diff --git a/api/src/main/java/com/cloud/network/NetworkModel.java b/api/src/main/java/com/cloud/network/NetworkModel.java index fa44eac4a4a..9fd4fcb9862 100644 --- a/api/src/main/java/com/cloud/network/NetworkModel.java +++ b/api/src/main/java/com/cloud/network/NetworkModel.java @@ -89,9 +89,12 @@ public interface NetworkModel { List metadataFileNames = new ArrayList<>(Arrays.asList(SERVICE_OFFERING_FILE, AVAILABILITY_ZONE_FILE, LOCAL_HOSTNAME_FILE, LOCAL_IPV4_FILE, PUBLIC_HOSTNAME_FILE, PUBLIC_IPV4_FILE, INSTANCE_ID_FILE, VM_ID_FILE, PUBLIC_KEYS_FILE, CLOUD_IDENTIFIER_FILE, HYPERVISOR_HOST_NAME_FILE)); - static final ConfigKey MACIdentifier = new ConfigKey("Advanced",Integer.class, "mac.identifier", "0", + static final ConfigKey MACIdentifier = new ConfigKey<>("Advanced",Integer.class, "mac.identifier", "0", "This value will be used while generating the mac addresses for isolated and shared networks. The hexadecimal equivalent value will be present at the 2nd octet of the mac address. Default value is null which means this feature is disabled.Its scope is global.", true, ConfigKey.Scope.Global); + static final ConfigKey AdminIsAllowedToDeployAnywhere = new ConfigKey<>("Advanced",Boolean.class, "admin.is.allowed.to.deploy.anywhere", "false", + "This will determine if the root admin is allowed to deploy in networks in subdomains.", true, ConfigKey.Scope.Global); + /** * Lists IP addresses that belong to VirtualNetwork VLANs * diff --git a/server/src/main/java/com/cloud/network/NetworkModelImpl.java b/server/src/main/java/com/cloud/network/NetworkModelImpl.java index d34a307c8e6..2367527fdc1 100644 --- a/server/src/main/java/com/cloud/network/NetworkModelImpl.java +++ b/server/src/main/java/com/cloud/network/NetworkModelImpl.java @@ -147,6 +147,7 @@ import com.cloud.vm.dao.VMInstanceDao; public class NetworkModelImpl extends ManagerBase implements NetworkModel, Configurable { static final Logger s_logger = Logger.getLogger(NetworkModelImpl.class); + public static final String UNABLE_TO_USE_NETWORK = "Unable to use network with id= %s, permission denied"; @Inject EntityManager _entityMgr; @Inject @@ -1665,39 +1666,49 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi } @Override - public void checkNetworkPermissions(Account caller, Network network) { - // dahn 20140310: I was thinking of making this an assert but - // as we hardly ever test with asserts I think - // we better make sure at runtime. - if (network == null) { - throw new CloudRuntimeException("cannot check permissions on (Network) "); - } - // Perform account permission check - if (network.getGuestType() != GuestType.Shared || network.getAclType() == ACLType.Account) { - AccountVO networkOwner = _accountDao.findById(network.getAccountId()); - if (networkOwner == null) - throw new PermissionDeniedException("Unable to use network with id= " + ((NetworkVO)network).getUuid() + - ", network does not have an owner"); - if (!Account.Type.PROJECT.equals(caller.getType()) && Account.Type.PROJECT.equals(networkOwner.getType())) { - checkProjectNetworkPermissions(caller, networkOwner, network); - } else { - List networkMap = _networksDao.listBy(caller.getId(), network.getId()); - NetworkPermissionVO networkPermission = _networkPermissionDao.findByNetworkAndAccount(network.getId(), caller.getId()); - if (CollectionUtils.isEmpty(networkMap) && networkPermission == null) { - throw new PermissionDeniedException("Unable to use network with id= " + ((NetworkVO)network).getUuid() + - ", permission denied"); - } + public final void checkNetworkPermissions(Account caller, Network network) { + if (_accountMgr.isRootAdmin(caller.getAccountId()) && Boolean.TRUE.equals(AdminIsAllowedToDeployAnywhere.value())) { + if (s_logger.isDebugEnabled()) { + s_logger.debug("root admin is permitted to do stuff on every network"); } - } else { - if (!isNetworkAvailableInDomain(network.getId(), caller.getDomainId())) { - DomainVO callerDomain = _domainDao.findById(caller.getDomainId()); - if (callerDomain == null) { - throw new CloudRuntimeException("cannot check permission on account " + caller.getAccountName() + " whose domain does not exist"); - } - throw new PermissionDeniedException("Shared network id=" + ((NetworkVO)network).getUuid() + " is not available in domain id=" + - callerDomain.getUuid()); + if (network == null) { + throw new CloudRuntimeException("cannot check permissions on (Network) "); } + s_logger.info(String.format("Checking permission for account %s (%s) on network %s (%s)", caller.getAccountName(), caller.getUuid(), network.getName(), network.getUuid())); + if (network.getGuestType() != GuestType.Shared || network.getAclType() == ACLType.Account) { + checkAccountNetworkPermissions(caller, network); + + } else { + checkDomainNetworkPermissions(caller, network); + } + } + } + + private void checkAccountNetworkPermissions(Account caller, Network network) { + AccountVO networkOwner = _accountDao.findById(network.getAccountId()); + if (networkOwner == null) + throw new PermissionDeniedException("Unable to use network with id= " + ((NetworkVO) network).getUuid() + + ", network does not have an owner"); + if (!Account.Type.PROJECT.equals(caller.getType()) && Account.Type.PROJECT.equals(networkOwner.getType())) { + checkProjectNetworkPermissions(caller, networkOwner, network); + } else { + List networkMap = _networksDao.listBy(caller.getId(), network.getId()); + NetworkPermissionVO networkPermission = _networkPermissionDao.findByNetworkAndAccount(network.getId(), caller.getId()); + if (CollectionUtils.isEmpty(networkMap) && networkPermission == null) { + throw new PermissionDeniedException(String.format(UNABLE_TO_USE_NETWORK, ((NetworkVO) network).getUuid())); + } + } + } + + private void checkDomainNetworkPermissions(Account caller, Network network) { + if (!isNetworkAvailableInDomain(network.getId(), caller.getDomainId())) { + DomainVO callerDomain = _domainDao.findById(caller.getDomainId()); + if (callerDomain == null) { + throw new CloudRuntimeException("cannot check permission on account " + caller.getAccountName() + " whose domain does not exist"); + } + throw new PermissionDeniedException("Shared network id=" + ((NetworkVO) network).getUuid() + " is not available in domain id=" + + callerDomain.getUuid()); } } @@ -1710,13 +1721,11 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi ProjectAccount projectAccountUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId()); if (projectAccountUser != null) { if (!_projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), networkOwner.getId())) { - throw new PermissionDeniedException("Unable to use network with id= " + ((NetworkVO)network).getUuid() + - ", permission denied"); + throw new PermissionDeniedException(String.format(UNABLE_TO_USE_NETWORK, ((NetworkVO)network).getUuid())); } } else { if (!_projectAccountDao.canAccessProjectAccount(owner.getAccountId(), networkOwner.getId())) { - throw new PermissionDeniedException("Unable to use network with id= " + ((NetworkVO) network).getUuid() + - ", permission denied"); + throw new PermissionDeniedException(String.format(UNABLE_TO_USE_NETWORK, ((NetworkVO) network).getUuid())); } } } @@ -2663,7 +2672,7 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi @Override public ConfigKey[] getConfigKeys() { - return new ConfigKey[] {MACIdentifier}; + return new ConfigKey[] {MACIdentifier, AdminIsAllowedToDeployAnywhere}; } @Override diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java index a6a6bc64faf..2cac85e9966 100644 --- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java +++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java @@ -1938,7 +1938,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C Boolean isSystem = cmd.getIsSystem(); String aclType = cmd.getAclType(); Long projectId = cmd.getProjectId(); - List permittedAccounts = new ArrayList(); + List permittedAccounts = new ArrayList<>(); String path = null; Long physicalNetworkId = cmd.getPhysicalNetworkId(); List supportedServicesStr = cmd.getSupportedServices(); diff --git a/server/src/test/java/com/cloud/network/NetworkModelTest.java b/server/src/test/java/com/cloud/network/NetworkModelTest.java index b52335035fd..dd4de3b460f 100644 --- a/server/src/test/java/com/cloud/network/NetworkModelTest.java +++ b/server/src/test/java/com/cloud/network/NetworkModelTest.java @@ -33,6 +33,7 @@ import java.util.Collections; import java.util.List; import java.util.Set; +import com.cloud.user.AccountManager; import org.apache.cloudstack.network.NetworkPermissionVO; import org.apache.cloudstack.network.dao.NetworkPermissionDao; import org.junit.Before; @@ -114,6 +115,8 @@ public class NetworkModelTest { private DomainDao domainDao; @Mock private ProjectDao projectDao; + @Mock + private AccountManager _accountMgr; private static final long ZONE_1_ID = 1L; private static final long ZONE_2_ID = 2L; @@ -307,6 +310,21 @@ public class NetworkModelTest { networkModel.checkNetworkPermissions(caller, network); } + @Test + public void testCheckNetworkPermissionsForAdmin() { + long accountId = 1L; + AccountVO caller = mock(AccountVO.class); + when(caller.getId()).thenReturn(accountId); + when(caller.getType()).thenReturn(Account.Type.ADMIN); + NetworkVO network = mock(NetworkVO.class); + when(network.getGuestType()).thenReturn(Network.GuestType.Isolated); + when(network.getAccountId()).thenReturn(accountId); + when(accountDao.findById(accountId)).thenReturn(caller); + when(networkDao.listBy(caller.getId(), network.getId())).thenReturn(List.of(network)); + when(networkPermissionDao.findByNetworkAndAccount(network.getId(), caller.getId())).thenReturn(mock(NetworkPermissionVO.class)); + networkModel.checkNetworkPermissions(caller, network); + } + @Test(expected = CloudRuntimeException.class) public void testCheckNetworkPermissionsNullNetwork() { AccountVO caller = mock(AccountVO.class); diff --git a/test/integration/component/test_acl_sharednetwork.py b/test/integration/component/test_acl_sharednetwork.py index 42f4a899e12..2d538f6c6f9 100644 --- a/test/integration/component/test_acl_sharednetwork.py +++ b/test/integration/component/test_acl_sharednetwork.py @@ -59,7 +59,7 @@ class TestSharedNetwork(cloudstackTestCase): cls.acldata = cls.testdata["acl"] cls.domain_1 = None cls.domain_2 = None - cls.cleanup = [] + cls._cleanup = [] try: @@ -72,25 +72,30 @@ class TestSharedNetwork(cloudstackTestCase): cls.apiclient, cls.acldata["domain1"] ) + cls._cleanup.append(cls.domain_1) cls.domain_11 = Domain.create( cls.apiclient, cls.acldata["domain11"], parentdomainid=cls.domain_1.id ) + cls._cleanup.append(cls.domain_11) cls.domain_111 = Domain.create( cls.apiclient, cls.acldata["domain111"], parentdomainid=cls.domain_11.id, ) + cls._cleanup.append(cls.domain_111) cls.domain_12 = Domain.create( cls.apiclient, cls.acldata["domain12"], parentdomainid=cls.domain_1.id ) + cls._cleanup.append(cls.domain_12) cls.domain_2 = Domain.create( cls.apiclient, cls.acldata["domain2"] ) + cls._cleanup.append(cls.domain_2) # Create 1 admin account and 2 user accounts for doamin_1 cls.account_d1 = Account.create( cls.apiclient, @@ -98,6 +103,7 @@ class TestSharedNetwork(cloudstackTestCase): admin=True, domainid=cls.domain_1.id ) + cls._cleanup.append(cls.account_d1) user = cls.generateKeysForUser(cls.apiclient,cls.account_d1) cls.user_d1_apikey = user.apikey @@ -109,6 +115,7 @@ class TestSharedNetwork(cloudstackTestCase): admin=False, domainid=cls.domain_1.id ) + cls._cleanup.append(cls.account_d1a) user = cls.generateKeysForUser(cls.apiclient,cls.account_d1a) cls.user_d1a_apikey = user.apikey cls.user_d1a_secretkey = user.secretkey @@ -120,6 +127,7 @@ class TestSharedNetwork(cloudstackTestCase): admin=False, domainid=cls.domain_1.id ) + cls._cleanup.append(cls.account_d1b) user = cls.generateKeysForUser(cls.apiclient,cls.account_d1b) cls.user_d1b_apikey = user.apikey @@ -132,6 +140,7 @@ class TestSharedNetwork(cloudstackTestCase): admin=True, domainid=cls.domain_11.id ) + cls._cleanup.append(cls.account_d11) user = cls.generateKeysForUser(cls.apiclient,cls.account_d11) cls.user_d11_apikey = user.apikey cls.user_d11_secretkey = user.secretkey @@ -142,6 +151,7 @@ class TestSharedNetwork(cloudstackTestCase): admin=False, domainid=cls.domain_11.id ) + cls._cleanup.append(cls.account_d11a) user = cls.generateKeysForUser(cls.apiclient,cls.account_d11a) cls.user_d11a_apikey = user.apikey cls.user_d11a_secretkey = user.secretkey @@ -152,6 +162,7 @@ class TestSharedNetwork(cloudstackTestCase): admin=False, domainid=cls.domain_11.id ) + cls._cleanup.append(cls.account_d11b) user = cls.generateKeysForUser(cls.apiclient,cls.account_d11b) cls.user_d11b_apikey = user.apikey cls.user_d11b_secretkey = user.secretkey @@ -164,6 +175,7 @@ class TestSharedNetwork(cloudstackTestCase): admin=True, domainid=cls.domain_111.id ) + cls._cleanup.append(cls.account_d111) user = cls.generateKeysForUser(cls.apiclient,cls.account_d111) cls.user_d111_apikey = user.apikey cls.user_d111_secretkey = user.secretkey @@ -174,6 +186,7 @@ class TestSharedNetwork(cloudstackTestCase): admin=False, domainid=cls.domain_111.id ) + cls._cleanup.append(cls.account_d111a) user = cls.generateKeysForUser(cls.apiclient,cls.account_d111a) cls.user_d111a_apikey = user.apikey cls.user_d111a_secretkey = user.secretkey @@ -184,6 +197,7 @@ class TestSharedNetwork(cloudstackTestCase): admin=False, domainid=cls.domain_111.id ) + cls._cleanup.append(cls.account_d111b) user = cls.generateKeysForUser(cls.apiclient,cls.account_d111b) cls.user_d111b_apikey = user.apikey cls.user_d111b_secretkey = user.secretkey @@ -195,6 +209,7 @@ class TestSharedNetwork(cloudstackTestCase): admin=False, domainid=cls.domain_12.id ) + cls._cleanup.append(cls.account_d12a) user = cls.generateKeysForUser(cls.apiclient,cls.account_d12a) cls.user_d12a_apikey = user.apikey cls.user_d12a_secretkey = user.secretkey @@ -205,6 +220,7 @@ class TestSharedNetwork(cloudstackTestCase): admin=False, domainid=cls.domain_12.id ) + cls._cleanup.append(cls.account_d12b) user = cls.generateKeysForUser(cls.apiclient,cls.account_d12b) cls.user_d12b_apikey = user.apikey @@ -218,6 +234,7 @@ class TestSharedNetwork(cloudstackTestCase): admin=False, domainid=cls.domain_2.id ) + cls._cleanup.append(cls.account_d2a) user = cls.generateKeysForUser(cls.apiclient,cls.account_d2a) cls.user_d2a_apikey = user.apikey @@ -231,6 +248,7 @@ class TestSharedNetwork(cloudstackTestCase): cls.acldata["accountROOTA"], admin=False, ) + cls._cleanup.append(cls.account_roota) user = cls.generateKeysForUser(cls.apiclient,cls.account_roota) cls.user_roota_apikey = user.apikey @@ -241,6 +259,7 @@ class TestSharedNetwork(cloudstackTestCase): cls.acldata["accountROOTA"], admin=True, ) + cls._cleanup.append(cls.account_root) user = cls.generateKeysForUser(cls.apiclient,cls.account_root) cls.user_root_apikey = user.apikey @@ -251,6 +270,7 @@ class TestSharedNetwork(cloudstackTestCase): cls.apiclient, cls.acldata["service_offering"]["small"] ) + cls._cleanup.append(cls.service_offering) cls.zone = get_zone(cls.apiclient,cls.testclient.getZoneForTests()) cls.acldata['mode'] = cls.zone.networktype @@ -279,6 +299,7 @@ class TestSharedNetwork(cloudstackTestCase): networkofferingid=cls.shared_network_offering_id, zoneid=cls.zone.id ) + cls._cleanup.append(cls.shared_network_all) cls.shared_network_domain_d11 = Network.create( cls.apiclient, @@ -288,6 +309,7 @@ class TestSharedNetwork(cloudstackTestCase): domainid=cls.domain_11.id, subdomainaccess=False ) + cls._cleanup.append(cls.shared_network_domain_d11) cls.shared_network_domain_with_subdomain_d11 = Network.create( cls.apiclient, @@ -297,6 +319,7 @@ class TestSharedNetwork(cloudstackTestCase): domainid=cls.domain_11.id, subdomainaccess=True ) + cls._cleanup.append(cls.shared_network_domain_with_subdomain_d11) cls.shared_network_account_d111a = Network.create( cls.apiclient, @@ -306,40 +329,35 @@ class TestSharedNetwork(cloudstackTestCase): domainid=cls.domain_111.id, accountid=cls.account_d111a.user[0].username ) + cls._cleanup.append(cls.shared_network_account_d111a) cls.vmdata = {"name": "test", "displayname" : "test" } - cls.cleanup = [ - cls.account_root, - cls.account_roota, - cls.shared_network_all, - cls.service_offering, - ] except Exception as e: - cls.domain_1.delete(cls.apiclient,cleanup="true") - cls.domain_2.delete(cls.apiclient,cleanup="true") - cleanup_resources(cls.apiclient, cls.cleanup) - raise Exception("Failed to create the setup required to execute the test cases: %s" % e) + cls.tearDownClass() + raise Exception("Failed to create the setup required to execute the test cases: %s" % e) @classmethod def tearDownClass(cls): - cls.apiclient = super(TestSharedNetwork, cls).getClsTestClient().getApiClient() cls.apiclient.connection.apiKey = cls.default_apikey cls.apiclient.connection.securityKey = cls.default_secretkey cls.domain_1.delete(cls.apiclient,cleanup="true") cls.domain_2.delete(cls.apiclient,cleanup="true") cleanup_resources(cls.apiclient, cls.cleanup) - return +# super(TestSharedNetwork, cls).tearDownClass() - def setUp(cls): - cls.apiclient = cls.testClient.getApiClient() - cls.dbclient = cls.testClient.getDbConnection() + def setUp(self): + self.debug(f"===setup===") + self.apiclient = self.testClient.getApiClient() + self.dbclient = self.testClient.getDbConnection() + self.cleanup = [] - def tearDown(cls): + def tearDown(self): # restore back default apikey and secretkey - cls.apiclient.connection.apiKey = cls.default_apikey - cls.apiclient.connection.securityKey = cls.default_secretkey - return + self.apiclient.connection.apiKey = self.default_apikey + self.apiclient.connection.securityKey = self.default_secretkey + self.debug(f"===tearDown=== cleanup list length {self.cleanup.len()}") + super(TestSharedNetwork, self).tearDown() ## Test cases relating to deploying Virtual Machine in shared network with scope=all @@ -355,7 +373,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmD1A"]["name"] +"-shared-scope-all" self.vmdata["displayname"] = self.acldata["vmD1A"]["displayname"] +"-shared-scope-all" - vm_d1a = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -363,17 +381,16 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_all.id ) + self.cleanup.append(vm) - self.assertEqual(vm_d1a.state == "Running", + self.assertEqual(vm.state == "Running", True, "User in a domain under ROOT failed to deploy VM in a shared network with scope=all") - @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_all_domainadminuser(self): """ Validate that regular user in "ROOT" domain is allowed to deploy VM in a shared network created with scope="all" - """ # deploy VM as an admin user in a domain under ROOT @@ -390,25 +407,24 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_all.id ) + self.cleanup.append(vm) self.assertEqual(vm.state == "Running", True, "Admin User in a domain under ROOT failed to deploy VM in a shared network with scope=all") - @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_all_subdomainuser(self): """ Validate that regular user in any subdomain is allowed to deploy VM in a shared network created with scope="all" """ - # deploy VM as user in a subdomain under ROOT self.apiclient.connection.apiKey = self.user_d11a_apikey self.apiclient.connection.securityKey = self.user_d11a_secretkey self.vmdata["name"] = self.acldata["vmD11A"]["name"] +"-shared-scope-all" self.vmdata["displayname"] = self.acldata["vmD11A"]["displayname"] +"-shared-scope-all" - vm_d11a = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -416,8 +432,9 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_all.id ) + self.cleanup.append(vm) - self.assertEqual(vm_d11a.state == "Running", + self.assertEqual(vm.state == "Running", True, "User in a domain under ROOT failed to deploy VM in a shared network with scope=all") @@ -425,7 +442,6 @@ class TestSharedNetwork(cloudstackTestCase): def test_deployVM_in_sharedNetwork_scope_all_subdomainadminuser(self): """ Validate that regular user in a subdomain under ROOT is allowed to deploy VM in a shared network created with scope="all" - """ # deploy VM as an admin user in a subdomain under ROOT @@ -441,17 +457,16 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_all.id ) + self.cleanup.append(vm) self.assertEqual(vm.state == "Running", True, "Admin User in a domain under ROOT failed to deploy VM in a shared network with scope=all") - @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_all_ROOTuser(self): """ Validate that regular user in ROOT domain is allowed to deploy VM in a shared network created with scope="all" - """ # deploy VM as user in ROOT domain @@ -467,6 +482,7 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_all.id ) + self.cleanup.append(vm) self.assertEqual(vm.state == "Running", True, @@ -491,6 +507,7 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_all.id ) + self.cleanup.append(vm) self.assertEqual(vm.state == "Running", True, @@ -503,7 +520,6 @@ class TestSharedNetwork(cloudstackTestCase): """ Validate that regular user in a domain is allowed to deploy VM in a shared network created with scope="domain" and no subdomain access """ - # deploy VM as user in a domain that has shared network with no subdomain access self.apiclient.connection.apiKey = self.user_d11a_apikey @@ -519,17 +535,16 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_d11.id ) + self.cleanup.append(vm) self.assertEqual(vm.state == "Running", True, "User in a domain that has a shared network with no subdomain access failed to deploy VM in a shared network with scope=domain with no subdomain access") - @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_domainadminuser(self): """ Validate that admin user in a domain is allowed to deploy VM in a shared network created with scope="domain" and no subdomain access - """ #deploy VM as an admin user in a domain that has shared network with no subdomain access @@ -546,6 +561,7 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_d11.id ) + self.cleanup.append(vm) self.assertEqual(vm.state == "Running", True, @@ -555,7 +571,6 @@ class TestSharedNetwork(cloudstackTestCase): def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_subdomainuser(self): """ Validate that regular user in a subdomain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access - """ # deploy VM as user in a subdomain under a domain that has shared network with no subdomain access @@ -564,7 +579,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmD111A"]["name"] +"-shared-scope-domain-nosubdomainaccess" self.vmdata["displayname"] = self.acldata["vmD111A"]["displayname"] +"-shared-scope-domain-nosubdomainaccess" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -572,17 +587,17 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_d11.id ) - self.fail("Subdomain user is able to deploy VM in a shared network with scope=domain with no subdomain access ") + self.cleanup.append(vm) + self.fail("Subdomain user is able to deploy VM in a shared network with scope=domain with no subdomain access ") except Exception as e: - self.debug ("When a user from a subdomain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): - self.fail("Error message validation failed when Subdomain user tries to deploy VM in a shared network with scope=domain with no subdomain access") + self.debug ("When a user from a subdomain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): + self.fail("Error message validation failed when Subdomain user tries to deploy VM in a shared network with scope=domain with no subdomain access") @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_subdomainadminuser(self): """ Validate that admin user in a subdomain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access - """ # deploy VM as an admin user in a subdomain under a domain that has shared network with no subdomain access @@ -591,7 +606,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmD111"]["name"] +"-shared-scope-domain-nosubdomainaccess" self.vmdata["displayname"] = self.acldata["vmD111"]["displayname"] +"-shared-scope-domain-nosubdomainaccess" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -599,19 +614,17 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_d11.id ) - self.fail("Subdomain admin user is able to deploy VM in a shared network with scope=domain with no subdomain access ") + self.cleanup.append(vm) + self.fail("Subdomain admin user is able to deploy VM in a shared network with scope=domain with no subdomain access ") except Exception as e: - self.debug ("When a admin user from a subdomain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): - self.fail("Error message validation failed when Subdomain admin user tries to deploy VM in a shared network with scope=domain with no subdomain access") - - + self.debug ("When a admin user from a subdomain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): + self.fail("Error message validation failed when Subdomain admin user tries to deploy VM in a shared network with scope=domain with no subdomain