cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From muralire...@apache.org
Subject [07/93] [abbrv] [partial] merge master
Date Mon, 13 May 2013 15:53:27 GMT
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java b/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java
new file mode 100644
index 0000000..cc780cb
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java
@@ -0,0 +1,162 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+// 
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.rules.dao;
+
+import java.util.List;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.network.dao.FirewallRulesCidrsDao;
+import com.cloud.network.dao.FirewallRulesCidrsDaoImpl;
+import com.cloud.network.rules.FirewallRule.Purpose;
+import com.cloud.network.rules.FirewallRule.State;
+import com.cloud.network.rules.PortForwardingRuleVO;
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Op;
+import com.cloud.vm.dao.NicSecondaryIpVO;
+
+@Component
+@Local(value=PortForwardingRulesDao.class)
+public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRuleVO, Long> implements PortForwardingRulesDao {
+
+    protected final SearchBuilder<PortForwardingRuleVO> AllFieldsSearch;
+    protected final SearchBuilder<PortForwardingRuleVO> ApplicationSearch;
+    protected final SearchBuilder<PortForwardingRuleVO> ActiveRulesSearch;
+    protected final SearchBuilder<PortForwardingRuleVO> AllRulesSearchByVM;
+    protected final SearchBuilder<PortForwardingRuleVO> ActiveRulesSearchByAccount;
+
+    @Inject protected FirewallRulesCidrsDao _portForwardingRulesCidrsDao;
+    
+    protected PortForwardingRulesDaoImpl() {
+        super();
+        AllFieldsSearch = createSearchBuilder();
+        AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ);
+        AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), Op.EQ);
+        AllFieldsSearch.and("ipId", AllFieldsSearch.entity().getSourceIpAddressId(), Op.EQ);
+        AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ);
+        AllFieldsSearch.and("networkId", AllFieldsSearch.entity().getNetworkId(), Op.EQ);
+        AllFieldsSearch.and("vmId", AllFieldsSearch.entity().getVirtualMachineId(), Op.EQ);
+        AllFieldsSearch.and("purpose", AllFieldsSearch.entity().getPurpose(), Op.EQ);
+        AllFieldsSearch.and("dstIp", AllFieldsSearch.entity().getDestinationIpAddress(), Op.EQ);
+        AllFieldsSearch.done();
+        
+        ApplicationSearch = createSearchBuilder();
+        ApplicationSearch.and("ipId", ApplicationSearch.entity().getSourceIpAddressId(), Op.EQ);
+        ApplicationSearch.and("state", ApplicationSearch.entity().getState(), Op.NEQ);
+        ApplicationSearch.and("purpose", ApplicationSearch.entity().getPurpose(), Op.EQ);
+        ApplicationSearch.done();
+        
+        
+        ActiveRulesSearch = createSearchBuilder();
+        ActiveRulesSearch.and("ipId", ActiveRulesSearch.entity().getSourceIpAddressId(), Op.EQ);
+        ActiveRulesSearch.and("networkId", ActiveRulesSearch.entity().getNetworkId(), Op.EQ);
+        ActiveRulesSearch.and("state", ActiveRulesSearch.entity().getState(), Op.NEQ);
+        ActiveRulesSearch.and("purpose", ActiveRulesSearch.entity().getPurpose(), Op.EQ);
+        ActiveRulesSearch.done();
+        
+        AllRulesSearchByVM = createSearchBuilder();
+        AllRulesSearchByVM.and("vmId", AllRulesSearchByVM.entity().getVirtualMachineId(), Op.EQ);
+        AllRulesSearchByVM.and("purpose", AllRulesSearchByVM.entity().getPurpose(), Op.EQ);
+        AllRulesSearchByVM.done();
+        
+        ActiveRulesSearchByAccount = createSearchBuilder();
+        ActiveRulesSearchByAccount.and("accountId", ActiveRulesSearchByAccount.entity().getAccountId(), Op.EQ);
+        ActiveRulesSearchByAccount.and("state", ActiveRulesSearchByAccount.entity().getState(), Op.NEQ);
+        ActiveRulesSearchByAccount.and("purpose", ActiveRulesSearchByAccount.entity().getPurpose(), Op.EQ);
+        ActiveRulesSearchByAccount.done();
+    }
+
+    @Override
+    public List<PortForwardingRuleVO> listForApplication(long ipId) {
+        SearchCriteria<PortForwardingRuleVO> sc = ApplicationSearch.create();
+        sc.setParameters("ipId", ipId);
+        sc.setParameters("state", State.Staged);
+        sc.setParameters("purpose", Purpose.PortForwarding);
+        
+        return listBy(sc, null);
+    }
+    
+    @Override
+    public List<PortForwardingRuleVO> listByVm(Long vmId) {
+    	SearchCriteria<PortForwardingRuleVO> sc = AllRulesSearchByVM.create();
+    	sc.setParameters("vmId", vmId);
+    	sc.setParameters("purpose", Purpose.PortForwarding);
+    	
+    	return listBy(sc, null);
+    }
+
+    @Override
+    public List<PortForwardingRuleVO> listByIpAndNotRevoked(long ipId) {
+        SearchCriteria<PortForwardingRuleVO> sc = ActiveRulesSearch.create();
+        sc.setParameters("ipId", ipId);
+        sc.setParameters("state", State.Revoke);
+        sc.setParameters("purpose", Purpose.PortForwarding);
+        
+        return listBy(sc, null);
+    }
+    
+    @Override
+    public List<PortForwardingRuleVO> listByNetworkAndNotRevoked(long networkId) {
+        SearchCriteria<PortForwardingRuleVO> sc = ActiveRulesSearch.create();
+        sc.setParameters("networkId", networkId);
+        sc.setParameters("state", State.Revoke);
+        sc.setParameters("purpose", Purpose.PortForwarding);
+        
+        return listBy(sc, null);
+    }
+    
+    @Override
+    public List<PortForwardingRuleVO> listByIp(long ipId) {
+        SearchCriteria<PortForwardingRuleVO> sc = AllFieldsSearch.create();
+        sc.setParameters("ipId", ipId);
+        sc.setParameters("purpose", Purpose.PortForwarding);
+        
+        return listBy(sc, null);
+    }
+    
+    @Override
+    public List<PortForwardingRuleVO> listByNetwork(long networkId) {
+        SearchCriteria<PortForwardingRuleVO> sc = AllFieldsSearch.create();
+        sc.setParameters("networkId", networkId);
+        sc.setParameters("purpose", Purpose.PortForwarding);
+        
+        return listBy(sc);
+    }
+
+    @Override
+    public List<PortForwardingRuleVO> listByAccount(long accountId) {
+        SearchCriteria<PortForwardingRuleVO> sc = ActiveRulesSearchByAccount.create();
+        sc.setParameters("accountId", accountId);
+        sc.setParameters("state", State.Revoke);
+        sc.setParameters("purpose", Purpose.PortForwarding);
+        
+        return listBy(sc);
+    }
+    @Override
+    public List<PortForwardingRuleVO> listByDestIpAddr(String ip4Address) {
+        SearchCriteria<PortForwardingRuleVO> sc = AllFieldsSearch.create();
+        sc.setParameters("dstIp", ip4Address);
+        return listBy(sc);
+    }
+  
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/SecurityGroupRuleVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupRuleVO.java b/engine/schema/src/com/cloud/network/security/SecurityGroupRuleVO.java
new file mode 100644
index 0000000..f01b50f
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/SecurityGroupRuleVO.java
@@ -0,0 +1,167 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security;
+
+import java.util.UUID;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import com.cloud.async.AsyncInstanceCreateStatus;
+import com.google.gson.annotations.Expose;
+import org.apache.cloudstack.api.InternalIdentity;
+
+@Entity
+@Table(name = ("security_group_rule"))
+public class SecurityGroupRuleVO implements SecurityRule {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name = "id")
+    private long id;
+
+    @Column(name = "security_group_id")
+    private long securityGroupId;
+
+    @Column(name = "start_port")
+    private int startPort;
+
+    @Column(name = "end_port")
+    private int endPort;
+
+    @Column(name = "type")
