Add support to edit ACL rules (apache#74)

* Add support to edit ACL rules

* add support to update acl rules

* remove test file

Author: Pearl1594

plugins/network-elements/netris/src/main/java/org/apache/cloudstack/agent/api/CreateOrUpdateNetrisACLCommand.java

@@ -0,0 +1,120 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.agent.api;
+
+import org.apache.cloudstack.resource.NetrisPortGroup;
+
+public class CreateOrUpdateNetrisACLCommand extends NetrisCommand {
+    private String vpcName;
+    private Long vpcId;
+    private String action;
+    private String destPrefix;
+    private String sourcePrefix;
+    private Integer destPortStart;
+    private Integer destPortEnd;
+    private Integer icmpType;
+    private String protocol;
+    private NetrisPortGroup portGroup;
+    private String netrisAclName;
+    private String reason;
+
+
+    public CreateOrUpdateNetrisACLCommand(long zoneId, Long accountId, Long domainId, String name, Long id, String vpcName, Long vpcId, boolean isVpc, String action,
+                                          String sourcePrefix, String destPrefix, Integer destPortStart, Integer destPortEnd, String protocol) {
+        super(zoneId, accountId, domainId, name, id, isVpc);
+        this.vpcName = vpcName;
+        this.vpcId = vpcId;
+        this.action = action;
+        this.sourcePrefix = sourcePrefix;
+        this.destPrefix = destPrefix;
+        this.destPortStart = destPortStart;
+        this.destPortEnd = destPortEnd;
+        this.protocol = protocol;
+    }
+
+    public String getVpcName() {
+        return vpcName;
+    }
+
+    public void setVpcName(String vpcName) {
+        this.vpcName = vpcName;
+    }
+
+    public Long getVpcId() {
+        return vpcId;
+    }
+
+    public void setVpcId(Long vpcId) {
+        this.vpcId = vpcId;
+    }
+
+    public String getAction() {
+        return action;
+    }
+
+    public String getDestPrefix() {
+        return destPrefix;
+    }
+
+    public String getSourcePrefix() {
+        return sourcePrefix;
+    }
+
+    public Integer getDestPortStart() {
+        return destPortStart;
+    }
+
+    public Integer getDestPortEnd() {
+        return destPortEnd;
+    }
+
+    public String getProtocol() {
+        return protocol;
+    }
+
+    public NetrisPortGroup getPortGroup() {
+        return portGroup;
+    }
+
+    public void setPortGroup(NetrisPortGroup portGroup) {
+        this.portGroup = portGroup;
+    }
+
+    public Integer getIcmpType() {
+        return icmpType;
+    }
+
+    public void setIcmpType(Integer icmpType) {
+        this.icmpType = icmpType;
+    }
+
+    public String getNetrisAclName() {
+        return netrisAclName;
+    }
+
+    public void setNetrisAclName(String netrisAclName) {
+        this.netrisAclName = netrisAclName;
+    }
+
+    public String getReason() {
+        return reason;
+    }
+
+    public void setReason(String reason) {
+        this.reason = reason;
+    }
+}

plugins/network-elements/netris/src/main/java/org/apache/cloudstack/resource/NetrisResource.java

