apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-2819: Revoke existing ACL items if the new ACL is empty

Browse Source
This commit is contained in:
Kishan Kavala 2013-06-20 17:05:55 +05:30
parent c1e37f60ac
commit b422d8ddd9
4 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -3616,7 +3616,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
//revoke all network ACLs for network //revoke all network ACLs for network
try { try {
if (_networkACLMgr.revokeACLItemsForNetwork(networkId, callerUserId, caller)) { if (_networkACLMgr.revokeACLItemsForNetwork(networkId)) {
s_logger.debug("Successfully cleaned up NetworkACLs for network id=" + networkId); s_logger.debug("Successfully cleaned up NetworkACLs for network id=" + networkId);
} else { } else {
success = false; success = false;
@ -3785,7 +3785,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
try { try {
//revoke all Network ACLs for the network w/o applying them in the DB //revoke all Network ACLs for the network w/o applying them in the DB
if (!_networkACLMgr.revokeACLItemsForNetwork(networkId, callerUserId, caller)) { if (!_networkACLMgr.revokeACLItemsForNetwork(networkId)) {
s_logger.warn("Failed to cleanup network ACLs as a part of shutdownNetworkRules"); s_logger.warn("Failed to cleanup network ACLs as a part of shutdownNetworkRules");
success = false; success = false;
} }

2
server/src/com/cloud/network/vpc/NetworkACLManager.java
View File

@ -104,7 +104,7 @@ public interface NetworkACLManager{
* @return * @return
* @throws ResourceUnavailableException * @throws ResourceUnavailableException
*/ */
boolean revokeACLItemsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException; boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException;
/** /**
* List network ACL items by network * List network ACL items by network

14
server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
View File

@ -150,6 +150,18 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering does not support NetworkACL service"); throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering does not support NetworkACL service");
} }
if(network.getNetworkACLId() != null){
//Revoke ACL Items of the existing ACL if the new ACL is empty
//Existing rules won't be removed otherwise
List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(acl.getId());
if(aclItems == null || aclItems.isEmpty()){
s_logger.debug("New network ACL is empty. Revoke existing rules before applying ACL");
if(!revokeACLItemsForNetwork(network.getId())){
throw new CloudRuntimeException("Failed to replace network ACL. Error while removing existing ACL items for network: "+network.getId());
}
}
}
network.setNetworkACLId(acl.getId()); network.setNetworkACLId(acl.getId());
//Update Network ACL //Update Network ACL
if(_networkDao.update(network.getId(), network)){ if(_networkDao.update(network.getId(), network)){
@ -229,7 +241,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
} }
@Override @Override
public boolean revokeACLItemsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException { public boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException {
Network network = _networkDao.findById(networkId); Network network = _networkDao.findById(networkId);
if(network.getNetworkACLId() == null){ if(network.getNetworkACLId() == null){
return true; return true;

5
server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
View File

@ -104,7 +104,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
SearchBuilder<NetworkACLVO> sb = _networkACLDao.createSearchBuilder(); SearchBuilder<NetworkACLVO> sb = _networkACLDao.createSearchBuilder();
sb.and("id", sb.entity().getId(), Op.EQ); sb.and("id", sb.entity().getId(), Op.EQ);
sb.and("name", sb.entity().getName(), Op.EQ); sb.and("name", sb.entity().getName(), Op.EQ);
sb.and("vpcId", sb.entity().getVpcId(), Op.EQ); sb.and("vpcId", sb.entity().getVpcId(), Op.IN);
if(networkId != null){ if(networkId != null){
SearchBuilder<NetworkVO> network = _networkDao.createSearchBuilder(); SearchBuilder<NetworkVO> network = _networkDao.createSearchBuilder();
@ -122,7 +122,8 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
} }
if(vpcId != null){ if(vpcId != null){
sc.setParameters("vpcId", vpcId); //Include vpcId 0 to list default ACLs
sc.setParameters("vpcId", vpcId, 0);
} }
if(networkId != null){ if(networkId != null){