shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-25 23:21:29 +03:00
Code Releases Wiki Activity

Merge branch 'feature-3167'

Browse Source
This commit is contained in:
Carlos Martín 2014-09-08 12:08:51 +02:00
commit 4adfdcb6f3
32 changed files with 524 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
include/AddressRange.h
View File

@ -311,7 +311,10 @@ public:
* the reason. * the reason.
* @return 0 on success * @return 0 on success
*/ */
int update_attributes(VectorAttribute *vup, string& error_msg); int update_attributes(
VectorAttribute * vup,
bool keep_restricted,
string& error_msg);
/* /*
* add_ar from AddressRangePool needs to access the internal representation * add_ar from AddressRangePool needs to access the internal representation
@ -319,6 +322,8 @@ public:
*/ */
friend int AddressRangePool::add_ar(AddressRange * ar); friend int AddressRangePool::add_ar(AddressRange * ar);
static void set_restricted_attributes(vector<const Attribute *>& rattrs);
private: private:
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
/* String to binary conversion functions for different address types */ /* String to binary conversion functions for different address types */
@ -424,7 +429,15 @@ private:
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
bool check(string& rs_attr) const; bool check(string& rs_attr) const;
static void set_restricted_attributes(vector<const Attribute *>& rattrs); /**
* Deletes all restricted attributes
*/
void remove_restricted(VectorAttribute* va);
/**
* Deletes all the attributes, except the restricted ones
*/
void remove_all_except_restricted(VectorAttribute* va);
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
/* Address Range data */ /* Address Range data */

4
include/AddressRangePool.h
View File

@ -75,11 +75,13 @@ public:
* Updates the given address ranges * Updates the given address ranges
* @param ars vector of address ranges as VectorAttributes obtained from * @param ars vector of address ranges as VectorAttributes obtained from
* template in the form AR = [...]. Only one AR is processed. * template in the form AR = [...]. Only one AR is processed.
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error_msg If the action fails, this message contains * @param error_msg If the action fails, this message contains
* the reason. * the reason.
* @return 0 on success * @return 0 on success
*/ */
int update_ar(vector<Attribute *> ars, string& error_msg); int update_ar(vector<Attribute *> ars, bool keep_restricted, string& error_msg);
/** /**
* Allocates a new *empty* address range. It is not added to the pool as it * Allocates a new *empty* address range. It is not added to the pool as it

9
include/Datastore.h
View File

@ -163,13 +163,16 @@ public:
VectorAttribute * disk, VectorAttribute * disk,
const vector<string>& inherit_attrs); const vector<string>& inherit_attrs);
/** /**
* Replace template for this object. Object should be updated * Replace template for this object. Object should be updated
* after calling this method * after calling this method
* @param tmpl string representation of the template * @param tmpl_str new contents
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error string describing the error if any
* @return 0 on success
*/ */
int replace_template(const string& tmpl_str, string& error); int replace_template(const string& tmpl_str, bool keep_restricted, string& error);
/** /**
* Set monitor information for the Datastore * Set monitor information for the Datastore

16
include/ImageTemplate.h
View File

@ -43,6 +43,22 @@ public:
return Template::check(rs_attr, restricted_attributes); return Template::check(rs_attr, restricted_attributes);
}; };
/**
* Deletes all restricted attributes
*/
void remove_restricted()
{
Template::remove_restricted(restricted_attributes);
};
/**
* Deletes all the attributes, except the restricted ones
*/
void remove_all_except_restricted()
{
Template::remove_all_except_restricted(restricted_attributes);
};
bool is_saving() bool is_saving()
{ {
string saving; string saving;

17
include/PoolObjectSQL.h
View File

@ -561,17 +561,24 @@ public:
/** /**
* Replace template for this object. Object should be updated * Replace template for this object. Object should be updated
* after calling this method * after calling this method
* @param tmpl string representation of the template * @param tmpl_str new contents
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error string describing the error if any
* @return 0 on success
*/ */
virtual int replace_template(const string& tmpl_str, string& error); virtual int replace_template(const string& tmpl_str, bool keep_restricted, string& error);
/** /**
* Append new attributes to this object's template. Object should be updated * Append new attributes to this object's template. Object should be updated
* after calling this method * after calling this method
* @param tmpl string representation of the template * @param tmpl_str new contents
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error string describing the error if any
* @return 0 on success
*/ */
virtual int append_template(const string& tmpl_str, string& error); virtual int append_template(const string& tmpl_str, bool keep_restricted, string& error);
/** /**
* Fills a auth class to perform an authZ/authN request based on the object * Fills a auth class to perform an authZ/authN request based on the object

