You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2012/12/04 11:02:55 UTC
[17/55] [abbrv] git commit: api_refactor: refactor security group
(sg) apis
api_refactor: refactor security group (sg) apis
- Fix refactored apis, fix mapping in commands*.in
- Fix comments etc.
Signed-off-by: Rohit Yadav <bh...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/0df9538f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/0df9538f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/0df9538f
Branch: refs/heads/api_refactoring
Commit: 0df9538fb7b335a92c5fb764589e37c0b45f952e
Parents: 3e0b216
Author: Rohit Yadav <bh...@apache.org>
Authored: Mon Dec 3 23:11:17 2012 -0800
Committer: Rohit Yadav <bh...@apache.org>
Committed: Mon Dec 3 23:11:17 2012 -0800
----------------------------------------------------------------------
.../commands/AuthorizeSecurityGroupEgressCmd.java | 228 --------------
.../commands/AuthorizeSecurityGroupIngressCmd.java | 237 ---------------
.../cloud/api/commands/CreateSecurityGroupCmd.java | 123 --------
.../cloud/api/commands/DeleteSecurityGroupCmd.java | 131 --------
.../cloud/api/commands/ListSecurityGroupsCmd.java | 92 ------
.../api/commands/RevokeSecurityGroupEgressCmd.java | 109 -------
.../commands/RevokeSecurityGroupIngressCmd.java | 109 -------
.../network/security/SecurityGroupService.java | 11 +-
.../command/AuthorizeSecurityGroupEgressCmd.java | 228 ++++++++++++++
.../command/AuthorizeSecurityGroupIngressCmd.java | 237 +++++++++++++++
.../user/sg/command/CreateSecurityGroupCmd.java | 123 ++++++++
.../user/sg/command/DeleteSecurityGroupCmd.java | 131 ++++++++
.../api/user/sg/command/ListSecurityGroupsCmd.java | 92 ++++++
.../sg/command/RevokeSecurityGroupEgressCmd.java | 109 +++++++
.../sg/command/RevokeSecurityGroupIngressCmd.java | 109 +++++++
client/tomcatconf/commands.properties.in | 14 +-
.../network/security/SecurityGroupManagerImpl.java | 13 +-
17 files changed, 1046 insertions(+), 1050 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/com/cloud/api/commands/AuthorizeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/AuthorizeSecurityGroupEgressCmd.java b/api/src/com/cloud/api/commands/AuthorizeSecurityGroupEgressCmd.java
deleted file mode 100644
index 3abed2a..0000000
--- a/api/src/com/cloud/api/commands/AuthorizeSecurityGroupEgressCmd.java
+++ /dev/null
@@ -1,228 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import org.apache.log4j.Logger;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import com.cloud.api.response.SecurityGroupRuleResponse;
-import com.cloud.api.response.SecurityGroupResponse;
-import com.cloud.async.AsyncJob;
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.network.security.SecurityRule;
-import com.cloud.user.UserContext;
-import com.cloud.utils.StringUtils;
-
-@Implementation(responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular egress rule for this security group", since="3.0.0")
-@SuppressWarnings("rawtypes")
-public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName());
-
- private static final String s_name = "authorizesecuritygroupegressresponse";
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "TCP is default. UDP is the other supported protocol")
- private String protocol;
-
- @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "start port for this egress rule")
- private Integer startPort;
-
- @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "end port for this egress rule")
- private Integer endPort;
-
- @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the icmp message being sent")
- private Integer icmpType;
-
- @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this icmp message")
- private Integer icmpCode;
-
- @Parameter(name=ApiConstants.CIDR_LIST, type=CommandType.LIST, collectionType=CommandType.STRING, description="the cidr list associated")
- private List<String> cidrList;
-
- @Parameter(name = ApiConstants.USER_SECURITY_GROUP_LIST, type = CommandType.MAP, description = "user to security group mapping")
- private Map userSecurityGroupList;
-
- @IdentityMapper(entityTableName="domain")
- @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the security group. If the account parameter is used, domainId must also be used.")
- private Long domainId;
-
- @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the security group. Must be used with domainId.")
