This is an automated email from the ASF dual-hosted git repository.
pearl11594 pushed a commit to branch fr03-nsx-reorder-acl-rules
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 788680855c06b15967b998765d6bf4650d955c28
Author: Pearl Dsilva <pearl1...@gmail.com>
AuthorDate: Tue Feb 6 08:51:23 2024 -0500
fix reordering of acl rules on all networks that it is associated to
---
.../network/element/NetworkACLServiceProvider.java | 2 +-
.../com/cloud/network/vpc/NetworkACLManager.java | 3 ++-
.../cloud/network/element/BigSwitchBcfElement.java | 2 +-
.../contrail/management/ContrailVpcElementImpl.java | 2 +-
.../org/apache/cloudstack/service/NsxElement.java | 21 +++++++++++----------
.../network/element/VpcVirtualRouterElement.java | 2 +-
.../cloud/network/vpc/NetworkACLManagerImpl.java | 5 ++---
.../cloud/network/vpc/NetworkACLServiceImpl.java | 5 +++--
8 files changed, 22 insertions(+), 20 deletions(-)
diff --git
a/api/src/main/java/com/cloud/network/element/NetworkACLServiceProvider.java
b/api/src/main/java/com/cloud/network/element/NetworkACLServiceProvider.java
index 92d3519d596..852a650cfcd 100644
--- a/api/src/main/java/com/cloud/network/element/NetworkACLServiceProvider.java
+++ b/api/src/main/java/com/cloud/network/element/NetworkACLServiceProvider.java
@@ -33,6 +33,6 @@ public interface NetworkACLServiceProvider extends
NetworkElement {
*/
boolean applyNetworkACLs(Network config, List<? extends NetworkACLItem>
rules) throws ResourceUnavailableException;
- boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem>
networkACLItems);
+ boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<?
extends NetworkACLItem> networkACLItems);
}
diff --git
a/engine/components-api/src/main/java/com/cloud/network/vpc/NetworkACLManager.java
b/engine/components-api/src/main/java/com/cloud/network/vpc/NetworkACLManager.java
index 9d1caa1c031..de69b894183 100644
---
a/engine/components-api/src/main/java/com/cloud/network/vpc/NetworkACLManager.java
+++
b/engine/components-api/src/main/java/com/cloud/network/vpc/NetworkACLManager.java
@@ -19,6 +19,7 @@ package com.cloud.network.vpc;
import java.util.List;
import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Network;
import com.cloud.network.dao.NetworkVO;
public interface NetworkACLManager {
@@ -92,5 +93,5 @@ public interface NetworkACLManager {
boolean applyACLToPrivateGw(PrivateGateway gateway) throws
ResourceUnavailableException;
- boolean reorderAclRules(VpcVO vpc, List<? extends NetworkACLItem>
networkACLItems);
+ boolean reorderAclRules(VpcVO vpc, List<? extends Network> networks,
List<? extends NetworkACLItem> networkACLItems);
}
diff --git
a/plugins/network-elements/bigswitch/src/main/java/com/cloud/network/element/BigSwitchBcfElement.java
b/plugins/network-elements/bigswitch/src/main/java/com/cloud/network/element/BigSwitchBcfElement.java
index c4b8de2ed95..9677d3b13ab 100644
---
a/plugins/network-elements/bigswitch/src/main/java/com/cloud/network/element/BigSwitchBcfElement.java
+++
b/plugins/network-elements/bigswitch/src/main/java/com/cloud/network/element/BigSwitchBcfElement.java
@@ -701,7 +701,7 @@ NetworkACLServiceProvider, FirewallServiceProvider,
ResourceStateAdapter {
}
@Override
- public boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem>
networkACLItems) {
+ public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks,
List<? extends NetworkACLItem> networkACLItems) {
return true;
}
diff --git
a/plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailVpcElementImpl.java
b/plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailVpcElementImpl.java
index 58169f22d7b..cdbda514d88 100644
---
a/plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailVpcElementImpl.java
+++
b/plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailVpcElementImpl.java
@@ -186,7 +186,7 @@ public class ContrailVpcElementImpl extends
ContrailElementImpl implements Netwo
}
@Override
- public boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem>
networkACLItems) {
+ public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks,
List<? extends NetworkACLItem> networkACLItems) {
return true;
}
diff --git
a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
index 99beb099bed..85f66cf4776 100644
---
a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
+++
b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
@@ -72,7 +72,6 @@ import com.cloud.network.rules.LoadBalancerContainer;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.StaticNat;
import com.cloud.network.vpc.NetworkACLItem;
-import com.cloud.network.vpc.NetworkACLItemVO;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.StaticRouteProfile;
import com.cloud.network.vpc.Vpc;
@@ -98,9 +97,7 @@ import com.cloud.vm.VMInstanceVO;
import com.cloud.vm.VirtualMachineProfile;
import com.cloud.vm.dao.VMInstanceDao;
