vishesh92 commented on code in PR #12706:
URL: https://github.com/apache/cloudstack/pull/12706#discussion_r3225887021
##########
server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java:
##########
@@ -283,6 +320,158 @@ protected FirewallRule createFirewallRule(final Long
ipAddrId, Account caller, f
}
}
+ @DB
+ protected FirewallRule createFirewallRuleForVpc(final Long ipAddrId,
Account caller, final String xId, final Integer portStart, final Integer
portEnd, final String protocol,
+ final List<String>
sourceCidrList, final List<String> destCidrList, final Integer icmpCode, final
Integer icmpType,
+ final Long relatedRuleId,
final FirewallRuleType type, final Long vpcId,
+ final
FirewallRule.TrafficType trafficType, final Boolean forDisplay) throws
NetworkRuleConflictException {
+ IPAddressVO ipAddress = null;
+ try {
+ Long resolvedVpcId = vpcId;
+ if (ipAddrId != null) {
+ ipAddress = _ipAddressDao.acquireInLockTable(ipAddrId);
+ if (ipAddress == null) {
+ throw new InvalidParameterValueException("Unable to create
firewall rule; " + "couldn't locate IP address by id in the system");
+ }
+ resolvedVpcId = resolvedVpcId != null ? resolvedVpcId :
ipAddress.getVpcId();
+ }
+
+ if (resolvedVpcId == null) {
+ throw new InvalidParameterValueException("Unable to create VPC
firewall rule; couldn't locate VPC id");
+ }
+
+ validateFirewallRuleForVpc(caller, ipAddress, portStart, portEnd,
protocol, Purpose.Firewall, type, resolvedVpcId, trafficType);
+
+ if (!protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (icmpCode
!= null || icmpType != null)) {
+ throw new InvalidParameterValueException("Can specify icmpCode
and icmpType for ICMP protocol only");
+ }
+
+ if (protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (portStart
!= null || portEnd != null)) {
+ throw new InvalidParameterValueException("Can't specify
start/end port when protocol is ICMP");
+ }
+
+ Long accountId = null;
+ Long domainId = null;
+
+ if (ipAddress != null) {
+ accountId = ipAddress.getAllocatedToAccountId();
+ domainId = ipAddress.getAllocatedInDomainId();
+ } else {
+ Vpc vpc = _vpcMgr.getActiveVpc(resolvedVpcId);
+ if (vpc == null) {
+ throw new InvalidParameterValueException("Unable to create
VPC firewall rule; couldn't locate VPC by id=" + resolvedVpcId);
+ }
+ accountId = vpc.getAccountId();
+ domainId = vpc.getDomainId();
+ }
+
+ final Long accountIdFinal = accountId;
+ final Long domainIdFinal = domainId;
+ final Long resolvedNetworkIdFinal = null;
+ final Long resolvedVpcIdFinal = resolvedVpcId;
+ return
Transaction.execute((TransactionCallbackWithException<FirewallRuleVO,
NetworkRuleConflictException>) status -> {
+ FirewallRuleVO newRule = new FirewallRuleVO(xId, ipAddrId,
portStart, portEnd, protocol.toLowerCase(), resolvedNetworkIdFinal,
accountIdFinal, domainIdFinal, Purpose.Firewall,
+ sourceCidrList, destCidrList, icmpCode, icmpType,
relatedRuleId, trafficType);
+ newRule.setVpcId(resolvedVpcIdFinal);
+ newRule.setType(type);
Review Comment:
this seems to be valid.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
