From 7960dd429b2d59382845f664a81c72e4024442b5 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 11 Jan 2013 14:03:05 -0800 Subject: [PATCH 01/40] utils: Fix getByUuid to accept string arg, it's not gonna be anything else Due to generic programming, most classes declare Daos with ID as Long, so they get the getUuid(Long) definition, it has to be getUuid(String), uuid is not gonna be anything else. Fix GenericDaoBase and GenericDao. Signed-off-by: Rohit Yadav --- utils/src/com/cloud/utils/db/GenericDao.java | 2 +- utils/src/com/cloud/utils/db/GenericDaoBase.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/src/com/cloud/utils/db/GenericDao.java b/utils/src/com/cloud/utils/db/GenericDao.java index 2fae1afe43d..15d04b76a1c 100755 --- a/utils/src/com/cloud/utils/db/GenericDao.java +++ b/utils/src/com/cloud/utils/db/GenericDao.java @@ -56,7 +56,7 @@ public interface GenericDao { T findById(ID id, boolean fresh); // Finds one unique VO using uuid - T findByUuid(ID uuid); + T findByUuid(String uuid); /** * @return VO object ready to be used for update. It won't have any fields filled in. diff --git a/utils/src/com/cloud/utils/db/GenericDaoBase.java b/utils/src/com/cloud/utils/db/GenericDaoBase.java index 92e9e1c4405..880e9de22a8 100755 --- a/utils/src/com/cloud/utils/db/GenericDaoBase.java +++ b/utils/src/com/cloud/utils/db/GenericDaoBase.java @@ -915,7 +915,7 @@ public abstract class GenericDaoBase implements Gene @Override @DB(txn=false) @SuppressWarnings("unchecked") - public T findByUuid(final ID uuid) { + public T findByUuid(final String uuid) { SearchCriteria sc = createSearchCriteria(); sc.addAnd("uuid", SearchCriteria.Op.EQ, uuid); return findOneBy(sc); From 31dd412626ee3ab0bbdf99d8417d806b6a156582 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 11 Jan 2013 14:05:41 -0800 Subject: [PATCH 02/40] DomainService: Fix getDomain by uuid string Signed-off-by: Rohit Yadav --- api/src/com/cloud/user/DomainService.java | 2 ++ server/src/com/cloud/user/DomainManagerImpl.java | 5 +++++ server/test/com/cloud/user/MockDomainManagerImpl.java | 6 ++++++ 3 files changed, 13 insertions(+) diff --git a/api/src/com/cloud/user/DomainService.java b/api/src/com/cloud/user/DomainService.java index 6fbe1b9a8db..cd20060b710 100644 --- a/api/src/com/cloud/user/DomainService.java +++ b/api/src/com/cloud/user/DomainService.java @@ -30,6 +30,8 @@ public interface DomainService { Domain getDomain(long id); + Domain getDomain(String uuid); + /** * Return whether a domain is a child domain of a given domain. * diff --git a/server/src/com/cloud/user/DomainManagerImpl.java b/server/src/com/cloud/user/DomainManagerImpl.java index 123b8951b2e..54ca2ac44bd 100644 --- a/server/src/com/cloud/user/DomainManagerImpl.java +++ b/server/src/com/cloud/user/DomainManagerImpl.java @@ -85,6 +85,11 @@ public class DomainManagerImpl implements DomainManager, DomainService, Manager return _domainDao.findById(domainId); } + @Override + public Domain getDomain(String domainUuid) { + return _domainDao.findByUuid(domainUuid); + } + @Override public String getName() { return _name; diff --git a/server/test/com/cloud/user/MockDomainManagerImpl.java b/server/test/com/cloud/user/MockDomainManagerImpl.java index 6dc4d075b9e..9f49535ce68 100644 --- a/server/test/com/cloud/user/MockDomainManagerImpl.java +++ b/server/test/com/cloud/user/MockDomainManagerImpl.java @@ -46,6 +46,12 @@ public class MockDomainManagerImpl implements Manager, DomainManager { return null; } + @Override + public Domain getDomain(String uuid) { + // TODO Auto-generated method stub + return null; + } + @Override public boolean isChildDomain(Long parentId, Long childId) { // TODO Auto-generated method stub From 24687973a8ea8e2f665945295a6b34a19d93b02b Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 11 Jan 2013 14:07:27 -0800 Subject: [PATCH 03/40] ApiServer: Get rid of IdentityDao, reuse domain manager to get domain id Signed-off-by: Rohit Yadav --- server/src/com/cloud/api/ApiServer.java | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index 7663e8e724a..d34af67cff4 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -131,7 +131,6 @@ import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.db.SearchCriteria; import com.cloud.utils.db.Transaction; import com.cloud.utils.exception.CSExceptionErrorCode; -import com.cloud.uuididentity.dao.IdentityDao; public class ApiServer implements HttpRequestHandler { private static final Logger s_logger = Logger.getLogger(ApiServer.class.getName()); @@ -680,20 +679,13 @@ public class ApiServer implements HttpRequestHandler { if (ex instanceof ServerApiException && ((ServerApiException) ex).getErrorCode() == BaseCmd.UNSUPPORTED_ACTION_ERROR) { throw (ServerApiException) ex; } - s_logger.error("unable to verifty request signature", ex); + s_logger.error("unable to verify request signature", ex); } return false; } - public Long fetchDomainId(String domainUUID){ - ComponentLocator locator = ComponentLocator.getLocator(ManagementServer.Name); - IdentityDao identityDao = locator.getDao(IdentityDao.class); - try{ - Long domainId = identityDao.getIdentityId("domain", domainUUID); - return domainId; - }catch(InvalidParameterValueException ex){ - return null; - } + public Long fetchDomainId(String domainUUID) { + return _domainMgr.getDomain(domainUUID).getId(); } public void loginUser(HttpSession session, String username, String password, Long domainId, String domainPath, String loginIpAddress ,Map requestParameters) throws CloudAuthenticationException { From 8cdb40a416dba0c8baac6980772c3208127811e7 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 11 Jan 2013 15:27:18 -0800 Subject: [PATCH 04/40] NetworkManagerImpl: Add method to getNetwork by uuid Signed-off-by: Rohit Yadav --- server/src/com/cloud/network/NetworkManagerImpl.java | 6 ++++++ server/test/com/cloud/network/MockNetworkManagerImpl.java | 6 ++++++ server/test/com/cloud/vpc/MockNetworkManagerImpl.java | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index c5003760b68..206392dce49 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -2441,6 +2441,12 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return _networksDao.findById(id); } + @Override + @DB + public Network getNetwork(String uuid) { + return _networksDao.findByUuid(uuid); + } + @Override public List getRemoteAccessVpnElements() { List elements = new ArrayList(); diff --git a/server/test/com/cloud/network/MockNetworkManagerImpl.java b/server/test/com/cloud/network/MockNetworkManagerImpl.java index 26a6e60f714..874e01767a9 100755 --- a/server/test/com/cloud/network/MockNetworkManagerImpl.java +++ b/server/test/com/cloud/network/MockNetworkManagerImpl.java @@ -112,6 +112,12 @@ public class MockNetworkManagerImpl implements NetworkManager, Manager, NetworkS return null; } + @Override + public Network getNetwork(String networkUuid) { + // TODO Auto-generated method stub + return null; + } + @Override public IpAddress getIp(long id) { // TODO Auto-generated method stub diff --git a/server/test/com/cloud/vpc/MockNetworkManagerImpl.java b/server/test/com/cloud/vpc/MockNetworkManagerImpl.java index 8cb9dd53948..bd8d8bc3a69 100644 --- a/server/test/com/cloud/vpc/MockNetworkManagerImpl.java +++ b/server/test/com/cloud/vpc/MockNetworkManagerImpl.java @@ -156,6 +156,12 @@ public class MockNetworkManagerImpl implements NetworkManager, Manager{ return null; } + @Override + public Network getNetwork(String networkUuid) { + // TODO Auto-generated method stub + return null; + } + /* (non-Javadoc) * @see com.cloud.network.NetworkService#getIp(long) */ From 35544f26e57ec6eaffbc6e87e3536fefbc0dbec0 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 11 Jan 2013 15:29:15 -0800 Subject: [PATCH 05/40] DeployVmCmd: Remove usage of IdentityDao, use Network to get by id or uuid Signed-off-by: Rohit Yadav --- .../api/command/user/vm/DeployVMCmd.java | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java index 28bb80f72d3..e675c83dd6f 100644 --- a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java @@ -147,10 +147,9 @@ public class DeployVMCmd extends BaseAsyncCreateCmd { private List securityGroupNameList; @ACL(checkKeyAccess=true) - @Parameter(name = ApiConstants.IP_NETWORK_LIST, type = CommandType.MAP, entityType={Network.class,IpAddress.class}, + @Parameter(name = ApiConstants.IP_NETWORK_LIST, type = CommandType.MAP, entityType={Network.class, IpAddress.class}, description = "ip to network mapping. Can't be specified with networkIds parameter." + - " Example: iptonetworklist[0].ip=10.10.10.11&iptonetworklist[0].networkid=204 - requests to" + - " use ip 10.10.10.11 in network id=204") + " Example: iptonetworklist[0].ip=10.10.10.11&iptonetworklist[0].networkid=uuid - requests to use ip 10.10.10.11 in network id=uuid") private Map ipToNetworkList; @Parameter(name=ApiConstants.IP_ADDRESS, type=CommandType.STRING, description="the ip address for default vm's network") @@ -284,7 +283,17 @@ public class DeployVMCmd extends BaseAsyncCreateCmd { Iterator iter = ipsCollection.iterator(); while (iter.hasNext()) { HashMap ips = (HashMap) iter.next(); - Long networkId = Long.valueOf(_responseGenerator.getIdentiyId("networks", ips.get("networkid"))); + Long networkId; + Network network = _networkService.getNetwork(ips.get("networkid")); + if (network != null) { + networkId = network.getId(); + } else { + try { + networkId = Long.parseLong(ips.get("networkid")); + } catch(NumberFormatException e) { + throw new InvalidParameterValueException("Unable to translate and find entity with networkId: " + ips.get("networkid")); + } + } String requestedIp = (String) ips.get("ip"); ipToNetworkMap.put(networkId, requestedIp); } From a35db97355470a30e2ea0979560a74afef26291e Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 11 Jan 2013 15:29:51 -0800 Subject: [PATCH 06/40] NetworkService: Add method to interface to get network by uuid Signed-off-by: Rohit Yadav --- api/src/com/cloud/network/NetworkService.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/api/src/com/cloud/network/NetworkService.java b/api/src/com/cloud/network/NetworkService.java index d5841a4692e..39a746e6776 100755 --- a/api/src/com/cloud/network/NetworkService.java +++ b/api/src/com/cloud/network/NetworkService.java @@ -60,6 +60,8 @@ public interface NetworkService { Network getNetwork(long networkId); + Network getNetwork(String networkUuid); + IpAddress getIp(long id); NetworkProfile convertNetworkToNetworkProfile(long networkId); From 8eba0ee0bbb2dbdb97aee8e672405b5e174b510d Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 11 Jan 2013 15:31:03 -0800 Subject: [PATCH 07/40] ApiDispatcher: Remove helper method that proxies via ApiResponseHelper to get entity by IdentityDao Signed-off-by: Rohit Yadav --- server/src/com/cloud/api/ApiDispatcher.java | 6 ------ server/src/com/cloud/api/ApiResponseHelper.java | 5 ----- 2 files changed, 11 deletions(-) diff --git a/server/src/com/cloud/api/ApiDispatcher.java b/server/src/com/cloud/api/ApiDispatcher.java index 7bc3271523b..55d7f429ca1 100755 --- a/server/src/com/cloud/api/ApiDispatcher.java +++ b/server/src/com/cloud/api/ApiDispatcher.java @@ -64,7 +64,6 @@ import com.cloud.utils.component.PluggableService; import com.cloud.utils.db.GenericDao; import com.cloud.utils.exception.CSExceptionErrorCode; import com.cloud.utils.exception.CloudRuntimeException; -import com.cloud.uuididentity.dao.IdentityDao; // ApiDispatcher: A class that dispatches API commands to the appropriate manager for execution. public class ApiDispatcher { @@ -75,7 +74,6 @@ public class ApiDispatcher { @Inject private AsyncJobManager _asyncMgr = null; @Inject private AccountManager _accountMgr = null; @Inject EntityManager _entityMgr = null; - @Inject IdentityDao _identityDao = null; Map> _daoNameMap = new HashMap>(); // singleton class @@ -708,8 +706,4 @@ public class ApiDispatcher { throw new CloudRuntimeException("Internal error at plugService for command " + cmd.getCommandName() + " [field " + field.getName() + " is not accessible]"); } } - - public static Long getIdentiyId(String tableName, String token) { - return s_instance._identityDao.getIdentityId(tableName, token); - } } diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index edb798b812e..c346a6b86f1 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -2791,11 +2791,6 @@ public class ApiResponseHelper implements ResponseGenerator { return response; } - @Override - public Long getIdentiyId(String tableName, String token) { - return ApiDispatcher.getIdentiyId(tableName, token); - } - @Override public ResourceTagResponse createResourceTagResponse(ResourceTag resourceTag, boolean keyValueOnly) { ResourceTagJoinVO rto = ApiDBUtils.newResourceTagView(resourceTag); From 83e7214b02adf1facc8aed0f61206248de698c42 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 11 Jan 2013 16:45:35 -0800 Subject: [PATCH 08/40] ConsoleProxyManagerImpl: Get rid of IdentityDao Signed-off-by: Rohit Yadav --- .../consoleproxy/ConsoleProxyManagerImpl.java | 37 ++++++++----------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java index 4994f4f526b..5bc5d27ee08 100755 --- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java +++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java @@ -31,6 +31,8 @@ import javax.ejb.Local; import javax.naming.ConfigurationException; import javax.persistence.Table; +import com.cloud.offering.DiskOffering; +import com.cloud.storage.dao.DiskOfferingDao; import org.apache.log4j.Logger; import com.cloud.agent.AgentManager; @@ -107,7 +109,6 @@ import com.cloud.resource.UnableDeleteHostException; import com.cloud.service.ServiceOfferingVO; import com.cloud.service.dao.ServiceOfferingDao; import com.cloud.servlet.ConsoleProxyServlet; -import com.cloud.storage.DiskOfferingVO; import com.cloud.storage.StorageManager; import com.cloud.storage.StoragePoolStatus; import com.cloud.storage.StoragePoolVO; @@ -138,7 +139,6 @@ import com.cloud.utils.db.Transaction; import com.cloud.utils.events.SubscriptionMgr; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.net.NetUtils; -import com.cloud.uuididentity.dao.IdentityDao; import com.cloud.vm.ConsoleProxyVO; import com.cloud.vm.NicProfile; import com.cloud.vm.ReservationContext; @@ -216,6 +216,8 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx @Inject ServiceOfferingDao _offeringDao; @Inject + DiskOfferingDao _diskOfferingDao; + @Inject NetworkOfferingDao _networkOfferingDao; @Inject StoragePoolDao _storagePoolDao; @@ -224,8 +226,6 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx @Inject ResourceManager _resourceMgr; @Inject - IdentityDao _identityDao; - @Inject NetworkDao _networkDao; @Inject RulesManager _rulesMgr; @@ -928,14 +928,12 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx return new ConsoleAccessAuthenticationAnswer(cmd, false); } - vmId = _identityDao.getIdentityId("vm_instance", cmd.getVmId()); - if (vmId == null) { - s_logger.error("Invalid vm id " + cmd.getVmId() + " sent from console access authentication"); - return new ConsoleAccessAuthenticationAnswer(cmd, false); - } - - VMInstanceVO vm = _instanceDao.findById(vmId); + VirtualMachine