F #6239: Update VMAction permissions (#2644)

* Add Sched actions and sg (de)attach to VM_*_OPERATION * Add Backup cancel action * For consistency add poweroff migrate, alias (de)attach and nic update to set_auth_ops (cherry picked from commit 5f5afad1bf8ce2444484be290b5067cd8089db2e)
2025-03-29 18:50:08 +03:00 · 2023-06-22 10:15:23 +02:00 · 2023-06-22 10:15:23 +02:00 · 01c475599a
commit 01c475599a
parent e5b7426a05
4 changed files with 69 additions and 1 deletions
--- a/include/RequestManagerSchedAction.h
+++ b/include/RequestManagerSchedAction.h
@ -30,6 +30,7 @@ public:
    {
        auth_object = PoolObjectSQL::VM;
        auth_op = AuthRequest::MANAGE;
+        vm_action = VMActions::SCHED_ADD_ACTION;

        Nebula& nd = Nebula::instance();
        pool = nd.get_vmpool();
@ -50,6 +51,7 @@ public:
    {
        auth_object = PoolObjectSQL::VM;
        auth_op = AuthRequest::MANAGE;
+        vm_action = VMActions::SCHED_DELETE_ACTION;

        Nebula& nd = Nebula::instance();
        pool = nd.get_vmpool();
@ -70,6 +72,7 @@ public:
    {
        auth_object = PoolObjectSQL::VM;
        auth_op = AuthRequest::MANAGE;
+        vm_action = VMActions::SCHED_DELETE_ACTION;

        Nebula& nd = Nebula::instance();
        pool = nd.get_vmpool();
--- a/include/RequestManagerVirtualMachine.h
+++ b/include/RequestManagerVirtualMachine.h
@ -597,6 +597,7 @@ public:
                           "Attaches a SG to the virtual machine NIC",
                           "A:siii")
    {
+        vm_action  = VMActions::SG_ATTACH_ACTION;
    }

 protected:
@ -615,6 +616,7 @@ public:
                           "Detaches a SG form virtual machine NIC",
                           "A:siii")
    {
+        vm_action  = VMActions::SG_DETACH_ACTION;
    }

 protected:
--- a/include/VMActions.h
+++ b/include/VMActions.h
@ -77,7 +77,12 @@ public:
        ALIAS_ATTACH_ACTION      = 46,      // "one.vm.attachnic"
        ALIAS_DETACH_ACTION      = 47,      // "one.vm.detachnic"
        POFF_MIGRATE_ACTION      = 48,      // "one.vm.migrate"
-        POFF_HARD_MIGRATE_ACTION = 49       // "one.vm.migrate"
+        POFF_HARD_MIGRATE_ACTION = 49,      // "one.vm.migrate"
+        SCHED_ADD_ACTION         = 53,      // "one.vm.schedadd"
+        SCHED_UPDATE_ACTION      = 54,      // "one.vm.schedupdate"
+        SCHED_DELETE_ACTION      = 55,      // "one.vm.scheddelete"
+        SG_ATTACH_ACTION         = 56,      // "one.vm.attachsg"
+        SG_DETACH_ACTION         = 57,      // "one.vm.detachsg"
    };

    static std::string action_to_str(Action action);
--- a/src/vm/VMActions.cc
+++ b/src/vm/VMActions.cc
@ -89,6 +89,8 @@ int VMActions::set_auth_ops(const string& ops_str,
        {
            ops_set.set(MIGRATE_ACTION);
            ops_set.set(LIVE_MIGRATE_ACTION);
+            ops_set.set(POFF_MIGRATE_ACTION);
+            ops_set.set(POFF_HARD_MIGRATE_ACTION);
        }
        else if ( the_op == "delete" )
        {
@ -156,6 +158,8 @@ int VMActions::set_auth_ops(const string& ops_str,
        {
            ops_set.set(NIC_ATTACH_ACTION);
            ops_set.set(NIC_DETACH_ACTION);
+            ops_set.set(ALIAS_ATTACH_ACTION);
+            ops_set.set(ALIAS_DETACH_ACTION);
        }
        else if ( the_op == "disk-snapshot" )
        {
@ -199,6 +203,17 @@ int VMActions::set_auth_ops(const string& ops_str,
        {
            ops_set.set(DISK_SAVEAS_ACTION);
        }
+        else if ( the_op == "sched-action" )
+        {
+            ops_set.set(SCHED_ADD_ACTION);
+            ops_set.set(SCHED_UPDATE_ACTION);
+            ops_set.set(SCHED_DELETE_ACTION);
+        }
+        else if ( the_op == "sg-attach" )
+        {
+            ops_set.set(SG_ATTACH_ACTION);
+            ops_set.set(SG_DETACH_ACTION);
+        }
        else
        {
            error = "Unknown vm operation: " + the_op;
@ -356,6 +371,21 @@ string VMActions::action_to_str(Action action)
        case MONITOR_ACTION:
            st = "monitor";
        break;
+        case SCHED_ADD_ACTION:
+            st = "sched-add";
+        break;
+        case SCHED_UPDATE_ACTION:
+            st = "sched-update";
+        break;
+        case SCHED_DELETE_ACTION:
+            st = "sched-delete";
+        break;
+        case SG_ATTACH_ACTION:
+            st = "sg-attach";
+        break;
+        case SG_DETACH_ACTION:
+            st = "sg-detach";
+        break;
        case NONE_ACTION:
            st = "none";
        break;
@ -466,6 +496,14 @@ int VMActions::action_from_str(const string& st, Action& action)
    {
        action = ALIAS_DETACH_ACTION;
    }
+    else if (st == "poweroff-migrate")
+    {
+        action = POFF_MIGRATE_ACTION;
+    }
+    else if (st == "poweroff-hard-migrate")
+    {
+        action = POFF_HARD_MIGRATE_ACTION;
+    }
    else if (st == "disk-snapshot-create")
    {
        action = DISK_SNAPSHOT_CREATE_ACTION;
@ -542,6 +580,26 @@ int VMActions::action_from_str(const string& st, Action& action)
    {
        action = MONITOR_ACTION;
    }
+    else if ( st == "sched-add")
+    {
+        action = SCHED_ADD_ACTION;
+    }
+    else if ( st == "sched-update")
+    {
+        action = SCHED_UPDATE_ACTION;
+    }
+    else if ( st == "sched-delete")
+    {
+        action = SCHED_DELETE_ACTION;
+    }
+    else if ( st == "sg-attach")
+    {
+        action = SG_ATTACH_ACTION;
+    }
+    else if ( st == "sg-detach")
+    {
+        action = SG_DETACH_ACTION;
+    }
    else
    {
        action = NONE_ACTION;