/** * Loads all ACL rules from given network ACL list. Then, the ACL rules will be sorted according to the 'number' field in ascending order. */ protected List<NetworkACLItemVO> getAllAclRulesSortedByNumber(long aclId) { List<NetworkACLItemVO> allAclRules = _networkACLItemDao.listByACL(aclId); Collections.sort(allAclRules, new Comparator<NetworkACLItemVO>() { @Override public int compare(NetworkACLItemVO o1, NetworkACLItemVO o2) { return o1.number - o2.number; } }); return allAclRules; }
/** * Moves a network ACL rule to the bottom of the list. This is executed by getting the 'number' field of the last ACL rule from the ACL list, and incrementing one. * This new value is assigned to the network ACL being moved and updated in the database using {@link NetworkACLItemDao#updateNumberFieldNetworkItem(long, int)}. */ protected NetworkACLItem moveRuleToTheBottom(NetworkACLItemVO ruleBeingMoved, List<NetworkACLItemVO> allAclRules) { NetworkACLItemVO lastAclRule = allAclRules.get(allAclRules.size() - 1); int newNumberFieldValue = lastAclRule.getNumber() + 1; ruleBeingMoved.setNumber(newNumberFieldValue); _networkACLItemDao.updateNumberFieldNetworkItem(ruleBeingMoved.getId(), newNumberFieldValue); return _networkACLItemDao.findById(ruleBeingMoved.getId()); }
/** * Searches in the database for an ACL rule by its UUID. * An {@link InvalidParameterValueException} is thrown if no ACL rule is found with the given UUID. */ protected NetworkACLItemVO retrieveAndValidateAclRule(String aclRuleUuid) { if (StringUtils.isBlank(aclRuleUuid)) { return null; } NetworkACLItemVO aclRule = _networkACLItemDao.findByUuid(aclRuleUuid); if (aclRule == null) { throw new InvalidParameterValueException(String.format("Could not find rule with ID [%s]", aclRuleUuid)); } return aclRule; }
boolean aclApplyStatus = true; final List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(aclId); removeRule(rule); } else if (rule.getState() == NetworkACLItem.State.Add) { final NetworkACLItemVO ruleVO = _networkACLItemDao.findById(rule.getId()); ruleVO.setState(NetworkACLItem.State.Active); _networkACLItemDao.update(ruleVO.getId(), ruleVO);
final SearchBuilder<NetworkACLItemVO> sb = _networkACLItemDao.createSearchBuilder(); final Pair<List<NetworkACLItemVO>, Integer> result = _networkACLItemDao.searchAndCount(sc, filter); final List<NetworkACLItemVO> aclItemVOs = result.first(); for (final NetworkACLItemVO item : aclItemVOs) { _networkACLItemDao.loadCidrs(item);
@Override public NetworkACLItem getNetworkACLItem(long ruleId) { return _networkACLItemDao.findById(ruleId); }
/** * Validates the ACL rule number field. If the field is null, then we do not have anything to check here. * If the number is not null, we perform the following checks: * <ul> * <li>If number is less than one, than we throw an {@link InvalidParameterValueException}; * <li>if there is already an ACL configured with the given number for the network, we also throw an {@link InvalidParameterValueException}. The check is performed using {@link NetworkACLItemDao#findByAclAndNumber(long, int)} method. * </ul> * * At the end, if not exception is thrown, the number of the ACL rule is valid. */ protected void validateAclRuleNumber(CreateNetworkACLCmd createNetworkAclCmd, NetworkACL acl) { Integer number = createNetworkAclCmd.getNumber(); if (number != null) { if (number < 1) { throw new InvalidParameterValueException(String.format("Invalid number [%d]. Number cannot be < 1", number)); } if (_networkACLItemDao.findByAclAndNumber(acl.getId(), createNetworkAclCmd.getNumber()) != null) { throw new InvalidParameterValueException("ACL item with number " + number + " already exists in ACL: " + acl.getUuid()); } } }
Integer number = createNetworkACLCmd.getNumber(); if (number == null) { number = _networkACLItemDao.getMaxNumberByACL(aclId) + 1;
/** * We validate the network ACL rule ID provided. If not ACL rule is found with the given Id an {@link InvalidParameterValueException} is thrown. * If an ACL rule is found, we return the clone of the rule to avoid messing up with CGlib enhanced objects that might be linked to database entries. */ protected NetworkACLItemVO validateNetworkAclRuleIdAndRetrieveIt(UpdateNetworkACLItemCmd updateNetworkACLItemCmd) { Long id = updateNetworkACLItemCmd.getId(); NetworkACLItemVO networkACLItemVoFromDatabase = _networkACLItemDao.findById(id); if (networkACLItemVoFromDatabase == null) { throw new InvalidParameterValueException(String.format("Unable to find ACL rule with ID [%s]", id)); } return networkACLItemVoFromDatabase.clone(); }
