mirror of
https://github.com/OpenNebula/one.git
synced 2025-01-13 13:17:39 +03:00
F #1913: Users can instantiate a VM template as another user/group
This commit is contained in:
parent
a875657120
commit
4b149ac5f5
include
src
cli
rm
sunstone
etc/sunstone-views
public/app/tabs/templates-tab/form-panels
@ -381,6 +381,12 @@ protected:
|
||||
static void quota_rollback(Template * tmpl, Quotas::QuotaType qtype,
|
||||
RequestAttributes& att);
|
||||
|
||||
/**
|
||||
* @param tmpl describing the object
|
||||
* @param att the specific request attributes
|
||||
*/
|
||||
ErrorCode as_uid_gid(Template * tmpl, RequestAttributes& att);
|
||||
|
||||
private:
|
||||
/* ---------------------------------------------------------------------- */
|
||||
/* Functions to manage user and group quotas */
|
||||
|
@ -361,6 +361,18 @@ EOT
|
||||
:format => String,
|
||||
:description => "In a vCenter environment sets the the VMs and Template folder where the VM will be placed in." \
|
||||
" The path uses slashes to separate folders. For example: --vcenter_vm_folder \"/Management/VMs\""
|
||||
},
|
||||
{
|
||||
:name => 'as_uid',
|
||||
:large => '--as_uid uid',
|
||||
:format => Integer,
|
||||
:description => 'The User ID to instantiate the VM'
|
||||
},
|
||||
{
|
||||
:name => 'as_gid',
|
||||
:large => '--as_gid gid',
|
||||
:format => Integer,
|
||||
:description => 'The Group ID to instantiate the VM'
|
||||
}
|
||||
]
|
||||
|
||||
@ -1098,6 +1110,9 @@ EOT
|
||||
template<<"MEMORY=#{options[:memory]}\n" if options[:memory]
|
||||
template<<"#{options[:raw]}\n" if options[:raw]
|
||||
|
||||
template<<"AS_UID=#{options[:as_uid]}\n" if options[:as_uid]
|
||||
template<<"AS_GID=#{options[:as_gid]}\n" if options[:as_gid]
|
||||
|
||||
if options[:disk]
|
||||
res=create_disk_net(options[:disk], 'DISK', 'IMAGE')
|
||||
return res if res.first!=0
|
||||
|
@ -851,3 +851,93 @@ int Request::get_info(
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
Request::ErrorCode Request::as_uid_gid(Template * tmpl,
|
||||
RequestAttributes& att)
|
||||
{
|
||||
string gname;
|
||||
string uname;
|
||||
|
||||
PoolObjectAuth uperms;
|
||||
PoolObjectAuth gperms;
|
||||
int uid = att.uid, as_uid = -1, as_gid = -1;
|
||||
set<int> gids = att.group_ids;
|
||||
int rc;
|
||||
|
||||
UserPool * upool = Nebula::instance().get_upool();
|
||||
GroupPool * gpool = Nebula::instance().get_gpool();
|
||||
|
||||
if ( tmpl->get("AS_UID", as_uid) )
|
||||
{
|
||||
tmpl->erase("AS_UID");
|
||||
rc = get_info(upool, as_uid, PoolObjectSQL::USER, att, uperms, uname,true);
|
||||
|
||||
if ( rc == -1 )
|
||||
{
|
||||
return NO_EXISTS;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
as_uid = -1;
|
||||
}
|
||||
|
||||
if ( tmpl->get("AS_GID", as_gid) )
|
||||
{
|
||||
tmpl->erase("AS_GID");
|
||||
rc = get_info(gpool, as_gid, PoolObjectSQL::GROUP, att, gperms, gname,true);
|
||||
|
||||
if ( rc == -1 )
|
||||
{
|
||||
return NO_EXISTS;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
as_gid = -1;
|
||||
}
|
||||
|
||||
if ( as_gid == -1 && as_uid == -1)
|
||||
{
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
if ( uid != 0 )
|
||||
{
|
||||
AuthRequest ar(uid, gids);
|
||||
|
||||
if (as_uid > 0)
|
||||
{
|
||||
ar.add_auth(AuthRequest::MANAGE, uperms); // MANAGE USER
|
||||
}
|
||||
