@Override public boolean revokeNetworkACLItem(final long ruleId) { final NetworkACLItemVO rule = _networkACLItemDao.findById(ruleId); revokeRule(rule); boolean success = false; try { applyNetworkACL(rule.getAclId()); success = true; } catch (final ResourceUnavailableException e) { return false; } return success; }
@Override @ActionEvent(eventType = EventTypes.EVENT_NETWORK_ACL_ITEM_DELETE, eventDescription = "Deleting Network ACL Item", async = true) public boolean revokeNetworkACLItem(final long ruleId) { final NetworkACLItemVO aclItem = _networkACLItemDao.findById(ruleId); if (aclItem != null) { final NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId()); final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); if (aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW || aclItem.getAclId() == NetworkACL.DEFAULT_DENY) { throw new InvalidParameterValueException("ACL Items in default ACL cannot be deleted"); } final Account caller = CallContext.current().getCallingAccount(); _accountMgr.checkAccess(caller, null, true, vpc); } return _networkAclMgr.revokeNetworkACLItem(ruleId); }
/** * Validates if the data provided to move the ACL rule is supported by this implementation. The user needs to provide a valid ACL UUID, and at least one of the previous or the next ACL rule. * The validation is as follows: * <ul> * <li> If both ACL rules 'previous' and 'next' are invalid, we throw an {@link InvalidParameterValueException}; * <li> informed previous and next ACL rules must have the same ACL ID as the rule being moved; otherwise, an {@link InvalidParameterValueException} is thrown; * <li> then we check if the user trying to move ACL rules has access to the VPC, where the ACL rules are being applied. * </ul> */ protected void validateMoveAclRulesData(NetworkACLItemVO ruleBeingMoved, NetworkACLItemVO previousRule, NetworkACLItemVO nextRule) { if (nextRule == null && previousRule == null) { throw new InvalidParameterValueException("Both previous and next ACL rule IDs cannot be invalid."); } long aclId = ruleBeingMoved.getAclId(); if ((nextRule != null && nextRule.getAclId() != aclId) || (previousRule != null && previousRule.getAclId() != aclId)) { throw new InvalidParameterValueException("Cannot use ACL rules from differenting ACLs. Rule being moved."); } NetworkACLVO acl = _networkACLDao.findById(aclId); Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); Account caller = CallContext.current().getCallingAccount(); _accountMgr.checkAccess(caller, null, true, vpc); } }
/** * Updates and applies the network ACL rule ({@link NetworkACLItemVO}). * We will first try to update the ACL rule in the database using {@link NetworkACLItemDao#update(Long, NetworkACLItemVO)}. If it does not work, a {@link CloudRuntimeException} is thrown. * If we manage to update the ACL rule in the database, we proceed to apply it using {@link #applyNetworkACL(long)}. If this does not work we throw a {@link CloudRuntimeException}. * If all is working we return the {@link NetworkACLItemVO} given as parameter. We wil set the state of the rule to {@link com.cloud.network.vpc.NetworkACLItem.State#Add}. */ @Override public NetworkACLItem updateNetworkACLItem(NetworkACLItemVO networkACLItemVO) throws ResourceUnavailableException { networkACLItemVO.setState(State.Add); if (_networkACLItemDao.update(networkACLItemVO.getId(), networkACLItemVO)) { if (applyNetworkACL(networkACLItemVO.getAclId())) { return networkACLItemVO; } else { throw new CloudRuntimeException("Failed to apply Network ACL rule: " + networkACLItemVO.getUuid()); } } throw new CloudRuntimeException(String.format("Network ACL rule [id=%s] acl rule list [id=%s] could not be updated.", networkACLItemVO.getUuid(), networkACLItemVO.getAclId())); }
@Override public NetworkACLItem moveNetworkAclRuleToNewPosition(MoveNetworkAclItemCmd moveNetworkAclItemCmd) { String uuidRuleBeingMoved = moveNetworkAclItemCmd.getUuidRuleBeingMoved(); String nextAclRuleUuid = moveNetworkAclItemCmd.getNextAclRuleUuid(); String previousAclRuleUuid = moveNetworkAclItemCmd.getPreviousAclRuleUuid(); if (StringUtils.isBlank(previousAclRuleUuid) && StringUtils.isBlank(nextAclRuleUuid)) { throw new InvalidParameterValueException("Both previous and next ACL rule IDs cannot be blank."); } NetworkACLItemVO ruleBeingMoved = _networkACLItemDao.findByUuid(uuidRuleBeingMoved); if (ruleBeingMoved == null) { throw new InvalidParameterValueException(String.format("Could not find a rule with ID[%s]", uuidRuleBeingMoved)); } NetworkACLItemVO previousRule = retrieveAndValidateAclRule(previousAclRuleUuid); NetworkACLItemVO nextRule = retrieveAndValidateAclRule(nextAclRuleUuid); validateMoveAclRulesData(ruleBeingMoved, previousRule, nextRule); try { NetworkACLVO lockedAcl = _networkACLDao.acquireInLockTable(ruleBeingMoved.getAclId()); List<NetworkACLItemVO> allAclRules = getAllAclRulesSortedByNumber(lockedAcl.getId()); validateAclConsistency(moveNetworkAclItemCmd, lockedAcl, allAclRules); if (previousRule == null) { return moveRuleToTheTop(ruleBeingMoved, allAclRules); } if (nextRule == null) { return moveRuleToTheBottom(ruleBeingMoved, allAclRules); } return moveRuleBetweenAclRules(ruleBeingMoved, allAclRules, previousRule, nextRule); } finally { _networkACLDao.releaseFromLockTable(ruleBeingMoved.getAclId()); } }
/** * Updates a network ACL with the given values found in the {@link UpdateNetworkACLItemCmd} parameter. * First we will validate the network ACL rule provided in the command using {@link #validateNetworkAclRuleIdAndRetrieveIt(UpdateNetworkACLItemCmd)}. * Then, we validate the ACL itself using {@link #validateNetworkAcl(NetworkACL)}. If all of the validation is ok, we do the following. * <ul> * <li>Transfer new data to {@link NetworkACLItemVO} that is intended to be updated; * <li>Validate the ACL rule being updated using {@link #validateNetworkACLItem(NetworkACLItemVO)}. * </ul> * * After the validations and updating the POJO we execute the update in the database using {@link NetworkACLManagerImpl#updateNetworkACLItem(NetworkACLItemVO)}. * */ @Override public NetworkACLItem updateNetworkACLItem(UpdateNetworkACLItemCmd updateNetworkACLItemCmd) throws ResourceUnavailableException { NetworkACLItemVO networkACLItemVo = validateNetworkAclRuleIdAndRetrieveIt(updateNetworkACLItemCmd); NetworkACL acl = _networkAclMgr.getNetworkACL(networkACLItemVo.getAclId()); validateNetworkAcl(acl); transferDataToNetworkAclRulePojo(updateNetworkACLItemCmd, networkACLItemVo, acl); validateNetworkACLItem(networkACLItemVo); return _networkAclMgr.updateNetworkACLItem(networkACLItemVo); }
Object networkACL = _entityMgr.findById(s_typeMap.get(ResourceObjectType.NetworkACLList), aclItem.getAclId()); Long vpcId = ((NetworkACLVO)networkACL).getVpcId();
protected NetworkACLItemDaoImpl() { super(); AllFieldsSearch = createSearchBuilder(); AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ); AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), Op.EQ); AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ); AllFieldsSearch.and("aclId", AllFieldsSearch.entity().getAclId(), Op.EQ); AllFieldsSearch.and("trafficType", AllFieldsSearch.entity().getTrafficType(), Op.EQ); AllFieldsSearch.and("number", AllFieldsSearch.entity().getNumber(), Op.EQ); AllFieldsSearch.and("action", AllFieldsSearch.entity().getAction(), Op.EQ); AllFieldsSearch.done(); NotRevokedSearch = createSearchBuilder(); NotRevokedSearch.and("state", NotRevokedSearch.entity().getState(), Op.NEQ); NotRevokedSearch.and("protocol", NotRevokedSearch.entity().getProtocol(), Op.EQ); NotRevokedSearch.and("sourcePortStart", NotRevokedSearch.entity().getSourcePortStart(), Op.EQ); NotRevokedSearch.and("sourcePortEnd", NotRevokedSearch.entity().getSourcePortEnd(), Op.EQ); NotRevokedSearch.and("aclId", NotRevokedSearch.entity().getAclId(), Op.EQ); NotRevokedSearch.and("trafficType", NotRevokedSearch.entity().getTrafficType(), Op.EQ); NotRevokedSearch.done(); ReleaseSearch = createSearchBuilder(); ReleaseSearch.and("protocol", ReleaseSearch.entity().getProtocol(), Op.EQ); ReleaseSearch.and("ports", ReleaseSearch.entity().getSourcePortStart(), Op.IN); ReleaseSearch.done(); MaxNumberSearch = createSearchBuilder(Integer.class); MaxNumberSearch.select(null, SearchCriteria.Func.MAX, MaxNumberSearch.entity().getNumber()); MaxNumberSearch.and("aclId", MaxNumberSearch.entity().getAclId(), Op.EQ); MaxNumberSearch.done(); }