VPC: removed NetworkACL interface; added getTrafficType() to Firewall
Conflicts:
server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit:
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/540ea34f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/540ea34f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/540ea34f
Branch: refs/heads/vpc
Commit: 540ea34f576a50811121abd872beea879e6533a7
Parents: 0dfe603
Author: Alena Prokharchyk <[email protected]>
Authored: Thu Jul 5 09:45:03 2012 -0700
Committer: Alena Prokharchyk <[email protected]>
Committed: Fri Jul 6 11:08:00 2012 -0700
----------------------------------------------------------------------
api/src/com/cloud/api/ResponseGenerator.java | 3 +-
.../cloud/api/commands/CreateFirewallRuleCmd.java | 5 +++
.../api/commands/CreateIpForwardingRuleCmd.java | 5 +++
.../cloud/api/commands/CreateNetworkACLCmd.java | 7 ++--
.../api/commands/CreatePortForwardingRuleCmd.java | 5 +++
.../cloud/api/commands/DeleteNetworkACLCmd.java | 4 +-
.../com/cloud/api/commands/ListNetworkACLsCmd.java | 7 ++--
.../cloud/network/firewall/NetworkACLService.java | 8 ++--
.../com/cloud/network/lb/LoadBalancingRule.java | 5 +++
api/src/com/cloud/network/rules/FirewallRule.java | 6 +++
api/src/com/cloud/network/rules/NetworkACL.java | 26 ---------------
server/src/com/cloud/api/ApiResponseHelper.java | 3 +-
.../network/element/VpcVirtualRouterElement.java | 3 +-
.../router/VpcVirtualNetworkApplianceManager.java | 6 ++--
.../VpcVirtualNetworkApplianceManagerImpl.java | 21 ++++-------
.../com/cloud/network/rules/FirewallRuleVO.java | 2 +-
.../com/cloud/network/rules/StaticNatRuleImpl.java | 7 +++-
.../com/cloud/network/vpc/NetworkACLManager.java | 4 +-
.../cloud/network/vpc/NetworkACLManagerImpl.java | 25 ++++++++------
19 files changed, 74 insertions(+), 78 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/api/src/com/cloud/api/ResponseGenerator.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/ResponseGenerator.java
b/api/src/com/cloud/api/ResponseGenerator.java
index 9e6ab8e..7a29c5f 100755
--- a/api/src/com/cloud/api/ResponseGenerator.java
+++ b/api/src/com/cloud/api/ResponseGenerator.java
@@ -113,7 +113,6 @@ import com.cloud.network.VpnUser;
import com.cloud.network.router.VirtualRouter;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.LoadBalancer;
-import com.cloud.network.rules.NetworkACL;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.StaticNatRule;
import com.cloud.network.rules.StickinessPolicy;
@@ -323,7 +322,7 @@ public interface ResponseGenerator {
* @param networkACL
* @return
*/
- NetworkACLResponse createNetworkACLResponse(NetworkACL networkACL);
+ NetworkACLResponse createNetworkACLResponse(FirewallRule networkACL);
/**
* @param result
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java
b/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java
index 5ab908b..ca33c41 100644
--- a/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java
+++ b/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java
@@ -316,5 +316,10 @@ public class CreateFirewallRuleCmd extends
BaseAsyncCreateCmd implements Firewal
public AsyncJob.Type getInstanceType() {
return AsyncJob.Type.FirewallRule;
}
+
+ @Override
+ public TrafficType getTrafficType() {
+ return null;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
index ba2992b..a688d13 100644
--- a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
+++ b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
@@ -302,5 +302,10 @@ public class CreateIpForwardingRuleCmd extends
BaseAsyncCreateCmd implements Sta
public AsyncJob.Type getInstanceType() {
return AsyncJob.Type.FirewallRule;
}
+
+ @Override
+ public TrafficType getTrafficType() {
+ return null;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/api/src/com/cloud/api/commands/CreateNetworkACLCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/CreateNetworkACLCmd.java
b/api/src/com/cloud/api/commands/CreateNetworkACLCmd.java
index 2016f29..25d433b 100644
--- a/api/src/com/cloud/api/commands/CreateNetworkACLCmd.java
+++ b/api/src/com/cloud/api/commands/CreateNetworkACLCmd.java