4
include/RequestManagerAllocate.h
View File

@ -180,6 +180,10 @@ public:
int cluster_id, int cluster_id,
const string& cluster_name); const string& cluster_name);
bool allocate_authorization(Template * obj_template,
RequestAttributes& att,
PoolObjectAuth * cluster_perms);
int get_cluster_id(xmlrpc_c::paramList const& paramList) int get_cluster_id(xmlrpc_c::paramList const& paramList)
{ {
return xmlrpc_c::value_int(paramList.getInt(2)); return xmlrpc_c::value_int(paramList.getInt(2));

10
include/RequestManagerUpdateTemplate.h
View File

@ -84,14 +84,6 @@ public:
}; };
~VirtualMachineUpdateTemplate(){}; ~VirtualMachineUpdateTemplate(){};
/* -------------------------------------------------------------------- */
int replace_template(PoolObjectSQL * object, const string & tmpl,
const RequestAttributes &att, string &error_str);
int append_template(PoolObjectSQL * object, const string & tmpl,
const RequestAttributes &att, string &error_str);
}; };
/* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */
@ -144,7 +136,7 @@ public:
Nebula& nd = Nebula::instance(); Nebula& nd = Nebula::instance();
pool = nd.get_vnpool(); pool = nd.get_vnpool();
auth_object = PoolObjectSQL::NET; auth_object = PoolObjectSQL::NET;
auth_op = AuthRequest::ADMIN; auth_op = AuthRequest::MANAGE;
}; };
~VirtualNetworkUpdateTemplate(){}; ~VirtualNetworkUpdateTemplate(){};

11
include/RequestManagerVirtualNetwork.h
View File

@ -142,7 +142,7 @@ public:
RequestManagerVirtualNetwork("VirtualNetworkUpdateAddressRange", RequestManagerVirtualNetwork("VirtualNetworkUpdateAddressRange",
"Updates address ranges to a virtual network") "Updates address ranges to a virtual network")
{ {
auth_op = AuthRequest::ADMIN; auth_op = AuthRequest::MANAGE;
}; };
~VirtualNetworkUpdateAddressRange(){}; ~VirtualNetworkUpdateAddressRange(){};
@ -152,7 +152,14 @@ public:
RequestAttributes& att, RequestAttributes& att,
string& error_str) string& error_str)
{ {
return vn->update_ar(tmpl, error_str); if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID)
{
return vn->update_ar(tmpl, true, error_str);
}
else
{
return vn->update_ar(tmpl, false, error_str);
}
}; };
}; };

20
include/Template.h
View File

@ -380,6 +380,16 @@ public:
*/ */
int merge(const Template * from_tmpl, string& error_str); int merge(const Template * from_tmpl, string& error_str);
/**
* Deletes all restricted attributes
*/
virtual void remove_restricted();
/**
* Deletes all the attributes, except the restricted ones
*/
virtual void remove_all_except_restricted();
protected: protected:
/** /**
* The template attributes * The template attributes
@ -419,6 +429,16 @@ protected:
*/ */
bool check(string& rs_attr, const vector<string> &restricted_attributes); bool check(string& rs_attr, const vector<string> &restricted_attributes);
/**
* Deletes all restricted attributes
*/
void remove_restricted(const vector<string> &restricted_attributes);
/**
* Deletes all the attributes, except the restricted ones
*/
void remove_all_except_restricted(const vector<string> &restricted_attributes);
/** /**
* Updates the xml root element name * Updates the xml root element name
* *

26
include/VirtualMachineTemplate.h
View File

@ -52,21 +52,27 @@ public:
return Template::check(rs_attr, restricted_attributes); return Template::check(rs_attr, restricted_attributes);
}; };
/**
* Deletes all restricted attributes
*/
void remove_restricted()
{
Template::remove_restricted(restricted_attributes);
};
/**
* Deletes all the attributes, except the restricted ones
*/
void remove_all_except_restricted()
{
Template::remove_all_except_restricted(restricted_attributes);
};
void set_xml_root(const char * _xml_root) void set_xml_root(const char * _xml_root)
{ {
Template::set_xml_root(_xml_root); Template::set_xml_root(_xml_root);
}; };
/**
* Deletes all restricted attributes
*/
void remove_restricted();
/**
* Deletes all the attributes, excepts the restricted ones
*/
void remove_all_except_restricted();
/** /**
* Replaces the given image from the DISK attribute with a new one * Replaces the given image from the DISK attribute with a new one
* @param target_id IMAGE_ID the image to be replaced * @param target_id IMAGE_ID the image to be replaced

15
include/VirtualNetwork.h
View File

@ -108,11 +108,16 @@ public:
* Update an address range to the virtual network * Update an address range to the virtual network
* @param ars_tmpl template in the form AR = [AR_ID=...]. The address range * @param ars_tmpl template in the form AR = [AR_ID=...]. The address range
* is specified by the AR_ID attribute. * is specified by the AR_ID attribute.
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error_msg If the action fails, this message contains * @param error_msg If the action fails, this message contains
* the reason. * the reason.
* @return 0 on success * @return 0 on success
*/ */
int update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg); int update_ar(
VirtualNetworkTemplate* ars_tmpl,
bool keep_restricted,
string& error_msg);
// ************************************************************************* // *************************************************************************
// Address hold/release interface // Address hold/release interface
@ -358,9 +363,13 @@ public:
/** /**
* Replace the template of the virtual network it also updates the BRIDGE, * Replace the template of the virtual network it also updates the BRIDGE,
* PHY_DEV, VLAN_ID and VLAN attributes. * PHY_DEV, VLAN_ID and VLAN attributes.
* @param tmpl string representation of the template * @param tmpl_str new contents
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error string describing the error if any
* @return 0 on success
*/ */
int replace_template(const string& tmpl_str, string& error); int replace_template(const string& tmpl_str, bool keep_restricted, string& error);
/** /**
* Gets a string based attribute (single) from an address range. If the * Gets a string based attribute (single) from an address range. If the

1
include/VirtualNetworkPool.h
View File

@ -36,6 +36,7 @@ public:
VirtualNetworkPool(SqlDB * db, VirtualNetworkPool(SqlDB * db,
const string& str_mac_prefix, const string& str_mac_prefix,
int default_size, int default_size,
vector<const Attribute *>& restricted_attrs,
vector<const Attribute *> hook_mads, vector<const Attribute *> hook_mads,
const string& remotes_location, const string& remotes_location,
const vector<const Attribute *>& _inherit_attrs); const vector<const Attribute *>& _inherit_attrs);

42
include/VirtualNetworkTemplate.h
View File

@ -31,6 +31,48 @@ public:
Template(false,'=',"TEMPLATE"){}; Template(false,'=',"TEMPLATE"){};
~VirtualNetworkTemplate(){}; ~VirtualNetworkTemplate(){};
/**
* Checks the template for RESTRICTED ATTRIBUTES
* @param rs_attr the first restricted attribute found if any
* @return true if a restricted attribute is found in the template
*/
bool check(string& rs_attr)
{
return Template::check(rs_attr, restricted_attributes);
};
/**
* Deletes all restricted attributes
*/
void remove_restricted()
{
Template::remove_restricted(restricted_attributes);
};
/**
* Deletes all the attributes, except the restricted ones
*/
void remove_all_except_restricted()
{
Template::remove_all_except_restricted(restricted_attributes);
};
private:
friend class VirtualNetworkPool;
static vector<string> restricted_attributes;
/**
* Stores the attributes as restricted, these attributes will be used in
* VirtualMachineTemplate::check
* @param rattrs Attributes to restrict
*/
static void set_restricted_attributes(vector<const Attribute *>& rattrs)
{
Template::set_restricted_attributes(rattrs, restricted_attributes);
};
}; };
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */

8
include/Zone.h
View File

@ -47,9 +47,13 @@ public:
/** /**
* Replace template for this object. Object should be updated * Replace template for this object. Object should be updated
* after calling this method * after calling this method
* @param tmpl string representation of the template * @param tmpl_str new contents
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error string describing the error if any
* @return 0 on success
*/ */
int replace_template(const string& tmpl_str, string& error); int replace_template(const string& tmpl_str, bool keep_restricted, string& error);
private: private:

10
share/etc/oned.conf
View File

@ -731,6 +731,16 @@ VM_RESTRICTED_ATTR = "DISK/WRITE_IOPS_SEC"
IMAGE_RESTRICTED_ATTR = "SOURCE" IMAGE_RESTRICTED_ATTR = "SOURCE"
VNET_RESTRICTED_ATTR = "PHYDEV"
VNET_RESTRICTED_ATTR = "VLAN_ID"
VNET_RESTRICTED_ATTR = "VLAN"
VNET_RESTRICTED_ATTR = "BRIDGE"
VNET_RESTRICTED_ATTR = "AR/PHYDEV"
VNET_RESTRICTED_ATTR = "AR/VLAN_ID"
VNET_RESTRICTED_ATTR = "AR/VLAN"
VNET_RESTRICTED_ATTR = "AR/BRIDGE"
#******************************************************************************* #*******************************************************************************
# Inherited Attributes Configuration # Inherited Attributes Configuration
#******************************************************************************* #*******************************************************************************

