There was a discussion regarding API name alias [1]. After adding API name alias, we still need to have different response tags for backward compatibility. New: <networkaclitem>..</networkaclitem> Old: <networkacl>..<networkacl>
If we are to use the same API, networkId and aclId both have to be made optional. Would it better to have new API createNetworkACLItem instead and deprecate createNetworkACL gradually? [1] http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3ccd92e986.17651%[email protected]%3E > -----Original Message----- > From: Chiradeep Vittal > Sent: Wednesday, 3 April 2013 1:08 AM > To: Kishan Kavala; [email protected]; Chandan Purushothama > Subject: Re: Question pertaining to the Support of ACL deny rules > > > > On 4/2/13 6:46 AM, "Kishan Kavala" <[email protected]> wrote: > > To implement API alias, APICommand annotation needs to be changed to > >support multiple API names for the same Cmd object. > > Can you call this out in a separate DISCUSS ? > > > > >> * createNetwork - I like this idea of being able to specify at > >>creation time, but it should fail if the ACL service is not present > >[KK] ACL service will always be present in VPC case. We do not support > >ACL container in non-vpc case. > > But this can change. > > > > >> * listNetworkAclContainers - listAPIs usually have filters as > >>parameters. > >> You are proposing two filters -- by ACLList Id and network id. I > >>could easily see filtering by list of network ids, by vpc id, those > >>that contain a particular ACLItem, etc. At the very least can we > >>rewrite the API that takes a filter as an input ? How do I know which > >>ACLList is the default one? > >[KK] I'll add additional filters- byNetworkIds, byVpcId. Each ACLList > >will have flag indicating default true/false. > > Is there a standard filter syntax for this? > > > > >> * Scripts - do you propose deleting and re-creating the entire chain > >>when you update a rule? Or do you plan to surgically move around the > >>rules as the ordering changes? > >[KK] Planning on deleting and re-creating all the rules. > > > >> * what are the contents of the default ACLList? > >[KK] default ACLList will contain deny all rule. > > Can you update the spec with the default ACL list? > > Thanks > -- > Chiradeep
