From 8948c3dd8425fd1f355de5bade0bb82e9d35c4ac Mon Sep 17 00:00:00 2001
From: alena <alena@cloud.com>
Date: Wed, 8 Jun 2011 12:00:19 -0700
Subject: [PATCH] 1) listNetworks for domain level network case: fixed search
 to do multiple joins between the tables instead of querying all the data and
 making search for each entry. 2) Added new config parameter
 'allow.subdomain.network.access' - default value is true. If it's set to
 false, the child domain can't use the network of the parent domain

Conflicts:

	server/src/com/cloud/network/NetworkManagerImpl.java
---
 api/src/com/cloud/user/AccountService.java    |   5 +
 .../src/com/cloud/configuration/Config.java   |   6 +-
 .../com/cloud/network/NetworkManagerImpl.java | 213 ++++++++++--------
 server/src/com/cloud/network/NetworkVO.java   |  15 +-
 .../cloud/network/dao/NetworkDomainDao.java   |   1 +
 .../network/dao/NetworkDomainDaoImpl.java     |  12 +
 .../cloud/server/ConfigurationServerImpl.java |   2 +-
 .../cloud/upgrade/dao/Upgrade226to227.java    |  45 ++++
 .../com/cloud/user/AccountManagerImpl.java    |  31 +++
 .../com/cloud/network/dao/NetworkDaoTest.java |   2 +-
 setup/db/create-schema.sql                    |   1 +
 setup/db/db/schema-226to227.sql               |   3 +
 12 files changed, 234 insertions(+), 102 deletions(-)

diff --git a/api/src/com/cloud/user/AccountService.java b/api/src/com/cloud/user/AccountService.java
index 995dd6cf21b..d8d92e21f32 100644
--- a/api/src/com/cloud/user/AccountService.java
+++ b/api/src/com/cloud/user/AccountService.java
@@ -18,6 +18,7 @@
 package com.cloud.user;
 
 import java.util.List;
+import java.util.Set;
 
 import com.cloud.api.commands.CreateAccountCmd;
 import com.cloud.api.commands.CreateUserCmd;
@@ -179,5 +180,9 @@ public interface AccountService {
 	User getActiveUserByRegistrationToken(String registrationToken);
 	
 	void markUserRegistered(long userId);
+	
+	Set<Long> getDomainParentIds(long domainId);
+	
+	Set<Long> getDomainChildrenIds(String parentDomainPath);
 
 }
diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java
index a914a19f351..060f122902d 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -235,7 +235,9 @@ public enum Config {
 	DefaultMaxAccountVolumes("Account Defaults", ManagementServer.class, Long.class, "max.account.volumes", "20", "The default maximum number of volumes that can be created for an account", null),
 	DirectAgentLoadSize("Advanced", ManagementServer.class, Integer.class, "direct.agent.load.size", "16", "The number of direct agents to load each time", null),
 	
-	AgentLbEnable("Advanced", ClusterManager.class, Boolean.class, "agent.lb.enabled", "false", "If agent load balancing enabled in cluster setup", null);
+	AgentLbEnable("Advanced", ClusterManager.class, Boolean.class, "agent.lb.enabled", "false", "If agent load balancing enabled in cluster setup", null),
+	SubDomainNetworkAccess("Advanced", NetworkManager.class, Boolean.class, "allow.subdomain.network.access", "true", "Allow subdomains to use networks dedicated to their parent domain(s)", null);
+
 	