@@ -29,7 +29,7 @@
 import com.cloud.network.vpc.StaticRoute;
 import com.cloud.resource.ServerResource;
 import com.cloud.utils.exception.CloudRuntimeException;
-import org.apache.cloudstack.agent.api.CreateNetrisACLCommand;
+import org.apache.cloudstack.agent.api.CreateOrUpdateNetrisACLCommand;
 import org.apache.cloudstack.agent.api.AddOrUpdateNetrisStaticRouteCommand;
 import org.apache.cloudstack.agent.api.CreateNetrisVnetCommand;
 import org.apache.cloudstack.agent.api.CreateNetrisVpcCommand;
@@ -120,8 +120,8 @@ public Answer executeRequest(Command cmd) {
             return executeRequest((DeleteNetrisNatRuleCommand) cmd);
         } else if (cmd instanceof CreateOrUpdateNetrisNatCommand) {
           return executeRequest((CreateOrUpdateNetrisNatCommand) cmd);
-        } else if (cmd instanceof CreateNetrisACLCommand) {
-            return executeRequest((CreateNetrisACLCommand) cmd);
+        } else if (cmd instanceof CreateOrUpdateNetrisACLCommand) {
+            return executeRequest((CreateOrUpdateNetrisACLCommand) cmd);
         } else if (cmd instanceof DeleteNetrisACLCommand) {
             return executeRequest((DeleteNetrisACLCommand) cmd);
         } else if (cmd instanceof ListNetrisStaticRoutesCommand) {
@@ -360,8 +360,8 @@ private Answer executeRequest(DeleteNetrisNatRuleCommand cmd) {
         return new NetrisAnswer(cmd, true, "OK");
     }
 
-    private Answer executeRequest(CreateNetrisACLCommand cmd) {
-        boolean result = netrisApiClient.addAclRule(cmd, false);
+    private Answer executeRequest(CreateOrUpdateNetrisACLCommand cmd) {
+        boolean result = netrisApiClient.addOrUpdateAclRule(cmd, false);
         if (!result) {
             return new NetrisAnswer(cmd, false, String.format("Creation of Netris ACL rule: %s failed", cmd.getNetrisAclName()));
         }

plugins/network-elements/netris/src/main/java/org/apache/cloudstack/service/NetrisApiClient.java

@@ -21,7 +21,7 @@
 import io.netris.model.GetSiteBody;
 import io.netris.model.VPCListing;
 import io.netris.model.response.TenantResponse;
-import org.apache.cloudstack.agent.api.CreateNetrisACLCommand;
+import org.apache.cloudstack.agent.api.CreateOrUpdateNetrisACLCommand;
 import org.apache.cloudstack.agent.api.AddOrUpdateNetrisStaticRouteCommand;
 import org.apache.cloudstack.agent.api.CreateNetrisVnetCommand;
 import org.apache.cloudstack.agent.api.CreateNetrisVpcCommand;
@@ -89,7 +89,7 @@ public interface NetrisApiClient {
     boolean createOrUpdateDNATRule(CreateOrUpdateNetrisNatCommand cmd);
     boolean createStaticNatRule(CreateOrUpdateNetrisNatCommand cmd);
     boolean deleteNatRule(DeleteNetrisNatRuleCommand cmd);
-    boolean addAclRule(CreateNetrisACLCommand cmd, boolean forLb);
+    boolean addOrUpdateAclRule(CreateOrUpdateNetrisACLCommand cmd, boolean forLb);
     boolean deleteAclRule(DeleteNetrisACLCommand cmd, boolean forLb);
     boolean addOrUpdateStaticRoute(AddOrUpdateNetrisStaticRouteCommand cmd);
     boolean deleteStaticRoute(DeleteNetrisStaticRouteCommand cmd);

plugins/network-elements/netris/src/main/java/org/apache/cloudstack/service/NetrisApiClientImpl.java

@@ -43,13 +43,15 @@
 import io.netris.model.AclAddItem;
 import io.netris.model.AclBodyVpc;
 import io.netris.model.AclDeleteItem;
+import io.netris.model.AclEditItem;
 import io.netris.model.AclGetBody;
 import io.netris.model.AclResponseGetOk;
 import io.netris.model.AllocationBody;
 import io.netris.model.AllocationBodyVpc;
 import io.netris.model.FilterBySites;
 import io.netris.model.FilterByVpc;
 import io.netris.model.GetSiteBody;
+
 import io.netris.model.InlineResponse20015;
 import io.netris.model.InlineResponse20016;
 import io.netris.model.InlineResponse2003;
@@ -112,7 +114,7 @@
 import io.netris.model.response.L4LbEditResponse;
 import io.netris.model.response.TenantResponse;
 import io.netris.model.response.TenantsResponse;
-import org.apache.cloudstack.agent.api.CreateNetrisACLCommand;
+import org.apache.cloudstack.agent.api.CreateOrUpdateNetrisACLCommand;
 import org.apache.cloudstack.agent.api.AddOrUpdateNetrisStaticRouteCommand;
 import org.apache.cloudstack.agent.api.CreateOrUpdateNetrisLoadBalancerRuleCommand;
 import org.apache.cloudstack.agent.api.CreateOrUpdateNetrisNatCommand;
@@ -386,42 +388,10 @@ public boolean deleteNatRule(DeleteNetrisNatRuleCommand cmd) {
     }
 
