diff --git a/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java b/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java index 09148f3a6d7..6229e184b0a 100644 --- a/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java +++ b/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java @@ -56,6 +56,7 @@ import org.libvirt.DomainInfo; import org.libvirt.DomainInterfaceStats; import org.libvirt.DomainSnapshot; import org.libvirt.LibvirtException; +import org.libvirt.Network; import org.libvirt.NodeInfo; import org.libvirt.StoragePool; import org.libvirt.StoragePoolInfo; @@ -120,6 +121,8 @@ import com.cloud.agent.api.RebootCommand; import com.cloud.agent.api.RebootRouterCommand; import com.cloud.agent.api.SecurityIngressRuleAnswer; import com.cloud.agent.api.SecurityIngressRulesCmd; +import com.cloud.agent.api.SecurityEgressRuleAnswer; +import com.cloud.agent.api.SecurityEgressRulesCmd; import com.cloud.agent.api.StartAnswer; import com.cloud.agent.api.StartCommand; import com.cloud.agent.api.StartupCommand; @@ -134,8 +137,8 @@ import com.cloud.agent.api.check.CheckSshCommand; import com.cloud.agent.api.proxy.CheckConsoleProxyLoadCommand; import com.cloud.agent.api.proxy.ConsoleProxyLoadAnswer; import com.cloud.agent.api.proxy.WatchConsoleProxyLoadCommand; -import com.cloud.agent.api.routing.IpAssocAnswer; import com.cloud.agent.api.routing.IpAssocCommand; +import com.cloud.agent.api.routing.IpAssocAnswer; import com.cloud.agent.api.routing.NetworkElementCommand; import com.cloud.agent.api.storage.CopyVolumeAnswer; import com.cloud.agent.api.storage.CopyVolumeCommand; @@ -877,6 +880,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv return execute((ModifyStoragePoolCommand) cmd); } else if (cmd instanceof SecurityIngressRulesCmd) { return execute((SecurityIngressRulesCmd) cmd); + } else if (cmd instanceof SecurityEgressRulesCmd) { + return execute((SecurityEgressRulesCmd) cmd); } else if (cmd instanceof DeleteStoragePoolCommand) { return execute((DeleteStoragePoolCommand) cmd); } else if (cmd instanceof FenceCommand ) { @@ -1583,7 +1588,7 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv return new SecurityIngressRuleAnswer(cmd, false, e.toString()); } - boolean result = add_network_rules(cmd.getVmName(), + boolean result = add_network_rules("ingress",cmd.getVmName(), Long.toString(cmd.getVmId()), cmd.getGuestIp(),cmd.getSignature(), Long.toString(cmd.getSeqNum()), @@ -1599,6 +1604,34 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv } } + private Answer execute(SecurityEgressRulesCmd cmd) { + String vif = null; + String brname = null; + try { + Connect conn = LibvirtConnection.getConnection(); + List nics = getInterfaces(conn, cmd.getVmName()); + vif = nics.get(0).getDevName(); + brname = nics.get(0).getBrName(); + } catch (LibvirtException e) { + return new SecurityEgressRuleAnswer(cmd, false, e.toString()); + } + + boolean result = add_network_rules("egress", cmd.getVmName(), + Long.toString(cmd.getVmId()), + cmd.getGuestIp(),cmd.getSignature(), + Long.toString(cmd.getSeqNum()), + cmd.getGuestMac(), + cmd.stringifyRules(), vif, brname); + + if (!result) { + s_logger.warn("Failed to program network rules for vm " + cmd.getVmName()); + return new SecurityEgressRuleAnswer(cmd, false, "programming network rules failed"); + } else { + s_logger.debug("Programmed network rules for vm " + cmd.getVmName() + " guestIp=" + cmd.getGuestIp() + ", numrules=" + cmd.getRuleSet().length); + return new SecurityEgressRuleAnswer(cmd); + } + } + private Answer execute(CleanupNetworkRulesCmd cmd) { boolean result = cleanup_rules(); return new Answer(cmd, result, ""); @@ -1979,7 +2012,6 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv } catch (Exception e) { } - get_rule_logs_for_vms(); return new RebootAnswer(cmd, null, bytesSent, bytesReceived, vncPort); } else { return new RebootAnswer(cmd, result); @@ -2463,7 +2495,9 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv } DiskDef disk = new DiskDef(); + disk.defFileBasedDisk(sourceFile, deviceId, DiskDef.diskBus.VIRTIO, DiskDef.diskFmtType.QCOW2); + String xml = disk.toString(); return attachOrDetachDevice(conn, attach, vmName, xml); } finally { @@ -3444,7 +3478,7 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv return true; } - private boolean add_network_rules(String vmName, String vmId, String guestIP, String sig, String seq, String mac, String rules, String vif, String brname) { + private boolean add_network_rules(String type, String vmName, String vmId, String guestIP, String sig, String seq, String mac, String rules, String vif, String brname) { if (!