This is an automated email from the ASF dual-hosted git repository. pearl11594 pushed a commit to branch fr03-nsx-reorder-acl-rules in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 788680855c06b15967b998765d6bf4650d955c28 Author: Pearl Dsilva <pearl1...@gmail.com> AuthorDate: Tue Feb 6 08:51:23 2024 -0500 fix reordering of acl rules on all networks that it is associated to --- .../network/element/NetworkACLServiceProvider.java | 2 +- .../com/cloud/network/vpc/NetworkACLManager.java | 3 ++- .../cloud/network/element/BigSwitchBcfElement.java | 2 +- .../contrail/management/ContrailVpcElementImpl.java | 2 +- .../org/apache/cloudstack/service/NsxElement.java | 21 +++++++++++---------- .../network/element/VpcVirtualRouterElement.java | 2 +- .../cloud/network/vpc/NetworkACLManagerImpl.java | 5 ++--- .../cloud/network/vpc/NetworkACLServiceImpl.java | 5 +++-- 8 files changed, 22 insertions(+), 20 deletions(-) diff --git a/api/src/main/java/com/cloud/network/element/NetworkACLServiceProvider.java b/api/src/main/java/com/cloud/network/element/NetworkACLServiceProvider.java index 92d3519d596..852a650cfcd 100644 --- a/api/src/main/java/com/cloud/network/element/NetworkACLServiceProvider.java +++ b/api/src/main/java/com/cloud/network/element/NetworkACLServiceProvider.java @@ -33,6 +33,6 @@ public interface NetworkACLServiceProvider extends NetworkElement { */ boolean applyNetworkACLs(Network config, List<? extends NetworkACLItem> rules) throws ResourceUnavailableException; - boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem> networkACLItems); + boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems); } diff --git a/engine/components-api/src/main/java/com/cloud/network/vpc/NetworkACLManager.java b/engine/components-api/src/main/java/com/cloud/network/vpc/NetworkACLManager.java index 9d1caa1c031..de69b894183 100644 --- a/engine/components-api/src/main/java/com/cloud/network/vpc/NetworkACLManager.java +++ b/engine/components-api/src/main/java/com/cloud/network/vpc/NetworkACLManager.java @@ -19,6 +19,7 @@ package com.cloud.network.vpc; import java.util.List; import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.Network; import com.cloud.network.dao.NetworkVO; public interface NetworkACLManager { @@ -92,5 +93,5 @@ public interface NetworkACLManager { boolean applyACLToPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException; - boolean reorderAclRules(VpcVO vpc, List<? extends NetworkACLItem> networkACLItems); + boolean reorderAclRules(VpcVO vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems); } diff --git a/plugins/network-elements/bigswitch/src/main/java/com/cloud/network/element/BigSwitchBcfElement.java b/plugins/network-elements/bigswitch/src/main/java/com/cloud/network/element/BigSwitchBcfElement.java index c4b8de2ed95..9677d3b13ab 100644 --- a/plugins/network-elements/bigswitch/src/main/java/com/cloud/network/element/BigSwitchBcfElement.java +++ b/plugins/network-elements/bigswitch/src/main/java/com/cloud/network/element/BigSwitchBcfElement.java @@ -701,7 +701,7 @@ NetworkACLServiceProvider, FirewallServiceProvider, ResourceStateAdapter { } @Override - public boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem> networkACLItems) { + public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems) { return true; } diff --git a/plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailVpcElementImpl.java b/plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailVpcElementImpl.java index 58169f22d7b..cdbda514d88 100644 --- a/plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailVpcElementImpl.java +++ b/plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailVpcElementImpl.java @@ -186,7 +186,7 @@ public class ContrailVpcElementImpl extends ContrailElementImpl implements Netwo } @Override - public boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem> networkACLItems) { + public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems) { return true; } diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java index 99beb099bed..85f66cf4776 100644 --- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java +++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java @@ -72,7 +72,6 @@ import com.cloud.network.rules.LoadBalancerContainer; import com.cloud.network.rules.PortForwardingRule; import com.cloud.network.rules.StaticNat; import com.cloud.network.vpc.NetworkACLItem; -import com.cloud.network.vpc.NetworkACLItemVO; import com.cloud.network.vpc.PrivateGateway; import com.cloud.network.vpc.StaticRouteProfile; import com.cloud.network.vpc.Vpc; @@ -98,9 +97,7 @@ import com.cloud.vm.VMInstanceVO; import com.cloud.vm.VirtualMachineProfile; import com.cloud.vm.dao.VMInstanceDao; import