CS-15167: AWS API calls do not honor the "admin" accounts ability to view/act on the resources owned by regular users.

2025-10-26 08:42:29 +01:00 · 2012-07-06 16:00:27 -07:00 · 2012-07-06 16:00:27 -07:00 · 8d38f4e051
commit 8d38f4e051
parent 47ea9f254c
3 changed files with 10 additions and 7 deletions
--- a/awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java
+++ b/awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java
@ -870,7 +870,7 @@ public class EC2Engine {
 	public boolean associateAddress( EC2AssociateAddress request ) {
 		try {
 			CloudStackIpAddress cloudIp = getApi().listPublicIpAddresses(null, null, null, null, null, request.getPublicIp(), null, null, null).get(0);
-			CloudStackUserVm cloudVm = getApi().listVirtualMachines(null, null, null, null, null, null, request.getInstanceId(), null, null, null, null, null, null, null, null).get(0);
+	        CloudStackUserVm cloudVm = getApi().listVirtualMachines(null, null, true, null, null, null, null, request.getInstanceId(), null, null, null, null, null, null, null, null).get(0);

 			CloudStackInfoResponse resp = getApi().enableStaticNat(cloudIp.getId(), cloudVm.getId());
 			if (resp != null) {
@ -1783,7 +1783,7 @@ public class EC2Engine {
 			throws Exception {

 		String instId = instanceId != null ? instanceId : null;
-		List<CloudStackUserVm> vms = getApi().listVirtualMachines(null, null, null, null, null, null, 
+        List<CloudStackUserVm> vms = getApi().listVirtualMachines(null, null, true, null, null, null, null,
 				instId, null, null, null, null, null, null, null, null);
 		
 		if(vms != null && vms.size() > 0) {
@ -1911,8 +1911,8 @@ public class EC2Engine {
 	public EC2DescribeSecurityGroupsResponse listSecurityGroups( String[] interestedGroups ) throws Exception {
 		try {
 			EC2DescribeSecurityGroupsResponse groupSet = new EC2DescribeSecurityGroupsResponse();
-			
-			List<CloudStackSecurityGroup> groups = getApi().listSecurityGroups(null, null, null, null, null, null);
+
+            List<CloudStackSecurityGroup> groups = getApi().listSecurityGroups(null, null, null, true, null, null, null);
 			if (groups != null && groups.size() > 0)
    			for (CloudStackSecurityGroup group : groups) {
    				boolean matched = false;
--- a/awsapi/src/com/cloud/stack/CloudStackApi.java
+++ b/awsapi/src/com/cloud/stack/CloudStackApi.java
@ -311,13 +311,14 @@ public class CloudStackApi {
 	 * @return
 	 * @throws Exception
 	 */
-	public List<CloudStackUserVm> listVirtualMachines(String account, String accountId, Boolean forVirtualNetwork, String groupId, String hostId, 
+    public List<CloudStackUserVm> listVirtualMachines(String account, String accountId, Boolean listAll, Boolean forVirtualNetwork, String groupId, String hostId,
 			String hypervisor, String id, Boolean isRecursive, String keyWord, String name, String networkId, String podId, String state, String storageId, 
 			String zoneId) throws Exception {
 		CloudStackCommand cmd = new CloudStackCommand(ApiConstants.LIST_VIRTUAL_MACHINES);
 		if (cmd != null) {
 			if (account != null) cmd.setParam(ApiConstants.ACCOUNT, account);
 			if (accountId != null) cmd.setParam(ApiConstants.ACCOUNT_ID, accountId);
+            if (listAll != null) cmd.setParam(ApiConstants.LIST_ALL, listAll.toString());
 			if (forVirtualNetwork != null) cmd.setParam(ApiConstants.FOR_VIRTUAL_NETWORK, forVirtualNetwork.toString());
 			if (groupId != null) cmd.setParam(ApiConstants.GROUP_ID, groupId);
 			if (hostId != null) cmd.setParam(ApiConstants.HOST_ID, hostId);
@ -1087,13 +1088,14 @@ public class CloudStackApi {
 	 * @return
 	 * @throws Exception
 	 */
-	public List<CloudStackSecurityGroup> listSecurityGroups(String account, String domainId, String id, String keyWord, String securityGroupName, 
-			String virtualMachineId) throws Exception {
+    public List<CloudStackSecurityGroup> listSecurityGroups(String account, String domainId, String id, Boolean listAll, String keyWord,
+            String securityGroupName, String virtualMachineId) throws Exception {
 		CloudStackCommand cmd = new CloudStackCommand(ApiConstants.LIST_SECURITY_GROUPS);
 		if (cmd != null) { 
 			if (account != null) cmd.setParam(ApiConstants.ACCOUNT, account);
 			if (domainId != null) cmd.setParam(ApiConstants.DOMAIN_ID, domainId);
 			if (id != null) cmd.setParam(ApiConstants.ID, id);
+            if (listAll != null) cmd.setParam(ApiConstants.LIST_ALL, listAll.toString());
 			if (keyWord != null) cmd.setParam(ApiConstants.KEYWORD, keyWord);
 			if (securityGroupName != null) cmd.setParam(ApiConstants.SECURITY_GROUP_NAME, securityGroupName);
 			if (virtualMachineId != null) cmd.setParam(ApiConstants.VIRTUAL_MACHINE_ID, virtualMachineId);
--- a/awsapi/src/com/cloud/stack/models/ApiConstants.java
+++ b/awsapi/src/com/cloud/stack/models/ApiConstants.java
@ -242,6 +242,7 @@ public class ApiConstants {
    public static final String LINMIN_USERNAME = "linminusername";
    public static final String LIST_ACCOUNTS = "listAccounts";
    public static final String LIST_ACCOUNTS_RESPONSE = "listaccountsresponse";
+    public static final String LIST_ALL = "listall";
    public static final String LIST_CAPABILITIES = "listCapabilities";
    public static final String LIST_CAPABILITIES_RESPONSE = "listcapabilitiesresponse";
    public static final String LIST_DISK_OFFERINGS = "listDiskOfferings";