@@ -22,7 +22,6 @@ import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.Network;
import com.cloud.network.rules.FirewallRule;
-import com.cloud.network.rules.NetworkACL;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
import com.cloud.user.UserContext;
@@ -30,7 +29,7 @@ import com.cloud.utils.net.NetUtils;
@Implementation(description = "Creates a ACL rule the given network (the
network has to belong to VPC)",
responseObject = NetworkACLResponse.class)
-public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements
NetworkACL {
+public class CreateNetworkACLCmd extends BaseAsyncCreateCmd implements
FirewallRule {
public static final Logger s_logger =
Logger.getLogger(CreateNetworkACLCmd.class.getName());
private static final String s_name = "createnetworkaclresponse";
@@ -139,7 +138,7 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd
implements NetworkAC
public void execute() throws ResourceUnavailableException {
UserContext callerContext = UserContext.current();
boolean success = false;
- NetworkACL rule = _networkACLService.getNetworkACL(getEntityId());
+ FirewallRule rule = _networkACLService.getNetworkACL(getEntityId());
try {
UserContext.current().setEventDetails("Rule Id: " + getEntityId());
success = _networkACLService.applyNetworkACLs(rule.getNetworkId(),
callerContext.getCaller());
@@ -239,7 +238,7 @@ public class CreateNetworkACLCmd extends BaseAsyncCreateCmd
implements NetworkAC
}
try {
- NetworkACL result = _networkACLService.createNetworkACL(this);
+ FirewallRule result = _networkACLService.createNetworkACL(this);
setEntityId(result.getId());
} catch (NetworkRuleConflictException ex) {
s_logger.info("Network rule conflict: " + ex.getMessage());
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
index f60d840..6666114 100644
--- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
+++ b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
@@ -358,4 +358,9 @@ public class CreatePortForwardingRuleCmd extends
BaseAsyncCreateCmd implements P
return AsyncJob.Type.FirewallRule;
}
+ @Override
+ public TrafficType getTrafficType() {
+ return null;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/api/src/com/cloud/api/commands/DeleteNetworkACLCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/DeleteNetworkACLCmd.java
b/api/src/com/cloud/api/commands/DeleteNetworkACLCmd.java
index 414822b..9c08465 100644
--- a/api/src/com/cloud/api/commands/DeleteNetworkACLCmd.java
+++ b/api/src/com/cloud/api/commands/DeleteNetworkACLCmd.java
@@ -29,7 +29,7 @@ import com.cloud.async.AsyncJob;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.network.rules.NetworkACL;
+import com.cloud.network.rules.FirewallRule;
import com.cloud.user.UserContext;
@Implementation(description="Deletes a Network ACL",
responseObject=SuccessResponse.class)
@@ -78,7 +78,7 @@ public class DeleteNetworkACLCmd extends BaseAsyncCmd {
@Override
public long getEntityOwnerId() {
if (ownerId == null) {
- NetworkACL rule = _networkACLService.getNetworkACL(id);
+ FirewallRule rule = _networkACLService.getNetworkACL(id);
if (rule == null) {
throw new InvalidParameterValueException("Unable to find
network ACL by id=" + id);
} else {
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/api/src/com/cloud/api/commands/ListNetworkACLsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/commands/ListNetworkACLsCmd.java
b/api/src/com/cloud/api/commands/ListNetworkACLsCmd.java
index c6e477b..e7d3790 100644
--- a/api/src/com/cloud/api/commands/ListNetworkACLsCmd.java
+++ b/api/src/com/cloud/api/commands/ListNetworkACLsCmd.java
@@ -26,10 +26,9 @@ import com.cloud.api.BaseListProjectAndAccountResourcesCmd;
import com.cloud.api.IdentityMapper;
import com.cloud.api.Implementation;
import com.cloud.api.Parameter;
-import com.cloud.api.response.FirewallResponse;
import com.cloud.api.response.ListResponse;
import com.cloud.api.response.NetworkACLResponse;
-import com.cloud.network.rules.NetworkACL;
+import com.cloud.network.rules.FirewallRule;
@Implementation(description="Lists all network ACLs",
