shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-25 02:50:08 +03:00
Code Releases Wiki Activity

Feature #3167, #3169: Make the restricted attr. mechanism generic for all pool objects

Browse Source
This commit is contained in:
Carlos Martín 2014-09-03 11:36:46 +02:00 committed by Ruben S. Montero
parent fb85a67d6b
commit 1fd5dadcf4
9 changed files with 218 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/ImageTemplate.h
View File

@ -43,6 +43,22 @@ public:
return Template::check(rs_attr, restricted_attributes);
};
/**
* Deletes all restricted attributes
*/
void remove_restricted()
{
Template::remove_restricted(restricted_attributes);
};
/**
* Deletes all the attributes, except the restricted ones
*/
void remove_all_except_restricted()
{
Template::remove_all_except_restricted(restricted_attributes);
};
bool is_saving()
{
string saving;

17
include/PoolObjectSQL.h
View File

@ -561,17 +561,24 @@ public:
/**
* Replace template for this object. Object should be updated
* after calling this method
* @param tmpl string representation of the template
* @param tmpl_str new contents
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error string describing the error if any
* @return 0 on success
*/
virtual int replace_template(const string& tmpl_str, string& error);
virtual int replace_template(const string& tmpl_str, bool keep_restricted, string& error);
/**
* Append new attributes to this object's template. Object should be updated
* after calling this method
* @param tmpl string representation of the template
* @param tmpl_str new contents
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error string describing the error if any
* @return 0 on success
*/
virtual int append_template(const string& tmpl_str, string& error);
virtual int append_template(const string& tmpl_str, bool keep_restricted, string& error);
/**
* Fills a auth class to perform an authZ/authN request based on the object

8
include/RequestManagerUpdateTemplate.h
View File

@ -84,14 +84,6 @@ public:
};
~VirtualMachineUpdateTemplate(){};
/* -------------------------------------------------------------------- */
int replace_template(PoolObjectSQL * object, const string & tmpl,
const RequestAttributes &att, string &error_str);
int append_template(PoolObjectSQL * object, const string & tmpl,
const RequestAttributes &att, string &error_str);
};
/* ------------------------------------------------------------------------- */

20
include/Template.h
View File

@ -380,6 +380,16 @@ public:
*/
int merge(const Template * from_tmpl, string& error_str);
/**
* Deletes all restricted attributes
*/
virtual void remove_restricted();
/**
* Deletes all the attributes, except the restricted ones
*/
virtual void remove_all_except_restricted();
protected:
/**
* The template attributes
@ -419,6 +429,16 @@ protected:
*/
bool check(string& rs_attr, const vector<string> &restricted_attributes);
/**
* Deletes all restricted attributes
*/
void remove_restricted(const vector<string> &restricted_attributes);
/**
* Deletes all the attributes, except the restricted ones
*/
void remove_all_except_restricted(const vector<string> &restricted_attributes);
/**
* Updates the xml root element name
*

26
include/VirtualMachineTemplate.h
View File

@ -52,21 +52,27 @@ public:
return Template::check(rs_attr, restricted_attributes);
};
/**
* Deletes all restricted attributes
*/
void remove_restricted()
{
Template::remove_restricted(restricted_attributes);
};
/**
* Deletes all the attributes, except the restricted ones
*/
void remove_all_except_restricted()
{
Template::remove_all_except_restricted(restricted_attributes);
};
void set_xml_root(const char * _xml_root)
{
Template::set_xml_root(_xml_root);
};
/**
* Deletes all restricted attributes
*/
void remove_restricted();
/**
* Deletes all the attributes, excepts the restricted ones
*/
void remove_all_except_restricted();
/**
* Replaces the given image from the DISK attribute with a new one
* @param target_id IMAGE_ID the image to be replaced