     @Override
-    public boolean addAclRule(CreateNetrisACLCommand cmd, boolean forLb) {
+    public boolean addOrUpdateAclRule(CreateOrUpdateNetrisACLCommand cmd, boolean forLb) {
         String aclName = cmd.getNetrisAclName();
         try {
             AclApi aclApi = apiClient.getApiStubForMethod(AclApi.class);
-            AclAddItem aclAddItem = new AclAddItem();
-            aclAddItem.setAction(cmd.getAction());
-            aclAddItem.setComment(String.format("ACL rule: %s. %s", cmd.getNetrisAclName(), cmd.getReason()));
-            aclAddItem.setName(aclName);
-            String protocol = cmd.getProtocol();
-            if ("TCP".equals(protocol)) {
-                aclAddItem.setEstablished(new BigDecimal(1));
-            } else {
-                aclAddItem.setReverse("yes");
-            }
-            if (!Arrays.asList(PROTOCOL_LIST).contains(protocol)) {
-                aclAddItem.setProto("ip");
-                aclAddItem.setSrcPortTo(cmd.getIcmpType());
-                // TODO: set proto number: where should the protocol number be set - API sets the protocol number to Src-from & to and Dest-from & to fields
-            } else if ("ICMP".equals(protocol)) {
-                aclAddItem.setProto("icmp");
-                if (cmd.getIcmpType() != -1) {
-                    aclAddItem.setIcmpType(cmd.getIcmpType());
-                }
-            } else {
-                aclAddItem.setProto(protocol.toLowerCase(Locale.ROOT));
-            }
-
-            aclAddItem.setDstPortFrom(cmd.getDestPortStart());
-            aclAddItem.setDstPortTo(cmd.getDestPortEnd());
-            aclAddItem.setDstPrefix(cmd.getDestPrefix());
-            aclAddItem.setSrcPrefix(cmd.getSourcePrefix());
-            aclAddItem.setSrcPortFrom(1);
-            aclAddItem.setSrcPortTo(65535);
-            if (NatPutBody.ProtocolEnum.ICMP.name().equalsIgnoreCase(protocol)) {
-                aclAddItem.setIcmpType(cmd.getIcmpType());
-            }
             VPCListing vpcResource;
             String netrisVpcName;
             if (forLb) {
@@ -436,20 +406,108 @@ public boolean addAclRule(CreateNetrisACLCommand cmd, boolean forLb) {
                 }
             }
             AclBodyVpc vpc = new AclBodyVpc().id(vpcResource.getId());
-            aclAddItem.setVpc(vpc);
             List<String> aclNames = List.of(aclName);
             Pair<Boolean, List<BigDecimal>> resultAndMatchingAclIds = getMatchingAclIds(aclNames, netrisVpcName);
-            if (!resultAndMatchingAclIds.second().isEmpty()) {
-                logger.debug("Netris ACL rule: {} already exists", aclName);
+            List<BigDecimal> aclIdList = resultAndMatchingAclIds.second();
+            if (!aclIdList.isEmpty()) {
+                logger.debug("Netris ACL rule: {} already exists, updating it...", aclName);
+                AclEditItem aclEditItem = getAclEditItem(cmd, aclName, aclIdList.get(0));
+                aclEditItem.setVpc(vpc);
+                try {
+                    aclApi.apiAclPut(aclEditItem);
+                } catch (ApiException e) {
+                    if (e.getResponseBody().contains("This kind of acl already exists")) {
+                        logger.info("Netris ACL rule: {} already exists and doesn't need to be updated", aclName);
+                        return true;
+                    }
+                    throw new CloudRuntimeException("Error updating Netris ACL rule", e);
+                }
                 return true;
             }
+            AclAddItem aclAddItem = getAclAddItem(cmd, aclName);
+            aclAddItem.setVpc(vpc);
             aclApi.apiAclPost(aclAddItem);
         } catch (ApiException e) {
             logAndThrowException(String.format("Failed to create Netris ACL: %s", cmd.getNetrisAclName()), e);
         }
         return true;
     }
 
