/** * Loads all ACL rules from given network ACL list. Then, the ACL rules will be sorted according to the 'number' field in ascending order. */ protected List<NetworkACLItemVO> getAllAclRulesSortedByNumber(long aclId) { List<NetworkACLItemVO> allAclRules = _networkACLItemDao.listByACL(aclId); Collections.sort(allAclRules, new Comparator<NetworkACLItemVO>() { @Override public int compare(NetworkACLItemVO o1, NetworkACLItemVO o2) { return o1.number - o2.number; } }); return allAclRules; }
@Override public List<NetworkACLItemVO> listNetworkACLItems(final long guestNtwkId) { final Network network = _networkMgr.getNetwork(guestNtwkId); if (network.getNetworkACLId() == null) { return null; } return _networkACLItemDao.listByACL(network.getNetworkACLId()); }
@Override public boolean revokeACLItemsForPrivateGw(final PrivateGateway gateway) throws ResourceUnavailableException { final long networkACLId = gateway.getNetworkACLId(); final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(networkACLId); if (aclItems.isEmpty()) { s_logger.debug("Found no network ACL Items for private gateway 'id=" + gateway.getId() + "'"); return true; } if (s_logger.isDebugEnabled()) { s_logger.debug("Releasing " + aclItems.size() + " Network ACL Items for private gateway id=" + gateway.getId()); } for (final NetworkACLItemVO aclItem : aclItems) { // Mark all Network ACLs rules as Revoke, but don't update in DB if (aclItem.getState() == State.Add || aclItem.getState() == State.Active) { aclItem.setState(State.Revoke); } } final boolean success = applyACLToPrivateGw(gateway, aclItems); if (s_logger.isDebugEnabled() && success) { s_logger.debug("Successfully released Network ACLs for private gateway id=" + gateway.getId() + " and # of rules now = " + aclItems.size()); } return success; }
@Override public boolean revokeACLItemsForNetwork(final long networkId) throws ResourceUnavailableException { final Network network = _networkDao.findById(networkId); if (network.getNetworkACLId() == null) { return true; } final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(network.getNetworkACLId()); if (aclItems.isEmpty()) { s_logger.debug("Found no network ACL Items for network id=" + networkId); return true; } if (s_logger.isDebugEnabled()) { s_logger.debug("Releasing " + aclItems.size() + " Network ACL Items for network id=" + networkId); } for (final NetworkACLItemVO aclItem : aclItems) { // Mark all Network ACLs rules as Revoke, but don't update in DB if (aclItem.getState() == State.Add || aclItem.getState() == State.Active) { aclItem.setState(State.Revoke); } } final boolean success = applyACLItemsToNetwork(network.getId(), aclItems); if (s_logger.isDebugEnabled() && success) { s_logger.debug("Successfully released Network ACLs for network id=" + networkId + " and # of rules now = " + aclItems.size()); } return success; }
@Override public boolean applyACLToPrivateGw(final PrivateGateway gateway) throws ResourceUnavailableException { final VpcGatewayVO vpcGatewayVO = _vpcGatewayDao.findById(gateway.getId()); final List<? extends NetworkACLItem> rules = _networkACLItemDao.listByACL(vpcGatewayVO.getNetworkACLId()); return applyACLToPrivateGw(gateway, rules); }
private boolean applyACLRulesForVpc(Network network, NetworkOffering offering) throws ResourceUnavailableException { List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(network.getNetworkACLId()); if (_networkModel.areServicesSupportedByNetworkOffering(offering.getId(), Network.Service.NetworkACL)) { applyACLRules(network, rules, true, false); } return true; }
@Override public boolean applyACLToNetwork(final long networkId) throws ResourceUnavailableException { final Network network = _networkDao.findById(networkId); if (network.getNetworkACLId() == null) { return true; } final List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(network.getNetworkACLId()); return applyACLItemsToNetwork(networkId, rules); }
