@Override public boolean applyNetworkACL(long aclId) throws ResourceUnavailableException { boolean handled = true; boolean aclApplyStatus = true; List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(aclId); // Find all networks using this ACL and apply the ACL List<NetworkVO> networks = _networkDao.listByAclId(aclId); for (NetworkVO network : networks) { if (!applyACLItemsToNetwork(network.getId(), rules)) { handled = false; break; } } List<VpcGatewayVO> vpcGateways = _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private); for (VpcGatewayVO vpcGateway : vpcGateways) { PrivateGateway privateGateway = _vpcMgr.getVpcPrivateGateway(vpcGateway.getId()); if (!applyACLToPrivateGw(privateGateway)) { aclApplyStatus = false; s_logger.debug( "failed to apply network acl item on private gateway " + privateGateway.getId() + "acl id " + aclId); break; } } if (handled && aclApplyStatus) { for (NetworkACLItem rule : rules) { if (rule.getState() == NetworkACLItem.State.Revoke) { removeRule(rule); } else if (rule.getState() == NetworkACLItem.State.Add) { NetworkACLItemVO ruleVO = _networkACLItemDao.findById(rule.getId()); ruleVO.setState(NetworkACLItem.State.Active); _networkACLItemDao.update(ruleVO.getId(), ruleVO); } } } return handled && aclApplyStatus; }
@Override @ActionEvent( eventType = EventTypes.EVENT_NETWORK_ACL_DELETE, eventDescription = "revoking network acl", async = true) public boolean revokeNetworkACLItem(long ruleId) { NetworkACLItemVO rule = _networkACLItemDao.findById(ruleId); revokeRule(rule); boolean success = false; try { applyNetworkACL(rule.getAclId()); success = true; } catch (ResourceUnavailableException e) { return false; } return success; }
@Override public NetworkACLItem updateNetworkACLItem( Long id, String protocol, List<String> sourceCidrList, NetworkACLItem.TrafficType trafficType, String action, Integer number, Integer sourcePortStart, Integer sourcePortEnd, Integer icmpCode, Integer icmpType) throws ResourceUnavailableException { NetworkACLItemVO aclItem = _networkACLItemDao.findById(id); aclItem.setState(State.Add); if (protocol != null) { aclItem.setProtocol(protocol); } if (sourceCidrList != null) { aclItem.setSourceCidrList(sourceCidrList); } if (trafficType != null) { aclItem.setTrafficType(trafficType); } if (action != null) { NetworkACLItem.Action ruleAction = NetworkACLItem.Action.Allow; if ("deny".equalsIgnoreCase(action)) { ruleAction = NetworkACLItem.Action.Deny; } aclItem.setAction(ruleAction); } if (number != null) { aclItem.setNumber(number); } if (sourcePortStart != null) { aclItem.setSourcePortStart(sourcePortStart); } if (sourcePortEnd != null) { aclItem.setSourcePortEnd(sourcePortEnd); } if (icmpCode != null) { aclItem.setIcmpCode(icmpCode); } if (icmpType != null) { aclItem.setIcmpType(icmpType); } if (_networkACLItemDao.update(id, aclItem)) { if (applyNetworkACL(aclItem.getAclId())) { return aclItem; } else { throw new CloudRuntimeException("Failed to apply Network ACL Item: " + aclItem.getUuid()); } } return null; }
@Override public NetworkACLItem getNetworkACLItem(long ruleId) { return _networkACLItemDao.findById(ruleId); }