+    AclAddItem getAclAddItem(CreateOrUpdateNetrisACLCommand cmd, String aclName) throws ApiException {
+        AclAddItem aclAddItem = new AclAddItem();
+        aclAddItem.setAction(cmd.getAction());
+        aclAddItem.setComment(String.format("ACL rule: %s. %s", cmd.getNetrisAclName(), cmd.getReason()));
+        aclAddItem.setName(aclName);
+        String protocol = cmd.getProtocol();
+        if ("TCP".equals(protocol)) {
+            aclAddItem.setEstablished(new BigDecimal(1));
+        } else {
+            aclAddItem.setReverse("yes");
+        }
+        if (!Arrays.asList(PROTOCOL_LIST).contains(protocol)) {
+            aclAddItem.setProto("ip");
+            aclAddItem.setSrcPortTo(cmd.getIcmpType());
+            // TODO: set proto number: where should the protocol number be set - API sets the protocol number to Src-from & to and Dest-from & to fields
+        } else if ("ICMP".equals(protocol)) {
+            aclAddItem.setProto("icmp");
+            if (cmd.getIcmpType() != -1) {
+                aclAddItem.setIcmpType(cmd.getIcmpType());
+            }
+        } else {
+            aclAddItem.setProto(protocol.toLowerCase(Locale.ROOT));
+        }
+
+        aclAddItem.setDstPortFrom(cmd.getDestPortStart());
+        aclAddItem.setDstPortTo(cmd.getDestPortEnd());
+        aclAddItem.setDstPrefix(cmd.getDestPrefix());
+        aclAddItem.setSrcPrefix(cmd.getSourcePrefix());
+        aclAddItem.setSrcPortFrom(1);
+        aclAddItem.setSrcPortTo(65535);
+        if (NatPutBody.ProtocolEnum.ICMP.name().equalsIgnoreCase(protocol)) {
+            aclAddItem.setIcmpType(cmd.getIcmpType());
+        }
+
+        return aclAddItem;
+    }
+
+    AclEditItem getAclEditItem(CreateOrUpdateNetrisACLCommand cmd, String aclName, BigDecimal aclId) throws ApiException {
+        AclEditItem aclEditItem = new AclEditItem();
+        aclEditItem.setId(aclId);
+        aclEditItem.setAction(cmd.getAction());
+        aclEditItem.setComment(String.format("ACL rule: %s. %s", cmd.getNetrisAclName(), cmd.getReason()));
+        aclEditItem.setName(aclName);
+        String protocol = cmd.getProtocol();
+        if ("TCP".equals(protocol)) {
+            aclEditItem.setEstablished(new BigDecimal(1));
+        } else {
+            aclEditItem.setReverse("yes");
+        }
+        if (!Arrays.asList(PROTOCOL_LIST).contains(protocol)) {
+            aclEditItem.setProto("ip");
+            aclEditItem.setSrcPortTo(cmd.getIcmpType());
+            // TODO: set proto number: where should the protocol number be set - API sets the protocol number to Src-from & to and Dest-from & to fields
+        } else if ("ICMP".equals(protocol)) {
+            aclEditItem.setProto("icmp");
+            if (cmd.getIcmpType() != -1) {
+                aclEditItem.setIcmpType(cmd.getIcmpType());
+            }
+        } else {
+            aclEditItem.setProto(protocol.toLowerCase(Locale.ROOT));
+        }
+
+        aclEditItem.setDstPortFrom(cmd.getDestPortStart());
+        aclEditItem.setDstPortTo(cmd.getDestPortEnd());
+        aclEditItem.setDstPrefix(cmd.getDestPrefix());
+        aclEditItem.setSrcPrefix(cmd.getSourcePrefix());
+        aclEditItem.setSrcPortFrom(1);
+        aclEditItem.setSrcPortTo(65535);
+        if (NatPutBody.ProtocolEnum.ICMP.name().equalsIgnoreCase(protocol)) {
+            aclEditItem.setIcmpType(cmd.getIcmpType());
+        }
+
+        return aclEditItem;
+    }
+
     @Override
     public boolean deleteAclRule(DeleteNetrisACLCommand cmd, boolean forLb) {
         List<String> aclNames = cmd.getAclRuleNames();
@@ -768,12 +826,12 @@ public boolean createOrUpdateLbRule(CreateOrUpdateNetrisLoadBalancerRuleCommand
 
