud/api/response/IngressRuleResponse.java b/api/src/com/cloud/api/response/IngressRuleResponse.java index d4c28ea3c1c..ed4bbc248d6 100644 --- a/api/src/com/cloud/api/response/IngressRuleResponse.java +++ b/api/src/com/cloud/api/response/IngressRuleResponse.java @@ -42,8 +42,8 @@ public class IngressRuleResponse extends BaseResponse { @SerializedName(ApiConstants.END_PORT) @Param(description="the ending IP of the ingress rule ") private Integer endPort; - @SerializedName(ApiConstants.NETWORK_GROUP_NAME) @Param(description="network group name") - private String networkGroupName; + @SerializedName(ApiConstants.SECURITY_GROUP_NAME) @Param(description="security group name") + private String securityGroupName; @SerializedName(ApiConstants.ACCOUNT) @Param(description="account owning the ingress rule") private String accountName; @@ -99,12 +99,12 @@ public class IngressRuleResponse extends BaseResponse { this.endPort = endPort; } - public String getNetworkGroupName() { - return networkGroupName; + public String getSecurityGroupName() { + return securityGroupName; } - public void setNetworkGroupName(String networkGroupName) { - this.networkGroupName = networkGroupName; + public void setSecurityGroupName(String securityGroupName) { + this.securityGroupName = securityGroupName; } public String getAccountName() { diff --git a/api/src/com/cloud/api/response/NetworkGroupResponse.java b/api/src/com/cloud/api/response/SecurityGroupResponse.java similarity index 89% rename from api/src/com/cloud/api/response/NetworkGroupResponse.java rename to api/src/com/cloud/api/response/SecurityGroupResponse.java index 7fc8632b719..aeddef21b93 100644 --- a/api/src/com/cloud/api/response/NetworkGroupResponse.java +++ b/api/src/com/cloud/api/response/SecurityGroupResponse.java @@ -22,26 +22,26 @@ import java.util.List; import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; -public class NetworkGroupResponse extends BaseResponse { - @SerializedName("id") @Param(description="the ID of the network group") +public class SecurityGroupResponse extends BaseResponse { + @SerializedName("id") @Param(description="the ID of the security group") private Long id; - @SerializedName("name") @Param(description="the name of the network group") + @SerializedName("name") @Param(description="the name of the security group") private String name; - @SerializedName("description") @Param(description="the description of the network group") + @SerializedName("description") @Param(description="the description of the security group") private String description; - @SerializedName("account") @Param(description="the account owning the network group") + @SerializedName("account") @Param(description="the account owning the security group") private String accountName; - @SerializedName("domainid") @Param(description="the domain ID of the network group") + @SerializedName("domainid") @Param(description="the domain ID of the security group") private Long domainId; - @SerializedName("domain") @Param(description="the domain name of the network group") + @SerializedName("domain") @Param(description="the domain name of the security group") private String domainName; - @SerializedName("ingressrule") @Param(description="the list of ingress rules associated with the network group") + @SerializedName("ingressrule") @Param(description="the list of ingress rules associated with the security group") private List ingressRules; public Long getId() { diff --git a/api/src/com/cloud/api/response/UserVmResponse.java b/api/src/com/cloud/api/response/UserVmResponse.java index f96c4c52044..3e34772a68b 100644 --- a/api/src/com/cloud/api/response/UserVmResponse.java +++ b/api/src/com/cloud/api/response/UserVmResponse.java @@ -130,8 +130,8 @@ public class UserVmResponse extends BaseResponse { @SerializedName("rootdevicetype") @Param(description="device type of the root volume") private String rootDeviceType; - @SerializedName("networkgrouplist") @Param(description="list of network groups associated with the virtual machine") - private String networkGroupList; + @SerializedName("securitygrouplist") @Param(description="list of security groups associated with the virtual machine") + private String securityGroupList; @SerializedName(ApiConstants.PASSWORD) @Param(description="the password (if exists) of the virtual machine") private String password; @@ -421,12 +421,12 @@ public class UserVmResponse extends BaseResponse { this.rootDeviceType = rootDeviceType; } - public String getNetworkGroupList() { - return networkGroupList; + public String getSecurityGroupList() { + return securityGroupList; } - public void setNetworkGroupList(String networkGroupList) { - this.networkGroupList = networkGroupList; + public void setSecurityGroupList(String securityGroupList) { + this.securityGroupList = securityGroupList; } public String getPassword() { diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java index b24e632f9bc..69061083c3e 100755 --- a/api/src/com/cloud/event/EventTypes.java +++ b/api/src/com/cloud/event/EventTypes.java @@ -158,9 +158,9 @@ public class EventTypes { // Configuration Table public static final String EVENT_CONFIGURATION_VALUE_EDIT = "CONFIGURATION.VALUE.EDIT"; - // Network Groups - public static final String EVENT_NETWORK_GROUP_AUTHORIZE_INGRESS = "NG.AUTH.INGRESS"; - public static final String EVENT_NETWORK_GROUP_REVOKE_INGRESS = "NG.REVOKE.INGRESS"; + // Security Groups + public static final String EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS = "SG.AUTH.INGRESS"; + public static final String EVENT_SECURITY_GROUP_REVOKE_INGRESS = "SG.REVOKE.INGRESS"; // Host public static final String EVENT_HOST_RECONNECT = "HOST.RECONNECT"; diff --git a/api/src/com/cloud/network/security/IngressRule.java b/api/src/com/cloud/network/security/IngressRule.java index 66fa1fcb1e2..baf1bc4b8f5 100644 --- a/api/src/com/cloud/network/security/IngressRule.java +++ b/api/src/com/cloud/network/security/IngressRule.java @@ -25,14 +25,14 @@ import com.cloud.async.AsyncInstanceCreateStatus; */ public interface IngressRule { long getId(); - long getNetworkGroupId(); + long getSecurityGroupId(); int getStartPort(); int getEndPort(); String getProtocol(); AsyncInstanceCreateStatus getCreateStatus(); Long getAllowedNetworkId(); - String getAllowedNetworkGroup(); - String getAllowedNetGrpAcct(); + String getAllowedSecurityGroup(); + String getAllowedSecGrpAcct(); String getAllowedSourceIpCidr(); } diff --git a/api/src/com/cloud/network/security/NetworkGroupService.java b/api/src/com/cloud/network/security/NetworkGroupService.java deleted file mode 100644 index 7000de667da..00000000000 --- a/api/src/com/cloud/network/security/NetworkGroupService.java +++ /dev/null @@ -1,52 +0,0 @@ -/** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. - * - * This software is licensed under the GNU General Public License v3 or later. - * - * It is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or any later version. - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ -package com.cloud.network.security; - -import java.util.List; - -import com.cloud.api.commands.AuthorizeNetworkGroupIngressCmd; -import com.cloud.api.commands.CreateNetworkGroupCmd; -import com.cloud.api.commands.DeleteNetworkGroupCmd; -import com.cloud.api.commands.ListNetworkGroupsCmd; -import com.cloud.api.commands.RevokeNetworkGroupIngressCmd; -import com.cloud.exception.InvalidParameterValueException; -import com.cloud.exception.PermissionDeniedException; -import com.cloud.exception.ResourceInUseException; - -public interface NetworkGroupService { - /** - * Create a network group with the given name and description - * @param command the command specifying the name and description - * @return the created network group if successful, null otherwise - */ - public NetworkGroup createNetworkGroup(CreateNetworkGroupCmd command) throws PermissionDeniedException, InvalidParameterValueException; - boolean revokeNetworkGroupIngress(RevokeNetworkGroupIngressCmd cmd); - - boolean deleteNetworkGroup(DeleteNetworkGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException; - - /** - * Search for network groups and associated ingress rules for the given account, domain, group name, and/or keyword. - * The search terms are specified in the search criteria. - * @return the list of network groups and associated ingress rules - */ - public List searchForNetworkGroupRules(ListNetworkGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException; - - public List authorizeNetworkGroupIngress(AuthorizeNetworkGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; - - -} diff --git a/api/src/com/cloud/network/security/NetworkGroup.java b/api/src/com/cloud/network/security/SecurityGroup.java similarity index 94% rename from api/src/com/cloud/network/security/NetworkGroup.java rename to api/src/com/cloud/network/security/SecurityGroup.java index d98344db3a1..f93bb8af63e 100644 --- a/api/src/com/cloud/network/security/NetworkGroup.java +++ b/api/src/com/cloud/network/security/SecurityGroup.java @@ -20,7 +20,7 @@ package com.cloud.network.security; import com.cloud.domain.PartOf; import com.cloud.user.OwnedBy; -public interface NetworkGroup extends PartOf, OwnedBy { +public interface SecurityGroup extends PartOf, OwnedBy { long getId(); String getName(); String getDescription(); diff --git a/api/src/com/cloud/network/security/NetworkGroupRules.java b/api/src/com/cloud/network/security/SecurityGroupRules.java similarity index 91% rename from api/src/com/cloud/network/security/NetworkGroupRules.java rename to api/src/com/cloud/network/security/SecurityGroupRules.java index a3b7c8fa58a..c8a279e6ffa 100644 --- a/api/src/com/cloud/network/security/NetworkGroupRules.java +++ b/api/src/com/cloud/network/security/SecurityGroupRules.java @@ -17,7 +17,7 @@ */ package com.cloud.network.security; -public interface NetworkGroupRules { +public interface SecurityGroupRules { long getId(); String getName(); @@ -40,9 +40,9 @@ public interface NetworkGroupRules { Long getAllowedNetworkId(); - String getAllowedNetworkGroup(); + String getAllowedSecurityGroup(); - String getAllowedNetGrpAcct(); + String getAllowedSecGrpAcct(); String getAllowedSourceIpCidr(); } diff --git a/api/src/com/cloud/network/security/SecurityGroupService.java b/api/src/com/cloud/network/security/SecurityGroupService.java new file mode 100644 index 00000000000..ea4fc5c4acb --- /dev/null +++ b/api/src/com/cloud/network/security/SecurityGroupService.java @@ -0,0 +1,52 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.network.security; + +import java.util.List; + +import com.cloud.api.commands.AuthorizeSecurityGroupIngressCmd; +import com.cloud.api.commands.CreateSecurityGroupCmd; +import com.cloud.api.commands.DeleteSecurityGroupCmd; +import com.cloud.api.commands.ListSecurityGroupsCmd; +import com.cloud.api.commands.RevokeSecurityGroupIngressCmd; +import com.cloud.exception.InvalidParameterValueException; +import com.cloud.exception.PermissionDeniedException; +import com.cloud.exception.ResourceInUseException; + +public interface SecurityGroupService { + /** + * Create a network group with the given name and description + * @param command the command specifying the name and description + * @return the created security group if successful, null otherwise + */ + public SecurityGroup createSecurityGroup(CreateSecurityGroupCmd command) throws PermissionDeniedException, InvalidParameterValueException; + boolean revokeSecurityGroupIngress(RevokeSecurityGroupIngressCmd cmd); + + boolean deleteSecurityGroup(DeleteSecurityGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException; + + /** + * Search for security groups and associated ingress rules for the given account, domain, group name, and/or keyword. + * The search terms are specified in the search criteria. + * @return the list of security groups and associated ingress rules + */ + public List searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException; + + public List authorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; + + +} diff --git a/core/src/com/cloud/agent/api/NetworkIngressRuleAnswer.java b/core/src/com/cloud/agent/api/SecurityIngressRuleAnswer.java similarity index 83% rename from core/src/com/cloud/agent/api/NetworkIngressRuleAnswer.java rename to core/src/com/cloud/agent/api/SecurityIngressRuleAnswer.java index 53f2365dcef..e53519d7fce 100644 --- a/core/src/com/cloud/agent/api/NetworkIngressRuleAnswer.java +++ b/core/src/com/cloud/agent/api/SecurityIngressRuleAnswer.java @@ -17,20 +17,20 @@ */ package com.cloud.agent.api; -public class NetworkIngressRuleAnswer extends Answer { +public class SecurityIngressRuleAnswer extends Answer { Long logSequenceNumber = null; Long vmId = null; - protected NetworkIngressRuleAnswer() { + protected SecurityIngressRuleAnswer() { } - public NetworkIngressRuleAnswer(NetworkIngressRulesCmd cmd) { + public SecurityIngressRuleAnswer(SecurityIngressRulesCmd cmd) { super(cmd); this.logSequenceNumber = cmd.getSeqNum(); this.vmId = cmd.getVmId(); } - public NetworkIngressRuleAnswer(NetworkIngressRulesCmd cmd, boolean result, String detail) { + public SecurityIngressRuleAnswer(SecurityIngressRulesCmd cmd, boolean result, String detail) { super(cmd, result, detail); this.logSequenceNumber = cmd.getSeqNum(); this.vmId = cmd.getVmId(); diff --git a/core/src/com/cloud/agent/api/NetworkIngressRulesCmd.java b/core/src/com/cloud/agent/api/SecurityIngressRulesCmd.java similarity index 87% rename from core/src/com/cloud/agent/api/NetworkIngressRulesCmd.java rename to core/src/com/cloud/agent/api/SecurityIngressRulesCmd.java index 9151553038a..5ac2d484869 100644 --- a/core/src/com/cloud/agent/api/NetworkIngressRulesCmd.java +++ b/core/src/com/cloud/agent/api/SecurityIngressRulesCmd.java @@ -20,7 +20,7 @@ package com.cloud.agent.api; import com.google.gson.Gson; import com.google.gson.GsonBuilder; -public class NetworkIngressRulesCmd extends Command { +public class SecurityIngressRulesCmd extends Command { public static class IpPortAndProto { String proto; int startPort; @@ -69,12 +69,12 @@ public class NetworkIngressRulesCmd extends Command { Long vmId; IpPortAndProto [] ruleSet; - public NetworkIngressRulesCmd() { + public SecurityIngressRulesCmd() { super(); } - public NetworkIngressRulesCmd(String guestIp, String guestMac, String vmName, Long vmId, String signature, Long seqNum, IpPortAndProto[] ruleSet) { + public SecurityIngressRulesCmd(String guestIp, String guestMac, String vmName, Long vmId, String signature, Long seqNum, IpPortAndProto[] ruleSet) { super(); this.guestIp = guestIp; this.vmName = vmName; @@ -113,7 +113,7 @@ public class NetworkIngressRulesCmd extends Command { public String stringifyRules() { StringBuilder ruleBuilder = new StringBuilder(); - for (NetworkIngressRulesCmd.IpPortAndProto ipPandP: getRuleSet()) { + for (SecurityIngressRulesCmd.IpPortAndProto ipPandP: getRuleSet()) { ruleBuilder.append(ipPandP.getProto()).append(":").append(ipPandP.getStartPort()).append(":").append(ipPandP.getEndPort()).append(":"); for (String cidr: ipPandP.getAllowedCidrs()) { ruleBuilder.append(cidr).append(","); @@ -130,10 +130,10 @@ public class NetworkIngressRulesCmd extends Command { return json.toJson(this); } - public static NetworkIngressRulesCmd fromJson(String jsonString) { + public static SecurityIngressRulesCmd fromJson(String jsonString) { GsonBuilder gBuilder = new GsonBuilder(); Gson json = gBuilder.create(); - return json.fromJson(jsonString, NetworkIngressRulesCmd.class); + return json.fromJson(jsonString, SecurityIngressRulesCmd.class); } diff --git a/core/src/com/cloud/hypervisor/xen/resource/XenServerResource.java b/core/src/com/cloud/hypervisor/xen/resource/XenServerResource.java index f9ddae579d0..a953a97bd01 100644 --- a/core/src/com/cloud/hypervisor/xen/resource/XenServerResource.java +++ b/core/src/com/cloud/hypervisor/xen/resource/XenServerResource.java @@ -23,8 +23,8 @@ import org.apache.xmlrpc.XmlRpcException; import com.cloud.agent.api.Answer; import com.cloud.agent.api.Command; -import com.cloud.agent.api.NetworkIngressRuleAnswer; -import com.cloud.agent.api.NetworkIngressRulesCmd; +import com.cloud.agent.api.SecurityIngressRuleAnswer; +import com.cloud.agent.api.SecurityIngressRulesCmd; import com.cloud.hypervisor.xen.resource.CitrixResourceBase; import com.xensource.xenapi.VM; import com.cloud.resource.ServerResource; @@ -42,8 +42,8 @@ public class XenServerResource extends CitrixResourceBase { @Override public Answer executeRequest(Command cmd) { - if (cmd instanceof NetworkIngressRulesCmd) { - return execute((NetworkIngressRulesCmd) cmd); + if (cmd instanceof SecurityIngressRulesCmd) { + return execute((SecurityIngressRulesCmd) cmd); } else { return super.executeRequest(cmd); } @@ -69,7 +69,7 @@ public class XenServerResource extends CitrixResourceBase { return Boolean.valueOf(callHostPlugin(conn, "vmops", "can_bridge_firewall", "host_uuid", _host.uuid)); } - private Answer execute(NetworkIngressRulesCmd cmd) { + private Answer execute(SecurityIngressRulesCmd cmd) { Connection conn = getConnection(); if (s_logger.isTraceEnabled()) { s_logger.trace("Sending network rules command to " + _host.ip); @@ -77,7 +77,7 @@ public class XenServerResource extends CitrixResourceBase { if (!_canBridgeFirewall) { s_logger.info("Host " + _host.ip + " cannot do bridge firewalling"); - return new NetworkIngressRuleAnswer(cmd, false, "Host " + _host.ip + " cannot do bridge firewalling"); + return new SecurityIngressRuleAnswer(cmd, false, "Host " + _host.ip + " cannot do bridge firewalling"); } String result = callHostPlugin(conn, "vmops", "network_rules", @@ -91,10 +91,10 @@ public class XenServerResource extends CitrixResourceBase { if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) { s_logger.warn("Failed to program network rules for vm " + cmd.getVmName()); - return new NetworkIngressRuleAnswer(cmd, false, "programming network rules failed"); + return new SecurityIngressRuleAnswer(cmd, false, "programming network rules failed"); } else { s_logger.info("Programmed network rules for vm " + cmd.getVmName() + " guestIp=" + cmd.getGuestIp() + ", numrules=" + cmd.getRuleSet().length); - return new NetworkIngressRuleAnswer(cmd); + return new SecurityIngressRuleAnswer(cmd); } } diff --git a/core/src/com/cloud/network/security/IngressRuleVO.java b/core/src/com/cloud/network/security/IngressRuleVO.java index ee5b3cf4d3f..ec29a788741 100644 --- a/core/src/com/cloud/network/security/IngressRuleVO.java +++ b/core/src/com/cloud/network/security/IngressRuleVO.java @@ -31,15 +31,15 @@ import com.cloud.async.AsyncInstanceCreateStatus; import com.google.gson.annotations.Expose; @Entity -@Table(name=("network_ingress_rule")) +@Table(name=("security_ingress_rule")) public class IngressRuleVO implements IngressRule { @Id @GeneratedValue(strategy=GenerationType.IDENTITY) @Column(name="id") private long id; - @Column(name="network_group_id") - private long networkGroupId; + @Column(name="security_group_id") + private long securityGroupId; @Column(name="start_port") private int startPort; @@ -53,11 +53,11 @@ public class IngressRuleVO implements IngressRule { @Column(name="allowed_network_id", nullable=true) private Long allowedNetworkId = null; - @Column(name="allowed_network_group") - private String allowedNetworkGroup; + @Column(name="allowed_security_group") + private String allowedSecurityGroup; - @Column(name="allowed_net_grp_acct") - private String allowedNetGrpAcct; + @Column(name="allowed_sec_grp_acct") + private String allowedSecGrpAcct; @Column(name="allowed_ip_cidr", nullable=true) private String allowedSourceIpCidr = null; @@ -69,18 +69,18 @@ public class IngressRuleVO implements IngressRule { public IngressRuleVO() {} - public IngressRuleVO(long networkGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId, String allowedNetworkGroup, String allowedNetGrpAcct) { - this.networkGroupId = networkGroupId; + public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId, String allowedSecurityGroup, String allowedSecGrpAcct) { + this.securityGroupId = securityGroupId; this.startPort = fromPort; this.endPort = toPort; this.protocol = protocol; this.allowedNetworkId = allowedNetworkId; - this.allowedNetworkGroup = allowedNetworkGroup; - this.allowedNetGrpAcct = allowedNetGrpAcct; + this.allowedSecurityGroup = allowedSecurityGroup; + this.allowedSecGrpAcct = allowedSecGrpAcct; } - public IngressRuleVO(long networkGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr) { - this.networkGroupId = networkGroupId; + public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr) { + this.securityGroupId = securityGroupId; this.startPort = fromPort; this.endPort = toPort; this.protocol = protocol; @@ -93,8 +93,8 @@ public class IngressRuleVO implements IngressRule { } @Override - public long getNetworkGroupId() { - return