@Override public boolean revokeACLItemsForPrivateGw(final PrivateGateway gateway) throws ResourceUnavailableException { final long networkACLId = gateway.getNetworkACLId(); final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(networkACLId); if (aclItems.isEmpty()) { s_logger.debug("Found no network ACL Items for private gateway 'id=" + gateway.getId() + "'"); return true; } if (s_logger.isDebugEnabled()) { s_logger.debug("Releasing " + aclItems.size() + " Network ACL Items for private gateway id=" + gateway.getId()); } for (final NetworkACLItemVO aclItem : aclItems) { // Mark all Network ACLs rules as Revoke, but don't update in DB if (aclItem.getState() == State.Add || aclItem.getState() == State.Active) { aclItem.setState(State.Revoke); } } final boolean success = applyACLToPrivateGw(gateway, aclItems); if (s_logger.isDebugEnabled() && success) { s_logger.debug("Successfully released Network ACLs for private gateway id=" + gateway.getId() + " and # of rules now = " + aclItems.size()); } return success; }
@Override public boolean applyACLToPrivateGw(final PrivateGateway gateway) throws ResourceUnavailableException { final VpcGatewayVO vpcGatewayVO = _vpcGatewayDao.findById(gateway.getId()); final List<? extends NetworkACLItem> rules = _networkACLItemDao.listByACL(vpcGatewayVO.getNetworkACLId()); return applyACLToPrivateGw(gateway, rules); }
@Override public void doInTransactionWithoutResult(final TransactionStatus status) { final List<PrivateIpVO> privateIps = _privateIpDao.listByNetworkId(networkId); if (privateIps.size() > 1 || !privateIps.get(0).getIpAddress().equalsIgnoreCase(gateway.getIp4Address())) { s_logger.debug("Not removing network id=" + gateway.getNetworkId() + " as it has private ip addresses for other gateways"); deleteNetwork = false; } final PrivateIpVO ip = _privateIpDao.findByIpAndVpcId(gateway.getVpcId(), gateway.getIp4Address()); if (ip != null) { _privateIpDao.remove(ip.getId()); s_logger.debug("Deleted private ip " + ip); } _vpcGatewayDao.remove(gateway.getId()); s_logger.debug("Deleted private gateway " + gateway); } });
@Override public boolean replaceNetworkACLForPrivateGw(final NetworkACL acl, final PrivateGateway gateway) throws ResourceUnavailableException { final VpcGatewayVO vpcGatewayVo = _vpcGatewayDao.findById(gateway.getId()); final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(acl.getId()); if (aclItems == null || aclItems.isEmpty()) { //Revoke ACL Items of the existing ACL if the new network acl is empty //Other wise existing rules will not be removed on the router elelment s_logger.debug("New network ACL is empty. Revoke existing rules before applying ACL"); if (!revokeACLItemsForPrivateGw(gateway)) { throw new CloudRuntimeException("Failed to replace network ACL. Error while removing existing ACL " + "items for privatewa gateway: " + gateway.getId()); } } vpcGatewayVo.setNetworkACLId(acl.getId()); if (_vpcGatewayDao.update(vpcGatewayVo.getId(), vpcGatewayVo)) { return applyACLToPrivateGw(gateway); } return false; }
if (gateway != null) { s_logger.debug("Deleting private gateway " + gateway + " as a part of vpc " + vpcId + " resources cleanup"); if (!deleteVpcPrivateGateway(gateway.getId())) { success = false; s_logger.debug("Failed to delete private gateway " + gateway + " as a part of vpc " + vpcId + " resources cleanup");
@Override public void create() throws ResourceAllocationException { PrivateGateway result = null; try { result = _vpcService.createVpcPrivateGateway(getVpcId(), getPhysicalNetworkId(), getBroadcastUri(), getStartIp(), getGateway(), getNetmask(), getEntityOwnerId(), getNetworkOfferingId(), getIsSourceNat(), getAclId()); } catch (InsufficientCapacityException ex) { s_logger.info(ex); s_logger.trace(ex); throw new ServerApiException(ApiErrorCode.INSUFFICIENT_CAPACITY_ERROR, ex.getMessage()); } catch (ConcurrentOperationException ex) { s_logger.warn("Exception: ", ex); throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, ex.getMessage()); } if (result != null) { setEntityId(result.getId()); setEntityUuid(result.getUuid()); } else { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create private gateway"); } }
s_logger.debug("failed to apply network acl item on private gateway " + privateGateway.getId() + "acl id " + aclId); break;