diff --git a/core/pom.xml b/core/pom.xml index cdcfd536b93..975e9f64072 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -36,6 +36,11 @@ cloud-engine-api ${project.version} + + org.apache.cloudstack + cloud-framework-security + ${project.version} + commons-codec commons-codec diff --git a/core/src/com/cloud/agent/api/SecStorageSetupCommand.java b/core/src/com/cloud/agent/api/SecStorageSetupCommand.java index 3c8d7300064..aafb1de4c5b 100644 --- a/core/src/com/cloud/agent/api/SecStorageSetupCommand.java +++ b/core/src/com/cloud/agent/api/SecStorageSetupCommand.java @@ -16,50 +16,20 @@ // under the License. package com.cloud.agent.api; -import com.cloud.agent.api.LogLevel.Log4jLevel; import com.cloud.agent.api.to.DataStoreTO; +import com.cloud.keystore.KeystoreManager; public class SecStorageSetupCommand extends Command { private DataStoreTO store; private String secUrl; - private Certificates certs; + private KeystoreManager.Certificates certs; - public static class Certificates { - @LogLevel(Log4jLevel.Off) - private String privKey; - @LogLevel(Log4jLevel.Off) - private String privCert; - @LogLevel(Log4jLevel.Off) - private String certChain; - - public Certificates() { - - } - - public Certificates(String prvKey, String privCert, String certChain) { - this.privKey = prvKey; - this.privCert = privCert; - this.certChain = certChain; - } - - public String getPrivKey() { - return this.privKey; - } - - public String getPrivCert() { - return this.privCert; - } - - public String getCertChain() { - return this.certChain; - } - } public SecStorageSetupCommand() { super(); } - public SecStorageSetupCommand(DataStoreTO store, String secUrl, Certificates certs) { + public SecStorageSetupCommand(DataStoreTO store, String secUrl, KeystoreManager.Certificates certs) { super(); this.secUrl = secUrl; this.certs = certs; @@ -75,8 +45,8 @@ public class SecStorageSetupCommand extends Command { return secUrl; } - public Certificates getCerts() { - return this.certs; + public KeystoreManager.Certificates getCerts() { + return certs; } public void setSecUrl(String secUrl) { diff --git a/engine/service/src/main/webapp/WEB-INF/beans.xml b/engine/service/src/main/webapp/WEB-INF/beans.xml index 1be2c223e20..33bd4adb13b 100644 --- a/engine/service/src/main/webapp/WEB-INF/beans.xml +++ b/engine/service/src/main/webapp/WEB-INF/beans.xml @@ -42,7 +42,7 @@ - + @@ -51,7 +51,7 @@ - + @@ -61,7 +61,7 @@ - + diff --git a/engine/storage/integration-test/test/resources/StorageAllocatorTestContext.xml b/engine/storage/integration-test/test/resources/StorageAllocatorTestContext.xml index 72e5c84aff0..a981b8e9b4e 100644 --- a/engine/storage/integration-test/test/resources/StorageAllocatorTestContext.xml +++ b/engine/storage/integration-test/test/resources/StorageAllocatorTestContext.xml @@ -1,19 +1,19 @@ - + + 4.0.0 + cloud-framework-security + Apache CloudStack Framework - Security + + org.apache.cloudstack + cloudstack-framework + 4.4.0-SNAPSHOT + ../pom.xml + + + + org.apache.cloudstack + cloud-utils + ${project.version} + + + org.apache.cloudstack + cloud-api + ${project.version} + + + org.apache.cloudstack + cloud-framework-ipc + ${project.version} + + + org.apache.cloudstack + cloud-framework-db + ${project.version} + + + org.apache.cloudstack + cloud-framework-config + ${project.version} + + + diff --git a/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml b/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml new file mode 100644 index 00000000000..38b4bd0a646 --- /dev/null +++ b/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml @@ -0,0 +1,31 @@ + + + + + diff --git a/engine/schema/src/com/cloud/keystore/KeystoreDao.java b/framework/security/src/com/cloud/keystore/KeystoreDao.java similarity index 100% rename from engine/schema/src/com/cloud/keystore/KeystoreDao.java rename to framework/security/src/com/cloud/keystore/KeystoreDao.java diff --git a/engine/schema/src/com/cloud/keystore/KeystoreDaoImpl.java b/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java similarity index 100% rename from engine/schema/src/com/cloud/keystore/KeystoreDaoImpl.java rename to framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java diff --git a/server/src/com/cloud/keystore/KeystoreManager.java b/framework/security/src/com/cloud/keystore/KeystoreManager.java similarity index 62% rename from server/src/com/cloud/keystore/KeystoreManager.java rename to framework/security/src/com/cloud/keystore/KeystoreManager.java index 8a7d553bef5..48d5a40a793 100644 --- a/server/src/com/cloud/keystore/KeystoreManager.java +++ b/framework/security/src/com/cloud/keystore/KeystoreManager.java @@ -16,10 +16,42 @@ // under the License. package com.cloud.keystore; -import com.cloud.agent.api.SecStorageSetupCommand.Certificates; +import com.cloud.agent.api.LogLevel; +import com.cloud.agent.api.LogLevel.Log4jLevel; import com.cloud.utils.component.Manager; public interface KeystoreManager extends Manager { + public static class Certificates { + @LogLevel(Log4jLevel.Off) + private String privKey; + @LogLevel(Log4jLevel.Off) + private String privCert; + @LogLevel(Log4jLevel.Off) + private String certChain; + + public Certificates() { + + } + + public Certificates(String prvKey, String privCert, String certChain) { + privKey = prvKey; + this.privCert = privCert; + this.certChain = certChain; + } + + public String getPrivKey() { + return privKey; + } + + public String getPrivCert() { + return privCert; + } + + public String getCertChain() { + return certChain; + } + } + boolean validateCertificate(String certificate, String key, String domainSuffix); void saveCertificate(String name, String certificate, String key, String domainSuffix); diff --git a/server/src/com/cloud/keystore/KeystoreManagerImpl.java b/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java similarity index 96% rename from server/src/com/cloud/keystore/KeystoreManagerImpl.java rename to framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java index 2b798fe094c..8e5735afa5e 100644 --- a/server/src/com/cloud/keystore/KeystoreManagerImpl.java +++ b/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java @@ -33,7 +33,6 @@ import javax.inject.Inject; import org.apache.log4j.Logger; import org.springframework.stereotype.Component; -import com.cloud.agent.api.SecStorageSetupCommand; import com.cloud.utils.Ternary; import com.cloud.utils.component.ManagerBase; import com.cloud.utils.exception.CloudRuntimeException; @@ -123,7 +122,7 @@ public class KeystoreManagerImpl extends ManagerBase implements KeystoreManager } @Override - public SecStorageSetupCommand.Certificates getCertificates(String name) { + public Certificates getCertificates(String name) { KeystoreVO ksVo = _ksDao.findByName(name); if (ksVo == null) { return null; @@ -140,7 +139,7 @@ public class KeystoreManagerImpl extends ManagerBase implements KeystoreManager } certChain = chains.toString(); } - SecStorageSetupCommand.Certificates certs = new SecStorageSetupCommand.Certificates(prvKey, prvCert, certChain); + Certificates certs = new Certificates(prvKey, prvCert, certChain); return certs; } diff --git a/engine/schema/src/com/cloud/keystore/KeystoreVO.java b/framework/security/src/com/cloud/keystore/KeystoreVO.java similarity index 100% rename from engine/schema/src/com/cloud/keystore/KeystoreVO.java rename to framework/security/src/com/cloud/keystore/KeystoreVO.java diff --git a/framework/spring/lifecycle/src/main/java/org/apache/cloudstack/spring/lifecycle/registry/ExtensionRegistry.java b/framework/spring/lifecycle/src/main/java/org/apache/cloudstack/spring/lifecycle/registry/ExtensionRegistry.java index 6927d2f5fda..321e365e2c1 100644 --- a/framework/spring/lifecycle/src/main/java/org/apache/cloudstack/spring/lifecycle/registry/ExtensionRegistry.java +++ b/framework/spring/lifecycle/src/main/java/org/apache/cloudstack/spring/lifecycle/registry/ExtensionRegistry.java @@ -159,7 +159,6 @@ public class ExtensionRegistry implements Registry, Configurable, BeanNa if (name == null) { for (String part : beanName.replaceAll("([A-Z])", " $1").split("\\s+")) { part = StringUtils.capitalize(part.toLowerCase()); - ; name = name == null ? part : name + " " + part; } @@ -219,7 +218,7 @@ public class ExtensionRegistry implements Registry, Configurable, BeanNa @Override public void