You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ja...@apache.org on 2013/07/09 09:47:15 UTC

[2/2] git commit: updated refs/heads/master-6-17-stable to 5e1f6e6

CLOUDSTACK-3352 fixed removing previous acl rules when emply acl is applied


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5e1f6e6a
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5e1f6e6a
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5e1f6e6a

Branch: refs/heads/master-6-17-stable
Commit: 5e1f6e6a096adce8e89b051d46091135bbc4e8d7
Parents: d70c9c5
Author: Jayapal <ja...@apache.org>
Authored: Tue Jul 9 13:14:53 2013 +0530
Committer: Jayapal <ja...@apache.org>
Committed: Tue Jul 9 13:14:53 2013 +0530

----------------------------------------------------------------------
 .../com/cloud/network/element/VpcProvider.java  |  3 ++-
 .../element/VpcVirtualRouterElement.java        |  6 +++---
 .../network/vpc/NetworkACLManagerImpl.java      | 21 +++++++++++++++-----
 3 files changed, 21 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e1f6e6a/api/src/com/cloud/network/element/VpcProvider.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/element/VpcProvider.java b/api/src/com/cloud/network/element/VpcProvider.java
index acdd05d..dc7b3bb 100644
--- a/api/src/com/cloud/network/element/VpcProvider.java
+++ b/api/src/com/cloud/network/element/VpcProvider.java
@@ -24,6 +24,7 @@ import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientCapacityException;
 import com.cloud.exception.InsufficientNetworkCapacityException;
 import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.vpc.NetworkACLItem;
 import com.cloud.network.vpc.PrivateGateway;
 import com.cloud.network.vpc.StaticRouteProfile;
 import com.cloud.network.vpc.Vpc;
@@ -53,5 +54,5 @@ public interface VpcProvider extends NetworkElement{
 
     boolean applyStaticRoutes(Vpc vpc, List<StaticRouteProfile> routes) throws ResourceUnavailableException;
 
-    boolean applyACLItemsToPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException;
+    boolean applyACLItemsToPrivateGw(PrivateGateway gateway, List<? extends NetworkACLItem> rules) throws ResourceUnavailableException;
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e1f6e6a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
index 51c527c..966710c 100644
--- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
+++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
@@ -343,7 +343,8 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
 
         if ( _vpcRouterMgr.setupPrivateGateway(gateway, router) ) {
             try {
-                if (!applyACLItemsToPrivateGw(gateway)) {
+                List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(gateway.getNetworkACLId());
+                if (!applyACLItemsToPrivateGw(gateway, rules)) {
                     s_logger.debug ("Failed to apply network acl id  "+ gateway.getNetworkACLId() + "  on gateway ");
                     return  false;
                 }
@@ -446,9 +447,8 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
     }
 
     @Override
-    public boolean applyACLItemsToPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException {
+    public boolean applyACLItemsToPrivateGw(PrivateGateway gateway,List<? extends NetworkACLItem> rules) throws ResourceUnavailableException {
         VpcGatewayVO vpcGatewayVo = _vpcGatewayDao.findById(gateway.getId());
-        List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(vpcGatewayVo.getNetworkACLId());
         Network config = _networkDao.findById(gateway.getNetworkId());
         boolean isPrivateGateway = true;
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e1f6e6a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
index eb18eb7..5c45a86 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -153,6 +153,17 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
     @Override
     public boolean replaceNetworkACLForPrivateGw(NetworkACL acl, PrivateGateway gateway) throws ResourceUnavailableException {
         VpcGatewayVO vpcGatewayVo = _vpcGatewayDao.findById(gateway.getId());
+        List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(acl.getId());
+        if (aclItems == null || aclItems.isEmpty()) {
+            //Revoke ACL Items of the existing ACL if the new network acl is empty
+            //Other wise existing rules will not be removed on the router elelment
+            s_logger.debug("New network ACL is empty. Revoke existing rules before applying ACL");
+            if(!revokeACLItemsForPrivateGw (gateway)){
+                throw new CloudRuntimeException("Failed to replace network ACL. Error while removing existing ACL " +
+                        "items for privatewa gateway: "+ gateway.getId());
+            }
+        }
+
         vpcGatewayVo.setNetworkACLId(acl.getId());
         if (_vpcGatewayDao.update(vpcGatewayVo.getId(),vpcGatewayVo)) {
             return applyACLToPrivateGw(gateway);
@@ -318,7 +329,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
             }
         }
 
-        boolean success = applyACLItemsToPrivateGw(gateway, aclItems);
+        boolean success = applyACLToPrivateGw(gateway, aclItems);
 
         if (s_logger.isDebugEnabled() && success) {
             s_logger.debug("Successfully released Network ACLs for private gateway id=" + gateway.getId() + " and # of rules now = "
@@ -345,11 +356,11 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
     @Override
     public boolean applyACLToPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException {
         VpcGatewayVO vpcGatewayVO = _vpcGatewayDao.findById(gateway.getId());
-        List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(vpcGatewayVO.getNetworkACLId());
-        return applyACLItemsToPrivateGw(gateway, rules);
+        List<? extends NetworkACLItem> rules = _networkACLItemDao.listByACL(vpcGatewayVO.getNetworkACLId());
+        return applyACLToPrivateGw(gateway, rules);
     }
 
-    private boolean applyACLItemsToPrivateGw(PrivateGateway gateway, List<NetworkACLItemVO> rules) throws ResourceUnavailableException {
+    private boolean applyACLToPrivateGw(PrivateGateway gateway, List<? extends NetworkACLItem> rules) throws ResourceUnavailableException {
         List<VpcProvider> vpcElements = null;
         vpcElements = new ArrayList<VpcProvider>();
         vpcElements.add((VpcProvider)_ntwkModel.getElementImplementingProvider(Network.Provider.VPCVirtualRouter.getName()));
@@ -359,7 +370,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
         }
 
         for (VpcProvider provider: vpcElements){
-            return provider.applyACLItemsToPrivateGw(gateway);
+            return provider.applyACLItemsToPrivateGw(gateway, rules);
             }
         return false;
     }