diff --git a/include/RequestManagerAllocate.h b/include/RequestManagerAllocate.h index 8237f71189..223dadc306 100644 --- a/include/RequestManagerAllocate.h +++ b/include/RequestManagerAllocate.h @@ -180,10 +180,6 @@ public: int cluster_id, const string& cluster_name); - bool allocate_authorization(Template * obj_template, - RequestAttributes& att, - PoolObjectAuth * cluster_perms); - int get_cluster_id(xmlrpc_c::paramList const& paramList) { return xmlrpc_c::value_int(paramList.getInt(2)); diff --git a/include/VirtualNetwork.h b/include/VirtualNetwork.h index 84bd33bb99..1939f680fe 100644 --- a/include/VirtualNetwork.h +++ b/include/VirtualNetwork.h @@ -304,6 +304,12 @@ public: int reserve_addr_by_mac(VirtualNetwork *rvnet, unsigned int rsize, unsigned int ar_id, const string& mac, string& error_str); + /** + * Returns true if this VNET is a reservation + * @return true if this VNET is a reservation + */ + bool is_reservation() const; + // ************************************************************************* // Formatting & Helper functions // ************************************************************************* diff --git a/share/etc/oned.conf b/share/etc/oned.conf index 683760a3e0..9c4bef7c4f 100644 --- a/share/etc/oned.conf +++ b/share/etc/oned.conf @@ -755,6 +755,11 @@ VM_RESTRICTED_ATTR = "DISK/WRITE_IOPS_SEC" IMAGE_RESTRICTED_ATTR = "SOURCE" +#******************************************************************************* +# The following restricted attributes only apply to VNets that are a reservation. +# Normal VNets do not have restricted attributes. +#******************************************************************************* + VNET_RESTRICTED_ATTR = "PHYDEV" VNET_RESTRICTED_ATTR = "VLAN_ID" VNET_RESTRICTED_ATTR = "VLAN" diff --git a/src/rm/RequestManagerAllocate.cc b/src/rm/RequestManagerAllocate.cc index 313f582dd1..4ad98a59a0 100644 --- a/src/rm/RequestManagerAllocate.cc +++ b/src/rm/RequestManagerAllocate.cc @@ -125,45 +125,6 @@ bool VirtualMachineAllocate::allocate_authorization( /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -bool VirtualNetworkAllocate::allocate_authorization( - Template * tmpl, - RequestAttributes& att, - PoolObjectAuth * cluster_perms) -{ - string aname; - - VirtualNetworkTemplate * vn_tmpl = static_cast(tmpl); - - bool auth = RequestManagerAllocate::allocate_authorization( - vn_tmpl, att, cluster_perms); - - if ( auth ) - { - // ------------ Check template for restricted attributes -------------- - - if ( att.uid != UserPool::ONEADMIN_ID && att.gid != GroupPool::ONEADMIN_ID ) - { - if (vn_tmpl->check(aname)) - { - ostringstream oss; - - oss << "Template includes a restricted attribute " << aname; - - failure_response(AUTHORIZATION, - authorization_error(oss.str(), att), - att); - - return false; - } - } - } - - return auth; -} - -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ - void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params, RequestAttributes& att) { diff --git a/src/vnm/VirtualNetwork.cc b/src/vnm/VirtualNetwork.cc index 91a8f7d8e1..3eabb5a102 100644 --- a/src/vnm/VirtualNetwork.cc +++ b/src/vnm/VirtualNetwork.cc @@ -245,7 +245,7 @@ int VirtualNetwork::replace_template( return -1; } - if (keep_restricted) + if (keep_restricted && is_reservation()) { new_tmpl->remove_restricted(); @@ -686,6 +686,8 @@ int VirtualNetwork::update_ar( return -1; } + keep_restricted = keep_restricted && is_reservation(); + return ar_pool.update_ar(tmp_ars, keep_restricted, error_msg); } @@ -989,3 +991,8 @@ int VirtualNetwork::reserve_addr_by_mac(VirtualNetwork *rvnet, return 0; } + +bool VirtualNetwork::is_reservation() const +{ + return parent_vid != -1; +}