- private String accountName;
-
- @IdentityMapper(entityTableName="projects")
- @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="an optional project of the security group")
- private Long projectId;
-
- @IdentityMapper(entityTableName="security_group")
- @Parameter(name=ApiConstants.SECURITY_GROUP_ID, type=CommandType.LONG, description="The ID of the security group. Mutually exclusive with securityGroupName parameter")
- private Long securityGroupId;
-
- @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="The name of the security group. Mutually exclusive with securityGroupName parameter")
- private String securityGroupName;
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public List<String> getCidrList() {
- return cidrList;
- }
-
- public Integer getEndPort() {
- return endPort;
- }
-
- public Integer getIcmpCode() {
- return icmpCode;
- }
-
- public Integer getIcmpType() {
- return icmpType;
- }
-
- public Long getSecurityGroupId() {
- if (securityGroupId != null && securityGroupName != null) {
- throw new InvalidParameterValueException("securityGroupId and securityGroupName parameters are mutually exclusive");
- }
-
- if (securityGroupName != null) {
- securityGroupId = _responseGenerator.getSecurityGroupId(securityGroupName, getEntityOwnerId());
- if (securityGroupId == null) {
- throw new InvalidParameterValueException("Unable to find security group " + securityGroupName + " for account id=" + getEntityOwnerId());
- }
- securityGroupName = null;
- }
-
- if (securityGroupId == null) {
- throw new InvalidParameterValueException("Either securityGroupId or securityGroupName is required by authorizeSecurityGroupIngress command");
- }
-
- return securityGroupId;
- }
-
- public String getProtocol() {
- if (protocol == null) {
- return "all";
- }
- return protocol;
- }
-
- public Integer getStartPort() {
- return startPort;
- }
-
- public Map getUserSecurityGroupList() {
- return userSecurityGroupList;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- public static String getResultObjectName() {
- return "securitygroup";
- }
-
- @Override
- public long getEntityOwnerId() {
- Long accountId = finalyzeAccountId(accountName, domainId, projectId, true);
- if (accountId == null) {
- return UserContext.current().getCaller().getId();
- }
-
- return accountId;
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_SECURITY_GROUP_AUTHORIZE_EGRESS;
- }
-
- @Override
- public String getEventDescription() {
- StringBuilder sb = new StringBuilder();
- if (getUserSecurityGroupList() != null) {
- sb.append("group list(group/account): ");
- Collection userGroupCollection = getUserSecurityGroupList().values();
- Iterator iter = userGroupCollection.iterator();
-
- HashMap userGroup = (HashMap) iter.next();
- String group = (String) userGroup.get("group");
- String authorizedAccountName = (String) userGroup.get("account");
- sb.append(group + "/" + authorizedAccountName);
-
- while (iter.hasNext()) {
- userGroup = (HashMap) iter.next();
- group = (String) userGroup.get("group");
- authorizedAccountName = (String) userGroup.get("account");
- sb.append(", " + group + "/" + authorizedAccountName);
- }
- } else if (getCidrList() != null) {
- sb.append("cidr list: ");
- sb.append(StringUtils.join(getCidrList(), ", "));
- } else {
- sb.append("<error: no egress parameters>");
- }
-
- return "authorizing egress to group: " + getSecurityGroupId() + " to " + sb.toString();
- }
-
- @Override
- public void execute() {
- List<? extends SecurityRule> egressRules = _securityGroupService.authorizeSecurityGroupEgress(this);
- if (egressRules != null && !egressRules.isEmpty()) {
- SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponseFromSecurityGroupRule(egressRules);
- this.setResponseObject(response);
- } else {
- throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize security group egress rule(s)");
- }
-
- }
-
- @Override
- public AsyncJob.Type getInstanceType() {
- return AsyncJob.Type.SecurityGroup;
- }
-
- @Override
- public Long getInstanceId() {
- return getSecurityGroupId();
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java b/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java
deleted file mode 100644
index dc8e605..0000000
--- a/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java
+++ /dev/null
@@ -1,237 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import com.cloud.api.response.SecurityGroupResponse;
-import com.cloud.api.response.SecurityGroupRuleResponse;
-import com.cloud.async.AsyncJob;
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.network.security.SecurityRule;
-import com.cloud.user.UserContext;
-import com.cloud.utils.StringUtils;
-import com.cloud.utils.net.NetUtils;
-
-@Implementation(responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular ingress rule for this security group")
-@SuppressWarnings("rawtypes")
-public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName());
-
- private static final String s_name = "authorizesecuritygroupingressresponse";
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "TCP is default. UDP is the other supported protocol")
- private String protocol;
-
- @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "start port for this ingress rule")
- private Integer startPort;
-
- @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "end port for this ingress rule")
- private Integer endPort;
-
- @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the icmp message being sent")
- private Integer icmpType;
-
- @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this icmp message")
- private Integer icmpCode;
-
- @Parameter(name=ApiConstants.CIDR_LIST, type=CommandType.LIST, collectionType=CommandType.STRING, description="the cidr list associated")
- private List<String> cidrList;
-
- @Parameter(name = ApiConstants.USER_SECURITY_GROUP_LIST, type = CommandType.MAP, description = "user to security group mapping")
- private Map userSecurityGroupList;
-
- @IdentityMapper(entityTableName="domain")
- @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the security group. If the account parameter is used, domainId must also be used.")
- private Long domainId;
-
- @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the security group. Must be used with domainId.")
- private String accountName;
-
- @IdentityMapper(entityTableName="projects")
- @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="an optional project of the security group")
- private Long projectId;
-
- @IdentityMapper(entityTableName="security_group")
- @Parameter(name=ApiConstants.SECURITY_GROUP_ID, type=CommandType.LONG, description="The ID of the security group. Mutually exclusive with securityGroupName parameter")
- private Long securityGroupId;
-
- @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="The name of the security group. Mutually exclusive with securityGroupName parameter")
