cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pran...@apache.org
Subject [51/56] [abbrv] git commit: updated refs/heads/UI-explicitDedication to da1791f
Date Tue, 14 May 2013 11:22:26 GMT
CLOUDSTACK-763: Added comments and removed unused imports


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5e009c4b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5e009c4b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5e009c4b

Branch: refs/heads/UI-explicitDedication
Commit: 5e009c4bcdad9922618a3771bccd2ba571be2281
Parents: 2cdb540
Author: Kishan Kavala <kishan@cloud.com>
Authored: Tue May 7 20:10:28 2013 +0530
Committer: Kishan Kavala <kishan@cloud.com>
Committed: Mon May 13 12:03:39 2013 +0530

----------------------------------------------------------------------
 .../com/cloud/network/vpc/NetworkACLService.java   |   31 ++++++++-----
 .../src/com/cloud/upgrade/dao/Upgrade410to420.java |   11 +++-
 .../com/cloud/network/vpc/NetworkACLManager.java   |   35 ++++++++++++---
 .../cloud/network/vpc/NetworkACLManagerImpl.java   |    7 ++-
 .../cloud/network/vpc/NetworkACLServiceImpl.java   |    5 +-
 setup/db/db/schema-410to420.sql                    |    2 +
 6 files changed, 65 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e009c4b/api/src/com/cloud/network/vpc/NetworkACLService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/vpc/NetworkACLService.java b/api/src/com/cloud/network/vpc/NetworkACLService.java
index 9fc476f..0258333 100644
--- a/api/src/com/cloud/network/vpc/NetworkACLService.java
+++ b/api/src/com/cloud/network/vpc/NetworkACLService.java
@@ -17,19 +17,12 @@
 package com.cloud.network.vpc;
 
 
-import java.util.List;
-
-import com.cloud.network.vpc.NetworkACL;
-import com.cloud.network.vpc.NetworkACLItem;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.utils.Pair;
 import org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd;
-import org.apache.cloudstack.api.command.user.network.CreateNetworkACLListCmd;
-import org.apache.cloudstack.api.command.user.network.ListNetworkACLListsCmd;
 import org.apache.cloudstack.api.command.user.network.ListNetworkACLsCmd;
 
-import com.cloud.exception.NetworkRuleConflictException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-import com.cloud.utils.Pair;
+import java.util.List;
 
 public interface NetworkACLService {
     /**
@@ -49,7 +42,7 @@ public interface NetworkACLService {
     NetworkACL getNetworkACL(long id);
 
     /**
-     * List NeetworkACLs by Id/Name/Network or Vpc it belongs to
+     * List NetworkACLs by Id/Name/Network or Vpc it belongs to
      * @param id
      * @param name
      * @param networkId
@@ -111,7 +104,21 @@ public interface NetworkACLService {
      */
     boolean revokeNetworkACLItem(long ruleId);
 
-
+    /**
+     * Updates existing aclItem applies to associated networks
+     * @param id
+     * @param protocol
+     * @param sourceCidrList
+     * @param trafficType
+     * @param action
+     * @param number
+     * @param sourcePortStart
+     * @param sourcePortEnd
+     * @param icmpCode
+     * @param icmpType
+     * @return
+     * @throws ResourceUnavailableException
+     */
     NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList,
NetworkACLItem.TrafficType trafficType,
                                         String action, Integer number, Integer sourcePortStart,
Integer sourcePortEnd,
                                         Integer icmpCode, Integer icmpType) throws ResourceUnavailableException;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e009c4b/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
index 0616515..6f36e21 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
@@ -402,15 +402,20 @@ public class Upgrade410to420 implements DbUpgrade {
         //Fetch all VPC Tiers
         //For each tier create a network ACL and move all the acl_items to network_acl_item
table
         // If there are no acl_items for a tier, associate it with default ACL
+
         s_logger.debug("Updating network ACLs");
+
         PreparedStatement pstmt = null;
         PreparedStatement pstmtDelete = null;
         ResultSet rs = null;
         ResultSet rsAcls = null;
         ResultSet rsCidr = null;
-        //1,2 are default acl Ids, start Ids from 3
+
+        //1,2 are default acl Ids, start acl Ids from 3
         long nextAclId = 3;
+
         try {
+            //Get all VPC tiers
             pstmt = conn.prepareStatement("SELECT id, vpc_id, uuid FROM `cloud`.`networks`
where vpc_id is not null and removed is null");
             rs = pstmt.executeQuery();
             while (rs.next()) {
@@ -428,7 +433,7 @@ public class Upgrade410to420 implements DbUpgrade {
                     if(!hasAcls){
                         hasAcls = true;
                         aclId = nextAclId++;
-                        //create ACL
+                        //create ACL for the tier
                         s_logger.debug("Creating network ACL for tier: "+tierUuid);
                         pstmt = conn.prepareStatement("INSERT INTO `cloud`.`network_acl`
(id, uuid, vpc_id, description, name) values (?, UUID(), ? , ?, ?)");
                         pstmt.setLong(1, aclId);
@@ -440,7 +445,7 @@ public class Upgrade410to420 implements DbUpgrade {
 
