From f939cee219e124a5c90f220bb0c9f53a3edfd842 Mon Sep 17 00:00:00 2001
From: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Date: Mon, 27 Aug 2012 13:43:02 -0700
Subject: [PATCH] CS-16178 - when remove PF rule, in VPC setup make sure if the
 rule is the last one for the network, disassociate it from the network
 Reviewed-by: Sheng Yang

---
 .../com/cloud/network/firewall/FirewallManagerImpl.java  | 6 ++++++
 .../router/VpcVirtualNetworkApplianceManagerImpl.java    | 9 ++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
index e7358a3502b..d32acefd32d 100644
--- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
@@ -37,6 +37,7 @@ import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.NetworkRuleConflictException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.IPAddressVO;
+import com.cloud.network.IpAddress;
 import com.cloud.network.Network;
 import com.cloud.network.Network.Capability;
 import com.cloud.network.Network.Service;
@@ -447,6 +448,11 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
                             success = false;
                         } else {
                             removeRule(rule);
+                            if (rule.getSourceIpAddressId() != null) {
+                                //if the rule is the last one for the ip address assigned to VPC, unassign it from the network
+                                IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId());
+                                _vpcMgr.unassignIPFromVpcNetwork(ip.getId(), rule.getNetworkId());
+                             }
                         }
                     } else if (rule.getState() == FirewallRule.State.Add) {
                         FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId());
diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
index a059975579a..77900ca3e77 100644
--- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
@@ -626,7 +626,6 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
                 Map<String, String> vlanMacAddress = new HashMap<String, String>();
                 List<PublicIpAddress> ipsToSend = new ArrayList<PublicIpAddress>();
                 for (PublicIpAddress ipAddr : ipAddress) {
-                    
                     String broadcastURI = BroadcastDomainType.Vlan.toUri(ipAddr.getVlanTag()).toString();
                     Nic nic = _nicDao.findByNetworkIdInstanceIdAndBroadcastUri(ipAddr.getNetworkId(), 
                             router.getId(), broadcastURI);
@@ -645,8 +644,12 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
                         ipsToSend.add(ipAddr);
                     }   
                 }
-                createVpcAssociatePublicIPCommands(router, ipsToSend, cmds, vlanMacAddress);
-                return sendCommandsToRouter(router, cmds);
+                if (!ipsToSend.isEmpty()) {
+                    createVpcAssociatePublicIPCommands(router, ipsToSend, cmds, vlanMacAddress);
+                    return sendCommandsToRouter(router, cmds);
+                }else {
+                    return true;
+                }
             }
         });
         if(result && netUsagecmds.size() > 0){