SAML authorized accounts might be across various domains, this allows for
switching of accounts only in case of SAML authenticated user accounts across
other accounts with the same SAML uid/username.
Moves the previous switch account logic to its own ui-custom module
(cherry picked from commit 1065661cd50c8d43bf65644a13d164b96732b011)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Conflicts:
plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
ui/index.jsp
When dumping XML use appropriate flags:
1, VIR_DOMAIN_XML_SECURE (dump security sensitive information too)
8, VIR_DOMAIN_XML_MIGRATABLE (dump XML suitable for migration)
Source:
https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
This fixes CVE 2015-3252: VNC password lost during VM migration across KVM
hosts. The issue is also seen when a VM is rebooted.
(cherry picked from commit cb2aca751630ea60ad2fffed3d12e3fa2a5e93b5)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
... map returned by the following API calls by filtering these fields from the
details attribute in the HostResponse class:
* listHosts
* addHost
* cancelHostMaintenance
* listHosts
* prepareHostForMaintenance
* reconnectHost
* updateHost
This fix addresses CVE 2015-3251.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 3a48171bd8a70c6012afce32c7636afffc1d2f7d)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Coverity regressions per 10 aug 2015Not all are in here, the db upgrade code seems to stay the main pitfall.
* pr/681:
coverity 1315775: proper getting of networkLabel
coverity 1315774: improvement of code to negate false positive
Signed-off-by: Daan Hoogland <daan@onecht.net>
Tests will confirm the behaviour of the newly added response fields of listSecurityGroups.
Signed-off-by: Wido den Hollander <wido@widodh.nl>
This closes#679
See issue CLOUDSTACK-8133 for more information.
Added null check by comment of Koushik Das.
Added brackets by comment of Wido den Hollander.
Removed a call to findById() by comment of Koushik Das.
Signed-off-by: Wido den Hollander <wido@widodh.nl>
* pr/674:
getUsedBytes should query the SolidFire cluster to acquire the size of the given volume if there is no volume_details info for that volume (and then create a volume_details row for this volume so we don't have to make that cluster call for this purpose again)
Signed-off-by: Mike Tutkowski
Signed-off-by: Mike Tutkowski <mike.tutkowski@solidfire.com>
Improve cloud-install-sys-tmplt to work in dev environment againThe script that you run to initially setup secondary storage, had some errors. As it now depends on /etc/cloudstack/management/db.properties, it did not work any more on my development environment.
I defined some defaults that work in development environments (those are sane defaults anyway), then check if the /etc/cloudstack/management/db.properties file exists. If so, it reads from there and gets the vars just like before. If not, it keeps the defaults unless of course someone overrides them on the command line.
While working on the script, I also fixed the indentation and found a query that was not yet using the -P mysql port variable.
I tested it both on my development environment as well as in an environment installed from RPM (where you'd have /etc/cloudstack/management/db.properties and that both worked.
PS @snuf please check if it also works again for you.
* pr/678:
clean-ups in the file
this query had no -P port specified so did not work
make sane defaults for MySQL settings
Signed-off-by: Remi Bergsma <github@remi.nl>
In dev environments, there is no /etc/cloudstack/management/db.properties file
That forces you to specify all parameters on the command line. This commit
sets some defaults, like port 3306, user root and localhost.
When available, it will still get settings from the config file and it will
also allow you to override it on the command line. So it is fully backwards
compatible.
Implemented condition that only admin or owner of the template can change its permissions ..... using updateTemplatePermissions API
Consider this scenario :
In a domain, there are three User Accounts UA1, UA2,UA3
A private template is registered by UA1
Through the updateTemplatePermissions API, UA1 gives permission to both UA2 and UA3
Now, UA2, having been shared the template, can remove the permission of UA3(or add permissions to another account).
EXPECTED BEHAVIOR :
UA2 should not be able to to add/remove permissions of other accounts.
* pr/658:
Implemented condition that only admin or owner of the template can change its permissions using updateTemplatePermissions API
Signed-off-by: Remi Bergsma <github@remi.nl>
* pr/547:
CLOUDSTACK-8601. VMFS storage added as local storage can be re-added as shared storage. Fail addition of a VMFS shared storage pool in case it has already been added as local storage in CS.