+    private String type;
+
+    @Column(name = "protocol")
+    private String protocol;
+
+    @Column(name = "allowed_network_id", nullable = true)
+    private Long allowedNetworkId = null;
+
+    @Column(name = "allowed_ip_cidr", nullable = true)
+    private String allowedSourceIpCidr = null;
+
+    @Expose
+    @Column(name = "create_status", updatable = true, nullable = false)
+    @Enumerated(value = EnumType.STRING)
+    private AsyncInstanceCreateStatus createStatus;
+
+    @Column(name = "uuid")
+    private String uuid;
+    
+    public SecurityGroupRuleVO() {
+    	this.uuid = UUID.randomUUID().toString();
+    }
+
+    public SecurityGroupRuleVO(SecurityRuleType type,long securityGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId ) {
+        this.securityGroupId = securityGroupId;
+        this.startPort = fromPort;
+        this.endPort = toPort;
+        this.protocol = protocol;
+        this.allowedNetworkId = allowedNetworkId;
+    	this.uuid = UUID.randomUUID().toString();
+        if (type == SecurityRuleType.IngressRule) {
+            this.type = SecurityRuleType.IngressRule.getType();
+        } else {
+            this.type = SecurityRuleType.EgressRule.getType();
+        }
+    }
+
+    public SecurityGroupRuleVO(SecurityRuleType type,long securityGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr) {
+        this.securityGroupId = securityGroupId;
+        this.startPort = fromPort;
+        this.endPort = toPort;
+        this.protocol = protocol;
+        this.allowedSourceIpCidr = allowedIpCidr;
+    	this.uuid = UUID.randomUUID().toString();
+        if (type == SecurityRuleType.IngressRule) {
+            this.type = SecurityRuleType.IngressRule.getType();
+        } else {
+            this.type = SecurityRuleType.EgressRule.getType();
+        }
+    }
+
+    @Override
+    public long getId() {
+        return id;
+    }
+    
+    @Override
+    public String getType() {
+        return type;
+    }
+
+    @Override
+    public long getSecurityGroupId() {
+        return securityGroupId;
+    }
+    
+    public SecurityRuleType getRuleType() {
+        if ("ingress".equalsIgnoreCase(this.type))
+            return SecurityRuleType.IngressRule;
+        else
+            return SecurityRuleType.EgressRule;
+    }
+    
+    @Override
+    public int getStartPort() {
+        return startPort;
+    }
+
+    @Override
+    public int getEndPort() {
+        return endPort;
+    }
+
+    @Override
+    public String getProtocol() {
+        return protocol;
+    }
+
+    @Override
+    public AsyncInstanceCreateStatus getCreateStatus() {
+        return createStatus;
+    }
+
+    public void setCreateStatus(AsyncInstanceCreateStatus createStatus) {
+        this.createStatus = createStatus;
+    }
+
+    @Override
+    public Long getAllowedNetworkId() {
+        return allowedNetworkId;
+    }
+
+    @Override
+    public String getAllowedSourceIpCidr() {
+        return allowedSourceIpCidr;
+    }
+    
+    @Override
+    public String getUuid() {
+    	return this.uuid;
+    }
+    
+    public void setUuid(String uuid) {
+    	this.uuid = uuid;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/SecurityGroupRulesVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupRulesVO.java b/engine/schema/src/com/cloud/network/security/SecurityGroupRulesVO.java
new file mode 100644
index 0000000..c74152e
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/SecurityGroupRulesVO.java
@@ -0,0 +1,169 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.PrimaryKeyJoinColumn;
+import javax.persistence.SecondaryTable;
+import javax.persistence.Table;
+
+import com.cloud.network.security.SecurityRule.SecurityRuleType;
+import com.cloud.utils.db.JoinType;
+import org.apache.cloudstack.api.InternalIdentity;
+
+@Entity
+@Table(name = ("security_group"))
+@JoinType(type = "left")
+@SecondaryTable(name = "security_group_rule", pkJoinColumns = { @PrimaryKeyJoinColumn(name = "id", referencedColumnName = "security_group_id") })
+public class SecurityGroupRulesVO implements SecurityGroupRules {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name = "id")
+    private long id;
+
+    @Column(name = "name")
+    private String name;
+
+    @Column(name = "description")
+    private String description;
+
+    @Column(name = "domain_id")
+    private Long domainId;
+
+    @Column(name = "account_id")
+    private Long accountId;
+
+    @Column(name = "id", table = "security_group_rule", insertable = false, updatable = false)
+    private Long ruleId;
+
+    @Column(name = "uuid", table = "security_group_rule", insertable = false, updatable = false)
+    private String ruleUuid;
+
+    @Column(name = "start_port", table = "security_group_rule", insertable = false, updatable = false)
+    private int startPort;
+
+    @Column(name = "end_port", table = "security_group_rule", insertable = false, updatable = false)
+    private int endPort;
+
+    @Column(name = "protocol", table = "security_group_rule", insertable = false, updatable = false)
+    private String protocol;
+
+    @Column(name = "type", table = "security_group_rule", insertable = false, updatable = false)
+    private String type;
+
+    @Column(name = "allowed_network_id", table = "security_group_rule", insertable = false, updatable = false, nullable = true)
+    private Long allowedNetworkId = null;
+
+    @Column(name = "allowed_ip_cidr", table = "security_group_rule", insertable = false, updatable = false, nullable = true)
+    private String allowedSourceIpCidr = null;
+
+    public SecurityGroupRulesVO() {
+    }
+
+    public SecurityGroupRulesVO(long id) {
+        this.id = id;
+    }
+
+    public SecurityGroupRulesVO(long id, String name, String description, Long domainId, Long accountId, Long ruleId, String ruleUuid, int startPort, int endPort, String protocol, Long allowedNetworkId,
+            String allowedSourceIpCidr) {
+        this.id = id;
+        this.name = name;
+        this.description = description;
+        this.domainId = domainId;
+        this.accountId = accountId;
+        this.ruleId = ruleId;
+        this.ruleUuid = ruleUuid;
+        this.startPort = startPort;
+        this.endPort = endPort;
+        this.protocol = protocol;
+        this.allowedNetworkId = allowedNetworkId;
+        this.allowedSourceIpCidr = allowedSourceIpCidr;
+    }
+
+    @Override
+    public long getId() {
+        return id;
+    }
+
+    @Override
+    public String getName() {
+        return name;
+    }
+
+    @Override
+    public String getDescription() {
+        return description;
+    }
+
+    @Override
+    public Long getDomainId() {
+        return domainId;
+    }
+
+    @Override
+    public Long getAccountId() {
+        return accountId;
+    }
+
+    @Override
+    public Long getRuleId() {
+        return ruleId;
+    }
+
+    @Override
+    public String getRuleUuid() {
+        return ruleUuid;
+    }
+
+    @Override
+    public int getStartPort() {
+        return startPort;
+    }
+
+    @Override
+    public int getEndPort() {
+        return endPort;
+    }
+
+    @Override
+    public String getProtocol() {
+        return protocol;
+    }
+
+    @Override
+    public SecurityRuleType getRuleType() {
+        if ("ingress".equalsIgnoreCase(this.type)) {
+            return SecurityRuleType.IngressRule;
+        } else {
+            return SecurityRuleType.EgressRule;
+        }
+    }
+
+    @Override
+    public Long getAllowedNetworkId() {
+        return allowedNetworkId;
+    }
+
+    @Override
+    public String getAllowedSourceIpCidr() {
+        return allowedSourceIpCidr;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/SecurityGroupVMMapVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupVMMapVO.java b/engine/schema/src/com/cloud/network/security/SecurityGroupVMMapVO.java