responseObject=NetworkACLResponse.class)
public class ListNetworkACLsCmd extends BaseListProjectAndAccountResourcesCmd {
@@ -78,11 +77,11 @@ public class ListNetworkACLsCmd extends
BaseListProjectAndAccountResourcesCmd {
@Override
public void execute(){
- List<? extends NetworkACL> result =
_networkACLService.listNetworkACLs(this);
+ List<? extends FirewallRule> result =
_networkACLService.listNetworkACLs(this);
ListResponse<NetworkACLResponse> response = new
ListResponse<NetworkACLResponse>();
List<NetworkACLResponse> aclResponses = new
ArrayList<NetworkACLResponse>();
- for (NetworkACL acl : result) {
+ for (FirewallRule acl : result) {
NetworkACLResponse ruleData =
_responseGenerator.createNetworkACLResponse(acl);
aclResponses.add(ruleData);
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/api/src/com/cloud/network/firewall/NetworkACLService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/firewall/NetworkACLService.java
b/api/src/com/cloud/network/firewall/NetworkACLService.java
index 3cdb058..4aaf058 100644
--- a/api/src/com/cloud/network/firewall/NetworkACLService.java
+++ b/api/src/com/cloud/network/firewall/NetworkACLService.java
@@ -17,21 +17,21 @@ import java.util.List;
import com.cloud.api.commands.ListNetworkACLsCmd;
import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.network.rules.NetworkACL;
+import com.cloud.network.rules.FirewallRule;
import com.cloud.user.Account;
/**
* @author Alena Prokharchyk
*/
public interface NetworkACLService {
- NetworkACL getNetworkACL(long ruleId);
+ FirewallRule getNetworkACL(long ruleId);
boolean applyNetworkACLs(long networkId, Account caller) throws
ResourceUnavailableException;
/**
* @param createNetworkACLCmd
* @return
*/
- NetworkACL createNetworkACL(NetworkACL acl) throws
NetworkRuleConflictException;
+ FirewallRule createNetworkACL(FirewallRule acl) throws
NetworkRuleConflictException;
/**
* @param ruleId
* @param apply
@@ -42,6 +42,6 @@ public interface NetworkACLService {
* @param listNetworkACLsCmd
* @return
*/
- List<? extends NetworkACL> listNetworkACLs(ListNetworkACLsCmd cmd);
+ List<? extends FirewallRule> listNetworkACLs(ListNetworkACLsCmd cmd);
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/api/src/com/cloud/network/lb/LoadBalancingRule.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/lb/LoadBalancingRule.java
b/api/src/com/cloud/network/lb/LoadBalancingRule.java
index d49d0e9..9b4eddc 100644
--- a/api/src/com/cloud/network/lb/LoadBalancingRule.java
+++ b/api/src/com/cloud/network/lb/LoadBalancingRule.java
@@ -218,4 +218,9 @@ public class LoadBalancingRule implements FirewallRule,
LoadBalancer{
public FirewallRuleType getType() {
return FirewallRuleType.User;
}
+
+ @Override
+ public TrafficType getTrafficType() {
+ return null;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/api/src/com/cloud/network/rules/FirewallRule.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/rules/FirewallRule.java
b/api/src/com/cloud/network/rules/FirewallRule.java
index cb79e5e..5c57dff 100644
--- a/api/src/com/cloud/network/rules/FirewallRule.java
+++ b/api/src/com/cloud/network/rules/FirewallRule.java
@@ -19,6 +19,7 @@ package com.cloud.network.rules;
import java.util.List;
import com.cloud.acl.ControlledEntity;
+import com.cloud.network.rules.FirewallRule.TrafficType;
public interface FirewallRule extends ControlledEntity {
enum Purpose {
@@ -90,4 +91,9 @@ public interface FirewallRule extends ControlledEntity {
FirewallRuleType getType();
+ /**
+ * @return
+ */
+ TrafficType getTrafficType();
+
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/api/src/com/cloud/network/rules/NetworkACL.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/rules/NetworkACL.java
b/api/src/com/cloud/network/rules/NetworkACL.java
deleted file mode 100644
index d0f7f21..0000000
--- a/api/src/com/cloud/network/rules/NetworkACL.java
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2012 Citrix Systems, Inc. Licensed under the
-// Apache License, Version 2.0 (the "License"); you may not use this
-// file except in compliance with the License. Citrix Systems, Inc.