vm = _instanceDao.findByUuid(cmd.getVmId()); if (vm == null) { + vm = _instanceDao.findById(Long.parseLong(cmd.getVmId())); + } + if (vm == null) { + s_logger.error("Invalid vm id " + cmd.getVmId() + " sent from console access authentication"); return new ConsoleAccessAuthenticationAnswer(cmd, false); } @@ -1525,16 +1523,13 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx //check if there is a default service offering configured String cpvmSrvcOffIdStr = configs.get(Config.ConsoleProxyServiceOffering.key()); if (cpvmSrvcOffIdStr != null) { - - Long cpvmSrvcOffId = null; - try { - cpvmSrvcOffId = _identityDao.getIdentityId(DiskOfferingVO.class.getAnnotation(Table.class).name(),cpvmSrvcOffIdStr); - } catch (Exception e) { - String msg = "Can't find system service offering specified by global config, uuid=" + cpvmSrvcOffIdStr + " for console proxy vm"; - s_logger.warn(msg); - } - if(cpvmSrvcOffId != null){ - _serviceOffering = _offeringDao.findById(cpvmSrvcOffId); + DiskOffering diskOffering = _diskOfferingDao.findByUuid(cpvmSrvcOffIdStr); + if (diskOffering == null) + diskOffering = _diskOfferingDao.findById(Long.parseLong(cpvmSrvcOffIdStr)); + if (diskOffering != null) { + _serviceOffering = _offeringDao.findById(diskOffering.getId()); + } else { + s_logger.warn("Can't find system service offering specified by global config, uuid=" + cpvmSrvcOffIdStr + " for console proxy vm"); } } From 4c80684b1fffb14cea8ffd3880b278bd51dff9fc Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 11 Jan 2013 16:47:02 -0800 Subject: [PATCH 09/40] StaticRoleBasedAPIAccessChecker: Fix acl cfg processing error messages Signed-off-by: Rohit Yadav --- .../acl/StaticRoleBasedAPIAccessChecker.java | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java index 740fbbc6456..380b6714517 100644 --- a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java +++ b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java @@ -43,9 +43,8 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC protected StaticRoleBasedAPIAccessChecker() { super(); - for (RoleType roleType: RoleType.values()) { + for (RoleType roleType: RoleType.values()) s_roleBasedApisMap.put(roleType, new HashSet()); - } } @Override @@ -71,16 +70,14 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC List services = locator.getAllPluggableServices(); services.add((PluggableService) ComponentLocator.getComponent(ManagementServer.Name)); - Map configPropertiesMap = new HashMap(); for (PluggableService service : services) { - configPropertiesMap.putAll(service.getProperties()); + processConfigFiles(service.getProperties(), service.getClass().toString()); + s_logger.info("Processed role based acl for: " + service.toString()); } - - processConfigFiles(configPropertiesMap); return true; } - private void processConfigFiles(Map configMap) { + private void processConfigFiles(Map configMap, String service) { for (Map.Entry entry: configMap.entrySet()) { String apiName = entry.getKey(); String roleMask = entry.getValue(); @@ -91,7 +88,8 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC s_roleBasedApisMap.get(roleType).add(apiName); } } catch (NumberFormatException nfe) { - s_logger.info("Malformed commands.properties permissions value, for entry: " + entry.toString()); + s_logger.info("Malformed getProperties() value for service: " + service + + " for entry: " + entry.toString()); } } } From 40779975d33c554ce488a21d84e63e635e95984e Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 11 Jan 2013 18:39:57 -0800 Subject: [PATCH 10/40] ExtractVolumeCmd: Fix regression, use Zone Id for getting zone Fixes regression introduced in b14b39a69fa295d1d20484170b95b97fe310af28 Signed-off-by: Rohit Yadav --- .../cloudstack/api/command/user/volume/ExtractVolumeCmd.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java index 7f6cd052470..43b25a83663 100644 --- a/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java @@ -137,7 +137,7 @@ public class ExtractVolumeCmd extends BaseAsyncCmd { Volume vol = _entityMgr.findById(Volume.class, id); response.setId(vol.getUuid()); response.setName(vol.getName()); - DataCenter zone = _entityMgr.findById(DataCenter.class, id); + DataCenter zone = _entityMgr.findById(DataCenter.class, zoneId); response.setZoneId(zone.getUuid()); response.setZoneName(zone.getName()); response.setMode(mode); From 0dca44efe8f3adee3f18127791edac7b0e5c1f81 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 11 Jan 2013 18:43:26 -0800 Subject: [PATCH 11/40] ApiServer: Debug messages, don't spam with info, remove identity helper in ResponseGenerator Signed-off-by: Rohit Yadav --- .../apache/cloudstack/api/ResponseGenerator.java | 7 ------- server/src/com/cloud/api/ApiServer.java | 13 ++++++------- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/api/src/org/apache/cloudstack/api/ResponseGenerator.java b/api/src/org/apache/cloudstack/api/ResponseGenerator.java index e9f988ade60..63df4dc5532 100644 --- a/api/src/org/apache/cloudstack/api/ResponseGenerator.java +++ b/api/src/org/apache/cloudstack/api/ResponseGenerator.java @@ -314,13 +314,6 @@ public interface ResponseGenerator { StorageNetworkIpRangeResponse createStorageNetworkIpRangeResponse(StorageNetworkIpRange result); - /** - * @param tableName TODO - * @param token - * @return - */ - Long getIdentiyId(String tableName, String token); - /** * @param resourceTag * @param keyValueOnly TODO diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index d34af67cff4..52f2aef56cb 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -601,30 +601,29 @@ public class ApiServer implements HttpRequestHandler { // if api/secret key are passed to the parameters if ((signature == null) || (apiKey == null)) { - if (s_logger.isDebugEnabled()) { - s_logger.info("expired session, missing signature, or missing apiKey -- ignoring request...sig: " + signature + ", apiKey: " + apiKey); - } + s_logger.debug("Expired session, missing signature, or missing apiKey -- ignoring request. Signature: " + signature + ", apiKey: " + apiKey); return false; // no signature, bad request } Date expiresTS = null; + // FIXME: Hard coded signature, why not have an enum if ("3".equals(signatureVersion)) { // New signature authentication. Check for expire parameter and its validity if (expires == null) { - s_logger.info("missing Expires parameter -- ignoring request...sig: " + signature + ", apiKey: " + apiKey); + s_logger.debug("Missing Expires parameter -- ignoring request. Signature: " + signature + ", apiKey: " + apiKey); return false; } synchronized (_dateFormat) { try { expiresTS = _dateFormat.parse(expires); } catch (ParseException pe) { - s_logger.info("Incorrect date format for Expires parameter", pe); + s_logger.debug("Incorrect date format for Expires parameter", pe); return false; } } Date now = new Date(System.currentTimeMillis()); if (expiresTS.before(now)) { - s_logger.info("Request expired -- ignoring ...sig: " + signature + ", apiKey: " + apiKey); + s_logger.debug("Request expired -- ignoring ...sig: " + signature + ", apiKey: " + apiKey); return false; } } @@ -635,7 +634,7 @@ public class ApiServer implements HttpRequestHandler { // verify there is a user with this api key Pair userAcctPair = _accountMgr.findUserByApiKey(apiKey); if (userAcctPair == null) { - s_logger.info("apiKey does not map to a valid user -- ignoring request, apiKey: " + apiKey); + s_logger.debug("apiKey does not map to a valid user -- ignoring request, apiKey: " + apiKey); return false; } From ad063ed61055ca26b23594b4c47e30a3c22974d7 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 11 Jan 2013 19:23:32 -0800 Subject: [PATCH 12/40] StaticRoleBasedAPIAccessChecker: Throw exception on failed check Plugin should not be responsible for existence of checking an API, this was wrong. Throw exception boldly when checkAccess fails. Signed-off-by: Rohit Yadav --- .../org/apache/cloudstack/acl/APIChecker.java | 5 ++--- .../acl/StaticRoleBasedAPIAccessChecker.java | 17 +++++++---------- server/src/com/cloud/api/ApiServer.java | 15 +++------------ 3 files changed, 12 insertions(+), 25 deletions(-) diff --git a/api/src/org/apache/cloudstack/acl/APIChecker.java b/api/src/org/apache/cloudstack/acl/APIChecker.java index 61dd7de75cb..b14dfe101ba 100644 --- a/api/src/org/apache/cloudstack/acl/APIChecker.java +++ b/api/src/org/apache/cloudstack/acl/APIChecker.java @@ -16,13 +16,12 @@ // under the License. package org.apache.cloudstack.acl; +import com.cloud.exception.PermissionDeniedException; import org.apache.cloudstack.acl.RoleType; import com.cloud.utils.component.Adapter; // APIChecker checks the ownership and access control to API requests public interface APIChecker extends Adapter { // Interface for checking access for a role using apiname - boolean checkAccess(RoleType roleType, String apiCommandName); - // Interface for checking existence of an api by name - boolean checkExistence(String apiCommandName); + boolean checkAccess(RoleType roleType, String apiCommandName) throws PermissionDeniedException; } diff --git a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java index 380b6714517..affd69ed89c 100644 --- a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java +++ b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java @@ -16,6 +16,7 @@ // under the License. package org.apache.cloudstack.acl; +import com.cloud.exception.PermissionDeniedException; import com.cloud.server.ManagementServer; import com.cloud.utils.component.AdapterBase; import com.cloud.utils.component.ComponentLocator; @@ -48,17 +49,13 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC } @Override - public boolean checkAccess(RoleType roleType, String commandName) { - return s_roleBasedApisMap.get(roleType).contains(commandName); - } - - @Override - public boolean checkExistence(String apiName) { - for (RoleType roleType: RoleType.values()) { - if (s_roleBasedApisMap.get(roleType).contains(apiName)) - return true; + public boolean checkAccess(RoleType roleType, String commandName) + throws PermissionDeniedException { + boolean isAllowed = s_roleBasedApisMap.get(roleType).contains(commandName); + if (!isAllowed) { + throw new PermissionDeniedException("The API does not exist or is blacklisted. Role type=" + roleType.toString() + " is not allowed to request the api: " + commandName); } - return false; + return isAllowed; } @Override diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index 52f2aef56cb..03462e488ef 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -556,7 +556,7 @@ public class ApiServer implements HttpRequestHandler { return true; } else { // check against every available command to see if the command exists or not - if (!doesCommandExist(commandName) && !commandName.equals("login") && !commandName.equals("logout")) { + if (!_apiNameCmdClassMap.containsKey(commandName) && !commandName.equals("login") && !commandName.equals("logout")) { s_logger.debug("The given command:" + commandName + " does not exist or it is not available for user with id:" + userId); throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command does not exist or it is not available for user"); } @@ -780,18 +780,9 @@ public class ApiServer implements HttpRequestHandler { return true; } - private boolean doesCommandExist(String apiName) { - for (APIChecker apiChecker : _apiAccessCheckers) { - // If any checker has api info on the command, return true - if (apiChecker.checkExistence(apiName)) - return true; - } - return false; - } - - private boolean isCommandAvailable(User user, String commandName) { + private boolean isCommandAvailable(User user, String commandName) throws PermissionDeniedException { if (user == null) { - return false; + throw new PermissionDeniedException("User is null for role based API access check for command" + commandName); } Account account = _accountMgr.getAccount(user.getAccountId()); From 8d3cbc82d80eb0c4ead6f68377157fd477fe2d76 Mon Sep 17 00:00:00 2001 From: Prasanna Santhanam Date: Sat, 12 Jan 2013 14:38:14 +0530 Subject: [PATCH 13/40] marvin: fixes for handling multiple phy. networks zones do not qualify for vlans but phy networks should carry the underlying vlan information. moving the vlan down to physical_network in configGenerator.py. also the sandbox example has been corrected to reflect this change and includes an illustration of using traffic types with labels. Signed-off-by: Prasanna Santhanam Reported-By: Marcus Sorenson --- tools/marvin/marvin/configGenerator.py | 3 +-- tools/marvin/marvin/deployDataCenter.py | 2 +- .../marvin/sandbox/advanced/advanced_env.py | 18 +++++++++++++++--- .../marvin/sandbox/advanced/setup.properties | 16 ++++++++-------- 4 files changed, 25 insertions(+), 14 deletions(-) diff --git a/tools/marvin/marvin/configGenerator.py b/tools/marvin/marvin/configGenerator.py index d494beb6444..e2a6a24d69f 100644 --- a/tools/marvin/marvin/configGenerator.py +++ b/tools/marvin/marvin/configGenerator.py @@ -65,8 +65,6 @@ class zone(): self.internaldns2 = None self.securitygroupenabled = None self.localstorageenabled = None - ''' Guest Vlan range - only advanced zone''' - self.vlan = None '''default public network, in advanced mode''' self.ipranges = [] self.physical_networks = [] @@ -80,6 +78,7 @@ class traffictype(): self.xen = labeldict['xen'] if 'xen' in labeldict.keys() else None self.kvm = labeldict['kvm'] if 'kvm' in labeldict.keys() else None self.vmware = labeldict['vmware'] if 'vmware' in labeldict.keys() else None + self.simulator = labeldict['simulator'] if 'simulator' in labeldict.keys() else None #{ # 'xen' : 'cloud-xen', # 'kvm' : 'cloud-kvm', diff --git a/tools/marvin/marvin/deployDataCenter.py b/tools/marvin/marvin/deployDataCenter.py index 0d5f3bdc659..7f8c0295ad8 100644 --- a/tools/marvin/marvin/deployDataCenter.py +++ b/tools/marvin/marvin/deployDataCenter.py @@ -289,7 +289,7 @@ class deployDataCenters(): for pnet in zone.physical_networks: phynetwrk = self.createPhysicalNetwork(pnet, zoneId) self.configureProviders(phynetwrk, pnet.providers) - self.updatePhysicalNetwork(phynetwrk.id, "Enabled", vlan=zone.vlan) + self.updatePhysicalNetwork(phynetwrk.id, "Enabled", vlan=pnet.vlan) if zone.networktype == "Basic": listnetworkoffering = listNetworkOfferings.listNetworkOfferingsCmd() diff --git a/tools/marvin/marvin/sandbox/advanced/advanced_env.py b/tools/marvin/marvin/sandbox/advanced/advanced_env.py index 1873f31d50f..db78a84b33b 100644 --- a/tools/marvin/marvin/sandbox/advanced/advanced_env.py +++ b/tools/marvin/marvin/sandbox/advanced/advanced_env.py @@ -52,10 +52,22 @@ def describeResources(config): pn = physical_network() pn.name = "Sandbox-pnet" - pn.traffictypes = [traffictype("Guest"), traffictype("Management"), traffictype("Public")] + pn.vlan = config.get('cloudstack', 'pnet.vlan') + pn.tags = ["cloud-simulator-public"] + pn.traffictypes = [traffictype("Guest"), + traffictype("Management", {"simulator" : "cloud-simulator-mgmt"}), + traffictype("Public", {"simulator":"cloud-simulator-public"})] pn.providers.append(vpcprovider) + + pn2 = physical_network() + pn2.name = "Sandbox-pnet2" + pn2.vlan = config.get('cloudstack', 