From 34066935c0cb91887389b1ba17fe2a41d2f257af Mon Sep 17 00:00:00 2001
From: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Date: Fri, 13 Jul 2012 12:47:36 -0700
Subject: [PATCH] VPC: CS-15564 - when send the rules to the backend, form the
 list of rules after the rules were marked with Revoke state

---
 .../com/cloud/network/vpc/NetworkACLManagerImpl.java | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
index ec6e5ce5c85..7637892635b 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -400,18 +400,26 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
     public boolean revokeAllNetworkACLsForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException {
 
         List<FirewallRuleVO> ACLs = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.NetworkACL);
+        
+        if (ACLs.isEmpty()) {
+            s_logger.debug("Found no network ACLs for network id=" + networkId);
+            return true;
+        }
+        
         if (s_logger.isDebugEnabled()) {
             s_logger.debug("Releasing " + ACLs.size() + " Network ACLs for network id=" + networkId);
         }
 
         for (FirewallRuleVO ACL : ACLs) {
-            // Mark all Firewall rules as Revoke, but don't revoke them yet - we have to revoke all rules for ip, no
+            // Mark all Network ACLs rules as Revoke, but don't revoke them yet - we have to revoke all rules for ip, no
             // need to send them one by one
             revokeNetworkACL(ACL.getId(), false, caller, Account.ACCOUNT_ID_SYSTEM);
         }
+        
+        List<FirewallRuleVO> ACLsToRevoke = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.NetworkACL);
 
         // now send everything to the backend
-        boolean success = _firewallMgr.applyFirewallRules(ACLs, false, caller);
+        boolean success = _firewallMgr.applyFirewallRules(ACLsToRevoke, false, caller);
 
         if (s_logger.isDebugEnabled()) {
             s_logger.debug("Successfully released Network ACLs for network id=" + networkId + " and # of rules now = " + ACLs.size());