diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in
index 7e831e13054..3afde1e317b 100755
--- a/client/tomcatconf/commands.properties.in
+++ b/client/tomcatconf/commands.properties.in
@@ -102,15 +102,6 @@ disassociateIpAddress=com.cloud.api.commands.DisassociateIPAddrCmd;15
listPublicIpAddresses=com.cloud.api.commands.ListPublicIpAddressesCmd;15
#### firewall commands
-createPortForwardingServiceRule=com.cloud.api.commands.CreatePortForwardingServiceRuleCmd;15
-deletePortForwardingServiceRule=com.cloud.api.commands.DeletePortForwardingServiceRuleCmd;15
-listPortForwardingServiceRules=com.cloud.api.commands.ListPortForwardingServiceRulesCmd;15
-createPortForwardingService=com.cloud.api.commands.CreatePortForwardingServiceCmd;15
-deletePortForwardingService=com.cloud.api.commands.DeletePortForwardingServiceCmd;15
-assignPortForwardingService=com.cloud.api.commands.AssignPortForwardingServiceCmd;15
-removePortForwardingService=com.cloud.api.commands.RemovePortForwardingServiceCmd;15
-listPortForwardingServices=com.cloud.api.commands.ListPortForwardingServicesCmd;15
-listPortForwardingServicesByVm=com.cloud.api.commands.ListPortForwardingServicesByVmCmd;15
listPortForwardingRules=com.cloud.api.commands.ListPortForwardingRulesCmd;15
createPortForwardingRule=com.cloud.api.commands.CreateIPForwardingRuleCmd;15
deletePortForwardingRule=com.cloud.api.commands.DeleteIPForwardingRuleCmd;15
diff --git a/client/tomcatconf/components.xml.in b/client/tomcatconf/components.xml.in
index 52b9e46123d..28a78a0ce79 100755
--- a/client/tomcatconf/components.xml.in
+++ b/client/tomcatconf/components.xml.in
@@ -63,10 +63,8 @@
-1
-
-
diff --git a/core/src/com/cloud/event/EventTypes.java b/core/src/com/cloud/event/EventTypes.java
index 5a4e0b797b7..a0776c8f23d 100755
--- a/core/src/com/cloud/event/EventTypes.java
+++ b/core/src/com/cloud/event/EventTypes.java
@@ -57,11 +57,6 @@ public class EventTypes {
public static final String EVENT_NET_RULE_DELETE = "NET.RULEDELETE";
public static final String EVENT_NET_RULE_MODIFY = "NET.RULEMODIFY";
- // Security Groups
- public static final String EVENT_PORT_FORWARDING_SERVICE_APPLY = "PF.SERVICE.APPLY";
- public static final String EVENT_PORT_FORWARDING_SERVICE_DELETE = "PF.SERVICE.DELETE";
- public static final String EVENT_PORT_FORWARDING_SERVICE_REMOVE = "PF.SERVICE.REMOVE";
-
// Load Balancers
public static final String EVENT_ASSIGN_TO_LOAD_BALANCER_RULE = "LB.ASSIGN.TO.RULE";
public static final String EVENT_REMOVE_FROM_LOAD_BALANCER_RULE = "LB.REMOVE.FROM.RULE";
diff --git a/core/src/com/cloud/network/SecurityGroupVMMapVO.java b/core/src/com/cloud/network/SecurityGroupVMMapVO.java
deleted file mode 100644
index 590b744a387..00000000000
--- a/core/src/com/cloud/network/SecurityGroupVMMapVO.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.network;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-@Entity
-@Table(name=("security_group_vm_map"))
-public class SecurityGroupVMMapVO {
- @Id
- @GeneratedValue(strategy=GenerationType.IDENTITY)
- @Column(name="id")
- private Long id;
-
- @Column(name="security_group_id")
- private long securityGroupId;
-
- @Column(name="ip_address")
- private String ipAddress;
-
- @Column(name="instance_id")
- private long instanceId;
-
- public SecurityGroupVMMapVO() { }
-
- public SecurityGroupVMMapVO(long securityGroupId, String ipAddress, long instanceId) {
- this.securityGroupId = securityGroupId;
- this.ipAddress = ipAddress;
- this.instanceId = instanceId;
- }
-
- public Long getId() {
- return id;
- }
-
- public long getSecurityGroupId() {
- return securityGroupId;
- }
-
- public String getIpAddress() {
- return ipAddress;
- }
-
- public long getInstanceId() {
- return instanceId;
- }
-}
diff --git a/core/src/com/cloud/network/SecurityGroupVO.java b/core/src/com/cloud/network/SecurityGroupVO.java
deleted file mode 100644
index 691963775da..00000000000
--- a/core/src/com/cloud/network/SecurityGroupVO.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.network;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.PrimaryKeyJoinColumn;
-import javax.persistence.SecondaryTable;
-import javax.persistence.Table;
-
-import com.cloud.domain.PartOf;
-import com.cloud.user.OwnedBy;
-
-@Entity
-@Table(name=("security_group"))
-@SecondaryTable(name="account",
- pkJoinColumns={@PrimaryKeyJoinColumn(name="account_id", referencedColumnName="id")})
-public class SecurityGroupVO implements PartOf, OwnedBy {
- @Id
- @GeneratedValue(strategy=GenerationType.IDENTITY)
- @Column(name="id")
- private long id;
-
- @Column(name="name")
- private String name;
-
- @Column(name="description")
- private String description;
-
- @Column(name="domain_id")
- private long domainId;
-
- @Column(name="account_id")
- private long accountId;
-
- @Column(name="account_name", table="account", insertable=false, updatable=false)
- private String accountName = null;
-
- public SecurityGroupVO() {}
-
- public SecurityGroupVO(String name, String description, long domainId, long accountId) {
- this.name = name;
- this.description = description;
- this.domainId = domainId;
- this.accountId = accountId;
- }
-
- public long getId() {
- return id;
- }
-
- public String getName() {
- return name;
- }
-
- public String getDescription() {
- return description;
- }
-
- public long getDomainId() {
- return domainId;
- }
-
- public long getAccountId() {
- return accountId;
- }
-
- public String getAccountName() {
- return accountName;
- }
-}
diff --git a/core/src/com/cloud/network/dao/SecurityGroupDao.java b/core/src/com/cloud/network/dao/SecurityGroupDao.java
deleted file mode 100644
index f2ae39bf482..00000000000
--- a/core/src/com/cloud/network/dao/SecurityGroupDao.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.network.dao;
-
-import java.util.List;
-
-import com.cloud.network.SecurityGroupVO;
-import com.cloud.utils.db.GenericDao;
-
-public interface SecurityGroupDao extends GenericDao {
- List listByAccountId(long accountId);
- boolean isNameInUse(Long accountId, Long domainId, String name);
-}
diff --git a/core/src/com/cloud/network/dao/SecurityGroupDaoImpl.java b/core/src/com/cloud/network/dao/SecurityGroupDaoImpl.java
deleted file mode 100644
index 3fbb233f57a..00000000000
--- a/core/src/com/cloud/network/dao/SecurityGroupDaoImpl.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.network.dao;
-
-import java.util.List;
-
-import javax.ejb.Local;
-
-import com.cloud.network.SecurityGroupVO;
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Local(value={SecurityGroupDao.class})
-public class SecurityGroupDaoImpl extends GenericDaoBase implements SecurityGroupDao {
- private SearchBuilder AccountIdSearch;
-
- protected SecurityGroupDaoImpl() {
- AccountIdSearch = createSearchBuilder();
- AccountIdSearch.and("accountId", AccountIdSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
- AccountIdSearch.done();
- }
-
- @Override
- public List listByAccountId(long accountId) {
- SearchCriteria sc = AccountIdSearch.create();
- sc.setParameters("accountId", accountId);
- return listBy(sc);
- }
-
- @Override
- public boolean isNameInUse(Long accountId, Long domainId, String name) {
- SearchCriteria sc = createSearchCriteria();
- sc.addAnd("name", SearchCriteria.Op.EQ, name);
- if (accountId != null) {
- sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId);
- } else {
- sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId);
- sc.addAnd("accountId", SearchCriteria.Op.NULL);
- }
-
- List securityGroups = listBy(sc);
- return ((securityGroups != null) && !securityGroups.isEmpty());
- }
-}
diff --git a/core/src/com/cloud/network/dao/SecurityGroupVMMapDao.java b/core/src/com/cloud/network/dao/SecurityGroupVMMapDao.java
deleted file mode 100644
index eabea48fe8a..00000000000
--- a/core/src/com/cloud/network/dao/SecurityGroupVMMapDao.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.network.dao;
-
-import java.util.List;
-
-import com.cloud.network.SecurityGroupVMMapVO;
-import com.cloud.utils.db.GenericDao;
-
-public interface SecurityGroupVMMapDao extends GenericDao {
- List listByIpAndInstanceId(String ipAddress, long instanceId);
- List listByInstanceId(long instanceId);
- List listByIp(String ipAddress);
- List listBySecurityGroup(long securityGroupId);
-}
diff --git a/core/src/com/cloud/network/dao/SecurityGroupVMMapDaoImpl.java b/core/src/com/cloud/network/dao/SecurityGroupVMMapDaoImpl.java
deleted file mode 100644
index 05be43c5002..00000000000
--- a/core/src/com/cloud/network/dao/SecurityGroupVMMapDaoImpl.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.network.dao;
-
-import java.util.List;
-
-import javax.ejb.Local;
-
-import com.cloud.network.SecurityGroupVMMapVO;
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Local(value={SecurityGroupVMMapDao.class})
-public class SecurityGroupVMMapDaoImpl extends GenericDaoBase implements SecurityGroupVMMapDao {
- private SearchBuilder ListByIpAndVmId;
- private SearchBuilder ListByVmId;
- private SearchBuilder ListByIp;
- private SearchBuilder ListBySecurityGroup;
-
- protected SecurityGroupVMMapDaoImpl() {
- ListByIpAndVmId = createSearchBuilder();
- ListByIpAndVmId.and("ipAddress", ListByIpAndVmId.entity().getIpAddress(), SearchCriteria.Op.EQ);
- ListByIpAndVmId.and("instanceId", ListByIpAndVmId.entity().getInstanceId(), SearchCriteria.Op.EQ);
- ListByIpAndVmId.done();
-
- ListBySecurityGroup = createSearchBuilder();
- ListBySecurityGroup.and("securityGroupId", ListBySecurityGroup.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
- ListBySecurityGroup.done();
-
- ListByIp = createSearchBuilder();
- ListByIp.and("ipAddress", ListByIp.entity().getIpAddress(), SearchCriteria.Op.EQ);
- ListByIp.done();
-
- ListByVmId = createSearchBuilder();
- ListByVmId.and("instanceId", ListByVmId.entity().getInstanceId(), SearchCriteria.Op.EQ);
- ListByVmId.done();
- }
-
- public List listByIpAndInstanceId(String ipAddress, long vmId) {
- SearchCriteria sc = ListByIpAndVmId.create();
- sc.setParameters("ipAddress", ipAddress);
- sc.setParameters("instanceId", vmId);
- return listBy(sc);
- }
-
- @Override
- public List listBySecurityGroup(long securityGroupId) {
- SearchCriteria sc = ListBySecurityGroup.create();
- sc.setParameters("securityGroupId", securityGroupId);
- return listBy(sc);
- }
-
- @Override
- public List listByIp(String ipAddress) {
- SearchCriteria sc = ListByIp.create();
- sc.setParameters("ipAddress", ipAddress);
- return listBy(sc);
- }
-
- @Override
- public List listByInstanceId(long vmId) {
- SearchCriteria sc = ListByVmId.create();
- sc.setParameters("instanceId", vmId);
- return listBy(sc);
- }
-
-}
diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java
index 601a0959238..7bcad91fa3b 100755
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@@ -27,11 +27,9 @@ import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.network.IPAddressVO;
import com.cloud.network.LoadBalancerVO;
import com.cloud.network.NetworkRuleConfigVO;
-import com.cloud.network.SecurityGroupVO;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.LoadBalancerDao;
import com.cloud.network.dao.NetworkRuleConfigDao;
-import com.cloud.network.dao.SecurityGroupDao;
import com.cloud.network.security.NetworkGroupManager;
import com.cloud.offering.ServiceOffering;
import com.cloud.server.Criteria;
@@ -106,7 +104,6 @@ public class ApiDBUtils {
private static LoadBalancerDao _loadBalancerDao;
private static NetworkRuleConfigDao _networkRuleConfigDao;
private static HostPodDao _podDao;
- private static SecurityGroupDao _securityGroupDao;
private static ServiceOfferingDao _serviceOfferingDao;
private static SnapshotDao _snapshotDao;
private static StoragePoolDao _storagePoolDao;
@@ -145,7 +142,6 @@ public class ApiDBUtils {
_loadBalancerDao = locator.getDao(LoadBalancerDao.class);
_networkRuleConfigDao = locator.getDao(NetworkRuleConfigDao.class);
_podDao = locator.getDao(HostPodDao.class);
- _securityGroupDao = locator.getDao(SecurityGroupDao.class);
_serviceOfferingDao = locator.getDao(ServiceOfferingDao.class);
_snapshotDao = locator.getDao(SnapshotDao.class);
_storagePoolDao = locator.getDao(StoragePoolDao.class);
@@ -339,10 +335,6 @@ public class ApiDBUtils {
return _podDao.findById(podId);
}
- public static SecurityGroupVO findPortForwardingServiceById(Long securityGroupId) {
- return _securityGroupDao.findById(securityGroupId);
- }
-
public static VolumeVO findRootVolume(long vmId) {
List volumes = _volumeDao.findByInstanceAndType(vmId, VolumeType.ROOT);
if (volumes != null && volumes.size() == 1) {
diff --git a/server/src/com/cloud/api/commands/AssignPortForwardingServiceCmd.java b/server/src/com/cloud/api/commands/AssignPortForwardingServiceCmd.java
deleted file mode 100644
index 4f3c598c1d0..00000000000
--- a/server/src/com/cloud/api/commands/AssignPortForwardingServiceCmd.java
+++ /dev/null
@@ -1,115 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-package com.cloud.api.commands;
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.ApiConstants;
-import com.cloud.api.ApiDBUtils;
-import com.cloud.api.BaseAsyncCmd;
-import com.cloud.api.Implementation;
-import com.cloud.api.Parameter;
-import com.cloud.api.response.SuccessResponse;
-import com.cloud.event.EventTypes;
-import com.cloud.network.SecurityGroupVO;
-import com.cloud.server.ManagementServer;
-import com.cloud.user.Account;
-
-@Implementation(method="assignSecurityGroup", manager=ManagementServer.class, description="Assigns a single or a list of port forwarding services to a virtual machine. If a list of port forwarding services is given, it will overwrite the previous assignment of port forwarding services. For example, on the first call, if you assigned port forwarding service A to virtual machine 1 and on the next call, you assign port forwarding services B and C to virtual machine 1, the ultimate result of these two commands would be that virtual machine 1 would only have port forwarding services B and C assigned to it. Individual port forwarding services can be assigned to the virtual machine by specifying a single port forwarding service group.")
-public class AssignPortForwardingServiceCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AssignPortForwardingServiceCmd.class.getName());
-
- private static final String s_name = "assignportforwardingserviceresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="the ID of the port forwarding service to assign to the virtual machine/public IP")
- private Long id;
-
- @Parameter(name=ApiConstants.IDS, type=CommandType.LIST, collectionType=CommandType.LONG, description="a comma delimited list of port forwarding service IDs to assign to the virtual machine/public IP")
- private List ids;
-
- @Parameter(name=ApiConstants.PUBLIC_IP, type=CommandType.STRING, required=true, description="the public IP address to associate to the port forwarding service")
- private String publicIp;
-
- @Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, required=true, description="the ID of the virtual machine to assign to the port forwarding service")
- private Long virtualMachineId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- public List getIds() {
- return ids;
- }
-
- public String getPublicIp() {
- return publicIp;
- }
-
- public Long getVirtualMachineId() {
- return virtualMachineId;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getName() {
- return s_name;
- }
-
- @Override
- public long getAccountId() {
- SecurityGroupVO sg = ApiDBUtils.findPortForwardingServiceById(getId());
- if (sg == null) {
- return Account.ACCOUNT_ID_SYSTEM; // bad id given, parent this command to SYSTEM so ERROR events are tracked
- }
- return sg.getAccountId();
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_PORT_FORWARDING_SERVICE_APPLY;
- }
-
- @Override
- public String getEventDescription() {
- return "applying port forwarding service for vm with id: " + getVirtualMachineId();
- }
-
- @Override @SuppressWarnings("unchecked")
- public SuccessResponse getResponse() {
- Boolean success = (Boolean)getResponseObject();
- SuccessResponse response = new SuccessResponse();
- response.setSuccess(success);
- response.setResponseName(getName());
- return response;
- }
-}
diff --git a/server/src/com/cloud/api/commands/CreatePortForwardingServiceCmd.java b/server/src/com/cloud/api/commands/CreatePortForwardingServiceCmd.java
deleted file mode 100644
index acda23194ef..00000000000
--- a/server/src/com/cloud/api/commands/CreatePortForwardingServiceCmd.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.api.commands;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.ApiConstants;
-import com.cloud.api.ApiDBUtils;
-import com.cloud.api.BaseCmd;
-import com.cloud.api.Implementation;
-import com.cloud.api.Parameter;
-import com.cloud.api.response.SecurityGroupResponse;
-import com.cloud.network.SecurityGroupVO;
-
-@Implementation(method="createPortForwardingService", description="Creates a port forwarding service")
-public class CreatePortForwardingServiceCmd extends BaseCmd {
- public static final Logger s_logger = Logger.getLogger(CreatePortForwardingServiceCmd.class.getName());
-
- private static final String s_name = "createportforwardingserviceresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the port forwarding service. Must be used with the domainId parameter.")
- private String accountName;
-
- @Parameter(name=ApiConstants.DESCRIPTION, type=CommandType.STRING, description="an optional user generated description for the port forwarding service")
- private String description;
-
- @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID associated with the port forwarding service. If used with the account parameter, creates a new port forwarding service for the account in the specified domain ID.")
- private Long domainId;
-
- @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="name of the port forwarding service")
- private String portForwardingServiceName;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getPortForwardingServiceName() {
- return portForwardingServiceName;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getName() {
- return s_name;
- }
-
- @Override @SuppressWarnings("unchecked")
- public SecurityGroupResponse getResponse() {
- SecurityGroupVO group = (SecurityGroupVO)getResponseObject();
-
- SecurityGroupResponse response = new SecurityGroupResponse();
- response.setId(group.getId());
- response.setName(group.getName());
- response.setDescription(group.getDescription());
- response.setAccountName(group.getAccountName());
- response.setDomainId(group.getDomainId());
- response.setDomainName(ApiDBUtils.findDomainById(group.getDomainId()).getName());
-
- response.setResponseName(getName());
- return response;
- }
-}
diff --git a/server/src/com/cloud/api/commands/CreatePortForwardingServiceRuleCmd.java b/server/src/com/cloud/api/commands/CreatePortForwardingServiceRuleCmd.java
deleted file mode 100644
index d8d80d68ffd..00000000000
--- a/server/src/com/cloud/api/commands/CreatePortForwardingServiceRuleCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.api.commands;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.ApiConstants;
-import com.cloud.api.ApiDBUtils;
-import com.cloud.api.BaseAsyncCreateCmd;
-import com.cloud.api.Implementation;
-import com.cloud.api.Parameter;
-import com.cloud.api.response.PortForwardingServiceRuleResponse;
-import com.cloud.event.EventTypes;
-import com.cloud.network.NetworkRuleConfigVO;
-import com.cloud.network.SecurityGroupVO;
-import com.cloud.user.Account;
-
-@Implementation(createMethod="createPortForwardingServiceRule", method="applyPortForwardingServiceRule", description="Creates a port forwarding service rule")
-public class CreatePortForwardingServiceRuleCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreatePortForwardingServiceRuleCmd.class.getName());
-
- private static final String s_name = "createportforwardingserviceruleresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name=ApiConstants.PORT_FORWARDING_SERVICE_ID, type=CommandType.LONG, required=true, description="the ID of the port forwarding service the rule is being created for")
- private Long portForwardingServiceId;
-
- @Parameter(name=ApiConstants.PRIVATE_PORT, type=CommandType.STRING, required=true, description="the port of the private ip address/virtual machine to forward traffic to")
- private String privatePort;
-
- @Parameter(name=ApiConstants.PROTOCOL, type=CommandType.STRING, description="TCP is default. UDP is the other supported protocol")
- private String protocol;
-
- @Parameter(name=ApiConstants.PUBLIC_PORT, type=CommandType.STRING, required=true, description="the port of the public ip address to forward traffic from")
- private String publicPort;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getPortForwardingServiceId() {
- return portForwardingServiceId;
- }
-
- public String getPrivatePort() {
- return privatePort;
- }
-
- public String getProtocol() {
- return protocol;
- }
-
- public String getPublicPort() {
- return publicPort;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getName() {
- return s_name;
- }
-
- public static String getResultObjectName() {
- return "portforwardingservicerule";
- }
-
- @Override
- public long getAccountId() {
- SecurityGroupVO portForwardingService = ApiDBUtils.findPortForwardingServiceById(getPortForwardingServiceId());
- if (portForwardingService != null) {
- return portForwardingService.getAccountId();
- }
-
- // bad id given, parent this command to SYSTEM so ERROR events are tracked
- return Account.ACCOUNT_ID_SYSTEM;
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_NET_RULE_ADD; // FIXME: Add a new event?
- }
-
- @Override
- public String getEventDescription() {
- return "creating port forwarding rule on service: " + getPortForwardingServiceId() + ", public port: " + getPublicPort() +
- ", priv port: " + getPrivatePort() + ", protocol: " + ((getProtocol() == null) ? "TCP" : getProtocol());
- }
-
- @Override @SuppressWarnings("unchecked")
- public PortForwardingServiceRuleResponse getResponse() {
- NetworkRuleConfigVO netRule = (NetworkRuleConfigVO)getResponseObject();
-
- PortForwardingServiceRuleResponse response = new PortForwardingServiceRuleResponse();
- response.setRuleId(netRule.getId());
- response.setPortForwardingServiceId(netRule.getSecurityGroupId());
- response.setPrivatePort(netRule.getPrivatePort());
- response.setProtocol(netRule.getProtocol());
- response.setPublicPort(netRule.getPublicPort());
-
- response.setResponseName(getName());
- return response;
- }
-}
diff --git a/server/src/com/cloud/api/commands/DeletePortForwardingServiceCmd.java b/server/src/com/cloud/api/commands/DeletePortForwardingServiceCmd.java
deleted file mode 100644
index 16fe150ba64..00000000000
--- a/server/src/com/cloud/api/commands/DeletePortForwardingServiceCmd.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.api.commands;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.ApiConstants;
-import com.cloud.api.ApiDBUtils;
-import com.cloud.api.BaseAsyncCmd;
-import com.cloud.api.BaseCmd;
-import com.cloud.api.Implementation;
-import com.cloud.api.Parameter;
-import com.cloud.api.ServerApiException;
-import com.cloud.api.response.SuccessResponse;
-import com.cloud.event.EventTypes;
-import com.cloud.network.SecurityGroupVO;
-import com.cloud.server.ManagementServer;
-import com.cloud.user.Account;
-
-@Implementation(method="deleteSecurityGroup", manager=ManagementServer.class, description="Deletes a port forwarding service")
-public class DeletePortForwardingServiceCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeletePortForwardingServiceCmd.class.getName());
- private static final String s_name = "deleteportforwardingserviceresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="ID of the port forwarding service")
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getName() {
- return s_name;
- }
-
- @Override
- public long getAccountId() {
- SecurityGroupVO sg = ApiDBUtils.findPortForwardingServiceById(getId());
- if (sg != null) {
- return sg.getAccountId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_PORT_FORWARDING_SERVICE_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return "deleting port forwarding service: " + getId();
- }
-
- @Override @SuppressWarnings("unchecked")
- public SuccessResponse getResponse() {
- SuccessResponse response = new SuccessResponse();
- Boolean responseObject = (Boolean)getResponseObject();
-
- if (responseObject != null) {
- response.setSuccess(responseObject);
- } else {
- throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete port forwarding service");
- }
-
- response.setResponseName(getName());
- return response;
- }
-}
diff --git a/server/src/com/cloud/api/commands/DeletePortForwardingServiceRuleCmd.java b/server/src/com/cloud/api/commands/DeletePortForwardingServiceRuleCmd.java
deleted file mode 100644
index 8b0b873bb66..00000000000
--- a/server/src/com/cloud/api/commands/DeletePortForwardingServiceRuleCmd.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.api.commands;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.ApiConstants;
-import com.cloud.api.ApiDBUtils;
-import com.cloud.api.BaseAsyncCmd;
-import com.cloud.api.Implementation;
-import com.cloud.api.Parameter;
-import com.cloud.api.response.SuccessResponse;
-import com.cloud.event.EventTypes;
-import com.cloud.network.NetworkManager;
-import com.cloud.network.NetworkRuleConfigVO;
-import com.cloud.network.SecurityGroupVO;
-import com.cloud.user.Account;
-
-@Implementation(method="deleteNetworkRuleConfig", manager=NetworkManager.class, description="Deletes a port forwarding service rule")
-public class DeletePortForwardingServiceRuleCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeletePortForwardingServiceRuleCmd.class.getName());
-
- private static final String s_name = "deleteportforwardingserviceruleresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="The ID of the port forwarding service rule")
- private Long id;
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getName() {
- return s_name;
- }
-
- @Override
- public long getAccountId() {
- NetworkRuleConfigVO netRule = ApiDBUtils.findNetworkRuleById(getId());
- if (netRule != null) {
- SecurityGroupVO sg = ApiDBUtils.findPortForwardingServiceById(netRule.getSecurityGroupId());
- return sg.getAccountId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_NET_RULE_DELETE; // FIXME: add a new event type for this?
- }
-
- @Override
- public String getEventDescription() {
- return "deleting port forwarding service rule: " + getId();
- }
-
- @Override @SuppressWarnings("unchecked")
- public SuccessResponse getResponse() {
- Boolean success = (Boolean)getResponseObject();
- SuccessResponse response = new SuccessResponse();
- response.setSuccess(success);
- response.setResponseName(getName());
- return response;
- }
-}
diff --git a/server/src/com/cloud/api/commands/ListPortForwardingServiceRulesCmd.java b/server/src/com/cloud/api/commands/ListPortForwardingServiceRulesCmd.java
deleted file mode 100644
index 528fb5695b5..00000000000
--- a/server/src/com/cloud/api/commands/ListPortForwardingServiceRulesCmd.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-package com.cloud.api.commands;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.ApiConstants;
-import com.cloud.api.ApiDBUtils;
-import com.cloud.api.BaseListCmd;
-import com.cloud.api.Implementation;
-import com.cloud.api.Parameter;
-import com.cloud.api.response.ListResponse;
-import com.cloud.api.response.PortForwardingServiceRuleResponse;
-import com.cloud.async.AsyncJobVO;
-import com.cloud.network.NetworkRuleConfigVO;
-
-@Implementation(method="searchForNetworkRules", description="List port forwarding service rules")
-public class ListPortForwardingServiceRulesCmd extends BaseListCmd {
- public static final Logger s_logger = Logger.getLogger(ListPortForwardingServiceRulesCmd.class.getName());
-
- private static final String s_name = "listportforwardingservicerulesresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the port forwarding service rule. Must be used with the domainId parameter.")
- private String accountName;
-
- @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domainId associated with the port forwarding service rule. If used with the account parameter, returns a list of port forwarding service rules for an account for the specified domain ID.")
- private Long domainId;
-
- @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="the ID of the port forwarding service rule")
- private Long id;
-
- @Parameter(name=ApiConstants.PORT_FORWARDING_SERVICE_ID, type=CommandType.LONG, description="the ID of the port forwarding service the rule is being created for")
- private Long portForwardingServiceId;
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public Long getId() {
- return id;
- }
-
- public Long getPortForwardingServiceId() {
- return portForwardingServiceId;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getName() {
- return s_name;
- }
-
- @Override @SuppressWarnings("unchecked")
- public ListResponse getResponse() {
- List portForwardingServiceRules = (List)getResponseObject();
-
- ListResponse response = new ListResponse();
- List ruleResponses = new ArrayList();
- for (NetworkRuleConfigVO rule : portForwardingServiceRules) {
- PortForwardingServiceRuleResponse ruleResponse = new PortForwardingServiceRuleResponse();
- ruleResponse.setRuleId(rule.getId());
- ruleResponse.setPortForwardingServiceId(rule.getSecurityGroupId());
- ruleResponse.setPublicPort(rule.getPublicPort());
- ruleResponse.setPrivatePort(rule.getPrivatePort());
- ruleResponse.setProtocol(rule.getProtocol());
-
- AsyncJobVO asyncJob = ApiDBUtils.findInstancePendingAsyncJob("network_rule_config", rule.getId());
- if(asyncJob != null) {
- ruleResponse.setJobId(asyncJob.getId());
- ruleResponse.setJobStatus(asyncJob.getStatus());
- }
-
- ruleResponse.setResponseName("portforwardingservicerule");
- ruleResponses.add(ruleResponse);
- }
-
- response.setResponses(ruleResponses);
- response.setResponseName(getName());
- return response;
- }
-}
diff --git a/server/src/com/cloud/api/commands/ListPortForwardingServicesByVmCmd.java b/server/src/com/cloud/api/commands/ListPortForwardingServicesByVmCmd.java
deleted file mode 100644
index f5a7c1ab9aa..00000000000
--- a/server/src/com/cloud/api/commands/ListPortForwardingServicesByVmCmd.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.api.commands;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.ApiConstants;
-import com.cloud.api.ApiDBUtils;
-import com.cloud.api.BaseListCmd;
-import com.cloud.api.Implementation;
-import com.cloud.api.Parameter;
-import com.cloud.api.response.ListResponse;
-import com.cloud.api.response.SecurityGroupResponse;
-import com.cloud.network.SecurityGroupVO;
-import com.cloud.user.Account;
-
-@Implementation(method="searchForSecurityGroupsByVM", description="Lists all port forwarding services applied to a virtual machine given the public ip address")
-public class ListPortForwardingServicesByVmCmd extends BaseListCmd {
- public static final Logger s_logger = Logger.getLogger(ListPortForwardingServicesByVmCmd.class.getName());
-
- private static final String s_name = "listportforwardingservicesbyvmresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the port forwarding services. Must be used with the domainId parameter.")
- private String accountName;
-
- @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID associated with the port forwarding services. If used with the account parameter, returns a list of all port forwarding services for an account in the specified domain ID.")
- private Long domainId;
-
- @Parameter(name=ApiConstants.IP_ADDRESS, type=CommandType.STRING, description="public ip address")
- private String ipAddress;
-
- @Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, description="ID of the virtual machine")
- private Long virtualMachineId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getIpAddress() {
- return ipAddress;
- }
-
- public Long getVirtualMachineId() {
- return virtualMachineId;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getName() {
- return s_name;
- }
-
- @Override @SuppressWarnings("unchecked")
- public ListResponse getResponse() {
- Map> portForwardingServices = (Map>)getResponseObject();
-
- ListResponse response = new ListResponse();
- List pfResponses = new ArrayList();
- for (String addr : portForwardingServices.keySet()) {
- List appliedGroup = portForwardingServices.get(addr);
- for (SecurityGroupVO group : appliedGroup) {
- SecurityGroupResponse pfsData = new SecurityGroupResponse();
- pfsData.setId(group.getId());
- pfsData.setName(group.getName());
- pfsData.setDescription(group.getDescription());
- pfsData.setIpAddress(addr);
-
- Account accountTemp = ApiDBUtils.findAccountById(group.getAccountId());
- if (accountTemp != null) {
- pfsData.setAccountName(accountTemp.getAccountName());
- pfsData.setDomainId(accountTemp.getDomainId());
- pfsData.setDomainName(ApiDBUtils.findDomainById(accountTemp.getDomainId()).getName());
- }
-
- pfsData.setResponseName("portforwardingservice");
- pfResponses.add(pfsData);
- }
- }
-
- response.setResponses(pfResponses);
- response.setResponseName(getName());
- return response;
- }
-}
diff --git a/server/src/com/cloud/api/commands/ListPortForwardingServicesCmd.java b/server/src/com/cloud/api/commands/ListPortForwardingServicesCmd.java
deleted file mode 100644
index 04404430a95..00000000000
--- a/server/src/com/cloud/api/commands/ListPortForwardingServicesCmd.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.api.commands;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.ApiConstants;
-import com.cloud.api.ApiDBUtils;
-import com.cloud.api.BaseListCmd;
-import com.cloud.api.Implementation;
-import com.cloud.api.Parameter;
-import com.cloud.api.response.ListResponse;
-import com.cloud.api.response.SecurityGroupResponse;
-import com.cloud.network.SecurityGroupVO;
-import com.cloud.user.Account;
-
-@Implementation(method="searchForSecurityGroups", description="Lists all available port forwarding services")
-public class ListPortForwardingServicesCmd extends BaseListCmd {
- public static final Logger s_logger = Logger.getLogger(ListPortForwardingServicesCmd.class.getName());
-
- private static final String s_name = "listportforwardingservicesresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="lists all available port forwarding services for the account. Must be used with the domainId parameter.")