'pnet2.vlan') + pn2.tags = ["cloud-simulator-guest"] + pn2.traffictypes = [traffictype('Guest', {'simulator': 'cloud-simulator-guest'})] + pn2.providers.append(vpcprovider) z.physical_networks.append(pn) + z.physical_networks.append(pn2) p = pod() p.name = 'POD0' @@ -118,11 +130,11 @@ def describeResources(config): ''''add loggers''' testClientLogger = logger() testClientLogger.name = 'TestClient' - testClientLogger.file = '/var/log/testclient.log' + testClientLogger.file = 'testclient.log' testCaseLogger = logger() testCaseLogger.name = 'TestCase' - testCaseLogger.file = '/var/log/testcase.log' + testCaseLogger.file = 'testcase.log' zs.logger.append(testClientLogger) zs.logger.append(testCaseLogger) diff --git a/tools/marvin/marvin/sandbox/advanced/setup.properties b/tools/marvin/marvin/sandbox/advanced/setup.properties index ba44d5146b6..73eacc938d4 100644 --- a/tools/marvin/marvin/sandbox/advanced/setup.properties +++ b/tools/marvin/marvin/sandbox/advanced/setup.properties @@ -24,10 +24,9 @@ storage.cleanup.interval=300 account.cleanup.interval=600 expunge.workers=3 workers=10 -use.user.concentrated.pod.allocation=false vm.allocation.algorithm=random vm.op.wait.interval=5 -guest.domain.suffix=sandbox.kvm +guest.domain.suffix=sandbox.simulator instance.name=QA direct.agent.load.size=1000 default.page.size=10000 @@ -35,15 +34,16 @@ check.pod.cidrs=true secstorage.allowed.internal.sites=10.147.28.0/24 [environment] dns=10.147.28.6 -mshost=10.147.29.111 +mshost=localhost mshost.user=root mshost.passwd=password -mysql.host=10.147.29.111 +mysql.host=localhost mysql.cloud.user=cloud mysql.cloud.passwd=cloud [cloudstack] #guest VLAN -zone.vlan=675-679 +pnet.vlan=675-679 +pnet2.vlan=800-1000 #management network private.gateway=10.147.29.1 private.pod.startip=10.147.29.150 @@ -56,9 +56,9 @@ public.vlan.startip=10.147.31.150 public.vlan.endip=10.147.31.159 public.netmask=255.255.255.0 #hypervisor host information -hypervisor=XenServer -host=10.147.29.58 +hypervisor=Simulator +host=simulator0 host.password=password #storage pools -primary.pool=nfs://10.147.28.6:/export/home/sandbox/kamakura +primary.pool=nfs://10.147.28.6:/export/home/sandbox/primary secondary.pool=nfs://10.147.28.6:/export/home/sandbox/sstor From 5442df2b5eba253f2dc80e08ff97e3f22047bbae Mon Sep 17 00:00:00 2001 From: Prasanna Santhanam Date: Sun, 13 Jan 2013 14:22:56 +0530 Subject: [PATCH 14/40] devcloud-kvm: marvin deployment config generator for devcloud-kvm The devcloud-kvm.py script will take the kvm.properties file to generate an advanced zone configuration with two physical networks with traffic labels for 'guest' and 'public' traffic going on 'eth0' and 'eth1' respectively. To generate config: $ python devcloud-kvm.py -i kvm.properties -o devcloud-kvm-advanced.cfg Signed-off-by: Prasanna Santhanam --- tools/devcloud-kvm/devcloud-kvm-advanced.cfg | 183 +++++++++++++++++++ tools/devcloud-kvm/devcloud-kvm.py | 157 ++++++++++++++++ tools/devcloud-kvm/kvm.properties | 62 +++++++ 3 files changed, 402 insertions(+) create mode 100644 tools/devcloud-kvm/devcloud-kvm-advanced.cfg create mode 100644 tools/devcloud-kvm/devcloud-kvm.py create mode 100644 tools/devcloud-kvm/kvm.properties diff --git a/tools/devcloud-kvm/devcloud-kvm-advanced.cfg b/tools/devcloud-kvm/devcloud-kvm-advanced.cfg new file mode 100644 index 00000000000..b96805ede2a --- /dev/null +++ b/tools/devcloud-kvm/devcloud-kvm-advanced.cfg @@ -0,0 +1,183 @@ +{ + "zones": [ + { + "localstorageenabled": "true", + "name": "Devcloud-KVM", + "guestcidraddress": "10.1.1.0/24", + "dns1": "8.8.8.8", + "physical_networks": [ + { + "name": "eth0", + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + }, + { + "broadcastdomainrange": "ZONE", + "name": "VpcVirtualRouter" + } + ], + "broadcastdomainrange": "Zone", + "vlan": "3900-3919", + "traffictypes": [ + { + "kvm": "kvm-guest", + "typ": "Guest" + }, + { + "typ": "Management" + } + ], + "tags": [ + "devcloud-guest" + ] + }, + { + "name": "eth1", + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + }, + { + "broadcastdomainrange": "ZONE", + "name": "VpcVirtualRouter" + } + ], + "broadcastdomainrange": "Zone", + "vlan": "3920-3939", + "traffictypes": [ + { + "kvm": "kvm-public", + "typ": "Public" + } + ], + "tags": [ + "devcloud-public" + ] + } + ], + "ipranges": [ + { + "startip": "10.0.3.100", + "endip": "10.0.3.199", + "netmask": "255.255.255.0", + "vlan": "31", + "gateway": "10.0.3.2" + } + ], + "networktype": "Advanced", + "pods": [ + { + "endip": "192.168.56.249", + "name": "POD0", + "startip": "192.168.56.200", + "netmask": "255.255.255.0", + "clusters": [ + { + "clustername": "C0", + "hypervisor": "KVM", + "hosts": [ + { + "username": "root", + "url": "http://192.168.56.10", + "password": "password" + } + ], + "clustertype": "CloudManaged", + "primaryStorages": [ + { + "url": "nfs://192.168.56.10/opt/storage/primary", + "name": "PS0" + } + ] + } + ], + "gateway": "192.168.56.1" + } + ], + "internaldns1": "8.8.8.8", + "secondaryStorages": [ + { + "url": "nfs://192.168.56.10/opt/storage/secondary" + } + ] + } + ], + "dbSvr": { + "dbSvr": "127.0.0.1", + "passwd": "cloud", + "db": "cloud", + "port": 3306, + "user": "cloud" + }, + "logger": [ + { + "name": "TestClient", + "file": "testclient.log" + }, + { + "name": "TestCase", + "file": "testcase.log" + } + ], + "globalConfig": [ + { + "name": "storage.cleanup.interval", + "value": "300" + }, + { + "name": "instance.name", + "value": "vm" + }, + { + "name": "workers", + "value": "10" + }, + { + "name": "vm.op.wait.interval", + "value": "5" + }, + { + "name": "account.cleanup.interval", + "value": "600" + }, + { + "name": "guest.domain.suffix", + "value": "devcloud.kvm" + }, + { + "name": "expunge.delay", + "value": "60" + }, + { + "name": "vm.allocation.algorithm", + "value": "random" + }, + { + "name": "expunge.interval", + "value": "60" + }, + { + "name": "expunge.workers", + "value": "3" + }, + { + "name": "secstorage.allowed.internal.sites", + "value": "10.147.28.0/24" + }, + { + "name": "check.pod.cidrs", + "value": "true" + } + ], + "mgtSvr": [ + { + "mgtSvrIp": "127.0.0.1", + "passwd": "password", + "user": "root", + "port": 8096 + } + ] +} \ No newline at end of file diff --git a/tools/devcloud-kvm/devcloud-kvm.py b/tools/devcloud-kvm/devcloud-kvm.py new file mode 100644 index 00000000000..dd551b58552 --- /dev/null +++ b/tools/devcloud-kvm/devcloud-kvm.py @@ -0,0 +1,157 @@ +#!/usr/bin/env python +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +''' +############################################################ +# Experimental state of scripts +# * Need to be reviewed +# * Only a sandbox +############################################################ +''' +import random +import marvin +from ConfigParser import SafeConfigParser +from optparse import OptionParser +from marvin.configGenerator import * + + +def getGlobalSettings(config): + for k, v in dict(config.items('globals')).iteritems(): + cfg = configuration() + cfg.name = k + cfg.value = v + yield cfg + + +def describeDevcloudKvmResources(config): + zs = cloudstackConfiguration() + + z = zone() + z.dns1 = config.get('environment', 'dns') + z.internaldns1 = config.get('environment', 'dns') + z.name = 'Devcloud-%s'%(config.get('cloudstack', 'hypervisor')) + z.networktype = 'Advanced' + z.guestcidraddress = '10.1.1.0/24' + z.localstorageenabled = 'true' + + vpcprovider = provider() + vpcprovider.name = 'VpcVirtualRouter' + + pn = physical_network() + pn.name = "eth0" + pn.vlan = config.get('cloudstack', 'pnet.vlan') + pn.tags = ["devcloud-guest"] + pn.traffictypes = [traffictype("Guest", {"kvm" :"kvm-guest" }), traffictype("Management")] + pn.providers.append(vpcprovider) + + pn2 = physical_network() + pn2.name = "eth1" + pn2.vlan = config.get('cloudstack', 'pnet2.vlan') + pn2.tags = ["devcloud-public"] + pn2.traffictypes = [traffictype("Public", {"kvm" : "kvm-public"})] + pn2.providers.append(vpcprovider) + + z.physical_networks.append(pn) + z.physical_networks.append(pn2) + + p = pod() + p.name = 'POD0' + p.gateway = config.get('cloudstack', 'private.gateway') + p.startip = config.get('cloudstack', 'private.pod.startip') + p.endip = config.get('cloudstack', 'private.pod.endip') + p.netmask = config.get('cloudstack', 'private.netmask') + + v = iprange() + v.gateway = config.get('cloudstack', 'public.gateway') + v.startip = config.get('cloudstack', 'public.vlan.startip') + v.endip = config.get('cloudstack', 'public.vlan.endip') + v.netmask = config.get('cloudstack', 'public.netmask') + v.vlan = config.get('cloudstack', 'public.vlan') + z.ipranges.append(v) + + c = cluster() + c.clustername = 'C0' + c.hypervisor = config.get('cloudstack', 'hypervisor') + c.clustertype = 'CloudManaged' + + h = host() + h.username = 'root' + h.password = config.get('cloudstack', 'host.password') + h.url = 'http://%s'%(config.get('cloudstack', 'host')) + c.hosts.append(h) + + ps = primaryStorage() + ps.name = 'PS0' + ps.url = config.get('cloudstack', 'primary.pool') + c.primaryStorages.append(ps) + + p.clusters.append(c) + z.pods.append(p) + + secondary = secondaryStorage() + secondary.url = config.get('cloudstack', 'secondary.pool') + z.secondaryStorages.append(secondary) + + '''Add zone''' + zs.zones.append(z) + + '''Add mgt server''' + mgt = managementServer() + mgt.mgtSvrIp = config.get('environment', 'mshost') + mgt.user = config.get('environment', 'mshost.user') + mgt.passwd = config.get('environment', 'mshost.passwd') + zs.mgtSvr.append(mgt) + + '''Add a database''' + db = dbServer() + db.dbSvr = config.get('environment', 'mysql.host') + db.user = config.get('environment', 'mysql.cloud.user') + db.passwd = config.get('environment', 'mysql.cloud.passwd') + zs.dbSvr = db + + '''Add some configuration''' + [zs.globalConfig.append(cfg) for cfg in getGlobalSettings(config)] + + ''''add loggers''' + testClientLogger = logger() + testClientLogger.name = 'TestClient' + testClientLogger.file = 'testclient.log' + + testCaseLogger = logger() + testCaseLogger.name = 'TestCase' + testCaseLogger.file = 'testcase.log' + + zs.logger.append(testClientLogger) + zs.logger.append(testCaseLogger) + return zs + + +if __name__ == '__main__': + parser = OptionParser() + parser.add_option('-i', '--input', action='store', default='setup.properties', \ + dest='input', help='file containing environment setup information') + parser.add_option('-o', '--output', action='store', default='./devcloud-kvm-advanced.cfg', \ + dest='output', help='path where environment json will be generated') + + + (opts, args) = parser.parse_args() + + cfg_parser = SafeConfigParser() + cfg_parser.read(opts.input) + + cfg = describeDevcloudKvmResources(cfg_parser) + generate_setup_config(cfg, opts.output) diff --git a/tools/devcloud-kvm/kvm.properties b/tools/devcloud-kvm/kvm.properties new file mode 100644 index 00000000000..79afcd4a8ea --- /dev/null +++ b/tools/devcloud-kvm/kvm.properties @@ -0,0 +1,62 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + + +[globals] +#global settings in cloudstack +expunge.delay=60 +expunge.interval=60 +storage.cleanup.interval=300 +account.cleanup.interval=600 +expunge.workers=3 +workers=10 +vm.allocation.algorithm=random +vm.op.wait.interval=5 +guest.domain.suffix=devcloud.kvm +instance.name=vm +check.pod.cidrs=true +secstorage.allowed.internal.sites=10.147.28.0/24 +[environment] +dns=8.8.8.8 +mshost=127.0.0.1 +mshost.user=root +mshost.passwd=password +mysql.host=127.0.0.1 +mysql.cloud.user=cloud +mysql.cloud.passwd=cloud +[cloudstack] +#guest VLAN +pnet.vlan=3900-3919 +pnet2.vlan=3920-3939 +#management network +private.gateway=192.168.56.1 +private.pod.startip=192.168.56.200 +private.pod.endip=192.168.56.249 +private.netmask=255.255.255.0 +#public network +public.gateway=10.0.3.2 +public.vlan=31 +public.vlan.startip=10.0.3.100 +public.vlan.endip=10.0.3.199 +public.netmask=255.255.255.0 +#hypervisor host information +hypervisor=KVM +host=192.168.56.10 +host.password=password +#storage pools +primary.pool=nfs://192.168.56.10/opt/storage/primary +secondary.pool=nfs://192.168.56.10/opt/storage/secondary From 127867cc999a7c772cdf5108b3e7432f91178cfe Mon Sep 17 00:00:00 2001 From: Noa Resare Date: Sat, 12 Jan 2013 19:07:32 +0000 Subject: [PATCH 15/40] Improved handling of unknown OS, Distribution Introduce UnknownSystemExcpetion to indicate that the system is is unknonwn. Catch said exception in cloud-setup-management, print an error and exit. CLOUDSTACK-966: Improve error reporting when running on unknown OS / version Signed-off-by: Prasanna Santhanam --- client/bindir/cloud-setup-management.in | 10 ++++++++-- python/lib/cloudutils/utilities.py | 6 +++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/client/bindir/cloud-setup-management.in b/client/bindir/cloud-setup-management.in index 469c9614b41..ca1327ae725 100755 --- a/client/bindir/cloud-setup-management.in +++ b/client/bindir/cloud-setup-management.in @@ -16,8 +16,9 @@ # specific language governing permissions and limitations # under the License. +import sys from cloudutils.syscfg import sysConfigFactory -from cloudutils.utilities import initLoging +from cloudutils.utilities import initLoging, UnknownSystemException from cloudutils.cloudException import CloudRuntimeException, CloudInternalException from cloudutils.globalEnv import globalEnv from cloudutils.serviceConfigServer import cloudManagementConfig @@ -35,7 +36,12 @@ if __name__ == '__main__': glbEnv.mode = "Server" print "Starting to configure CloudStack Management Server:" - syscfg = sysConfigFactory.getSysConfigFactory(glbEnv) + try: + syscfg = sysConfigFactory.getSysConfigFactory(glbEnv) + except UnknownSystemException: + print >>sys.stderr, ("Error: CloudStack failed to detect your " + "operating system. Exiting.") + sys.exit(1) try: syscfg.registerService(cloudManagementConfig) syscfg.config() diff --git a/python/lib/cloudutils/utilities.py b/python/lib/cloudutils/utilities.py index adf81fcbd4c..3f5f2a9dc8b 100755 --- a/python/lib/cloudutils/utilities.py +++ b/python/lib/cloudutils/utilities.py @@ -96,6 +96,10 @@ def writeProgressBar(msg, result): output = "[%-6s]\n"%"Failed" sys.stdout.write(output) sys.stdout.flush() + +class UnknownSystemException(Exception): + "This Excption is raised if the current operating enviornment is unknown" + pass class Distribution: def __init__(self): @@ -120,7 +124,7 @@ class Distribution: self.arch = bash("uname -m").getStdout() else: - self.distro = "Unknown" + raise UnknownSystemException def getVersion(self): return self.distro From c06218d32f3e4b20ec86303639af847cb911ec39 Mon Sep 17 00:00:00 2001 From: Pranav Saxena Date: Mon, 14 Jan 2013 16:49:42 +0530 Subject: [PATCH 16/40] CLOUDSTACK-971:Error Dialog is empty --- ui/scripts/sharedFunctions.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ui/scripts/sharedFunctions.js b/ui/scripts/sharedFunctions.js index eb78ad15da0..51c4fdb5902 100644 --- a/ui/scripts/sharedFunctions.js +++ b/ui/scripts/sharedFunctions.js @@ -208,12 +208,13 @@ function parseXMLHttpResponse(XMLHttpResponse) { var json = JSON.parse(XMLHttpResponse.responseText); if (json != null) { var property; - for(property in json) {} + for(property in json) { var errorObj = json[property]; if(errorObj.errorcode == 401 && errorObj.errortext == "unable to verify user credentials and/or request signature") return _l('label.session.expired'); else return _s(errorObj.errortext); + } } else { return ""; From 0293d3d665ad41ea2e49a01f9c0fd6cf4547a9bf Mon Sep 17 00:00:00 2001 From: Marcus Sorensen Date: Mon, 14 Jan 2013 10:51:39 -0700 Subject: [PATCH 17/40] Summary: Allow passing 'storagetype' to DiskOffering.create in marvin base.py Signed-off-by: Marcus Sorensen 1358185899 -0700 --- tools/marvin/marvin/integration/lib/base.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py index 0daea5dd579..726a628d070 100644 --- a/tools/marvin/marvin/integration/lib/base.py +++ b/tools/marvin/marvin/integration/lib/base.py @@ -1109,6 +1109,9 @@ class DiskOffering: if domainid: cmd.domainid = domainid + if services["storagetype"]: + cmd.storagetype = services["storagetype"] + return DiskOffering(apiclient.createDiskOffering(cmd).__dict__) def delete(self, apiclient): From 9139949d966c45153899b056aa3b19da55e6931f Mon Sep 17 00:00:00 2001 From: Marcus Sorensen Date: Mon, 14 Jan 2013 12:57:12 -0700 Subject: [PATCH 18/40] Summary: Adding devcloud-advanced.cfg marvin config for advanced network testing Signed-off-by: Marcus Sorensen 1358193432 -0700 --- tools/devcloud/devcloud-advanced.cfg | 105 +++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 tools/devcloud/devcloud-advanced.cfg diff --git a/tools/devcloud/devcloud-advanced.cfg b/tools/devcloud/devcloud-advanced.cfg new file mode 100644 index 00000000000..54cdd44f95b --- /dev/null +++ b/tools/devcloud/devcloud-advanced.cfg @@ -0,0 +1,105 @@ +{ + "zones": [ + { + "localstorageenabled": "true", + "name": "testzone", + "guestcidraddress": "10.1.1.0/24", + "dns1": "8.8.8.8", + "physical_networks": [ + { + "broadcastdomainrange": "Zone", + "vlan": "3900-4000", + "name": "eth0", + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + }, + { + "broadcastdomainrange": "ZONE", + "name": "VpcVirtualRouter" + } + ] + }, + { + "broadcastdomainrange": "Zone", + "name": "eth1", + "traffictypes": [ + { + "xen": "Pool-wide network associated with eth1", + "typ": "Public" + } + ], + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + } + ] + } + ], + "ipranges": [ + { + "startip": "10.0.3.100", + "endip": "10.0.3.199", + "netmask": "255.255.255.0", + "vlan": "untagged", + "gateway": "10.0.3.2" + } + ], + "networktype": "Advanced", + "pods": [ + { + "endip": "192.168.56.249", + "name": "testpod", + "startip": "192.168.56.200", + "netmask": "255.255.255.0", + "clusters": [ + { + "clustername": "testcluster", + "hypervisor": "XenServer", + "hosts": [ + { + "username": "root", + "url": "http://192.168.56.10/", + "password": "password" + } + ], + "clustertype": "CloudManaged" + } + ], + "gateway": "192.168.56.1" + } + ], + "internaldns1": "8.8.4.4", + "secondaryStorages": [ + { + "url": "nfs://192.168.56.10:/opt/storage/secondary" + } + ] + } + ], + "dbSvr": { + "dbSvr": "127.0.0.1", + "passwd": "cloud", + "db": "cloud", + "port": 3306, + "user": "cloud" + }, + "logger": [ + { + "name": "TestClient", + "file": "/var/log/testclient.log" + }, + { + "name": "TestCase", + "file": "/var/log/testcase.log" + } + ], + "mgtSvr": [ + { + "mgtSvrIp": "192.168.56.10", + "port": 8096 + } + ] +} From 896e505da6de08e723b339e748064de10d250c8c Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Mon, 14 Jan 2013 15:06:46 -0800 Subject: [PATCH 19/40] APIChecker: Make interface generic, pass user and not just role Signed-off-by: Rohit Yadav --- api/src/org/apache/cloudstack/acl/APIChecker.java | 4 ++-- .../acl/StaticRoleBasedAPIAccessChecker.java | 12 +++++++++++- server/src/com/cloud/api/ApiServer.java | 4 +--- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/api/src/org/apache/cloudstack/acl/APIChecker.java b/api/src/org/apache/cloudstack/acl/APIChecker.java index b14dfe101ba..9e5c6c61108 100644 --- a/api/src/org/apache/cloudstack/acl/APIChecker.java +++ b/api/src/org/apache/cloudstack/acl/APIChecker.java @@ -17,11 +17,11 @@ package org.apache.cloudstack.acl; import com.cloud.exception.PermissionDeniedException; -import org.apache.cloudstack.acl.RoleType; +import com.cloud.user.User; import com.cloud.utils.component.Adapter; // APIChecker checks the ownership and access control to API requests public interface APIChecker extends Adapter { // Interface for checking access for a role using apiname - boolean checkAccess(RoleType roleType, String apiCommandName) throws PermissionDeniedException; + boolean checkAccess(User user, String apiCommandName) throws PermissionDeniedException; } diff --git a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java index affd69ed89c..55db2880664 100644 --- a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java +++ b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java @@ -18,6 +18,9 @@ package org.apache.cloudstack.acl; import com.cloud.exception.PermissionDeniedException; import com.cloud.server.ManagementServer; +import com.cloud.user.Account; +import com.cloud.user.AccountService; +import com.cloud.user.User; import com.cloud.utils.component.AdapterBase; import com.cloud.utils.component.ComponentLocator; import com.cloud.utils.component.PluggableService; @@ -42,6 +45,8 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC private static Map> s_roleBasedApisMap = new HashMap>(); + private static AccountService s_accountService; + protected StaticRoleBasedAPIAccessChecker() { super(); for (RoleType roleType: RoleType.values()) @@ -49,8 +54,10 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC } @Override - public boolean checkAccess(RoleType roleType, String commandName) + public boolean checkAccess(User user, String commandName) throws PermissionDeniedException { + Account account = s_accountService.getAccount(user.getAccountId()); + RoleType roleType = s_accountService.getRoleType(account); boolean isAllowed = s_roleBasedApisMap.get(roleType).contains(commandName); if (!isAllowed) { throw new PermissionDeniedException("The API does not exist or is blacklisted. Role type=" + roleType.toString() + " is not allowed to request the api: " + commandName); @@ -64,6 +71,9 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC // Read command properties files to build the static map per role. ComponentLocator locator = ComponentLocator.getLocator(ManagementServer.Name); + + s_accountService = locator.getManager(AccountService.class); + List services = locator.getAllPluggableServices(); services.add((PluggableService) ComponentLocator.getComponent(ManagementServer.Name)); diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index 03462e488ef..c8511b2991d 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -785,11 +785,9 @@ public class ApiServer implements HttpRequestHandler { throw new PermissionDeniedException("User is null for role based API access check for command" + commandName); } - Account account = _accountMgr.getAccount(user.getAccountId()); - RoleType roleType = _accountMgr.getRoleType(account); for (APIChecker apiChecker : _apiAccessCheckers) { // Fail the checking if any checker fails to verify - if (!apiChecker.checkAccess(roleType, commandName)) + if (!apiChecker.checkAccess(user, commandName)) return false; } return true; From e97090a9202452a0ecdff2da55181517cb5b2364 Mon Sep 17 00:00:00 2001 From: Marcus Sorensen Date: Mon, 14 Jan 2013 17:15:22 -0700 Subject: [PATCH 20/40] Summary: Updated devcloud-advanced.cfg and devcloud-kvm-advanced.cfg Signed-off-by: Marcus Sorensen 1358208922 -0700 --- tools/devcloud-kvm/devcloud-kvm-advanced.cfg | 144 +++++-------------- tools/devcloud/devcloud-advanced.cfg | 10 ++ 2 files changed, 48 insertions(+), 106 deletions(-) diff --git a/tools/devcloud-kvm/devcloud-kvm-advanced.cfg b/tools/devcloud-kvm/devcloud-kvm-advanced.cfg index b96805ede2a..1110863d848 100644 --- a/tools/devcloud-kvm/devcloud-kvm-advanced.cfg +++ b/tools/devcloud-kvm/devcloud-kvm-advanced.cfg @@ -2,12 +2,24 @@ "zones": [ { "localstorageenabled": "true", - "name": "Devcloud-KVM", + "name": "testzone", "guestcidraddress": "10.1.1.0/24", "dns1": "8.8.8.8", "physical_networks": [ { - "name": "eth0", + "broadcastdomainrange": "Zone", + "vlan": "3900-4000", + "name": "eth0", + "traffictypes": [ + { + "kvm": "cloudbr0", + "typ": "Management" + }, + { + "kvm": "cloudbr0", + "typ": "Guest" + } + ], "providers": [ { "broadcastdomainrange": "ZONE", @@ -17,90 +29,62 @@ "broadcastdomainrange": "ZONE", "name": "VpcVirtualRouter" } - ], - "broadcastdomainrange": "Zone", - "vlan": "3900-3919", - "traffictypes": [ - { - "kvm": "kvm-guest", - "typ": "Guest" - }, - { - "typ": "Management" - } - ], - "tags": [ - "devcloud-guest" ] }, { + "broadcastdomainrange": "Zone", "name": "eth1", + "traffictypes": [ + { + "kvm": "cloudbr1", + "typ": "Public" + } + ], "providers": [ { "broadcastdomainrange": "ZONE", "name": "VirtualRouter" - }, - { - "broadcastdomainrange": "ZONE", - "name": "VpcVirtualRouter" } - ], - "broadcastdomainrange": "Zone", - "vlan": "3920-3939", - "traffictypes": [ - { - "kvm": "kvm-public", - "typ": "Public" - } - ], - "tags": [ - "devcloud-public" ] } ], "ipranges": [ { - "startip": "10.0.3.100", - "endip": "10.0.3.199", + "startip": "192.168.100.100", + "endip": "192.168.100.199", "netmask": "255.255.255.0", - "vlan": "31", - "gateway": "10.0.3.2" + "vlan": "untagged", + "gateway": "192.168.100.1" } ], "networktype": "Advanced", "pods": [ { - "endip": "192.168.56.249", - "name": "POD0", - "startip": "192.168.56.200", + "endip": "172.17.10.199", + "name": "testpod", + "startip": "172.17.10.100", "netmask": "255.255.255.0", "clusters": [ { - "clustername": "C0", + "clustername": "testcluster", "hypervisor": "KVM", "hosts": [ { "username": "root", - "url": "http://192.168.56.10", + "url": "http://172.17.10.10/", "password": "password" } ], - "clustertype": "CloudManaged", - "primaryStorages": [ - { - "url": "nfs://192.168.56.10/opt/storage/primary", - "name": "PS0" - } - ] + "clustertype": "CloudManaged" } ], - "gateway": "192.168.56.1" + "gateway": "172.17.10.1" } ], - "internaldns1": "8.8.8.8", + "internaldns1": "8.8.4.4", "secondaryStorages": [ { - "url": "nfs://192.168.56.10/opt/storage/secondary" + "url": "nfs://172.17.10.10:/nfs/secondary" } ] } @@ -115,69 +99,17 @@ "logger": [ { "name": "TestClient", - "file": "testclient.log" + "file": "/var/log/testclient.log" }, { "name": "TestCase", - "file": "testcase.log" - } - ], - "globalConfig": [ - { - "name": "storage.cleanup.interval", - "value": "300" - }, - { - "name": "instance.name", - "value": "vm" - }, - { - "name": "workers", - "value": "10" - }, - { - "name": "vm.op.wait.interval", - "value": "5" - }, - { - "name": "account.cleanup.interval", - "value": "600" - }, - { - "name": "guest.domain.suffix", - "value": "devcloud.kvm" - }, - { - "name": "expunge.delay", - "value": "60" - }, - { - "name": "vm.allocation.algorithm", - "value": "random" - }, - { - "name": "expunge.interval", - "value": "60" - }, - { - "name": "expunge.workers", - "value": "3" - }, - { - "name": "secstorage.allowed.internal.sites", - "value": "10.147.28.0/24" - }, - { - "name": "check.pod.cidrs", - "value": "true" + "file": "/var/log/testcase.log" } ], "mgtSvr": [ { - "mgtSvrIp": "127.0.0.1", - "passwd": "password", - "user": "root", + "mgtSvrIp": "172.17.10.10", "port": 8096 } ] -} \ No newline at end of file +} diff --git a/tools/devcloud/devcloud-advanced.cfg b/tools/devcloud/devcloud-advanced.cfg index 54cdd44f95b..ad4cdda1912 100644 --- a/tools/devcloud/devcloud-advanced.cfg +++ b/tools/devcloud/devcloud-advanced.cfg @@ -10,6 +10,16 @@ "broadcastdomainrange": "Zone", "vlan": "3900-4000", "name": "eth0", + "traffictypes": [ + { + "xen": "Pool-wide network associated with eth0", + "typ": "Management" + }, + { + "xen": "Pool-wide network associated with eth0", + "typ": "Guest" + } + ], "providers": [ { "broadcastdomainrange": "ZONE", From 3aba867e1630cf7071fb97b5f925dced1b5439d6 Mon Sep 17 00:00:00 2001 From: anthony Date: Mon, 14 Jan 2013 18:25:32 -0800 Subject: [PATCH 21/40] only basic network is pod based. it has nothing to do with shared SG enabled netwokr --- .../network/router/VirtualNetworkApplianceManagerImpl.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 1f74c7174e8..492e1dc20b1 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1381,9 +1381,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian assert guestNetwork.getTrafficType() == TrafficType.Guest; // 1) Get deployment plan and find out the list of routers - boolean isPodBased = (dest.getDataCenter().getNetworkType() == NetworkType.Basic || - _networkMgr.areServicesSupportedInNetwork(guestNetwork.getId(), Service.SecurityGroup)) - && guestNetwork.getTrafficType() == TrafficType.Guest; + boolean isPodBased = (dest.getDataCenter().getNetworkType() == NetworkType.Basic); // dest has pod=null, for Basic Zone findOrDeployVRs for all Pods List destinations = new ArrayList(); From 0a1e4b8cf95a3e0041e3f306c4dfad09b3b6216a Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Mon, 14 Jan 2013 16:46:12 -0800 Subject: [PATCH 22/40] tomcatconf: Move apiname:mask rules in commands.properties.in, delete others Signed-off-by: Rohit Yadav --- .../cisconexusvsm_commands.properties.in | 25 ------ client/tomcatconf/commands-ext.properties.in | 28 ------- client/tomcatconf/commands.properties.in | 84 +++++++++++++++++++ .../tomcatconf/f5bigip_commands.properties.in | 32 ------- .../junipersrx_commands.properties.in | 30 ------- .../tomcatconf/netapp_commands.properties.in | 33 -------- ...tscalerloadbalancer_commands.properties.in | 26 ------ .../nicira-nvp_commands.properties.in | 29 ------- .../simulator_commands.properties.in | 19 ----- .../virtualrouter_commands.properties.in | 24 ------ 10 files changed, 84 insertions(+), 246 deletions(-) delete mode 100644 client/tomcatconf/cisconexusvsm_commands.properties.in delete mode 100644 client/tomcatconf/commands-ext.properties.in delete mode 100644 client/tomcatconf/f5bigip_commands.properties.in delete mode 100644 client/tomcatconf/junipersrx_commands.properties.in delete mode 100644 client/tomcatconf/netapp_commands.properties.in delete mode 100644 client/tomcatconf/netscalerloadbalancer_commands.properties.in delete mode 100644 client/tomcatconf/nicira-nvp_commands.properties.in delete mode 100644 client/tomcatconf/simulator_commands.properties.in delete mode 100644 client/tomcatconf/virtualrouter_commands.properties.in diff --git a/client/tomcatconf/cisconexusvsm_commands.properties.in b/client/tomcatconf/cisconexusvsm_commands.properties.in deleted file mode 100644 index 0427ba2d212..00000000000 --- a/client/tomcatconf/cisconexusvsm_commands.properties.in +++ /dev/null @@ -1,25 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -#### Cisco Nexus 1000v Virtual Supervisor Module (VSM) commands -deleteCiscoNexusVSM=1 -enableCiscoNexusVSM=1 -disableCiscoNexusVSM=1 -listCiscoNexusVSMs=1 diff --git a/client/tomcatconf/commands-ext.properties.in b/client/tomcatconf/commands-ext.properties.in deleted file mode 100644 index