-// reserves all rights not expressly granted by the License.
-// You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-// Automatically generated by addcopyright.py at 04/03/2012
-package com.cloud.network.rules;
-
-
-/**
- * @author Alena Prokharchyk
- */
-public interface NetworkACL extends FirewallRule{
-
- /**
- * @return
- */
- TrafficType getTrafficType();
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java
b/server/src/com/cloud/api/ApiResponseHelper.java
index ded86e9..b9c5444 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -151,7 +151,6 @@ import com.cloud.network.VpnUser;
import com.cloud.network.router.VirtualRouter;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.LoadBalancer;
-import com.cloud.network.rules.NetworkACL;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.StaticNatRule;
import com.cloud.network.rules.StickinessPolicy;
@@ -2983,7 +2982,7 @@ public class ApiResponseHelper implements
ResponseGenerator {
}
@Override
- public NetworkACLResponse createNetworkACLResponse(NetworkACL networkACL) {
+ public NetworkACLResponse createNetworkACLResponse(FirewallRule
networkACL) {
NetworkACLResponse response = new NetworkACLResponse();
response.setId(networkACL.getId());
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
index 1be7b0b..83a6450 100644
--- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
+++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
@@ -46,7 +46,6 @@ import com.cloud.network.router.VirtualRouter;
import com.cloud.network.router.VirtualRouter.Role;
import com.cloud.network.router.VpcVirtualNetworkApplianceManager;
import com.cloud.network.rules.FirewallRule;
-import com.cloud.network.rules.NetworkACL;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.StaticRouteProfile;
import com.cloud.network.vpc.Vpc;
@@ -406,7 +405,7 @@ public class VpcVirtualRouterElement extends
VirtualRouterElement implements Vpc
return true;
}
- if (!_vpcRouterMgr.applyNetworkACLs(config,
(List<NetworkACL>)rules, routers)) {
+ if (!_vpcRouterMgr.applyNetworkACLs(config, rules, routers)) {
throw new CloudRuntimeException("Failed to apply firewall
rules in network " + config.getId());
} else {
return true;
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java
----------------------------------------------------------------------
diff --git
a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java
b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java
index f0a3cec..fd05e98 100644
--- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java
+++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java
@@ -22,10 +22,10 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.Network;
import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.network.VpcVirtualNetworkApplianceService;
-import com.cloud.network.rules.NetworkACL;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.StaticRouteProfile;
import com.cloud.network.vpc.Vpc;
-import com.cloud.network.vpc.PrivateGateway;
import com.cloud.user.Account;
import com.cloud.vm.DomainRouterVO;
import com.cloud.vm.VirtualMachineProfile.Param;
@@ -56,7 +56,7 @@ public interface VpcVirtualNetworkApplianceManager extends
VirtualNetworkApplian
* @return
* @throws ResourceUnavailableException
*/
- boolean applyNetworkACLs(Network network, List<? extends NetworkACL>
rules, List<? extends VirtualRouter> routers)
+ boolean applyNetworkACLs(Network network, List<? extends FirewallRule>
rules, List<? extends VirtualRouter> routers)
throws ResourceUnavailableException;
/**
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
----------------------------------------------------------------------
diff --git
a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
