cloudstack icon indicating copy to clipboard operation
cloudstack copied to clipboard
verified publisher icon apache

import network acl rules using csv

Open sudo87 opened this issue 1 month ago • 21 comments

Description

This PR fixes https://github.com/apache/cloudstack/issues/8858

Types of changes

  • [ ] Breaking change (fix or feature that would cause existing functionality to change)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] Enhancement (improves an existing feature and functionality)
  • [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
  • [ ] Build/CI
  • [ ] Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • [ ] Major
  • [x] Minor

Bug Severity

  • [ ] BLOCKER
  • [ ] Critical
  • [ ] Major
  • [ ] Minor
  • [ ] Trivial

Screenshots (if appropriate):

https://github.com/user-attachments/assets/26f3b100-873e-4ab2-80df-6615f7334ad8

How Has This Been Tested?

Test file: AclRules-test-acls-e27d1e32-09b6-4cb9-acde-2a748d857678.csv

How did you try to break this feature and the system with this change?

sudo87 avatar Nov 07 '25 04:11 sudo87

Codecov Report

:x: Patch coverage is 0% with 130 lines in your changes missing coverage. Please review. :white_check_mark: Project coverage is 17.55%. Comparing base (d160731) to head (a44eacd). :warning: Report is 33 commits behind head on 4.22.

Files with missing lines Patch % Lines
...a/com/cloud/network/vpc/NetworkACLServiceImpl.java 0.00% 71 Missing :warning:
.../api/command/user/network/ImportNetworkACLCmd.java 0.00% 38 Missing :warning:
.../api/command/user/network/CreateNetworkACLCmd.java 0.00% 20 Missing :warning:
...in/java/com/cloud/server/ManagementServerImpl.java 0.00% 1 Missing :warning:
Additional details and impacted files 
@@             Coverage Diff              @@
##               4.22   #12013      +/-   ##
============================================
- Coverage     17.56%   17.55%   -0.02%     
- Complexity    15545    15547       +2     
============================================
  Files          5909     5912       +3     
  Lines        529056   529367     +311     
  Branches      64617    64670      +53     
============================================
- Hits          92947    92938       -9     
- Misses       425654   425971     +317     
- Partials      10455    10458       +3
Flag Coverage Δ
uitests 3.57% <ø> (-0.02%) :arrow_down:
unittests 18.62% <0.00%> (-0.01%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Nov 07 '25 04:11 codecov[bot]

@blueorangutan package

sudo87 avatar Nov 10 '25 11:11 sudo87

@sudo87 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan avatar Nov 10 '25 11:11 blueorangutan

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15706

blueorangutan avatar Nov 10 '25 13:11 blueorangutan

@blueorangutan test keepEnv

DaanHoogland avatar Nov 12 '25 13:11 DaanHoogland

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

blueorangutan avatar Nov 12 '25 13:11 blueorangutan

@blueorangutan package

sudo87 avatar Nov 13 '25 04:11 sudo87

@sudo87 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan avatar Nov 13 '25 04:11 blueorangutan

[SF] Trillian test result (tid-14811) Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8 Total time taken: 54425 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr12013-t14811-kvm-ol8.zip Smoke tests completed. 147 look OK, 2 have errors, 0 did not run Only failed and skipped tests results shown below:

Test Result Time (s) Test File
test_01_ssl_offloading_isolated_network Failure 323.17 test_ssl_offloading.py
test_01_redundant_vpc_site2site_vpn Failure 419.80 test_vpc_vpn.py

blueorangutan avatar Nov 13 '25 05:11 blueorangutan

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15736

blueorangutan avatar Nov 13 '25 06:11 blueorangutan

[SF] Trillian test result (tid-14868) Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8 Total time taken: 52382 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr12013-t14868-kvm-ol8.zip Smoke tests completed. 149 look OK, 0 have errors, 0 did not run Only failed and skipped tests results shown below:

Test Result Time (s) Test File

blueorangutan avatar Nov 26 '25 00:11 blueorangutan

this is very confusing to a user. the reason is probably because a rule already existed and it is counterintuitive to not allow it. We might add a flag allowing overwriting it. tested and works as expected otherwise.