@Override public boolean deleteNetworkACL(final NetworkACL acl) { final long aclId = acl.getId(); final List<NetworkVO> networks = _networkDao.listByAclId(aclId); if (networks != null && networks.size() > 0) { throw new CloudRuntimeException("ACL is still associated with " + networks.size() + " tier(s). Cannot delete network ACL: " + acl.getUuid()); } final List<VpcGatewayVO> pvtGateways = _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private); if (pvtGateways != null && pvtGateways.size() > 0) { throw new CloudRuntimeException("ACL is still associated with " + pvtGateways.size() + " private gateway(s). Cannot delete network ACL: " + acl.getUuid()); } final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(aclId); for (final NetworkACLItemVO networkACLItem : aclItems) { revokeNetworkACLItem(networkACLItem.getId()); } return _networkACLDao.remove(aclId); }
List<NetworkACLItemVO> aclItemVos = _networkACLItemDao.listByACL(networkAclId); for (NetworkACLItemVO aclItem : aclItemVos) { String[] sourceCidrs = aclItem.getSourceCidrList().toArray(new String[aclItem.getSourceCidrList().size()]);
@Override public boolean createPrivateGateway(final PrivateGateway gateway) throws ConcurrentOperationException, ResourceUnavailableException { if (gateway.getType() != VpcGateway.Type.Private) { s_logger.warn("Type of vpc gateway is not " + VpcGateway.Type.Private); return true; } final List<DomainRouterVO> routers = _vpcRouterMgr.getVpcRouters(gateway.getVpcId()); if (routers == null || routers.isEmpty()) { s_logger.debug(getName() + " element doesn't need to create Private gateway on the backend; VPC virtual " + "router doesn't exist in the vpc id=" + gateway.getVpcId()); return true; } s_logger.info("Adding VPC routers to Guest Network: " + routers.size() + " to be added!"); final DataCenterVO dcVO = _dcDao.findById(gateway.getZoneId()); final NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO); boolean result = true; final Network network = _networkDao.findById(gateway.getNetworkId()); final boolean isPrivateGateway = true; for (final DomainRouterVO domainRouterVO : routers) { if (networkTopology.setupPrivateGateway(gateway, domainRouterVO)) { try { final List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(gateway.getNetworkACLId()); result = result && networkTopology.applyNetworkACLs(network, rules, domainRouterVO, isPrivateGateway); } catch (final Exception ex) { s_logger.debug("Failed to apply network acl id " + gateway.getNetworkACLId() + " on gateway "); return false; } } } return result; }
@Override public boolean replaceNetworkACLForPrivateGw(final NetworkACL acl, final PrivateGateway gateway) throws ResourceUnavailableException { final VpcGatewayVO vpcGatewayVo = _vpcGatewayDao.findById(gateway.getId()); final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(acl.getId()); if (aclItems == null || aclItems.isEmpty()) { //Revoke ACL Items of the existing ACL if the new network acl is empty //Other wise existing rules will not be removed on the router elelment s_logger.debug("New network ACL is empty. Revoke existing rules before applying ACL"); if (!revokeACLItemsForPrivateGw(gateway)) { throw new CloudRuntimeException("Failed to replace network ACL. Error while removing existing ACL " + "items for privatewa gateway: " + gateway.getId()); } } vpcGatewayVo.setNetworkACLId(acl.getId()); if (_vpcGatewayDao.update(vpcGatewayVo.getId(), vpcGatewayVo)) { return applyACLToPrivateGw(gateway); } return false; }
List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(db.getId()); try { policyModel.build(_manager.getModelController(), rules);
List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(db.getId()); try { policyModel.build(_manager.getModelController(), rules);
aclItems = _aclItemDao.listByACL(network.getNetworkACLId()); for(NetworkACLItem item: aclItems){ AclData acl = new AclData();
final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(acl.getId()); if (aclItems == null || aclItems.isEmpty()) { s_logger.debug("New network ACL is empty. Revoke existing rules before applying ACL");
boolean aclApplyStatus = true; final List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(aclId);
final List<NetworkACLItemVO> networkACLs = _networkACLItemDao.listByACL(privateGwAclId); s_logger.debug("Found " + networkACLs.size() + " network ACLs to apply as a part of VPC VR " + domainRouterVO + " start for private gateway ip = " + ipVO.getIpAddress());