apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

server: allow user to list available IPs on shared networks (#7898)

Browse Source 
This fixes #7817
This commit is contained in:
Wei Zhou 2023-08-24 18:12:01 +02:00 committed by GitHub
parent 8ad1009ad2
commit 3c38ed7a65
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java
View File

@ -56,6 +56,10 @@ public interface IpAddressManager {
"Set placement of vrouter ips in redundant mode in vpc tiers, this can be 3 value: `first` to use first ips in tiers, `last` to use last ips in tiers and `random` to take random ips in tiers.", "Set placement of vrouter ips in redundant mode in vpc tiers, this can be 3 value: `first` to use first ips in tiers, `last` to use last ips in tiers and `random` to take random ips in tiers.",
true, ConfigKey.Scope.Account, null, null, null, null, null, ConfigKey.Kind.Select, "first,last,random"); true, ConfigKey.Scope.Account, null, null, null, null, null, ConfigKey.Kind.Select, "first,last,random");
ConfigKey<Boolean> AllowUserListAvailableIpsOnSharedNetwork = new ConfigKey<Boolean>("Advanced", Boolean.class, "allow.user.list.available.ips.on.shared.network", "false",
"Determines whether users can list available IPs on shared networks",
true, ConfigKey.Scope.Global);
/** /**
* Assigns a new public ip address. * Assigns a new public ip address.
* *

2
server/src/main/java/com/cloud/network/IpAddressManagerImpl.java
View File

@ -2342,7 +2342,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage
@Override @Override
public ConfigKey<?>[] getConfigKeys() { public ConfigKey<?>[] getConfigKeys() {
return new ConfigKey<?>[] {UseSystemPublicIps, RulesContinueOnError, SystemVmPublicIpReservationModeStrictness, VrouterRedundantTiersPlacement}; return new ConfigKey<?>[] {UseSystemPublicIps, RulesContinueOnError, SystemVmPublicIpReservationModeStrictness, VrouterRedundantTiersPlacement, AllowUserListAvailableIpsOnSharedNetwork};
} }
/** /**

16
server/src/main/java/com/cloud/server/ManagementServerImpl.java
View File

@ -2323,6 +2323,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
isAllocated = Boolean.TRUE; isAllocated = Boolean.TRUE;
} }
} }
boolean isAllocatedTemp = isAllocated;
VlanType vlanType = null; VlanType vlanType = null;
if (forVirtualNetwork != null) { if (forVirtualNetwork != null) {
@ -2333,6 +2334,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
final Account caller = getCaller(); final Account caller = getCaller();
List<IPAddressVO> addrs = new ArrayList<>(); List<IPAddressVO> addrs = new ArrayList<>();
NetworkVO network = null; // shared network
if (vlanType == VlanType.DirectAttached && networkId == null && ipId == null) { // only root admin can list public ips in all shared networks if (vlanType == VlanType.DirectAttached && networkId == null && ipId == null) { // only root admin can list public ips in all shared networks
if (caller.getType() != Account.Type.ADMIN) { if (caller.getType() != Account.Type.ADMIN) {
@ -2341,7 +2343,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
} else if (vlanType == VlanType.DirectAttached) { } else if (vlanType == VlanType.DirectAttached) {
// list public ip address on shared network // list public ip address on shared network
// access control. admin: all Ips, domain admin/user: all Ips in shared network in the domain/sub-domain/user // access control. admin: all Ips, domain admin/user: all Ips in shared network in the domain/sub-domain/user
NetworkVO network = null;
if (networkId == null) { if (networkId == null) {
IPAddressVO ip = _publicIpAddressDao.findById(ipId); IPAddressVO ip = _publicIpAddressDao.findById(ipId);
if (ip == null) { if (ip == null) {
@ -2475,7 +2476,20 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
for (IPAddressVO addr: freeAddrs) { for (IPAddressVO addr: freeAddrs) {
freeAddrIds.add(addr.getId()); freeAddrIds.add(addr.getId());
} }
} else if (vlanType == VlanType.DirectAttached && network != null && !isAllocatedTemp && isAllocated) {
if (caller.getType() != Account.Type.ADMIN && !IpAddressManager.AllowUserListAvailableIpsOnSharedNetwork.value()) {
s_logger.debug("Non-admin users are not allowed to list available IPs on shared networks");
} else {
final SearchBuilder<IPAddressVO> searchBuilder = _publicIpAddressDao.createSearchBuilder();
buildParameters(searchBuilder, cmd, false);
SearchCriteria<IPAddressVO> searchCriteria = searchBuilder.create();
setParameters(searchCriteria, cmd, vlanType, false);
searchCriteria.setParameters("state", IpAddress.State.Free.name());
addrs.addAll(_publicIpAddressDao.search(searchCriteria, searchFilter)); // Free IPs on shared network
}
} }
if (freeAddrIds.size() > 0) { if (freeAddrIds.size() > 0) {
final SearchBuilder<IPAddressVO> sb2 = _publicIpAddressDao.createSearchBuilder(); final SearchBuilder<IPAddressVO> sb2 = _publicIpAddressDao.createSearchBuilder();
buildParameters(sb2, cmd, false); buildParameters(sb2, cmd, false);