You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ki...@apache.org on 2013/06/20 13:48:39 UTC

[2/2] git commit: updated refs/heads/master-6-17-stable to 0e548d8

CLOUDSTACK-2819: Revoke existing ACL items if the new ACL is empty


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0e548d84
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0e548d84
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0e548d84

Branch: refs/heads/master-6-17-stable
Commit: 0e548d848dbfb20ca756e4836a72e5f5bd25947e
Parents: c27e99c
Author: Kishan Kavala <ki...@cloud.com>
Authored: Thu Jun 20 17:05:55 2013 +0530
Committer: Kishan Kavala <ki...@cloud.com>
Committed: Thu Jun 20 17:13:54 2013 +0530

----------------------------------------------------------------------
 server/src/com/cloud/network/NetworkManagerImpl.java  |  4 ++--
 .../src/com/cloud/network/vpc/NetworkACLManager.java  |  2 +-
 .../com/cloud/network/vpc/NetworkACLManagerImpl.java  | 14 +++++++++++++-
 .../com/cloud/network/vpc/NetworkACLServiceImpl.java  |  5 +++--
 4 files changed, 19 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0e548d84/server/src/com/cloud/network/NetworkManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 745fe23..8c2806a 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -3617,7 +3617,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
 
         //revoke all network ACLs for network
         try {
-            if (_networkACLMgr.revokeACLItemsForNetwork(networkId, callerUserId, caller)) {
+            if (_networkACLMgr.revokeACLItemsForNetwork(networkId)) {
                 s_logger.debug("Successfully cleaned up NetworkACLs for network id=" + networkId);
             } else {
                 success = false;
@@ -3786,7 +3786,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
 
             try {
                 //revoke all Network ACLs for the network w/o applying them in the DB
-                if (!_networkACLMgr.revokeACLItemsForNetwork(networkId, callerUserId, caller)) {
+                if (!_networkACLMgr.revokeACLItemsForNetwork(networkId)) {
                     s_logger.warn("Failed to cleanup network ACLs as a part of shutdownNetworkRules");
                     success = false;
                 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0e548d84/server/src/com/cloud/network/vpc/NetworkACLManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManager.java b/server/src/com/cloud/network/vpc/NetworkACLManager.java
index 8a2e65f..463e43b 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManager.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManager.java
@@ -104,7 +104,7 @@ public interface NetworkACLManager{
      * @return
      * @throws ResourceUnavailableException
      */
-    boolean revokeACLItemsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException;
+    boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException;
 
     /**
      * List network ACL items by network

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0e548d84/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
index 227975e..c2d092a 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -150,6 +150,18 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
             throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering does not support NetworkACL service");
         }
 
+        if(network.getNetworkACLId() != null){
+            //Revoke ACL Items of the existing ACL if the new ACL is empty
+            //Existing rules won't be removed otherwise
+            List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(acl.getId());
+            if(aclItems == null || aclItems.isEmpty()){
+                s_logger.debug("New network ACL is empty. Revoke existing rules before applying ACL");
+               if(!revokeACLItemsForNetwork(network.getId())){
+                   throw new CloudRuntimeException("Failed to replace network ACL. Error while removing existing ACL items for network: "+network.getId());
+               }
+            }
+        }
+
         network.setNetworkACLId(acl.getId());
         //Update Network ACL
         if(_networkDao.update(network.getId(), network)){
@@ -229,7 +241,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
     }
 
     @Override
-    public boolean revokeACLItemsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException {
+    public boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException {
         Network network = _networkDao.findById(networkId);
         if(network.getNetworkACLId() == null){
             return true;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0e548d84/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
index b4ec22d..b0c807e 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -104,7 +104,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
         SearchBuilder<NetworkACLVO> sb = _networkACLDao.createSearchBuilder();
         sb.and("id", sb.entity().getId(), Op.EQ);
         sb.and("name", sb.entity().getName(), Op.EQ);
-        sb.and("vpcId", sb.entity().getVpcId(), Op.EQ);
+        sb.and("vpcId", sb.entity().getVpcId(), Op.IN);
 
         if(networkId != null){
             SearchBuilder<NetworkVO> network = _networkDao.createSearchBuilder();
@@ -122,7 +122,8 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
         }
 
         if(vpcId != null){
-            sc.setParameters("vpcId", vpcId);
+            //Include vpcId 0 to list default ACLs
+            sc.setParameters("vpcId", vpcId, 0);
         }
 
         if(networkId != null){