mirror of
				https://github.com/apache/cloudstack.git
				synced 2025-10-26 08:42:29 +01:00 
			
		
		
		
	server Don't allow inadvertent deletion of hidden details via API (#7880)
* Don't allow inadvertent deletion of hidden details via API * Update VM details unit test ensuring system/hidden details not removed * Update test/integration/component/test_update_vm.py --------- Co-authored-by: Marcus Sorensen <mls@apple.com> Co-authored-by: dahn <daan.hoogland@gmail.com>
This commit is contained in:
		
							parent
							
								
									2e1c2821a8
								
							
						
					
					
						commit
						a0702279aa
					
				| @ -2756,13 +2756,18 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir | |||||||
|         final List<String> userReadOnlySettings = Stream.of(QueryService.UserVMReadOnlyDetails.value().split(",")) |         final List<String> userReadOnlySettings = Stream.of(QueryService.UserVMReadOnlyDetails.value().split(",")) | ||||||
|                 .map(item -> (item).trim()) |                 .map(item -> (item).trim()) | ||||||
|                 .collect(Collectors.toList()); |                 .collect(Collectors.toList()); | ||||||
|  |         List<UserVmDetailVO> existingDetails = userVmDetailsDao.listDetails(id); | ||||||
|         if (cleanupDetails){ |         if (cleanupDetails){ | ||||||
|             if (caller != null && caller.getType() == Account.Type.ADMIN) { |             if (caller != null && caller.getType() == Account.Type.ADMIN) { | ||||||
|                 userVmDetailsDao.removeDetails(id); |                 for (final UserVmDetailVO detail : existingDetails) { | ||||||
|  |                     if (detail != null && detail.isDisplay()) { | ||||||
|  |                         userVmDetailsDao.removeDetail(id, detail.getName()); | ||||||
|  |                     } | ||||||
|  |                 } | ||||||
|             } else { |             } else { | ||||||
|                 for (final UserVmDetailVO detail : userVmDetailsDao.listDetails(id)) { |                 for (final UserVmDetailVO detail : existingDetails) { | ||||||
|                     if (detail != null && !userDenyListedSettings.contains(detail.getName()) |                     if (detail != null && !userDenyListedSettings.contains(detail.getName()) | ||||||
|                             && !userReadOnlySettings.contains(detail.getName())) { |                             && !userReadOnlySettings.contains(detail.getName()) && detail.isDisplay()) { | ||||||
|                         userVmDetailsDao.removeDetail(id, detail.getName()); |                         userVmDetailsDao.removeDetail(id, detail.getName()); | ||||||
|                     } |                     } | ||||||
|                 } |                 } | ||||||
| @ -2782,15 +2787,25 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir | |||||||
|                         if (userReadOnlySettings.contains(detailName)) { |                         if (userReadOnlySettings.contains(detailName)) { | ||||||
|                             throw new InvalidParameterValueException("You're not allowed to add or edit the read-only setting: " + detailName); |                             throw new InvalidParameterValueException("You're not allowed to add or edit the read-only setting: " + detailName); | ||||||
|                         } |                         } | ||||||
|  |                         if (existingDetails.stream().anyMatch(d -> Objects.equals(d.getName(), detailName) && !d.isDisplay())){ | ||||||
|  |                             throw new InvalidParameterValueException("You're not allowed to add or edit the non-displayable setting: " + detailName); | ||||||
|  |                         } | ||||||
|                     } |                     } | ||||||