Integer number = updateNetworkACLItemCmd.getNumber(); if (number != null) { NetworkACLItemVO aclNumber = _networkACLItemDao.findByAclAndNumber(acl.getId(), number); if (aclNumber != null && aclNumber.getId() != networkACLItemVo.getId()) { throw new InvalidParameterValueException("ACL item with number " + number + " already exists in ACL: " + acl.getUuid());
@Override public List<NetworkACLItemVO> listNetworkACLItems(final long guestNtwkId) { final Network network = _networkMgr.getNetwork(guestNtwkId); if (network.getNetworkACLId() == null) { return null; } return _networkACLItemDao.listByACL(network.getNetworkACLId()); }
updateAclRuleToNewPositionAndExecuteShiftIfNecessary(networkACLItemVO, newNumberFieldValueNextAclRule, allAclRules, i); _networkACLItemDao.updateNumberFieldNetworkItem(ruleBeingMoved.getId(), newNumberFieldValue); return _networkACLItemDao.findById(ruleBeingMoved.getId());
@Override public boolean revokeNetworkACLItem(final long ruleId) { final NetworkACLItemVO rule = _networkACLItemDao.findById(ruleId); revokeRule(rule); boolean success = false; try { applyNetworkACL(rule.getAclId()); success = true; } catch (final ResourceUnavailableException e) { return false; } return success; }
@Override public NetworkACLItem moveNetworkAclRuleToNewPosition(MoveNetworkAclItemCmd moveNetworkAclItemCmd) { String uuidRuleBeingMoved = moveNetworkAclItemCmd.getUuidRuleBeingMoved(); String nextAclRuleUuid = moveNetworkAclItemCmd.getNextAclRuleUuid(); String previousAclRuleUuid = moveNetworkAclItemCmd.getPreviousAclRuleUuid(); if (StringUtils.isBlank(previousAclRuleUuid) && StringUtils.isBlank(nextAclRuleUuid)) { throw new InvalidParameterValueException("Both previous and next ACL rule IDs cannot be blank."); } NetworkACLItemVO ruleBeingMoved = _networkACLItemDao.findByUuid(uuidRuleBeingMoved); if (ruleBeingMoved == null) { throw new InvalidParameterValueException(String.format("Could not find a rule with ID[%s]", uuidRuleBeingMoved)); } NetworkACLItemVO previousRule = retrieveAndValidateAclRule(previousAclRuleUuid); NetworkACLItemVO nextRule = retrieveAndValidateAclRule(nextAclRuleUuid); validateMoveAclRulesData(ruleBeingMoved, previousRule, nextRule); try { NetworkACLVO lockedAcl = _networkACLDao.acquireInLockTable(ruleBeingMoved.getAclId()); List<NetworkACLItemVO> allAclRules = getAllAclRulesSortedByNumber(lockedAcl.getId()); validateAclConsistency(moveNetworkAclItemCmd, lockedAcl, allAclRules); if (previousRule == null) { return moveRuleToTheTop(ruleBeingMoved, allAclRules); } if (nextRule == null) { return moveRuleToTheBottom(ruleBeingMoved, allAclRules); } return moveRuleBetweenAclRules(ruleBeingMoved, allAclRules, previousRule, nextRule); } finally { _networkACLDao.releaseFromLockTable(ruleBeingMoved.getAclId()); } }
@Override public boolean revokeACLItemsForNetwork(final long networkId) throws ResourceUnavailableException { final Network network = _networkDao.findById(networkId); if (network.getNetworkACLId() == null) { return true; } final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(network.getNetworkACLId()); if (aclItems.isEmpty()) { s_logger.debug("Found no network ACL Items for network id=" + networkId); return true; } if (s_logger.isDebugEnabled()) { s_logger.debug("Releasing " + aclItems.size() + " Network ACL Items for network id=" + networkId); } for (final NetworkACLItemVO aclItem : aclItems) { // Mark all Network ACLs rules as Revoke, but don't update in DB if (aclItem.getState() == State.Add || aclItem.getState() == State.Active) { aclItem.setState(State.Revoke); } } final boolean success = applyACLItemsToNetwork(network.getId(), aclItems); if (s_logger.isDebugEnabled() && success) { s_logger.debug("Successfully released Network ACLs for network id=" + networkId + " and # of rules now = " + aclItems.size()); } return success; }