access") @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_parentdomainuser(self): """ Validate that user in the parent domain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access - """ # deploy VM as user in parentdomain of a domain that has shared network with no subdomain access @@ -620,7 +633,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmD1A"]["name"] +"-shared-scope-domain-nosubdomainaccess" self.vmdata["displayname"] = self.acldata["vmD1A"]["displayname"] +"-shared-scope-domain-nosubdomainaccess" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -628,18 +641,17 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_d11.id ) - self.fail("Parent domain user is able to deploy VM in a shared network with scope=domain with no subdomain access ") + self.cleanup.append(vm) + self.fail("Parent domain user is able to deploy VM in a shared network with scope=domain with no subdomain access ") except Exception as e: - self.debug ("When a user from parent domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): - self.fail("Error message validation failed when Parent domain user tries to deploy VM in a shared network with scope=domain with no subdomain access") - + self.debug ("When a user from parent domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): + self.fail("Error message validation failed when Parent domain user tries to deploy VM in a shared network with scope=domain with no subdomain access") @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_parentdomainadminuser(self): """ Validate that admin user in the parent domain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access - """ # deploy VM as an admin user in parentdomain of a domain that has shared network with no subdomain access @@ -648,7 +660,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmD1"]["name"] +"-shared-scope-domain-nosubdomainaccess" self.vmdata["displayname"] = self.acldata["vmD1"]["displayname"] +"-shared-scope-domain-nosubdomainaccess" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -656,20 +668,18 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_d11.id ) - self.fail("Parent domain's admin user is able to deploy VM in a shared network with scope=domain with no subdomain access ") + self.cleanup.append(vm) + self.fail("Parent domain's admin user is able to deploy VM in a shared network with scope=domain with no subdomain access ") except Exception as e: - self.debug ("When an admin user from parent domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): - self.fail("Error message validation failed when Parent domain's admin user tries to deploy VM in a shared network with scope=domain with no subdomain access") - - + self.debug ("When an admin user from parent domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): + self.fail("Error message validation failed when Parent domain's admin user tries to deploy VM in a shared network with scope=domain with no subdomain access") @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_ROOTuser(self): """ Validate that user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access """ - # deploy VM as user in ROOT domain self.apiclient.connection.apiKey = self.user_roota_apikey @@ -677,7 +687,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmROOTA"]["name"] + "-shared-scope-domain-nosubdomainaccess" self.vmdata["displayname"] = self.acldata["vmROOTA"]["displayname"] + "-shared-scope-domain-nosubdomainaccess" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -685,19 +695,17 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_d11.id ) - self.fail("ROOT domain's user is able to deploy VM in a shared network with scope=domain with no subdomain access ") + self.cleanup.append(vm) + self.fail("ROOT domain's user is able to deploy VM in a shared network with scope=domain with no subdomain access ") except Exception as e: - self.debug ("When a regular user from ROOT domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): - self.fail("Error message validation failed when ROOT domain's user tries to deploy VM in a shared network with scope=domain with no subdomain access") + self.debug ("When a regular user from ROOT domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): + self.fail("Error message validation failed when ROOT domain's user tries to deploy VM in a shared network with scope=domain with no subdomain access") - - - @attr("simulator_only",tags=["advanced"],required_hardware="false") + @attr("simulator_only",tags=["advanced", "bla"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_ROOTadmin(self): """ Validate that admin in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access - """ # deploy VM as admin user in ROOT domain @@ -706,21 +714,21 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmROOT"]["name"] + "-shared-scope-domain-nosubdomainaccess" self.vmdata["displayname"] = self.acldata["vmROOT"]["displayname"] + "-shared-scope-domain-nosubdomainaccess" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, serviceofferingid=self.service_offering.id, templateid=self.template.id, - networkids=self.shared_network_domain_d11.id - ) - self.fail("ROOT domain's admin user is able to deploy VM in a shared network with scope=domain with no subdomain access ") + networkids=self.shared_network_domain_d11.id) + self.cleanup.append(vm) + vm.stop(self.apiclient, forced=True) + vm.assign_virtual_machine(self.apiclient, self.account_d11.name, self.domain_11.id) + self.fail("ROOT domain's admin user is able to deploy VM in a shared network with scope=domain with no subdomain access ") except Exception as e: - self.debug ("When a admin user from ROOT domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): - self.fail("Error message validation failed when ROOT domain's admin user tries to deploy VM in a shared network with scope=domain with no subdomain access") - - + self.debug ("When a admin user from ROOT domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): + self.fail("Error message validation failed when ROOT domain's admin user tries to deploy VM in a shared network with scope=domain with no subdomain access") ## Test cases relating to deploying Virtual Machine in shared network with scope=Domain and with subdomain access @@ -728,7 +736,6 @@ class TestSharedNetwork(cloudstackTestCase): def test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_domainuser(self): """ Validate that regular user in a domain is allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the domain - """ # deploy VM as user in a domain that has shared network with subdomain access @@ -745,18 +752,17 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_with_subdomain_d11.id ) + self.cleanup.append(vm) self.assertEqual(vm.state == "Running", True, "User in a domain that has a shared network with subdomain access failed to deploy VM in a shared network with scope=domain with no subdomain access") - @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_domainadminuser(self): """ Validate that admin user in a domain is allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the domain """ - # deploy VM as an admin user in a domain that has shared network with subdomain access self.apiclient.connection.apiKey = self.user_d11_apikey @@ -772,6 +778,7 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_with_subdomain_d11.id ) + self.cleanup.append(vm) self.assertEqual(vm.state == "Running", True, @@ -782,7 +789,6 @@ class TestSharedNetwork(cloudstackTestCase): """ Validate that regular user in a subdomain is allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the parent domain """ - # deploy VM as user in a subdomain under a domain that has shared network with subdomain access self.apiclient.connection.apiKey = self.user_d111a_apikey @@ -797,6 +803,7 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_with_subdomain_d11.id ) + self.cleanup.append(vm) self.assertEqual(vm.state == "Running", True, @@ -807,7 +814,6 @@ class TestSharedNetwork(cloudstackTestCase): """ Validate that an admin user in a subdomain is allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the parent domain """ - # deploy VM as an admin user in a subdomain under a domain that has shared network with subdomain access self.apiclient.connection.apiKey = self.user_d111_apikey @@ -822,6 +828,7 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_with_subdomain_d11.id ) + self.cleanup.append(vm) self.assertEqual(vm.state == "Running", True, @@ -832,7 +839,6 @@ class TestSharedNetwork(cloudstackTestCase): """ Validate that regular user in a parent domain is NOT allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the domain """ - # deploy VM as user in parentdomain of a domain that has shared network with subdomain access self.apiclient.connection.apiKey = self.user_d1a_apikey @@ -840,7 +846,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmD1A"]["name"] +"-shared-scope-domain-withsubdomainaccess" self.vmdata["displayname"] = self.acldata["vmD1A"]["displayname"] +"-shared-scope-domain-withsubdomainaccess" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -848,19 +854,18 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_with_subdomain_d11.id ) - self.fail("Parent domain's user is able to deploy VM in a shared network with scope=domain with subdomain access ") + self.cleanup.append(vm) + self.fail("Parent domain's user is able to deploy VM in a shared network with scope=domain with subdomain access ") except Exception as e: - self.debug ("When a user from parent domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): - self.fail("Error message validation failed when Parent domain's user tries to deploy VM in a shared network with scope=domain with subdomain access ") - + self.debug ("When a user from parent domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): + self.fail("Error message validation failed when Parent domain's user tries to deploy VM in a shared network with scope=domain with subdomain access ") @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_parentdomainadminuser(self): """ Validate that admin user in a parent domain is NOT allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for any domain """ - # deploy VM as an admin user in parentdomain of a domain that has shared network with subdomain access self.apiclient.connection.apiKey = self.user_d1_apikey @@ -868,7 +873,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmD1"]["name"] +"-shared-scope-domain-withsubdomainaccess" self.vmdata["displayname"] = self.acldata["vmD1"]["displayname"] +"-shared-scope-domain-withsubdomainaccess" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -876,20 +881,18 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_with_subdomain_d11.id ) - self.fail("Parent domain's admin user is able to deploy VM in a shared network with scope=domain with subdomain access ") + self.cleanup.append(vm) + self.fail("Parent domain's admin user is able to deploy VM in a shared network with scope=domain with subdomain access ") except Exception as e: - self.debug ("When an admin user from parent domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): - self.fail("Error message validation failed when Parent domain's admin user tries to deploy VM in a shared network with scope=domain with subdomain access") - - + self.debug ("When an admin user from parent domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): + self.fail("Error message validation failed when Parent domain's admin user tries to deploy VM in a shared network with scope=domain with subdomain access") @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_ROOTuser(self): """ Validate that regular user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for any domain """ - # deploy VM as user in ROOT domain self.apiclient.connection.apiKey = self.user_roota_apikey @@ -897,7 +900,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmROOTA"]["name"] + "-shared-scope-domain-withsubdomainaccess" self.vmdata["displayname"] = self.acldata["vmROOTA"]["displayname"] + "-shared-scope-domain-withsubdomainaccess" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -905,19 +908,18 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_with_subdomain_d11.id ) - self.fail("ROOT domain's user is able to deploy VM in a shared network with scope=domain with subdomain access ") + self.cleanup.append(vm) + self.fail("ROOT domain's user is able to deploy VM in a shared network with scope=domain with subdomain access ") except Exception as e: - self.debug ("When a