mirror of
https://github.com/apache/cloudstack.git
synced 2025-11-02 20:02:29 +01:00
bug 13919: do includingRemoved Nic search when remove firewall rules during the vm expunge
status 13919: resolved fixed Reviewed-by: Sheng Yang
This commit is contained in:
Alena Prokharchyk
parent
760c62eb15
commit
2992c608c4
@ -124,7 +124,7 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta
|
||||
|
||||
result = result && _rulesService.applyStaticNatRules(ipAddressId, UserContext.current().getCaller());
|
||||
rule = _entityMgr.findById(FirewallRule.class, getEntityId());
|
||||
StaticNatRule staticNatRule = _rulesService.buildStaticNatRule(rule);
|
||||
StaticNatRule staticNatRule = _rulesService.buildStaticNatRule(rule, false);
|
||||
IpForwardingRuleResponse fwResponse = _responseGenerator.createIpForwardingRuleResponse(staticNatRule);
|
||||
fwResponse.setResponseName(getCommandName());
|
||||
this.setResponseObject(fwResponse);
|
||||
|
||||
@ -87,7 +87,7 @@ public class ListIpForwardingRulesCmd extends BaseListProjectAndAccountResources
|
||||
ListResponse<IpForwardingRuleResponse> response = new ListResponse<IpForwardingRuleResponse>();
|
||||
List<IpForwardingRuleResponse> ipForwardingResponses = new ArrayList<IpForwardingRuleResponse>();
|
||||
for (FirewallRule rule : result) {
|
||||
StaticNatRule staticNatRule = _rulesService.buildStaticNatRule(rule);
|
||||
StaticNatRule staticNatRule = _rulesService.buildStaticNatRule(rule, false);
|
||||
IpForwardingRuleResponse resp = _responseGenerator.createIpForwardingRuleResponse(staticNatRule);
|
||||
if (resp != null) {
|
||||
ipForwardingResponses.add(resp);
|
||||
|
||||
@ -77,7 +77,7 @@ public interface RulesService {
|
||||
|
||||
boolean applyStaticNatRules(long ipAdddressId, Account caller) throws ResourceUnavailableException;
|
||||
|
||||
StaticNatRule buildStaticNatRule(FirewallRule rule);
|
||||
StaticNatRule buildStaticNatRule(FirewallRule rule, boolean forRevoke);
|
||||
|
||||
List<String> getSourceCidrs(long ruleId);
|
||||
|
||||
|
||||
@ -1882,7 +1882,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
|
||||
if (!staticNatFirewallRules.isEmpty()) {
|
||||
List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
|
||||
for (FirewallRule rule : staticNatFirewallRules) {
|
||||
staticNatRules.add(_rulesMgr.buildStaticNatRule(rule));
|
||||
staticNatRules.add(_rulesMgr.buildStaticNatRule(rule, false));
|
||||
}
|
||||
createApplyStaticNatRulesCommands(staticNatRules, router, cmds);
|
||||
}
|
||||
|
||||
@ -33,7 +33,7 @@ public interface RulesManager extends RulesService {
|
||||
|
||||
boolean applyPortForwardingRules(long ipAddressId, boolean continueOnError, Account caller);
|
||||
|
||||
boolean applyStaticNatRules(long sourceIpId, boolean continueOnError, Account caller);
|
||||
boolean applyStaticNatRulesForIp(long sourceIpId, boolean continueOnError, Account caller, boolean forRevoke);
|
||||
|
||||
boolean applyPortForwardingRulesForNetwork(long networkId, boolean continueOnError, Account caller);
|
||||
|
||||
|
||||
@ -495,7 +495,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
boolean success = false;
|
||||
|
||||
if (apply) {
|
||||
success = applyStaticNatRules(rule.getSourceIpAddressId(), true, caller);
|
||||
success = applyStaticNatRulesForIp(rule.getSourceIpAddressId(), true, caller, true);
|
||||
} else {
|
||||
success = true;
|
||||
}
|
||||
@ -563,7 +563,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
// apply rules for all ip addresses
|
||||
for (Long ipId : ipsToReprogram) {
