You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ja...@apache.org on 2013/07/09 09:47:15 UTC
[2/2] git commit: updated refs/heads/master-6-17-stable to 5e1f6e6
CLOUDSTACK-3352 fixed removing previous acl rules when emply acl is applied
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5e1f6e6a
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5e1f6e6a
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5e1f6e6a
Branch: refs/heads/master-6-17-stable
Commit: 5e1f6e6a096adce8e89b051d46091135bbc4e8d7
Parents: d70c9c5
Author: Jayapal <ja...@apache.org>
Authored: Tue Jul 9 13:14:53 2013 +0530
Committer: Jayapal <ja...@apache.org>
Committed: Tue Jul 9 13:14:53 2013 +0530
----------------------------------------------------------------------
.../com/cloud/network/element/VpcProvider.java | 3 ++-
.../element/VpcVirtualRouterElement.java | 6 +++---
.../network/vpc/NetworkACLManagerImpl.java | 21 +++++++++++++++-----
3 files changed, 21 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e1f6e6a/api/src/com/cloud/network/element/VpcProvider.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/element/VpcProvider.java b/api/src/com/cloud/network/element/VpcProvider.java
index acdd05d..dc7b3bb 100644
--- a/api/src/com/cloud/network/element/VpcProvider.java
+++ b/api/src/com/cloud/network/element/VpcProvider.java
@@ -24,6 +24,7 @@ import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.InsufficientNetworkCapacityException;
import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.vpc.NetworkACLItem;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.StaticRouteProfile;
import com.cloud.network.vpc.Vpc;
@@ -53,5 +54,5 @@ public interface VpcProvider extends NetworkElement{
boolean applyStaticRoutes(Vpc vpc, List<StaticRouteProfile> routes) throws ResourceUnavailableException;
- boolean applyACLItemsToPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException;
+ boolean applyACLItemsToPrivateGw(PrivateGateway gateway, List<? extends NetworkACLItem> rules) throws ResourceUnavailableException;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e1f6e6a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
index 51c527c..966710c 100644
--- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
+++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
@@ -343,7 +343,8 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
if ( _vpcRouterMgr.setupPrivateGateway(gateway, router) ) {
try {
- if (!applyACLItemsToPrivateGw(gateway)) {
+ List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(gateway.getNetworkACLId());
+ if (!applyACLItemsToPrivateGw(gateway, rules)) {
s_logger.debug ("Failed to apply network acl id "+ gateway.getNetworkACLId() + " on gateway ");
return false;
}
@@ -446,9 +447,8 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
}
@Override
- public boolean applyACLItemsToPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException {
+ public boolean applyACLItemsToPrivateGw(PrivateGateway gateway,List<? extends NetworkACLItem> rules) throws ResourceUnavailableException {
VpcGatewayVO vpcGatewayVo = _vpcGatewayDao.findById(gateway.getId());
- List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(vpcGatewayVo.getNetworkACLId());
Network config = _networkDao.findById(gateway.getNetworkId());
boolean isPrivateGateway = true;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e1f6e6a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
index eb18eb7..5c45a86 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -153,6 +153,17 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
@Override
public boolean replaceNetworkACLForPrivateGw(NetworkACL acl, PrivateGateway gateway) throws ResourceUnavailableException {
VpcGatewayVO vpcGatewayVo = _vpcGatewayDao.findById(gateway.getId());
+ List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(acl.getId());
+ if (aclItems == null || aclItems.isEmpty()) {
+ //Revoke ACL Items of the existing ACL if the new network acl is empty
+ //Other wise existing rules will not be removed on the router elelment
+ s_logger.debug("New network ACL is empty. Revoke existing rules before applying ACL");
+ if(!revokeACLItemsForPrivateGw (gateway)){
+ throw new CloudRuntimeException("Failed to replace network ACL. Error while removing existing ACL " +
+ "items for privatewa gateway: "+ gateway.getId());
+ }
+ }
+
vpcGatewayVo.setNetworkACLId(acl.getId());
if (_vpcGatewayDao.update(vpcGatewayVo.getId(),vpcGatewayVo)) {
return applyACLToPrivateGw(gateway);
@@ -318,7 +329,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
}
}
- boolean success = applyACLItemsToPrivateGw(gateway, aclItems);
+ boolean success = applyACLToPrivateGw(gateway, aclItems);
if (s_logger.isDebugEnabled() && success) {
s_logger.debug("Successfully released Network ACLs for private gateway id=" + gateway.getId() + " and # of rules now = "
@@ -345,11 +356,11 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
@Override
public boolean applyACLToPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException {
VpcGatewayVO vpcGatewayVO = _vpcGatewayDao.findById(gateway.getId());
- List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(vpcGatewayVO.getNetworkACLId());
- return applyACLItemsToPrivateGw(gateway, rules);
+ List<? extends NetworkACLItem> rules = _networkACLItemDao.listByACL(vpcGatewayVO.getNetworkACLId());
+ return applyACLToPrivateGw(gateway, rules);
}
- private boolean applyACLItemsToPrivateGw(PrivateGateway gateway, List<NetworkACLItemVO> rules) throws ResourceUnavailableException {
+ private boolean applyACLToPrivateGw(PrivateGateway gateway, List<? extends NetworkACLItem> rules) throws ResourceUnavailableException {
List<VpcProvider> vpcElements = null;
vpcElements = new ArrayList<VpcProvider>();
vpcElements.add((VpcProvider)_ntwkModel.getElementImplementingProvider(Network.Provider.VPCVirtualRouter.getName()));
@@ -359,7 +370,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
}
for (VpcProvider provider: vpcElements){
- return provider.applyACLItemsToPrivateGw(gateway);
+ return provider.applyACLItemsToPrivateGw(gateway, rules);
}
return false;
}