cd1d0eac066..00000000000 --- a/client/tomcatconf/commands-ext.properties.in +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -#### usage commands -generateUsageRecords=com.cloud.api.commands.GenerateUsageRecordsCmd;1 -listUsageRecords=com.cloud.api.commands.GetUsageRecordsCmd;1 -listUsageTypes=com.cloud.api.commands.ListUsageTypesCmd;1 - -#### traffic monitor commands -addTrafficMonitor=com.cloud.api.commands.AddTrafficMonitorCmd;1 -deleteTrafficMonitor=com.cloud.api.commands.DeleteTrafficMonitorCmd;1 -listTrafficMonitors=com.cloud.api.commands.ListTrafficMonitorsCmd;1 - - diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in index 3872f2a8783..99cb874a55f 100644 --- a/client/tomcatconf/commands.properties.in +++ b/client/tomcatconf/commands.properties.in @@ -424,3 +424,87 @@ resetVpnConnection=15 listVpnCustomerGateways=15 listVpnGateways=15 listVpnConnections=15 + +#### router commands +createVirtualRouterElement=7 +configureVirtualRouterElement=7 +listVirtualRouterElements=7 + +#### usage commands +generateUsageRecords=1 +listUsageRecords=1 +listUsageTypes=1 + +#### traffic monitor commands +addTrafficMonitor=1 +deleteTrafficMonitor=1 +listTrafficMonitors=1 + +#### Cisco Nexus 1000v Virtual Supervisor Module (VSM) commands +deleteCiscoNexusVSM=1 +enableCiscoNexusVSM=1 +disableCiscoNexusVSM=1 +listCiscoNexusVSMs=1 + +#### f5 big ip load balancer commands + +#Deprecated commands +addExternalLoadBalancer=1 +deleteExternalLoadBalancer=1 +listExternalLoadBalancers=1 + +addF5LoadBalancer=1 +configureF5LoadBalancer=1 +deleteF5LoadBalancer=1 +listF5LoadBalancers=1 +listF5LoadBalancerNetworks=1 + +#### juniper srx firewall commands +addExternalFirewall=1 +deleteExternalFirewall=1 +listExternalFirewalls=1 + +addSrxFirewall=1 +deleteSrxFirewall=1 +configureSrxFirewall=1 +listSrxFirewalls=1 +listSrxFirewallNetworks=1 + +####Netapp integration commands +createVolumeOnFiler=15 +destroyVolumeOnFiler=15 +listVolumesOnFiler=15 +createLunOnFiler=15 +destroyLunOnFiler=15 +listLunsOnFiler=15 +associateLun=15 +dissociateLun=15 +createPool=15 +deletePool=15 +modifyPool=15 +listPools=15 + +#### netscaler load balancer commands +addNetscalerLoadBalancer=1 +deleteNetscalerLoadBalancer=1 +configureNetscalerLoadBalancer=1 +listNetscalerLoadBalancers=1 +listNetscalerLoadBalancerNetworks=1 + +#### nicira nvp commands + +addNiciraNvpDevice=1 +deleteNiciraNvpDevice=1 +listNiciraNvpDevices=1 +listNiciraNvpDeviceNetworks=1 + +# Not implemented (yet) +#configureNiciraNvpDevice=1 + +#### host simulator commands + +configureSimulator=1 + +#### api discovery commands + +listApis=15 diff --git a/client/tomcatconf/f5bigip_commands.properties.in b/client/tomcatconf/f5bigip_commands.properties.in deleted file mode 100644 index 8c3cc2a145a..00000000000 --- a/client/tomcatconf/f5bigip_commands.properties.in +++ /dev/null @@ -1,32 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -#### f5 big ip load balancer commands - -#Deprecated commands -addExternalLoadBalancer=1 -deleteExternalLoadBalancer=1 -listExternalLoadBalancers=1 - -addF5LoadBalancer=1 -configureF5LoadBalancer=1 -deleteF5LoadBalancer=1 -listF5LoadBalancers=1 -listF5LoadBalancerNetworks=1 diff --git a/client/tomcatconf/junipersrx_commands.properties.in b/client/tomcatconf/junipersrx_commands.properties.in deleted file mode 100644 index 2cadc62c57e..00000000000 --- a/client/tomcatconf/junipersrx_commands.properties.in +++ /dev/null @@ -1,30 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -#### juniper srx firewall commands -addExternalFirewall=1 -deleteExternalFirewall=1 -listExternalFirewalls=1 - -addSrxFirewall=1 -deleteSrxFirewall=1 -configureSrxFirewall=1 -listSrxFirewalls=1 -listSrxFirewallNetworks=1 diff --git a/client/tomcatconf/netapp_commands.properties.in b/client/tomcatconf/netapp_commands.properties.in deleted file mode 100644 index ea17ac0560b..00000000000 --- a/client/tomcatconf/netapp_commands.properties.in +++ /dev/null @@ -1,33 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -####Netapp integration commands -createVolumeOnFiler=15 -destroyVolumeOnFiler=15 -listVolumesOnFiler=15 -createLunOnFiler=15 -destroyLunOnFiler=15 -listLunsOnFiler=15 -associateLun=15 -dissociateLun=15 -createPool=15 -deletePool=15 -modifyPool=15 -listPools=15 diff --git a/client/tomcatconf/netscalerloadbalancer_commands.properties.in b/client/tomcatconf/netscalerloadbalancer_commands.properties.in deleted file mode 100644 index 9eeb8da9987..00000000000 --- a/client/tomcatconf/netscalerloadbalancer_commands.properties.in +++ /dev/null @@ -1,26 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -#### netscaler load balancer commands -addNetscalerLoadBalancer=1 -deleteNetscalerLoadBalancer=1 -configureNetscalerLoadBalancer=1 -listNetscalerLoadBalancers=1 -listNetscalerLoadBalancerNetworks=1 diff --git a/client/tomcatconf/nicira-nvp_commands.properties.in b/client/tomcatconf/nicira-nvp_commands.properties.in deleted file mode 100644 index 1b2b5253394..00000000000 --- a/client/tomcatconf/nicira-nvp_commands.properties.in +++ /dev/null @@ -1,29 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -#### nicira nvp commands - -addNiciraNvpDevice=1 -deleteNiciraNvpDevice=1 -listNiciraNvpDevices=1 -listNiciraNvpDeviceNetworks=1 - -# Not implemented (yet) -#configureNiciraNvpDevice=1 diff --git a/client/tomcatconf/simulator_commands.properties.in b/client/tomcatconf/simulator_commands.properties.in deleted file mode 100644 index b7213a28c05..00000000000 --- a/client/tomcatconf/simulator_commands.properties.in +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - - -configureSimulator=1 diff --git a/client/tomcatconf/virtualrouter_commands.properties.in b/client/tomcatconf/virtualrouter_commands.properties.in deleted file mode 100644 index 169496b8f4d..00000000000 --- a/client/tomcatconf/virtualrouter_commands.properties.in +++ /dev/null @@ -1,24 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -#### router commands -createVirtualRouterElement=7 -configureVirtualRouterElement=7 -listVirtualRouterElements=7 From b9c020fa7c80481fa9444dc6affb1beb069a8768 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Mon, 14 Jan 2013 18:54:26 -0800 Subject: [PATCH 23/40] APIChecker: Fix interface definition to take in User Signed-off-by: Rohit Yadav --- api/src/org/apache/cloudstack/acl/APIChecker.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/api/src/org/apache/cloudstack/acl/APIChecker.java b/api/src/org/apache/cloudstack/acl/APIChecker.java index 9e5c6c61108..0d0dfd1be4e 100644 --- a/api/src/org/apache/cloudstack/acl/APIChecker.java +++ b/api/src/org/apache/cloudstack/acl/APIChecker.java @@ -23,5 +23,8 @@ import com.cloud.utils.component.Adapter; // APIChecker checks the ownership and access control to API requests public interface APIChecker extends Adapter { // Interface for checking access for a role using apiname + // If true, apiChecker has checked the operation + // If false, apiChecker is unable to handle the operation or not implemented + // On exception, checkAccess failed don't allow boolean checkAccess(User user, String apiCommandName) throws PermissionDeniedException; } From 0a31945ee589e2db8886fd8a01bdfaf91e6cfd26 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Mon, 14 Jan 2013 18:54:58 -0800 Subject: [PATCH 24/40] PluggableService: Fix interface to return list of cmd classes Signed-off-by: Rohit Yadav --- utils/src/com/cloud/utils/component/PluggableService.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/utils/src/com/cloud/utils/component/PluggableService.java b/utils/src/com/cloud/utils/component/PluggableService.java index f6f72a904d0..5e0e4dfff16 100644 --- a/utils/src/com/cloud/utils/component/PluggableService.java +++ b/utils/src/com/cloud/utils/component/PluggableService.java @@ -16,11 +16,12 @@ // under the License. package com.cloud.utils.component; +import java.util.List; import java.util.Map; // This interface defines methods for pluggable code within the Cloud Stack. public interface PluggableService { // The config command properties filenames that lists allowed API commands // and role masks supported by this pluggable service - Map getProperties(); + List> getCommands(); } From 8f27c711e58e447409fb1b496dfeab9cf4cd7d63 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Mon, 14 Jan 2013 18:56:02 -0800 Subject: [PATCH 25/40] ApiServer: Process through chain of api access checker, on failure it will throw exception Signed-off-by: Rohit Yadav --- server/src/com/cloud/api/ApiServer.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index c8511b2991d..4d60215b276 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -786,9 +786,7 @@ public class ApiServer implements HttpRequestHandler { } for (APIChecker apiChecker : _apiAccessCheckers) { - // Fail the checking if any checker fails to verify - if (!apiChecker.checkAccess(user, commandName)) - return false; + apiChecker.checkAccess(user, commandName); } return true; } From c318561d6c69a2a7ac3aa7dd6df99f12637ddb27 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Mon, 14 Jan 2013 18:57:22 -0800 Subject: [PATCH 26/40] ApiDiscovery: Get rid of redundant code, use apichecker to generate role based maps Signed-off-by: Rohit Yadav --- .../command/user/discovery/ListApisCmd.java | 10 +- .../discovery/ApiDiscoveryService.java | 4 +- .../discovery/ApiDiscoveryServiceImpl.java | 116 ++++++++---------- 3 files changed, 61 insertions(+), 69 deletions(-) diff --git a/plugins/api/discovery/src/org/apache/cloudstack/api/command/user/discovery/ListApisCmd.java b/plugins/api/discovery/src/org/apache/cloudstack/api/command/user/discovery/ListApisCmd.java index ed3e1751027..132416bac05 100644 --- a/plugins/api/discovery/src/org/apache/cloudstack/api/command/user/discovery/ListApisCmd.java +++ b/plugins/api/discovery/src/org/apache/cloudstack/api/command/user/discovery/ListApisCmd.java @@ -16,7 +16,10 @@ // under the License. package org.apache.cloudstack.api.command.user.discovery; +import com.cloud.user.AccountService; +import com.cloud.user.User; import com.cloud.user.UserContext; +import com.cloud.utils.component.Inject; import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; @@ -39,14 +42,17 @@ public class ListApisCmd extends BaseCmd { @PlugService ApiDiscoveryService _apiDiscoveryService; + @Inject + private AccountService _accountService; + @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, description="API name") private String name; @Override public void execute() throws ServerApiException { if (_apiDiscoveryService != null) { - RoleType roleType = _accountService.getRoleType(UserContext.current().getCaller()); - ListResponse response = (ListResponse) _apiDiscoveryService.listApis(roleType, name); + User user = _accountService.getActiveUser(UserContext.current().getCallerUserId()); + ListResponse response = (ListResponse) _apiDiscoveryService.listApis(user, name); if (response == null) { throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Api Discovery plugin was unable to find an api by that name or process any apis"); } diff --git a/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryService.java b/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryService.java index 611493bfc08..6458c5619e8 100644 --- a/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryService.java +++ b/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryService.java @@ -16,11 +16,11 @@ // under the License. package org.apache.cloudstack.discovery; +import com.cloud.user.User; import com.cloud.utils.component.PluggableService; -import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.BaseResponse; import org.apache.cloudstack.api.response.ListResponse; public interface ApiDiscoveryService extends PluggableService { - ListResponse listApis(RoleType roleType, String apiName); + ListResponse listApis(User user, String apiName); } diff --git a/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java b/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java index 5f84486ae49..7e2ed17ecdc 100644 --- a/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java +++ b/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java @@ -18,11 +18,15 @@ package org.apache.cloudstack.discovery; import com.cloud.serializer.Param; import com.cloud.server.ManagementServer; +import com.cloud.user.User; import com.cloud.utils.ReflectUtil; import com.cloud.utils.StringUtils; +import com.cloud.utils.component.Adapters; import com.cloud.utils.component.ComponentLocator; +import com.cloud.utils.component.Inject; import com.cloud.utils.component.PluggableService; import com.google.gson.annotations.SerializedName; +import org.apache.cloudstack.acl.APIChecker; import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.BaseCmd; @@ -30,6 +34,7 @@ import org.apache.cloudstack.api.BaseAsyncCmd; import org.apache.cloudstack.api.BaseAsyncCreateCmd; import org.apache.cloudstack.api.BaseResponse; import org.apache.cloudstack.api.Parameter; +import org.apache.cloudstack.api.command.user.discovery.ListApisCmd; import org.apache.cloudstack.api.response.ApiDiscoveryResponse; import org.apache.cloudstack.api.response.ApiParameterResponse; import org.apache.cloudstack.api.response.ApiResponseResponse; @@ -49,57 +54,31 @@ import java.util.Set; public class ApiDiscoveryServiceImpl implements ApiDiscoveryService { private static final Logger s_logger = Logger.getLogger(ApiDiscoveryServiceImpl.class); - private static Map> _roleTypeDiscoveryResponseListMap; + @Inject(adapter = APIChecker.class) + protected Adapters _apiAccessCheckers; - private static Map _apiNameDiscoveryResponseMap = - new HashMap(); - - private static Map> _apiNameRoleTypeListMap = null; + private static Map _apiNameDiscoveryResponseMap = null; protected ApiDiscoveryServiceImpl() { super(); - if (_roleTypeDiscoveryResponseListMap == null) { + if (_apiNameDiscoveryResponseMap == null) { long startTime = System.nanoTime(); - _roleTypeDiscoveryResponseListMap = new HashMap>(); - for (RoleType roleType: RoleType.values()) - _roleTypeDiscoveryResponseListMap.put(roleType, new ArrayList()); + _apiNameDiscoveryResponseMap = new HashMap(); cacheResponseMap(); long endTime = System.nanoTime(); s_logger.info("Api Discovery Service: Annotation, docstrings, api relation graph processed in " + (endTime - startTime) / 1000000.0 + " ms"); } } - private Map> getApiNameRoleTypeListMap() { - Map> apiNameRoleTypeMap = new HashMap>(); - ComponentLocator locator = ComponentLocator.getLocator(ManagementServer.Name); - List services = locator.getAllPluggableServices(); - services.add((PluggableService) ComponentLocator.getComponent(ManagementServer.Name)); - for (PluggableService service : services) { - for (Map.Entry entry: service.getProperties().entrySet()) { - String apiName = entry.getKey(); - String roleMask = entry.getValue(); - try { - short cmdPermissions = Short.parseShort(roleMask); - if (!apiNameRoleTypeMap.containsKey(apiName)) - apiNameRoleTypeMap.put(apiName, new ArrayList()); - for (RoleType roleType: RoleType.values()) { - if ((cmdPermissions & roleType.getValue()) != 0) - apiNameRoleTypeMap.get(apiName).add(roleType); - } - } catch (NumberFormatException nfe) { - } - } - } - return apiNameRoleTypeMap; - } - private void cacheResponseMap() { Set> cmdClasses = ReflectUtil.getClassesWithAnnotation(APICommand.class, new String[]{"org.apache.cloudstack.api", "com.cloud.api"}); + //TODO: Fix and use PluggableService to get the classes + Map> responseApiNameListMap = new HashMap>(); - for(Class cmdClass: cmdClasses) { + for (Class cmdClass : cmdClasses) { APICommand apiCmdAnnotation = cmdClass.getAnnotation(APICommand.class); if (apiCmdAnnotation == null) apiCmdAnnotation = cmdClass.getSuperclass().getAnnotation(APICommand.class); @@ -123,9 +102,9 @@ public class ApiDiscoveryServiceImpl implements ApiDiscoveryService { response.setRelated(responseName); Field[] responseFields = apiCmdAnnotation.responseObject().getDeclaredFields(); - for(Field responseField: responseFields) { + for (Field responseField : responseFields) { SerializedName serializedName = responseField.getAnnotation(SerializedName.class); - if(serializedName != null) { + if (serializedName != null) { ApiResponseResponse responseResponse = new ApiResponseResponse(); responseResponse.setName(serializedName.value()); Param param = responseField.getAnnotation(Param.class); @@ -137,14 +116,14 @@ public class ApiDiscoveryServiceImpl implements ApiDiscoveryService { } Field[] fields = ReflectUtil.getAllFieldsForClass(cmdClass, - new Class[] {BaseCmd.class, BaseAsyncCmd.class, BaseAsyncCreateCmd.class}); + new Class[]{BaseCmd.class, BaseAsyncCmd.class, BaseAsyncCreateCmd.class}); boolean isAsync = ReflectUtil.isCmdClassAsync(cmdClass, - new Class[] {BaseAsyncCmd.class, BaseAsyncCreateCmd.class}); + new Class[]{BaseAsyncCmd.class, BaseAsyncCreateCmd.class}); response.setAsync(isAsync); - for(Field field: fields) { + for (Field field : fields) { Parameter parameterAnnotation = field.getAnnotation(Parameter.class); if (parameterAnnotation != null && parameterAnnotation.expose() @@ -166,10 +145,10 @@ public class ApiDiscoveryServiceImpl implements ApiDiscoveryService { _apiNameDiscoveryResponseMap.put(apiName, response); } - for (String apiName: _apiNameDiscoveryResponseMap.keySet()) { + for (String apiName : _apiNameDiscoveryResponseMap.keySet()) { ApiDiscoveryResponse response = _apiNameDiscoveryResponseMap.get(apiName); Set processedParams = new HashSet(); - for (ApiParameterResponse param: response.getParams()) { + for (ApiParameterResponse param : response.getParams()) { if (responseApiNameListMap.containsKey(param.getRelated())) { List relatedApis = responseApiNameListMap.get(param.getRelated()); param.setRelated(StringUtils.join(relatedApis, ",")); @@ -192,41 +171,48 @@ public class ApiDiscoveryServiceImpl implements ApiDiscoveryService { } @Override - public ListResponse listApis(RoleType roleType, String name) { - // Creates roles based response list cache the first time listApis is called - // Due to how adapters work, this cannot be done when mgmt loads - if (_apiNameRoleTypeListMap == null) { - long startTime = System.nanoTime(); - _apiNameRoleTypeListMap = getApiNameRoleTypeListMap(); - for (Map.Entry> entry: _apiNameRoleTypeListMap.entrySet()) { - String apiName = entry.getKey(); - for (RoleType roleTypeInList: entry.getValue()) { - _roleTypeDiscoveryResponseListMap.get(roleTypeInList).add( - _apiNameDiscoveryResponseMap.get(apiName)); - } - } - long endTime = System.nanoTime(); - s_logger.info("Api Discovery Service: List apis cached in " + (endTime - startTime) / 1000000.0 + " ms"); - } + public ListResponse listApis(User user, String name) { ListResponse response = new ListResponse(); + List responseList = new ArrayList(); + + if (user == null) + return null; + if (name != null) { if (!_apiNameDiscoveryResponseMap.containsKey(name)) return null; - List singleResponse = new ArrayList(); - singleResponse.add(_apiNameDiscoveryResponseMap.get(name)); - response.setResponses(singleResponse); + for (APIChecker apiChecker : _apiAccessCheckers) { + try { + apiChecker.checkAccess(user, name); + } catch (Exception ex) { + return null; + } + } + responseList.add(_apiNameDiscoveryResponseMap.get(name)); } else { - response.setResponses(_roleTypeDiscoveryResponseListMap.get(roleType)); + for (String apiName : _apiNameDiscoveryResponseMap.keySet()) { + boolean isAllowed = true; + for (APIChecker apiChecker : _apiAccessCheckers) { + try { + apiChecker.checkAccess(user, name); + } catch (Exception ex) { + isAllowed = false; + } + } + if (isAllowed) + responseList.add(_apiNameDiscoveryResponseMap.get(apiName)); + } } + response.setResponses(responseList); return response; } @Override - public Map getProperties() { - Map apiDiscoveryPropertyMap = new HashMap(); - apiDiscoveryPropertyMap.put("listApis", "15"); - return apiDiscoveryPropertyMap; + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(ListApisCmd.class); + return cmdList; } } From 3ec985f46f7f251e5fb47cc3f4aa89e57f349454 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Mon, 14 Jan 2013 18:58:23 -0800 Subject: [PATCH 27/40] StaticRoleBased: commands.properties is actually cfg for this plugin Signed-off-by: Rohit Yadav --- .../acl/StaticRoleBasedAPIAccessChecker.java | 29 +++++++++---------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java index 55db2880664..16357846cba 100644 --- a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java +++ b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java @@ -21,15 +21,14 @@ import com.cloud.server.ManagementServer; import com.cloud.user.Account; import com.cloud.user.AccountService; import com.cloud.user.User; +import com.cloud.utils.PropertiesUtil; import com.cloud.utils.component.AdapterBase; import com.cloud.utils.component.ComponentLocator; -import com.cloud.utils.component.PluggableService; import javax.ejb.Local; import javax.naming.ConfigurationException; import java.util.HashMap; import java.util.HashSet; -import java.util.List; import java.util.Map; import java.util.Set; @@ -37,7 +36,7 @@ import org.apache.log4j.Logger; // This is the default API access checker that grab's the user's account // based on the account type, access is granted -@Local(value=APIChecker.class) +@Local(value = APIChecker.class) public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIChecker { protected static final Logger s_logger = Logger.getLogger(StaticRoleBasedAPIAccessChecker.class); @@ -49,7 +48,7 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC protected StaticRoleBasedAPIAccessChecker() { super(); - for (RoleType roleType: RoleType.values()) + for (RoleType roleType : RoleType.values()) s_roleBasedApisMap.put(roleType, new HashSet()); } @@ -57,6 +56,10 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC public boolean checkAccess(User user, String commandName) throws PermissionDeniedException { Account account = s_accountService.getAccount(user.getAccountId()); + if (account == null) { + throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null"); + } + RoleType roleType = s_accountService.getRoleType(account); boolean isAllowed = s_roleBasedApisMap.get(roleType).contains(commandName); if (!isAllowed) { @@ -71,32 +74,26 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC // Read command properties files to build the static map per role. ComponentLocator locator = ComponentLocator.getLocator(ManagementServer.Name); - s_accountService = locator.getManager(AccountService.class); - List services = locator.getAllPluggableServices(); - services.add((PluggableService) ComponentLocator.getComponent(ManagementServer.Name)); + processMapping(PropertiesUtil.processConfigFile(new String[] + {"commands.properties"})); - for (PluggableService service : services) { - processConfigFiles(service.getProperties(), service.getClass().toString()); - s_logger.info("Processed role based acl for: " + service.toString()); - } return true; } - private void processConfigFiles(Map configMap, String service) { - for (Map.Entry entry: configMap.entrySet()) { + private void processMapping(Map configMap) { + for (Map.Entry entry : configMap.entrySet()) { String apiName = entry.getKey(); String roleMask = entry.getValue(); try { short cmdPermissions = Short.parseShort(roleMask); - for (RoleType roleType: RoleType.values()) { + for (RoleType roleType : RoleType.values()) { if ((cmdPermissions & roleType.getValue()) != 0) s_roleBasedApisMap.get(roleType).add(apiName); } } catch (NumberFormatException nfe) { - s_logger.info("Malformed getProperties() value for service: " + service - + " for entry: " + entry.toString()); + s_logger.info("Malformed key=value pair for entry: " + entry.toString()); } } } From bca2c928e87ce81f54dccb918564714189b7d46e Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Mon, 14 Jan 2013 18:59:01 -0800 Subject: [PATCH 28/40] PluggableService: Fix interface definition Signed-off-by: Rohit Yadav --- .../server/ManagementServerSimulatorImpl.java | 11 ++++++----- .../network/element/CiscoNexusVSMElement.java | 11 ++++++++--- .../element/F5ExternalLoadBalancerElement.java | 15 ++++++++++++--- .../JuniperSRXExternalFirewallElement.java | 14 +++++++++++--- .../network/element/MidokuraMidonetElement.java | 9 ++------- .../cloud/network/element/NetscalerElement.java | 12 +++++++++--- .../cloud/network/element/NiciraNvpElement.java | 10 +++++++--- .../network/element/VirtualRouterElement.java | 10 +++++++--- .../com/cloud/server/ManagementServerExtImpl.java | 6 +++--- .../com/cloud/server/ManagementServerImpl.java | 6 +++--- 10 files changed, 68 insertions(+), 36 deletions(-) diff --git a/plugins/hypervisors/simulator/src/com/cloud/server/ManagementServerSimulatorImpl.java b/plugins/hypervisors/simulator/src/com/cloud/server/ManagementServerSimulatorImpl.java index 44ab26a020a..c639a556cb7 100644 --- a/plugins/hypervisors/simulator/src/com/cloud/server/ManagementServerSimulatorImpl.java +++ b/plugins/hypervisors/simulator/src/com/cloud/server/ManagementServerSimulatorImpl.java @@ -17,16 +17,17 @@ package com.cloud.server; +import com.cloud.api.commands.ConfigureSimulator; import com.cloud.utils.PropertiesUtil; +import java.util.List; import java.util.Map; public class ManagementServerSimulatorImpl extends ManagementServerExtImpl { @Override - public Map getProperties() { - Map apiNameRoleMaskMapping = super.getProperties(); - apiNameRoleMaskMapping.putAll(PropertiesUtil.processConfigFile(new String[] - {"commands-simulator.properties"})); - return apiNameRoleMaskMapping; + public List> getCommands() { + List> cmdList = super.getCommands(); + cmdList.add(ConfigureSimulator.class); + return cmdList; } } diff --git a/plugins/hypervisors/vmware/src/com/cloud/network/element/CiscoNexusVSMElement.java b/plugins/hypervisors/vmware/src/com/cloud/network/element/CiscoNexusVSMElement.java index 2cf87877859..68388a6fb18 100644 --- a/plugins/hypervisors/vmware/src/com/cloud/network/element/CiscoNexusVSMElement.java +++ b/plugins/hypervisors/vmware/src/com/cloud/network/element/CiscoNexusVSMElement.java @@ -17,6 +17,7 @@ package com.cloud.network.element; +import java.lang.Class; import java.lang.String; import java.util.List; import java.util.Map; @@ -239,8 +240,12 @@ public class CiscoNexusVSMElement extends CiscoNexusVSMDeviceManagerImpl impleme } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "cisconexusvsm_commands.properties" }); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(ListCiscoNexusVSMsCmd.class); + cmdList.add(EnableCiscoNexusVSMCmd.class); + cmdList.add(DisableCiscoNexusVSMCmd.class); + cmdList.add(DeleteCiscoNexusVSMCmd.class); + return cmdList; } } diff --git a/plugins/network-elements/f5/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java b/plugins/network-elements/f5/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java index 438498ff38c..b9739ec21df 100644 --- a/plugins/network-elements/f5/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java +++ b/plugins/network-elements/f5/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java @@ -16,6 +16,7 @@ // under the License. package com.cloud.network.element; +import java.lang.Class; import java.lang.String; import java.util.ArrayList; import java.util.HashMap; @@ -262,9 +263,17 @@ public class F5ExternalLoadBalancerElement extends ExternalLoadBalancerDeviceMan } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "f5bigip_commands.properties" }); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(AddExternalLoadBalancerCmd.class); + cmdList.add(AddF5LoadBalancerCmd.class); + cmdList.add(ConfigureF5LoadBalancerCmd.class); + cmdList.add(DeleteExternalLoadBalancerCmd.class); + cmdList.add(DeleteF5LoadBalancerCmd.class); + cmdList.add(ListExternalLoadBalancersCmd.class); + cmdList.add(ListF5LoadBalancerNetworksCmd.class); + cmdList.add(ListF5LoadBalancersCmd.class); + return cmdList; } @Override diff --git a/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java b/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java index 55722ae23ab..6e9d32daa99 100644 --- a/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java +++ b/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java @@ -404,9 +404,17 @@ public class JuniperSRXExternalFirewallElement extends ExternalFirewallDeviceMan } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "junipersrx_commands.properties"}); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(AddExternalFirewallCmd.class); + cmdList.add(AddSrxFirewallCmd.class); + cmdList.add(ConfigureSrxFirewallCmd.class); + cmdList.add(DeleteExternalFirewallCmd.class); + cmdList.add(DeleteSrxFirewallCmd.class); + cmdList.add(ListExternalFirewallsCmd.class); + cmdList.add(ListSrxFirewallNetworksCmd.class); + cmdList.add(ListSrxFirewallsCmd.class); + return cmdList; } @Override diff --git a/plugins/network-elements/midokura-midonet/src/com/cloud/network/element/MidokuraMidonetElement.java b/plugins/network-elements/midokura-midonet/src/com/cloud/network/element/MidokuraMidonetElement.java index 56734669020..a45c5c0a47c 100644 --- a/plugins/network-elements/midokura-midonet/src/com/cloud/network/element/MidokuraMidonetElement.java +++ b/plugins/network-elements/midokura-midonet/src/com/cloud/network/element/MidokuraMidonetElement.java @@ -38,15 +38,10 @@ import com.cloud.vm.VirtualMachineProfile; import org.apache.log4j.Logger; import javax.ejb.Local; +import java.lang.Class; import java.util.Map; import java.util.Set; -/** - * User: tomoe - * Date: 8/8/12 - * Time: 1:38 PM - */ - @Local(value = NetworkElement.class) public class MidokuraMidonetElement extends AdapterBase implements ConnectivityProvider, PluggableService { private static final Logger s_logger = Logger.getLogger(MidokuraMidonetElement.class); @@ -126,7 +121,7 @@ public class MidokuraMidonetElement extends AdapterBase implements ConnectivityP } @Override - public String getPropertiesFile() { + public List> getCommands() { // TODO: implement this. return null; } diff --git a/plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java b/plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java index ac1619ef1f8..a1782107e19 100644 --- a/plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java +++ b/plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java @@ -16,6 +16,7 @@ // under the License. package com.cloud.network.element; +import java.lang.Class; import java.net.URI; import java.util.ArrayList; import java.util.HashMap; @@ -465,9 +466,14 @@ StaticNatServiceProvider { } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "netscalerloadbalancer_commands.properties" }); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(AddNetscalerLoadBalancerCmd.class); + cmdList.add(ConfigureNetscalerLoadBalancerCmd.class); + cmdList.add(DeleteNetscalerLoadBalancerCmd.class); + cmdList.add(ListNetscalerLoadBalancerNetworksCmd.class); + cmdList.add(ListNetscalerLoadBalancersCmd.class); + return cmdList; } @Override diff --git a/plugins/network-elements/nicira-nvp/src/com/cloud/network/element/NiciraNvpElement.java b/plugins/network-elements/nicira-nvp/src/com/cloud/network/element/NiciraNvpElement.java index 22fab500fdb..6bcaeeeb235 100644 --- a/plugins/network-elements/nicira-nvp/src/com/cloud/network/element/NiciraNvpElement.java +++ b/plugins/network-elements/nicira-nvp/src/com/cloud/network/element/NiciraNvpElement.java @@ -541,9 +541,13 @@ public class NiciraNvpElement extends AdapterBase implements } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "nicira-nvp_commands.properties" }); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(AddNiciraNvpDeviceCmd.class); + cmdList.add(DeleteNiciraNvpDeviceCmd.class); + cmdList.add(ListNiciraNvpDeviceNetworksCmd.class); + cmdList.add(ListNiciraNvpDevicesCmd.class); + return cmdList; } @Override diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java index 823b74f269b..02a239e72d9 100755 --- a/server/src/com/cloud/network/element/VirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VirtualRouterElement.java @@ -26,6 +26,7 @@ import javax.ejb.Local; import com.cloud.utils.PropertiesUtil; import org.apache.cloudstack.api.command.admin.router.ConfigureVirtualRouterElementCmd; +import org.apache.cloudstack.api.command.admin.router.CreateVirtualRouterElementCmd; import org.apache.cloudstack.api.command.admin.router.ListVirtualRouterElementsCmd; import org.apache.log4j.Logger; @@ -681,9 +682,12 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "virtualrouter_commands.properties" }); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(CreateVirtualRouterElementCmd.class); + cmdList.add(ConfigureVirtualRouterElementCmd.class); + cmdList.add(ListVirtualRouterElementsCmd.class); + return cmdList; } @Override diff --git a/server/src/com/cloud/server/ManagementServerExtImpl.java b/server/src/com/cloud/server/ManagementServerExtImpl.java index 8a59d2f9c1c..c8c188b38ad 100644 --- a/server/src/com/cloud/server/ManagementServerExtImpl.java +++ b/server/src/com/cloud/server/ManagementServerExtImpl.java @@ -207,9 +207,9 @@ public class ManagementServerExtImpl extends ManagementServerImpl implements Man } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "commands.properties", "commands-ext.properties" }); + public List> getCommands() { + //TODO: Add api cmd classes + return null; } private Date computeAdjustedTime(Date initialDate, TimeZone targetTZ, boolean adjustToDayStart) { diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 79ad759dd0b..bf105506b23 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -2298,9 +2298,9 @@ public class ManagementServerImpl implements ManagementServer { } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "commands.properties" }); + public List> getCommands() { + //TODO: Add cmd classes + return null; } protected class EventPurgeTask implements Runnable { From c5984278ca95b24e8f0ff9d8bfd8bbde14a42643 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Mon, 14 Jan 2013 19:00:20 -0800 Subject: [PATCH 29/40] apidoc: Fix apidoc Signed-off-by: Rohit Yadav --- tools/apidoc/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/apidoc/pom.xml b/tools/apidoc/pom.xml index bc7411f7013..6b159ff54eb 100644 --- a/tools/apidoc/pom.xml +++ b/tools/apidoc/pom.xml @@ -57,7 +57,7 @@ ${client.config.jars} ./target -f - ${client.config.conf}/commands.properties,${client.config.conf}/commands-ext.properties,${client.config.conf}/virtualrouter_commands.properties,${client.config.conf}/nicira-nvp_commands.properties + ${client.config.conf}/commands.properties From d8b04507d8285ac5201bcae1409aeacb2de2fb95 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Mon, 14 Jan 2013 19:36:27 -0800 Subject: [PATCH 30/40] maven: exclude rat license checking for devcloud advanced cfg Signed-off-by: Rohit Yadav --- pom.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pom.xml b/pom.xml index aad124b0baf..f752d266a9d 100644 --- a/pom.xml +++ b/pom.xml @@ -245,7 +245,9 @@ scripts/vm/systemvm/id_rsa.cloud tools/devcloud/basebuild/puppet-devcloudinitial/files/network.conf tools/devcloud/devcloud.cfg + tools/devcloud/devcloud-advanced.cfg tools/devcloud-kvm/devcloud-kvm.cfg + tools/devcloud-kvm/devcloud-kvm-advanced.cfg ui/lib/flot/jquery.colorhelpers.js ui/lib/flot/jquery.flot.crosshair.js ui/lib/flot/jquery.flot.fillbetween.js From 7374056493ab5beccd514d115185f73feeead223 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Mon, 14 Jan 2013 20:55:13 -0800 Subject: [PATCH 31/40] Revert "apidoc: Remove api discovery from toc" This reverts commit 66514c00efad5c93a2b0996f1e79222cbff9bd48. --- tools/apidoc/gen_toc.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/apidoc/gen_toc.py b/tools/apidoc/gen_toc.py index 0b281a29c1d..7739aea633f 100644 --- a/tools/apidoc/gen_toc.py +++ b/tools/apidoc/gen_toc.py @@ -129,6 +129,7 @@ known_categories = { 'AutoScale': 'AutoScale', 'Counter': 'AutoScale', 'Condition': 'AutoScale', + 'Api': 'API Discovery', } From 0412cb8d9225b9c9fcc2ed4cfb94e702a0ea9c70 Mon Sep 17 00:00:00 2001 From: Marcus Sorensen Date: Tue, 15 Jan 2013 02:16:25 +0000 Subject: [PATCH 32/40] Summary: Edit devcloud cfg files for advanced networking, add comments --- tools/devcloud/devcloud-advanced.cfg | 5 +- .../devcloud-advanced_internal-mgt.cfg | 124 ++++++++++++++++++ 2 files changed, 128 insertions(+), 1 deletion(-) create mode 100644 tools/devcloud/devcloud-advanced_internal-mgt.cfg diff --git a/tools/devcloud/devcloud-advanced.cfg b/tools/devcloud/devcloud-advanced.cfg index ad4cdda1912..cfbc815dc69 100644 --- a/tools/devcloud/devcloud-advanced.cfg +++ b/tools/devcloud/devcloud-advanced.cfg @@ -1,3 +1,6 @@ +# This configuration is meant for running advanced networking, with management server on the laptop. +# It requires that the user run a DNS resolver within devcloud via 'apt-get install dnsmasq' + { "zones": [ { @@ -81,7 +84,7 @@ "gateway": "192.168.56.1" } ], - "internaldns1": "8.8.4.4", + "internaldns1": "192.168.56.10", "secondaryStorages": [ { "url": "nfs://192.168.56.10:/opt/storage/secondary" diff --git a/tools/devcloud/devcloud-advanced_internal-mgt.cfg b/tools/devcloud/devcloud-advanced_internal-mgt.cfg new file mode 100644 index 00000000000..e360b6b9e37 --- /dev/null +++ b/tools/devcloud/devcloud-advanced_internal-mgt.cfg @@ -0,0 +1,124 @@ +# This config is designed to run as an advanced network, with management server in devcloud +# It also requires an 'apt-get install dnsmasq' to run a resolver in devcloud for internal dns + +{ + "zones": [ + { + "localstorageenabled": "true", + "name": "testzone", + "guestcidraddress": "10.1.1.0/24", + "dns1": "8.8.8.8", + "physical_networks": [ + { + "broadcastdomainrange": "Zone", + "vlan": "3900-4000", + "name": "eth0", + "traffictypes": [ + { + "xen": "Pool-wide network associated with eth0", + "typ": "Management" + }, + { + "xen": "Pool-wide network associated with eth0", + "typ": "Guest" + } + ], + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + }, + { + "broadcastdomainrange": "ZONE", + "name": "VpcVirtualRouter" + } + ] + }, + { + "broadcastdomainrange": "Zone", + "name": "eth1", + "traffictypes": [ + { + "xen": "Pool-wide network associated with eth1", + "typ": "Public" + } + ], + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + } + ] + } + ], + "ipranges": [ + { + "startip": "10.0.3.100", + "endip": "10.0.3.199", + "netmask": "255.255.255.0", + "vlan": "untagged", + "gateway": "10.0.3.2" + } + ], + "networktype": "Advanced", + "pods": [ + { + "endip": "192.168.56.249", + "name": "testpod", + "startip": "192.168.56.200", + "netmask": "255.255.255.0", + "clusters": [ + { + "clustername": "testcluster", + "hypervisor": "XenServer", + "hosts": [ + { + "username": "root", + "url": "http://192.168.56.10/", + "password": "password" + } + ], + "clustertype": "CloudManaged" + } + ], + "gateway": "192.168.56.1" + } + ], + "internaldns1": "192.168.56.10", + "secondaryStorages": [ + { + "url": "nfs://192.168.56.10:/opt/storage/secondary" + } + ] + } + ], + "dbSvr": { + "dbSvr": "127.0.0.1", + "passwd": "cloud", + "db": "cloud", + "port": 3306, + "user": "cloud" + }, + "logger": [ + { + "name": "TestClient", + "file": "/var/log/testclient.log" + }, + { + "name": "TestCase", + "file": "/var/log/testcase.log" + } + ], + "mgtSvr": [ + { + "mgtSvrIp": "192.168.56.10", + "port": 8096 + } + ], + "globalConfig": [ + { + "name": "host", + "value": "192.168.56.10" + } + ] +} From 510450b11b611fb0112771ae56586fcbed70ecc6 Mon Sep 17 00:00:00 2001 From: Wido den Hollander Date: Tue, 15 Jan 2013 12:14:57 +0100 Subject: [PATCH 33/40] Remove duplicate systemUse clausule when fetching service offerings. A couple of lines back there is: if (isSystem != null) { sc.addAnd("systemUse", SearchCriteria.Op.EQ, isSystem); } So it was set redundantly, this can be removed. --- server/src/com/cloud/server/ManagementServerImpl.java | 1 - 1 file changed, 1 deletion(-) diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index bf105506b23..4efae630f36 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -760,7 +760,6 @@ public class ManagementServerImpl implements ManagementServer { sc.addAnd("vm_type", SearchCriteria.Op.EQ, vmTypeStr); } - sc.addAnd("systemUse", SearchCriteria.Op.EQ, isSystem); sc.addAnd("removed", SearchCriteria.Op.NULL); return _offeringsDao.search(sc, searchFilter); From 95222cdb6d07b16c89b9deb7d12eecbc89d8ce94 Mon Sep 17 00:00:00 2001 From: Wido den Hollander Date: Tue, 15 Jan 2013 13:25:48 +0100 Subject: [PATCH 34/40] Templates: Add Ubuntu 12.04 to the templates Although I still think the templates aren't well maintained, I just added 12.04 since this is an LTS and people probably want it in the list of templates. This system should be more generic I think though. --- .../hypervisor/kvm/resource/KVMGuestOsMapper.java | 2 ++ setup/db/templates.kvm.sql | 11 ++++++----- setup/db/templates.sql | 7 +++++++ 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/KVMGuestOsMapper.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/KVMGuestOsMapper.java index b4771cacb10..bd1573c9fa9 100644 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/KVMGuestOsMapper.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/KVMGuestOsMapper.java @@ -91,6 +91,8 @@ public class KVMGuestOsMapper { s_mapper.put("Fedora 10", "Fedora 10"); s_mapper.put("Fedora 9", "Fedora 9"); s_mapper.put("Fedora 8", "Fedora 8"); + s_mapper.put("Ubuntu 12.04 (32-bit)", "Ubuntu 12.04"); + s_mapper.put("Ubuntu 12.04 (64-bit)", "Ubuntu 12.04"); s_mapper.put("Ubuntu 10.04 (32-bit)", "Ubuntu 10.04"); s_mapper.put("Ubuntu 10.04 (64-bit)", "Ubuntu 10.04"); s_mapper.put("Ubuntu 10.10 (32-bit)", "Ubuntu 10.10"); diff --git a/setup/db/templates.kvm.sql b/setup/db/templates.kvm.sql index bc275f5285d..8a5582540af 100644 --- a/setup/db/templates.kvm.sql +++ b/setup/db/templates.kvm.sql @@ -51,11 +51,12 @@ INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (U INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 5, 'Fedora 10', 'Fedora 10'); INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 5, 'Fedora 9', 'Fedora 9'); INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 5, 'Fedora 8', 'Fedora 8'); -INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Ubuntu 10.04', 'Ubuntu 10.04'); -INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Ubuntu 9.10', 'Ubuntu 9.10'); -INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Ubuntu 9.04', 'Ubuntu 9.04'); -INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Ubuntu 8.10', 'Ubuntu 8.10'); -INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Ubuntu 8.04', 'Ubuntu 8.04'); +INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 10, 'Ubuntu 12.04', 'Ubuntu 12.04'); +INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 10, 'Ubuntu 10.04', 'Ubuntu 10.04'); +INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 10, 'Ubuntu 9.10', 'Ubuntu 9.10'); +INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 10, 'Ubuntu 9.04', 'Ubuntu 9.04'); +INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 10, 'Ubuntu 8.10', 'Ubuntu 8.10'); +INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 10, 'Ubuntu 8.04', 'Ubuntu 8.04'); INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Debian Squeeze', 'Debian Squeeze'); INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Debian Lenny', 'Debian Lenny'); INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Debian Etch', 'Debian Etch'); diff --git a/setup/db/templates.sql b/setup/db/templates.sql index 3867d4fe9d2..9980b159630 100755 --- a/setup/db/templates.sql +++ b/setup/db/templates.sql @@ -211,6 +211,8 @@ INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (159 INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (160, UUID(), 6, 'Windows PV'); INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (161, UUID(), 1, 'CentOS 5.7 (32-bit)'); INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (162, UUID(), 1, 'CentOS 5.7 (64-bit)'); +INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (163, UUID(), 10, 'Ubuntu 12.04 (32-bit)'); +INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (164, UUID(), 10, 'Ubuntu 12.04 (64-bit)'); INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (200, UUID(), 1, 'Other CentOS (32-bit)'); INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (201, UUID(), 1, 'Other CentOS (64-bit)'); @@ -370,11 +372,13 @@ INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Debian GNU/Linux 4(32-bit)', 73); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Debian GNU/Linux 4(64-bit)', 74); +INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 12.04 (32-bit)', 162); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 10.04 (32-bit)', 121); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 9.10 (32-bit)', 122); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 9.04 (32-bit)', 123); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 8.10 (32-bit)', 124); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 8.04 (32-bit)', 125); +INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 12.04 (64-bit)', 163); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 10.04 (64-bit)', 126); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 9.10 (64-bit)', 127); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 9.04 (64-bit)', 128); @@ -385,6 +389,7 @@ INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Other Ubuntu Linux (32-bit)', 59); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Other Ubuntu (64-bit)', 100); + INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Other 2.6x Linux (32-bit)', 75); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Other 2.6x Linux (64-bit)', 76); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Other Linux (32-bit)', 98); @@ -454,6 +459,8 @@ INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Fedora 8', 120); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 10.04', 121); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 10.04', 126); +INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 10.04', 162); +INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 10.04', 163); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 9.10', 122); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 9.10', 127); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 9.04', 123); From 04b14ab03f089f333f4dbf7058e951a23c12a28a Mon Sep 17 00:00:00 2001 From: Prasanna Santhanam Date: Tue, 15 Jan 2013 19:27:24 +0530 Subject: [PATCH 35/40] Marvin: physical network label not carried through in the API The label associated with the hypervisor nic to isolate traffic types by Guest/Mgmt/Public/Storage was not passed in the marvin.traffictype object and sent through to mgmt server resulting in traffic types not being applied. Signed-off-by: Prasanna Santhanam --- tools/marvin/marvin/deployDataCenter.