|                     // Add any hidden/denied or read-only detail |                     // Add any existing user denied or read-only details. We do it here because admins would already provide these (or can delete them). | ||||||
|                     for (final UserVmDetailVO detail : userVmDetailsDao.listDetails(id)) { |                     for (final UserVmDetailVO detail : existingDetails) { | ||||||
|                         if (userDenyListedSettings.contains(detail.getName()) || userReadOnlySettings.contains(detail.getName())) { |                         if (userDenyListedSettings.contains(detail.getName()) || userReadOnlySettings.contains(detail.getName())) { | ||||||
|                             details.put(detail.getName(), detail.getValue()); |                             details.put(detail.getName(), detail.getValue()); | ||||||
|                         } |                         } | ||||||
|                     } |                     } | ||||||
|                 } |                 } | ||||||
| 
 | 
 | ||||||
|  |                 // ensure details marked as non-displayable are maintained, regardless of admin or not | ||||||
|  |                 for (final UserVmDetailVO existingDetail : existingDetails) { | ||||||
|  |                     if (!existingDetail.isDisplay()) { | ||||||
|  |                         details.put(existingDetail.getName(), existingDetail.getValue()); | ||||||
|  |                     } | ||||||
|  |                 } | ||||||
|  | 
 | ||||||
|                 verifyVmLimits(vmInstance, details); |                 verifyVmLimits(vmInstance, details); | ||||||
|                 vmInstance.setDetails(details); |                 vmInstance.setDetails(details); | ||||||
|                 _vmDao.saveDetails(vmInstance); |                 _vmDao.saveDetails(vmInstance); | ||||||
|  | |||||||
| @ -149,7 +149,7 @@ public class UserVmManagerImplTest { | |||||||
|     private EntityManager entityManager; |     private EntityManager entityManager; | ||||||
| 
 | 
 | ||||||
|     @Mock |     @Mock | ||||||
|     private UserVmDetailsDao userVmDetailVO; |     private UserVmDetailsDao userVmDetailsDao; | ||||||
| 
 | 
 | ||||||
|     @Mock |     @Mock | ||||||
|     private UserVmVO userVmVoMock; |     private UserVmVO userVmVoMock; | ||||||
| @ -300,7 +300,7 @@ public class UserVmManagerImplTest { | |||||||
|         verifyMethodsThatAreAlwaysExecuted(); |         verifyMethodsThatAreAlwaysExecuted(); | ||||||
| 
 | 
 | ||||||
|         Mockito.verify(userVmManagerImpl).updateDisplayVmFlag(false, vmId, userVmVoMock); |         Mockito.verify(userVmManagerImpl).updateDisplayVmFlag(false, vmId, userVmVoMock); | ||||||
|         Mockito.verify(userVmDetailVO, Mockito.times(0)).removeDetails(vmId); |         Mockito.verify(userVmDetailsDao, Mockito.times(0)).removeDetail(anyLong(), anyString()); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     @Test |     @Test | ||||||
| @ -310,12 +310,15 @@ public class UserVmManagerImplTest { | |||||||
|         Mockito.when(_serviceOfferingDao.findById(Mockito.anyLong(), Mockito.anyLong())).thenReturn((ServiceOfferingVO) offering); |         Mockito.when(_serviceOfferingDao.findById(Mockito.anyLong(), Mockito.anyLong())).thenReturn((ServiceOfferingVO) offering); | ||||||
|         Mockito.when(updateVmCommand.isCleanupDetails()).thenReturn(true); |         Mockito.when(updateVmCommand.isCleanupDetails()).thenReturn(true); | ||||||
|         Mockito.lenient().doNothing().when(userVmManagerImpl).updateDisplayVmFlag(false, vmId, userVmVoMock); |         Mockito.lenient().doNothing().when(userVmManagerImpl).updateDisplayVmFlag(false, vmId, userVmVoMock); | ||||||
|         Mockito.doNothing().when(userVmDetailVO).removeDetails(vmId); | 
 | ||||||