24
src/pool/PoolObjectSQL.cc
View File

@ -167,7 +167,8 @@ void PoolObjectSQL::clear_template_error_message()
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int PoolObjectSQL::replace_template(const string& tmpl_str, string& error)
int PoolObjectSQL::replace_template(
const string& tmpl_str, bool keep_restricted, string& error)
{
Template * new_tmpl = get_new_template();
@ -183,6 +184,19 @@ int PoolObjectSQL::replace_template(const string& tmpl_str, string& error)
return -1;
}
if (keep_restricted)
{
new_tmpl->remove_restricted();
if (obj_template != 0)
{
obj_template->remove_all_except_restricted();
string aux_error;
new_tmpl->merge(obj_template, aux_error);
}
}
delete obj_template;
obj_template = new_tmpl;
@ -193,7 +207,8 @@ int PoolObjectSQL::replace_template(const string& tmpl_str, string& error)
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int PoolObjectSQL::append_template(const string& tmpl_str, string& error)
int PoolObjectSQL::append_template(
const string& tmpl_str, bool keep_restricted, string& error)
{
Template * new_tmpl = get_new_template();
@ -209,6 +224,11 @@ int PoolObjectSQL::append_template(const string& tmpl_str, string& error)
return -1;
}
if (keep_restricted)
{
new_tmpl->remove_restricted();
}
if ( obj_template != 0 )
{
obj_template->merge(new_tmpl, error);

49
src/rm/RequestManagerUpdateTemplate.cc
View File

@ -27,7 +27,14 @@ int RequestManagerUpdateTemplate::replace_template(
const RequestAttributes &att,
string &error_str)
{
return object->replace_template(tmpl, error_str);
if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID)
{
return object->replace_template(tmpl, true, error_str);
}
else
{
return object->replace_template(tmpl, false, error_str);
}
}
/* ------------------------------------------------------------------------- */
@ -39,49 +46,13 @@ int RequestManagerUpdateTemplate::append_template(
const RequestAttributes &att,
string &error_str)
{
return object->append_template(tmpl, error_str);
}
/* ------------------------------------------------------------------------- */
/* ------------------------------------------------------------------------- */
int VirtualMachineUpdateTemplate::replace_template(
PoolObjectSQL * object,
const string & tmpl,
const RequestAttributes & att,
string & error_str)
{
VirtualMachine* vm = static_cast<VirtualMachine*>(object);
if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID)
{
return vm->replace_template(tmpl, true, error_str);
return object->append_template(tmpl, true, error_str);
}
else
{
return vm->replace_template(tmpl, false, error_str);
}
}
/* ------------------------------------------------------------------------- */
/* ------------------------------------------------------------------------- */
int VirtualMachineUpdateTemplate::append_template(
PoolObjectSQL * object,
const string & tmpl,
const RequestAttributes & att,
string & error_str)
{
VirtualMachine* vm = static_cast<VirtualMachine*>(object);
if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID)
{
return vm->append_template(tmpl, true, error_str);
}
else
{
return vm->append_template(tmpl, false, error_str);
return object->append_template(tmpl, false, error_str);
}
}