16
src/datastore/Datastore.cc
View File

@ -584,7 +584,8 @@ int Datastore::from_xml(const string& xml)
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
int Datastore::replace_template(const string& tmpl_str, string& error_str) int Datastore::replace_template(
const string& tmpl_str, bool keep_restricted, string& error_str)
{ {
string new_ds_mad; string new_ds_mad;
string new_tm_mad; string new_tm_mad;
@ -609,6 +610,19 @@ int Datastore::replace_template(const string& tmpl_str, string& error_str)
return -1; return -1;
} }
if (keep_restricted)
{
new_tmpl->remove_restricted();
if (obj_template != 0)
{
obj_template->remove_all_except_restricted();
string aux_error;
new_tmpl->merge(obj_template, aux_error);
}
}
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
/* Set the TYPE of the Datastore (class & template) */ /* Set the TYPE of the Datastore (class & template) */
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */

3
src/nebula/Nebula.cc
View File

@ -463,6 +463,7 @@ void Nebula::start(bool bootstrap_only)
vector<const Attribute *> vm_restricted_attrs; vector<const Attribute *> vm_restricted_attrs;
vector<const Attribute *> img_restricted_attrs; vector<const Attribute *> img_restricted_attrs;
vector<const Attribute *> vnet_restricted_attrs;
vector<const Attribute *> inherit_image_attrs; vector<const Attribute *> inherit_image_attrs;
vector<const Attribute *> inherit_datastore_attrs; vector<const Attribute *> inherit_datastore_attrs;
@ -481,6 +482,7 @@ void Nebula::start(bool bootstrap_only)
nebula_configuration->get("VM_RESTRICTED_ATTR", vm_restricted_attrs); nebula_configuration->get("VM_RESTRICTED_ATTR", vm_restricted_attrs);
nebula_configuration->get("IMAGE_RESTRICTED_ATTR", img_restricted_attrs); nebula_configuration->get("IMAGE_RESTRICTED_ATTR", img_restricted_attrs);
nebula_configuration->get("VNET_RESTRICTED_ATTR", vnet_restricted_attrs);
nebula_configuration->get("INHERIT_IMAGE_ATTR", inherit_image_attrs); nebula_configuration->get("INHERIT_IMAGE_ATTR", inherit_image_attrs);
nebula_configuration->get("INHERIT_DATASTORE_ATTR", inherit_datastore_attrs); nebula_configuration->get("INHERIT_DATASTORE_ATTR", inherit_datastore_attrs);
@ -510,6 +512,7 @@ void Nebula::start(bool bootstrap_only)
vnpool = new VirtualNetworkPool(db, vnpool = new VirtualNetworkPool(db,
mac_prefix, mac_prefix,
size, size,
vnet_restricted_attrs,
vnet_hooks, vnet_hooks,
remotes_location, remotes_location,
inherit_vnet_attrs); inherit_vnet_attrs);

24
src/pool/PoolObjectSQL.cc
View File

@ -167,7 +167,8 @@ void PoolObjectSQL::clear_template_error_message()
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
int PoolObjectSQL::replace_template(const string& tmpl_str, string& error) int PoolObjectSQL::replace_template(
const string& tmpl_str, bool keep_restricted, string& error)
{ {
Template * new_tmpl = get_new_template(); Template * new_tmpl = get_new_template();
@ -183,6 +184,19 @@ int PoolObjectSQL::replace_template(const string& tmpl_str, string& error)
return -1; return -1;
} }
if (keep_restricted)
{
new_tmpl->remove_restricted();
if (obj_template != 0)
{
obj_template->remove_all_except_restricted();
string aux_error;
new_tmpl->merge(obj_template, aux_error);
}
}
delete obj_template; delete obj_template;
obj_template = new_tmpl; obj_template = new_tmpl;
@ -193,7 +207,8 @@ int PoolObjectSQL::replace_template(const string& tmpl_str, string& error)
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
int PoolObjectSQL::append_template(const string& tmpl_str, string& error) int PoolObjectSQL::append_template(
const string& tmpl_str, bool keep_restricted, string& error)
{ {
Template * new_tmpl = get_new_template(); Template * new_tmpl = get_new_template();
@ -209,6 +224,11 @@ int PoolObjectSQL::append_template(const string& tmpl_str, string& error)
return -1; return -1;
} }
if (keep_restricted)
{
new_tmpl->remove_restricted();
}
if ( obj_template != 0 ) if ( obj_template != 0 )
{ {
obj_template->merge(new_tmpl, error); obj_template->merge(new_tmpl, error);

