Apply reordered ACL list to VR router (#12525)

This PR address #9398
2026-01-28 10:55:59 +05:30 · 2026-01-28 10:55:59 +05:30 · 21d5c10850
parent 062b98a51e
commit 21d5c10850
2 changed files with 21 additions and 4 deletions
--- a/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
+++ b/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
@ -550,7 +550,15 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc

    @Override
    public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems) {
-        return true;
+        boolean result = true;
+        try {
+            for (Network network : networks) {
+                result = result && applyNetworkACLs(network, networkACLItems);
+            }
+        } catch (ResourceUnavailableException ex) {
+            result = false;
+        }
+        return result;
    }

    @Override
--- a/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
@ -109,6 +109,8 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
    private NsxProviderDao nsxProviderDao;
    @Inject
    private NetrisProviderDao netrisProviderDao;
+    @Inject
+    private VpcManager vpcManager;

    private String supportedProtocolsForAclRules = "tcp,udp,icmp,all";

@ -1037,13 +1039,20 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
            if (Objects.isNull(vpc)) {
                return networkACLItem;
            }
+            List<NetworkVO> networks = _networkDao.listByAclId(lockedAcl.getId());
+            if (networks.isEmpty()) {
+                return networkACLItem;
+            }
+
            final DataCenter dc = _entityMgr.findById(DataCenter.class, vpc.getZoneId());
            final NsxProviderVO nsxProvider = nsxProviderDao.findByZoneId(dc.getId());
            final NetrisProviderVO netrisProvider = netrisProviderDao.findByZoneId(dc.getId());
-            List<NetworkVO> networks = _networkDao.listByAclId(lockedAcl.getId());
-            if (ObjectUtils.anyNotNull(nsxProvider, netrisProvider) && !networks.isEmpty()) {
+            boolean isVpcNetworkACLProvider = vpcManager.isProviderSupportServiceInVpc(vpc.getId(), Network.Service.NetworkACL, Network.Provider.VPCVirtualRouter);
+
+            if (ObjectUtils.anyNotNull(nsxProvider, netrisProvider) || isVpcNetworkACLProvider) {
                allAclRules = getAllAclRulesSortedByNumber(lockedAcl.getId());
-                Network.Provider networkProvider = nsxProvider != null ? Network.Provider.Nsx : Network.Provider.Netris;
+                Network.Provider networkProvider = isVpcNetworkACLProvider ? Network.Provider.VPCVirtualRouter
+                                : (nsxProvider != null ? Network.Provider.Nsx : Network.Provider.Netris);
                _networkAclMgr.reorderAclRules(vpc, networks, allAclRules, networkProvider);
            }
            return networkACLItem;