- private String accountName;
-
- @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="lists all available port forwarding services for the domain ID. If used with the account parameter, lists all available port forwarding services for the account in the specified domain ID.")
- private Long domainId;
-
- @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="the ID of the port forwarding service")
- private Long id;
-
- @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, description="the name of the port forwarding service")
- private String portForwardingServiceName;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public Long getId() {
- return id;
- }
-
- public String getPortForwardingServiceName() {
- return portForwardingServiceName;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getName() {
- return s_name;
- }
-
- @Override @SuppressWarnings("unchecked")
- public ListResponse getResponse() {
- List groups = (List)getResponseObject();
-
- ListResponse response = new ListResponse();
- List pfsResponses = new ArrayList();
- for (SecurityGroupVO group : groups) {
- SecurityGroupResponse pfsData = new SecurityGroupResponse();
- pfsData.setId(group.getId());
- pfsData.setName(group.getName());
- pfsData.setDescription(group.getDescription());
-
- Account accountTemp = ApiDBUtils.findAccountById(group.getAccountId());
- if (accountTemp != null) {
- pfsData.setAccountName(accountTemp.getAccountName());
- pfsData.setDomainId(accountTemp.getDomainId());
- pfsData.setDomainName(ApiDBUtils.findDomainById(accountTemp.getDomainId()).getName());
- }
-
- pfsData.setResponseName("portforwardingservice");
- pfsResponses.add(pfsData);
- }
-
- response.setResponses(pfsResponses);
- response.setResponseName(getName());
- return response;
- }
-}
-
diff --git a/server/src/com/cloud/api/commands/RemovePortForwardingServiceCmd.java b/server/src/com/cloud/api/commands/RemovePortForwardingServiceCmd.java
deleted file mode 100644
index 0c6227cfd67..00000000000
--- a/server/src/com/cloud/api/commands/RemovePortForwardingServiceCmd.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-package com.cloud.api.commands;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.ApiConstants;
-import com.cloud.api.ApiDBUtils;
-import com.cloud.api.BaseAsyncCmd;
-import com.cloud.api.Implementation;
-import com.cloud.api.Parameter;
-import com.cloud.api.response.SuccessResponse;
-import com.cloud.event.EventTypes;
-import com.cloud.network.SecurityGroupVO;
-import com.cloud.server.ManagementServer;
-import com.cloud.user.Account;
-
-@Implementation(method="removeSecurityGroup", manager=ManagementServer.class, description="Removes a port forwarding service from a virtual machine")
-public class RemovePortForwardingServiceCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemovePortForwardingServiceCmd.class.getName());
-
- private static final String s_name = "removeportforwardingserviceresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="the ID of the port forwarding service to remove from the virtual machine/publicIp")
- private Long id;
-
- @Parameter(name=ApiConstants.PUBLIC_IP, type=CommandType.STRING, required=true, description="the public IP address associated with the port forwarding service")
- private String publicIp;
-
- @Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, required=true, description="the virtual machine currently assigned to the port forwarding service")
- private Long virtualMachineId;
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- public String getPublicIp() {
- return publicIp;
- }
-
- public Long getVirtualMachineId() {
- return virtualMachineId;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getName() {
- return s_name;
- }
-
- @Override
- public long getAccountId() {
- SecurityGroupVO sg = ApiDBUtils.findPortForwardingServiceById(getId());
- if (sg != null) {
- return sg.getAccountId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_PORT_FORWARDING_SERVICE_REMOVE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing port forwarding service: " + getId() + " from vm: " + getVirtualMachineId() + " on IP: " + getPublicIp();
- }
-
- @Override @SuppressWarnings("unchecked")
- public SuccessResponse getResponse() {
- Boolean success = (Boolean)getResponseObject();
- SuccessResponse response = new SuccessResponse();
- response.setSuccess(success);
- response.setResponseName(getName());
- return response;
- }
-}
diff --git a/server/src/com/cloud/api/response/SecurityGroupResponse.java b/server/src/com/cloud/api/response/SecurityGroupResponse.java
deleted file mode 100644
index 1e081166505..00000000000
--- a/server/src/com/cloud/api/response/SecurityGroupResponse.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-package com.cloud.api.response;
-
-import com.cloud.serializer.Param;
-import com.google.gson.annotations.SerializedName;
-
-public class SecurityGroupResponse extends BaseResponse {
- @SerializedName("id") @Param(description="the ID of the security group")
- private Long id;
-
- @SerializedName("name") @Param(description="the name of the security group")
- private String name;
-
- @SerializedName("description") @Param(description="the description of the security group")
- private String description;
-
- @SerializedName("account") @Param(description="the account owning the securtiy group")
- private String accountName;
-
- @SerializedName("domainid") @Param(description="the domain ID of the security group")
- private Long domainId;
-
- @SerializedName("domain") @Param(description="the domain name of the secruity group")
- private String domainName;
-
- //FIXME - add description
- @SerializedName("ipaddress")
- private String ipAddress;
-
- public Long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
-
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
- public String getDescription() {
- return description;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- public String getAccountName() {
- return accountName;
- }
-
- public void setAccountName(String accountName) {
- this.accountName = accountName;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public void setDomainId(Long domainId) {
- this.domainId = domainId;
- }
-
- public String getDomainName() {
- return domainName;
- }
-
- public void setDomainName(String domainName) {
- this.domainName = domainName;
- }
-
- public String getIpAddress() {
- return ipAddress;
- }
-
- public void setIpAddress(String ipAddress) {
- this.ipAddress = ipAddress;
- }
-}
diff --git a/server/src/com/cloud/async/executor/AssignSecurityGroupExecutor.java b/server/src/com/cloud/async/executor/AssignSecurityGroupExecutor.java
deleted file mode 100644
index f10a6ad3cee..00000000000
--- a/server/src/com/cloud/async/executor/AssignSecurityGroupExecutor.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.async.executor;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.BaseCmd;
-import com.cloud.async.AsyncJobManager;
-import com.cloud.async.AsyncJobResult;
-import com.cloud.async.AsyncJobVO;
-import com.cloud.async.BaseAsyncJobExecutor;
-import com.cloud.exception.InternalErrorException;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.NetworkRuleConflictException;
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.serializer.GsonHelper;
-import com.cloud.server.ManagementServer;
-import com.cloud.vm.DomainRouterVO;
-import com.cloud.vm.UserVmVO;
-import com.cloud.vm.dao.DomainRouterDao;
-import com.cloud.vm.dao.UserVmDao;
-import com.google.gson.Gson;
-
-public class AssignSecurityGroupExecutor extends BaseAsyncJobExecutor {
- public static final Logger s_logger = Logger.getLogger(AssignSecurityGroupExecutor.class.getName());
-
- public boolean execute() {
- Gson gson = GsonHelper.getBuilder().create();
- AsyncJobManager asyncMgr = getAsyncJobMgr();
- AsyncJobVO job = getJob();
- ManagementServer managementServer = asyncMgr.getExecutorContext().getManagementServer();
- SecurityGroupParam param = gson.fromJson(job.getCmdInfo(), SecurityGroupParam.class);
- /*
- if(getSyncSource() == null) {
- DomainRouterVO router = getRouterSyncSource(param);
- if(router == null) {
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED,
- BaseCmd.NET_INVALID_PARAM_ERROR, "Unable to find router for user vm " + param.getInstanceId() + " when assigning security group");
- } else {
- asyncMgr.syncAsyncJobExecution(job.getId(), "Router", router.getId());
- }
- return true;
- } else {
- try {
- managementServer.assignSecurityGroup(param.getUserId(), param.getSecurityGroupId(), param.getSecurityGroupIdList(), param.getPublicIp(), param.getInstanceId(), param.getEventId());
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_SUCCEEDED, 0,
- "success");
- } catch (PermissionDeniedException e) {
- if(s_logger.isDebugEnabled())
- s_logger.debug("Unable to assign security group : " + e.getMessage());
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR,
- e.getMessage());
- } catch (NetworkRuleConflictException e) {
- if(s_logger.isDebugEnabled())
- s_logger.debug("Unable to assign security group : " + e.getMessage());
-
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.NET_CONFLICT_IPFW_RULE_ERROR,
- e.getMessage());
- } catch (InvalidParameterValueException e) {
- if(s_logger.isDebugEnabled())
- s_logger.debug("Unable to assign security group : " + e.getMessage());
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR,
- e.getMessage());
- } catch (InternalErrorException e) {
- if(s_logger.isDebugEnabled())
- s_logger.debug("Unable to assign security group : " + e.getMessage());
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.INTERNAL_ERROR,
- e.getMessage());
- } catch(Exception e) {
- s_logger.warn("Unable to assign security group : " + e.getMessage(), e);
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.INTERNAL_ERROR,
- e.getMessage());
- }
- }
- */
- return true;
- }
-
- private DomainRouterVO getRouterSyncSource(SecurityGroupParam param) {
- UserVmDao userVmDao = getAsyncJobMgr().getExecutorContext().getVmDao();
- DomainRouterDao routerDao = getAsyncJobMgr().getExecutorContext().getRouterDao();
-
- UserVmVO userVm = userVmDao.findById(param.getInstanceId());
- if(userVm == null)
- return null;
-
- if (userVm.getDomainRouterId() == null)
- return null;
- else
- return routerDao.findById(userVm.getDomainRouterId());
- }
-}
diff --git a/server/src/com/cloud/async/executor/DeleteSecurityGroupExecutor.java b/server/src/com/cloud/async/executor/DeleteSecurityGroupExecutor.java
deleted file mode 100644
index 9e670187e42..00000000000
--- a/server/src/com/cloud/async/executor/DeleteSecurityGroupExecutor.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package com.cloud.async.executor;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.BaseCmd;
-import com.cloud.async.AsyncJobManager;
-import com.cloud.async.AsyncJobResult;
-import com.cloud.async.AsyncJobVO;
-import com.cloud.async.BaseAsyncJobExecutor;
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.network.SecurityGroupVO;
-import com.cloud.serializer.GsonHelper;
-import com.cloud.server.ManagementServer;
-import com.google.gson.Gson;
-
-public class DeleteSecurityGroupExecutor extends BaseAsyncJobExecutor {
- public static final Logger s_logger = Logger.getLogger(DeleteSecurityGroupExecutor.class.getName());
-
- @Override
- public boolean execute() {
- Gson gson = GsonHelper.getBuilder().create();
- AsyncJobManager asyncMgr = getAsyncJobMgr();
- AsyncJobVO job = getJob();
- ManagementServer managementServer = asyncMgr.getExecutorContext().getManagementServer();
- SecurityGroupParam param = gson.fromJson(job.getCmdInfo(), SecurityGroupParam.class);
-
- /*
- if(getSyncSource() == null) {
- SecurityGroupVO securityGroup = managementServer.findSecurityGroupById(param.getSecurityGroupId());
- if(securityGroup == null) {
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED,
- BaseCmd.NET_INVALID_PARAM_ERROR, "Unable to find security group " + param.getSecurityGroupId() + ", failed to delete security group");
- } else {
- asyncMgr.syncAsyncJobExecution(job.getId(), "SecurityGroup", securityGroup.getId());
- }
- return true;
- } else {
- try {
-// managementServer.deleteSecurityGroup(param.getUserId(), param.getSecurityGroupId(), param.getEventId());
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_SUCCEEDED, 0, "success");
-// } catch (PermissionDeniedException e) {
-// if(s_logger.isDebugEnabled())
-// s_logger.debug("Unable to remove security group: " + e.getMessage());
-// asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR, e.getMessage());
- } catch(Exception e) {
- s_logger.warn("Unable to remove security group : " + e.getMessage(), e);
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR, e.getMessage());
- }
- }
- */
- return true;
- }
-}
diff --git a/server/src/com/cloud/async/executor/RemoveSecurityGroupExecutor.java b/server/src/com/cloud/async/executor/RemoveSecurityGroupExecutor.java
deleted file mode 100644
index be649f27f4d..00000000000
--- a/server/src/com/cloud/async/executor/RemoveSecurityGroupExecutor.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.async.executor;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.BaseCmd;
-import com.cloud.async.AsyncJobManager;
-import com.cloud.async.AsyncJobResult;
-import com.cloud.async.AsyncJobVO;
-import com.cloud.async.BaseAsyncJobExecutor;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.serializer.GsonHelper;
-import com.cloud.server.ManagementServer;
-import com.cloud.vm.DomainRouterVO;
-import com.cloud.vm.UserVmVO;
-import com.cloud.vm.dao.DomainRouterDao;
-import com.cloud.vm.dao.UserVmDao;
-import com.google.gson.Gson;
-
-public class RemoveSecurityGroupExecutor extends BaseAsyncJobExecutor {
- public static final Logger s_logger = Logger.getLogger(RemoveSecurityGroupExecutor.class.getName());
-
- @Override
- public boolean execute() {
- Gson gson = GsonHelper.getBuilder().create();
- AsyncJobManager asyncMgr = getAsyncJobMgr();
- AsyncJobVO job = getJob();
- ManagementServer managementServer = asyncMgr.getExecutorContext().getManagementServer();
- SecurityGroupParam param = gson.fromJson(job.getCmdInfo(), SecurityGroupParam.class);
-
- if(getSyncSource() == null) {
- DomainRouterVO router = getRouterSyncSource(param);
- if(router == null) {
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED,
- BaseCmd.NET_INVALID_PARAM_ERROR, "Unable to find router for user vm " + param.getInstanceId() + " when removing security group");
- } else {
- asyncMgr.syncAsyncJobExecution(job, "Router", router.getId());
- }
- return true;
- } else {
- try {
- managementServer.removeSecurityGroup(param.getUserId(), param.getSecurityGroupId(), param.getPublicIp(), param.getInstanceId(), param.getEventId());
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_SUCCEEDED, 0, "success");
- } catch (PermissionDeniedException e) {
- if(s_logger.isDebugEnabled())
- s_logger.debug("Unable to remove security group: " + e.getMessage());
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR, e.getMessage());
- } catch (InvalidParameterValueException e) {
- if(s_logger.isDebugEnabled())
- s_logger.debug("Unable to remove security group: " + e.getMessage());
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR, e.getMessage());
- } catch(Exception e) {
- s_logger.warn("Unable to remove security group : " + e.getMessage(), e);
- asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR, e.getMessage());
- }
- }
- return true;
- }
-
- private DomainRouterVO getRouterSyncSource(SecurityGroupParam param) {
- UserVmDao userVmDao = getAsyncJobMgr().getExecutorContext().getVmDao();
- DomainRouterDao routerDao = getAsyncJobMgr().getExecutorContext().getRouterDao();
-
- UserVmVO userVm = userVmDao.findById(param.getInstanceId());
- if(userVm == null)
- return null;
-
- if (userVm.getDomainRouterId() == null) {
- return null;
- } else
- return routerDao.findById(userVm.getDomainRouterId());
- }
-}
diff --git a/server/src/com/cloud/async/executor/SecurityGroupParam.java b/server/src/com/cloud/async/executor/SecurityGroupParam.java
deleted file mode 100644
index 7a3918b327b..00000000000
--- a/server/src/com/cloud/async/executor/SecurityGroupParam.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/**
- * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
- *
- * This software is licensed under the GNU General Public License v3 or later.