122
src/template/Template.cc
View File

@ -860,3 +860,125 @@ bool Template::check(string& rs_attr, const vector<string> &restricted_attribute
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void Template::remove_restricted()
{}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void Template::remove_all_except_restricted()
{}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void Template::remove_restricted(const vector<string> &restricted_attributes)
{
size_t pos;
string avector, vattr;
vector<Attribute *> values;
for (unsigned int i=0; i < restricted_attributes.size(); i++)
{
pos = restricted_attributes[i].find("/");
if (pos != string::npos) //Vector Attribute
{
int num;
avector = restricted_attributes[i].substr(0,pos);
vattr = restricted_attributes[i].substr(pos+1);
if ((num = get(avector,values)) > 0 ) //Template contains the attr
{
VectorAttribute * attr;
for (int j=0; j<num ; j++ )
{
attr = dynamic_cast<VectorAttribute *>(values[j]);
if (attr == 0)
{
continue;
}
attr->remove(vattr);
}
}
}
else //Single Attribute
{
erase(restricted_attributes[i]);
}
}
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void Template::remove_all_except_restricted(const vector<string> &restricted_attributes)
{
size_t pos;
string avector, vattr;
vector<Attribute *> values;
vector<Attribute *> restricted;
for (unsigned int i=0; i < restricted_attributes.size(); i++)
{
pos = restricted_attributes[i].find("/");
if (pos != string::npos) //Vector Attribute
{
int num;
avector = restricted_attributes[i].substr(0,pos);
vattr = restricted_attributes[i].substr(pos+1);
if ((num = get(avector,values)) > 0 ) //Template contains the attr
{
VectorAttribute * attr;
for (int j=0; j<num ; j++ )
{
attr = dynamic_cast<VectorAttribute *>(values[j]);
if (attr == 0)
{
continue;
}
if ( !attr->vector_value(vattr.c_str()).empty() )
{
restricted.push_back(attr);
}
}
}
}
else //Single Attribute
{
this->get(restricted_attributes[i], restricted);
}
}
vector<Attribute *>::iterator res_it;
for (res_it = restricted.begin(); res_it != restricted.end(); res_it++)
{
remove(*res_it);
}
multimap<string,Attribute *>::iterator att_it;
for ( att_it = attributes.begin(); att_it != attributes.end(); att_it++)
{
delete att_it->second;
}
attributes.clear();
for (res_it = restricted.begin(); res_it != restricted.end(); res_it++)
{
set(*res_it);
}
}

116
src/vm/VirtualMachineTemplate.cc
View File

@ -15,128 +15,12 @@
/* -------------------------------------------------------------------------- */
#include "VirtualMachineTemplate.h"
#include "Host.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
vector<string> VirtualMachineTemplate::restricted_attributes;
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void VirtualMachineTemplate::remove_restricted()
{
size_t pos;
string avector, vattr;
vector<Attribute *> values;
for (unsigned int i=0; i < restricted_attributes.size(); i++)
{
pos = restricted_attributes[i].find("/");
if (pos != string::npos) //Vector Attribute
{
int num;
avector = restricted_attributes[i].substr(0,pos);
vattr = restricted_attributes[i].substr(pos+1);
if ((num = get(avector,values)) > 0 ) //Template contains the attr
{
VectorAttribute * attr;
for (int j=0; j<num ; j++ )
{
attr = dynamic_cast<VectorAttribute *>(values[j]);
if (attr == 0)
{
continue;
}
attr->remove(vattr);
}
}
}
else //Single Attribute
{
erase(restricted_attributes[i]);
}
}
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void VirtualMachineTemplate::remove_all_except_restricted()
{
size_t pos;
string avector, vattr;
vector<Attribute *> values;
vector<Attribute *> restricted;
for (unsigned int i=0; i < restricted_attributes.size(); i++)
{
pos = restricted_attributes[i].find("/");
if (pos != string::npos) //Vector Attribute
{
int num;
avector = restricted_attributes[i].substr(0,pos);
vattr = restricted_attributes[i].substr(pos+1);
if ((num = get(avector,values)) > 0 ) //Template contains the attr
{
VectorAttribute * attr;
for (int j=0; j<num ; j++ )
{
attr = dynamic_cast<VectorAttribute *>(values[j]);
if (attr == 0)
{
continue;
}
if ( !attr->vector_value(vattr.c_str()).empty() )
{
restricted.push_back(attr);
}
}
}
}
else //Single Attribute
{
this->get(restricted_attributes[i], restricted);
}
}
vector<Attribute *>::iterator res_it;
for (res_it = restricted.begin(); res_it != restricted.end(); res_it++)
{
remove(*res_it);
}
multimap<string,Attribute *>::iterator att_it;
for ( att_it = attributes.begin(); att_it != attributes.end(); att_it++)
{
delete att_it->second;
}
attributes.clear();
for (res_it = restricted.begin(); res_it != restricted.end(); res_it++)
{
set(*res_it);
}
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */