From 75483e4e0515cbe1baf3b7bd07d759fe26db89f7 Mon Sep 17 00:00:00 2001 From: alena Date: Thu, 9 Sep 2010 11:41:33 -0700 Subject: [PATCH] Modified AuthorizeNetworkGroupIngress/DeleteNetworkGroupIngress to new api framework --- .../AuthorizeNetworkGroupIngressCmd.java | 18 +- .../api/commands/DeleteNetworkGroupCmd.java | 160 +++++++------- .../network/security/NetworkGroupManager.java | 9 +- .../security/NetworkGroupManagerImpl.java | 195 +++++++++++++++++- .../com/cloud/server/ManagementServer.java | 7 +- .../cloud/server/ManagementServerImpl.java | 54 +++-- 6 files changed, 307 insertions(+), 136 deletions(-) diff --git a/server/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java b/server/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java index d6241e72966..c0432f11f4f 100644 --- a/server/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java +++ b/server/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java @@ -18,17 +18,18 @@ package com.cloud.api.commands; +import java.util.List; import java.util.Map; import org.apache.log4j.Logger; -import com.cloud.api.BaseCmd; +import com.cloud.api.BaseAsyncCmd; import com.cloud.api.BaseCmd.Manager; import com.cloud.api.Implementation; import com.cloud.api.Parameter; -@Implementation(method="authorizeNetworkGroupIngress", manager=Manager.ManagementServer) -public class AuthorizeNetworkGroupIngressCmd extends BaseCmd { +@Implementation(method="authorizeNetworkGroupIngress", manager=Manager.NetworkGroupManager) +public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(AuthorizeNetworkGroupIngressCmd.class.getName()); private static final String s_name = "authorizenetworkgroupingress"; @@ -55,8 +56,8 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseCmd { @Parameter(name="networkgroupname", type=CommandType.STRING, required=true) private String networkGroupName; - @Parameter(name="cidrlist", type=CommandType.STRING) - private String cidrList; + @Parameter(name="cidrlist", type=CommandType.LIST, collectionType=CommandType.STRING) + private List cidrList; @Parameter(name="usernetworkgrouplist", type=CommandType.MAP) private Map userNetworkGroupList; @@ -76,7 +77,7 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseCmd { return accountName; } - public String getCidrList() { + public List getCidrList() { return cidrList; } @@ -327,4 +328,9 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseCmd { return 0; } */ + @Override + public String getResponse() { + // TODO Auto-generated method stub + return null; + } } diff --git a/server/src/com/cloud/api/commands/DeleteNetworkGroupCmd.java b/server/src/com/cloud/api/commands/DeleteNetworkGroupCmd.java index e96f7ae883f..dacc92ce50c 100644 --- a/server/src/com/cloud/api/commands/DeleteNetworkGroupCmd.java +++ b/server/src/com/cloud/api/commands/DeleteNetworkGroupCmd.java @@ -1,33 +1,16 @@ package com.cloud.api.commands; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - import org.apache.log4j.Logger; import com.cloud.api.BaseCmd; +import com.cloud.api.BaseCmd.Manager; +import com.cloud.api.Implementation; import com.cloud.api.Parameter; -import com.cloud.api.ServerApiException; -import com.cloud.exception.PermissionDeniedException; -import com.cloud.exception.ResourceInUseException; -import com.cloud.network.security.NetworkGroupVO; -import com.cloud.user.Account; -import com.cloud.utils.Pair; +@Implementation(method="deleteNetworkGroup", manager=Manager.NetworkGroupManager) public class DeleteNetworkGroupCmd extends BaseCmd { public static final Logger s_logger = Logger.getLogger(DeleteNetworkGroupCmd.class.getName()); - private static final String s_name = "deletenetworkgroupresponse"; - private static final List> s_properties = new ArrayList>(); - - static { - //s_properties.add(new Pair(BaseCmd.Properties.USER_ID, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.ACCOUNT_OBJ, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.ACCOUNT, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.DOMAIN_ID, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.NAME, Boolean.TRUE)); - } ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// @@ -67,72 +50,75 @@ public class DeleteNetworkGroupCmd extends BaseCmd { public String getName() { return s_name; } - public List> getProperties() { - return s_properties; - } - @Override - public List> execute(Map params) { - Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName()); - Long domainId = (Long)params.get(BaseCmd.Properties.DOMAIN_ID.getName()); - //Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName()); - String accountName = (String)params.get(BaseCmd.Properties.ACCOUNT.getName()); - String name = (String)params.get(BaseCmd.Properties.NAME.getName()); - - Long accountId = null; - if ((account == null) || isAdmin(account.getType())) { - if ((accountName != null) && (domainId != null)) { - // if it's an admin account, do a quick permission check - if ((account != null) && !getManagementServer().isChildDomain(account.getDomainId(), domainId)) { - if (s_logger.isDebugEnabled()) { - s_logger.debug("Unable to find rules network group " + name + ", permission denied."); - } - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to network group " + name + ", permission denied."); - } - - Account groupOwner = getManagementServer().findActiveAccount(accountName, domainId); - if (groupOwner == null) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find account " + accountName + " in domain " + domainId); - } - accountId = groupOwner.getId(); - } else { - if (account != null) { - accountId = account.getId(); - domainId = account.getDomainId(); - } - } - } else { - if (account != null) { - accountId = account.getId(); - domainId = account.getDomainId(); - } - } - - if (accountId == null) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find account for network group " + name + "; failed to delete group."); - } - - NetworkGroupVO sg = getManagementServer().findNetworkGroupByName(accountId, name); - if (sg == null) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find network group " + name + "; failed to delete group."); - } - - try { - getManagementServer().deleteNetworkGroup(sg.getId(), accountId); - } catch (ResourceInUseException ex) { - if (s_logger.isDebugEnabled()) { - s_logger.debug("Failed to delete network group " + name + " for account " + accountId + ", group is not empty."); - } - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to delete network group " + name + "; group is not empty."); - } catch (PermissionDeniedException pde) { - if (s_logger.isDebugEnabled()) { - s_logger.debug("Failed to delete network group " + name + " for account " + accountId + ", default group cannot be deleted"); - } - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to delete network group " + name + "; default group cannot be deleted"); - } - - List> returnValues = new ArrayList>(); - returnValues.add(new Pair(BaseCmd.Properties.SUCCESS.getName(), "true")); - return returnValues; - } +// @Override +// public List> execute(Map params) { +// Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName()); +// Long domainId = (Long)params.get(BaseCmd.Properties.DOMAIN_ID.getName()); +// //Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName()); +// String accountName = (String)params.get(BaseCmd.Properties.ACCOUNT.getName()); +// String name = (String)params.get(BaseCmd.Properties.NAME.getName()); +// +// Long accountId = null; +// if ((account == null) || isAdmin(account.getType())) { +// if ((accountName != null) && (domainId != null)) { +// // if it's an admin account, do a quick permission check +// if ((account != null) && !getManagementServer().isChildDomain(account.getDomainId(), domainId)) { +// if (s_logger.isDebugEnabled()) { +// s_logger.debug("Unable to find rules network group " + name + ", permission denied."); +// } +// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to network group " + name + ", permission denied."); +// } +// +// Account groupOwner = getManagementServer().findActiveAccount(accountName, domainId); +// if (groupOwner == null) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find account " + accountName + " in domain " + domainId); +// } +// accountId = groupOwner.getId(); +// } else { +// if (account != null) { +// accountId = account.getId(); +// domainId = account.getDomainId(); +// } +// } +// } else { +// if (account != null) { +// accountId = account.getId(); +// domainId = account.getDomainId(); +// } +// } +// +// if (accountId == null) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find account for network group " + name + "; failed to delete group."); +// } +// +// NetworkGroupVO sg = getManagementServer().findNetworkGroupByName(accountId, name); +// if (sg == null) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find network group " + name + "; failed to delete group."); +// } +// +// try { +// getManagementServer().deleteNetworkGroup(sg.getId(), accountId); +// } catch (ResourceInUseException ex) { +// if (s_logger.isDebugEnabled()) { +// s_logger.debug("Failed to delete network group " + name + " for account " + accountId + ", group is not empty."); +// } +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to delete network group " + name + "; group is not empty."); +// } catch (PermissionDeniedException pde) { +// if (s_logger.isDebugEnabled()) { +// s_logger.debug("Failed to delete network group " + name + " for account " + accountId + ", default group cannot be deleted"); +// } +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to delete network group " + name + "; default group cannot be deleted"); +// } +// +// List> returnValues = new ArrayList>(); +// returnValues.add(new Pair(BaseCmd.Properties.SUCCESS.getName(), "true")); +// return returnValues; +// } + + @Override + public String getResponse() { + // TODO Auto-generated method stub + return null; + } } diff --git a/server/src/com/cloud/network/security/NetworkGroupManager.java b/server/src/com/cloud/network/security/NetworkGroupManager.java index fdde56431d8..33b4b0c9ea9 100644 --- a/server/src/com/cloud/network/security/NetworkGroupManager.java +++ b/server/src/com/cloud/network/security/NetworkGroupManager.java @@ -20,13 +20,14 @@ package com.cloud.network.security; import java.util.HashMap; import java.util.List; +import com.cloud.api.commands.AuthorizeNetworkGroupIngressCmd; import com.cloud.api.commands.CreateNetworkGroupCmd; +import com.cloud.api.commands.DeleteNetworkGroupCmd; import com.cloud.api.commands.ListNetworkGroupsCmd; import com.cloud.api.commands.RevokeNetworkGroupIngressCmd; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceInUseException; -import com.cloud.user.AccountVO; import com.cloud.uservm.UserVm; import com.cloud.utils.Pair; import com.cloud.utils.component.Manager; @@ -43,9 +44,7 @@ public interface NetworkGroupManager extends Manager { public void handleVmStateTransition(UserVm userVm, State vmState); - public List authorizeNetworkGroupIngress(AccountVO account, - String groupName, String protocol, int startPort, int endPort, - String [] cidrList, List authorizedGroups); + public List authorizeNetworkGroupIngress(AuthorizeNetworkGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; public NetworkGroupVO createNetworkGroup(String name, String description, Long domainId, Long accountId, String accountName); @@ -64,7 +63,7 @@ public interface NetworkGroupManager extends Manager { boolean revokeNetworkGroupIngress(RevokeNetworkGroupIngressCmd cmd); - public void deleteNetworkGroup(Long groupId, Long accountId) throws ResourceInUseException, PermissionDeniedException; + public void deleteNetworkGroup(DeleteNetworkGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException; /** * Search for network groups and associated ingress rules for the given account, domain, group name, and/or keyword. diff --git a/server/src/com/cloud/network/security/NetworkGroupManagerImpl.java b/server/src/com/cloud/network/security/NetworkGroupManagerImpl.java index 1d372ac79c8..639fe9a279a 100644 --- a/server/src/com/cloud/network/security/NetworkGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/NetworkGroupManagerImpl.java @@ -45,7 +45,9 @@ import com.cloud.agent.api.NetworkIngressRulesCmd.IpPortAndProto; import com.cloud.agent.manager.AgentManager; import com.cloud.api.BaseCmd; import com.cloud.api.ServerApiException; +import com.cloud.api.commands.AuthorizeNetworkGroupIngressCmd; import com.cloud.api.commands.CreateNetworkGroupCmd; +import com.cloud.api.commands.DeleteNetworkGroupCmd; import com.cloud.api.commands.ListNetworkGroupsCmd; import com.cloud.api.commands.RevokeNetworkGroupIngressCmd; import com.cloud.configuration.dao.ConfigurationDao; @@ -417,14 +419,150 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager { @Override @DB - public List authorizeNetworkGroupIngress(AccountVO account, - String groupName, String protocol, int startPort, int endPort, - String [] cidrList, List authorizedGroups) { + public List authorizeNetworkGroupIngress(AuthorizeNetworkGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ + String groupName = cmd.getName(); + String protocol = cmd.getProtocol(); + Integer startPort = cmd.getStartPort(); + Integer endPort = cmd.getEndPort(); + Integer icmpType = cmd.getIcmpType(); + Integer icmpCode = cmd.getIcmpCode(); + List cidrList = cmd.getCidrList(); + Map groupList = cmd.getUserNetworkGroupList(); + Account account = (Account)UserContext.current().getAccountObject(); + String accountName = cmd.getAccountName(); + Long domainId = cmd.getDomainId(); + Integer startPortOrType = null; + Integer endPortOrCode = null; + Long accountId = null; + if (!_enabled) { return null; } + + //Verify input parameters + if (protocol == null) { + protocol = "all"; + } + + if (!NetUtils.isValidNetworkGroupProto(protocol)) { + s_logger.debug("Invalid protocol specified " + protocol); + throw new InvalidParameterValueException("Invalid protocol " + protocol); + } + if ("icmp".equalsIgnoreCase(protocol) ) { + if ((icmpType == null) || (icmpCode == null)) { + throw new InvalidParameterValueException("Invalid ICMP type/code specified, icmpType = " + icmpType + ", icmpCode = " + icmpCode); + } + if (icmpType == -1 && icmpCode != -1) { + throw new InvalidParameterValueException("Invalid icmp type range" ); + } + if (icmpCode > 255) { + throw new InvalidParameterValueException("Invalid icmp code " ); + } + startPortOrType = icmpType; + endPortOrCode= icmpCode; + } else if (protocol.equals("all")) { + if ((startPort != null) || (endPort != null)) { + throw new InvalidParameterValueException("Cannot specify startPort or endPort without specifying protocol"); + } + startPortOrType = 0; + endPortOrCode = 0; + } else { + if ((startPort == null) || (endPort == null)) { + throw new InvalidParameterValueException("Invalid port range specified, startPort = " + startPort + ", endPort = " + endPort); + } + if (startPort == 0 && endPort == 0) { + endPort = 65535; + } + if (startPort > endPort) { + s_logger.debug("Invalid port range specified: " + startPort + ":" + endPort); + throw new InvalidParameterValueException("Invalid port range " ); + } + if (startPort > 65535 || endPort > 65535 || startPort < -1 || endPort < -1) { + s_logger.debug("Invalid port numbers specified: " + startPort + ":" + endPort); + throw new InvalidParameterValueException("Invalid port numbers " ); + } + + if (startPort < 0 || endPort < 0) { + throw new InvalidParameterValueException("Invalid port range " ); + } + startPortOrType = startPort; + endPortOrCode= endPort; + } + + protocol = protocol.toLowerCase(); + + if ((account == null) || isAdmin(account.getType())) { + if ((accountName != null) && (domainId != null)) { + // if it's an admin account, do a quick permission check + if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { + if (s_logger.isDebugEnabled()) { + s_logger.debug("Unable to find rules for network security group id = " + groupName + ", permission denied."); + } + throw new PermissionDeniedException("Unable to find rules for network security group id = " + groupName + ", permission denied."); + } + + Account groupOwner = _accountDao.findActiveAccount(accountName, domainId); + if (groupOwner == null) { + throw new PermissionDeniedException("Unable to find account " + accountName + " in domain " + domainId); + } + accountId = groupOwner.getId(); + } else { + if (account != null) { + accountId = account.getId(); + domainId = account.getDomainId(); + } + } + } else { + if (account != null) { + accountId = account.getId(); + domainId = account.getDomainId(); + } + } + + if (accountId == null) { + throw new InvalidParameterValueException("Unable to find account for network security group " + groupName + "; failed to authorize ingress."); + } + + + if (cidrList == null && groupList == null) { + if (s_logger.isDebugEnabled()) { + s_logger.debug("At least one cidr or at least one security group needs to be specified"); + } + throw new InvalidParameterValueException("At least one cidr or at least one security group needs to be specified"); + } + + List authorizedGroups = new ArrayList (); + if (groupList != null) { + Collection userGroupCollection = groupList.values(); + Iterator iter = userGroupCollection.iterator(); + while (iter.hasNext()) { + HashMap userGroup = (HashMap)iter.next(); + String group = (String)userGroup.get("group"); + String authorizedAccountName = (String)userGroup.get("account"); + if ((group == null) || (authorizedAccountName == null)) { + throw new InvalidParameterValueException("Invalid user group specified, fields 'group' and 'account' cannot be null, please specify groups in the form: userGroupList[0].group=XXX&userGroupList[0].account=YYY"); + } + + Account authorizedAccount = _accountDao.findActiveAccount(authorizedAccountName, domainId); + if (authorizedAccount == null) { + if (s_logger.isDebugEnabled()) { + s_logger.debug("Nonexistent account: " + authorizedAccountName + ", domainid: " + domainId + " when trying to authorize ingress for " + groupName + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode); + } + throw new InvalidParameterValueException("Nonexistent account: " + authorizedAccountName + " when trying to authorize ingress for " + groupName + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode); + } + + NetworkGroupVO groupVO = _networkGroupDao.findByAccountAndName(authorizedAccount.getId(), group); + if (groupVO == null) { + if (s_logger.isDebugEnabled()) { + s_logger.debug("Nonexistent group " + group + " for account " + authorizedAccountName + "/" + domainId); + } + throw new InvalidParameterValueException("Invalid group (" + group + ") given, unable to authorize ingress."); + } + authorizedGroups.add(groupVO); + } + } + final Transaction txn = Transaction.currentTxn(); - final Long accountId = account.getId(); final Set authorizedGroups2 = new TreeSet(new NetworkGroupVOComparator()); authorizedGroups2.addAll(authorizedGroups); //Ensure we don't re-lock the same row @@ -493,7 +631,6 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager { _networkGroupDao.release(networkGroupLock.getId()); } } - } @Override @@ -968,11 +1105,57 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager { @DB @Override - public void deleteNetworkGroup(Long groupId, Long accountId) throws ResourceInUseException, PermissionDeniedException{ + public void deleteNetworkGroup(DeleteNetworkGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException{ + String name = cmd.getName(); + String accountName = cmd.getAccountName(); + Long domainId = cmd.getDomainId(); + Account account = (Account)UserContext.current().getAccountObject(); + if (!_enabled) { return ; } + //Verify input parameters + Long accountId = null; + if ((account == null) || isAdmin(account.getType())) { + if ((accountName != null) && (domainId != null)) { + // if it's an admin account, do a quick permission check + if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { + if (s_logger.isDebugEnabled()) { + s_logger.debug("Unable to find rules network group " + name + ", permission denied."); + } + throw new PermissionDeniedException("Unable to network group " + name + ", permission denied."); + } + + Account groupOwner = _accountDao.findActiveAccount(accountName, domainId); + if (groupOwner == null) { + throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find account " + accountName + " in domain " + domainId); + } + accountId = groupOwner.getId(); + } else { + if (account != null) { + accountId = account.getId(); + domainId = account.getDomainId(); + } + } + } else { + if (account != null) { + accountId = account.getId(); + domainId = account.getDomainId(); + } + } + + if (accountId == null) { + throw new InvalidParameterValueException("Unable to find account for network group " + name + "; failed to delete group."); + } + + NetworkGroupVO sg = _networkGroupDao.findByAccountAndName(accountId, name); + if (sg == null) { + throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find network group " + name + "; failed to delete group."); + } + + Long groupId = sg.getId(); + final Transaction txn = Transaction.currentTxn(); txn.start(); diff --git a/server/src/com/cloud/server/ManagementServer.java b/server/src/com/cloud/server/ManagementServer.java index 003106701d1..8df1e5e7c65 100644 --- a/server/src/com/cloud/server/ManagementServer.java +++ b/server/src/com/cloud/server/ManagementServer.java @@ -110,7 +110,6 @@ import com.cloud.network.IPAddressVO; import com.cloud.network.LoadBalancerVO; import com.cloud.network.NetworkRuleConfigVO; import com.cloud.network.SecurityGroupVO; -import com.cloud.network.security.IngressRuleVO; import com.cloud.network.security.NetworkGroupVO; import com.cloud.service.ServiceOfferingVO; import com.cloud.storage.DiskOfferingVO; @@ -1836,8 +1835,8 @@ public interface ManagementServer { * @param authorizedGroups the network groups (looked up by group name/account) to which access is being granted * @return the job id if scheduled, 0 if the job was not scheduled */ - long authorizeNetworkGroupIngressAsync(Long accountId, String groupName, String protocol, int startPort, int endPort, String [] cidrList, List authorizedGroups); - List authorizeNetworkGroupIngress(AccountVO account, String groupName, String protocol, int startPort, int endPort, String [] cidrList, List authorizedGroups); +// long authorizeNetworkGroupIngressAsync(Long accountId, String groupName, String protocol, int startPort, int endPort, String [] cidrList, List authorizedGroups); +// List authorizeNetworkGroupIngress(AccountVO account, String groupName, String protocol, int startPort, int endPort, String [] cidrList, List authorizedGroups); /** * Revoke access to a network group. Access could have been granted to a set of IP ranges, or to network groups belonging to other accounts. Access @@ -1860,7 +1859,7 @@ public interface ManagementServer { * @param accountId * @throws PermissionDeniedException */ - void deleteNetworkGroup(Long groupId, Long accountId) throws ResourceInUseException, PermissionDeniedException; +// void