|         Mockito.when(updateVmCommand.getUserdataId()).thenReturn(null); |         Mockito.when(updateVmCommand.getUserdataId()).thenReturn(null); | ||||||
| 
 | 
 | ||||||
|  |         prepareExistingDetails(vmId, "userdetail"); | ||||||
|  | 
 | ||||||
|         userVmManagerImpl.updateVirtualMachine(updateVmCommand); |         userVmManagerImpl.updateVirtualMachine(updateVmCommand); | ||||||
|         verifyMethodsThatAreAlwaysExecuted(); |         verifyMethodsThatAreAlwaysExecuted(); | ||||||
|         Mockito.verify(userVmDetailVO).removeDetails(vmId); |         Mockito.verify(userVmDetailsDao).removeDetail(vmId, "userdetail"); | ||||||
|  |         Mockito.verify(userVmDetailsDao, Mockito.times(0)).removeDetail(vmId, "systemdetail"); | ||||||
|         Mockito.verify(userVmManagerImpl, Mockito.times(0)).updateDisplayVmFlag(false, vmId, userVmVoMock); |         Mockito.verify(userVmManagerImpl, Mockito.times(0)).updateDisplayVmFlag(false, vmId, userVmVoMock); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
| @ -340,6 +343,16 @@ public class UserVmManagerImplTest { | |||||||
|         prepareAndExecuteMethodDealingWithDetails(false, false); |         prepareAndExecuteMethodDealingWithDetails(false, false); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  |     private List<UserVmDetailVO> prepareExistingDetails(Long vmId, String... existingDetailKeys) { | ||||||
|  |         List<UserVmDetailVO> existingDetails = new ArrayList<>(); | ||||||
|  |         for (String detail : existingDetailKeys) { | ||||||
|  |             existingDetails.add(new UserVmDetailVO(vmId, detail, "foo", true)); | ||||||
|  |         } | ||||||
|  |         existingDetails.add(new UserVmDetailVO(vmId, "systemdetail", "bar", false)); | ||||||
|  |         Mockito.when(userVmDetailsDao.listDetails(vmId)).thenReturn(existingDetails); | ||||||
|  |         return existingDetails; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|     private void prepareAndExecuteMethodDealingWithDetails(boolean cleanUpDetails, boolean isDetailsEmpty) throws ResourceUnavailableException, InsufficientCapacityException { |     private void prepareAndExecuteMethodDealingWithDetails(boolean cleanUpDetails, boolean isDetailsEmpty) throws ResourceUnavailableException, InsufficientCapacityException { | ||||||
|         configureDoNothingForMethodsThatWeDoNotWantToTest(); |         configureDoNothingForMethodsThatWeDoNotWantToTest(); | ||||||
| 
 | 
 | ||||||
| @ -360,8 +373,9 @@ public class UserVmManagerImplTest { | |||||||
|         lenient().doNothing().when(_networkMgr).saveExtraDhcpOptions(anyString(), anyLong(), anyMap()); |         lenient().doNothing().when(_networkMgr).saveExtraDhcpOptions(anyString(), anyLong(), anyMap()); | ||||||
|         HashMap<String, String> details = new HashMap<>(); |         HashMap<String, String> details = new HashMap<>(); | ||||||
|         if(!isDetailsEmpty) { |         if(!isDetailsEmpty) { | ||||||
|             details.put("", ""); |             details.put("newdetail", "foo"); | ||||||
|         } |         } | ||||||
|  |         prepareExistingDetails(vmId, "existingdetail"); | ||||||
|         Mockito.when(updateVmCommand.getUserdataId()).thenReturn(null); |         Mockito.when(updateVmCommand.getUserdataId()).thenReturn(null); | ||||||
|         Mockito.when(updateVmCommand.getDetails()).thenReturn(details); |         Mockito.when(updateVmCommand.getDetails()).thenReturn(details); | ||||||
|         Mockito.when(updateVmCommand.isCleanupDetails()).thenReturn(cleanUpDetails); |         Mockito.when(updateVmCommand.isCleanupDetails()).thenReturn(cleanUpDetails); | ||||||
| @ -371,14 +385,15 @@ public class UserVmManagerImplTest { | |||||||
|         verifyMethodsThatAreAlwaysExecuted(); |         verifyMethodsThatAreAlwaysExecuted(); | ||||||
| 
 | 
 | ||||||