39
src/rm/RequestManagerAllocate.cc
View File

@ -125,6 +125,45 @@ bool VirtualMachineAllocate::allocate_authorization(
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
bool VirtualNetworkAllocate::allocate_authorization(
Template * tmpl,
RequestAttributes& att,
PoolObjectAuth * cluster_perms)
{
string aname;
VirtualNetworkTemplate * vn_tmpl = static_cast<VirtualNetworkTemplate *>(tmpl);
bool auth = RequestManagerAllocate::allocate_authorization(
vn_tmpl, att, cluster_perms);
if ( auth )
{
// ------------ Check template for restricted attributes --------------
if ( att.uid != UserPool::ONEADMIN_ID && att.gid != GroupPool::ONEADMIN_ID )
{
if (vn_tmpl->check(aname))
{
ostringstream oss;
oss << "Template includes a restricted attribute " << aname;
failure_response(AUTHORIZATION,
authorization_error(oss.str(), att),
att);
return false;
}
}
}
return auth;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params, void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params,
RequestAttributes& att) RequestAttributes& att)
{ {

49
src/rm/RequestManagerUpdateTemplate.cc
View File

@ -27,7 +27,14 @@ int RequestManagerUpdateTemplate::replace_template(
const RequestAttributes &att, const RequestAttributes &att,
string &error_str) string &error_str)
{ {
return object->replace_template(tmpl, error_str); if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID)
{
return object->replace_template(tmpl, true, error_str);
}
else
{
return object->replace_template(tmpl, false, error_str);
}
} }
/* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */
@ -39,49 +46,13 @@ int RequestManagerUpdateTemplate::append_template(
const RequestAttributes &att, const RequestAttributes &att,
string &error_str) string &error_str)
{ {
return object->append_template(tmpl, error_str);
}
/* ------------------------------------------------------------------------- */
/* ------------------------------------------------------------------------- */
int VirtualMachineUpdateTemplate::replace_template(
PoolObjectSQL * object,
const string & tmpl,
const RequestAttributes & att,
string & error_str)
{
VirtualMachine* vm = static_cast<VirtualMachine*>(object);
if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID) if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID)
{ {
return vm->replace_template(tmpl, true, error_str); return object->append_template(tmpl, true, error_str);
} }
else else
{ {
return vm->replace_template(tmpl, false, error_str); return object->append_template(tmpl, false, error_str);
}
}
/* ------------------------------------------------------------------------- */
/* ------------------------------------------------------------------------- */
int VirtualMachineUpdateTemplate::append_template(
PoolObjectSQL * object,
const string & tmpl,
const RequestAttributes & att,
string & error_str)
{
VirtualMachine* vm = static_cast<VirtualMachine*>(object);
if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID)
{
return vm->append_template(tmpl, true, error_str);
}
else
{
return vm->append_template(tmpl, false, error_str);
} }
} }

1
src/scheduler/src/sched/SConstruct
View File

@ -38,6 +38,7 @@ sched_env.Prepend(LIBS=[
'nebula_common', 'nebula_common',
'nebula_core', 'nebula_core',
'nebula_template', 'nebula_template',
'nebula_vm',
'crypto', 'crypto',
'xml2' 'xml2'
]) ])

4
src/sunstone/etc/sunstone-views/user.yaml
View File

@ -327,7 +327,7 @@ tabs:
Datastore.delete: false Datastore.delete: false
vnets-tab: vnets-tab:
panel_tabs: panel_tabs:
vnet_info_tab: false vnet_info_tab: true
vnet_ar_list_tab: true vnet_ar_list_tab: true
vnet_leases_tab: true vnet_leases_tab: true
table_columns: table_columns:
@ -353,7 +353,7 @@ tabs:
Network.release_lease: true Network.release_lease: true
Network.add_ar: false Network.add_ar: false
Network.remove_ar: true Network.remove_ar: true
Network.update_ar: false Network.update_ar: true
marketplace-tab: marketplace-tab:
panel_tabs: panel_tabs:
marketplace_info_tab: true marketplace_info_tab: true

14
src/sunstone/public/js/plugins/vnets-tab.js
View File

@ -820,18 +820,8 @@ function updateVNetworkInfo(request,vn){
$(this).addClass('markrowchecked'); $(this).addClass('markrowchecked');
}); });
if (get_ar(vn_info, id).PARENT_NETWORK_AR_ID != undefined && $("#update_ar_button", $("#vnet_info_panel")).attr("ar_id", id);
get_ar(vn_info, id).PARENT_NETWORK_AR_ID.length > 0){ $("#update_ar_button", $("#vnet_info_panel")).prop("disabled", false);
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", true);
$("#update_ar_button", $("#vnet_info_panel")).addClass("has-tip");
$("#update_ar_button", $("#vnet_info_panel")).attr("title", tr("This address range is a reservation"));
} else{
$("#update_ar_button", $("#vnet_info_panel")).attr("ar_id", id);
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", false);
$("#update_ar_button", $("#vnet_info_panel")).removeClass("has-tip");
$("#update_ar_button", $("#vnet_info_panel")).removeAttr("title");
}
$("#rm_ar_button", $("#vnet_info_panel")).attr("ar_id", id).removeAttr('disabled'); $("#rm_ar_button", $("#vnet_info_panel")).attr("ar_id", id).removeAttr('disabled');