 	private final String _category;
 	private final Class<?> _componentClass;
@@ -314,6 +316,8 @@ public enum Config {
             return "HighAvailabilityManager";
         } else if (_componentClass == StoragePoolAllocator.class) {
             return "StorageAllocator";
+        } else if (_componentClass == NetworkManager.class) {
+            return "NetworkManager";
         } else {
             return "none";
         }
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 1a12b438075..b4abc55baf6 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -24,9 +24,11 @@ import java.util.Arrays;
 import java.util.Comparator;
 import java.util.Date;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
@@ -65,7 +67,6 @@ import com.cloud.dc.dao.VlanDao;
 import com.cloud.deploy.DataCenterDeployment;
 import com.cloud.deploy.DeployDestination;
 import com.cloud.deploy.DeploymentPlan;
-import com.cloud.domain.Domain;
 import com.cloud.domain.DomainVO;
 import com.cloud.domain.dao.DomainDao;
 import com.cloud.event.ActionEvent;
@@ -223,8 +224,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     int _networkGcInterval;
     String _networkDomain;
     int _cidrLimit;
+    boolean _allowSubdomainNetworkAccess;
 
     private Map<String, String> _configs;
+    
 
     HashMap<Long, Long> _lastNetworkIdsToFree = new HashMap<Long, Long>();
 
@@ -785,6 +788,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         NicForTrafficTypeSearch.done();
 
         _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("Network-Scavenger"));
+        
+        _allowSubdomainNetworkAccess = Boolean.valueOf(_configs.get(Config.SubDomainNetworkAccess.key()));
 
         s_logger.info("Network Manager is configured.");
 
@@ -896,7 +901,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                 }
 
                 NetworkVO vo = new NetworkVO(id, network, offering.getId(), plan.getDataCenterId(), guru.getName(), owner.getDomainId(), owner.getId(), related, name, displayText, isShared, isDefault,
-                        predefined.isSecurityGroupEnabled());
+                        predefined.isSecurityGroupEnabled(), (domainId != null));
                 vo.setTags(tags);
                 networks.add(_networksDao.persist(vo, vo.getGuestType() != null));
 
@@ -1740,10 +1745,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
 
     @Override
     public List<? extends Network> searchForNetworks(ListNetworksCmd cmd) {
-        Object id = cmd.getId();
-        Object keyword = cmd.getKeyword();
+        Long id = cmd.getId();
+        String keyword = cmd.getKeyword();
         Long zoneId = cmd.getZoneId();
-        Account account = UserContext.current().getCaller();
+        Account caller = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         String type = cmd.getType();
@@ -1753,10 +1758,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         Boolean isDefault = cmd.isDefault();
         Long accountId = null;
         String path = null;
-        List<Long> avoidNetworks = new ArrayList<Long>();
-        List<Long> allowedSharedNetworks = new ArrayList<Long>();
-
-        if (isSystem == null && id == null) {
+        Long sharedNetworkDomainId = null;
+        
+        //1) default is system to false if not specified
+        //2) reset parameter to false if it's specified by the regular user
+        if (isSystem == null || caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
             isSystem = false;
         }
 
@@ -1765,37 +1771,41 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             throw new InvalidParameterValueException("System network belongs to system, account and domainId parameters can't be specified");
         }
 
-        if (_accountMgr.isAdmin(account.getType())) {
+        if (_accountMgr.isAdmin(caller.getType())) {
             if (domainId != null) {
                 DomainVO domain = _domainDao.findById(domainId);
                 if (domain == null) {
                     throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist in the system");
                 }
 
-                _accountMgr.checkAccess(account, domain);
+                _accountMgr.checkAccess(caller, domain);
 
                 if (accountName != null) {
-                    account = _accountMgr.getActiveAccount(accountName, domainId);
-                    if (account == null) {
+                    Account owner = _accountMgr.getActiveAccount(accountName, domainId);
+                    if (owner == null) {
                         throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId);
                     }
-                    accountId = account.getId();
+                    accountId = owner.getId();
                 }
-            } else {
-                accountId = account.getId();
             }
 
-            if (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
-                DomainVO domain = _domainDao.findById(account.getDomainId());
+            if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
+                DomainVO domain = _domainDao.findById(caller.getDomainId());
                 if (domain != null) {
                     path = domain.getPath();
                 }
             }
         } else {
-            accountName = account.getAccountName();
-            domainId = account.getDomainId();
-            accountId = account.getId();
+            accountId = caller.getId();
         }
+        
+        if (!isSystem && (isShared == null || isShared)) {
+            if (domainId == null) {
+                sharedNetworkDomainId = caller.getDomainId();
+            } else {
+                sharedNetworkDomainId = domainId;
+            }
+        } 
 