- private String securityGroupName;
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public List<String> getCidrList() {
- return cidrList;
- }
-
- public Integer getEndPort() {
- return endPort;
- }
-
- public Integer getIcmpCode() {
- return icmpCode;
- }
-
- public Integer getIcmpType() {
- return icmpType;
- }
-
- public Long getSecurityGroupId() {
- if (securityGroupId != null && securityGroupName != null) {
- throw new InvalidParameterValueException("securityGroupId and securityGroupName parameters are mutually exclusive");
- }
-
- if (securityGroupName != null) {
- securityGroupId = _responseGenerator.getSecurityGroupId(securityGroupName, getEntityOwnerId());
- if (securityGroupId == null) {
- throw new InvalidParameterValueException("Unable to find security group " + securityGroupName + " for account id=" + getEntityOwnerId());
- }
- securityGroupName = null;
- }
-
- if (securityGroupId == null) {
- throw new InvalidParameterValueException("Either securityGroupId or securityGroupName is required by authorizeSecurityGroupIngress command");
- }
-
- return securityGroupId;
- }
-
- public String getProtocol() {
- if (protocol == null) {
- return "all";
- }
- return protocol;
- }
-
- public Integer getStartPort() {
- return startPort;
- }
-
- public Map getUserSecurityGroupList() {
- return userSecurityGroupList;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- public static String getResultObjectName() {
- return "securitygroup";
- }
-
- @Override
- public long getEntityOwnerId() {
- Long accountId = finalyzeAccountId(accountName, domainId, projectId, true);
- if (accountId == null) {
- return UserContext.current().getCaller().getId();
- }
-
- return accountId;
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS;
- }
-
- @Override
- public String getEventDescription() {
- StringBuilder sb = new StringBuilder();
- if (getUserSecurityGroupList() != null) {
- sb.append("group list(group/account): ");
- Collection userGroupCollection = getUserSecurityGroupList().values();
- Iterator iter = userGroupCollection.iterator();
-
- HashMap userGroup = (HashMap) iter.next();
- String group = (String) userGroup.get("group");
- String authorizedAccountName = (String) userGroup.get("account");
- sb.append(group + "/" + authorizedAccountName);
-
- while (iter.hasNext()) {
- userGroup = (HashMap) iter.next();
- group = (String) userGroup.get("group");
- authorizedAccountName = (String) userGroup.get("account");
- sb.append(", " + group + "/" + authorizedAccountName);
- }
- } else if (getCidrList() != null) {
- sb.append("cidr list: ");
- sb.append(StringUtils.join(getCidrList(), ", "));
- } else {
- sb.append("<error: no ingress parameters>");
- }
-
- return "authorizing ingress to group: " + getSecurityGroupId() + " to " + sb.toString();
- }
-
- @Override
- public void execute() {
- if(cidrList != null){
- for(String cidr : cidrList ){
- if (!NetUtils.isValidCIDR(cidr)){
- throw new ServerApiException(BaseCmd.PARAM_ERROR, cidr + " is an Invalid CIDR ");
- }
- }
- }
- List<? extends SecurityRule> ingressRules = _securityGroupService.authorizeSecurityGroupIngress(this);
- if (ingressRules != null && !ingressRules.isEmpty()) {
- SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponseFromSecurityGroupRule(ingressRules);
- this.setResponseObject(response);
- } else {
- throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize security group ingress rule(s)");
- }
- }
-
- @Override
- public AsyncJob.Type getInstanceType() {
- return AsyncJob.Type.SecurityGroup;
- }
-
- @Override
- public Long getInstanceId() {
- return getSecurityGroupId();
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java b/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java
deleted file mode 100644
index ddd4bfb..0000000
--- a/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java
+++ /dev/null
@@ -1,123 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import com.cloud.api.response.SecurityGroupResponse;
-import com.cloud.network.security.SecurityGroup;
-import com.cloud.user.Account;
-import com.cloud.user.UserContext;
-
-@Implementation(responseObject = SecurityGroupResponse.class, description = "Creates a security group")
-public class CreateSecurityGroupCmd extends BaseCmd {
- public static final Logger s_logger = Logger.getLogger(CreateSecurityGroupCmd.class.getName());
-
- private static final String s_name = "createsecuritygroupresponse";
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an optional account for the security group. Must be used with domainId.")
- private String accountName;
-
- @IdentityMapper(entityTableName = "domain")
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.LONG, description = "an optional domainId for the security group. If the account parameter is used, domainId must also be used.")
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "the description of the security group")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the security group")
- private String securityGroupName;
-
- @IdentityMapper(entityTableName = "projects")
- @Parameter(name = ApiConstants.PROJECT_ID, type = CommandType.LONG, description = "Deploy vm for the project")
- private Long projectId;
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getSecurityGroupName() {
- return securityGroupName;
- }
-
- public Long getProjectId() {
- return projectId;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = UserContext.current().getCaller();
- if ((account == null) || isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are
-// tracked
- }
-
- @Override
- public void execute() {
- SecurityGroup group = _securityGroupService.createSecurityGroup(this);
- if (group != null) {
- SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponse(group);
- response.setResponseName(getCommandName());
- this.setResponseObject(response);
- } else {
- throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create security group");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java b/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java
deleted file mode 100644
index 27d1270..0000000
--- a/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java
+++ /dev/null
@@ -1,131 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import com.cloud.api.response.SuccessResponse;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.ResourceInUseException;
-import com.cloud.user.UserContext;
-
-@Implementation(description="Deletes security group", responseObject=SuccessResponse.class)
-public class DeleteSecurityGroupCmd extends BaseCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteSecurityGroupCmd.class.getName());
- private static final String s_name = "deletesecuritygroupresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account of the security group. Must be specified with domain ID")
