diff --git a/api/src/com/cloud/api/ResponseGenerator.java b/api/src/com/cloud/api/ResponseGenerator.java index 37ec55bb2c3..c21a1ece6d4 100755 --- a/api/src/com/cloud/api/ResponseGenerator.java +++ b/api/src/com/cloud/api/ResponseGenerator.java @@ -180,7 +180,7 @@ public interface ResponseGenerator { SecurityGroupResponse createSecurityGroupResponseFromIngressRule(List ingressRules); - SecurityGroupResponse createSecurityGroupResponseFromEgressRule(List egressRules); + SecurityGroupResponse createSecurityGroupResponseFromEgressRule(List egressRules); SecurityGroupResponse createSecurityGroupResponse(SecurityGroup group); diff --git a/api/src/com/cloud/api/commands/AuthorizeSecurityGroupEgressCmd.java b/api/src/com/cloud/api/commands/AuthorizeSecurityGroupEgressCmd.java index e7c89e6e827..53979a6fca3 100644 --- a/api/src/com/cloud/api/commands/AuthorizeSecurityGroupEgressCmd.java +++ b/api/src/com/cloud/api/commands/AuthorizeSecurityGroupEgressCmd.java @@ -37,17 +37,17 @@ import com.cloud.api.response.SecurityGroupResponse; import com.cloud.async.AsyncJob; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; -import com.cloud.network.security.EgressRule; +import com.cloud.network.security.IngressRule; import com.cloud.user.Account; import com.cloud.user.UserContext; import com.cloud.utils.StringUtils; -@Implementation(responseObject = EgressRuleResponse.class, description = "Authorizes a particular ingress rule for this security group") +@Implementation(responseObject = EgressRuleResponse.class, description = "Authorizes a particular egress rule for this security group") @SuppressWarnings("rawtypes") public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupEgressCmd.class.getName()); - private static final String s_name = "authorizesecuritygroupingress"; + private static final String s_name = "authorizesecuritygroupegress"; // /////////////////////////////////////////////////// // ////////////// API parameters ///////////////////// @@ -56,10 +56,10 @@ public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd { @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "TCP is default. UDP is the other supported protocol") private String protocol; - @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "start port for this ingress rule") + @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "start port for this egress rule") private Integer startPort; - @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "end port for this ingress rule") + @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "end port for this egress rule") private Integer endPort; @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the icmp message being sent") @@ -177,7 +177,7 @@ public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd { @Override public String getEventType() { - return EventTypes.EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS; + return EventTypes.EVENT_SECURITY_GROUP_AUTHORIZE_EGRESS; } @Override @@ -203,20 +203,20 @@ public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd { sb.append("cidr list: "); sb.append(StringUtils.join(getCidrList(), ", ")); } else { - sb.append(""); + sb.append(""); } - return "authorizing ingress to group: " + getSecurityGroupId() + " to " + sb.toString(); + return "authorizing egress to group: " + getSecurityGroupId() + " to " + sb.toString(); } @Override public void execute() { - List egressRules = _securityGroupService.authorizeSecurityGroupEgress(this); + List egressRules = _securityGroupService.authorizeSecurityGroupEgress(this); if (egressRules != null && !egressRules.isEmpty()) { SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponseFromEgressRule(egressRules); this.setResponseObject(response); } else { - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize security group ingress rule(s)"); + throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize security group egress rule(s)"); } } diff --git a/api/src/com/cloud/api/commands/RevokeSecurityGroupEgressCmd.java b/api/src/com/cloud/api/commands/RevokeSecurityGroupEgressCmd.java index bfddc9ebc5b..4b249041d70 100644 --- a/api/src/com/cloud/api/commands/RevokeSecurityGroupEgressCmd.java +++ b/api/src/com/cloud/api/commands/RevokeSecurityGroupEgressCmd.java @@ -32,17 +32,17 @@ import com.cloud.event.EventTypes; import com.cloud.network.security.SecurityGroup; import com.cloud.user.Account; -@Implementation(responseObject = SuccessResponse.class, description = "Deletes a particular ingress rule from this security group") +@Implementation(responseObject = SuccessResponse.class, description = "Deletes a particular egress rule from this security group") public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupEgressCmd.class.getName()); - private static final String s_name = "revokesecuritygroupingress"; + private static final String s_name = "revokesecuritygroupegress"; // /////////////////////////////////////////////////// // ////////////// API parameters ///////////////////// // /////////////////////////////////////////////////// - @Parameter(name = ApiConstants.ID, type = CommandType.LONG, required = true, description = "The ID of the ingress rule") + @Parameter(name = ApiConstants.ID, type = CommandType.LONG, required = true, description = "The ID of the egress rule") private Long id; // /////////////////////////////////////////////////// @@ -63,7 +63,7 @@ public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd { } public static String getResultObjectName() { - return "revokesecuritygroupingress"; + return "revokesecuritygroupegress"; } @Override @@ -78,12 +78,12 @@ public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd { @Override public String getEventType() { - return EventTypes.EVENT_SECURITY_GROUP_REVOKE_INGRESS; + return EventTypes.EVENT_SECURITY_GROUP_REVOKE_EGRESS; } @Override public String getEventDescription() { - return "revoking ingress rule id: " + getId(); + return "revoking egress rule id: " + getId(); } @Override @@ -93,7 +93,7 @@ public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd { SuccessResponse response = new SuccessResponse(getCommandName()); this.setResponseObject(response); } else { - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to revoke security group ingress rule"); + throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to revoke security group egress rule"); } } diff --git a/api/src/com/cloud/api/response/EgressRuleResponse.java b/api/src/com/cloud/api/response/EgressRuleResponse.java index ca3b9fba49d..daafb511650 100644 --- a/api/src/com/cloud/api/response/EgressRuleResponse.java +++ b/api/src/com/cloud/api/response/EgressRuleResponse.java @@ -22,10 +22,10 @@ import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; public class EgressRuleResponse extends BaseResponse { - @SerializedName("ruleid") @Param(description="the id of the ingress rule") + @SerializedName("ruleid") @Param(description="the id of the egress rule") private Long ruleId; - @SerializedName("protocol") @Param(description="the protocol of the ingress rule") + @SerializedName("protocol") @Param(description="the protocol of the egress rule") private String protocol; @SerializedName(ApiConstants.ICMP_TYPE) @Param(description="the type of the ICMP message response") @@ -34,19 +34,19 @@ public class EgressRuleResponse extends BaseResponse { @SerializedName(ApiConstants.ICMP_CODE) @Param(description="the code for the ICMP message response") private Integer icmpCode; - @SerializedName(ApiConstants.START_PORT) @Param(description="the starting IP of the ingress rule") + @SerializedName(ApiConstants.START_PORT) @Param(description="the starting IP of the egress rule") private Integer startPort; - @SerializedName(ApiConstants.END_PORT) @Param(description="the ending IP of the ingress rule ") + @SerializedName(ApiConstants.END_PORT) @Param(description="the ending IP of the egress rule ") private Integer endPort; @SerializedName(ApiConstants.SECURITY_GROUP_NAME) @Param(description="security group name") private String securityGroupName; - @SerializedName(ApiConstants.ACCOUNT) @Param(description="account owning the ingress rule") + @SerializedName(ApiConstants.ACCOUNT) @Param(description="account owning