cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kous...@apache.org
Subject [1/5] git commit: refs/heads/cisco-vnmc-api-integration - Separated out creation of ACL policy set and policy in VNMC
Date Fri, 22 Feb 2013 13:50:35 GMT
Separated out creation of ACL policy set and policy in VNMC


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/124a4881
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/124a4881
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/124a4881

Branch: refs/heads/cisco-vnmc-api-integration
Commit: 124a48819d34547d5355396c151279a23899ff65
Parents: 1e38515
Author: Koushik Das <koushik.das@citrix.com>
Authored: Thu Feb 21 17:53:12 2013 +0530
Committer: Koushik Das <koushik.das@citrix.com>
Committed: Thu Feb 21 17:53:12 2013 +0530

----------------------------------------------------------------------
 .../network/cisco/associate-acl-policy-set.xml     |    2 +-
 .../network/cisco/create-acl-policy-ref.xml        |   21 +++++
 .../network/cisco/create-acl-policy-set.xml        |   13 +---
 .../network/cisco/create-ingress-acl-rule.xml      |   18 ++--
 .../cloud/network/cisco/CiscoVnmcConnection.java   |   15 ++-
 .../network/cisco/CiscoVnmcConnectionImpl.java     |   66 +++++++++-----
 .../cloud/network/element/CiscoVnmcElement.java    |    1 -
 .../cloud/network/resource/CiscoVnmcResource.java  |   69 +++++++++------
 8 files changed, 127 insertions(+), 78 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/124a4881/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml
index ae40a88..908b40f 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml
@@ -3,7 +3,7 @@
   inHierarchical="false">
     <inConfigs>
       <pair key="%espdn%" >
-          <policyVirtualNetworkEdgeProfile
+        <policyVirtualNetworkEdgeProfile
           connTimeoutRef=""
           descr="%descr%"
           dn="%espdn%"

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/124a4881/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
new file mode 100755
index 0000000..2d3f02a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
@@ -0,0 +1,21 @@
+
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+
+  <inConfigs>
+    <pair key="%aclpolicyrefdn%">
+      <policyPolicyNameRef
+        dn="%aclpolicyrefdn%"
+        order="100"
+        policyName="%aclpolicyname%"
+        status="created"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclpolicyrefdn="org-root/org-vlan-123/org-VDC-vlan-123/pset-Ingress-ACL-Policy-Set-vlan-123/polref-aaa"
+    aclpolicyname="aaa"
+--!>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/124a4881/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
index 4038b91..4e9d2ce 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
@@ -3,13 +3,6 @@
   cookie="%cookie%"
   inHierarchical="false">
     <inConfigs>
-    <pair key="%aclpolicyrefdn%">
-      <policyPolicyNameRef
-      dn="%aclpolicyrefdn%"
-      order="100"
-      policyName="%aclpolicyname%"
-      status="created"/>
-    </pair>
     <pair key="%aclpolicysetdn%">
       <policyPolicySet
       descr=""
@@ -21,8 +14,6 @@
 </configConfMos>
 
 <!--
-          aclpolicysetdn="org-root/org-vlan-123/org-VDC-vlan-123/pset-foo"
-          aclpolicysetname="foo"
-		  aclpolicyrefdn="org-root/org-vlan-123/org-VDC-vlan-123/pset-foo/polref-bar"
-		  aclpolicyname="bar"
+    aclpolicysetdn="org-root/org-vlan-123/org-VDC-vlan-123/pset-foo"
+    aclpolicysetname="foo"
 --!>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/124a4881/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
index 2c3fdab..8fb38a4 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
@@ -170,13 +170,13 @@
 </configConfMos>
 
 <!--
-          aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
-          aclrulename="dummy"
-		  actiontype="drop" or "permit"
-		  protocolvalue = "TCP" or UDP or ICMP
-		  sourcestartip="source start ip"
-		  sourceendip="source end ip"
-		  startport="start port at destination"
-		  endport="end port at destination"
-		  destinationip="public ip at destination"
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    actiontype="drop" or "permit"
+    protocolvalue = "TCP" or UDP or ICMP
+    sourcestartip="source start ip"
+    sourceendip="source end ip"
+    startport="start port at destination"
+    endport="end port at destination"
+    destinationip="public ip at destination"
 --!>

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/124a4881/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
index 5d59c65..3cb1ea5 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
@@ -64,18 +64,23 @@ public interface CiscoVnmcConnection {
     public boolean associateNatPolicySet(String tenantName)
             throws ExecutionException;
 
