shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-23 22:50:09 +03:00
Code Releases Wiki Activity

feauture #203: Integrated VM operations with AuthManager

Browse Source
This commit is contained in:
Ruben S. Montero 2010-07-09 12:43:20 +02:00
parent edea2edf2b
commit 3fdd16f094
7 changed files with 158 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/rm/RequestManagerAction.cc
View File

@ -127,7 +127,6 @@ void RequestManager::VirtualMachineAction::execute(
if (rc != 0)
{
goto error_operation;
}
arrayData.push_back(xmlrpc_c::value_boolean(true));
@ -160,8 +159,7 @@ error_authenticate:
goto error_common;
error_authorize:
oss << "User not authorized to perform operation upon VirtualMachine ["
<< vid << "]";
oss << "User not authorized to perform VM operation";
goto error_common;
error_common:

2
src/rm/RequestManagerAllocate.cc
View File

@ -75,7 +75,7 @@ void RequestManager::VirtualMachineAllocate::execute(
return;
error_authenticate:
oss << "User not authenticated, aborting RequestManagerAllocate call.";
oss << "Error in user authentication";
goto error_common;
error_allocate:

75
src/rm/RequestManagerCancel.cc
View File

@ -23,21 +23,21 @@
void RequestManager::VirtualMachineCancel::execute(
xmlrpc_c::paramList const& paramList,
xmlrpc_c::value * const retval)
{
{
string session;
// <vid> of the vid to retrieve the information for
int vid;
int vid;
int uid;
VirtualMachine * vm;
ostringstream oss;
/* -- RPC specific vars -- */
vector<xmlrpc_c::value> arrayData;
xmlrpc_c::value_array * arrayresult;
Nebula& nd = Nebula::instance();
DispatchManager * dm = nd.get_dm();
@ -47,62 +47,75 @@ void RequestManager::VirtualMachineCancel::execute(
session = xmlrpc_c::value_string(paramList.getString(0));
vid = xmlrpc_c::value_int (paramList.getInt(1));
// Retrieve the VM from the vmpool
// Retrieve the VM from the vmpool
vm = VirtualMachineCancel::vmpool->get(vid,true);
if ( vm == 0 )
{
goto error_vm_get;
if ( vm == 0 )
{
goto error_vm_get;
}
uid = vm->get_uid();
vm->unlock();
// Only oneadmin or the VM owner can perform operations upon the VM
//Authenticate the user
rc = VirtualMachineCancel::upool->authenticate(session);
if ( rc != 0 && rc != uid)
{
goto error_authenticate;
if ( rc == -1 )
{
goto error_authenticate;
}
//Authorize the operation
if ( rc != 0 ) // rc == 0 means oneadmin
{
AuthRequest ar(rc);
ar.add_auth(AuthRequest::VM,vid,AuthRequest::MANAGE,uid,false);
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
//Cancel the VM
dm->cancel(vid);
// Send results to client
arrayData.push_back(xmlrpc_c::value_boolean(true));
arrayresult = new xmlrpc_c::value_array(arrayData);
*retval = *arrayresult;
delete arrayresult;
return;
error_authenticate:
oss << "User not authorized to cancel VM";
oss << "Error in user authentication";
goto error_common;
error_authorize:
oss << "User not authorized to canel VM";
goto error_common;
error_vm_get:
oss << "Error getting vm for cancelling with VID = " << vid;
oss << "Error getting vm for cancelling with VID = " << vid;
goto error_common;
error_common:
arrayData.push_back(xmlrpc_c::value_boolean(false)); // FAILURE
arrayData.push_back(xmlrpc_c::value_string(oss.str()));
Nebula::log("ReM",Log::ERROR,oss);
Nebula::log("ReM",Log::ERROR,oss);
xmlrpc_c::value_array arrayresult_error(arrayData);
*retval = arrayresult_error;
return;
}

68
src/rm/RequestManagerDeploy.cc
View File

@ -56,10 +56,7 @@ void RequestManager::VirtualMachineDeploy::execute(
vid = xmlrpc_c::value_int(paramList.getInt(1));
hid = xmlrpc_c::value_int(paramList.getInt(2));
//We also need the hsid
//Get host info to deploy the VM
host = VirtualMachineDeploy::hpool->get(hid,true);
if ( host == 0 )
@ -76,7 +73,6 @@ void RequestManager::VirtualMachineDeploy::execute(
host->unlock();
//Get the VM
vm = VirtualMachineDeploy::vmpool->get(vid,true);
if ( vm == 0 )
@ -86,21 +82,34 @@ void RequestManager::VirtualMachineDeploy::execute(
uid = vm->get_uid();
// Only oneadmin or the VM owner can perform operations upon the VM
rc = VirtualMachineDeploy::upool->authenticate(session);
if ( rc != 0 && rc != uid)
{
goto error_authenticate;
}
if ( vm->get_state() != VirtualMachine::PENDING )
{
goto error_state;
}
//Update host info and share usage (cpu,mem....)
//Authenticate the user
rc = VirtualMachineDeploy::upool->authenticate(session);
if ( rc == -1 )
{
goto error_authenticate;
}
//Authorize the operation
if ( rc != 0 ) // rc == 0 means oneadmin
{
AuthRequest ar(rc);
ar.add_auth(AuthRequest::VM,vid,AuthRequest::MANAGE,uid,false);
ar.add_auth(AuthRequest::HOST,hid,AuthRequest::USE,0,false);
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
//Update host info and share usage (cpu,mem....)
vm->add_history(hid,hostname,vmdir,vmm_mad,tm_mad);
rc = VirtualMachineDeploy::vmpool->update_history(vm);
@ -113,13 +122,11 @@ void RequestManager::VirtualMachineDeploy::execute(
vmpool->update(vm); //Insert last_seq in the DB
//Deploy the VM
dm->deploy(vm);
vm->unlock();
// Send results to client
arrayData.push_back(xmlrpc_c::value_boolean(true));
arrayresult = new xmlrpc_c::value_array(arrayData);
@ -130,11 +137,6 @@ void RequestManager::VirtualMachineDeploy::execute(
return;
error_authenticate:
vm->unlock();
oss << "User not authorized to perform the deploy";
goto error_common;
error_host_get:
oss << "The host " << hid << " does not exists";
goto error_common;
@ -143,20 +145,26 @@ error_vm_get:
oss << "The virtual machine " << vid << " does not exists";
goto error_common;
error_history:
vm->unlock();
oss << "Can not deploy VM " << vid << ", can not insert history";
goto error_common;
error_state:
vm->unlock();
oss << "Can not deploy VM, wrong state";
goto error_common_lock;
oss << "Can not deploy VM " << vid << ", wrong state";
goto error_common;
error_authenticate:
oss << "Error in user authentication";
goto error_common_lock;
error_authorize:
oss << "User not authorized to deploy VM on host";
goto error_common_lock;
error_history:
oss << "Can not insert history to deploy VM";
goto error_common_lock;
error_common_lock:
vm->unlock();
error_common:
arrayData.push_back(xmlrpc_c::value_boolean(false));
arrayData.push_back(xmlrpc_c::value_string(oss.str()));

43
src/rm/RequestManagerInfo.cc
View File

@ -23,10 +23,10 @@
void RequestManager::VirtualMachineInfo::execute(
xmlrpc_c::paramList const& paramList,
xmlrpc_c::value * const retval)
{
{
string session;
int vid;
int vid, rc;
VirtualMachine * vm;
ostringstream oss;
@ -41,19 +41,27 @@ void RequestManager::VirtualMachineInfo::execute(
session = xmlrpc_c::value_string(paramList.getString(0));
vid = xmlrpc_c::value_int (paramList.getInt(1));
// Get the details of the virtual machine
// Check if it is a valid user
rc = VirtualMachineInfo::upool->authenticate(session);
if ( rc == -1 )
{
goto error_authenticate;
}
// Get the details of the virtual machine
vm = VirtualMachineInfo::vmpool->get(vid,true);
if ( vm == 0 )
{
goto error_vm_get;
if ( vm == 0 )
{
goto error_vm_get;
}
oss << *vm;
vm->unlock();
// All nice, return the vm info to the client
// All nice, return the vm info to the client
arrayData.push_back(xmlrpc_c::value_boolean(true)); // SUCCESS
arrayData.push_back(xmlrpc_c::value_string(oss.str()));
@ -65,21 +73,24 @@ void RequestManager::VirtualMachineInfo::execute(
return;
error_authenticate:
oss << "Error in user authentication";
goto error_common;
error_vm_get:
oss << "Error getting vm with VID = " << vid;
oss << "Error getting VM " << vid;
goto error_common;
error_common:
arrayData.push_back(xmlrpc_c::value_boolean(false)); // FAILURE
arrayData.push_back(xmlrpc_c::value_string(oss.str()));
NebulaLog::log("ReM",Log::ERROR,oss);
NebulaLog::log("ReM",Log::ERROR,oss);
xmlrpc_c::value_array arrayresult_error(arrayData);
*retval = arrayresult_error;
return;
}

