CLOUDSTACK-763: Added API updateNetworkACLItem to update an existing ACL Item

2013-05-07 00:14:09 +05:30 · 2013-05-07 00:14:09 +05:30 · 49fbff21fa
parent a1023e4d04
commit 49fbff21fa
11 changed files with 163 additions and 17 deletions
--- a/api/src/com/cloud/event/EventTypes.java
+++ b/api/src/com/cloud/event/EventTypes.java
@ -346,10 +346,10 @@ public class EventTypes {

    // Network ACL
    public static final String EVENT_NETWORK_ACL_CREATE = "NETWORK.ACL.CREATE";
-    public static final String EVENT_NETWORK_ACL_UPDATE = "NETWORK.ACL.UPDATE";
    public static final String EVENT_NETWORK_ACL_DELETE = "NETWORK.ACL.DELETE";
    public static final String EVENT_NETWORK_ACL_REPLACE = "NETWORK.ACL.REPLACE";
    public static final String EVENT_NETWORK_ACL_ITEM_CREATE = "NETWORK.ACL.ITEM.CREATE";
+    public static final String EVENT_NETWORK_ACL_ITEM_UPDATE = "NETWORK.ACL.ITEM.UPDATE";
    public static final String EVENT_NETWORK_ACL_ITEM_DELETE = "NETWORK.ACL.ITEM.DELETE";

    // VPC offerings
--- a/api/src/com/cloud/network/firewall/NetworkACLService.java
+++ b/api/src/com/cloud/network/firewall/NetworkACLService.java
@ -112,5 +112,7 @@ public interface NetworkACLService {
    boolean revokeNetworkACLItem(long ruleId);


-
+    NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList, NetworkACLItem.TrafficType trafficType,
+                                        String action, Integer number, Integer sourcePortStart, Integer sourcePortEnd,
+                                        Integer icmpCode, Integer icmpType) throws ResourceUnavailableException;
 }
--- a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkACLCmd.java
@ -44,7 +44,7 @@ import com.cloud.user.Account;
 import com.cloud.user.UserContext;
 import com.cloud.utils.net.NetUtils;

-@APICommand(name = "createNetworkACL", description = "Creates a ACL rule the given network (the network has to belong to VPC)",
+@APICommand(name = "createNetworkACL", description = "Creates a ACL rule in the given network (the network has to belong to VPC)",
 responseObject = NetworkACLItemResponse.class)
 public class CreateNetworkACLCmd extends BaseAsyncCreateCmd {
    public static final Logger s_logger = Logger.getLogger(CreateNetworkACLCmd.class.getName());
--- a/client/tomcatconf/commands.properties.in
+++ b/client/tomcatconf/commands.properties.in
@ -433,6 +433,7 @@ deletePrivateGateway=1

 #### Network ACL commands
 createNetworkACL=15
+updateNetworkACLItem=15
 deleteNetworkACL=15
 listNetworkACLs=15
 createNetworkACLList=15
--- a/server/src/com/cloud/network/vpc/NetworkACLItemVO.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLItemVO.java
@ -194,12 +194,44 @@ public class NetworkACLItemVO implements NetworkACLItem {
        return number;
    }

-    public void setUuid(String uuid) {
-        this.uuid = uuid;
-    }
-
    @Override
    public TrafficType getTrafficType() {
        return trafficType;
    }
+
+    public void setSourcePortStart(Integer sourcePortStart) {
+        this.sourcePortStart = sourcePortStart;
+    }
+
+    public void setSourcePortEnd(Integer sourcePortEnd) {
+        this.sourcePortEnd = sourcePortEnd;
+    }
+
+    public void setProtocol(String protocol) {
+        this.protocol = protocol;
+    }
+
+    public void setIcmpCode(Integer icmpCode) {
+        this.icmpCode = icmpCode;
+    }
+
+    public void setIcmpType(Integer icmpType) {
+        this.icmpType = icmpType;
+    }
+
+    public void setTrafficType(TrafficType trafficType) {
+        this.trafficType = trafficType;
+    }
+
+    public void setSourceCidrs(String sourceCidrs) {
+        this.sourceCidrs = sourceCidrs;
+    }
+
+    public void setNumber(int number) {
+        this.number = number;
+    }
+
+    public void setAction(Action action) {
+        this.action = action;
+    }
 }
--- a/server/src/com/cloud/network/vpc/NetworkACLManager.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManager.java
@ -114,4 +114,7 @@ public interface NetworkACLManager{

    boolean applyACLToNetwork(long networkId) throws ResourceUnavailableException;