_can_bridge_firewall) { return false; } @@ -3455,6 +3489,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv cmd.add("--vmname", vmName); cmd.add("--vmid", vmId); cmd.add("--vmip", guestIP); + /* type of the rule : ingress or egress */ + cmd.add("--type", type); cmd.add("--sig", sig); cmd.add("--seq", seq); cmd.add("--vmmac", mac); diff --git a/core/src/com/cloud/network/security/SecurityGroupEgressRulesVO.java b/core/src/com/cloud/network/security/SecurityGroupEgressRulesVO.java new file mode 100644 index 00000000000..e4b269ecd76 --- /dev/null +++ b/core/src/com/cloud/network/security/SecurityGroupEgressRulesVO.java @@ -0,0 +1,141 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +package com.cloud.network.security; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.PrimaryKeyJoinColumn; +import javax.persistence.SecondaryTable; +import javax.persistence.Table; + +@Entity +@Table(name = ("security_group")) +@SecondaryTable(name = "security_egress_rule", join = "left", pkJoinColumns = { @PrimaryKeyJoinColumn(name = "id", referencedColumnName = "security_group_id") }) +public class SecurityGroupEgressRulesVO implements SecurityGroupRules { + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id") + private long id; + + @Column(name = "name") + private String name; + + @Column(name = "description") + private String description; + + @Column(name = "domain_id") + private Long domainId; + + @Column(name = "account_id") + private Long accountId; + + @Column(name = "id", table = "security_egress_rule", insertable = false, updatable = false) + private Long ruleId; + + @Column(name = "start_port", table = "security_egress_rule", insertable = false, updatable = false) + private int startPort; + + @Column(name = "end_port", table = "security_egress_rule", insertable = false, updatable = false) + private int endPort; + + @Column(name = "protocol", table = "security_egress_rule", insertable = false, updatable = false) + private String protocol; + + @Column(name = "allowed_network_id", table = "security_egress_rule", insertable = false, updatable = false, nullable = true) + private Long allowedNetworkId = null; + + @Column(name = "allowed_ip_cidr", table = "security_egress_rule", insertable = false, updatable = false, nullable = true) + private String allowedDestinationIpCidr = null; + + public SecurityGroupEgressRulesVO() { + } + + public SecurityGroupEgressRulesVO(long id, String name, String description, Long domainId, Long accountId, Long ruleId, int startPort, int endPort, String protocol, Long allowedNetworkId, + String allowedDestinationIpCidr) { + this.id = id; + this.name = name; + this.description = description; + this.domainId = domainId; + this.accountId = accountId; + this.ruleId = ruleId; + this.startPort = startPort; + this.endPort = endPort; + this.protocol = protocol; + this.allowedNetworkId = allowedNetworkId; + this.allowedDestinationIpCidr = allowedDestinationIpCidr; + } + + @Override + public long getId() { + return id; + } + + @Override + public String getName() { + return name; + } + + @Override + public String getDescription() { + return description; + } + + @Override + public Long getDomainId() { + return domainId; + } + + @Override + public Long getAccountId() { + return accountId; + } + + @Override + public Long getRuleId() { + return ruleId; + } + + @Override + public int getStartPort() { + return startPort; + } + + @Override + public int getEndPort() { + return endPort; + } + + @Override + public String getProtocol() { + return protocol; + } + + @Override + public Long getAllowedNetworkId() { + return allowedNetworkId; + } + + @Override + public String getAllowedSourceIpCidr() { /* FIXME: need to rename the