                     Long fwRuleId = rsAcls.getLong(1);
                     String cidr = null;
-                    //get cidr
+                    //get cidr from firewall_rules_cidrs
                     pstmt = conn.prepareStatement("SELECT id, source_cidr FROM `cloud`.`firewall_rules_cidrs`
where firewall_rule_id = ?");
                     pstmt.setLong(1, fwRuleId);
                     rsCidr = pstmt.executeQuery();

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e009c4b/server/src/com/cloud/network/vpc/NetworkACLManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManager.java b/server/src/com/cloud/network/vpc/NetworkACLManager.java
index 58c26e3..0ff3e88 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManager.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManager.java
@@ -16,14 +16,11 @@
 // under the License.
 package com.cloud.network.vpc;
 
-import java.util.List;
-
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.dao.NetworkVO;
-import com.cloud.network.rules.FirewallRule;
 import com.cloud.user.Account;
-import com.cloud.utils.db.DB;
-import org.apache.cloudstack.api.command.user.network.CreateNetworkACLListCmd;
+
+import java.util.List;
 
 
 public interface NetworkACLManager{
@@ -108,11 +105,37 @@ public interface NetworkACLManager{
      * @throws ResourceUnavailableException
      */
     boolean revokeACLItemsForNetwork(long networkId, long userId, Account caller) throws
ResourceUnavailableException;
-    
+
+    /**
+     * List network ACL items by network
+     * @param guestNtwkId
+     * @return
+     */
     List<NetworkACLItemVO> listNetworkACLItems(long guestNtwkId);
 
+    /**
+     * Applies asscociated ACL to specified network
+     * @param networkId
+     * @return
+     * @throws ResourceUnavailableException
+     */
     boolean applyACLToNetwork(long networkId) throws ResourceUnavailableException;
 
+    /**
+     * Updates and existing network ACL Item
+     * @param id
+     * @param protocol
+     * @param sourceCidrList
+     * @param trafficType
+     * @param action
+     * @param number
+     * @param sourcePortStart
+     * @param sourcePortEnd
+     * @param icmpCode
+     * @param icmpType
+     * @return
+     * @throws ResourceUnavailableException
+     */
     NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList,
NetworkACLItem.TrafficType trafficType,
                                         String action, Integer number, Integer sourcePortStart,
Integer sourcePortEnd,
                                         Integer icmpCode, Integer icmpType) throws ResourceUnavailableException;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e009c4b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
index 430e55d..71d6da4 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -18,7 +18,6 @@ package com.cloud.network.vpc;
 
