This is an automated email from the ASF dual-hosted git repository.
shwstppr pushed a commit to branch 4.22
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.22 by this push:
new 21d5c108501 Apply reordered ACL list to VR router (#12525)
21d5c108501 is described below
commit 21d5c10850111cd2e76d783b95b090da623ae024
Author: Manoj Kumar <[email protected]>
AuthorDate: Wed Jan 28 10:55:59 2026 +0530
Apply reordered ACL list to VR router (#12525)
This PR address #9398
---
.../cloud/network/element/VpcVirtualRouterElement.java | 10 +++++++++-
.../java/com/cloud/network/vpc/NetworkACLServiceImpl.java | 15 ++++++++++++---
2 files changed, 21 insertions(+), 4 deletions(-)
diff --git
a/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
b/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
index 3d613fca18e..f393ef8a129 100644
---
a/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
+++
b/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
@@ -550,7 +550,15 @@ public class VpcVirtualRouterElement extends
VirtualRouterElement implements Vpc
@Override
public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks,
List<? extends NetworkACLItem> networkACLItems) {
- return true;
+ boolean result = true;
+ try {
+ for (Network network : networks) {
+ result = result && applyNetworkACLs(network, networkACLItems);
+ }
+ } catch (ResourceUnavailableException ex) {
+ result = false;
+ }
+ return result;
}
@Override
diff --git
a/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
b/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
index ecb164018ac..7460ae87d44 100644
--- a/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -109,6 +109,8 @@ public class NetworkACLServiceImpl extends ManagerBase
implements NetworkACLServ
private NsxProviderDao nsxProviderDao;
@Inject
private NetrisProviderDao netrisProviderDao;
+ @Inject
+ private VpcManager vpcManager;
private String supportedProtocolsForAclRules = "tcp,udp,icmp,all";
@@ -1037,13 +1039,20 @@ public class NetworkACLServiceImpl extends ManagerBase
implements NetworkACLServ
if (Objects.isNull(vpc)) {
return networkACLItem;
}
+ List<NetworkVO> networks =
_networkDao.listByAclId(lockedAcl.getId());
+ if (networks.isEmpty()) {
+ return networkACLItem;
+ }
+
final DataCenter dc = _entityMgr.findById(DataCenter.class,
vpc.getZoneId());
final NsxProviderVO nsxProvider =
nsxProviderDao.findByZoneId(dc.getId());
final NetrisProviderVO netrisProvider =
netrisProviderDao.findByZoneId(dc.getId());
- List<NetworkVO> networks =
_networkDao.listByAclId(lockedAcl.getId());
- if (ObjectUtils.anyNotNull(nsxProvider, netrisProvider) &&
!networks.isEmpty()) {
+ boolean isVpcNetworkACLProvider =
vpcManager.isProviderSupportServiceInVpc(vpc.getId(),
Network.Service.NetworkACL, Network.Provider.VPCVirtualRouter);
+
+ if (ObjectUtils.anyNotNull(nsxProvider, netrisProvider) ||
isVpcNetworkACLProvider) {
allAclRules = getAllAclRulesSortedByNumber(lockedAcl.getId());
- Network.Provider networkProvider = nsxProvider != null ?
Network.Provider.Nsx : Network.Provider.Netris;
+ Network.Provider networkProvider = isVpcNetworkACLProvider ?
Network.Provider.VPCVirtualRouter
+ : (nsxProvider != null ? Network.Provider.Nsx
: Network.Provider.Netris);
_networkAclMgr.reorderAclRules(vpc, networks, allAclRules,
networkProvider);
}
return networkACLItem;