new file mode 100644
index 0000000..75bde33
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/SecurityGroupVMMapVO.java
@@ -0,0 +1,89 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.PrimaryKeyJoinColumn;
+import javax.persistence.SecondaryTable;
+import javax.persistence.SecondaryTables;
+import javax.persistence.Table;
+
+import com.cloud.vm.VirtualMachine.State;
+import org.apache.cloudstack.api.InternalIdentity;
+
+@Entity
+@Table(name = ("security_group_vm_map"))
+@SecondaryTables({ @SecondaryTable(name = "nics", pkJoinColumns = { @PrimaryKeyJoinColumn(name = "instance_id", referencedColumnName = "instance_id") }),
+        @SecondaryTable(name = "vm_instance", pkJoinColumns = { @PrimaryKeyJoinColumn(name = "instance_id", referencedColumnName = "id") }),
+        @SecondaryTable(name = "security_group", pkJoinColumns = { @PrimaryKeyJoinColumn(name = "security_group_id", referencedColumnName = "id") }) })
+public class SecurityGroupVMMapVO implements InternalIdentity {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name = "id")
+    private Long id;
+
+    @Column(name = "security_group_id")
+    private long securityGroupId;
+
+    @Column(name = "instance_id")
+    private long instanceId;
+
+    @Column(name = "ip4_address", table = "nics", insertable = false, updatable = false)
+    private String guestIpAddress;
+
+    @Column(name = "state", table = "vm_instance", insertable = false, updatable = false)
+    private State vmState;
+
+    @Column(name = "name", table = "security_group", insertable = false, updatable = false)
+    private String groupName;
+
+    public SecurityGroupVMMapVO() {
+    }
+
+    public SecurityGroupVMMapVO(long securityGroupId, long instanceId) {
+        this.securityGroupId = securityGroupId;
+        this.instanceId = instanceId;
+    }
+
+    public long getId() {
+        return id;
+    }
+
+    public long getSecurityGroupId() {
+        return securityGroupId;
+    }
+
+    public String getGuestIpAddress() {
+        return guestIpAddress;
+    }
+
+    public long getInstanceId() {
+        return instanceId;
+    }
+
+    public State getVmState() {
+        return vmState;
+    }
+
+    public String getGroupName() {
+        return groupName;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java b/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java
new file mode 100644
index 0000000..be7c593
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java
@@ -0,0 +1,99 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security;
+
+import java.util.UUID;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.apache.cloudstack.api.Identity;
+import org.apache.cloudstack.api.InternalIdentity;
+
+@Entity
+@Table(name = ("security_group"))
+public class SecurityGroupVO implements SecurityGroup {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name = "id")
+    private long id;
+
+    @Column(name = "name")
+    private String name;
+
+    @Column(name = "description")
+    private String description;
+
+    @Column(name = "domain_id")
+    private long domainId;
+
+    @Column(name = "account_id")
+    private long accountId;
+
+    @Column(name = "uuid")
+    private String uuid;
+    
+    public SecurityGroupVO() {
+    	this.uuid = UUID.randomUUID().toString();
+    }
+
+    public SecurityGroupVO(String name, String description, long domainId, long accountId) {
+        this.name = name;
+        this.description = description;
+        this.domainId = domainId;
+        this.accountId = accountId;
+    	this.uuid = UUID.randomUUID().toString();
+    }
+
+    @Override
+    public long getId() {
+        return id;
+    }
+
+    @Override
+    public String getName() {
+        return name;
+    }
+
+    @Override
+    public String getDescription() {
+        return description;
+    }
+
+    @Override
+    public long getDomainId() {
+        return domainId;
+    }
+
+    @Override
+    public long getAccountId() {
+        return accountId;
+    }
+    
+    @Override
+    public String getUuid() {
+    	return this.uuid;
+    }
+    
+    public void setUuid(String uuid) {
+    	this.uuid = uuid;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/SecurityGroupWork.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupWork.java b/engine/schema/src/com/cloud/network/security/SecurityGroupWork.java
new file mode 100644
index 0000000..e50f3eb
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/SecurityGroupWork.java
@@ -0,0 +1,40 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security;
+
+import org.apache.cloudstack.api.InternalIdentity;
+
+/**
+ * Work related to security groups for a vm
+ *
+ */
+public interface SecurityGroupWork {
+    
+    public enum Step {
+        Scheduled,
+        Processing,
+        Done,
+        Error
+    }
+    
+    Long getInstanceId();
+    Long getLogsequenceNumber();
+    Step getStep();
+    void setStep(Step step);
+    public abstract void setLogsequenceNumber(Long logsequenceNumber);
+    
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/SecurityGroupWorkVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupWorkVO.java b/engine/schema/src/com/cloud/network/security/SecurityGroupWorkVO.java
new file mode 100644
index 0000000..33d30fb
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/SecurityGroupWorkVO.java
@@ -0,0 +1,135 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security;
+
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+import javax.persistence.Temporal;
+import javax.persistence.TemporalType;
+
+import com.cloud.utils.db.GenericDao;
+import org.apache.cloudstack.api.InternalIdentity;
+
+@Entity
+@Table(name="op_nwgrp_work")
+public class SecurityGroupWorkVO implements SecurityGroupWork, InternalIdentity {
+	
+	
+    @Id
+    @GeneratedValue(strategy=GenerationType.IDENTITY)
+    @Column(name="id")
+    private Long id;
+    
+    @Column(name="instance_id", updatable=false, nullable=false)
+    private Long instanceId;    // vm_instance id
+    
+    
+    @Column(name="mgmt_server_id", nullable=true)
+    private Long serverId;
+    
+    @Column(name=GenericDao.CREATED_COLUMN)
+    private Date created;
+    
+    
+    @Column(name="step", nullable = false)
+    @Enumerated(value=EnumType.STRING)
+    private Step step;
+    
+    @Column(name="taken", nullable=true)
+    @Temporal(value=TemporalType.TIMESTAMP)
+    private Date dateTaken;
+    
+    @Column(name="seq_no", nullable=true)
+    private Long logsequenceNumber = null;
+
+    
+    protected SecurityGroupWorkVO() {
+    }
+    
+    public long getId() {
+        return id;
+    }
+    
+    public Long getInstanceId() {
+        return instanceId;
+    }
+    
+   
+    public Long getServerId() {
+        return serverId;
+    }
+  
+
+    public void setServerId(final Long serverId) {
+        this.serverId = serverId;
+    }
+
+    public Date getCreated() {
+        return created;
+    }
+
+
+
+	public SecurityGroupWorkVO(Long instanceId, Long serverId, Date created,
+			Step step, Date dateTaken) {
+		super();
+		this.instanceId = instanceId;
+		this.serverId = serverId;
+		this.created = created;
+		this.step = step;
+		this.dateTaken = dateTaken;
+	}
+
+	@Override
+	public String toString() {
+    	return new StringBuilder("[NWGrp-Work:id=").append(id).append(":vm=").append(instanceId).append("]").toString();
+    }
+
+	public Date getDateTaken() {
+		return dateTaken;
+	}
+
+	public void setStep(Step step) {
+		this.step = step;
+	}
+
+	public Step getStep() {
+		return step;
+	}
+
+	public void setDateTaken(Date date) {
+		dateTaken = date;
+	}
+
+	public Long getLogsequenceNumber() {
+		return logsequenceNumber;
+	}
+
+	@Override
+    public void setLogsequenceNumber(Long logsequenceNumber) {
