From da0006618f5bd33cea1e51e65208ade2ebcfaf7b Mon Sep 17 00:00:00 2001
From: Kishan Kavala <kishan@cloud.com>
Date: Mon, 24 Jun 2013 17:53:15 +0530
Subject: [PATCH] CLOUDSTACK-3124: Deletion of ACL associated with a tier/ pvt
 gateway should not be allowed. Check for associated tiers/gateways before
 deletion

---
 .../src/com/cloud/network/vpc/dao/VpcGatewayDao.java |  2 ++
 .../com/cloud/network/vpc/dao/VpcGatewayDaoImpl.java |  8 ++++++++
 .../com/cloud/network/vpc/NetworkACLManagerImpl.java | 12 ++++++++++++
 3 files changed, 22 insertions(+)

diff --git a/engine/schema/src/com/cloud/network/vpc/dao/VpcGatewayDao.java b/engine/schema/src/com/cloud/network/vpc/dao/VpcGatewayDao.java
index 24d9deb511c..42144b6bbcd 100644
--- a/engine/schema/src/com/cloud/network/vpc/dao/VpcGatewayDao.java
+++ b/engine/schema/src/com/cloud/network/vpc/dao/VpcGatewayDao.java
@@ -30,4 +30,6 @@ public interface VpcGatewayDao extends GenericDao<VpcGatewayVO, Long>{
     Long getNetworkAclIdForPrivateIp(long vpcId, long networkId, String ipaddr);
 
     List<VpcGatewayVO> listByVpcIdAndType(long vpcId, VpcGateway.Type type);
+
+    List<VpcGatewayVO> listByAclIdAndType(long aclId, VpcGateway.Type type);
 }
diff --git a/engine/schema/src/com/cloud/network/vpc/dao/VpcGatewayDaoImpl.java b/engine/schema/src/com/cloud/network/vpc/dao/VpcGatewayDaoImpl.java
index 6a2f8bd4459..a8cb2b38c43 100644
--- a/engine/schema/src/com/cloud/network/vpc/dao/VpcGatewayDaoImpl.java
+++ b/engine/schema/src/com/cloud/network/vpc/dao/VpcGatewayDaoImpl.java
@@ -41,6 +41,7 @@ public class VpcGatewayDaoImpl extends GenericDaoBase<VpcGatewayVO, Long> implem
         AllFieldsSearch.and("type", AllFieldsSearch.entity().getType(), SearchCriteria.Op.EQ);
         AllFieldsSearch.and("networkid", AllFieldsSearch.entity().getNetworkId(), SearchCriteria.Op.EQ);
         AllFieldsSearch.and("ipaddress", AllFieldsSearch.entity().getIp4Address(), SearchCriteria.Op.EQ);
+        AllFieldsSearch.and("aclId", AllFieldsSearch.entity().getNetworkACLId(), SearchCriteria.Op.EQ);
         AllFieldsSearch.done();
     }
 
@@ -86,4 +87,11 @@ public class VpcGatewayDaoImpl extends GenericDaoBase<VpcGatewayVO, Long> implem
         return listBy(sc);
     }
 
+    @Override
+    public List<VpcGatewayVO> listByAclIdAndType(long aclId, VpcGateway.Type type) {
+        SearchCriteria<VpcGatewayVO> sc = AllFieldsSearch.create();
+        sc.setParameters("aclId", aclId);
+        sc.setParameters("type", type);
+        return listBy(sc);
+    }
 }
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
index c2d092a48b7..4881b734e73 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -122,6 +122,18 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
         if(aclItems.size() > 0){
             throw new CloudRuntimeException("ACL is not empty. Cannot delete network ACL: "+acl.getUuid());
         }
+
+        List<NetworkVO> networks = _networkDao.listByAclId(acl.getId());
+        if(networks != null && networks.size() > 0){
+            throw new CloudRuntimeException("ACL is still associated with "+networks.size()+" tier(s). Cannot delete network ACL: "+acl.getUuid());
+        }
+
+        List<VpcGatewayVO> pvtGateways = _vpcGatewayDao.listByAclIdAndType(acl.getId(), VpcGateway.Type.Private);
+
+        if(pvtGateways != null && pvtGateways.size() > 0){
+            throw new CloudRuntimeException("ACL is still associated with "+pvtGateways.size()+" private gateway(s). Cannot delete network ACL: "+acl.getUuid());
+        }
+
         return _networkACLDao.remove(acl.getId());
     }