- private String accountName;
-
- @IdentityMapper(entityTableName="domain")
- @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID of account owning the security group")
- private Long domainId;
-
- @IdentityMapper(entityTableName="projects")
- @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="the project of the security group")
- private Long projectId;
-
- @IdentityMapper(entityTableName="security_group")
- @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="The ID of the security group. Mutually exclusive with name parameter")
- private Long id;
-
- @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, description="The ID of the security group. Mutually exclusive with id parameter")
- private String name;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public Long getProjectId() {
- return projectId;
- }
-
- public Long getId() {
- if (id != null && name != null) {
- throw new InvalidParameterValueException("name and id parameters are mutually exclusive");
- }
-
- if (name != null) {
- id = _responseGenerator.getSecurityGroupId(name, getEntityOwnerId());
- if (id == null) {
- throw new InvalidParameterValueException("Unable to find security group by name " + name + " for the account id=" + getEntityOwnerId());
- }
- }
-
- if (id == null) {
- throw new InvalidParameterValueException("Either id or name parameter is requred by deleteSecurityGroup command");
- }
-
- return id;
- }
-
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Long accountId = finalyzeAccountId(accountName, domainId, projectId, true);
- if (accountId == null) {
- return UserContext.current().getCaller().getId();
- }
-
- return accountId;
- }
-
- @Override
- public void execute(){
- try{
- boolean result = _securityGroupService.deleteSecurityGroup(this);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- this.setResponseObject(response);
- } else {
- throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete security group");
- }
- } catch (ResourceInUseException ex) {
- s_logger.warn("Exception: ", ex);
- throw new ServerApiException(BaseCmd.RESOURCE_IN_USE_ERROR, ex.getMessage());
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java b/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java
deleted file mode 100644
index 9211741..0000000
--- a/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java
+++ /dev/null
@@ -1,92 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import com.cloud.api.response.ListResponse;
-import com.cloud.api.response.SecurityGroupResponse;
-import com.cloud.async.AsyncJob;
-import com.cloud.network.security.SecurityGroupRules;
-
-
-@Implementation(description="Lists security groups", responseObject=SecurityGroupResponse.class)
-public class ListSecurityGroupsCmd extends BaseListTaggedResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListSecurityGroupsCmd.class.getName());
-
- private static final String s_name = "listsecuritygroupsresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="lists security groups by name")
- private String securityGroupName;
-
- @IdentityMapper(entityTableName="vm_instance")
- @Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, description="lists security groups by virtual machine id")
- private Long virtualMachineId;
-
- @IdentityMapper(entityTableName="security_group")
- @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="list the security group by the id provided")
- private Long id;
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
- public String getSecurityGroupName() {
- return securityGroupName;
- }
-
- public Long getVirtualMachineId() {
- return virtualMachineId;
- }
-
- public Long getId(){
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
- List<? extends SecurityGroupRules> securityGroups = _securityGroupService.searchForSecurityGroupRules(this);
-
- ListResponse<SecurityGroupResponse> response = _responseGenerator.createSecurityGroupResponses(securityGroups);
- response.setResponseName(getCommandName());
- this.setResponseObject(response);
- }
-
- @Override
- public AsyncJob.Type getInstanceType() {
- return AsyncJob.Type.SecurityGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/com/cloud/api/commands/RevokeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/RevokeSecurityGroupEgressCmd.java b/api/src/com/cloud/api/commands/RevokeSecurityGroupEgressCmd.java
deleted file mode 100644
index d6b6f6c..0000000
--- a/api/src/com/cloud/api/commands/RevokeSecurityGroupEgressCmd.java
+++ /dev/null
@@ -1,109 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import com.cloud.api.response.SuccessResponse;
-import com.cloud.async.AsyncJob;
-import com.cloud.event.EventTypes;
-import com.cloud.network.security.SecurityGroup;
-import com.cloud.user.Account;
-
-@Implementation(responseObject = SuccessResponse.class, description = "Deletes a particular egress rule from this security group", since="3.0.0")
-public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupEgressCmd.class.getName());
-
- private static final String s_name = "revokesecuritygroupegress";
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @IdentityMapper(entityTableName="security_group_rule")
- @Parameter(name = ApiConstants.ID, type = CommandType.LONG, required = true, description = "The ID of the egress rule")
- private Long id;
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- public static String getResultObjectName() {
- return "revokesecuritygroupegress";
- }
-
- @Override
- public long getEntityOwnerId() {
- SecurityGroup group = _entityMgr.findById(SecurityGroup.class, getId());
- if (group != null) {
- return group.getAccountId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_SECURITY_GROUP_REVOKE_EGRESS;
- }
-
- @Override
- public String getEventDescription() {
- return "revoking egress rule id: " + getId();
- }
-
- @Override
- public void execute() {
- boolean result = _securityGroupService.revokeSecurityGroupEgress(this);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- this.setResponseObject(response);
- } else {
- throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to revoke security group egress rule");
- }
- }
-
- @Override
- public AsyncJob.Type getInstanceType() {
- return AsyncJob.Type.SecurityGroup;
- }
-
- @Override
- public Long getInstanceId() {
- return getId();
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java b/api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java
deleted file mode 100644
index 5818580..0000000
--- a/api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java
+++ /dev/null
@@ -1,109 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.commands;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.IdentityMapper;
-import org.apache.cloudstack.api.Implementation;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import com.cloud.api.response.SuccessResponse;
