gitqueue
diff --git a/‎api/src/com/cloud/agent/api/SecurityGroupRulesCmd.java‎
Lines changed: 37 additions & 0 deletions b/‎api/src/com/cloud/agent/api/SecurityGroupRulesCmd.java‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎api/src/com/cloud/agent/api/to/NicTO.java‎
Lines changed: 11 additions & 0 deletions b/‎api/src/com/cloud/agent/api/to/NicTO.java‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎api/src/com/cloud/network/security/SecurityGroupService.java‎
Lines changed: 3 additions & 1 deletion b/‎api/src/com/cloud/network/security/SecurityGroupService.java‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java‎
Lines changed: 25 additions & 4 deletions b/‎api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java‎
Lines changed: 25 additions & 4 deletions
diff --git a/‎api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java‎
Lines changed: 46 additions & 2 deletions b/‎api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java‎
Lines changed: 46 additions & 2 deletions
diff --git a/‎core/src/com/cloud/agent/api/NetworkRulesVmSecondaryIpCommand.java‎
Lines changed: 71 additions & 0 deletions b/‎core/src/com/cloud/agent/api/NetworkRulesVmSecondaryIpCommand.java‎
Lines changed: 71 additions & 0 deletions
@@ -18,6 +18,7 @@
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.util.List;
 import java.util.zip.DeflaterOutputStream;
 
 import org.apache.commons.codec.binary.Base64;
@@ -80,6 +81,7 @@ public int getEndPort() {
     Long msId;
     IpPortAndProto [] ingressRuleSet;
     IpPortAndProto [] egressRuleSet;
+    private List<String> secIps;
 
     public SecurityGroupRulesCmd() {
         super();
@@ -103,6 +105,23 @@ public SecurityGroupRulesCmd(String guestIp, String guestMac, String vmName, Lon
     }
 
 
+    public SecurityGroupRulesCmd(String guestIp, String guestMac, String vmName, Long vmId, String signature, Long seqNum, IpPortAndProto[] ingressRuleSet, IpPortAndProto[] egressRuleSet, List<String> secIps) {
+        super();
+        this.guestIp = guestIp;
+        this.vmName = vmName;
+        this.ingressRuleSet = ingressRuleSet;
+        this.egressRuleSet = egressRuleSet;
+        this.guestMac = guestMac;
+        this.signature = signature;
+        this.seqNum = seqNum;
+        this.vmId  = vmId;
+        if (signature == null) {
+            String stringified = stringifyRules();
+            this.signature = DigestUtils.md5Hex(stringified);
+        }
+        this.secIps = secIps;
+    }
+
     @Override
     public boolean executeInSequence() {
         return true;
@@ -131,6 +150,10 @@ public String getGuestIp() {
         return guestIp;
     }
 
+    public List<String> getSecIps() {
+        return secIps;
+    }
+
 
     public String getVmName() {
         return vmName;
@@ -165,6 +188,20 @@ private String compressCidr(String cidr) {
     }
 
 
+    public String getSecIpsString() {
+        StringBuilder sb = new StringBuilder();
+        List<String> ips = getSecIps();
+        if (ips == null) {
+            return "0:";
+        } else {
+            for (String ip : ips) {
+                sb.append(ip).append(":");
+            }
+        }
+        return sb.toString();
+    }
+
+
     public String stringifyCompressedRules() {
         StringBuilder ruleBuilder = new StringBuilder();
         for (SecurityGroupRulesCmd.IpPortAndProto ipPandP : getIngressRuleSet()) {
 
@@ -16,12 +16,15 @@
 // under the License.
 package com.cloud.agent.api.to;
 
+import java.util.List;
+
 public class NicTO extends NetworkTO {
     int deviceId;
     Integer networkRateMbps;
     Integer networkRateMulticastMbps;
     boolean defaultNic;
     String uuid;
+    List <String> nicSecIps;
 
     public NicTO() {
         super();
@@ -69,4 +72,12 @@ public void setUuid(String uuid) {
     public String toString() {
         return new StringBuilder("[Nic:").append(type).append("-").append(ip).append("-").append(broadcastUri).append("]").toString();
     }
+
+    public void setNicSecIps(List<String> secIps) {
+        this.nicSecIps = secIps;
+    }
+
+    public List<String> getNicSecIps() {
+        return nicSecIps;
+    }
 }
@@ -24,6 +24,7 @@
 import org.apache.cloudstack.api.command.user.securitygroup.DeleteSecurityGroupCmd;
 import org.apache.cloudstack.api.command.user.securitygroup.RevokeSecurityGroupEgressCmd;
 import org.apache.cloudstack.api.command.user.securitygroup.RevokeSecurityGroupIngressCmd;
+import org.apache.cloudstack.api.command.user.vm.AddIpToVmNicCmd;
 
