@Override public boolean deleteNetworkACL(final NetworkACL acl) { final long aclId = acl.getId(); final List<NetworkVO> networks = _networkDao.listByAclId(aclId); if (networks != null && networks.size() > 0) { throw new CloudRuntimeException("ACL is still associated with " + networks.size() + " tier(s). Cannot delete network ACL: " + acl.getUuid()); } final List<VpcGatewayVO> pvtGateways = _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private); if (pvtGateways != null && pvtGateways.size() > 0) { throw new CloudRuntimeException("ACL is still associated with " + pvtGateways.size() + " private gateway(s). Cannot delete network ACL: " + acl.getUuid()); } final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(aclId); for (final NetworkACLItemVO networkACLItem : aclItems) { revokeNetworkACLItem(networkACLItem.getId()); } return _networkACLDao.remove(aclId); }
/** * Validates the ACL rule number field. If the field is null, then we do not have anything to check here. * If the number is not null, we perform the following checks: * <ul> * <li>If number is less than one, than we throw an {@link InvalidParameterValueException}; * <li>if there is already an ACL configured with the given number for the network, we also throw an {@link InvalidParameterValueException}. The check is performed using {@link NetworkACLItemDao#findByAclAndNumber(long, int)} method. * </ul> * * At the end, if not exception is thrown, the number of the ACL rule is valid. */ protected void validateAclRuleNumber(CreateNetworkACLCmd createNetworkAclCmd, NetworkACL acl) { Integer number = createNetworkAclCmd.getNumber(); if (number != null) { if (number < 1) { throw new InvalidParameterValueException(String.format("Invalid number [%d]. Number cannot be < 1", number)); } if (_networkACLItemDao.findByAclAndNumber(acl.getId(), createNetworkAclCmd.getNumber()) != null) { throw new InvalidParameterValueException("ACL item with number " + number + " already exists in ACL: " + acl.getUuid()); } } }
@Override public void create() { NetworkACL result = _networkACLService.createNetworkACL(getName(), getDescription(), getVpcId(), isDisplay()); setEntityId(result.getId()); setEntityUuid(result.getUuid()); }
/** * Validates a given {@link NetworkACL}. The validations are the following: * <ul> * <li>If the parameter is null, we return an {@link InvalidParameterValueException}; * <li>Default ACLs {@link NetworkACL#DEFAULT_ALLOW} and {@link NetworkACL#DEFAULT_DENY} cannot be modified. Therefore, if any of them is provided we throw a {@link InvalidParameterValueException}; * <li>If the network does not have a VPC, we will throw an {@link InvalidParameterValueException}. * </ul> * * After all validations, we check if the user has access to the given network ACL using {@link AccountManager#checkAccess(Account, org.apache.cloudstack.acl.SecurityChecker.AccessType, boolean, org.apache.cloudstack.acl.ControlledEntity...)}. */ protected void validateNetworkAcl(NetworkACL acl) { if (acl == null) { throw new InvalidParameterValueException("Unable to find specified ACL."); } if (acl.getId() == NetworkACL.DEFAULT_DENY || acl.getId() == NetworkACL.DEFAULT_ALLOW) { throw new InvalidParameterValueException("Default ACL cannot be modified"); } Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); if (vpc == null) { throw new InvalidParameterValueException(String.format("Unable to find Vpc associated with the NetworkACL [%s]", acl.getUuid())); } Account caller = CallContext.current().getCallingAccount(); _accountMgr.checkAccess(caller, null, true, vpc); }
@Override public NetworkACLResponse createNetworkACLResponse(NetworkACL networkACL) { NetworkACLResponse response = new NetworkACLResponse(); response.setId(networkACL.getUuid()); response.setName(networkACL.getName()); response.setDescription(networkACL.getDescription()); response.setForDisplay(networkACL.isDisplay()); Vpc vpc = ApiDBUtils.findVpcById(networkACL.getVpcId()); if (vpc != null) { response.setVpcId(vpc.getUuid()); } response.setObjectName("networkacllist"); return response; }
NetworkACLItemVO aclNumber = _networkACLItemDao.findByAclAndNumber(acl.getId(), number); if (aclNumber != null && aclNumber.getId() != networkACLItemVo.getId()) { throw new InvalidParameterValueException("ACL item with number " + number + " already exists in ACL: " + acl.getUuid());
response.setAclId(acl.getUuid());
NetworkACL acl = ApiDBUtils.findByNetworkACLId(network.getNetworkACLId()); if (acl != null) { response.setAclId(acl.getUuid());
response.setAclId(acl.getUuid());