         Filter searchFilter = new Filter(NetworkVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal());
         SearchBuilder<NetworkVO> sb = _networksDao.createSearchBuilder();
@@ -1803,7 +1813,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         // Don't display networks created of system network offerings
         SearchBuilder<NetworkOfferingVO> networkOfferingSearch = _networkOfferingDao.createSearchBuilder();
         networkOfferingSearch.and("systemOnly", networkOfferingSearch.entity().isSystemOnly(), SearchCriteria.Op.EQ);
-        if (isSystem != null && isSystem) {
+        if (isSystem) {
             networkOfferingSearch.and("trafficType", networkOfferingSearch.entity().getTrafficType(), SearchCriteria.Op.EQ);
         }
         sb.join("networkOfferingSearch", networkOfferingSearch, sb.entity().getNetworkOfferingId(), networkOfferingSearch.entity().getId(), JoinBuilder.JoinType.INNER);
@@ -1811,21 +1821,38 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         SearchBuilder<DataCenterVO> zoneSearch = _dcDao.createSearchBuilder();
         zoneSearch.and("networkType", zoneSearch.entity().getNetworkType(), SearchCriteria.Op.EQ);
         sb.join("zoneSearch", zoneSearch, sb.entity().getDataCenterId(), zoneSearch.entity().getId(), JoinBuilder.JoinType.INNER);
-
-        if (path != null) {
-            // for domain admin we should show only subdomains information
-            SearchBuilder<DomainVO> domainSearch = _domainDao.createSearchBuilder();
-            domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
-            sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER);
+        
+        //domain level networks
+        if (sharedNetworkDomainId != null) {
+            SearchBuilder<NetworkDomainVO> domainNetworkSearch = _networkDomainDao.createSearchBuilder();
+            sb.join("domainNetworkSearch", domainNetworkSearch, sb.entity().getId(), domainNetworkSearch.entity().getNetworkId(), JoinBuilder.JoinType.LEFTOUTER);
         }
 
         sb.and("removed", sb.entity().getRemoved(), Op.NULL);
 
-        SearchCriteria<NetworkVO> sc = sb.create();
-
-        if (isSystem != null) {
-            sc.setJoinParameters("networkOfferingSearch", "systemOnly", isSystem);
+        if (isSystem == null || !isSystem) {
+          //Get domain level + account/zone level networks
+            List<NetworkVO> networksToReturn = new ArrayList<NetworkVO>();
+       
+            if (sharedNetworkDomainId != null) {
+                networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, type, isDefault, trafficType, isShared), searchFilter, sharedNetworkDomainId));
+            }
+            
+            //if domain id is specified - list only domain level networks
+            if (accountId != null || (domainId == null && accountName == null)) {
+                networksToReturn.addAll(listAccountSpecificAndZoneLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, type, isDefault, trafficType, isShared), searchFilter, accountId, path));
+            }
+            
+            return networksToReturn;
+            
+        } else {
+            return _networksDao.search(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, type, isDefault, trafficType, isShared), searchFilter);
         }
+    }
+    
+    private SearchCriteria<NetworkVO> buildNetworkSearchCriteria(SearchBuilder<NetworkVO> sb, String keyword, Long id, boolean isSystem, Long zoneId, String type, Boolean isDefault, String trafficType, Boolean isShared) {
+        SearchCriteria<NetworkVO> sc = sb.create();
+        sc.setJoinParameters("networkOfferingSearch", "systemOnly", isSystem);
 
         if (keyword != null) {
             SearchCriteria<NetworkVO> ssc = _networksDao.createSearchCriteria();
@@ -1844,71 +1871,64 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         if (type != null) {
             sc.addAnd("guestType", SearchCriteria.Op.EQ, type);
         }
-
-        if (isSystem != null && !isSystem) {
-            if (accountName != null && domainId != null) {
-                if (isShared == null) {
-                    sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId);
-                    // sc.addOr("isShared", SearchCriteria.Op.EQ, true);
-                } else if (!isShared) {
-                    sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId);
-                } else {
-                    sc.addAnd("isShared", SearchCriteria.Op.EQ, true);
-                }
-
-                if (isShared == null || isShared) {
-                    List<NetworkVO> allNetworks = _networksDao.listNetworksBy(true);
-                    for (NetworkVO network : allNetworks) {
-                        NetworkOffering offering = _configMgr.getNetworkOffering(network.getNetworkOfferingId());
-                        if (!isNetworkAvailableInDomain(network.getId(), domainId) || offering.isSystemOnly()) {
-                            avoidNetworks.add(network.getId());
-                        } else {
-                            allowedSharedNetworks.add(network.getId());
-                        }
-                    }
-                }
-
-            } else if (isShared != null) {
-                sc.addAnd("isShared", SearchCriteria.Op.EQ, isShared);
-            }
-        }
-
-        // find list of shared networks to avoid
-        if (domainId != null && accountName == null) {
-            List<NetworkVO> allNetworks = _networksDao.listNetworksBy(true);
-            for (NetworkVO network : allNetworks) {
-
-                if (!isNetworkAvailableInDomain(network.getId(), domainId)) {
-                    avoidNetworks.add(network.getId());
-                }
-            }
-            sc.addAnd("isShared", SearchCriteria.Op.EQ, true);
-        }
-
-        for (Long avoidNetwork : avoidNetworks) {
-            sc.addAnd("id", SearchCriteria.Op.NOTIN, avoidNetwork);
-        }
-
-        for (Long allowerdSharedNetwork : allowedSharedNetworks) {
-            sc.addOr("id", SearchCriteria.Op.IN, allowerdSharedNetwork);
-        }
-
         if (isDefault != null) {
             sc.addAnd("isDefault", SearchCriteria.Op.EQ, isDefault);
         }
-
+        
         if (trafficType != null) {
             sc.addAnd("trafficType", SearchCriteria.Op.EQ, trafficType);
         }
+        
+        if (isShared != null) {
+            sc.addAnd("isShared", SearchCriteria.Op.EQ, isShared);
+        }
+        
+        return sc;
+    }
 
-        if (isSystem != null && !isSystem && path != null && (isShared == null || !isShared)) {
-            sc.setJoinParameters("domainSearch", "path", path + "%");
+    
+    private List<NetworkVO> listDomainLevelNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, long domainId) {
+        
+        Set<Long> allowedDomains = new HashSet<Long>();
+        if (_allowSubdomainNetworkAccess) {
+            allowedDomains = _accountMgr.getDomainParentIds(domainId);
+        } else {
+            allowedDomains.add(domainId);
         }
 
-        List<NetworkVO> networks = _networksDao.search(sc, searchFilter);
+        sc.addJoinAnd("domainNetworkSearch", "domainId", SearchCriteria.Op.IN, allowedDomains.toArray());
+        return _networksDao.search(sc, searchFilter);
+    } 
+    
+    private List<NetworkVO> listAccountSpecificAndZoneLevelNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, Long accountId, String path) {
+       
 