networkGroupId; + public long getSecurityGroupId() { + return securityGroupId; } @Override @@ -127,13 +127,13 @@ public class IngressRuleVO implements IngressRule { } @Override - public String getAllowedNetworkGroup() { - return allowedNetworkGroup; + public String getAllowedSecurityGroup() { + return allowedSecurityGroup; } @Override - public String getAllowedNetGrpAcct() { - return allowedNetGrpAcct; + public String getAllowedSecGrpAcct() { + return allowedSecGrpAcct; } @Override diff --git a/core/src/com/cloud/network/security/NetworkGroupRulesVO.java b/core/src/com/cloud/network/security/SecurityGroupRulesVO.java similarity index 54% rename from core/src/com/cloud/network/security/NetworkGroupRulesVO.java rename to core/src/com/cloud/network/security/SecurityGroupRulesVO.java index 3e0e4060e8d..50d4d778c85 100644 --- a/core/src/com/cloud/network/security/NetworkGroupRulesVO.java +++ b/core/src/com/cloud/network/security/SecurityGroupRulesVO.java @@ -10,10 +10,10 @@ import javax.persistence.SecondaryTable; import javax.persistence.Table; @Entity -@Table(name=("network_group")) -@SecondaryTable(name="network_ingress_rule", join="left", - pkJoinColumns={@PrimaryKeyJoinColumn(name="id", referencedColumnName="network_group_id")}) -public class NetworkGroupRulesVO implements NetworkGroupRules { +@Table(name=("security_group")) +@SecondaryTable(name="security_ingress_rule", join="left", + pkJoinColumns={@PrimaryKeyJoinColumn(name="id", referencedColumnName="security_group_id")}) +public class SecurityGroupRulesVO implements SecurityGroupRules { @Id @GeneratedValue(strategy=GenerationType.IDENTITY) @Column(name="id") @@ -34,33 +34,33 @@ public class NetworkGroupRulesVO implements NetworkGroupRules { @Column(name="account_name") private String accountName; - @Column(name="id", table="network_ingress_rule", insertable=false, updatable=false) + @Column(name="id", table="security_ingress_rule", insertable=false, updatable=false) private Long ruleId; - @Column(name="start_port", table="network_ingress_rule", insertable=false, updatable=false) + @Column(name="start_port", table="security_ingress_rule", insertable=false, updatable=false) private int startPort; - @Column(name="end_port", table="network_ingress_rule", insertable=false, updatable=false) + @Column(name="end_port", table="security_ingress_rule", insertable=false, updatable=false) private int endPort; - @Column(name="protocol", table="network_ingress_rule", insertable=false, updatable=false) + @Column(name="protocol", table="security_ingress_rule", insertable=false, updatable=false) private String protocol; - @Column(name="allowed_network_id", table="network_ingress_rule", insertable=false, updatable=false, nullable=true) + @Column(name="allowed_network_id", table="security_ingress_rule", insertable=false, updatable=false, nullable=true) private Long allowedNetworkId = null; - @Column(name="allowed_network_group", table="network_ingress_rule", insertable=false, updatable=false, nullable=true) - private String allowedNetworkGroup = null; + @Column(name="allowed_security_group", table="security_ingress_rule", insertable=false, updatable=false, nullable=true) + private String allowedSecurityGroup = null; - @Column(name="allowed_net_grp_acct", table="network_ingress_rule", insertable=false, updatable=false, nullable=true) - private String allowedNetGrpAcct = null; + @Column(name="allowed_sec_grp_acct", table="security_ingress_rule", insertable=false, updatable=false, nullable=true) + private String allowedSecGrpAcct = null; - @Column(name="allowed_ip_cidr", table="network_ingress_rule", insertable=false, updatable=false, nullable=true) + @Column(name="allowed_ip_cidr", table="security_ingress_rule", insertable=false, updatable=false, nullable=true) private String allowedSourceIpCidr = null; - public NetworkGroupRulesVO() { } + public SecurityGroupRulesVO() { } - public NetworkGroupRulesVO(long id, String name, String description, Long domainId, Long accountId, String accountName, Long ruleId, int startPort, int endPort, String protocol, Long allowedNetworkId, String allowedNetworkGroup, String allowedNetGrpAcct, String allowedSourceIpCidr) { + public SecurityGroupRulesVO(long id, String name, String description, Long domainId, Long accountId, String accountName, Long ruleId, int startPort, int endPort, String protocol, Long allowedNetworkId, String allowedSecurityGroup, String allowedSecGrpAcct, String allowedSourceIpCidr) { this.id = id; this.name = name; this.description = description; @@ -72,8 +72,8 @@ public class NetworkGroupRulesVO implements NetworkGroupRules { this.endPort = endPort; this.protocol = protocol; this.allowedNetworkId = allowedNetworkId; - this.allowedNetworkGroup = allowedNetworkGroup; - this.allowedNetGrpAcct = allowedNetGrpAcct; + this.allowedSecurityGroup = allowedSecurityGroup; + this.allowedSecGrpAcct = allowedSecGrpAcct; this.allowedSourceIpCidr = allowedSourceIpCidr; } @@ -121,12 +121,12 @@ public class NetworkGroupRulesVO implements NetworkGroupRules { return allowedNetworkId; } - public String getAllowedNetworkGroup() { - return allowedNetworkGroup; + public String getAllowedSecurityGroup() { + return allowedSecurityGroup; } - public String getAllowedNetGrpAcct() { - return allowedNetGrpAcct; + public String getAllowedSecGrpAcct() { + return allowedSecGrpAcct; } public String getAllowedSourceIpCidr() { diff --git a/core/src/com/cloud/network/security/NetworkGroupVMMapVO.java b/core/src/com/cloud/network/security/SecurityGroupVMMapVO.java similarity index 78% rename from core/src/com/cloud/network/security/NetworkGroupVMMapVO.java rename to core/src/com/cloud/network/security/SecurityGroupVMMapVO.java index 29c793618b1..3aa82da72b1 100644 --- a/core/src/com/cloud/network/security/NetworkGroupVMMapVO.java +++ b/core/src/com/cloud/network/security/SecurityGroupVMMapVO.java @@ -31,23 +31,23 @@ import javax.persistence.Table; import com.cloud.vm.State; @Entity -@Table(name=("network_group_vm_map")) +@Table(name=("security_group_vm_map")) @SecondaryTables({ @SecondaryTable(name="user_vm", pkJoinColumns={@PrimaryKeyJoinColumn(name="instance_id", referencedColumnName="id")}), @SecondaryTable(name="vm_instance", pkJoinColumns={@PrimaryKeyJoinColumn(name="instance_id", referencedColumnName="id")}), -@SecondaryTable(name="network_group", - pkJoinColumns={@PrimaryKeyJoinColumn(name="network_group_id", referencedColumnName="id")}) +@SecondaryTable(name="security_group", + pkJoinColumns={@PrimaryKeyJoinColumn(name="security_group_id", referencedColumnName="id")}) }) -public class NetworkGroupVMMapVO { +public class SecurityGroupVMMapVO { @Id @GeneratedValue(strategy=GenerationType.IDENTITY) @Column(name="id") private Long id; - @Column(name="network_group_id") - private long networkGroupId; + @Column(name="security_group_id") + private long securityGroupId; @Column(name="instance_id") private long instanceId; @@ -58,13 +58,13 @@ public class NetworkGroupVMMapVO { @Column(name="state", table="vm_instance", insertable=false, updatable=false) private State vmState; - @Column(name="name", table="network_group", insertable=false, updatable=false) + @Column(name="name", table="security_group", insertable=false, updatable=false) private String groupName; - public NetworkGroupVMMapVO() { } + public SecurityGroupVMMapVO() { } - public NetworkGroupVMMapVO(long networkGroupId, long instanceId) { - this.networkGroupId = networkGroupId; + public SecurityGroupVMMapVO(long securityGroupId, long instanceId) { + this.securityGroupId = securityGroupId; this.instanceId = instanceId; } @@ -72,8 +72,8 @@ public class NetworkGroupVMMapVO { return id; } - public long getNetworkGroupId() { - return networkGroupId; + public long getSecurityGroupId() { + return securityGroupId; } public String getGuestIpAddress() { diff --git a/core/src/com/cloud/network/security/NetworkGroupVO.java b/core/src/com/cloud/network/security/SecurityGroupVO.java similarity index 87% rename from core/src/com/cloud/network/security/NetworkGroupVO.java rename to core/src/com/cloud/network/security/SecurityGroupVO.java index c58006917e6..d5a0b7e8299 100644 --- a/core/src/com/cloud/network/security/NetworkGroupVO.java +++ b/core/src/com/cloud/network/security/SecurityGroupVO.java @@ -26,8 +26,8 @@ import javax.persistence.Id; import javax.persistence.Table; @Entity -@Table(name=("network_group")) -public class NetworkGroupVO implements NetworkGroup { +@Table(name=("security_group")) +public class SecurityGroupVO implements SecurityGroup { @Id @GeneratedValue(strategy=GenerationType.IDENTITY) @Column(name="id") @@ -48,9 +48,9 @@ public class NetworkGroupVO implements NetworkGroup { @Column(name="account_name") private String accountName = null; - public NetworkGroupVO() {} + public SecurityGroupVO() {} - public NetworkGroupVO(String name, String description, long domainId, long accountId, String accountName) { + public SecurityGroupVO(String name, String description, long domainId, long accountId, String accountName) { this.name = name; this.description = description; this.domainId = domainId; diff --git a/core/src/com/cloud/network/security/NetworkGroupWorkVO.java b/core/src/com/cloud/network/security/SecurityGroupWorkVO.java similarity index 95% rename from core/src/com/cloud/network/security/NetworkGroupWorkVO.java rename to core/src/com/cloud/network/security/SecurityGroupWorkVO.java index 4f58478345c..e95031e8aac 100644 --- a/core/src/com/cloud/network/security/NetworkGroupWorkVO.java +++ b/core/src/com/cloud/network/security/SecurityGroupWorkVO.java @@ -34,7 +34,7 @@ import com.cloud.utils.db.GenericDao; @Entity @Table(name="op_nwgrp_work") -public class NetworkGroupWorkVO { +public class SecurityGroupWorkVO { public enum Step { Scheduled, Processing, @@ -70,7 +70,7 @@ public class NetworkGroupWorkVO { private Long logsequenceNumber = null; - protected NetworkGroupWorkVO() { + protected SecurityGroupWorkVO() { } public Long getId() { @@ -97,7 +97,7 @@ public class NetworkGroupWorkVO { - public NetworkGroupWorkVO(Long instanceId, Long serverId, Date created, + public SecurityGroupWorkVO(Long instanceId, Long serverId, Date created, Step step, Date dateTaken) { super(); this.instanceId = instanceId; diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java index cf44ac47078..1aed0885da8 100755 --- a/server/src/com/cloud/api/ApiDBUtils.java +++ b/server/src/com/cloud/api/ApiDBUtils.java @@ -36,9 +36,9 @@ import com.cloud.network.dao.IPAddressDao; import com.cloud.network.dao.LoadBalancerDao; import com.cloud.network.dao.NetworkDao; import com.cloud.network.dao.NetworkRuleConfigDao; -import com.cloud.network.security.NetworkGroup; -import com.cloud.network.security.NetworkGroupManager; -import com.cloud.network.security.dao.NetworkGroupDao; +import com.cloud.network.security.SecurityGroup; +import com.cloud.network.security.SecurityGroupManager; +import com.cloud.network.security.dao.SecurityGroupDao; import com.cloud.offering.ServiceOffering; import com.cloud.offerings.NetworkOfferingVO; import com.cloud.offerings.dao.NetworkOfferingDao; @@ -97,7 +97,7 @@ public class ApiDBUtils { private static AccountManager _accountMgr; private static AgentManager _agentMgr; public static AsyncJobManager _asyncMgr; - private static NetworkGroupManager _networkGroupMgr; + private static SecurityGroupManager _networkGroupMgr; private static SnapshotManager _snapMgr; private static StorageManager _storageMgr; private static UserVmManager _userVmMgr; @@ -115,7 +115,7 @@ public class ApiDBUtils { private static HostDao _hostDao; private static IPAddressDao _ipAddressDao; private static LoadBalancerDao _loadBalancerDao; - private static NetworkGroupDao _networkGroupDao; + private static SecurityGroupDao _networkGroupDao; private static NetworkRuleConfigDao _networkRuleConfigDao; private static HostPodDao _podDao; private static ServiceOfferingDao _serviceOfferingDao; @@ -140,7 +140,7 @@ public class ApiDBUtils { _accountMgr = locator.getManager(AccountManager.class); _agentMgr = locator.getManager(AgentManager.class); _asyncMgr = locator.getManager(AsyncJobManager.class); - _networkGroupMgr = locator.getManager(NetworkGroupManager.class); + _networkGroupMgr = locator.getManager(SecurityGroupManager.class); _snapMgr = locator.getManager(SnapshotManager.class); _storageMgr = locator.getManager(StorageManager.class); _userVmMgr = locator.getManager(UserVmManager.class); @@ -171,7 +171,7 @@ public class ApiDBUtils { _vlanDao = locator.getDao(VlanDao.class); _volumeDao = locator.getDao(VolumeDao.class); _zoneDao = locator.getDao(DataCenterDao.class); - _networkGroupDao = locator.getDao(NetworkGroupDao.class); + _networkGroupDao = locator.getDao(SecurityGroupDao.class); _networkOfferingDao = locator.getDao(NetworkOfferingDao.class); _networkDao = locator.getDao(NetworkDao.class); @@ -240,7 +240,7 @@ public class ApiDBUtils { } public static String getNetworkGroupsNamesForVm(long vmId) { - return _networkGroupMgr.getNetworkGroupsNamesForVm(vmId); + return _networkGroupMgr.getSecurityGroupsNamesForVm(vmId); } public static String getSnapshotIntervalTypes(long snapshotId) { @@ -351,7 +351,7 @@ public class ApiDBUtils { return _networkRuleConfigDao.findById(ruleId); } - public static NetworkGroup findNetworkGroupById(Long groupId) { + public static SecurityGroup findNetworkGroupById(Long groupId) { return _networkGroupDao.findById(groupId); } diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index 8796ff3efd5..7bf21431960 100644 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -51,7 +51,7 @@ import com.cloud.api.response.InstanceGroupResponse; import com.cloud.api.response.IpForwardingRuleResponse; import com.cloud.api.response.ListResponse; import com.cloud.api.response.LoadBalancerResponse; -import com.cloud.api.response.NetworkGroupResponse; +import com.cloud.api.response.SecurityGroupResponse; import com.cloud.api.response.NetworkOfferingResponse; import com.cloud.api.response.NetworkResponse; import com.cloud.api.response.NicResponse; @@ -75,7 +75,7 @@ import com.cloud.api.response.ZoneResponse; import com.cloud.async.AsyncJob; import com.cloud.async.AsyncJobResult; import com.cloud.async.executor.IngressRuleResultObject; -import com.cloud.async.executor.NetworkGroupResultObject; +import com.cloud.async.executor.SecurityGroupResultObject; import com.cloud.capacity.Capacity; import com.cloud.capacity.CapacityVO; import com.cloud.configuration.Configuration; @@ -105,8 +105,8 @@ import com.cloud.network.rules.FirewallRule; import com.cloud.network.rules.LoadBalancer; import com.cloud.network.rules.PortForwardingRule; import com.cloud.network.security.IngressRule; -import com.cloud.network.security.NetworkGroup; -import com.cloud.network.security.NetworkGroupRules; +import com.cloud.network.security.SecurityGroup; +import com.cloud.network.security.SecurityGroupRules; import com.cloud.offering.DiskOffering; import com.cloud.offering.NetworkOffering; import com.cloud.offering.NetworkOffering.GuestIpType; @@ -1035,7 +1035,7 @@ public class ApiResponseHelper implements ResponseGenerator { userVmResponse.setGuestOsId(userVm.getGuestOSId()); // network groups - userVmResponse.setNetworkGroupList(ApiDBUtils.getNetworkGroupsNamesForVm(userVm.getId())); + userVmResponse.setSecurityGroupList(ApiDBUtils.getNetworkGroupsNamesForVm(userVm.getId())); List nics = ApiDBUtils.getNics(userVm); List nicResponses = new ArrayList(); @@ -1483,13 +1483,13 @@ public class ApiResponseHelper implements ResponseGenerator { } @Override - public ListResponse createNetworkGroupResponses(List networkGroups) { - List groupResultObjs = NetworkGroupResultObject.transposeNetworkGroups(networkGroups); + public ListResponse createSecurityGroupResponses(List networkGroups) { + List groupResultObjs = SecurityGroupResultObject.transposeNetworkGroups(networkGroups); - ListResponse response = new ListResponse(); - List netGrpResponses = new ArrayList(); - for (NetworkGroupResultObject networkGroup : groupResultObjs) { - NetworkGroupResponse netGrpResponse = new NetworkGroupResponse(); + ListResponse response = new ListResponse(); + List netGrpResponses = new ArrayList(); + for (SecurityGroupResultObject networkGroup : groupResultObjs) { + SecurityGroupResponse netGrpResponse = new SecurityGroupResponse(); netGrpResponse.setId(networkGroup.getId()); netGrpResponse.setName(networkGroup.getName()); netGrpResponse.setDescription(networkGroup.getDescription()); @@ -1514,9 +1514,9 @@ public class ApiResponseHelper implements ResponseGenerator { ingressData.setEndPort(ingressRule.getEndPort()); } - if (ingressRule.getAllowedNetworkGroup() != null) { - ingressData.setNetworkGroupName(ingressRule.getAllowedNetworkGroup()); - ingressData.setAccountName(ingressRule.getAllowedNetGroupAcct()); + if (ingressRule.getAllowedSecurityGroup() != null) { + ingressData.setSecurityGroupName(ingressRule.getAllowedSecurityGroup()); + ingressData.setAccountName(ingressRule.getAllowedSecGroupAcct()); } else { ingressData.setCidr(ingressRule.getAllowedSourceIpCidr()); } @@ -1535,8 +1535,8 @@ public class ApiResponseHelper implements ResponseGenerator { } @Override - public NetworkGroupResponse createNetworkGroupResponse(NetworkGroup group) { - NetworkGroupResponse response = new NetworkGroupResponse(); + public SecurityGroupResponse createSecurityGroupResponse(SecurityGroup group) { + SecurityGroupResponse response = new SecurityGroupResponse(); response.setAccountName(group.getAccountName()); response.setDescription(group.getDescription()); response.setDomainId(group.getDomainId()); @@ -2084,17 +2084,17 @@ public class ApiResponseHelper implements ResponseGenerator { @Override - public NetworkGroupResponse createNetworkGroupResponseFromIngressRule(List ingressRules) { - NetworkGroupResponse response = new NetworkGroupResponse(); + public SecurityGroupResponse createSecurityGroupResponseFromIngressRule(List ingressRules) { + SecurityGroupResponse response = new SecurityGroupResponse(); if ((ingressRules != null) && !ingressRules.isEmpty()) { - NetworkGroup networkGroup = ApiDBUtils.findNetworkGroupById(ingressRules.get(0).getNetworkGroupId()); - response.setId(networkGroup.getId()); - response.setName(networkGroup.getName()); - response.setDescription(networkGroup.getDescription()); - response.setAccountName(networkGroup.getAccountName()); - response.setDomainId(networkGroup.getDomainId()); - response.setDomainName(ApiDBUtils.findDomainById(networkGroup.getDomainId()).getName()); + SecurityGroup securityGroup = ApiDBUtils.findNetworkGroupById(ingressRules.get(0).getSecurityGroupId()); + response.setId(securityGroup.getId()); + response.setName(securityGroup.getName()); + response.setDescription(securityGroup.getDescription()); + response.setAccountName(securityGroup.getAccountName()); + response.setDomainId(securityGroup.getDomainId()); + response.setDomainName(ApiDBUtils.findDomainById(securityGroup.getDomainId()).getName()); List responses = new ArrayList(); for (IngressRule ingressRule : ingressRules) { @@ -2110,9 +2110,9 @@ public class ApiResponseHelper implements ResponseGenerator { ingressData.setEndPort(ingressRule.getEndPort()); } - if (ingressRule.getAllowedNetworkGroup() != null) { - ingressData.setNetworkGroupName(ingressRule.getAllowedNetworkGroup()); - ingressData.setAccountName(ingressRule.getAllowedNetGrpAcct()); + if (ingressRule.getAllowedSecurityGroup() != null) { + ingressData.setSecurityGroupName(ingressRule.getAllowedSecurityGroup()); + ingressData.setAccountName(ingressRule.getAllowedSecGrpAcct()); } else { ingressData.setCidr(ingressRule.getAllowedSourceIpCidr()); } @@ -2121,7 +2121,7 @@ public class ApiResponseHelper implements ResponseGenerator { responses.add(ingressData); } response.setIngressRules(responses); - response.setObjectName("networkgroup"); + response.setObjectName("securitygroup"); } return response; diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index b428a0617ce..8d245f6e24f 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -655,9 +655,9 @@ public class ApiServer implements HttpRequestHandler { if (hypervisorType == null) hypervisorType = "kvm"; - String directAttachNetworkGroupsEnabled = _ms.getConfigurationValue("direct.attach.network.groups.enabled"); - if(directAttachNetworkGroupsEnabled == null) - directAttachNetworkGroupsEnabled = "false"; + String directAttachSecurityGroupsEnabled = _ms.getConfigurationValue("direct.attach.security.groups.enabled"); + if(directAttachSecurityGroupsEnabled == null) + directAttachSecurityGroupsEnabled = "false"; String systemVmUseLocalStorage = _ms.getConfigurationValue("system.vm.use.local.storage"); if (systemVmUseLocalStorage == null) @@ -674,7 +674,7 @@ public class ApiServer implements HttpRequestHandler { session.setAttribute("type", Short.valueOf(account.getType()).toString()); // session.setAttribute("networktype", networkType); session.setAttribute("hypervisortype", hypervisorType); - session.setAttribute("directattachnetworkgroupsenabled", directAttachNetworkGroupsEnabled); + session.setAttribute("directattachsecuritygroupsenabled", directAttachSecurityGroupsEnabled); session.setAttribute("systemvmuselocalstorage", systemVmUseLocalStorage); if (timezone != null) { diff --git a/server/src/com/cloud/async/executor/AuthorizeNetworkGroupIngressExecutor.java b/server/src/com/cloud/async/executor/AuthorizeSecurityGroupIngressExecutor.java similarity index 73% rename from server/src/com/cloud/async/executor/AuthorizeNetworkGroupIngressExecutor.java rename to server/src/com/cloud/async/executor/AuthorizeSecurityGroupIngressExecutor.java index a9b070ca62e..3f1477a6474 100644 --- a/server/src/com/cloud/async/executor/AuthorizeNetworkGroupIngressExecutor.java +++ b/server/src/com/cloud/async/executor/AuthorizeSecurityGroupIngressExecutor.java @@ -11,15 +11,15 @@ import com.cloud.async.AsyncJobResult; import com.cloud.async.AsyncJobVO; import com.cloud.async.BaseAsyncJobExecutor; import com.cloud.network.security.IngressRuleVO; -import com.cloud.network.security.NetworkGroupRulesVO; -import com.cloud.network.security.NetworkGroupVO; +import com.cloud.network.security.SecurityGroupRulesVO; +import com.cloud.network.security.SecurityGroupVO; import com.cloud.serializer.GsonHelper; import com.cloud.server.ManagementServer; import com.cloud.user.AccountVO; import com.google.gson.Gson; -public class AuthorizeNetworkGroupIngressExecutor extends BaseAsyncJobExecutor { - public static final Logger s_logger = Logger.getLogger(AuthorizeNetworkGroupIngressExecutor.class.getName()); +public class AuthorizeSecurityGroupIngressExecutor extends BaseAsyncJobExecutor { + public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressExecutor.class.getName()); @Override public boolean execute() { @@ -27,17 +27,17 @@ public class AuthorizeNetworkGroupIngressExecutor extends BaseAsyncJobExecutor { AsyncJobManager asyncMgr = getAsyncJobMgr(); AsyncJobVO job = getJob(); ManagementServer managementServer = asyncMgr.getExecutorContext().getManagementServer(); - NetworkGroupIngressParam param = gson.fromJson(job.getCmdInfo(), NetworkGroupIngressParam.class); + SecurityGroupIngressParam param = gson.fromJson(job.getCmdInfo(), SecurityGroupIngressParam.class); AccountVO account = param.getAccount(); /* if (getSyncSource() == null) { - NetworkGroupVO networkGroup = managementServer.findNetworkGroupByName(param.getAccount().getId(), param.getGroupName()); + SecurityGroupVO networkGroup = managementServer.findNetworkGroupByName(param.getAccount().getId(), param.getGroupName()); if(networkGroup == null) { asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR, "Unable to find network group " + param.getGroupName() + " for account " + account.getAccountName() + " (id: " + account.getId() + ")"); } else { - asyncMgr.syncAsyncJobExecution(job.getId(), "NetworkGroup", networkGroup.getId()); + asyncMgr.syncAsyncJobExecution(job.getId(), "SecurityGroup", networkGroup.getId()); } return true; } else { @@ -65,17 +65,17 @@ public class AuthorizeNetworkGroupIngressExecutor extends BaseAsyncJobExecutor { return true; } - private NetworkGroupResultObject composeResultObject(ManagementServer ms, Long accountId, String groupName, List addedRules) { - NetworkGroupVO networkGroup = ms.findNetworkGroupByName(accountId, groupName); - List groupRules = new ArrayList(); + private SecurityGroupResultObject composeResultObject(ManagementServer ms, Long accountId, String groupName, List addedRules) { + SecurityGroupVO networkGroup = ms.findNetworkGroupByName(accountId, groupName); + List groupRules = new ArrayList(); for (IngressRuleVO ingressRule : addedRules) { - NetworkGroupRulesVO groupRule = new NetworkGroupRulesVO(networkGroup.getId(), networkGroup.getName(), networkGroup.getDescription(), networkGroup.getDomainId(), + SecurityGroupRulesVO groupRule = new SecurityGroupRulesVO(networkGroup.getId(), networkGroup.getName(), networkGroup.getDescription(), networkGroup.getDomainId(), networkGroup.getAccountId(), networkGroup.getAccountName(), ingressRule.getId(), ingressRule.getStartPort(), ingressRule.getEndPort(), - ingressRule.getProtocol(), ingressRule.getAllowedNetworkId(), ingressRule.getAllowedNetworkGroup(), ingressRule.getAllowedNetGrpAcct(), + ingressRule.getProtocol(), ingressRule.getAllowedNetworkId(), ingressRule.getAllowedSecurityGroup(), ingressRule.getAllowedSecGrpAcct(), ingressRule.getAllowedSourceIpCidr()); groupRules.add(groupRule); } - List results = NetworkGroupResultObject.transposeNetworkGroups(groupRules); + List results = SecurityGroupResultObject.transposeNetworkGroups(groupRules); if ((results != null) && !results.isEmpty()) { return results.get(0); } diff --git a/server/src/com/cloud/async/executor/DeployVMResultObject.java b/server/src/com/cloud/async/executor/DeployVMResultObject.java index 43e4a7f321a..be0982ecc9e 100644 --- a/server/src/com/cloud/async/executor/DeployVMResultObject.java +++ b/server/src/com/cloud/async/executor/DeployVMResultObject.java @@ -121,8 +121,8 @@ public class DeployVMResultObject { @Param(name="hostid") private Long hostid; - @Param(name="networkgrouplist") - private String networkGroupList; + @Param(name="securitygrouplist") + private String securityGroupList; @Param(name="rootdeviceid") private Long rootDeviceId; @@ -146,12 +146,12 @@ public class DeployVMResultObject { this.rootDeviceType = deviceType; } - public String getNetworkGroupList(){ - return this.networkGroupList; + public String getSecurityGroupList(){ + return this.securityGroupList; } - public void setNetworkGroupList(String nGroups){ - this.networkGroupList = nGroups; + public void setSecurityGroupList(String nGroups){ + this.securityGroupList = nGroups; } public String getIsoDisplayText() { diff --git a/server/src/com/cloud/async/executor/IngressRuleResultObject.java b/server/src/com/cloud/async/executor/IngressRuleResultObject.java index 0730b4ab749..034d1a32bc3 100644 --- a/server/src/com/cloud/async/executor/IngressRuleResultObject.java +++ b/server/src/com/cloud/async/executor/IngressRuleResultObject.java @@ -15,24 +15,24 @@ public class IngressRuleResultObject { @Param(name="protocol") private String protocol; - @Param(name="networkgroup") - private String allowedNetworkGroup = null; + @Param(name="securitygroup") + private String allowedSecurityGroup = null; @Param(name="account") - private String allowedNetGroupAcct = null; + private String allowedSecGroupAcct = null; @Param(name="cidr") private String allowedSourceIpCidr = null; public IngressRuleResultObject() { } - public IngressRuleResultObject(Long id, int startPort, int endPort, String protocol, String allowedNetworkGroup, String allowedNetGroupAcct, String allowedSourceIpCidr) { + public IngressRuleResultObject(Long id, int startPort, int endPort, String protocol, String allowedSecurityGroup, String allowedSecGroupAcct, String allowedSourceIpCidr) { this.id = id; this.startPort = startPort; this.endPort = endPort; this.protocol = protocol; - this.allowedNetworkGroup = allowedNetworkGroup; - this.allowedNetGroupAcct = allowedNetGroupAcct; + this.allowedSecurityGroup = allowedSecurityGroup; + this.allowedSecGroupAcct = allowedSecGroupAcct; this.allowedSourceIpCidr = allowedSourceIpCidr; } @@ -68,20 +68,20 @@ public class IngressRuleResultObject { this.protocol = protocol; } - public String getAllowedNetworkGroup() { - return allowedNetworkGroup; + public String getAllowedSecurityGroup() { + return allowedSecurityGroup; } - public void setAllowedNetworkGroup(String allowedNetworkGroup) { - this.allowedNetworkGroup = allowedNetworkGroup; + public void setAllowedSecurityGroup(String allowedSecurityGroup) { + this.allowedSecurityGroup = allowedSecurityGroup; } - public String getAllowedNetGroupAcct() { - return allowedNetGroupAcct; + public String getAllowedSecGroupAcct() { + return allowedSecGroupAcct; } - public void setAllowedNetGroupAcct(String allowedNetGroupAcct) { - this.allowedNetGroupAcct = allowedNetGroupAcct; + public void setAllowedSecGroupAcct(String allowedSecGroupAcct) { + this.allowedSecGroupAcct = allowedSecGroupAcct; } public String getAllowedSourceIpCidr() { diff --git a/server/src/com/cloud/async/executor/RevokeNetworkGroupIngressExecutor.java b/server/src/com/cloud/async/executor/RevokeNetworkGroupIngressExecutor.java index a928f85ea24..59743002412 100644 --- a/server/src/com/cloud/async/executor/RevokeNetworkGroupIngressExecutor.java +++ b/server/src/com/cloud/async/executor/RevokeNetworkGroupIngressExecutor.java @@ -7,7 +7,7 @@ import com.cloud.async.AsyncJobManager; import com.cloud.async.AsyncJobResult; import com.cloud.async.AsyncJobVO; import com.cloud.async.BaseAsyncJobExecutor; -import com.cloud.network.security.NetworkGroupVO; +import com.cloud.network.security.SecurityGroupVO; import com.cloud.serializer.GsonHelper; import com.cloud.server.ManagementServer; import com.cloud.user.AccountVO; @@ -22,17 +22,17 @@ public class RevokeNetworkGroupIngressExecutor extends BaseAsyncJobExecutor { AsyncJobManager asyncMgr = getAsyncJobMgr(); AsyncJobVO job = getJob(); ManagementServer managementServer = asyncMgr.getExecutorContext().getManagementServer(); - NetworkGroupIngressParam param = gson.fromJson(job.getCmdInfo(), NetworkGroupIngressParam.class); + SecurityGroupIngressParam param = gson.fromJson(job.getCmdInfo(), SecurityGroupIngressParam.class); AccountVO account = param.getAccount(); /* if (getSyncSource() == null) { - NetworkGroupVO networkGroup = managementServer.findNetworkGroupByName(param.getAccount().getId(), param.getGroupName()); + SecurityGroupVO networkGroup = managementServer.findNetworkGroupByName(param.getAccount().getId(), param.getGroupName()); if(networkGroup == null) { asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR, "Unable to find network group " + param.getGroupName() + " for account " + account.getAccountName() + " (id: " + account.getId() + ")"); } else { - asyncMgr.syncAsyncJobExecution(job.getId(), "NetworkGroup", networkGroup.getId()); + asyncMgr.syncAsyncJobExecution(job.getId(), "SecurityGroup", networkGroup.getId()); } return true; } else { diff --git a/server/src/com/cloud/async/executor/NetworkGroupIngressParam.java b/server/src/com/cloud/async/executor/SecurityGroupIngressParam.java similarity index 63% rename from server/src/com/cloud/async/executor/NetworkGroupIngressParam.java rename to server/src/com/cloud/async/executor/SecurityGroupIngressParam.java index 3ed0aafad37..477ea3c9576 100644 --- a/server/src/com/cloud/async/executor/NetworkGroupIngressParam.java +++ b/server/src/com/cloud/async/executor/SecurityGroupIngressParam.java @@ -2,21 +2,21 @@ package com.cloud.async.executor; import java.util.List; -import com.cloud.network.security.NetworkGroupVO; +import com.cloud.network.security.SecurityGroupVO; import com.cloud.user.AccountVO; -public class NetworkGroupIngressParam { +public class SecurityGroupIngressParam { private AccountVO account; private String groupName; private String protocol; private int startPort; private int endPort; private String[] cidrList; - private List authorizedGroups; + private List authorizedGroups; - protected NetworkGroupIngressParam() { } + protected SecurityGroupIngressParam() { } - public NetworkGroupIngressParam(AccountVO account, String groupName, String protocol, int startPort, int endPort, String[] cidrList, List authorizedGroups) { + public SecurityGroupIngressParam(AccountVO account, String groupName, String protocol, int startPort, int endPort, String[] cidrList, List authorizedGroups) { this.account = account; this.groupName = groupName; this.protocol = protocol; @@ -50,7 +50,7 @@ public class NetworkGroupIngressParam { return cidrList; } - public List getAuthorizedGroups() { + public List getAuthorizedGroups() { return authorizedGroups; } } diff --git a/server/src/com/cloud/async/executor/NetworkGroupResultObject.java b/server/src/com/cloud/async/executor/SecurityGroupResultObject.java similarity index 78% rename from server/src/com/cloud/async/executor/NetworkGroupResultObject.java rename to server/src/com/cloud/async/executor/SecurityGroupResultObject.java index 48e8dbfccef..48111d63d73 100644 --- a/server/src/com/cloud/async/executor/NetworkGroupResultObject.java +++ b/server/src/com/cloud/async/executor/SecurityGroupResultObject.java @@ -3,10 +3,10 @@ package com.cloud.async.executor; import java.util.ArrayList; import java.util.List; -import com.cloud.network.security.NetworkGroupRules; +import com.cloud.network.security.SecurityGroupRules; import com.cloud.serializer.Param; -public class NetworkGroupResultObject { +public class SecurityGroupResultObject { @Param(name="id") private Long id; @@ -28,9 +28,9 @@ public class NetworkGroupResultObject { @Param(name="ingressrules") private List ingressRules = null; - public NetworkGroupResultObject() {} + public SecurityGroupResultObject() {} - public NetworkGroupResultObject(Long id, String name, String description, Long domainId, Long accountId, String accountName, List ingressRules) { + public SecurityGroupResultObject(Long id, String name, String description, Long domainId, Long accountId, String accountName, List ingressRules) { this.id = id; this.name = name; this.description = description; @@ -96,15 +96,15 @@ public class NetworkGroupResultObject { this.ingressRules = ingressRules; } - public static List transposeNetworkGroups(List groups) { - List resultObjects = new ArrayList(); + public static List transposeNetworkGroups(List groups) { + List resultObjects = new ArrayList(); if ((groups != null) && !groups.isEmpty()) { List ingressDataList = new ArrayList(); - NetworkGroupResultObject currentGroup = null; + SecurityGroupResultObject currentGroup = null; List processedGroups = new ArrayList(); - for (NetworkGroupRules netGroupRule : groups) { + for (SecurityGroupRules netGroupRule : groups) { Long groupId = netGroupRule.getId(); if (!processedGroups.contains(groupId)) { processedGroups.add(groupId); @@ -118,7 +118,7 @@ public class NetworkGroupResultObject { } // start a new group - NetworkGroupResultObject groupResult = new NetworkGroupResultObject(); + SecurityGroupResultObject groupResult = new SecurityGroupResultObject(); groupResult.setId(netGroupRule.getId()); groupResult.setName(netGroupRule.getName()); groupResult.setDescription(netGroupRule.getDescription()); @@ -137,9 +137,9 @@ public class NetworkGroupResultObject { ingressData.setId(netGroupRule.getRuleId()); ingressData.setProtocol(netGroupRule.getProtocol()); - if (netGroupRule.getAllowedNetworkGroup() != null) { - ingressData.setAllowedNetworkGroup(netGroupRule.getAllowedNetworkGroup()); - ingressData.setAllowedNetGroupAcct(netGroupRule.getAllowedNetGrpAcct()); + if (netGroupRule.getAllowedSecurityGroup() != null) { + ingressData.setAllowedSecurityGroup(netGroupRule.getAllowedSecurityGroup()); + ingressData.setAllowedSecGroupAcct(netGroupRule.getAllowedSecGrpAcct()); } else if (netGroupRule.getAllowedSourceIpCidr() != null) { ingressData.setAllowedSourceIpCidr(netGroupRule.getAllowedSourceIpCidr()); } diff --git a/server/src/com/cloud/async/executor/VMOperationResultObject.java b/server/src/com/cloud/async/executor/VMOperationResultObject.java index 12da4875eab..0293e07c3da 100644 --- a/server/src/com/cloud/async/executor/VMOperationResultObject.java +++ b/server/src/com/cloud/async/executor/VMOperationResultObject.java @@ -117,8 +117,8 @@ public class VMOperationResultObject { @Param(name="hostid") private Long hostid; - @Param(name="networkgrouplist") - private String networkGroupList; + @Param(name="securitygrouplist") + private String securityGroupList; @Param(name="rootdeviceid") private Long rootDeviceId; @@ -142,12 +142,12 @@ public class VMOperationResultObject { this.rootDeviceType = deviceType; } - public String getNetworkGroupList(){ - return this.networkGroupList; + public String getSecurityGroupList(){ + return this.securityGroupList; } - public void setNetworkGroupList(String nGroups){ - this.networkGroupList = nGroups; + public void setSecurityGroupList(String nGroups){ + this.securityGroupList = nGroups; } public long getId() { diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index 739278f05da..ea7f2f7d8be 100644 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -152,7 +152,7 @@ public enum Config { SecStorageAllowedInternalDownloadSites("Advanced", ManagementServer.class, String.class, "secstorage.allowed.internal.sites", null, "Comma separated list of cidrs internal to the datacenter that can host template download servers", null), SecStorageEncryptCopy("Advanced", ManagementServer.class, Boolean.class, "secstorage.encrypt.copy", "false", "Use SSL method used to encrypt copy traffic between zones", "true,false"), SecStorageSecureCopyCert("Advanced", ManagementServer.class, Boolean.class, "secstorage.ssl.cert.domain", "realhostip.com", "SSL certificate used to encrypt copy traffic between zones", "realhostip.com"), - DirectAttachNetworkGroupsEnabled("Advanced", ManagementServer.class, Boolean.class, "direct.attach.network.groups.enabled", "false", "Ec2-style distributed firewall for direct-attach VMs", "true,false"), + DirectAttachSecurityGroupsEnabled("Advanced", ManagementServer.class, Boolean.class, "direct.attach.security.groups.enabled", "false", "Ec2-style distributed firewall for direct-attach VMs", "true,false"), DirectAttachNetworkEnabled("Advanced", ManagementServer.class, Boolean.class, "direct.attach.network.externalIpAllocator.enabled", "false", "Direct-attach VMs using external DHCP server", "true,false"), DirectAttachNetworkExternalAPIURL("Advanced", ManagementServer.class, String.class, "direct.attach.network.externalIpAllocator.url", null, "Direct-attach VMs using external DHCP server (API url)", null), CheckPodCIDRs("Advanced", ManagementServer.class, String.class, "check.pod.cidrs", "true", "If true, different pods must belong to different CIDR subnets.", "true,false"), diff --git a/server/src/com/cloud/configuration/DefaultComponentLibrary.java b/server/src/com/cloud/configuration/DefaultComponentLibrary.java index 535f1ef5b35..4056731fa1b 100644 --- a/server/src/com/cloud/configuration/DefaultComponentLibrary.java +++ b/server/src/com/cloud/configuration/DefaultComponentLibrary.java @@ -73,12 +73,12 @@ import com.cloud.network.lb.LoadBalancingRulesManagerImpl; import com.cloud.network.router.DomainRouterManagerImpl; import com.cloud.network.rules.RulesManagerImpl; import com.cloud.network.rules.dao.PortForwardingRulesDaoImpl; -import com.cloud.network.security.NetworkGroupManagerImpl; +import com.cloud.network.security.SecurityGroupManagerImpl; import com.cloud.network.security.dao.IngressRuleDaoImpl; -import com.cloud.network.security.dao.NetworkGroupDaoImpl; -import com.cloud.network.security.dao.NetworkGroupRulesDaoImpl; -import com.cloud.network.security.dao.NetworkGroupVMMapDaoImpl; -import com.cloud.network.security.dao.NetworkGroupWorkDaoImpl; +import com.cloud.network.security.dao.SecurityGroupDaoImpl; +import com.cloud.network.security.dao.SecurityGroupRulesDaoImpl; +import com.cloud.network.security.dao.SecurityGroupVMMapDaoImpl; +import com.cloud.network.security.dao.SecurityGroupWorkDaoImpl; import com.cloud.network.security.dao.VmRulesetLogDaoImpl; import com.cloud.offerings.dao.NetworkOfferingDaoImpl; import com.cloud.service.dao.ServiceOfferingDaoImpl; @@ -180,11 +180,11 @@ public class DefaultComponentLibrary implements ComponentLibrary { addDao("NetworkRuleConfigDao", NetworkRuleConfigDaoImpl.class); addDao("LoadBalancerVMMapDao", LoadBalancerVMMapDaoImpl.class); addDao("DataCenterIpAddressDao", DataCenterIpAddressDaoImpl.class); - addDao("NetworkGroupDao", NetworkGroupDaoImpl.class); + addDao("SecurityGroupDao", SecurityGroupDaoImpl.class); addDao("IngressRuleDao", IngressRuleDaoImpl.class); - addDao("NetworkGroupVMMapDao", NetworkGroupVMMapDaoImpl.class); - addDao("NetworkGroupRulesDao", NetworkGroupRulesDaoImpl.class); - addDao("NetworkGroupWorkDao", NetworkGroupWorkDaoImpl.class); + addDao("SecurityGroupVMMapDao", SecurityGroupVMMapDaoImpl.class); + addDao("SecurityGroupRulesDao", SecurityGroupRulesDaoImpl.class); + addDao("SecurityGroupWorkDao", SecurityGroupWorkDaoImpl.class); addDao("VmRulesetLogDao", VmRulesetLogDaoImpl.class); addDao("AlertDao", AlertDaoImpl.class); addDao("CapacityDao", CapacityDaoImpl.class); @@ -278,7 +278,7 @@ public class DefaultComponentLibrary implements ComponentLibrary { addManager("Template Manager", TemplateManagerImpl.class); addManager("Snapshot Manager", SnapshotManagerImpl.class); addManager("SnapshotScheduler", SnapshotSchedulerImpl.class); - addManager("NetworkGroupManager", NetworkGroupManagerImpl.class); + addManager("SecurityGroupManager", SecurityGroupManagerImpl.class); addManager("VmManager", VirtualMachineManagerImpl.class); addManager("DomainRouterManager", DomainRouterManagerImpl.class); addManager("EntityManager", EntityManagerImpl.class); diff --git a/server/src/com/cloud/network/security/NetworkGroupListener.java b/server/src/com/cloud/network/security/SecurityGroupListener.java similarity index 77% rename from server/src/com/cloud/network/security/NetworkGroupListener.java rename to server/src/com/cloud/network/security/SecurityGroupListener.java index 885eef3b643..715d4549213 100644 --- a/server/src/com/cloud/network/security/NetworkGroupListener.java +++ b/server/src/com/cloud/network/security/SecurityGroupListener.java @@ -29,30 +29,30 @@ import com.cloud.agent.api.AgentControlAnswer; import com.cloud.agent.api.AgentControlCommand; import com.cloud.agent.api.Answer; import com.cloud.agent.api.Command; -import com.cloud.agent.api.NetworkIngressRuleAnswer; +import com.cloud.agent.api.SecurityIngressRuleAnswer; import com.cloud.agent.api.PingRoutingWithNwGroupsCommand; import com.cloud.agent.api.StartupCommand; import com.cloud.host.HostVO; import com.cloud.host.Status; -import com.cloud.network.security.NetworkGroupWorkVO.Step; -import com.cloud.network.security.dao.NetworkGroupWorkDao; +import com.cloud.network.security.SecurityGroupWorkVO.Step; +import com.cloud.network.security.dao.SecurityGroupWorkDao; /** * Listens for answers to ingress rules modification commands * */ -public class NetworkGroupListener implements Listener { - public static final Logger s_logger = Logger.getLogger(NetworkGroupListener.class.getName()); +public class SecurityGroupListener implements Listener { + public static final Logger s_logger = Logger.getLogger(SecurityGroupListener.class.getName()); - NetworkGroupManagerImpl _networkGroupManager; + SecurityGroupManagerImpl _securityGroupManager; AgentManager _agentMgr; - NetworkGroupWorkDao _workDao; + SecurityGroupWorkDao _workDao; - public NetworkGroupListener(NetworkGroupManagerImpl networkGroupManager, - AgentManager agentMgr, NetworkGroupWorkDao workDao) { + public SecurityGroupListener(SecurityGroupManagerImpl securityGroupManager, + AgentManager agentMgr, SecurityGroupWorkDao workDao) { super(); - _networkGroupManager = networkGroupManager; + _securityGroupManager = securityGroupManager; _agentMgr = agentMgr; _workDao = workDao; } @@ -75,8 +75,8 @@ public class NetworkGroupListener implements Listener { Set affectedVms = new HashSet(); int commandNum = 0; for (Answer ans: answers) { - if (ans instanceof NetworkIngressRuleAnswer) { - NetworkIngressRuleAnswer ruleAnswer = (NetworkIngressRuleAnswer) ans; + if (ans instanceof SecurityIngressRuleAnswer) { + SecurityIngressRuleAnswer ruleAnswer = (SecurityIngressRuleAnswer) ans; if (ans.getResult()) { s_logger.debug("Successfully programmed rule " + ruleAnswer.toString() + " into host " + agentId); _workDao.updateStep(ruleAnswer.getVmId(), ruleAnswer.getLogSequenceNumber(), Step.Done); @@ -89,7 +89,7 @@ public class NetworkGroupListener implements Listener { commandNum++; } } - _networkGroupManager.scheduleRulesetUpdateToHosts(affectedVms, false, new Long(10*1000l)); + _securityGroupManager.scheduleRulesetUpdateToHosts(affectedVms, false, new Long(10*1000l)); return true; } @@ -101,7 +101,7 @@ public class NetworkGroupListener implements Listener { if (cmd instanceof PingRoutingWithNwGroupsCommand) { PingRoutingWithNwGroupsCommand ping = (PingRoutingWithNwGroupsCommand)cmd; if (ping.getNewGroupStates().size() > 0) { - _networkGroupManager.fullSync(agentId, ping.getNewGroupStates()); + _securityGroupManager.fullSync(agentId, ping.getNewGroupStates()); } processed = true; } diff --git a/server/src/com/cloud/network/security/NetworkGroupManager.java b/server/src/com/cloud/network/security/SecurityGroupManager.java similarity index 77% rename from server/src/com/cloud/network/security/NetworkGroupManager.java rename to server/src/com/cloud/network/security/SecurityGroupManager.java index 3fb0f6de6a6..d516e1890ec 100644 --- a/server/src/com/cloud/network/security/NetworkGroupManager.java +++ b/server/src/com/cloud/network/security/SecurityGroupManager.java @@ -28,22 +28,22 @@ import com.cloud.vm.State; * Ensures that network firewall rules stay updated as VMs go up and down * */ -public interface NetworkGroupManager { +public interface SecurityGroupManager { public static final String DEFAULT_GROUP_NAME = "default"; - public static final String DEFAULT_GROUP_DESCRIPTION = "Default Network Group"; + public static final String DEFAULT_GROUP_DESCRIPTION = "Default Security Group"; public void handleVmStateTransition(UserVm userVm, State vmState); - public NetworkGroupVO createNetworkGroup(String name, String description, Long domainId, Long accountId, String accountName); + public SecurityGroupVO createSecurityGroup(String name, String description, Long domainId, Long accountId, String accountName); - public NetworkGroupVO createDefaultNetworkGroup( Long accountId); + public SecurityGroupVO createDefaultSecurityGroup( Long accountId); - public boolean addInstanceToGroups(Long userVmId, List groups); + public boolean addInstanceToGroups(Long userVmId, List groups); public void removeInstanceFromGroups(Long userVmId); public void fullSync(long agentId, HashMap> newGroupStates); - public String getNetworkGroupsNamesForVm(long vmId); + public String getSecurityGroupsNamesForVm(long vmId); } diff --git a/server/src/com/cloud/network/security/NetworkGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java similarity index 77% rename from server/src/com/cloud/network/security/NetworkGroupManagerImpl.java rename to server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index d18f50553ab..d0a68ec1f5e 100644 --- a/server/src/com/cloud/network/security/NetworkGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -40,16 +40,16 @@ import org.apache.commons.codec.digest.DigestUtils; import org.apache.log4j.Logger; import com.cloud.agent.AgentManager; -import com.cloud.agent.api.NetworkIngressRulesCmd; -import com.cloud.agent.api.NetworkIngressRulesCmd.IpPortAndProto; +import com.cloud.agent.api.SecurityIngressRulesCmd; +import com.cloud.agent.api.SecurityIngressRulesCmd.IpPortAndProto; import com.cloud.agent.manager.Commands; import com.cloud.api.BaseCmd; import com.cloud.api.ServerApiException; -import com.cloud.api.commands.AuthorizeNetworkGroupIngressCmd; -import com.cloud.api.commands.CreateNetworkGroupCmd; -import com.cloud.api.commands.DeleteNetworkGroupCmd; -import com.cloud.api.commands.ListNetworkGroupsCmd; -import com.cloud.api.commands.RevokeNetworkGroupIngressCmd; +import com.cloud.api.commands.AuthorizeSecurityGroupIngressCmd; +import com.cloud.api.commands.CreateSecurityGroupCmd; +import com.cloud.api.commands.DeleteSecurityGroupCmd; +import com.cloud.api.commands.ListSecurityGroupsCmd; +import com.cloud.api.commands.RevokeSecurityGroupIngressCmd; import com.cloud.configuration.dao.ConfigurationDao; import com.cloud.domain.DomainVO; import com.cloud.domain.dao.DomainDao; @@ -57,12 +57,12 @@ import com.cloud.exception.AgentUnavailableException; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceInUseException; -import com.cloud.network.security.NetworkGroupWorkVO.Step; +import com.cloud.network.security.SecurityGroupWorkVO.Step; import com.cloud.network.security.dao.IngressRuleDao; -import com.cloud.network.security.dao.NetworkGroupDao; -import com.cloud.network.security.dao.NetworkGroupRulesDao; -import com.cloud.network.security.dao.NetworkGroupVMMapDao; -import com.cloud.network.security.dao.NetworkGroupWorkDao; +import com.cloud.network.security.dao.SecurityGroupDao; +import com.cloud.network.security.dao.SecurityGroupRulesDao; +import com.cloud.network.security.dao.SecurityGroupVMMapDao; +import com.cloud.network.security.dao.SecurityGroupWorkDao; import com.cloud.network.security.dao.VmRulesetLogDao; import com.cloud.server.ManagementServer; import com.cloud.user.Account; @@ -87,18 +87,18 @@ import com.cloud.vm.State; import com.cloud.vm.UserVmVO; import com.cloud.vm.dao.UserVmDao; -@Local(value={NetworkGroupManager.class, NetworkGroupService.class}) -public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGroupService, Manager { - public static final Logger s_logger = Logger.getLogger(NetworkGroupManagerImpl.class); +@Local(value={SecurityGroupManager.class, SecurityGroupService.class}) +public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityGroupService, Manager { + public static final Logger s_logger = Logger.getLogger(SecurityGroupManagerImpl.class); - @Inject NetworkGroupDao _networkGroupDao; + @Inject SecurityGroupDao _securityGroupDao; @Inject IngressRuleDao _ingressRuleDao; - @Inject NetworkGroupVMMapDao _networkGroupVMMapDao; - @Inject NetworkGroupRulesDao _networkGroupRulesDao; + @Inject SecurityGroupVMMapDao _securityGroupVMMapDao; + @Inject SecurityGroupRulesDao _securityGroupRulesDao; @Inject UserVmDao _userVMDao; @Inject AccountDao _accountDao; @Inject ConfigurationDao _configDao; - @Inject NetworkGroupWorkDao _workDao; + @Inject SecurityGroupWorkDao _workDao; @Inject VmRulesetLogDao _rulesetLogDao; @Inject DomainDao _domainDao; @Inject AgentManager _agentMgr; @@ -111,13 +111,13 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou boolean _enabled = false; - NetworkGroupListener _answerListener; + SecurityGroupListener _answerListener; - private final class NetworkGroupVOComparator implements - Comparator { + private final class SecurityGroupVOComparator implements + Comparator { @Override - public int compare(NetworkGroupVO o1, NetworkGroupVO o2) { + public int compare(SecurityGroupVO o1, SecurityGroupVO o2) { return o1.getId() == o2.getId() ? 0 : o1.getId() < o2.getId() ? -1 : 1; } } @@ -268,9 +268,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou Map> allowed = new TreeMap>(); - List groupsForVm = _networkGroupVMMapDao.listByInstanceId(userVmId); - for (NetworkGroupVMMapVO mapVO: groupsForVm) { - List rules = _ingressRuleDao.listByNetworkGroupId(mapVO.getNetworkGroupId()); + List groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVmId); + for (SecurityGroupVMMapVO mapVO: groupsForVm) { + List rules = _ingressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId()); for (IngressRuleVO rule: rules){ PortAndProto portAndProto = new PortAndProto(rule.getProtocol(), rule.getStartPort(), rule.getEndPort()); Set cidrs = allowed.get(portAndProto ); @@ -278,8 +278,8 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou cidrs = new TreeSet(new CidrComparator()); } if (rule.getAllowedNetworkId() != null){ - List allowedInstances = _networkGroupVMMapDao.listByNetworkGroup(rule.getAllowedNetworkId(), State.Running); - for (NetworkGroupVMMapVO ngmapVO: allowedInstances){ + List allowedInstances = _securityGroupVMMapDao.listBySecurityGroup(rule.getAllowedNetworkId(), State.Running); + for (SecurityGroupVMMapVO ngmapVO: allowedInstances){ String cidr = ngmapVO.getGuestIpAddress(); if (cidr != null) { cidr = cidr + "/32"; @@ -320,7 +320,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou Transaction txn = Transaction.currentTxn(); txn.start(); VmRulesetLogVO log = null; - NetworkGroupWorkVO work = null; + SecurityGroupWorkVO work = null; UserVm vm = null; try { vm = _userVMDao.acquireInLockTable(vmId); @@ -340,7 +340,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou } work = _workDao.findByVmIdStep(vmId, Step.Scheduled); if (work == null) { - work = new NetworkGroupWorkVO(vmId, null, null, NetworkGroupWorkVO.Step.Scheduled, null); + work = new SecurityGroupWorkVO(vmId, null, null, SecurityGroupWorkVO.Step.Scheduled, null); work = _workDao.persist(work); } @@ -362,10 +362,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou protected Set getAffectedVmsForVmStart(UserVm userVm) { Set affectedVms = new HashSet(); affectedVms.add(userVm.getId()); - List groupsForVm = _networkGroupVMMapDao.listByInstanceId(userVm.getId()); + List groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVm.getId()); //For each group, find the ingress rules that allow the group - for (NetworkGroupVMMapVO mapVO: groupsForVm) {//FIXME: use custom sql in the dao - List allowingRules = _ingressRuleDao.listByAllowedNetworkGroupId(mapVO.getNetworkGroupId()); + for (SecurityGroupVMMapVO mapVO: groupsForVm) {//FIXME: use custom sql in the dao + List allowingRules = _ingressRuleDao.listByAllowedSecurityGroupId(mapVO.getSecurityGroupId()); //For each ingress rule that allows a group that the vm belongs to, find the group it belongs to affectedVms.addAll(getAffectedVmsForIngressRules(allowingRules)); } @@ -374,10 +374,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou protected Set getAffectedVmsForVmStop(UserVm userVm) { Set affectedVms = new HashSet(); - List groupsForVm = _networkGroupVMMapDao.listByInstanceId(userVm.getId()); + List groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVm.getId()); //For each group, find the ingress rules that allow the group - for (NetworkGroupVMMapVO mapVO: groupsForVm) {//FIXME: use custom sql in the dao - List allowingRules = _ingressRuleDao.listByAllowedNetworkGroupId(mapVO.getNetworkGroupId()); + for (SecurityGroupVMMapVO mapVO: groupsForVm) {//FIXME: use custom sql in the dao + List allowingRules = _ingressRuleDao.listByAllowedSecurityGroupId(mapVO.getSecurityGroupId()); //For each ingress rule that allows a group that the vm belongs to, find the group it belongs to affectedVms.addAll(getAffectedVmsForIngressRules(allowingRules)); } @@ -390,27 +390,27 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou Set affectedVms = new HashSet(); for (IngressRuleVO allowingRule: allowingRules){ - distinctGroups.add(allowingRule.getNetworkGroupId()); + distinctGroups.add(allowingRule.getSecurityGroupId()); } for (Long groupId: distinctGroups){ //allVmUpdates.putAll(generateRulesetForGroupMembers(groupId)); - affectedVms.addAll(_networkGroupVMMapDao.listVmIdsByNetworkGroup(groupId)); + affectedVms.addAll(_securityGroupVMMapDao.listVmIdsBySecurityGroup(groupId)); } return affectedVms; } - protected NetworkIngressRulesCmd generateRulesetCmd(String vmName, String guestIp, String guestMac, Long vmId, String signature, long seqnum, Map> rules) { + protected SecurityIngressRulesCmd generateRulesetCmd(String vmName, String guestIp, String guestMac, Long vmId, String signature, long seqnum, Map> rules) { List result = new ArrayList(); for (PortAndProto pAp : rules.keySet()) { Set cidrs = rules.get(pAp); if (cidrs.size() > 0) { - IpPortAndProto ipPortAndProto = new NetworkIngressRulesCmd.IpPortAndProto(pAp.getProto(), pAp.getStartPort(), pAp.getEndPort(), cidrs.toArray(new String[cidrs.size()])); + IpPortAndProto ipPortAndProto = new SecurityIngressRulesCmd.IpPortAndProto(pAp.getProto(), pAp.getStartPort(), pAp.getEndPort(), cidrs.toArray(new String[cidrs.size()])); result.add(ipPortAndProto); } } - return new NetworkIngressRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqnum, result.toArray(new IpPortAndProto[result.size()])); + return new SecurityIngressRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqnum, result.toArray(new IpPortAndProto[result.size()])); } protected void handleVmStopped(UserVm userVm) { @@ -420,15 +420,15 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou @Override @DB @SuppressWarnings("rawtypes") - public List authorizeNetworkGroupIngress(AuthorizeNetworkGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ - String groupName = cmd.getNetworkGroupName(); + public List authorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ + String groupName = cmd.getSecurityGroupName(); String protocol = cmd.getProtocol(); Integer startPort = cmd.getStartPort(); Integer endPort = cmd.getEndPort(); Integer icmpType = cmd.getIcmpType(); Integer icmpCode = cmd.getIcmpCode(); List cidrList = cmd.getCidrList(); - Map groupList = cmd.getUserNetworkGroupList(); + Map groupList = cmd.getUserSecurityGroupList(); Account account = UserContext.current().getAccount(); String accountName = cmd.getAccountName(); Long domainId = cmd.getDomainId(); @@ -445,7 +445,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou protocol = "all"; } - if (!NetUtils.isValidNetworkGroupProto(protocol)) { + if (!NetUtils.isValidSecurityGroupProto(protocol)) { s_logger.debug("Invalid protocol specified " + protocol); throw new InvalidParameterValueException("Invalid protocol " + protocol); } @@ -497,9 +497,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou // if it's an admin account, do a quick permission check if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { if (s_logger.isDebugEnabled()) { - s_logger.debug("Unable to find rules for network security group id = " + groupName + ", permission denied."); + s_logger.debug("Unable to find rules for security group id = " + groupName + ", permission denied."); } - throw new PermissionDeniedException("Unable to find rules for network security group id = " + groupName + ", permission denied."); + throw new PermissionDeniedException("Unable to find rules for security group id = " + groupName + ", permission denied."); } Account groupOwner = _accountDao.findActiveAccount(accountName, domainId); @@ -521,7 +521,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou } if (accountId == null) { - throw new InvalidParameterValueException("Unable to find account for network security group " + groupName + "; failed to authorize ingress."); + throw new InvalidParameterValueException("Unable to find account for security group " + groupName + "; failed to authorize ingress."); } @@ -532,7 +532,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou throw new InvalidParameterValueException("At least one cidr or at least one security group needs to be specified"); } - List authorizedGroups = new ArrayList (); + List authorizedGroups = new ArrayList (); if (groupList != null) { Collection userGroupCollection = groupList.values(); Iterator iter = userGroupCollection.iterator(); @@ -552,7 +552,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou throw new InvalidParameterValueException("Nonexistent account: " + authorizedAccountName + " when trying to authorize ingress for " + groupName + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode); } - NetworkGroupVO groupVO = _networkGroupDao.findByAccountAndName(authorizedAccount.getId(), group); + SecurityGroupVO groupVO = _securityGroupDao.findByAccountAndName(authorizedAccount.getId(), group); if (groupVO == null) { if (s_logger.isDebugEnabled()) { s_logger.debug("Nonexistent group " + group + " for account " + authorizedAccountName + "/" + domainId); @@ -564,79 +564,79 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou } final Transaction txn = Transaction.currentTxn(); - final Set authorizedGroups2 = new TreeSet(new NetworkGroupVOComparator()); + final Set authorizedGroups2 = new TreeSet(new SecurityGroupVOComparator()); authorizedGroups2.addAll(authorizedGroups); //Ensure we don't re-lock the same row txn.start(); - NetworkGroupVO networkGroup = _networkGroupDao.findByAccountAndName(accountId, groupName); - if (networkGroup == null) { - s_logger.warn("Network security group not found: name= " + groupName); + SecurityGroupVO securityGroup = _securityGroupDao.findByAccountAndName(accountId, groupName); + if (securityGroup == null) { + s_logger.warn("Security group not found: name= " + groupName); return null; } //Prevents other threads/management servers from creating duplicate ingress rules - NetworkGroupVO networkGroupLock = _networkGroupDao.acquireInLockTable(networkGroup.getId()); - if (networkGroupLock == null) { + SecurityGroupVO securityGroupLock = _securityGroupDao.acquireInLockTable(securityGroup.getId()); + if (securityGroupLock == null) { s_logger.warn("Could not acquire lock on network security group: name= " + groupName); return null; } List newRules = new ArrayList(); try { //Don't delete the group from under us. - networkGroup = _networkGroupDao.lockRow(networkGroup.getId(), false); - if (networkGroup == null) { + securityGroup = _securityGroupDao.lockRow(securityGroup.getId(), false); + if (securityGroup == null) { s_logger.warn("Could not acquire lock on network group " + groupName); return null; } - for (final NetworkGroupVO ngVO: authorizedGroups2) { + for (final SecurityGroupVO ngVO: authorizedGroups2) { final Long ngId = ngVO.getId(); //Don't delete the referenced group from under us - if (ngVO.getId() != networkGroup.getId()) { - final NetworkGroupVO tmpGrp = _networkGroupDao.lockRow(ngId, false); + if (ngVO.getId() != securityGroup.getId()) { + final SecurityGroupVO tmpGrp = _securityGroupDao.lockRow(ngId, false); if (tmpGrp == null) { - s_logger.warn("Failed to acquire lock on network group: " + ngId); + s_logger.warn("Failed to acquire lock on security group: " + ngId); txn.rollback(); return null; } } - IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndAllowedGroupId(networkGroup.getId(), protocol, startPort, endPort, ngVO.getId()); + IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndAllowedGroupId(securityGroup.getId(), protocol, startPort, endPort, ngVO.getId()); if (ingressRule != null) { continue; //rule already exists. } - ingressRule = new IngressRuleVO(networkGroup.getId(), startPort, endPort, protocol, ngVO.getId(), ngVO.getName(), ngVO.getAccountName()); + ingressRule = new IngressRuleVO(securityGroup.getId(), startPort, endPort, protocol, ngVO.getId(), ngVO.getName(), ngVO.getAccountName()); ingressRule = _ingressRuleDao.persist(ingressRule); newRules.add(ingressRule); } for (String cidr: cidrList) { - IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndCidr(networkGroup.getId(),protocol, startPort, endPort, cidr); + IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndCidr(securityGroup.getId(),protocol, startPort, endPort, cidr); if (ingressRule != null) { continue; } - ingressRule = new IngressRuleVO(networkGroup.getId(), startPort, endPort, protocol, cidr); + ingressRule = new IngressRuleVO(securityGroup.getId(), startPort, endPort, protocol, cidr); ingressRule = _ingressRuleDao.persist(ingressRule); newRules.add(ingressRule); } if (s_logger.isDebugEnabled()) { - s_logger.debug("Added " + newRules.size() + " rules to network group " + groupName); + s_logger.debug("Added " + newRules.size() + " rules to security group " + groupName); } txn.commit(); final Set affectedVms = new HashSet(); - affectedVms.addAll(_networkGroupVMMapDao.listVmIdsByNetworkGroup(networkGroup.getId())); + affectedVms.addAll(_securityGroupVMMapDao.listVmIdsBySecurityGroup(securityGroup.getId())); scheduleRulesetUpdateToHosts(affectedVms, true, null); return newRules; } catch (Exception e){ s_logger.warn("Exception caught when adding ingress rules ", e); throw new CloudRuntimeException("Exception caught when adding ingress rules", e); } finally { - if (networkGroupLock != null) { - _networkGroupDao.releaseFromLockTable(networkGroupLock.getId()); + if (securityGroupLock != null) { + _securityGroupDao.releaseFromLockTable(securityGroupLock.getId()); } } } @Override @DB @SuppressWarnings("rawtypes") - public boolean revokeNetworkGroupIngress(RevokeNetworkGroupIngressCmd cmd) { + public boolean revokeSecurityGroupIngress(RevokeSecurityGroupIngressCmd cmd) { //input validation Account account = UserContext.current().getAccount(); @@ -648,9 +648,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou Integer icmpType = cmd.getIcmpType(); Integer icmpCode = cmd.getIcmpCode(); String protocol = cmd.getProtocol(); - String networkGroup = cmd.getNetworkGroupName(); + String securityGroup = cmd.getSecurityGroupName(); String cidrList = cmd.getCidrList(); - Map groupList = cmd.getUserNetworkGroupList(); + Map groupList = cmd.getUserSecurityGroupList(); String [] cidrs = null; Long accountId = null; Integer startPortOrType = null; @@ -659,7 +659,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou protocol = "all"; } //FIXME: for exceptions below, add new enums to BaseCmd.PARAM_ to reflect the error condition more precisely - if (!NetUtils.isValidNetworkGroupProto(protocol)) { + if (!NetUtils.isValidSecurityGroupProto(protocol)) { s_logger.debug("Invalid protocol specified " + protocol); throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid protocol " + protocol); } @@ -709,9 +709,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou // if it's an admin account, do a quick permission check if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { if (s_logger.isDebugEnabled()) { - s_logger.debug("Unable to find rules for network security group id = " + networkGroup + ", permission denied."); + s_logger.debug("Unable to find rules for network security group id = " + securityGroup + ", permission denied."); } - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find rules for network security group id = " + networkGroup + ", permission denied."); + throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find rules for network security group id = " + securityGroup + ", permission denied."); } Account groupOwner = _accountDao.findActiveAccount(accountName, domainId); if (groupOwner == null) { @@ -732,13 +732,13 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou } if (accountId == null) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find account for network security group " + networkGroup + "; failed to revoke ingress."); + throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find account for network security group " + securityGroup + "; failed to revoke ingress."); } - NetworkGroupVO sg = _networkGroupDao.findByAccountAndName(accountId, networkGroup); + SecurityGroupVO sg = _securityGroupDao.findByAccountAndName(accountId, securityGroup); if (sg == null) { - s_logger.debug("Unable to find network security group with id " + networkGroup); - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find network security group with id " + networkGroup); + s_logger.debug("Unable to find network security group with id " + securityGroup); + throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find network security group with id " + securityGroup); } if (cidrList == null && groupList == null) { @@ -760,7 +760,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou } } - List authorizedGroups = new ArrayList (); + List authorizedGroups = new ArrayList (); if (groupList != null) { Collection userGroupCollection = groupList.values(); Iterator iter = userGroupCollection.iterator(); @@ -775,12 +775,12 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou Account authorizedAccount = _accountDao.findActiveAccount(authorizedAccountName, domainId); if (authorizedAccount == null) { if (s_logger.isDebugEnabled()) { - s_logger.debug("Nonexistent account: " + authorizedAccountName + ", domainid: " + domainId + " when trying to revoke ingress for " + networkGroup + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode); + s_logger.debug("Nonexistent account: " + authorizedAccountName + ", domainid: " + domainId + " when trying to revoke ingress for " + securityGroup + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode); } - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Nonexistent account: " + authorizedAccountName + " when trying to revoke ingress for " + networkGroup + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode); + throw new ServerApiException(BaseCmd.PARAM_ERROR, "Nonexistent account: " + authorizedAccountName + " when trying to revoke ingress for " + securityGroup + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode); } - NetworkGroupVO groupVO = _networkGroupDao.findByAccountAndName(authorizedAccount.getId(), group); + SecurityGroupVO groupVO = _securityGroupDao.findByAccountAndName(authorizedAccount.getId(), group); if (groupVO == null) { if (s_logger.isDebugEnabled()) { s_logger.debug("Nonexistent group and/or accountId: " + accountId + ", groupName=" + group); @@ -803,29 +803,29 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou final int numToDelete = cidrList.length() + authorizedGroups.size(); final Transaction txn = Transaction.currentTxn(); - NetworkGroupVO networkGroupHandle = _networkGroupDao.findByAccountAndName(accountId, networkGroup); - if (networkGroupHandle == null) { - s_logger.warn("Network security group not found: name= " + networkGroup); + SecurityGroupVO securityGroupHandle = _securityGroupDao.findByAccountAndName(accountId, securityGroup); + if (securityGroupHandle == null) { + s_logger.warn("Network security group not found: name= " + securityGroup); return false; } try { txn.start(); - networkGroupHandle = _networkGroupDao.acquireInLockTable(networkGroupHandle.getId()); - if (networkGroupHandle == null) { - s_logger.warn("Could not acquire lock on network security group: name= " + networkGroup); + securityGroupHandle = _securityGroupDao.acquireInLockTable(securityGroupHandle.getId()); + if (securityGroupHandle == null) { + s_logger.warn("Could not acquire lock on network security group: name= " + securityGroup); return false; } - for (final NetworkGroupVO ngVO: authorizedGroups) { - numDeleted += _ingressRuleDao.deleteByPortProtoAndGroup(networkGroupHandle.getId(), protocol, startPort, endPort, ngVO.getId()); + for (final SecurityGroupVO ngVO: authorizedGroups) { + numDeleted += _ingressRuleDao.deleteByPortProtoAndGroup(securityGroupHandle.getId(), protocol, startPort, endPort, ngVO.getId()); } for (final String cidr: cidrs) { - numDeleted += _ingressRuleDao.deleteByPortProtoAndCidr(networkGroupHandle.getId(), protocol, startPort, endPort, cidr); + numDeleted += _ingressRuleDao.deleteByPortProtoAndCidr(securityGroupHandle.getId(), protocol, startPort, endPort, cidr); } - s_logger.debug("revokeNetworkGroupIngress for group: " + networkGroup + ", numToDelete=" + numToDelete + ", numDeleted=" + numDeleted); + s_logger.debug("revokeSecurityGroupIngress for group: " + securityGroup + ", numToDelete=" + numToDelete + ", numDeleted=" + numDeleted); final Set affectedVms = new HashSet(); - affectedVms.addAll(_networkGroupVMMapDao.listVmIdsByNetworkGroup(networkGroupHandle.getId())); + affectedVms.addAll(_securityGroupVMMapDao.listVmIdsBySecurityGroup(securityGroupHandle.getId())); scheduleRulesetUpdateToHosts(affectedVms, true, null); return true; @@ -833,8 +833,8 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou s_logger.warn("Exception caught when deleting ingress rules ", e); throw new CloudRuntimeException("Exception caught when deleting ingress rules", e); } finally { - if (networkGroup != null) { - _networkGroupDao.releaseFromLockTable(networkGroupHandle.getId()); + if (securityGroup != null) { + _securityGroupDao.releaseFromLockTable(securityGroupHandle.getId()); } txn.commit(); } @@ -848,7 +848,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou } @Override - public NetworkGroupVO createNetworkGroup(CreateNetworkGroupCmd cmd) throws PermissionDeniedException, InvalidParameterValueException { + public SecurityGroupVO createSecurityGroup(CreateSecurityGroupCmd cmd) throws PermissionDeniedException, InvalidParameterValueException { if (!_enabled) { return null; } @@ -862,17 +862,17 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) { if ((domainId != null) && (accountName != null)) { if (!_domainDao.isChildDomain(account.getDomainId(), domainId)) { - throw new PermissionDeniedException("Unable to create network group in domain " + domainId + ", permission denied."); + throw new PermissionDeniedException("Unable to create security group in domain " + domainId + ", permission denied."); } Account userAccount = _accountDao.findActiveAccount(accountName, domainId); if (userAccount == null) { - throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create network group " + cmd.getNetworkGroupName()); + throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create security group " + cmd.getSecurityGroupName()); } accountId = userAccount.getId(); } else { - // the admin must be creating a network group for himself/herself + // the admin must be creating a security group for himself/herself if (account != null) { accountId = account.getId(); domainId = account.getDomainId(); @@ -893,23 +893,23 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou if (userAccount != null) { accountId = userAccount.getId(); } else { - throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create network group " + cmd.getNetworkGroupName()); + throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create security group " + cmd.getSecurityGroupName()); } } else { - throw new InvalidParameterValueException("Missing account information (account: " + accountName + ", domain: " + domainId + "), failed to create network group " + cmd.getNetworkGroupName()); + throw new InvalidParameterValueException("Missing account information (account: " + accountName + ", domain: " + domainId + "), failed to create security group " + cmd.getSecurityGroupName()); } } - if (_networkGroupDao.isNameInUse(accountId, domainId, cmd.getNetworkGroupName())) { - throw new InvalidParameterValueException("Unable to create network group, a group with name " + cmd.getNetworkGroupName() + " already exisits."); + if (_securityGroupDao.isNameInUse(accountId, domainId, cmd.getSecurityGroupName())) { + throw new InvalidParameterValueException("Unable to create security group, a group with name " + cmd.getSecurityGroupName() + " already exisits."); } - return createNetworkGroup(cmd.getNetworkGroupName(), cmd.getDescription(), domainId, accountId, accountName); + return createSecurityGroup(cmd.getSecurityGroupName(), cmd.getDescription(), domainId, accountId, accountName); } @DB @Override - public NetworkGroupVO createNetworkGroup(String name, String description, Long domainId, Long accountId, String accountName) { + public SecurityGroupVO createSecurityGroup(String name, String description, Long domainId, Long accountId, String accountName) { if (!_enabled) { return null; } @@ -922,10 +922,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou s_logger.warn("Failed to acquire lock on account"); return null; } - NetworkGroupVO group = _networkGroupDao.findByAccountAndName(accountId, name); + SecurityGroupVO group = _securityGroupDao.findByAccountAndName(accountId, name); if (group == null){ - group = new NetworkGroupVO(name, description, domainId, accountId, accountName); - group = _networkGroupDao.persist(group); + group = new SecurityGroupVO(name, description, domainId, accountId, accountName); + group = _securityGroupDao.persist(group); } return group; } finally { @@ -940,14 +940,14 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou @Override public boolean configure(String name, Map params) throws ConfigurationException { - String enabled =_configDao.getValue("direct.attach.network.groups.enabled"); + String enabled =_configDao.getValue("direct.attach.security.groups.enabled"); if ("true".equalsIgnoreCase(enabled)) { _enabled = true; } if (!_enabled) { return false; } - _answerListener = new NetworkGroupListener(this, _agentMgr, _workDao); + _answerListener = new SecurityGroupListener(this, _agentMgr, _workDao); _agentMgr.registerForHostEvents(_answerListener, true, true, true); _serverId = ((ManagementServer)ComponentLocator.getComponent(ManagementServer.Name)).getId(); @@ -981,15 +981,15 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou } @Override - public NetworkGroupVO createDefaultNetworkGroup(Long accountId) { + public SecurityGroupVO createDefaultSecurityGroup(Long accountId) { if (!_enabled) { return null; } - NetworkGroupVO groupVO = _networkGroupDao.findByAccountAndName(accountId, NetworkGroupManager.DEFAULT_GROUP_NAME); + SecurityGroupVO groupVO = _securityGroupDao.findByAccountAndName(accountId, SecurityGroupManager.DEFAULT_GROUP_NAME); if (groupVO == null ) { Account accVO = _accountDao.findById(accountId); if (accVO != null) { - return createNetworkGroup(NetworkGroupManager.DEFAULT_GROUP_NAME, NetworkGroupManager.DEFAULT_GROUP_DESCRIPTION, accVO.getDomainId(), accVO.getId(), accVO.getAccountName()); + return createSecurityGroup(SecurityGroupManager.DEFAULT_GROUP_NAME, SecurityGroupManager.DEFAULT_GROUP_DESCRIPTION, accVO.getDomainId(), accVO.getId(), accVO.getAccountName()); } } return groupVO; @@ -1000,7 +1000,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou if (s_logger.isTraceEnabled()) { s_logger.trace("Checking the database"); } - final NetworkGroupWorkVO work = _workDao.take(_serverId); + final SecurityGroupWorkVO work = _workDao.take(_serverId); if (work == null) { return; } @@ -1029,7 +1029,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou agentId = vm.getHostId(); if (agentId != null ) { _rulesetLogDao.findByVmId(work.getInstanceId()); - NetworkIngressRulesCmd cmd = generateRulesetCmd(vm.getInstanceName(), vm.getGuestIpAddress(), vm.getGuestMacAddress(), vm.getId(), generateRulesetSignature(rules), seqnum, rules); + SecurityIngressRulesCmd cmd = generateRulesetCmd(vm.getInstanceName(), vm.getGuestIpAddress(), vm.getGuestMacAddress(), vm.getId(), generateRulesetSignature(rules), seqnum, rules); Commands cmds = new Commands(cmd); try { _agentMgr.send(agentId, cmds, _answerListener); @@ -1052,12 +1052,12 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou @Override @DB - public boolean addInstanceToGroups(final Long userVmId, final List groups) { + public boolean addInstanceToGroups(final Long userVmId, final List groups) { if (!_enabled) { return true; } if (groups != null) { - final Set uniqueGroups = new TreeSet(new NetworkGroupVOComparator()); + final Set uniqueGroups = new TreeSet(new SecurityGroupVOComparator()); uniqueGroups.addAll(groups); final Transaction txn = Transaction.currentTxn(); txn.start(); @@ -1066,17 +1066,17 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou s_logger.warn("Failed to acquire lock on user vm id=" + userVmId); } try { - for (NetworkGroupVO networkGroup:uniqueGroups) { + for (SecurityGroupVO networkGroup:uniqueGroups) { //don't let the group be deleted from under us. - NetworkGroupVO ngrpLock = _networkGroupDao.lockRow(networkGroup.getId(), false); + SecurityGroupVO ngrpLock = _securityGroupDao.lockRow(networkGroup.getId(), false); if (ngrpLock == null) { s_logger.warn("Failed to acquire lock on network group id=" + networkGroup.getId() + " name=" + networkGroup.getName()); txn.rollback(); return false; } - if (_networkGroupVMMapDao.findByVmIdGroupId(userVmId, networkGroup.getId()) == null) { - NetworkGroupVMMapVO groupVmMapVO = new NetworkGroupVMMapVO(networkGroup.getId(), userVmId); - _networkGroupVMMapDao.persist(groupVmMapVO); + if (_securityGroupVMMapDao.findByVmIdGroupId(userVmId, networkGroup.getId()) == null) { + SecurityGroupVMMapVO groupVmMapVO = new SecurityGroupVMMapVO(networkGroup.getId(), userVmId); + _securityGroupVMMapDao.persist(groupVmMapVO); } } txn.commit(); @@ -1105,7 +1105,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou if (userVm == null) { s_logger.warn("Failed to acquire lock on user vm id=" + userVmId); } - int n = _networkGroupVMMapDao.deleteVM(userVmId); + int n = _securityGroupVMMapDao.deleteVM(userVmId); s_logger.info("Disassociated " + n + " network groups " + " from uservm " + userVmId); _userVMDao.releaseFromLockTable(userVmId); txn.commit(); @@ -1113,8 +1113,8 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou @DB @Override - public boolean deleteNetworkGroup(DeleteNetworkGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException{ - String name = cmd.getNetworkGroupName(); + public boolean deleteSecurityGroup(DeleteSecurityGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException{ + String name = cmd.getSecurityGroupName(); String accountName = cmd.getAccountName(); Long domainId = cmd.getDomainId(); Account account = UserContext.current().getAccount(); @@ -1157,7 +1157,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou throw new InvalidParameterValueException("Unable to find account for network group " + name + "; failed to delete group."); } - NetworkGroupVO sg = _networkGroupDao.findByAccountAndName(accountId, name); + SecurityGroupVO sg = _securityGroupDao.findByAccountAndName(accountId, name); if (sg == null) { throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find network group " + name + "; failed to delete group."); } @@ -1167,41 +1167,41 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou final Transaction txn = Transaction.currentTxn(); txn.start(); - final NetworkGroupVO group = _networkGroupDao.lockRow(groupId, true); + final SecurityGroupVO group = _securityGroupDao.lockRow(groupId, true); if (group == null) { s_logger.info("Not deleting group -- cannot find id " + groupId); return false; } - if (group.getName().equalsIgnoreCase(NetworkGroupManager.DEFAULT_GROUP_NAME)) { + if (group.getName().equalsIgnoreCase(SecurityGroupManager.DEFAULT_GROUP_NAME)) { txn.rollback(); throw new PermissionDeniedException("The network group default is reserved"); } - List allowingRules = _ingressRuleDao.listByAllowedNetworkGroupId(groupId); + List allowingRules = _ingressRuleDao.listByAllowedSecurityGroupId(groupId); if (allowingRules.size() != 0) { txn.rollback(); throw new ResourceInUseException("Cannot delete group when there are ingress rules that allow this group"); } - List rulesInGroup = _ingressRuleDao.listByNetworkGroupId(groupId); + List rulesInGroup = _ingressRuleDao.listBySecurityGroupId(groupId); if (rulesInGroup.size() != 0) { txn.rollback(); throw new ResourceInUseException("Cannot delete group when there are ingress rules in this group"); } - _networkGroupDao.expunge(groupId); + _securityGroupDao.expunge(groupId); txn.commit(); return true; } @Override - public List searchForNetworkGroupRules(ListNetworkGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException { + public List searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException { Account account = UserContext.current().getAccount(); Long domainId = cmd.getDomainId(); String accountName = cmd.getAccountName(); Long accountId = null; Long instanceId = cmd.getVirtualMachineId(); - String networkGroup = cmd.getNetworkGroupName(); + String networkGroup = cmd.getSecurityGroupName(); Boolean recursive = Boolean.FALSE; // permissions check @@ -1253,10 +1253,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou } } - Filter searchFilter = new Filter(NetworkGroupVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); + Filter searchFilter = new Filter(SecurityGroupVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); Object keyword = cmd.getKeyword(); - SearchBuilder sb = _networkGroupDao.createSearchBuilder(); + SearchBuilder sb = _securityGroupDao.createSearchBuilder(); sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ); sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ); sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ); @@ -1268,13 +1268,13 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); } - SearchCriteria sc = sb.create(); + SearchCriteria sc = sb.create(); if (accountId != null) { sc.setParameters("accountId", accountId); if (networkGroup != null) { sc.setParameters("name", networkGroup); } else if (keyword != null) { - SearchCriteria ssc = _networkGroupRulesDao.createSearchCriteria(); + SearchCriteria ssc = _securityGroupRulesDao.createSearchCriteria(); ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%"); ssc.addOr("description", SearchCriteria.Op.LIKE, "%" + keyword + "%"); sc.addAnd("name", SearchCriteria.Op.SC, ssc); @@ -1288,10 +1288,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou } } - List networkGroups = _networkGroupDao.search(sc, searchFilter); - List networkRulesList = new ArrayList(); - for (NetworkGroupVO group : networkGroups) { - networkRulesList.addAll(_networkGroupRulesDao.listNetworkRulesByGroupId(group.getId())); + List networkGroups = _securityGroupDao.search(sc, searchFilter); + List networkRulesList = new ArrayList(); + for (SecurityGroupVO group : networkGroups) { + networkRulesList.addAll(_securityGroupRulesDao.listSecurityRulesByGroupId(group.getId())); } if (instanceId != null) { @@ -1301,13 +1301,13 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou return networkRulesList; } - private List listNetworkGroupRulesByVM(long vmId) { - List results = new ArrayList(); - List networkGroupMappings = _networkGroupVMMapDao.listByInstanceId(vmId); + private List listNetworkGroupRulesByVM(long vmId) { + List results = new ArrayList(); + List networkGroupMappings = _securityGroupVMMapDao.listByInstanceId(vmId); if (networkGroupMappings != null) { - for (NetworkGroupVMMapVO networkGroupMapping : networkGroupMappings) { - NetworkGroupVO group = _networkGroupDao.findById(networkGroupMapping.getNetworkGroupId()); - List rules = _networkGroupRulesDao.listNetworkGroupRules(group.getAccountId(), networkGroupMapping.getGroupName()); + for (SecurityGroupVMMapVO networkGroupMapping : networkGroupMappings) { + SecurityGroupVO group = _securityGroupDao.findById(networkGroupMapping.getSecurityGroupId()); + List rules = _securityGroupRulesDao.listSecurityGroupRules(group.getAccountId(), networkGroupMapping.getGroupName()); if (rules != null) { results.addAll(rules); } @@ -1348,11 +1348,11 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou private void cleanupUnfinishedWork() { Date before = new Date(System.currentTimeMillis() - 30*1000l); - List unfinished = _workDao.findUnfinishedWork(before); + List unfinished = _workDao.findUnfinishedWork(before); if (unfinished.size() > 0) { s_logger.info("Network Group Work cleanup found " + unfinished.size() + " unfinished work items older than " + before.toString()); Set affectedVms = new HashSet(); - for (NetworkGroupWorkVO work: unfinished) { + for (SecurityGroupWorkVO work: unfinished) { affectedVms.add(work.getInstanceId()); } scheduleRulesetUpdateToHosts(affectedVms, false, null); @@ -1362,11 +1362,11 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou } @Override - public String getNetworkGroupsNamesForVm(long vmId) + public String getSecurityGroupsNamesForVm(long vmId) { try { - ListnetworkGroupsToVmMap = _networkGroupVMMapDao.listByInstanceId(vmId); + ListnetworkGroupsToVmMap = _securityGroupVMMapDao.listByInstanceId(vmId); int size = 0; int j=0; StringBuilder networkGroupNames = new StringBuilder(); @@ -1375,10 +1375,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou { size = networkGroupsToVmMap.size(); - for(NetworkGroupVMMapVO nG: networkGroupsToVmMap) + for(SecurityGroupVMMapVO nG: networkGroupsToVmMap) { //get the group id and look up for the group name - NetworkGroupVO currentNetworkGroup = _networkGroupDao.findById(nG.getNetworkGroupId()); + SecurityGroupVO currentNetworkGroup = _securityGroupDao.findById(nG.getSecurityGroupId()); networkGroupNames.append(currentNetworkGroup.getName()); if(j<(size-1)) diff --git a/server/src/com/cloud/network/security/dao/IngressRuleDao.java b/server/src/com/cloud/network/security/dao/IngressRuleDao.java index 859e82ddaa5..c95e4ee567b 100644 --- a/server/src/com/cloud/network/security/dao/IngressRuleDao.java +++ b/server/src/com/cloud/network/security/dao/IngressRuleDao.java @@ -24,13 +24,13 @@ import com.cloud.network.security.IngressRuleVO; import com.cloud.utils.db.GenericDao; public interface IngressRuleDao extends GenericDao { - List listByNetworkGroupId(long networkGroupId); - List listByAllowedNetworkGroupId(long networkGroupId); + List listBySecurityGroupId(long networkGroupId); + List listByAllowedSecurityGroupId(long networkGroupId); IngressRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort, int endPort, String cidr); IngressRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String networkGroup); IngressRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto, int startPort, int endPort, Long allowedGroupId); - int deleteByNetworkGroup(long networkGroupId); - int deleteByPortProtoAndGroup(long networkGroupId, String protocol, int startPort,int endPort, Long id); - int deleteByPortProtoAndCidr(long networkGroupId, String protocol, int startPort,int endPort, String cidr); + int deleteBySecurityGroup(long securityGroupId); + int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort,int endPort, Long id); + int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort,int endPort, String cidr); } diff --git a/server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java b/server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java index 7d3835d3f9d..dab386e1170 100644 --- a/server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java +++ b/server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java @@ -25,7 +25,7 @@ import javax.ejb.Local; import javax.naming.ConfigurationException; import com.cloud.network.security.IngressRuleVO; -import com.cloud.network.security.NetworkGroupVO; +import com.cloud.network.security.SecurityGroupVO; import com.cloud.utils.component.Inject; import com.cloud.utils.db.GenericDaoBase; import com.cloud.utils.db.JoinBuilder; @@ -35,66 +35,66 @@ import com.cloud.utils.db.SearchCriteria; @Local(value={IngressRuleDao.class}) public class IngressRuleDaoImpl extends GenericDaoBase implements IngressRuleDao { - @Inject NetworkGroupDao _networkGroupDao; + @Inject SecurityGroupDao _securityGroupDao; - protected SearchBuilder networkGroupIdSearch; - protected SearchBuilder allowedNetworkGroupIdSearch; + protected SearchBuilder securityGroupIdSearch; + protected SearchBuilder allowedSecurityGroupIdSearch; protected SearchBuilder protoPortsAndCidrSearch; - protected SearchBuilder protoPortsAndNetworkGroupNameSearch; - protected SearchBuilder protoPortsAndNetworkGroupIdSearch; + protected SearchBuilder protoPortsAndSecurityGroupNameSearch; + protected SearchBuilder protoPortsAndSecurityGroupIdSearch; protected IngressRuleDaoImpl() { - networkGroupIdSearch = createSearchBuilder(); - networkGroupIdSearch.and("networkGroupId", networkGroupIdSearch.entity().getNetworkGroupId(), SearchCriteria.Op.EQ); - networkGroupIdSearch.done(); + securityGroupIdSearch = createSearchBuilder(); + securityGroupIdSearch.and("securityGroupId", securityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + securityGroupIdSearch.done(); - allowedNetworkGroupIdSearch = createSearchBuilder(); - allowedNetworkGroupIdSearch.and("allowedNetworkId", allowedNetworkGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ); - allowedNetworkGroupIdSearch.done(); + allowedSecurityGroupIdSearch = createSearchBuilder(); + allowedSecurityGroupIdSearch.and("allowedNetworkId", allowedSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ); + allowedSecurityGroupIdSearch.done(); protoPortsAndCidrSearch = createSearchBuilder(); - protoPortsAndCidrSearch.and("networkGroupId", protoPortsAndCidrSearch.entity().getNetworkGroupId(), SearchCriteria.Op.EQ); + protoPortsAndCidrSearch.and("securityGroupId", protoPortsAndCidrSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); protoPortsAndCidrSearch.and("proto", protoPortsAndCidrSearch.entity().getProtocol(), SearchCriteria.Op.EQ); protoPortsAndCidrSearch.and("startPort", protoPortsAndCidrSearch.entity().getStartPort(), SearchCriteria.Op.EQ); protoPortsAndCidrSearch.and("endPort", protoPortsAndCidrSearch.entity().getEndPort(), SearchCriteria.Op.EQ); protoPortsAndCidrSearch.and("cidr", protoPortsAndCidrSearch.entity().getAllowedSourceIpCidr(), SearchCriteria.Op.EQ); protoPortsAndCidrSearch.done(); - protoPortsAndNetworkGroupIdSearch = createSearchBuilder(); - protoPortsAndNetworkGroupIdSearch.and("networkGroupId", protoPortsAndNetworkGroupIdSearch.entity().getNetworkGroupId(), SearchCriteria.Op.EQ); - protoPortsAndNetworkGroupIdSearch.and("proto", protoPortsAndNetworkGroupIdSearch.entity().getProtocol(), SearchCriteria.Op.EQ); - protoPortsAndNetworkGroupIdSearch.and("startPort", protoPortsAndNetworkGroupIdSearch.entity().getStartPort(), SearchCriteria.Op.EQ); - protoPortsAndNetworkGroupIdSearch.and("endPort", protoPortsAndNetworkGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ); - protoPortsAndNetworkGroupIdSearch.and("allowedNetworkId", protoPortsAndNetworkGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupIdSearch = createSearchBuilder(); + protoPortsAndSecurityGroupIdSearch.and("securityGroupId", protoPortsAndSecurityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupIdSearch.and("proto", protoPortsAndSecurityGroupIdSearch.entity().getProtocol(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupIdSearch.and("startPort", protoPortsAndSecurityGroupIdSearch.entity().getStartPort(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupIdSearch.and("endPort", protoPortsAndSecurityGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupIdSearch.and("allowedNetworkId", protoPortsAndSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ); } - public List listByNetworkGroupId(long networkGroupId) { - SearchCriteria sc = networkGroupIdSearch.create(); - sc.setParameters("networkGroupId", networkGroupId); + public List listBySecurityGroupId(long securityGroupId) { + SearchCriteria sc = securityGroupIdSearch.create(); + sc.setParameters("securityGroupId", securityGroupId); return listBy(sc); } - public int deleteByNetworkGroup(long networkGroupId) { - SearchCriteria sc = networkGroupIdSearch.create(); - sc.setParameters("networkGroupId", networkGroupId); + public int deleteBySecurityGroup(long securityGroupId) { + SearchCriteria sc = securityGroupIdSearch.create(); + sc.setParameters("securityGroupId", securityGroupId); return expunge(sc); } @Override - public List listByAllowedNetworkGroupId(long networkGroupId) { - SearchCriteria sc = allowedNetworkGroupIdSearch.create(); - sc.setParameters("allowedNetworkId", networkGroupId); + public List listByAllowedSecurityGroupId(long securityGroupId) { + SearchCriteria sc = allowedSecurityGroupIdSearch.create(); + sc.setParameters("allowedNetworkId", securityGroupId); return listBy(sc); } @Override - public IngressRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort, + public IngressRuleVO findByProtoPortsAndCidr(long securityGroupId, String proto, int startPort, int endPort, String cidr) { SearchCriteria sc = protoPortsAndCidrSearch.create(); - sc.setParameters("networkGroupId", networkGroupId); + sc.setParameters("securityGroupId", securityGroupId); sc.setParameters("proto", proto); sc.setParameters("startPort", startPort); sc.setParameters("endPort", endPort); @@ -104,33 +104,33 @@ public class IngressRuleDaoImpl extends GenericDaoBase impl @Override public IngressRuleVO findByProtoPortsAndGroup(String proto, int startPort, - int endPort, String networkGroup) { - SearchCriteria sc = protoPortsAndNetworkGroupNameSearch.create(); + int endPort, String securityGroup) { + SearchCriteria sc = protoPortsAndSecurityGroupNameSearch.create(); sc.setParameters("proto", proto); sc.setParameters("startPort", startPort); sc.setParameters("endPort", endPort); - sc.setJoinParameters("groupName", "groupName", networkGroup); + sc.setJoinParameters("groupName", "groupName", securityGroup); return findOneIncludingRemovedBy(sc); } @Override public boolean configure(String name, Map params) throws ConfigurationException { - protoPortsAndNetworkGroupNameSearch = createSearchBuilder(); - protoPortsAndNetworkGroupNameSearch.and("proto", protoPortsAndNetworkGroupNameSearch.entity().getProtocol(), SearchCriteria.Op.EQ); - protoPortsAndNetworkGroupNameSearch.and("startPort", protoPortsAndNetworkGroupNameSearch.entity().getStartPort(), SearchCriteria.Op.EQ); - protoPortsAndNetworkGroupNameSearch.and("endPort", protoPortsAndNetworkGroupNameSearch.entity().getEndPort(), SearchCriteria.Op.EQ); - SearchBuilder ngSb = _networkGroupDao.createSearchBuilder(); + protoPortsAndSecurityGroupNameSearch = createSearchBuilder(); + protoPortsAndSecurityGroupNameSearch.and("proto", protoPortsAndSecurityGroupNameSearch.entity().getProtocol(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupNameSearch.and("startPort", protoPortsAndSecurityGroupNameSearch.entity().getStartPort(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupNameSearch.and("endPort", protoPortsAndSecurityGroupNameSearch.entity().getEndPort(), SearchCriteria.Op.EQ); + SearchBuilder ngSb = _securityGroupDao.createSearchBuilder(); ngSb.and("groupName", ngSb.entity().getName(), SearchCriteria.Op.EQ); - protoPortsAndNetworkGroupNameSearch.join("groupName", ngSb, protoPortsAndNetworkGroupNameSearch.entity().getAllowedNetworkId(), ngSb.entity().getId(), JoinBuilder.JoinType.INNER); - protoPortsAndNetworkGroupNameSearch.done(); + protoPortsAndSecurityGroupNameSearch.join("groupName", ngSb, protoPortsAndSecurityGroupNameSearch.entity().getAllowedNetworkId(), ngSb.entity().getId(), JoinBuilder.JoinType.INNER); + protoPortsAndSecurityGroupNameSearch.done(); return super.configure(name, params); } @Override - public int deleteByPortProtoAndGroup(long networkGroupId, String protocol, int startPort, int endPort, Long allowedGroupId) { - SearchCriteria sc = protoPortsAndNetworkGroupIdSearch.create(); - sc.setParameters("networkGroupId", networkGroupId); + public int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort, int endPort, Long allowedGroupId) { + SearchCriteria sc = protoPortsAndSecurityGroupIdSearch.create(); + sc.setParameters("securityGroupId", securityGroupId); sc.setParameters("proto", protocol); sc.setParameters("startPort", startPort); sc.setParameters("endPort", endPort); @@ -141,9 +141,9 @@ public class IngressRuleDaoImpl extends GenericDaoBase impl } @Override - public int deleteByPortProtoAndCidr(long networkGroupId, String protocol, int startPort, int endPort, String cidr) { + public int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort, int endPort, String cidr) { SearchCriteria sc = protoPortsAndCidrSearch.create(); - sc.setParameters("networkGroupId", networkGroupId); + sc.setParameters("securityGroupId", securityGroupId); sc.setParameters("proto", protocol); sc.setParameters("startPort", startPort); sc.setParameters("endPort", endPort); @@ -153,10 +153,10 @@ public class IngressRuleDaoImpl extends GenericDaoBase impl } @Override - public IngressRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto, + public IngressRuleVO findByProtoPortsAndAllowedGroupId(long securityGroupId, String proto, int startPort, int endPort, Long allowedGroupId) { - SearchCriteria sc = protoPortsAndNetworkGroupIdSearch.create(); - sc.addAnd("networkGroupId", SearchCriteria.Op.EQ, networkGroupId); + SearchCriteria sc = protoPortsAndSecurityGroupIdSearch.create(); + sc.addAnd("securityGroupId", SearchCriteria.Op.EQ, securityGroupId); sc.setParameters("proto", proto); sc.setParameters("startPort", startPort); sc.setParameters("endPort", endPort); diff --git a/server/src/com/cloud/network/security/dao/NetworkGroupRulesDao.java b/server/src/com/cloud/network/security/dao/NetworkGroupRulesDao.java deleted file mode 100644 index c920c10b773..00000000000 --- a/server/src/com/cloud/network/security/dao/NetworkGroupRulesDao.java +++ /dev/null @@ -1,35 +0,0 @@ -package com.cloud.network.security.dao; - -import java.util.List; - -import com.cloud.network.security.NetworkGroupRulesVO; -import com.cloud.utils.db.GenericDao; - -public interface NetworkGroupRulesDao extends GenericDao { - /** - * List a network group and associated ingress rules - * @param accountId the account id of the owner of the network group - * @param groupName the name of the group for which to list rules - * @return the list of ingress rules associated with the network group (and network group info) - */ - List listNetworkGroupRules(long accountId, String groupName); - - /** - * List network groups and associated ingress rules - * @param accountId the id of the account for which to list groups and associated rules - * @return the list of network groups with associated ingress rules - */ - List listNetworkGroupRules(long accountId); - - /** - * List all network groups and associated ingress rules - * @return the list of network groups with associated ingress rules - */ - List listNetworkGroupRules(); - - /** - * List all network rules belonging to the specific group - * @return the network group with associated ingress rules - */ - List listNetworkRulesByGroupId(long groupId); -} diff --git a/server/src/com/cloud/network/security/dao/NetworkGroupRulesDaoImpl.java b/server/src/com/cloud/network/security/dao/NetworkGroupRulesDaoImpl.java deleted file mode 100644 index 116d8db0a81..00000000000 --- a/server/src/com/cloud/network/security/dao/NetworkGroupRulesDaoImpl.java +++ /dev/null @@ -1,68 +0,0 @@ -package com.cloud.network.security.dao; - -import java.util.List; - -import javax.ejb.Local; - -import com.cloud.network.security.NetworkGroupRulesVO; -import com.cloud.utils.db.Filter; -import com.cloud.utils.db.GenericDaoBase; -import com.cloud.utils.db.SearchBuilder; -import com.cloud.utils.db.SearchCriteria; - -@Local(value={NetworkGroupRulesDao.class}) -public class NetworkGroupRulesDaoImpl extends GenericDaoBase implements NetworkGroupRulesDao { - private SearchBuilder AccountGroupNameSearch; - private SearchBuilder AccountSearch; - private SearchBuilder GroupSearch; - - - protected NetworkGroupRulesDaoImpl() { - AccountGroupNameSearch = createSearchBuilder(); - AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ); - AccountGroupNameSearch.and("name", AccountGroupNameSearch.entity().getName(), SearchCriteria.Op.EQ); - AccountGroupNameSearch.done(); - - AccountSearch = createSearchBuilder(); - AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ); - AccountSearch.done(); - - GroupSearch = createSearchBuilder(); - GroupSearch.and("groupId", GroupSearch.entity().getId(), SearchCriteria.Op.EQ); - GroupSearch.done(); - - } - - @Override - public List listNetworkGroupRules() { - Filter searchFilter = new Filter(NetworkGroupRulesVO.class, "id", true, null, null); - return listAll(searchFilter); - } - - @Override - public List listNetworkGroupRules(long accountId, String groupName) { - Filter searchFilter = new Filter(NetworkGroupRulesVO.class, "id", true, null, null); - - SearchCriteria sc = AccountGroupNameSearch.create(); - sc.setParameters("accountId", accountId); - sc.setParameters("name", groupName); - - return listBy(sc, searchFilter); - } - - @Override - public List listNetworkGroupRules(long accountId) { - Filter searchFilter = new Filter(NetworkGroupRulesVO.class, "id", true, null, null); - SearchCriteria sc = AccountSearch.create(); - sc.setParameters("accountId", accountId); - return listBy(sc, searchFilter); - } - - @Override - public List listNetworkRulesByGroupId(long groupId) { - Filter searchFilter = new Filter(NetworkGroupRulesVO.class, "id", true, null, null); - SearchCriteria sc = GroupSearch.create(); - sc.setParameters("groupId", groupId); - return listBy(sc, searchFilter); - } -} diff --git a/server/src/com/cloud/network/security/dao/NetworkGroupVMMapDaoImpl.java b/server/src/com/cloud/network/security/dao/NetworkGroupVMMapDaoImpl.java deleted file mode 100644 index 7b22635dc18..00000000000 --- a/server/src/com/cloud/network/security/dao/NetworkGroupVMMapDaoImpl.java +++ /dev/null @@ -1,136 +0,0 @@ -/** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. - * - * This software is licensed under the GNU General Public License v3 or later. - * - * It is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or any later version. - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ - -package com.cloud.network.security.dao; - -import java.util.List; - -import javax.ejb.Local; - -import com.cloud.network.security.NetworkGroupVMMapVO; -import com.cloud.utils.db.GenericDaoBase; -import com.cloud.utils.db.GenericSearchBuilder; -import com.cloud.utils.db.SearchBuilder; -import com.cloud.utils.db.SearchCriteria; -import com.cloud.vm.State; - -@Local(value={NetworkGroupVMMapDao.class}) -public class NetworkGroupVMMapDaoImpl extends GenericDaoBase implements NetworkGroupVMMapDao { - private SearchBuilder ListByIpAndVmId; - private SearchBuilder ListByVmId; - private SearchBuilder ListByVmIdGroupId; - - private GenericSearchBuilder ListVmIdByNetworkGroup; - - private SearchBuilder ListByIp; - private SearchBuilder ListByNetworkGroup; - private SearchBuilder ListByNetworkGroupAndStates; - - protected NetworkGroupVMMapDaoImpl() { - ListByIpAndVmId = createSearchBuilder(); - ListByIpAndVmId.and("ipAddress", ListByIpAndVmId.entity().getGuestIpAddress(), SearchCriteria.Op.EQ); - ListByIpAndVmId.and("instanceId", ListByIpAndVmId.entity().getInstanceId(), SearchCriteria.Op.EQ); - ListByIpAndVmId.done(); - - ListVmIdByNetworkGroup = createSearchBuilder(Long.class); - ListVmIdByNetworkGroup.and("networkGroupId", ListVmIdByNetworkGroup.entity().getNetworkGroupId(), SearchCriteria.Op.EQ); - ListVmIdByNetworkGroup.selectField(ListVmIdByNetworkGroup.entity().getInstanceId()); - ListVmIdByNetworkGroup.done(); - - ListByNetworkGroup = createSearchBuilder(); - ListByNetworkGroup.and("networkGroupId", ListByNetworkGroup.entity().getNetworkGroupId(), SearchCriteria.Op.EQ); - ListByNetworkGroup.done(); - - ListByIp = createSearchBuilder(); - ListByIp.and("ipAddress", ListByIp.entity().getGuestIpAddress(), SearchCriteria.Op.EQ); - ListByIp.done(); - - ListByVmId = createSearchBuilder(); - ListByVmId.and("instanceId", ListByVmId.entity().getInstanceId(), SearchCriteria.Op.EQ); - ListByVmId.done(); - - ListByNetworkGroupAndStates = createSearchBuilder(); - ListByNetworkGroupAndStates.and("networkGroupId", ListByNetworkGroupAndStates.entity().getNetworkGroupId(), SearchCriteria.Op.EQ); - ListByNetworkGroupAndStates.and("states", ListByNetworkGroupAndStates.entity().getVmState(), SearchCriteria.Op.IN); - ListByNetworkGroupAndStates.done(); - - ListByVmIdGroupId = createSearchBuilder(); - ListByVmIdGroupId.and("instanceId", ListByVmIdGroupId.entity().getInstanceId(), SearchCriteria.Op.EQ); - ListByVmIdGroupId.and("networkGroupId", ListByVmIdGroupId.entity().getNetworkGroupId(), SearchCriteria.Op.EQ); - ListByVmIdGroupId.done(); - } - - public List listByIpAndInstanceId(String ipAddress, long vmId) { - SearchCriteria sc = ListByIpAndVmId.create(); - sc.setParameters("ipAddress", ipAddress); - sc.setParameters("instanceId", vmId); - return listBy(sc); - } - - @Override - public List listByNetworkGroup(long networkGroupId) { - SearchCriteria sc = ListByNetworkGroup.create(); - sc.setParameters("networkGroupId", networkGroupId); - return listBy(sc); - } - - @Override - public List listByIp(String ipAddress) { - SearchCriteria sc = ListByIp.create(); - sc.setParameters("ipAddress", ipAddress); - return listBy(sc); - } - - @Override - public List listByInstanceId(long vmId) { - SearchCriteria sc = ListByVmId.create(); - sc.setParameters("instanceId", vmId); - return listBy(sc); - } - - @Override - public int deleteVM(long instanceId) { - SearchCriteria sc = ListByVmId.create(); - sc.setParameters("instanceId", instanceId); - return super.expunge(sc); - } - - @Override - public List listByNetworkGroup(long networkGroupId, State... vmStates) { - SearchCriteria sc = ListByNetworkGroupAndStates.create(); - sc.setParameters("networkGroupId", networkGroupId); - sc.setParameters("states", (Object[])vmStates); - return listBy(sc); - } - - @Override - public List listVmIdsByNetworkGroup(long networkGroupId) { - SearchCriteria sc = ListVmIdByNetworkGroup.create(); - sc.setParameters("networkGroupId", networkGroupId); - return searchIncludingRemoved(sc, null); - } - - @Override - public NetworkGroupVMMapVO findByVmIdGroupId(long instanceId, long networkGroupId) { - SearchCriteria sc = ListByVmIdGroupId.create(); - sc.setParameters("networkGroupId", networkGroupId); - sc.setParameters("instanceId", instanceId); - return findOneIncludingRemovedBy(sc); - } - -} diff --git a/server/src/com/cloud/network/security/dao/NetworkGroupDao.java b/server/src/com/cloud/network/security/dao/SecurityGroupDao.java similarity index 73% rename from server/src/com/cloud/network/security/dao/NetworkGroupDao.java rename to server/src/com/cloud/network/security/dao/SecurityGroupDao.java index 2959d4a1a36..2656efd7b74 100644 --- a/server/src/com/cloud/network/security/dao/NetworkGroupDao.java +++ b/server/src/com/cloud/network/security/dao/SecurityGroupDao.java @@ -20,12 +20,12 @@ package com.cloud.network.security.dao; import java.util.List; -import com.cloud.network.security.NetworkGroupVO; +import com.cloud.network.security.SecurityGroupVO; import com.cloud.utils.db.GenericDao; -public interface NetworkGroupDao extends GenericDao { - List listByAccountId(long accountId); +public interface SecurityGroupDao extends GenericDao { + List listByAccountId(long accountId); boolean isNameInUse(Long accountId, Long domainId, String name); - NetworkGroupVO findByAccountAndName(Long accountId, String name); - List findByAccountAndNames(Long accountId, String... names); + SecurityGroupVO findByAccountAndName(Long accountId, String name); + List findByAccountAndNames(Long accountId, String... names); } diff --git a/server/src/com/cloud/network/security/dao/NetworkGroupDaoImpl.java b/server/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java similarity index 72% rename from server/src/com/cloud/network/security/dao/NetworkGroupDaoImpl.java rename to server/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java index 7a7197242c1..20e6880f14b 100644 --- a/server/src/com/cloud/network/security/dao/NetworkGroupDaoImpl.java +++ b/server/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java @@ -22,18 +22,18 @@ import java.util.List; import javax.ejb.Local; -import com.cloud.network.security.NetworkGroupVO; +import com.cloud.network.security.SecurityGroupVO; import com.cloud.utils.db.GenericDaoBase; import com.cloud.utils.db.SearchBuilder; import com.cloud.utils.db.SearchCriteria; -@Local(value={NetworkGroupDao.class}) -public class NetworkGroupDaoImpl extends GenericDaoBase implements NetworkGroupDao { - private SearchBuilder AccountIdSearch; - private SearchBuilder AccountIdNameSearch; - private SearchBuilder AccountIdNamesSearch; +@Local(value={SecurityGroupDao.class}) +public class SecurityGroupDaoImpl extends GenericDaoBase implements SecurityGroupDao { + private SearchBuilder AccountIdSearch; + private SearchBuilder AccountIdNameSearch; + private SearchBuilder AccountIdNamesSearch; - protected NetworkGroupDaoImpl() { + protected SecurityGroupDaoImpl() { AccountIdSearch = createSearchBuilder(); AccountIdSearch.and("accountId", AccountIdSearch.entity().getAccountId(), SearchCriteria.Op.EQ); AccountIdSearch.done(); @@ -49,15 +49,15 @@ public class NetworkGroupDaoImpl extends GenericDaoBase im } @Override - public List listByAccountId(long accountId) { - SearchCriteria sc = AccountIdSearch.create(); + public List listByAccountId(long accountId) { + SearchCriteria sc = AccountIdSearch.create(); sc.setParameters("accountId", accountId); return listBy(sc); } @Override public boolean isNameInUse(Long accountId, Long domainId, String name) { - SearchCriteria sc = createSearchCriteria(); + SearchCriteria sc = createSearchCriteria(); sc.addAnd("name", SearchCriteria.Op.EQ, name); if (accountId != null) { sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId); @@ -66,13 +66,13 @@ public class NetworkGroupDaoImpl extends GenericDaoBase im sc.addAnd("accountId", SearchCriteria.Op.NULL); } - List securityGroups = listBy(sc); + List securityGroups = listBy(sc); return ((securityGroups != null) && !securityGroups.isEmpty()); } @Override - public NetworkGroupVO findByAccountAndName(Long accountId, String name) { - SearchCriteria sc = AccountIdNameSearch.create(); + public SecurityGroupVO findByAccountAndName(Long accountId, String name) { + SearchCriteria sc = AccountIdNameSearch.create(); sc.setParameters("accountId", accountId); sc.setParameters("groupName", name); @@ -80,8 +80,8 @@ public class NetworkGroupDaoImpl extends GenericDaoBase im } @Override - public List findByAccountAndNames(Long accountId, String... names) { - SearchCriteria sc = AccountIdNamesSearch.create(); + public List findByAccountAndNames(Long accountId, String... names) { + SearchCriteria sc = AccountIdNamesSearch.create(); sc.setParameters("accountId", accountId); sc.setParameters("groupNames", (Object [])names); diff --git a/server/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java b/server/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java new file mode 100644 index 00000000000..755277b0578 --- /dev/null +++ b/server/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java @@ -0,0 +1,35 @@ +package com.cloud.network.security.dao; + +import java.util.List; + +import com.cloud.network.security.SecurityGroupRulesVO; +import com.cloud.utils.db.GenericDao; + +public interface SecurityGroupRulesDao extends GenericDao { + /** + * List a security group and associated ingress rules + * @param accountId the account id of the owner of the security group + * @param groupName the name of the group for which to list rules + * @return the list of ingress rules associated with the security group (and security group info) + */ + List listSecurityGroupRules(long accountId, String groupName); + + /** + * List security groups and associated ingress rules + * @param accountId the id of the account for which to list groups and associated rules + * @return the list of security groups with associated ingress rules + */ + List listSecurityGroupRules(long accountId); + + /** + * List all security groups and associated ingress rules + * @return the list of security groups with associated ingress rules + */ + List listSecurityGroupRules(); + + /** + * List all security rules belonging to the specific group + * @return the security group with associated ingress rules + */ + List listSecurityRulesByGroupId(long groupId); +} diff --git a/server/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java b/server/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java new file mode 100644 index 00000000000..cfb32d3818e --- /dev/null +++ b/server/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java @@ -0,0 +1,68 @@ +package com.cloud.network.security.dao; + +import java.util.List; + +import javax.ejb.Local; + +import com.cloud.network.security.SecurityGroupRulesVO; +import com.cloud.utils.db.Filter; +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; + +@Local(value={SecurityGroupRulesDao.class}) +public class SecurityGroupRulesDaoImpl extends GenericDaoBase implements SecurityGroupRulesDao { + private SearchBuilder AccountGroupNameSearch; + private SearchBuilder AccountSearch; + private SearchBuilder GroupSearch; + + + protected SecurityGroupRulesDaoImpl() { + AccountGroupNameSearch = createSearchBuilder(); + AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ); + AccountGroupNameSearch.and("name", AccountGroupNameSearch.entity().getName(), SearchCriteria.Op.EQ); + AccountGroupNameSearch.done(); + + AccountSearch = createSearchBuilder(); + AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ); + AccountSearch.done(); + + GroupSearch = createSearchBuilder(); + GroupSearch.and("groupId", GroupSearch.entity().getId(), SearchCriteria.Op.EQ); + GroupSearch.done(); + + } + + @Override + public List listSecurityGroupRules() { + Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null); + return listAll(searchFilter); + } + + @Override + public List listSecurityGroupRules(long accountId, String groupName) { + Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null); + + SearchCriteria sc = AccountGroupNameSearch.create(); + sc.setParameters("accountId", accountId); + sc.setParameters("name", groupName); + + return listBy(sc, searchFilter); + } + + @Override + public List listSecurityGroupRules(long accountId) { + Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null); + SearchCriteria sc = AccountSearch.create(); + sc.setParameters("accountId", accountId); + return listBy(sc, searchFilter); + } + + @Override + public List listSecurityRulesByGroupId(long groupId) { + Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null); + SearchCriteria sc = GroupSearch.create(); + sc.setParameters("groupId", groupId); + return listBy(sc, searchFilter); + } +} diff --git a/server/src/com/cloud/network/security/dao/NetworkGroupVMMapDao.java b/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java similarity index 58% rename from server/src/com/cloud/network/security/dao/NetworkGroupVMMapDao.java rename to server/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java index f7f7cb2ba88..42059768a72 100644 --- a/server/src/com/cloud/network/security/dao/NetworkGroupVMMapDao.java +++ b/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java @@ -20,17 +20,17 @@ package com.cloud.network.security.dao; import java.util.List; -import com.cloud.network.security.NetworkGroupVMMapVO; +import com.cloud.network.security.SecurityGroupVMMapVO; import com.cloud.utils.db.GenericDao; import com.cloud.vm.State; -public interface NetworkGroupVMMapDao extends GenericDao { - List listByIpAndInstanceId(String ipAddress, long instanceId); - List listByInstanceId(long instanceId); - List listByIp(String ipAddress); - List listByNetworkGroup(long networkGroupId); - List listByNetworkGroup(long networkGroupId, State ... vmStates); +public interface SecurityGroupVMMapDao extends GenericDao { + List listByIpAndInstanceId(String ipAddress, long instanceId); + List listByInstanceId(long instanceId); + List listByIp(String ipAddress); + List listBySecurityGroup(long securityGroupId); + List listBySecurityGroup(long securityGroupId, State ... vmStates); int deleteVM(long instanceid); - List listVmIdsByNetworkGroup(long networkGroupId); - NetworkGroupVMMapVO findByVmIdGroupId(long instanceId, long networkGroupId); + List listVmIdsBySecurityGroup(long securityGroupId); + SecurityGroupVMMapVO findByVmIdGroupId(long instanceId, long securityGroupId); } diff --git a/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java b/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java new file mode 100644 index 00000000000..2e3605e198a --- /dev/null +++ b/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java @@ -0,0 +1,136 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +package com.cloud.network.security.dao; + +import java.util.List; + +import javax.ejb.Local; + +import com.cloud.network.security.SecurityGroupVMMapVO; +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.GenericSearchBuilder; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; +import com.cloud.vm.State; + +@Local(value={SecurityGroupVMMapDao.class}) +public class SecurityGroupVMMapDaoImpl extends GenericDaoBase implements SecurityGroupVMMapDao { + private SearchBuilder ListByIpAndVmId; + private SearchBuilder ListByVmId; + private SearchBuilder ListByVmIdGroupId; + + private GenericSearchBuilder ListVmIdBySecurityGroup; + + private SearchBuilder ListByIp; + private SearchBuilder ListBySecurityGroup; + private SearchBuilder ListBySecurityGroupAndStates; + + protected SecurityGroupVMMapDaoImpl() { + ListByIpAndVmId = createSearchBuilder(); + ListByIpAndVmId.and("ipAddress", ListByIpAndVmId.entity().getGuestIpAddress(), SearchCriteria.Op.EQ); + ListByIpAndVmId.and("instanceId", ListByIpAndVmId.entity().getInstanceId(), SearchCriteria.Op.EQ); + ListByIpAndVmId.done(); + + ListVmIdBySecurityGroup = createSearchBuilder(Long.class); + ListVmIdBySecurityGroup.and("securityGroupId", ListVmIdBySecurityGroup.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + ListVmIdBySecurityGroup.selectField(ListVmIdBySecurityGroup.entity().getInstanceId()); + ListVmIdBySecurityGroup.done(); + + ListBySecurityGroup = createSearchBuilder(); + ListBySecurityGroup.and("securityGroupId", ListBySecurityGroup.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + ListBySecurityGroup.done(); + + ListByIp = createSearchBuilder(); + ListByIp.and("ipAddress", ListByIp.entity().getGuestIpAddress(), SearchCriteria.Op.EQ); + ListByIp.done(); + + ListByVmId = createSearchBuilder(); + ListByVmId.and("instanceId", ListByVmId.entity().getInstanceId(), SearchCriteria.Op.EQ); + ListByVmId.done(); + + ListBySecurityGroupAndStates = createSearchBuilder(); + ListBySecurityGroupAndStates.and("securityGroupId", ListBySecurityGroupAndStates.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + ListBySecurityGroupAndStates.and("states", ListBySecurityGroupAndStates.entity().getVmState(), SearchCriteria.Op.IN); + ListBySecurityGroupAndStates.done(); + + ListByVmIdGroupId = createSearchBuilder(); + ListByVmIdGroupId.and("instanceId", ListByVmIdGroupId.entity().getInstanceId(), SearchCriteria.Op.EQ); + ListByVmIdGroupId.and("securityGroupId", ListByVmIdGroupId.