the egress rule") private String accountName; - @SerializedName(ApiConstants.CIDR) @Param(description="the CIDR notation for the base IP address of the ingress rule") + @SerializedName(ApiConstants.CIDR) @Param(description="the CIDR notation for the base IP address of the egress rule") private String cidr; public Long getRuleId() { diff --git a/api/src/com/cloud/api/response/SecurityGroupResponse.java b/api/src/com/cloud/api/response/SecurityGroupResponse.java index b4d67466a64..a39b845e882 100644 --- a/api/src/com/cloud/api/response/SecurityGroupResponse.java +++ b/api/src/com/cloud/api/response/SecurityGroupResponse.java @@ -51,8 +51,8 @@ public class SecurityGroupResponse extends BaseResponse { @SerializedName("ingressrule") @Param(description="the list of ingress rules associated with the security group", responseObject = IngressRuleResponse.class) private List ingressRules; - @SerializedName("egressrule") @Param(description="the list of ingress rules associated with the security group", responseObject = EgressRuleResponse.class) - private List egressRules; + @SerializedName("egressrule") @Param(description="the list of egress rules associated with the security group", responseObject = EgressRuleResponse.class) + private List egressRules; public Long getId() { return id; @@ -106,7 +106,7 @@ public class SecurityGroupResponse extends BaseResponse { return ingressRules; } - public List getEgressRules() { + public List getEgressRules() { return egressRules; } @@ -114,7 +114,7 @@ public class SecurityGroupResponse extends BaseResponse { this.ingressRules = ingressRules; } - public void setEgressRules(List egressRules) { + public void setEgressRules(List egressRules) { this.egressRules = egressRules; } diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java index 07248e30ada..c76ac6ac391 100755 --- a/api/src/com/cloud/event/EventTypes.java +++ b/api/src/com/cloud/event/EventTypes.java @@ -170,8 +170,10 @@ public class EventTypes { public static final String EVENT_CONFIGURATION_VALUE_EDIT = "CONFIGURATION.VALUE.EDIT"; // Security Groups - public static final String EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS = "SG.AUTH.INGRESS"; + public static final String EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS = "SG.AUTH.INGRESS"; public static final String EVENT_SECURITY_GROUP_REVOKE_INGRESS = "SG.REVOKE.INGRESS"; + public static final String EVENT_SECURITY_GROUP_AUTHORIZE_EGRESS = "SG.AUTH.EGRESS"; + public static final String EVENT_SECURITY_GROUP_REVOKE_EGRESS = "SG.REVOKE.EGRESS"; public static final String EVENT_SECURITY_GROUP_CREATE = "SG.CREATE"; public static final String EVENT_SECURITY_GROUP_DELETE = "SG.DELETE"; diff --git a/api/src/com/cloud/network/security/IngressRule.java b/api/src/com/cloud/network/security/IngressRule.java index 6eaeabbcbb1..70463ef3f46 100644 --- a/api/src/com/cloud/network/security/IngressRule.java +++ b/api/src/com/cloud/network/security/IngressRule.java @@ -25,6 +25,8 @@ import com.cloud.async.AsyncInstanceCreateStatus; */ public interface IngressRule { long getId(); + + public int getType(); long getSecurityGroupId(); diff --git a/api/src/com/cloud/network/security/SecurityGroupRules.java b/api/src/com/cloud/network/security/SecurityGroupRules.java index 92ad02db00f..ee723bd166c 100644 --- a/api/src/com/cloud/network/security/SecurityGroupRules.java +++ b/api/src/com/cloud/network/security/SecurityGroupRules.java @@ -39,4 +39,6 @@ public interface SecurityGroupRules { Long getAllowedNetworkId(); String getAllowedSourceIpCidr(); + + int getType(); } diff --git a/api/src/com/cloud/network/security/SecurityGroupService.java b/api/src/com/cloud/network/security/SecurityGroupService.java index 1642a2e57dc..a22d9be20f3 100644 --- a/api/src/com/cloud/network/security/SecurityGroupService.java +++ b/api/src/com/cloud/network/security/SecurityGroupService.java @@ -50,6 +50,6 @@ public interface SecurityGroupService { public List searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException; public List authorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressCmd cmd); - public List authorizeSecurityGroupEgress(AuthorizeSecurityGroupEgressCmd cmd); + public List authorizeSecurityGroupEgress(AuthorizeSecurityGroupEgressCmd cmd); } diff --git a/core/src/com/cloud/network/security/EgressRuleVO.java b/core/src/com/cloud/network/security/EgressRuleVO.java deleted file mode 100644 index 01d7791ecb1..00000000000 --- a/core/src/com/cloud/network/security/EgressRuleVO.java +++ /dev/null @@ -1,126 +0,0 @@ -/** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. - * - * This software is licensed under the GNU General Public License v3 or later. - * - * It is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or any later version. - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ - -package com.cloud.network.security; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.EnumType; -import javax.persistence.Enumerated; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Table; - -import com.cloud.async.AsyncInstanceCreateStatus; -import com.google.gson.annotations.Expose; - -@Entity -@Table(name = ("security_egress_rule")) -public class EgressRuleVO implements EgressRule { - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - private long id; - - @Column(name = "security_group_id") - private long securityGroupId; - - @Column(name = "start_port") - private int startPort; - - @Column(name = "end_port") - private int endPort; - - @Column(name = "protocol") - private String protocol; - - @Column(name = "allowed_network_id", nullable = true) - private Long allowedNetworkId = null; - - @Column(name = "allowed_ip_cidr", nullable = true) - private String allowedDestinationIpCidr = null; - - @Expose - @Column(name = "create_status", updatable = true, nullable = false) - @Enumerated(value = EnumType.STRING) - private AsyncInstanceCreateStatus createStatus; - - public EgressRuleVO() { - } - - public EgressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId) { - this.securityGroupId = securityGroupId; - this.startPort = fromPort; - this.endPort = toPort; - this.protocol = protocol; - this.allowedNetworkId = allowedNetworkId; - } - - public EgressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr) { - this.securityGroupId = securityGroupId; - this.startPort = fromPort; - this.endPort = toPort; - this.protocol = protocol; - this.allowedDestinationIpCidr = allowedIpCidr; - } - - @Override - public long getId() { - return id; - } - - @Override - public long getSecurityGroupId() { - return securityGroupId; - } - - @Override - public int getStartPort() { - return startPort; - } - - @Override - public int getEndPort() { - return endPort; - } - - @Override - public String getProtocol() { - return protocol; - } - - @Override - public AsyncInstanceCreateStatus getCreateStatus() { - return createStatus; - } - - public void setCreateStatus(AsyncInstanceCreateStatus createStatus) { - this.createStatus = createStatus; - } - - @Override - public Long getAllowedNetworkId() { - return allowedNetworkId; - } - - @Override - public String getAllowedDestinationIpCidr() { - return allowedDestinationIpCidr; - } -} diff --git a/core/src/com/cloud/network/security/IngressRuleVO.java b/core/src/com/cloud/network/security/IngressRuleVO.java index aeb1170e101..79e29c816cd 100644 --- a/core/src/com/cloud/network/security/IngressRuleVO.java +++ b/core/src/com/cloud/network/security/IngressRuleVO.java @@ -46,6 +46,9 @@ public class IngressRuleVO implements IngressRule { @Column(name = "end_port") private int endPort; + + @Column(name = "type") + private int type; @Column(name = "protocol") private String protocol; @@ -64,20 +67,22 @@ public class IngressRuleVO implements IngressRule { public IngressRuleVO() { } - public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId) { + public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId, int type) { this.securityGroupId = securityGroupId; this.startPort = fromPort; this.endPort = toPort; this.protocol = protocol; this.allowedNetworkId = allowedNetworkId; + this.type = type; } - public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr) { + public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr, int