-        return networks;
-    }
+        SearchCriteria<NetworkVO> ssc = _networksDao.createSearchCriteria();
+        
+        //account level networks
+        SearchCriteria<NetworkVO> accountSC = _networksDao.createSearchCriteria();
+        if (accountId != null) {
+            accountSC.addAnd("accountId", SearchCriteria.Op.EQ, accountId);
+        }
+        
+        accountSC.addAnd("isShared", SearchCriteria.Op.EQ, false);
+        if (path != null) {
+            Set<Long> allowedDomains = _accountMgr.getDomainChildrenIds(path);
+            accountSC.addAnd("domainId", SearchCriteria.Op.IN, allowedDomains.toArray());
+        }
+        
+        ssc.addOr("id", SearchCriteria.Op.SC, accountSC);
+        
+        //zone level networks
+        SearchCriteria<NetworkVO> zoneSC = _networksDao.createSearchCriteria();
+        zoneSC.addAnd("isDomainSpecific", SearchCriteria.Op.EQ, false);
+        zoneSC.addAnd("isShared", SearchCriteria.Op.EQ, true);
+        ssc.addOr("id", SearchCriteria.Op.SC, zoneSC);
+        
+        sc.addAnd("id", SearchCriteria.Op.SC, ssc);
+        
+        return _networksDao.search(sc, searchFilter);
+    } 
 
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_NETWORK_DELETE, eventDescription = "deleting network", async = true)
@@ -2791,7 +2811,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
 
     @Override
     public boolean isNetworkAvailableInDomain(long networkId, long domainId) {
-        boolean result = false;
+        
+        
         Long networkDomainId = null;
         Network network = getNetwork(networkId);
         if (!network.getIsShared()) {
@@ -2806,20 +2827,20 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         } else {
             networkDomainId = networkDomainMap.get(0).getDomainId();
         }
-
+        
         if (domainId == networkDomainId.longValue()) {
             return true;
         }
-
-        Domain domain = _domainDao.findById(domainId);
-        while (domain.getParent() != null) {
-            if (domain.getParent().longValue() == networkDomainId) {
+        
+        if (_allowSubdomainNetworkAccess) {
+            Set<Long> parentDomains = _accountMgr.getDomainParentIds(domainId);
+            
+            if (parentDomains.contains(domainId)) {
                 return true;
             }
-            domain = _domainDao.findById(domain.getParent());
         }
-
-        return result;
+        
+        return false;
     }
 
     @Override
diff --git a/server/src/com/cloud/network/NetworkVO.java b/server/src/com/cloud/network/NetworkVO.java
index af60f5e27b1..4778f55dd7c 100644
--- a/server/src/com/cloud/network/NetworkVO.java
+++ b/server/src/com/cloud/network/NetworkVO.java
@@ -124,6 +124,9 @@ public class NetworkVO implements Network {
 
     @Column(name="shared")
     boolean isShared;
+    
+    @Column(name="is_domain_specific")
+    boolean isDomainSpecific;
 
     @Column(name="network_domain")
     String networkDomain;
@@ -175,8 +178,8 @@ public class NetworkVO implements Network {
         this.guestType = guestType;
     }
 
-    public NetworkVO(long id, Network that, long offeringId, long dataCenterId, String guruName, long domainId, long accountId, long related, String name, String displayText, Boolean isShared, boolean isDefault, boolean isSecurityGroupEnabled) {
-        this(id, that.getTrafficType(), that.getGuestType(), that.getMode(), that.getBroadcastDomainType(), offeringId, dataCenterId, domainId, accountId, related, name, displayText, isShared, isDefault);
+    public NetworkVO(long id, Network that, long offeringId, long dataCenterId, String guruName, long domainId, long accountId, long related, String name, String displayText, Boolean isShared, boolean isDefault, boolean isSecurityGroupEnabled, boolean isDomainSpecific) {
+        this(id, that.getTrafficType(), that.getGuestType(), that.getMode(), that.getBroadcastDomainType(), offeringId, dataCenterId, domainId, accountId, related, name, displayText, isShared, isDefault, isDomainSpecific);
         this.gateway = that.getGateway();
         this.cidr = that.getCidr();
         this.broadcastUri = that.getBroadcastUri();
@@ -203,8 +206,9 @@ public class NetworkVO implements Network {
      * @param displayText
      * @param isShared
      * @param isDefault
+     * @param isDomainSpecific
      */
-    public NetworkVO(long id, TrafficType trafficType, GuestIpType guestType, Mode mode, BroadcastDomainType broadcastDomainType, long networkOfferingId, long dataCenterId, long domainId, long accountId, long related, String name, String displayText, Boolean isShared, boolean isDefault) {
+    public NetworkVO(long id, TrafficType trafficType, GuestIpType guestType, Mode mode, BroadcastDomainType broadcastDomainType, long networkOfferingId, long dataCenterId, long domainId, long accountId, long related, String name, String displayText, Boolean isShared, boolean isDefault, boolean isDomainSpecific) {
         this(trafficType, guestType, mode, broadcastDomainType, networkOfferingId, dataCenterId, State.Allocated);
         this.domainId = domainId;
         this.accountId = accountId;
@@ -214,6 +218,7 @@ public class NetworkVO implements Network {
         this.displayText = displayText;
         this.isShared = isShared;
         this.isDefault = isDefault;
+        this.isDomainSpecific = isDomainSpecific;
     }
 
