Skip to content
Snippets Groups Projects
Commit 15688990 authored by Masami  Suzuki's avatar Masami Suzuki Committed by Yas Naoi
Browse files

Issue #3086087 by Masami, yas, baldwinlouie: Fix all rules are deleted and no...

Issue #3086087 by Masami, yas, baldwinlouie: Fix all rules are deleted and no rule is saved on AWS Management Console if some error occurs while authorizing
parent cc465cb5
No related branches found
No related tags found
No related merge requests found
......@@ -232,6 +232,7 @@ class SecurityGroup extends CloudContentEntityBase implements SecurityGroupInter
])
->setDisplayOptions('form', [
'type' => 'ip_permission_item',
'weight' => -1,
]);
// Outbound permissions.
......
......@@ -117,12 +117,23 @@ class SecurityGroupCopyForm extends SecurityGroupEditForm {
$this->changeSelfGroupId($form);
// Update the inbound permissions.
$this->updateInboundPermissions($existing_group);
$inbound_result = $this->updateInboundPermissions($existing_group);
// Update the outbound permissions. This only applies to
// VPC security groups.
$outbound_result = TRUE;
if (!empty($entity->getVpcId())) {
$this->updateOutboundPermissions($existing_group);
$outbound_result = $this->updateOutboundPermissions($existing_group);
}
if (!$inbound_result && !$outbound_result) {
$this->messenger->addError($this->t("Inbound and Outbound Rules couldn't be saved because of the error from AWS."));
}
elseif (!$inbound_result) {
$this->messenger->addError($this->t("Inbound Rules couldn't be saved because of the error from AWS."));
}
elseif (!$outbound_result) {
$this->messenger->addError($this->t("Outbound Rules couldn't be saved because of the error from AWS."));
}
// Have the system refresh the security group.
......@@ -130,9 +141,11 @@ class SecurityGroupCopyForm extends SecurityGroupEditForm {
'GroupIds' => [$entity->getGroupId()],
], FALSE);
// Check API calls, see if the permissions updates were
// successful or not.
$this->validateAuthorize($entity);
if (count($this->messenger->messagesByType('error')) === 0) {
// Check API calls, see if the permissions updates were
// successful or not.
$this->validateAuthorize($entity);
}
if (count($this->messenger->messagesByType('status')) == 1) {
$this->messenger->deleteAll();
......@@ -148,6 +161,15 @@ class SecurityGroupCopyForm extends SecurityGroupEditForm {
$this->messenger->addError($this->t('Unable to update security group.'));
}
if (count($this->messenger->messagesByType('error')) > 0) {
if ($entity->id()) {
$form_state->setRedirectUrl($entity->toUrl('canonical'));
}
else {
$form_state->setRedirect('view.aws_cloud_security_group.list', ['cloud_context' => $entity->getCloudContext()]);
}
}
}
/**
......
......@@ -127,12 +127,23 @@ class SecurityGroupEditForm extends AwsCloudContentForm {
]);
// Update the inbound permissions.
$this->updateInboundPermissions($existing_group);
$inbound_result = $this->updateInboundPermissions($existing_group);
// Update the outbound permissions. This only applies to
// VPC security groups.
$outbound_result = TRUE;
if (!empty($entity->getVpcId())) {
$this->updateOutboundPermissions($existing_group);
$outbound_result = $this->updateOutboundPermissions($existing_group);
}
if (!$inbound_result && !$outbound_result) {
$this->messenger->addError($this->t("Inbound and Outbound Rules couldn't be saved because of the error from AWS."));
}
elseif (!$inbound_result) {
$this->messenger->addError($this->t("Inbound Rules couldn't be saved because of the error from AWS."));
}
elseif (!$outbound_result) {
$this->messenger->addError($this->t("Outbound Rules couldn't be saved because of the error from AWS."));
}
// Have the system refresh the security group.
......@@ -140,18 +151,24 @@ class SecurityGroupEditForm extends AwsCloudContentForm {
'GroupIds' => [$this->entity->getGroupId()],
], FALSE);
// Check API calls, see if the permissions updates were
// successful or not.
$this->validateAuthorize($entity);
if (count($this->messenger->messagesByType('error')) === 0) {
// Check API calls, see if the permissions updates were
// successful or not.
$this->validateAuthorize($entity);
$form_state->setRedirect('entity.aws_cloud_security_group.canonical', [
'cloud_context' => $entity->getCloudContext(),
'aws_cloud_security_group' => $entity->id(),
]);
}
}
else {
$this->messenger->addError($this->t('Unable to update security group.'));
}
$form_state->setRedirect('entity.aws_cloud_security_group.canonical', [
'cloud_context' => $entity->getCloudContext(),
'aws_cloud_security_group' => $entity->id(),
]);
if (count($this->messenger->messagesByType('error')) > 0) {
$form_state->setRebuild();
}
}
/**
......@@ -188,7 +205,26 @@ class SecurityGroupEditForm extends AwsCloudContentForm {
// Setup permissions array for AuthorizeSecurityGroupIngress.