index 7c30c80..5738d5a 100644
---
a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
+++
b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
@@ -59,7 +59,6 @@ import com.cloud.network.Network;
import com.cloud.network.Network.Provider;
import com.cloud.network.Network.Service;
import com.cloud.network.NetworkService;
-import com.cloud.network.NetworkVO;
import com.cloud.network.Networks.BroadcastDomainType;
import com.cloud.network.Networks.IsolationType;
import com.cloud.network.Networks.TrafficType;
@@ -74,9 +73,7 @@ import
com.cloud.network.VirtualRouterProvider.VirtualRouterProviderType;
import com.cloud.network.VpcVirtualNetworkApplianceService;
import com.cloud.network.addr.PublicIp;
import com.cloud.network.dao.PhysicalNetworkDao;
-import com.cloud.network.dao.Site2SiteVpnConnectionDao;
-import com.cloud.network.firewall.NetworkACLService;
-import com.cloud.network.rules.NetworkACL;
+import com.cloud.network.rules.FirewallRule;
import com.cloud.network.vpc.NetworkACLManager;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.PrivateIpAddress;
@@ -90,7 +87,6 @@ import com.cloud.network.vpc.Dao.PrivateIpDao;
import com.cloud.network.vpc.Dao.StaticRouteDao;
import com.cloud.network.vpc.Dao.VpcDao;
import com.cloud.network.vpc.Dao.VpcOfferingDao;
-import com.cloud.network.vpn.Site2SiteVpnService;
import com.cloud.user.Account;
import com.cloud.utils.Pair;
import com.cloud.utils.component.Inject;
@@ -102,7 +98,6 @@ import com.cloud.vm.Nic;
import com.cloud.vm.NicProfile;
import com.cloud.vm.ReservationContext;
import com.cloud.vm.VirtualMachine;
-import com.cloud.vm.VirtualMachine.State;
import com.cloud.vm.VirtualMachineProfile;
import com.cloud.vm.VirtualMachineProfile.Param;
import com.cloud.vm.dao.VMInstanceDao;
@@ -690,7 +685,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends
VirtualNetworkApplian
}
@Override
- public boolean applyNetworkACLs(Network network, final List<? extends
NetworkACL> rules, List<? extends VirtualRouter> routers)
+ public boolean applyNetworkACLs(Network network, final List<? extends
FirewallRule> rules, List<? extends VirtualRouter> routers)
throws ResourceUnavailableException {
if (rules == null || rules.isEmpty()) {
s_logger.debug("No network ACLs to be applied for network " +
network.getId());
@@ -699,20 +694,20 @@ public class VpcVirtualNetworkApplianceManagerImpl
extends VirtualNetworkApplian
return applyRules(network, routers, "network acls", false, null,
false, new RuleApplier() {
@Override
public boolean execute(Network network, VirtualRouter router)
throws ResourceUnavailableException {
- return sendNetworkACLs(router, (List<NetworkACL>)rules,
network.getId());
+ return sendNetworkACLs(router, rules, network.getId());
}
});
}
- protected boolean sendNetworkACLs(VirtualRouter router, List<NetworkACL>
rules, long guestNetworkId)
+ protected boolean sendNetworkACLs(VirtualRouter router, List<? extends
FirewallRule> rules, long guestNetworkId)
throws ResourceUnavailableException {
Commands cmds = new Commands(OnError.Continue);
createNetworkACLsCommands(rules, router, cmds, guestNetworkId);
return sendCommandsToRouter(router, cmds);
}
- private void createNetworkACLsCommands(List<NetworkACL> rules,
VirtualRouter router, Commands cmds, long guestNetworkId) {
+ private void createNetworkACLsCommands(List<? extends FirewallRule> rules,
VirtualRouter router, Commands cmds, long guestNetworkId) {
List<NetworkACLTO> rulesTO = null;
String guestVlan = null;
Network guestNtwk = _networkDao.findById(guestNetworkId);
@@ -724,7 +719,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends
VirtualNetworkApplian
if (rules != null) {
rulesTO = new ArrayList<NetworkACLTO>();
- for (NetworkACL rule : rules) {
+ for (FirewallRule rule : rules) {
NetworkACLTO ruleTO = new NetworkACLTO(rule, guestVlan,
rule.getTrafficType());
rulesTO.add(ruleTO);
}
@@ -892,11 +887,11 @@ public class VpcVirtualNetworkApplianceManagerImpl
extends VirtualNetworkApplian
super.finalizeNetworkRulesForNetwork(cmds, router, provider,
guestNetworkId);
if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId,
Service.NetworkACL, Provider.VPCVirtualRouter)) {
- List<? extends NetworkACL> networkACLs =
_networkACLMgr.listNetworkACLs(guestNetworkId);
+ List<? extends FirewallRule> networkACLs =
_networkACLMgr.listNetworkACLs(guestNetworkId);
s_logger.debug("Found " + networkACLs.size() + " network ACLs to
apply as a part of VPC VR " + router
+ " start for guest network id=" + guestNetworkId);
if (!networkACLs.isEmpty()) {
- createNetworkACLsCommands((List<NetworkACL>)networkACLs,
router, cmds, guestNetworkId);
+ createNetworkACLsCommands(networkACLs, router, cmds,
guestNetworkId);
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/server/src/com/cloud/network/rules/FirewallRuleVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/rules/FirewallRuleVO.java
b/server/src/com/cloud/network/rules/FirewallRuleVO.java
index 625d2db..fc37d62 100644
--- a/server/src/com/cloud/network/rules/FirewallRuleVO.java
+++ b/server/src/com/cloud/network/rules/FirewallRuleVO.java
@@ -44,7 +44,7 @@ import com.cloud.utils.net.NetUtils;
@Table(name="firewall_rules")
@Inheritance(strategy=InheritanceType.JOINED)
@DiscriminatorColumn(name="purpose",
discriminatorType=DiscriminatorType.STRING, length=32)
-public class FirewallRuleVO implements Identity, NetworkACL {
+public class FirewallRuleVO implements Identity, FirewallRule {
protected final FirewallRulesCidrsDaoImpl _firewallRulesCidrsDao =
ComponentLocator.inject(FirewallRulesCidrsDaoImpl.class);
@Id
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/server/src/com/cloud/network/rules/StaticNatRuleImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/rules/StaticNatRuleImpl.java
b/server/src/com/cloud/network/rules/StaticNatRuleImpl.java
index f611d24..4ae7ab2 100644
--- a/server/src/com/cloud/network/rules/StaticNatRuleImpl.java
+++ b/server/src/com/cloud/network/rules/StaticNatRuleImpl.java
@@ -18,8 +18,6 @@ package com.cloud.network.rules;
import java.util.List;
-import com.cloud.network.rules.FirewallRule.FirewallRuleType;
-
public class StaticNatRuleImpl implements StaticNatRule{
long id;
@@ -132,5 +130,10 @@ public class StaticNatRuleImpl implements StaticNatRule{
public FirewallRuleType getType() {
return FirewallRuleType.User;
}
+
+ @Override
+ public TrafficType getTrafficType() {
+ return null;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/server/src/com/cloud/network/vpc/NetworkACLManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManager.java
b/server/src/com/cloud/network/vpc/NetworkACLManager.java
index 01f54f0..c271bfa 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManager.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManager.java
@@ -16,7 +16,7 @@ import java.util.List;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.firewall.NetworkACLService;
-import com.cloud.network.rules.NetworkACL;
+import com.cloud.network.rules.FirewallRule;
import com.cloud.user.Account;
/**
@@ -33,6 +33,6 @@ public interface NetworkACLManager extends NetworkACLService{
*/
boolean revokeAllNetworkACLsForNetwork(long networkId, long userId,
Account caller) throws ResourceUnavailableException;
- List<? extends NetworkACL> listNetworkACLs(long guestNtwkId);
+ List<? extends FirewallRule> listNetworkACLs(long guestNtwkId);
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/540ea34f/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
