cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kis...@apache.org
Subject git commit: updated refs/heads/master to b422d8d
Date Thu, 20 Jun 2013 11:42:50 GMT
Updated Branches:
  refs/heads/master c1e37f60a -> b422d8ddd


CLOUDSTACK-2819: Revoke existing ACL items if the new ACL is empty


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b422d8dd
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b422d8dd
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b422d8dd

Branch: refs/heads/master
Commit: b422d8ddd920912e3cef6649e3402586f244d58c
Parents: c1e37f6
Author: Kishan Kavala <kishan@cloud.com>
Authored: Thu Jun 20 17:05:55 2013 +0530
Committer: Kishan Kavala <kishan@cloud.com>
Committed: Thu Jun 20 17:06:06 2013 +0530

----------------------------------------------------------------------
 server/src/com/cloud/network/NetworkManagerImpl.java  |  4 ++--
 .../src/com/cloud/network/vpc/NetworkACLManager.java  |  2 +-
 .../com/cloud/network/vpc/NetworkACLManagerImpl.java  | 14 +++++++++++++-
 .../com/cloud/network/vpc/NetworkACLServiceImpl.java  |  5 +++--
 4 files changed, 19 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b422d8dd/server/src/com/cloud/network/NetworkManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 2832122..541082e 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -3616,7 +3616,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager,
L
 
         //revoke all network ACLs for network
         try {
-            if (_networkACLMgr.revokeACLItemsForNetwork(networkId, callerUserId, caller))
{
+            if (_networkACLMgr.revokeACLItemsForNetwork(networkId)) {
                 s_logger.debug("Successfully cleaned up NetworkACLs for network id=" + networkId);
             } else {
                 success = false;
@@ -3785,7 +3785,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager,
L
 
             try {
                 //revoke all Network ACLs for the network w/o applying them in the DB
-                if (!_networkACLMgr.revokeACLItemsForNetwork(networkId, callerUserId, caller))
{
+                if (!_networkACLMgr.revokeACLItemsForNetwork(networkId)) {
                     s_logger.warn("Failed to cleanup network ACLs as a part of shutdownNetworkRules");
                     success = false;
                 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b422d8dd/server/src/com/cloud/network/vpc/NetworkACLManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManager.java b/server/src/com/cloud/network/vpc/NetworkACLManager.java
index 8a2e65f..463e43b 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManager.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManager.java
@@ -104,7 +104,7 @@ public interface NetworkACLManager{
      * @return
      * @throws ResourceUnavailableException
      */
-    boolean revokeACLItemsForNetwork(long networkId, long userId, Account caller) throws
ResourceUnavailableException;
+    boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException;
 
     /**
      * List network ACL items by network

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b422d8dd/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
index 227975e..c2d092a 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -150,6 +150,18 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
             throw new InvalidParameterValueException("Cannot apply NetworkACL. Network Offering
does not support NetworkACL service");
         }
 
+        if(network.getNetworkACLId() != null){
+            //Revoke ACL Items of the existing ACL if the new ACL is empty
+            //Existing rules won't be removed otherwise
+            List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(acl.getId());
+            if(aclItems == null || aclItems.isEmpty()){
+                s_logger.debug("New network ACL is empty. Revoke existing rules before applying
ACL");
+               if(!revokeACLItemsForNetwork(network.getId())){
+                   throw new CloudRuntimeException("Failed to replace network ACL. Error
while removing existing ACL items for network: "+network.getId());
+               }
+            }
+        }
+
         network.setNetworkACLId(acl.getId());
         //Update Network ACL
         if(_networkDao.update(network.getId(), network)){
@@ -229,7 +241,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
     }
 
     @Override
-    public boolean revokeACLItemsForNetwork(long networkId, long userId, Account caller)
throws ResourceUnavailableException {
+    public boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException
{
         Network network = _networkDao.findById(networkId);
         if(network.getNetworkACLId() == null){
             return true;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b422d8dd/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
index b4ec22d..b0c807e 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -104,7 +104,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
         SearchBuilder<NetworkACLVO> sb = _networkACLDao.createSearchBuilder();
         sb.and("id", sb.entity().getId(), Op.EQ);
         sb.and("name", sb.entity().getName(), Op.EQ);
-        sb.and("vpcId", sb.entity().getVpcId(), Op.EQ);
+        sb.and("vpcId", sb.entity().getVpcId(), Op.IN);
 
         if(networkId != null){
             SearchBuilder<NetworkVO> network = _networkDao.createSearchBuilder();
@@ -122,7 +122,8 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
         }
 
         if(vpcId != null){
-            sc.setParameters("vpcId", vpcId);
+            //Include vpcId 0 to list default ACLs
+            sc.setParameters("vpcId", vpcId, 0);
         }
 
         if(networkId != null){


Mime
View raw message