$permissions['GroupId'] = $this->entity->getGroupId();
$this->ec2Service->authorizeSecurityGroupIngress($permissions);
if (count($this->messenger->messagesByType('error')) >= 1) {
if (count($existing_group['SecurityGroups'][0]['IpPermissions']) > 0) {
// If the error occurs, resave rules of AWS resource.
$existing_permissions = [];
$existing_permissions['GroupId'] = $this->entity->getGroupId();
foreach ($existing_group['SecurityGroups'][0]['IpPermissions'] as $permission) {
foreach ($permission as $key => $value) {
if ($value !== 0 && $value !== FALSE && empty($value)) {
unset($permission[$key]);
}
}
$existing_permissions['IpPermissions'][] = $permission;
}
$this->ec2Service->authorizeSecurityGroupIngress($existing_permissions);
}
return FALSE;
}
}
return TRUE;
}
/**
......@@ -209,20 +245,40 @@ class SecurityGroupEditForm extends AwsCloudContentForm {
'IpPermissions' => $security_group,
]);
}
// Setup the ip_permissions array.
$iterator = $this->entity->getOutboundPermission()->getIterator();
while ($iterator->valid()) {
// Add the permission to the IPPermissions objects.
$permissions['IpPermissions'][] = $this->formatIpPermissionForAuthorize($iterator->current(), TRUE);
$iterator->next();
}
}
// Setup the ip_permissions array.
$iterator = $this->entity->getOutboundPermission()->getIterator();
while ($iterator->valid()) {
// Add the permission to the IPPermissions objects.
$permissions['IpPermissions'][] = $this->formatIpPermissionForAuthorize($iterator->current(), TRUE);
$iterator->next();
}
if (isset($permissions['IpPermissions']) && count($permissions['IpPermissions'])) {
// Setup permissions array for AuthorizeSecurityGroupIngress.
$permissions['GroupId'] = $this->entity->getGroupId();
$this->ec2Service->authorizeSecurityGroupEgress($permissions);
if (isset($permissions['IpPermissions']) && count($permissions['IpPermissions'])) {
$error_count = count($this->messenger->messagesByType('error'));
// Setup permissions array for AuthorizeSecurityGroupIngress.
$permissions['GroupId'] = $this->entity->getGroupId();
$this->ec2Service->authorizeSecurityGroupEgress($permissions);
if (count($this->messenger->messagesByType('error')) > $error_count) {
if (count($existing_group['SecurityGroups'][0]['IpPermissionsEgress']) > 0) {
// If the error occurs, resave rules of AWS resource.
$existing_permissions = [];
$existing_permissions['GroupId'] = $this->entity->getGroupId();
foreach ($existing_group['SecurityGroups'][0]['IpPermissionsEgress'] as $permission) {
foreach ($permission as $key => $value) {
if ($value !== 0 && $value !== FALSE && empty($value)) {
unset($permission[$key]);
}
}
$existing_permissions['IpPermissions'][] = $permission;
}
$this->ec2Service->authorizeSecurityGroupEgress($existing_permissions);
}
return FALSE;
}
}
return TRUE;
}
/**
......@@ -333,7 +389,7 @@ class SecurityGroupEditForm extends AwsCloudContentForm {
/* @var \Drupal\aws_cloud\Entity\Ec2\SecurityGroup $updated_group */
$updated_group = SecurityGroup::load($group->id());
if ($group->getIpPermission()->count() != $updated_group->getIpPermission()->count()) {
if ($group->getIpPermission()->count() !== $updated_group->getIpPermission()->count()) {
$this->messenger->addError(
$this->t('Error updating inbound permissions for security group @name', [
'@name' => $this->entity->label(),
......@@ -342,7 +398,7 @@ class SecurityGroupEditForm extends AwsCloudContentForm {
}
if (!empty($group->getVpcId())) {
if ($group->getOutboundPermission()->count() != $updated_group->getOutboundPermission()->count()) {
if ($group->getOutboundPermission()->count() !== $updated_group->getOutboundPermission()->count()) {
$this->messenger->addError(
$this->t('Error updating outbound permissions for security group @name', [
'@name' => $this->entity->label(),
......@@ -351,7 +407,7 @@ class SecurityGroupEditForm extends AwsCloudContentForm {
}
}
if (count($this->messenger->messagesByType('error')) == 0) {
if (count($this->messenger->messagesByType('error')) === 0) {
// No errors, success.
$this->messenger->addMessage(
$this->t('The AWS Cloud Security Group "@name" has been saved.', [
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment