fix reordering of acl rules on all networks that it is associated to

api/src/main/java/com/cloud/network/element/NetworkACLServiceProvider.java

@@ -33,6 +33,6 @@ public interface NetworkACLServiceProvider extends NetworkElement {
      */
     boolean applyNetworkACLs(Network config, List<? extends NetworkACLItem> rules) throws ResourceUnavailableException;
 
-    boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem> networkACLItems);
+    boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems);
 
 }

engine/components-api/src/main/java/com/cloud/network/vpc/NetworkACLManager.java

@@ -19,6 +19,7 @@ package com.cloud.network.vpc;
 import java.util.List;
 
 import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Network;
 import com.cloud.network.dao.NetworkVO;
 
 public interface NetworkACLManager {
@@ -92,5 +93,5 @@ public interface NetworkACLManager {
 
     boolean applyACLToPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException;
 
-    boolean reorderAclRules(VpcVO vpc, List<? extends NetworkACLItem> networkACLItems);
+    boolean reorderAclRules(VpcVO vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems);
 }

plugins/network-elements/bigswitch/src/main/java/com/cloud/network/element/BigSwitchBcfElement.java

@@ -701,7 +701,7 @@ NetworkACLServiceProvider, FirewallServiceProvider, ResourceStateAdapter {
     }
 
     @Override
-    public boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem> networkACLItems) {
+    public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems) {
         return true;
     }
 

plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailVpcElementImpl.java

@@ -186,7 +186,7 @@ public class ContrailVpcElementImpl extends ContrailElementImpl implements Netwo
     }
 
     @Override
-    public boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem> networkACLItems) {
+    public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems) {
         return true;
     }
 

plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java

@@ -72,7 +72,6 @@ import com.cloud.network.rules.LoadBalancerContainer;
 import com.cloud.network.rules.PortForwardingRule;
 import com.cloud.network.rules.StaticNat;
 import com.cloud.network.vpc.NetworkACLItem;
-import com.cloud.network.vpc.NetworkACLItemVO;
 import com.cloud.network.vpc.PrivateGateway;
 import com.cloud.network.vpc.StaticRouteProfile;
 import com.cloud.network.vpc.Vpc;
@@ -98,9 +97,7 @@ import com.cloud.vm.VMInstanceVO;
 import com.cloud.vm.VirtualMachineProfile;
 import com.cloud.vm.dao.VMInstanceDao;
 import net.sf.ehcache.config.InvalidConfigurationException;
-import org.apache.cloudstack.NsxAnswer;
 import org.apache.cloudstack.StartupNsxCommand;
-import org.apache.cloudstack.agent.api.DeleteNsxDistributedFirewallRulesCommand;
 import org.apache.cloudstack.api.command.admin.internallb.ConfigureInternalLoadBalancerElementCmd;
 import org.apache.cloudstack.api.command.admin.internallb.CreateInternalLoadBalancerElementCmd;
 import org.apache.cloudstack.api.command.admin.internallb.ListInternalLoadBalancerElementsCmd;
@@ -115,7 +112,6 @@ import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Comparator;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
@@ -733,17 +729,22 @@ public class NsxElement extends AdapterBase implements  DhcpServiceProvider, Dns
     }
 
     @Override
-    public boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem> networkACLItems) {
+    public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems) {
         List<NsxNetworkRule> aclRulesList = new ArrayList<>();
         for (NetworkACLItem rule : networkACLItems) {
             String privatePort = getPrivatePortRangeForACLRule(rule);
             aclRulesList.add(getNsxNetworkRuleForAcl(rule, privatePort));
         }
-        DeleteNsxDistributedFirewallRulesCommand command = new DeleteNsxDistributedFirewallRulesCommand(vpc.getDomainId(),
-                vpc.getAccountId(), vpc.getZoneId(), vpc.getId(), network.getId(), netRules);
-        NsxAnswer result = nsxControllerUtils.sendNsxCommand(command, network.getDataCenterId());
-        return result.getResult();
-        return true;
+        for (Network network: networks) {
+            nsxService.deleteFirewallRules(network, aclRulesList);
+        }
+        boolean success = true;
+        for (Network network : networks) {
+            for (NsxNetworkRule aclRule : aclRulesList) {
+                success = success && nsxService.addFirewallRules(network, List.of(aclRule));
+            }
+        }
+        return success;
     }
 
     private NsxNetworkRule getNsxNetworkRuleForAcl(NetworkACLItem rule, String privatePort) {

server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java

@@ -532,7 +532,7 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
     }
 
     @Override
-    public boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem> networkACLItems) {
+    public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems) {
         return true;
     }
 

server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java

@@ -21,7 +21,6 @@ import java.util.List;
 
 import javax.inject.Inject;
 
-import com.cloud.network.nsx.NsxProvider;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.framework.messagebus.MessageBus;
 import org.apache.cloudstack.framework.messagebus.PublishScope;
@@ -372,12 +371,12 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
     }
 
     @Override
-    public boolean reorderAclRules(VpcVO vpc, List<? extends NetworkACLItem> networkACLItems) {
+    public boolean reorderAclRules(VpcVO vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems) {
         List<NetworkACLServiceProvider> nsxElements = new ArrayList<>();
         nsxElements.add((NetworkACLServiceProvider) _ntwkModel.getElementImplementingProvider(Network.Provider.Nsx.getName()));
         try {
             for (final NetworkACLServiceProvider provider : nsxElements) {
-                return provider.reorderAclRules(networkACLItems);
+                return provider.reorderAclRules(vpc, networks, networkACLItems);
             }
         } catch (final Exception ex) {
             s_logger.debug("Failed to reorder ACLs on NSX due to: " + ex.getLocalizedMessage());

server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java

@@ -1004,9 +1004,10 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
             VpcVO vpc = _vpcDao.findById(lockedAcl.getVpcId());
             final DataCenter dc = _entityMgr.findById(DataCenter.class, vpc.getZoneId());
             final NsxProviderVO nsxProvider = nsxProviderDao.findByZoneId(dc.getId());
-            if (Objects.nonNull(nsxProvider)) {
+            List<NetworkVO> networks = _networkDao.listByAclId(lockedAcl.getId());
+            if (Objects.nonNull(nsxProvider) && !networks.isEmpty()) {
                 allAclRules = getAllAclRulesSortedByNumber(lockedAcl.getId());
-                _networkAclMgr.reorderAclRules(vpc, allAclRules);
+                _networkAclMgr.reorderAclRules(vpc, networks, allAclRules);
             }
             return networkACLItem;
         } finally {