|         Mockito.verify(userVmVoMock, Mockito.times(cleanUpDetails || isDetailsEmpty ? 0 : 1)).setDetails(details); |         Mockito.verify(userVmVoMock, Mockito.times(cleanUpDetails || isDetailsEmpty ? 0 : 1)).setDetails(details); | ||||||
|         Mockito.verify(userVmDetailVO, Mockito.times(cleanUpDetails ? 1: 0)).removeDetails(vmId); |         Mockito.verify(userVmDetailsDao, Mockito.times(cleanUpDetails ? 1 : 0)).removeDetail(vmId, "existingdetail"); | ||||||
|  |         Mockito.verify(userVmDetailsDao, Mockito.times(0)).removeDetail(vmId, "systemdetail"); | ||||||
|         Mockito.verify(userVmDao, Mockito.times(cleanUpDetails || isDetailsEmpty ? 0 : 1)).saveDetails(userVmVoMock); |         Mockito.verify(userVmDao, Mockito.times(cleanUpDetails || isDetailsEmpty ? 0 : 1)).saveDetails(userVmVoMock); | ||||||
|         Mockito.verify(userVmManagerImpl, Mockito.times(0)).updateDisplayVmFlag(false, vmId, userVmVoMock); |         Mockito.verify(userVmManagerImpl, Mockito.times(0)).updateDisplayVmFlag(false, vmId, userVmVoMock); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     private void configureDoNothingForDetailsMethod() { |     private void configureDoNothingForDetailsMethod() { | ||||||
|         Mockito.lenient().doNothing().when(userVmManagerImpl).updateDisplayVmFlag(false, vmId, userVmVoMock); |         Mockito.lenient().doNothing().when(userVmManagerImpl).updateDisplayVmFlag(false, vmId, userVmVoMock); | ||||||
|         Mockito.doNothing().when(userVmDetailVO).removeDetails(vmId); |         Mockito.doNothing().when(userVmDetailsDao).removeDetail(anyLong(), anyString()); | ||||||
|         Mockito.doNothing().when(userVmDao).saveDetails(userVmVoMock); |         Mockito.doNothing().when(userVmDao).saveDetails(userVmVoMock); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -15,11 +15,11 @@ | |||||||
| # specific language governing permissions and limitations | # specific language governing permissions and limitations | ||||||
| # under the License. | # under the License. | ||||||
| 
 | 
 | ||||||
| 
 |  | ||||||
| from marvin.cloudstackTestCase import cloudstackTestCase | from marvin.cloudstackTestCase import cloudstackTestCase | ||||||
| from marvin.lib.base import Account, VirtualMachine, ServiceOffering | from marvin.lib.base import Account, VirtualMachine, ServiceOffering | ||||||
| from marvin.lib.utils import cleanup_resources | from marvin.lib.utils import (validateList, cleanup_resources) | ||||||
| from marvin.lib.common import get_zone, get_domain, get_template | from marvin.lib.common import get_zone, get_domain, get_template | ||||||
|  | from marvin.codes import PASS | ||||||
| from nose.plugins.attrib import attr | from nose.plugins.attrib import attr | ||||||
| 
 | 
 | ||||||
| class TestData(object): | class TestData(object): | ||||||
| @ -59,6 +59,7 @@ class TestUpdateVirtualMachine(cloudstackTestCase): | |||||||
|     def setUp(self): |     def setUp(self): | ||||||
|         self.testdata = TestData().testdata |         self.testdata = TestData().testdata | ||||||
|         self.apiclient = self.testClient.getApiClient() |         self.apiclient = self.testClient.getApiClient() | ||||||
|  |         self.dbclient = self.testClient.getDbConnection() | ||||||
| 
 | 
 | ||||||
|         # Get Zone, Domain and Default Built-in template |         # Get Zone, Domain and Default Built-in template | ||||||
|         self.domain = get_domain(self.apiclient) |         self.domain = get_domain(self.apiclient) | ||||||
| @ -106,18 +107,7 @@ class TestUpdateVirtualMachine(cloudstackTestCase): | |||||||
|             templateid=self.template.id |             templateid=self.template.id | ||||||
|         ) |         ) | ||||||
| 
 | 
 | ||||||
|         list_vms = VirtualMachine.list(self.apiclient, id=self.virtual_machine.id) |         vm = self.listVmById(self.virtual_machine.id) | ||||||