+		this.logsequenceNumber = logsequenceNumber;
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/VmRulesetLogVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/VmRulesetLogVO.java b/engine/schema/src/com/cloud/network/security/VmRulesetLogVO.java
new file mode 100644
index 0000000..2090ce3
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/VmRulesetLogVO.java
@@ -0,0 +1,81 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security;
+
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import com.cloud.utils.db.GenericDao;
+import org.apache.cloudstack.api.InternalIdentity;
+
+/**
+ * Records the intent to update a VM's ingress ruleset
+ *
+ */
+@Entity
+@Table(name="op_vm_ruleset_log")
+public class VmRulesetLogVO implements InternalIdentity {
+	@Id
+    @GeneratedValue(strategy=GenerationType.IDENTITY)
+    @Column(name="id")
+    private Long id;
+    
+    @Column(name="instance_id", updatable=false, nullable=false)
+    private Long instanceId;    // vm_instance id
+    
+    @Column(name=GenericDao.CREATED_COLUMN)
+    private Date created;
+    
+    @Column(name="logsequence")
+    long logsequence;
+    
+    protected VmRulesetLogVO() {
+    	
+    }
+
+	public VmRulesetLogVO(Long instanceId) {
+		super();
+		this.instanceId = instanceId;
+	}
+
+	public long getId() {
+		return id;
+	}
+
+	public Long getInstanceId() {
+		return instanceId;
+	}
+
+	public Date getCreated() {
+		return created;
+	}
+
+	public long getLogsequence() {
+		return logsequence;
+	}
+    
+	public void incrLogsequence() {
+		logsequence++;
+	}
+    
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDao.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDao.java
new file mode 100644
index 0000000..482e13c
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDao.java
@@ -0,0 +1,30 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security.dao;
+
+import java.util.List;
+
+import com.cloud.network.security.SecurityGroupVO;
+import com.cloud.utils.db.GenericDao;
+
+public interface SecurityGroupDao extends GenericDao<SecurityGroupVO, Long> {
+    List<SecurityGroupVO> listByAccountId(long accountId);
+    boolean isNameInUse(Long accountId, Long domainId, String name);
+    SecurityGroupVO findByAccountAndName(Long accountId, String name);
+    List<SecurityGroupVO> findByAccountAndNames(Long accountId, String... names);
+    int removeByAccountId(long accountId); 
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java
new file mode 100644
index 0000000..d82cc4a
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java
@@ -0,0 +1,136 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security.dao;
+
+import java.util.List;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.network.security.SecurityGroupVO;
+import com.cloud.server.ResourceTag.TaggedResourceType;
+import com.cloud.tags.dao.ResourceTagDao;
+import com.cloud.tags.dao.ResourceTagsDaoImpl;
+
+import com.cloud.utils.db.DB;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.Transaction;
+
+@Component
+@Local(value={SecurityGroupDao.class})
+public class SecurityGroupDaoImpl extends GenericDaoBase<SecurityGroupVO, Long> implements SecurityGroupDao {
+    private SearchBuilder<SecurityGroupVO> AccountIdSearch;
+    private SearchBuilder<SecurityGroupVO> AccountIdNameSearch;
+    private SearchBuilder<SecurityGroupVO> AccountIdNamesSearch;
+    @Inject ResourceTagDao _tagsDao;
+
+
+    protected SecurityGroupDaoImpl() {
+        AccountIdSearch = createSearchBuilder();
+        AccountIdSearch.and("accountId", AccountIdSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
+        AccountIdSearch.done();
+
+        AccountIdNameSearch = createSearchBuilder();
+        AccountIdNameSearch.and("accountId", AccountIdNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
+        AccountIdNameSearch.and("name", AccountIdNameSearch.entity().getName(), SearchCriteria.Op.EQ);
+        
+        AccountIdNamesSearch = createSearchBuilder();
+        AccountIdNamesSearch.and("accountId", AccountIdNamesSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
+        AccountIdNamesSearch.and("groupNames", AccountIdNamesSearch.entity().getName(), SearchCriteria.Op.IN);
+        AccountIdNameSearch.done();
+    }
+
+    @Override
+    public List<SecurityGroupVO> listByAccountId(long accountId) {
+        SearchCriteria<SecurityGroupVO> sc = AccountIdSearch.create();
+        sc.setParameters("accountId", accountId);
+        return listBy(sc);
+    }
+
+    @Override
+    public boolean isNameInUse(Long accountId, Long domainId, String name) {
+        SearchCriteria<SecurityGroupVO> sc = createSearchCriteria();
+        sc.addAnd("name", SearchCriteria.Op.EQ, name);
+        if (accountId != null) {
+            sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId);
+        } else {
+            sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId);
+            sc.addAnd("accountId", SearchCriteria.Op.NULL);
+        }
+
+        List<SecurityGroupVO> securityGroups = listBy(sc);
+        return ((securityGroups != null) && !securityGroups.isEmpty());
+    }
+
+	@Override
+	public SecurityGroupVO findByAccountAndName(Long accountId, String name) {
+		SearchCriteria<SecurityGroupVO> sc = AccountIdNameSearch.create();
+		sc.setParameters("accountId", accountId);
+		sc.setParameters("name", name);
+
+		return findOneIncludingRemovedBy(sc);
+	}
+
+	@Override
+	public List<SecurityGroupVO> findByAccountAndNames(Long accountId, String... names) {
+		SearchCriteria<SecurityGroupVO> sc = AccountIdNamesSearch.create();
+		sc.setParameters("accountId", accountId);
+
+		sc.setParameters("groupNames", (Object [])names);
+
+		return listBy(sc);
+	}
+	@Override
+	public int removeByAccountId(long accountId) {
+	    SearchCriteria<SecurityGroupVO> sc = AccountIdSearch.create();
+	    sc.setParameters("accountId", accountId);
+	    return expunge(sc);
+	} 
+
+	
+	@Override
+    @DB
+    public boolean remove(Long id) {
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
+        SecurityGroupVO entry = findById(id);
+        if (entry != null) {
+            _tagsDao.removeByIdAndType(id, TaggedResourceType.SecurityGroup);
+        }
+        boolean result = super.remove(id);
+        txn.commit();
+        return result;
+    }
+	
+	@Override
+    @DB
+    public boolean expunge(Long id) {
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
+        SecurityGroupVO entry = findById(id);
+        if (entry != null) {
+            _tagsDao.removeByIdAndType(id, TaggedResourceType.SecurityGroup);
+        }
+        boolean result = super.expunge(id);
+        txn.commit();
+        return result;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDao.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDao.java
new file mode 100644
index 0000000..4668aa4
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDao.java
@@ -0,0 +1,35 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security.dao;
+
+import java.util.List;
+
+import com.cloud.network.security.SecurityGroupRuleVO;
+import com.cloud.network.security.SecurityRule.SecurityRuleType;
+import com.cloud.utils.db.GenericDao;
+
+public interface SecurityGroupRuleDao extends GenericDao<SecurityGroupRuleVO, Long> {
+    List<SecurityGroupRuleVO> listBySecurityGroupId(long securityGroupId, SecurityRuleType type);
+    List<SecurityGroupRuleVO> listByAllowedSecurityGroupId(long networkGroupId);
+    SecurityGroupRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort, int endPort, String cidr);
+    SecurityGroupRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String networkGroup);
+    SecurityGroupRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto, int startPort, int endPort, Long allowedGroupId);