user from ROOT domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): - self.fail("Error message validation failed when ROOT domain's user tries to deploy VM in a shared network with scope=domain with subdomain access") + self.debug ("When a user from ROOT domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): + self.fail("Error message validation failed when ROOT domain's user tries to deploy VM in a shared network with scope=domain with subdomain access") - - @attr("simulator_only",tags=["advanced"],required_hardware="false") + @attr("simulator_only",tags=["advanced", "bla"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_ROOTadmin(self): """ Validate that admin user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for any domain """ - # deploy VM as admin user in ROOT domain self.apiclient.connection.apiKey = self.user_root_apikey @@ -925,7 +927,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmROOT"]["name"] + "-shared-scope-domain-withsubdomainaccess" self.vmdata["displayname"] = self.acldata["vmROOT"]["displayname"] + "-shared-scope-domain-withsubdomainaccess" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -933,13 +935,14 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_domain_with_subdomain_d11.id ) - self.fail("ROOT domain's admin user is able to deploy VM in a shared network with scope=domain with subdomain access ") + self.cleanup.append(vm) + vm.stop(self.apiclient, forced=True) + vm.assign_virtual_machine(self.apiclient, self.account_d11.name, self.domain_11.id) + self.fail("ROOT domain's admin user is able to deploy VM in a shared network with scope=domain with subdomain access ") except Exception as e: - self.debug ("When an admin user from ROOT domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): - self.fail("Error message validation failed when ROOT domain's admin user tries to deploy VM in a shared network with scope=domain with subdomain access") - - + self.debug ("When an admin user from ROOT domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN): + self.fail("Error message validation failed when ROOT domain's admin user tries to deploy VM in a shared network with scope=domain with subdomain access") ## Test cases relating to deploying Virtual Machine in shared network with scope=account @@ -948,7 +951,6 @@ class TestSharedNetwork(cloudstackTestCase): """ Validate that any other user in same domain is NOT allowed to deploy VM in a shared network created with scope="account" for an account """ - # deploy VM as user under the same domain but belonging to a different account from the acount that has a shared network with scope=account self.apiclient.connection.apiKey = self.user_d111b_apikey @@ -956,7 +958,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmD111B"]["name"] +"-shared-scope-domain-withsubdomainaccess" self.vmdata["displayname"] = self.acldata["vmD111B"]["displayname"] +"-shared-scope-domain-withsubdomainaccess" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -964,19 +966,17 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_account_d111a.id ) - self.fail("User from same domain but different account is able to deploy VM in a shared network with scope=account") + self.cleanup.append(vm) + self.fail("User from same domain but different account is able to deploy VM in a shared network with scope=account") except Exception as e: - self.debug ("When a user from same domain but different account deploys a VM in a shared network with scope=account %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK): - self.fail("Error message validation failed when User from same domain but different account tries to deploy VM in a shared network with scope=account") - - + self.debug ("When a user from same domain but different account deploys a VM in a shared network with scope=account %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK): + self.fail("Error message validation failed when User from same domain but different account tries to deploy VM in a shared network with scope=account") @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_account_domainadminuser(self): """ Validate that an admin user under the same domain but belonging to a different account is allowed to deploy VM in a shared network created with scope="account" for an account - """ # deploy VM as admin user for a domain that has an account with shared network with scope=account @@ -985,7 +985,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmD111"]["name"] +"-shared-scope-domain-withsubdomainaccess" self.vmdata["displayname"] = self.acldata["vmD111"]["displayname"] +"-shared-scope-domain-withsubdomainaccess" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -993,19 +993,18 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_account_d111a.id ) - self.fail("User from same domain but different account is able to deploy VM in a shared network with scope=account") + self.cleanup.append(vm) + self.fail("User from same domain but different account is able to deploy VM in a shared network with scope=account") except Exception as e: - self.debug ("When a user from same domain but different account deploys a VM in a shared network with scope=account %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK): - self.fail("Error message validation failed when User from same domain but different account tries to deploy VM in a shared network with scope=account") - + self.debug ("When a user from same domain but different account deploys a VM in a shared network with scope=account %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK): + self.fail("Error message validation failed when User from same domain but different account tries to deploy VM in a shared network with scope=account") @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_account_user(self): """ Validate that regular user in the account is allowed to deploy VM in a shared network created with scope="account" for an account """ - # deploy VM as account with shared network with scope=account self.apiclient.connection.apiKey = self.user_d111a_apikey @@ -1021,6 +1020,7 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_account_d111a.id ) + self.cleanup.append(vm) self.assertEqual(vm.state == "Running", True, @@ -1031,7 +1031,6 @@ class