- *
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- */
-
-package com.cloud.async.executor;
-
-import java.util.List;
-
-public class SecurityGroupParam {
- private Long userId;
- private Long securityGroupId;
- private List securityGroupIdList;
- private String publicIp;
- private Long instanceId;
- private long eventId;
-
- public SecurityGroupParam() {
- }
-
- public SecurityGroupParam(Long userId, Long securityGroupId, List securityGroupIdList, String publicIp, Long instanceId, long eventId) {
- this.userId = userId;
- this.securityGroupId = securityGroupId;
- this.securityGroupIdList = securityGroupIdList;
- this.publicIp = publicIp;
- this.instanceId = instanceId;
- this.eventId = eventId;
- }
-
- public Long getUserId() {
- return userId;
- }
-
- public void setUserId(Long userId) {
- this.userId = userId;
- }
-
- public Long getSecurityGroupId() {
- return securityGroupId;
- }
-
- public void setSecurityGroupId(Long securityGroupId) {
- this.securityGroupId = securityGroupId;
- }
-
- public List getSecurityGroupIdList() {
- return securityGroupIdList;
- }
-
- public void setSecurityGroupIdList(List securityGroupIdList) {
- this.securityGroupIdList = securityGroupIdList;
- }
-
- public String getPublicIp() {
- return publicIp;
- }
-
- public void setPublicIp(String publicIp) {
- this.publicIp = publicIp;
- }
-
- public Long getInstanceId() {
- return instanceId;
- }
-
- public void setInstanceId(Long instanceId) {
- this.instanceId = instanceId;
- }
-
- public void setEventId(long eventId) {
- this.eventId = eventId;
- }
-
- public long getEventId() {
- return eventId;
- }
-}
diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java
index c94e460d442..937dd020fa3 100644
--- a/server/src/com/cloud/network/NetworkManager.java
+++ b/server/src/com/cloud/network/NetworkManager.java
@@ -27,7 +27,6 @@ import com.cloud.api.commands.CreateIPForwardingRuleCmd;
import com.cloud.api.commands.CreateLoadBalancerRuleCmd;
import com.cloud.api.commands.DeleteIPForwardingRuleCmd;
import com.cloud.api.commands.DeleteLoadBalancerRuleCmd;
-import com.cloud.api.commands.DeletePortForwardingServiceRuleCmd;
import com.cloud.api.commands.DisassociateIPAddrCmd;
import com.cloud.api.commands.ListPortForwardingRulesCmd;
import com.cloud.api.commands.RebootRouterCmd;
@@ -294,8 +293,6 @@ public interface NetworkManager extends Manager {
*/
List listPublicIpAddressesInVirtualNetwork(long accountId, long dcId, Boolean sourceNat);
- public boolean deleteNetworkRuleConfig(DeletePortForwardingServiceRuleCmd cmd) throws PermissionDeniedException;
-
public boolean disassociateIpAddress(DisassociateIPAddrCmd cmd) throws PermissionDeniedException;
public boolean deleteIpForwardingRule(DeleteIPForwardingRuleCmd cmd) throws PermissionDeniedException, InvalidParameterValueException;
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 701d2a11993..05487302d82 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -49,7 +49,6 @@ import com.cloud.api.commands.CreateIPForwardingRuleCmd;
import com.cloud.api.commands.CreateLoadBalancerRuleCmd;
import com.cloud.api.commands.DeleteIPForwardingRuleCmd;
import com.cloud.api.commands.DeleteLoadBalancerRuleCmd;
-import com.cloud.api.commands.DeletePortForwardingServiceRuleCmd;
import com.cloud.api.commands.DisassociateIPAddrCmd;
import com.cloud.api.commands.ListPortForwardingRulesCmd;
import com.cloud.api.commands.RebootRouterCmd;
@@ -104,8 +103,6 @@ import com.cloud.network.dao.LoadBalancerDao;
import com.cloud.network.dao.LoadBalancerVMMapDao;
import com.cloud.network.dao.NetworkConfigurationDao;
import com.cloud.network.dao.NetworkRuleConfigDao;
-import com.cloud.network.dao.SecurityGroupDao;
-import com.cloud.network.dao.SecurityGroupVMMapDao;
import com.cloud.network.element.NetworkElement;
import com.cloud.network.router.DomainRouterManager;
import com.cloud.offering.NetworkOffering;
@@ -168,7 +165,6 @@ public class NetworkManagerImpl implements NetworkManager, DomainRouterService {
@Inject DataCenterDao _dcDao = null;
@Inject VlanDao _vlanDao = null;
@Inject FirewallRulesDao _rulesDao = null;
- @Inject SecurityGroupVMMapDao _securityGroupVMMapDao = null;
@Inject LoadBalancerDao _loadBalancerDao = null;
@Inject LoadBalancerVMMapDao _loadBalancerVMMapDao = null;
@Inject IPAddressDao _ipAddressDao = null;
@@ -194,7 +190,6 @@ public class NetworkManagerImpl implements NetworkManager, DomainRouterService {
@Inject ConfigurationManager _configMgr;
@Inject AsyncJobManager _asyncMgr;
@Inject StoragePoolDao _storagePoolDao = null;
- @Inject SecurityGroupDao _securityGroupDao = null;
@Inject ServiceOfferingDao _serviceOfferingDao = null;
@Inject UserVmDao _userVmDao;
@Inject FirewallRulesDao _firewallRulesDao;
@@ -1375,15 +1370,7 @@ public class NetworkManagerImpl implements NetworkManager, DomainRouterService {
List existingFwRules = _rulesDao.listIPForwarding(publicIp, publicPort, true);
if ((existingFwRules != null) && !existingFwRules.isEmpty()) {
- FirewallRuleVO existingFwRule = existingFwRules.get(0);
- String securityGroupName = null;
- if (existingFwRule.getGroupId() != null) {
- long groupId = existingFwRule.getGroupId();
- SecurityGroupVO securityGroup = _securityGroupDao.findById(groupId);
- securityGroupName = securityGroup.getName();
- }
- throw new InvalidParameterValueException("IP Address (" + publicIp + ") and port (" + publicPort + ") already in use" +
- ((securityGroupName == null) ? "" : " by port forwarding service " + securityGroupName));
+ throw new InvalidParameterValueException("IP Address (" + publicIp + ") and port (" + publicPort + ") already in use");
}
ipAddr = _ipAddressDao.acquire(publicIp);
@@ -1496,23 +1483,6 @@ public class NetworkManagerImpl implements NetworkManager, DomainRouterService {
_eventDao.persist(event);
}
- // We've deleted all the rules for the given public IP, so remove any security group mappings for that public IP
- List securityGroupMappings = _securityGroupVMMapDao.listByIp(ipAddress);
- for (SecurityGroupVMMapVO securityGroupMapping : securityGroupMappings) {
- _securityGroupVMMapDao.remove(securityGroupMapping.getId());
-
- // save off an event for removing the security group
- EventVO event = new EventVO();
- event.setUserId(userId);
- event.setAccountId(ip.getAccountId());
- event.setType(EventTypes.EVENT_PORT_FORWARDING_SERVICE_REMOVE);
- String params = "sgId="+securityGroupMapping.getId()+"\nvmId="+securityGroupMapping.getInstanceId();
- event.setParameters(params);
- event.setDescription("Successfully removed security group " + Long.valueOf(securityGroupMapping.getSecurityGroupId()).toString() + " from virtual machine " + Long.valueOf(securityGroupMapping.getInstanceId()).toString());
- event.setLevel(EventVO.LEVEL_INFO);
- _eventDao.persist(event);
- }
-
List loadBalancers = _loadBalancerDao.listByIpAddress(ipAddress);
for (LoadBalancerVO loadBalancer : loadBalancers) {
_loadBalancerDao.remove(loadBalancer.getId());
@@ -2343,83 +2313,6 @@ public class NetworkManagerImpl implements NetworkManager, DomainRouterService {
(accountType == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN));
}
- @Override
- public boolean deleteNetworkRuleConfig(DeletePortForwardingServiceRuleCmd cmd) throws PermissionDeniedException {
- Long userId = UserContext.current().getUserId();
- Long netRuleId = cmd.getId();
- Account account = UserContext.current().getAccount();
-
- //If command is executed via 8096 port, set userId to the id of System account (1)
- if (userId == null) {
- userId = Long.valueOf(1);
- }
-
- // do a quick permissions check to make sure the account is either an
- // admin or the owner of the security group to which the network rule
- // belongs
- NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(netRuleId);
- if (netRule != null) {
- SecurityGroupVO sg = _securityGroupDao.findById(netRule.getSecurityGroupId());
- if ((account == null) || BaseCmd.isAdmin(account.getType())) {
- if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), sg.getDomainId())) {
- throw new PermissionDeniedException("Unable to delete port forwarding service rule " + netRuleId + "; account: " + account.getAccountName() + " is not an admin in the domain hierarchy.");
- }
- } else {
- if (sg.getAccountId() != account.getId()) {
- throw new PermissionDeniedException("Unable to delete port forwarding service rule " + netRuleId + "; account: " + account.getAccountName() + " is not the owner");
- }
- }
- } else {
- return false; // failed to delete due to netRule not found
- }
-
- return deleteNetworkRuleConfigInternal(userId, netRuleId);
- }
-
- private boolean deleteNetworkRuleConfigInternal(long userId, long networkRuleId) {
- try {
- NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(networkRuleId);
- if (netRule != null) {
- List sgMappings = _securityGroupVMMapDao.listBySecurityGroup(netRule.getSecurityGroupId());
- if ((sgMappings != null) && !sgMappings.isEmpty()) {
- for (SecurityGroupVMMapVO sgMapping : sgMappings) {
- UserVm userVm = _userVmDao.findById(sgMapping.getInstanceId());
- if (userVm != null) {
- List fwRules = _firewallRulesDao.listIPForwarding(sgMapping.getIpAddress(), netRule.getPublicPort(), true);
- FirewallRuleVO rule = null;
- for (FirewallRuleVO fwRule : fwRules) {
- if (fwRule.getPrivatePort().equals(netRule.getPrivatePort()) && fwRule.getPrivateIpAddress().equals(userVm.getGuestIpAddress())) {
- rule = fwRule;
- break;
- }
- }
-
- if (rule != null) {
- rule.setEnabled(false);
- updateFirewallRule(rule, null, null);
-
- // Save and create the event
- Account account = _accountDao.findById(userVm.getAccountId());
-
- _firewallRulesDao.remove(rule.getId());
- String description = "deleted ip forwarding rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress()
- + ":" + rule.getPrivatePort() + "]" + " " + rule.getProtocol();
-
- EventUtils.saveEvent(Long.valueOf(userId), account.getId(), EventVO.LEVEL_INFO, EventTypes.EVENT_NET_RULE_DELETE, description);
- }
- }
- }
- }
- _networkRuleConfigDao.remove(netRule.getId());
- }
- } catch (Exception ex) {
- s_logger.error("Unexpected exception deleting port forwarding service rule " + networkRuleId, ex);
- return false;
- }
-
- return true;
- }
-
private Account findAccountByIpAddress(String ipAddress) {
IPAddressVO address = _ipAddressDao.findById(ipAddress);
if ((address != null) && (address.getAccountId() != null)) {
diff --git a/server/src/com/cloud/network/router/DomainRouterManagerImpl.java b/server/src/com/cloud/network/router/DomainRouterManagerImpl.java
index 3a3cca347d2..02465beac3c 100644
--- a/server/src/com/cloud/network/router/DomainRouterManagerImpl.java
+++ b/server/src/com/cloud/network/router/DomainRouterManagerImpl.java
@@ -116,8 +116,6 @@ import com.cloud.network.dao.LoadBalancerDao;
import com.cloud.network.dao.LoadBalancerVMMapDao;
import com.cloud.network.dao.NetworkConfigurationDao;
import com.cloud.network.dao.NetworkRuleConfigDao;
-import com.cloud.network.dao.SecurityGroupDao;
-import com.cloud.network.dao.SecurityGroupVMMapDao;
import com.cloud.offering.NetworkOffering;
import com.cloud.offering.NetworkOffering.GuestIpType;
import com.cloud.offerings.NetworkOfferingVO;
@@ -182,7 +180,6 @@ public class DomainRouterManagerImpl implements DomainRouterManager, VirtualMach
@Inject DataCenterDao _dcDao = null;
@Inject VlanDao _vlanDao = null;
@Inject FirewallRulesDao _rulesDao = null;
- @Inject SecurityGroupVMMapDao _securityGroupVMMapDao = null;
@Inject LoadBalancerDao _loadBalancerDao = null;
@Inject LoadBalancerVMMapDao _loadBalancerVMMapDao = null;
@Inject IPAddressDao _ipAddressDao = null;
@@ -210,7 +207,6 @@ public class DomainRouterManagerImpl implements DomainRouterManager, VirtualMach
@Inject ConfigurationManager _configMgr;
@Inject AsyncJobManager _asyncMgr;
@Inject StoragePoolDao _storagePoolDao = null;
- @Inject SecurityGroupDao _securityGroupDao = null;
@Inject ServiceOfferingDao _serviceOfferingDao = null;
@Inject UserVmDao _userVmDao;
@Inject FirewallRulesDao _firewallRulesDao;
diff --git a/server/src/com/cloud/server/ManagementServer.java b/server/src/com/cloud/server/ManagementServer.java
index 704f3f74456..9468e768280 100755
--- a/server/src/com/cloud/server/ManagementServer.java
+++ b/server/src/com/cloud/server/ManagementServer.java
@@ -24,13 +24,9 @@ import java.util.List;
import java.util.Map;
import com.cloud.alert.AlertVO;
-import com.cloud.api.commands.AssignPortForwardingServiceCmd;
import com.cloud.api.commands.CreateDomainCmd;
-import com.cloud.api.commands.CreatePortForwardingServiceCmd;
-import com.cloud.api.commands.CreatePortForwardingServiceRuleCmd;
import com.cloud.api.commands.CreateUserCmd;
import com.cloud.api.commands.DeleteDomainCmd;
-import com.cloud.api.commands.DeletePortForwardingServiceCmd;
import com.cloud.api.commands.DeletePreallocatedLunCmd;
import com.cloud.api.commands.DeleteUserCmd;
import com.cloud.api.commands.DeployVMCmd;
@@ -59,9 +55,6 @@ import com.cloud.api.commands.ListIsosCmd;
import com.cloud.api.commands.ListLoadBalancerRuleInstancesCmd;
import com.cloud.api.commands.ListLoadBalancerRulesCmd;
import com.cloud.api.commands.ListPodsByCmd;
-import com.cloud.api.commands.ListPortForwardingServiceRulesCmd;
-import com.cloud.api.commands.ListPortForwardingServicesByVmCmd;
-import com.cloud.api.commands.ListPortForwardingServicesCmd;
import com.cloud.api.commands.ListPreallocatedLunsCmd;
import com.cloud.api.commands.ListPublicIpAddressesCmd;
import com.cloud.api.commands.ListRoutersCmd;
@@ -83,7 +76,6 @@ import com.cloud.api.commands.QueryAsyncJobResultCmd;
import com.cloud.api.commands.RebootSystemVmCmd;
import com.cloud.api.commands.RegisterCmd;
import com.cloud.api.commands.RegisterPreallocatedLunCmd;
-import com.cloud.api.commands.RemovePortForwardingServiceCmd;
import com.cloud.api.commands.StartSystemVMCmd;
import com.cloud.api.commands.StopSystemVmCmd;
import com.cloud.api.commands.UpdateAccountCmd;
@@ -112,7 +104,6 @@ import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientStorageCapacityException;
import com.cloud.exception.InternalErrorException;
import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.StorageUnavailableException;
@@ -121,8 +112,6 @@ import com.cloud.info.ConsoleProxyInfo;
import com.cloud.network.FirewallRuleVO;
import com.cloud.network.IPAddressVO;
import com.cloud.network.LoadBalancerVO;
-import com.cloud.network.NetworkRuleConfigVO;
-import com.cloud.network.SecurityGroupVO;
import com.cloud.network.security.NetworkGroupVO;
import com.cloud.service.ServiceOfferingVO;
import com.cloud.storage.DiskOfferingVO;
@@ -658,13 +647,6 @@ public interface ManagementServer {
*/
IPAddressVO findIPAddressById(String ipAddress);
- /**
- * Search for network rules given the search criteria.
- * @param cmd the command containing the search criteria including port forwarding service id or rule id.
- * @return list of rules for the port forwarding service id specified in the search criteria
- */
- List searchForNetworkRules(ListPortForwardingServiceRulesCmd c) throws InvalidParameterValueException, PermissionDeniedException;
-
/**
* Obtains a list of events by the specified search criteria.
* Can search by: "username", "type", "level", "startDate", "endDate"
@@ -766,25 +748,6 @@ public interface ManagementServer {
*/
void logoutUser(Long userId);
- /**
- * Creates a network rule as part of a port forwarding service. If this port forwarding service has been applied to any virtual
- * machines, the network rules will get sent to the router.
- * @param cmd the command describing the port forwarding service the rule belongs to, the public port, the private port, and the protocol
- * @return a new network rule that is part of the port forwarding service if successful, null otherwise
- * @throws InvalidParameterValueException
- * @throws PermissionDeniedException
- * @throws NetworkRuleConflictException
- * @throws InternalErrorException
- */
- NetworkRuleConfigVO createPortForwardingServiceRule(CreatePortForwardingServiceRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException, NetworkRuleConflictException, InternalErrorException;
-
- /**
- * Apply a port forwarding service rule to all VMs that have the port forwarding service applied
- * @param cmd the command object that wraps the id of the created rule to apply
- * @return the updated rule if successful, null otherwise
- */
- NetworkRuleConfigVO applyPortForwardingServiceRule(CreatePortForwardingServiceRuleCmd cmd) throws NetworkRuleConflictException;
-
ConsoleProxyInfo getConsoleProxy(long dataCenterId, long userVmId);
ConsoleProxyVO startConsoleProxy(long instanceId, long startEventId) throws InternalErrorException;
ConsoleProxyVO stopConsoleProxy(long instanceId, long startEventId);
@@ -1035,71 +998,6 @@ public interface ManagementServer {
*/
List searchForAsyncJobs(ListAsyncJobsCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
- /**
- * Assign a security group to a VM
- * @param cmd the command specifying secuirtyGroupId, securityGroupIdList, publicIp, vmId parameters
- */
- void assignSecurityGroup(AssignPortForwardingServiceCmd cmd) throws PermissionDeniedException, NetworkRuleConflictException, InvalidParameterValueException, InternalErrorException;
-
- /**
- * remove a security group from a publicIp/vmId combination where it had been previously applied
- * @param userId id of the user performing the action (for events)
- * @param securityGroupId the id of the security group to remove
- * @param publicIp
- * @param vmId
- */
- void removeSecurityGroup(long userId, long securityGroupId, String publicIp, long vmId, long startEventId) throws InvalidParameterValueException, PermissionDeniedException;
- void removeSecurityGroup(RemovePortForwardingServiceCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
-
- /**
- * validate that the list of security groups can be applied to the instance
- * @param securityGroupIds
- * @param instanceId
- * @return accountId that owns the instance if the security groups can be applied to the instance, null otherwise
- */
- Long validateSecurityGroupsAndInstance(List securityGroupIds, Long instanceId);
-
- /**
- * returns a list of security groups
- * @param cmd
- * @return a list of security groups
- */
- List searchForSecurityGroups(ListPortForwardingServicesCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
-
- /**
- * returns a list of security groups from a given ip and vm id
- * @param c
- * @return a list of security groups
- */
- Map> searchForSecurityGroupsByVM(ListPortForwardingServicesByVmCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
-
- /**
- * Create a security group, a group of network rules (port, private port, protocol, algorithm) that can be applied in mass to a VM
- * @param cmd the command specifying name, description, domainId, account parameters
- * @return
- */
- SecurityGroupVO createPortForwardingService(CreatePortForwardingServiceCmd cmd) throws InvalidParameterValueException;
-
- /**
- * Delete a security group. If the group is being actively used, it cannot be deleted.
- * @param cmd - the command containing securityGroupId
- * @return true if the security group is deleted, exception is thrown otherwise
- * @throws InvalidParameterValueException, PermissionDeniedException
- */
- boolean deleteSecurityGroup(DeletePortForwardingServiceCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
-
- /**
- * check if a security group name in the given account/domain is in use
- * - if accountId is specified, look only for the account
- * - otherwise look for the name in domain-level security groups (accountId is null)
- * @param domainId id of the domain in which to search for security groups
- * @param accountId id of the account in which to search for security groups
- * @param name name of the security group to look for
- * @return true if the security group name is found, false otherwise
- */
- boolean isSecurityGroupNameInUse(Long domainId, Long accountId, String name);
- SecurityGroupVO findSecurityGroupById(Long groupId);
-
LoadBalancerVO findLoadBalancer(Long accountId, String name);
LoadBalancerVO findLoadBalancerById(long loadBalancerId);
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index adf6fc98160..9571f7e46ca 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -64,13 +64,9 @@ import com.cloud.alert.dao.AlertDao;
import com.cloud.api.ApiDBUtils;
import com.cloud.api.BaseCmd;
import com.cloud.api.ServerApiException;
-import com.cloud.api.commands.AssignPortForwardingServiceCmd;
import com.cloud.api.commands.CreateDomainCmd;
-import com.cloud.api.commands.CreatePortForwardingServiceCmd;
-import com.cloud.api.commands.CreatePortForwardingServiceRuleCmd;
import com.cloud.api.commands.CreateUserCmd;
import com.cloud.api.commands.DeleteDomainCmd;
-import com.cloud.api.commands.DeletePortForwardingServiceCmd;
import com.cloud.api.commands.DeletePreallocatedLunCmd;
import com.cloud.api.commands.DeleteUserCmd;
import com.cloud.api.commands.DeployVMCmd;
@@ -99,9 +95,6 @@ import com.cloud.api.commands.ListIsosCmd;
import com.cloud.api.commands.ListLoadBalancerRuleInstancesCmd;
import com.cloud.api.commands.ListLoadBalancerRulesCmd;
import com.cloud.api.commands.ListPodsByCmd;
-import com.cloud.api.commands.ListPortForwardingServiceRulesCmd;
-import com.cloud.api.commands.ListPortForwardingServicesByVmCmd;
-import com.cloud.api.commands.ListPortForwardingServicesCmd;
import com.cloud.api.commands.ListPreallocatedLunsCmd;
import com.cloud.api.commands.ListPublicIpAddressesCmd;
import com.cloud.api.commands.ListRoutersCmd;
@@ -123,7 +116,6 @@ import com.cloud.api.commands.QueryAsyncJobResultCmd;
import com.cloud.api.commands.RebootSystemVmCmd;
import com.cloud.api.commands.RegisterCmd;
import com.cloud.api.commands.RegisterPreallocatedLunCmd;
-import com.cloud.api.commands.RemovePortForwardingServiceCmd;
import com.cloud.api.commands.StartSystemVMCmd;
import com.cloud.api.commands.StopSystemVmCmd;
import com.cloud.api.commands.UpdateAccountCmd;
@@ -139,7 +131,6 @@ import com.cloud.api.commands.UpdateUserCmd;
import com.cloud.api.commands.UpdateVMGroupCmd;
import com.cloud.api.commands.UploadCustomCertificateCmd;
import com.cloud.api.response.ExtractResponse;
-import com.cloud.async.AsyncInstanceCreateStatus;
import com.cloud.async.AsyncJobExecutor;
import com.cloud.async.AsyncJobManager;
import com.cloud.async.AsyncJobResult;
@@ -185,7 +176,6 @@ import com.cloud.exception.InsufficientAddressCapacityException;
import com.cloud.exception.InsufficientStorageCapacityException;
import com.cloud.exception.InternalErrorException;
import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.OperationTimedoutException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceAllocationException;
@@ -201,21 +191,14 @@ import com.cloud.network.IPAddressVO;
import com.cloud.network.LoadBalancerVMMapVO;
import com.cloud.network.LoadBalancerVO;
import com.cloud.network.NetworkManager;
-import com.cloud.network.NetworkRuleConfigVO;
-import com.cloud.network.SecurityGroupVMMapVO;
-import com.cloud.network.SecurityGroupVO;
import com.cloud.network.dao.FirewallRulesDao;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.LoadBalancerDao;
import com.cloud.network.dao.LoadBalancerVMMapDao;
-import com.cloud.network.dao.NetworkRuleConfigDao;
-import com.cloud.network.dao.SecurityGroupDao;
-import com.cloud.network.dao.SecurityGroupVMMapDao;
import com.cloud.network.security.NetworkGroupManager;
import com.cloud.network.security.NetworkGroupVO;
import com.cloud.network.security.dao.NetworkGroupDao;
import com.cloud.offering.NetworkOffering;
-import com.cloud.offering.NetworkOffering.GuestIpType;
import com.cloud.offering.ServiceOffering;
import com.cloud.server.auth.UserAuthenticator;
import com.cloud.service.ServiceOfferingVO;
@@ -280,7 +263,6 @@ import com.cloud.utils.EnumUtils;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.Pair;
import com.cloud.utils.PasswordGenerator;
-import com.cloud.utils.StringUtils;
import com.cloud.utils.component.Adapters;
import com.cloud.utils.component.ComponentLocator;
import com.cloud.utils.concurrency.NamedThreadFactory;
@@ -321,11 +303,8 @@ public class ManagementServerImpl implements ManagementServer {
private final AgentManager _agentMgr;
private final ConfigurationManager _configMgr;
private final FirewallRulesDao _firewallRulesDao;
- private final SecurityGroupDao _securityGroupDao;
private final NetworkGroupDao _networkSecurityGroupDao;
private final LoadBalancerDao _loadBalancerDao;
- private final NetworkRuleConfigDao _networkRuleConfigDao;
- private final SecurityGroupVMMapDao _securityGroupVMMapDao;
private final IPAddressDao _publicIpAddressDao;
private final DataCenterIpAddressDaoImpl _privateIpAddressDao;
private final LoadBalancerVMMapDao _loadBalancerVMMapDao;
@@ -429,11 +408,8 @@ public class ManagementServerImpl implements ManagementServer {
_secStorageVmMgr = locator.getManager(SecondaryStorageVmManager.class);
_storageMgr = locator.getManager(StorageManager.class);
_firewallRulesDao = locator.getDao(FirewallRulesDao.class);
- _securityGroupDao = locator.getDao(SecurityGroupDao.class);
_networkSecurityGroupDao = locator.getDao(NetworkGroupDao.class);
_loadBalancerDao = locator.getDao(LoadBalancerDao.class);
- _networkRuleConfigDao = locator.getDao(NetworkRuleConfigDao.class);
- _securityGroupVMMapDao = locator.getDao(SecurityGroupVMMapDao.class);
_publicIpAddressDao = locator.getDao(IPAddressDao.class);
_privateIpAddressDao = locator.getDao(DataCenterIpAddressDaoImpl.class);
_loadBalancerVMMapDao = locator.getDao(LoadBalancerVMMapDao.class);
@@ -919,19 +895,6 @@ public class ManagementServerImpl implements ManagementServer {
accountCleanupNeeded = true;
}
- List securityGroups = _securityGroupDao.listByAccountId(accountId);
- if (securityGroups != null) {
- for (SecurityGroupVO securityGroup : securityGroups) {
- // All vm instances have been destroyed, delete the security group -> instance_id mappings
- SearchCriteria sc = _securityGroupVMMapDao.createSearchCriteria();
- sc.addAnd("securityGroupId", SearchCriteria.Op.EQ, securityGroup.getId());
- _securityGroupVMMapDao.expunge(sc);
-
- // now clean the network rules and security groups themselves
- _networkRuleConfigDao.deleteBySecurityGroup(securityGroup.getId());
- _securityGroupDao.remove(securityGroup.getId());
- }
- }
// Delete the account's VLANs
List accountVlans = _vlanDao.listVlansForAccountByType(null, accountId, VlanType.DirectAttached);
@@ -2010,607 +1973,8 @@ public class ManagementServerImpl implements ManagementServer {
throw new InvalidParameterValueException("Invalid protocol");
}
}
+
- @Override
- @DB
- public void assignSecurityGroup(AssignPortForwardingServiceCmd cmd) throws PermissionDeniedException,
- NetworkRuleConflictException, InvalidParameterValueException, InternalErrorException {
- Long userId = UserContext.current().getUserId();
- Account account = UserContext.current().getAccount();
- Long securityGroupId = cmd.getId();
- List sgIdList = cmd.getIds();
- String publicIp = cmd.getPublicIp();
- Long vmId = cmd.getVirtualMachineId();
-
- //Verify input parameters
- if ((securityGroupId == null) && (sgIdList == null)) {
- throw new ServerApiException(BaseCmd.PARAM_ERROR, "No service id (or list of ids) specified.");
- }
-
-
- if (userId == null) {
- userId = Long.valueOf(1);
- }
-
- List validateSGList = null;
- if (securityGroupId == null) {
- validateSGList = sgIdList;
- } else {
- validateSGList = new ArrayList();
- validateSGList.add(securityGroupId);
- }
- Long validatedAccountId = validateSecurityGroupsAndInstance(validateSGList, vmId);
- if (validatedAccountId == null) {
- throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to apply port forwarding services " + StringUtils.join(sgIdList, ",") + " to instance " + vmId + ". Invalid list of port forwarding services for the given instance.");
- }
- if (account != null) {
- if (!isAdmin(account.getType()) && (account.getId() != validatedAccountId.longValue())) {
- throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Permission denied applying port forwarding services " + StringUtils.join(sgIdList, ",") + " to instance " + vmId + ".");
- } else {
- Account validatedAccount = findAccountById(validatedAccountId);
- if (!isChildDomain(account.getDomainId(), validatedAccount.getDomainId())) {
- throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Permission denied applying port forwarding services " + StringUtils.join(sgIdList, ",") + " to instance " + vmId + ".");
- }
- }
- }
-
- UserVm userVm = _userVmDao.findById(vmId);
- if (userVm == null) {
- s_logger.warn("Unable to find virtual machine with id " + vmId);
- throw new InvalidParameterValueException("Unable to find virtual machine with id " + vmId);
- }
- long startEventId = EventUtils.saveScheduledEvent(userId, userVm.getAccountId(), EventTypes.EVENT_PORT_FORWARDING_SERVICE_APPLY, "applying port forwarding service for Vm with Id: "+vmId);
-
- boolean locked = false;
- Transaction txn = Transaction.currentTxn();
- try {
- EventUtils.saveStartedEvent(userId, userVm.getAccountId(), EventTypes.EVENT_PORT_FORWARDING_SERVICE_APPLY, "Applying port forwarding service for Vm with Id: "+vmId, startEventId);
- State vmState = userVm.getState();
- switch (vmState) {
- case Destroyed:
- case Error:
- case Expunging:
- case Unknown:
- throw new InvalidParameterValueException("Unable to assign port forwarding service(s) '"
- + ((securityGroupId == null) ? StringUtils.join(sgIdList, ",") : securityGroupId) + "' to virtual machine " + vmId
- + " due to virtual machine being in an invalid state for assigning a port forwarding service (" + vmState + ")");
- }
-
- // sanity check that the vm can be applied to the load balancer
- ServiceOfferingVO offering = _offeringsDao.findById(userVm.getServiceOfferingId());
- if ((offering == null) || !NetworkOffering.GuestIpType.Virtualized.equals(offering.getGuestIpType())) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("Unable to apply port forwarding service to virtual machine " + userVm.toString() + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")");
- }
-
- throw new InvalidParameterValueException("Unable to apply port forwarding service to virtual machine " + userVm.toString() + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")");
- }
-
- DomainRouterVO router = null;
- if (userVm.getDomainRouterId() != null)
- router = _routerDao.findById(userVm.getDomainRouterId());
- if (router == null) {
- s_logger.warn("Unable to find router (" + userVm.getDomainRouterId() + ") for virtual machine " + userVm.toString());
- throw new InvalidParameterValueException("Unable to find router (" + userVm.getDomainRouterId() + ") for virtual machine with id " + vmId);
- }
-
- IPAddressVO ipVO = _publicIpAddressDao.acquire(publicIp);
- if (ipVO == null) {
- // throw this exception because hackers can use the api to probe for allocated ips
- throw new PermissionDeniedException("User does not own supplied address");
- }
- locked = true;
-
- if ((ipVO.getAllocated() == null) || (ipVO.getAccountId() == null) || (ipVO.getAccountId().longValue() != userVm.getAccountId())) {
- throw new PermissionDeniedException("User does not own supplied address");
- }
-
- VlanVO vlan = _vlanDao.findById(ipVO.getVlanDbId());
- if (!VlanType.VirtualNetwork.equals(vlan.getVlanType())) {
- throw new InvalidParameterValueException("Invalid IP address " + publicIp + " for applying port forwarding services, the IP address is not in a 'virtual network' vlan.");
- }
-
- txn.start();
-
- if (securityGroupId == null) {
- // - send one command to agent to remove *all* rules for
- // publicIp/vm combo
- // - add back all rules based on list passed in
- List fwRulesToRemove = _firewallRulesDao.listForwardingByPubAndPrivIp(true, publicIp, userVm.getGuestIpAddress());
- {
- // Save and create the event
- String description;
- String type = EventTypes.EVENT_NET_RULE_DELETE;
- String level = EventVO.LEVEL_INFO;
-
- for (FirewallRuleVO fwRule : fwRulesToRemove) {
- fwRule.setEnabled(false); // disable rule for sending to the agent
- _firewallRulesDao.remove(fwRule.getId()); // remove the rule from the database
-
- description = "deleted ip forwarding rule [" + fwRule.getPublicIpAddress() + ":" + fwRule.getPublicPort() + "]->[" + fwRule.getPrivateIpAddress() + ":"
- + fwRule.getPrivatePort() + "]" + " " + fwRule.getProtocol();
-
- EventUtils.saveEvent(userId, userVm.getAccountId(), level, type, description);
- }
- }
-
- List updatedRules = _networkMgr.updateFirewallRules(null, fwRulesToRemove, router);
- if ((updatedRules != null) && (updatedRules.size() != fwRulesToRemove.size())) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("Unable to clean up all port forwarding service rules for public IP " + publicIp + " and guest vm " + userVm.getName()
- + " while applying port forwarding service(s) '" + ((securityGroupId == null) ? StringUtils.join(sgIdList, ",") : securityGroupId) + "'"
- + " -- intended to remove " + fwRulesToRemove.size() + " rules, removd " + ((updatedRules == null) ? "null" : updatedRules.size()) + " rules.");
- }
- }
-
- List sgVmMappings = _securityGroupVMMapDao.listByIpAndInstanceId(publicIp, vmId);
- for (SecurityGroupVMMapVO sgVmMapping : sgVmMappings) {
- boolean success = _securityGroupVMMapDao.remove(sgVmMapping.getId());
-
- SecurityGroupVO securityGroup = _securityGroupDao.findById(sgVmMapping.getSecurityGroupId());
-
- // save off an event for removing the security group
- EventVO event = new EventVO();
- event.setUserId(userId);
- event.setAccountId(userVm.getAccountId());
- event.setType(EventTypes.EVENT_PORT_FORWARDING_SERVICE_REMOVE);
- String sgRemoveLevel = EventVO.LEVEL_INFO;
- String sgRemoveDesc = "Successfully removed ";
- if (!success) {
- sgRemoveLevel = EventVO.LEVEL_ERROR;
- sgRemoveDesc = "Failed to remove ";
- }
- String params = "sgId="+securityGroup.getId()+"\nvmId="+vmId;
- event.setParameters(params);
- event.setDescription(sgRemoveDesc + "port forwarding service " + securityGroup.getName() + " from virtual machine " + userVm.getName());
- event.setLevel(sgRemoveLevel);
- _eventDao.persist(event);
- }
- } else {
- List existingVMMaps = _securityGroupVMMapDao.listBySecurityGroup(securityGroupId.longValue());
- if ((existingVMMaps != null) && !existingVMMaps.isEmpty()) {
- for (SecurityGroupVMMapVO existingVMMap : existingVMMaps) {
- if (existingVMMap.getInstanceId() == userVm.getId()) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("port forwarding service " + securityGroupId + " is already applied to virtual machine " + userVm.toString() + ", skipping assignment.");
- }
- return;
- }
- }
- }
- }
-
- List finalSecurityGroupIdList = new ArrayList();
- if (securityGroupId != null) {
- finalSecurityGroupIdList.add(securityGroupId);
- } else {
- finalSecurityGroupIdList.addAll(sgIdList);
- }
-
- for (Long sgId : finalSecurityGroupIdList) {
- if (sgId.longValue() == 0) {
- // group id of 0 means to remove all groups, which we just did above
- break;
- }
-
- SecurityGroupVO securityGroup = _securityGroupDao.findById(Long.valueOf(sgId));
- if (securityGroup == null) {
- s_logger.warn("Unable to find port forwarding service with id " + sgId);
- throw new InvalidParameterValueException("Unable to find port forwarding service with id " + sgId);
- }
-
- if (!_domainDao.isChildDomain(securityGroup.getDomainId(), userVm.getDomainId())) {
- s_logger.warn("Unable to assign port forwarding service " + sgId + " to user vm " + vmId + ", user vm's domain (" + userVm.getDomainId()
- + ") is not in the domain of the port forwarding service (" + securityGroup.getDomainId() + ")");
- throw new InvalidParameterValueException("Unable to assign port forwarding service " + sgId + " to user vm " + vmId + ", user vm's domain (" + userVm.getDomainId()
- + ") is not in the domain of the port forwarding service (" + securityGroup.getDomainId() + ")");
- }
-
- // check for ip address/port conflicts by checking exising forwarding and loadbalancing rules
- List existingRulesOnPubIp = _firewallRulesDao.listIPForwarding(publicIp);
- Map> mappedPublicPorts = new HashMap>();
-
- if (existingRulesOnPubIp != null) {
- for (FirewallRuleVO fwRule : existingRulesOnPubIp) {
- mappedPublicPorts.put(fwRule.getPublicPort(), new Pair(fwRule.getPrivateIpAddress(), fwRule.getPrivatePort()));
- }
- }
-
- List loadBalancers = _loadBalancerDao.listByIpAddress(publicIp);
- if (loadBalancers != null) {
- for (LoadBalancerVO loadBalancer : loadBalancers) {
- // load balancers don't have to be applied to an
- // instance for there to be a conflict on the load
- // balancers ip/port, so just
- // map the public port to a pair of empty strings
- mappedPublicPorts.put(loadBalancer.getPublicPort(), new Pair("", ""));
- }
- }
-
- List firewallRulesToApply = new ArrayList();
- List netRules = _networkRuleConfigDao.listBySecurityGroupId(sgId);
- for (NetworkRuleConfigVO netRule : netRules) {
- Pair privateIpPort = mappedPublicPorts.get(netRule.getPublicPort());
- if (privateIpPort != null) {
- if (privateIpPort.first().equals(userVm.getGuestIpAddress()) && privateIpPort.second().equals(netRule.getPrivatePort())) {
- continue; // already mapped
- } else {
- throw new NetworkRuleConflictException("An existing service rule for " + publicIp + ":" + netRule.getPublicPort()
- + " already exists, found while trying to apply service rule " + netRule.getId() + " from port forwarding service " + securityGroup.getName() + ".");
- }
- }
-
- FirewallRuleVO newFwRule = new FirewallRuleVO();
- newFwRule.setEnabled(true);
- newFwRule.setForwarding(true);
- newFwRule.setPrivatePort(netRule.getPrivatePort());
- newFwRule.setProtocol(netRule.getProtocol());
- newFwRule.setPublicPort(netRule.getPublicPort());
- newFwRule.setPublicIpAddress(publicIp);
- newFwRule.setPrivateIpAddress(userVm.getGuestIpAddress());
- newFwRule.setGroupId(netRule.getSecurityGroupId());
-
- firewallRulesToApply.add(newFwRule);
- _firewallRulesDao.persist(newFwRule);
-
- String description = "created new ip forwarding rule [" + newFwRule.getPublicIpAddress() + ":" + newFwRule.getPublicPort() + "]->["
- + newFwRule.getPrivateIpAddress() + ":" + newFwRule.getPrivatePort() + "]" + " " + newFwRule.getProtocol();
-
- EventUtils.saveEvent(userId, userVm.getAccountId(), EventVO.LEVEL_INFO, EventTypes.EVENT_NET_RULE_ADD, description);
- }
-
- // now that individual rules have been created from the security group, save the security group mapping for this ip/vm instance
- SecurityGroupVMMapVO sgVmMap = new SecurityGroupVMMapVO(sgId, publicIp, vmId);
- _securityGroupVMMapDao.persist(sgVmMap);
-
- // Save off information for the event that the security group was applied
- EventVO event = new EventVO();
- event.setUserId(userId);
- event.setAccountId(userVm.getAccountId());
- event.setType(EventTypes.EVENT_PORT_FORWARDING_SERVICE_APPLY);
- event.setStartId(startEventId);
- event.setDescription("Successfully applied port forwarding service " + securityGroup.getName() + " to virtual machine " + userVm.getName());
- String params = "sgId="+securityGroup.getId()+"\nvmId="+vmId+"\nnumRules="+firewallRulesToApply.size()+"\ndcId="+userVm.getDataCenterId();
- event.setParameters(params);
- event.setLevel(EventVO.LEVEL_INFO);
- _eventDao.persist(event);
-
- _networkMgr.updateFirewallRules(publicIp, firewallRulesToApply, router);
- }
-
- txn.commit();
- } catch (Throwable e) {
- txn.rollback();
- if (e instanceof NetworkRuleConflictException) {
- throw (NetworkRuleConflictException) e;
- } else if (e instanceof InvalidParameterValueException) {
- throw (InvalidParameterValueException) e;
- } else if (e instanceof PermissionDeniedException) {
- throw (PermissionDeniedException) e;
- } else if (e instanceof InternalErrorException) {
- s_logger.warn("ManagementServer error", e);
- throw (InternalErrorException) e;
- }
- s_logger.warn("ManagementServer error", e);
- } finally {
- if (locked) {
- _publicIpAddressDao.release(publicIp);
- }
- }
- }
-
- @Override
- public void removeSecurityGroup(RemovePortForwardingServiceCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
-
- Account account = UserContext.current().getAccount();
- Long userId = UserContext.current().getUserId();
- Long securityGroupId = cmd.getId();
- String publicIp = cmd.getPublicIp();
- Long vmId = cmd.getVirtualMachineId();
-
- //verify input parameters
- SecurityGroupVO securityG = _securityGroupDao.findById(securityGroupId);
- if (securityG == null) {
- throw new ServerApiException(BaseCmd.PARAM_ERROR, "unable to find a port forwarding service with id " + securityGroupId);
- } else if (account != null) {
- if (!isAdmin(account.getType()) && (account.getId() != securityG.getAccountId())) {
- throw new ServerApiException(BaseCmd.PARAM_ERROR, "unable to find a port forwarding service with id " + securityGroupId + " for this account");
- } else if (!isChildDomain(account.getDomainId(), securityG.getDomainId())) {
- throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid port forwarding service id (" + securityGroupId + ") given, unable to remove port forwarding service.");
- }
- }
-
- UserVmVO vmInstance = findUserVMInstanceById(vmId.longValue());
- if (vmInstance == null) {
- throw new ServerApiException(BaseCmd.VM_INVALID_PARAM_ERROR, "unable to find a virtual machine with id " + vmId);
- }
- if (account != null) {
- if (!isAdmin(account.getType()) && (account.getId() != vmInstance.getAccountId())) {
- throw new ServerApiException(BaseCmd.VM_INVALID_PARAM_ERROR, "unable to find a virtual machine with id " + vmId + " for this account");
- } else if (!isChildDomain(account.getDomainId(), vmInstance.getDomainId())) {
- throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid virtual machine id (" + vmId + ") given, unable to remove port forwarding service.");
- }
- }
-
- Account ipAddrAccount = findAccountByIpAddress(publicIp);
- if (ipAddrAccount == null) {
- if (account == null) {
- throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find ip address " + publicIp);
- } else {
- throw new ServerApiException(BaseCmd.PARAM_ERROR, "account " + account.getAccountName() + " doesn't own ip address " + publicIp);
- }
- }
-
- Long accountId = ipAddrAccount.getId();
- if ((account != null) && !isAdmin(account.getType())) {
- if (account.getId() != accountId) {
- throw new ServerApiException(BaseCmd.PARAM_ERROR, "account " + account.getAccountName() + " doesn't own ip address " + publicIp);
- }
- }
-
- if (userId == null) {
- userId = Long.valueOf(1);
- }
-
- long eventId = EventUtils.saveScheduledEvent(userId, vmInstance.getAccountId(), EventTypes.EVENT_PORT_FORWARDING_SERVICE_REMOVE, "removing port forwarding services for Vm with Id: "+vmId);
-
- /*TODO : ASK KRIS AS TO WHAT DO WE DO WITH THIS PART IN THE EXECUTOR CODE
- UserVmVO userVm = userVmDao.findById(param.getInstanceId());
- if(userVm == null)
- return null;
-
- if (userVm.getDomainRouterId() == null) {
- return null;
- } else
- return routerDao.findById(userVm.getDomainRouterId());
- */
- removeSecurityGroup(userId, securityGroupId, publicIp, vmId, eventId);
- }
-
- @Override
- @DB
- public void removeSecurityGroup(long userId, long securityGroupId, String publicIp, long vmId, long startEventId) throws InvalidParameterValueException, PermissionDeniedException {
- // This gets complicated with overlapping rules. As an example:
- // security group 1 has the following port mappings: 22->22 on TCP,
- // 23->23 on TCP, 80->8080 on TCP
- // security group 2 has the following port mappings: 22->22 on TCP,
- // 7891->7891 on TCP
- // User assigns group 1 & 2 on 192.168.10.120 to vm 1
- // Later, user removed group 1 from 192.168.10.120 and vm 1
- // Final valid port mappings should be 22->22 and 7891->7891 which both
- // come from security group 2. The mapping
- // for port 22 should not be removed.
- boolean locked = false;
- UserVm userVm = _userVmDao.findById(vmId);
- if (userVm == null) {
- throw new InvalidParameterValueException("Unable to find vm: " + vmId);
- }
- EventUtils.saveStartedEvent(userId, userVm.getAccountId(), EventTypes.EVENT_PORT_FORWARDING_SERVICE_REMOVE, "Removing port forwarding services for Vm with Id: "+vmId, startEventId);
- SecurityGroupVO securityGroup = _securityGroupDao.findById(Long.valueOf(securityGroupId));
- if (securityGroup == null) {
- throw new InvalidParameterValueException("Unable to find port forwarding service: " + securityGroupId);
- }
-
- DomainRouterVO router = null;
- if (userVm.getDomainRouterId() != null)
- router = _routerDao.findById(userVm.getDomainRouterId());
- if (router == null) {
- throw new InvalidParameterValueException("Unable to find router for ip address: " + publicIp);
- }
-
- Transaction txn = Transaction.currentTxn();
- try {
- IPAddressVO ipVO = _publicIpAddressDao.acquire(publicIp);
- if (ipVO == null) {
- // throw this exception because hackers can use the api to probe
- // for allocated ips
- throw new PermissionDeniedException("User does not own supplied address");
- }
-
- locked = true;
- if ((ipVO.getAllocated() == null) || (ipVO.getAccountId() == null) || (ipVO.getAccountId().longValue() != userVm.getAccountId())) {
- throw new PermissionDeniedException("User/account does not own supplied address");
- }
-
- txn.start();
-
- // get the account for writing events
- Account account = _accountDao.findById(userVm.getAccountId());
- {
- // - send one command to agent to remove *all* rules for
- // publicIp/vm combo
- // - add back all rules based on existing SG mappings
- List fwRulesToRemove = _firewallRulesDao.listForwardingByPubAndPrivIp(true, publicIp, userVm.getGuestIpAddress());
- for (FirewallRuleVO fwRule : fwRulesToRemove) {
- fwRule.setEnabled(false);
- }
-
- List updatedRules = _networkMgr.updateFirewallRules(null, fwRulesToRemove, router);
-
- // Save and create the event
- String description;
- String type = EventTypes.EVENT_NET_RULE_DELETE;
- String ruleName = "ip forwarding";
- String level = EventVO.LEVEL_INFO;
-
- for (FirewallRuleVO fwRule : updatedRules) {
- _firewallRulesDao.remove(fwRule.getId());
-
- description = "deleted " + ruleName + " rule [" + fwRule.getPublicIpAddress() + ":" + fwRule.getPublicPort() + "]->[" + fwRule.getPrivateIpAddress() + ":"
- + fwRule.getPrivatePort() + "]" + " " + fwRule.getProtocol();
-
- EventUtils.saveEvent(userId, account.getId(), level, type, description);
- }
- }
-
- // since we know these groups all pass muster, just keep track
- // of the public ports we are mapping on this public IP and
- // don't duplicate
- List alreadyMappedPorts = new ArrayList();
- List fwRulesToAdd = new ArrayList();
- List sgVmMappings = _securityGroupVMMapDao.listByIpAndInstanceId(publicIp, vmId);
- for (SecurityGroupVMMapVO sgVmMapping : sgVmMappings) {
- if (sgVmMapping.getSecurityGroupId() == securityGroupId) {
- _securityGroupVMMapDao.remove(sgVmMapping.getId());
- } else {
- List netRules = _networkRuleConfigDao.listBySecurityGroupId(sgVmMapping.getSecurityGroupId());
- for (NetworkRuleConfigVO netRule : netRules) {
- if (!alreadyMappedPorts.contains(netRule.getPublicPort())) {
- FirewallRuleVO newFwRule = new FirewallRuleVO();
- newFwRule.setEnabled(true);
- newFwRule.setForwarding(true);
- newFwRule.setPrivatePort(netRule.getPrivatePort());
- newFwRule.setProtocol(netRule.getProtocol());
- newFwRule.setPublicPort(netRule.getPublicPort());
- newFwRule.setPublicIpAddress(publicIp);
- newFwRule.setPrivateIpAddress(userVm.getGuestIpAddress());
- newFwRule.setGroupId(netRule.getSecurityGroupId());
-
- fwRulesToAdd.add(newFwRule);
-
- alreadyMappedPorts.add(netRule.getPublicPort());
- }
- }
- }
- }
-
- for (FirewallRuleVO addedRule : fwRulesToAdd) {
- _firewallRulesDao.persist(addedRule);
-
- String description = "created new ip forwarding rule [" + addedRule.getPublicIpAddress() + ":" + addedRule.getPublicPort() + "]->["
- + addedRule.getPrivateIpAddress() + ":" + addedRule.getPrivatePort() + "]" + " " + addedRule.getProtocol();
-
- EventUtils.saveEvent(userId, account.getId(), EventVO.LEVEL_INFO, EventTypes.EVENT_NET_RULE_ADD, description);
- }
-
- // save off an event for removing the security group
- EventVO event = new EventVO();
- event.setUserId(userId);
- event.setAccountId(userVm.getAccountId());
- event.setType(EventTypes.EVENT_PORT_FORWARDING_SERVICE_REMOVE);
- event.setDescription("Successfully removed port forwarding service " + securityGroup.getName() + " from virtual machine " + userVm.getName());
- event.setLevel(EventVO.LEVEL_INFO);
- String params = "sgId="+securityGroup.getId()+"\nvmId="+vmId;
- event.setParameters(params);
- _eventDao.persist(event);
-
- _networkMgr.updateFirewallRules(publicIp, fwRulesToAdd, router);
-
- txn.commit();
- } catch (Exception ex) {
- txn.rollback();
- throw new CloudRuntimeException("Unhandled exception", ex);
- } finally {
- if (locked) {
- _publicIpAddressDao.release(publicIp);
- }
- }
- }
-
- @Override
- public Long validateSecurityGroupsAndInstance(List securityGroupIds, Long instanceId) {
- if ((securityGroupIds == null) || securityGroupIds.isEmpty() || (instanceId == null)) {
- return null;
- }
-
- List securityGroups = new ArrayList();
- for (Long securityGroupId : securityGroupIds) {
- if (securityGroupId.longValue() == 0) {
- continue;
- }
- SecurityGroupVO securityGroup = _securityGroupDao.findById(securityGroupId);
- if (securityGroup == null) {
- return null;
- }
- securityGroups.add(securityGroup);
- }
-
- UserVm userVm = _userVmDao.findById(instanceId);
- if (userVm == null) {
- return null;
- }
-
- long accountId = userVm.getAccountId();
- for (SecurityGroupVO securityGroup : securityGroups) {
- Long sgAccountId = securityGroup.getAccountId();
- if ((sgAccountId != null) && (sgAccountId.longValue() != accountId)) {
- return null;
- }
- }
- return Long.valueOf(accountId);
- }
-
- private FirewallRuleVO createFirewallRule(long userId, String ipAddress, UserVm userVm, String publicPort, String privatePort, String protocol, Long securityGroupId) throws NetworkRuleConflictException {
- // sanity check that the vm can be applied to the load balancer
- ServiceOfferingVO offering = _offeringsDao.findById(userVm.getServiceOfferingId());
- if ((offering == null) || !GuestIpType.Virtualized.equals(offering.getGuestIpType())) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("Unable to create port forwarding rule (" + protocol + ":" + publicPort + "->" + privatePort+ ") for virtual machine " + userVm.toString() + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")");
- }
-
- throw new IllegalArgumentException("Unable to create port forwarding rule (" + protocol + ":" + publicPort + "->" + privatePort+ ") for virtual machine " + userVm.toString() + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")");
- }
-
- // check for ip address/port conflicts by checking existing forwarding and load balancing rules
- List existingRulesOnPubIp = _firewallRulesDao.listIPForwarding(ipAddress);
- Map> mappedPublicPorts = new HashMap>();
-
- if (existingRulesOnPubIp != null) {
- for (FirewallRuleVO fwRule : existingRulesOnPubIp) {
- mappedPublicPorts.put(fwRule.getPublicPort(), new Pair(fwRule.getPrivateIpAddress(), fwRule.getPrivatePort()));
- }
- }
-
- Pair privateIpPort = mappedPublicPorts.get(publicPort);
- if (privateIpPort != null) {
- if (privateIpPort.first().equals(userVm.getGuestIpAddress()) && privateIpPort.second().equals(privatePort)) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("skipping the creating of firewall rule " + ipAddress + ":" + publicPort + " to " + userVm.getGuestIpAddress() + ":" + privatePort + "; rule already exists.");
- }
- return null; // already mapped
- } else {
- throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + publicPort
- + " already exists, found while trying to create mapping to " + userVm.getGuestIpAddress() + ":" + privatePort + ((securityGroupId == null) ? "." : " from port forwarding service "
- + securityGroupId.toString() + "."));
- }
- }
-
- FirewallRuleVO newFwRule = new FirewallRuleVO();
- newFwRule.setEnabled(true);
- newFwRule.setForwarding(true);
- newFwRule.setPrivatePort(privatePort);
- newFwRule.setProtocol(protocol);
- newFwRule.setPublicPort(publicPort);
- newFwRule.setPublicIpAddress(ipAddress);
- newFwRule.setPrivateIpAddress(userVm.getGuestIpAddress());
- newFwRule.setGroupId(securityGroupId);
-
- // In 1.0 the rules were always persisted when a user created a rule. When the rules get sent down
- // the stopOnError parameter is set to false, so the agent will apply all rules that it can. That
- // behavior is preserved here by persisting the rule before sending it to the agent.
- _firewallRulesDao.persist(newFwRule);
-
- boolean success = _networkMgr.updateFirewallRule(newFwRule, null, null);
-
- // Save and create the event
- String description;
- String ruleName = "ip forwarding";
- String level = EventVO.LEVEL_INFO;
- Account account = _accountDao.findById(userVm.getAccountId());
-
- if (success == true) {
- description = "created new " + ruleName + " rule [" + newFwRule.getPublicIpAddress() + ":" + newFwRule.getPublicPort() + "]->["
- + newFwRule.getPrivateIpAddress() + ":" + newFwRule.getPrivatePort() + "]" + " " + newFwRule.getProtocol();
- } else {
- level = EventVO.LEVEL_ERROR;
- description = "failed to create new " + ruleName + " rule [" + newFwRule.getPublicIpAddress() + ":" + newFwRule.getPublicPort() + "]->["
- + newFwRule.getPrivateIpAddress() + ":" + newFwRule.getPrivatePort() + "]" + " " + newFwRule.getProtocol();
- }
-
- EventUtils.saveEvent(Long.valueOf(userId), account.getId(), level, EventTypes.EVENT_NET_RULE_ADD, description);
-
- return newFwRule;
- }
@Override
public List getEvents(long userId, long accountId, Long domainId, String type, String level, Date startDate, Date endDate) {
@@ -3827,81 +3191,6 @@ public class ManagementServerImpl implements ManagementServer {
return _publicIpAddressDao.findById(ipAddress);
}
- @Override
- public List searchForNetworkRules(ListPortForwardingServiceRulesCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
- Long accountId = null;
- Account account = UserContext.current().getAccount();
- Long domainId = cmd.getDomainId();
- String accountName = cmd.getAccountName();
- Long groupId = cmd.getPortForwardingServiceId();
-
- if ((account == null) || isAdmin(account.getType())) {
- if (domainId != null) {
- if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
- throw new PermissionDeniedException("Unable to list port forwarding service rules for domain " + domainId + ", permission denied.");
- }
- if (accountName != null) {
- Account userAcct = _accountDao.findActiveAccount(accountName, domainId);
- if (userAcct != null) {
- accountId = userAcct.getId();
- } else {
- throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId);
- }
- }
- }
- } else {
- accountId = account.getId();
- }
-
- if ((groupId != null) && (accountId != null)) {
- SecurityGroupVO sg = _securityGroupDao.findById(groupId);
- if (sg != null) {
- if (sg.getAccountId() != accountId.longValue()) {
- throw new PermissionDeniedException("Unable to list port forwarding service rules, account " + accountId + " does not own port forwarding service " + groupId);
- }
- } else {
- throw new InvalidParameterValueException("Unable to find port forwarding service with id " + groupId);
- }
- }
-
- Filter searchFilter = new Filter(NetworkRuleConfigVO.class, "id", true, null, null);
-
- // search by rule id is also supported
- Object id = cmd.getId();
-
- SearchBuilder sb = _networkRuleConfigDao.createSearchBuilder();
- if (id != null) {
- sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
- }
-
- if (groupId != null) {
- sb.and("securityGroupId", sb.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
- }
-
- if (accountId != null) {
- // join with securityGroup table to make sure the account is the owner of the network rule
- SearchBuilder securityGroupSearch = _securityGroupDao.createSearchBuilder();
- securityGroupSearch.and("accountId", securityGroupSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
- sb.join("groupId", securityGroupSearch, securityGroupSearch.entity().getId(), sb.entity().getSecurityGroupId(), JoinBuilder.JoinType.INNER);
- }
-
- SearchCriteria sc = sb.create();
-
- if (id != null) {
- sc.setParameters("id", id);
- }
-
- if (groupId != null) {
- sc.setParameters("securityGroupId", groupId);
- }
-
- if (accountId != null) {
- sc.setJoinParameters("groupId", "accountId", accountId);
- }
-
- return _networkRuleConfigDao.search(sc, searchFilter);
- }
-
@Override
public List searchForEvents(ListEventsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
Account account = UserContext.current().getAccount();
@@ -4540,107 +3829,6 @@ public class ManagementServerImpl implements ManagementServer {
} // else log some kind of error event? This likely means the user doesn't exist, or has been deleted...
