Feature #3175: Sec groups store the VMs using them

include/NebulaUtil.h

@@ -84,6 +84,15 @@ namespace one_util
             const std::string& st,
             char delim,
             bool clean_empty=true);
+
+    /**
+     * Joins the strings with the given delimiter
+     *
+     * @param v vector with the strings to join
+     * @param delim delimiter character
+     * @return the joined strings
+     */
+    std::string join(const std::vector<std::string>& v, char delim);
 };
 
 #endif /* _NEBULA_UTIL_H_ */

include/ObjectCollection.h

@@ -55,7 +55,7 @@ public:
      *  Returns how many IDs are there in the set.
      *    @return how many IDs are there in the set.
      */
-    int get_collection_size()
+    int get_collection_size() const
     {
         return collection_set.size();
     };

include/RequestManagerDelete.h

@@ -332,6 +332,8 @@ public:
     };
 
     ~SecurityGroupDelete(){};
+
+    int drop(int oid, PoolObjectSQL * object, string& error_msg);
 };
 
 /* -------------------------------------------------------------------------- */

include/SecurityGroup.h

@@ -18,6 +18,7 @@
 #define SECURITYGROUP_H_
 
 #include "PoolObjectSQL.h"
+#include "ObjectCollection.h"
 
 using namespace std;
 
@@ -52,6 +53,40 @@ public:
         return new Template(obj_template);
     };
 
+    /* ---------------------------------------------------------------------- */
+    /*   Access VM Counter                                                    */
+    /* ---------------------------------------------------------------------- */
+
+    /**
+     *  Adds a VM ID to the set.
+     *    @param vm_id The new id
+     *
+     *    @return 0 on success, -1 if the ID was already in the set
+     */
+    int add_vm(int vm_id)
+    {
+        return vm_collection.add_collection_id(vm_id);
+    }
+
+    /**
+     *  Deletes a VM ID from the set.
+     *    @param vm_id The id
+     *
+     *    @return 0 on success, -1 if the ID was not in the set
+     */
+    int del_vm(int vm_id)
+    {
+        return vm_collection.del_collection_id(vm_id);
+    }
+
+    /**
+     *  Returns how many VMs are using the security group.
+     *    @return how many IDs are there in the set.
+     */
+    int get_vms() const
+    {
+        return vm_collection.get_collection_size();
+    }
 private:
 
     // -------------------------------------------------------------------------
@@ -128,6 +163,11 @@ private:
     {
         return new Template;
     }
+
+    /**
+     *  Stores a collection with the VMs using the security group
+     */
+    ObjectCollection vm_collection;
 };
 
 #endif /*SECURITYGROUP_H_*/

include/VirtualMachine.h

@@ -1076,6 +1076,35 @@ public:
      */
     static int release_network_leases(VectorAttribute const * nic, int vmid);
 
+    /**
+     * Acquires the security groups of this NIC
+     *
+     * @param vm_id Virtual Machine oid
+     * @param nic NIC to get the security groups from
+     * @param error_str Returns the error reason, if any
+     * @return 0 on success, -1 otherwise
+     */
+    static int get_security_groups(
+            int vm_id, VectorAttribute const * nic, string &error_str);
+
+    /**
+     * Releases the security groups of this NIC
+     *
+     * @param vm_id Virtual Machine oid
+     * @param nic NIC to release the security groups
+     * @param error_str Returns the error reason, if any
+     * @return 0 on success, -1 otherwise
+     */
+    static int release_security_groups(
+            int vm_id, VectorAttribute const * nic, string &error_str);
+
+    /**
+     * Returns a vector of the security group IDs of this NIC
+     * @param nic NIC to get the security groups from
+     * @return a vector of security group IDs
+     */
+    static vector<int> nic_security_groups(VectorAttribute const * nic);
+
     /**
      *  Get all disk images for this Virtual Machine
      *  @param error_str Returns the error reason, if any

src/common/NebulaUtil.cc

@@ -238,3 +238,23 @@ vector<string> one_util::split(const string& st, char delim, bool clean_empty)
 
