public void saveCidrs(NetworkACLItemVO networkACLItem, List<String> cidrList) { if (cidrList == null) { return; } _networkACLItemCidrsDao.persist(networkACLItem.getId(), cidrList); }
/** * Moves a network ACL rule to the bottom of the list. This is executed by getting the 'number' field of the last ACL rule from the ACL list, and incrementing one. * This new value is assigned to the network ACL being moved and updated in the database using {@link NetworkACLItemDao#updateNumberFieldNetworkItem(long, int)}. */ protected NetworkACLItem moveRuleToTheBottom(NetworkACLItemVO ruleBeingMoved, List<NetworkACLItemVO> allAclRules) { NetworkACLItemVO lastAclRule = allAclRules.get(allAclRules.size() - 1); int newNumberFieldValue = lastAclRule.getNumber() + 1; ruleBeingMoved.setNumber(newNumberFieldValue); _networkACLItemDao.updateNumberFieldNetworkItem(ruleBeingMoved.getId(), newNumberFieldValue); return _networkACLItemDao.findById(ruleBeingMoved.getId()); }
@Override public void loadCidrs(NetworkACLItemVO item) { List<String> cidrs = _networkACLItemCidrsDao.getCidrs(item.getId()); item.setSourceCidrList(cidrs); }
@Override public boolean revoke(NetworkACLItemVO rule) { rule.setState(State.Revoke); return update(rule.getId(), rule); }
for (int i = indexToStartProcessing; i < allAclRules.size(); i++) { NetworkACLItemVO networkACLItemVO = allAclRules.get(i); if (networkACLItemVO.getId() == ruleBeingMoved.getId()) { continue; updateAclRuleToNewPositionAndExecuteShiftIfNecessary(networkACLItemVO, newNumberFieldValueNextAclRule, allAclRules, i); _networkACLItemDao.updateNumberFieldNetworkItem(ruleBeingMoved.getId(), newNumberFieldValue); return _networkACLItemDao.findById(ruleBeingMoved.getId());
@DB private void revokeRule(final NetworkACLItemVO rule) { if (rule.getState() == State.Staged) { if (s_logger.isDebugEnabled()) { s_logger.debug("Found a rule that is still in stage state so just removing it: " + rule); } _networkACLItemDao.remove(rule.getId()); } else if (rule.getState() == State.Add || rule.getState() == State.Active) { rule.setState(State.Revoke); _networkACLItemDao.update(rule.getId(), rule); } }
@Override public boolean update(Long id, NetworkACLItemVO item) { boolean result = super.update(id, item); _networkACLItemCidrsDao.updateCidrs(item.getId(), item.getSourceCidrList()); return result; }
/** * Moves an ACL to the space between to other rules. If there is already enough room to accommodate the ACL rule being moved, we simply get the 'number' field from the previous ACL rule and add one, and then define this new value as the 'number' value for the ACL rule being moved. * Otherwise, we will need to make room. This process is executed via {@link #updateAclRuleToNewPositionAndExecuteShiftIfNecessary(NetworkACLItemVO, int, List, int)}, which will create the space between ACL rules if necessary. This involves shifting ACL rules to accommodate the rule being moved. */ protected NetworkACLItem moveRuleBetweenAclRules(NetworkACLItemVO ruleBeingMoved, List<NetworkACLItemVO> allAclRules, NetworkACLItemVO previousRule, NetworkACLItemVO nextRule) { if (previousRule.getNumber() + 1 != nextRule.getNumber()) { int newNumberFieldValue = previousRule.getNumber() + 1; for (NetworkACLItemVO networkACLItemVO : allAclRules) { if (networkACLItemVO.getNumber() == newNumberFieldValue) { throw new InvalidParameterValueException("There are some inconsistencies with the data you sent. The new position calculated already has a ACL rule on it."); } } ruleBeingMoved.setNumber(newNumberFieldValue); _networkACLItemDao.updateNumberFieldNetworkItem(ruleBeingMoved.getId(), newNumberFieldValue); return _networkACLItemDao.findById(ruleBeingMoved.getId()); } int positionToStartProcessing = 0; for (int i = 0; i < allAclRules.size(); i++) { if (allAclRules.get(i).getId() == previousRule.getId()) { positionToStartProcessing = i + 1; break; } } return updateAclRuleToNewPositionAndExecuteShiftIfNecessary(ruleBeingMoved, previousRule.getNumber() + 1, allAclRules, positionToStartProcessing); }
@Override public boolean deleteNetworkACL(final NetworkACL acl) { final long aclId = acl.getId(); final List<NetworkVO> networks = _networkDao.listByAclId(aclId); if (networks != null && networks.size() > 0) { throw new CloudRuntimeException("ACL is still associated with " + networks.size() + " tier(s). Cannot delete network ACL: " + acl.getUuid()); } final List<VpcGatewayVO> pvtGateways = _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private); if (pvtGateways != null && pvtGateways.size() > 0) { throw new CloudRuntimeException("ACL is still associated with " + pvtGateways.size() + " private gateway(s). Cannot delete network ACL: " + acl.getUuid()); } final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(aclId); for (final NetworkACLItemVO networkACLItem : aclItems) { revokeNetworkACLItem(networkACLItem.getId()); } return _networkACLDao.remove(aclId); }