+    NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList, NetworkACLItem.TrafficType trafficType,
+                                        String action, Integer number, Integer sourcePortStart, Integer sourcePortEnd,
+                                        Integer icmpCode, Integer icmpType) throws ResourceUnavailableException;
 }
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@ -131,7 +131,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
                                                  Integer icmpCode, Integer icmpType, NetworkACLItem.TrafficType trafficType, Long aclId,
                                                  String action, Integer number) {
        NetworkACLItem.Action ruleAction = NetworkACLItem.Action.Allow;
-        if("deny".equals(action)){
+        if("deny".equalsIgnoreCase(action)){
            ruleAction = NetworkACLItem.Action.Deny;
        }
        // If number is null, set it to currentMax + 1
@ -240,6 +240,63 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
        return applyACLItemsToNetwork(networkId, rules);
    }

+    @Override
+    public NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList, NetworkACLItem.TrafficType trafficType,
+                                               String action, Integer number, Integer sourcePortStart, Integer sourcePortEnd, Integer icmpCode,
+                                               Integer icmpType) throws ResourceUnavailableException {
+        NetworkACLItemVO aclItem = _networkACLItemDao.findById(id);
+        aclItem.setState(State.Add);
+
+        if(protocol != null){
+            aclItem.setProtocol(protocol);
+        }
+
+        if(sourceCidrList != null){
+            aclItem.setSourceCidrList(sourceCidrList);
+        }
+
+        if(trafficType != null){
+            aclItem.setTrafficType(trafficType);
+        }
+
+        if(action != null){
+            NetworkACLItem.Action ruleAction = NetworkACLItem.Action.Allow;
+            if("deny".equalsIgnoreCase(action)){
+                ruleAction = NetworkACLItem.Action.Deny;
+            }
+            aclItem.setAction(ruleAction);
+        }
+
+        if(number != null){
+            aclItem.setNumber(number);
+        }
+
+        if(sourcePortStart != null){
+            aclItem.setSourcePortStart(sourcePortStart);
+        }
+
+        if(sourcePortEnd != null){
+            aclItem.setSourcePortEnd(sourcePortEnd);
+        }
+
+        if(icmpCode != null){
+            aclItem.setIcmpCode(icmpCode);
+        }
+
+        if(icmpType != null){
+            aclItem.setIcmpType(icmpType);
+        }
+
+        if(_networkACLItemDao.update(id, aclItem)){
+            if(applyNetworkACL(aclItem.getAclId())){
+                return aclItem;
+            } else {
+                throw new CloudRuntimeException("Failed to apply Network ACL Item: "+aclItem.getUuid());
+            }
+        }
+        return null;
+    }
+
    public boolean applyACLItemsToNetwork(long networkId, List<NetworkACLItemVO> rules) throws ResourceUnavailableException {
        Network network = _networkDao.findById(networkId);
        boolean handled = false;
--- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
@ -142,6 +142,11 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
        if(acl == null) {
            throw new InvalidParameterValueException("Unable to find specified ACL");
        }
+
+        if(acl.getId() == NetworkACL.DEFAULT_ALLOW || acl.getId() == NetworkACL.DEFAULT_DENY){
+            throw new InvalidParameterValueException("Default ACL cannot be removed");
+        }
+
        Vpc vpc = _vpcMgr.getVpc(acl.getVpcId());
        if(vpc == null){
            throw new InvalidParameterValueException("Unable to find specified VPC associated with the ACL");
@ -298,7 +303,7 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
            try {
                NetworkACLItem.Action.valueOf(action);
            } catch (IllegalArgumentException ex) {
-                throw new InvalidParameterValueException("Invalid action. Allowed actions are Aloow and Deny");
+                throw new InvalidParameterValueException("Invalid action. Allowed actions are Allow and Deny");
            }
        }
    }
@ -400,7 +405,52 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ

    @Override
    public boolean revokeNetworkACLItem(long ruleId) {
+        NetworkACLItemVO aclItem = _networkACLItemDao.findById(ruleId);
+        if(aclItem != null){
+            if((aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW) || (aclItem.getAclId() == NetworkACL.DEFAULT_DENY)){
+                throw new InvalidParameterValueException("ACL Items in default ACL cannot be deleted");
+            }
+        }
        return _networkAclMgr.revokeNetworkACLItem(ruleId);
    }