+    int deleteBySecurityGroup(long securityGroupId);
+	int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort,int endPort, Long id);
+	int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort,int endPort, String cidr);
+
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDaoImpl.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDaoImpl.java
new file mode 100644
index 0000000..346ed26
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDaoImpl.java
@@ -0,0 +1,176 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security.dao;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.network.security.SecurityGroupRuleVO;
+import com.cloud.network.security.SecurityGroupVO;
+import com.cloud.network.security.SecurityRule.SecurityRuleType;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.JoinBuilder;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+@Component
+@Local(value={SecurityGroupRuleDao.class})
+public class SecurityGroupRuleDaoImpl extends GenericDaoBase<SecurityGroupRuleVO, Long> implements SecurityGroupRuleDao {
+	
+	@Inject SecurityGroupDao _securityGroupDao;
+	
+    protected SearchBuilder<SecurityGroupRuleVO> securityGroupIdSearch;
+    protected SearchBuilder<SecurityGroupRuleVO> securityGroupIdAndTypeSearch;
+    protected SearchBuilder<SecurityGroupRuleVO> allowedSecurityGroupIdSearch;
+    protected SearchBuilder<SecurityGroupRuleVO> protoPortsAndCidrSearch;
+    protected SearchBuilder<SecurityGroupRuleVO> protoPortsAndSecurityGroupNameSearch;
+    protected SearchBuilder<SecurityGroupRuleVO> protoPortsAndSecurityGroupIdSearch;
+
+
+
+    protected SecurityGroupRuleDaoImpl() {
+        securityGroupIdSearch  = createSearchBuilder();
+        securityGroupIdSearch.and("securityGroupId", securityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
+        securityGroupIdSearch.done();
+        
+        securityGroupIdAndTypeSearch  = createSearchBuilder();
+        securityGroupIdAndTypeSearch.and("securityGroupId", securityGroupIdAndTypeSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
+        securityGroupIdAndTypeSearch.and("type", securityGroupIdAndTypeSearch.entity().getType(), SearchCriteria.Op.EQ);
+        securityGroupIdAndTypeSearch.done();
+        
+        allowedSecurityGroupIdSearch  = createSearchBuilder();
+        allowedSecurityGroupIdSearch.and("allowedNetworkId", allowedSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
+        allowedSecurityGroupIdSearch.done();
+        
+        protoPortsAndCidrSearch = createSearchBuilder();
+        protoPortsAndCidrSearch.and("securityGroupId", protoPortsAndCidrSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
+        protoPortsAndCidrSearch.and("proto", protoPortsAndCidrSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
+        protoPortsAndCidrSearch.and("startPort", protoPortsAndCidrSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
+        protoPortsAndCidrSearch.and("endPort", protoPortsAndCidrSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
+        protoPortsAndCidrSearch.and("cidr", protoPortsAndCidrSearch.entity().getAllowedSourceIpCidr(), SearchCriteria.Op.EQ);
+        protoPortsAndCidrSearch.done();
+        
+        protoPortsAndSecurityGroupIdSearch = createSearchBuilder();
+        protoPortsAndSecurityGroupIdSearch.and("securityGroupId", protoPortsAndSecurityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupIdSearch.and("proto", protoPortsAndSecurityGroupIdSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupIdSearch.and("startPort", protoPortsAndSecurityGroupIdSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupIdSearch.and("endPort", protoPortsAndSecurityGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ);        
+        protoPortsAndSecurityGroupIdSearch.and("allowedNetworkId", protoPortsAndSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
+
+    }
+
+    public List<SecurityGroupRuleVO> listBySecurityGroupId(long securityGroupId, SecurityRuleType type) {
+        SearchCriteria<SecurityGroupRuleVO> sc = securityGroupIdAndTypeSearch.create();
+        sc.setParameters("securityGroupId", securityGroupId);
+        String dbType; 
+        if (type == SecurityRuleType.EgressRule) {
+            dbType = SecurityRuleType.EgressRule.getType();     
+        }else {
+            dbType = SecurityRuleType.IngressRule.getType();
+        }
+        
+        sc.setParameters("type", dbType);
+        return listBy(sc);
+    }
+
+    public int deleteBySecurityGroup(long securityGroupId) {
+        SearchCriteria<SecurityGroupRuleVO> sc = securityGroupIdSearch.create();
+        sc.setParameters("securityGroupId", securityGroupId);
+        return expunge(sc);
+    }
+
+    @Override
+    public List<SecurityGroupRuleVO> listByAllowedSecurityGroupId(long securityGroupId) {
+        SearchCriteria<SecurityGroupRuleVO> sc = allowedSecurityGroupIdSearch.create();
+        sc.setParameters("allowedNetworkId", securityGroupId);
+        return listBy(sc);
+    }
+
+    @Override
+    public SecurityGroupRuleVO findByProtoPortsAndCidr(long securityGroupId,
+            String proto, int startPort, int endPort, String cidr) {
+        SearchCriteria<SecurityGroupRuleVO> sc = protoPortsAndCidrSearch.create();
+        sc.setParameters("securityGroupId", securityGroupId);
+        sc.setParameters("proto", proto);
+        sc.setParameters("startPort", startPort);
+        sc.setParameters("endPort", endPort);
+        sc.setParameters("cidr", cidr);
+        return findOneIncludingRemovedBy(sc);
+    }
+
+    @Override
+    public SecurityGroupRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String securityGroup) {
+        SearchCriteria<SecurityGroupRuleVO> sc = protoPortsAndSecurityGroupNameSearch.create();
+        sc.setParameters("proto", proto);
+        sc.setParameters("startPort", startPort);
+        sc.setParameters("endPort", endPort);
+        sc.setJoinParameters("groupName", "groupName", securityGroup);
+        return findOneIncludingRemovedBy(sc);
+    }
+
+	@Override
+	public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+        protoPortsAndSecurityGroupNameSearch = createSearchBuilder();
+        protoPortsAndSecurityGroupNameSearch.and("proto", protoPortsAndSecurityGroupNameSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupNameSearch.and("startPort", protoPortsAndSecurityGroupNameSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupNameSearch.and("endPort", protoPortsAndSecurityGroupNameSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
+        SearchBuilder<SecurityGroupVO> ngSb = _securityGroupDao.createSearchBuilder();
+        ngSb.and("groupName", ngSb.entity().getName(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupNameSearch.join("groupName", ngSb, protoPortsAndSecurityGroupNameSearch.entity().getAllowedNetworkId(), ngSb.entity().getId(), JoinBuilder.JoinType.INNER);
+        protoPortsAndSecurityGroupNameSearch.done();
+        return super.configure(name, params);
+    }
+
+    @Override
+    public int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort, int endPort, Long allowedGroupId) {
+        SearchCriteria<SecurityGroupRuleVO> sc = protoPortsAndSecurityGroupIdSearch.create();
+        sc.setParameters("securityGroupId", securityGroupId);
+        sc.setParameters("proto", protocol);
+        sc.setParameters("startPort", startPort);
+        sc.setParameters("endPort", endPort);
+        sc.setParameters("allowedNetworkId", allowedGroupId);
+        return expunge(sc);
+    }
+
+    @Override
+    public int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort, int endPort, String cidr) {
+        SearchCriteria<SecurityGroupRuleVO> sc = protoPortsAndCidrSearch.create();
+        sc.setParameters("securityGroupId", securityGroupId);