|         self.assertEqual( |  | ||||||
|             isinstance(list_vms, list), |  | ||||||
|             True, |  | ||||||
|             "List VM response was not a valid list" |  | ||||||
|         ) |  | ||||||
|         self.assertNotEqual( |  | ||||||
|             len(list_vms), |  | ||||||
|             0, |  | ||||||
|             "List VM response was empty" |  | ||||||
|         ) |  | ||||||
|         vm = list_vms[0] |  | ||||||
| 
 | 
 | ||||||
|         self.debug( |         self.debug( | ||||||
|             "VirtualMachine launched with id, name, displayname: %s %s %s"\ |             "VirtualMachine launched with id, name, displayname: %s %s %s"\ | ||||||
| @ -152,6 +142,112 @@ class TestUpdateVirtualMachine(cloudstackTestCase): | |||||||
|         self.assertEqual(vmnew.displayname, vmnewstarted.displayname, |         self.assertEqual(vmnew.displayname, vmnewstarted.displayname, | ||||||
|             msg="display name changed on start, displayname is %s" % vmnewstarted.displayname) |             msg="display name changed on start, displayname is %s" % vmnewstarted.displayname) | ||||||
| 
 | 
 | ||||||
|  |     @attr(tags=['advanced', 'simulator', 'basic', 'sg', 'details'], required_hardware="false") | ||||||
|  |     def test_update_vm_details_admin(self): | ||||||
|  |         """Test Update VirtualMachine Details | ||||||
|  | 
 | ||||||
|  |         # Set up a VM | ||||||
|  |         # Set up hidden detail in DB for VM | ||||||
|  | 
 | ||||||
|  |         # Validate the following: | ||||||
|  |         # 1. Can add two details (detail1, detail2) | ||||||
|  |         # 2. Can fetch new details on VM | ||||||
|  |         # 3. Can delete detail1 | ||||||
|  |         # 4. Hidden detail not removed | ||||||
|  |         # 6. The detail2 remains | ||||||
|  |         # 7. Ensure cleanup parameter doesn't remove hidden details | ||||||
|  |         """ | ||||||
|  |         hidden_detail_name = "configDriveLocation" | ||||||
|  |         detail1 = "detail1" | ||||||
|  |         detail2 = "detail2" | ||||||
|  | 
 | ||||||
|  |         # set up a VM | ||||||
|  |         self.virtual_machine = VirtualMachine.create( | ||||||
|  |             self.apiclient, | ||||||
|  |             self.testdata["virtual_machine"], | ||||||
|  |             accountid=self.account.name, | ||||||
|  |             zoneid=self.zone.id, | ||||||
|  |             domainid=self.account.domainid, | ||||||
|  |             serviceofferingid=self.service_offering.id, | ||||||
|  |             templateid=self.template.id | ||||||
|  |         ) | ||||||
|  |         self.cleanup.append(self.virtual_machine) | ||||||
|  | 
 | ||||||
|  |         vm = self.listVmById(self.virtual_machine.id) | ||||||
|  | 
 | ||||||
|  |         self.debug( | ||||||
|  |             "VirtualMachine launched with id, name, displayname: %s %s %s" \ | ||||||
|  |             % (self.virtual_machine.id, vm.name, vm.displayname) | ||||||
|  |         ) | ||||||
|  | 
 | ||||||
|  |         # set up a hidden detail | ||||||
|  |         dbresult = self.dbclient.execute("select id from vm_instance where uuid='%s'" % vm.id) | ||||||
|  |         self.assertEqual(validateList(dbresult)[0], PASS, "sql query returned invalid response") | ||||||
|  |         vm_db_id = dbresult[0][0] | ||||||
|  |         self.debug("VM has database id %d" % vm_db_id) | ||||||
|  | 
 | ||||||
|  |         self.dbclient.execute("insert into user_vm_details (vm_id, name, value, display) values (%d,'%s','HOST', 0)" % (vm_db_id, hidden_detail_name)) | ||||||
|  | 
 | ||||||
|  |         vm = self.listVmById(self.virtual_machine.id) | ||||||
|  |         self.debug("VirtualMachine fetched with details: %s of type %s" % (vm.details, type(vm.details))) | ||||||
|  | 
 | ||||||
|  |         self.assertIsNone(vm.details[hidden_detail_name], "hidden detail should be hidden") | ||||||
|  | 
 | ||||||
|  |         # add two details by appending to what was returned via API | ||||||
|  |         updating_vm_details = vm.details.__dict__ | ||||||
|  |         updating_vm_details[detail1] = "foo" | ||||||
|  |         updating_vm_details[detail2] = "bar" | ||||||
|  | 
 | ||||||
|  |         self.debug("Updating VM to new details: %s" % updating_vm_details) | ||||||
|  |         vm = self.virtual_machine.update(self.apiclient, details=[updating_vm_details]) | ||||||
|  | 
 | ||||||
|  |         self.assertIsNotNone(vm.details[detail1], "Expect " + detail1) | ||||||
|  |         self.assertIsNotNone(vm.details[detail2], "Expect " + detail2) | ||||||
|  |         self.assertIsNone(vm.details[hidden_detail_name], "hidden detail should be hidden") | ||||||
|  |         self.assertTrue(self.detailInDatabase(vm_db_id, hidden_detail_name), "hidden detail should still exist in db") | ||||||
|  | 
 | ||||||
|  |         # delete one detail | ||||||
|  |         updating_vm_details = vm.details.__dict__ | ||||||
|  |         del updating_vm_details["detail1"] | ||||||
|  | 
 | ||||||
|  |         self.debug("Deleting one detail by updating details: %s" % updating_vm_details) | ||||||
|  |         vm = self.virtual_machine.update(self.apiclient, details=[updating_vm_details]) | ||||||
|  | 
 | ||||||
|  |         self.assertIsNone(vm.details[detail1], "Do not expect " + detail1) | ||||||
|  |         self.assertIsNotNone(vm.details[detail2], "Expect " + detail2) | ||||||
|  |         self.assertIsNone(vm.details[hidden_detail_name], "hidden detail should be hidden") | ||||||
|  |         self.assertTrue(self.detailInDatabase(vm_db_id, hidden_detail_name), "hidden detail should still exist in db") | ||||||
|  | 
 | ||||||
|  |         # cleanup, ensure hidden detail is not deleted | ||||||
|  |         vm = self.virtual_machine.update(self.apiclient, cleanupdetails="true") | ||||||
|  |         self.assertIsNone(vm.details[detail1], "Do not expect " + detail1) | ||||||
|  |         self.assertIsNone(vm.details[detail2], "Do not expect " + detail2) | ||||||
|  |         self.assertIsNone(vm.details[hidden_detail_name], "hidden detail should be hidden") | ||||||
|  |         self.assertTrue(self.detailInDatabase(vm_db_id, hidden_detail_name), "hidden detail should still exist in db") | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  |     def detailInDatabase(self, vm_id, detail_name): | ||||||
|  |         dbresult = self.dbclient.execute("select id from user_vm_details where vm_id=%s and name='%s'" % (vm_id, detail_name)) | ||||||
|  |         self.debug("Detail %s for VM %s: %s" % (detail_name, vm_id, dbresult)) | ||||||
|  |         if validateList(dbresult)[0] == PASS: | ||||||
|  |             return True | ||||||
|  |         return False | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  |     def listVmById(self, id): | ||||||
|  |         list_vms = VirtualMachine.list(self.apiclient, id=id) | ||||||
|  |         self.assertEqual( | ||||||
|  |             isinstance(list_vms, list), | ||||||
|  |             True, | ||||||
|  |             "List VM response was not a valid list" | ||||||
|  |         ) | ||||||
|  |         self.assertNotEqual( | ||||||
|  |             len(list_vms), | ||||||
|  |             0, | ||||||
|  |             "List VM response was empty" | ||||||
|  |         ) | ||||||
|  |         return list_vms[0] | ||||||
|  | 
 | ||||||
|     def tearDown(self): |     def tearDown(self): | ||||||
|         try: |         try: | ||||||
|            cleanup_resources(self.apiclient, self.cleanup) |            cleanup_resources(self.apiclient, self.cleanup) | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user