Thanks to visit codestin.com
Credit goes to github.com

Skip to content

add remove tag to remove acl item method #7750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
DaanHoogland merged 2 commits into from
Jul 25, 2023
Merged

add remove tag to remove acl item method #7750

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6ce27ef
add remove tag to remove acl item method
DaanHoogland Jul 18, 2023
bfbfc14
test removeAclItem
DaanHoogland Jul 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 9 additions & 4 deletions server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,8 @@
import com.cloud.network.vpc.dao.NetworkACLDao;
import com.cloud.network.vpc.dao.VpcGatewayDao;
import com.cloud.offering.NetworkOffering;
import com.cloud.server.ResourceTag;
import com.cloud.tags.dao.ResourceTagDao;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.EntityManager;
Expand Down Expand Up @@ -73,6 +75,8 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
private VpcService _vpcSvc;
@Inject
private MessageBus _messageBus;
@Inject
private ResourceTagDao resourceTagDao;

private List<NetworkACLServiceProvider> _networkAclElements;

Expand Down Expand Up @@ -275,7 +279,7 @@ private void revokeRule(final NetworkACLItemVO rule) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Found a rule that is still in stage state so just removing it: " + rule);
}
_networkACLItemDao.remove(rule.getId());
removeRule(rule);
} else if (rule.getState() == State.Add || rule.getState() == State.Active) {
rule.setState(State.Revoke);
_networkACLItemDao.update(rule.getId(), rule);
Expand Down Expand Up @@ -353,8 +357,9 @@ public List<NetworkACLItemVO> listNetworkACLItems(final long guestNtwkId) {
return rules;
}

private void removeRule(final NetworkACLItem rule) {
_networkACLItemDao.remove(rule.getId());
boolean removeRule(final NetworkACLItem rule) {
boolean rc = resourceTagDao.removeByIdAndType(rule.getId(), ResourceTag.ResourceObjectType.NetworkACL);
return rc && _networkACLItemDao.remove(rule.getId());
}

@Override
Expand Down Expand Up @@ -390,7 +395,7 @@ public boolean applyACLToNetwork(final long networkId) throws ResourceUnavailabl

/**
* Updates and applies the network ACL rule ({@link NetworkACLItemVO}).
* We will first try to update the ACL rule in the database using {@link NetworkACLItemDao#update(Long, NetworkACLItemVO)}. If it does not work, a {@link CloudRuntimeException} is thrown.
* We will first try to update the ACL rule in the database using {@link NetworkACLItemDao#updateNumberFieldNetworkItem(long, int)}. If it does not work, a {@link CloudRuntimeException} is thrown.
* If we manage to update the ACL rule in the database, we proceed to apply it using {@link #applyNetworkACL(long)}. If this does not work we throw a {@link CloudRuntimeException}.
* If all is working we return the {@link NetworkACLItemVO} given as parameter. We wil set the state of the rule to {@link com.cloud.network.vpc.NetworkACLItem.State#Add}.
*/
Expand Down
52 changes: 29 additions & 23 deletions .../com/cloud/vpc/NetworkACLManagerTest.java → ...ud/network/vpc/NetworkACLManagerTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.

package com.cloud.vpc;
package com.cloud.network.vpc;

import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyList;
Expand All @@ -30,6 +30,7 @@

import javax.inject.Inject;

import com.cloud.server.ResourceTag;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
import org.apache.cloudstack.framework.messagebus.MessageBus;
Expand Down Expand Up @@ -58,18 +59,7 @@
import com.cloud.network.dao.NetworkServiceMapDao;
import com.cloud.network.dao.NetworkVO;
import com.cloud.network.element.NetworkACLServiceProvider;
import com.cloud.network.vpc.NetworkACLItem;
import com.cloud.network.vpc.NetworkACLItem.State;
import com.cloud.network.vpc.NetworkACLItemDao;
import com.cloud.network.vpc.NetworkACLItemVO;
import com.cloud.network.vpc.NetworkACLManager;
import com.cloud.network.vpc.NetworkACLManagerImpl;
import com.cloud.network.vpc.NetworkACLVO;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.VpcGateway;
import com.cloud.network.vpc.VpcGatewayVO;
import com.cloud.network.vpc.VpcManager;
import com.cloud.network.vpc.VpcService;
import com.cloud.network.vpc.dao.NetworkACLDao;
import com.cloud.network.vpc.dao.VpcGatewayDao;
import com.cloud.offerings.dao.NetworkOfferingDao;
Expand All @@ -88,7 +78,7 @@
@ContextConfiguration(loader = AnnotationConfigContextLoader.class)
public class NetworkACLManagerTest extends TestCase {
@Inject
NetworkACLManager _aclMgr;
NetworkACLManagerImpl _aclMgr;

@Inject
AccountManager _accountMgr;
Expand All @@ -103,17 +93,15 @@ public class NetworkACLManagerTest extends TestCase {
@Inject
NetworkOfferingDao networkOfferingDao;
@Inject
ConfigurationManager _configMgr;
@Inject
EntityManager _entityMgr;
@Inject
NetworkModel _networkModel;
@Inject
List<NetworkACLServiceProvider> _networkAclElements;
@Inject
VpcService _vpcSvc;
@Inject
VpcGatewayDao _vpcGatewayDao;
@Inject
private ResourceTagDao resourceTagDao;

private NetworkACLVO acl;
private NetworkACLItemVO aclItem;
Expand Down Expand Up @@ -154,9 +142,17 @@ public void testApplyACL() throws Exception {
}

@Test
public void testApplyNetworkACL() throws Exception {
public void testApplyNetworkACLsOnGatewayAndInGeneral() throws Exception {
driveTestApplyNetworkACL(true, true, true);
}

@Test
public void testApplyNetworkACLsOnGatewayOnly() throws Exception {
driveTestApplyNetworkACL(false, false, true);
}

@Test
public void testApplyNetworkACLsButNotOnGateway() throws Exception {
driveTestApplyNetworkACL(false, true, false);
}

Expand All @@ -168,11 +164,12 @@ public void driveTestApplyNetworkACL(final boolean result, final boolean applyNe
// Prepare
// Reset mocked objects to reuse
Mockito.reset(_networkACLItemDao);
Mockito.reset(_networkDao);

// Make sure it is handled
final long aclId = 1L;
final NetworkVO network = Mockito.mock(NetworkVO.class);
final List<NetworkVO> networks = new ArrayList<NetworkVO>();
final List<NetworkVO> networks = new ArrayList<>();
networks.add(network);

NetworkServiceMapDao ntwkSrvcDao = mock(NetworkServiceMapDao.class);
Expand All @@ -194,7 +191,7 @@ public void driveTestApplyNetworkACL(final boolean result, final boolean applyNe

// Create 4 rules to test all 4 scenarios: only revoke should
// be deleted, only add should update
final List<NetworkACLItemVO> rules = new ArrayList<NetworkACLItemVO>();
final List<NetworkACLItemVO> rules = new ArrayList<>();
final NetworkACLItemVO ruleActive = Mockito.mock(NetworkACLItemVO.class);
final NetworkACLItemVO ruleStaged = Mockito.mock(NetworkACLItemVO.class);
final NetworkACLItemVO rule2Revoke = Mockito.mock(NetworkACLItemVO.class);
Expand Down Expand Up @@ -224,7 +221,6 @@ public void driveTestApplyNetworkACL(final boolean result, final boolean applyNe

// Assert if conditions met, network ACL was applied
final int timesProcessingDone = applyNetworkACLs && applyACLToPrivateGw ? 1 : 0;
Mockito.verify(_networkACLItemDao, Mockito.times(timesProcessingDone)).remove(revokeId);
Mockito.verify(rule2Add, Mockito.times(timesProcessingDone)).setState(NetworkACLItem.State.Active);
Mockito.verify(_networkACLItemDao, Mockito.times(timesProcessingDone)).update(addId, rule2Add);
}
Expand All @@ -235,9 +231,20 @@ public void testRevokeACLItem() throws Exception {
assertTrue(_aclMgr.revokeNetworkACLItem(1L));
}

@Test
public void testRemoveRule() {
NetworkACLItem aclItem = Mockito.mock(NetworkACLItemVO.class);
when(aclItem.getId()).thenReturn(1l);
Mockito.when(resourceTagDao.removeByIdAndType(1l, ResourceTag.ResourceObjectType.NetworkACL)).thenReturn(true);
Mockito.when(_networkACLItemDao.remove(1l)).thenReturn(true);
assertTrue(_aclMgr.removeRule(aclItem));

}

@Test
public void deleteNonEmptyACL() throws Exception {
final List<NetworkACLItemVO> aclItems = new ArrayList<NetworkACLItemVO>();
Mockito.reset(_networkDao);
final List<NetworkACLItemVO> aclItems = new ArrayList<>();
aclItems.add(aclItem);
Mockito.when(_networkACLItemDao.listByACL(anyLong())).thenReturn(aclItems);
Mockito.when(acl.getId()).thenReturn(3l);
Expand Down Expand Up @@ -342,5 +349,4 @@ public boolean match(final MetadataReader mdr, final MetadataReaderFactory arg1)
}
}
}

}