etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bug 10617: This is Intermediate commit for Egress rules implementation in security groups. 

previous commit: c9fda641673df7701f44963ef27e1d488f121219 ( this under bug 1067, typing error)
        changes: 1) partially implemented  listing of egress rules along with ingress rules.
                 2) partially implemneted egress rules for KVM
This commit is contained in:
Naredula Janardhana Reddy 2011-08-25 12:12:42 +05:30
parent 9391938908
commit 9feb05ac13
9 changed files with 413 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
View File

@ -56,6 +56,7 @@ import org.libvirt.DomainInfo;
import org.libvirt.DomainInterfaceStats;
import org.libvirt.DomainSnapshot;
import org.libvirt.LibvirtException;
import org.libvirt.Network;
import org.libvirt.NodeInfo;
import org.libvirt.StoragePool;
import org.libvirt.StoragePoolInfo;
@ -120,6 +121,8 @@ import com.cloud.agent.api.RebootCommand;
import com.cloud.agent.api.RebootRouterCommand;
import com.cloud.agent.api.SecurityIngressRuleAnswer;
import com.cloud.agent.api.SecurityIngressRulesCmd;
import com.cloud.agent.api.SecurityEgressRuleAnswer;
import com.cloud.agent.api.SecurityEgressRulesCmd;
import com.cloud.agent.api.StartAnswer;
import com.cloud.agent.api.StartCommand;
import com.cloud.agent.api.StartupCommand;
@ -134,8 +137,8 @@ import com.cloud.agent.api.check.CheckSshCommand;
import com.cloud.agent.api.proxy.CheckConsoleProxyLoadCommand;
import com.cloud.agent.api.proxy.ConsoleProxyLoadAnswer;
import com.cloud.agent.api.proxy.WatchConsoleProxyLoadCommand;
import com.cloud.agent.api.routing.IpAssocAnswer;
import com.cloud.agent.api.routing.IpAssocCommand;
import com.cloud.agent.api.routing.IpAssocAnswer;
import com.cloud.agent.api.routing.NetworkElementCommand;
import com.cloud.agent.api.storage.CopyVolumeAnswer;
import com.cloud.agent.api.storage.CopyVolumeCommand;
@ -877,6 +880,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
return execute((ModifyStoragePoolCommand) cmd);
} else if (cmd instanceof SecurityIngressRulesCmd) {
return execute((SecurityIngressRulesCmd) cmd);
} else if (cmd instanceof SecurityEgressRulesCmd) {
return execute((SecurityEgressRulesCmd) cmd);
} else if (cmd instanceof DeleteStoragePoolCommand) {
return execute((DeleteStoragePoolCommand) cmd);
} else if (cmd instanceof FenceCommand ) {
@ -1583,7 +1588,7 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
return new SecurityIngressRuleAnswer(cmd, false, e.toString());
}
boolean result = add_network_rules(cmd.getVmName(),
boolean result = add_network_rules("ingress",cmd.getVmName(),
Long.toString(cmd.getVmId()),
cmd.getGuestIp(),cmd.getSignature(),
Long.toString(cmd.getSeqNum()),
@ -1599,6 +1604,34 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
}
}
private Answer execute(SecurityEgressRulesCmd cmd) {
String vif = null;
String brname = null;
try {
Connect conn = LibvirtConnection.getConnection();
List<InterfaceDef> nics = getInterfaces(conn, cmd.getVmName());
vif = nics.get(0).getDevName();
brname = nics.get(0).getBrName();
} catch (LibvirtException e) {
return new SecurityEgressRuleAnswer(cmd, false, e.toString());
}
boolean result = add_network_rules("egress", cmd.getVmName(),
Long.toString(cmd.getVmId()),
cmd.getGuestIp(),cmd.getSignature(),
Long.toString(cmd.getSeqNum()),
cmd.getGuestMac(),
cmd.stringifyRules(), vif, brname);
if (!result) {
s_logger.warn("Failed to program network rules for vm " + cmd.getVmName());
return new SecurityEgressRuleAnswer(cmd, false, "programming network rules failed");
} else {
s_logger.debug("Programmed network rules for vm " + cmd.getVmName() + " guestIp=" + cmd.getGuestIp() + ", numrules=" + cmd.getRuleSet().length);
return new SecurityEgressRuleAnswer(cmd);
}
}
private Answer execute(CleanupNetworkRulesCmd cmd) {
boolean result = cleanup_rules();
return new Answer(cmd, result, "");
@ -1979,7 +2012,6 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
} catch (Exception e) {
}
get_rule_logs_for_vms();
return new RebootAnswer(cmd, null, bytesSent, bytesReceived, vncPort);
} else {
return new RebootAnswer(cmd, result);
@ -2463,7 +2495,9 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
}
DiskDef disk = new DiskDef();
disk.defFileBasedDisk(sourceFile, deviceId, DiskDef.diskBus.VIRTIO, DiskDef.diskFmtType.QCOW2);
String xml = disk.toString();
return attachOrDetachDevice(conn, attach, vmName, xml);
} finally {
@ -3444,7 +3478,7 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
return true;
}
private boolean add_network_rules(String vmName, String vmId, String guestIP, String sig, String seq, String mac, String rules, String vif, String brname) {
private boolean add_network_rules(String type, String vmName, String vmId, String guestIP, String sig, String seq, String mac, String rules, String vif, String brname) {
if (!_can_bridge_firewall) {
return false;
}
@ -3455,6 +3489,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
cmd.add("--vmname", vmName);
cmd.add("--vmid", vmId);
cmd.add("--vmip", guestIP);
/* type of the rule : ingress or egress */
cmd.add("--type", type);
cmd.add("--sig", sig);
cmd.add("--seq", seq);
cmd.add("--vmmac", mac);

