cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kis...@apache.org
Subject [10/16] git commit: updated refs/heads/master to 595f78f
Date Mon, 13 May 2013 06:34:46 GMT
CLOUDSTACK-763: Added API updateNetworkACLItem to update an existing ACL Item


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/49fbff21
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/49fbff21
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/49fbff21

Branch: refs/heads/master
Commit: 49fbff21fa75bd0e9b6bf7babd389666cd7c6afb
Parents: a1023e4
Author: Kishan Kavala <kishan@cloud.com>
Authored: Tue May 7 00:14:09 2013 +0530
Committer: Kishan Kavala <kishan@cloud.com>
Committed: Mon May 13 12:03:39 2013 +0530

----------------------------------------------------------------------
 api/src/com/cloud/event/EventTypes.java            |    2 +-
 .../cloud/network/firewall/NetworkACLService.java  |    4 +-
 .../command/user/network/CreateNetworkACLCmd.java  |    2 +-
 client/tomcatconf/commands.properties.in           |    1 +
 .../com/cloud/network/vpc/NetworkACLItemVO.java    |   40 +++++++++-
 .../com/cloud/network/vpc/NetworkACLManager.java   |    3 +
 .../cloud/network/vpc/NetworkACLManagerImpl.java   |   59 ++++++++++++++-
 .../cloud/network/vpc/NetworkACLServiceImpl.java   |   52 +++++++++++++-
 .../src/com/cloud/server/ManagementServerImpl.java |    2 +-
 .../vpc/MockVpcVirtualNetworkApplianceManager.java |   10 +--
 .../test/com/cloud/vpc/dao/MockNetworkDaoImpl.java |    5 +
 11 files changed, 163 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/api/src/com/cloud/event/EventTypes.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java
index 8839887..71822e9 100755
--- a/api/src/com/cloud/event/EventTypes.java
+++ b/api/src/com/cloud/event/EventTypes.java
@@ -346,10 +346,10 @@ public class EventTypes {
 
     // Network ACL
     public static final String EVENT_NETWORK_ACL_CREATE = "NETWORK.ACL.CREATE";
-    public static final String EVENT_NETWORK_ACL_UPDATE = "NETWORK.ACL.UPDATE";
     public static final String EVENT_NETWORK_ACL_DELETE = "NETWORK.ACL.DELETE";
     public static final String EVENT_NETWORK_ACL_REPLACE = "NETWORK.ACL.REPLACE";
     public static final String EVENT_NETWORK_ACL_ITEM_CREATE = "NETWORK.ACL.ITEM.CREATE";
+    public static final String EVENT_NETWORK_ACL_ITEM_UPDATE = "NETWORK.ACL.ITEM.UPDATE";
     public static final String EVENT_NETWORK_ACL_ITEM_DELETE = "NETWORK.ACL.ITEM.DELETE";
 
     // VPC offerings

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/api/src/com/cloud/network/firewall/NetworkACLService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/firewall/NetworkACLService.java b/api/src/com/cloud/network/firewall/NetworkACLService.java
index 5f068a3..cd25da3 100644
--- a/api/src/com/cloud/network/firewall/NetworkACLService.java
+++ b/api/src/com/cloud/network/firewall/NetworkACLService.java
@@ -112,5 +112,7 @@ public interface NetworkACLService {
     boolean revokeNetworkACLItem(long ruleId);
 
 
-
+    NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList,
NetworkACLItem.TrafficType trafficType,
+                                        String action, Integer number, Integer sourcePortStart,
Integer sourcePortEnd,
+                                        Integer icmpCode, Integer icmpType) throws ResourceUnavailableException;
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java
b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java
index e78fe44..1ed6445 100644
--- a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java
@@ -44,7 +44,7 @@ import com.cloud.user.Account;
 import com.cloud.user.UserContext;
 import com.cloud.utils.net.NetUtils;
 