     private void applyAclRulesForLb(CreateOrUpdateNetrisLoadBalancerRuleCommand cmd, String lbName) {
         // Add deny all rule first
-        addAclRule(createNetrisACLRuleCommand(cmd, lbName, "ANY",
+        addOrUpdateAclRule(createNetrisACLRuleCommand(cmd, lbName, "ANY",
                 NetrisNetworkRule.NetrisRuleAction.DENY.name().toLowerCase(Locale.ROOT), 0), true);
         AtomicInteger cidrIndex = new AtomicInteger(1);
         for (String cidr : cmd.getCidrList().split(" ")) {
             try {
-                addAclRule(createNetrisACLRuleCommand(cmd, lbName, cidr,
+                addOrUpdateAclRule(createNetrisACLRuleCommand(cmd, lbName, cidr,
                         NetrisNetworkRule.NetrisRuleAction.PERMIT.name().toLowerCase(Locale.ROOT),
                         cidrIndex.getAndIncrement()), true);
             } catch (Exception e) {
@@ -782,7 +840,7 @@ private void applyAclRulesForLb(CreateOrUpdateNetrisLoadBalancerRuleCommand cmd,
         }
     }
 
-    private CreateNetrisACLCommand createNetrisACLRuleCommand(CreateOrUpdateNetrisLoadBalancerRuleCommand cmd, String netrisLbName, String cidr, String action, int index) {
+    private CreateOrUpdateNetrisACLCommand createNetrisACLRuleCommand(CreateOrUpdateNetrisLoadBalancerRuleCommand cmd, String netrisLbName, String cidr, String action, int index) {
         Long zoneId = cmd.getZoneId();
         Long accountId = cmd.getAccountId();
         Long domainId = cmd.getDomainId();
@@ -801,7 +859,7 @@ private CreateNetrisACLCommand createNetrisACLRuleCommand(CreateOrUpdateNetrisLo
         String destinationPrefix = cmd.getPublicIp() + "/32";
         String srcPort = cmd.getPublicPort();
         String dstPort = cmd.getPublicPort();
-        CreateNetrisACLCommand aclCommand = new CreateNetrisACLCommand(zoneId, accountId, domainId, networkName, networkId,
+        CreateOrUpdateNetrisACLCommand aclCommand = new CreateOrUpdateNetrisACLCommand(zoneId, accountId, domainId, networkName, networkId,
                 vpcName, vpcId, Objects.nonNull(vpcId), action, NetrisServiceImpl.getPrefix(cidr), NetrisServiceImpl.getPrefix(destinationPrefix),
                 Integer.parseInt(srcPort), Integer.parseInt(dstPort), cmd.getProtocol());
         String aclName;