Repository: cloudstack Updated Branches: refs/heads/4.4 63563b740 -> 7ff49cb88
CLOUDSTACK-6240 Fixed updating advanced SG rules for vm nic secondary ip Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7ff49cb8 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7ff49cb8 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7ff49cb8 Branch: refs/heads/4.4 Commit: 7ff49cb887d355eb9ce787bb816e4331a46e0cc8 Parents: 63563b7 Author: Jayapal <jaya...@apache.org> Authored: Wed Mar 19 15:46:15 2014 +0530 Committer: Jayapal <jaya...@apache.org> Committed: Wed Mar 19 16:03:56 2014 +0530 ---------------------------------------------------------------------- .../api/command/user/vm/AddIpToVmNicCmd.java | 8 +++++++- .../api/command/user/vm/RemoveIpFromVmNicCmd.java | 9 ++++++++- .../network/security/SecurityGroupManagerImpl.java | 13 +++++++------ 3 files changed, 22 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7ff49cb8/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java index a7f9436..870bbbf 100644 --- a/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java @@ -92,6 +92,12 @@ public class AddIpToVmNicCmd extends BaseAsyncCmd { return dc.getNetworkType(); } + private boolean isZoneSGEnabled() { + Network ntwk = _entityMgr.findById(Network.class, getNetworkId()); + DataCenter dc = _entityMgr.findById(DataCenter.class, ntwk.getDataCenterId()); + return dc.isSecurityGroupEnabled(); + } + @Override public String getEventType() { return EventTypes.EVENT_NET_IP_ASSIGN; @@ -136,7 +142,7 @@ public class AddIpToVmNicCmd extends BaseAsyncCmd { if (result != null) { secondaryIp = result.getIp4Address(); - if (getNetworkType() == NetworkType.Basic) { + if (isZoneSGEnabled()) { // add security group rules for the secondary ip addresses boolean success = false; success = _securityGroupService.securityGroupRulesForVmSecIp(getNicId(), secondaryIp, true); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7ff49cb8/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java index 75eafa9..70d5b48 100644 --- a/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java @@ -131,6 +131,13 @@ public class RemoveIpFromVmNicCmd extends BaseAsyncCmd { return null; } + + private boolean isZoneSGEnabled() { + Network ntwk = _entityMgr.findById(Network.class, getNetworkId()); + DataCenter dc = _entityMgr.findById(DataCenter.class, ntwk.getDataCenterId()); + return dc.isSecurityGroupEnabled(); + } + @Override public void execute() throws InvalidParameterValueException { CallContext.current().setEventDetails("Ip Id: " + id); @@ -140,7 +147,7 @@ public class RemoveIpFromVmNicCmd extends BaseAsyncCmd { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Invalid IP id is passed"); } - if (getNetworkType() == NetworkType.Basic) { + if (isZoneSGEnabled()) { //remove the security group rules for this secondary ip boolean success = false; success = _securityGroupService.securityGroupRulesForVmSecIp(nicSecIp.getNicId(), nicSecIp.getIp4Address(), false); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7ff49cb8/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index cf71b25..9c1b967 100755 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -1350,16 +1350,17 @@ public class SecurityGroupManagerImpl extends ManagerBase implements SecurityGro // Validate parameters List<SecurityGroupVO> vmSgGrps = getSecurityGroupsForVm(vmId); - if (vmSgGrps == null) { + if (vmSgGrps.isEmpty()) { s_logger.debug("Vm is not in any Security group "); return true; } - for (SecurityGroupVO securityGroup : vmSgGrps) { - Account owner = _accountMgr.getAccount(securityGroup.getAccountId()); - if (owner == null) { - throw new InvalidParameterValueException("Unable to find security group owner by id=" + securityGroup.getAccountId()); - } + //If network does not support SG service, no need add SG rules for secondary ip + Network network = _networkModel.getNetwork(nic.getNetworkId()); + if (!_networkModel.isSecurityGroupSupportedInNetwork(network)) { + s_logger.debug("Network " + network + " is not enabled with security group service, "+ + "so not applying SG rules for secondary ip"); + return true; } String vmMac = vm.getPrivateMacAddress();
