mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-22 13:33:52 +03:00
Feature #3167: Allow users to edit their VNets, add vnet restricted attributes
This commit is contained in:
parent
2bfdae1c07
commit
00cb00b0e8
@ -180,6 +180,10 @@ public:
|
||||
int cluster_id,
|
||||
const string& cluster_name);
|
||||
|
||||
bool allocate_authorization(Template * obj_template,
|
||||
RequestAttributes& att,
|
||||
PoolObjectAuth * cluster_perms);
|
||||
|
||||
int get_cluster_id(xmlrpc_c::paramList const& paramList)
|
||||
{
|
||||
return xmlrpc_c::value_int(paramList.getInt(2));
|
||||
|
@ -136,7 +136,7 @@ public:
|
||||
Nebula& nd = Nebula::instance();
|
||||
pool = nd.get_vnpool();
|
||||
auth_object = PoolObjectSQL::NET;
|
||||
auth_op = AuthRequest::ADMIN;
|
||||
auth_op = AuthRequest::MANAGE;
|
||||
};
|
||||
|
||||
~VirtualNetworkUpdateTemplate(){};
|
||||
|
@ -36,6 +36,7 @@ public:
|
||||
VirtualNetworkPool(SqlDB * db,
|
||||
const string& str_mac_prefix,
|
||||
int default_size,
|
||||
vector<const Attribute *>& restricted_attrs,
|
||||
vector<const Attribute *> hook_mads,
|
||||
const string& remotes_location,
|
||||
const vector<const Attribute *>& _inherit_attrs);
|
||||
|
@ -31,6 +31,48 @@ public:
|
||||
Template(false,'=',"TEMPLATE"){};
|
||||
|
||||
~VirtualNetworkTemplate(){};
|
||||
|
||||
/**
|
||||
* Checks the template for RESTRICTED ATTRIBUTES
|
||||
* @param rs_attr the first restricted attribute found if any
|
||||
* @return true if a restricted attribute is found in the template
|
||||
*/
|
||||
bool check(string& rs_attr)
|
||||
{
|
||||
return Template::check(rs_attr, restricted_attributes);
|
||||
};
|
||||
|
||||
/**
|
||||
* Deletes all restricted attributes
|
||||
*/
|
||||
void remove_restricted()
|
||||
{
|
||||
Template::remove_restricted(restricted_attributes);
|
||||
};
|
||||
|
||||
/**
|
||||
* Deletes all the attributes, except the restricted ones
|
||||
*/
|
||||
void remove_all_except_restricted()
|
||||
{
|
||||
Template::remove_all_except_restricted(restricted_attributes);
|
||||
};
|
||||
|
||||
private:
|
||||
|
||||
friend class VirtualNetworkPool;
|
||||
|
||||
static vector<string> restricted_attributes;
|
||||
|
||||
/**
|
||||
* Stores the attributes as restricted, these attributes will be used in
|
||||
* VirtualMachineTemplate::check
|
||||
* @param rattrs Attributes to restrict
|
||||
*/
|
||||
static void set_restricted_attributes(vector<const Attribute *>& rattrs)
|
||||
{
|
||||
Template::set_restricted_attributes(rattrs, restricted_attributes);
|
||||
};
|
||||
};
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
@ -731,6 +731,11 @@ VM_RESTRICTED_ATTR = "DISK/WRITE_IOPS_SEC"
|
||||
|
||||
IMAGE_RESTRICTED_ATTR = "SOURCE"
|
||||
|
||||
VNET_RESTRICTED_ATTR = "PHYDEV"
|
||||
VNET_RESTRICTED_ATTR = "VLAN_ID"
|
||||
VNET_RESTRICTED_ATTR = "VLAN"
|
||||
VNET_RESTRICTED_ATTR = "BRIDGE"
|
||||
|
||||
#*******************************************************************************
|
||||
# Inherited Attributes Configuration
|
||||
#*******************************************************************************
|
||||
|
@ -610,6 +610,19 @@ int Datastore::replace_template(
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (keep_restricted)
|
||||
{
|
||||
new_tmpl->remove_restricted();
|
||||
|
||||
if (obj_template != 0)
|
||||
{
|
||||
obj_template->remove_all_except_restricted();
|
||||
|
||||
string aux_error;
|
||||
new_tmpl->merge(obj_template, aux_error);
|
||||
}
|
||||
}
|
||||
|
||||
/* ---------------------------------------------------------------------- */
|
||||
/* Set the TYPE of the Datastore (class & template) */
|
||||
/* ---------------------------------------------------------------------- */
|
||||
|
@ -463,6 +463,7 @@ void Nebula::start(bool bootstrap_only)
|
||||
|
||||
vector<const Attribute *> vm_restricted_attrs;
|
||||
vector<const Attribute *> img_restricted_attrs;
|
||||
vector<const Attribute *> vnet_restricted_attrs;
|
||||
|
||||
vector<const Attribute *> inherit_image_attrs;
|
||||
vector<const Attribute *> inherit_datastore_attrs;
|
||||
@ -481,6 +482,7 @@ void Nebula::start(bool bootstrap_only)
|
||||
|
||||
nebula_configuration->get("VM_RESTRICTED_ATTR", vm_restricted_attrs);
|
||||
nebula_configuration->get("IMAGE_RESTRICTED_ATTR", img_restricted_attrs);
|
||||
nebula_configuration->get("VNET_RESTRICTED_ATTR", vnet_restricted_attrs);
|
||||
|
||||
nebula_configuration->get("INHERIT_IMAGE_ATTR", inherit_image_attrs);
|
||||
nebula_configuration->get("INHERIT_DATASTORE_ATTR", inherit_datastore_attrs);
|
||||
@ -510,6 +512,7 @@ void Nebula::start(bool bootstrap_only)
|
||||
vnpool = new VirtualNetworkPool(db,
|
||||
mac_prefix,
|
||||
size,
|
||||
vnet_restricted_attrs,
|
||||
vnet_hooks,
|
||||
remotes_location,
|
||||
inherit_vnet_attrs);
|
||||
|
@ -125,6 +125,45 @@ bool VirtualMachineAllocate::allocate_authorization(
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
bool VirtualNetworkAllocate::allocate_authorization(
|
||||
Template * tmpl,
|
||||
RequestAttributes& att,
|
||||
PoolObjectAuth * cluster_perms)
|
||||
{
|
||||
string aname;
|
||||
|
||||
VirtualNetworkTemplate * vn_tmpl = static_cast<VirtualNetworkTemplate *>(tmpl);
|
||||
|
||||
bool auth = RequestManagerAllocate::allocate_authorization(
|
||||
vn_tmpl, att, cluster_perms);
|
||||
|
||||
if ( auth )
|
||||
{
|
||||
// ------------ Check template for restricted attributes --------------
|
||||
|
||||
if ( att.uid != UserPool::ONEADMIN_ID && att.gid != GroupPool::ONEADMIN_ID )
|
||||
{
|
||||
if (vn_tmpl->check(aname))
|
||||
{
|
||||
ostringstream oss;
|
||||
|
||||
oss << "Template includes a restricted attribute " << aname;
|
||||
|
||||
failure_response(AUTHORIZATION,
|
||||
authorization_error(oss.str(), att),
|
||||
att);
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return auth;
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params,
|
||||
RequestAttributes& att)
|
||||
{
|
||||
|
@ -327,7 +327,7 @@ tabs:
|
||||
Datastore.delete: false
|
||||
vnets-tab:
|
||||
panel_tabs:
|
||||
vnet_info_tab: false
|
||||
vnet_info_tab: true
|
||||
vnet_ar_list_tab: true
|
||||
vnet_leases_tab: true
|
||||
table_columns:
|
||||
|
@ -25,7 +25,8 @@ source_files=[
|
||||
'VirtualNetwork.cc',
|
||||
'VirtualNetworkPool.cc',
|
||||
'AddressRange.cc',
|
||||
'AddressRangePool.cc'
|
||||
'AddressRangePool.cc',
|
||||
'VirtualNetworkTemplate.cc'
|
||||
]
|
||||
|
||||
# Build library
|
||||
|
@ -230,6 +230,19 @@ int VirtualNetwork::replace_template(
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (keep_restricted)
|
||||
{
|
||||
new_tmpl->remove_restricted();
|
||||
|
||||
if (obj_template != 0)
|
||||
{
|
||||
obj_template->remove_all_except_restricted();
|
||||
|
||||
string aux_error;
|
||||
new_tmpl->merge(obj_template, aux_error);
|
||||
}
|
||||
}
|
||||
|
||||
delete obj_template;
|
||||
|
||||
obj_template = new_tmpl;
|
||||
|
@ -35,6 +35,7 @@ VirtualNetworkPool::VirtualNetworkPool(
|
||||
SqlDB * db,
|
||||
const string& prefix,
|
||||
int __default_size,
|
||||
vector<const Attribute *>& restricted_attrs,
|
||||
vector<const Attribute *> hook_mads,
|
||||
const string& remotes_location,
|
||||
const vector<const Attribute *>& _inherit_attrs):
|
||||
@ -73,14 +74,16 @@ VirtualNetworkPool::VirtualNetworkPool(
|
||||
_mac_prefix <<= 8;
|
||||
_mac_prefix += tmp;
|
||||
|
||||
register_hooks(hook_mads, remotes_location);
|
||||
VirtualNetworkTemplate::set_restricted_attributes(restricted_attrs);
|
||||
|
||||
for (it = _inherit_attrs.begin(); it != _inherit_attrs.end(); it++)
|
||||
{
|
||||
const SingleAttribute* sattr = static_cast<const SingleAttribute *>(*it);
|
||||
register_hooks(hook_mads, remotes_location);
|
||||
|
||||
inherit_attrs.push_back(sattr->value());
|
||||
}
|
||||
for (it = _inherit_attrs.begin(); it != _inherit_attrs.end(); it++)
|
||||
{
|
||||
const SingleAttribute* sattr = static_cast<const SingleAttribute *>(*it);
|
||||
|
||||
inherit_attrs.push_back(sattr->value());
|
||||
}
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
25
src/vnm/VirtualNetworkTemplate.cc
Normal file
25
src/vnm/VirtualNetworkTemplate.cc
Normal file
@ -0,0 +1,25 @@
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* Copyright 2002-2014, OpenNebula Project (OpenNebula.org), C12G Labs */
|
||||
/* */
|
||||
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
|
||||
/* not use this file except in compliance with the License. You may obtain */
|
||||
/* a copy of the License at */
|
||||
/* */
|
||||
/* http://www.apache.org/licenses/LICENSE-2.0 */
|
||||
/* */
|
||||
/* Unless required by applicable law or agreed to in writing, software */
|
||||
/* distributed under the License is distributed on an "AS IS" BASIS, */
|
||||
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
|
||||
/* See the License for the specific language governing permissions and */
|
||||
/* limitations under the License. */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
#include "VirtualNetworkTemplate.h"
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
vector<string> VirtualNetworkTemplate::restricted_attributes;
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
Loading…
Reference in New Issue
Block a user