141
core/src/com/cloud/network/security/SecurityGroupEgressRulesVO.java Normal file
View File

@ -0,0 +1,141 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.network.security;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.PrimaryKeyJoinColumn;
import javax.persistence.SecondaryTable;
import javax.persistence.Table;
@Entity
@Table(name = ("security_group"))
@SecondaryTable(name = "security_egress_rule", join = "left", pkJoinColumns = { @PrimaryKeyJoinColumn(name = "id", referencedColumnName = "security_group_id") })
public class SecurityGroupEgressRulesVO implements SecurityGroupRules {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private long id;
@Column(name = "name")
private String name;
@Column(name = "description")
private String description;
@Column(name = "domain_id")
private Long domainId;
@Column(name = "account_id")
private Long accountId;
@Column(name = "id", table = "security_egress_rule", insertable = false, updatable = false)
private Long ruleId;
@Column(name = "start_port", table = "security_egress_rule", insertable = false, updatable = false)
private int startPort;
@Column(name = "end_port", table = "security_egress_rule", insertable = false, updatable = false)
private int endPort;
@Column(name = "protocol", table = "security_egress_rule", insertable = false, updatable = false)
private String protocol;
@Column(name = "allowed_network_id", table = "security_egress_rule", insertable = false, updatable = false, nullable = true)
private Long allowedNetworkId = null;
@Column(name = "allowed_ip_cidr", table = "security_egress_rule", insertable = false, updatable = false, nullable = true)
private String allowedDestinationIpCidr = null;
public SecurityGroupEgressRulesVO() {
}
public SecurityGroupEgressRulesVO(long id, String name, String description, Long domainId, Long accountId, Long ruleId, int startPort, int endPort, String protocol, Long allowedNetworkId,
String allowedDestinationIpCidr) {
this.id = id;
this.name = name;
this.description = description;
this.domainId = domainId;
this.accountId = accountId;
this.ruleId = ruleId;
this.startPort = startPort;
this.endPort = endPort;
this.protocol = protocol;
this.allowedNetworkId = allowedNetworkId;
this.allowedDestinationIpCidr = allowedDestinationIpCidr;
}
@Override
public long getId() {
return id;
}
@Override
public String getName() {
return name;
}
@Override
public String getDescription() {
return description;
}
@Override
public Long getDomainId() {
return domainId;
}
@Override
public Long getAccountId() {
return accountId;
}
@Override
public Long getRuleId() {
return ruleId;
}
@Override
public int getStartPort() {
return startPort;
}
@Override
public int getEndPort() {
return endPort;
}
@Override
public String getProtocol() {
return protocol;
}
@Override
public Long getAllowedNetworkId() {
return allowedNetworkId;
}
@Override
public String getAllowedSourceIpCidr() { /* FIXME: need to rename the method name, for this the interface need to change or need create a new interface */
return allowedDestinationIpCidr;
}
}