     @Override
@@ -442,6 +447,10 @@ public class NetworkVO implements Network {
         this.created = created;
     }
 
+    public boolean isDomainSpecific() {
+        return isDomainSpecific;
+    }
+
     @Override
     public boolean equals(Object obj) {
         if (!(obj instanceof NetworkVO)) {
diff --git a/server/src/com/cloud/network/dao/NetworkDomainDao.java b/server/src/com/cloud/network/dao/NetworkDomainDao.java
index 74fc45f81f3..1aa59f58048 100644
--- a/server/src/com/cloud/network/dao/NetworkDomainDao.java
+++ b/server/src/com/cloud/network/dao/NetworkDomainDao.java
@@ -26,4 +26,5 @@ import com.cloud.utils.db.GenericDao;
 public interface NetworkDomainDao extends GenericDao<NetworkDomainVO, Long>{
     List<NetworkDomainVO> listDomainNetworkMapByDomain(long domainId);
     List<NetworkDomainVO> listDomainNetworkMapByNetworkId(long networkId);
+    List<Long> listNetworkIdsByDomain(long domainId);
 }
diff --git a/server/src/com/cloud/network/dao/NetworkDomainDaoImpl.java b/server/src/com/cloud/network/dao/NetworkDomainDaoImpl.java
index 29c447170ac..83bdf07f8c4 100644
--- a/server/src/com/cloud/network/dao/NetworkDomainDaoImpl.java
+++ b/server/src/com/cloud/network/dao/NetworkDomainDaoImpl.java
@@ -17,6 +17,7 @@
  */
 package com.cloud.network.dao;
 
+import java.util.ArrayList;
 import java.util.List;
 
 import javax.ejb.Local;
@@ -58,4 +59,15 @@ public class NetworkDomainDaoImpl extends GenericDaoBase<NetworkDomainVO, Long>
         
         return listBy(sc);
     }
+    
+    @Override
+    public List<Long> listNetworkIdsByDomain(long domainId) {
+        List<Long> networkIdsToReturn = new ArrayList<Long>();
+        List<NetworkDomainVO> maps = listDomainNetworkMapByDomain(domainId);
+        for (NetworkDomainVO map : maps) {
+            networkIdsToReturn.add(map.getNetworkId());
+        }
+        
+        return networkIdsToReturn;
+    }
 }
diff --git a/server/src/com/cloud/server/ConfigurationServerImpl.java b/server/src/com/cloud/server/ConfigurationServerImpl.java
index b37a3d9a52c..9d19a9e73d7 100644
--- a/server/src/com/cloud/server/ConfigurationServerImpl.java
+++ b/server/src/com/cloud/server/ConfigurationServerImpl.java
@@ -921,7 +921,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
                     }
                     
