Merge remote-tracking branch 'origin/4.11'

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

api/src/org/apache/cloudstack/acl/APIAclChecker.java

@@ -0,0 +1,23 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.acl;
+
+/**
+ * Marker interface to differentiate ACL APICheckers from others (for example, a rate limit checker)
+ */
+public interface APIAclChecker extends APIChecker {
+}

core/src/main/resources/META-INF/cloudstack/api/spring-core-lifecycle-api-context-inheritable.xml

@@ -51,6 +51,11 @@
         <property name="registry" ref="apiCheckersRegistry" />
         <property name="typeClass" value="org.apache.cloudstack.acl.APIChecker" />
     </bean>
+
+    <bean class="org.apache.cloudstack.spring.lifecycle.registry.RegistryLifecycle">
+        <property name="registry" ref="apiAclCheckersRegistry" />
+        <property name="typeClass" value="org.apache.cloudstack.acl.APIAclChecker" />
+    </bean>
     
     <bean class="org.apache.cloudstack.spring.lifecycle.registry.RegistryLifecycle">
         <property name="registry" ref="querySelectorsRegistry" />

core/src/main/resources/META-INF/cloudstack/core/spring-core-registry-core-context.xml

@@ -264,6 +264,11 @@
         class="org.apache.cloudstack.spring.lifecycle.registry.ExtensionRegistry">
         <property name="excludeKey" value="api.checkers.exclude" />
     </bean>
+
+    <bean id="apiAclCheckersRegistry"
+          class="org.apache.cloudstack.spring.lifecycle.registry.ExtensionRegistry">
+        <property name="excludeKey" value="api.checkers.acl.exclude" />
+    </bean>
     
     <bean id="querySelectorsRegistry"
         class="org.apache.cloudstack.spring.lifecycle.registry.ExtensionRegistry">

plugins/acl/dynamic-role-based/src/main/java/org/apache/cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java

@@ -36,7 +36,7 @@ import com.cloud.utils.component.AdapterBase;
 import com.cloud.utils.component.PluggableService;
 import com.google.common.base.Strings;
 
-public class DynamicRoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
+public class DynamicRoleBasedAPIAccessChecker extends AdapterBase implements APIAclChecker {
 
     @Inject
     private AccountService accountService;

plugins/acl/static-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java

@@ -41,7 +41,7 @@ import com.cloud.utils.component.PluggableService;
 // This is the default API access checker that grab's the user's account
 // based on the account type, access is granted
 @Deprecated
-public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
+public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIAclChecker {
 
     protected static final Logger LOGGER = Logger.getLogger(StaticRoleBasedAPIAccessChecker.class);
 

server/src/main/java/com/cloud/server/ManagementServerImpl.java

@@ -3642,6 +3642,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
     public Pair<List<? extends SSHKeyPair>, Integer> listSSHKeyPairs(final ListSSHKeyPairsCmd cmd) {
         final String name = cmd.getName();
         final String fingerPrint = cmd.getFingerprint();
+        final String keyword = cmd.getKeyword();
 
         final Account caller = getCaller();
         final List<Long> permittedAccounts = new ArrayList<Long>();
@@ -3666,6 +3667,11 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
             sc.addAnd("fingerprint", SearchCriteria.Op.EQ, fingerPrint);
         }
 
+        if (keyword != null) {
+            sc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
+            sc.addOr("fingerprint", SearchCriteria.Op.LIKE, "%" + keyword + "%");
+        }
+
         final Pair<List<SSHKeyPairVO>, Integer> result = _sshKeyPairDao.searchAndCount(sc, searchFilter);
         return new Pair<List<? extends SSHKeyPair>, Integer>(result.first(), result.second());
     }

server/src/main/resources/META-INF/cloudstack/core/spring-server-core-misc-context.xml

@@ -44,7 +44,7 @@
 
     <bean id="apiDiscoveryServiceImpl"
         class="org.apache.cloudstack.discovery.ApiDiscoveryServiceImpl">
-        <property name="apiAccessCheckers" value="#{apiCheckersRegistry.registered}" />
+        <property name="apiAccessCheckers" value="#{apiAclCheckersRegistry.registered}" />
         <property name="services" value="#{apiCommandsRegistry.registered}" />
     </bean>
 

test/integration/smoke/test_service_offerings.py

@@ -31,7 +31,7 @@ from marvin.lib.common import (list_service_offering,
                                list_virtual_machines,
                                get_domain,
                                get_zone,
-                               get_template,
+                               get_test_template,
                                list_hosts)
 from nose.plugins.attrib import attr
 
@@ -167,13 +167,13 @@ class TestServiceOfferings(cloudstackTestCase):
             cls.apiclient,
             cls.services["service_offerings"]["tiny"]
         )
-        template = get_template(
+        template = get_test_template(
             cls.apiclient,
             cls.zone.id,
             cls.hypervisor
         )
         if template == FAILED:
-            assert False, "get_template() failed to return template"
+            assert False, "get_test_template() failed to return template"
 
         # Set Zones and disk offerings
         cls.services["small"]["zoneid"] = cls.zone.id
@@ -458,9 +458,9 @@ class TestCpuCapServiceOfferings(cloudstackTestCase):
         cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
         cls.services['mode'] = cls.zone.networktype
 
-        template = get_template(cls.apiclient, cls.zone.id, cls.hypervisor)
+        template = get_test_template(cls.apiclient, cls.zone.id, cls.hypervisor)
         if template == FAILED:
-            assert False, "get_template() failed to return template"
+            assert False, "get_test_template() failed to return template"
 
         cls.services["small"]["zoneid"] = cls.zone.id
         cls.services["small"]["template"] = template.id

tools/marvin/marvin/config/test_data.py

@@ -644,6 +644,26 @@ test_data = {
             "Lb": "VpcVirtualRouter"
         }
     },
+    "nw_offering_reduced_vpc": {
+        "name": 'Reduced Network for VPC',
+        "displaytext": 'Reduced Network for VPC',
+        "guestiptype": 'Isolated',
+        "supportedservices": 'Dhcp,StaticNat,SourceNat,NetworkACL,UserData,'
+                             'Dns',
+        "traffictype": 'GUEST',
+        "availability": 'Optional',
+        "tags": "native",
+        "useVpc": 'on',
+        "ispersistent": 'True',
+        "serviceProviderList": {
+            "Dhcp": "VpcVirtualRouter",
+            "StaticNat": "VpcVirtualRouter",
+            "SourceNat": "VpcVirtualRouter",
+            "NetworkACL": "VpcVirtualRouter",
+            "UserData": "VpcVirtualRouter",
+            "Dns": "VpcVirtualRouter"
+        }
+    },
     "nw_off_persistent_VPCVR_LB": {
         "name": "Persistent Network VPC with LB",
         "displaytext": "Persistent Network VPC No LB",