39
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -45,7 +45,6 @@ import com.cloud.api.response.CreateCmdResponse;
import com.cloud.api.response.DiskOfferingResponse;
import com.cloud.api.response.DomainResponse;
import com.cloud.api.response.DomainRouterResponse;
import com.cloud.api.response.EgressRuleResponse;
import com.cloud.api.response.EventResponse;
import com.cloud.api.response.ExtractResponse;
import com.cloud.api.response.FirewallResponse;
@ -54,6 +53,8 @@ import com.cloud.api.response.HostResponse;
import com.cloud.api.response.IPAddressResponse;
import com.cloud.api.response.IngressRuleResponse;
import com.cloud.api.response.IngressRuleResultObject;
import com.cloud.api.response.EgressRuleResponse;
import com.cloud.api.response.EgressRuleResultObject;
import com.cloud.api.response.InstanceGroupResponse;
import com.cloud.api.response.IpForwardingRuleResponse;
import com.cloud.api.response.ListResponse;
@ -119,8 +120,8 @@ import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.LoadBalancer;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.StaticNatRule;
import com.cloud.network.security.EgressRule;
import com.cloud.network.security.IngressRule;
import com.cloud.network.security.EgressRule;
import com.cloud.network.security.SecurityGroup;
import com.cloud.network.security.SecurityGroupRules;
import com.cloud.offering.DiskOffering;
@ -165,10 +166,10 @@ import com.cloud.vm.VMInstanceVO;
import com.cloud.vm.VirtualMachine;
import com.cloud.vm.VirtualMachine.State;
import com.cloud.vm.VirtualMachine.Type;
import com.cloud.vm.VmStats;
import com.cloud.vm.dao.UserVmData;
import com.cloud.vm.dao.UserVmData.NicData;
import com.cloud.vm.dao.UserVmData.SecurityGroupData;
import com.cloud.vm.VmStats;
public class ApiResponseHelper implements ResponseGenerator {
@ -452,7 +453,6 @@ public class ApiResponseHelper implements ResponseGenerator {
offeringResponse.setDomain(ApiDBUtils.findDomainById(offering.getDomainId()).getName());
offeringResponse.setDomainId(offering.getDomainId());
}
offeringResponse.setNetworkRate(offering.getRateMbps());
offeringResponse.setHostTag(offering.getHostTag());
offeringResponse.setObjectName("serviceoffering");
@ -1620,6 +1620,35 @@ public class ApiResponseHelper implements ResponseGenerator {
}
netGrpResponse.setIngressRules(ingressRulesResponse);
}
List<EgressRuleResultObject> egressRules = networkGroup.getEgressRules();
if ((egressRules != null) && !egressRules.isEmpty()) {
List<EgressRuleResponse> egressRulesResponse = new ArrayList<EgressRuleResponse>();
for (EgressRuleResultObject egressRule : egressRules) {
EgressRuleResponse egressData = new EgressRuleResponse();
egressData.setRuleId(egressRule.getId());
egressData.setProtocol(egressRule.getProtocol());
if ("icmp".equalsIgnoreCase(egressRule.getProtocol())) {
egressData.setIcmpType(egressRule.getStartPort());
egressData.setIcmpCode(egressRule.getEndPort());
} else {
egressData.setStartPort(egressRule.getStartPort());
egressData.setEndPort(egressRule.getEndPort());
}
if (egressRule.getAllowedSecurityGroup() != null) {
egressData.setSecurityGroupName(egressRule.getAllowedSecurityGroup());
egressData.setAccountName(egressRule.getAllowedSecGroupAcct());
} else {
egressData.setCidr(egressRule.getAllowedDestinationIpCidr());
}
egressData.setObjectName("egressrule");
egressRulesResponse.add(egressData);
}
netGrpResponse.setEgressRules(egressRulesResponse);
}
netGrpResponse.setObjectName("securitygroup");
netGrpResponses.add(netGrpResponse);
}
@ -2247,8 +2276,6 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setObjectName("project");
return response;
}
public FirewallResponse createFirewallResponse(FirewallRule fwRule) {
FirewallResponse response = new FirewallResponse();