index 985f714..faef711 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -42,7 +42,6 @@ import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.FirewallRule.Purpose;
import com.cloud.network.rules.FirewallRule.TrafficType;
import com.cloud.network.rules.FirewallRuleVO;
-import com.cloud.network.rules.NetworkACL;
import com.cloud.projects.Project.ListProjectResourcesCriteria;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
@@ -111,7 +110,7 @@ public class NetworkACLManagerImpl implements
Manager,NetworkACLManager{
}
@Override
- public NetworkACL createNetworkACL(NetworkACL acl) throws
NetworkRuleConflictException {
+ public FirewallRule createNetworkACL(FirewallRule acl) throws
NetworkRuleConflictException {
return createNetworkACL(UserContext.current().getCaller(),
acl.getXid(), acl.getSourcePortStart(),
acl.getSourcePortEnd(), acl.getProtocol(),
acl.getSourceCidrList(), acl.getIcmpCode(),
acl.getIcmpType(), null, acl.getType(), acl.getNetworkId(),
acl.getTrafficType());
@@ -119,7 +118,7 @@ public class NetworkACLManagerImpl implements
Manager,NetworkACLManager{
@DB
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription
= "creating firewall rule", create = true)
- protected NetworkACL createNetworkACL(Account caller, String xId, Integer
portStart,
+ protected FirewallRule createNetworkACL(Account caller, String xId,
Integer portStart,
Integer portEnd, String protocol, List<String> sourceCidrList,
Integer icmpCode, Integer icmpType,
Long relatedRuleId, FirewallRule.FirewallRuleType type, long
networkId, TrafficType trafficType) throws NetworkRuleConflictException {
@@ -173,7 +172,7 @@ public class NetworkACLManagerImpl implements
Manager,NetworkACLManager{
txn.commit();
- return newRule;
+ return getNetworkACL(newRule.getId());
}
@@ -210,9 +209,13 @@ public class NetworkACLManagerImpl implements
Manager,NetworkACLManager{
}
}
- protected void detectNetworkACLConflict(NetworkACL newRule) throws
NetworkRuleConflictException {
-
- List<FirewallRuleVO> rules =
_firewallDao.listByNetworkPurposeTrafficTypeAndNotRevoked(newRule.getNetworkId(),
Purpose.NetworkACL, newRule.getTrafficType());
+ protected void detectNetworkACLConflict(FirewallRuleVO newRule) throws
NetworkRuleConflictException {
+ if (newRule.getPurpose() != Purpose.NetworkACL) {
+ return;
+ }
+
+ List<FirewallRuleVO> rules =
_firewallDao.listByNetworkPurposeTrafficTypeAndNotRevoked(newRule.getNetworkId(),
+ Purpose.NetworkACL, newRule.getTrafficType());
assert (rules.size() >= 1) : "For network ACLs, we now always first
persist the rule and then check for " +
"network conflicts so we should at least have one rule at this
point.";
@@ -301,8 +304,8 @@ public class NetworkACLManagerImpl implements
Manager,NetworkACLManager{
}
@Override
- public NetworkACL getNetworkACL(long ACLId) {
- FirewallRuleVO rule = _firewallDao.findById(ACLId);
+ public FirewallRule getNetworkACL(long ACLId) {
+ FirewallRule rule = _firewallDao.findById(ACLId);
if (rule != null && rule.getPurpose() == Purpose.NetworkACL) {
return rule;
}
@@ -310,7 +313,7 @@ public class NetworkACLManagerImpl implements
Manager,NetworkACLManager{
}
@Override
- public List<? extends NetworkACL> listNetworkACLs(ListNetworkACLsCmd cmd) {
+ public List<? extends FirewallRule> listNetworkACLs(ListNetworkACLsCmd
cmd) {
Long networkId = cmd.getNetworkId();
Long id = cmd.getId();
String trafficType = cmd.getTrafficType();
@@ -357,7 +360,7 @@ public class NetworkACLManagerImpl implements
Manager,NetworkACLManager{
@Override
- public List<? extends NetworkACL> listNetworkACLs(long guestNtwkId) {
+ public List<? extends FirewallRule> listNetworkACLs(long guestNtwkId) {
return _firewallDao.listByNetworkAndPurpose(guestNtwkId,
Purpose.NetworkACL);
}