type) { this.securityGroupId = securityGroupId; this.startPort = fromPort; this.endPort = toPort; this.protocol = protocol; this.allowedSourceIpCidr = allowedIpCidr; + this.type = type; } @Override @@ -100,6 +105,11 @@ public class IngressRuleVO implements IngressRule { return endPort; } + @Override + public int getType() { + return type; + } + @Override public String getProtocol() { return protocol; diff --git a/core/src/com/cloud/network/security/SecurityGroupEgressRulesVO.java b/core/src/com/cloud/network/security/SecurityGroupEgressRulesVO.java deleted file mode 100644 index e4b269ecd76..00000000000 --- a/core/src/com/cloud/network/security/SecurityGroupEgressRulesVO.java +++ /dev/null @@ -1,141 +0,0 @@ -/** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. - * - * This software is licensed under the GNU General Public License v3 or later. - * - * It is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or any later version. - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ - -package com.cloud.network.security; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.PrimaryKeyJoinColumn; -import javax.persistence.SecondaryTable; -import javax.persistence.Table; - -@Entity -@Table(name = ("security_group")) -@SecondaryTable(name = "security_egress_rule", join = "left", pkJoinColumns = { @PrimaryKeyJoinColumn(name = "id", referencedColumnName = "security_group_id") }) -public class SecurityGroupEgressRulesVO implements SecurityGroupRules { - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - private long id; - - @Column(name = "name") - private String name; - - @Column(name = "description") - private String description; - - @Column(name = "domain_id") - private Long domainId; - - @Column(name = "account_id") - private Long accountId; - - @Column(name = "id", table = "security_egress_rule", insertable = false, updatable = false) - private Long ruleId; - - @Column(name = "start_port", table = "security_egress_rule", insertable = false, updatable = false) - private int startPort; - - @Column(name = "end_port", table = "security_egress_rule", insertable = false, updatable = false) - private int endPort; - - @Column(name = "protocol", table = "security_egress_rule", insertable = false, updatable = false) - private String protocol; - - @Column(name = "allowed_network_id", table = "security_egress_rule", insertable = false, updatable = false, nullable = true) - private Long allowedNetworkId = null; - - @Column(name = "allowed_ip_cidr", table = "security_egress_rule", insertable = false, updatable = false, nullable = true) - private String allowedDestinationIpCidr = null; - - public SecurityGroupEgressRulesVO() { - } - - public SecurityGroupEgressRulesVO(long id, String name, String description, Long domainId, Long accountId, Long ruleId, int startPort, int endPort, String protocol, Long allowedNetworkId, - String allowedDestinationIpCidr) { - this.id = id; - this.name = name; - this.description = description; - this.domainId = domainId; - this.accountId = accountId; - this.ruleId = ruleId; - this.startPort = startPort; - this.endPort = endPort; - this.protocol = protocol; - this.allowedNetworkId = allowedNetworkId; - this.allowedDestinationIpCidr = allowedDestinationIpCidr; - } - - @Override - public long getId() { - return id; - } - - @Override - public String getName() { - return name; - } - - @Override - public String getDescription() { - return description; - } - - @Override - public Long getDomainId() { - return domainId; - } - - @Override - public Long getAccountId() { - return accountId; - } - - @Override - public Long getRuleId() { - return ruleId; - } - - @Override - public int getStartPort() { - return startPort; - } - - @Override - public int getEndPort() { - return endPort; - } - - @Override - public String getProtocol() { - return protocol; - } - - @Override - public Long getAllowedNetworkId() { - return allowedNetworkId; - } - - @Override - public String getAllowedSourceIpCidr() { /* FIXME: need to rename the method name, for this the interface need to change or need create a new interface */ - return allowedDestinationIpCidr; - } -} diff --git a/core/src/com/cloud/network/security/SecurityGroupRulesVO.java b/core/src/com/cloud/network/security/SecurityGroupRulesVO.java index 7485711ff94..30453a3dd1f 100644 --- a/core/src/com/cloud/network/security/SecurityGroupRulesVO.java +++ b/core/src/com/cloud/network/security/SecurityGroupRulesVO.java @@ -35,7 +35,7 @@ public class SecurityGroupRulesVO implements SecurityGroupRules { @GeneratedValue(strategy = GenerationType.IDENTITY) @Column(name = "id") private long id; - + @Column(name = "name") private String name; @@ -51,6 +51,9 @@ public class SecurityGroupRulesVO implements SecurityGroupRules { @Column(name = "id", table = "security_ingress_rule", insertable = false, updatable = false) private Long ruleId; + @Column(name = "type", table = "security_ingress_rule", insertable = false, updatable = false) + private int type; + @Column(name = "start_port", table = "security_ingress_rule", insertable = false, updatable = false) private int startPort; @@ -88,6 +91,11 @@ public class SecurityGroupRulesVO implements SecurityGroupRules { public long getId() { return id; } + + @Override + public int getType() { + return type; + } @Override public String getName() { diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops index 28779fe4176..c84710559b9 100755 --- a/scripts/vm/hypervisor/xenserver/vmops +++ b/scripts/vm/hypervisor/xenserver/vmops @@ -1056,12 +1056,12 @@ def network_rules(session, args): if protocol == 'all': if type == 'egress': - iptables = ['iptables', '-I', vmchain, '-m', 'state', '--state', 'NEW', '-m', 'set', '--match-set', ipsetname, 'dst', '-j', 'ACCEPT'] + iptables = ['iptables', '-I', vmchain, '-m', 'state', '--state', 'NEW', '-m', 'set', '--match-set', ipsetname, 'dst', '-j', 'DROP'] else: iptables = ['iptables', '-I', vmchain, '-m', 'state', '--state', 'NEW', '-m', 'set', '--match-set', ipsetname, 'src', '-j', 'ACCEPT'] elif protocol != 'icmp': if type == 'egress': - iptables = ['iptables', '-I', vmchain, '-p', protocol, '-m', protocol, '--dport', range, '-m', 'state', '--state', 'NEW', '-m', 'set', '--match-set', ipsetname, 'dst', '-j', 'ACCEPT'] + iptables = ['iptables', '-I', vmchain, '-p', protocol, '-m', protocol, '--dport', range, '-m', 'state', '--state', 'NEW', '-m', 'set', '--match-set', ipsetname, 'dst', '-j', 'DROP'] else: iptables = ['iptables', '-I', vmchain, '-p', protocol, '-m', protocol, '--dport', range, '-m', 'state', '--state', 'NEW', '-m', 'set', '--match-set', ipsetname, 'src', '-j', 'ACCEPT'] else: @@ -1069,7 +1069,7 @@ def network_rules(session, args): if start == "-1": range = "any" if type == 'egress': - iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-m', 'set', '--match-set', ipsetname, 'dst', '-j', 'ACCEPT'] + iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-m', 'set', '--match-set', ipsetname, 'dst', '-j', 'DROP'] else: iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-m', 'set', '--match-set', ipsetname, 'src', '-j', 'ACCEPT'] util.pread2(iptables) @@ -1077,16 +1077,25 @@ def network_rules(session, args): if allow_any and protocol != 'all': if protocol != 'icmp': - iptables = ['iptables', '-I', vmchain, '-p', protocol, '-m', protocol, '--dport', range, '-m', 'state', '--state', 'NEW', '-j', 'ACCEPT'] + if type == 'egress': + iptables = ['iptables', '-I', vmchain, '-p', protocol, '-m', protocol, '--dport', range, '-m', 'state', '--state', 'NEW', '-j', 'DROP'] + else: + iptables = ['iptables', '-I', vmchain, '-p', protocol, '-m', protocol, '--dport', range, '-m', 'state', '--state', 'NEW', '-j', 'ACCEPT'] else: range = start + "/" + end if start == "-1": range = "any" - iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-j', 'ACCEPT'] + if type == 'egress': + iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-j', 'DROP'] + else: + iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-j', 'ACCEPT'] util.pread2(iptables) util.SMlog(iptables) - util.pread2(['iptables', '-A', vmchain, '-j', 'DROP']) + if type == 'egress': + util.pread2(['iptables', '-A', vmchain, '-j', 