-import com.cloud.async.AsyncJob;
-import com.cloud.event.EventTypes;
-import com.cloud.network.security.SecurityGroup;
-import com.cloud.user.Account;
-
-@Implementation(responseObject = SuccessResponse.class, description = "Deletes a particular ingress rule from this security group")
-public class RevokeSecurityGroupIngressCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupIngressCmd.class.getName());
-
- private static final String s_name = "revokesecuritygroupingress";
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @IdentityMapper(entityTableName="security_group_rule")
- @Parameter(name = ApiConstants.ID, type = CommandType.LONG, required = true, description = "The ID of the ingress rule")
- private Long id;
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- public static String getResultObjectName() {
- return "revokesecuritygroupingress";
- }
-
- @Override
- public long getEntityOwnerId() {
- SecurityGroup group = _entityMgr.findById(SecurityGroup.class, getId());
- if (group != null) {
- return group.getAccountId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_SECURITY_GROUP_REVOKE_INGRESS;
- }
-
- @Override
- public String getEventDescription() {
- return "revoking ingress rule id: " + getId();
- }
-
- @Override
- public void execute() {
- boolean result = _securityGroupService.revokeSecurityGroupIngress(this);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- this.setResponseObject(response);
- } else {
- throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to revoke security group ingress rule");
- }
- }
-
- @Override
- public AsyncJob.Type getInstanceType() {
- return AsyncJob.Type.SecurityGroup;
- }
-
- @Override
- public Long getInstanceId() {
- return getId();
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/com/cloud/network/security/SecurityGroupService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/security/SecurityGroupService.java b/api/src/com/cloud/network/security/SecurityGroupService.java
index 55b6e78..270047f 100644
--- a/api/src/com/cloud/network/security/SecurityGroupService.java
+++ b/api/src/com/cloud/network/security/SecurityGroupService.java
@@ -18,13 +18,10 @@ package com.cloud.network.security;
import java.util.List;
-import com.cloud.api.commands.AuthorizeSecurityGroupEgressCmd;
-import com.cloud.api.commands.AuthorizeSecurityGroupIngressCmd;
-import com.cloud.api.commands.CreateSecurityGroupCmd;
-import com.cloud.api.commands.DeleteSecurityGroupCmd;
-import com.cloud.api.commands.ListSecurityGroupsCmd;
-import com.cloud.api.commands.RevokeSecurityGroupEgressCmd;
-import com.cloud.api.commands.RevokeSecurityGroupIngressCmd;
+import org.apache.cloudstack.api.user.sg.command.*;
+import org.apache.cloudstack.api.user.sg.command.AuthorizeSecurityGroupIngressCmd;
+import org.apache.cloudstack.api.user.sg.command.CreateSecurityGroupCmd;
+import org.apache.cloudstack.api.user.sg.command.RevokeSecurityGroupEgressCmd;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceInUseException;
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/org/apache/cloudstack/api/user/sg/command/AuthorizeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/user/sg/command/AuthorizeSecurityGroupEgressCmd.java b/api/src/org/apache/cloudstack/api/user/sg/command/AuthorizeSecurityGroupEgressCmd.java
new file mode 100644
index 0000000..658f03a
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/user/sg/command/AuthorizeSecurityGroupEgressCmd.java
@@ -0,0 +1,228 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.user.sg.command;
+
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import org.apache.log4j.Logger;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.IdentityMapper;
+import org.apache.cloudstack.api.Implementation;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import com.cloud.api.response.SecurityGroupRuleResponse;
+import com.cloud.api.response.SecurityGroupResponse;
+import com.cloud.async.AsyncJob;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.network.security.SecurityRule;
+import com.cloud.user.UserContext;
+import com.cloud.utils.StringUtils;
+
+@Implementation(responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular egress rule for this security group", since="3.0.0")
+@SuppressWarnings("rawtypes")
+public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName());
+
+ private static final String s_name = "authorizesecuritygroupegressresponse";
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "TCP is default. UDP is the other supported protocol")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "start port for this egress rule")
+ private Integer startPort;
+
+ @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "end port for this egress rule")
+ private Integer endPort;
+
+ @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the icmp message being sent")
+ private Integer icmpType;
+
+ @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this icmp message")
+ private Integer icmpCode;
+
+ @Parameter(name=ApiConstants.CIDR_LIST, type=CommandType.LIST, collectionType=CommandType.STRING, description="the cidr list associated")
+ private List<String> cidrList;
+
+ @Parameter(name = ApiConstants.USER_SECURITY_GROUP_LIST, type = CommandType.MAP, description = "user to security group mapping")
+ private Map userSecurityGroupList;
+
+ @IdentityMapper(entityTableName="domain")
+ @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the security group. If the account parameter is used, domainId must also be used.")
+ private Long domainId;
+
+ @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the security group. Must be used with domainId.")
+ private String accountName;
+
+ @IdentityMapper(entityTableName="projects")
+ @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="an optional project of the security group")
+ private Long projectId;
+
+ @IdentityMapper(entityTableName="security_group")
+ @Parameter(name=ApiConstants.SECURITY_GROUP_ID, type=CommandType.LONG, description="The ID of the security group. Mutually exclusive with securityGroupName parameter")
+ private Long securityGroupId;
+
+ @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="The name of the security group. Mutually exclusive with securityGroupName parameter")
+ private String securityGroupName;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public List<String> getCidrList() {
+ return cidrList;
+ }
+
+ public Integer getEndPort() {
+ return endPort;
+ }
+
+ public Integer getIcmpCode() {
+ return icmpCode;
+ }
+
+ public Integer getIcmpType() {
+ return icmpType;
+ }
+
+ public Long getSecurityGroupId() {
+ if (securityGroupId != null && securityGroupName != null) {
+ throw new InvalidParameterValueException("securityGroupId and securityGroupName parameters are mutually exclusive");
+ }
+
+ if (securityGroupName != null) {