DaanHoogland avatar Dec 01 '25 13:12 DaanHoogland

Screenshot 2025-12-10 at 1 04 00 PM

sudo87 avatar Dec 10 '25 07:12 sudo87

@blueorangutan package

sudo87 avatar Dec 10 '25 08:12 sudo87

@sudo87 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan avatar Dec 10 '25 08:12 blueorangutan

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15973

blueorangutan avatar Dec 10 '25 09:12 blueorangutan

@blueorangutan test

sudo87 avatar Dec 10 '25 10:12 sudo87

@sudo87 a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

blueorangutan avatar Dec 10 '25 10:12 blueorangutan

Thank you @sureshanaparti for your review comments.

sudo87 avatar Dec 10 '25 12:12 sudo87

[SF] Trillian test result (tid-14957) Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8 Total time taken: 54625 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr12013-t14957-kvm-ol8.zip Smoke tests completed. 144 look OK, 5 have errors, 0 did not run Only failed and skipped tests results shown below:

Test Result Time (s) Test File
test_updating_nics_on_two_shared_networks Error 2.74 test_gateway_on_shared_networks.py
ContextSuite context=TestGatewayOnSharedNetwork>:teardown Error 4.97 test_gateway_on_shared_networks.py
test_uservm_host_control_state Failure 17.04 test_host_control_state.py
ContextSuite context=TestHostControlState>:teardown Error 32.71 test_host_control_state.py
test_01_primary_storage_nfs Error 0.21 test_primary_storage.py
ContextSuite context=TestStorageTags>:setup Error 0.34 test_primary_storage.py
test_01_primary_storage_scope_change Error 0.13 test_primary_storage_scope.py
test_02_unsecure_vm_migration Error 786.42 test_vm_life_cycle.py

blueorangutan avatar Dec 11 '25 02:12 blueorangutan

[SF] Trillian test result (tid-14966) Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8 Total time taken: 58833 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr12013-t14966-kvm-ol8.zip Smoke tests completed. 137 look OK, 12 have errors, 0 did not run Only failed and skipped tests results shown below:

Test Result Time (s) Test File
test_DeployVmAntiAffinityGroup_in_project Error 72.87 test_affinity_groups_projects.py
test_DeployVmAntiAffinityGroup Error 25.89 test_affinity_groups.py
test_01_condensed_drs_algorithm Error 18.68 test_cluster_drs.py
test_02_balanced_drs_algorithm Error 19.63 test_cluster_drs.py
ContextSuite context=TestClusterDRS>:teardown Error 20.68 test_cluster_drs.py
test_01_internallb_roundrobin_1VPC_3VM_HTTP_port80 Failure 49.42 test_internal_lb.py
test_02_internallb_roundrobin_1RVPC_3VM_HTTP_port80 Failure 50.40 test_internal_lb.py
test_03_vpc_internallb_haproxy_stats_on_all_interfaces Failure 49.53 test_internal_lb.py
test_04_rvpc_internallb_haproxy_stats_on_all_interfaces Failure 98.40 test_internal_lb.py
test_03_create_vpc_domain_vpc_offering Error 54.95 test_domain_vpc_offerings.py
test_uservm_host_control_state Failure 16.83 test_host_control_state.py
ContextSuite context=TestHostControlState>:teardown Error 35.32 test_host_control_state.py
test_03_deploy_and_scale_kubernetes_cluster Failure 35.85 test_kubernetes_clusters.py
test_08_upgrade_kubernetes_ha_cluster Failure 110.22 test_kubernetes_clusters.py
test_12_test_deploy_cluster_different_offerings_per_node_type Failure 96.08 test_kubernetes_clusters.py
test_01_non_strict_host_anti_affinity Failure 74.04 test_nonstrict_affinity_group.py
test_02_non_strict_host_affinity Error 36.27 test_nonstrict_affinity_group.py
test_02_L2_persistent_network Failure 1.80 test_persistent_network.py
test_03_deploy_and_destroy_VM_and_verify_network_resources_persist Failure 22.30 test_persistent_network.py
test_02_vpc_privategw_static_routes Failure 97.27 test_privategw_acl.py
test_03_vpc_privategw_restart_vpc_cleanup Failure 93.13 test_privategw_acl.py
test_04_rvpc_privategw_static_routes Failure 101.16 test_privategw_acl.py
test_03_create_vpc_with_specified_source_nat_ip_address Error 52.04 test_set_sourcenat.py
test_04_change_source_nat_ip_address_for_vpc Error 102.81 test_set_sourcenat.py
test_01_vpn_usage Error 1.07 test_usage.py

blueorangutan avatar Dec 12 '25 01:12 blueorangutan