Address updatePortForwardingRule API

Author: winterhazel

api/src/main/java/com/cloud/network/rules/RulesService.java

@@ -26,6 +26,7 @@
 import com.cloud.user.Account;
 import com.cloud.utils.Pair;
 import com.cloud.utils.net.Ip;
+import org.apache.cloudstack.api.command.user.firewall.UpdatePortForwardingRuleCmd;
 
 public interface RulesService {
     Pair<List<? extends FirewallRule>, Integer> searchStaticNatRules(Long ipId, Long id, Long vmId, Long start, Long size, String accountName, Long domainId,
@@ -81,6 +82,8 @@ Pair<List<? extends FirewallRule>, Integer> searchStaticNatRules(Long ipId, Long
 
     boolean disableStaticNat(long ipId) throws ResourceUnavailableException, NetworkRuleConflictException, InsufficientAddressCapacityException;
 
-    PortForwardingRule updatePortForwardingRule(long id, Integer privatePort, Integer privateEndPort, Long virtualMachineId, Ip vmGuestIp, String customId, Boolean forDisplay);
+    PortForwardingRule updatePortForwardingRule(UpdatePortForwardingRuleCmd cmd);
+
+    void  validatePortForwardingSourceCidrList(List<String> sourceCidrList);
 
 }

api/src/main/java/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java

@@ -36,7 +36,6 @@
 import org.apache.cloudstack.api.response.NetworkResponse;
 import org.apache.cloudstack.api.response.UserVmResponse;
 import org.apache.cloudstack.context.CallContext;
-import org.apache.commons.collections.CollectionUtils;
 
 import com.cloud.event.EventTypes;
 import com.cloud.exception.InvalidParameterValueException;
@@ -112,7 +111,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
             type = CommandType.LIST,
             collectionType = CommandType.STRING,
             description = " the source CIDR list to allow traffic from; all other CIDRs will be blocked. " +
-                    "Multiple entries must be separated by a single comma character (,). This param will be used only for VPC's networks. By default, all CIDRs are allowed.")
+                    "Multiple entries must be separated by a single comma character (,). This param will be used only for VPC tiers. By default, all CIDRs are allowed.")
     private List<String> sourceCidrList;
 
     @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for source/end public port is automatically created; "
@@ -342,7 +341,7 @@ public void create() {
             }
         }
 
-        validateSourceCidrList();
+        _rulesService.validatePortForwardingSourceCidrList(sourceCidrList);
 
         try {
             PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, privateIp, getOpenFirewall(), isDisplay());
@@ -443,16 +442,4 @@ public String getName() {
         return null;
     }
 
-    public void validateSourceCidrList() {
-        if (CollectionUtils.isEmpty(sourceCidrList)) {
-            return;
-        }
-
-        for (String cidr : sourceCidrList) {
-            if (!NetUtils.isValidCidrList(cidr) && !NetUtils.isValidIp6Cidr(cidr)) {
-                throw new InvalidParameterValueException(String.format("The given source CIDR [%s] is invalid.", cidr));
-            }
-        }
-    }
-
 }

api/src/main/java/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java

@@ -33,6 +33,8 @@
 import com.cloud.user.Account;
 import com.cloud.utils.net.Ip;
 
+import java.util.List;
+
 @APICommand(name = "updatePortForwardingRule",
             responseObject = FirewallRuleResponse.class,
         description = "Updates a port forwarding rule. Only the private port and the virtual machine can be updated.", entityType = {PortForwardingRule.class},
@@ -65,6 +67,13 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd {
     @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
     private Boolean display;
 
+    @Parameter(name = ApiConstants.CIDR_LIST,
+            type = CommandType.LIST,
+            collectionType = CommandType.STRING,
+            description = " the source CIDR list to allow traffic from; all other CIDRs will be blocked. " +
+                    "Multiple entries must be separated by a single comma character (,). This param will be used only for VPC tiers. By default, all CIDRs are allowed.")
+    private List<String> sourceCidrList;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -96,6 +105,10 @@ public Boolean getDisplay() {
         return display;
     }
 