setBeanName(String name) { - this.beanName = name; + beanName = name; } public List getPreRegistered() { diff --git a/plugins/network-elements/stratosphere-ssp/resources/META-INF/cloudstack/ssp/spring-ssp-context.xml b/plugins/network-elements/stratosphere-ssp/resources/META-INF/cloudstack/ssp/spring-ssp-context.xml index 528f3e3e38c..7e8fe6c3e6f 100644 --- a/plugins/network-elements/stratosphere-ssp/resources/META-INF/cloudstack/ssp/spring-ssp-context.xml +++ b/plugins/network-elements/stratosphere-ssp/resources/META-INF/cloudstack/ssp/spring-ssp-context.xml @@ -38,5 +38,4 @@ - diff --git a/server/pom.xml b/server/pom.xml index 82a6888ee29..86e7b76a6c2 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -36,6 +36,11 @@ cloud-framework-cluster ${project.version} + + org.apache.cloudstack + cloud-framework-security + ${project.version} + javax.servlet servlet-api diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java index 3bdb2e6e032..4414e3b18f0 100755 --- a/server/src/com/cloud/api/ApiDBUtils.java +++ b/server/src/com/cloud/api/ApiDBUtils.java @@ -779,10 +779,6 @@ public class ApiDBUtils { return s_userVmMgr.searchForUserVMs(c, s_accountDao.findById(Account.ACCOUNT_ID_SYSTEM), null, false, permittedAccounts, false, null, null).first(); } - public static List searchForStoragePools(Criteria c) { - return s_ms.searchForStoragePools(c).first(); - } - // /////////////////////////////////////////////////////////// // Manager methods // // /////////////////////////////////////////////////////////// diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index cfec2b19de5..c9e5581865f 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -26,11 +26,12 @@ import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; -import java.util.StringTokenizer; import java.util.TimeZone; import javax.inject.Inject; +import org.apache.log4j.Logger; + import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.ControlledEntity.ACLType; import org.apache.cloudstack.affinity.AffinityGroup; @@ -143,11 +144,9 @@ import org.apache.cloudstack.network.lb.ApplicationLoadBalancerRule; import org.apache.cloudstack.region.PortableIp; import org.apache.cloudstack.region.PortableIpRange; import org.apache.cloudstack.region.Region; -import org.apache.cloudstack.storage.datastore.db.StoragePoolVO; import org.apache.cloudstack.usage.Usage; import org.apache.cloudstack.usage.UsageService; import org.apache.cloudstack.usage.UsageTypes; -import org.apache.log4j.Logger; import com.cloud.api.query.ViewResponseHelper; import com.cloud.api.query.vo.AccountJoinVO; @@ -258,7 +257,6 @@ import com.cloud.projects.Project; import com.cloud.projects.ProjectAccount; import com.cloud.projects.ProjectInvitation; import com.cloud.region.ha.GlobalLoadBalancerRule; -import com.cloud.server.Criteria; import com.cloud.server.ResourceTag; import com.cloud.server.ResourceTag.ResourceObjectType; import com.cloud.service.ServiceOfferingVO; @@ -269,7 +267,6 @@ import com.cloud.storage.GuestOSCategoryVO; import com.cloud.storage.ImageStore; import com.cloud.storage.Snapshot; import com.cloud.storage.SnapshotVO; -import com.cloud.storage.Storage.StoragePoolType; import com.cloud.storage.StoragePool; import com.cloud.storage.Upload; import com.cloud.storage.UploadVO; @@ -1670,152 +1667,6 @@ public class ApiResponseHelper implements ResponseGenerator { return ApiDBUtils.newEventResponse(vEvent); } - private List sumCapacities(List hostCapacities) { - Map totalCapacityMap = new HashMap(); - Map usedCapacityMap = new HashMap(); - - Set poolIdsToIgnore = new HashSet(); - Criteria c = new Criteria(); - // TODO: implement - List allStoragePools = ApiDBUtils.searchForStoragePools(c); - for (StoragePoolVO pool : allStoragePools) { - StoragePoolType poolType = pool.getPoolType(); - if (!(poolType.isShared())) {// All the non shared storages - // shouldn't show up in the capacity - // calculation - poolIdsToIgnore.add(pool.getId()); - } - } - - float cpuOverprovisioningFactor = ApiDBUtils.getCpuOverprovisioningFactor(); - - // collect all the capacity types, sum allocated/used and sum - // total...get one capacity number for each - for (Capacity capacity : hostCapacities) { - - // check if zone exist - DataCenter zone = ApiDBUtils.findZoneById(capacity.getDataCenterId()); - if (zone == null) { - continue; - } - - short capacityType = capacity.getCapacityType(); - - // If local storage then ignore - if ((capacityType == Capacity.CAPACITY_TYPE_STORAGE_ALLOCATED || capacityType == Capacity.CAPACITY_TYPE_STORAGE) - && poolIdsToIgnore.contains(capacity.getHostOrPoolId())) { - continue; - } - - String key = capacity.getCapacityType() + "_" + capacity.getDataCenterId(); - String keyForPodTotal = key + "_-1"; - - boolean sumPodCapacity = false; - if (capacity.getPodId() != null) { - key += "_" + capacity.getPodId(); - sumPodCapacity = true; - } - - Long totalCapacity = totalCapacityMap.get(key); - Long usedCapacity = usedCapacityMap.get(key); - - // reset overprovisioning factor to 1 - float overprovisioningFactor = 1; - if (capacityType == Capacity.CAPACITY_TYPE_CPU) { - overprovisioningFactor = cpuOverprovisioningFactor; - } - - if (totalCapacity == null) { - totalCapacity = new Long((long)(capacity.getTotalCapacity() * overprovisioningFactor)); - } else { - totalCapacity = new Long((long)(capacity.getTotalCapacity() * overprovisioningFactor)) + totalCapacity; - } - - if (usedCapacity == null) { - usedCapacity = new Long(capacity.getUsedCapacity()); - } else { - usedCapacity = new Long(capacity.getUsedCapacity() + usedCapacity); - } - - if (capacityType == Capacity.CAPACITY_TYPE_CPU || capacityType == Capacity.CAPACITY_TYPE_MEMORY) { // Reserved - // Capacity - // accounts - // for - // stopped - // vms - // that - // have been - // stopped - // within - // an - // interval - usedCapacity += capacity.getReservedCapacity(); - } - - totalCapacityMap.put(key, totalCapacity); - usedCapacityMap.put(key, usedCapacity); - - if (sumPodCapacity) { - totalCapacity = totalCapacityMap.get(keyForPodTotal); - usedCapacity = usedCapacityMap.get(keyForPodTotal); - - overprovisioningFactor = 1; - if (capacityType == Capacity.CAPACITY_TYPE_CPU) { - overprovisioningFactor = cpuOverprovisioningFactor; - } - - if (totalCapacity == null) { - totalCapacity = new Long((long)(capacity.getTotalCapacity() * overprovisioningFactor)); - } else { - totalCapacity = new Long((long)(capacity.getTotalCapacity() * overprovisioningFactor)) + totalCapacity; - } - - if (usedCapacity == null) { - usedCapacity = new Long(capacity.getUsedCapacity()); - } else { - usedCapacity = new Long(capacity.getUsedCapacity() + usedCapacity); - } - - if (capacityType == Capacity.CAPACITY_TYPE_CPU || capacityType == Capacity.CAPACITY_TYPE_MEMORY) { // Reserved - // Capacity - // accounts - // for - // stopped - // vms - // that - // have - // been - // stopped - // within - // an - // interval - usedCapacity += capacity.getReservedCapacity(); - } - - totalCapacityMap.put(keyForPodTotal, totalCapacity); - usedCapacityMap.put(keyForPodTotal, usedCapacity); - } - } - - List summedCapacities = new ArrayList(); - for (String key : totalCapacityMap.keySet()) { - CapacityVO summedCapacity = new CapacityVO(); - - StringTokenizer st = new StringTokenizer(key, "_"); - summedCapacity.setCapacityType(Short.parseShort(st.nextToken())); - summedCapacity.setDataCenterId(Long.parseLong(st.nextToken())); - if (st.hasMoreTokens()) { - summedCapacity.setPodId(Long.parseLong(st.nextToken())); - } - - summedCapacity.setTotalCapacity(totalCapacityMap.get(key)); - summedCapacity.setUsedCapacity(usedCapacityMap.get(key)); - - summedCapacities.add(summedCapacity); - } - return summedCapacities; - } - @Override public List createCapacityResponse(List result, DecimalFormat format) { List capacityResponses = new ArrayList(); diff --git a/server/src/com/cloud/server/ManagementServer.java b/server/src/com/cloud/server/ManagementServer.java index 5a751e8c6c4..b93e0276584 100755 --- a/server/src/com/cloud/server/ManagementServer.java +++ b/server/src/com/cloud/server/ManagementServer.java @@ -16,10 +16,6 @@ // under the License. package com.cloud.server; -import java.util.List; - -import org.apache.cloudstack.storage.datastore.db.StoragePoolVO; - import com.cloud.host.HostVO; import com.cloud.storage.GuestOSVO; import