+        sc.setParameters("proto", protocol);
+        sc.setParameters("startPort", startPort);
+        sc.setParameters("endPort", endPort);
+        sc.setParameters("cidr", cidr);
+        return expunge(sc);
+    }
+
+    @Override
+    public SecurityGroupRuleVO findByProtoPortsAndAllowedGroupId(long securityGroupId, String proto, int startPort, int endPort, Long allowedGroupId) {
+        SearchCriteria<SecurityGroupRuleVO> sc = protoPortsAndSecurityGroupIdSearch.create();
+        sc.addAnd("securityGroupId", SearchCriteria.Op.EQ, securityGroupId);
+        sc.setParameters("proto", proto);
+        sc.setParameters("startPort", startPort);
+        sc.setParameters("endPort", endPort);
+        sc.setParameters("allowedNetworkId", allowedGroupId);
+        return findOneIncludingRemovedBy(sc);
+    }
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java
new file mode 100644
index 0000000..b97662c
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java
@@ -0,0 +1,48 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security.dao;
+
+import java.util.List;
+
+import com.cloud.network.security.SecurityGroupRulesVO;
+import com.cloud.utils.db.GenericDao;
+
+public interface SecurityGroupRulesDao extends GenericDao<SecurityGroupRulesVO, Long> {
+	/**
+	 * List a security group and associated ingress rules
+	 * @return the list of ingress rules associated with the security group (and security group info)
+	 */
+	List<SecurityGroupRulesVO> listSecurityGroupRules(long accountId, String groupName);
+
+	/**
+	 * List security groups and associated ingress rules
+	 * @return the list of security groups with associated ingress rules
+	 */
+	List<SecurityGroupRulesVO> listSecurityGroupRules(long accountId);
+
+    /**
+     * List all security groups and associated ingress rules
+     * @return the list of security groups with associated ingress rules
+     */
+    List<SecurityGroupRulesVO> listSecurityGroupRules();
+    
+    /**
+     * List all security rules belonging to the specific group
+     * @return the security group with associated ingress rules
+     */
+    List<SecurityGroupRulesVO> listSecurityRulesByGroupId(long groupId);
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java
new file mode 100644
index 0000000..18ef57f
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java
@@ -0,0 +1,96 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security.dao;
+
+import java.util.List;
+
+import javax.ejb.Local;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.network.security.SecurityGroupRulesVO;
+import com.cloud.utils.db.Filter;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+@Component
+@Local(value={SecurityGroupRulesDao.class})
+public class SecurityGroupRulesDaoImpl extends GenericDaoBase<SecurityGroupRulesVO, Long> implements SecurityGroupRulesDao {
+    private SearchBuilder<SecurityGroupRulesVO> AccountGroupNameSearch;
+    private SearchBuilder<SecurityGroupRulesVO> AccountSearch;
+    private SearchBuilder<SecurityGroupRulesVO> GroupSearch;
+
+
+    protected SecurityGroupRulesDaoImpl() {
+        AccountGroupNameSearch = createSearchBuilder();
+        AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
+        AccountGroupNameSearch.and("name", AccountGroupNameSearch.entity().getName(), SearchCriteria.Op.EQ);
+        AccountGroupNameSearch.done();
+
+        AccountSearch = createSearchBuilder();
+        AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
+        AccountSearch.done();
+        
+        GroupSearch = createSearchBuilder();
+        GroupSearch.and("groupId", GroupSearch.entity().getId(), SearchCriteria.Op.EQ);
+        GroupSearch.done();
+        
+    }
+
+    @Override
+    public List<SecurityGroupRulesVO> listSecurityGroupRules() {
+        Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null);
+        return listAll(searchFilter);
+    }
+
+    @Override
+    public List<SecurityGroupRulesVO> listSecurityGroupRules(long accountId, String groupName) {
+        Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null);
+
+        SearchCriteria<SecurityGroupRulesVO> sc = AccountGroupNameSearch.create();
+        sc.setParameters("accountId", accountId);
+        sc.setParameters("name", groupName);
+
+        return listBy(sc, searchFilter);
+    }
+
+    @Override
+    public List<SecurityGroupRulesVO> listSecurityGroupRules(long accountId) {
+        Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null);
+        SearchCriteria<SecurityGroupRulesVO> sc = AccountSearch.create();
+        sc.setParameters("accountId", accountId);
+        return listBy(sc, searchFilter);
+    }
+    
+    @Override
+    public List<SecurityGroupRulesVO> listSecurityRulesByGroupId(long groupId) {
+        Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null);
+        SearchCriteria<SecurityGroupRulesVO> sc = GroupSearch.create();
+        sc.setParameters("groupId", groupId);
+        return listBy(sc, searchFilter);
+    }
+
+    @Override
+    public SecurityGroupRulesVO findByUuidIncludingRemoved(final String uuid) {
+        SearchCriteria<SecurityGroupRulesVO> sc = createSearchCriteria();
+        sc.addAnd("ruleUuid", SearchCriteria.Op.EQ, uuid);
+        SecurityGroupRulesVO rule = findOneIncludingRemovedBy(sc);
+        SecurityGroupRulesVO newRule = new SecurityGroupRulesVO(rule.getRuleId());
+        return newRule;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java
new file mode 100644
index 0000000..cbeae4f
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java
@@ -0,0 +1,38 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security.dao;
+
+import java.util.List;
+
+import com.cloud.network.security.SecurityGroupVMMapVO;
+import com.cloud.utils.Pair;
+import com.cloud.utils.db.Filter;
+import com.cloud.utils.db.GenericDao;
+import com.cloud.vm.VirtualMachine.State;
+
+public interface SecurityGroupVMMapDao extends GenericDao<SecurityGroupVMMapVO, Long> {
+    List<SecurityGroupVMMapVO> listByIpAndInstanceId(String ipAddress, long instanceId);
+    List<SecurityGroupVMMapVO> listByInstanceId(long instanceId);
+    Pair<List<SecurityGroupVMMapVO>, Integer> listByInstanceId(long instanceId, Filter filter);
+    List<SecurityGroupVMMapVO> listByIp(String ipAddress);
+    List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId);
+    List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId, State ... vmStates);
+    int deleteVM(long instanceid);
+	List<Long> listVmIdsBySecurityGroup(long securityGroupId);
+	SecurityGroupVMMapVO findByVmIdGroupId(long instanceId, long securityGroupId);
+	long countSGForVm(long instanceId);
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java
new file mode 100644
index 0000000..46135d1
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java
@@ -0,0 +1,166 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security.dao;
+
+import java.util.List;
+
+import javax.ejb.Local;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.dc.VlanVO;
+import com.cloud.dc.Vlan.VlanType;
+import com.cloud.network.dao.IPAddressVO;
+import com.cloud.network.security.SecurityGroupVMMapVO;
+import com.cloud.utils.Pair;
+import com.cloud.utils.db.Filter;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.GenericSearchBuilder;
+import com.cloud.utils.db.JoinBuilder;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Func;
+import com.cloud.utils.db.SearchCriteria.Op;
+import com.cloud.vm.VirtualMachine.State;
+
+@Component
+@Local(value={SecurityGroupVMMapDao.class})
+public class SecurityGroupVMMapDaoImpl extends GenericDaoBase<SecurityGroupVMMapVO, Long> implements SecurityGroupVMMapDao {
+    private SearchBuilder<SecurityGroupVMMapVO> ListByIpAndVmId;
+    private SearchBuilder<SecurityGroupVMMapVO> ListByVmId;
+    private SearchBuilder<SecurityGroupVMMapVO> ListByVmIdGroupId;