+    public List<String> getSourceCidrList() {
+        return sourceCidrList;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
@@ -132,7 +145,7 @@ public void checkUuid() {
 
     @Override
     public void execute() {
-        PortForwardingRule rule = _rulesService.updatePortForwardingRule(getId(), getPrivatePort(), getPrivateEndPort(), getVirtualMachineId(), getVmGuestIp(), getCustomId(), getDisplay());
+        PortForwardingRule rule = _rulesService.updatePortForwardingRule(this);
         FirewallRuleResponse fwResponse = new FirewallRuleResponse();
         if (rule != null) {
             fwResponse = _responseGenerator.createPortForwardingRuleResponse(rule);

engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesCidrsDao.java

@@ -29,4 +29,6 @@ public interface FirewallRulesCidrsDao extends GenericDao<FirewallRulesCidrsVO,
 
     @DB
     List<FirewallRulesCidrsVO> listByFirewallRuleId(long firewallRuleId);
+
+    void updateSourceCidrsForRule(Long firewallRuleId, List<String> sourceCidrList);
 }

engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java

@@ -20,6 +20,7 @@
 import java.util.List;
 
 
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.log4j.Logger;
 import org.springframework.stereotype.Component;
 
@@ -65,9 +66,27 @@ public List<FirewallRulesCidrsVO> listByFirewallRuleId(long firewallRuleId) {
         return results;
     }
 
+    @Override
+    public void updateSourceCidrsForRule(Long firewallRuleId, List<String> sourceCidrList) {
+        TransactionLegacy txn = TransactionLegacy.currentTxn();
+        txn.start();
+
+        SearchCriteria<FirewallRulesCidrsVO> sc = CidrsSearch.create();
+        sc.setParameters("firewallRuleId", firewallRuleId);
+        remove(sc);
+
+        persist(firewallRuleId, sourceCidrList);
+
+        txn.commit();
+    }
+
     @Override
     @DB
     public void persist(long firewallRuleId, List<String> sourceCidrs) {
+        if (CollectionUtils.isEmpty(sourceCidrs)) {
+            return;
+        }
+
         TransactionLegacy txn = TransactionLegacy.currentTxn();
 
         txn.start();

engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDaoImpl.java

@@ -243,9 +243,6 @@ public FirewallRuleVO persist(FirewallRuleVO firewallRule) {
     }
 
     public void saveSourceCidrs(FirewallRuleVO firewallRule, List<String> cidrList) {
-        if (cidrList == null) {
-            return;
-        }
         _firewallRulesCidrsDao.persist(firewallRule.getId(), cidrList);
     }
 

engine/schema/src/main/java/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java

@@ -22,6 +22,7 @@
 
 import com.cloud.utils.db.Transaction;
 import com.cloud.utils.db.TransactionCallback;
+import com.cloud.utils.db.TransactionLegacy;
 import org.apache.commons.collections.CollectionUtils;
 import org.springframework.stereotype.Component;
 
@@ -178,13 +179,29 @@ public PortForwardingRuleVO findByIdAndIp(long id, String secondaryIp) {
     public PortForwardingRuleVO persist(PortForwardingRuleVO portForwardingRule) {
         return Transaction.execute((TransactionCallback<PortForwardingRuleVO>) transactionStatus -> {
             PortForwardingRuleVO dbPfRule = super.persist(portForwardingRule);
-            if (CollectionUtils.isNotEmpty(portForwardingRule.getSourceCidrList())) {
-                portForwardingRulesCidrsDao.persist(portForwardingRule.getId(), portForwardingRule.getSourceCidrList());
-            }
+
+            portForwardingRulesCidrsDao.persist(portForwardingRule.getId(), portForwardingRule.getSourceCidrList());
             List<String> cidrList = portForwardingRulesCidrsDao.getSourceCidrs(portForwardingRule.getId());
             portForwardingRule.setSourceCidrList(cidrList);
+
             return dbPfRule;
         });
 