com.cloud.utils.Pair; @@ -65,8 +61,6 @@ public interface ManagementServer extends ManagementService, PluggableService { public long getMemoryOrCpuCapacityByHost(Long hostId, short capacityType); - Pair, Integer> searchForStoragePools(Criteria c); - String getHashKey(); String getEncryptionKey(); diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 28cc1fd7003..1ccdbfc37ef 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -2954,58 +2954,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe } } - @Override - public Pair, Integer> searchForStoragePools(Criteria c) { - Filter searchFilter = new Filter(StoragePoolVO.class, c.getOrderBy(), c.getAscending(), c.getOffset(), c.getLimit()); - SearchCriteria sc = _poolDao.createSearchCriteria(); - - Object id = c.getCriteria(Criteria.ID); - Object name = c.getCriteria(Criteria.NAME); - Object host = c.getCriteria(Criteria.HOST); - Object path = c.getCriteria(Criteria.PATH); - Object zone = c.getCriteria(Criteria.DATACENTERID); - Object pod = c.getCriteria(Criteria.PODID); - Object cluster = c.getCriteria(Criteria.CLUSTERID); - Object address = c.getCriteria(Criteria.ADDRESS); - Object keyword = c.getCriteria(Criteria.KEYWORD); - - if (keyword != null) { - SearchCriteria ssc = _poolDao.createSearchCriteria(); - ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%"); - ssc.addOr("poolType", SearchCriteria.Op.LIKE, "%" + keyword + "%"); - - sc.addAnd("name", SearchCriteria.Op.SC, ssc); - } - - if (id != null) { - sc.addAnd("id", SearchCriteria.Op.EQ, id); - } - - if (name != null) { - sc.addAnd("name", SearchCriteria.Op.LIKE, "%" + name + "%"); - } - if (host != null) { - sc.addAnd("host", SearchCriteria.Op.EQ, host); - } - if (path != null) { - sc.addAnd("path", SearchCriteria.Op.EQ, path); - } - if (zone != null) { - sc.addAnd("dataCenterId", SearchCriteria.Op.EQ, zone); - } - if (pod != null) { - sc.addAnd("podId", SearchCriteria.Op.EQ, pod); - } - if (address != null) { - sc.addAnd("hostAddress", SearchCriteria.Op.EQ, address); - } - if (cluster != null) { - sc.addAnd("clusterId", SearchCriteria.Op.EQ, cluster); - } - - return _poolDao.searchAndCount(sc, searchFilter); - } - private SecondaryStorageVmVO startSecondaryStorageVm(long instanceId) { return _secStorageVmMgr.startSecStorageVm(instanceId); } diff --git a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java index 114d06f6946..1ebe3b6787f 100755 --- a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java +++ b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java @@ -50,7 +50,6 @@ import com.cloud.agent.api.RebootCommand; import com.cloud.agent.api.SecStorageFirewallCfgCommand; import com.cloud.agent.api.SecStorageSetupAnswer; import com.cloud.agent.api.SecStorageSetupCommand; -import com.cloud.agent.api.SecStorageSetupCommand.Certificates; import com.cloud.agent.api.SecStorageVMSetupCommand; import com.cloud.agent.api.StartupCommand; import com.cloud.agent.api.StartupSecondaryStorageCommand; @@ -304,7 +303,7 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar if (!_useSSlCopy) { setupCmd = new SecStorageSetupCommand(ssStore.getTO(), secUrl, null); } else { - Certificates certs = _keystoreMgr.getCertificates(ConsoleProxyManager.CERTIFICATE_NAME); + KeystoreManager.Certificates certs = _keystoreMgr.getCertificates(ConsoleProxyManager.CERTIFICATE_NAME); setupCmd = new SecStorageSetupCommand(ssStore.getTO(), secUrl, certs); } diff --git a/server/test/resources/SecurityGroupManagerTestContext.xml b/server/test/resources/SecurityGroupManagerTestContext.xml index 7ff2976dd6b..3b9a7525948 100644 --- a/server/test/resources/SecurityGroupManagerTestContext.xml +++ b/server/test/resources/SecurityGroupManagerTestContext.xml @@ -1,19 +1,19 @@ - diff --git a/usage/test/resources/cloud2.xml b/usage/test/resources/cloud2.xml index e148c581e9e..2b139fd3c40 100644 --- a/usage/test/resources/cloud2.xml +++ b/usage/test/resources/cloud2.xml @@ -1,11 +1,11 @@ - diff --git a/usage/test/resources/cloud3.xml b/usage/test/resources/cloud3.xml index 4188c1c2ff1..a4687ff9a9c 100644 --- a/usage/test/resources/cloud3.xml +++ b/usage/test/resources/cloud3.xml @@ -1,11 +1,11 @@ -