     return parts;
 }
+
+/* -------------------------------------------------------------------------- */
+/* -------------------------------------------------------------------------- */
+
+string one_util::join(const vector<string>& v, char delim)
+{
+    ostringstream oss;
+
+    for(vector<string>::const_iterator it = v.begin(); it != v.end(); it++)
+    {
+        if (it != v.begin())
+        {
+            oss << delim;
+        }
+
+        oss << *it;
+    }
+
+    return oss.str();
+}

src/rm/RequestManagerDelete.cc

@@ -373,3 +373,22 @@ int VirtualNetworkDelete::drop(int oid, PoolObjectSQL * object, string& error_ms
 
     return rc;
 }
+
+/* ------------------------------------------------------------------------- */
+/* ------------------------------------------------------------------------- */
+
+int SecurityGroupDelete::drop(int oid, PoolObjectSQL * object, string& error_msg)
+{
+    SecurityGroup * sgroup = static_cast<SecurityGroup *>(object);
+
+    if ( sgroup->get_vms() > 0 )
+    {
+        error_msg = "The security group has VMs using it";
+
+        sgroup->unlock();
+
+        return -1;
+    }
+
+    return RequestManagerDelete::drop(oid, object, error_msg);
+}

src/secgroup/SecurityGroup.cc

@@ -38,7 +38,8 @@ SecurityGroup::SecurityGroup(
         const string&   _gname,
         int             _umask,
         Template*       sgroup_template):
-        PoolObjectSQL(-1, SECGROUP, "", _uid,_gid,_uname,_gname,table)
+        PoolObjectSQL(-1, SECGROUP, "", _uid,_gid,_uname,_gname,table),
+        vm_collection("VMS")
 {
     if (sgroup_template != 0)
     {
@@ -179,6 +180,7 @@ string& SecurityGroup::to_xml(string& xml) const
     ostringstream   oss;
     string          template_xml;
     string          perms_xml;
+    string          vm_collection_xml;
 
     oss <<
     "<SECURITY_GROUP>"    <<
@@ -189,6 +191,7 @@ string& SecurityGroup::to_xml(string& xml) const
         "<GNAME>"   << gname    << "</GNAME>"       <<
         "<NAME>"    << name     << "</NAME>"        <<
         perms_to_xml(perms_xml)                                   <<
+        vm_collection.to_xml(vm_collection_xml)                   <<
         obj_template->to_xml(template_xml) <<
     "</SECURITY_GROUP>";
 
@@ -233,6 +236,18 @@ int SecurityGroup::from_xml(const string& xml)
     ObjectXML::free_nodes(content);
     content.clear();
 
+    ObjectXML::get_nodes("/SECURITY_GROUP/VMS", content);
+
+    if (content.empty())
+    {
+        return -1;
+    }
+
+    rc += vm_collection.from_xml_node(content[0]);
+
+    ObjectXML::free_nodes(content);
+    content.clear();
+
     if (rc != 0)
     {
         return -1;

src/vm/VirtualMachine.cc

@@ -2262,7 +2262,9 @@ int VirtualMachine::set_up_attach_nic(
         return -1;
     }
 
-    return 0;
+    rc = get_security_groups(vm_id, new_nic, error_str);
+
+    return rc;
 }
 
 /* -------------------------------------------------------------------------- */
@@ -2622,6 +2624,13 @@ int VirtualMachine::get_network_leases(string& estr)
         {
             return -1;
         }
+
+        rc = get_security_groups(this->get_oid(), nic, estr);
+
+        if (rc == -1)
+        {
+            return -1;
+        }
     }
 
     return 0;
@@ -2688,12 +2697,15 @@ int VirtualMachine::release_network_leases(VectorAttribute const * nic, int vmid
     int     vnid;
     int     ar_id;
     string  mac;
+    string  error_msg;
 
     if ( nic == 0 )
     {
         return -1;
     }
 
+    release_security_groups(vmid, nic, error_msg);
+
     if (nic->vector_value("NETWORK_ID", vnid) != 0)
     {
         return -1;
@@ -2732,6 +2744,98 @@ int VirtualMachine::release_network_leases(VectorAttribute const * nic, int vmid
 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */
 