     }
+
+    @Override
+    public boolean update(Long id, PortForwardingRuleVO entity) {
+        TransactionLegacy txn = TransactionLegacy.currentTxn();
+        txn.start();
+
+        boolean success = super.update(id, entity);
+        if (!success) {
+            return false;
+        }
+
+        portForwardingRulesCidrsDao.updateSourceCidrsForRule(entity.getId(), entity.getSourceCidrList());
+        txn.commit();
+
+        return true;
+    }
 }

server/src/main/java/com/cloud/network/rules/RulesManagerImpl.java

@@ -33,6 +33,7 @@
 import com.cloud.vm.VirtualMachineProfileImpl;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.api.command.user.firewall.ListPortForwardingRulesCmd;
+import org.apache.cloudstack.api.command.user.firewall.UpdatePortForwardingRuleCmd;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.log4j.Logger;
@@ -103,6 +104,7 @@
 import com.cloud.vm.dao.NicSecondaryIpVO;
 import com.cloud.vm.dao.UserVmDao;
 import com.cloud.vm.dao.VMInstanceDao;
+import org.apache.commons.collections.CollectionUtils;
 
 public class RulesManagerImpl extends ManagerBase implements RulesManager, RulesService {
     private static final Logger s_logger = Logger.getLogger(RulesManagerImpl.class);
@@ -1578,12 +1580,22 @@ public List<FirewallRuleVO> listAssociatedRulesForGuestNic(Nic nic) {
 
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_MODIFY, eventDescription = "updating forwarding rule", async = true)
-    public PortForwardingRule updatePortForwardingRule(long id, Integer privatePort, Integer privateEndPort, Long virtualMachineId, Ip vmGuestIp, String customId, Boolean forDisplay) {
-        Account caller = CallContext.current().getCallingAccount();
+    public PortForwardingRule updatePortForwardingRule(UpdatePortForwardingRuleCmd cmd) {
+        long id = cmd.getId();
+        Integer privatePort = cmd.getPrivatePort();
+        Integer privateEndPort = cmd.getPrivateEndPort();
+        Long virtualMachineId = cmd.getVirtualMachineId();
+        Ip vmGuestIp = cmd.getVmGuestIp();
+        String customId = cmd.getCustomId();
+        Boolean forDisplay = cmd.getDisplay();
+        List<String> sourceCidrList = cmd.getSourceCidrList();
+
         PortForwardingRuleVO rule = _portForwardingDao.findById(id);
         if (rule == null) {
             throw new InvalidParameterValueException("Unable to find " + id);
         }
+
+        Account caller = CallContext.current().getCallingAccount();
         _accountMgr.checkAccess(caller, null, true, rule);
 
         if (customId != null) {
@@ -1671,6 +1683,11 @@ public PortForwardingRule updatePortForwardingRule(long id, Integer privatePort,
             rule.setVirtualMachineId(virtualMachineId);
             rule.setDestinationIpAddress(dstIp);
         }
+
+        if (CollectionUtils.isNotEmpty(sourceCidrList)) {
+            rule.setSourceCidrList(sourceCidrList);
+        }
+
         _portForwardingDao.update(id, rule);
 
         //apply new rules
@@ -1680,4 +1697,17 @@ public PortForwardingRule updatePortForwardingRule(long id, Integer privatePort,
 
         return _portForwardingDao.findById(id);
     }
+
+    @Override
+    public void validatePortForwardingSourceCidrList(List<String> sourceCidrList) {
+        if (CollectionUtils.isEmpty(sourceCidrList)) {
+            return;
+        }
+
+        for (String cidr : sourceCidrList) {
+            if (!NetUtils.isValidCidrList(cidr) && !NetUtils.isValidIp6Cidr(cidr)) {
+                throw new InvalidParameterValueException(String.format("The given source CIDR [%s] is invalid.", cidr));
+            }
+        }
+    }
 }