/** * Moves an ACL to the space between to other rules. If there is already enough room to accommodate the ACL rule being moved, we simply get the 'number' field from the previous ACL rule and add one, and then define this new value as the 'number' value for the ACL rule being moved. * Otherwise, we will need to make room. This process is executed via {@link #updateAclRuleToNewPositionAndExecuteShiftIfNecessary(NetworkACLItemVO, int, List, int)}, which will create the space between ACL rules if necessary. This involves shifting ACL rules to accommodate the rule being moved. */ protected NetworkACLItem moveRuleBetweenAclRules(NetworkACLItemVO ruleBeingMoved, List<NetworkACLItemVO> allAclRules, NetworkACLItemVO previousRule, NetworkACLItemVO nextRule) { if (previousRule.getNumber() + 1 != nextRule.getNumber()) { int newNumberFieldValue = previousRule.getNumber() + 1; for (NetworkACLItemVO networkACLItemVO : allAclRules) { if (networkACLItemVO.getNumber() == newNumberFieldValue) { throw new InvalidParameterValueException("There are some inconsistencies with the data you sent. The new position calculated already has a ACL rule on it."); } } ruleBeingMoved.setNumber(newNumberFieldValue); _networkACLItemDao.updateNumberFieldNetworkItem(ruleBeingMoved.getId(), newNumberFieldValue); return _networkACLItemDao.findById(ruleBeingMoved.getId()); } int positionToStartProcessing = 0; for (int i = 0; i < allAclRules.size(); i++) { if (allAclRules.get(i).getId() == previousRule.getId()) { positionToStartProcessing = i + 1; break; } } return updateAclRuleToNewPositionAndExecuteShiftIfNecessary(ruleBeingMoved, previousRule.getNumber() + 1, allAclRules, positionToStartProcessing); }
@Override @ActionEvent(eventType = EventTypes.EVENT_NETWORK_ACL_ITEM_DELETE, eventDescription = "Deleting Network ACL Item", async = true) public boolean revokeNetworkACLItem(final long ruleId) { final NetworkACLItemVO aclItem = _networkACLItemDao.findById(ruleId); if (aclItem != null) { final NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId()); final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); if (aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW || aclItem.getAclId() == NetworkACL.DEFAULT_DENY) { throw new InvalidParameterValueException("ACL Items in default ACL cannot be deleted"); } final Account caller = CallContext.current().getCallingAccount(); _accountMgr.checkAccess(caller, null, true, vpc); } return _networkAclMgr.revokeNetworkACLItem(ruleId); }
@Override public boolean revokeACLItemsForPrivateGw(final PrivateGateway gateway) throws ResourceUnavailableException { final long networkACLId = gateway.getNetworkACLId(); final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(networkACLId); if (aclItems.isEmpty()) { s_logger.debug("Found no network ACL Items for private gateway 'id=" + gateway.getId() + "'"); return true; } if (s_logger.isDebugEnabled()) { s_logger.debug("Releasing " + aclItems.size() + " Network ACL Items for private gateway id=" + gateway.getId()); } for (final NetworkACLItemVO aclItem : aclItems) { // Mark all Network ACLs rules as Revoke, but don't update in DB if (aclItem.getState() == State.Add || aclItem.getState() == State.Active) { aclItem.setState(State.Revoke); } } final boolean success = applyACLToPrivateGw(gateway, aclItems); if (s_logger.isDebugEnabled() && success) { s_logger.debug("Successfully released Network ACLs for private gateway id=" + gateway.getId() + " and # of rules now = " + aclItems.size()); } return success; }
@Override public boolean applyACLToPrivateGw(final PrivateGateway gateway) throws ResourceUnavailableException { final VpcGatewayVO vpcGatewayVO = _vpcGatewayDao.findById(gateway.getId()); final List<? extends NetworkACLItem> rules = _networkACLItemDao.listByACL(vpcGatewayVO.getNetworkACLId()); return applyACLToPrivateGw(gateway, rules); }
private boolean applyACLRulesForVpc(Network network, NetworkOffering offering) throws ResourceUnavailableException { List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(network.getNetworkACLId()); if (_networkModel.areServicesSupportedByNetworkOffering(offering.getId(), Network.Service.NetworkACL)) { applyACLRules(network, rules, true, false); } return true; }