@Override
public String getSecurityGroupsNamesForVm(long vmId) {
try {
List<SecurityGroupVMMapVO> networkGroupsToVmMap =
_securityGroupVMMapDao.listByInstanceId(vmId);
int size = 0;
int j = 0;
StringBuilder networkGroupNames = new StringBuilder();
if (networkGroupsToVmMap != null) {
size = networkGroupsToVmMap.size();
for (SecurityGroupVMMapVO nG : networkGroupsToVmMap) {
// get the group id and look up for the group name
SecurityGroupVO currentNetworkGroup = _securityGroupDao.findById(nG.getSecurityGroupId());
networkGroupNames.append(currentNetworkGroup.getName());
if (j < (size - 1)) {
networkGroupNames.append(",");
j++;
}
}
}
return networkGroupNames.toString();
} catch (Exception e) {
s_logger.warn("Error trying to get network groups for a vm: " + e);
return null;
}
}
protected List<Long> getAffectedVmsForVmStop(VMInstanceVO vm) {
List<Long> affectedVms = new ArrayList<Long>();
List<SecurityGroupVMMapVO> groupsForVm = _securityGroupVMMapDao.listByInstanceId(vm.getId());
// For each group, find the ingress rules that allow the group
for (SecurityGroupVMMapVO mapVO : groupsForVm) { // FIXME: use custom sql in the dao
List<IngressRuleVO> allowingRules =
_ingressRuleDao.listByAllowedSecurityGroupId(mapVO.getSecurityGroupId());
// For each ingress rule that allows a group that the vm belongs to, find the group it belongs
// to
affectedVms.addAll(getAffectedVmsForIngressRules(allowingRules));
}
return affectedVms;
}
@Override
public List<SecurityGroupVO> getSecurityGroupsForVm(long vmId) {
List<SecurityGroupVMMapVO> securityGroupsToVmMap =
_securityGroupVMMapDao.listByInstanceId(vmId);
List<SecurityGroupVO> secGrps = new ArrayList<SecurityGroupVO>();
if (securityGroupsToVmMap != null && securityGroupsToVmMap.size() > 0) {
for (SecurityGroupVMMapVO sG : securityGroupsToVmMap) {
SecurityGroupVO currSg = _securityGroupDao.findById(sG.getSecurityGroupId());
secGrps.add(currSg);
}
}
return secGrps;
}
private List<SecurityGroupRulesVO> listSecurityGroupRulesByVM(long vmId) {
List<SecurityGroupRulesVO> results = new ArrayList<SecurityGroupRulesVO>();
List<SecurityGroupVMMapVO> networkGroupMappings = _securityGroupVMMapDao.listByInstanceId(vmId);
if (networkGroupMappings != null) {
for (SecurityGroupVMMapVO networkGroupMapping : networkGroupMappings) {
SecurityGroupVO group =
_securityGroupDao.findById(networkGroupMapping.getSecurityGroupId());
List<SecurityGroupRulesVO> rules =
_securityGroupRulesDao.listSecurityGroupRules(
group.getAccountId(), networkGroupMapping.getGroupName());
if (rules != null) {
results.addAll(rules);
}
}
}
return results;
}
protected Map<PortAndProto, Set<String>> generateRulesForVM(Long userVmId) {
Map<PortAndProto, Set<String>> allowed = new TreeMap<PortAndProto, Set<String>>();
List<SecurityGroupVMMapVO> groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVmId);
for (SecurityGroupVMMapVO mapVO : groupsForVm) {
List<IngressRuleVO> rules = _ingressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId());
for (IngressRuleVO rule : rules) {
PortAndProto portAndProto =
new PortAndProto(rule.getProtocol(), rule.getStartPort(), rule.getEndPort());
Set<String> cidrs = allowed.get(portAndProto);
if (cidrs == null) {
cidrs = new TreeSet<String>(new CidrComparator());
}
if (rule.getAllowedNetworkId() != null) {
List<SecurityGroupVMMapVO> allowedInstances =
_securityGroupVMMapDao.listBySecurityGroup(rule.getAllowedNetworkId(), State.Running);
for (SecurityGroupVMMapVO ngmapVO : allowedInstances) {
Nic defaultNic = _networkMgr.getDefaultNic(ngmapVO.getInstanceId());
if (defaultNic != null) {
String cidr = defaultNic.getIp4Address();
cidr = cidr + "/32";
cidrs.add(cidr);
}
}
} else if (rule.getAllowedSourceIpCidr() != null) {
cidrs.add(rule.getAllowedSourceIpCidr());
}
if (cidrs.size() > 0) {
allowed.put(portAndProto, cidrs);
}
}
}
return allowed;
}