'ACCEPT']) + else: + util.pread2(['iptables', '-A', vmchain, '-j', 'DROP']) if write_rule_log_for_vm(vm_name, vm_id, vm_ip, domid, signature, seqno) == False: return 'false' diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py index e91fe45174a..888701a311c 100755 --- a/scripts/vm/network/security_group.py +++ b/scripts/vm/network/security_group.py @@ -578,8 +578,10 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif if ruletype == 'egress': vmchain = vm_name + "-egress" + action = "DROP" else: vmchain = vm_name + action = "ACCEPT" changes = [] @@ -621,13 +623,13 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif if protocol == 'all': for ip in ips: if ruletype == 'egress': - execute("iptables -I " + vmchain + " -m state --state NEW -d " + ip + " -j ACCEPT") + execute("iptables -I " + vmchain + " -m state --state NEW -d " + ip + " -j DROP") else: execute("iptables -I " + vmchain + " -m state --state NEW -s " + ip + " -j ACCEPT") elif protocol != 'icmp': for ip in ips: if ruletype == 'egress': - execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -d " + ip + " -j ACCEPT") + execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -d " + ip + " -j DROP") else: execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -s " + ip + " -j ACCEPT") else: @@ -636,20 +638,23 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif range = "any" for ip in ips: if ruletype == 'egress': - execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " -d " + ip + " -j ACCEPT") + execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " -d " + ip + " -j DROP") else: execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " -s " + ip + " -j ACCEPT") if allow_any and protocol != 'all': if protocol != 'icmp': - execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -j ACCEPT") + execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -j " + action) else: range = start + "/" + end if start == "-1": range = "any" - execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " -j ACCEPT") + execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " -j "+action) - iptables = "iptables -A " + vmchain + " -j DROP" + if ruletype == 'egress': + iptables = "iptables -A " + vmchain + " -j ACCEPT" + else: + iptables = "iptables -A " + vmchain + " -j DROP" execute(iptables) if write_rule_log_for_vm(vmName, vm_id, vm_ip, domId, signature, seqno) == False: return 'false' diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index 2129f9dbd06..d8554f62d4e 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -1585,7 +1585,8 @@ public class ApiResponseHelper implements ResponseGenerator { List ingressRules = networkGroup.getIngressRules(); if ((ingressRules != null) && !ingressRules.isEmpty()) { List ingressRulesResponse = new ArrayList(); - + List egressRulesResponse = new ArrayList(); + for (IngressRuleResultObject ingressRule : ingressRules) { IngressRuleResponse ingressData = new IngressRuleResponse(); @@ -1606,38 +1607,18 @@ public class ApiResponseHelper implements ResponseGenerator { ingressData.setCidr(ingressRule.getAllowedSourceIpCidr()); } - ingressData.setObjectName("ingressrule"); - ingressRulesResponse.add(ingressData); + if (ingressRule.getType() == 1) + { + ingressData.setObjectName("ingressrule"); + ingressRulesResponse.add(ingressData); + } + else + { + ingressData.setObjectName("egressrule"); + egressRulesResponse.add(ingressData); + } } netGrpResponse.setIngressRules(ingressRulesResponse); - } - List egressRules = networkGroup.getEgressRules(); - if ((egressRules != null) && !egressRules.isEmpty()) { - List egressRulesResponse = new ArrayList(); - - for (EgressRuleResultObject egressRule : egressRules) { - EgressRuleResponse egressData = new EgressRuleResponse(); - - egressData.setRuleId(egressRule.getId()); - egressData.setProtocol(egressRule.getProtocol()); - if ("icmp".equalsIgnoreCase(egressRule.getProtocol())) { - egressData.setIcmpType(egressRule.getStartPort()); - egressData.setIcmpCode(egressRule.getEndPort()); - } else { - egressData.setStartPort(egressRule.getStartPort()); - egressData.setEndPort(egressRule.getEndPort()); - } - - if (egressRule.getAllowedSecurityGroup() != null) { - egressData.setSecurityGroupName(egressRule.getAllowedSecurityGroup()); - egressData.setAccountName(egressRule.getAllowedSecGroupAcct()); - } else { - egressData.setCidr(egressRule.getAllowedDestinationIpCidr()); - } - - egressData.setObjectName("egressrule"); - egressRulesResponse.add(egressData); - } netGrpResponse.setEgressRules(egressRulesResponse); } netGrpResponse.setObjectName("securitygroup"); @@ -1662,7 +1643,6 @@ public class ApiResponseHelper implements ResponseGenerator { response.setObjectName("securitygroup"); return response; - } @Override @@ -2040,7 +2020,7 @@ public class ApiResponseHelper implements ResponseGenerator { } @Override - public SecurityGroupResponse createSecurityGroupResponseFromEgressRule(List egressRules) { + public SecurityGroupResponse createSecurityGroupResponseFromEgressRule(List egressRules) { SecurityGroupResponse response = new SecurityGroupResponse(); Map securiytGroupAccounts = new HashMap(); Map allowedSecurityGroups = new HashMap(); @@ -2063,9 +2043,9 @@ public class ApiResponseHelper implements ResponseGenerator { response.setDomainId(account.getDomainId()); response.setDomainName(ApiDBUtils.findDomainById(securityGroup.getDomainId()).getName()); - List responses = new ArrayList(); - for (EgressRule egressRule : egressRules) { - EgressRuleResponse egressData = new EgressRuleResponse(); + List responses = new ArrayList(); + for (IngressRule egressRule : egressRules) { + IngressRuleResponse egressData = new IngressRuleResponse(); egressData.setRuleId(egressRule.getId()); egressData.setProtocol(egressRule.getProtocol()); @@ -2095,7 +2075,7 @@ public class ApiResponseHelper implements ResponseGenerator { egressData.setAccountName(allowedAccount.getAccountName()); } else { - egressData.setCidr(egressRule.getAllowedDestinationIpCidr()); + egressData.setCidr(egressRule.getAllowedSourceIpCidr()); } egressData.setObjectName("egressrule"); diff --git a/server/src/com/cloud/api/response/IngressRuleResultObject.java b/server/src/com/cloud/api/response/IngressRuleResultObject.java index 12d2c054b8d..2c93368c68d 100644 --- a/server/src/com/cloud/api/response/IngressRuleResultObject.java +++ b/server/src/com/cloud/api/response/IngressRuleResultObject.java @@ -31,7 +31,10 @@ public class IngressRuleResultObject { private int endPort; @Param(name="protocol") - private String protocol; + private String protocol; + + @Param(name="type") + private int type; @Param(name="securitygroup") private String allowedSecurityGroup = null; @@ -60,6 +63,14 @@ public class IngressRuleResultObject { public void setId(Long id) { this.id = id; + } + + public int getType() { + return type; + } + + public void setType(int type) { + this.type = type; } public int getStartPort() { diff --git a/server/src/com/cloud/api/response/SecurityGroupResultObject.java b/server/src/com/cloud/api/response/SecurityGroupResultObject.java index 6b25382101f..3105ecb925c 100644 --- a/server/src/com/cloud/api/response/SecurityGroupResultObject.java +++ b/server/src/com/cloud/api/response/SecurityGroupResultObject.java @@ -27,7 +27,6 @@ import com.cloud.api.ApiDBUtils; import com.cloud.network.security.SecurityGroup; import com.cloud.network.security.SecurityGroupRules; import com.cloud.network.security.SecurityGroupRulesVO; -import com.cloud.network.security.SecurityGroupEgressRulesVO; import com.cloud.serializer.Param; import com.cloud.user.Account; @@ -38,6 +37,9 @@ public class SecurityGroupResultObject { @Param(name = "name") private String name; + @Param(name = "type") + private int type; + @Param(name = "description") private String description; @@ -77,6 +79,14 @@ public class SecurityGroupResultObject { this.id = id; } + public Long getType() { + return id; + } + + public void setType(int type) { + this.type = type; + } + public String getName() { return name; } @@ -163,6 +173,7 @@ public class SecurityGroupResultObject { groupResult.setName(netGroupRule.getName()); groupResult.setDescription(netGroupRule.getDescription()); groupResult.setDomainId(netGroupRule.getDomainId()); + groupResult.setType(netGroupRule.getType()); Account