48
src/rm/RequestManagerMigrate.cc
View File

@ -52,14 +52,12 @@ void RequestManager::VirtualMachineMigrate::execute(
NebulaLog::log("ReM",Log::DEBUG,"VirtualMachineMigrate invoked");
//Parse Arguments
session = xmlrpc_c::value_string(paramList.getString(0));
vid = xmlrpc_c::value_int(paramList.getInt(1));
hid = xmlrpc_c::value_int(paramList.getInt(2));
live = xmlrpc_c::value_boolean(paramList.getBoolean(3));
//Get host info to deploy the VM
//Get host info to migrate the VM
host = VirtualMachineMigrate::hpool->get(hid,true);
if ( host == 0 )
@ -76,7 +74,6 @@ void RequestManager::VirtualMachineMigrate::execute(
host->unlock();
//Get the VM and migrate it
vm = VirtualMachineMigrate::vmpool->get(vid,true);
if ( vm == 0 )
@ -89,11 +86,25 @@ void RequestManager::VirtualMachineMigrate::execute(
// Only oneadmin or the VM owner can perform operations upon the VM
rc = VirtualMachineMigrate::upool->authenticate(session);
if ( rc != 0 && rc != uid)
if ( rc == -1)
{
goto error_authenticate;
}
//Authorize the operation
if ( rc != 0 ) // rc == 0 means oneadmin
{
AuthRequest ar(rc);
ar.add_auth(AuthRequest::VM,vid,AuthRequest::MANAGE,uid,false);
ar.add_auth(AuthRequest::HOST,hid,AuthRequest::USE,0,false);
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
if ((vm->get_state() != VirtualMachine::ACTIVE) ||
(vm->get_lcm_state() != VirtualMachine::RUNNING))
{
@ -123,7 +134,6 @@ void RequestManager::VirtualMachineMigrate::execute(
vm->unlock();
// Send results to client
arrayData.push_back(xmlrpc_c::value_boolean(true));
arrayresult = new xmlrpc_c::value_array(arrayData);
@ -134,10 +144,6 @@ void RequestManager::VirtualMachineMigrate::execute(
return;
error_authenticate:
vm->unlock();
oss << "User not authorized to perform migration upon this VM";
goto error_common;
error_host_get:
oss << "The host " << hid << " does not exists";
@ -147,20 +153,26 @@ error_vm_get:
oss << "The virtual machine " << vid << " does not exists";
goto error_common;
error_history:
vm->unlock();
error_authenticate:
oss << "Error in user authentication";
goto error_common_lock;
oss << "Can not migrate VM " << vid << ", can not insert history";
goto error_common;
error_authorize:
oss << "User not authorized to migrate VM on host";
goto error_common_lock;
error_history:
oss << "Can not insert history to migrate VM";
goto error_common_lock;
error_state:
vm->unlock();
oss << "Can not migrate VM, wrong state";
goto error_common_lock;
oss << "Can not migrate VM " << vid << ", wrong state";
goto error_common;
error_common_lock:
vm->unlock();
error_common:
arrayData.push_back(xmlrpc_c::value_boolean(false));
arrayData.push_back(xmlrpc_c::value_string(oss.str()));

56
src/rm/RequestManagerPoolInfo.cc
View File

@ -23,19 +23,17 @@
void RequestManager::VirtualMachinePoolInfo::execute(
xmlrpc_c::paramList const& paramList,
xmlrpc_c::value * const retval)
{
{
string session;
string username;
string password;
int filter_flag;
int rc;
ostringstream oss;
ostringstream where_string;
User * user;
/* -- RPC specific vars -- */
vector<xmlrpc_c::value> arrayData;
xmlrpc_c::value_array * arrayresult;
@ -54,43 +52,28 @@ void RequestManager::VirtualMachinePoolInfo::execute(
goto error_authenticate;
}
where_string.str("");
/** Filter flag meaning table
/* Filter flag meaning table
* <=-2 :: ALL VMs
* -1 :: User's VMs
* >=0 :: UID User's VMs
**/
*/
if (filter_flag == -1)
{
User::split_secret(session,username,password);
// Now let's get the user
user = VirtualMachinePoolInfo::upool->get(username,true);
if ( user == 0 )
{
goto error_get_user;
}
where_string << "UID=" << user->get_uid();
user->unlock();
where_string << "UID=" << rc;
}
else if (filter_flag>=0)
{
where_string << "UID=" << filter_flag;
}
{
where_string << "UID=" << filter_flag;
}
// Perform the allocation in the vmpool
rc = VirtualMachinePoolInfo::vmpool->dump(oss,where_string.str());
if ( rc != 0 )
{
{
goto error_dump;
}
// All nice, return the vm info to the client
// All nice, return the vm info to the client
arrayData.push_back(xmlrpc_c::value_boolean(true)); // SUCCESS
arrayData.push_back(xmlrpc_c::value_string(oss.str()));
@ -103,11 +86,7 @@ void RequestManager::VirtualMachinePoolInfo::execute(
return;
error_authenticate:
oss << "User not authenticated, aborting RequestManagerPoolInfo call.";
goto error_common;
error_get_user:
oss << "An error ocurred getting the user from the UserPool, aborting RequestManagerPoolInfo call";
oss << "Error in user authentication";
goto error_common;
error_dump:
@ -115,18 +94,17 @@ error_dump:
goto error_common;
error_common:
arrayData.push_back(xmlrpc_c::value_boolean(false)); // FAILURE
arrayData.push_back(xmlrpc_c::value_string(oss.str()));
NebulaLog::log("ReM",Log::ERROR,oss);
xmlrpc_c::value_array arrayresult_error(arrayData);
*retval = arrayresult_error;
return;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */