Updated Branches: refs/heads/master c1e37f60a -> b422d8ddd
CLOUDSTACK-2819: Revoke existing ACL items if the new ACL is empty Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b422d8dd Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b422d8dd Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b422d8dd Branch: refs/heads/master Commit: b422d8ddd920912e3cef6649e3402586f244d58c Parents: c1e37f6 Author: Kishan Kavala <kis...@cloud.com> Authored: Thu Jun 20 17:05:55 2013 +0530 Committer: Kishan Kavala <kis...@cloud.com> Committed: Thu Jun 20 17:06:06 2013 +0530 ---------------------------------------------------------------------- server/src/com/cloud/network/NetworkManagerImpl.java | 4 ++-- .../src/com/cloud/network/vpc/NetworkACLManager.java | 2 +- .../com/cloud/network/vpc/NetworkACLManagerImpl.java | 14 +++++++++++++- .../com/cloud/network/vpc/NetworkACLServiceImpl.java | 5 +++-- 4 files changed, 19 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b422d8dd/server/src/com/cloud/network/NetworkManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 2832122..541082e 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -3616,7 +3616,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L //revoke all network ACLs for network try { - if (_networkACLMgr.revokeACLItemsForNetwork(networkId, callerUserId, caller)) { + if (_networkACLMgr.revokeACLItemsForNetwork(networkId)) { s_logger.debug("Successfully cleaned up NetworkACLs for network id=" + networkId); } else { success = false; @@ -3785,7 +3785,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L try { //revoke all Network ACLs for the network w/o applying them in the DB - if (!_networkACLMgr.revokeACLItemsForNetwork(networkId, callerUserId, caller)) { + if (!_networkACLMgr.revokeACLItemsForNetwork(networkId)) { s_logger.warn("Failed to cleanup network ACLs as a part of shutdownNetworkRules"); success = false; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b422d8dd/server/src/com/cloud/network/vpc/NetworkACLManager.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/NetworkACLManager.java b/server/src/com/cloud/network/vpc/NetworkACLManager.java index 8a2e65f..463e43b 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLManager.java +++ b/server/src/com/cloud/network/vpc/NetworkACLManager.java @@ -104,7 +104,7 @@ public interface NetworkACLManager{ * @return * @throws ResourceUnavailableException */ - boolean revokeACLItemsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException; + boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException; /** * List network ACL items by network http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b422d8dd/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java index 227975e..c2d092a 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java @@ -150,6 +150,18 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering does not support NetworkACL service"); } + if(network.getNetworkACLId() != null){ + //Revoke ACL Items of the existing ACL if the new ACL is empty + //Existing rules won't be removed otherwise + List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(acl.getId()); + if(aclItems == null || aclItems.isEmpty()){ + s_logger.debug("New network ACL is empty. Revoke existing rules before applying ACL"); + if(!revokeACLItemsForNetwork(network.getId())){ + throw new CloudRuntimeException("Failed to replace network ACL. Error while removing existing ACL items for network: "+network.getId()); + } + } + } + network.setNetworkACLId(acl.getId()); //Update Network ACL if(_networkDao.update(network.getId(), network)){ @@ -229,7 +241,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } @Override - public boolean revokeACLItemsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException { + public boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException { Network network = _networkDao.findById(networkId); if(network.getNetworkACLId() == null){ return true; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b422d8dd/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java index b4ec22d..b0c807e 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java @@ -104,7 +104,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ SearchBuilder<NetworkACLVO> sb = _networkACLDao.createSearchBuilder(); sb.and("id", sb.entity().getId(), Op.EQ); sb.and("name", sb.entity().getName(), Op.EQ); - sb.and("vpcId", sb.entity().getVpcId(), Op.EQ); + sb.and("vpcId", sb.entity().getVpcId(), Op.IN); if(networkId != null){ SearchBuilder<NetworkVO> network = _networkDao.createSearchBuilder(); @@ -122,7 +122,8 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ } if(vpcId != null){ - sc.setParameters("vpcId", vpcId); + //Include vpcId 0 to list default ACLs + sc.setParameters("vpcId", vpcId, 0); } if(networkId != null){