method name, for this the interface need to change or need create a new interface */ + return allowedDestinationIpCidr; + } +} diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index 86c3efcbe34..a20926a774d 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -45,7 +45,6 @@ import com.cloud.api.response.CreateCmdResponse; import com.cloud.api.response.DiskOfferingResponse; import com.cloud.api.response.DomainResponse; import com.cloud.api.response.DomainRouterResponse; -import com.cloud.api.response.EgressRuleResponse; import com.cloud.api.response.EventResponse; import com.cloud.api.response.ExtractResponse; import com.cloud.api.response.FirewallResponse; @@ -54,6 +53,8 @@ import com.cloud.api.response.HostResponse; import com.cloud.api.response.IPAddressResponse; import com.cloud.api.response.IngressRuleResponse; import com.cloud.api.response.IngressRuleResultObject; +import com.cloud.api.response.EgressRuleResponse; +import com.cloud.api.response.EgressRuleResultObject; import com.cloud.api.response.InstanceGroupResponse; import com.cloud.api.response.IpForwardingRuleResponse; import com.cloud.api.response.ListResponse; @@ -119,8 +120,8 @@ import com.cloud.network.rules.FirewallRule; import com.cloud.network.rules.LoadBalancer; import com.cloud.network.rules.PortForwardingRule; import com.cloud.network.rules.StaticNatRule; -import com.cloud.network.security.EgressRule; import com.cloud.network.security.IngressRule; +import com.cloud.network.security.EgressRule; import com.cloud.network.security.SecurityGroup; import com.cloud.network.security.SecurityGroupRules; import com.cloud.offering.DiskOffering; @@ -165,10 +166,10 @@ import com.cloud.vm.VMInstanceVO; import com.cloud.vm.VirtualMachine; import com.cloud.vm.VirtualMachine.State; import com.cloud.vm.VirtualMachine.Type; -import com.cloud.vm.VmStats; import com.cloud.vm.dao.UserVmData; import com.cloud.vm.dao.UserVmData.NicData; import com.cloud.vm.dao.UserVmData.SecurityGroupData; +import com.cloud.vm.VmStats; public class ApiResponseHelper implements ResponseGenerator { @@ -452,7 +453,6 @@ public class ApiResponseHelper implements ResponseGenerator { offeringResponse.setDomain(ApiDBUtils.findDomainById(offering.getDomainId()).getName()); offeringResponse.setDomainId(offering.getDomainId()); } - offeringResponse.setNetworkRate(offering.getRateMbps()); offeringResponse.setHostTag(offering.getHostTag()); offeringResponse.setObjectName("serviceoffering"); @@ -1620,6 +1620,35 @@ public class ApiResponseHelper implements ResponseGenerator { } netGrpResponse.setIngressRules(ingressRulesResponse); } + List egressRules = networkGroup.getEgressRules(); + if ((egressRules != null) && !egressRules.isEmpty()) { + List egressRulesResponse = new ArrayList(); + + for (EgressRuleResultObject egressRule : egressRules) { + EgressRuleResponse egressData = new EgressRuleResponse(); + + egressData.setRuleId(egressRule.getId()); + egressData.setProtocol(egressRule.getProtocol()); + if ("icmp".equalsIgnoreCase(egressRule.getProtocol())) { + egressData.setIcmpType(egressRule.getStartPort()); + egressData.setIcmpCode(egressRule.getEndPort()); + } else { + egressData.setStartPort(egressRule.getStartPort()); + egressData.setEndPort(egressRule.getEndPort()); + } + + if (egressRule.getAllowedSecurityGroup() != null) { + egressData.setSecurityGroupName(egressRule.getAllowedSecurityGroup()); + egressData.setAccountName(egressRule.getAllowedSecGroupAcct()); + } else { + egressData.setCidr(egressRule.getAllowedDestinationIpCidr()); + } + + egressData.setObjectName("egressrule"); + egressRulesResponse.add(egressData); + } + netGrpResponse.setEgressRules(egressRulesResponse); + } netGrpResponse.setObjectName("securitygroup"); netGrpResponses.add(netGrpResponse); } @@ -2247,8 +2276,6 @@ public class ApiResponseHelper implements ResponseGenerator { response.setObjectName("project"); return response; } - - public FirewallResponse createFirewallResponse(FirewallRule fwRule) { FirewallResponse response = new FirewallResponse(); diff --git a/server/src/com/cloud/api/response/SecurityGroupResultObject.java b/server/src/com/cloud/api/response/SecurityGroupResultObject.java