VPC: delete network ACLs as a part of network cleanup
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/308fd39a Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/308fd39a Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/308fd39a Branch: refs/heads/vpc Commit: 308fd39a73b02cda2ce89b2d478f28cbeb48e6b2 Parents: b03265b Author: Alena Prokharchyk <[email protected]> Authored: Wed Jun 27 15:56:31 2012 -0700 Committer: Alena Prokharchyk <[email protected]> Committed: Thu Jun 28 10:18:23 2012 -0700 ---------------------------------------------------------------------- .../src/com/cloud/network/NetworkManagerImpl.java | 18 +++++++++++++- .../cloud/network/vpc/NetworkACLManagerImpl.java | 6 +--- 2 files changed, 18 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/308fd39a/server/src/com/cloud/network/NetworkManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 9b70225..02f79a9 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -135,7 +135,6 @@ import com.cloud.network.element.StaticNatServiceProvider; import com.cloud.network.element.UserDataServiceProvider; import com.cloud.network.element.VirtualRouterElement; import com.cloud.network.element.VpcVirtualRouterElement; -import com.cloud.network.firewall.NetworkACLService; import com.cloud.network.guru.NetworkGuru; import com.cloud.network.lb.LoadBalancingRule; import com.cloud.network.lb.LoadBalancingRule.LbDestination; @@ -152,6 +151,7 @@ import com.cloud.network.rules.StaticNat; import com.cloud.network.rules.StaticNatRule; import com.cloud.network.rules.StaticNatRuleImpl; import com.cloud.network.rules.dao.PortForwardingRulesDao; +import com.cloud.network.vpc.NetworkACLManager; import com.cloud.network.vpc.PrivateIpVO; import com.cloud.network.vpc.Vpc; import com.cloud.network.vpc.VpcManager; @@ -310,7 +310,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Inject PrivateIpDao _privateIpDao; @Inject - NetworkACLService _networkACLMgr; + NetworkACLManager _networkACLMgr; private final HashMap<String, NetworkOfferingVO> _systemNetworks = new HashMap<String, NetworkOfferingVO>(5); private static Long _privateOfferingId = null; @@ -5918,6 +5918,20 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag // shouldn't even come here as network is being cleaned up after all network elements are shutdown s_logger.warn("Failed to cleanup Firewall rules as a part of network id=" + networkId + " cleanup due to resourceUnavailable ", ex); } + + //revoke all network ACLs for network + try { + if (_networkACLMgr.revokeAllNetworkACLsForNetwork(networkId, callerUserId, caller)) { + s_logger.debug("Successfully cleaned up NetworkACLs for network id=" + networkId); + } else { + success = false; + s_logger.warn("Failed to cleanup NetworkACLs as a part of network id=" + networkId + " cleanup"); + } + } catch (ResourceUnavailableException ex) { + success = false; + s_logger.warn("Failed to cleanup Network ACLs as a part of network id=" + networkId + + " cleanup due to resourceUnavailable ", ex); + } //release all ip addresses List<IPAddressVO> ipsToRelease = _ipAddressDao.listByAssociatedNetwork(networkId, null); http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/308fd39a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java index e546565..6e3ba66 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java @@ -370,7 +370,7 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{ @Override public boolean revokeAllNetworkACLsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException { - List<FirewallRuleVO> ACLs = _firewallDao.listByNetworkAndPurposeAndNotRevoked(networkId, Purpose.NetworkACL); + List<FirewallRuleVO> ACLs = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.NetworkACL); if (s_logger.isDebugEnabled()) { s_logger.debug("Releasing " + ACLs.size() + " Network ACLs for network id=" + networkId); } @@ -388,9 +388,7 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{ s_logger.debug("Successfully released Network ACLs for network id=" + networkId + " and # of rules now = " + ACLs.size()); } - // Now we check again in case more rules have been inserted. - ACLs.addAll(_firewallDao.listByNetworkAndPurposeAndNotRevoked(networkId, Purpose.Firewall)); - return success && ACLs.size() == 0; + return success; } }