122
src/template/Template.cc
View File

@ -860,3 +860,125 @@ bool Template::check(string& rs_attr, const vector<string> &restricted_attribute
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
void Template::remove_restricted()
{}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void Template::remove_all_except_restricted()
{}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void Template::remove_restricted(const vector<string> &restricted_attributes)
{
size_t pos;
string avector, vattr;
vector<Attribute *> values;
for (unsigned int i=0; i < restricted_attributes.size(); i++)
{
pos = restricted_attributes[i].find("/");
if (pos != string::npos) //Vector Attribute
{
int num;
avector = restricted_attributes[i].substr(0,pos);
vattr = restricted_attributes[i].substr(pos+1);
if ((num = get(avector,values)) > 0 ) //Template contains the attr
{
VectorAttribute * attr;
for (int j=0; j<num ; j++ )
{
attr = dynamic_cast<VectorAttribute *>(values[j]);
if (attr == 0)
{
continue;
}
attr->remove(vattr);
}
}
}
else //Single Attribute
{
erase(restricted_attributes[i]);
}
}
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void Template::remove_all_except_restricted(const vector<string> &restricted_attributes)
{
size_t pos;
string avector, vattr;
vector<Attribute *> values;
vector<Attribute *> restricted;
for (unsigned int i=0; i < restricted_attributes.size(); i++)
{
pos = restricted_attributes[i].find("/");
if (pos != string::npos) //Vector Attribute
{
int num;
avector = restricted_attributes[i].substr(0,pos);
vattr = restricted_attributes[i].substr(pos+1);
if ((num = get(avector,values)) > 0 ) //Template contains the attr
{
VectorAttribute * attr;
for (int j=0; j<num ; j++ )
{
attr = dynamic_cast<VectorAttribute *>(values[j]);
if (attr == 0)
{
continue;
}
if ( !attr->vector_value(vattr.c_str()).empty() )
{
restricted.push_back(attr);
}
}
}
}
else //Single Attribute
{
this->get(restricted_attributes[i], restricted);
}
}
vector<Attribute *>::iterator res_it;
for (res_it = restricted.begin(); res_it != restricted.end(); res_it++)
{
remove(*res_it);
}
multimap<string,Attribute *>::iterator att_it;
for ( att_it = attributes.begin(); att_it != attributes.end(); att_it++)
{
delete att_it->second;
}
attributes.clear();
for (res_it = restricted.begin(); res_it != restricted.end(); res_it++)
{
set(*res_it);
}
}

116
src/vm/VirtualMachineTemplate.cc
View File

@ -15,128 +15,12 @@
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
#include "VirtualMachineTemplate.h" #include "VirtualMachineTemplate.h"
#include "Host.h"
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
vector<string> VirtualMachineTemplate::restricted_attributes; vector<string> VirtualMachineTemplate::restricted_attributes;
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void VirtualMachineTemplate::remove_restricted()
{
size_t pos;
string avector, vattr;
vector<Attribute *> values;
for (unsigned int i=0; i < restricted_attributes.size(); i++)
{
pos = restricted_attributes[i].find("/");
if (pos != string::npos) //Vector Attribute
{
int num;
avector = restricted_attributes[i].substr(0,pos);
vattr = restricted_attributes[i].substr(pos+1);
if ((num = get(avector,values)) > 0 ) //Template contains the attr
{
VectorAttribute * attr;
for (int j=0; j<num ; j++ )
{
attr = dynamic_cast<VectorAttribute *>(values[j]);
if (attr == 0)
{
continue;
}
attr->remove(vattr);
}
}
}
else //Single Attribute
{
erase(restricted_attributes[i]);
}
}
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void VirtualMachineTemplate::remove_all_except_restricted()
{
size_t pos;
string avector, vattr;
vector<Attribute *> values;
vector<Attribute *> restricted;
for (unsigned int i=0; i < restricted_attributes.size(); i++)
{
pos = restricted_attributes[i].find("/");
if (pos != string::npos) //Vector Attribute
{
int num;
avector = restricted_attributes[i].substr(0,pos);
vattr = restricted_attributes[i].substr(pos+1);
if ((num = get(avector,values)) > 0 ) //Template contains the attr
{
VectorAttribute * attr;
for (int j=0; j<num ; j++ )
{
attr = dynamic_cast<VectorAttribute *>(values[j]);
if (attr == 0)
{
continue;
}
if ( !attr->vector_value(vattr.c_str()).empty() )
{
restricted.push_back(attr);
}
}
}
}
else //Single Attribute
{
this->get(restricted_attributes[i], restricted);
}
}
vector<Attribute *>::iterator res_it;
for (res_it = restricted.begin(); res_it != restricted.end(); res_it++)
{
remove(*res_it);
}
multimap<string,Attribute *>::iterator att_it;
for ( att_it = attributes.begin(); att_it != attributes.end(); att_it++)
{
delete att_it->second;
}
attributes.clear();
for (res_it = restricted.begin(); res_it != restricted.end(); res_it++)
{
set(*res_it);
}
}
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */

59
src/vnm/AddressRange.cc
View File

@ -199,13 +199,21 @@ int AddressRange::from_vattr(VectorAttribute *vattr, string& error_msg)
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
int AddressRange::update_attributes(VectorAttribute *vup, string& error_msg) int AddressRange::update_attributes(
VectorAttribute * vup,
bool keep_restricted,
string& error_msg)
{ {
/* --------------- Do not allow to modify a reservation ------- */ /* --------------- Do not allow to modify a reservation ------- */
int pid; int pid;
bool is_reservation = (get_attribute("PARENT_NETWORK_AR_ID", pid) == 0); bool is_reservation = (get_attribute("PARENT_NETWORK_AR_ID", pid) == 0);
if (keep_restricted)
{
remove_restricted(vup);
}
/* --------------- Copy non-update attributes ----------------- */ /* --------------- Copy non-update attributes ----------------- */
vup->replace("TYPE", attr->vector_value("TYPE")); vup->replace("TYPE", attr->vector_value("TYPE"));
@ -237,6 +245,14 @@ int AddressRange::update_attributes(VectorAttribute *vup, string& error_msg)
attr->vector_value("PARENT_NETWORK_AR_ID")); attr->vector_value("PARENT_NETWORK_AR_ID"));
} }
/* ----------------- restricted attributes ----------------- */
if (keep_restricted)
{
remove_all_except_restricted(attr);
vup->merge(attr, true);
}
/* ----------------- update known attributes ----------------- */ /* ----------------- update known attributes ----------------- */
@ -1318,3 +1334,44 @@ void AddressRange::set_restricted_attributes(
restricted_attributes.insert(one_util::toupper(attr_s)); restricted_attributes.insert(one_util::toupper(attr_s));
} }
}; };
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void AddressRange::remove_restricted(VectorAttribute* va)
{
set<string>::const_iterator it;
size_t pos;
for (it=restricted_attributes.begin(); it!=restricted_attributes.end(); it++)
{
pos = it->find("AR/");
if (pos != string::npos)
{
va->remove( it->substr(pos+3) );
}
}
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void AddressRange::remove_all_except_restricted(VectorAttribute* va)
{
map<string,string>::iterator it;
map<string,string> vals = va->value();
ostringstream oss;
for(it = vals.begin(); it != vals.end(); it++)
{
oss.str("");
oss << "AR/" << it->first;
if (restricted_attributes.count(oss.str()) == 0)
{
va->remove(it->first);
}
}
}

7
src/vnm/AddressRangePool.cc
View File

@ -81,7 +81,10 @@ int AddressRangePool::add_ar(AddressRange * ar)
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
int AddressRangePool::update_ar(vector<Attribute *> ars, string& error_msg) int AddressRangePool::update_ar(
vector<Attribute *> ars,
bool keep_restricted,
string& error_msg)
{ {
vector<Attribute *>::iterator it; vector<Attribute *>::iterator it;
map<unsigned int, AddressRange *>::iterator ar_it; map<unsigned int, AddressRange *>::iterator ar_it;
@ -115,7 +118,7 @@ int AddressRangePool::update_ar(vector<Attribute *> ars, string& error_msg)
return -1; return -1;
} }
return ar_it->second->update_attributes(va, error_msg); return ar_it->second->update_attributes(va, keep_restricted, error_msg);
} }
error_msg = "Wrong AR definition. AR vector attribute is missing."; error_msg = "Wrong AR definition. AR vector attribute is missing.";

3
src/vnm/SConstruct
View File

@ -25,7 +25,8 @@ source_files=[
'VirtualNetwork.cc', 'VirtualNetwork.cc',
'VirtualNetworkPool.cc', 'VirtualNetworkPool.cc',
'AddressRange.cc', 'AddressRange.cc',
'AddressRangePool.cc' 'AddressRangePool.cc',
'VirtualNetworkTemplate.cc'
] ]
# Build library # Build library