account = accounts.get(netGroupRule.getAccountId()); if (account == null) { @@ -183,6 +194,7 @@ public class SecurityGroupResultObject { ingressData.setStartPort(netGroupRule.getStartPort()); ingressData.setId(netGroupRule.getRuleId()); ingressData.setProtocol(netGroupRule.getProtocol()); + ingressData.setType(netGroupRule.getType()); Long allowedSecurityGroupId = netGroupRule.getAllowedNetworkId(); if (allowedSecurityGroupId != null) { diff --git a/server/src/com/cloud/configuration/DefaultComponentLibrary.java b/server/src/com/cloud/configuration/DefaultComponentLibrary.java index a1b3a52fc6a..32a97498ddc 100755 --- a/server/src/com/cloud/configuration/DefaultComponentLibrary.java +++ b/server/src/com/cloud/configuration/DefaultComponentLibrary.java @@ -98,10 +98,8 @@ import com.cloud.network.router.VirtualNetworkApplianceManagerImpl; import com.cloud.network.rules.RulesManagerImpl; import com.cloud.network.rules.dao.PortForwardingRulesDaoImpl; import com.cloud.network.security.SecurityGroupManagerImpl; -import com.cloud.network.security.dao.EgressRuleDaoImpl; import com.cloud.network.security.dao.IngressRuleDaoImpl; import com.cloud.network.security.dao.SecurityGroupDaoImpl; -import com.cloud.network.security.dao.SecurityGroupEgressRulesDaoImpl; import com.cloud.network.security.dao.SecurityGroupRulesDaoImpl; import com.cloud.network.security.dao.SecurityGroupVMMapDaoImpl; import com.cloud.network.security.dao.SecurityGroupWorkDaoImpl; @@ -204,10 +202,8 @@ public class DefaultComponentLibrary extends ComponentLibraryBase implements Com addDao("DataCenterIpAddressDao", DataCenterIpAddressDaoImpl.class); addDao("SecurityGroupDao", SecurityGroupDaoImpl.class); addDao("IngressRuleDao", IngressRuleDaoImpl.class); - addDao("EgressRuleDao", EgressRuleDaoImpl.class); addDao("SecurityGroupVMMapDao", SecurityGroupVMMapDaoImpl.class); addDao("SecurityGroupRulesDao", SecurityGroupRulesDaoImpl.class); - addDao("SecurityGroupEgressRulesDao", SecurityGroupEgressRulesDaoImpl.class); addDao("SecurityGroupWorkDao", SecurityGroupWorkDaoImpl.class); addDao("VmRulesetLogDao", VmRulesetLogDaoImpl.class); addDao("AlertDao", AlertDaoImpl.class); diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index 90a6de68893..f027dbd61c6 100755 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -69,11 +69,9 @@ import com.cloud.exception.ResourceInUseException; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.network.NetworkManager; import com.cloud.network.security.SecurityGroupWorkVO.Step; -import com.cloud.network.security.dao.EgressRuleDao; import com.cloud.network.security.dao.IngressRuleDao; import com.cloud.network.security.dao.SecurityGroupDao; import com.cloud.network.security.dao.SecurityGroupRulesDao; -import com.cloud.network.security.dao.SecurityGroupEgressRulesDao; import com.cloud.network.security.dao.SecurityGroupVMMapDao; import com.cloud.network.security.dao.SecurityGroupWorkDao; import com.cloud.network.security.dao.VmRulesetLogDao; @@ -120,14 +118,10 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG @Inject IngressRuleDao _ingressRuleDao; @Inject - EgressRuleDao _egressRuleDao; - @Inject SecurityGroupVMMapDao _securityGroupVMMapDao; @Inject SecurityGroupRulesDao _securityGroupRulesDao; @Inject - SecurityGroupEgressRulesDao _securityGroupEgressRulesDao; - @Inject UserVmDao _userVMDao; @Inject AccountDao _accountDao; @@ -151,7 +145,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG NetworkManager _networkMgr; @Inject AccountManager _accountMgr; - + public static final int INGRESS_RULE = 1 ; + public static final int EGRESS_RULE = 2 ; ScheduledExecutorService _executorPool; ScheduledExecutorService _cleanupExecutor; @@ -332,8 +327,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG List groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVmId); for (SecurityGroupVMMapVO mapVO : groupsForVm) { - List rules = _egressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId()); - for (EgressRuleVO rule : rules) { + List rules = _ingressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId(),EGRESS_RULE); + for (IngressRuleVO rule : rules) { PortAndProto portAndProto = new PortAndProto(rule.getProtocol(), rule.getStartPort(), rule.getEndPort()); Set cidrs = allowed.get(portAndProto); if (cidrs == null) { @@ -349,8 +344,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG cidrs.add(cidr); } } - } else if (rule.getAllowedDestinationIpCidr() != null) { - cidrs.add(rule.getAllowedDestinationIpCidr()); + } else if (rule.getAllowedSourceIpCidr() != null) { + cidrs.add(rule.getAllowedSourceIpCidr()); } if (cidrs.size() > 0) { allowed.put(portAndProto, cidrs); @@ -366,7 +361,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG List groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVmId); for (SecurityGroupVMMapVO mapVO : groupsForVm) { - List rules = _ingressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId()); + List rules = _ingressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId(), INGRESS_RULE); for (IngressRuleVO rule : rules) { PortAndProto portAndProto = new PortAndProto(rule.getProtocol(), rule.getStartPort(), rule.getEndPort()); Set cidrs = allowed.get(portAndProto); @@ -718,21 +713,21 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG return null; } } - IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndAllowedGroupId(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, ngVO.getId()); + IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndAllowedGroupId(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, ngVO.getId(), INGRESS_RULE); if (ingressRule != null) { continue; // rule already exists. } - ingressRule = new IngressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, ngVO.getId()); + ingressRule = new IngressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, ngVO.getId(),INGRESS_RULE); ingressRule = _ingressRuleDao.persist(ingressRule); newRules.add(ingressRule); } if (cidrList != null) { for (String cidr : cidrList) { - IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndCidr(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, cidr); + IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndCidr(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, cidr, INGRESS_RULE); if (ingressRule != null) { continue; } - ingressRule = new IngressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, cidr); + ingressRule = new IngressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, cidr,INGRESS_RULE); ingressRule = _ingressRuleDao.persist(ingressRule); newRules.add(ingressRule); } @@ -806,7 +801,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG @Override @DB @SuppressWarnings("rawtypes") - public List authorizeSecurityGroupEgress(AuthorizeSecurityGroupEgressCmd cmd) { + public List authorizeSecurityGroupEgress(AuthorizeSecurityGroupEgressCmd cmd) { Long securityGroupId = cmd.getSecurityGroupId(); String protocol = cmd.getProtocol(); Integer startPort = cmd.getStartPort(); @@ -931,7 +926,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG s_logger.warn("Could not acquire lock on network security group: id= " + securityGroupId); return null; } - List newRules = new ArrayList(); + List newRules = new ArrayList(); try { for (final SecurityGroupVO ngVO : authorizedGroups2) { final Long ngId = ngVO.getId(); @@ -944,22 +939,22 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG return null; } } - EgressRuleVO egressRule = _egressRuleDao.findByProtoPortsAndAllowedGroupId(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, ngVO.getId()); + IngressRuleVO egressRule = _ingressRuleDao.findByProtoPortsAndAllowedGroupId(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, ngVO.getId(), EGRESS_RULE); if (egressRule != null) { continue; // rule already exists. } - egressRule = new EgressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, ngVO.getId()); - egressRule = _egressRuleDao.persist(egressRule); + egressRule = new IngressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, ngVO.getId(), EGRESS_RULE); + egressRule = _ingressRuleDao.persist(egressRule); newRules.add(egressRule); } if (cidrList != null) { for (String cidr : cidrList) { - EgressRuleVO egressRule = _egressRuleDao.findByProtoPortsAndCidr(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, cidr); + IngressRuleVO egressRule = _ingressRuleDao.findByProtoPortsAndCidr(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, cidr, EGRESS_RULE); if (egressRule != null) { continue; } - egressRule = new EgressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, cidr); - egressRule = _egressRuleDao.persist(egressRule); + egressRule = new IngressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, cidr, EGRESS_RULE); + egressRule = _ingressRuleDao.persist(egressRule); newRules.add(egressRule); } } @@ -988,7 +983,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG Account caller = UserContext.current().getCaller(); Long id = cmd.getId(); - EgressRuleVO rule = _egressRuleDao.findById(id); + IngressRuleVO rule = _ingressRuleDao.findById(id); if (rule == null) { s_logger.debug("Unable to find egress rule with id " + id); throw new InvalidParameterValueException("Unable to find egress rule with id " + id); @@ -1010,7 +1005,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG return false; } - _egressRuleDao.remove(id); + _ingressRuleDao.remove(id); s_logger.debug("revokeSecurityGroupEgress succeeded for ingress rule id: " + id); final Set affectedVms = new HashSet(); @@ -1389,7 +1384,6 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG List securityGroups = _securityGroupDao.search(sc, searchFilter); for (SecurityGroupVO group : securityGroups) { securityRulesList.addAll(_securityGroupRulesDao.listSecurityRulesByGroupId(group.getId())); - securityRulesList.addAll(_securityGroupEgressRulesDao.listSecurityEgressRulesByGroupId(group.getId())); } return securityRulesList; diff --git a/server/src/com/cloud/network/security/dao/EgressRuleDao.java b/server/src/com/cloud/network/security/dao/EgressRuleDao.java deleted file mode 100644 index 9cc514d0a86..00000000000 --- a/server/src/com/cloud/network/security/dao/EgressRuleDao.java +++ /dev/null @@ -1,36 +0,0 @@ -/** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. - * - * This software is licensed under the GNU General Public License v3 or later. - * - * It is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or any later version. - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ - -package com.cloud.network.security.dao; - -import java.util.List; - -import com.cloud.network.security.EgressRuleVO; -import com.cloud.utils.db.GenericDao; - -public interface EgressRuleDao extends GenericDao { - List listBySecurityGroupId(long networkGroupId); - List listByAllowedSecurityGroupId(long networkGroupId); - EgressRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort, int endPort, String cidr); - EgressRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String networkGroup); - EgressRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto, int startPort, int endPort, Long allowedGroupId); - int deleteBySecurityGroup(long securityGroupId); - int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort,int endPort, Long id); - int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort,int endPort, String cidr); - -} diff --git a/server/src/com/cloud/network/security/dao/EgressRuleDaoImpl.java b/server/src/com/cloud/network/security/dao/EgressRuleDaoImpl.java deleted file mode 100644 index adb11b71e43..00000000000 --- a/server/src/com/cloud/network/security/dao/EgressRuleDaoImpl.java +++ /dev/null @@ -1,167 +0,0 @@ -/** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. - * - * This software is licensed under the GNU General Public License v3 or later. - * - * It is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or any later version. - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ - -package com.cloud.network.security.dao; - -import java.util.List; -import java.util.Map; - -import javax.ejb.Local; -import javax.naming.ConfigurationException; - -import com.cloud.network.security.EgressRuleVO; -import com.cloud.network.security.SecurityGroupVO; -import com.cloud.utils.component.Inject; -import com.cloud.utils.db.GenericDaoBase; -import com.cloud.utils.db.JoinBuilder; -import com.cloud.utils.db.SearchBuilder; -import com.cloud.utils.db.SearchCriteria; - -@Local(value={EgressRuleDao.class}) -public class EgressRuleDaoImpl extends GenericDaoBase implements EgressRuleDao { - - @Inject SecurityGroupDao _securityGroupDao; - - protected SearchBuilder securityGroupIdSearch; - protected SearchBuilder allowedSecurityGroupIdSearch; - protected SearchBuilder protoPortsAndCidrSearch; - protected SearchBuilder protoPortsAndSecurityGroupNameSearch; - protected SearchBuilder protoPortsAndSecurityGroupIdSearch; - - - - protected EgressRuleDaoImpl() { - securityGroupIdSearch = createSearchBuilder(); - securityGroupIdSearch.and("securityGroupId", securityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); - securityGroupIdSearch.done(); - - allowedSecurityGroupIdSearch = createSearchBuilder(); - allowedSecurityGroupIdSearch.and("allowedNetworkId", allowedSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ); - allowedSecurityGroupIdSearch.done(); - - protoPortsAndCidrSearch = createSearchBuilder(); - protoPortsAndCidrSearch.and("securityGroupId", protoPortsAndCidrSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); - protoPortsAndCidrSearch.and("proto", protoPortsAndCidrSearch.entity().getProtocol(), SearchCriteria.Op.EQ); - protoPortsAndCidrSearch.and("startPort", protoPortsAndCidrSearch.entity().getStartPort(), SearchCriteria.Op.EQ); - protoPortsAndCidrSearch.and("endPort", protoPortsAndCidrSearch.entity().getEndPort(), SearchCriteria.Op.EQ); - protoPortsAndCidrSearch.and("cidr", protoPortsAndCidrSearch.entity().getAllowedDestinationIpCidr(), SearchCriteria.Op.EQ); - protoPortsAndCidrSearch.done(); - - protoPortsAndSecurityGroupIdSearch = createSearchBuilder(); - protoPortsAndSecurityGroupIdSearch.and("securityGroupId", protoPortsAndSecurityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); - protoPortsAndSecurityGroupIdSearch.and("proto", protoPortsAndSecurityGroupIdSearch.entity().getProtocol(), SearchCriteria.Op.EQ); - protoPortsAndSecurityGroupIdSearch.and("startPort", protoPortsAndSecurityGroupIdSearch.entity().getStartPort(), SearchCriteria.Op.EQ); - protoPortsAndSecurityGroupIdSearch.and("endPort", protoPortsAndSecurityGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ); - protoPortsAndSecurityGroupIdSearch.and("allowedNetworkId", protoPortsAndSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ); - - } - - public List listBySecurityGroupId(long securityGroupId) { - SearchCriteria sc = securityGroupIdSearch.create(); - sc.setParameters("securityGroupId", securityGroupId); - return listBy(sc); - } - - public int deleteBySecurityGroup(long securityGroupId) { - SearchCriteria sc = securityGroupIdSearch.create(); - sc.setParameters("securityGroupId", securityGroupId); - return expunge(sc); - } - - @Override - public List listByAllowedSecurityGroupId(long securityGroupId) { - SearchCriteria sc = allowedSecurityGroupIdSearch.create(); - sc.setParameters("allowedNetworkId", securityGroupId); - return listBy(sc); - } - - @Override - public EgressRuleVO findByProtoPortsAndCidr(long securityGroupId, String proto, int startPort, - int endPort, String cidr) { - SearchCriteria sc = protoPortsAndCidrSearch.create(); - sc.setParameters("securityGroupId", securityGroupId); - sc.setParameters("proto", proto); - sc.setParameters("startPort", startPort); - sc.setParameters("endPort", endPort); - sc.setParameters("cidr", cidr); - return findOneIncludingRemovedBy(sc); - } - - @Override - public EgressRuleVO findByProtoPortsAndGroup(String proto, int startPort, - int endPort, String securityGroup) { - SearchCriteria sc = protoPortsAndSecurityGroupNameSearch.create(); - sc.setParameters("proto", proto); - sc.setParameters("startPort", startPort); - sc.setParameters("endPort", endPort); - sc.setJoinParameters("groupName", "groupName", securityGroup); - return findOneIncludingRemovedBy(sc); - } - - @Override - public boolean configure(String name, Map params) - throws