TestSharedNetwork(cloudstackTestCase): """ Validate that regular user from a domain different from that of the account is NOT allowed to deploy VM in a shared network created with scope="account" for an account """ - # deploy VM as a user in a subdomain under ROOT self.apiclient.connection.apiKey = self.user_d2a_apikey @@ -1039,7 +1038,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmD2A"]["name"] +"-shared-scope-account" self.vmdata["displayname"] = self.acldata["vmD2A"]["displayname"] +"-shared-scope-account" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -1047,19 +1046,17 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_account_d111a.id ) - self.fail("User from different domain is able to deploy VM in a shared network with scope=account ") + self.cleanup.append(vm) + self.fail("User from different domain is able to deploy VM in a shared network with scope=account ") except Exception as e: - self.debug ("When a user from different domain deploys a VM in a shared network with scope=account %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK): - self.fail("Error message validation failed when User from different domain tries to deploy VM in a shared network with scope=account") - - + self.debug ("When a user from different domain deploys a VM in a shared network with scope=account %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK): + self.fail("Error message validation failed when User from different domain tries to deploy VM in a shared network with scope=account") @attr("simulator_only",tags=["advanced"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_account_ROOTuser(self): """ Validate that user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="account" for an account - """ # deploy VM as user in ROOT domain @@ -1068,7 +1065,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmROOTA"]["name"] + "-shared-scope-account" self.vmdata["displayname"] = self.acldata["vmROOTA"]["displayname"] + "-shared-scope-account" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -1076,19 +1073,18 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_account_d111a.id ) - self.fail("ROOT domain's user is able to deploy VM in a shared network with scope=account ") + self.cleanup.append(vm) + self.fail("ROOT domain's user is able to deploy VM in a shared network with scope=account ") except Exception as e: - self.debug ("When a user from ROOT domain deploys a VM in a shared network with scope=account %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK): - self.fail("Error message validation failed when ROOT domain's user tries to deploy VM in a shared network with scope=account ") + self.debug ("When a user from ROOT domain deploys a VM in a shared network with scope=account %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK): + self.fail("Error message validation failed when ROOT domain's user tries to deploy VM in a shared network with scope=account ") - - @attr("simulator_only",tags=["advanced"],required_hardware="false") + @attr("simulator_only",tags=["advanced", "bla"],required_hardware="false") def test_deployVM_in_sharedNetwork_scope_account_ROOTadmin(self): """ Validate that admin user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="account" for an account """ - # deploy VM as admin user in ROOT domain self.apiclient.connection.apiKey = self.user_root_apikey @@ -1096,7 +1092,7 @@ class TestSharedNetwork(cloudstackTestCase): self.vmdata["name"] = self.acldata["vmROOT"]["name"] + "-shared-scope-account" self.vmdata["displayname"] = self.acldata["vmROOT"]["displayname"] + "-shared-scope-account" try: - vm = VirtualMachine.create( + vm = VirtualMachine.create( self.apiclient, self.vmdata, zoneid=self.zone.id, @@ -1104,11 +1100,14 @@ class TestSharedNetwork(cloudstackTestCase): templateid=self.template.id, networkids=self.shared_network_account_d111a.id ) - self.fail("ROOT domain's admin user is able to deploy VM in a shared network with scope=account ") + self.cleanup.append(vm) + vm.stop(self.apiclient, forced=True) + vm.assign_virtual_machine(self.apiclient, self.account_d111a.name, self.domain_111.id) + self.fail("ROOT domain's admin user is able to deploy VM in a shared network with scope=account ") except Exception as e: - self.debug ("When an admin user from ROOT domain deploys a VM in a shared network with scope=account %s" %e) - if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK): - self.fail("Error message validation failed when ROOT domain's admin user tries to deploy VM in a shared network with scope=account") + self.debug ("When an admin user from ROOT domain deploys a VM in a shared network with scope=account %s" %e) + if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK): + self.fail("Error message validation failed when ROOT domain's admin user tries to deploy VM in a shared network with scope=account") diff --git a/utils/src/main/java/com/cloud/utils/StringUtils.java b/utils/src/main/java/com/cloud/utils/StringUtils.java index 4bb48dacf11..817cb696ef4 100644 --- a/utils/src/main/java/com/cloud/utils/StringUtils.java +++ b/utils/src/main/java/com/cloud/utils/StringUtils.java @@ -249,16 +249,16 @@ public class StringUtils { final boolean applyPagination = startIndex != null && pageSizeVal != null && startIndex <= Integer.MAX_VALUE && startIndex >= 0 && pageSizeVal <= Integer.MAX_VALUE && pageSizeVal > 0; - List listWPagination = null; - if (applyPagination) { - listWPagination = new ArrayList<>(); - final int index = startIndex.intValue() == 0 ? 0 : startIndex.intValue() / pageSizeVal.intValue(); - final List> partitions = StringUtils.partitionList(originalList, pageSizeVal.intValue()); - if (index < partitions.size()) { - listWPagination = partitions.get(index); - } - } - return listWPagination; + List listWPagination = null; + if (applyPagination) { + listWPagination = new ArrayList<>(); + final int index = startIndex.intValue() == 0 ? 0 : startIndex.intValue() / pageSizeVal.intValue(); + final List> partitions = StringUtils.partitionList(originalList, pageSizeVal.intValue()); + if (index < partitions.size()) { + listWPagination = partitions.get(index); + } + } + return listWPagination; } private static List> partitionList(final List originalList, final int chunkSize) {