23
src/vnm/VirtualNetwork.cc
View File

@ -206,7 +206,8 @@ error_common:
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
int VirtualNetwork::replace_template(const string& tmpl_str, string& error_str) int VirtualNetwork::replace_template(
const string& tmpl_str, bool keep_restricted, string& error_str)
{ {
string new_bridge; string new_bridge;
bool b_vlan; bool b_vlan;
@ -229,6 +230,19 @@ int VirtualNetwork::replace_template(const string& tmpl_str, string& error_str)
return -1; return -1;
} }
if (keep_restricted)
{
new_tmpl->remove_restricted();
if (obj_template != 0)
{
obj_template->remove_all_except_restricted();
string aux_error;
new_tmpl->merge(obj_template, aux_error);
}
}
delete obj_template; delete obj_template;
obj_template = new_tmpl; obj_template = new_tmpl;
@ -656,7 +670,10 @@ int VirtualNetwork::add_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg)
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
int VirtualNetwork::update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg) int VirtualNetwork::update_ar(
VirtualNetworkTemplate* ars_tmpl,
bool keep_restricted,
string& error_msg)
{ {
vector<Attribute *> tmp_ars; vector<Attribute *> tmp_ars;
@ -667,7 +684,7 @@ int VirtualNetwork::update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_m
return -1; return -1;
} }
return ar_pool.update_ar(tmp_ars, error_msg); return ar_pool.update_ar(tmp_ars, keep_restricted, error_msg);
} }
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */

17
src/vnm/VirtualNetworkPool.cc
View File

@ -20,6 +20,7 @@
#include "Nebula.h" #include "Nebula.h"
#include "PoolObjectAuth.h" #include "PoolObjectAuth.h"
#include "AuthManager.h" #include "AuthManager.h"
#include "AddressRange.h"
#include <sstream> #include <sstream>
#include <ctype.h> #include <ctype.h>
@ -35,6 +36,7 @@ VirtualNetworkPool::VirtualNetworkPool(
SqlDB * db, SqlDB * db,
const string& prefix, const string& prefix,
int __default_size, int __default_size,
vector<const Attribute *>& restricted_attrs,
vector<const Attribute *> hook_mads, vector<const Attribute *> hook_mads,
const string& remotes_location, const string& remotes_location,
const vector<const Attribute *>& _inherit_attrs): const vector<const Attribute *>& _inherit_attrs):
@ -73,14 +75,17 @@ VirtualNetworkPool::VirtualNetworkPool(
_mac_prefix <<= 8; _mac_prefix <<= 8;
_mac_prefix += tmp; _mac_prefix += tmp;
register_hooks(hook_mads, remotes_location); VirtualNetworkTemplate::set_restricted_attributes(restricted_attrs);
AddressRange::set_restricted_attributes(restricted_attrs);
for (it = _inherit_attrs.begin(); it != _inherit_attrs.end(); it++) register_hooks(hook_mads, remotes_location);
{
const SingleAttribute* sattr = static_cast<const SingleAttribute *>(*it);
inherit_attrs.push_back(sattr->value()); for (it = _inherit_attrs.begin(); it != _inherit_attrs.end(); it++)
} {
const SingleAttribute* sattr = static_cast<const SingleAttribute *>(*it);
inherit_attrs.push_back(sattr->value());
}
} }
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */

25
src/vnm/VirtualNetworkTemplate.cc Normal file
View File

@ -0,0 +1,25 @@
/* -------------------------------------------------------------------------- */
/* Copyright 2002-2014, OpenNebula Project (OpenNebula.org), C12G Labs */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
/* not use this file except in compliance with the License. You may obtain */
/* a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
/* See the License for the specific language governing permissions and */
/* limitations under the License. */
/* -------------------------------------------------------------------------- */
#include "VirtualNetworkTemplate.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
vector<string> VirtualNetworkTemplate::restricted_attributes;
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */

15
src/zone/Zone.cc
View File

@ -251,7 +251,7 @@ int Zone::from_xml(const string& xml)
/* ------------------------------------------------------------------------ */ /* ------------------------------------------------------------------------ */
/* ------------------------------------------------------------------------ */ /* ------------------------------------------------------------------------ */
int Zone::replace_template(const string& tmpl_str, string& error_str) int Zone::replace_template(const string& tmpl_str, bool keep_restricted, string& error_str)
{ {
Template * new_tmpl = get_new_template(); Template * new_tmpl = get_new_template();
@ -267,6 +267,19 @@ int Zone::replace_template(const string& tmpl_str, string& error_str)
return -1; return -1;
} }
if (keep_restricted)
{
new_tmpl->remove_restricted();
if (obj_template != 0)
{
obj_template->remove_all_except_restricted();
string aux_error;
new_tmpl->merge(obj_template, aux_error);
}
}
string new_endpoint; string new_endpoint;
new_tmpl->get("ENDPOINT", new_endpoint); new_tmpl->get("ENDPOINT", new_endpoint);