@Override public String getSecurityGroupsNamesForVm(long vmId) { try { List<SecurityGroupVMMapVO> networkGroupsToVmMap = _securityGroupVMMapDao.listByInstanceId(vmId); int size = 0; int j = 0; StringBuilder networkGroupNames = new StringBuilder(); if (networkGroupsToVmMap != null) { size = networkGroupsToVmMap.size(); for (SecurityGroupVMMapVO nG : networkGroupsToVmMap) { // get the group id and look up for the group name SecurityGroupVO currentNetworkGroup = _securityGroupDao.findById(nG.getSecurityGroupId()); networkGroupNames.append(currentNetworkGroup.getName()); if (j < (size - 1)) { networkGroupNames.append(","); j++; } } } return networkGroupNames.toString(); } catch (Exception e) { s_logger.warn("Error trying to get network groups for a vm: " + e); return null; } }
protected List<Long> getAffectedVmsForVmStop(VMInstanceVO vm) { List<Long> affectedVms = new ArrayList<Long>(); List<SecurityGroupVMMapVO> groupsForVm = _securityGroupVMMapDao.listByInstanceId(vm.getId()); // For each group, find the ingress rules that allow the group for (SecurityGroupVMMapVO mapVO : groupsForVm) { // FIXME: use custom sql in the dao List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedSecurityGroupId(mapVO.getSecurityGroupId()); // For each ingress rule that allows a group that the vm belongs to, find the group it belongs // to affectedVms.addAll(getAffectedVmsForIngressRules(allowingRules)); } return affectedVms; }
@Override public List<SecurityGroupVO> getSecurityGroupsForVm(long vmId) { List<SecurityGroupVMMapVO> securityGroupsToVmMap = _securityGroupVMMapDao.listByInstanceId(vmId); List<SecurityGroupVO> secGrps = new ArrayList<SecurityGroupVO>(); if (securityGroupsToVmMap != null && securityGroupsToVmMap.size() > 0) { for (SecurityGroupVMMapVO sG : securityGroupsToVmMap) { SecurityGroupVO currSg = _securityGroupDao.findById(sG.getSecurityGroupId()); secGrps.add(currSg); } } return secGrps; }
private List<SecurityGroupRulesVO> listSecurityGroupRulesByVM(long vmId) { List<SecurityGroupRulesVO> results = new ArrayList<SecurityGroupRulesVO>(); List<SecurityGroupVMMapVO> networkGroupMappings = _securityGroupVMMapDao.listByInstanceId(vmId); if (networkGroupMappings != null) { for (SecurityGroupVMMapVO networkGroupMapping : networkGroupMappings) { SecurityGroupVO group = _securityGroupDao.findById(networkGroupMapping.getSecurityGroupId()); List<SecurityGroupRulesVO> rules = _securityGroupRulesDao.listSecurityGroupRules( group.getAccountId(), networkGroupMapping.getGroupName()); if (rules != null) { results.addAll(rules); } } } return results; }
protected Map<PortAndProto, Set<String>> generateRulesForVM(Long userVmId) { Map<PortAndProto, Set<String>> allowed = new TreeMap<PortAndProto, Set<String>>(); List<SecurityGroupVMMapVO> groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVmId); for (SecurityGroupVMMapVO mapVO : groupsForVm) { List<IngressRuleVO> rules = _ingressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId()); for (IngressRuleVO rule : rules) { PortAndProto portAndProto = new PortAndProto(rule.getProtocol(), rule.getStartPort(), rule.getEndPort()); Set<String> cidrs = allowed.get(portAndProto); if (cidrs == null) { cidrs = new TreeSet<String>(new CidrComparator()); } if (rule.getAllowedNetworkId() != null) { List<SecurityGroupVMMapVO> allowedInstances = _securityGroupVMMapDao.listBySecurityGroup(rule.getAllowedNetworkId(), State.Running); for (SecurityGroupVMMapVO ngmapVO : allowedInstances) { Nic defaultNic = _networkMgr.getDefaultNic(ngmapVO.getInstanceId()); if (defaultNic != null) { String cidr = defaultNic.getIp4Address(); cidr = cidr + "/32"; cidrs.add(cidr); } } } else if (rule.getAllowedSourceIpCidr() != null) { cidrs.add(rule.getAllowedSourceIpCidr()); } if (cidrs.size() > 0) { allowed.put(portAndProto, cidrs); } } } return allowed; }