+vector<int> VirtualMachine::nic_security_groups(VectorAttribute const * nic)
+{
+    int         secgroup_id;
+    vector<int> result;
+    vector<string>::const_iterator it;
+
+    vector<string> secgroups =
+            one_util::split(nic->vector_value("SECURITY_GROUPS"), ',');
+
+    for (it = secgroups.begin(); it != secgroups.end(); it++)
+    {
+        istringstream iss(*it);
+        iss >> secgroup_id;
+
+        if ( iss.fail() )
+        {
+            continue;
+        }
+
+        result.push_back(secgroup_id);
+    }
+
+    return result;
+}
+
+/* -------------------------------------------------------------------------- */
+/* -------------------------------------------------------------------------- */
+
+int VirtualMachine::get_security_groups(
+        int vm_id, VectorAttribute const * nic, string &error_str)
+{
+    vector<int>::const_iterator it;
+    vector<int> secgroups = nic_security_groups(nic);
+
+    SecurityGroup*      sgroup;
+    SecurityGroupPool*  sgroup_pool = Nebula::instance().get_secgrouppool();
+
+    for (it = secgroups.begin(); it != secgroups.end(); it++)
+    {
+        sgroup = sgroup_pool->get(*it, true);
+
+        if (sgroup == 0)
+        {
+            continue;
+        }
+
+        sgroup->add_vm(vm_id);
+
+        sgroup_pool->update(sgroup);
+
+        sgroup->unlock();
+    }
+
+    // TODO: error handling
+    return 0;
+}
+
+/* -------------------------------------------------------------------------- */
+/* -------------------------------------------------------------------------- */
+
+int VirtualMachine::release_security_groups(
+        int vm_id, VectorAttribute const * nic, string &error_str)
+{
+    vector<int>::const_iterator it;
+    vector<int> secgroups = nic_security_groups(nic);
+
+    SecurityGroup*      sgroup;
+    SecurityGroupPool*  sgroup_pool = Nebula::instance().get_secgrouppool();
+
+    for (it = secgroups.begin(); it != secgroups.end(); it++)
+    {
+        sgroup = sgroup_pool->get(*it, true);
+
+        if (sgroup == 0)
+        {
+            continue;
+        }
+
+        sgroup->del_vm(vm_id);
+
+        sgroup_pool->update(sgroup);
+
+        sgroup->unlock();
+    }
+
+    // TODO: error handling
+    return 0;
+}
+
+/* -------------------------------------------------------------------------- */
+/* -------------------------------------------------------------------------- */
+
 int VirtualMachine::generate_context(string &files, int &disk_id, string& token_password)
 {
     ofstream file;

src/vnm/VirtualNetwork.cc

@@ -530,6 +530,10 @@ int VirtualNetwork::nic_attribute(
     string inherit_val;
     vector<string>::const_iterator it;
 
+    vector<string>  nic_sgroups;
+    string          st_sgroups;
+    int             ar_id;
+
     //--------------------------------------------------------------------------
     //  Set default values from the Virtual Network
     //--------------------------------------------------------------------------
@@ -593,6 +597,29 @@ int VirtualNetwork::nic_attribute(
         rc = allocate_addr(vid, nic, inherit_attrs);
     }
 
+    //--------------------------------------------------------------------------
+    //  Copy the security group IDs
+    //--------------------------------------------------------------------------
+
+    nic_sgroups = one_util::split(nic->vector_value("SECURITY_GROUPS"), ',');
+
+    obj_template->get("SECURITY_GROUPS", st_sgroups);
+
+    vector<string> vnet_sgroups = one_util::split(st_sgroups, ',');
+
+    nic_sgroups.insert(nic_sgroups.end(), vnet_sgroups.begin(), vnet_sgroups.end());
+
+    if (nic->vector_value("AR_ID", ar_id) == 0)
+    {
+        get_template_attribute("SECURITY_GROUPS", st_sgroups, ar_id);
+
+        vector<string> vnet_sgroups = one_util::split(st_sgroups, ',');
+
+        nic_sgroups.insert(nic_sgroups.end(), vnet_sgroups.begin(), vnet_sgroups.end());
+    }
+
+    nic->replace("SECURITY_GROUPS", one_util::join(nic_sgroups, ','));
+
     return rc;
 }