| // Licensed to the Apache Software Foundation (ASF) under one |
| // or more contributor license agreements. See the NOTICE file |
| // distributed with this work for additional information |
| // regarding copyright ownership. The ASF licenses this file |
| // to you under the Apache License, Version 2.0 (the |
| // "License"); you may not use this file except in compliance |
| // with the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, |
| // software distributed under the License is distributed on an |
| // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| // KIND, either express or implied. See the License for the |
| // specific language governing permissions and limitations |
| // under the License. |
| package com.cloud.api.query.dao; |
| |
| import java.util.ArrayList; |
| import java.util.HashSet; |
| import java.util.List; |
| import java.util.Set; |
| |
| import javax.inject.Inject; |
| |
| import org.apache.cloudstack.api.response.ResourceTagResponse; |
| import org.apache.cloudstack.api.response.SecurityGroupResponse; |
| import org.apache.cloudstack.api.response.SecurityGroupRuleResponse; |
| import org.apache.cloudstack.framework.config.dao.ConfigurationDao; |
| import org.apache.log4j.Logger; |
| import org.springframework.stereotype.Component; |
| |
| import com.cloud.api.ApiDBUtils; |
| import com.cloud.api.ApiResponseHelper; |
| import com.cloud.api.query.vo.ResourceTagJoinVO; |
| import com.cloud.api.query.vo.SecurityGroupJoinVO; |
| import com.cloud.network.security.SecurityGroup; |
| import com.cloud.network.security.SecurityGroupVMMapVO; |
| import com.cloud.network.security.SecurityRule.SecurityRuleType; |
| import com.cloud.network.security.dao.SecurityGroupVMMapDao; |
| import com.cloud.server.ResourceTag; |
| import com.cloud.user.Account; |
| import com.cloud.utils.db.GenericDaoBase; |
| import com.cloud.utils.db.SearchBuilder; |
| import com.cloud.utils.db.SearchCriteria; |
| import com.cloud.vm.UserVmVO; |
| import com.cloud.vm.dao.UserVmDao; |
| |
| @Component |
| public class SecurityGroupJoinDaoImpl extends GenericDaoBase<SecurityGroupJoinVO, Long> implements SecurityGroupJoinDao { |
| public static final Logger s_logger = Logger.getLogger(SecurityGroupJoinDaoImpl.class); |
| |
| @Inject |
| private ConfigurationDao _configDao; |
| @Inject |
| private ResourceTagJoinDao _resourceTagJoinDao; |
| @Inject |
| private SecurityGroupVMMapDao _securityGroupVMMapDao; |
| @Inject |
| private UserVmDao _userVmDao; |
| |
| private final SearchBuilder<SecurityGroupJoinVO> sgSearch; |
| |
| private final SearchBuilder<SecurityGroupJoinVO> sgIdSearch; |
| |
| protected SecurityGroupJoinDaoImpl() { |
| |
| sgSearch = createSearchBuilder(); |
| sgSearch.and("idIN", sgSearch.entity().getId(), SearchCriteria.Op.IN); |
| sgSearch.done(); |
| |
| sgIdSearch = createSearchBuilder(); |
| sgIdSearch.and("id", sgIdSearch.entity().getId(), SearchCriteria.Op.EQ); |
| sgIdSearch.done(); |
| |
| this._count = "select count(distinct id) from security_group_view WHERE "; |
| } |
| |
| @Override |
| public SecurityGroupResponse newSecurityGroupResponse(SecurityGroupJoinVO vsg, Account caller) { |
| SecurityGroupResponse sgResponse = new SecurityGroupResponse(); |
| sgResponse.setId(vsg.getUuid()); |
| sgResponse.setName(vsg.getName()); |
| sgResponse.setDescription(vsg.getDescription()); |
| |
