mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-24 21:34:01 +03:00
feature #3175: Cache SECURITY_GROUP parsing
This commit is contained in:
parent
ae7f8e8631
commit
18786ec0e6
@ -329,6 +329,15 @@ public:
|
||||
bool keep_restricted,
|
||||
string& error_msg);
|
||||
|
||||
/**
|
||||
* Get the security groups for this AR.
|
||||
* @return a reference to the security group set
|
||||
*/
|
||||
const set<int>& get_security_groups() const
|
||||
{
|
||||
return security_groups;
|
||||
}
|
||||
|
||||
/*
|
||||
* add_ar from AddressRangePool needs to access the internal representation
|
||||
* of the AR to include it in the ARPool template.
|
||||
@ -490,6 +499,11 @@ private:
|
||||
*/
|
||||
unsigned int ula6[2];
|
||||
|
||||
/**
|
||||
* Security Group IDs for this Address Range
|
||||
*/
|
||||
set<int> security_groups;
|
||||
|
||||
/**
|
||||
* The Address Range attributes as a Template VectorAttribute. This is
|
||||
* used to generate XML or a template representation of the AR.
|
||||
|
@ -20,6 +20,7 @@
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <map>
|
||||
#include <set>
|
||||
|
||||
#include <libxml/parser.h>
|
||||
|
||||
@ -326,6 +327,12 @@ public:
|
||||
*/
|
||||
int get_attribute(const char * name, int& value, int ar_id) const;
|
||||
|
||||
/**
|
||||
* Gets a reference to a the security group set of an AR
|
||||
* @return a reference to the security group set or empty set if error
|
||||
*/
|
||||
const set<int>& get_security_groups(int ar_id) const;
|
||||
|
||||
/**
|
||||
* Generate a XML representation of the Address Range Pool
|
||||
* @param sstream where the ARPool is written
|
||||
|
@ -448,6 +448,11 @@ private:
|
||||
*/
|
||||
int parent_vid;
|
||||
|
||||
/**
|
||||
* Security Groups
|
||||
*/
|
||||
set<int> security_groups;
|
||||
|
||||
/**
|
||||
* The Address Range Pool
|
||||
*/
|
||||
|
@ -2801,6 +2801,8 @@ int VirtualMachine::get_security_groups(
|
||||
SecurityGroup* sgroup;
|
||||
SecurityGroupPool* sgroup_pool = Nebula::instance().get_secgrouppool();
|
||||
|
||||
vector<VectorAttribute*> sgroup_rules;
|
||||
|
||||
int vnet_id;
|
||||
VirtualNetwork* vnet;
|
||||
VirtualNetworkPool* vnet_pool = Nebula::instance().get_vnpool();
|
||||
@ -2818,9 +2820,9 @@ int VirtualMachine::get_security_groups(
|
||||
|
||||
sgroup_pool->update(sgroup);
|
||||
|
||||
sgroup->unlock();
|
||||
sgroup->get_rules(sgroup_rules);
|
||||
|
||||
vector<VectorAttribute*> sgroup_rules = sgroup->get_rules();
|
||||
sgroup->unlock();
|
||||
|
||||
for (rule_it = sgroup_rules.begin(); rule_it != sgroup_rules.end(); rule_it++)
|
||||
{
|
||||
|
@ -175,6 +175,19 @@ int AddressRange::from_vattr(VectorAttribute *vattr, string& error_msg)
|
||||
vattr->replace("VLAN", "YES");
|
||||
}
|
||||
|
||||
/* ------------------------- Security Groups ---------------------------- */
|
||||
|
||||
value = vattr->vector_value("SECURITY_GROUPS");
|
||||
|
||||
if (value.empty())
|
||||
{
|
||||
security_groups.clear();
|
||||
}
|
||||
else
|
||||
{
|
||||
one_util::split_unique(value, ',', security_groups);
|
||||
}
|
||||
|
||||
/* ------------------------ AR Internal Data ---------------------------- */
|
||||
|
||||
vattr->replace("AR_ID", id);
|
||||
@ -305,6 +318,15 @@ int AddressRange::update_attributes(
|
||||
vup->replace("GLOBAL_PREFIX", new_global);
|
||||
vup->replace("ULA_PREFIX", new_ula);
|
||||
|
||||
string value = vup->vector_value("SECURITY_GROUPS");
|
||||
|
||||
security_groups.clear();
|
||||
|
||||
if (!value.empty())
|
||||
{
|
||||
one_util::split_unique(value, ',', security_groups);
|
||||
}
|
||||
|
||||
/* Replace with the new attributes */
|
||||
|
||||
attr->replace(vup->value());
|
||||
@ -1082,8 +1104,7 @@ const char * AddressRange::SG_RULE_ATTRIBUTES[] = {
|
||||
|
||||
const int AddressRange::NUM_SG_RULE_ATTRIBUTES = 5;
|
||||
|
||||
void AddressRange::process_security_rule(
|
||||
VectorAttribute * rule)
|
||||
void AddressRange::process_security_rule(VectorAttribute * rule)
|
||||
{
|
||||
for ( int i = 0; i < NUM_SG_RULE_ATTRIBUTES; i++ )
|
||||
{
|
||||
|
@ -462,6 +462,23 @@ int AddressRangePool::get_attribute(const char * name, int& value,
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
const set<int>& AddressRangePool::get_security_groups(int ar_id) const
|
||||
{
|
||||
map<unsigned int, AddressRange *>::const_iterator it = ar_pool.find(ar_id);
|
||||
|
||||
if (it == ar_pool.end())
|
||||
{
|
||||
static set<int> empty_set;
|
||||
|
||||
return empty_set;
|
||||
}
|
||||
|
||||
return it->second->get_security_groups();
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
int AddressRangePool::get_ar_parent(int ar_id) const
|
||||
{
|
||||
int rc;
|
||||
|
@ -225,6 +225,7 @@ int VirtualNetwork::post_update_template(string& error)
|
||||
{
|
||||
string new_bridge;
|
||||
bool b_vlan;
|
||||
string sg_str;
|
||||
|
||||
/* ---------------------------------------------------------------------- */
|
||||
/* Update Configuration Attributes (class & template) */
|
||||
@ -232,6 +233,7 @@ int VirtualNetwork::post_update_template(string& error)
|
||||
/* - VLAN_ID */
|
||||
/* - VLAN */
|
||||
/* - BRIDGE */
|
||||
/* - SECURITY_GROUPS */
|
||||
/* ---------------------------------------------------------------------- */
|
||||
erase_template_attribute("PHYDEV", phydev);
|
||||
|
||||
@ -263,6 +265,12 @@ int VirtualNetwork::post_update_template(string& error)
|
||||
|
||||
add_template_attribute("BRIDGE", bridge);
|
||||
|
||||
security_groups.clear();
|
||||
|
||||
obj_template->get("SECURITY_GROUPS", sg_str);
|
||||
|
||||
one_util::split_unique(sg_str, ',', security_groups);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -478,6 +486,13 @@ int VirtualNetwork::from_xml(const string &xml_str)
|
||||
ObjectXML::free_nodes(content);
|
||||
content.clear();
|
||||
|
||||
//Security groups internal attribute (from /VNET/TEMPLATE/SECURITY_GROUPS)
|
||||
string sg_str;
|
||||
|
||||
obj_template->get("SECURITY_GROUPS", sg_str);
|
||||
|
||||
one_util::split_unique(sg_str, ',', security_groups);
|
||||
|
||||
// Address Range Pool
|
||||
ObjectXML::get_nodes("/VNET/AR_POOL", content);
|
||||
|
||||
@ -486,7 +501,7 @@ int VirtualNetwork::from_xml(const string &xml_str)
|
||||
return -1;
|
||||
}
|
||||
|
||||
// Virtual Network template
|
||||
// Address Ranges of the Virtual Network
|
||||
rc += ar_pool.from_xml_node(content[0]);
|
||||
|
||||
ObjectXML::free_nodes(content);
|
||||
@ -510,9 +525,8 @@ int VirtualNetwork::nic_attribute(
|
||||
string inherit_val;
|
||||
vector<string>::const_iterator it;
|
||||
|
||||
set<int> nic_sgroups;
|
||||
string st_sgroups;
|
||||
int ar_id;
|
||||
set<int> nic_sgs;
|
||||
int ar_id;
|
||||
|
||||
//--------------------------------------------------------------------------
|
||||
// Set default values from the Virtual Network
|
||||
@ -581,26 +595,19 @@ int VirtualNetwork::nic_attribute(
|
||||
// Copy the security group IDs
|
||||
//--------------------------------------------------------------------------
|
||||
|
||||
one_util::split_unique(nic->vector_value("SECURITY_GROUPS"), ',', nic_sgroups);
|
||||
one_util::split_unique(nic->vector_value("SECURITY_GROUPS"), ',', nic_sgs);
|
||||
|
||||
obj_template->get("SECURITY_GROUPS", st_sgroups);
|
||||
|
||||
set<int> vnet_sgroups;
|
||||
one_util::split_unique(st_sgroups, ',', vnet_sgroups);
|
||||
|
||||
nic_sgroups.insert(vnet_sgroups.begin(), vnet_sgroups.end());
|
||||
nic_sgs.insert(security_groups.begin(), security_groups.end());
|
||||
|
||||
if (nic->vector_value("AR_ID", ar_id) == 0)
|
||||
{
|
||||
ar_pool.get_attribute("SECURITY_GROUPS", st_sgroups, ar_id);
|
||||
const set<int> ar_sgs = ar_pool.get_security_groups(ar_id);
|
||||
|
||||
set<int> ar_sgroups;
|
||||
one_util::split_unique(st_sgroups, ',', ar_sgroups);
|
||||
|
||||
nic_sgroups.insert(ar_sgroups.begin(), ar_sgroups.end());
|
||||
nic_sgs.insert(ar_sgs.begin(), ar_sgs.end());
|
||||
}
|
||||
|
||||
nic->replace("SECURITY_GROUPS", one_util::join(nic_sgroups.begin(), nic_sgroups.end(), ','));
|
||||
nic->replace("SECURITY_GROUPS",
|
||||
one_util::join(nic_sgs.begin(), nic_sgs.end(), ','));
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user