49
server/src/com/cloud/api/response/SecurityGroupResultObject.java
View File

@ -26,6 +26,8 @@ import java.util.Map;
import com.cloud.api.ApiDBUtils;
import com.cloud.network.security.SecurityGroup;
import com.cloud.network.security.SecurityGroupRules;
import com.cloud.network.security.SecurityGroupRulesVO;
import com.cloud.network.security.SecurityGroupEgressRulesVO;
import com.cloud.serializer.Param;
import com.cloud.user.Account;
@ -50,6 +52,9 @@ public class SecurityGroupResultObject {
@Param(name = "ingressrules")
private List<IngressRuleResultObject> ingressRules = null;
@Param(name = "egressrules")
private List<EgressRuleResultObject> egressRules = null;
public SecurityGroupResultObject() {
}
@ -120,6 +125,14 @@ public class SecurityGroupResultObject {
this.ingressRules = ingressRules;
}
public List<EgressRuleResultObject> getEgressRules() {
return egressRules;
}
public void setEgressRules(List<EgressRuleResultObject> egressRules) {
this.egressRules = egressRules;
}
public static List<SecurityGroupResultObject> transposeNetworkGroups(List<? extends SecurityGroupRules> groups) {
List<SecurityGroupResultObject> resultObjects = new ArrayList<SecurityGroupResultObject>();
Map<Long, SecurityGroup> allowedSecurityGroups = new HashMap<Long, SecurityGroup>();
@ -127,6 +140,7 @@ public class SecurityGroupResultObject {
if ((groups != null) && !groups.isEmpty()) {
List<IngressRuleResultObject> ingressDataList = new ArrayList<IngressRuleResultObject>();
List<EgressRuleResultObject> egressDataList = new ArrayList<EgressRuleResultObject>();
SecurityGroupResultObject currentGroup = null;
List<Long> processedGroups = new ArrayList<Long>();
@ -161,8 +175,13 @@ public class SecurityGroupResultObject {
currentGroup = groupResult;
}
SecurityGroupRulesVO dummyIngressobj=new SecurityGroupRulesVO();
SecurityGroupEgressRulesVO dummyEgressobj=new SecurityGroupEgressRulesVO() ;
String str=dummyIngressobj.getClass().getName();
String s1=netGroupRule.getClass().getSimpleName();
if (netGroupRule.getRuleId() != null) {
if (netGroupRule.getRuleId() != null && netGroupRule.getClass().getSimpleName().indexOf("SecurityGroupRulesVO") != -1) {
// there's at least one ingress rule for this network group, add the ingress rule data
IngressRuleResultObject ingressData = new IngressRuleResultObject();
ingressData.setEndPort(netGroupRule.getEndPort());
@ -191,6 +210,34 @@ public class SecurityGroupResultObject {
ingressData.setAllowedSourceIpCidr(netGroupRule.getAllowedSourceIpCidr());
}
ingressDataList.add(ingressData);
}else if (netGroupRule.getRuleId() != null && netGroupRule.getClass().getSimpleName().indexOf("SecurityGroupEgressRulesVO") != -1) {
EgressRuleResultObject egressData = new EgressRuleResultObject();
egressData.setEndPort(netGroupRule.getEndPort());
egressData.setStartPort(netGroupRule.getStartPort());
egressData.setId(netGroupRule.getRuleId());
egressData.setProtocol(netGroupRule.getProtocol());
Long allowedSecurityGroupId = netGroupRule.getAllowedNetworkId();
if (allowedSecurityGroupId != null) {
SecurityGroup allowedSecurityGroup = allowedSecurityGroups.get(allowedSecurityGroupId);
if (allowedSecurityGroup == null) {
allowedSecurityGroup = ApiDBUtils.findSecurityGroupById(allowedSecurityGroupId);
allowedSecurityGroups.put(allowedSecurityGroupId, allowedSecurityGroup);
}
egressData.setAllowedSecurityGroup(allowedSecurityGroup.getName());
Account allowedAccount = accounts.get(allowedSecurityGroup.getAccountId());
if (allowedAccount == null) {
allowedAccount = ApiDBUtils.findAccountById(allowedSecurityGroup.getAccountId());
accounts.put(allowedAccount.getId(), allowedAccount);
}
egressData.setAllowedSecGroupAcct(allowedAccount.getAccountName());
} else if (netGroupRule.getAllowedSourceIpCidr() != null) {
egressData.setAllowedDestinationIpCidr(netGroupRule.getAllowedSourceIpCidr());
}
egressDataList.add(egressData);
}
}

2
server/src/com/cloud/configuration/DefaultComponentLibrary.java
View File

@ -101,6 +101,7 @@ import com.cloud.network.security.dao.EgressRuleDaoImpl;
import com.cloud.network.security.dao.IngressRuleDaoImpl;
import com.cloud.network.security.dao.SecurityGroupDaoImpl;
import com.cloud.network.security.dao.SecurityGroupRulesDaoImpl;
import com.cloud.network.security.dao.SecurityGroupEgressRulesDaoImpl;
import com.cloud.network.security.dao.SecurityGroupVMMapDaoImpl;
import com.cloud.network.security.dao.SecurityGroupWorkDaoImpl;
import com.cloud.network.security.dao.VmRulesetLogDaoImpl;
@ -205,6 +206,7 @@ public class DefaultComponentLibrary extends ComponentLibraryBase implements Com
addDao("EgressRuleDao", EgressRuleDaoImpl.class);
addDao("SecurityGroupVMMapDao", SecurityGroupVMMapDaoImpl.class);
addDao("SecurityGroupRulesDao", SecurityGroupRulesDaoImpl.class);
addDao("SecurityGroupEgressRulesDao", SecurityGroupEgressRulesDaoImpl.class);
addDao("SecurityGroupWorkDao", SecurityGroupWorkDaoImpl.class);
addDao("VmRulesetLogDao", VmRulesetLogDaoImpl.class);
addDao("AlertDao", AlertDaoImpl.class);

13
server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
View File

@ -73,6 +73,7 @@ import com.cloud.network.security.dao.EgressRuleDao;
import com.cloud.network.security.dao.IngressRuleDao;
import com.cloud.network.security.dao.SecurityGroupDao;
import com.cloud.network.security.dao.SecurityGroupRulesDao;
import com.cloud.network.security.dao.SecurityGroupEgressRulesDao;
import com.cloud.network.security.dao.SecurityGroupVMMapDao;
import com.cloud.network.security.dao.SecurityGroupWorkDao;
import com.cloud.network.security.dao.VmRulesetLogDao;
@ -125,6 +126,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
@Inject
SecurityGroupRulesDao _securityGroupRulesDao;
@Inject
SecurityGroupEgressRulesDao _securityGroupEgressRulesDao;
@Inject
UserVmDao _userVMDao;
@Inject
AccountDao _accountDao;
@ -1299,7 +1302,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
}
@Override
public List<SecurityGroupRulesVO> searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
public List<SecurityGroupRules> searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
Account caller = UserContext.current().getCaller();
Long domainId = cmd.getDomainId();
String accountName = cmd.getAccountName();
@ -1338,7 +1341,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
accountId = caller.getId();
}
List<SecurityGroupRulesVO> securityRulesList = new ArrayList<SecurityGroupRulesVO>();
List<SecurityGroupRules> securityRulesList = new ArrayList<SecurityGroupRules>();
// List<SecurityGroupEgressRulesVO> securityEgressRulesList = new ArrayList<SecurityGroupEgressRulesVO>();
Filter searchFilter = new Filter(SecurityGroupVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal());
Object keyword = cmd.getKeyword();
@ -1385,13 +1389,14 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
List<SecurityGroupVO> securityGroups = _securityGroupDao.search(sc, searchFilter);
for (SecurityGroupVO group : securityGroups) {
securityRulesList.addAll(_securityGroupRulesDao.listSecurityRulesByGroupId(group.getId()));
securityRulesList.addAll(_securityGroupEgressRulesDao.listSecurityEgressRulesByGroupId(group.getId()));
}
return securityRulesList;
}
private List<SecurityGroupRulesVO> listSecurityGroupRulesByVM(long vmId) {
List<SecurityGroupRulesVO> results = new ArrayList<SecurityGroupRulesVO>();
private List<SecurityGroupRules> listSecurityGroupRulesByVM(long vmId) {
List<SecurityGroupRules> results = new ArrayList<SecurityGroupRules>();
List<SecurityGroupVMMapVO> networkGroupMappings = _securityGroupVMMapDao.listByInstanceId(vmId);
if (networkGroupMappings != null) {
for (SecurityGroupVMMapVO networkGroupMapping : networkGroupMappings) {

53
server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDao.java Normal file
View File