+    @Override
+    public NetworkACLItem updateNetworkACLItem(Long id, String protocol, List<String> sourceCidrList, NetworkACLItem.TrafficType trafficType,
+                                               String action, Integer number, Integer sourcePortStart, Integer sourcePortEnd, Integer icmpCode,
+                                               Integer icmpType) throws ResourceUnavailableException {
+        NetworkACLItemVO aclItem = _networkACLItemDao.findById(id);
+        if(aclItem == null){
+            throw new InvalidParameterValueException("Unable to find ACL Item cannot be found");
+        }
+
+        if(aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW || aclItem.getAclId() == NetworkACL.DEFAULT_DENY){
+            throw new InvalidParameterValueException("Default ACL Items cannot be updated");
+        }
+
+        NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId());
+
+        Vpc vpc = _vpcMgr.getVpc(acl.getVpcId());
+
+        Account caller = UserContext.current().getCaller();
+
+        _accountMgr.checkAccess(caller, null, true, vpc);
+
+        Account aclOwner = _accountMgr.getAccount(vpc.getAccountId());
+        _accountMgr.checkAccess(aclOwner, SecurityChecker.AccessType.ModifyEntry, false, acl);
+
+        if(number != null){
+            //Check if ACL Item with specified number already exists
+            NetworkACLItemVO aclNumber = _networkACLItemDao.findByAclAndNumber(acl.getId(), number);
+            if((aclNumber != null) && (aclNumber.getId() != id)){
+                throw new InvalidParameterValueException("ACL item with number "+number+" already exists in ACL: "+acl.getUuid());
+            }
+        }
+
+        validateNetworkACLItem((sourcePortStart == null) ? aclItem.getSourcePortStart() : sourcePortStart, (sourcePortEnd == null) ? aclItem.getSourcePortEnd() : sourcePortEnd,
+                sourceCidrList, protocol, icmpCode, (icmpType == null) ? aclItem.getIcmpType() : icmpType, action);
+
+        return _networkAclMgr.updateNetworkACLItem(id, protocol, sourceCidrList, trafficType, action, number, sourcePortStart,
+                sourcePortEnd, icmpCode, icmpType);
+    }
+
 }
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@ -2878,11 +2878,11 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
        cmdList.add(ListInternalLBVMsCmd.class);
        cmdList.add(ListNetworkIsolationMethodsCmd.class);
        cmdList.add(ListNetworkIsolationMethodsCmd.class);
-
        cmdList.add(CreateNetworkACLListCmd.class);
        cmdList.add(DeleteNetworkACLListCmd.class);
        cmdList.add(ListNetworkACLListsCmd.class);
        cmdList.add(ReplaceNetworkACLListCmd.class);
+        cmdList.add(UpdateNetworkACLItemCmd.class);
        return cmdList;
    }

--- a/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java
+++ b/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java
@ -23,6 +23,7 @@ import java.util.Map;
 import javax.ejb.Local;
 import javax.naming.ConfigurationException;

+import com.cloud.network.vpc.NetworkACLItem;
 import org.apache.cloudstack.api.command.admin.router.UpgradeRouterCmd;
 import org.springframework.stereotype.Component;

@ -336,14 +337,9 @@ VpcVirtualNetworkApplianceService {
        return null;
    }

-    /* (non-Javadoc)
-     * @see com.cloud.network.router.VpcVirtualNetworkApplianceManager#applyNetworkACLs(com.cloud.network.Network, java.util.List, java.util.List)
-     */
    @Override
-    public boolean applyNetworkACLs(Network network, List<? extends FirewallRule> rules,
-            List<? extends VirtualRouter> routers) throws ResourceUnavailableException {
-        // TODO Auto-generated method stub
-        return false;
+    public boolean applyNetworkACLs(Network network, List<? extends NetworkACLItem> rules, List<? extends VirtualRouter> routers) throws ResourceUnavailableException {
+        return false;  //To change body of implemented methods use File | Settings | File Templates.
    }

    /* (non-Javadoc)
--- a/server/test/com/cloud/vpc/dao/MockNetworkDaoImpl.java
+++ b/server/test/com/cloud/vpc/dao/MockNetworkDaoImpl.java
@ -362,4 +362,9 @@ public class MockNetworkDaoImpl extends GenericDaoBase<NetworkVO, Long> implemen
        return null;
    }

+    @Override
+    public List<NetworkVO> listByAclId(long aclId) {
+        return null;
+    }
+
 }