if (as_gid > 0)
|
||||
{
|
||||
ar.add_auth(AuthRequest::MANAGE, gperms); // MANAGE GROUP
|
||||
}
|
||||
|
||||
if (UserPool::authorize(ar) == -1)
|
||||
{
|
||||
att.resp_msg = ar.message;
|
||||
return AUTHORIZATION;
|
||||
}
|
||||
}
|
||||
|
||||
if ( as_uid > 0 )
|
||||
{
|
||||
att.uid = as_uid;
|
||||
att.uname = uname;
|
||||
}
|
||||
|
||||
if ( as_gid > 0 )
|
||||
{
|
||||
att.gid = as_gid;
|
||||
att.gname = gname;
|
||||
att.group_ids.clear();
|
||||
att.group_ids.insert(as_gid);
|
||||
}
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
@ -169,6 +169,14 @@ Request::ErrorCode VMTemplateInstantiate::request_execute(int id, string name,
|
||||
tmpl->merge(extra_attrs);
|
||||
}
|
||||
|
||||
ec = as_uid_gid(tmpl, att);
|
||||
|
||||
if ( ec != SUCCESS )
|
||||
{
|
||||
delete tmpl;
|
||||
return ec;
|
||||
}
|
||||
|
||||
/* ---------------------------------------------------------------------- */
|
||||
/* Store the template attributes in the VM */
|
||||
/* ---------------------------------------------------------------------- */
|
||||
|
@ -75,6 +75,12 @@ features:
|
||||
|
||||
# True to show the attributes info (VM & VRouters)
|
||||
show_attributes_info: true
|
||||
|
||||
# True to show the user datatable to instantiate VM
|
||||
show_as_uid_instantiate: true
|
||||
|
||||
# True to show the group datatable to instantiate VM
|
||||
show_as_gid_instantiate: true
|
||||
tabs:
|
||||
dashboard-tab:
|
||||
# The following widgets can be used inside any of the '_per_row' settings
|
||||
|
@ -75,6 +75,12 @@ features:
|
||||
|
||||
# True to show the attributes info (VM & VRouters)
|
||||
show_attributes_info: true
|
||||
|
||||
# True to show the user datatable to instantiate VM
|
||||
show_as_uid_instantiate: true
|
||||
|
||||
# True to show the group datatable to instantiate VM
|
||||
show_as_gid_instantiate: true
|
||||
tabs:
|
||||
dashboard-tab:
|
||||
# The following widgets can be used inside any of the '_per_row' settings
|
||||
|
@ -75,6 +75,12 @@ features:
|
||||
|
||||
# True to show the attributes info (VM & VRouters)
|
||||
show_attributes_info: true
|
||||
|
||||
# True to show the user datatable to instantiate VM
|
||||
show_as_uid_instantiate: true
|
||||
|
||||
# True to show the group datatable to instantiate VM
|
||||
show_as_gid_instantiate: true
|
||||
tabs:
|
||||
dashboard-tab:
|
||||
# The following widgets can be used inside any of the '_per_row' settings
|
||||
|
@ -75,6 +75,12 @@ features:
|
||||
|
||||
# True to show the attributes info (VM & VRouters)
|
||||
show_attributes_info: true
|
||||
|
||||
# True to show the user datatable to instantiate VM
|
||||
show_as_uid_instantiate: true
|
||||
|
||||
# True to show the group datatable to instantiate VM
|
||||
show_as_gid_instantiate: true
|
||||
tabs:
|
||||
dashboard-tab:
|
||||
# The following widgets can be used inside any of the '_per_row' settings
|
||||
|
@ -75,6 +75,12 @@ features:
|
||||
|
||||
# True to show the attributes info (VM & VRouters)
|
||||
show_attributes_info: true
|
||||
|
||||
# True to show the user datatable to instantiate VM
|
||||
show_as_uid_instantiate: true
|
||||
|
||||
# True to show the group datatable to instantiate VM
|
||||
show_as_gid_instantiate: true
|
||||
tabs:
|
||||
dashboard-tab:
|
||||