ConfigurationException { - protoPortsAndSecurityGroupNameSearch = createSearchBuilder(); - protoPortsAndSecurityGroupNameSearch.and("proto", protoPortsAndSecurityGroupNameSearch.entity().getProtocol(), SearchCriteria.Op.EQ); - protoPortsAndSecurityGroupNameSearch.and("startPort", protoPortsAndSecurityGroupNameSearch.entity().getStartPort(), SearchCriteria.Op.EQ); - protoPortsAndSecurityGroupNameSearch.and("endPort", protoPortsAndSecurityGroupNameSearch.entity().getEndPort(), SearchCriteria.Op.EQ); - SearchBuilder ngSb = _securityGroupDao.createSearchBuilder(); - ngSb.and("groupName", ngSb.entity().getName(), SearchCriteria.Op.EQ); - protoPortsAndSecurityGroupNameSearch.join("groupName", ngSb, protoPortsAndSecurityGroupNameSearch.entity().getAllowedNetworkId(), ngSb.entity().getId(), JoinBuilder.JoinType.INNER); - protoPortsAndSecurityGroupNameSearch.done(); - return super.configure(name, params); - } - - @Override - public int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort, int endPort, Long allowedGroupId) { - SearchCriteria sc = protoPortsAndSecurityGroupIdSearch.create(); - sc.setParameters("securityGroupId", securityGroupId); - sc.setParameters("proto", protocol); - sc.setParameters("startPort", startPort); - sc.setParameters("endPort", endPort); - sc.setParameters("allowedNetworkId", allowedGroupId); - - return expunge(sc); - - } - - @Override - public int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort, int endPort, String cidr) { - SearchCriteria sc = protoPortsAndCidrSearch.create(); - sc.setParameters("securityGroupId", securityGroupId); - sc.setParameters("proto", protocol); - sc.setParameters("startPort", startPort); - sc.setParameters("endPort", endPort); - sc.setParameters("cidr", cidr); - - return expunge(sc); - } - - @Override - public EgressRuleVO findByProtoPortsAndAllowedGroupId(long securityGroupId, String proto, - int startPort, int endPort, Long allowedGroupId) { - SearchCriteria sc = protoPortsAndSecurityGroupIdSearch.create(); - sc.addAnd("securityGroupId", SearchCriteria.Op.EQ, securityGroupId); - sc.setParameters("proto", proto); - sc.setParameters("startPort", startPort); - sc.setParameters("endPort", endPort); - sc.setParameters("allowedNetworkId", allowedGroupId); - - return findOneIncludingRemovedBy(sc); - } -} diff --git a/server/src/com/cloud/network/security/dao/IngressRuleDao.java b/server/src/com/cloud/network/security/dao/IngressRuleDao.java index c95e4ee567b..9f33e4a8d73 100644 --- a/server/src/com/cloud/network/security/dao/IngressRuleDao.java +++ b/server/src/com/cloud/network/security/dao/IngressRuleDao.java @@ -24,13 +24,13 @@ import com.cloud.network.security.IngressRuleVO; import com.cloud.utils.db.GenericDao; public interface IngressRuleDao extends GenericDao { - List listBySecurityGroupId(long networkGroupId); + List listBySecurityGroupId(long networkGroupId, int type); List listByAllowedSecurityGroupId(long networkGroupId); - IngressRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort, int endPort, String cidr); - IngressRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String networkGroup); - IngressRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto, int startPort, int endPort, Long allowedGroupId); - int deleteBySecurityGroup(long securityGroupId); - int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort,int endPort, Long id); - int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort,int endPort, String cidr); + IngressRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort, int endPort, String cidr,int type); + IngressRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String networkGroup,int type); + IngressRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto, int startPort, int endPort, Long allowedGroupId,int type); + int deleteBySecurityGroup(long securityGroupId,int type); + int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort,int endPort, Long id,int type); + int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort,int endPort, String cidr,int type); } diff --git a/server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java b/server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java index dab386e1170..2f626d91371 100644 --- a/server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java +++ b/server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java @@ -47,7 +47,8 @@ public class IngressRuleDaoImpl extends GenericDaoBase impl protected IngressRuleDaoImpl() { securityGroupIdSearch = createSearchBuilder(); - securityGroupIdSearch.and("securityGroupId", securityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + securityGroupIdSearch.and("securityGroupId", securityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + securityGroupIdSearch.and("type", securityGroupIdSearch.entity().getType(), SearchCriteria.Op.EQ); securityGroupIdSearch.done(); allowedSecurityGroupIdSearch = createSearchBuilder(); @@ -60,26 +61,31 @@ public class IngressRuleDaoImpl extends GenericDaoBase impl protoPortsAndCidrSearch.and("startPort", protoPortsAndCidrSearch.entity().getStartPort(), SearchCriteria.Op.EQ); protoPortsAndCidrSearch.and("endPort", protoPortsAndCidrSearch.entity().getEndPort(), SearchCriteria.Op.EQ); protoPortsAndCidrSearch.and("cidr", protoPortsAndCidrSearch.entity().getAllowedSourceIpCidr(), SearchCriteria.Op.EQ); + protoPortsAndCidrSearch.and("type", protoPortsAndCidrSearch.entity().getType(), SearchCriteria.Op.EQ); protoPortsAndCidrSearch.done(); protoPortsAndSecurityGroupIdSearch = createSearchBuilder(); protoPortsAndSecurityGroupIdSearch.and("securityGroupId", protoPortsAndSecurityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); protoPortsAndSecurityGroupIdSearch.and("proto", protoPortsAndSecurityGroupIdSearch.entity().getProtocol(), SearchCriteria.Op.EQ); protoPortsAndSecurityGroupIdSearch.and("startPort", protoPortsAndSecurityGroupIdSearch.entity().getStartPort(), SearchCriteria.Op.EQ); - protoPortsAndSecurityGroupIdSearch.and("endPort", protoPortsAndSecurityGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupIdSearch.and("endPort", protoPortsAndSecurityGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupIdSearch.and("type", protoPortsAndSecurityGroupIdSearch.entity().getType(), SearchCriteria.Op.EQ); protoPortsAndSecurityGroupIdSearch.and("allowedNetworkId", protoPortsAndSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ); + } - public List listBySecurityGroupId(long securityGroupId) { + public List listBySecurityGroupId(long securityGroupId, int type) { SearchCriteria sc = securityGroupIdSearch.create(); - sc.setParameters("securityGroupId", securityGroupId); + sc.setParameters("securityGroupId", securityGroupId); + sc.setParameters("type", type); return listBy(sc); } - public int deleteBySecurityGroup(long securityGroupId) { + public int deleteBySecurityGroup(long securityGroupId,int type) { SearchCriteria sc = securityGroupIdSearch.create(); - sc.setParameters("securityGroupId", securityGroupId); + sc.setParameters("securityGroupId", securityGroupId); + sc.setParameters("type", type); return expunge(sc); } @@ -87,29 +93,32 @@ public class IngressRuleDaoImpl extends GenericDaoBase impl public List listByAllowedSecurityGroupId(long securityGroupId) { SearchCriteria sc = allowedSecurityGroupIdSearch.create(); sc.setParameters("allowedNetworkId", securityGroupId); + return listBy(sc); } @Override public IngressRuleVO findByProtoPortsAndCidr(long securityGroupId, String proto, int startPort, - int endPort, String cidr) { + int endPort, String cidr,int type) { SearchCriteria sc = protoPortsAndCidrSearch.create(); sc.setParameters("securityGroupId", securityGroupId); sc.setParameters("proto", proto); sc.setParameters("startPort", startPort); sc.setParameters("endPort", endPort); sc.setParameters("cidr", cidr); + sc.setParameters("type", type); return findOneIncludingRemovedBy(sc); } @Override public IngressRuleVO findByProtoPortsAndGroup(String proto, int startPort, - int endPort, String securityGroup) { + int endPort, String securityGroup,int type) { SearchCriteria sc = protoPortsAndSecurityGroupNameSearch.create(); sc.setParameters("proto", proto); sc.setParameters("startPort", startPort); sc.setParameters("endPort", endPort); sc.setJoinParameters("groupName", "groupName", securityGroup); + sc.setParameters("type", type); return findOneIncludingRemovedBy(sc); } @@ -128,39 +137,42 @@ public class IngressRuleDaoImpl extends GenericDaoBase impl } @Override - public int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort, int endPort, Long allowedGroupId) { + public int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort, int endPort, Long allowedGroupId,int type) { SearchCriteria sc = protoPortsAndSecurityGroupIdSearch.create(); sc.setParameters("securityGroupId", securityGroupId); sc.setParameters("proto", protocol); sc.setParameters("startPort", startPort); sc.setParameters("endPort", endPort); sc.setParameters("allowedNetworkId", allowedGroupId); + sc.setParameters("type", type); return expunge(sc); } @Override - public int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort, int endPort, String cidr) { + public int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort, int endPort, String cidr,int type) { SearchCriteria sc = protoPortsAndCidrSearch.create(); sc.setParameters("securityGroupId", securityGroupId); sc.setParameters("proto", protocol); sc.setParameters("startPort", startPort); sc.setParameters("endPort", endPort); sc.setParameters("cidr", cidr); + sc.setParameters("type", type); return expunge(sc); } @Override public IngressRuleVO findByProtoPortsAndAllowedGroupId(long securityGroupId, String proto, - int startPort, int endPort, Long allowedGroupId) { + int startPort, int endPort, Long allowedGroupId,int type) { SearchCriteria sc = protoPortsAndSecurityGroupIdSearch.create(); sc.addAnd("securityGroupId", SearchCriteria.Op.EQ, securityGroupId); sc.setParameters("proto", proto); sc.setParameters("startPort", startPort); sc.setParameters("endPort", endPort); sc.setParameters("allowedNetworkId", allowedGroupId); + sc.setParameters("type", type); return findOneIncludingRemovedBy(sc); } diff --git a/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDao.java b/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDao.java deleted file mode 100644 index bba79b7eca7..00000000000 --- a/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDao.java +++ /dev/null @@ -1,53 +0,0 @@ -/** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. - * - * This software is licensed under the GNU General Public License v3 or later. - * - * It is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or any later version. - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ - -package com.cloud.network.security.dao; - -import java.util.List; - -import com.cloud.network.security.SecurityGroupEgressRulesVO; -import com.cloud.utils.db.GenericDao; - -public interface SecurityGroupEgressRulesDao extends GenericDao { - /** - * List a security group and associated ingress rules - * @param accountId the account id of the owner of the security group - * @param groupName the name of the group for which to list rules - * @return the list of ingress rules associated with the security group (and security group info) - */ - List listSecurityGroupEgressRules(long accountId, String groupName); - - /** - * List security groups and associated ingress rules - * @param accountId the id of the account for which to list groups and associated rules - * @return the list of security groups with associated ingress rules - */ - List listSecurityGroupEgressRules(long accountId); - - /** - * List all security groups and associated ingress rules - * @return the list of security groups with associated ingress rules - */ - List listSecurityGroupEgressRules(); - - /** - * List all security rules belonging to the specific group - * @return the security group with associated ingress rules - */ - List listSecurityEgressRulesByGroupId(long groupId); -} diff --git a/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDaoImpl.java b/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDaoImpl.java deleted file mode 100644 index b92e0e1b031..00000000000 --- a/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDaoImpl.java +++ /dev/null @@ -1,85 +0,0 @@ -/** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. - * - * This software is licensed under the GNU General Public License v3 or later. - * - * It is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or any later version. - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ - -package com.cloud.network.security.dao; - -import java.util.List; - -import javax.ejb.Local; - -import com.cloud.network.security.SecurityGroupEgressRulesVO; -import com.cloud.utils.db.Filter; -import com.cloud.utils.db.GenericDaoBase; -import com.cloud.utils.db.SearchBuilder; -import com.cloud.utils.db.SearchCriteria; - -@Local(value={SecurityGroupEgressRulesDao.class}) -public class SecurityGroupEgressRulesDaoImpl extends GenericDaoBase implements SecurityGroupEgressRulesDao { - private SearchBuilder AccountGroupNameSearch; - private SearchBuilder AccountSearch; - private SearchBuilder GroupSearch; - - protected SecurityGroupEgressRulesDaoImpl() { - AccountGroupNameSearch = createSearchBuilder(); - AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ); - AccountGroupNameSearch.and("name", AccountGroupNameSearch.entity().getName(), SearchCriteria.Op.EQ); - AccountGroupNameSearch.done(); - - AccountSearch = createSearchBuilder(); - AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ); - AccountSearch.done(); - - GroupSearch = createSearchBuilder(); - GroupSearch.and("groupId", GroupSearch.entity().getId(), SearchCriteria.Op.EQ); - GroupSearch.done(); - - } - - @Override - public List listSecurityGroupEgressRules() { - Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null); - return listAll(searchFilter); - } - - @Override - public List listSecurityGroupEgressRules(long accountId, String groupName) { - Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null); - - SearchCriteria sc = AccountGroupNameSearch.create(); - sc.setParameters("accountId", accountId); - sc.setParameters("name", groupName); - return listBy(sc, searchFilter); - } - - @Override - public List listSecurityGroupEgressRules(long accountId) { - Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null); - SearchCriteria sc = AccountSearch.create(); - sc.setParameters("accountId", accountId); - return listBy(sc, searchFilter); - } - - - @Override - public List listSecurityEgressRulesByGroupId(long groupId) { - Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null); - SearchCriteria sc = GroupSearch.create(); - sc.setParameters("groupId", groupId); - return listBy(sc, searchFilter); - } -} diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql index 07b8e6f4b90..a52efbb79e6 100755 --- a/setup/db/create-schema.sql +++ b/setup/db/create-schema.sql @@ -108,7 +108,6 @@ DROP TABLE IF EXISTS `cloud`.`ovs_work`; DROP TABLE IF EXISTS `cloud`.`remote_access_vpn`; DROP TABLE IF EXISTS `cloud`.`resource_count`; DROP TABLE IF EXISTS `cloud`.`security_ingress_rule`; -DROP TABLE IF EXISTS `cloud`.`security_egress_rule`; DROP TABLE IF EXISTS `cloud`.`stack_maid`; DROP TABLE IF EXISTS `cloud`.`storage_pool_work`; DROP TABLE IF EXISTS `cloud`.`user_vm_details`; @@ -1423,6 +1422,7 @@ CREATE TABLE `cloud`.`security_group` ( CREATE TABLE `cloud`.`security_ingress_rule` ( `id` bigint unsigned NOT NULL auto_increment, `security_group_id` bigint unsigned NOT NULL, + `type` bigint unsigned NOT NULL, `start_port` varchar(10) default NULL, `end_port` varchar(10) default NULL, `protocol` varchar(16) NOT NULL default 'TCP', @@ -1432,17 +1432,6 @@ CREATE TABLE `cloud`.`security_ingress_rule` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `cloud`.`security_egress_rule` ( - `id` bigint unsigned NOT NULL auto_increment, - `security_group_id` bigint unsigned NOT NULL, - `start_port` varchar(10) default NULL, - `end_port` varchar(10) default NULL, - `protocol` varchar(16) NOT NULL default 'TCP', - `allowed_network_id` bigint unsigned, - `allowed_ip_cidr` varchar(44), - `create_status` varchar(32) COMMENT 'rule creation status', - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `cloud`.`security_group_vm_map` ( `id` bigint unsigned NOT NULL auto_increment,