| ApiResponseHelper.populateOwner(sgResponse, vsg); |
| |
| Long rule_id = vsg.getRuleId(); |
| if (rule_id != null && rule_id.longValue() > 0) { |
| SecurityGroupRuleResponse ruleData = new SecurityGroupRuleResponse(); |
| ruleData.setRuleId(vsg.getRuleUuid()); |
| ruleData.setProtocol(vsg.getRuleProtocol()); |
| |
| if ("icmp".equalsIgnoreCase(vsg.getRuleProtocol())) { |
| ruleData.setIcmpType(vsg.getRuleStartPort()); |
| ruleData.setIcmpCode(vsg.getRuleEndPort()); |
| } else { |
| ruleData.setStartPort(vsg.getRuleStartPort()); |
| ruleData.setEndPort(vsg.getRuleEndPort()); |
| } |
| |
| if (vsg.getRuleAllowedNetworkId() != null) { |
| List<SecurityGroupJoinVO> sgs = this.searchByIds(vsg.getRuleAllowedNetworkId()); |
| if (sgs != null && sgs.size() > 0) { |
| SecurityGroupJoinVO sg = sgs.get(0); |
| ruleData.setSecurityGroupName(sg.getName()); |
| ruleData.setAccountName(sg.getAccountName()); |
| } |
| } else { |
| ruleData.setCidr(vsg.getRuleAllowedSourceIpCidr()); |
| } |
| |
| // list the tags by rule uuid |
| List<ResourceTagJoinVO> tags = _resourceTagJoinDao.listBy(vsg.getRuleUuid(), ResourceTag.ResourceObjectType.SecurityGroupRule); |
| Set<ResourceTagResponse> tagResponse = new HashSet<ResourceTagResponse>(); |
| for (ResourceTagJoinVO tag: tags) { |
| tagResponse.add(ApiDBUtils.newResourceTagResponse(tag, false)); |
| } |
| |
| // add the tags to the rule data |
| ruleData.setTags(tagResponse); |
| |
| if (vsg.getRuleType() == SecurityRuleType.IngressRule) { |
| ruleData.setObjectName("ingressrule"); |
| sgResponse.addSecurityGroupIngressRule(ruleData); |
| } else { |
| ruleData.setObjectName("egressrule"); |
| sgResponse.addSecurityGroupEgressRule(ruleData); |
| } |
| } |
| |
| List<SecurityGroupVMMapVO> securityGroupVmMap = _securityGroupVMMapDao.listBySecurityGroup(vsg.getId()); |
| s_logger.debug("newSecurityGroupResponse() -> virtualmachine count: " + securityGroupVmMap.size()); |
| sgResponse.setVirtualMachineCount(securityGroupVmMap.size()); |
| |
| for(SecurityGroupVMMapVO securityGroupVMMapVO : securityGroupVmMap) { |
| final UserVmVO userVmVO = _userVmDao.findById(securityGroupVMMapVO.getInstanceId()); |
| if (userVmVO != null) { |
| sgResponse.addVirtualMachineId(userVmVO.getUuid()); |
| } |
| } |
| |
| // update tag information |
| Long tag_id = vsg.getTagId(); |
| if (tag_id != null && tag_id.longValue() > 0) { |
| ResourceTagJoinVO vtag = ApiDBUtils.findResourceTagViewById(tag_id); |
| if (vtag != null) { |
| sgResponse.addTag(ApiDBUtils.newResourceTagResponse(vtag, false)); |
| } |
| } |
| |
| // set async job |
| if (vsg.getJobId() != null) { |
| sgResponse.setJobId(vsg.getJobUuid()); |
| sgResponse.setJobStatus(vsg.getJobStatus()); |
| } |
| |
| sgResponse.setObjectName("securitygroup"); |
| |
| return sgResponse; |
| } |
| |
| @Override |
| public SecurityGroupResponse setSecurityGroupResponse(SecurityGroupResponse vsgData, SecurityGroupJoinVO vsg) { |
| Long rule_id = vsg.getRuleId(); |
| if (rule_id != null && rule_id.longValue() > 0) { |
| SecurityGroupRuleResponse ruleData = new SecurityGroupRuleResponse(); |
| ruleData.setRuleId(vsg.getRuleUuid()); |
| ruleData.setProtocol(vsg.getRuleProtocol()); |
| |
| if ("icmp".equalsIgnoreCase(vsg.getRuleProtocol())) { |
| ruleData.setIcmpType(vsg.getRuleStartPort()); |
| ruleData.setIcmpCode(vsg.getRuleEndPort()); |
| } else { |