# The following widgets can be used inside any of the '_per_row' settings
|
||||
|
@ -75,6 +75,12 @@ features:
|
||||
|
||||
# True to show the attributes info (VM & VRouters)
|
||||
show_attributes_info: true
|
||||
|
||||
# True to show the user datatable to instantiate VM
|
||||
show_as_uid_instantiate: true
|
||||
|
||||
# True to show the group datatable to instantiate VM
|
||||
show_as_gid_instantiate: true
|
||||
tabs:
|
||||
dashboard-tab:
|
||||
# The following widgets can be used inside any of the '_per_row' settings
|
||||
|
@ -38,6 +38,8 @@ define(function(require) {
|
||||
var Config = require("sunstone-config");
|
||||
var HostsTable = require("tabs/hosts-tab/datatable");
|
||||
var DatastoresTable = require("tabs/datastores-tab/datatable");
|
||||
var UsersTable = require("tabs/users-tab/datatable");
|
||||
var GroupTable = require("tabs/groups-tab/datatable");
|
||||
var Humanize = require("utils/humanize");
|
||||
var TemplateUtils = require("utils/template-utils");
|
||||
var UniqueId = require("utils/unique-id");
|
||||
@ -279,6 +281,16 @@ define(function(require) {
|
||||
tmp_json.SCHED_DS_REQUIREMENTS = [];
|
||||
}
|
||||
|
||||
var as_uid = that.usersTable.retrieveResourceTableSelect();
|
||||
if (as_uid){
|
||||
tmp_json.AS_UID = as_uid;
|
||||
}
|
||||
|
||||
var as_gid = that.groupTable.retrieveResourceTableSelect();
|
||||
if (as_gid){
|
||||
tmp_json.AS_GID = as_gid;
|
||||
}
|
||||
|
||||
var nics = [];
|
||||
var pcis = [];
|
||||
|
||||
@ -411,19 +423,32 @@ define(function(require) {
|
||||
}
|
||||
};
|
||||
|
||||
var options_unique = {
|
||||
"select": true,
|
||||
"selectOptions": {
|
||||
"multiple_choice": false
|
||||
}
|
||||
};
|
||||
|
||||
that.hostsTable = new HostsTable("HostsTable" + UniqueId.id(), options);
|
||||
that.datastoresTable = new DatastoresTable("DatastoresTable" + UniqueId.id(), options);
|
||||
that.usersTable = new UsersTable("UsersTable" + UniqueId.id(), options_unique);
|
||||
that.groupTable = new GroupTable("GroupTable" + UniqueId.id(), options_unique);
|
||||
|
||||
templatesContext.append(
|
||||
TemplateRowHTML(
|
||||
{ element: template_json.VMTEMPLATE,
|
||||
capacityInputsHTML: CapacityInputs.html(),
|
||||
hostsDatatable: that.hostsTable.dataTableHTML,
|
||||
dsDatatable: that.datastoresTable.dataTableHTML
|
||||
dsDatatable: that.datastoresTable.dataTableHTML,
|
||||
usersDatatable: that.usersTable.dataTableHTML,
|
||||
groupDatatable: that.groupTable.dataTableHTML
|
||||
}) );
|
||||
|
||||
$(".provision_host_selector" + template_json.VMTEMPLATE.ID, context).data("hostsTable", that.hostsTable);
|
||||
$(".provision_ds_selector" + template_json.VMTEMPLATE.ID, context).data("dsTable", that.datastoresTable);
|
||||
$(".provision_uid_selector" + template_json.VMTEMPLATE.ID, context).data("usersTable", that.usersTable);
|
||||
$(".provision_gid_selector" + template_json.VMTEMPLATE.ID, context).data("groupTable", that.groupTable);
|
||||
|
||||
var actions = Actions.fromJSONtoActionsTable(template_json.VMTEMPLATE.TEMPLATE.SCHED_ACTION);
|
||||
$("#sched_inst_actions_body").append(actions);
|
||||
@ -448,6 +473,12 @@ define(function(require) {
|
||||
that.datastoresTable.filter("system", 10);
|
||||
that.datastoresTable.refreshResourceTableSelect();
|
||||
|
||||
//select_options
|
||||
that.usersTable.initialize();
|
||||