+    protected GenericSearchBuilder<SecurityGroupVMMapVO, Long> CountSGForVm;
+
+    private GenericSearchBuilder<SecurityGroupVMMapVO, Long> ListVmIdBySecurityGroup;
+
+    private SearchBuilder<SecurityGroupVMMapVO> ListByIp;
+    private SearchBuilder<SecurityGroupVMMapVO> ListBySecurityGroup;
+    private SearchBuilder<SecurityGroupVMMapVO> ListBySecurityGroupAndStates;
+
+    protected SecurityGroupVMMapDaoImpl() {
+        ListByIpAndVmId  = createSearchBuilder();
+        ListByIpAndVmId.and("ipAddress", ListByIpAndVmId.entity().getGuestIpAddress(), SearchCriteria.Op.EQ);
+        ListByIpAndVmId.and("instanceId", ListByIpAndVmId.entity().getInstanceId(), SearchCriteria.Op.EQ);
+        ListByIpAndVmId.done();
+
+        ListVmIdBySecurityGroup = createSearchBuilder(Long.class);
+        ListVmIdBySecurityGroup.and("securityGroupId", ListVmIdBySecurityGroup.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
+        ListVmIdBySecurityGroup.selectField(ListVmIdBySecurityGroup.entity().getInstanceId());
+        ListVmIdBySecurityGroup.done();
+        
+        ListBySecurityGroup = createSearchBuilder();
+        ListBySecurityGroup.and("securityGroupId", ListBySecurityGroup.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
+        ListBySecurityGroup.done();
+
+        ListByIp  = createSearchBuilder();
+        ListByIp.and("ipAddress", ListByIp.entity().getGuestIpAddress(), SearchCriteria.Op.EQ);
+        ListByIp.done();
+
+        ListByVmId  = createSearchBuilder();
+        ListByVmId.and("instanceId", ListByVmId.entity().getInstanceId(), SearchCriteria.Op.EQ);
+        ListByVmId.done();
+        
+        ListBySecurityGroupAndStates = createSearchBuilder();
+        ListBySecurityGroupAndStates.and("securityGroupId", ListBySecurityGroupAndStates.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
+        ListBySecurityGroupAndStates.and("states", ListBySecurityGroupAndStates.entity().getVmState(), SearchCriteria.Op.IN);
+        ListBySecurityGroupAndStates.done();
+        
+        ListByVmIdGroupId  = createSearchBuilder();
+        ListByVmIdGroupId.and("instanceId", ListByVmIdGroupId.entity().getInstanceId(), SearchCriteria.Op.EQ);
+        ListByVmIdGroupId.and("securityGroupId", ListByVmIdGroupId.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
+        ListByVmIdGroupId.done();
+        
+        CountSGForVm = createSearchBuilder(Long.class);
+        CountSGForVm.select(null, Func.COUNT, null);
+        CountSGForVm.and("vmId", CountSGForVm.entity().getInstanceId(), SearchCriteria.Op.EQ);
+        CountSGForVm.done();
+    }
+
+    @Override
+    public List<SecurityGroupVMMapVO> listByIpAndInstanceId(String ipAddress, long vmId) {
+        SearchCriteria<SecurityGroupVMMapVO> sc = ListByIpAndVmId.create();
+        sc.setParameters("ipAddress", ipAddress);
+        sc.setParameters("instanceId", vmId);
+        return listBy(sc);
+    }
+
+    @Override
+    public List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId) {
+        SearchCriteria<SecurityGroupVMMapVO> sc = ListBySecurityGroup.create();
+        sc.setParameters("securityGroupId", securityGroupId);
+        return listBy(sc);
+    }
+
+    @Override
+    public List<SecurityGroupVMMapVO> listByIp(String ipAddress) {
+        SearchCriteria<SecurityGroupVMMapVO> sc = ListByIp.create();
+        sc.setParameters("ipAddress", ipAddress);
+        return listBy(sc);
+    }
+
+    @Override
+    public List<SecurityGroupVMMapVO> listByInstanceId(long vmId) {
+        SearchCriteria<SecurityGroupVMMapVO> sc = ListByVmId.create();
+        sc.setParameters("instanceId", vmId);
+        return listBy(sc);
+    }
+
+    @Override
+    public Pair<List<SecurityGroupVMMapVO>, Integer> listByInstanceId(long instanceId, Filter filter) {
+        SearchCriteria<SecurityGroupVMMapVO> sc = ListByVmId.create();
+        sc.setParameters("instanceId", instanceId);
+        return this.searchAndCount(sc, filter);
+    }
+
+    @Override
+    public int deleteVM(long instanceId) {
+    	SearchCriteria<SecurityGroupVMMapVO> sc = ListByVmId.create();
+        sc.setParameters("instanceId", instanceId);
+        return super.expunge(sc);
+    }
+
+	@Override
+	public List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId, State... vmStates) {
+		SearchCriteria<SecurityGroupVMMapVO> sc = ListBySecurityGroupAndStates.create();
+		sc.setParameters("securityGroupId", securityGroupId);
+		sc.setParameters("states", (Object[])vmStates);
+		return listBy(sc, null, true);
+	}
+	
+    @Override
+    public List<Long> listVmIdsBySecurityGroup(long securityGroupId) {
+        SearchCriteria<Long> sc = ListVmIdBySecurityGroup.create();
+        sc.setParameters("securityGroupId", securityGroupId);
+        return customSearchIncludingRemoved(sc, null);
+    }
+
+	@Override
+	public SecurityGroupVMMapVO findByVmIdGroupId(long instanceId, long securityGroupId) {
+        SearchCriteria<SecurityGroupVMMapVO> sc = ListByVmIdGroupId.create();
+        sc.setParameters("securityGroupId", securityGroupId);
+        sc.setParameters("instanceId", instanceId);
+		return findOneIncludingRemovedBy(sc);
+	}
+	
+	@Override
+	public long countSGForVm(long instanceId) {
+		SearchCriteria<Long> sc = CountSGForVm.create();
+    	sc.setParameters("vmId", instanceId);
+        return customSearch(sc, null).get(0);       
+	}
+	
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java
new file mode 100644
index 0000000..e6b4b88
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java
@@ -0,0 +1,49 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security.dao;
+
+import java.util.Date;
+import java.util.List;
+
+import com.cloud.network.security.SecurityGroupWork;
+import com.cloud.network.security.SecurityGroupWorkVO;
+import com.cloud.network.security.SecurityGroupWork.Step;
+import com.cloud.utils.db.GenericDao;
+
+public interface SecurityGroupWorkDao extends GenericDao<SecurityGroupWorkVO, Long> {
+    SecurityGroupWork findByVmId(long vmId, boolean taken);
+    
+    SecurityGroupWorkVO findByVmIdStep(long vmId, Step step);
+
+
+	SecurityGroupWorkVO take(long serverId);
+
+	void updateStep(Long vmId, Long logSequenceNumber, Step done);
+	
+	void updateStep(Long workId, Step done);
+	
+	int deleteFinishedWork(Date timeBefore);
+	
+	List<SecurityGroupWorkVO> findUnfinishedWork(Date timeBefore);
+	
+	List<SecurityGroupWorkVO> findAndCleanupUnfinishedWork(Date timeBefore);
+
+	
+	List<SecurityGroupWorkVO> findScheduledWork();
+
+    
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java
new file mode 100644
index 0000000..3154ffe
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java
@@ -0,0 +1,241 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security.dao;
+
+import java.util.Date;
+import java.util.List;
+
+import javax.ejb.Local;
+
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
+
+import com.cloud.network.security.SecurityGroupWork;
+import com.cloud.network.security.SecurityGroupWork.Step;
+import com.cloud.network.security.SecurityGroupWorkVO;
+import com.cloud.utils.db.DB;
+import com.cloud.utils.db.Filter;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Op;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@Component
+@Local(value={SecurityGroupWorkDao.class})
+public class SecurityGroupWorkDaoImpl extends GenericDaoBase<SecurityGroupWorkVO, Long> implements SecurityGroupWorkDao {
+    private static final Logger s_logger = Logger.getLogger(SecurityGroupWorkDaoImpl.class);
+
+    private final SearchBuilder<SecurityGroupWorkVO> VmIdTakenSearch;
+    private final SearchBuilder<SecurityGroupWorkVO> VmIdSeqNumSearch;
+    private final SearchBuilder<SecurityGroupWorkVO> VmIdUnTakenSearch;
