From b6e54193702fcafbc97abf8057abd39841fccb9e Mon Sep 17 00:00:00 2001
From: abhi <abhinandan.prateek@citrix.com>
Date: Wed, 1 Feb 2012 18:08:32 +0530
Subject: [PATCH] bug 12899: checking if static nat rule is in place, throw
 error if there. Let the caller clear it first before assigning VM to another
 account

---
 .../src/com/cloud/vm/UserVmManagerImpl.java   | 46 ++++++++++---------
 1 file changed, 24 insertions(+), 22 deletions(-)

diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index c3742f12c81..27b7a44e1b7 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -119,6 +119,7 @@ import com.cloud.host.dao.HostDao;
 import com.cloud.hypervisor.Hypervisor.HypervisorType;
 import com.cloud.hypervisor.dao.HypervisorCapabilitiesDao;
 import com.cloud.network.IPAddressVO;
+import com.cloud.network.LoadBalancerVMMapVO;
 import com.cloud.network.Network;
 import com.cloud.network.Network.Provider;
 import com.cloud.network.Network.Service;
@@ -138,7 +139,9 @@ import com.cloud.network.router.VirtualNetworkApplianceManager;
 import com.cloud.network.rules.FirewallManager;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.network.rules.PortForwardingRuleVO;
 import com.cloud.network.rules.RulesManager;
+import com.cloud.network.rules.dao.PortForwardingRulesDao;
 import com.cloud.network.security.SecurityGroup;
 import com.cloud.network.security.SecurityGroupManager;
 import com.cloud.network.security.SecurityGroupVMMapVO;
@@ -274,6 +277,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
     @Inject
     protected LoadBalancerDao _loadBalancerDao = null;
     @Inject
+    protected PortForwardingRulesDao _portForwardingDao;
+    @Inject
     protected IPAddressDao _ipAddressDao = null;
     @Inject
     protected HostPodDao _podDao = null;
@@ -3276,32 +3281,29 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
         if (oldAccount.getAccountId() == newAccount.getAccountId()){
        	    throw new InvalidParameterValueException("The account should be same domain for moving VM between two accounts. Account id =" + oldAccount.getAccountId());
         }
+
         
-        // don't allow to move the vm if there are existing PF/LB/Static Nat rules, existing Security groups or vm is assigned to static Nat ip
+        // don't allow to move the vm if there are existing PF/LB/Static Nat rules, or vm is assigned to static Nat ip
+        List<PortForwardingRuleVO> pfrules = _portForwardingDao.listByVm(cmd.getVmId());
+        if (pfrules != null && pfrules.size() > 0){
+        	throw new InvalidParameterValueException("Remove the Port forwarding rules for this VM before assigning to another user.");
+        }
+        List<FirewallRuleVO> snrules = _rulesDao.listStaticNatByVmId(vm.getId());
+        if (snrules != null && snrules.size() > 0){
+        	throw new InvalidParameterValueException("Remove the StaticNat rules for this VM before assigning to another user.");
+        }
+        List<LoadBalancerVMMapVO> maps = _loadBalancerVMMapDao.listByInstanceId(vm.getId());
+        if (maps != null && maps.size() > 0) {
+        	throw new InvalidParameterValueException("Remove the load balancing rules for this VM before assigning to another user.");
+        }
+        // check for one on one nat
         IPAddressVO ip = _ipAddressDao.findByAssociatedVmId(cmd.getVmId());
         if (ip != null){
-	        List<FirewallRuleVO> firewall_rules = _rulesDao.listByIpAndPurposeAndNotRevoked(ip.getId(), FirewallRule.Purpose.Firewall);
-	        if (firewall_rules.size() > 0){
-	        	throw new InvalidParameterValueException("Remove the Firewall rules for this VM before assigning to another user.");
-	        }
-	        List<FirewallRuleVO> lb_rules = _rulesDao.listByIpAndPurposeAndNotRevoked(ip.getId(), FirewallRule.Purpose.LoadBalancing);
-	        if (lb_rules.size() > 0){
-	        	throw new InvalidParameterValueException("Remove the LoadBalancing rules for this VM before assigning to another user.");
-	        }
-	        List<FirewallRuleVO> nat_rules = _rulesDao.listByIpAndPurposeAndNotRevoked(ip.getId(), FirewallRule.Purpose.StaticNat);
-	        if (nat_rules.size() > 0){
-	        	throw new InvalidParameterValueException("Remove the StaticNat rules for this VM before assigning to another user.");
-	        }
-	        List<FirewallRuleVO> vpn_rules = _rulesDao.listByIpAndPurposeAndNotRevoked(ip.getId(), FirewallRule.Purpose.Vpn);
-	        if (vpn_rules.size() > 0){
-	        	throw new InvalidParameterValueException("Remove the Vpn rules for this VM before assigning to another user.");
-	        }
-	        List<SecurityGroupVMMapVO> securityGroupsToVmMap = _securityGroupVMMapDao.listByInstanceId(cmd.getVmId());
-	        if (securityGroupsToVmMap.size() > 0){
-	        	throw new InvalidParameterValueException("Remove the VM from security groups before assigning to another user.");
-	        }
+        	if (ip.isOneToOneNat()){
+        		throw new InvalidParameterValueException("Remove the one to one nat rule for this VM for ip " + ip.toString());
+        	}
         }
-
+        
         DataCenterVO zone = _dcDao.findById(vm.getDataCenterIdToDeployIn());
     
         //Remove vm from instance group