cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antonio ForniƩ Casarrubios <>
Subject Re: [Question][Proposal] Functionality when editing a shared ACL by NetworkId
Date Tue, 25 Feb 2014 14:27:15 GMT
Yes, it surely can be done that way, but that doesn't change the fact that
if the Commands I mentioned do not work properly (at least for the case
when you specifically provide a networkId) we should fix it instead of
expecting users to find some good craft as workaround, right? Does anybody
think this proposed change will be wrong or have any bad effects?

Thanks again. Cheers
Schuberg Philis - MCE

2014-02-24 23:30 GMT+01:00 Chiradeep Vittal <>:

> Surely this can be done by a few well crafted API calls from CloudMonkey?
> On 2/24/14 4:55 AM, "Antonio ForniƩ Casarrubios"
> <> wrote:
> >Hi all,
> >
> >There is this functionality that seems to be wrong and I would like to
> >double check with you all. Actually this functionality could be considered
> >very important so I appreciate collaboration.
> >
> >It's about the functionality for ACLs shared among networks. Let's say you
> >have a VPC with Networks NW1 and NW2, and you have and ACL (what
> >Cloudstack
> >calls ACLList) with several rules, and you choose this ACL as the ACL for
> >both NW1 and NW2. The current functionality is that in general if you
> >modify the ACL this change will affect NW1 and NW2 of course.
> >
> >But there is a special case: you could send the parameter networkid. It
> >makes sense that if you send a createNetowrkACL request to allow
> >additional
> >traffic and you specifically state NW1, this should not affect NW2.
> >
> >The proposal then is to change this functionality so that, if and only if
> >the request specifies a networkid, the command should only affect the
> >specified network. Which in Java terms will mean that if other networks
> >use
> >the same ACLList, it will be cloned and then the command will be applied
> >to
> >the new clone that will be assigned to the given network.
> >
> >Note that:
> >* The new clone ACL List is created only if it is actually shared with
> >more
> >networks, otherwise it doesn't make sense.
> >* The name for the new ACL List will be the same old name plus a random
> >suffix.
> >
> >
> >Any thoughts? Reasons not to go this way?
> >
> >Thanks and cheers
> >
> >Antonio
> >Schuberg Philis - MCE

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message