Feature #2565: New special cluster ID, 10, adds ACL rule *

This allows the admin to assign all resources from a zone to a group
2025-03-28 14:50:08 +03:00 · 2013-12-20 17:21:47 +01:00 · 2013-12-20 17:21:47 +01:00 · 402eee32ef
commit 402eee32ef
parent b3e070be08
3 changed files with 44 additions and 16 deletions
--- a/include/ClusterPool.h
+++ b/include/ClusterPool.h
@ -44,6 +44,12 @@ public:
     */
    static const int NONE_CLUSTER_ID;

+    /**
+     * Special ID to refer to all OpenNebula resources, from any cluster
+     * or in cluster none (* in ACL rules).
+     */
+    static const int ALL_RESOURCES;
+
    /* ---------------------------------------------------------------------- */
    /* Methods for DB management                                              */
    /* ---------------------------------------------------------------------- */
--- a/src/cluster/ClusterPool.cc
+++ b/src/cluster/ClusterPool.cc
@ -28,6 +28,7 @@

 const string ClusterPool::NONE_CLUSTER_NAME = "";
 const int    ClusterPool::NONE_CLUSTER_ID   = -1;
+const int    ClusterPool::ALL_RESOURCES = 10;

 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */
--- a/src/rm/RequestManagerGroup.cc
+++ b/src/rm/RequestManagerGroup.cc
@ -115,15 +115,18 @@ void GroupEditProvider::request_execute(
        return;
    }

-    rc = get_info(clpool, cluster_id, PoolObjectSQL::CLUSTER,
-                    att, cluster_perms, cluster_name);
-
-    // TODO: If cluster does not exist, it may be that the cluster was deleted
-    // and we should allow to delete the resource provider.
-
-    if ( rc == -1 )
+    if (cluster_id != ClusterPool::ALL_RESOURCES)
    {
-        return;
+        rc = get_info(clpool, cluster_id, PoolObjectSQL::CLUSTER,
+                        att, cluster_perms, cluster_name);
+
+        // TODO: If cluster does not exist, it may be that the cluster was deleted
+        // and we should allow to delete the resource provider.
+
+        if ( rc == -1 )
+        {
+            return;
+        }
    }

    if ( att.uid != 0 )
@ -194,13 +197,23 @@ int GroupAddProvider::edit_acl_rules(
 {
    int rc = 0;

+    long long mask_prefix;
+
+    if (cluster_id == ClusterPool::ALL_RESOURCES)
+    {
+        mask_prefix = AclRule::ALL_ID;
+    }
+    else
+    {
+        mask_prefix = AclRule::CLUSTER_ID | cluster_id;
+    }
+
    // @<gid> HOST/%<cid> MANAGE
    rc += aclm->add_rule(
            AclRule::GROUP_ID |
            group_id,

-            AclRule::CLUSTER_ID |
-            cluster_id |
+            mask_prefix |
            PoolObjectSQL::HOST,

            AuthRequest::MANAGE,
@ -212,8 +225,7 @@ int GroupAddProvider::edit_acl_rules(
            AclRule::GROUP_ID |
            group_id,

-            AclRule::CLUSTER_ID |
-            cluster_id |
+            mask_prefix |
            PoolObjectSQL::DATASTORE |
            PoolObjectSQL::NET,

@ -246,13 +258,23 @@ int GroupDelProvider::edit_acl_rules(
 {
    int rc = 0;

+    long long mask_prefix;
+
+    if (cluster_id == ClusterPool::ALL_RESOURCES)
+    {
+        mask_prefix = AclRule::ALL_ID;
+    }
+    else
+    {
+        mask_prefix = AclRule::CLUSTER_ID | cluster_id;
+    }
+
    // @<gid> HOST/%<cid> MANAGE
    rc += aclm->del_rule(
            AclRule::GROUP_ID |
            group_id,

-            AclRule::CLUSTER_ID |
-            cluster_id |
+            mask_prefix |
            PoolObjectSQL::HOST,

            AuthRequest::MANAGE,
@ -264,8 +286,7 @@ int GroupDelProvider::edit_acl_rules(
            AclRule::GROUP_ID |
            group_id,

-            AclRule::CLUSTER_ID |
-            cluster_id |
+            mask_prefix |
            PoolObjectSQL::DATASTORE |
            PoolObjectSQL::NET,