deleteNetworkGroup(Long groupId, Long accountId) throws ResourceInUseException, PermissionDeniedException; HostStats getHostStatistics(long hostId); diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 037fb9362a5..857d4f10c43 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -55,7 +55,6 @@ import com.cloud.alert.dao.AlertDao; import com.cloud.api.BaseCmd; import com.cloud.api.ServerApiException; import com.cloud.api.commands.AssignPortForwardingServiceCmd; -import com.cloud.api.commands.AuthorizeNetworkGroupIngressCmd; import com.cloud.api.commands.CreateDomainCmd; import com.cloud.api.commands.CreatePortForwardingServiceCmd; import com.cloud.api.commands.CreatePortForwardingServiceRuleCmd; @@ -192,7 +191,6 @@ import com.cloud.network.dao.LoadBalancerVMMapDao; import com.cloud.network.dao.NetworkRuleConfigDao; import com.cloud.network.dao.SecurityGroupDao; import com.cloud.network.dao.SecurityGroupVMMapDao; -import com.cloud.network.security.IngressRuleVO; import com.cloud.network.security.NetworkGroupManager; import com.cloud.network.security.NetworkGroupVO; import com.cloud.network.security.dao.NetworkGroupDao; @@ -8614,29 +8612,29 @@ public class ManagementServerImpl implements ManagementServer { return groupVO; } - @Override - public List authorizeNetworkGroupIngress(AccountVO account, String groupName, String protocol, int startPort, int endPort, String [] cidrList, List authorizedGroups) { - return _networkGroupMgr.authorizeNetworkGroupIngress(account, groupName, protocol, startPort, endPort, cidrList, authorizedGroups); - } +// @Override +// public List authorizeNetworkGroupIngress(AccountVO account, String groupName, String protocol, int startPort, int endPort, String [] cidrList, List authorizedGroups) { +// return _networkGroupMgr.authorizeNetworkGroupIngress(account, groupName, protocol, startPort, endPort, cidrList, authorizedGroups); +// } - @Override - public long authorizeNetworkGroupIngressAsync(Long accountId, String groupName, String protocol, int startPort, int endPort, String [] cidrList, List authorizedGroups) { - AccountVO account = (AccountVO)findAccountById(accountId); - if (account == null) { - s_logger.warn("Unable to authorize network group ingress on group: " + groupName + " for account " + accountId + " -- account not found."); - return 0; - } - - NetworkGroupIngressParam param = new NetworkGroupIngressParam(account, groupName, protocol, startPort, endPort, cidrList, authorizedGroups); - Gson gson = GsonHelper.getBuilder().create(); - AsyncJobVO job = new AsyncJobVO(); - job.setUserId(UserContext.current().getUserId()); - job.setAccountId(accountId); - job.setCmd("AuthorizeNetworkGroupIngress"); - job.setCmdInfo(gson.toJson(param)); - job.setCmdOriginator(AuthorizeNetworkGroupIngressCmd.getResultObjectName()); - return _asyncMgr.submitAsyncJob(job); - } +// @Override +// public long authorizeNetworkGroupIngressAsync(Long accountId, String groupName, String protocol, int startPort, int endPort, String [] cidrList, List authorizedGroups) { +// AccountVO account = (AccountVO)findAccountById(accountId); +// if (account == null) { +// s_logger.warn("Unable to authorize network group ingress on group: " + groupName + " for account " + accountId + " -- account not found."); +// return 0; +// } +// +// NetworkGroupIngressParam param = new NetworkGroupIngressParam(account, groupName, protocol, startPort, endPort, cidrList, authorizedGroups); +// Gson gson = GsonHelper.getBuilder().create(); +// AsyncJobVO job = new AsyncJobVO(); +// job.setUserId(UserContext.current().getUserId()); +// job.setAccountId(accountId); +// job.setCmd("AuthorizeNetworkGroupIngress"); +// job.setCmdInfo(gson.toJson(param)); +// job.setCmdOriginator(AuthorizeNetworkGroupIngressCmd.getResultObjectName()); +// return _asyncMgr.submitAsyncJob(job); +// } // @Override // public boolean revokeNetworkGroupIngress(AccountVO account, String groupName, String protocol, int startPort, int endPort, String [] cidrList, List authorizedGroups) { @@ -8661,10 +8659,10 @@ public class ManagementServerImpl implements ManagementServer { return _asyncMgr.submitAsyncJob(job); } - @Override - public void deleteNetworkGroup(Long groupId, Long accountId) throws ResourceInUseException, PermissionDeniedException { - _networkGroupMgr.deleteNetworkGroup(groupId, accountId); - } +// @Override +// public void deleteNetworkGroup(Long groupId, Long accountId) throws ResourceInUseException, PermissionDeniedException { +// _networkGroupMgr.deleteNetworkGroup(groupId, accountId); +// } @Override public HostStats getHostStatistics(long hostId) {