| ruleData.setStartPort(vsg.getRuleStartPort()); |
| ruleData.setEndPort(vsg.getRuleEndPort()); |
| } |
| |
| if (vsg.getRuleAllowedNetworkId() != null) { |
| List<SecurityGroupJoinVO> sgs = this.searchByIds(vsg.getRuleAllowedNetworkId()); |
| if (sgs != null && sgs.size() > 0) { |
| SecurityGroupJoinVO sg = sgs.get(0); |
| ruleData.setSecurityGroupName(sg.getName()); |
| ruleData.setAccountName(sg.getAccountName()); |
| } |
| } else { |
| ruleData.setCidr(vsg.getRuleAllowedSourceIpCidr()); |
| } |
| |
| // add the tags to the rule data |
| List<ResourceTagJoinVO> tags = _resourceTagJoinDao.listBy(vsg.getRuleUuid(), ResourceTag.ResourceObjectType.SecurityGroupRule); |
| Set<ResourceTagResponse> tagResponse = new HashSet<ResourceTagResponse>(); |
| for (ResourceTagJoinVO tag: tags) { |
| tagResponse.add(ApiDBUtils.newResourceTagResponse(tag, false)); |
| } |
| |
| // add the tags to the rule data |
| ruleData.setTags(tagResponse); |
| |
| if (vsg.getRuleType() == SecurityRuleType.IngressRule) { |
| ruleData.setObjectName("ingressrule"); |
| vsgData.addSecurityGroupIngressRule(ruleData); |
| } else { |
| ruleData.setObjectName("egressrule"); |
| vsgData.addSecurityGroupEgressRule(ruleData); |
| } |
| } |
| |
| // update tag information |
| Long tag_id = vsg.getTagId(); |
| if (tag_id != null && tag_id.longValue() > 0) { |
| ResourceTagJoinVO vtag = ApiDBUtils.findResourceTagViewById(tag_id); |
| if (vtag != null) { |
| vsgData.addTag(ApiDBUtils.newResourceTagResponse(vtag, false)); |
| } |
| } |
| return vsgData; |
| } |
| |
| @Override |
| public List<SecurityGroupJoinVO> newSecurityGroupView(SecurityGroup sg) { |
| |
| SearchCriteria<SecurityGroupJoinVO> sc = sgIdSearch.create(); |
| sc.setParameters("id", sg.getId()); |
| return searchIncludingRemoved(sc, null, null, false); |
| } |
| |
| @Override |
| public List<SecurityGroupJoinVO> searchByIds(Long... sgIds) { |
| // set detail batch query size |
| int DETAILS_BATCH_SIZE = 2000; |
| String batchCfg = _configDao.getValue("detail.batch.query.size"); |
| if (batchCfg != null) { |
| DETAILS_BATCH_SIZE = Integer.parseInt(batchCfg); |
| } |
| // query details by batches |
| List<SecurityGroupJoinVO> uvList = new ArrayList<SecurityGroupJoinVO>(); |
| // query details by batches |
| int curr_index = 0; |
| if (sgIds.length > DETAILS_BATCH_SIZE) { |
| while ((curr_index + DETAILS_BATCH_SIZE) <= sgIds.length) { |
| Long[] ids = new Long[DETAILS_BATCH_SIZE]; |
| for (int k = 0, j = curr_index; j < curr_index + DETAILS_BATCH_SIZE; j++, k++) { |
| ids[k] = sgIds[j]; |
| } |
| SearchCriteria<SecurityGroupJoinVO> sc = sgSearch.create(); |
| sc.setParameters("idIN", ids); |
| List<SecurityGroupJoinVO> vms = searchIncludingRemoved(sc, null, null, false); |
| if (vms != null) { |
| uvList.addAll(vms); |
| } |
| curr_index += DETAILS_BATCH_SIZE; |
| } |
| } |
| if (curr_index < sgIds.length) { |
| int batch_size = (sgIds.length - curr_index); |
| // set the ids value |
| Long[] ids = new Long[batch_size]; |
| for (int k = 0, j = curr_index; j < curr_index + batch_size; j++, k++) { |
| ids[k] = sgIds[j]; |
| } |
| SearchCriteria<SecurityGroupJoinVO> sc = sgSearch.create(); |
| sc.setParameters("idIN", ids); |
| List<SecurityGroupJoinVO> vms = searchIncludingRemoved(sc, null, null, false); |
| if (vms != null) { |
| uvList.addAll(vms); |
| } |
| } |
| return uvList; |
| } |
| } |