+ securityGroupId = _responseGenerator.getSecurityGroupId(securityGroupName, getEntityOwnerId());
+ if (securityGroupId == null) {
+ throw new InvalidParameterValueException("Unable to find security group " + securityGroupName + " for account id=" + getEntityOwnerId());
+ }
+ securityGroupName = null;
+ }
+
+ if (securityGroupId == null) {
+ throw new InvalidParameterValueException("Either securityGroupId or securityGroupName is required by authorizeSecurityGroupIngress command");
+ }
+
+ return securityGroupId;
+ }
+
+ public String getProtocol() {
+ if (protocol == null) {
+ return "all";
+ }
+ return protocol;
+ }
+
+ public Integer getStartPort() {
+ return startPort;
+ }
+
+ public Map getUserSecurityGroupList() {
+ return userSecurityGroupList;
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ public static String getResultObjectName() {
+ return "securitygroup";
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Long accountId = finalyzeAccountId(accountName, domainId, projectId, true);
+ if (accountId == null) {
+ return UserContext.current().getCaller().getId();
+ }
+
+ return accountId;
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_SECURITY_GROUP_AUTHORIZE_EGRESS;
+ }
+
+ @Override
+ public String getEventDescription() {
+ StringBuilder sb = new StringBuilder();
+ if (getUserSecurityGroupList() != null) {
+ sb.append("group list(group/account): ");
+ Collection userGroupCollection = getUserSecurityGroupList().values();
+ Iterator iter = userGroupCollection.iterator();
+
+ HashMap userGroup = (HashMap) iter.next();
+ String group = (String) userGroup.get("group");
+ String authorizedAccountName = (String) userGroup.get("account");
+ sb.append(group + "/" + authorizedAccountName);
+
+ while (iter.hasNext()) {
+ userGroup = (HashMap) iter.next();
+ group = (String) userGroup.get("group");
+ authorizedAccountName = (String) userGroup.get("account");
+ sb.append(", " + group + "/" + authorizedAccountName);
+ }
+ } else if (getCidrList() != null) {
+ sb.append("cidr list: ");
+ sb.append(StringUtils.join(getCidrList(), ", "));
+ } else {
+ sb.append("<error: no egress parameters>");
+ }
+
+ return "authorizing egress to group: " + getSecurityGroupId() + " to " + sb.toString();
+ }
+
+ @Override
+ public void execute() {
+ List<? extends SecurityRule> egressRules = _securityGroupService.authorizeSecurityGroupEgress(this);
+ if (egressRules != null && !egressRules.isEmpty()) {
+ SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponseFromSecurityGroupRule(egressRules);
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize security group egress rule(s)");
+ }
+
+ }
+
+ @Override
+ public AsyncJob.Type getInstanceType() {
+ return AsyncJob.Type.SecurityGroup;
+ }
+
+ @Override
+ public Long getInstanceId() {
+ return getSecurityGroupId();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/org/apache/cloudstack/api/user/sg/command/AuthorizeSecurityGroupIngressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/user/sg/command/AuthorizeSecurityGroupIngressCmd.java b/api/src/org/apache/cloudstack/api/user/sg/command/AuthorizeSecurityGroupIngressCmd.java
new file mode 100644
index 0000000..38a4f49
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/user/sg/command/AuthorizeSecurityGroupIngressCmd.java
@@ -0,0 +1,237 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.user.sg.command;
+
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.IdentityMapper;
+import org.apache.cloudstack.api.Implementation;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import com.cloud.api.response.SecurityGroupResponse;
+import com.cloud.api.response.SecurityGroupRuleResponse;
+import com.cloud.async.AsyncJob;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.network.security.SecurityRule;
+import com.cloud.user.UserContext;
+import com.cloud.utils.StringUtils;
+import com.cloud.utils.net.NetUtils;
+
+@Implementation(responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular ingress rule for this security group")
+@SuppressWarnings("rawtypes")
+public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName());
+
+ private static final String s_name = "authorizesecuritygroupingressresponse";
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "TCP is default. UDP is the other supported protocol")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "start port for this ingress rule")
+ private Integer startPort;
+
+ @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "end port for this ingress rule")
+ private Integer endPort;
+
+ @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the icmp message being sent")
+ private Integer icmpType;
+
+ @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this icmp message")
+ private Integer icmpCode;
+
+ @Parameter(name=ApiConstants.CIDR_LIST, type=CommandType.LIST, collectionType=CommandType.STRING, description="the cidr list associated")
+ private List<String> cidrList;
+
+ @Parameter(name = ApiConstants.USER_SECURITY_GROUP_LIST, type = CommandType.MAP, description = "user to security group mapping")
+ private Map userSecurityGroupList;
+
+ @IdentityMapper(entityTableName="domain")
+ @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the security group. If the account parameter is used, domainId must also be used.")
+ private Long domainId;
+
+ @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the security group. Must be used with domainId.")
+ private String accountName;
+
+ @IdentityMapper(entityTableName="projects")
+ @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="an optional project of the security group")
+ private Long projectId;
+
+ @IdentityMapper(entityTableName="security_group")
+ @Parameter(name=ApiConstants.SECURITY_GROUP_ID, type=CommandType.LONG, description="The ID of the security group. Mutually exclusive with securityGroupName parameter")
+ private Long securityGroupId;
+
+ @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="The name of the security group. Mutually exclusive with securityGroupName parameter")
+ private String securityGroupName;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public List<String> getCidrList() {
+ return cidrList;
+ }
+
+ public Integer getEndPort() {
+ return endPort;
+ }
+
+ public Integer getIcmpCode() {
+ return icmpCode;
+ }
+
+ public Integer getIcmpType() {
+ return icmpType;
+ }
+
+ public Long getSecurityGroupId() {
+ if (securityGroupId != null && securityGroupName != null) {
+ throw new InvalidParameterValueException("securityGroupId and securityGroupName parameters are mutually exclusive");
+ }
+
+ if (securityGroupName != null) {
+ securityGroupId = _responseGenerator.getSecurityGroupId(securityGroupName, getEntityOwnerId());
+ if (securityGroupId == null) {
+ throw new InvalidParameterValueException("Unable to find security group " + securityGroupName + " for account id=" + getEntityOwnerId());
