Hi all, There is this functionality that seems to be wrong and I would like to double check with you all. Actually this functionality could be considered very important so I appreciate collaboration.
It's about the functionality for ACLs shared among networks. Let's say you have a VPC with Networks NW1 and NW2, and you have and ACL (what Cloudstack calls ACLList) with several rules, and you choose this ACL as the ACL for both NW1 and NW2. The current functionality is that in general if you modify the ACL this change will affect NW1 and NW2 of course. But there is a special case: you could send the parameter networkid. It makes sense that if you send a createNetowrkACL request to allow additional traffic and you specifically state NW1, this should not affect NW2. The proposal then is to change this functionality so that, if and only if the request specifies a networkid, the command should only affect the specified network. Which in Java terms will mean that if other networks use the same ACLList, it will be cloned and then the command will be applied to the new clone that will be assigned to the given network. Note that: * The new clone ACL List is created only if it is actually shared with more networks, otherwise it doesn't make sense. * The name for the new ACL List will be the same old name plus a random suffix. Any thoughts? Reasons not to go this way? Thanks and cheers Antonio Schuberg Philis - MCE