@DB @Override @ActionEvent(eventType = EventTypes.EVENT_NETWORK_ACL_ITEM_CREATE, eventDescription = "creating network ACL Item", create = true) public NetworkACLItem createNetworkACLItem(NetworkACLItemVO networkACLItemVO) { NetworkACLItemVO newRule = Transaction.execute(new TransactionCallback<NetworkACLItemVO>() { @Override public NetworkACLItemVO doInTransaction(final TransactionStatus status) { NetworkACLItemVO networkACLItemVOFromDatabase = _networkACLItemDao.persist(networkACLItemVO); if (!_networkACLItemDao.setStateToAdd(networkACLItemVOFromDatabase)) { throw new CloudRuntimeException("Unable to update the state to add for " + networkACLItemVOFromDatabase); } CallContext.current().setEventDetails("ACL Item Id: " + networkACLItemVOFromDatabase.getId()); return networkACLItemVOFromDatabase; } }); return getNetworkACLItem(newRule.getId()); }
@Override public NetworkACLItemVO doInTransaction(final TransactionStatus status) { NetworkACLItemVO networkACLItemVOFromDatabase = _networkACLItemDao.persist(networkACLItemVO); if (!_networkACLItemDao.setStateToAdd(networkACLItemVOFromDatabase)) { throw new CloudRuntimeException("Unable to update the state to add for " + networkACLItemVOFromDatabase); } CallContext.current().setEventDetails("ACL Item Id: " + networkACLItemVOFromDatabase.getId()); return networkACLItemVOFromDatabase; } });
@Override public boolean setStateToAdd(NetworkACLItemVO rule) { SearchCriteria<NetworkACLItemVO> sc = AllFieldsSearch.create(); sc.setParameters("id", rule.getId()); sc.setParameters("state", State.Staged); rule.setState(State.Add); return update(rule, sc) > 0; }
/** * Updates and applies the network ACL rule ({@link NetworkACLItemVO}). * We will first try to update the ACL rule in the database using {@link NetworkACLItemDao#update(Long, NetworkACLItemVO)}. If it does not work, a {@link CloudRuntimeException} is thrown. * If we manage to update the ACL rule in the database, we proceed to apply it using {@link #applyNetworkACL(long)}. If this does not work we throw a {@link CloudRuntimeException}. * If all is working we return the {@link NetworkACLItemVO} given as parameter. We wil set the state of the rule to {@link com.cloud.network.vpc.NetworkACLItem.State#Add}. */ @Override public NetworkACLItem updateNetworkACLItem(NetworkACLItemVO networkACLItemVO) throws ResourceUnavailableException { networkACLItemVO.setState(State.Add); if (_networkACLItemDao.update(networkACLItemVO.getId(), networkACLItemVO)) { if (applyNetworkACL(networkACLItemVO.getAclId())) { return networkACLItemVO; } else { throw new CloudRuntimeException("Failed to apply Network ACL rule: " + networkACLItemVO.getUuid()); } } throw new CloudRuntimeException(String.format("Network ACL rule [id=%s] acl rule list [id=%s] could not be updated.", networkACLItemVO.getUuid(), networkACLItemVO.getAclId())); }
if (number != null) { NetworkACLItemVO aclNumber = _networkACLItemDao.findByAclAndNumber(acl.getId(), number); if (aclNumber != null && aclNumber.getId() != networkACLItemVo.getId()) { throw new InvalidParameterValueException("ACL item with number " + number + " already exists in ACL: " + acl.getUuid());
final NetworkACLItemVO ruleVO = _networkACLItemDao.findById(rule.getId()); ruleVO.setState(NetworkACLItem.State.Active); _networkACLItemDao.update(ruleVO.getId(), ruleVO);
final SearchBuilder<NetworkACLItemVO> sb = _networkACLItemDao.createSearchBuilder(); sb.and("id", sb.entity().getId(), Op.EQ); sb.and("aclId", sb.entity().getAclId(), Op.EQ); sb.and("trafficType", sb.entity().getTrafficType(), Op.EQ); sb.groupBy(sb.entity().getId()); sb.join("tagSearch", tagSearch, sb.entity().getId(), tagSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER);
protected NetworkACLItemDaoImpl() { super(); AllFieldsSearch = createSearchBuilder(); AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ); AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), Op.EQ); AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ); AllFieldsSearch.and("aclId", AllFieldsSearch.entity().getAclId(), Op.EQ); AllFieldsSearch.and("trafficType", AllFieldsSearch.entity().getTrafficType(), Op.EQ); AllFieldsSearch.and("number", AllFieldsSearch.entity().getNumber(), Op.EQ); AllFieldsSearch.and("action", AllFieldsSearch.entity().getAction(), Op.EQ); AllFieldsSearch.done(); NotRevokedSearch = createSearchBuilder(); NotRevokedSearch.and("state", NotRevokedSearch.entity().getState(), Op.NEQ); NotRevokedSearch.and("protocol", NotRevokedSearch.entity().getProtocol(), Op.EQ); NotRevokedSearch.and("sourcePortStart", NotRevokedSearch.entity().getSourcePortStart(), Op.EQ); NotRevokedSearch.and("sourcePortEnd", NotRevokedSearch.entity().getSourcePortEnd(), Op.EQ); NotRevokedSearch.and("aclId", NotRevokedSearch.entity().getAclId(), Op.EQ); NotRevokedSearch.and("trafficType", NotRevokedSearch.entity().getTrafficType(), Op.EQ); NotRevokedSearch.done(); ReleaseSearch = createSearchBuilder(); ReleaseSearch.and("protocol", ReleaseSearch.entity().getProtocol(), Op.EQ); ReleaseSearch.and("ports", ReleaseSearch.entity().getSourcePortStart(), Op.IN); ReleaseSearch.done(); MaxNumberSearch = createSearchBuilder(Integer.class); MaxNumberSearch.select(null, SearchCriteria.Func.MAX, MaxNumberSearch.entity().getNumber()); MaxNumberSearch.and("aclId", MaxNumberSearch.entity().getAclId(), Op.EQ); MaxNumberSearch.done(); }