+    private final SearchBuilder<SecurityGroupWorkVO> UntakenWorkSearch;
+    private final SearchBuilder<SecurityGroupWorkVO> VmIdStepSearch;
+    private final SearchBuilder<SecurityGroupWorkVO> CleanupSearch;
+
+
+    protected SecurityGroupWorkDaoImpl() {
+        VmIdTakenSearch = createSearchBuilder();
+        VmIdTakenSearch.and("vmId", VmIdTakenSearch.entity().getInstanceId(), SearchCriteria.Op.EQ);
+        VmIdTakenSearch.and("taken", VmIdTakenSearch.entity().getDateTaken(), SearchCriteria.Op.NNULL);
+
+        VmIdTakenSearch.done();
+
+        VmIdUnTakenSearch = createSearchBuilder();
+        VmIdUnTakenSearch.and("vmId", VmIdUnTakenSearch.entity().getInstanceId(), SearchCriteria.Op.EQ);
+        VmIdUnTakenSearch.and("taken", VmIdUnTakenSearch.entity().getDateTaken(), SearchCriteria.Op.NULL);
+
+        VmIdUnTakenSearch.done();
+
+        UntakenWorkSearch = createSearchBuilder();
+        UntakenWorkSearch.and("server", UntakenWorkSearch.entity().getServerId(), SearchCriteria.Op.NULL);
+        UntakenWorkSearch.and("taken", UntakenWorkSearch.entity().getDateTaken(), SearchCriteria.Op.NULL);
+        UntakenWorkSearch.and("step", UntakenWorkSearch.entity().getStep(), SearchCriteria.Op.EQ);
+
+        UntakenWorkSearch.done();
+
+        VmIdSeqNumSearch = createSearchBuilder();
+        VmIdSeqNumSearch.and("vmId", VmIdSeqNumSearch.entity().getInstanceId(), SearchCriteria.Op.EQ);
+        VmIdSeqNumSearch.and("seqno", VmIdSeqNumSearch.entity().getLogsequenceNumber(), SearchCriteria.Op.EQ);
+
+        VmIdSeqNumSearch.done();
+
+        VmIdStepSearch = createSearchBuilder();
+        VmIdStepSearch.and("vmId", VmIdStepSearch.entity().getInstanceId(), SearchCriteria.Op.EQ);
+        VmIdStepSearch.and("step", VmIdStepSearch.entity().getStep(), SearchCriteria.Op.EQ);
+
+        VmIdStepSearch.done();
+
+        CleanupSearch = createSearchBuilder();
+        CleanupSearch.and("taken", CleanupSearch.entity().getDateTaken(), Op.LTEQ);
+        CleanupSearch.and("step", CleanupSearch.entity().getStep(), SearchCriteria.Op.IN);
+
+        CleanupSearch.done();
+
+
+    }
+
+    @Override
+    public SecurityGroupWork findByVmId(long vmId, boolean taken) {
+        SearchCriteria<SecurityGroupWorkVO> sc = taken?VmIdTakenSearch.create():VmIdUnTakenSearch.create();
+        sc.setParameters("vmId", vmId);
+        return findOneIncludingRemovedBy(sc);
+    }
+
+	@Override
+	@DB
+	public SecurityGroupWorkVO take(long serverId) {
+		final Transaction txn = Transaction.currentTxn();
+        try {
+            final SearchCriteria<SecurityGroupWorkVO> sc = UntakenWorkSearch.create();
+            sc.setParameters("step", Step.Scheduled);
+
+            final Filter filter = new Filter(SecurityGroupWorkVO.class, null, true, 0l, 1l);//FIXME: order desc by update time?
+
+            txn.start();
+            final List<SecurityGroupWorkVO> vos = lockRows(sc, filter, true);
+            if (vos.size() == 0) {
+                txn.commit();
+                if (s_logger.isTraceEnabled()) {
+                    s_logger.trace("Security Group take: no work found");
+                }
+                return null;
+            }
+            SecurityGroupWorkVO work = vos.get(0);
+            boolean processing = false;
+            if ( findByVmIdStep(work.getInstanceId(), Step.Processing) != null) {
+                //ensure that there is no job in Processing state for the same VM
+                processing = true;
+                if (s_logger.isTraceEnabled()) {
+                    s_logger.trace("Security Group work take: found a job in Scheduled and Processing  vmid=" + work.getInstanceId());
+                }
+            }
+            work.setServerId(serverId);
+            work.setDateTaken(new Date());
+            if (processing) {
+                //the caller to take() should check the step and schedule another work item to come back
+                //and take a look.
+                work.setStep(SecurityGroupWork.Step.Done);
+            } else {
+                work.setStep(SecurityGroupWork.Step.Processing);
+            }
+
+            update(work.getId(), work);
+
+            txn.commit();
+
+            return work;
+
+        } catch (final Throwable e) {
+            throw new CloudRuntimeException("Unable to execute take", e);
+        }
+	}
+
+	@Override
+	@DB
+	public void updateStep(Long vmId, Long logSequenceNumber, Step step) {
+		final Transaction txn = Transaction.currentTxn();
+		txn.start();
+        SearchCriteria<SecurityGroupWorkVO> sc = VmIdSeqNumSearch.create();
+        sc.setParameters("vmId", vmId);
+        sc.setParameters("seqno", logSequenceNumber);
+
+        final Filter filter = new Filter(SecurityGroupWorkVO.class, null, true, 0l, 1l);
+
+        final List<SecurityGroupWorkVO> vos = lockRows(sc, filter, true);
+        if (vos.size() == 0) {
+        	txn.commit();
+            return;
+        }
+        SecurityGroupWorkVO work = vos.get(0);
+        work.setStep(step);
+        update(work.getId(), work);
+
+        txn.commit();
+	}
+
+	@Override
+	public SecurityGroupWorkVO findByVmIdStep(long vmId, Step step) {
+        SearchCriteria<SecurityGroupWorkVO> sc = VmIdStepSearch.create();
+        sc.setParameters("vmId", vmId);
+        sc.setParameters("step", step);
+        return findOneIncludingRemovedBy(sc);
+	}
+
+	@Override
+	@DB
+	public void updateStep(Long workId, Step step) {
+		final Transaction txn = Transaction.currentTxn();
+		txn.start();
+
+        SecurityGroupWorkVO work = lockRow(workId, true);
+        if (work == null) {
+        	txn.commit();
+        	return;
+        }
+        work.setStep(step);
+        update(work.getId(), work);
+
+        txn.commit();
+
+	}
+
+	@Override
+	public int deleteFinishedWork(Date timeBefore) {
+		final SearchCriteria<SecurityGroupWorkVO> sc = CleanupSearch.create();
+		sc.setParameters("taken", timeBefore);
+		sc.setParameters("step", Step.Done);
+
+		return expunge(sc);
+	}
+
+	@Override
+	public List<SecurityGroupWorkVO> findUnfinishedWork(Date timeBefore) {
+		final SearchCriteria<SecurityGroupWorkVO> sc = CleanupSearch.create();
+		sc.setParameters("taken", timeBefore);
+		sc.setParameters("step", Step.Processing);
+
+		List<SecurityGroupWorkVO> result = listIncludingRemovedBy(sc);
+
+		return result;
+	}
+
+	@Override
+	public List<SecurityGroupWorkVO> findAndCleanupUnfinishedWork(Date timeBefore) {
+	    final SearchCriteria<SecurityGroupWorkVO> sc = CleanupSearch.create();
+	    sc.setParameters("taken", timeBefore);
+	    sc.setParameters("step", Step.Processing);
+
+	    List<SecurityGroupWorkVO> result = listIncludingRemovedBy(sc);
+
+	    SecurityGroupWorkVO work = createForUpdate();
+	    work.setStep(Step.Error);
+	    update(work, sc);
+
+	    return result;
+	}
+
+	@Override
+    public List<SecurityGroupWorkVO> findScheduledWork() {
+        final SearchCriteria<SecurityGroupWorkVO> sc = UntakenWorkSearch.create();
+        sc.setParameters("step", Step.Scheduled);
+        return listIncludingRemovedBy(sc);
+    }
+
+
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/VmRulesetLogDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/dao/VmRulesetLogDao.java b/engine/schema/src/com/cloud/network/security/dao/VmRulesetLogDao.java
new file mode 100644
index 0000000..d5ed4a0
--- /dev/null
+++ b/engine/schema/src/com/cloud/network/security/dao/VmRulesetLogDao.java
@@ -0,0 +1,29 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.security.dao;
+
+import java.util.Set;
+
+import com.cloud.network.security.VmRulesetLogVO;
+import com.cloud.utils.db.GenericDao;
+
+public interface VmRulesetLogDao extends GenericDao<VmRulesetLogVO, Long> {
+    VmRulesetLogVO findByVmId(long vmId);
+
+    int createOrUpdate(Set<Long> workItems);
+    
+}


Mime
View raw message