diff --git a/api/src/com/cloud/network/vpc/NetworkACLService.java b/api/src/com/cloud/network/vpc/NetworkACLService.java index 7cd1d3b3141..f08fff5425d 100644 --- a/api/src/com/cloud/network/vpc/NetworkACLService.java +++ b/api/src/com/cloud/network/vpc/NetworkACLService.java @@ -96,9 +96,8 @@ public interface NetworkACLService { Pair, Integer> listNetworkACLItems(ListNetworkACLsCmd cmd); /** - * Revoked ACL Item with specified Id + * Revoke ACL Item with specified Id * @param ruleId - * @param apply * @return */ boolean revokeNetworkACLItem(long ruleId); @@ -121,7 +120,7 @@ public interface NetworkACLService { * @throws ResourceUnavailableException */ NetworkACLItem updateNetworkACLItem(Long id, String protocol, List sourceCidrList, NetworkACLItem.TrafficType trafficType, String action, Integer number, - Integer sourcePortStart, Integer sourcePortEnd, Integer icmpCode, Integer icmpType, String newUUID, Boolean forDisplay) throws ResourceUnavailableException; + Integer sourcePortStart, Integer sourcePortEnd, Integer icmpCode, Integer icmpType, String newUUID, Boolean forDisplay) throws ResourceUnavailableException; /** * Associates ACL with specified Network diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java index fe0d7773dff..8a9a799575b 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java @@ -86,8 +86,8 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana MessageBus _messageBus; @Override - public NetworkACL createNetworkACL(String name, String description, long vpcId, Boolean forDisplay) { - NetworkACLVO acl = new NetworkACLVO(name, description, vpcId); + public NetworkACL createNetworkACL(final String name, final String description, final long vpcId, final Boolean forDisplay) { + final NetworkACLVO acl = new NetworkACLVO(name, description, vpcId); if (forDisplay != null) { acl.setDisplay(forDisplay); } @@ -95,23 +95,23 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } @Override - public boolean applyNetworkACL(long aclId) throws ResourceUnavailableException { + public boolean applyNetworkACL(final long aclId) throws ResourceUnavailableException { boolean handled = true; boolean aclApplyStatus = true; - List rules = _networkACLItemDao.listByACL(aclId); + final List rules = _networkACLItemDao.listByACL(aclId); //Find all networks using this ACL and apply the ACL - List networks = _networkDao.listByAclId(aclId); - for (NetworkVO network : networks) { + final List networks = _networkDao.listByAclId(aclId); + for (final NetworkVO network : networks) { if (!applyACLItemsToNetwork(network.getId(), rules)) { handled = false; break; } } - List vpcGateways = _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private); - for (VpcGatewayVO vpcGateway : vpcGateways) { - PrivateGateway privateGateway = _vpcSvc.getVpcPrivateGateway(vpcGateway.getId()); + final List vpcGateways = _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private); + for (final VpcGatewayVO vpcGateway : vpcGateways) { + final PrivateGateway privateGateway = _vpcSvc.getVpcPrivateGateway(vpcGateway.getId()); if (!applyACLToPrivateGw(privateGateway)) { aclApplyStatus = false; @@ -121,11 +121,11 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } if (handled && aclApplyStatus) { - for (NetworkACLItem rule : rules) { + for (final NetworkACLItem rule : rules) { if (rule.getState() == NetworkACLItem.State.Revoke) { removeRule(rule); } else if (rule.getState() == NetworkACLItem.State.Add) { - NetworkACLItemVO ruleVO = _networkACLItemDao.findById(rule.getId()); + final NetworkACLItemVO ruleVO = _networkACLItemDao.findById(rule.getId()); ruleVO.setState(NetworkACLItem.State.Active); _networkACLItemDao.update(ruleVO.getId(), ruleVO); } @@ -135,35 +135,36 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } @Override - public NetworkACL getNetworkACL(long id) { + public NetworkACL getNetworkACL(final long id) { return _networkACLDao.findById(id); } @Override - public boolean deleteNetworkACL(NetworkACL acl) { - List aclItems = _networkACLItemDao.listByACL(acl.getId()); - if (aclItems.size() > 0) { - throw new CloudRuntimeException("ACL is not empty. Cannot delete network ACL: " + acl.getUuid()); - } - - List networks = _networkDao.listByAclId(acl.getId()); + public boolean deleteNetworkACL(final NetworkACL acl) { + final long aclId = acl.getId(); + final List networks = _networkDao.listByAclId(aclId); if (networks != null && networks.size() > 0) { throw new CloudRuntimeException("ACL is still associated with " + networks.size() + " tier(s). Cannot delete network ACL: " + acl.getUuid()); } - List pvtGateways = _vpcGatewayDao.listByAclIdAndType(acl.getId(), VpcGateway.Type.Private); + final List pvtGateways = _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private); if (pvtGateways != null && pvtGateways.size() > 0) { throw new CloudRuntimeException("ACL is still associated with " + pvtGateways.size() + " private gateway(s). Cannot delete network ACL: " + acl.getUuid()); } - return _networkACLDao.remove(acl.getId()); + final List aclItems = _networkACLItemDao.listByACL(aclId); + for (final NetworkACLItemVO networkACLItem : aclItems) { + revokeNetworkACLItem(networkACLItem.getId()); + } + + return _networkACLDao.remove(aclId); } @Override - public boolean replaceNetworkACLForPrivateGw(NetworkACL acl, PrivateGateway gateway) throws ResourceUnavailableException { - VpcGatewayVO vpcGatewayVo = _vpcGatewayDao.findById(gateway.getId()); - List aclItems = _networkACLItemDao.listByACL(acl.getId()); + public boolean replaceNetworkACLForPrivateGw(final NetworkACL acl, final PrivateGateway gateway) throws ResourceUnavailableException { + final VpcGatewayVO vpcGatewayVo = _vpcGatewayDao.findById(gateway.getId()); + final List aclItems = _networkACLItemDao.listByACL(acl.getId()); if (aclItems == null || aclItems.isEmpty()) { //Revoke ACL Items of the existing ACL if the new network acl is empty //Other wise existing rules will not be removed on the router elelment @@ -182,9 +183,9 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } @Override - public boolean replaceNetworkACL(NetworkACL acl, NetworkVO network) throws ResourceUnavailableException { + public boolean replaceNetworkACL(final NetworkACL acl, final NetworkVO network) throws ResourceUnavailableException { - NetworkOffering guestNtwkOff = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId()); + final NetworkOffering guestNtwkOff = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId()); if (guestNtwkOff == null) { throw new InvalidParameterValueException("Can't find network offering associated with network: " + network.getUuid()); @@ -198,7 +199,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana if (network.getNetworkACLId() != null) { //Revoke ACL Items of the existing ACL if the new ACL is empty //Existing rules won't be removed otherwise - List aclItems = _networkACLItemDao.listByACL(acl.getId()); + final List aclItems = _networkACLItemDao.listByACL(acl.getId()); if (aclItems == null || aclItems.isEmpty()) { s_logger.debug("New network ACL is empty. Revoke existing rules before applying ACL"); if (!revokeACLItemsForNetwork(network.getId())) { @@ -212,7 +213,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana if (_networkDao.update(network.getId(), network)) { s_logger.debug("Updated network: " + network.getId() + " with Network ACL Id: " + acl.getId() + ", Applying ACL items"); //Apply ACL to network - Boolean result = applyACLToNetwork(network.getId()); + final Boolean result = applyACLToNetwork(network.getId()); if (result) { // public message on message bus, so that network elements implementing distributed routing capability // can act on the event @@ -234,16 +235,16 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } final Integer numberFinal = number; - NetworkACLItemVO newRule = Transaction.execute(new TransactionCallback() { + final NetworkACLItemVO newRule = Transaction.execute(new TransactionCallback() { @Override - public NetworkACLItemVO doInTransaction(TransactionStatus status) { + public NetworkACLItemVO doInTransaction(final TransactionStatus status) { NetworkACLItem.Action ruleAction = NetworkACLItem.Action.Allow; if ("deny".equalsIgnoreCase(action)) { ruleAction = NetworkACLItem.Action.Deny; } NetworkACLItemVO newRule = - new NetworkACLItemVO(portStart, portEnd, protocol.toLowerCase(), aclId, sourceCidrList, icmpCode, icmpType, trafficType, ruleAction, numberFinal); + new NetworkACLItemVO(portStart, portEnd, protocol.toLowerCase(), aclId, sourceCidrList, icmpCode, icmpType, trafficType, ruleAction, numberFinal); if (forDisplay != null) { newRule.setDisplay(forDisplay); @@ -264,14 +265,14 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } @Override - public NetworkACLItem getNetworkACLItem(long ruleId) { + public NetworkACLItem getNetworkACLItem(final long ruleId) { return _networkACLItemDao.findById(ruleId); } @Override - public boolean revokeNetworkACLItem(long ruleId) { + public boolean revokeNetworkACLItem(final long ruleId) { - NetworkACLItemVO rule = _networkACLItemDao.findById(ruleId); + final NetworkACLItemVO rule = _networkACLItemDao.findById(ruleId); revokeRule(rule); @@ -280,7 +281,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana try { applyNetworkACL(rule.getAclId()); success = true; - } catch (ResourceUnavailableException e) { + } catch (final ResourceUnavailableException e) { return false; } @@ -288,7 +289,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } @DB - private void revokeRule(NetworkACLItemVO rule) { + private void revokeRule(final NetworkACLItemVO rule) { if (rule.getState() == State.Staged) { if (s_logger.isDebugEnabled()) { s_logger.debug("Found a rule that is still in stage state so just removing it: " + rule); @@ -301,12 +302,12 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } @Override - public boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException { - Network network = _networkDao.findById(networkId); + public boolean revokeACLItemsForNetwork(final long networkId) throws ResourceUnavailableException { + final Network network = _networkDao.findById(networkId); if (network.getNetworkACLId() == null) { return true; } - List aclItems = _networkACLItemDao.listByACL(network.getNetworkACLId()); + final List aclItems = _networkACLItemDao.listByACL(network.getNetworkACLId()); if (aclItems.isEmpty()) { s_logger.debug("Found no network ACL Items for network id=" + networkId); return true; @@ -316,14 +317,14 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana s_logger.debug("Releasing " + aclItems.size() + " Network ACL Items for network id=" + networkId); } - for (NetworkACLItemVO aclItem : aclItems) { + for (final NetworkACLItemVO aclItem : aclItems) { // Mark all Network ACLs rules as Revoke, but don't update in DB if (aclItem.getState() == State.Add || aclItem.getState() == State.Active) { aclItem.setState(State.Revoke); } } - boolean success = applyACLItemsToNetwork(network.getId(), aclItems); + final boolean success = applyACLItemsToNetwork(network.getId(), aclItems); if (s_logger.isDebugEnabled() && success) { s_logger.debug("Successfully released Network ACLs for network id=" + networkId + " and # of rules now = " + aclItems.size()); @@ -333,9 +334,9 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } @Override - public boolean revokeACLItemsForPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException { + public boolean revokeACLItemsForPrivateGw(final PrivateGateway gateway) throws ResourceUnavailableException { - List aclItems = _networkACLItemDao.listByACL(gateway.getNetworkACLId()); + final List aclItems = _networkACLItemDao.listByACL(gateway.getNetworkACLId()); if (aclItems.isEmpty()) { s_logger.debug("Found no network ACL Items for private gateway id=" + gateway.getId()); return true; @@ -345,14 +346,14 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana s_logger.debug("Releasing " + aclItems.size() + " Network ACL Items for private gateway id=" + gateway.getId()); } - for (NetworkACLItemVO aclItem : aclItems) { + for (final NetworkACLItemVO aclItem : aclItems) { // Mark all Network ACLs rules as Revoke, but don't update in DB if (aclItem.getState() == State.Add || aclItem.getState() == State.Active) { aclItem.setState(State.Revoke); } } - boolean success = applyACLToPrivateGw(gateway, aclItems); + final boolean success = applyACLToPrivateGw(gateway, aclItems); if (s_logger.isDebugEnabled() && success) { s_logger.debug("Successfully released Network ACLs for private gateway id=" + gateway.getId() + " and # of rules now = " + aclItems.size()); @@ -362,27 +363,27 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } @Override - public List listNetworkACLItems(long guestNtwkId) { - Network network = _networkMgr.getNetwork(guestNtwkId); + public List listNetworkACLItems(final long guestNtwkId) { + final Network network = _networkMgr.getNetwork(guestNtwkId); if (network.getNetworkACLId() == null) { return null; } return _networkACLItemDao.listByACL(network.getNetworkACLId()); } - private void removeRule(NetworkACLItem rule) { + private void removeRule(final NetworkACLItem rule) { //remove the rule _networkACLItemDao.remove(rule.getId()); } @Override - public boolean applyACLToPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException { - VpcGatewayVO vpcGatewayVO = _vpcGatewayDao.findById(gateway.getId()); - List rules = _networkACLItemDao.listByACL(vpcGatewayVO.getNetworkACLId()); + public boolean applyACLToPrivateGw(final PrivateGateway gateway) throws ResourceUnavailableException { + final VpcGatewayVO vpcGatewayVO = _vpcGatewayDao.findById(gateway.getId()); + final List