@ -0,0 +1,53 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.network.security.dao;
import java.util.List;
import com.cloud.network.security.SecurityGroupEgressRulesVO;
import com.cloud.utils.db.GenericDao;
public interface SecurityGroupEgressRulesDao extends GenericDao<SecurityGroupEgressRulesVO, Long> {
/**
* List a security group and associated ingress rules
* @param accountId the account id of the owner of the security group
* @param groupName the name of the group for which to list rules
* @return the list of ingress rules associated with the security group (and security group info)
*/
List<SecurityGroupEgressRulesVO> listSecurityGroupEgressRules(long accountId, String groupName);
/**
* List security groups and associated ingress rules
* @param accountId the id of the account for which to list groups and associated rules
* @return the list of security groups with associated ingress rules
*/
List<SecurityGroupEgressRulesVO> listSecurityGroupEgressRules(long accountId);
/**
* List all security groups and associated ingress rules
* @return the list of security groups with associated ingress rules
*/
List<SecurityGroupEgressRulesVO> listSecurityGroupEgressRules();
/**
* List all security rules belonging to the specific group
* @return the security group with associated ingress rules
*/
List<SecurityGroupEgressRulesVO> listSecurityEgressRulesByGroupId(long groupId);
}

85
server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDaoImpl.java Normal file
View File

@ -0,0 +1,85 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.network.security.dao;
import java.util.List;
import javax.ejb.Local;
import com.cloud.network.security.SecurityGroupEgressRulesVO;
import com.cloud.utils.db.Filter;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Local(value={SecurityGroupEgressRulesDao.class})
public class SecurityGroupEgressRulesDaoImpl extends GenericDaoBase<SecurityGroupEgressRulesVO, Long> implements SecurityGroupEgressRulesDao {
private SearchBuilder<SecurityGroupEgressRulesVO> AccountGroupNameSearch;
private SearchBuilder<SecurityGroupEgressRulesVO> AccountSearch;
private SearchBuilder<SecurityGroupEgressRulesVO> GroupSearch;
protected SecurityGroupEgressRulesDaoImpl() {
AccountGroupNameSearch = createSearchBuilder();
AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
AccountGroupNameSearch.and("name", AccountGroupNameSearch.entity().getName(), SearchCriteria.Op.EQ);
AccountGroupNameSearch.done();
AccountSearch = createSearchBuilder();
AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
AccountSearch.done();
GroupSearch = createSearchBuilder();
GroupSearch.and("groupId", GroupSearch.entity().getId(), SearchCriteria.Op.EQ);
GroupSearch.done();
}
@Override
public List<SecurityGroupEgressRulesVO> listSecurityGroupEgressRules() {
Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null);
return listAll(searchFilter);
}
@Override
public List<SecurityGroupEgressRulesVO> listSecurityGroupEgressRules(long accountId, String groupName) {
Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null);
SearchCriteria<SecurityGroupEgressRulesVO> sc = AccountGroupNameSearch.create();
sc.setParameters("accountId", accountId);
sc.setParameters("name", groupName);
return listBy(sc, searchFilter);
}
@Override
public List<SecurityGroupEgressRulesVO> listSecurityGroupEgressRules(long accountId) {
Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null);
SearchCriteria<SecurityGroupEgressRulesVO> sc = AccountSearch.create();
sc.setParameters("accountId", accountId);
return listBy(sc, searchFilter);
}
@Override
public List<SecurityGroupEgressRulesVO> listSecurityEgressRulesByGroupId(long groupId) {
Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null);
SearchCriteria<SecurityGroupEgressRulesVO> sc = GroupSearch.create();
sc.setParameters("groupId", groupId);
return listBy(sc, searchFilter);
}
}

4
server/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java
View File

@ -34,7 +34,6 @@ public class SecurityGroupRulesDaoImpl extends GenericDaoBase<SecurityGroupRules
private SearchBuilder<SecurityGroupRulesVO> AccountSearch;
private SearchBuilder<SecurityGroupRulesVO> GroupSearch;
protected SecurityGroupRulesDaoImpl() {
AccountGroupNameSearch = createSearchBuilder();
AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
@ -74,7 +73,8 @@ public class SecurityGroupRulesDaoImpl extends GenericDaoBase<SecurityGroupRules
SearchCriteria<SecurityGroupRulesVO> sc = AccountSearch.create();
sc.setParameters("accountId", accountId);
return listBy(sc, searchFilter);
}
}
@Override
public List<SecurityGroupRulesVO> listSecurityRulesByGroupId(long groupId) {