shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-16 22:50:10 +03:00
Code Releases Wiki Activity

B #4193: Limit action execution on wilds (#1496)

Browse Source
This commit is contained in:
Pavel Czerný 2021-10-08 19:27:06 +02:00 committed by GitHub
parent 7ea2ae04ef
commit 3c2efafcc5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 242 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
include/RequestManagerUpdateTemplate.h
View File

@ -70,15 +70,26 @@ protected:
std::string &error_str);
/**
* Method por updating custom values not included in PoolSQL::update
* Method for updating custom values not included in PoolSQL::update
* mainly used for updating search information in the VMs.
* @param object to be updated
* @param obj to be updated
* @return 0 on success
*/
virtual int extra_updates(PoolObjectSQL * obj)
{
return 0;
};
}
/**
* Method for extra checks on specific objects
* @param obj to check conditions form update
* @param error return reason of error
* @return 0 on success
*/
virtual int extra_preconditions_check(PoolObjectSQL * obj, std::string& error)
{
return 0;
}
};
/* ------------------------------------------------------------------------- */
@ -150,7 +161,23 @@ protected:
vm = static_cast<VirtualMachine *>(obj);
return vmpool->update_search(vm);
};
}
int extra_preconditions_check(PoolObjectSQL * obj, std::string& error) override
{
auto vm = static_cast<VirtualMachine *>(obj);
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::UPDATE_ACTION))
{
error = "Action \"update\" is not supported for imported VMs";
return -1;
}
return 0;
}
};
/* ------------------------------------------------------------------------- */

7
src/rm/RequestManagerUpdateTemplate.cc
View File

@ -97,6 +97,13 @@ void RequestManagerUpdateTemplate::request_execute(
return;
}
if (extra_preconditions_check(object.get(), att.resp_msg))
{
failure_response(ACTION, att);
return;
}
if (update_type == 0)
{
rc = replace_template(object.get(), tmpl, att, att.resp_msg);

