apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-03 04:12:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

VPC: CS-15564 - when send the rules to the backend, form the list of rules after the rules were marked with Revoke state

Browse Source 
Conflicts:

	server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
This commit is contained in:
Alena Prokharchyk 2012-07-13 12:47:36 -07:00
parent d48d4c24e7
commit 534e6d4d80
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
View File

@ -13,8 +13,6 @@
package com.cloud.network.vpc; package com.cloud.network.vpc;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -369,19 +367,27 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
public boolean revokeAllNetworkACLsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException { public boolean revokeAllNetworkACLsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException {
List<FirewallRuleVO> ACLs = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.NetworkACL); List<FirewallRuleVO> ACLs = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.NetworkACL);
if (ACLs.isEmpty()) {
s_logger.debug("Found no network ACLs for network id=" + networkId);
return true;
}
if (s_logger.isDebugEnabled()) { if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing " + ACLs.size() + " Network ACLs for network id=" + networkId); s_logger.debug("Releasing " + ACLs.size() + " Network ACLs for network id=" + networkId);
} }
for (FirewallRuleVO ACL : ACLs) { for (FirewallRuleVO ACL : ACLs) {
// Mark all Firewall rules as Revoke, but don't revoke them yet - we have to revoke all rules for ip, no // Mark all Network ACLs rules as Revoke, but don't revoke them yet - we have to revoke all rules for ip, no
// need to send them one by one // need to send them one by one
revokeNetworkACL(ACL.getId(), false, caller, Account.ACCOUNT_ID_SYSTEM); revokeNetworkACL(ACL.getId(), false, caller, Account.ACCOUNT_ID_SYSTEM);
} }
List<FirewallRuleVO> ACLsToRevoke = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.NetworkACL);
// now send everything to the backend // now send everything to the backend
boolean success = _firewallMgr.applyFirewallRules(ACLs, false, caller); boolean success = _firewallMgr.applyFirewallRules(ACLsToRevoke, false, caller);
if (s_logger.isDebugEnabled()) { if (s_logger.isDebugEnabled()) {
s_logger.debug("Successfully released Network ACLs for network id=" + networkId + " and # of rules now = " + ACLs.size()); s_logger.debug("Successfully released Network ACLs for network id=" + networkId + " and # of rules now = " + ACLs.size());
} }