(cloudstack) 01/01: NSX: Add appropriate error message when icmp type is set to -1 for NSX

Fri, 12 Jan 2024 10:26:58 -0800 

This is an automated email from the ASF dual-hosted git repository.

pearl11594 pushed a commit to branch nsx-fix-icmp
in repository https://gitbox.apache.org/repos/asf/cloudstack.git

commit 767c16cde4ef9377522d193fefa4a2bf004d268e
Author: Pearl Dsilva <[email protected]>
AuthorDate: Fri Jan 12 13:26:41 2024 -0500

    NSX: Add appropriate error message when icmp type is set to -1 for NSX
---
 .../cloud/network/vpc/NetworkACLServiceImpl.java   | 23 +++++++++++++++++++++-
 ui/public/locales/en.json                          |  4 ++--
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git 
a/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java 
b/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
index 8139ac1c49e..03f753d469e 100644
--- a/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -21,10 +21,14 @@ import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 
 import javax.inject.Inject;
 
+import com.cloud.dc.DataCenter;
 import com.cloud.exception.PermissionDeniedException;
+import com.cloud.network.dao.NsxProviderDao;
+import com.cloud.network.element.NsxProviderVO;
 import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd;
@@ -99,6 +103,10 @@ public class NetworkACLServiceImpl extends ManagerBase 
implements NetworkACLServ
     private VpcDao _vpcDao;
     @Inject
     private VpcService _vpcSvc;
+    @Inject
+    private NsxProviderDao nsxProviderDao;
+    @Inject
+    private NetworkACLDao networkACLDao;
 
     private String supportedProtocolsForAclRules = "tcp,udp,icmp,all";
 
@@ -338,6 +346,7 @@ public class NetworkACLServiceImpl extends ManagerBase 
implements NetworkACLServ
         if (isGlobalAcl(acl.getVpcId()) && 
!Account.Type.ADMIN.equals(caller.getType())) {
             throw new PermissionDeniedException("Only Root Admins can create 
rules for a global ACL.");
         }
+        validateNsxConstraints(acl.getVpcId(), icmpType);
         validateAclRuleNumber(createNetworkACLCmd, acl);
 
         NetworkACLItem.Action ruleAction = 
validateAndCreateNetworkAclRuleAction(action);
@@ -428,6 +437,18 @@ public class NetworkACLServiceImpl extends ManagerBase 
implements NetworkACLServ
         }
     }
 
+    private void validateNsxConstraints(Long vpcId, Integer icpmType) {
+        VpcVO vpc = _vpcDao.findById(vpcId);
+        final DataCenter dc = _entityMgr.findById(DataCenter.class, 
vpc.getZoneId());
+        final NsxProviderVO nsxProvider = 
nsxProviderDao.findByZoneId(dc.getId());
+        if (Objects.isNull(nsxProvider)) {
+            return;
+        }
+        if (icpmType == -1) {
+            throw new InvalidParameterValueException("Passing -1 for ICMP type 
is not supported for NSX enabled zones");
+        }
+    }
+
     /**
      * This methods will simply return the ACL rule list ID if it has been 
provided by the parameter 'createNetworkACLCmd'.
      * If no ACL rule List ID has been provided the method behave as follows:
@@ -817,7 +838,7 @@ public class NetworkACLServiceImpl extends ManagerBase 
implements NetworkACLServ
 
         NetworkACL acl = 
_networkAclMgr.getNetworkACL(networkACLItemVo.getAclId());
         validateNetworkAcl(acl);
-
+        validateNsxConstraints(acl.getVpcId(), networkACLItemVo.getIcmpType());
         Account account = CallContext.current().getCallingAccount();
         validateGlobalAclPermissionAndAclAssociatedToVpc(acl, account, "Only 
Root Admins can update global ACLs.");
 
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index a46667f16d2..e14fed6e8b2 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -15,8 +15,8 @@
 "error.release.dedicate.zone": "Failed to release dedicated zone.",
 "error.unable.to.proceed": "Unable to proceed. Please contact your 
administrator.",
 "firewall.close": "Firewall",
-"icmp.code.desc": "Please specify -1 if you want to allow all ICMP codes.",
-"icmp.type.desc": "Please specify -1 if you want to allow all ICMP types.",
+"icmp.code.desc": "Please specify -1 if you want to allow all ICMP codes for 
non-NSX zones.",
+"icmp.type.desc": "Please specify -1 if you want to allow all ICMP types for 
non-NSX zones.",
 "inline": "Inline",
 "label.about": "About",
 "label.about.app": "About CloudStack",

Reply via email to