|
||||
s_logger.debug("Applying static nat rules for ip address id=" + ipId + " as a part of vm expunge");
|
||||
if (!applyStaticNatRules(ipId, true, _accountMgr.getSystemAccount())) {
|
||||
if (!applyStaticNatRulesForIp(ipId, true, _accountMgr.getSystemAccount(), true)) {
|
||||
success = false;
|
||||
s_logger.warn("Failed to apply static nat rules for ip id=" + ipId);
|
||||
}
|
||||
@ -654,7 +654,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyStaticNatRules(long sourceIpId, boolean continueOnError, Account caller) {
|
||||
public boolean applyStaticNatRulesForIp(long sourceIpId, boolean continueOnError, Account caller, boolean forRevoke) {
|
||||
List<? extends FirewallRule> rules = _firewallDao.listByIpAndPurpose(sourceIpId, Purpose.StaticNat);
|
||||
List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
|
||||
|
||||
@ -664,7 +664,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
}
|
||||
|
||||
for (FirewallRule rule : rules) {
|
||||
staticNatRules.add(buildStaticNatRule(rule));
|
||||
staticNatRules.add(buildStaticNatRule(rule, forRevoke));
|
||||
}
|
||||
|
||||
if (caller != null) {
|
||||
@ -722,7 +722,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
}
|
||||
|
||||
for (FirewallRuleVO rule : rules) {
|
||||
staticNatRules.add(buildStaticNatRule(rule));
|
||||
staticNatRules.add(buildStaticNatRule(rule, false));
|
||||
}
|
||||
|
||||
try {
|
||||
@ -833,7 +833,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
@Override
|
||||
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "applying static nat rule", async = true)
|
||||
public boolean applyStaticNatRules(long ipId, Account caller) throws ResourceUnavailableException {
|
||||
if (!applyStaticNatRules(ipId, false, caller)) {
|
||||
if (!applyStaticNatRulesForIp(ipId, false, caller, false)) {
|
||||
throw new CloudRuntimeException("Failed to apply static nat rule");
|
||||
}
|
||||
return true;
|
||||
@ -869,7 +869,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
success = success && applyPortForwardingRules(ipId, true, caller);
|
||||
|
||||
// revoke all all static nat rules
|
||||
success = success && applyStaticNatRules(ipId, true, caller);
|
||||
success = success && applyStaticNatRulesForIp(ipId, true, caller, true);
|
||||
|
||||
// revoke static nat for the ip address
|
||||
success = success && applyStaticNatForIp(ipId, false, caller, true);
|
||||
@ -1112,15 +1112,20 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
}
|
||||
|
||||
@Override
|
||||
public StaticNatRule buildStaticNatRule(FirewallRule rule) {
|
||||
public StaticNatRule buildStaticNatRule(FirewallRule rule, boolean forRevoke) {
|
||||
IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId());
|
||||
FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId());
|
||||
|
||||
if (ip == null || !ip.isOneToOneNat() || ip.getAssociatedWithVmId() == null) {
|
||||
throw new InvalidParameterValueException("Source ip address of the rule id=" + rule.getId() + " is not static nat enabled");
|
||||
}
|
||||
|
||||
String dstIp = _networkMgr.getIpInNetwork(ip.getAssociatedWithVmId(), rule.getNetworkId());
|
||||
|
||||
String dstIp;
|
||||
if (forRevoke) {
|
||||
dstIp = _networkMgr.getIpInNetworkIncludingRemoved(ip.getAssociatedWithVmId(), rule.getNetworkId());
|
||||
} else {
|
||||
dstIp = _networkMgr.getIpInNetwork(ip.getAssociatedWithVmId(), rule.getNetworkId());
|
||||
}
|
||||
|
||||
return new StaticNatRuleImpl(ruleVO, dstIp);
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user