sudo87 commented on code in PR #12013:
URL: https://github.com/apache/cloudstack/pull/12013#discussion_r2605488962
##########
server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java:
##########
@@ -1061,6 +1064,111 @@ public NetworkACLItem
moveRuleToTheTopInACLList(NetworkACLItem ruleBeingMoved) {
return moveRuleToTheTop(ruleBeingMoved, allRules);
}
+ @Override
+ public List<NetworkACLItem> importNetworkACLRules(ImportNetworkACLCmd cmd)
throws ResourceUnavailableException {
+ long aclId = cmd.getAclId();
+ Map<Object, Object> rules = cmd.getRules();
+ List<NetworkACLItem> createdRules = new ArrayList<>();
+ List<String> errors = new ArrayList<>();
+ for (Map.Entry<Object, Object> entry : rules.entrySet()) {
+ try {
+ Map<String, Object> ruleMap = (Map<String, Object>)
entry.getValue();
+ NetworkACLItem item = createACLRuleFromMap(ruleMap, aclId);
+ createdRules.add(item);
+ } catch (Exception ex) {
+ String error = "Failed to import rule at index " +
entry.getKey() + ": " + ex.getMessage();
+ errors.add(error);
+ logger.error(error, ex);
+ }
+ }
+ // no rules got imported
+ if (createdRules.isEmpty() && !errors.isEmpty()) {
+ logger.error("Failed to import any ACL rules. Errors: {}",
String.join("; ", errors));
+ throw new CloudRuntimeException("Failed to import any ACL rules.");
+ }
+
+ // apply ACL to network
+ if (!createdRules.isEmpty()) {
+ applyNetworkACL(aclId);
+ }
+ return createdRules;
+ }
+
+ private NetworkACLItem createACLRuleFromMap(Map<String, Object> ruleMap,
long aclId) {
+ String protocol = (String) ruleMap.get(ApiConstants.PROTOCOL);
+ if (protocol == null || protocol.trim().isEmpty()) {
+ throw new InvalidParameterValueException("Protocol is required");
+ }
+ String action = (String) ruleMap.getOrDefault(ApiConstants.ACTION,
"deny");
+ String trafficType = (String)
ruleMap.getOrDefault(ApiConstants.TRAFFIC_TYPE,
NetworkACLItem.TrafficType.Ingress);
+ String forDisplay = (String )
ruleMap.getOrDefault(ApiConstants.FOR_DISPLAY, "true");
+
+ // Create ACL rule using the service
+ CreateNetworkACLCmd cmd = new CreateNetworkACLCmd();
+ cmd.setAclId(aclId);
+ cmd.setProtocol(protocol.toLowerCase());
+ cmd.setAction(action.toLowerCase());
+ cmd.setTrafficType(trafficType.toLowerCase());
+ cmd.setDisplay(BooleanUtils.toBoolean(forDisplay));
+
+ // Optional parameters
+ if (ruleMap.containsKey(ApiConstants.CIDR_LIST)) {
+ Object cidrObj = ruleMap.get(ApiConstants.CIDR_LIST);
+ List<String> cidrList = new ArrayList<>();
+ if (cidrObj instanceof String) {
+ for (String cidr : ((String) cidrObj).split(",")) {
+ cidrList.add(cidr.trim());
+ }
+ } else if (cidrObj instanceof List) {
+ cidrList.addAll((List<String>) cidrObj);
+ }
+ cmd.setCidrlist(cidrList);
+ }
+
+ if (ruleMap.containsKey(ApiConstants.START_PORT)) {
+
cmd.setPublicStartPort(parseInt(ruleMap.get(ApiConstants.START_PORT)));
+ }
+
+ if (ruleMap.containsKey(ApiConstants.END_PORT)) {
+ cmd.setPublicEndPort(parseInt(ruleMap.get(ApiConstants.END_PORT)));
+ }
+
+ if (ruleMap.containsKey(ApiConstants.NUMBER)) {
+ cmd.setNumber(parseInt(ruleMap.get(ApiConstants.NUMBER)));
Review Comment:
rules with duplicate number will get discarded and there will be log message
for those.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