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
@@ -45,5 +46,6 @@ public interface SecurityGroupService {
     public List<? extends SecurityRule> authorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressCmd cmd);
 
     public List<? extends SecurityRule> authorizeSecurityGroupEgress(AuthorizeSecurityGroupEgressCmd cmd);
-
+    public boolean securityGroupRulesForVmSecIp(Long nicId, Long networkId,
+            String secondaryIp, boolean ruleAction);
 }
@@ -28,6 +28,8 @@
 import org.apache.cloudstack.api.response.NicSecondaryIpResponse;
 
 import com.cloud.async.AsyncJob;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.DataCenter.NetworkType;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientAddressCapacityException;
@@ -83,6 +85,9 @@ private long getZoneId() {
 
     public Long getNetworkId() {
         Nic nic = _entityMgr.findById(Nic.class, nicId);
+        if (nic == null) {
+            throw new InvalidParameterValueException("Can't find network id for specified nic");
+        }
         Long networkId = nic.getNetworkId();
         return networkId;
     }
@@ -98,6 +103,13 @@ public String getIpaddress () {
             return null;
         }
     }
+
+    public NetworkType getNetworkType() {
+        Network ntwk = _entityMgr.findById(Network.class, getNetworkId());
+        DataCenter dc = _entityMgr.findById(DataCenter.class, ntwk.getDataCenterId());
+        return dc.getNetworkType();
+    }
+
     @Override
     public long getEntityOwnerId() {
         Account caller = UserContext.current().getCaller();
@@ -134,21 +146,30 @@ public void execute() throws ResourceUnavailableException, ResourceAllocationExc
 
         UserContext.current().setEventDetails("Nic Id: " + getNicId() );
         String ip;
-        String SecondaryIp = null;
+        String secondaryIp = null;
         if ((ip = getIpaddress()) != null) {
             if (!NetUtils.isValidIp(ip)) {
                 throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Invalid ip address " + ip);
             }
         }
 
         try {
-            SecondaryIp =  _networkService.allocateSecondaryGuestIP(_accountService.getAccount(getEntityOwnerId()),  getZoneId(), getNicId(), getNetworkId(), getIpaddress());
+            secondaryIp =  _networkService.allocateSecondaryGuestIP(_accountService.getAccount(getEntityOwnerId()),  getZoneId(), getNicId(), getNetworkId(), getIpaddress());
         } catch (InsufficientAddressCapacityException e) {
             throw new InvalidParameterValueException("Allocating guest ip for nic failed");
         }
 
-        if (SecondaryIp != null) {
-            s_logger.info("Associated ip address to NIC : " + SecondaryIp);
+        if (secondaryIp != null) {
+            if (getNetworkType() == NetworkType.Basic) {
+                // add security group rules for the secondary ip addresses
+                boolean success = false;
+                success = _securityGroupService.securityGroupRulesForVmSecIp(getNicId(), getNetworkId(), secondaryIp, (boolean) true);
+                if (success == false) {
+                    throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to set security group rules for the secondary ip");
+                }
+            }
+
+            s_logger.info("Associated ip address to NIC : " + secondaryIp);
             NicSecondaryIpResponse response = new NicSecondaryIpResponse();
             response = _responseGenerator.createSecondaryIPToNicResponse(ip, getNicId(), getNetworkId());
             response.setResponseName(getCommandName());
 
@@ -27,10 +27,15 @@
 import org.apache.cloudstack.api.response.NicSecondaryIpResponse;
 import org.apache.cloudstack.api.response.SuccessResponse;
 import com.cloud.async.AsyncJob;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.DataCenter.NetworkType;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.network.Network;
 import com.cloud.user.Account;
 import com.cloud.user.UserContext;
+import com.cloud.vm.Nic;
+import com.cloud.vm.NicSecondaryIp;
 