net.sf.ehcache.config.InvalidConfigurationException; -import org.apache.cloudstack.NsxAnswer; import org.apache.cloudstack.StartupNsxCommand; -import org.apache.cloudstack.agent.api.DeleteNsxDistributedFirewallRulesCommand; import org.apache.cloudstack.api.command.admin.internallb.ConfigureInternalLoadBalancerElementCmd; import org.apache.cloudstack.api.command.admin.internallb.CreateInternalLoadBalancerElementCmd; import org.apache.cloudstack.api.command.admin.internallb.ListInternalLoadBalancerElementsCmd; @@ -115,7 +112,6 @@ import javax.inject.Inject; import javax.naming.ConfigurationException; import java.util.ArrayList; import java.util.Arrays; -import java.util.Comparator; import java.util.HashMap; import java.util.List; import java.util.Locale; @@ -733,17 +729,22 @@ public class NsxElement extends AdapterBase implements DhcpServiceProvider, Dns } @Override - public boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem> networkACLItems) { + public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems) { List<NsxNetworkRule> aclRulesList = new ArrayList<>(); for (NetworkACLItem rule : networkACLItems) { String privatePort = getPrivatePortRangeForACLRule(rule); aclRulesList.add(getNsxNetworkRuleForAcl(rule, privatePort)); } - DeleteNsxDistributedFirewallRulesCommand command = new DeleteNsxDistributedFirewallRulesCommand(vpc.getDomainId(), - vpc.getAccountId(), vpc.getZoneId(), vpc.getId(), network.getId(), netRules); - NsxAnswer result = nsxControllerUtils.sendNsxCommand(command, network.getDataCenterId()); - return result.getResult(); - return true; + for (Network network: networks) { + nsxService.deleteFirewallRules(network, aclRulesList); + } + boolean success = true; + for (Network network : networks) { + for (NsxNetworkRule aclRule : aclRulesList) { + success = success && nsxService.addFirewallRules(network, List.of(aclRule)); + } + } + return success; } private NsxNetworkRule getNsxNetworkRuleForAcl(NetworkACLItem rule, String privatePort) { diff --git a/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java index 6b79950949d..acd58400dc4 100644 --- a/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java +++ b/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java @@ -532,7 +532,7 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc } @Override - public boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem> networkACLItems) { + public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems) { return true; } diff --git a/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java index 16b797fd94f..0ab4f149bdb 100644 --- a/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java +++ b/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java @@ -21,7 +21,6 @@ import java.util.List; import javax.inject.Inject; -import com.cloud.network.nsx.NsxProvider; import org.apache.cloudstack.context.CallContext; import org.apache.cloudstack.framework.messagebus.MessageBus; import org.apache.cloudstack.framework.messagebus.PublishScope; @@ -372,12 +371,12 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana } @Override - public boolean reorderAclRules(VpcVO vpc, List<? extends NetworkACLItem> networkACLItems) { + public boolean reorderAclRules(VpcVO vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems) { List<NetworkACLServiceProvider> nsxElements = new ArrayList<>(); nsxElements.add((NetworkACLServiceProvider) _ntwkModel.getElementImplementingProvider(Network.Provider.Nsx.getName())); try { for (final NetworkACLServiceProvider provider : nsxElements) { - return provider.reorderAclRules(networkACLItems); + return provider.reorderAclRules(vpc, networks, networkACLItems); } } catch (final Exception ex) { s_logger.debug("Failed to reorder ACLs on NSX due to: " + ex.getLocalizedMessage()); diff --git a/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java index 59b7eb62a2c..5b64fc24c03 100644 --- a/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java +++ b/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java @@ -1004,9 +1004,10 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ VpcVO vpc = _vpcDao.findById(lockedAcl.getVpcId()); final DataCenter dc = _entityMgr.findById(DataCenter.class, vpc.getZoneId()); final NsxProviderVO nsxProvider = nsxProviderDao.findByZoneId(dc.getId()); - if (Objects.nonNull(nsxProvider)) { + List<NetworkVO> networks = _networkDao.listByAclId(lockedAcl.getId()); + if (Objects.nonNull(nsxProvider) && !networks.isEmpty()) { allAclRules = getAllAclRulesSortedByNumber(lockedAcl.getId()); - _networkAclMgr.reorderAclRules(vpc, allAclRules); + _networkAclMgr.reorderAclRules(vpc, networks, allAclRules); } return networkACLItem; } finally {