}
- @Override
- public NetworkRuleConfigVO createPortForwardingServiceRule(CreatePortForwardingServiceRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException, NetworkRuleConflictException, InternalErrorException {
- NetworkRuleConfigVO rule = null;
- try {
- Long securityGroupId = cmd.getPortForwardingServiceId();
- String port = cmd.getPublicPort();
- String privatePort = cmd.getPrivatePort();
- String protocol = cmd.getProtocol();
- Long userId = UserContext.current().getUserId();
- if (userId == null) {
- userId = Long.valueOf(User.UID_SYSTEM);
- }
-
- SecurityGroupVO sg = _securityGroupDao.findById(Long.valueOf(securityGroupId));
- if (sg == null) {
- throw new InvalidParameterValueException("port forwarding service " + securityGroupId + " does not exist");
- }
- if (!NetUtils.isValidPort(port)) {
- throw new InvalidParameterValueException("port is an invalid value");
- }
- if (!NetUtils.isValidPort(privatePort)) {
- throw new InvalidParameterValueException("privatePort is an invalid value");
- }
- if (protocol != null) {
- if (!NetUtils.isValidProto(protocol)) {
- throw new InvalidParameterValueException("Invalid protocol");
- }
- } else {
- protocol = "TCP";
- }
-
- // validate permissions
- Account account = UserContext.current().getAccount();
- if (account != null) {
- if (isAdmin(account.getType())) {
- if (!_domainDao.isChildDomain(account.getDomainId(), sg.getDomainId())) {
- throw new PermissionDeniedException("Unable to find rules for port forwarding service id = " + securityGroupId + ", permission denied.");
- }
- } else if (account.getId() != sg.getAccountId()) {
- throw new PermissionDeniedException("Invalid port forwarding service (" + securityGroupId + ") given, unable to create rule.");
- }
- }
-
- List existingRules = _networkRuleConfigDao.listBySecurityGroupId(securityGroupId);
- for (NetworkRuleConfigVO existingRule : existingRules) {
- if (existingRule.getPublicPort().equals(port) && existingRule.getProtocol().equals(protocol)) {
- throw new NetworkRuleConflictException("port conflict, port forwarding service contains a rule on public port " + port + " for protocol " + protocol);
- }
- }
-
- NetworkRuleConfigVO netRule = new NetworkRuleConfigVO(securityGroupId, port, privatePort, protocol);
- netRule.setCreateStatus(AsyncInstanceCreateStatus.Creating);
- rule = _networkRuleConfigDao.persist(netRule);
- } catch (Exception e) {
- if (e instanceof NetworkRuleConflictException) {
- throw (NetworkRuleConflictException) e;
- } else if (e instanceof InvalidParameterValueException) {
- throw (InvalidParameterValueException) e;
- } else if (e instanceof PermissionDeniedException) {
- throw (PermissionDeniedException) e;
- } else if (e instanceof InternalErrorException) {
- throw (InternalErrorException) e;
- } else {
- s_logger.error("Unhandled exception creating or updating network rule", e);
- throw new CloudRuntimeException("Unhandled exception creating network rule", e);
- }
- }
- return rule;
- }
-
- @Override
- public NetworkRuleConfigVO applyPortForwardingServiceRule(CreatePortForwardingServiceRuleCmd cmd) throws NetworkRuleConflictException {
- Long ruleId = cmd.getId();
- NetworkRuleConfigVO netRule = null;
- if (ruleId != null) {
- Long userId = UserContext.current().getUserId();
- if (userId == null) {
- userId = User.UID_SYSTEM;
- }
-
- netRule = _networkRuleConfigDao.findById(ruleId);
- List sgMappings = _securityGroupVMMapDao.listBySecurityGroup(netRule.getSecurityGroupId());
- if ((sgMappings != null) && !sgMappings.isEmpty()) {
- try {
- for (SecurityGroupVMMapVO sgMapping : sgMappings) {
- UserVm userVm = _userVmDao.findById(sgMapping.getInstanceId());
- createFirewallRule(userId, sgMapping.getIpAddress(), userVm, netRule.getPublicPort(), netRule.getPrivatePort(), netRule.getProtocol(), netRule.getSecurityGroupId());
- }
- } catch (NetworkRuleConflictException ex) {
- netRule.setCreateStatus(AsyncInstanceCreateStatus.Corrupted);
- _networkRuleConfigDao.update(ruleId, netRule);
- throw ex;
- }
- }
-
- netRule.setCreateStatus(AsyncInstanceCreateStatus.Created);
- _networkRuleConfigDao.update(ruleId, netRule);
- }
-
- return netRule;
- }
@Override
public List listAllTemplates() {
@@ -5148,7 +4336,6 @@ public class ManagementServerImpl implements ManagementServer {
Object id = cmd.getId();
Object keyword = cmd.getKeyword();
Object snapshotTypeStr = cmd.getSnapshotType();
- String interval = cmd.getIntervalType();
Filter searchFilter = new Filter(SnapshotVO.class, "created", false, cmd.getStartIndex(), cmd.getPageSizeVal());
SearchBuilder sb = _snapshotDao.createSearchBuilder();
@@ -5572,286 +4759,7 @@ public class ManagementServerImpl implements ManagementServer {
public AsyncJobVO findAsyncJobById(long jobId) {
return _asyncMgr.getAsyncJob(jobId);
}
-
- @Override
- public SecurityGroupVO createPortForwardingService(CreatePortForwardingServiceCmd cmd) throws InvalidParameterValueException {
- Account account = UserContext.current().getAccount();
- Long domainId = cmd.getDomainId();
- String accountName = cmd.getAccountName();
- Long accountId = null;
- String portForwardingServiceName = cmd.getPortForwardingServiceName();
-
- if ((account == null) || isAdmin(account.getType())) {
- if ((accountName != null) && (domainId != null)) {
- if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
- throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to create port forwarding service in domain " + domainId + ", permission denied.");
- }
-
- Account userAccount = findActiveAccount(accountName, domainId);
- if (userAccount != null) {
- accountId = userAccount.getId();
- } else {
- throw new InvalidParameterValueException("Unable to create port forwarding service " + portForwardingServiceName + ", could not find account " + accountName + " in domain " + domainId);
- }
- } else {
- // the admin must be creating the security group
- if (account != null) {
- accountId = account.getId();
- domainId = account.getDomainId();
- }
- }
- } else {
- accountId = account.getId();
- domainId = account.getDomainId();
- }
-
- if (accountId == null) {
- throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to create port forwarding service, no account specified.");
- }
-
- if (isSecurityGroupNameInUse(domainId, accountId, portForwardingServiceName)) {
- throw new InvalidParameterValueException("Unable to create port forwarding service, a service with name " + portForwardingServiceName + " already exisits.");
- }
-
- SecurityGroupVO group = new SecurityGroupVO(portForwardingServiceName, cmd.getDescription(), domainId, accountId);
- return _securityGroupDao.persist(group);
- }
-
- @Override
- public boolean deleteSecurityGroup(DeletePortForwardingServiceCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
- Long securityGroupId = cmd.getId();
- Long userId = UserContext.current().getUserId();
- Account account = UserContext.current().getAccount();
-
- //Verify input parameters
- if (userId == null) {
- userId = Long.valueOf(User.UID_SYSTEM);
- }
-
- //verify parameters
- SecurityGroupVO securityGroup = _securityGroupDao.findById(Long.valueOf(securityGroupId));
- if (securityGroup == null) {
- throw new InvalidParameterValueException("unable to find port forwarding service with id " + securityGroupId);
- }
-
- if (account != null) {
- if (!isAdmin(account.getType())) {
- if (account.getId() != securityGroup.getAccountId()) {
- throw new PermissionDeniedException("unable to find port forwarding service with id " + securityGroupId + " for this account, permission denied");
- }
- } else if (!isChildDomain(account.getDomainId(), securityGroup.getDomainId())) {
- throw new PermissionDeniedException("Unable to delete port forwarding service " + securityGroupId + ", permission denied.");
- }
- }
-
- long startEventId = EventUtils.saveScheduledEvent(userId, securityGroup.getAccountId(), EventTypes.EVENT_PORT_FORWARDING_SERVICE_DELETE, "deleting port forwarding service with Id: " + securityGroupId);
-
- final EventVO event = new EventVO();
- event.setUserId(userId);
- event.setAccountId(securityGroup.getAccountId());
- event.setType(EventTypes.EVENT_PORT_FORWARDING_SERVICE_DELETE);
- event.setStartId(startEventId);
- try {
- List sgVmMappings = _securityGroupVMMapDao.listBySecurityGroup(securityGroupId);
- if (sgVmMappings != null) {
- for (SecurityGroupVMMapVO sgVmMapping : sgVmMappings) {
- removeSecurityGroup(userId, sgVmMapping.getSecurityGroupId(), sgVmMapping.getIpAddress(), sgVmMapping.getInstanceId(), startEventId);
- }
- }
-
- _networkRuleConfigDao.deleteBySecurityGroup(securityGroupId);
-
- } catch (InvalidParameterValueException ex1) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("Invalid parameter value exception deleting port forwarding service " + securityGroup.getName() + " (id: " + securityGroup.getId() + "), " + ex1);
- }
- event.setLevel(EventVO.LEVEL_ERROR);
- event.setDescription("Failed to delete port forwarding service - " + securityGroup.getName() + " (id: " + securityGroup.getId() + ")");
- _eventDao.persist(event);
- throw ex1;
- } catch (PermissionDeniedException ex2) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("Invalid parameter value exception deleting port forwarding service " + securityGroup.getName() + " (id: " + securityGroup.getId() + "), " + ex2);
- }
- event.setLevel(EventVO.LEVEL_ERROR);
- event.setDescription("failed to delete port forwarding service - " + securityGroup.getName() + " (id: " + securityGroup.getId() + ")");
- _eventDao.persist(event);
- throw ex2;
- }
-
- boolean success = _securityGroupDao.remove(Long.valueOf(securityGroupId));
-
- event.setLevel(EventVO.LEVEL_INFO);
- event.setDescription("Deleting port forwarding service - " + securityGroup.getName() + " (id: " + securityGroup.getId() + ")");
- _eventDao.persist(event);
-
- return success;
- }
-
- @Override
- public List searchForSecurityGroups(ListPortForwardingServicesCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
- // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
- Account account = UserContext.current().getAccount();
- Long accountId = null;
- Long domainId = cmd.getDomainId();
- String accountName = cmd.getAccountName();
-
- if ((account == null) || isAdmin(account.getType())) {
- // validate domainId before proceeding
- if (domainId != null) {
- if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
- throw new PermissionDeniedException("Invalid domain id (" + domainId + ") given, unable to list port forwarding services.");
- }
- if (accountName != null) {
- Account userAccount = _accountDao.findActiveAccount(accountName, domainId);
- if (userAccount != null) {
- accountId = userAccount.getId();
- } else {
- throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId);
- }
- }
- } else {
- domainId = ((account == null) ? DomainVO.ROOT_DOMAIN : account.getDomainId());
- }
- } else {
- accountId = account.getId();
- }
-
- Filter searchFilter = new Filter(SecurityGroupVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal());
-
- Object name = cmd.getPortForwardingServiceName();
- Object id = cmd.getId();
- Object keyword = cmd.getKeyword();
-
- SearchBuilder sb = _securityGroupDao.createSearchBuilder();
- sb.and("name", sb.entity().getName(), SearchCriteria.Op.LIKE);
- sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
- sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
-
- if ((accountId == null) && (domainId != null)) {
- // if accountId isn't specified, we can do a domain match for the admin case
- SearchBuilder domainSearch = _domainDao.createSearchBuilder();
- domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
- sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER);
- }
-
- SearchCriteria sc = sb.create();
- if (keyword != null) {
- SearchCriteria ssc = _securityGroupDao.createSearchCriteria();
- ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
- ssc.addOr("description", SearchCriteria.Op.LIKE, "%" + keyword + "%");
-
- sc.addAnd("name", SearchCriteria.Op.SC, ssc);
- }
-
- if (name != null) {
- sc.addAnd("name", SearchCriteria.Op.LIKE, name + "%");
- }
-
- if (id != null) {
- sc.addAnd("id", SearchCriteria.Op.EQ, id);
- }
-
- if (accountId != null) {
- sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId);
- } else if (domainId != null) {
- DomainVO domain = _domainDao.findById(domainId);
- sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%");
- }
-
- return _securityGroupDao.search(sc, searchFilter);
- }
-
- @Override
- public Map> searchForSecurityGroupsByVM(ListPortForwardingServicesByVmCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
- Account account = UserContext.current().getAccount();
- Long domainId = cmd.getDomainId();
- String accountName = cmd.getAccountName();
- Long accountId = null;
-
- if ((account == null) || isAdmin(account.getType())) {
- // validate domainId before proceeding
- if (domainId != null) {
- if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
- throw new PermissionDeniedException("Unable to list port forwarding services for domain " + domainId + ", permission denied.");
- }
- if (accountName != null) {
- Account userAccount = _accountDao.findActiveAccount(accountName, domainId);
- if (userAccount != null) {
- accountId = userAccount.getId();
- } else {
- throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId);
- }
- }
- }
- } else {
- accountId = account.getId();
- }
-
- Object ipAddress = cmd.getIpAddress();
- Long instanceId = cmd.getVirtualMachineId();
- UserVm userVm = _userVmDao.findById(instanceId);
- if (userVm == null) {
- throw new InvalidParameterValueException("Internal error, unable to find virtual machine " + instanceId + " for listing port forwarding services.");
- }
-
- if ((accountId != null) && (userVm.getAccountId() != accountId.longValue())) {
- throw new PermissionDeniedException("Unable to list port forwarding services, account " + accountId + " does not own virtual machine " + instanceId);
- }
-
- Filter searchFilter = new Filter(SecurityGroupVMMapVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal());
- SearchCriteria sc = _securityGroupVMMapDao.createSearchCriteria();
-
- // TODO: keyword search on vm name? vm group? what makes sense here? We can't search directly on 'name' as that's not a field of SecurityGroupVMMapVO.
- //Object keyword = cmd.getKeyword();
-
- /*
- if (keyword != null) {
- SearchCriteria ssc = _securityGroupVMMapDao.createSearchCriteria();
- ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
-
- sc.addAnd("name", SearchCriteria.Op.SC, ssc);
- }
- */
-
- if (instanceId != null) {
- sc.addAnd("instanceId", SearchCriteria.Op.EQ, instanceId);
- }
-
- if (ipAddress != null) {
- sc.addAnd("ipAddress", SearchCriteria.Op.EQ, ipAddress);
- }
-
- Map> securityGroups = new HashMap>();
- List sgVmMappings = _securityGroupVMMapDao.search(sc, searchFilter);
- if (sgVmMappings != null) {
- for (SecurityGroupVMMapVO sgVmMapping : sgVmMappings) {
- SecurityGroupVO sg = _securityGroupDao.findById(sgVmMapping.getSecurityGroupId());
- List sgList = securityGroups.get(sgVmMapping.getIpAddress());
- if (sgList == null) {
- sgList = new ArrayList();
- }
- sgList.add(sg);
- securityGroups.put(sgVmMapping.getIpAddress(), sgList);
- }
- }
- return securityGroups;
- }
-
- @Override
- public boolean isSecurityGroupNameInUse(Long domainId, Long accountId, String name) {
- if (domainId == null) {
- domainId = DomainVO.ROOT_DOMAIN;
- }
-
- return _securityGroupDao.isNameInUse(accountId, domainId, name);
- }
-
- @Override
- public SecurityGroupVO findSecurityGroupById(Long groupId) {
- return _securityGroupDao.findById(groupId);
- }
-
+
@Override
public LoadBalancerVO findLoadBalancer(Long accountId, String name) {
SearchCriteria sc = _loadBalancerDao.createSearchCriteria();
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index dc3d8561cf8..5e3dc79de85 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -136,13 +136,10 @@ import com.cloud.network.IpAddrAllocator;
import com.cloud.network.LoadBalancerVMMapVO;
import com.cloud.network.NetworkConfigurationVO;
import com.cloud.network.NetworkManager;
-import com.cloud.network.SecurityGroupVMMapVO;
import com.cloud.network.dao.FirewallRulesDao;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.LoadBalancerDao;
import com.cloud.network.dao.LoadBalancerVMMapDao;
-import com.cloud.network.dao.SecurityGroupDao;
-import com.cloud.network.dao.SecurityGroupVMMapDao;
import com.cloud.network.security.NetworkGroupManager;
import com.cloud.network.security.NetworkGroupVO;
import com.cloud.offering.NetworkOffering;
@@ -227,8 +224,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM
@Inject VolumeDao _volsDao = null;
@Inject DataCenterDao _dcDao = null;
@Inject FirewallRulesDao _rulesDao = null;
- @Inject SecurityGroupDao _securityGroupDao = null;
- @Inject SecurityGroupVMMapDao _securityGroupVMMapDao = null;
@Inject LoadBalancerVMMapDao _loadBalancerVMMapDao = null;
@Inject LoadBalancerDao _loadBalancerDao = null;
@Inject IPAddressDao _ipAddressDao = null;
@@ -258,7 +253,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM
@Inject EventDao _eventDao = null;
@Inject InstanceGroupDao _vmGroupDao;
@Inject InstanceGroupVMMapDao _groupVMMapDao;
- @Inject SecurityGroupDao _networkSecurityGroupDao;
@Inject VmManager _itMgr;
private IpAddrAllocator _IpAllocator;
@@ -2609,60 +2603,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM
String guestIpAddr = vm.getGuestIpAddress();
long accountId = vm.getAccountId();
- // clean up any load balancer rules and security group mappings for this VM
- List securityGroupMappings = _securityGroupVMMapDao.listByInstanceId(vm.getId());
- for (SecurityGroupVMMapVO securityGroupMapping : securityGroupMappings) {
- String ipAddress = securityGroupMapping.getIpAddress();
-
- // find the router from the ipAddress
- DomainRouterVO router = null;
- if (vm.getDomainRouterId() != null)
- router = _routerDao.findById(vm.getDomainRouterId());
- else
- continue;
- // grab all the firewall rules
- List fwRules = _rulesDao.listForwardingByPubAndPrivIp(true, ipAddress, vm.getGuestIpAddress());
- for (FirewallRuleVO fwRule : fwRules) {
- fwRule.setEnabled(false);
- }
-
- List updatedRules = _networkMgr.updateFirewallRules(ipAddress, fwRules, router);
-
- // Save and create the event
- String description;
- String type = EventTypes.EVENT_NET_RULE_DELETE;
- String ruleName = "ip forwarding";
- String level = EventVO.LEVEL_INFO;
-
- if (updatedRules != null) {
- _securityGroupVMMapDao.remove(securityGroupMapping.getId());
- for (FirewallRuleVO updatedRule : updatedRules) {
- _rulesDao.remove(updatedRule.getId());
-
- description = "deleted " + ruleName + " rule [" + updatedRule.getPublicIpAddress() + ":" + updatedRule.getPublicPort() +
- "]->[" + updatedRule.getPrivateIpAddress() + ":" + updatedRule.getPrivatePort() + "]" + " " + updatedRule.getProtocol();
-
- EventVO fwRuleEvent = new EventVO();
- fwRuleEvent.setUserId(userId);
- fwRuleEvent.setAccountId(accountId);
- fwRuleEvent.setType(type);
- fwRuleEvent.setDescription(description);
- fwRuleEvent.setLevel(level);
- _eventDao.persist(fwRuleEvent);
- }
- // save off an event for removing the security group
- EventVO event = new EventVO();
- event.setUserId(userId);
- event.setAccountId(vm.getAccountId());
- event.setType(EventTypes.EVENT_PORT_FORWARDING_SERVICE_REMOVE);
- event.setDescription("Successfully removed port forwarding service " + securityGroupMapping.getSecurityGroupId() + " from virtual machine " + vm.getName());
- event.setLevel(EventVO.LEVEL_INFO);
- String params = "sgId="+securityGroupMapping.getSecurityGroupId()+"\nvmId="+vm.getId();
- event.setParameters(params);
- _eventDao.persist(event);
- }
- }
-
List loadBalancerMappings = _loadBalancerVMMapDao.listByInstanceId(vm.getId());
for (LoadBalancerVMMapVO loadBalancerMapping : loadBalancerMappings) {
List lbRules = _rulesDao.listByLoadBalancerId(loadBalancerMapping.getLoadBalancerId());