import net.sf.ehcache.config.InvalidConfigurationException;
-import org.apache.cloudstack.NsxAnswer;
import org.apache.cloudstack.StartupNsxCommand;
-import
org.apache.cloudstack.agent.api.DeleteNsxDistributedFirewallRulesCommand;
import
org.apache.cloudstack.api.command.admin.internallb.ConfigureInternalLoadBalancerElementCmd;
import
org.apache.cloudstack.api.command.admin.internallb.CreateInternalLoadBalancerElementCmd;
import
org.apache.cloudstack.api.command.admin.internallb.ListInternalLoadBalancerElementsCmd;
@@ -115,7 +112,6 @@ import javax.inject.Inject;
import javax.naming.ConfigurationException;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
@@ -733,17 +729,22 @@ public class NsxElement extends AdapterBase implements
DhcpServiceProvider, Dns
}
@Override
- public boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem>
networkACLItems) {
+ public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks,
List<? extends NetworkACLItem> networkACLItems) {
List<NsxNetworkRule> aclRulesList = new ArrayList<>();
for (NetworkACLItem rule : networkACLItems) {
String privatePort = getPrivatePortRangeForACLRule(rule);
aclRulesList.add(getNsxNetworkRuleForAcl(rule, privatePort));
}
- DeleteNsxDistributedFirewallRulesCommand command = new
DeleteNsxDistributedFirewallRulesCommand(vpc.getDomainId(),
- vpc.getAccountId(), vpc.getZoneId(), vpc.getId(),
network.getId(), netRules);
- NsxAnswer result = nsxControllerUtils.sendNsxCommand(command,
network.getDataCenterId());
- return result.getResult();
- return true;
+ for (Network network: networks) {
+ nsxService.deleteFirewallRules(network, aclRulesList);
+ }
+ boolean success = true;
+ for (Network network : networks) {
+ for (NsxNetworkRule aclRule : aclRulesList) {
+ success = success && nsxService.addFirewallRules(network,
List.of(aclRule));
+ }
+ }
+ return success;
}
private NsxNetworkRule getNsxNetworkRuleForAcl(NetworkACLItem rule, String
privatePort) {
diff --git
a/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
b/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
index 6b79950949d..acd58400dc4 100644
---
a/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
+++
b/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
@@ -532,7 +532,7 @@ public class VpcVirtualRouterElement extends
VirtualRouterElement implements Vpc
}
@Override
- public boolean reorderAclRules(Vpc vpc, List<? extends NetworkACLItem>
networkACLItems) {
+ public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks,
List<? extends NetworkACLItem> networkACLItems) {
return true;
}
diff --git
a/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java
b/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java
index 16b797fd94f..0ab4f149bdb 100644
--- a/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -21,7 +21,6 @@ import java.util.List;
import javax.inject.Inject;
-import com.cloud.network.nsx.NsxProvider;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.framework.messagebus.MessageBus;
import org.apache.cloudstack.framework.messagebus.PublishScope;
@@ -372,12 +371,12 @@ public class NetworkACLManagerImpl extends ManagerBase
implements NetworkACLMana
}
@Override
- public boolean reorderAclRules(VpcVO vpc, List<? extends NetworkACLItem>
networkACLItems) {
+ public boolean reorderAclRules(VpcVO vpc, List<? extends Network>
networks, List<? extends NetworkACLItem> networkACLItems) {
List<NetworkACLServiceProvider> nsxElements = new ArrayList<>();
nsxElements.add((NetworkACLServiceProvider)
_ntwkModel.getElementImplementingProvider(Network.Provider.Nsx.getName()));
try {
for (final NetworkACLServiceProvider provider : nsxElements) {
- return provider.reorderAclRules(networkACLItems);
+ return provider.reorderAclRules(vpc, networks,
networkACLItems);
}
} catch (final Exception ex) {
s_logger.debug("Failed to reorder ACLs on NSX due to: " +
ex.getLocalizedMessage());
diff --git
a/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
b/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
index 59b7eb62a2c..5b64fc24c03 100644
--- a/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -1004,9 +1004,10 @@ public class NetworkACLServiceImpl extends ManagerBase
implements NetworkACLServ
VpcVO vpc = _vpcDao.findById(lockedAcl.getVpcId());
final DataCenter dc = _entityMgr.findById(DataCenter.class,
vpc.getZoneId());
final NsxProviderVO nsxProvider =
nsxProviderDao.findByZoneId(dc.getId());
- if (Objects.nonNull(nsxProvider)) {
+ List<NetworkVO> networks =
_networkDao.listByAclId(lockedAcl.getId());
+ if (Objects.nonNull(nsxProvider) && !networks.isEmpty()) {
allAclRules = getAllAclRulesSortedByNumber(lockedAcl.getId());
- _networkAclMgr.reorderAclRules(vpc, allAclRules);
+ _networkAclMgr.reorderAclRules(vpc, networks, allAclRules);
}
return networkACLItem;
} finally {