                     if (broadcastDomainType != null) {
-                        NetworkVO network = new NetworkVO(id, trafficType, null, mode, broadcastDomainType, networkOfferingId, zoneId, domainId, accountId, related, null, null, true, isNetworkDefault);
+                        NetworkVO network = new NetworkVO(id, trafficType, null, mode, broadcastDomainType, networkOfferingId, zoneId, domainId, accountId, related, null, null, true, isNetworkDefault, false);
                         network.setGuruName(guruNames.get(network.getTrafficType()));
                         network.setDns1(zone.getDns1());
                         network.setDns2(zone.getDns2());
diff --git a/server/src/com/cloud/upgrade/dao/Upgrade226to227.java b/server/src/com/cloud/upgrade/dao/Upgrade226to227.java
index 05057db28cf..b1ceb84d2f8 100644
--- a/server/src/com/cloud/upgrade/dao/Upgrade226to227.java
+++ b/server/src/com/cloud/upgrade/dao/Upgrade226to227.java
@@ -19,8 +19,14 @@ package com.cloud.upgrade.dao;
 
 import java.io.File;
 import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
 import java.util.List;
 
+import org.apache.log4j.Logger;
+
 import com.cloud.dc.DataCenterVO;
 import com.cloud.dc.dao.DataCenterDao;
 import com.cloud.host.HostVO;
@@ -33,6 +39,7 @@ import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.script.Script;
 
 public class Upgrade226to227 implements DbUpgrade {
+    final static Logger s_logger = Logger.getLogger(Upgrade226to227.class);
     @Inject
     protected SnapshotDao _snapshotDao;
     @Inject
@@ -81,6 +88,8 @@ public class Upgrade226to227 implements DbUpgrade {
                 _diskOfferingDao.update(offering.getId(), offering);
             }
         }
+        
+        updateDomainLevelNetworks(conn);
     }
 
     @Override
@@ -88,4 +97,40 @@ public class Upgrade226to227 implements DbUpgrade {
         return null;
     }
     
+    private void updateDomainLevelNetworks(Connection conn) {
+        s_logger.debug("Updating domain level specific networks...");
+        try {
+            PreparedStatement pstmt = conn.prepareStatement("SELECT n.id FROM networks n, network_offerings o WHERE n.shared=1 AND o.system_only=0 AND o.id=n.network_offering_id");
+            ResultSet rs = pstmt.executeQuery();
+            ArrayList<Object[]> networks = new ArrayList<Object[]>();
+            while (rs.next()) {
+                Object[] network = new Object[10];
+                network[0] = rs.getLong(1); // networkId
+                networks.add(network);
+            }
+            rs.close();
+            pstmt.close();
+            
+            for (Object[] network : networks) {
+                Long networkId = (Long) network[0];
+                pstmt = conn.prepareStatement("SELECT * from domain_network_ref where network_id=?");
+                pstmt.setLong(0, networkId);
+                rs = pstmt.executeQuery();
+                if (rs.next()) {
+                    s_logger.debug("Setting network id=" + networkId + " as domain specific shared network");
+                    pstmt = conn.prepareStatement("UPDATE networks set is_domain_specific=1 where id=?");
+                    pstmt.setLong(0, networkId);
+                    pstmt.executeUpdate();
+                }
+                rs.close();
+                pstmt.close();
+            }
+            
+            s_logger.debug("Successfully updated domain level specific networks");
+        } catch (SQLException e) {
+            s_logger.error("Failed to set domain specific shared networks due to ", e);
+            throw new CloudRuntimeException("Failed to set domain specific shared networks due to ", e);
+        }
+    }
+    
 }
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 82fae0a8f38..7a43305900d 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -20,8 +20,10 @@ package com.cloud.user;
 
