You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ki...@apache.org on 2013/06/20 13:48:39 UTC
[2/2] git commit: updated refs/heads/master-6-17-stable to 0e548d8
CLOUDSTACK-2819: Revoke existing ACL items if the new ACL is empty
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0e548d84
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0e548d84
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0e548d84
Branch: refs/heads/master-6-17-stable
Commit: 0e548d848dbfb20ca756e4836a72e5f5bd25947e
Parents: c27e99c
Author: Kishan Kavala <ki...@cloud.com>
Authored: Thu Jun 20 17:05:55 2013 +0530
Committer: Kishan Kavala <ki...@cloud.com>
Committed: Thu Jun 20 17:13:54 2013 +0530
----------------------------------------------------------------------
server/src/com/cloud/network/NetworkManagerImpl.java | 4 ++--
.../src/com/cloud/network/vpc/NetworkACLManager.java | 2 +-
.../com/cloud/network/vpc/NetworkACLManagerImpl.java | 14 +++++++++++++-
.../com/cloud/network/vpc/NetworkACLServiceImpl.java | 5 +++--
4 files changed, 19 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0e548d84/server/src/com/cloud/network/NetworkManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 745fe23..8c2806a 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -3617,7 +3617,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
//revoke all network ACLs for network
try {
- if (_networkACLMgr.revokeACLItemsForNetwork(networkId, callerUserId, caller)) {
+ if (_networkACLMgr.revokeACLItemsForNetwork(networkId)) {
s_logger.debug("Successfully cleaned up NetworkACLs for network id=" + networkId);
} else {
success = false;
@@ -3786,7 +3786,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
try {
//revoke all Network ACLs for the network w/o applying them in the DB
- if (!_networkACLMgr.revokeACLItemsForNetwork(networkId, callerUserId, caller)) {
+ if (!_networkACLMgr.revokeACLItemsForNetwork(networkId)) {
s_logger.warn("Failed to cleanup network ACLs as a part of shutdownNetworkRules");
success = false;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0e548d84/server/src/com/cloud/network/vpc/NetworkACLManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManager.java b/server/src/com/cloud/network/vpc/NetworkACLManager.java
index 8a2e65f..463e43b 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManager.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManager.java
@@ -104,7 +104,7 @@ public interface NetworkACLManager{
* @return
* @throws ResourceUnavailableException
*/
- boolean revokeACLItemsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException;
+ boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException;
/**
* List network ACL items by network
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0e548d84/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
index 227975e..c2d092a 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -150,6 +150,18 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering does not support NetworkACL service");
}
+ if(network.getNetworkACLId() != null){
+ //Revoke ACL Items of the existing ACL if the new ACL is empty
+ //Existing rules won't be removed otherwise
+ List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(acl.getId());
+ if(aclItems == null || aclItems.isEmpty()){
+ s_logger.debug("New network ACL is empty. Revoke existing rules before applying ACL");
+ if(!revokeACLItemsForNetwork(network.getId())){
+ throw new CloudRuntimeException("Failed to replace network ACL. Error while removing existing ACL items for network: "+network.getId());
+ }
+ }
+ }
+
network.setNetworkACLId(acl.getId());
//Update Network ACL
if(_networkDao.update(network.getId(), network)){
@@ -229,7 +241,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
}
@Override
- public boolean revokeACLItemsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException {
+ public boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException {
Network network = _networkDao.findById(networkId);
if(network.getNetworkACLId() == null){
return true;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0e548d84/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
index b4ec22d..b0c807e 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -104,7 +104,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
SearchBuilder<NetworkACLVO> sb = _networkACLDao.createSearchBuilder();
sb.and("id", sb.entity().getId(), Op.EQ);
sb.and("name", sb.entity().getName(), Op.EQ);
- sb.and("vpcId", sb.entity().getVpcId(), Op.EQ);
+ sb.and("vpcId", sb.entity().getVpcId(), Op.IN);
if(networkId != null){
SearchBuilder<NetworkVO> network = _networkDao.createSearchBuilder();
@@ -122,7 +122,8 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
}
if(vpcId != null){
- sc.setParameters("vpcId", vpcId);
+ //Include vpcId 0 to list default ACLs
+ sc.setParameters("vpcId", vpcId, 0);
}
if(networkId != null){