 import com.cloud.event.ActionEvent;
 import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.Network;
 import com.cloud.network.Network.Service;
@@ -78,7 +77,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
     public boolean applyNetworkACL(long aclId) throws ResourceUnavailableException {
         boolean handled = true;
         List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(aclId);
-        //Find all networks using this ACL
+        //Find all networks using this ACL and apply the ACL
         List<NetworkVO> networks = _networkDao.listByAclId(aclId);
         for(NetworkVO network : networks){
             if(!applyACLItemsToNetwork(network.getId(), rules)) {
@@ -117,7 +116,9 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
     @Override
     public boolean replaceNetworkACL(NetworkACL acl, NetworkVO network) throws ResourceUnavailableException
{
         network.setNetworkACLId(acl.getId());
+        //Update Network ACL
         if(_networkDao.update(network.getId(), network)){
+            //Apply ACL to network
             return applyACLToNetwork(network.getId());
         }
         return false;
@@ -133,7 +134,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
         if("deny".equalsIgnoreCase(action)){
             ruleAction = NetworkACLItem.Action.Deny;
         }
-        // If number is null, set it to currentMax + 1
+        // If number is null, set it to currentMax + 1 (for backward compatibility)
         if(number == null){
             number = _networkACLItemDao.getMaxNumberByACL(aclId) + 1;
         }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e009c4b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
index 94be0c7..7c50d90 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -23,7 +23,6 @@ import com.cloud.network.NetworkModel;
 import com.cloud.network.Networks;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkVO;
-import com.cloud.network.element.NetworkACLServiceProvider;
 import com.cloud.network.vpc.dao.NetworkACLDao;
 import com.cloud.projects.Project.ListProjectResourcesCriteria;
 import com.cloud.server.ResourceTag.TaggedResourceType;
@@ -41,7 +40,6 @@ import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
 import com.cloud.utils.db.SearchCriteria.Op;
 import com.cloud.utils.net.NetUtils;
-import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd;
@@ -140,6 +138,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
             throw new InvalidParameterValueException("Unable to find specified ACL");
         }
 
+        //Do not allow deletion of default ACLs
         if(acl.getId() == NetworkACL.DEFAULT_ALLOW || acl.getId() == NetworkACL.DEFAULT_DENY){
             throw new InvalidParameterValueException("Default ACL cannot be removed");
         }
@@ -218,6 +217,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
         }
         _accountMgr.checkAccess(caller, null, true, vpc);
 
+        //Ensure that number is unique within the ACL
         if(aclItemCmd.getNumber() != null){
             if(_networkACLItemDao.findByAclAndNumber(aclId, aclItemCmd.getNumber()) != null){
                 throw new InvalidParameterValueException("ACL item with number "+aclItemCmd.getNumber()+"
already exists in ACL: "+acl.getUuid());
@@ -293,6 +293,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
             }
         }
 
+        //Check ofr valid action Allow/Deny
         if(action != null){
             try {
                 NetworkACLItem.Action.valueOf(action);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e009c4b/setup/db/db/schema-410to420.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-410to420.sql b/setup/db/db/schema-410to420.sql
index 09c16c1..6e74537 100644
--- a/setup/db/db/schema-410to420.sql
+++ b/setup/db/db/schema-410to420.sql
@@ -1211,10 +1211,12 @@ CREATE TABLE `cloud`.`network_acl_item` (
 
 ALTER TABLE `cloud`.`networks` add column `network_acl_id` bigint unsigned COMMENT 'network
acl id';
 
+-- Add Default ACL deny_all
 INSERT INTO `cloud`.`network_acl` (id, uuid, vpc_id, description, name) values (1, UUID(),
0, "Default Network ACL Deny All", "default_deny");
 INSERT INTO `cloud`.`network_acl_item` (id, uuid, acl_id, state, protocol, created, traffic_type,
cidr, number, action) values (1, UUID(), 1, "Active", "all", now(), "Ingress", "0.0.0.0/0",
1, "Deny");
 INSERT INTO `cloud`.`network_acl_item` (id, uuid, acl_id, state, protocol, created, traffic_type,
cidr, number, action) values (2, UUID(), 1, "Active", "all", now(), "Egress", "0.0.0.0/0",
2, "Deny");
 
+-- Add Default ACL allow_all
 INSERT INTO `cloud`.`network_acl` (id, uuid, vpc_id, description, name) values (2, UUID(),
0, "Default Network ACL Allow All", "default_allow");
 INSERT INTO `cloud`.`network_acl_item` (id, uuid, acl_id, state, protocol, created, traffic_type,
cidr, number, action) values (3, UUID(), 2, "Active", "all", now(), "Ingress", "0.0.0.0/0",
1, "Allow");
 INSERT INTO `cloud`.`network_acl_item` (id, uuid, acl_id, state, protocol, created, traffic_type,
cidr, number, action) values (4, UUID(), 2, "Active", "all", now(), "Egress", "0.0.0.0/0",
2, "Allow");


Mime
View raw message