-    public boolean createIngressAclRule(String tenantName, String identifier,
+    public boolean createIngressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
             String protocol, String sourceStartIp, String sourceEndIp,
             String destStartPort, String destEndPort, String destIp)
             throws ExecutionException;
 
-    public boolean deleteAclRule(String tenantName, String identifier)
+    public boolean deleteAclRule(String policyIdentifier,
+            String identifier, String destIp)
             throws ExecutionException;
 
-    public boolean createTenantVDCAclPolicy(String tenantName, boolean ingress)
-            throws ExecutionException;
+    public boolean createTenantVDCAclPolicy(String tenantName, String identifier,
+            boolean ingress) throws ExecutionException;
+
+    public boolean createTenantVDCAclPolicyRef(String tenantName, String identifier,
+            boolean ingress) throws ExecutionException;
 
-    public boolean deleteTenantVDCAclPolicy(String tenantName, boolean ingress)
+    public boolean deleteTenantVDCAclPolicy(String tenantName, String identifier)
             throws ExecutionException;
 
     public boolean createTenantVDCAclPolicySet(String tenantName, boolean ingress)

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/124a4881/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
index b304e05..e159dd1 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
@@ -66,6 +66,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         DELETE_ACL_RULE("delete-acl-rule.xml", "policy-mgr"),
         CREATE_ACL_POLICY("create-acl-policy.xml", "policy-mgr"),
         DELETE_ACL_POLICY("delete-acl-policy.xml", "policy-mgr"),
+        CREATE_ACL_POLICY_REF("create-acl-policy-ref.xml", "policy-mgr"),
         CREATE_ACL_POLICY_SET("create-acl-policy-set.xml", "policy-mgr"),
         RESOLVE_ACL_POLICY_SET("associate-acl-policy-set.xml", "policy-mgr"),
         CREATE_EDGE_FIREWALL("create-edge-firewall.xml", "resource-mgr"),
@@ -566,37 +567,38 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection
{
         return getDnForTenantVDC(tenantName) + "/pset-" + getNameForAclPolicySet(tenantName,
ingress) ;
     }
 
-    private String getNameForAclPolicy(String tenantName, boolean ingress) {
-        return (ingress ? "Ingress-" : "Egress-") + "ACL-For-" + tenantName;
+    private String getNameForAclPolicy(String tenantName, String identifier) {
+        return "Policy-" + tenantName + "-" + identifier;
     }
 
-    private String getDnForAclPolicy(String tenantName, boolean ingress) {
-        return getDnForTenantVDC(tenantName) + "/pol-" + getNameForAclPolicy(tenantName,
ingress);
+    private String getDnForAclPolicy(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/pol-" + getNameForAclPolicy(tenantName,
identifier);
     }
 
-    private String getDnForAclPolicyRef(String tenantName, boolean ingress) {
-        return getDnForAclPolicySet(tenantName, ingress) + "/polref-" + getNameForAclPolicy(tenantName,
ingress);
+    private String getDnForAclPolicyRef(String tenantName, String identifier, boolean ingress)
{
+        return getDnForAclPolicySet(tenantName, ingress) + "/polref-" + getNameForAclPolicy(tenantName,
identifier);
     }
 
-    private String getNameForAclRule(String tenantName, String identifier, boolean ingress)
{
-        return (ingress ? "Ingress-" : "Egress-") + "ACL-Rule-For-" + tenantName + "-" +
identifier;
+    private String getNameForAclRule(String tenantName, String identifier) {
+        return "Rule-" + tenantName + "-" + identifier;
     }
 
-    private String getDnForAclRule(String tenantName, String identifier, boolean ingress)
{
-        return getDnForAclPolicy(tenantName, ingress) + "/rule-" + getNameForAclRule(tenantName,
identifier, ingress);
+    private String getDnForAclRule(String tenantName, String identifier, String policyIdentifier)
{
+        return getDnForAclPolicy(tenantName, policyIdentifier) + "/rule-" + getNameForAclRule(tenantName,
identifier);
     }
 