 import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.UUID;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
@@ -1802,4 +1804,33 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag
         userForUpdate.setRegistered(true);
         _userDao.update(Long.valueOf(userId), userForUpdate);		
 	}
+	
+	@Override
+	public Set<Long> getDomainParentIds(long domainId) {
+	    Set<Long> parentDomains = new HashSet<Long>();
+	    Domain domain = _domainDao.findById(domainId);
+	    parentDomains.add(domain.getId());
+	    
+        while (domain.getParent() != null) {
+            domain = _domainDao.findById(domain.getParent());
+            parentDomains.add(domain.getId());
+        }
+        
+        return parentDomains;
+	}
+	
+	@Override
+	public Set<Long> getDomainChildrenIds(String parentDomainPath) {
+	    Set<Long> childDomains = new HashSet<Long>();
+	    SearchCriteria<DomainVO> sc = _domainDao.createSearchCriteria();
+	    sc.addAnd("path", SearchCriteria.Op.LIKE, parentDomainPath + "%");
+	    
+	    List<DomainVO> domains = _domainDao.search(sc, null);
+	    
+	    for (DomainVO domain : domains) {
+	        childDomains.add(domain.getId());
+	    }
+	    
+	    return childDomains;
+	}
 }
diff --git a/server/test/com/cloud/network/dao/NetworkDaoTest.java b/server/test/com/cloud/network/dao/NetworkDaoTest.java
index 1d51fc45433..24fff441bef 100644
--- a/server/test/com/cloud/network/dao/NetworkDaoTest.java
+++ b/server/test/com/cloud/network/dao/NetworkDaoTest.java
@@ -18,7 +18,7 @@ public class NetworkDaoTest extends TestCase {
         NetworkDaoImpl dao = ComponentLocator.inject(NetworkDaoImpl.class);
         
         dao.expunge(1001l);
-        NetworkVO network = new NetworkVO(1001, TrafficType.Control, GuestIpType.Direct, Mode.Dhcp, BroadcastDomainType.Native, 1, 1, 1, 1, 1001, "Name", "DisplayText", false, true);
+        NetworkVO network = new NetworkVO(1001, TrafficType.Control, GuestIpType.Direct, Mode.Dhcp, BroadcastDomainType.Native, 1, 1, 1, 1, 1001, "Name", "DisplayText", false, true, null);
         network.setGuruName("guru_name");
         List<String> tags = new ArrayList<String>();
 
diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql
index 5ea17ed5f32..ab9678fee0b 100755
--- a/setup/db/create-schema.sql
+++ b/setup/db/create-schema.sql
@@ -177,6 +177,7 @@ CREATE TABLE `cloud`.`networks` (
   `set_fields` bigint unsigned NOT NULL DEFAULT 0 COMMENT 'which fields are set already',
   `guest_type` char(32) COMMENT 'type of guest network',
   `shared` int(1) unsigned NOT NULL DEFAULT 0 COMMENT '0 if network is shared, 1 if network dedicated',
+  `is_domain_specific` int(1) unsigned NOT NULL DEFAULT 0 COMMENT '1 if network is domain specific, 0 false otherwise',
   `network_domain` varchar(255) COMMENT 'domain',
   `reservation_id` char(40) COMMENT 'reservation id',
   `is_default` int(1) unsigned NOT NULL DEFAULT 0 COMMENT '1 if network is default',
diff --git a/setup/db/db/schema-226to227.sql b/setup/db/db/schema-226to227.sql
index 4992f6b731a..b3be9450bc5 100644
--- a/setup/db/db/schema-226to227.sql
+++ b/setup/db/db/schema-226to227.sql
@@ -112,3 +112,6 @@ CREATE TABLE `cloud`.`swift` (
 
 ALTER TABLE `cloud`.`vm_instance` ADD COLUMN `vm_type` varchar(32) NOT NULL;
 UPDATE vm_instance set vm_type=type;
+
+ALTER TABLE `cloud`.`networks` ADD COLUMN `is_domain_specific` int(1) unsigned NOT NULL DEFAULT 0 COMMENT '1 if network is domain specific, 0 false otherwise';
+INSERT INTO configuration (`category`, `instance`, `component`, `name`, `value`, `description`) VALUES ('Advanced', 'DEFAULT', 'NetworkManager', 'allow.subdomain.network.access', 'true', 'Allow subdomains to use networks dedicated to their parent domain(s)');