+ }
+ securityGroupName = null;
+ }
+
+ if (securityGroupId == null) {
+ throw new InvalidParameterValueException("Either securityGroupId or securityGroupName is required by authorizeSecurityGroupIngress command");
+ }
+
+ return securityGroupId;
+ }
+
+ public String getProtocol() {
+ if (protocol == null) {
+ return "all";
+ }
+ return protocol;
+ }
+
+ public Integer getStartPort() {
+ return startPort;
+ }
+
+ public Map getUserSecurityGroupList() {
+ return userSecurityGroupList;
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ public static String getResultObjectName() {
+ return "securitygroup";
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Long accountId = finalyzeAccountId(accountName, domainId, projectId, true);
+ if (accountId == null) {
+ return UserContext.current().getCaller().getId();
+ }
+
+ return accountId;
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS;
+ }
+
+ @Override
+ public String getEventDescription() {
+ StringBuilder sb = new StringBuilder();
+ if (getUserSecurityGroupList() != null) {
+ sb.append("group list(group/account): ");
+ Collection userGroupCollection = getUserSecurityGroupList().values();
+ Iterator iter = userGroupCollection.iterator();
+
+ HashMap userGroup = (HashMap) iter.next();
+ String group = (String) userGroup.get("group");
+ String authorizedAccountName = (String) userGroup.get("account");
+ sb.append(group + "/" + authorizedAccountName);
+
+ while (iter.hasNext()) {
+ userGroup = (HashMap) iter.next();
+ group = (String) userGroup.get("group");
+ authorizedAccountName = (String) userGroup.get("account");
+ sb.append(", " + group + "/" + authorizedAccountName);
+ }
+ } else if (getCidrList() != null) {
+ sb.append("cidr list: ");
+ sb.append(StringUtils.join(getCidrList(), ", "));
+ } else {
+ sb.append("<error: no ingress parameters>");
+ }
+
+ return "authorizing ingress to group: " + getSecurityGroupId() + " to " + sb.toString();
+ }
+
+ @Override
+ public void execute() {
+ if(cidrList != null){
+ for(String cidr : cidrList ){
+ if (!NetUtils.isValidCIDR(cidr)){
+ throw new ServerApiException(BaseCmd.PARAM_ERROR, cidr + " is an Invalid CIDR ");
+ }
+ }
+ }
+ List<? extends SecurityRule> ingressRules = _securityGroupService.authorizeSecurityGroupIngress(this);
+ if (ingressRules != null && !ingressRules.isEmpty()) {
+ SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponseFromSecurityGroupRule(ingressRules);
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize security group ingress rule(s)");
+ }
+ }
+
+ @Override
+ public AsyncJob.Type getInstanceType() {
+ return AsyncJob.Type.SecurityGroup;
+ }
+
+ @Override
+ public Long getInstanceId() {
+ return getSecurityGroupId();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/org/apache/cloudstack/api/user/sg/command/CreateSecurityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/user/sg/command/CreateSecurityGroupCmd.java b/api/src/org/apache/cloudstack/api/user/sg/command/CreateSecurityGroupCmd.java
new file mode 100644
index 0000000..71a1ee6
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/user/sg/command/CreateSecurityGroupCmd.java
@@ -0,0 +1,123 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.user.sg.command;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.IdentityMapper;
+import org.apache.cloudstack.api.Implementation;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import com.cloud.api.response.SecurityGroupResponse;
+import com.cloud.network.security.SecurityGroup;
+import com.cloud.user.Account;
+import com.cloud.user.UserContext;
+
+@Implementation(responseObject = SecurityGroupResponse.class, description = "Creates a security group")
+public class CreateSecurityGroupCmd extends BaseCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateSecurityGroupCmd.class.getName());
+
+ private static final String s_name = "createsecuritygroupresponse";
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an optional account for the security group. Must be used with domainId.")
+ private String accountName;
+
+ @IdentityMapper(entityTableName = "domain")
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.LONG, description = "an optional domainId for the security group. If the account parameter is used, domainId must also be used.")
+ private Long domainId;
+
+ @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "the description of the security group")
+ private String description;
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the security group")
+ private String securityGroupName;
+
+ @IdentityMapper(entityTableName = "projects")
+ @Parameter(name = ApiConstants.PROJECT_ID, type = CommandType.LONG, description = "Deploy vm for the project")
+ private Long projectId;
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public String getSecurityGroupName() {
+ return securityGroupName;
+ }
+
+ public Long getProjectId() {
+ return projectId;
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = UserContext.current().getCaller();
+ if ((account == null) || isAdmin(account.getType())) {
+ if ((domainId != null) && (accountName != null)) {
+ Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+ if (userAccount != null) {
+ return userAccount.getId();
+ }
+ }
+ }
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are
+// tracked
+ }
+
+ @Override
+ public void execute() {
+ SecurityGroup group = _securityGroupService.createSecurityGroup(this);
+ if (group != null) {
+ SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponse(group);
+ response.setResponseName(getCommandName());
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create security group");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/org/apache/cloudstack/api/user/sg/command/DeleteSecurityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/user/sg/command/DeleteSecurityGroupCmd.java b/api/src/org/apache/cloudstack/api/user/sg/command/DeleteSecurityGroupCmd.java
new file mode 100644
index 0000000..92e1b83
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/user/sg/command/DeleteSecurityGroupCmd.java
@@ -0,0 +1,131 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.user.sg.command;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.IdentityMapper;
+import org.apache.cloudstack.api.Implementation;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import com.cloud.api.response.SuccessResponse;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceInUseException;
+import com.cloud.user.UserContext;
+
+@Implementation(description="Deletes security group", responseObject=SuccessResponse.class)
+public class DeleteSecurityGroupCmd extends BaseCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteSecurityGroupCmd.class.getName());
+ private static final String s_name = "deletesecuritygroupresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account of the security group. Must be specified with domain ID")