 @APICommand(name = "removeIpFromNic", description="Assigns secondary IP to NIC.", responseObject=SuccessResponse.class)
 public class RemoveIpFromVmNicCmd extends BaseAsyncCmd {
@@ -43,7 +48,7 @@ public class RemoveIpFromVmNicCmd extends BaseAsyncCmd {
 
     @Parameter(name=ApiConstants.ID, type=CommandType.UUID, required = true, entityType = NicSecondaryIpResponse.class,
             description="the ID of the secondary ip address to nic")
-            private long id;
+            private Long id;
 
     // unexposed parameter needed for events logging
     @Parameter(name=ApiConstants.ACCOUNT_ID, type=CommandType.UUID, expose=false)
@@ -57,7 +62,7 @@ public String getEntityTable() {
         return "nic_secondary_ips";
     }
 
-    public long getIpAddressId() {
+    public Long getIpAddressId() {
         return id;
     }
 
@@ -80,6 +85,11 @@ public String getEventType() {
         return EventTypes.EVENT_NET_IP_ASSIGN;
     }
 
+    public NicSecondaryIp getIpEntry() {
+        NicSecondaryIp nicSecIp = _entityMgr.findById(NicSecondaryIp.class, getIpAddressId());
+        return nicSecIp;
+    }
+
     @Override
     public String getEventDescription() {
         return  ("Disassociating ip address with id=" + id);
@@ -98,9 +108,43 @@ public static String getResultObjectName() {
         return "addressinfo";
     }
 
+    public Long getNetworkId() {
+        NicSecondaryIp nicSecIp = _entityMgr.findById(NicSecondaryIp.class, getIpAddressId());
+        if (nicSecIp != null) {
+            Long networkId = nicSecIp.getNetworkId();
+            return networkId;
+        } else {
+            return null;
+        }
+    }
+
+    public NetworkType getNetworkType() {
+        Network ntwk = _entityMgr.findById(Network.class, getNetworkId());
+        if (ntwk != null) {
+            DataCenter dc = _entityMgr.findById(DataCenter.class, ntwk.getDataCenterId());
+            return dc.getNetworkType();
+        }
+        return null;
+    }
+
     @Override
     public void execute() throws InvalidParameterValueException {
         UserContext.current().setEventDetails("Ip Id: " + getIpAddressId());
+        NicSecondaryIp nicSecIp = getIpEntry();
+
+        if (nicSecIp == null) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Invalid IP id is passed");
+        }
+
+        if (getNetworkType() == NetworkType.Basic) {
+            //remove the security group rules for this secondary ip
+            boolean success = false;
+            success = _securityGroupService.securityGroupRulesForVmSecIp(nicSecIp.getNicId(), nicSecIp.getNetworkId(),nicSecIp.getIp4Address(), false);
+            if (success == false) {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to set security group rules for the secondary ip");
+            }
+        }
+
         boolean result = _networkService.releaseSecondaryIpFromNic(getIpAddressId());
         if (result) {
             SuccessResponse response = new SuccessResponse(getCommandName());
 
@@ -0,0 +1,71 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.agent.api;
+
+import com.cloud.vm.VirtualMachine;
+
+public class NetworkRulesVmSecondaryIpCommand extends Command {
+
+    private String vmName;
+    private VirtualMachine.Type type;
+    private String vmSecIp;
+    private String vmMac;
+    private String action;
+
+    public NetworkRulesVmSecondaryIpCommand(String vmName, VirtualMachine.Type type) {
+        this.vmName = vmName;
+        this.type = type;
+    }
+
+
+    public NetworkRulesVmSecondaryIpCommand(String vmName, String vmMac,
+            String secondaryIp, boolean action) {
+        this.vmName = vmName;
+        this.vmMac = vmMac;
+        this.vmSecIp = secondaryIp;
+        if (action) {
+            this.action = "-A";
+        } else {
+            this.action = "-D";
+        }
+    }
+
+    public String getVmName() {
+        return vmName;
+    }
+
+    public VirtualMachine.Type getType() {
+        return type;
+    }
+
+    public String getVmSecIp() {
+        return vmSecIp;
+    }
+
+    public String getVmMac() {
+        return vmMac;
+    }
+
+    public String getAction() {
+        return action;
+    }
+
+    @Override
+    public boolean executeInSequence() {
+        return false;
+    }
+}