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/marvin/marvin/deployDataCenter.py b/tools/marvin/marvin/deployDataCenter.py index 7f8c0295ad8..ff3b6e6d0e0 100644 --- a/tools/marvin/marvin/deployDataCenter.py +++ b/tools/marvin/marvin/deployDataCenter.py @@ -258,10 +258,10 @@ class deployDataCenters(): traffic_type = addTrafficType.addTrafficTypeCmd() traffic_type.physicalnetworkid = physical_network_id traffic_type.traffictype = traffictype.typ - if traffictype.labeldict is not None: - traffic_type.kvmnetworklabel = traffictype.labeldict.kvm - traffic_type.xennetworklabel = traffictype.labeldict.xen - traffic_type.vmwarenetworklabel = traffictype.labeldict.vmware + traffic_type.kvmnetworklabel = traffictype.kvm if traffictype.kvm is not None else None + traffic_type.xennetworklabel = traffictype.xen if traffictype.xen is not None else None + traffictype.vmwarenetworklabel = traffictype.vmware if traffictype.vmware is not None else None + traffictype.simulatorlabel = traffictype.simulator if traffictype.simulator is not None else None return self.apiClient.addTrafficType(traffic_type) def enableZone(self, zoneid, allocation_state="Enabled"): From bfd02c5db39ee2dad30d0edefb205b56a4248594 Mon Sep 17 00:00:00 2001 From: Prasanna Santhanam Date: Tue, 15 Jan 2013 19:36:30 +0530 Subject: [PATCH 36/40] traffic_type not traffictype Signed-off-by: Prasanna Santhanam --- tools/marvin/marvin/deployDataCenter.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/marvin/marvin/deployDataCenter.py b/tools/marvin/marvin/deployDataCenter.py index ff3b6e6d0e0..e4f7eace9bd 100644 --- a/tools/marvin/marvin/deployDataCenter.py +++ b/tools/marvin/marvin/deployDataCenter.py @@ -260,8 +260,8 @@ class deployDataCenters(): traffic_type.traffictype = traffictype.typ traffic_type.kvmnetworklabel = traffictype.kvm if traffictype.kvm is not None else None traffic_type.xennetworklabel = traffictype.xen if traffictype.xen is not None else None - traffictype.vmwarenetworklabel = traffictype.vmware if traffictype.vmware is not None else None - traffictype.simulatorlabel = traffictype.simulator if traffictype.simulator is not None else None + traffic_type.vmwarenetworklabel = traffictype.vmware if traffictype.vmware is not None else None + traffic_type.simulatorlabel = traffictype.simulator if traffictype.simulator is not None else None return self.apiClient.addTrafficType(traffic_type) def enableZone(self, zoneid, allocation_state="Enabled"): From 8d0091d7e2e9b01df3af8deec14246f9eac1418e Mon Sep 17 00:00:00 2001 From: Pranav Saxena Date: Tue, 15 Jan 2013 21:12:10 +0530 Subject: [PATCH 37/40] CLOUDSTACK-978:TypeError: instance.displayname is undefined while adding VM's to the LB rule --- ui/scripts/network.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/ui/scripts/network.js b/ui/scripts/network.js index 4103c3e2b6e..f3308bb5ba7 100755 --- a/ui/scripts/network.js +++ b/ui/scripts/network.js @@ -1259,12 +1259,16 @@ data.listvirtualmachinesresponse.virtualmachine : [], function(instance) { var nonAutoScale=0; + if(instance.displayname == null) + nonAutoScale = 1; + else{ if( instance.displayname.match(/AutoScale-LB-/)==null) nonAutoScale =1; else { if(instance.displayname.match(/AutoScale-LB-/).length) nonAutoScale =0; } + } var isActiveState= $.inArray(instance.state, ['Destroyed','Expunging']) == -1; return nonAutoScale && isActiveState; } @@ -2623,12 +2627,16 @@ function(instance) { //Hiding the autoScale VMs var nonAutoScale =0; + if(instance.displayname == null) + nonAutoScale = 1 + else { if(instance.displayname.match(/AutoScale-LB-/) == null) nonAutoScale = 1; else { if( instance.displayname.match(/AutoScale-LB-/).length) nonAutoScale =0; - } + } + } var isActiveState = $.inArray(instance.state, ['Destroyed','Expunging']) == -1; var notExisting = !$.grep(itemData, function(item) { return item.id == instance.id; From 101f64410adc944ea2f2b2ad9734c990c4fe0336 Mon Sep 17 00:00:00 2001 From: anthony Date: Tue, 15 Jan 2013 09:17:12 -0800 Subject: [PATCH 38/40] Do not allow add multiple VLANs or subnets into shared network CS allows to add multiple VLANs and subnets to a shared network, but it doesn't really work, for example , vm on second VLAN or subnet cannot get IP through DHCP This patch will not allow to add mulitple VLANS or subnets into shared network CLOUDSTACK-982:Do not allow add multiple VLANs or subnets into shared network --- .../ConfigurationManagerImpl.java | 56 ++++++++++--------- 1 file changed, 31 insertions(+), 25 deletions(-) diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index 2e20c134b54..b21c5a38bb7 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -2071,7 +2071,12 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura Long projectId = cmd.getProjectId(); Long domainId = cmd.getDomainId(); Account vlanOwner = null; - + + // if end ip is not specified, default it to startIp + if (endIP == null && startIP != null) { + endIP = startIP; + } + if (projectId != null) { if (accountName != null) { throw new InvalidParameterValueException("Account and projectId are mutually exclusive"); @@ -2176,6 +2181,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura throw new InvalidParameterValueException("Nework id is required for Direct vlan creation "); } networkId = network.getId(); + zoneId = network.getDataCenterId(); } } else if (network.getGuestType() == null || network.getGuestType() == Network.GuestType.Isolated) { throw new InvalidParameterValueException("Can't create direct vlan for network id=" + networkId + " with type: " + network.getGuestType()); @@ -2192,34 +2198,34 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura endIP = startIP; } - if (forVirtualNetwork || zone.getNetworkType() == DataCenter.NetworkType.Basic || zone.isSecurityGroupEnabled()) { - if (vlanGateway == null || vlanNetmask == null || zoneId == null) { - throw new InvalidParameterValueException("Gateway, netmask and zoneId have to be passed in for virtual and direct untagged networks"); - } - } else { - // check if startIp and endIp belong to network Cidr - String networkCidr = network.getCidr(); - String networkGateway = network.getGateway(); - Long networkZoneId = network.getDataCenterId(); - String networkNetmask = NetUtils.getCidrNetmask(networkCidr); - - // Check if ip addresses are in network range - if (!NetUtils.sameSubnet(startIP, networkGateway, networkNetmask)) { - throw new InvalidParameterValueException("Start ip is not in network cidr: " + networkCidr); - } - - if (endIP != null) { - if (!NetUtils.sameSubnet(endIP, networkGateway, networkNetmask)) { - throw new InvalidParameterValueException("End ip is not in network cidr: " + networkCidr); + if ( zone.getNetworkType() == DataCenter.NetworkType.Advanced ) { + if (network.getTrafficType() == TrafficType.Guest) { + if (network.getGuestType() != GuestType.Shared) { + throw new InvalidParameterValueException("Can execute createVLANIpRanges on shared guest network, but type of this guest network " + + network.getId() + " is " + network.getGuestType()); } + List vlans = _vlanDao.listVlansByNetworkId(network.getId()); + if ( vlans != null && vlans.size() > 0 ) { + VlanVO vlan = vlans.get(0); + if ( vlanId == null ) { + vlanId = vlan.getVlanTag(); + } else if ( vlan.getVlanTag() != vlanId ) { + throw new InvalidParameterValueException("there is already one vlan " + vlan.getVlanTag() + " on network :" + + + network.getId() + ", only one vlan is allowed on guest network"); + } + vlanGateway = vlan.getVlanGateway(); + vlanNetmask = vlan.getVlanNetmask(); + } + } else if (network.getTrafficType() == TrafficType.Management) { + throw new InvalidParameterValueException("Cannot execute createVLANIpRanges on management network"); } - - // set gateway, netmask, zone from network object - vlanGateway = networkGateway; - vlanNetmask = networkNetmask; - zoneId = networkZoneId; } + if (vlanGateway == null || vlanNetmask == null || zoneId == null) { + throw new InvalidParameterValueException("Gateway, netmask and zoneId have to be passed in for virtual and direct untagged networks"); + } + + // if it's an account specific range, associate ip address list to the account boolean associateIpRangeToAccount = false; From a6b902763071c70f6e530ea4b3440f5fb030090b Mon Sep 17 00:00:00 2001 From: anthony Date: Tue, 15 Jan 2013 11:15:42 -0800 Subject: [PATCH 39/40] default Security rule doesn't apply to system VMs since nic.getIsolationUri is not set use to.setSecurityGroupEnabled to indicate if securitygroup is enabled on this NIC CLOUDSTACK-983: default Security rule doesn't apply to system VMs --- .../hypervisor/kvm/resource/LibvirtComputingResource.java | 5 ++--- .../cloud/hypervisor/xen/resource/CitrixResourceBase.java | 6 ++++-- server/src/com/cloud/hypervisor/HypervisorGuruBase.java | 1 + 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java index b52e2d8a0b0..6b5f6df3bff 100755 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java @@ -2901,9 +2901,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements NicTO[] nics = vmSpec.getNics(); for (NicTO nic : nics) { - if (nic.getIsolationUri() != null - && nic.getIsolationUri().getScheme() - .equalsIgnoreCase(IsolationType.Ec2.toString())) { + if (nic.isSecurityGroupEnabled() || ( nic.getIsolationUri() != null + && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString()))) { if (vmSpec.getType() != VirtualMachine.Type.User) { default_network_rules_for_systemvm(conn, vmName); break; diff --git a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java index 36a12b1b4fa..66a5918b177 100644 --- a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java +++ b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java @@ -1324,7 +1324,8 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe NicTO[] nics = vmSpec.getNics(); boolean secGrpEnabled = false; for (NicTO nic : nics) { - if (nic.getIsolationUri() != null && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString())) { + if (nic.isSecurityGroupEnabled() || (nic.getIsolationUri() != null + && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString()))) { secGrpEnabled = true; break; } @@ -1342,7 +1343,8 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe //For user vm, program the rules for each nic if the isolation uri scheme is ec2 NicTO[] nics = vmSpec.getNics(); for (NicTO nic : nics) { - if (nic.getIsolationUri() != null && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString())) { + if ( nic.isSecurityGroupEnabled() || nic.getIsolationUri() != null + && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString())) { result = callHostPlugin(conn, "vmops", "default_network_rules", "vmName", vmName, "vmIP", nic.getIp(), "vmMAC", nic.getMac(), "vmID", Long.toString(vmSpec.getId())); if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) { diff --git a/server/src/com/cloud/hypervisor/HypervisorGuruBase.java b/server/src/com/cloud/hypervisor/HypervisorGuruBase.java index 242852fc681..2efe6d35098 100644 --- a/server/src/com/cloud/hypervisor/HypervisorGuruBase.java +++ b/server/src/com/cloud/hypervisor/HypervisorGuruBase.java @@ -62,6 +62,7 @@ public abstract class HypervisorGuruBase extends AdapterBase implements Hypervis to.setIsolationuri(profile.getIsolationUri()); to.setNetworkRateMbps(profile.getNetworkRate()); to.setName(profile.getName()); + to.setSecurityGroupEnabled(profile.isSecurityGroupEnabled()); // Workaround to make sure the TO has the UUID we need for Niciri integration NicVO nicVO = _nicDao.findById(profile.getId()); From 7f1486e2dc9f612af94901ab8804e24c48b8122b Mon Sep 17 00:00:00 2001 From: Min Chen Date: Tue, 15 Jan 2013 11:40:49 -0800 Subject: [PATCH 40/40] We need to catch PermissionDeniedException in checking if command is available to an user. --- server/src/com/cloud/api/ApiServer.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index 4d60215b276..e106f0322ad 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -549,7 +549,10 @@ public class ApiServer implements HttpRequestHandler { // if userId not null, that mean that user is logged in if (userId != null) { User user = ApiDBUtils.findUserById(userId); - if (!isCommandAvailable(user, commandName)) { + try{ + checkCommandAvailable(user, commandName); + } + catch (PermissionDeniedException ex){ s_logger.debug("The given command:" + commandName + " does not exist or it is not available for user with id:" + userId); throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command does not exist or it is not available for user"); } @@ -649,7 +652,10 @@ public class ApiServer implements HttpRequestHandler { UserContext.updateContext(user.getId(), account, null); - if (!isCommandAvailable(user, commandName)) { + try{ + checkCommandAvailable(user, commandName); + } + catch (PermissionDeniedException ex){ s_logger.debug("The given command:" + commandName + " does not exist or it is not available for user"); throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command:" + commandName + " does not exist or it is not available for user with id:" + userId); } @@ -780,7 +786,7 @@ public class ApiServer implements HttpRequestHandler { return true; } - private boolean isCommandAvailable(User user, String commandName) throws PermissionDeniedException { + private void checkCommandAvailable(User user, String commandName) throws PermissionDeniedException { if (user == null) { throw new PermissionDeniedException("User is null for role based API access check for command" + commandName); } @@ -788,7 +794,6 @@ public class ApiServer implements HttpRequestHandler { for (APIChecker apiChecker : _apiAccessCheckers) { apiChecker.checkAccess(user, commandName); } - return true; } private Class getCmdClass(String cmdName) {