     /* (non-Javadoc)
      * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCAclPolicy(java.lang.String)
      */
     @Override
-    public boolean createTenantVDCAclPolicy(String tenantName, boolean ingress) throws ExecutionException
{
+    public boolean createTenantVDCAclPolicy(String tenantName, String identifier, boolean
ingress) throws ExecutionException {
         String xml = VnmcXml.CREATE_ACL_POLICY.getXml();
         String service = VnmcXml.CREATE_ACL_POLICY.getService();
         xml = replaceXmlValue(xml, "cookie", _cookie);
         //xml = replaceXmlValue(xml, "descr", "ACL Policy for Tenant VDC " + tenantName);
-        xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, ingress));
-        xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, ingress));
+        xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicyrefdn", getDnForAclPolicyRef(tenantName, identifier,
ingress));
 
         String response =  sendRequest(service, xml);
 
@@ -607,12 +609,29 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection
{
      * @see com.cloud.network.resource.CiscoVnmcConnection#deleteTenantVDCAclPolicy(java.lang.String)
      */
     @Override
-    public boolean deleteTenantVDCAclPolicy(String tenantName, boolean ingress) throws ExecutionException
{
+    public boolean deleteTenantVDCAclPolicy(String tenantName, String identifier) throws
ExecutionException {
         String xml = VnmcXml.DELETE_ACL_POLICY.getXml();
         String service = VnmcXml.DELETE_ACL_POLICY.getService();
         xml = replaceXmlValue(xml, "cookie", _cookie);
-        xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, ingress));
-        xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, ingress));
+        xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier));
+
+        String response =  sendRequest(service, xml);
+
+        return verifySuccess(response);
+    }
+
+    /* (non-Javadoc)
+     * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCAclPolicySet(java.lang.String)
+     */
+    @Override
+    public boolean createTenantVDCAclPolicyRef(String tenantName, String identifier, boolean
ingress) throws ExecutionException {
+        String xml = VnmcXml.CREATE_ACL_POLICY_REF.getXml();
+        String service = VnmcXml.CREATE_ACL_POLICY_REF.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicyrefdn", getDnForAclPolicyRef(tenantName, identifier,
ingress));
 
         String response =  sendRequest(service, xml);
 
@@ -628,10 +647,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         String service = VnmcXml.CREATE_ACL_POLICY_SET.getService();
         xml = replaceXmlValue(xml, "cookie", _cookie);
         //xml = replaceXmlValue(xml, "descr", "ACL Policy Set for Tenant VDC " + tenantName);
-        xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, ingress));
         xml = replaceXmlValue(xml, "aclpolicysetname", getNameForAclPolicySet(tenantName,
ingress));
         xml = replaceXmlValue(xml, "aclpolicysetdn", getDnForAclPolicySet(tenantName, ingress));
-        xml = replaceXmlValue(xml, "aclpolicyrefdn", getDnForAclPolicyRef(tenantName, ingress));
 
         String response =  sendRequest(service, xml);
 
@@ -663,15 +680,16 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection
{
      * @see com.cloud.network.resource.CiscoVnmcConnection#createIngressAclRule(java.lang.String)
      */
     @Override
-    public boolean createIngressAclRule(String tenantName, String identifier,
+    public boolean createIngressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
             String protocol, String sourceStartIp, String sourceEndIp,
             String destStartPort, String destEndPort, String destIp) throws ExecutionException
{
         String xml = VnmcXml.CREATE_INGRESS_ACL_RULE.getXml();
         String service = VnmcXml.CREATE_INGRESS_ACL_RULE.getService();
         xml = replaceXmlValue(xml, "cookie", _cookie);
         //xml = replaceXmlValue(xml, "descr", "Ingress ACL Policy for Tenant VDC" + tenantName);
-        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, true));
-        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier,
true));
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
         xml = replaceXmlValue(xml, "actiontype", "permit");
         xml = replaceXmlValue(xml, "protocolvalue", protocol);
         xml = replaceXmlValue(xml, "sourcestartip", sourceStartIp);
@@ -689,12 +707,12 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection
{
      * @see com.cloud.network.resource.CiscoVnmcConnection#deleteAclRule(java.lang.String)
      */
     @Override
-    public boolean deleteAclRule(String tenantName, String identifier) throws ExecutionException
{
+    public boolean deleteAclRule(String tenantName, String identifier, String policyIdentifier)
throws ExecutionException {
         String xml = VnmcXml.DELETE_ACL_RULE.getXml();
         String service = VnmcXml.DELETE_ACL_RULE.getService();
         xml = replaceXmlValue(xml, "cookie", _cookie);
-        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, true));
-        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier,
true));
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
 
         String response =  sendRequest(service, xml);
 

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/124a4881/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
index c96abac..22d58a6 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
@@ -147,7 +147,6 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
     CiscoAsa1000vDao _ciscoAsa1000vDao;
     @Inject
     NetworkAsa1000vMapDao _networkAsa1000vMapDao;
-    
 
     private boolean canHandle(Network network) {
         if (network.getBroadcastDomainType() != BroadcastDomainType.Vlan) {

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/124a4881/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
index 3e58398..85188c8 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@@ -17,6 +17,7 @@
 package com.cloud.network.resource;
 
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -319,39 +320,53 @@ public class CiscoVnmcResource implements ServerResource{
     private Answer execute(SetFirewallRulesCommand cmd, int numRetries) {
         String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
         String tenant = "vlan-" + vlanId;
+
+        FirewallRuleTO[] rules = cmd.getRules();
+        Map<String, List<FirewallRuleTO>> publicIpRulesMap = new HashMap<String,
List<FirewallRuleTO>>();
+        for (FirewallRuleTO rule : rules) {
+            String publicIp = rule.getSrcIp();
+            if (!publicIpRulesMap.containsKey(publicIp)) {
+                List<FirewallRuleTO> publicIpRulesList = new ArrayList<FirewallRuleTO>();
+                publicIpRulesMap.put(publicIp, publicIpRulesList);
+            }
+            publicIpRulesMap.get(publicIp).add(rule);
+        }
+
         try {
             // create-acl-policy-set for ingress
             _connection.createTenantVDCAclPolicySet(tenant, true);
-
-            // delete-acl-policy for ingress
-            _connection.deleteTenantVDCAclPolicy(tenant, true);
-            // delete-acl-policy for egress
-
-            // create-acl-policy for ingress
-            _connection.createTenantVDCAclPolicy(tenant, true);
-
             // create-acl-policy-set for egress
-            // create-acl-policy for egress
-
-            FirewallRuleTO[] rules = cmd.getRules();
-            for (FirewallRuleTO rule : rules) {
-                if (rule.revoked()) {
-                    // delete-acl-rule
-                    //_connection.deleteAclRule(tenant, Long.toString(rule.getId()));
-                } else {
-                    String cidr = rule.getSourceCidrList().get(0);
-                    String[] result = cidr.split("\\/");
-                    assert (result.length == 2) : "Something is wrong with source cidr "
+ cidr;
-                    long size = Long.valueOf(result[1]);
-                    String startIp = NetUtils.getIpRangeStartIpFromCidr(result[0], size);
-                    String endIp = NetUtils.getIpRangeEndIpFromCidr(result[0], size);
-                    // create-ingress-acl-rule
-                    _connection.createIngressAclRule(tenant,
-                            Long.toString(rule.getId()), rule.getProtocol().toUpperCase(),
startIp, endIp,
-                            Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]),
rule.getSrcIp());
+
+            for (String publicIp : publicIpRulesMap.keySet()) {
+                String policyIdentifier = publicIp.replace('.', '-');
+                // delete-acl-policy for ingress
+                _connection.deleteTenantVDCAclPolicy(tenant, policyIdentifier);
+                // delete-acl-policy for egress
+
+                // create-acl-policy for ingress
+                _connection.createTenantVDCAclPolicy(tenant, policyIdentifier, true);
+                _connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true);
+                // create-acl-policy for egress
+
+                for (FirewallRuleTO rule : publicIpRulesMap.get(publicIp)) {
+                    if (rule.revoked()) {
+                        // delete-acl-rule
+                        //_connection.deleteAclRule(tenant, Long.toString(rule.getId()),
publicIp);
+                    } else {
+                        String cidr = rule.getSourceCidrList().get(0);
+                        String[] result = cidr.split("\\/");
+                        assert (result.length == 2) : "Something is wrong with source cidr
" + cidr;
+                        long size = Long.valueOf(result[1]);
+                        String externalStartIp = NetUtils.getIpRangeStartIpFromCidr(result[0],
size);
+                        String externalEndIp = NetUtils.getIpRangeEndIpFromCidr(result[0],
size);
+                        // create-ingress-acl-rule
+                        _connection.createIngressAclRule(tenant,
+                                Long.toString(rule.getId()), policyIdentifier,
+                                rule.getProtocol().toUpperCase(), externalStartIp, externalEndIp,
+                                Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]),
publicIp);
+                    }
                 }
             }
-
             // associate-acl-policy-set
             _connection.associateAclPolicySet(tenant);
         } catch (Throwable e) {


Mime
View raw message