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + ListByVmIdGroupId.done(); + } + + public List listByIpAndInstanceId(String ipAddress, long vmId) { + SearchCriteria sc = ListByIpAndVmId.create(); + sc.setParameters("ipAddress", ipAddress); + sc.setParameters("instanceId", vmId); + return listBy(sc); + } + + @Override + public List listBySecurityGroup(long securityGroupId) { + SearchCriteria sc = ListBySecurityGroup.create(); + sc.setParameters("securityGroupId", securityGroupId); + return listBy(sc); + } + + @Override + public List listByIp(String ipAddress) { + SearchCriteria sc = ListByIp.create(); + sc.setParameters("ipAddress", ipAddress); + return listBy(sc); + } + + @Override + public List listByInstanceId(long vmId) { + SearchCriteria sc = ListByVmId.create(); + sc.setParameters("instanceId", vmId); + return listBy(sc); + } + + @Override + public int deleteVM(long instanceId) { + SearchCriteria sc = ListByVmId.create(); + sc.setParameters("instanceId", instanceId); + return super.expunge(sc); + } + + @Override + public List listBySecurityGroup(long securityGroupId, State... vmStates) { + SearchCriteria sc = ListBySecurityGroupAndStates.create(); + sc.setParameters("securityGroupId", securityGroupId); + sc.setParameters("states", (Object[])vmStates); + return listBy(sc); + } + + @Override + public List listVmIdsBySecurityGroup(long securityGroupId) { + SearchCriteria sc = ListVmIdBySecurityGroup.create(); + sc.setParameters("securityGroupId", securityGroupId); + return searchIncludingRemoved(sc, null); + } + + @Override + public SecurityGroupVMMapVO findByVmIdGroupId(long instanceId, long securityGroupId) { + SearchCriteria sc = ListByVmIdGroupId.create(); + sc.setParameters("securityGroupId", securityGroupId); + sc.setParameters("instanceId", instanceId); + return findOneIncludingRemovedBy(sc); + } + +} diff --git a/server/src/com/cloud/network/security/dao/NetworkGroupWorkDao.java b/server/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java similarity index 71% rename from server/src/com/cloud/network/security/dao/NetworkGroupWorkDao.java rename to server/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java index 8eda8a0a95b..5e05c0f00f2 100644 --- a/server/src/com/cloud/network/security/dao/NetworkGroupWorkDao.java +++ b/server/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java @@ -21,17 +21,17 @@ package com.cloud.network.security.dao; import java.util.Date; import java.util.List; -import com.cloud.network.security.NetworkGroupWorkVO; -import com.cloud.network.security.NetworkGroupWorkVO.Step; +import com.cloud.network.security.SecurityGroupWorkVO; +import com.cloud.network.security.SecurityGroupWorkVO.Step; import com.cloud.utils.db.GenericDao; -public interface NetworkGroupWorkDao extends GenericDao { - NetworkGroupWorkVO findByVmId(long vmId, boolean taken); +public interface SecurityGroupWorkDao extends GenericDao { + SecurityGroupWorkVO findByVmId(long vmId, boolean taken); - NetworkGroupWorkVO findByVmIdStep(long vmId, Step step); + SecurityGroupWorkVO findByVmIdStep(long vmId, Step step); - NetworkGroupWorkVO take(long serverId); + SecurityGroupWorkVO take(long serverId); void updateStep(Long vmId, Long logSequenceNumber, Step done); @@ -39,7 +39,7 @@ public interface NetworkGroupWorkDao extends GenericDao findUnfinishedWork(Date timeBefore); + List findUnfinishedWork(Date timeBefore); } diff --git a/server/src/com/cloud/network/security/dao/NetworkGroupWorkDaoImpl.java b/server/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java similarity index 71% rename from server/src/com/cloud/network/security/dao/NetworkGroupWorkDaoImpl.java rename to server/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java index 99dc326d7a2..ddb0ac1c7fd 100644 --- a/server/src/com/cloud/network/security/dao/NetworkGroupWorkDaoImpl.java +++ b/server/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java @@ -24,8 +24,8 @@ import java.util.List; import javax.ejb.Local; import com.cloud.ha.HaWorkVO; -import com.cloud.network.security.NetworkGroupWorkVO; -import com.cloud.network.security.NetworkGroupWorkVO.Step; +import com.cloud.network.security.SecurityGroupWorkVO; +import com.cloud.network.security.SecurityGroupWorkVO.Step; import com.cloud.utils.db.Filter; import com.cloud.utils.db.GenericDaoBase; import com.cloud.utils.db.SearchBuilder; @@ -34,17 +34,17 @@ import com.cloud.utils.db.Transaction; import com.cloud.utils.db.SearchCriteria.Op; import com.cloud.utils.exception.CloudRuntimeException; -@Local(value={NetworkGroupWorkDao.class}) -public class NetworkGroupWorkDaoImpl extends GenericDaoBase implements NetworkGroupWorkDao { - private SearchBuilder VmIdTakenSearch; - private SearchBuilder VmIdSeqNumSearch; - private SearchBuilder VmIdUnTakenSearch; - private SearchBuilder UntakenWorkSearch; - private SearchBuilder VmIdStepSearch; - private SearchBuilder CleanupSearch; +@Local(value={SecurityGroupWorkDao.class}) +public class SecurityGroupWorkDaoImpl extends GenericDaoBase implements SecurityGroupWorkDao { + private SearchBuilder VmIdTakenSearch; + private SearchBuilder VmIdSeqNumSearch; + private SearchBuilder VmIdUnTakenSearch; + private SearchBuilder UntakenWorkSearch; + private SearchBuilder VmIdStepSearch; + private SearchBuilder CleanupSearch; - protected NetworkGroupWorkDaoImpl() { + protected SecurityGroupWorkDaoImpl() { VmIdTakenSearch = createSearchBuilder(); VmIdTakenSearch.and("vmId", VmIdTakenSearch.entity().getInstanceId(), SearchCriteria.Op.EQ); VmIdTakenSearch.and("taken", VmIdTakenSearch.entity().getDateTaken(), SearchCriteria.Op.NNULL); @@ -86,29 +86,29 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase sc = taken?VmIdTakenSearch.create():VmIdUnTakenSearch.create(); + public SecurityGroupWorkVO findByVmId(long vmId, boolean taken) { + SearchCriteria sc = taken?VmIdTakenSearch.create():VmIdUnTakenSearch.create(); sc.setParameters("vmId", vmId); return findOneIncludingRemovedBy(sc); } @Override - public NetworkGroupWorkVO take(long serverId) { + public SecurityGroupWorkVO take(long serverId) { final Transaction txn = Transaction.currentTxn(); try { - final SearchCriteria sc = UntakenWorkSearch.create(); + final SearchCriteria sc = UntakenWorkSearch.create(); sc.setParameters("step", Step.Scheduled); - final Filter filter = new Filter(NetworkGroupWorkVO.class, null, true, 0l, 1l);//FIXME: order desc by update time? + final Filter filter = new Filter(SecurityGroupWorkVO.class, null, true, 0l, 1l);//FIXME: order desc by update time? txn.start(); - final List vos = lockRows(sc, filter, true); + final List vos = lockRows(sc, filter, true); if (vos.size() == 0) { txn.commit(); return null; } - NetworkGroupWorkVO work = null; - for (NetworkGroupWorkVO w: vos) { + SecurityGroupWorkVO work = null; + for (SecurityGroupWorkVO w: vos) { //ensure that there is no job in Processing state for the same VM if ( findByVmIdStep(w.getInstanceId(), Step.Processing) == null) { work = w; @@ -121,7 +121,7 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase sc = VmIdSeqNumSearch.create(); + SearchCriteria sc = VmIdSeqNumSearch.create(); sc.setParameters("vmId", vmId); sc.setParameters("seqno", logSequenceNumber); final Filter filter = new Filter(HaWorkVO.class, null, true, 0l, 1l); - final List vos = lockRows(sc, filter, true); + final List vos = lockRows(sc, filter, true); if (vos.size() == 0) { txn.commit(); return; } - NetworkGroupWorkVO work = vos.get(0); + SecurityGroupWorkVO work = vos.get(0); work.setStep(step); update(work.getId(), work); @@ -157,8 +157,8 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase sc = VmIdStepSearch.create(); + public SecurityGroupWorkVO findByVmIdStep(long vmId, Step step) { + SearchCriteria sc = VmIdStepSearch.create(); sc.setParameters("vmId", vmId); sc.setParameters("step", step); return findOneIncludingRemovedBy(sc); @@ -169,7 +169,7 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase sc = CleanupSearch.create(); + final SearchCriteria sc = CleanupSearch.create(); sc.setParameters("taken", timeBefore); sc.setParameters("step", Step.Done); @@ -191,14 +191,14 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase findUnfinishedWork(Date timeBefore) { - final SearchCriteria sc = CleanupSearch.create(); + public List findUnfinishedWork(Date timeBefore) { + final SearchCriteria sc = CleanupSearch.create(); sc.setParameters("taken", timeBefore); sc.setParameters("step", Step.Processing); - List result = listIncludingRemovedBy(sc); + List result = listIncludingRemovedBy(sc); - NetworkGroupWorkVO work = createForUpdate(); + SecurityGroupWorkVO work = createForUpdate(); work.setStep(Step.Error); update(work, sc); diff --git a/server/src/com/cloud/server/ManagementServer.java b/server/src/com/cloud/server/ManagementServer.java index fb9591144c4..a98c9feb25b 100755 --- a/server/src/com/cloud/server/ManagementServer.java +++ b/server/src/com/cloud/server/ManagementServer.java @@ -35,7 +35,7 @@ import com.cloud.exception.InvalidParameterValueException; import com.cloud.host.HostVO; import com.cloud.info.ConsoleProxyInfo; import com.cloud.network.IPAddressVO; -import com.cloud.network.security.NetworkGroupVO; +import com.cloud.network.security.SecurityGroupVO; import com.cloud.service.ServiceOfferingVO; import com.cloud.storage.DiskOfferingVO; import com.cloud.storage.GuestOSVO; @@ -529,14 +529,14 @@ public interface ManagementServer extends ManagementService { List searchForSecondaryStorageVm(Criteria c); - NetworkGroupVO findNetworkGroupByName(Long accountId, String groupName); + SecurityGroupVO findNetworkGroupByName(Long accountId, String groupName); /** * Find a network group by id * @param networkGroupId id of group to lookup * @return the network group if found, null otherwise */ - NetworkGroupVO findNetworkGroupById(long networkGroupId); + SecurityGroupVO findNetworkGroupById(long networkGroupId); /** * Is the hypervisor snapshot capable. diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 5dbeec604a3..f9f0f7a53ae 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -188,8 +188,8 @@ import com.cloud.network.dao.NetworkDao; import com.cloud.network.dao.RemoteAccessVpnDao; import com.cloud.network.dao.VpnUserDao; import com.cloud.network.router.DomainRouterManager; -import com.cloud.network.security.NetworkGroupVO; -import com.cloud.network.security.dao.NetworkGroupDao; +import com.cloud.network.security.SecurityGroupVO; +import com.cloud.network.security.dao.SecurityGroupDao; import com.cloud.offering.NetworkOffering; import com.cloud.offering.ServiceOffering; import com.cloud.server.auth.UserAuthenticator; @@ -283,7 +283,7 @@ public class ManagementServerImpl implements ManagementServer { private final AccountManager _accountMgr; private final AgentManager _agentMgr; private final ConfigurationManager _configMgr; - private final NetworkGroupDao _networkSecurityGroupDao; + private final SecurityGroupDao _networkSecurityGroupDao; private final IPAddressDao _publicIpAddressDao; private final DataCenterIpAddressDao _privateIpAddressDao; private final DomainRouterDao _routerDao; @@ -383,7 +383,7 @@ public class ManagementServerImpl implements ManagementServer { _consoleProxyMgr = locator.getManager(ConsoleProxyManager.class); _secStorageVmMgr = locator.getManager(SecondaryStorageVmManager.class); _storageMgr = locator.getManager(StorageManager.class); - _networkSecurityGroupDao = locator.getDao(NetworkGroupDao.class); + _networkSecurityGroupDao = locator.getDao(SecurityGroupDao.class); _publicIpAddressDao = locator.getDao(IPAddressDao.class); _privateIpAddressDao = locator.getDao(DataCenterIpAddressDao.class); _consoleProxyDao = locator.getDao(ConsoleProxyDao.class); @@ -4362,14 +4362,14 @@ public class ManagementServerImpl implements ManagementServer { } @Override - public NetworkGroupVO findNetworkGroupByName(Long accountId, String groupName) { - NetworkGroupVO groupVO = _networkSecurityGroupDao.findByAccountAndName(accountId, groupName); + public SecurityGroupVO findNetworkGroupByName(Long accountId, String groupName) { + SecurityGroupVO groupVO = _networkSecurityGroupDao.findByAccountAndName(accountId, groupName); return groupVO; } @Override - public NetworkGroupVO findNetworkGroupById(long networkGroupId) { - NetworkGroupVO groupVO = _networkSecurityGroupDao.findById(networkGroupId); + public SecurityGroupVO findNetworkGroupById(long networkGroupId) { + SecurityGroupVO groupVO = _networkSecurityGroupDao.findById(networkGroupId); return groupVO; } @@ -4467,12 +4467,12 @@ public class ManagementServerImpl implements ManagementServer { public Map listCapabilities(ListCapabilitiesCmd cmd) { Map capabilities = new HashMap(); - String networkGroupsEnabled = _configs.get("direct.attach.network.groups.enabled"); - if(networkGroupsEnabled == null) { - networkGroupsEnabled = "false"; + String securityGroupsEnabled = _configs.get("direct.attach.security.groups.enabled"); + if(securityGroupsEnabled == null) { + securityGroupsEnabled = "false"; } - capabilities.put("networkGroupsEnabled", networkGroupsEnabled); + capabilities.put("securityGroupsEnabled", securityGroupsEnabled); capabilities.put("cloudStackVersion", getVersion()); return capabilities; } diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index ffce0c0dbb7..789a09fdeb4 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -71,7 +71,7 @@ import com.cloud.network.NetworkVO; import com.cloud.network.dao.IPAddressDao; import com.cloud.network.dao.NetworkDao; import com.cloud.network.router.DomainRouterManager; -import com.cloud.network.security.NetworkGroupManager; +import com.cloud.network.security.SecurityGroupManager; import com.cloud.server.Criteria; import com.cloud.storage.StorageManager; import com.cloud.storage.VMTemplateVO; @@ -121,7 +121,7 @@ public class AccountManagerImpl implements AccountManager, AccountService { @Inject private NetworkDao _networkDao; - @Inject private NetworkGroupManager _networkGroupMgr; + @Inject private SecurityGroupManager _networkGroupMgr; @Inject private NetworkManager _networkMgr; @Inject private SnapshotManager _snapMgr; @Inject private UserVmManager _vmMgr; @@ -1049,7 +1049,7 @@ public class AccountManagerImpl implements AccountManager, AccountService { UserVO dbUser = _userDao.persist(user); - _networkGroupMgr.createDefaultNetworkGroup(accountId); + _networkGroupMgr.createDefaultSecurityGroup(accountId); if (!user.getPassword().equals(dbUser.getPassword())) { throw new CloudRuntimeException("The user " + username + " being creating is using a password that is different than what's in the db"); diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index 7ac5cdfdf4c..658b56689ee 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -132,7 +132,9 @@ import com.cloud.network.dao.LoadBalancerVMMapDao; import com.cloud.network.dao.NetworkDao; import com.cloud.network.router.DomainRouterManager; import com.cloud.network.rules.RulesManager; -import com.cloud.network.security.NetworkGroupManager; +import com.cloud.network.router.VirtualRouter.Role; +import com.cloud.network.security.SecurityGroupManager; +import com.cloud.network.security.SecurityGroupVO; import com.cloud.offering.NetworkOffering; import com.cloud.offering.ServiceOffering; import com.cloud.offerings.dao.NetworkOfferingDao; @@ -241,7 +243,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager @Inject AccountVlanMapDao _accountVlanMapDao; @Inject StoragePoolDao _storagePoolDao; @Inject VMTemplateHostDao _vmTemplateHostDao; - @Inject NetworkGroupManager _networkGroupMgr; + @Inject SecurityGroupManager _networkGroupMgr; @Inject ServiceOfferingDao _serviceOfferingDao; @Inject NetworkOfferingDao _networkOfferingDao; @Inject EventDao _eventDao = null; diff --git a/setup/db/create-index-fk.sql b/setup/db/create-index-fk.sql index b7a582c59c1..632255d1954 100755 --- a/setup/db/create-index-fk.sql +++ b/setup/db/create-index-fk.sql @@ -224,17 +224,17 @@ ALTER TABLE `cloud`.`launch_permission` ADD INDEX `i_launch_permission_template_ ALTER TABLE `cloud`.`guest_os` ADD CONSTRAINT `fk_guest_os__category_id` FOREIGN KEY `fk_guest_os__category_id` (`category_id`) REFERENCES `guest_os_category` (`id`) ON DELETE CASCADE; -ALTER TABLE `cloud`.`network_group` ADD CONSTRAINT `fk_network_group___account_id` FOREIGN KEY `fk_network_group__account_id` (`account_id`) REFERENCES `account` (`id`); -ALTER TABLE `cloud`.`network_group` ADD CONSTRAINT `fk_network_group__domain_id` FOREIGN KEY `fk_network_group__domain_id` (`domain_id`) REFERENCES `domain` (`id`); -ALTER TABLE `cloud`.`network_group` ADD INDEX `i_network_group_name`(`name`); +ALTER TABLE `cloud`.`security_group` ADD CONSTRAINT `fk_security_group___account_id` FOREIGN KEY `fk_security_group__account_id` (`account_id`) REFERENCES `account` (`id`); +ALTER TABLE `cloud`.`security_group` ADD CONSTRAINT `fk_security_group__domain_id` FOREIGN KEY `fk_security_group__domain_id` (`domain_id`) REFERENCES `domain` (`id`); +ALTER TABLE `cloud`.`security_group` ADD INDEX `i_security_group_name`(`name`); -ALTER TABLE `cloud`.`network_ingress_rule` ADD CONSTRAINT `fk_network_ingress_rule___network_group_id` FOREIGN KEY `fk_network_ingress_rule__network_group_id` (`network_group_id`) REFERENCES `network_group` (`id`); -ALTER TABLE `cloud`.`network_ingress_rule` ADD CONSTRAINT `fk_network_ingress_rule___allowed_network_id` FOREIGN KEY `fk_network_ingress_rule__allowed_network_id` (`allowed_network_id`) REFERENCES `network_group` (`id`); -ALTER TABLE `cloud`.`network_ingress_rule` ADD INDEX `i_network_ingress_rule_network_id`(`network_group_id`); +ALTER TABLE `cloud`.`network_ingress_rule` ADD CONSTRAINT `fk_network_ingress_rule___security_group_id` FOREIGN KEY `fk_network_ingress_rule__security_group_id` (`security_group_id`) REFERENCES `security_group` (`id`); +ALTER TABLE `cloud`.`network_ingress_rule` ADD CONSTRAINT `fk_network_ingress_rule___allowed_network_id` FOREIGN KEY `fk_network_ingress_rule__allowed_network_id` (`allowed_network_id`) REFERENCES `security_group` (`id`); +ALTER TABLE `cloud`.`network_ingress_rule` ADD INDEX `i_network_ingress_rule_network_id`(`security_group_id`); ALTER TABLE `cloud`.`network_ingress_rule` ADD INDEX `i_network_ingress_rule_allowed_network`(`allowed_network_id`); -ALTER TABLE `cloud`.`network_group_vm_map` ADD CONSTRAINT `fk_network_group_vm_map___network_group_id` FOREIGN KEY `fk_network_group_vm_map___network_group_id` (`network_group_id`) REFERENCES `network_group` (`id`) ON DELETE CASCADE; -ALTER TABLE `cloud`.`network_group_vm_map` ADD CONSTRAINT `fk_network_group_vm_map___instance_id` FOREIGN KEY `fk_network_group_vm_map___instance_id` (`instance_id`) REFERENCES `user_vm` (`id`) ON DELETE CASCADE; +ALTER TABLE `cloud`.`security_group_vm_map` ADD CONSTRAINT `fk_security_group_vm_map___security_group_id` FOREIGN KEY `fk_security_group_vm_map___security_group_id` (`security_group_id`) REFERENCES `security_group` (`id`) ON DELETE CASCADE; +ALTER TABLE `cloud`.`security_group_vm_map` ADD CONSTRAINT `fk_security_group_vm_map___instance_id` FOREIGN KEY `fk_security_group_vm_map___instance_id` (`instance_id`) REFERENCES `user_vm` (`id`) ON DELETE CASCADE; ALTER TABLE `cloud`.`op_nwgrp_work` ADD INDEX `i_op_nwgrp_work__instance_id`(`instance_id`); ALTER TABLE `cloud`.`op_nwgrp_work` ADD INDEX `i_op_nwgrp_work__mgmt_server_id`(`mgmt_server_id`); diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql index f0748a8f079..cb372ed8f7d 100755 --- a/setup/db/create-schema.sql +++ b/setup/db/create-schema.sql @@ -1013,15 +1013,6 @@ CREATE TABLE `cloud`.`service_offering` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `cloud`.`security_group` ( - `id` bigint unsigned NOT NULL auto_increment, - `name` varchar(255) NOT NULL, - `description` varchar(4096) NULL, - `domain_id` bigint unsigned NOT NULL, - `account_id` bigint unsigned NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; - CREATE TABLE `cloud`.`network_rule_config` ( `id` bigint unsigned NOT NULL auto_increment, `security_group_id` bigint unsigned NOT NULL, @@ -1032,14 +1023,6 @@ CREATE TABLE `cloud`.`network_rule_config` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `cloud`.`security_group_vm_map` ( - `id` bigint unsigned NOT NULL auto_increment, - `security_group_id` bigint unsigned NOT NULL, - `ip_address` varchar(15) NOT NULL, - `instance_id` bigint unsigned NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; - CREATE TABLE `cloud`.`load_balancer` ( `id` bigint unsigned NOT NULL auto_increment, `name` varchar(255) NOT NULL, @@ -1193,7 +1176,7 @@ CREATE TABLE `cloud`.`op_pod_vlan_alloc` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `cloud`.`network_group` ( +CREATE TABLE `cloud`.`security_group` ( `id` bigint unsigned NOT NULL auto_increment, `name` varchar(255) NOT NULL, `description` varchar(4096) NULL, @@ -1203,23 +1186,23 @@ CREATE TABLE `cloud`.`network_group` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `cloud`.`network_ingress_rule` ( +CREATE TABLE `cloud`.`security_ingress_rule` ( `id` bigint unsigned NOT NULL auto_increment, - `network_group_id` bigint unsigned NOT NULL, + `security_group_id` bigint unsigned NOT NULL, `start_port` varchar(10) default NULL, `end_port` varchar(10) default NULL, `protocol` varchar(16) NOT NULL default 'TCP', `allowed_network_id` bigint unsigned, - `allowed_network_group` varchar(255) COMMENT 'data duplicated from network_group table to avoid lots of joins when listing rules (the name of the group should be displayed rather than just id)', - `allowed_net_grp_acct` varchar(100) COMMENT 'data duplicated from network_group table to avoid lots of joins when listing rules (the name of the group owner should be displayed)', + `allowed_security_group` varchar(255) COMMENT 'data duplicated from security_group table to avoid lots of joins when listing rules (the name of the group should be displayed rather than just id)', + `allowed_sec_grp_acct` varchar(100) COMMENT 'data duplicated from security_group table to avoid lots of joins when listing rules (the name of the group owner should be displayed)', `allowed_ip_cidr` varchar(44), `create_status` varchar(32) COMMENT 'rule creation status', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `cloud`.`network_group_vm_map` ( +CREATE TABLE `cloud`.`security_group_vm_map` ( `id` bigint unsigned NOT NULL auto_increment, - `network_group_id` bigint unsigned NOT NULL, + `security_group_id` bigint unsigned NOT NULL, `instance_id` bigint unsigned NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; diff --git a/setup/db/schema-21to22.sql b/setup/db/schema-21to22.sql index 3e3d8f0ea5c..8a261bac324 100644 --- a/setup/db/schema-21to22.sql +++ b/setup/db/schema-21to22.sql @@ -6,3 +6,10 @@ SET foreign_key_checks = 0; ALTER TABLE `cloud`.`template_host_ref` ADD COLUMN `physical_size` bigint unsigned NOT NULL DEFAULT 0 ALTER TABLE `cloud`.`snapshots` MODIFY COLUMN `id` bigint unsigned UNIQUE NOT NULL ALTER TABLE `vm_instance` DROP COLUMN `group` + + +-- NOTE for tables below +-- these 2 tables were used in 2.1, but are not in 2.2 +-- we will need a migration script for these tables when the migration is written +DROP TABLE `cloud`.`security_group`; +DROP TABLE `cloud`.`security_group_vm_map`; diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java index 0113e7f540a..c6c1e0c3c63 100755 --- a/utils/src/com/cloud/utils/net/NetUtils.java +++ b/utils/src/com/cloud/utils/net/NetUtils.java @@ -731,7 +731,7 @@ public class NetUtils { return (proto.equals("tcp") || proto.equals("udp") || proto.equals("icmp")); } - public static boolean isValidNetworkGroupProto(String p) { + public static boolean isValidSecurityGroupProto(String p) { String proto = p.toLowerCase(); return (proto.equals("tcp") || proto.equals("udp") || proto.equals("icmp") || proto.equals("all")); }