shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-22 18:50:08 +03:00
Code Releases Wiki Activity

F #2347: ACL support for VMGroups

Browse Source
This commit is contained in:
Ruben S. Montero 2017-01-05 02:07:30 +01:00
parent 20d10c7b12
commit 0cd63c2d53
5 changed files with 21 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/acl/AclManager.cc
View File

@ -83,7 +83,7 @@ AclManager::AclManager(
string error_str;
// Users in group USERS can create standard resources
// @1 VM+IMAGE+TEMPLATE+DOCUMENT/* CREATE *
// @1 VM+IMAGE+TEMPLATE+DOCUMENT+SECGROUP+VMGROUP/* CREATE *
add_rule(AclRule::GROUP_ID |
1,
AclRule::ALL_ID |
@ -91,7 +91,8 @@ AclManager::AclManager(
PoolObjectSQL::IMAGE |
PoolObjectSQL::TEMPLATE |
PoolObjectSQL::DOCUMENT |
PoolObjectSQL::SECGROUP,
PoolObjectSQL::SECGROUP |
PoolObjectSQL::VMGROUP,
AuthRequest::CREATE,
AclRule::ALL_ID,
error_str);

10
src/acl/AclRule.cc
View File

@ -28,7 +28,7 @@ const long long AclRule::CLUSTER_ID = 0x0000000800000000LL;
const long long AclRule::NONE_ID = 0x1000000000000000LL;
const int AclRule::num_pool_objects = 16;
const int AclRule::num_pool_objects = 17;
const PoolObjectSQL::ObjectType AclRule::pool_objects[] = {
PoolObjectSQL::VM,
PoolObjectSQL::HOST,
@ -45,7 +45,8 @@ const PoolObjectSQL::ObjectType AclRule::pool_objects[] = {
PoolObjectSQL::VDC,
PoolObjectSQL::VROUTER,
PoolObjectSQL::MARKETPLACE,
PoolObjectSQL::MARKETPLACEAPP
PoolObjectSQL::MARKETPLACEAPP,
PoolObjectSQL::VMGROUP
};
const int AclRule::num_auth_operations = 4;
@ -61,7 +62,8 @@ const long long AclRule::INVALID_CLUSTER_OBJECTS =
PoolObjectSQL::TEMPLATE | PoolObjectSQL::GROUP | PoolObjectSQL::ACL |
PoolObjectSQL::CLUSTER | PoolObjectSQL::DOCUMENT | PoolObjectSQL::ZONE |
PoolObjectSQL::SECGROUP | PoolObjectSQL::VDC | PoolObjectSQL::VROUTER |
PoolObjectSQL::MARKETPLACE | PoolObjectSQL::MARKETPLACEAPP;
PoolObjectSQL::MARKETPLACE | PoolObjectSQL::MARKETPLACEAPP |
PoolObjectSQL::VMGROUP;
const long long AclRule::INVALID_GROUP_OBJECTS =
PoolObjectSQL::HOST | PoolObjectSQL::GROUP | PoolObjectSQL::CLUSTER |
@ -237,7 +239,7 @@ bool AclRule::malformed(string& error_str) const
oss << "[resource] type is missing";
}
if ( (resource & 0xFFE0000000000000LL) != 0 )
if ( (resource & 0xFFC0000000000000LL) != 0 )
{
if ( error )
{

6
src/cli/etc/oneacl.yaml
View File

@ -9,9 +9,9 @@
:size: 8
:right: true
:RES_VHNIUTGDCOZSvRMA:
:RES_VHNIUTGDCOZSvRMAP:
:desc: Which resource the rule applies to
:size: 20
:size: 21
:RID:
:desc: Resource ID
@ -31,7 +31,7 @@
:default:
- :ID
- :USER
- :RES_VHNIUTGDCOZSvRMA
- :RES_VHNIUTGDCOZSvRMAP
- :RID
- :OPE_UMAC
- :ZONE

10
src/cli/one_helper/oneacl_helper.rb
View File

@ -44,7 +44,7 @@ private
def self.resource_mask(str)
resource_type=str.split("/")[0]
mask = "----------------"
mask = "-----------------"
resource_type.split("+").each{|type|
case type
@ -80,6 +80,8 @@ private
mask[14] = "M"
when "MARKETPLACEAPP"
mask[15] = "A"
when "VMGROUP"
mask[16] = "P"
end
}
mask
@ -119,8 +121,8 @@ private
d['STRING'].split(" ")[0]
end
column :RES_VHNIUTGDCOZSvRMA, "Resource to which the rule applies",
:size => 20 do |d|
column :RES_VHNIUTGDCOZSvRMAP, "Resource to which the rule applies",
:size => 21 do |d|
OneAclHelper::resource_mask d['STRING'].split(" ")[1]
end
@ -137,7 +139,7 @@ private
OneAclHelper::right_mask d['STRING'].split(" ")[2]
end
default :ID, :USER, :RES_VHNIUTGDCOZSvRMA, :RID, :OPE_UMAC, :ZONE
default :ID, :USER, :RES_VHNIUTGDCOZSvRMAP, :RID, :OPE_UMAC, :ZONE
end
table

4
src/oca/ruby/opennebula/acl.rb
View File

@ -36,6 +36,7 @@ module OpenNebula
# VROUTER
# MARKETPLACE
# MARKETPLACEAPP
# VMGROUP
# RIGHTS -> + separated list
# USE
# MANAGE
@ -67,7 +68,8 @@ module OpenNebula
"VDC" => 0x2000000000000,
"VROUTER" => 0x4000000000000,
"MARKETPLACE" => 0x8000000000000,
"MARKETPLACEAPP"=> 0x10000000000000
"MARKETPLACEAPP"=> 0x10000000000000,
"VMGROUP" => 0x20000000000000
}
RIGHTS =