+ private String accountName;
+
+ @IdentityMapper(entityTableName="domain")
+ @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID of account owning the security group")
+ private Long domainId;
+
+ @IdentityMapper(entityTableName="projects")
+ @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="the project of the security group")
+ private Long projectId;
+
+ @IdentityMapper(entityTableName="security_group")
+ @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="The ID of the security group. Mutually exclusive with name parameter")
+ private Long id;
+
+ @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, description="The ID of the security group. Mutually exclusive with id parameter")
+ private String name;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public Long getProjectId() {
+ return projectId;
+ }
+
+ public Long getId() {
+ if (id != null && name != null) {
+ throw new InvalidParameterValueException("name and id parameters are mutually exclusive");
+ }
+
+ if (name != null) {
+ id = _responseGenerator.getSecurityGroupId(name, getEntityOwnerId());
+ if (id == null) {
+ throw new InvalidParameterValueException("Unable to find security group by name " + name + " for the account id=" + getEntityOwnerId());
+ }
+ }
+
+ if (id == null) {
+ throw new InvalidParameterValueException("Either id or name parameter is requred by deleteSecurityGroup command");
+ }
+
+ return id;
+ }
+
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Long accountId = finalyzeAccountId(accountName, domainId, projectId, true);
+ if (accountId == null) {
+ return UserContext.current().getCaller().getId();
+ }
+
+ return accountId;
+ }
+
+ @Override
+ public void execute(){
+ try{
+ boolean result = _securityGroupService.deleteSecurityGroup(this);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete security group");
+ }
+ } catch (ResourceInUseException ex) {
+ s_logger.warn("Exception: ", ex);
+ throw new ServerApiException(BaseCmd.RESOURCE_IN_USE_ERROR, ex.getMessage());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/org/apache/cloudstack/api/user/sg/command/ListSecurityGroupsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/user/sg/command/ListSecurityGroupsCmd.java b/api/src/org/apache/cloudstack/api/user/sg/command/ListSecurityGroupsCmd.java
new file mode 100644
index 0000000..db6e3e7
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/user/sg/command/ListSecurityGroupsCmd.java
@@ -0,0 +1,92 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.user.sg.command;
+
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
+import org.apache.cloudstack.api.IdentityMapper;
+import org.apache.cloudstack.api.Implementation;
+import org.apache.cloudstack.api.Parameter;
+import com.cloud.api.response.ListResponse;
+import com.cloud.api.response.SecurityGroupResponse;
+import com.cloud.async.AsyncJob;
+import com.cloud.network.security.SecurityGroupRules;
+
+
+@Implementation(description="Lists security groups", responseObject=SecurityGroupResponse.class)
+public class ListSecurityGroupsCmd extends BaseListTaggedResourcesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListSecurityGroupsCmd.class.getName());
+
+ private static final String s_name = "listsecuritygroupsresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="lists security groups by name")
+ private String securityGroupName;
+
+ @IdentityMapper(entityTableName="vm_instance")
+ @Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, description="lists security groups by virtual machine id")
+ private Long virtualMachineId;
+
+ @IdentityMapper(entityTableName="security_group")
+ @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="list the security group by the id provided")
+ private Long id;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+ public String getSecurityGroupName() {
+ return securityGroupName;
+ }
+
+ public Long getVirtualMachineId() {
+ return virtualMachineId;
+ }
+
+ public Long getId(){
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public void execute(){
+ List<? extends SecurityGroupRules> securityGroups = _securityGroupService.searchForSecurityGroupRules(this);
+
+ ListResponse<SecurityGroupResponse> response = _responseGenerator.createSecurityGroupResponses(securityGroups);
+ response.setResponseName(getCommandName());
+ this.setResponseObject(response);
+ }
+
+ @Override
+ public AsyncJob.Type getInstanceType() {
+ return AsyncJob.Type.SecurityGroup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/0df9538f/api/src/org/apache/cloudstack/api/user/sg/command/RevokeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/user/sg/command/RevokeSecurityGroupEgressCmd.java b/api/src/org/apache/cloudstack/api/user/sg/command/RevokeSecurityGroupEgressCmd.java
new file mode 100644
index 0000000..f806e2f
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/user/sg/command/RevokeSecurityGroupEgressCmd.java
@@ -0,0 +1,109 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.user.sg.command;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.IdentityMapper;
+import org.apache.cloudstack.api.Implementation;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import com.cloud.api.response.SuccessResponse;
+import com.cloud.async.AsyncJob;
+import com.cloud.event.EventTypes;
+import com.cloud.network.security.SecurityGroup;
+import com.cloud.user.Account;
+
+@Implementation(responseObject = SuccessResponse.class, description = "Deletes a particular egress rule from this security group", since="3.0.0")
+public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupEgressCmd.class.getName());
+
+ private static final String s_name = "revokesecuritygroupegress";
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @IdentityMapper(entityTableName="security_group_rule")
+ @Parameter(name = ApiConstants.ID, type = CommandType.LONG, required = true, description = "The ID of the egress rule")
+ private Long id;
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ public static String getResultObjectName() {
+ return "revokesecuritygroupegress";
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ SecurityGroup group = _entityMgr.findById(SecurityGroup.class, getId());
+ if (group != null) {
+ return group.getAccountId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_SECURITY_GROUP_REVOKE_EGRESS;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "revoking egress rule id: " + getId();
+ }
+
+ @Override
+ public void execute() {
+ boolean result = _securityGroupService.revokeSecurityGroupEgress(this);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to revoke security group egress rule");
+ }
+ }
+
+ @Override
+ public AsyncJob.Type getInstanceType() {
+ return AsyncJob.Type.SecurityGroup;
+ }
+
+ @Override
+ public Long getInstanceId() {
+ return getId();
+ }
+}