[WIP] Switch default ACL to Deny on the public_ips

cosmic-core/engine/schema/src/main/java/com/cloud/network/dao/IPAddressDaoImpl.java

@@ -4,6 +4,7 @@
 import com.cloud.dc.VlanVO;
 import com.cloud.dc.dao.VlanDao;
 import com.cloud.network.IpAddress.State;
+import com.cloud.network.vpc.NetworkACL;
 import com.cloud.resourcedetail.dao.UserIpAddressDetailsDao;
 import com.cloud.tags.dao.ResourceTagDao;
 import com.cloud.utils.db.DB;
@@ -157,6 +158,7 @@ public IPAddressVO markAsUnavailable(final long ipAddressId) {
 
         final IPAddressVO ip = createForUpdate();
         ip.setState(State.Releasing);
+        ip.setIpACLId(NetworkACL.DEFAULT_DENY);
         if (update(ip, sc) != 1) {
             return null;
         }

cosmic-core/engine/schema/src/main/java/com/cloud/network/dao/IPAddressVO.java

@@ -1,6 +1,7 @@
 package com.cloud.network.dao;
 
 import com.cloud.network.IpAddress;
+import com.cloud.network.vpc.NetworkACL;
 import com.cloud.utils.db.GenericDao;
 import com.cloud.utils.net.Ip;
 
@@ -84,7 +85,7 @@ public class IPAddressVO implements IpAddress {
 
     protected IPAddressVO() {
         uuid = UUID.randomUUID().toString();
-        ipACLId = 2L; // Default Allow ACL
+        ipACLId = NetworkACL.DEFAULT_DENY;
     }
 
     public IPAddressVO(final Ip address, final long dataCenterId, final long macAddress, final long vlanDbId, final boolean sourceNat) {
@@ -98,7 +99,7 @@ public IPAddressVO(final Ip address, final long dataCenterId, final long macAddr
         state = State.Free;
         this.macAddress = macAddress;
         uuid = UUID.randomUUID().toString();
-        ipACLId = 2L; // Default Allow ACL
+        ipACLId = NetworkACL.DEFAULT_DENY;
     }
 
     public IPAddressVO(final Ip address, final long dataCenterId, final Long networkId, final Long vpcId, final long physicalNetworkId, final long sourceNetworkId, final long
@@ -111,7 +112,7 @@ public IPAddressVO(final Ip address, final long dataCenterId, final Long network
         this.sourceNetworkId = sourceNetworkId;
         vlanId = vlanDbId;
         uuid = UUID.randomUUID().toString();
-        ipACLId = 2L; // Default Allow ACL
+        ipACLId = NetworkACL.DEFAULT_DENY;
     }
 
     public void setId(final long id) {

cosmic-core/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java

@@ -55,6 +55,7 @@
 import com.cloud.network.rules.FirewallRuleVO;
 import com.cloud.network.rules.RulesManager;
 import com.cloud.network.rules.StaticNat;
+import com.cloud.network.vpc.NetworkACL;
 import com.cloud.network.vpc.Vpc;
 import com.cloud.network.vpc.VpcVO;
 import com.cloud.network.vpc.dao.VpcDao;
@@ -644,6 +645,7 @@ public IPAddressVO doInTransaction(final TransactionStatus status) throws Insuff
                 addr.setAllocatedInDomainId(owner.getDomainId());
                 addr.setAllocatedToAccountId(owner.getId());
                 addr.setSystem(isSystem);
+                addr.setIpACLId(NetworkACL.DEFAULT_DENY);
                 if (displayIp != null) {
                     addr.setDisplay(displayIp);
                 }
@@ -795,6 +797,7 @@ public boolean applyIpAssociations(final Network network, final boolean continue
         for (final IPAddressVO addr : userIps) {
             if (addr.getState() == IpAddress.State.Allocating) {
                 addr.setAssociatedWithNetworkId(network.getId());
+                addr.setIpACLId(NetworkACL.DEFAULT_DENY);
                 markPublicIpAsAllocated(addr);
             } else if (addr.getState() == IpAddress.State.Releasing) {
                 // Cleanup all the resources for ip address if there are any, and only then un-assign ip in the system