-@APICommand(name = "createNetworkACL", description = "Creates a ACL rule the given network
(the network has to belong to VPC)",
+@APICommand(name = "createNetworkACL", description = "Creates a ACL rule in the given network
(the network has to belong to VPC)",
 responseObject = NetworkACLItemResponse.class)
 public class CreateNetworkACLCmd extends BaseAsyncCreateCmd {
     public static final Logger s_logger = Logger.getLogger(CreateNetworkACLCmd.class.getName());

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/client/tomcatconf/commands.properties.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in
index cb7965b..47b92a4 100644
--- a/client/tomcatconf/commands.properties.in
+++ b/client/tomcatconf/commands.properties.in
@@ -433,6 +433,7 @@ deletePrivateGateway=1
 
 #### Network ACL commands
 createNetworkACL=15
+updateNetworkACLItem=15
 deleteNetworkACL=15
 listNetworkACLs=15
 createNetworkACLList=15

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/src/com/cloud/network/vpc/NetworkACLItemVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLItemVO.java b/server/src/com/cloud/network/vpc/NetworkACLItemVO.java
index 71ccebf..74d0445 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLItemVO.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLItemVO.java
@@ -194,12 +194,44 @@ public class NetworkACLItemVO implements NetworkACLItem {
         return number;
     }
 
-    public void setUuid(String uuid) {
-        this.uuid = uuid;
-    }
-
     @Override
     public TrafficType getTrafficType() {
         return trafficType;
     }
+
+    public void setSourcePortStart(Integer sourcePortStart) {
+        this.sourcePortStart = sourcePortStart;
+    }
+
+    public void setSourcePortEnd(Integer sourcePortEnd) {
+        this.sourcePortEnd = sourcePortEnd;
+    }
+
+    public void setProtocol(String protocol) {
+        this.protocol = protocol;
+    }
+
+    public void setIcmpCode(Integer icmpCode) {
+        this.icmpCode = icmpCode;
+    }
+
+    public void setIcmpType(Integer icmpType) {
+        this.icmpType = icmpType;
+    }
+
+    public void setTrafficType(TrafficType trafficType) {
+        this.trafficType = trafficType;
+    }
+
+    public void setSourceCidrs(String sourceCidrs) {
+        this.sourceCidrs = sourceCidrs;
+    }
+
+    public void setNumber(int number) {
+        this.number = number;
+    }
+
+    public void setAction(Action action) {
+        this.action = action;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/src/com/cloud/network/vpc/NetworkACLManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManager.java b/server/src/com/cloud/network/vpc/NetworkACLManager.java
index 1b1e958..fc2b1a8 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManager.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManager.java
@@ -114,4 +114,7 @@ public interface NetworkACLManager{
 
     boolean applyACLToNetwork(long networkId) throws ResourceUnavailableException;
 
+    NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList,
NetworkACLItem.TrafficType trafficType,
+                                        String action, Integer number, Integer sourcePortStart,
Integer sourcePortEnd,
+                                        Integer icmpCode, Integer icmpType) throws ResourceUnavailableException;
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
index 67547c6..28f5af2 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -131,7 +131,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
                                                   Integer icmpCode, Integer icmpType, NetworkACLItem.TrafficType
trafficType, Long aclId,
                                                   String action, Integer number) {
         NetworkACLItem.Action ruleAction = NetworkACLItem.Action.Allow;
-        if("deny".equals(action)){
+        if("deny".equalsIgnoreCase(action)){
             ruleAction = NetworkACLItem.Action.Deny;
         }
         // If number is null, set it to currentMax + 1
@@ -240,6 +240,63 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
         return applyACLItemsToNetwork(networkId, rules);
     }
 
+    @Override
+    public NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String>
sourceCidrList, NetworkACLItem.TrafficType trafficType,
+                                               String action, Integer number, Integer sourcePortStart,
Integer sourcePortEnd, Integer icmpCode,
+                                               Integer icmpType) throws ResourceUnavailableException
{
+        NetworkACLItemVO aclItem = _networkACLItemDao.findById(id);
+        aclItem.setState(State.Add);
+
+        if(protocol != null){
+            aclItem.setProtocol(protocol);
+        }
+
+        if(sourceCidrList != null){
+            aclItem.setSourceCidrList(sourceCidrList);
+        }
+
+        if(trafficType != null){
+            aclItem.setTrafficType(trafficType);
+        }
+
+        if(action != null){
+            NetworkACLItem.Action ruleAction = NetworkACLItem.Action.Allow;
+            if("deny".equalsIgnoreCase(action)){
+                ruleAction = NetworkACLItem.Action.Deny;
+            }
+            aclItem.setAction(ruleAction);
+        }
+
+        if(number != null){
+            aclItem.setNumber(number);
+        }
+
+        if(sourcePortStart != null){
+            aclItem.setSourcePortStart(sourcePortStart);
+        }
+
+        if(sourcePortEnd != null){
+            aclItem.setSourcePortEnd(sourcePortEnd);
+        }
+
+        if(icmpCode != null){
+            aclItem.setIcmpCode(icmpCode);
+        }
+
+        if(icmpType != null){
+            aclItem.setIcmpType(icmpType);
+        }
+
+        if(_networkACLItemDao.update(id, aclItem)){
+            if(applyNetworkACL(aclItem.getAclId())){
+                return aclItem;
+            } else {
+                throw new CloudRuntimeException("Failed to apply Network ACL Item: "+aclItem.getUuid());
+            }
+        }
+        return null;
+    }
+
     public boolean applyACLItemsToNetwork(long networkId, List<NetworkACLItemVO> rules)
throws ResourceUnavailableException {
         Network network = _networkDao.findById(networkId);
         boolean handled = false;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
index 2844dcb..ae9b8f9 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -142,6 +142,11 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
         if(acl == null) {
             throw new InvalidParameterValueException("Unable to find specified ACL");
         }
+
+        if(acl.getId() == NetworkACL.DEFAULT_ALLOW || acl.getId() == NetworkACL.DEFAULT_DENY){
+            throw new InvalidParameterValueException("Default ACL cannot be removed");
+        }
+
         Vpc vpc = _vpcMgr.getVpc(acl.getVpcId());
         if(vpc == null){
             throw new InvalidParameterValueException("Unable to find specified VPC associated
with the ACL");
@@ -298,7 +303,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
             try {
                 NetworkACLItem.Action.valueOf(action);
             } catch (IllegalArgumentException ex) {
-                throw new InvalidParameterValueException("Invalid action. Allowed actions
are Aloow and Deny");
+                throw new InvalidParameterValueException("Invalid action. Allowed actions
are Allow and Deny");
             }
         }
     }
@@ -400,7 +405,52 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
 
     @Override
     public boolean revokeNetworkACLItem(long ruleId) {
+        NetworkACLItemVO aclItem = _networkACLItemDao.findById(ruleId);
+        if(aclItem != null){
+            if((aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW) || (aclItem.getAclId() ==
NetworkACL.DEFAULT_DENY)){
+                throw new InvalidParameterValueException("ACL Items in default ACL cannot
be deleted");
+            }
+        }
         return _networkAclMgr.revokeNetworkACLItem(ruleId);
     }
 
+    @Override
+    public NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String>
sourceCidrList, NetworkACLItem.TrafficType trafficType,
+                                               String action, Integer number, Integer sourcePortStart,
Integer sourcePortEnd, Integer icmpCode,
+                                               Integer icmpType) throws ResourceUnavailableException
{
+        NetworkACLItemVO aclItem = _networkACLItemDao.findById(id);
+        if(aclItem == null){
+            throw new InvalidParameterValueException("Unable to find ACL Item cannot be found");
+        }
+
+        if(aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW || aclItem.getAclId() == NetworkACL.DEFAULT_DENY){
+            throw new InvalidParameterValueException("Default ACL Items cannot be updated");
+        }
+
+        NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId());
+
+        Vpc vpc = _vpcMgr.getVpc(acl.getVpcId());
+
+        Account caller = UserContext.current().getCaller();
+
+        _accountMgr.checkAccess(caller, null, true, vpc);
+
+        Account aclOwner = _accountMgr.getAccount(vpc.getAccountId());
+        _accountMgr.checkAccess(aclOwner, SecurityChecker.AccessType.ModifyEntry, false,
acl);
+
+        if(number != null){
+            //Check if ACL Item with specified number already exists
+            NetworkACLItemVO aclNumber = _networkACLItemDao.findByAclAndNumber(acl.getId(),
number);
+            if((aclNumber != null) && (aclNumber.getId() != id)){
+                throw new InvalidParameterValueException("ACL item with number "+number+"
already exists in ACL: "+acl.getUuid());
+            }
+        }
+
+        validateNetworkACLItem((sourcePortStart == null) ? aclItem.getSourcePortStart() :
sourcePortStart, (sourcePortEnd == null) ? aclItem.getSourcePortEnd() : sourcePortEnd,
+                sourceCidrList, protocol, icmpCode, (icmpType == null) ? aclItem.getIcmpType()
: icmpType, action);
+
+        return _networkAclMgr.updateNetworkACLItem(id, protocol, sourceCidrList, trafficType,
action, number, sourcePortStart,
+                sourcePortEnd, icmpCode, icmpType);
+    }
+
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/src/com/cloud/server/ManagementServerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index b7085af..1b20d6d 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -2878,11 +2878,11 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
         cmdList.add(ListInternalLBVMsCmd.class);
         cmdList.add(ListNetworkIsolationMethodsCmd.class);
         cmdList.add(ListNetworkIsolationMethodsCmd.class);
-
         cmdList.add(CreateNetworkACLListCmd.class);
         cmdList.add(DeleteNetworkACLListCmd.class);
         cmdList.add(ListNetworkACLListsCmd.class);
         cmdList.add(ReplaceNetworkACLListCmd.class);
+        cmdList.add(UpdateNetworkACLItemCmd.class);
         return cmdList;
     }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java b/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java
index 9010f1f..2886af4 100644
--- a/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java
+++ b/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java
@@ -23,6 +23,7 @@ import java.util.Map;
 import javax.ejb.Local;
 import javax.naming.ConfigurationException;
 
+import com.cloud.network.vpc.NetworkACLItem;
 import org.apache.cloudstack.api.command.admin.router.UpgradeRouterCmd;
 import org.springframework.stereotype.Component;
 
@@ -336,14 +337,9 @@ VpcVirtualNetworkApplianceService {
         return null;
     }
 
-    /* (non-Javadoc)
-     * @see com.cloud.network.router.VpcVirtualNetworkApplianceManager#applyNetworkACLs(com.cloud.network.Network,
java.util.List, java.util.List)
-     */
     @Override
-    public boolean applyNetworkACLs(Network network, List<? extends FirewallRule> rules,
-            List<? extends VirtualRouter> routers) throws ResourceUnavailableException
{
-        // TODO Auto-generated method stub
-        return false;
+    public boolean applyNetworkACLs(Network network, List<? extends NetworkACLItem>
rules, List<? extends VirtualRouter> routers) throws ResourceUnavailableException {
+        return false;  //To change body of implemented methods use File | Settings | File
Templates.
     }
 
     /* (non-Javadoc)

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49fbff21/server/test/com/cloud/vpc/dao/MockNetworkDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/vpc/dao/MockNetworkDaoImpl.java b/server/test/com/cloud/vpc/dao/MockNetworkDaoImpl.java
index a483291..4747e70 100644
--- a/server/test/com/cloud/vpc/dao/MockNetworkDaoImpl.java
+++ b/server/test/com/cloud/vpc/dao/MockNetworkDaoImpl.java
@@ -362,4 +362,9 @@ public class MockNetworkDaoImpl extends GenericDaoBase<NetworkVO, Long>
implemen
         return null;
     }
 
+    @Override
+    public List<NetworkVO> listByAclId(long aclId) {
+        return null;
+    }
+
 }


Mime
View raw message