rules = _networkACLItemDao.listByACL(vpcGatewayVO.getNetworkACLId()); return applyACLToPrivateGw(gateway, rules); } - private boolean applyACLToPrivateGw(PrivateGateway gateway, List rules) throws ResourceUnavailableException { + private boolean applyACLToPrivateGw(final PrivateGateway gateway, final List rules) throws ResourceUnavailableException { List vpcElements = null; vpcElements = new ArrayList(); vpcElements.add((VpcProvider)_ntwkModel.getElementImplementingProvider(Network.Provider.VPCVirtualRouter.getName())); @@ -392,29 +393,29 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } try{ - for (VpcProvider provider : vpcElements) { + for (final VpcProvider provider : vpcElements) { return provider.applyACLItemsToPrivateGw(gateway, rules); } - } catch(Exception ex) { + } catch(final Exception ex) { s_logger.debug("Failed to apply acl to private gateway " + gateway); } return false; } @Override - public boolean applyACLToNetwork(long networkId) throws ResourceUnavailableException { - Network network = _networkDao.findById(networkId); + public boolean applyACLToNetwork(final long networkId) throws ResourceUnavailableException { + final Network network = _networkDao.findById(networkId); if (network.getNetworkACLId() == null) { return true; } - List rules = _networkACLItemDao.listByACL(network.getNetworkACLId()); + final List rules = _networkACLItemDao.listByACL(network.getNetworkACLId()); return applyACLItemsToNetwork(networkId, rules); } @Override - public NetworkACLItem updateNetworkACLItem(Long id, String protocol, List sourceCidrList, NetworkACLItem.TrafficType trafficType, String action, - Integer number, Integer sourcePortStart, Integer sourcePortEnd, Integer icmpCode, Integer icmpType, String customId, Boolean forDisplay) throws ResourceUnavailableException { - NetworkACLItemVO aclItem = _networkACLItemDao.findById(id); + public NetworkACLItem updateNetworkACLItem(final Long id, final String protocol, final List sourceCidrList, final NetworkACLItem.TrafficType trafficType, final String action, + final Integer number, final Integer sourcePortStart, final Integer sourcePortEnd, final Integer icmpCode, final Integer icmpType, final String customId, final Boolean forDisplay) throws ResourceUnavailableException { + final NetworkACLItemVO aclItem = _networkACLItemDao.findById(id); aclItem.setState(State.Add); if (protocol != null) { @@ -475,13 +476,13 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana return null; } - public boolean applyACLItemsToNetwork(long networkId, List rules) throws ResourceUnavailableException { - Network network = _networkDao.findById(networkId); + public boolean applyACLItemsToNetwork(final long networkId, final List rules) throws ResourceUnavailableException { + final Network network = _networkDao.findById(networkId); boolean handled = false; boolean foundProvider = false; - for (NetworkACLServiceProvider element : _networkAclElements) { - Network.Provider provider = element.getProvider(); - boolean isAclProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.NetworkACL, provider); + for (final NetworkACLServiceProvider element : _networkAclElements) { + final Network.Provider provider = element.getProvider(); + final boolean isAclProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.NetworkACL, provider); if (!isAclProvider) { continue; } @@ -506,8 +507,8 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } @Inject - public void setNetworkAclElements(List networkAclElements) { - this._networkAclElements = networkAclElements; + public void setNetworkAclElements(final List networkAclElements) { + _networkAclElements = networkAclElements; } } diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java index 60f5d7b4e72..4132b606d4e 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java @@ -22,16 +22,15 @@ import java.util.Map; import javax.inject.Inject; -import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; -import org.springframework.stereotype.Component; - import org.apache.cloudstack.api.ApiErrorCode; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd; import org.apache.cloudstack.api.command.user.network.ListNetworkACLListsCmd; import org.apache.cloudstack.api.command.user.network.ListNetworkACLsCmd; import org.apache.cloudstack.context.CallContext; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; +import org.springframework.stereotype.Component; import com.cloud.event.ActionEvent; import com.cloud.event.EventTypes; @@ -95,9 +94,9 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ VpcService _vpcSvc; @Override - public NetworkACL createNetworkACL(String name, String description, long vpcId, Boolean forDisplay) { - Account caller = CallContext.current().getCallingAccount(); - Vpc vpc = _entityMgr.findById(Vpc.class, vpcId); + public NetworkACL createNetworkACL(final String name, final String description, final long vpcId, final Boolean forDisplay) { + final Account caller = CallContext.current().getCallingAccount(); + final Vpc vpc = _entityMgr.findById(Vpc.class, vpcId); if (vpc == null) { throw new InvalidParameterValueException("Unable to find VPC"); } @@ -107,37 +106,37 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ @Override @ActionEvent(eventType = EventTypes.EVENT_NETWORK_ACL_CREATE, eventDescription = "creating network acl list", async = true) - public NetworkACL getNetworkACL(long id) { + public NetworkACL getNetworkACL(final long id) { return _networkAclMgr.getNetworkACL(id); } @Override - public Pair, Integer> listNetworkACLs(ListNetworkACLListsCmd cmd) { - Long id = cmd.getId(); - String name = cmd.getName(); - Long networkId = cmd.getNetworkId(); - Long vpcId = cmd.getVpcId(); - String keyword = cmd.getKeyword(); - Boolean display = cmd.getDisplay(); + public Pair, Integer> listNetworkACLs(final ListNetworkACLListsCmd cmd) { + final Long id = cmd.getId(); + final String name = cmd.getName(); + final Long networkId = cmd.getNetworkId(); + final Long vpcId = cmd.getVpcId(); + final String keyword = cmd.getKeyword(); + final Boolean display = cmd.getDisplay(); - SearchBuilder sb = _networkACLDao.createSearchBuilder(); + final SearchBuilder sb = _networkACLDao.createSearchBuilder(); sb.and("id", sb.entity().getId(), Op.EQ); sb.and("name", sb.entity().getName(), Op.EQ); sb.and("vpcId", sb.entity().getVpcId(), Op.IN); sb.and("display", sb.entity().isDisplay(), Op.EQ); - Account caller = CallContext.current().getCallingAccount(); + final Account caller = CallContext.current().getCallingAccount(); if (networkId != null) { - SearchBuilder network = _networkDao.createSearchBuilder(); + final SearchBuilder network = _networkDao.createSearchBuilder(); network.and("networkId", network.entity().getId(), Op.EQ); sb.join("networkJoin", network, sb.entity().getId(), network.entity().getNetworkACLId(), JoinBuilder.JoinType.INNER); } - SearchCriteria sc = sb.create(); + final SearchCriteria sc = sb.create(); if (keyword != null) { - SearchCriteria ssc = _networkACLDao.createSearchCriteria(); + final SearchCriteria ssc = _networkACLDao.createSearchCriteria(); ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%"); ssc.addOr("description", SearchCriteria.Op.LIKE, "%" + keyword + "%"); sc.addAnd("name", SearchCriteria.Op.SC, ssc); @@ -156,7 +155,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ } if (vpcId != null) { - Vpc vpc = _entityMgr.findById(Vpc.class, vpcId); + final Vpc vpc = _entityMgr.findById(Vpc.class, vpcId); if (vpc == null) { throw new InvalidParameterValueException("Unable to find VPC"); } @@ -168,26 +167,26 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ // VpcId is not specified. Find permitted VPCs for the caller // and list ACLs belonging to the permitted VPCs - List permittedAccounts = new ArrayList(); + final List permittedAccounts = new ArrayList(); Long domainId = cmd.getDomainId(); boolean isRecursive = cmd.isRecursive(); - String accountName = cmd.getAccountName(); - Long projectId = cmd.getProjectId(); - boolean listAll = cmd.listAll(); - Ternary domainIdRecursiveListProject = new Ternary domainIdRecursiveListProject = new Ternary(domainId, isRecursive, null); _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, listAll, false); domainId = domainIdRecursiveListProject.first(); isRecursive = domainIdRecursiveListProject.second(); - ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); - SearchBuilder sbVpc = _vpcDao.createSearchBuilder(); + final ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); + final SearchBuilder sbVpc = _vpcDao.createSearchBuilder(); _accountMgr.buildACLSearchBuilder(sbVpc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); - SearchCriteria scVpc = sbVpc.create(); + final SearchCriteria scVpc = sbVpc.create(); _accountMgr.buildACLSearchCriteria(scVpc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); - List vpcs = _vpcDao.search(scVpc, null); - List vpcIds = new ArrayList(); - for (VpcVO vpc : vpcs) { + final List vpcs = _vpcDao.search(scVpc, null); + final List vpcIds = new ArrayList(); + for (final VpcVO vpc : vpcs) { vpcIds.add(vpc.getId()); } //Add vpc_id 0 to list default ACLs @@ -199,16 +198,16 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ sc.setJoinParameters("networkJoin", "networkId", networkId); } - Filter filter = new Filter(NetworkACLVO.class, "id", false, null, null); - Pair, Integer> acls = _networkACLDao.searchAndCount(sc, filter); + final Filter filter = new Filter(NetworkACLVO.class, "id", false, null, null); + final Pair, Integer> acls = _networkACLDao.searchAndCount(sc, filter); return new Pair, Integer>(acls.first(), acls.second()); } @Override @ActionEvent(eventType = EventTypes.EVENT_NETWORK_ACL_DELETE, eventDescription = "Deleting Network ACL List", async = true) - public boolean deleteNetworkACL(long id) { - Account caller = CallContext.current().getCallingAccount(); - NetworkACL acl = _networkACLDao.findById(id); + public boolean deleteNetworkACL(final long id) { + final Account caller = CallContext.current().getCallingAccount(); + final NetworkACL acl = _networkACLDao.findById(id); if (acl == null) { throw new InvalidParameterValueException("Unable to find specified ACL"); } @@ -218,7 +217,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ throw new InvalidParameterValueException("Default ACL cannot be removed"); } - Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); + final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); if (vpc == null) { throw new InvalidParameterValueException("Unable to find specified VPC associated with the ACL"); } @@ -227,19 +226,19 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ } @Override - public boolean replaceNetworkACLonPrivateGw(long aclId, long privateGatewayId) throws ResourceUnavailableException { - Account caller = CallContext.current().getCallingAccount(); - VpcGateway gateway = _vpcGatewayDao.findById(privateGatewayId); + public boolean replaceNetworkACLonPrivateGw(final long aclId, final long privateGatewayId) throws ResourceUnavailableException { + final Account caller = CallContext.current().getCallingAccount(); + final VpcGateway gateway = _vpcGatewayDao.findById(privateGatewayId); if (gateway == null) { throw new InvalidParameterValueException("Unable to find specified private gateway"); } - VpcGatewayVO vo = _vpcGatewayDao.findById(privateGatewayId); + final VpcGatewayVO vo = _vpcGatewayDao.findById(privateGatewayId); if (vo.getState() != VpcGateway.State.Ready) { throw new InvalidParameterValueException("Gateway is not in Ready state"); } - NetworkACL acl = _networkACLDao.findById(aclId); + final NetworkACL acl = _networkACLDao.findById(aclId); if (acl == null) { throw new InvalidParameterValueException("Unable to find specified NetworkACL"); } @@ -249,7 +248,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ } if (aclId != NetworkACL.DEFAULT_DENY && aclId != NetworkACL.DEFAULT_ALLOW) { - Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); + final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); if (vpc == null) { throw new InvalidParameterValueException("Unable to find Vpc associated with the NetworkACL"); } @@ -259,7 +258,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ } } - PrivateGateway privateGateway = _vpcSvc.getVpcPrivateGateway(gateway.getId()); + final PrivateGateway privateGateway = _vpcSvc.getVpcPrivateGateway(gateway.getId()); _accountMgr.checkAccess(caller, null, true, privateGateway); return _networkAclMgr.replaceNetworkACLForPrivateGw(acl, privateGateway); @@ -267,15 +266,15 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ } @Override - public boolean replaceNetworkACL(long aclId, long networkId) throws ResourceUnavailableException { - Account caller = CallContext.current().getCallingAccount(); + public boolean replaceNetworkACL(final long aclId, final long networkId) throws ResourceUnavailableException { + final Account caller = CallContext.current().getCallingAccount(); - NetworkVO network = _networkDao.findById(networkId); + final NetworkVO network = _networkDao.findById(networkId); if (network == null) { throw new InvalidParameterValueException("Unable to find specified Network"); } - NetworkACL acl = _networkACLDao.findById(aclId); + final NetworkACL acl = _networkACLDao.findById(aclId); if (acl == null) { throw new InvalidParameterValueException("Unable to find specified NetworkACL"); } @@ -291,7 +290,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ if (aclId != NetworkACL.DEFAULT_DENY && aclId != NetworkACL.DEFAULT_ALLOW) { //ACL is not default DENY/ALLOW // ACL should be associated with a VPC - Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); + final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); if (vpc == null) { throw new InvalidParameterValueException("Unable to find Vpc associated with the NetworkACL"); } @@ -306,15 +305,15 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ } @Override - public NetworkACLItem createNetworkACLItem(CreateNetworkACLCmd aclItemCmd) { - Account caller = CallContext.current().getCallingAccount(); + public NetworkACLItem createNetworkACLItem(final CreateNetworkACLCmd aclItemCmd) { + final Account caller = CallContext.current().getCallingAccount(); Long aclId = aclItemCmd.getACLId(); if (aclId == null) { //ACL id is not specified. Get the ACL details from network if (aclItemCmd.getNetworkId() == null) { throw new InvalidParameterValueException("Cannot create Network ACL Item. ACL Id or network Id is required"); } - Network network = _networkMgr.getNetwork(aclItemCmd.getNetworkId()); + final Network network = _networkMgr.getNetwork(aclItemCmd.getNetworkId()); if (network.getVpcId() == null) { throw new InvalidParameterValueException("Network: " + network.getUuid() + " does not belong to VPC"); } @@ -329,15 +328,15 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ throw new InvalidParameterValueException("Network Offering does not support NetworkACL service"); } - Vpc vpc = _entityMgr.findById(Vpc.class, network.getVpcId()); + final Vpc vpc = _entityMgr.findById(Vpc.class, network.getVpcId()); if (vpc == null) { throw new InvalidParameterValueException("Unable to find Vpc associated with the Network"); } //Create new ACL - String aclName = "VPC_" + vpc.getName() + "_Tier_" + network.getName() + "_ACL_" + network.getUuid(); - String description = "ACL for " + aclName; - NetworkACL acl = _networkAclMgr.createNetworkACL(aclName, description, network.getVpcId(), aclItemCmd.getDisplay()); + final String aclName = "VPC_" + vpc.getName() + "_Tier_" + network.getName() + "_ACL_" + network.getUuid(); + final String description = "ACL for " + aclName; + final NetworkACL acl = _networkAclMgr.createNetworkACL(aclName, description, network.getVpcId(), aclItemCmd.getDisplay()); if (acl == null) { throw new CloudRuntimeException("Error while create ACL before adding ACL Item for network " + network.getId()); } @@ -349,22 +348,22 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ throw new CloudRuntimeException("Unable to apply auto created ACL to network " + network.getId()); } s_logger.debug("Created ACL is applied to network " + network.getId()); - } catch (ResourceUnavailableException e) { + } catch (final ResourceUnavailableException e) { throw new CloudRuntimeException("Unable to apply auto created ACL to network " + network.getId(), e); } } } - NetworkACL acl = _networkAclMgr.getNetworkACL(aclId); + final NetworkACL acl = _networkAclMgr.getNetworkACL(aclId); if (acl == null) { throw new InvalidParameterValueException("Unable to find specified ACL"); } - if ((aclId == NetworkACL.DEFAULT_DENY) || (aclId == NetworkACL.DEFAULT_ALLOW)) { + if (aclId == NetworkACL.DEFAULT_DENY || aclId == NetworkACL.DEFAULT_ALLOW) { throw new InvalidParameterValueException("Default ACL cannot be modified"); } - Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); + final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); if (vpc == null) { throw new InvalidParameterValueException("Unable to find Vpc associated with the NetworkACL"); } @@ -378,15 +377,15 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ } validateNetworkACLItem(aclItemCmd.getSourcePortStart(), aclItemCmd.getSourcePortEnd(), aclItemCmd.getSourceCidrList(), aclItemCmd.getProtocol(), - aclItemCmd.getIcmpCode(), aclItemCmd.getIcmpType(), aclItemCmd.getAction(), aclItemCmd.getNumber()); + aclItemCmd.getIcmpCode(), aclItemCmd.getIcmpType(), aclItemCmd.getAction(), aclItemCmd.getNumber()); return _networkAclMgr.createNetworkACLItem(aclItemCmd.getSourcePortStart(), aclItemCmd.getSourcePortEnd(), aclItemCmd.getProtocol(), - aclItemCmd.getSourceCidrList(), aclItemCmd.getIcmpCode(), aclItemCmd.getIcmpType(), aclItemCmd.getTrafficType(), aclId, aclItemCmd.getAction(), - aclItemCmd.getNumber(), aclItemCmd.getDisplay()); + aclItemCmd.getSourceCidrList(), aclItemCmd.getIcmpCode(), aclItemCmd.getIcmpType(), aclItemCmd.getTrafficType(), aclId, aclItemCmd.getAction(), + aclItemCmd.getNumber(), aclItemCmd.getDisplay()); } - private void validateNetworkACLItem(Integer portStart, Integer portEnd, List sourceCidrList, String protocol, Integer icmpCode, Integer icmpType, - String action, Integer number) { + private void validateNetworkACLItem(final Integer portStart, final Integer portEnd, final List sourceCidrList, final String protocol, final Integer icmpCode, final Integer icmpType, + final String action, final Integer number) { if (portStart != null && !NetUtils.isValidPort(portStart)) { throw new InvalidParameterValueException("publicPort is an invalid value: " + portStart); @@ -401,11 +400,12 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ } // start port and end port must be null for protocol = 'all' - if ((portStart != null || portEnd != null) && protocol != null && protocol.equalsIgnoreCase("all")) + if ((portStart != null || portEnd != null) && protocol != null && protocol.equalsIgnoreCase("all")) { throw new InvalidParameterValueException("start port and end port must be null if protocol = 'all'"); + } if (sourceCidrList != null) { - for (String cidr : sourceCidrList) { + for (final String cidr : sourceCidrList) { if (!NetUtils.isValidCIDR(cidr)) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Source cidrs formatting error " + cidr); } @@ -416,14 +416,14 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ if (protocol != null) { //Check if protocol is a number if (StringUtils.isNumeric(protocol)) { - int protoNumber = Integer.parseInt(protocol); + final int protoNumber = Integer.parseInt(protocol); if (protoNumber < 0 || protoNumber > 255) { throw new InvalidParameterValueException("Invalid protocol number: " + protoNumber); } } else { //Protocol is not number //Check for valid protocol strings - String supportedProtocols = "tcp,udp,icmp,all"; + final String supportedProtocols = "tcp,udp,icmp,all"; if (!supportedProtocols.contains(protocol.toLowerCase())) { throw new InvalidParameterValueException("Invalid protocol: " + protocol); } @@ -447,7 +447,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ if (icmpCode != null) { if (icmpCode.longValue() != -1 && !NetUtils.validateIcmpCode(icmpCode.longValue())) { throw new InvalidParameterValueException("Invalid icmp code; should belong to [0-15] range and can" - + " be defined when icmpType belongs to [0-40] range"); + + " be defined when icmpType belongs to [0-40] range"); } } } @@ -466,29 +466,29 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ } @Override - public NetworkACLItem getNetworkACLItem(long ruleId) { + public NetworkACLItem getNetworkACLItem(final long ruleId) { return _networkAclMgr.getNetworkACLItem(ruleId); } @Override @ActionEvent(eventType = EventTypes.EVENT_NETWORK_ACL_ITEM_CREATE, eventDescription = "Applying Network ACL Item", async = true) - public boolean applyNetworkACL(long aclId) throws ResourceUnavailableException { + public boolean applyNetworkACL(final long aclId) throws ResourceUnavailableException { return _networkAclMgr.applyNetworkACL(aclId); } @Override - public Pair, Integer> listNetworkACLItems(ListNetworkACLsCmd cmd) { - Long networkId = cmd.getNetworkId(); - Long id = cmd.getId(); + public Pair, Integer> listNetworkACLItems(final ListNetworkACLsCmd cmd) { + final Long networkId = cmd.getNetworkId(); + final Long id = cmd.getId(); Long aclId = cmd.getAclId(); - String trafficType = cmd.getTrafficType(); - String protocol = cmd.getProtocol(); - String action = cmd.getAction(); - Map tags = cmd.getTags(); - Account caller = CallContext.current().getCallingAccount(); + final String trafficType = cmd.getTrafficType(); + final String protocol = cmd.getProtocol(); + final String action = cmd.getAction(); + final Map tags = cmd.getTags(); + final Account caller = CallContext.current().getCallingAccount(); - Filter filter = new Filter(NetworkACLItemVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal()); - SearchBuilder sb = _networkACLItemDao.createSearchBuilder(); + final Filter filter = new Filter(NetworkACLItemVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal()); + final SearchBuilder sb = _networkACLItemDao.createSearchBuilder(); sb.and("id", sb.entity().getId(), Op.EQ); sb.and("aclId", sb.entity().getAclId(), Op.EQ); @@ -497,7 +497,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ sb.and("action", sb.entity().getAction(), Op.EQ); if (tags != null && !tags.isEmpty()) { - SearchBuilder tagSearch = _resourceTagDao.createSearchBuilder(); + final SearchBuilder tagSearch = _resourceTagDao.createSearchBuilder(); for (int count = 0; count < tags.size(); count++) { tagSearch.or().op("key" + String.valueOf(count), tagSearch.entity().getKey(), Op.EQ); tagSearch.and("value" + String.valueOf(count), tagSearch.entity().getValue(), Op.EQ); @@ -510,19 +510,19 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ if (aclId == null) { //Join with network_acl table when aclId is not specified to list acl_items within permitted VPCs - SearchBuilder vpcSearch = _networkACLDao.createSearchBuilder(); + final SearchBuilder vpcSearch = _networkACLDao.createSearchBuilder(); vpcSearch.and("vpcId", vpcSearch.entity().getVpcId(), Op.IN); sb.join("vpcSearch", vpcSearch, sb.entity().getAclId(), vpcSearch.entity().getId(), JoinBuilder.JoinType.INNER); } - SearchCriteria sc = sb.create(); + final SearchCriteria sc = sb.create(); if (id != null) { sc.setParameters("id", id); } if (networkId != null) { - Network network = _networkDao.findById(networkId); + final Network network = _networkDao.findById(networkId); aclId = network.getNetworkACLId(); if( aclId == null){ // No aclId associated with the network. @@ -537,9 +537,9 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ if (aclId != null) { // Get VPC and check access - NetworkACL acl = _networkACLDao.findById(aclId); + final NetworkACL acl = _networkACLDao.findById(aclId); if (acl.getVpcId() != 0) { - Vpc vpc = _vpcDao.findById(acl.getVpcId()); + final Vpc vpc = _vpcDao.findById(acl.getVpcId()); if (vpc == null) { throw new InvalidParameterValueException("Unable to find VPC associated with acl"); } @@ -552,26 +552,26 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ // aclId is not specified // List permitted VPCs and filter aclItems - List permittedAccounts = new ArrayList(); + final List permittedAccounts = new ArrayList(); Long domainId = cmd.getDomainId(); boolean isRecursive = cmd.isRecursive(); - String accountName = cmd.getAccountName(); - Long projectId = cmd.getProjectId(); - boolean listAll = cmd.listAll(); - Ternary domainIdRecursiveListProject = new Ternary domainIdRecursiveListProject = new Ternary(domainId, isRecursive, null); _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, listAll, false); domainId = domainIdRecursiveListProject.first(); isRecursive = domainIdRecursiveListProject.second(); - ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); - SearchBuilder sbVpc = _vpcDao.createSearchBuilder(); + final ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); + final SearchBuilder sbVpc = _vpcDao.createSearchBuilder(); _accountMgr.buildACLSearchBuilder(sbVpc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); - SearchCriteria scVpc = sbVpc.create(); + final SearchCriteria scVpc = sbVpc.create(); _accountMgr.buildACLSearchCriteria(scVpc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); - List vpcs = _vpcDao.search(scVpc, null); - List vpcIds = new ArrayList(); - for (VpcVO vpc : vpcs) { + final List vpcs = _vpcDao.search(scVpc, null); + final List vpcIds = new ArrayList(); + for (final VpcVO vpc : vpcs) { vpcIds.add(vpc.getId()); } //Add vpc_id 0 to list acl_items in default ACL @@ -590,16 +590,16 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ if (tags != null && !tags.isEmpty()) { int count = 0; sc.setJoinParameters("tagSearch", "resourceType", ResourceObjectType.NetworkACL.toString()); - for (String key : tags.keySet()) { + for (final String key : tags.keySet()) { sc.setJoinParameters("tagSearch", "key" + String.valueOf(count), key); sc.setJoinParameters("tagSearch", "value" + String.valueOf(count), tags.get(key)); count++; } } - Pair, Integer> result = _networkACLItemDao.searchAndCount(sc, filter); - List aclItemVOs = result.first(); - for (NetworkACLItemVO item: aclItemVOs) { + final Pair, Integer> result = _networkACLItemDao.searchAndCount(sc, filter); + final List aclItemVOs = result.first(); + for (final NetworkACLItemVO item: aclItemVOs) { _networkACLItemDao.loadCidrs(item); } return new Pair, Integer>(aclItemVOs, result.second()); @@ -607,18 +607,18 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ @Override @ActionEvent(eventType = EventTypes.EVENT_NETWORK_ACL_ITEM_DELETE, eventDescription = "Deleting Network ACL Item", async = true) - public boolean revokeNetworkACLItem(long ruleId) { - NetworkACLItemVO aclItem = _networkACLItemDao.findById(ruleId); + public boolean revokeNetworkACLItem(final long ruleId) { + final NetworkACLItemVO aclItem = _networkACLItemDao.findById(ruleId); if(aclItem != null){ - NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId()); + final NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId()); - Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); + final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); - if((aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW) || (aclItem.getAclId() == NetworkACL.DEFAULT_DENY)){ + if(aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW || aclItem.getAclId() == NetworkACL.DEFAULT_DENY){ throw new InvalidParameterValueException("ACL Items in default ACL cannot be deleted"); } - Account caller = CallContext.current().getCallingAccount(); + final Account caller = CallContext.current().getCallingAccount(); _accountMgr.checkAccess(caller, null, true, vpc); @@ -627,10 +627,9 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ } @Override - @ActionEvent(eventType = EventTypes.EVENT_NETWORK_ACL_ITEM_UPDATE, eventDescription = "Updating Network ACL Item", async = true) - public NetworkACLItem updateNetworkACLItem(Long id, String protocol, List sourceCidrList, NetworkACLItem.TrafficType trafficType, String action, - Integer number, Integer sourcePortStart, Integer sourcePortEnd, Integer icmpCode, Integer icmpType, String newUUID, Boolean forDisplay) throws ResourceUnavailableException { - NetworkACLItemVO aclItem = _networkACLItemDao.findById(id); + public NetworkACLItem updateNetworkACLItem(final Long id, final String protocol, final List sourceCidrList, final NetworkACLItem.TrafficType trafficType, final String action, + final Integer number, final Integer sourcePortStart, final Integer sourcePortEnd, final Integer icmpCode, final Integer icmpType, final String newUUID, final Boolean forDisplay) throws ResourceUnavailableException { + final NetworkACLItemVO aclItem = _networkACLItemDao.findById(id); if (aclItem == null) { throw new InvalidParameterValueException("Unable to find ACL Item cannot be found"); } @@ -639,34 +638,34 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ throw new InvalidParameterValueException("Default ACL Items cannot be updated"); } - NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId()); + final NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId()); - Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); + final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); - Account caller = CallContext.current().getCallingAccount(); + final Account caller = CallContext.current().getCallingAccount(); _accountMgr.checkAccess(caller, null, true, vpc); if (number != null) { //Check if ACL Item with specified number already exists - NetworkACLItemVO aclNumber = _networkACLItemDao.findByAclAndNumber(acl.getId(), number); - if ((aclNumber != null) && (aclNumber.getId() != id)) { + final NetworkACLItemVO aclNumber = _networkACLItemDao.findByAclAndNumber(acl.getId(), number); + if (aclNumber != null && aclNumber.getId() != id) { throw new InvalidParameterValueException("ACL item with number " + number + " already exists in ACL: " + acl.getUuid()); } } - validateNetworkACLItem((sourcePortStart == null) ? aclItem.getSourcePortStart() : sourcePortStart, (sourcePortEnd == null) ? aclItem.getSourcePortEnd() - : sourcePortEnd, sourceCidrList, protocol, icmpCode, (icmpType == null) ? aclItem.getIcmpType() : icmpType, action, number); + validateNetworkACLItem(sourcePortStart == null ? aclItem.getSourcePortStart() : sourcePortStart, sourcePortEnd == null ? aclItem.getSourcePortEnd() + : sourcePortEnd, sourceCidrList, protocol, icmpCode, icmpType == null ? aclItem.getIcmpType() : icmpType, action, number); return _networkAclMgr.updateNetworkACLItem(id, protocol, sourceCidrList, trafficType, action, number, sourcePortStart, sourcePortEnd, icmpCode, icmpType, newUUID, forDisplay); } @Override @ActionEvent(eventType = EventTypes.EVENT_NETWORK_ACL_UPDATE, eventDescription = "updating network acl", async = true) - public NetworkACL updateNetworkACL(Long id, String customId, Boolean forDisplay) { - NetworkACLVO acl = _networkACLDao.findById(id); - Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); - Account caller = CallContext.current().getCallingAccount(); + public NetworkACL updateNetworkACL(final Long id, final String customId, final Boolean forDisplay) { + final NetworkACLVO acl = _networkACLDao.findById(id); + final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); + final Account caller = CallContext.current().getCallingAccount(); _accountMgr.checkAccess(caller, null, true, vpc); if (customId != null) { diff --git a/server/src/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/com/cloud/network/vpc/VpcManagerImpl.java index e9a22024987..18fbfe20226 100644 --- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java +++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java @@ -16,7 +16,6 @@ // under the License. package com.cloud.network.vpc; - import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -210,6 +209,10 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @Inject NetworkACLDao _networkAclDao; @Inject + NetworkACLItemDao _networkACLItemDao; + @Inject + NetworkACLManager _networkAclMgr; + @Inject IpAddressManager _ipAddrMgr; @Inject ConfigDepot _configDepot; @@ -220,9 +223,8 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis private final ScheduledExecutorService _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("VpcChecker")); private List vpcElements = null; private final List nonSupportedServices = Arrays.asList(Service.SecurityGroup, Service.Firewall); - private final List supportedProviders = Arrays.asList(Provider.VPCVirtualRouter, - Provider.NiciraNvp, Provider.InternalLbVm, Provider.Netscaler, Provider.JuniperContrailVpcRouter, - Provider.Ovs, Provider.NuageVsp, Provider.BigSwitchBcf); + private final List supportedProviders = Arrays.asList(Provider.VPCVirtualRouter, Provider.NiciraNvp, Provider.InternalLbVm, Provider.Netscaler, + Provider.JuniperContrailVpcRouter, Provider.Ovs, Provider.NuageVsp, Provider.BigSwitchBcf); int _cleanupInterval; int _maxNetworks; @@ -244,7 +246,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @Override @DB public boolean configure(final String name, final Map params) throws ConfigurationException { - //configure default vpc offering + // configure default vpc offering Transaction.execute(new TransactionCallbackNoReturn() { @Override public void doInTransactionWithoutResult(final TransactionStatus status) { @@ -265,11 +267,10 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis svcProviderMap.put(svc, defaultProviders); } } - createVpcOffering(VpcOffering.defaultVPCOfferingName, VpcOffering.defaultVPCOfferingName, - svcProviderMap, true, State.Enabled, null, false, false, false); + createVpcOffering(VpcOffering.defaultVPCOfferingName, VpcOffering.defaultVPCOfferingName, svcProviderMap, true, State.Enabled, null, false, false, false); } - //configure default vpc offering with Netscaler as LB Provider + // configure default vpc offering with Netscaler as LB Provider if (_vpcOffDao.findByUniqueName(VpcOffering.defaultVPCNSOfferingName) == null) { s_logger.debug("Creating default VPC offering with Netscaler as LB Provider" + VpcOffering.defaultVPCNSOfferingName); final Map> svcProviderMap = new HashMap>(); @@ -285,8 +286,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis svcProviderMap.put(svc, defaultProviders); } } - createVpcOffering(VpcOffering.defaultVPCNSOfferingName, VpcOffering.defaultVPCNSOfferingName, - svcProviderMap, false, State.Enabled, null, false, false, false); + createVpcOffering(VpcOffering.defaultVPCNSOfferingName, VpcOffering.defaultVPCNSOfferingName, svcProviderMap, false, State.Enabled, null, false, false, false); } @@ -306,8 +306,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis svcProviderMap.put(svc, defaultProviders); } } - createVpcOffering(VpcOffering.redundantVPCOfferingName, VpcOffering.redundantVPCOfferingName, - svcProviderMap, true, State.Enabled, null, false, false, true); + createVpcOffering(VpcOffering.redundantVPCOfferingName, VpcOffering.redundantVPCOfferingName, svcProviderMap, true, State.Enabled, null, false, false, true); } } }); @@ -326,8 +325,8 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis IpAddressSearch.and("associatedWithNetworkId", IpAddressSearch.entity().getAssociatedWithNetworkId(), Op.EQ); final SearchBuilder virtualNetworkVlanSB = _vlanDao.createSearchBuilder(); virtualNetworkVlanSB.and("vlanType", virtualNetworkVlanSB.entity().getVlanType(), Op.EQ); - IpAddressSearch.join("virtualNetworkVlanSB", virtualNetworkVlanSB, IpAddressSearch.entity().getVlanId(), virtualNetworkVlanSB.entity().getId(), - JoinBuilder.JoinType.INNER); + IpAddressSearch + .join("virtualNetworkVlanSB", virtualNetworkVlanSB, IpAddressSearch.entity().getVlanId(), virtualNetworkVlanSB.entity().getId(), JoinBuilder.JoinType.INNER); IpAddressSearch.done(); return true; @@ -356,10 +355,8 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @Override @ActionEvent(eventType = EventTypes.EVENT_VPC_OFFERING_CREATE, eventDescription = "creating vpc offering", create = true) - public VpcOffering createVpcOffering(final String name, final String displayText, final List supportedServices, - final Map> serviceProviders, - final Map serviceCapabilitystList, - final Long serviceOfferingId) { + public VpcOffering createVpcOffering(final String name, final String displayText, final List supportedServices, final Map> serviceProviders, + final Map serviceCapabilitystList, final Long serviceOfferingId) { final Map> svcProviderMap = new HashMap>(); final Set defaultProviders = new HashSet(); @@ -423,8 +420,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } svcProviderMap.put(service, providers); } else { - throw new InvalidParameterValueException("Service " + serviceEntry.getKey() + " is not enabled for the network " + - "offering, can't add a provider to it"); + throw new InvalidParameterValueException("Service " + serviceEntry.getKey() + " is not enabled for the network " + "offering, can't add a provider to it"); } } } @@ -434,26 +430,23 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis final boolean supportsDistributedRouter = isVpcOfferingSupportsDistributedRouter(serviceCapabilitystList); final boolean offersRegionLevelVPC = isVpcOfferingForRegionLevelVpc(serviceCapabilitystList); final boolean redundantRouter = isVpcOfferingRedundantRouter(serviceCapabilitystList); - final VpcOffering offering = createVpcOffering(name, displayText, svcProviderMap, false, null, - serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC, redundantRouter); + final VpcOffering offering = createVpcOffering(name, displayText, svcProviderMap, false, null, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC, + redundantRouter); CallContext.current().setEventDetails(" Id: " + offering.getId() + " Name: " + name); return offering; } @DB - protected VpcOffering createVpcOffering(final String name, final String displayText, - final Map> svcProviderMap, - final boolean isDefault, final State state, final Long serviceOfferingId, - final boolean supportsDistributedRouter, final boolean offersRegionLevelVPC, + protected VpcOffering createVpcOffering(final String name, final String displayText, final Map> svcProviderMap, + final boolean isDefault, final State state, final Long serviceOfferingId, final boolean supportsDistributedRouter, final boolean offersRegionLevelVPC, final boolean redundantRouter) { return Transaction.execute(new TransactionCallback() { @Override public VpcOffering doInTransaction(final TransactionStatus status) { // create vpc offering object - VpcOfferingVO offering = new VpcOfferingVO(name, displayText, isDefault, serviceOfferingId, - supportsDistributedRouter, offersRegionLevelVPC, redundantRouter); + VpcOfferingVO offering = new VpcOfferingVO(name, displayText, isDefault, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC, redundantRouter); if (state != null) { offering.setState(state); @@ -481,20 +474,16 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis }); } - protected void checkCapabilityPerServiceProvider(final Set providers, final Capability capability, - final Service service) { + protected void checkCapabilityPerServiceProvider(final Set providers, final Capability capability, final Service service) { // TODO Shouldn't it fail it there are no providers? if (providers != null) { - for (final Provider provider: providers) { + for (final Provider provider : providers) { final NetworkElement element = _ntwkModel.getElementImplementingProvider(provider.getName()); final Map> capabilities = element.getCapabilities(); if (capabilities != null && !capabilities.isEmpty()) { - final Map connectivityCapabilities = capabilities.get(service); - if (connectivityCapabilities == null || connectivityCapabilities != null && - !connectivityCapabilities.keySet().contains(capability)) { - throw new InvalidParameterValueException(String.format( - "Provider %s does not support %s capability.", - provider.getName(), capability.getName())); + final Map connectivityCapabilities = capabilities.get(service); + if (connectivityCapabilities == null || connectivityCapabilities != null && !connectivityCapabilities.keySet().contains(capability)) { + throw new InvalidParameterValueException(String.format("Provider %s does not support %s capability.", provider.getName(), capability.getName())); } } } @@ -507,7 +496,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis final Iterator iter = serviceCapabilityCollection.iterator(); while (iter.hasNext()) { - final HashMap svcCapabilityMap = (HashMap)iter.next(); + final HashMap svcCapabilityMap = (HashMap) iter.next(); Capability capability = null; final String svc = svcCapabilityMap.get(SERVICE); final String capabilityName = svcCapabilityMap.get(CAPABILITYTYPE); @@ -535,22 +524,21 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis if (serviceCapabilitystList != null && !serviceCapabilitystList.isEmpty()) { final Iterator iter = serviceCapabilitystList.values().iterator(); while (iter.hasNext()) { - final HashMap currentCapabilityMap = (HashMap)iter.next(); + final HashMap currentCapabilityMap = (HashMap) iter.next(); final String currentCapabilityService = currentCapabilityMap.get(SERVICE); final String currentCapabilityName = currentCapabilityMap.get(CAPABILITYTYPE); final String currentCapabilityValue = currentCapabilityMap.get(CAPABILITYVALUE); if (currentCapabilityName == null || currentCapabilityService == null || currentCapabilityValue == null) { - throw new InvalidParameterValueException(String.format("Invalid capability with name %s, value %s and service %s", - currentCapabilityName, currentCapabilityValue, currentCapabilityService)); + throw new InvalidParameterValueException(String.format("Invalid capability with name %s, value %s and service %s", currentCapabilityName, + currentCapabilityValue, currentCapabilityService)); } if (currentCapabilityName.equalsIgnoreCase(capability.getName())) { foundCapability = currentCapabilityValue.equalsIgnoreCase(TRUE_VALUE); if (!currentCapabilityService.equalsIgnoreCase(service.getName())) { - throw new InvalidParameterValueException(String.format( - "Invalid Service: %s specified. Capability %s can be specified only for service %s", + throw new InvalidParameterValueException(String.format("Invalid Service: %s specified. Capability %s can be specified only for service %s", currentCapabilityService, service.getName(), currentCapabilityName)); } @@ -562,18 +550,15 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } private boolean isVpcOfferingForRegionLevelVpc(final Map serviceCapabilitystList) { - return findCapabilityForService(serviceCapabilitystList, Capability.RegionLevelVpc, - Service.Connectivity); + return findCapabilityForService(serviceCapabilitystList, Capability.RegionLevelVpc, Service.Connectivity); } private boolean isVpcOfferingSupportsDistributedRouter(final Map serviceCapabilitystList) { - return findCapabilityForService(serviceCapabilitystList, Capability.DistributedRouter, - Service.Connectivity); + return findCapabilityForService(serviceCapabilitystList, Capability.DistributedRouter, Service.Connectivity); } private boolean isVpcOfferingRedundantRouter(final Map serviceCapabilitystList) { - return findCapabilityForService(serviceCapabilitystList, Capability.RedundantRouter, - Service.SourceNat); + return findCapabilityForService(serviceCapabilitystList, Capability.RedundantRouter, Service.SourceNat); } @Override @@ -601,8 +586,8 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } @Override - public Pair,Integer> listVpcOfferings(final Long id, final String name, final String displayText, final List supportedServicesStr, final Boolean isDefault, final String keyword, - final String state, final Long startIndex, final Long pageSizeVal) { + public Pair, Integer> listVpcOfferings(final Long id, final String name, final String displayText, final List supportedServicesStr, + final Boolean isDefault, final String keyword, final String state, final Long startIndex, final Long pageSizeVal) { final Filter searchFilter = new Filter(VpcOfferingVO.class, "created", false, null, null); final SearchCriteria sc = _vpcOffDao.createSearchCriteria(); @@ -699,11 +684,12 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis throw new InvalidParameterValueException("Default network offering can't be deleted"); } - // don't allow to delete vpc offering if it's in use by existing vpcs (the offering can be disabled though) + // don't allow to delete vpc offering if it's in use by existing vpcs + // (the offering can be disabled though) final int vpcCount = _vpcDao.getVpcCountByOfferingId(offId); if (vpcCount > 0) { - throw new InvalidParameterValueException("Can't delete vpc offering " + offId + " as its used by " + vpcCount + " vpcs. " + - "To make the network offering unavaiable, disable it"); + throw new InvalidParameterValueException("Can't delete vpc offering " + offId + " as its used by " + vpcCount + " vpcs. " + + "To make the network offering unavaiable, disable it"); } if (_vpcOffDao.remove(offId)) { @@ -757,15 +743,15 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @Override @ActionEvent(eventType = EventTypes.EVENT_VPC_CREATE, eventDescription = "creating vpc", create = true) - public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwnerId, final String vpcName, final String displayText, final String cidr, String networkDomain, final Boolean displayVpc) - throws ResourceAllocationException { + public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwnerId, final String vpcName, final String displayText, final String cidr, String networkDomain, + final Boolean displayVpc) throws ResourceAllocationException { final Account caller = CallContext.current().getCallingAccount(); final Account owner = _accountMgr.getAccount(vpcOwnerId); - //Verify that caller can perform actions in behalf of vpc owner + // Verify that caller can perform actions in behalf of vpc owner _accountMgr.checkAccess(caller, null, false, owner); - //check resource limit + // check resource limit _resourceLimitMgr.checkResourceLimit(owner, ResourceType.vpc); // Validate vpc offering @@ -785,7 +771,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis throw new InvalidParameterValueException("Network domain must be specified for region level VPC"); } - //Validate zone + // Validate zone final DataCenter zone = _entityMgr.findById(DataCenter.class, zoneId); if (zone == null) { throw new InvalidParameterValueException("Can't find zone by id specified"); @@ -802,15 +788,16 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis // 1) Get networkDomain from the corresponding account networkDomain = _ntwkModel.getAccountNetworkDomain(owner.getId(), zoneId); - // 2) If null, generate networkDomain using domain suffix from the global config variables + // 2) If null, generate networkDomain using domain suffix from the + // global config variables if (networkDomain == null) { networkDomain = "cs" + Long.toHexString(owner.getId()) + NetworkOrchestrationService.GuestDomainSuffix.valueIn(zoneId); } } final boolean useDistributedRouter = vpcOff.supportsDistributedRouter(); - final VpcVO vpc = new VpcVO(zoneId, vpcName, displayText, owner.getId(), owner.getDomainId(), vpcOffId, - cidr, networkDomain, useDistributedRouter, isRegionLevelVpcOff, vpcOff.getRedundantRouter()); + final VpcVO vpc = new VpcVO(zoneId, vpcName, displayText, owner.getId(), owner.getDomainId(), vpcOffId, cidr, networkDomain, useDistributedRouter, isRegionLevelVpcOff, + vpcOff.getRedundantRouter()); return createVpc(displayVpc, vpc); } @@ -818,12 +805,12 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @DB protected Vpc createVpc(final Boolean displayVpc, final VpcVO vpc) { final String cidr = vpc.getCidr(); - //Validate CIDR + // Validate CIDR if (!NetUtils.isValidCIDR(cidr)) { throw new InvalidParameterValueException("Invalid CIDR specified " + cidr); } - //cidr has to be RFC 1918 complient + // cidr has to be RFC 1918 complient if (!NetUtils.validateGuestCidr(cidr)) { throw new InvalidParameterValueException("Guest Cidr " + cidr + " is not RFC1918 compliant"); } @@ -893,7 +880,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis throw new InvalidParameterValueException("unable to find VPC id=" + vpcId); } - //verify permissions + // verify permissions _accountMgr.checkAccess(ctx.getCallingAccount(), null, false, vpc); return destroyVpc(vpc, ctx.getCallingAccount(), ctx.getCallingUserId()); @@ -904,14 +891,16 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis public boolean destroyVpc(final Vpc vpc, final Account caller, final Long callerUserId) throws ConcurrentOperationException, ResourceUnavailableException { s_logger.debug("Destroying vpc " + vpc); - //don't allow to delete vpc if it's in use by existing non system networks (system networks are networks of a private gateway of the VPC, - //and they will get removed as a part of VPC cleanup + // don't allow to delete vpc if it's in use by existing non system + // networks (system networks are networks of a private gateway of the + // VPC, + // and they will get removed as a part of VPC cleanup final int networksCount = _ntwkDao.getNonSystemNetworkCountByVpcId(vpc.getId()); if (networksCount > 0) { throw new InvalidParameterValueException("Can't delete VPC " + vpc + " as its used by " + networksCount + " networks"); } - //mark VPC as inactive + // mark VPC as inactive if (vpc.getState() != Vpc.State.Inactive) { s_logger.debug("Updating VPC " + vpc + " with state " + Vpc.State.Inactive + " as a part of vpc delete"); final VpcVO vpcVO = _vpcDao.findById(vpc.getId()); @@ -922,25 +911,26 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis public void doInTransactionWithoutResult(final TransactionStatus status) { _vpcDao.update(vpc.getId(), vpcVO); - //decrement resource count + // decrement resource count _resourceLimitMgr.decrementResourceCount(vpc.getAccountId(), ResourceType.vpc); } }); } - //shutdown VPC + // shutdown VPC if (!shutdownVpc(vpc.getId())) { s_logger.warn("Failed to shutdown vpc " + vpc + " as a part of vpc destroy process"); return false; } - //cleanup vpc resources + // cleanup vpc resources if (!cleanupVpcResources(vpc.getId(), caller, callerUserId)) { s_logger.warn("Failed to cleanup resources for vpc " + vpc); return false; } - //update the instance with removed flag only when the cleanup is executed successfully + // update the instance with removed flag only when the cleanup is + // executed successfully if (_vpcDao.remove(vpc.getId())) { s_logger.debug("Vpc " + vpc + " is destroyed succesfully"); return true; @@ -991,15 +981,15 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } @Override - public Pair, Integer> listVpcs(final Long id, final String vpcName, final String displayText, final List supportedServicesStr, final String cidr, final Long vpcOffId, final String state, - final String accountName, Long domainId, final String keyword, final Long startIndex, final Long pageSizeVal, final Long zoneId, Boolean isRecursive, final Boolean listAll, final Boolean restartRequired, - final Map tags, final Long projectId, final Boolean display) { + public Pair, Integer> listVpcs(final Long id, final String vpcName, final String displayText, final List supportedServicesStr, final String cidr, + final Long vpcOffId, final String state, final String accountName, Long domainId, final String keyword, final Long startIndex, final Long pageSizeVal, + final Long zoneId, Boolean isRecursive, final Boolean listAll, final Boolean restartRequired, final Map tags, final Long projectId, + final Boolean display) { final Account caller = CallContext.current().getCallingAccount(); final List permittedAccounts = new ArrayList(); - final Ternary domainIdRecursiveListProject = new Ternary(domainId, isRecursive, null); - _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, - listAll, false); + final Ternary domainIdRecursiveListProject = new Ternary(domainId, isRecursive, + null); + _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, listAll, false); domainId = domainIdRecursiveListProject.first(); isRecursive = domainIdRecursiveListProject.second(); final ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); @@ -1052,7 +1042,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis if (tags != null && !tags.isEmpty()) { int count = 0; sc.setJoinParameters("tagSearch", "resourceType", ResourceObjectType.Vpc.toString()); - for (final Map.Entryentry : tags.entrySet()) { + for (final Map.Entry entry : tags.entrySet()) { sc.setJoinParameters("tagSearch", "key" + String.valueOf(count), entry.getKey()); sc.setJoinParameters("tagSearch", "value" + String.valueOf(count), entry.getValue()); count++; @@ -1153,7 +1143,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis final Account caller = ctx.getCallingAccount(); final User callerUser = _accountMgr.getActiveUser(ctx.getCallingUserId()); - //check if vpc exists + // check if vpc exists final Vpc vpc = getActiveVpc(vpcId); if (vpc == null) { final InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find Enabled VPC by id specified"); @@ -1161,7 +1151,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis throw ex; } - //permission check + // permission check _accountMgr.checkAccess(caller, null, false, vpc); final DataCenter dc = _entityMgr.findById(DataCenter.class, vpc.getZoneId()); @@ -1179,7 +1169,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis s_logger.warn("Failed to start vpc " + vpc + " due to ", ex); result = false; } finally { - //do cleanup + // do cleanup if (!result && destroyOnFailure) { s_logger.debug("Destroying vpc " + vpc + " that failed to start"); if (destroyVpc(vpc, caller, callerUser.getId())) { @@ -1194,7 +1184,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis protected boolean startVpc(final Vpc vpc, final DeployDestination dest, final ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException { - //deploy provider + // deploy provider boolean success = true; final List providersToImplement = getVpcProviders(vpc.getId()); for (final VpcProvider element : getVpcElements()) { @@ -1215,18 +1205,18 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis final CallContext ctx = CallContext.current(); final Account caller = ctx.getCallingAccount(); - //check if vpc exists + // check if vpc exists final Vpc vpc = _vpcDao.findById(vpcId); if (vpc == null) { throw new InvalidParameterValueException("Unable to find vpc by id " + vpcId); } - //permission check + // permission check _accountMgr.checkAccess(caller, null, false, vpc); - //shutdown provider + // shutdown provider s_logger.debug("Shutting down vpc " + vpc); - //TODO - shutdown all vpc resources here (ACLs, gateways, etc) + // TODO - shutdown all vpc resources here (ACLs, gateways, etc) boolean success = true; final List providersToImplement = getVpcProviders(vpc.getId()); @@ -1247,8 +1237,8 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @DB @Override - public void validateNtwkOffForNtwkInVpc(final Long networkId, final long newNtwkOffId, final String newCidr, final String newNetworkDomain, final Vpc vpc, final String gateway, final Account networkOwner, - final Long aclId) { + public void validateNtwkOffForNtwkInVpc(final Long networkId, final long newNtwkOffId, final String newCidr, final String newNetworkDomain, final Vpc vpc, + final String gateway, final Account networkOwner, final Long aclId) { final NetworkOffering guestNtwkOff = _entityMgr.findById(NetworkOffering.class, newNtwkOffId); @@ -1257,15 +1247,16 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } if (networkId == null) { - //1) Validate attributes that has to be passed in when create new guest network + // 1) Validate attributes that has to be passed in when create new + // guest network validateNewVpcGuestNetwork(newCidr, gateway, networkOwner, vpc, newNetworkDomain); } - //2) validate network offering attributes + // 2) validate network offering attributes final List svcs = _ntwkModel.listNetworkOfferingServices(guestNtwkOff.getId()); validateNtwkOffForVpc(guestNtwkOff, svcs); - //3) Check services/providers against VPC providers + // 3) Check services/providers against VPC providers final List networkProviders = _ntwkOffServiceDao.listByNetworkOfferingId(guestNtwkOff.getId()); for (final NetworkOfferingServiceMapVO nSvcVO : networkProviders) { @@ -1276,25 +1267,27 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } } - //4) Only one network in the VPC can support public LB inside the VPC. Internal LB can be supported on multiple VPC tiers + // 4) Only one network in the VPC can support public LB inside the VPC. + // Internal LB can be supported on multiple VPC tiers if (_ntwkModel.areServicesSupportedByNetworkOffering(guestNtwkOff.getId(), Service.Lb) && guestNtwkOff.getPublicLb()) { final List networks = getVpcNetworks(vpc.getId()); for (final Network network : networks) { if (networkId != null && network.getId() == networkId.longValue()) { - //skip my own network + // skip my own network continue; } else { final NetworkOffering otherOff = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId()); - //throw only if networks have different offerings with public lb support - if (_ntwkModel.areServicesSupportedInNetwork(network.getId(), Service.Lb) && otherOff.getPublicLb() && - guestNtwkOff.getId() != otherOff.getId()) { + // throw only if networks have different offerings with + // public lb support + if (_ntwkModel.areServicesSupportedInNetwork(network.getId(), Service.Lb) && otherOff.getPublicLb() && guestNtwkOff.getId() != otherOff.getId()) { throw new InvalidParameterValueException("Public LB service is already supported " + "by network " + network + " in VPC " + vpc); } } } } - //5) When aclId is provided, verify that ACLProvider is supported by network offering + // 5) When aclId is provided, verify that ACLProvider is supported by + // network offering if (aclId != null && !_ntwkModel.areServicesSupportedByNetworkOffering(guestNtwkOff.getId(), Service.NetworkACL)) { throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering does not support NetworkACL service"); } @@ -1303,7 +1296,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @Override public void validateNtwkOffForVpc(final NetworkOffering guestNtwkOff, final List supportedSvcs) { - //1) in current release, only vpc provider is supported by Vpc offering + // 1) in current release, only vpc provider is supported by Vpc offering final List providers = _ntwkModel.getNtwkOffDistinctProviders(guestNtwkOff.getId()); for (final Provider provider : providers) { if (!supportedProviders.contains(provider)) { @@ -1311,26 +1304,28 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } } - //2) Only Isolated networks with Source nat service enabled can be added to vpc + // 2) Only Isolated networks with Source nat service enabled can be + // added to vpc if (!(guestNtwkOff.getGuestType() == GuestType.Isolated && supportedSvcs.contains(Service.SourceNat))) { - throw new InvalidParameterValueException("Only network offerings of type " + GuestType.Isolated + " with service " + Service.SourceNat.getName() + - " are valid for vpc "); + throw new InvalidParameterValueException("Only network offerings of type " + GuestType.Isolated + " with service " + Service.SourceNat.getName() + + " are valid for vpc "); } - //3) No redundant router support - /* TODO This should have never been hardcoded like this in the first place - if (guestNtwkOff.getRedundantRouter()) { - throw new InvalidParameterValueException("No redunant router support when network belnogs to VPC"); - } + // 3) No redundant router support + /* + * TODO This should have never been hardcoded like this in the first + * place if (guestNtwkOff.getRedundantRouter()) { throw new + * InvalidParameterValueException + * ("No redunant router support when network belnogs to VPC"); } */ - //4) Conserve mode should be off + // 4) Conserve mode should be off if (guestNtwkOff.isConserveMode()) { throw new InvalidParameterValueException("Only networks with conserve mode Off can belong to VPC"); } - //5) If Netscaler is LB provider make sure it is in dedicated mode + // 5) If Netscaler is LB provider make sure it is in dedicated mode if (providers.contains(Provider.Netscaler) && !guestNtwkOff.getDedicatedLB()) { throw new InvalidParameterValueException("Netscaler only with Dedicated LB can belong to VPC"); } @@ -1349,23 +1344,23 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } try { - //check number of active networks in vpc + // check number of active networks in vpc if (_ntwkDao.countVpcNetworks(vpc.getId()) >= _maxNetworks) { - throw new CloudRuntimeException("Number of networks per VPC can't extend " + _maxNetworks + "; increase it using global config " + - Config.VpcMaxNetworks); + throw new CloudRuntimeException("Number of networks per VPC can't extend " + _maxNetworks + "; increase it using global config " + Config.VpcMaxNetworks); } - //1) CIDR is required + // 1) CIDR is required if (cidr == null) { throw new InvalidParameterValueException("Gateway/netmask are required when create network for VPC"); } - //2) Network cidr should be within vpcCidr + // 2) Network cidr should be within vpcCidr if (!NetUtils.isNetworkAWithinNetworkB(cidr, vpc.getCidr())) { throw new InvalidParameterValueException("Network cidr " + cidr + " is not within vpc " + vpc + " cidr"); } - //3) Network cidr shouldn't cross the cidr of other vpc network cidrs + // 3) Network cidr shouldn't cross the cidr of other vpc + // network cidrs final List ntwks = _ntwkDao.listByVpc(vpc.getId()); for (final Network ntwk : ntwks) { assert cidr != null : "Why the network cidr is null when it belongs to vpc?"; @@ -1375,17 +1370,17 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } } - //4) vpc and network should belong to the same owner + // 4) vpc and network should belong to the same owner if (vpc.getAccountId() != networkOwner.getId()) { throw new InvalidParameterValueException("Vpc " + vpc + " owner is different from the network owner " + networkOwner); } - //5) network domain should be the same as VPC's + // 5) network domain should be the same as VPC's if (!networkDomain.equalsIgnoreCase(vpc.getNetworkDomain())) { throw new InvalidParameterValueException("Network domain of the new network should match network" + " domain of vpc " + vpc); } - //6) gateway should never be equal to the cidr subnet + // 6) gateway should never be equal to the cidr subnet if (NetUtils.getCidrSubNet(cidr).equalsIgnoreCase(gateway)) { throw new InvalidParameterValueException("Invalid gateway specified. It should never be equal to the cidr subnet value"); } @@ -1400,8 +1395,8 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis public List getVpcElements() { if (vpcElements == null) { vpcElements = new ArrayList(); - vpcElements.add((VpcProvider)_ntwkModel.getElementImplementingProvider(Provider.VPCVirtualRouter.getName())); - vpcElements.add((VpcProvider)_ntwkModel.getElementImplementingProvider(Provider.JuniperContrailVpcRouter.getName())); + vpcElements.add((VpcProvider) _ntwkModel.getElementImplementingProvider(Provider.VPCVirtualRouter.getName())); + vpcElements.add((VpcProvider) _ntwkModel.getElementImplementingProvider(Provider.JuniperContrailVpcRouter.getName())); } if (vpcElements == null) { @@ -1422,18 +1417,19 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis s_logger.debug("Cleaning up resources for vpc id=" + vpcId); boolean success = true; - //1) Remove VPN connections and VPN gateway + // 1) Remove VPN connections and VPN gateway s_logger.debug("Cleaning up existed site to site VPN connections"); _s2sVpnMgr.cleanupVpnConnectionByVpc(vpcId); s_logger.debug("Cleaning up existed site to site VPN gateways"); _s2sVpnMgr.cleanupVpnGatewayByVpc(vpcId); - //2) release all ip addresses + // 2) release all ip addresses final List ipsToRelease = _ipAddressDao.listByAssociatedVpc(vpcId, null); s_logger.debug("Releasing ips for vpc id=" + vpcId + " as a part of vpc cleanup"); for (final IPAddressVO ipToRelease : ipsToRelease) { if (ipToRelease.isPortable()) { - // portable IP address are associated with owner, until explicitly requested to be disassociated. + // portable IP address are associated with owner, until + // explicitly requested to be disassociated. // so as part of VPC clean up just break IP association with VPC ipToRelease.setVpcId(null); ipToRelease.setAssociatedWithNetworkId(null); @@ -1451,16 +1447,17 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis s_logger.debug("Released ip addresses for vpc id=" + vpcId + " as a part of cleanup vpc process"); } else { s_logger.warn("Failed to release ip addresses for vpc id=" + vpcId + " as a part of cleanup vpc process"); - //although it failed, proceed to the next cleanup step as it doesn't depend on the public ip release + // although it failed, proceed to the next cleanup step as it + // doesn't depend on the public ip release } - //3) Delete all static route rules + // 3) Delete all static route rules if (!revokeStaticRoutesForVpc(vpcId, caller)) { s_logger.warn("Failed to revoke static routes for vpc " + vpcId + " as a part of cleanup vpc process"); return false; } - //4) Delete private gateways + // 4) Delete private gateways final List gateways = getVpcPrivateGateways(vpcId); if (gateways != null) { for (final PrivateGateway gateway : gateways) { @@ -1476,13 +1473,29 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } } + //5) Delete ACLs + final SearchBuilder searchBuilder = _networkAclDao.createSearchBuilder(); + + searchBuilder.and("vpcId", searchBuilder.entity().getVpcId(), Op.IN); + final SearchCriteria searchCriteria = searchBuilder.create(); + searchCriteria.setParameters("vpcId", vpcId, 0); + + final Filter filter = new Filter(NetworkACLVO.class, "id", false, null, null); + final Pair, Integer> aclsCountPair = _networkAclDao.searchAndCount(searchCriteria, filter); + + final List acls = aclsCountPair.first(); + for (final NetworkACLVO networkAcl : acls) { + if (networkAcl.getId() != NetworkACL.DEFAULT_ALLOW && networkAcl.getId() != NetworkACL.DEFAULT_DENY) { + _networkAclMgr.deleteNetworkACL(networkAcl); + } + } return success; } @Override @ActionEvent(eventType = EventTypes.EVENT_VPC_RESTART, eventDescription = "restarting vpc") - public boolean restartVpc(final long vpcId, final boolean cleanUp, final boolean makeRedundant) throws ConcurrentOperationException, - ResourceUnavailableException, InsufficientCapacityException { + public boolean restartVpc(final long vpcId, final boolean cleanUp, final boolean makeRedundant) throws ConcurrentOperationException, ResourceUnavailableException, + InsufficientCapacityException { final Account caller = CallContext.current().getCallingAccount(); @@ -1508,10 +1521,12 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis entity.setRedundant(makeRedundant); entity.setVpcOfferingId(redundantOffering.getId()); - // Change the VPC in order to get it updated after the end of the restart procedure. + // Change the VPC in order to get it updated after the end of + // the restart procedure. _vpcDao.update(vpc.getId(), entity); - //If the offering and redundant column are changing, force the clean up. + // If the offering and redundant column are changing, force the + // clean up. forceCleanup = true; } @@ -1579,7 +1594,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis final String netmask, final long gatewayOwnerId, final Long networkOfferingId, final Boolean isSourceNat, final Long aclId) throws ResourceAllocationException, ConcurrentOperationException, InsufficientCapacityException { - //Validate parameters + // Validate parameters final Vpc vpc = getActiveVpc(vpcId); if (vpc == null) { final InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find Enabled VPC by id specified"); @@ -1588,7 +1603,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } PhysicalNetwork physNet = null; - //Validate physical network + // Validate physical network if (physicalNetworkId == null) { final List pNtwks = _ntwkModel.getPhysicalNtwksSupportingTrafficType(vpc.getZoneId(), TrafficType.Guest); if (pNtwks.isEmpty() || pNtwks.size() != 1) { @@ -1612,28 +1627,30 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis public VpcGatewayVO doInTransaction(final TransactionStatus status) throws ResourceAllocationException, ConcurrentOperationException, InsufficientCapacityException { s_logger.debug("Creating Private gateway for VPC " + vpc); - //1) create private network unless it is existing and lswitch'd + // 1) create private network unless it is existing and + // lswitch'd Network privateNtwk = null; if (BroadcastDomainType.getSchemeValue(BroadcastDomainType.fromString(broadcastUri)) == BroadcastDomainType.Lswitch) { final String cidr = NetUtils.ipAndNetMaskToCidr(gateway, netmask); privateNtwk = _ntwkDao.getPrivateNetwork(broadcastUri, cidr, gatewayOwnerId, dcId, networkOfferingId); - // if the dcid is different we get no network so next we try to create it + // if the dcid is different we get no network so next we + // try to create it } if (privateNtwk == null) { s_logger.info("creating new network for vpc " + vpc + " using broadcast uri: " + broadcastUri); final String networkName = "vpc-" + vpc.getName() + "-privateNetwork"; - privateNtwk = - _ntwkSvc.createPrivateNetwork(networkName, networkName, physicalNetworkIdFinal, broadcastUri, ipAddress, null, gateway, netmask, - gatewayOwnerId, vpcId, isSourceNat, networkOfferingId); - } else { // create the nic/ip as createPrivateNetwork doesn''t do that work for us now + privateNtwk = _ntwkSvc.createPrivateNetwork(networkName, networkName, physicalNetworkIdFinal, broadcastUri, ipAddress, null, gateway, netmask, + gatewayOwnerId, vpcId, isSourceNat, networkOfferingId); + } else { // create the nic/ip as createPrivateNetwork + // doesn''t do that work for us now s_logger.info("found and using existing network for vpc " + vpc + ": " + broadcastUri); final DataCenterVO dc = _dcDao.lockRow(physNetFinal.getDataCenterId(), true); - //add entry to private_ip_address table + // add entry to private_ip_address table PrivateIpVO privateIp = _privateIpDao.findByIpAndSourceNetworkId(privateNtwk.getId(), ipAddress); if (privateIp != null) { - throw new InvalidParameterValueException("Private ip address " + ipAddress + " already used for private gateway" + " in zone " + - _entityMgr.findById(DataCenter.class, dcId).getName()); + throw new InvalidParameterValueException("Private ip address " + ipAddress + " already used for private gateway" + " in zone " + + _entityMgr.findById(DataCenter.class, dcId).getName()); } final Long mac = dc.getMacAddress(); @@ -1660,22 +1677,23 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis networkAclId = aclId; } - { // experimental block, this is a hack + { // experimental block, this is a hack // set vpc id in network to null // might be needed for all types of broadcast domains - // the ugly hack is that vpc gateway nets are created as guest network + // the ugly hack is that vpc gateway nets are created as + // guest network // while they are not. - // A more permanent solution would be to define a type of 'gatewaynetwork' + // A more permanent solution would be to define a type of + // 'gatewaynetwork' // so that handling code is not mixed between the two final NetworkVO gatewaynet = _ntwkDao.findById(privateNtwk.getId()); gatewaynet.setVpcId(null); _ntwkDao.persist(gatewaynet); } - //2) create gateway entry - final VpcGatewayVO gatewayVO = - new VpcGatewayVO(ipAddress, VpcGateway.Type.Private, vpcId, privateNtwk.getDataCenterId(), privateNtwk.getId(), broadcastUri, gateway, netmask, - vpc.getAccountId(), vpc.getDomainId(), isSourceNat, networkAclId); + // 2) create gateway entry + final VpcGatewayVO gatewayVO = new VpcGatewayVO(ipAddress, VpcGateway.Type.Private, vpcId, privateNtwk.getDataCenterId(), privateNtwk.getId(), broadcastUri, + gateway, netmask, vpc.getAccountId(), vpc.getDomainId(), isSourceNat, networkAclId); _vpcGatewayDao.persist(gatewayVO); s_logger.debug("Created vpc gateway entry " + gatewayVO); @@ -1725,11 +1743,12 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis return null; } } finally { - //do cleanup + // do cleanup if (!success) { if (destroyOnFailure) { s_logger.debug("Destroying private gateway " + vo + " that failed to start"); - // calling deleting from db because on createprivategateway fail, destroyPrivateGateway is already called + // calling deleting from db because on createprivategateway + // fail, destroyPrivateGateway is already called if (deletePrivateGatewayFromTheDB(getVpcPrivateGateway(gatewayId))) { s_logger.warn("Successfully destroyed vpc " + vo + " that failed to start"); } else { @@ -1754,11 +1773,12 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis Transaction.execute(new TransactionCallbackNoReturn() { @Override public void doInTransactionWithoutResult(final TransactionStatus status) { - //don't allow to remove gateway when there are static routes associated with it + // don't allow to remove gateway when there are static + // routes associated with it final long routeCount = _staticRouteDao.countRoutesByGateway(gatewayVO.getId()); if (routeCount > 0) { - throw new CloudRuntimeException("Can't delete private gateway " + gatewayVO + " as it has " + routeCount + - " static routes applied. Remove the routes first"); + throw new CloudRuntimeException("Can't delete private gateway " + gatewayVO + " as it has " + routeCount + + " static routes applied. Remove the routes first"); } gatewayVO.setState(VpcGateway.State.Deleting); @@ -1767,7 +1787,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } }); - //1) delete the gateway on the backend + // 1) delete the gateway on the backend final List providersToImplement = getVpcProviders(gatewayVO.getVpcId()); final PrivateGateway gateway = getVpcPrivateGateway(gatewayId); for (final VpcProvider provider : getVpcElements()) { @@ -1785,7 +1805,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } } - //2) Delete private gateway from the DB + // 2) Delete private gateway from the DB return deletePrivateGatewayFromTheDB(gateway); } finally { @@ -1797,7 +1817,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @DB protected boolean deletePrivateGatewayFromTheDB(final PrivateGateway gateway) { - //check if there are ips allocted in the network + // check if there are ips allocted in the network final long networkId = gateway.getNetworkId(); vpcTxCallable.setGateway(gateway); @@ -1840,10 +1860,9 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis final Long projectId = cmd.getProjectId(); final Filter searchFilter = new Filter(VpcGatewayVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal()); - final Ternary domainIdRecursiveListProject = new Ternary(domainId, isRecursive, null); - _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, - listAll, false); + final Ternary domainIdRecursiveListProject = new Ternary(domainId, isRecursive, + null); + _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, listAll, false); domainId = domainIdRecursiveListProject.first(); isRecursive = domainIdRecursiveListProject.second(); final ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); @@ -1978,11 +1997,11 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @DB protected boolean revokeStaticRoutesForVpc(final long vpcId, final Account caller) throws ResourceUnavailableException { - //get all static routes for the vpc + // get all static routes for the vpc final List routes = _staticRouteDao.listByVpcId(vpcId); s_logger.debug("Found " + routes.size() + " to revoke for the vpc " + vpcId); if (!routes.isEmpty()) { - //mark all of them as revoke + // mark all of them as revoke Transaction.execute(new TransactionCallbackNoReturn() { @Override public void doInTransactionWithoutResult(final TransactionStatus status) { @@ -2003,7 +2022,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis public StaticRoute createStaticRoute(final long gatewayId, final String cidr) throws NetworkRuleConflictException { final Account caller = CallContext.current().getCallingAccount(); - //parameters validation + // parameters validation final VpcGateway gateway = _vpcGatewayDao.findById(gatewayId); if (gateway == null) { throw new InvalidParameterValueException("Invalid gateway id is given"); @@ -2023,18 +2042,18 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis throw new InvalidParameterValueException("Invalid format for cidr " + cidr); } - //validate the cidr - //1) CIDR should be outside of VPC cidr for guest networks + // validate the cidr + // 1) CIDR should be outside of VPC cidr for guest networks if (NetUtils.isNetworksOverlap(vpc.getCidr(), cidr)) { throw new InvalidParameterValueException("CIDR should be outside of VPC cidr " + vpc.getCidr()); } - //2) CIDR should be outside of link-local cidr + // 2) CIDR should be outside of link-local cidr if (NetUtils.isNetworksOverlap(vpc.getCidr(), NetUtils.getLinkLocalCIDR())) { throw new InvalidParameterValueException("CIDR should be outside of link local cidr " + NetUtils.getLinkLocalCIDR()); } - //3) Verify against blacklisted routes + // 3) Verify against blacklisted routes if (isCidrBlacklisted(cidr, vpc.getZoneId())) { throw new InvalidParameterValueException("The static gateway cidr overlaps with one of the blacklisted routes of the zone the VPC belongs to"); } @@ -2089,10 +2108,9 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis final Map tags = cmd.getTags(); final Long projectId = cmd.getProjectId(); - final Ternary domainIdRecursiveListProject = new Ternary(domainId, isRecursive, null); - _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, - listAll, false); + final Ternary domainIdRecursiveListProject = new Ternary(domainId, isRecursive, + null); + _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, listAll, false); domainId = domainIdRecursiveListProject.first(); isRecursive = domainIdRecursiveListProject.second(); final ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); @@ -2146,8 +2164,9 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis } protected void detectRoutesConflict(final StaticRoute newRoute) throws NetworkRuleConflictException { - //Multiple private gateways can exist within Vpc. Check for conflicts for all static routes in Vpc - //and not just the gateway + // Multiple private gateways can exist within Vpc. Check for conflicts + // for all static routes in Vpc + // and not just the gateway final List routes = _staticRouteDao.listByVpcIdAndNotRevoked(newRoute.getVpcId()); assert routes.size() >= 1 : "For static routes, we now always first persist the route and then check for " + "network conflicts so we should at least have one rule at this point."; @@ -2220,8 +2239,8 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @DB @Override @ActionEvent(eventType = EventTypes.EVENT_NET_IP_ASSIGN, eventDescription = "associating Ip", async = true) - public IpAddress associateIPToVpc(final long ipId, final long vpcId) throws ResourceAllocationException, ResourceUnavailableException, - InsufficientAddressCapacityException, ConcurrentOperationException { + public IpAddress associateIPToVpc(final long ipId, final long vpcId) throws ResourceAllocationException, ResourceUnavailableException, InsufficientAddressCapacityException, + ConcurrentOperationException { final Account caller = CallContext.current().getCallingAccount(); Account owner = null; @@ -2254,13 +2273,13 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @Override public void doInTransactionWithoutResult(final TransactionStatus status) { final IPAddressVO ip = _ipAddressDao.findById(ipId); - //update ip address with networkId + // update ip address with networkId ip.setVpcId(vpcId); ip.setSourceNat(isSourceNatFinal); _ipAddressDao.update(ipId, ip); - //mark ip as allocated + // mark ip as allocated _ipAddrMgr.markPublicIpAsAllocated(ip); } }); @@ -2283,10 +2302,10 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis s_logger.debug("Releasing VPC ip address " + ip + " from vpc network id=" + networkId); - final long vpcId = ip.getVpcId(); + final long vpcId = ip.getVpcId(); boolean success = false; try { - //unassign ip from the VPC router + // unassign ip from the VPC router success = _ipAddrMgr.applyIpAssociations(_ntwkModel.getNetwork(networkId), true); } catch (final ResourceUnavailableException ex) { throw new CloudRuntimeException("Failed to apply ip associations for network id=" + networkId + " as a part of unassigning ip " + ipId + " from vpc", ex); @@ -2309,9 +2328,10 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis @DB @Override - public Network createVpcGuestNetwork(final long ntwkOffId, final String name, final String displayText, final String gateway, final String cidr, final String vlanId, String networkDomain, - final Account owner, final Long domainId, final PhysicalNetwork pNtwk, final long zoneId, final ACLType aclType, final Boolean subdomainAccess, final long vpcId, final Long aclId, final Account caller, - final Boolean isDisplayNetworkEnabled) throws ConcurrentOperationException, InsufficientCapacityException, ResourceAllocationException { + public Network createVpcGuestNetwork(final long ntwkOffId, final String name, final String displayText, final String gateway, final String cidr, final String vlanId, + String networkDomain, final Account owner, final Long domainId, final PhysicalNetwork pNtwk, final long zoneId, final ACLType aclType, final Boolean subdomainAccess, + final long vpcId, final Long aclId, final Account caller, final Boolean isDisplayNetworkEnabled) throws ConcurrentOperationException, InsufficientCapacityException, + ResourceAllocationException { final Vpc vpc = getActiveVpc(vpcId); @@ -2330,17 +2350,16 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis throw new InvalidParameterValueException("New network doesn't belong to vpc zone"); } - //1) Validate if network can be created for VPC + // 1) Validate if network can be created for VPC validateNtwkOffForNtwkInVpc(null, ntwkOffId, cidr, networkDomain, vpc, gateway, owner, aclId); - //2) Create network - final Network guestNetwork = - _ntwkMgr.createGuestNetwork(ntwkOffId, name, displayText, gateway, cidr, vlanId, networkDomain, owner, domainId, pNtwk, zoneId, aclType, subdomainAccess, - vpcId, null, null, isDisplayNetworkEnabled, null); + // 2) Create network + final Network guestNetwork = _ntwkMgr.createGuestNetwork(ntwkOffId, name, displayText, gateway, cidr, vlanId, networkDomain, owner, domainId, pNtwk, zoneId, aclType, + subdomainAccess, vpcId, null, null, isDisplayNetworkEnabled, null); if (guestNetwork != null) { guestNetwork.setNetworkACLId(aclId); - _ntwkDao.update(guestNetwork.getId(), (NetworkVO)guestNetwork); + _ntwkDao.update(guestNetwork.getId(), (NetworkVO) guestNetwork); } return guestNetwork; } diff --git a/server/test/com/cloud/vpc/NetworkACLManagerTest.java b/server/test/com/cloud/vpc/NetworkACLManagerTest.java index cecdf3d2c78..9daf551e9ec 100644 --- a/server/test/com/cloud/vpc/NetworkACLManagerTest.java +++ b/server/test/com/cloud/vpc/NetworkACLManagerTest.java @@ -22,7 +22,6 @@ import java.util.UUID; import javax.inject.Inject; -import com.cloud.user.User; import junit.framework.TestCase; import org.apache.cloudstack.context.CallContext; @@ -53,6 +52,7 @@ import com.cloud.network.dao.NetworkDao; import com.cloud.network.dao.NetworkVO; import com.cloud.network.element.NetworkACLServiceProvider; import com.cloud.network.vpc.NetworkACLItem; +import com.cloud.network.vpc.NetworkACLItem.State; import com.cloud.network.vpc.NetworkACLItemDao; import com.cloud.network.vpc.NetworkACLItemVO; import com.cloud.network.vpc.NetworkACLManager; @@ -69,10 +69,10 @@ import com.cloud.tags.dao.ResourceTagDao; import com.cloud.user.Account; import com.cloud.user.AccountManager; import com.cloud.user.AccountVO; +import com.cloud.user.User; import com.cloud.user.UserVO; import com.cloud.utils.component.ComponentContext; import com.cloud.utils.db.EntityManager; -import com.cloud.utils.exception.CloudRuntimeException; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(loader = AnnotationConfigContextLoader.class) @@ -110,8 +110,8 @@ public class NetworkACLManagerTest extends TestCase { @Before public void setUp() { ComponentContext.initComponentsLifeCycle(); - Account account = new AccountVO("testaccount", 1, "testdomain", (short)0, UUID.randomUUID().toString()); - UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN); + final Account account = new AccountVO("testaccount", 1, "testdomain", (short)0, UUID.randomUUID().toString()); + final UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN); CallContext.register(user, account); acl = Mockito.mock(NetworkACLVO.class); @@ -133,10 +133,10 @@ public class NetworkACLManagerTest extends TestCase { @Test @SuppressWarnings("unchecked") public void testApplyACL() throws Exception { - NetworkVO network = Mockito.mock(NetworkVO.class); + final NetworkVO network = Mockito.mock(NetworkVO.class); Mockito.when(_networkDao.findById(Matchers.anyLong())).thenReturn(network); Mockito.when(_networkModel.isProviderSupportServiceInNetwork(Matchers.anyLong(), Matchers.any(Network.Service.class), Matchers.any(Network.Provider.class))) - .thenReturn(true); + .thenReturn(true); Mockito.when(_networkAclElements.get(0).applyNetworkACLs(Matchers.any(Network.class), Matchers.anyList())).thenReturn(true); assertTrue(_aclMgr.applyACLToNetwork(1L)); } @@ -149,21 +149,21 @@ public class NetworkACLManagerTest extends TestCase { } @SuppressWarnings("unchecked") - public void driveTestApplyNetworkACL(boolean result, boolean applyNetworkACLs, boolean applyACLToPrivateGw) throws Exception { + public void driveTestApplyNetworkACL(final boolean result, final boolean applyNetworkACLs, final boolean applyACLToPrivateGw) throws Exception { // In order to test ONLY our scope method, we mock the others - NetworkACLManager aclManager = Mockito.spy(_aclMgr); + final NetworkACLManager aclManager = Mockito.spy(_aclMgr); // Prepare // Reset mocked objects to reuse Mockito.reset(_networkACLItemDao); // Make sure it is handled - long aclId = 1L; - NetworkVO network = Mockito.mock(NetworkVO.class); - List networks = new ArrayList(); + final long aclId = 1L; + final NetworkVO network = Mockito.mock(NetworkVO.class); + final List networks = new ArrayList(); networks.add(network); Mockito.when(_networkDao.listByAclId(Matchers.anyLong())) - .thenReturn(networks); + .thenReturn(networks); Mockito.when(_networkDao.findById(Matchers.anyLong())).thenReturn(network); Mockito.when(_networkModel.isProviderSupportServiceInNetwork(Matchers.anyLong(), Matchers.any(Network.Service.class), Matchers.any(Network.Provider.class))) @@ -172,21 +172,21 @@ public class NetworkACLManagerTest extends TestCase { Matchers.anyList())).thenReturn(applyNetworkACLs); // Make sure it applies ACL to private gateway - List vpcGateways = new ArrayList(); - VpcGatewayVO vpcGateway = Mockito.mock(VpcGatewayVO.class); - PrivateGateway privateGateway = Mockito.mock(PrivateGateway.class); + final List vpcGateways = new ArrayList(); + final VpcGatewayVO vpcGateway = Mockito.mock(VpcGatewayVO.class); + final PrivateGateway privateGateway = Mockito.mock(PrivateGateway.class); Mockito.when(_vpcSvc.getVpcPrivateGateway(Mockito.anyLong())).thenReturn(privateGateway); vpcGateways.add(vpcGateway); Mockito.when(_vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private)) - .thenReturn(vpcGateways); + .thenReturn(vpcGateways); // Create 4 rules to test all 4 scenarios: only revoke should // be deleted, only add should update - List rules = new ArrayList(); - NetworkACLItemVO ruleActive = Mockito.mock(NetworkACLItemVO.class); - NetworkACLItemVO ruleStaged = Mockito.mock(NetworkACLItemVO.class); - NetworkACLItemVO rule2Revoke = Mockito.mock(NetworkACLItemVO.class); - NetworkACLItemVO rule2Add = Mockito.mock(NetworkACLItemVO.class); + final List rules = new ArrayList(); + final NetworkACLItemVO ruleActive = Mockito.mock(NetworkACLItemVO.class); + final NetworkACLItemVO ruleStaged = Mockito.mock(NetworkACLItemVO.class); + final NetworkACLItemVO rule2Revoke = Mockito.mock(NetworkACLItemVO.class); + final NetworkACLItemVO rule2Add = Mockito.mock(NetworkACLItemVO.class); Mockito.when(ruleActive.getState()).thenReturn(NetworkACLItem.State.Active); Mockito.when(ruleStaged.getState()).thenReturn(NetworkACLItem.State.Staged); Mockito.when(rule2Add.getState()).thenReturn(NetworkACLItem.State.Add); @@ -196,15 +196,15 @@ public class NetworkACLManagerTest extends TestCase { rules.add(rule2Add); rules.add(rule2Revoke); - long revokeId = 8; + final long revokeId = 8; Mockito.when(rule2Revoke.getId()).thenReturn(revokeId); - long addId = 9; + final long addId = 9; Mockito.when(rule2Add.getId()).thenReturn(addId); Mockito.when(_networkACLItemDao.findById(addId)).thenReturn(rule2Add); Mockito.when(_networkACLItemDao.listByACL(aclId)) - .thenReturn(rules); + .thenReturn(rules); // Mock methods to avoid Mockito.doReturn(applyACLToPrivateGw).when(aclManager).applyACLToPrivateGw(privateGateway); @@ -212,7 +212,7 @@ public class NetworkACLManagerTest extends TestCase { assertEquals("Result was not congruent with applyNetworkACLs and applyACLToPrivateGw", result, aclManager.applyNetworkACL(aclId)); // Assert if conditions met, network ACL was applied - int timesProcessingDone = (applyNetworkACLs && applyACLToPrivateGw) ? 1 : 0; + final int timesProcessingDone = applyNetworkACLs && applyACLToPrivateGw ? 1 : 0; Mockito.verify(_networkACLItemDao, Mockito.times(timesProcessingDone)).remove(revokeId); Mockito.verify(rule2Add, Mockito.times(timesProcessingDone)).setState(NetworkACLItem.State.Active); Mockito.verify(_networkACLItemDao, Mockito.times(timesProcessingDone)).update(addId, rule2Add); @@ -232,17 +232,27 @@ public class NetworkACLManagerTest extends TestCase { assertNotNull(_aclMgr.updateNetworkACLItem(1L, "UDP", null, NetworkACLItem.TrafficType.Ingress, "Deny", 10, 22, 32, null, null, null, true)); } - @Test(expected = CloudRuntimeException.class) + @Test public void deleteNonEmptyACL() throws Exception { - List aclItems = new ArrayList(); + final List aclItems = new ArrayList(); aclItems.add(aclItem); Mockito.when(_networkACLItemDao.listByACL(Matchers.anyLong())).thenReturn(aclItems); - _aclMgr.deleteNetworkACL(acl); + Mockito.when(acl.getId()).thenReturn(3l); + Mockito.when(_networkACLItemDao.findById(Matchers.anyLong())).thenReturn(aclItem); + Mockito.when(aclItem.getState()).thenReturn(State.Add); + Mockito.when(aclItem.getId()).thenReturn(3l); + Mockito.when(_networkACLDao.remove(Matchers.anyLong())).thenReturn(true); + + final boolean result = _aclMgr.deleteNetworkACL(acl); + + Mockito.verify(aclItem, Mockito.times(4)).getState(); + + assertTrue("Operation should be successfull!", result); } @Configuration @ComponentScan(basePackageClasses = {NetworkACLManagerImpl.class}, includeFilters = {@ComponentScan.Filter(value = NetworkACLTestConfiguration.Library.class, - type = FilterType.CUSTOM)}, useDefaultFilters = false) + type = FilterType.CUSTOM)}, useDefaultFilters = false) public static class NetworkACLTestConfiguration extends SpringUtils.CloudStackTestConfiguration { @Bean @@ -317,9 +327,9 @@ public class NetworkACLManagerTest extends TestCase { public static class Library implements TypeFilter { @Override - public boolean match(MetadataReader mdr, MetadataReaderFactory arg1) throws IOException { + public boolean match(final MetadataReader mdr, final MetadataReaderFactory arg1) throws IOException { mdr.getClassMetadata().getClassName(); - ComponentScan cs = NetworkACLTestConfiguration.class.getAnnotation(ComponentScan.class); + final ComponentScan cs = NetworkACLTestConfiguration.class.getAnnotation(ComponentScan.class); return SpringUtils.includedInBasePackageClasses(mdr.getClassMetadata().getClassName(), cs); } } diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index 8d00bdf1414..ac773a5788e 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -939,26 +939,6 @@ def main(argv): metadata = CsVmMetadata('vmdata', config) metadata.process() - # Always run both CsAcl().process() methods - # They fill the base rules in config.fw[] - acls = CsAcl('networkacl', config) - acls.process() - - acls = CsAcl('firewallrules', config) - acls.process() - - fwd = CsForwardingRules("forwardingrules", config) - fwd.process() - - vpns = CsSite2SiteVpn("site2sitevpn", config) - vpns.process() - - rvpn = CsRemoteAccessVpn("remoteaccessvpn", config) - rvpn.process() - - lb = CsLoadBalancer("loadbalancer", config) - lb.process() - if process_file in ["cmd_line.json", "network_acl.json"]: logging.debug("Configuring networkacl") iptables_change = True @@ -1000,10 +980,34 @@ def main(argv): # If iptable rules have changed, apply them. if iptables_change: + acls = CsAcl('networkacl', config) + acls.process() + + acls = CsAcl('firewallrules', config) + acls.process() + + fwd = CsForwardingRules("forwardingrules", config) + fwd.process() + + vpns = CsSite2SiteVpn("site2sitevpn", config) + vpns.process() + + rvpn = CsRemoteAccessVpn("remoteaccessvpn", config) + rvpn.process() + + lb = CsLoadBalancer("loadbalancer", config) + lb.process() + logging.debug("Configuring iptables rules") nf = CsNetfilters() nf.compare(config.get_fw()) + logging.debug("Configuring iptables rules done ...saving rules") + + # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local + CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4") + CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6") + red = CsRedundant(config) red.set() @@ -1012,12 +1016,5 @@ def main(argv): static_routes = CsStaticRoutes("staticroutes", config) static_routes.process() - if iptables_change: - logging.debug("Configuring iptables rules done ...saving rules") - - # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local - CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4") - CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6") - if __name__ == "__main__": main(sys.argv) diff --git a/ui/css/cloudstack3.css b/ui/css/cloudstack3.css index 37751467d93..753598dadaf 100644 --- a/ui/css/cloudstack3.css +++ b/ui/css/cloudstack3.css @@ -2489,7 +2489,7 @@ div.detail-group.actions td { padding: 1px 0 0; /*+placement:shift -174px -57px;*/ position: relative; - left: -174px; + left: -239px; top: -57px; } @@ -2555,7 +2555,7 @@ div.detail-group.actions td { margin: 0; position: absolute; top: -47px; - left: 1090px; + left: 1025px; cursor: default !important; display: inline-block; float: left; @@ -2568,8 +2568,8 @@ div.detail-group.actions td { padding: 9px 18px 7px 12px; border-right: none; /*[empty]border-top:;*/ - min-width: 75px; - max-width: 120px; + min-width: 110px; + max-width: 220px; text-align: center; height: 12px; overflow: hidden; @@ -4310,7 +4310,7 @@ textarea { #user-options { background: #FFFFFF; z-index: 10000; - width: 104px; + width: 150px; position: absolute; padding: 15px; top: 30px; diff --git a/ui/scripts/ui/core.js b/ui/scripts/ui/core.js index f05db2ce397..0c481d0dded 100644 --- a/ui/scripts/ui/core.js +++ b/ui/scripts/ui/core.js @@ -225,7 +225,7 @@ .append( $('
').addClass('name').text( args.context && args.context.users ? - cloudStack.concat(userLabel, 14) : 'Invalid User' + cloudStack.concat(userLabel, 21) : 'Invalid User' ) ) .append(