208
src/rm/RequestManagerVirtualMachine.cc
View File

@ -472,6 +472,7 @@ void VirtualMachineAction::request_execute(xmlrpc_c::paramList const& paramList,
{
att.resp_msg = "Action \"" + action_st + "\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
@ -1735,6 +1736,17 @@ void VirtualMachineAttach::request_execute(
return;
}
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::DISK_ATTACH_ACTION))
{
att.resp_msg = "Action \"disk-attach\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
}
else
{
@ -1902,6 +1914,17 @@ void VirtualMachineDetach::request_execute(xmlrpc_c::paramList const& paramList,
att.resp_msg = "Action is not supported for virtual router VMs";
failure_response(ACTION, att);
return;
}
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::DISK_DETACH_ACTION))
{
att.resp_msg = "Action \"disk-detach\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
}
@ -2067,6 +2090,17 @@ void VirtualMachineResize::request_execute(xmlrpc_c::paramList const& paramList,
/* ---------------------------------------------------------------------- */
if ( auto vm = vmpool->get_ro(id) )
{
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::RESIZE_ACTION))
{
att.resp_msg = "Action \"resize\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
vm->get_permissions(vm_perms);
vm->get_template_attribute("MEMORY", omemory);
@ -2241,6 +2275,24 @@ void VirtualMachineSnapshotCreate::request_execute(
return;
}
// Check if the action is supported for imported VMs
if ( auto vm = get_vm_ro(id, att) )
{
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::SNAPSHOT_CREATE_ACTION))
{
att.resp_msg = "Action \"snapshot-create\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
}
else
{
return;
}
rc = dm->snapshot_create(id, name, snap_id, att, att.resp_msg);
if ( rc != 0 )
@ -2278,6 +2330,24 @@ void VirtualMachineSnapshotRevert::request_execute(
return;
}
if ( auto vm = get_vm_ro(id, att) )
{
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::SNAPSHOT_REVERT_ACTION))
{
att.resp_msg = "Action \"snapshot-revert\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
}
else
{
return;
}
rc = dm->snapshot_revert(id, snap_id, att, att.resp_msg);
if ( rc != 0 )
@ -2315,6 +2385,24 @@ void VirtualMachineSnapshotDelete::request_execute(
return;
}
// Check if the action is supported for imported VMs
if ( auto vm = get_vm_ro(id, att) )
{
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::SNAPSHOT_DELETE_ACTION))
{
att.resp_msg = "Action \"snapshot-delete\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
}
else
{
return;
}
rc = dm->snapshot_delete(id, snap_id, att, att.resp_msg);
if ( rc != 0 )
@ -2355,6 +2443,17 @@ void VirtualMachineAttachNic::request_execute(
return;
}
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::NIC_ATTACH_ACTION))
{
att.resp_msg = "Action \"nic-attach\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
}
else
{
@ -2482,6 +2581,17 @@ void VirtualMachineDetachNic::request_execute(
failure_response(Request::ACTION, att);
return;
}
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::NIC_DETACH_ACTION))
{
att.resp_msg = "Action \"nic-detach\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
}
else
{
@ -2562,22 +2672,26 @@ void VirtualMachineRecover::request_execute(
Nebula& nd = Nebula::instance();
DispatchManager * dm = nd.get_dm();
VMActions::Action action;
switch (op)
{
case 0: //recover-failure
case 1: //recover-success
att.set_auth_op(VMActions::RECOVER_ACTION);
action = VMActions::RECOVER_ACTION;
break;
case 2: //retry
att.set_auth_op(VMActions::RETRY_ACTION);
action = VMActions::RETRY_ACTION;
break;
case 3: //delete
case 4: //delete-recreate set same as delete in OpenNebulaTemplate
case 5: //delete-db
att.set_auth_op(VMActions::DELETE_ACTION);
action = VMActions::DELETE_ACTION;
break;
case 4: //delete-recreate set same as delete in OpenNebulaTemplate
action = VMActions::DELETE_RECREATE_ACTION;
break;
default:
@ -2586,6 +2700,8 @@ void VirtualMachineRecover::request_execute(
return;
}
att.set_auth_op(action);
if (vm_authorization(id, 0, 0, att, 0, 0, 0) == false)
{
return;
@ -2600,6 +2716,17 @@ void VirtualMachineRecover::request_execute(
return;
}
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(action))
{
att.resp_msg = "Action \"" + VMActions::action_to_str(action) +
"\" is not supported for imported VMs";
failure_response(ACTION, att);
return;
}
switch (op)
{
case 0: //recover-failure
@ -2709,6 +2836,17 @@ void VirtualMachineDiskSnapshotCreate::request_execute(
if ( auto vm = get_vm(id, att) )
{
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::DISK_SNAPSHOT_CREATE_ACTION))
{
att.resp_msg = "Action \"disk-snapshot-create\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
disk = vm->get_disk(did);
if (disk == nullptr)
@ -2873,6 +3011,24 @@ void VirtualMachineDiskSnapshotRevert::request_execute(
return;
}
if ( auto vm = get_vm_ro(id, att) )
{
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::DISK_SNAPSHOT_REVERT_ACTION))
{
att.resp_msg = "Action \"disk-snapshot-revert\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
}
else
{
return;
}
rc = dm->disk_snapshot_revert(id, did, snap_id, att, att.resp_msg);
if ( rc != 0 )
@ -2910,6 +3066,17 @@ void VirtualMachineDiskSnapshotDelete::request_execute(
if ( auto vm = get_vm(id, att) )
{
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::DISK_SNAPSHOT_DELETE_ACTION))
{
att.resp_msg = "Action \"disk-snapshot-delete\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
disk = vm->get_disk(did);
if (disk == nullptr)
@ -3003,6 +3170,17 @@ void VirtualMachineDiskSnapshotRename::request_execute(xmlrpc_c::paramList const
return;
}
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::DISK_SNAPSHOT_RENAME_ACTION))
{
att.resp_msg = "Action \"disk-snapshot-rename\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
disk = vm->get_disk(did);
if (disk == nullptr)
@ -3086,6 +3264,17 @@ void VirtualMachineUpdateConf::request_execute(
return;
}
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::UPDATECONF_ACTION))
{
att.resp_msg = "Action \"updateconf\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
if (!att.is_admin())
{
string aname;
@ -3196,6 +3385,17 @@ void VirtualMachineDiskResize::request_execute(
if ( auto vm = get_vm(id, att) )
{
// Check if the action is supported for imported VMs
if (vm->is_imported() &&
!vm->is_imported_action_supported(VMActions::DISK_RESIZE_ACTION))
{
att.resp_msg = "Action \"disk-resize\" is not supported for "
"imported VMs";
failure_response(ACTION, att);
return;
}
VirtualMachineDisk * disk = vm->get_disk(did);
if (disk == nullptr)