Ejemplo n.º 1
0
  @Override
  public boolean deleteNetworkACL(NetworkACL acl) {
    List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(acl.getId());
    if (aclItems.size() > 0) {
      throw new CloudRuntimeException(
          "ACL is not empty. Cannot delete network ACL: " + acl.getUuid());
    }

    List<NetworkVO> networks = _networkDao.listByAclId(acl.getId());
    if (networks != null && networks.size() > 0) {
      throw new CloudRuntimeException(
          "ACL is still associated with "
              + networks.size()
              + " tier(s). Cannot delete network ACL: "
              + acl.getUuid());
    }

    List<VpcGatewayVO> pvtGateways =
        _vpcGatewayDao.listByAclIdAndType(acl.getId(), VpcGateway.Type.Private);

    if (pvtGateways != null && pvtGateways.size() > 0) {
      throw new CloudRuntimeException(
          "ACL is still associated with "
              + pvtGateways.size()
              + " private gateway(s). Cannot delete network ACL: "
              + acl.getUuid());
    }

    return _networkACLDao.remove(acl.getId());
  }
Ejemplo n.º 2
0
  @Override
  public boolean applyNetworkACL(long aclId) throws ResourceUnavailableException {
    boolean handled = true;
    boolean aclApplyStatus = true;

    List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(aclId);
    // Find all networks using this ACL and apply the ACL
    List<NetworkVO> networks = _networkDao.listByAclId(aclId);
    for (NetworkVO network : networks) {
      if (!applyACLItemsToNetwork(network.getId(), rules)) {
        handled = false;
        break;
      }
    }

    List<VpcGatewayVO> vpcGateways =
        _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private);
    for (VpcGatewayVO vpcGateway : vpcGateways) {
      PrivateGateway privateGateway = _vpcMgr.getVpcPrivateGateway(vpcGateway.getId());
      if (!applyACLToPrivateGw(privateGateway)) {
        aclApplyStatus = false;
        s_logger.debug(
            "failed to apply network acl item on private gateway "
                + privateGateway.getId()
                + "acl id "
                + aclId);
        break;
      }
    }

    if (handled && aclApplyStatus) {
      for (NetworkACLItem rule : rules) {
        if (rule.getState() == NetworkACLItem.State.Revoke) {
          removeRule(rule);
        } else if (rule.getState() == NetworkACLItem.State.Add) {
          NetworkACLItemVO ruleVO = _networkACLItemDao.findById(rule.getId());
          ruleVO.setState(NetworkACLItem.State.Active);
          _networkACLItemDao.update(ruleVO.getId(), ruleVO);
        }
      }
    }
    return handled && aclApplyStatus;
  }