Surely this can be done by a few well crafted API calls from CloudMonkey? On 2/24/14 4:55 AM, "Antonio Fornié Casarrubios" <antonio.for...@gmail.com> wrote:
>Hi all, > >There is this functionality that seems to be wrong and I would like to >double check with you all. Actually this functionality could be considered >very important so I appreciate collaboration. > >It's about the functionality for ACLs shared among networks. Let's say you >have a VPC with Networks NW1 and NW2, and you have and ACL (what >Cloudstack >calls ACLList) with several rules, and you choose this ACL as the ACL for >both NW1 and NW2. The current functionality is that in general if you >modify the ACL this change will affect NW1 and NW2 of course. > >But there is a special case: you could send the parameter networkid. It >makes sense that if you send a createNetowrkACL request to allow >additional >traffic and you specifically state NW1, this should not affect NW2. > >The proposal then is to change this functionality so that, if and only if >the request specifies a networkid, the command should only affect the >specified network. Which in Java terms will mean that if other networks >use >the same ACLList, it will be cloned and then the command will be applied >to >the new clone that will be assigned to the given network. > >Note that: >* The new clone ACL List is created only if it is actually shared with >more >networks, otherwise it doesn't make sense. >* The name for the new ACL List will be the same old name plus a random >suffix. > > >Any thoughts? Reasons not to go this way? > >Thanks and cheers > >Antonio >Schuberg Philis - MCE