index 15050e492c1..221955b4238 100644 --- a/server/src/com/cloud/api/response/SecurityGroupResultObject.java +++ b/server/src/com/cloud/api/response/SecurityGroupResultObject.java @@ -26,6 +26,8 @@ import java.util.Map; import com.cloud.api.ApiDBUtils; import com.cloud.network.security.SecurityGroup; import com.cloud.network.security.SecurityGroupRules; +import com.cloud.network.security.SecurityGroupRulesVO; +import com.cloud.network.security.SecurityGroupEgressRulesVO; import com.cloud.serializer.Param; import com.cloud.user.Account; @@ -50,6 +52,9 @@ public class SecurityGroupResultObject { @Param(name = "ingressrules") private List ingressRules = null; + + @Param(name = "egressrules") + private List egressRules = null; public SecurityGroupResultObject() { } @@ -120,6 +125,14 @@ public class SecurityGroupResultObject { this.ingressRules = ingressRules; } + public List getEgressRules() { + return egressRules; + } + + public void setEgressRules(List egressRules) { + this.egressRules = egressRules; + } + public static List transposeNetworkGroups(List groups) { List resultObjects = new ArrayList(); Map allowedSecurityGroups = new HashMap(); @@ -127,6 +140,7 @@ public class SecurityGroupResultObject { if ((groups != null) && !groups.isEmpty()) { List ingressDataList = new ArrayList(); + List egressDataList = new ArrayList(); SecurityGroupResultObject currentGroup = null; List processedGroups = new ArrayList(); @@ -161,8 +175,13 @@ public class SecurityGroupResultObject { currentGroup = groupResult; } + SecurityGroupRulesVO dummyIngressobj=new SecurityGroupRulesVO(); + SecurityGroupEgressRulesVO dummyEgressobj=new SecurityGroupEgressRulesVO() ; +String str=dummyIngressobj.getClass().getName(); + +String s1=netGroupRule.getClass().getSimpleName(); - if (netGroupRule.getRuleId() != null) { + if (netGroupRule.getRuleId() != null && netGroupRule.getClass().getSimpleName().indexOf("SecurityGroupRulesVO") != -1) { // there's at least one ingress rule for this network group, add the ingress rule data IngressRuleResultObject ingressData = new IngressRuleResultObject(); ingressData.setEndPort(netGroupRule.getEndPort()); @@ -191,6 +210,34 @@ public class SecurityGroupResultObject { ingressData.setAllowedSourceIpCidr(netGroupRule.getAllowedSourceIpCidr()); } ingressDataList.add(ingressData); + }else if (netGroupRule.getRuleId() != null && netGroupRule.getClass().getSimpleName().indexOf("SecurityGroupEgressRulesVO") != -1) { + EgressRuleResultObject egressData = new EgressRuleResultObject(); + egressData.setEndPort(netGroupRule.getEndPort()); + egressData.setStartPort(netGroupRule.getStartPort()); + egressData.setId(netGroupRule.getRuleId()); + egressData.setProtocol(netGroupRule.getProtocol()); + + Long allowedSecurityGroupId = netGroupRule.getAllowedNetworkId(); + if (allowedSecurityGroupId != null) { + SecurityGroup allowedSecurityGroup = allowedSecurityGroups.get(allowedSecurityGroupId); + if (allowedSecurityGroup == null) { + allowedSecurityGroup = ApiDBUtils.findSecurityGroupById(allowedSecurityGroupId); + allowedSecurityGroups.put(allowedSecurityGroupId, allowedSecurityGroup); + } + + egressData.setAllowedSecurityGroup(allowedSecurityGroup.getName()); + + Account allowedAccount = accounts.get(allowedSecurityGroup.getAccountId()); + if (allowedAccount == null) { + allowedAccount = ApiDBUtils.findAccountById(allowedSecurityGroup.getAccountId()); + accounts.put(allowedAccount.getId(), allowedAccount); + } + + egressData.setAllowedSecGroupAcct(allowedAccount.getAccountName()); + } else if (netGroupRule.getAllowedSourceIpCidr() != null) { + egressData.setAllowedDestinationIpCidr(netGroupRule.getAllowedSourceIpCidr()); + } + egressDataList.add(egressData); } } diff --git a/server/src/com/cloud/configuration/DefaultComponentLibrary.java b/server/src/com/cloud/configuration/DefaultComponentLibrary.java index 06a3deaf174..de7610b2485 100755 --- a/server/src/com/cloud/configuration/DefaultComponentLibrary.java +++ b/server/src/com/cloud/configuration/DefaultComponentLibrary.java @@ -101,6 +101,7 @@ import com.cloud.network.security.dao.EgressRuleDaoImpl; import