From 308fd39a73b02cda2ce89b2d478f28cbeb48e6b2 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Wed, 27 Jun 2012 15:56:31 -0700 Subject: [PATCH] VPC: delete network ACLs as a part of network cleanup --- .../com/cloud/network/NetworkManagerImpl.java | 18 ++++++++++++++++-- .../network/vpc/NetworkACLManagerImpl.java | 6 ++---- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 9b70225d2a2..02f79a9b88c 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -135,7 +135,6 @@ import com.cloud.network.element.StaticNatServiceProvider; import com.cloud.network.element.UserDataServiceProvider; import com.cloud.network.element.VirtualRouterElement; import com.cloud.network.element.VpcVirtualRouterElement; -import com.cloud.network.firewall.NetworkACLService; import com.cloud.network.guru.NetworkGuru; import com.cloud.network.lb.LoadBalancingRule; import com.cloud.network.lb.LoadBalancingRule.LbDestination; @@ -152,6 +151,7 @@ import com.cloud.network.rules.StaticNat; import com.cloud.network.rules.StaticNatRule; import com.cloud.network.rules.StaticNatRuleImpl; import com.cloud.network.rules.dao.PortForwardingRulesDao; +import com.cloud.network.vpc.NetworkACLManager; import com.cloud.network.vpc.PrivateIpVO; import com.cloud.network.vpc.Vpc; import com.cloud.network.vpc.VpcManager; @@ -310,7 +310,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Inject PrivateIpDao _privateIpDao; @Inject - NetworkACLService _networkACLMgr; + NetworkACLManager _networkACLMgr; private final HashMap _systemNetworks = new HashMap(5); private static Long _privateOfferingId = null; @@ -5918,6 +5918,20 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag // shouldn't even come here as network is being cleaned up after all network elements are shutdown s_logger.warn("Failed to cleanup Firewall rules as a part of network id=" + networkId + " cleanup due to resourceUnavailable ", ex); } + + //revoke all network ACLs for network + try { + if (_networkACLMgr.revokeAllNetworkACLsForNetwork(networkId, callerUserId, caller)) { + s_logger.debug("Successfully cleaned up NetworkACLs for network id=" + networkId); + } else { + success = false; + s_logger.warn("Failed to cleanup NetworkACLs as a part of network id=" + networkId + " cleanup"); + } + } catch (ResourceUnavailableException ex) { + success = false; + s_logger.warn("Failed to cleanup Network ACLs as a part of network id=" + networkId + + " cleanup due to resourceUnavailable ", ex); + } //release all ip addresses List ipsToRelease = _ipAddressDao.listByAssociatedNetwork(networkId, null); diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java index e546565d746..6e3ba66e21c 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java @@ -370,7 +370,7 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{ @Override public boolean revokeAllNetworkACLsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException { - List ACLs = _firewallDao.listByNetworkAndPurposeAndNotRevoked(networkId, Purpose.NetworkACL); + List ACLs = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.NetworkACL); if (s_logger.isDebugEnabled()) { s_logger.debug("Releasing " + ACLs.size() + " Network ACLs for network id=" + networkId); } @@ -388,9 +388,7 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{ s_logger.debug("Successfully released Network ACLs for network id=" + networkId + " and # of rules now = " + ACLs.size()); } - // Now we check again in case more rules have been inserted. - ACLs.addAll(_firewallDao.listByNetworkAndPurposeAndNotRevoked(networkId, Purpose.Firewall)); - return success && ACLs.size() == 0; + return success; } }