1
0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-24 21:34:01 +03:00

feature #3175: Cache SECURITY_GROUP parsing

This commit is contained in:
Ruben S. Montero 2014-11-11 16:27:46 +01:00
parent ae7f8e8631
commit 18786ec0e6
7 changed files with 94 additions and 21 deletions

View File

@ -329,6 +329,15 @@ public:
bool keep_restricted,
string& error_msg);
/**
* Get the security groups for this AR.
* @return a reference to the security group set
*/
const set<int>& get_security_groups() const
{
return security_groups;
}
/*
* add_ar from AddressRangePool needs to access the internal representation
* of the AR to include it in the ARPool template.
@ -490,6 +499,11 @@ private:
*/
unsigned int ula6[2];
/**
* Security Group IDs for this Address Range
*/
set<int> security_groups;
/**
* The Address Range attributes as a Template VectorAttribute. This is
* used to generate XML or a template representation of the AR.

View File

@ -20,6 +20,7 @@
#include <string>
#include <vector>
#include <map>
#include <set>
#include <libxml/parser.h>
@ -326,6 +327,12 @@ public:
*/
int get_attribute(const char * name, int& value, int ar_id) const;
/**
* Gets a reference to a the security group set of an AR
* @return a reference to the security group set or empty set if error
*/
const set<int>& get_security_groups(int ar_id) const;
/**
* Generate a XML representation of the Address Range Pool
* @param sstream where the ARPool is written

View File

@ -448,6 +448,11 @@ private:
*/
int parent_vid;
/**
* Security Groups
*/
set<int> security_groups;
/**
* The Address Range Pool
*/

View File

@ -2801,6 +2801,8 @@ int VirtualMachine::get_security_groups(
SecurityGroup* sgroup;
SecurityGroupPool* sgroup_pool = Nebula::instance().get_secgrouppool();
vector<VectorAttribute*> sgroup_rules;
int vnet_id;
VirtualNetwork* vnet;
VirtualNetworkPool* vnet_pool = Nebula::instance().get_vnpool();
@ -2818,9 +2820,9 @@ int VirtualMachine::get_security_groups(
sgroup_pool->update(sgroup);
sgroup->unlock();
sgroup->get_rules(sgroup_rules);
vector<VectorAttribute*> sgroup_rules = sgroup->get_rules();
sgroup->unlock();
for (rule_it = sgroup_rules.begin(); rule_it != sgroup_rules.end(); rule_it++)
{

View File

@ -175,6 +175,19 @@ int AddressRange::from_vattr(VectorAttribute *vattr, string& error_msg)
vattr->replace("VLAN", "YES");
}
/* ------------------------- Security Groups ---------------------------- */
value = vattr->vector_value("SECURITY_GROUPS");
if (value.empty())
{
security_groups.clear();
}
else
{
one_util::split_unique(value, ',', security_groups);
}
/* ------------------------ AR Internal Data ---------------------------- */
vattr->replace("AR_ID", id);
@ -305,6 +318,15 @@ int AddressRange::update_attributes(
vup->replace("GLOBAL_PREFIX", new_global);
vup->replace("ULA_PREFIX", new_ula);
string value = vup->vector_value("SECURITY_GROUPS");
security_groups.clear();
if (!value.empty())
{
one_util::split_unique(value, ',', security_groups);
}
/* Replace with the new attributes */
attr->replace(vup->value());
@ -1082,8 +1104,7 @@ const char * AddressRange::SG_RULE_ATTRIBUTES[] = {
const int AddressRange::NUM_SG_RULE_ATTRIBUTES = 5;
void AddressRange::process_security_rule(
VectorAttribute * rule)
void AddressRange::process_security_rule(VectorAttribute * rule)
{
for ( int i = 0; i < NUM_SG_RULE_ATTRIBUTES; i++ )
{

View File

@ -462,6 +462,23 @@ int AddressRangePool::get_attribute(const char * name, int& value,
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
const set<int>& AddressRangePool::get_security_groups(int ar_id) const
{
map<unsigned int, AddressRange *>::const_iterator it = ar_pool.find(ar_id);
if (it == ar_pool.end())
{
static set<int> empty_set;
return empty_set;
}
return it->second->get_security_groups();
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int AddressRangePool::get_ar_parent(int ar_id) const
{
int rc;

View File

@ -225,6 +225,7 @@ int VirtualNetwork::post_update_template(string& error)
{
string new_bridge;
bool b_vlan;
string sg_str;
/* ---------------------------------------------------------------------- */
/* Update Configuration Attributes (class & template) */
@ -232,6 +233,7 @@ int VirtualNetwork::post_update_template(string& error)
/* - VLAN_ID */
/* - VLAN */
/* - BRIDGE */
/* - SECURITY_GROUPS */
/* ---------------------------------------------------------------------- */
erase_template_attribute("PHYDEV", phydev);
@ -263,6 +265,12 @@ int VirtualNetwork::post_update_template(string& error)
add_template_attribute("BRIDGE", bridge);
security_groups.clear();
obj_template->get("SECURITY_GROUPS", sg_str);
one_util::split_unique(sg_str, ',', security_groups);
return 0;
}
@ -478,6 +486,13 @@ int VirtualNetwork::from_xml(const string &xml_str)
ObjectXML::free_nodes(content);
content.clear();
//Security groups internal attribute (from /VNET/TEMPLATE/SECURITY_GROUPS)
string sg_str;
obj_template->get("SECURITY_GROUPS", sg_str);
one_util::split_unique(sg_str, ',', security_groups);
// Address Range Pool
ObjectXML::get_nodes("/VNET/AR_POOL", content);
@ -486,7 +501,7 @@ int VirtualNetwork::from_xml(const string &xml_str)
return -1;
}
// Virtual Network template
// Address Ranges of the Virtual Network
rc += ar_pool.from_xml_node(content[0]);
ObjectXML::free_nodes(content);
@ -510,9 +525,8 @@ int VirtualNetwork::nic_attribute(
string inherit_val;
vector<string>::const_iterator it;
set<int> nic_sgroups;
string st_sgroups;
int ar_id;
set<int> nic_sgs;
int ar_id;
//--------------------------------------------------------------------------
// Set default values from the Virtual Network
@ -581,26 +595,19 @@ int VirtualNetwork::nic_attribute(
// Copy the security group IDs
//--------------------------------------------------------------------------
one_util::split_unique(nic->vector_value("SECURITY_GROUPS"), ',', nic_sgroups);
one_util::split_unique(nic->vector_value("SECURITY_GROUPS"), ',', nic_sgs);
obj_template->get("SECURITY_GROUPS", st_sgroups);
set<int> vnet_sgroups;
one_util::split_unique(st_sgroups, ',', vnet_sgroups);
nic_sgroups.insert(vnet_sgroups.begin(), vnet_sgroups.end());
nic_sgs.insert(security_groups.begin(), security_groups.end());
if (nic->vector_value("AR_ID", ar_id) == 0)
{
ar_pool.get_attribute("SECURITY_GROUPS", st_sgroups, ar_id);
const set<int> ar_sgs = ar_pool.get_security_groups(ar_id);
set<int> ar_sgroups;
one_util::split_unique(st_sgroups, ',', ar_sgroups);
nic_sgroups.insert(ar_sgroups.begin(), ar_sgroups.end());
nic_sgs.insert(ar_sgs.begin(), ar_sgs.end());
}
nic->replace("SECURITY_GROUPS", one_util::join(nic_sgroups.begin(), nic_sgroups.end(), ','));
nic->replace("SECURITY_GROUPS",
one_util::join(nic_sgs.begin(), nic_sgs.end(), ','));
return rc;
}