com.cloud.network.security.dao.IngressRuleDaoImpl; import com.cloud.network.security.dao.SecurityGroupDaoImpl; import com.cloud.network.security.dao.SecurityGroupRulesDaoImpl; +import com.cloud.network.security.dao.SecurityGroupEgressRulesDaoImpl; import com.cloud.network.security.dao.SecurityGroupVMMapDaoImpl; import com.cloud.network.security.dao.SecurityGroupWorkDaoImpl; import com.cloud.network.security.dao.VmRulesetLogDaoImpl; @@ -205,6 +206,7 @@ public class DefaultComponentLibrary extends ComponentLibraryBase implements Com addDao("EgressRuleDao", EgressRuleDaoImpl.class); addDao("SecurityGroupVMMapDao", SecurityGroupVMMapDaoImpl.class); addDao("SecurityGroupRulesDao", SecurityGroupRulesDaoImpl.class); + addDao("SecurityGroupEgressRulesDao", SecurityGroupEgressRulesDaoImpl.class); addDao("SecurityGroupWorkDao", SecurityGroupWorkDaoImpl.class); addDao("VmRulesetLogDao", VmRulesetLogDaoImpl.class); addDao("AlertDao", AlertDaoImpl.class); diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index cd43a6c10d9..789d6e99639 100755 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -73,6 +73,7 @@ import com.cloud.network.security.dao.EgressRuleDao; import com.cloud.network.security.dao.IngressRuleDao; import com.cloud.network.security.dao.SecurityGroupDao; import com.cloud.network.security.dao.SecurityGroupRulesDao; +import com.cloud.network.security.dao.SecurityGroupEgressRulesDao; import com.cloud.network.security.dao.SecurityGroupVMMapDao; import com.cloud.network.security.dao.SecurityGroupWorkDao; import com.cloud.network.security.dao.VmRulesetLogDao; @@ -125,6 +126,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG @Inject SecurityGroupRulesDao _securityGroupRulesDao; @Inject + SecurityGroupEgressRulesDao _securityGroupEgressRulesDao; + @Inject UserVmDao _userVMDao; @Inject AccountDao _accountDao; @@ -1299,7 +1302,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG } @Override - public List searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException { + public List searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException { Account caller = UserContext.current().getCaller(); Long domainId = cmd.getDomainId(); String accountName = cmd.getAccountName(); @@ -1338,7 +1341,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG accountId = caller.getId(); } - List securityRulesList = new ArrayList(); + List securityRulesList = new ArrayList(); + // List securityEgressRulesList = new ArrayList(); Filter searchFilter = new Filter(SecurityGroupVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); Object keyword = cmd.getKeyword(); @@ -1385,13 +1389,14 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG List securityGroups = _securityGroupDao.search(sc, searchFilter); for (SecurityGroupVO group : securityGroups) { securityRulesList.addAll(_securityGroupRulesDao.listSecurityRulesByGroupId(group.getId())); + securityRulesList.addAll(_securityGroupEgressRulesDao.listSecurityEgressRulesByGroupId(group.getId())); } return securityRulesList; } - private List listSecurityGroupRulesByVM(long vmId) { - List results = new ArrayList(); + private List listSecurityGroupRulesByVM(long vmId) { + List results = new ArrayList(); List networkGroupMappings = _securityGroupVMMapDao.listByInstanceId(vmId); if (networkGroupMappings != null) { for (SecurityGroupVMMapVO networkGroupMapping : networkGroupMappings) { diff --git a/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDao.java b/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDao.java new file mode 100644 index 00000000000..bba79b7eca7 --- /dev/null +++ b/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDao.java @@ -0,0 +1,53 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +package com.cloud.network.security.dao; + +import java.util.List; + +import com.cloud.network.security.SecurityGroupEgressRulesVO; +import com.cloud.utils.db.GenericDao; + +public interface SecurityGroupEgressRulesDao extends GenericDao { + /** + * List a security group and associated ingress rules + * @param accountId the account id of the owner of the security group + * @param groupName the name of the group for which to list rules + * @return the