Signed-off-by: Mike Tutkowski <mike.tutkowski@solidfire.com>
CLOUDSTACK-8704: Schedule restart of router VMs ahead of user VMs as part of HA
VRs are scheduled for HA ahead of user VMs.
Refer to the bug for more details.
* pr/656:
CLOUDSTACK-8704: Schedule restart of router VMs ahead of user VMs as part of HA VRs are scheduled for HA ahead of user VMs
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-8711: public_ip type resource count for an account is not decremented upon IP range deletionProblem:
--------------------------
When you add an IP range and associate it to an account then resource count of public_ip will be updated to the range length.
After some time try to delete this range and the resource count of public_up for this account is not descremented and is causing account not to add any more public IPs to it once it reaches the resource limit.
RCA:
----------------
We were not decrement the count while deleting the IP range that was associated to an account.
Fix:
-------------
Up on deletion we are decrementing the resource count for public_up now.
* pr/662:
Bug-Id: CS-27335: public_ip type resource count for an account is not decremented upon IP range deletion
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-8709 No out of band migrate alert for non-routers
* pr/666:
CLOUDSTACK-8709 No out of band migrate alert for non-routers
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-8714 Restore VM (Re-install VM) with enable.storage.migration set to false fails
* pr/659:
Bug-ID:CS-27160: Restore VM (Re-install VM) with enable.storage.migration set to false fails, later fails to start up VM too
Signed-off-by: Remi Bergsma <github@remi.nl>
* pr/#660:
CLOUDSTACK-8698: Retrieve a new device ID, if needed
Signed-off-by: Mike Tutkowski (mike.tutkowski@solidfire.com)
Signed-off-by: Mike Tutkowski <mike.tutkowski@solidfire.com>
CLOUDSTACK-8696: Create Region fails with exception
* pr/657:
CLOUDSTACK-8696: Create Region fails with exception
Signed-off-by: Rajani Karuturi <rajanikaruturi@gmail.com>
Removed duplicate test data related to vm properties.Modified tests dependent on it
Removed duplicte service offerings from test data and modified tests dependent on it
Bug-Id: CLOUDSTACK-8617
This closes#644
* pr/653:
The lowest the hypervisor snapshot reserve value can be is 10 (down from 50).
Signed-off-by: Mike Tutkowski (mike.tutkowski@solidfire.com)
Signed-off-by: Mike Tutkowski <mike.tutkowski@solidfire.com>
Reviewed-By: Anthony
Changes:
- Try to reuse the storage pools for READY disks if the pool fits the deployment plan
- Try to use the last_host if it has free capacity but no reserved capacity
Signed-off-by: Maneesha.P <maneesha.papireddygari@citrix.com>
* pr/651:
CLOUDSTACK-8703: Fixed issue when listing directory on S3, it would only return objectSummaries when the anwser from the S3 System was truncated.
Signed-off-by: Remi Bergsma <github@remi.nl>
'id' in the region table should not be an autoincrement unlike other
tables. This is because, region ids must be in sync across installs and
hence is accepted as input to the addRegions api.
It is not a good practise to override id for this purpose. another
column 'regionId' has to be created and used(CLOUDSTACK-8706). until it
is fixed, id should never be autoincrement in regions table.
* pr/649:
CLOUDSTACK-8656: checkstyle no longer used import removed
CLOUDSTACK-8656: messages on SQL exception in DbUtils!
CLOUDSTACK-8656: replace empty catch block on close by try-with-resource
CLOUDSTACK-8656: 30x legacy upgrade code exception messages
CLOUDSTACK-8656: removed redundant implements
CLOUDSTACK-8656: silent close failure of clustering socket log as info
CLOUDSTACK-8656: try with resource te eliminate empty catch clauses
CLOUDSTACK-8656: log messages on exception in legacy sql upgrade code
CLOUDSTACK-8656: removed unused input stream there was code to close a stream that was never created
CLOUDSTACK-8656: info on error closing peering channels
CLOUDSTACK-8656: messages on errors closing streams for local templates
CLOUDSTACK-8656: handle template properties loading
Signed-off-by: Daan Hoogland <daan@onecht.net>