that.usersTable.refreshResourceTableSelect();
|
||||
that.groupTable.initialize();
|
||||
that.groupTable.refreshResourceTableSelect();
|
||||
|
||||
var reqJSON = template_json.VMTEMPLATE.TEMPLATE.SCHED_REQUIREMENTS;
|
||||
if (reqJSON) {
|
||||
$("#SCHED_REQUIREMENTS" + template_json.VMTEMPLATE.ID, context).val(reqJSON);
|
||||
@ -478,6 +509,22 @@ define(function(require) {
|
||||
that.datastoresTable.selectResourceTableSelect(selectedResources);
|
||||
}
|
||||
|
||||
var asuidJSON = template_json.VMTEMPLATE.TEMPLATE.AS_UID;
|
||||
if (asuidJSON) {
|
||||
var selectedResources = {
|
||||
ids : asuidJSON
|
||||
};
|
||||
that.usersTable.selectResourceTableSelect(selectedResources);
|
||||
}
|
||||
|
||||
var asgidJSON = template_json.VMTEMPLATE.TEMPLATE.AS_GID;
|
||||
if (asgidJSON) {
|
||||
var selectedResources = {
|
||||
ids : asgidJSON
|
||||
};
|
||||
that.groupTable.selectResourceTableSelect(selectedResources);
|
||||
}
|
||||
|
||||
DisksResize.insert({
|
||||
template_base_json: that.template_base_objects[template_json.VMTEMPLATE.ID],
|
||||
template_json: template_json,
|
||||
|
@ -57,12 +57,36 @@
|
||||
</div>
|
||||
{{/isFeatureEnabled}}
|
||||
{{#advancedSection (tr "Advanced options") }}
|
||||
{{#isFeatureEnabled "show_as_uid_instantiate"}}
|
||||
<div class="row">
|
||||
<div class="small-12 columns usersContext{{element.ID}}">
|
||||
<fieldset>
|
||||
<legend>
|
||||
<i class="fas fa-user"></i> {{tr "Instantiate as a different user"}}
|
||||
</legend>
|
||||
<div class="provision_uid_selector{{element.ID}}" data-tab-content>{{{usersDatatable}}}</div>
|
||||
</fieldset>
|
||||
</div>
|
||||
</div>
|
||||
{{/isFeatureEnabled}}
|
||||
{{#isFeatureEnabled "show_as_gid_instantiate"}}
|
||||
<div class="row">
|
||||
<div class="small-12 columns groupContext{{element.ID}}">
|
||||
<fieldset>
|
||||
<legend>
|
||||
<i class="fas fa-users"></i> {{tr "Instantiate as a different group"}}
|
||||
</legend>
|
||||
<div class="provision_gid_selector{{element.ID}}" data-tab-content>{{{groupDatatable}}}</div>
|
||||
</fieldset>
|
||||
</div>
|
||||
</div>
|
||||
{{/isFeatureEnabled}}
|
||||
{{#isFeatureEnabled "show_host_instantiate"}}
|
||||
<div class="row">
|
||||
<div class="small-12 columns hostContext{{element.ID}}">
|
||||
<fieldset>
|
||||
<legend>
|
||||
<i class="fas fa-globe"></i> {{tr "Host"}}
|
||||
<i class="fas fa-hdd"></i> {{tr "Host"}}
|
||||
</legend>
|
||||
<div class="provision_host_selector{{element.ID}}" data-tab-content>{{{hostsDatatable}}}</div>
|
||||
<div class="row">
|
||||
@ -83,7 +107,7 @@
|
||||
<div class="small-12 columns dsContext{{element.ID}}">
|
||||
<fieldset>
|
||||
<legend>
|
||||
<i class="fas fa-globe"></i> {{tr "Datastore"}}
|
||||
<i class="fas fa-folder-open"></i> {{tr "Datastore"}}
|
||||
</legend>
|
||||
<div class="provision_ds_selector{{element.ID}}" data-tab-content>{{{dsDatatable}}}</div>
|
||||
<div class="row">
|
||||
@ -103,7 +127,7 @@
|
||||
<div class="large-12 columns actionContext{{element.ID}}">
|
||||
<fieldset>
|
||||
<legend>
|
||||
<i class="fas fa-globe"></i> {{tr "Actions"}}
|
||||
<i class="fas fa-calendar-alt"></i> {{tr "Actions"}}
|
||||
</legend>
|
||||
<table id="scheduling_inst_actions_table" class="info_table dataTable">
|
||||
<thead>
|
||||
|
Loading…
x
Reference in New Issue
Block a user