list of ingress rules associated with the security group (and security group info) + */ + List listSecurityGroupEgressRules(long accountId, String groupName); + + /** + * List security groups and associated ingress rules + * @param accountId the id of the account for which to list groups and associated rules + * @return the list of security groups with associated ingress rules + */ + List listSecurityGroupEgressRules(long accountId); + + /** + * List all security groups and associated ingress rules + * @return the list of security groups with associated ingress rules + */ + List listSecurityGroupEgressRules(); + + /** + * List all security rules belonging to the specific group + * @return the security group with associated ingress rules + */ + List listSecurityEgressRulesByGroupId(long groupId); +} diff --git a/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDaoImpl.java b/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDaoImpl.java new file mode 100644 index 00000000000..b92e0e1b031 --- /dev/null +++ b/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDaoImpl.java @@ -0,0 +1,85 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +package com.cloud.network.security.dao; + +import java.util.List; + +import javax.ejb.Local; + +import com.cloud.network.security.SecurityGroupEgressRulesVO; +import com.cloud.utils.db.Filter; +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; + +@Local(value={SecurityGroupEgressRulesDao.class}) +public class SecurityGroupEgressRulesDaoImpl extends GenericDaoBase implements SecurityGroupEgressRulesDao { + private SearchBuilder AccountGroupNameSearch; + private SearchBuilder AccountSearch; + private SearchBuilder GroupSearch; + + protected SecurityGroupEgressRulesDaoImpl() { + AccountGroupNameSearch = createSearchBuilder(); + AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ); + AccountGroupNameSearch.and("name", AccountGroupNameSearch.entity().getName(), SearchCriteria.Op.EQ); + AccountGroupNameSearch.done(); + + AccountSearch = createSearchBuilder(); + AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ); + AccountSearch.done(); + + GroupSearch = createSearchBuilder(); + GroupSearch.and("groupId", GroupSearch.entity().getId(), SearchCriteria.Op.EQ); + GroupSearch.done(); + + } + + @Override + public List listSecurityGroupEgressRules() { + Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null); + return listAll(searchFilter); + } + + @Override + public List listSecurityGroupEgressRules(long accountId, String groupName) { + Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null); + + SearchCriteria sc = AccountGroupNameSearch.create(); + sc.setParameters("accountId", accountId); + sc.setParameters("name", groupName); + return listBy(sc, searchFilter); + } + + @Override + public List listSecurityGroupEgressRules(long accountId) { + Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null); + SearchCriteria sc = AccountSearch.create(); + sc.setParameters("accountId", accountId); + return listBy(sc, searchFilter); + } + + + @Override + public List listSecurityEgressRulesByGroupId(long groupId) { + Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null); + SearchCriteria sc = GroupSearch.create(); + sc.setParameters("groupId", groupId); + return listBy(sc, searchFilter); + } +} diff --git a/server/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java b/server/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java index ed751ddc0e9..4d39e0d7f61 100644 --- a/server/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java +++ b/server/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java @@ -34,7 +34,6 @@ public class SecurityGroupRulesDaoImpl extends GenericDaoBase AccountSearch; private SearchBuilder GroupSearch; - protected SecurityGroupRulesDaoImpl() { AccountGroupNameSearch = createSearchBuilder(); AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ); @@ -74,7 +73,8 @@ public class SecurityGroupRulesDaoImpl extends GenericDaoBase sc = AccountSearch.create(); sc.setParameters("accountId", accountId); return listBy(sc, searchFilter); - } + } + @Override public List listSecurityRulesByGroupId(long groupId) {