mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-23 17:33:56 +03:00
Feature #3167: Allow users to edit their VNet's AR, respecting restricted attributes
This commit is contained in:
parent
479a0eca5b
commit
631936e22b
@ -311,7 +311,10 @@ public:
|
||||
* the reason.
|
||||
* @return 0 on success
|
||||
*/
|
||||
int update_attributes(VectorAttribute *vup, string& error_msg);
|
||||
int update_attributes(
|
||||
VectorAttribute * vup,
|
||||
bool keep_restricted,
|
||||
string& error_msg);
|
||||
|
||||
/*
|
||||
* add_ar from AddressRangePool needs to access the internal representation
|
||||
@ -319,6 +322,8 @@ public:
|
||||
*/
|
||||
friend int AddressRangePool::add_ar(AddressRange * ar);
|
||||
|
||||
static void set_restricted_attributes(vector<const Attribute *>& rattrs);
|
||||
|
||||
private:
|
||||
/* ---------------------------------------------------------------------- */
|
||||
/* String to binary conversion functions for different address types */
|
||||
@ -424,7 +429,15 @@ private:
|
||||
/* ---------------------------------------------------------------------- */
|
||||
bool check(string& rs_attr) const;
|
||||
|
||||
static void set_restricted_attributes(vector<const Attribute *>& rattrs);
|
||||
/**
|
||||
* Deletes all restricted attributes
|
||||
*/
|
||||
void remove_restricted(VectorAttribute* va);
|
||||
|
||||
/**
|
||||
* Deletes all the attributes, except the restricted ones
|
||||
*/
|
||||
void remove_all_except_restricted(VectorAttribute* va);
|
||||
|
||||
/* ---------------------------------------------------------------------- */
|
||||
/* Address Range data */
|
||||
|
@ -75,11 +75,13 @@ public:
|
||||
* Updates the given address ranges
|
||||
* @param ars vector of address ranges as VectorAttributes obtained from
|
||||
* template in the form AR = [...]. Only one AR is processed.
|
||||
* @param keep_restricted If true, the restricted attributes of the
|
||||
* current template will override the new template
|
||||
* @param error_msg If the action fails, this message contains
|
||||
* the reason.
|
||||
* @return 0 on success
|
||||
*/
|
||||
int update_ar(vector<Attribute *> ars, string& error_msg);
|
||||
int update_ar(vector<Attribute *> ars, bool keep_restricted, string& error_msg);
|
||||
|
||||
/**
|
||||
* Allocates a new *empty* address range. It is not added to the pool as it
|
||||
|
@ -142,7 +142,7 @@ public:
|
||||
RequestManagerVirtualNetwork("VirtualNetworkUpdateAddressRange",
|
||||
"Updates address ranges to a virtual network")
|
||||
{
|
||||
auth_op = AuthRequest::ADMIN;
|
||||
auth_op = AuthRequest::MANAGE;
|
||||
};
|
||||
|
||||
~VirtualNetworkUpdateAddressRange(){};
|
||||
@ -152,7 +152,14 @@ public:
|
||||
RequestAttributes& att,
|
||||
string& error_str)
|
||||
{
|
||||
return vn->update_ar(tmpl, error_str);
|
||||
if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID)
|
||||
{
|
||||
return vn->update_ar(tmpl, true, error_str);
|
||||
}
|
||||
else
|
||||
{
|
||||
return vn->update_ar(tmpl, false, error_str);
|
||||
}
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -108,11 +108,16 @@ public:
|
||||
* Update an address range to the virtual network
|
||||
* @param ars_tmpl template in the form AR = [AR_ID=...]. The address range
|
||||
* is specified by the AR_ID attribute.
|
||||
* @param keep_restricted If true, the restricted attributes of the
|
||||
* current template will override the new template
|
||||
* @param error_msg If the action fails, this message contains
|
||||
* the reason.
|
||||
* @return 0 on success
|
||||
*/
|
||||
int update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg);
|
||||
int update_ar(
|
||||
VirtualNetworkTemplate* ars_tmpl,
|
||||
bool keep_restricted,
|
||||
string& error_msg);
|
||||
|
||||
// *************************************************************************
|
||||
// Address hold/release interface
|
||||
|
@ -736,6 +736,11 @@ VNET_RESTRICTED_ATTR = "VLAN_ID"
|
||||
VNET_RESTRICTED_ATTR = "VLAN"
|
||||
VNET_RESTRICTED_ATTR = "BRIDGE"
|
||||
|
||||
VNET_RESTRICTED_ATTR = "AR/PHYDEV"
|
||||
VNET_RESTRICTED_ATTR = "AR/VLAN_ID"
|
||||
VNET_RESTRICTED_ATTR = "AR/VLAN"
|
||||
VNET_RESTRICTED_ATTR = "AR/BRIDGE"
|
||||
|
||||
#*******************************************************************************
|
||||
# Inherited Attributes Configuration
|
||||
#*******************************************************************************
|
||||
|
@ -353,7 +353,7 @@ tabs:
|
||||
Network.release_lease: true
|
||||
Network.add_ar: false
|
||||
Network.remove_ar: true
|
||||
Network.update_ar: false
|
||||
Network.update_ar: true
|
||||
marketplace-tab:
|
||||
panel_tabs:
|
||||
marketplace_info_tab: true
|
||||
|
@ -820,18 +820,8 @@ function updateVNetworkInfo(request,vn){
|
||||
$(this).addClass('markrowchecked');
|
||||
});
|
||||
|
||||
if (get_ar(vn_info, id).PARENT_NETWORK_AR_ID != undefined &&
|
||||
get_ar(vn_info, id).PARENT_NETWORK_AR_ID.length > 0){
|
||||
|
||||
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", true);
|
||||
$("#update_ar_button", $("#vnet_info_panel")).addClass("has-tip");
|
||||
$("#update_ar_button", $("#vnet_info_panel")).attr("title", tr("This address range is a reservation"));
|
||||
} else{
|
||||
$("#update_ar_button", $("#vnet_info_panel")).attr("ar_id", id);
|
||||
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", false);
|
||||
$("#update_ar_button", $("#vnet_info_panel")).removeClass("has-tip");
|
||||
$("#update_ar_button", $("#vnet_info_panel")).removeAttr("title");
|
||||
}
|
||||
$("#update_ar_button", $("#vnet_info_panel")).attr("ar_id", id);
|
||||
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", false);
|
||||
|
||||
$("#rm_ar_button", $("#vnet_info_panel")).attr("ar_id", id).removeAttr('disabled');
|
||||
|
||||
|
@ -199,13 +199,21 @@ int AddressRange::from_vattr(VectorAttribute *vattr, string& error_msg)
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
int AddressRange::update_attributes(VectorAttribute *vup, string& error_msg)
|
||||
int AddressRange::update_attributes(
|
||||
VectorAttribute * vup,
|
||||
bool keep_restricted,
|
||||
string& error_msg)
|
||||
{
|
||||
/* --------------- Do not allow to modify a reservation ------- */
|
||||
|
||||
int pid;
|
||||
bool is_reservation = (get_attribute("PARENT_NETWORK_AR_ID", pid) == 0);
|
||||
|
||||
if (keep_restricted)
|
||||
{
|
||||
remove_restricted(vup);
|
||||
}
|
||||
|
||||
/* --------------- Copy non-update attributes ----------------- */
|
||||
|
||||
vup->replace("TYPE", attr->vector_value("TYPE"));
|
||||
@ -237,6 +245,14 @@ int AddressRange::update_attributes(VectorAttribute *vup, string& error_msg)
|
||||
attr->vector_value("PARENT_NETWORK_AR_ID"));
|
||||
}
|
||||
|
||||
/* ----------------- restricted attributes ----------------- */
|
||||
|
||||
if (keep_restricted)
|
||||
{
|
||||
remove_all_except_restricted(attr);
|
||||
|
||||
vup->merge(attr, true);
|
||||
}
|
||||
|
||||
/* ----------------- update known attributes ----------------- */
|
||||
|
||||
@ -1318,3 +1334,44 @@ void AddressRange::set_restricted_attributes(
|
||||
restricted_attributes.insert(one_util::toupper(attr_s));
|
||||
}
|
||||
};
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
void AddressRange::remove_restricted(VectorAttribute* va)
|
||||
{
|
||||
set<string>::const_iterator it;
|
||||
size_t pos;
|
||||
|
||||
for (it=restricted_attributes.begin(); it!=restricted_attributes.end(); it++)
|
||||
{
|
||||
pos = it->find("AR/");
|
||||
|
||||
if (pos != string::npos)
|
||||
{
|
||||
va->remove( it->substr(pos+3) );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
void AddressRange::remove_all_except_restricted(VectorAttribute* va)
|
||||
{
|
||||
map<string,string>::iterator it;
|
||||
map<string,string> vals = va->value();
|
||||
|
||||
ostringstream oss;
|
||||
|
||||
for(it = vals.begin(); it != vals.end(); it++)
|
||||
{
|
||||
oss.str("");
|
||||
oss << "AR/" << it->first;
|
||||
|
||||
if (restricted_attributes.count(oss.str()) == 0)
|
||||
{
|
||||
va->remove(it->first);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -81,7 +81,10 @@ int AddressRangePool::add_ar(AddressRange * ar)
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
int AddressRangePool::update_ar(vector<Attribute *> ars, string& error_msg)
|
||||
int AddressRangePool::update_ar(
|
||||
vector<Attribute *> ars,
|
||||
bool keep_restricted,
|
||||
string& error_msg)
|
||||
{
|
||||
vector<Attribute *>::iterator it;
|
||||
map<unsigned int, AddressRange *>::iterator ar_it;
|
||||
@ -115,7 +118,7 @@ int AddressRangePool::update_ar(vector<Attribute *> ars, string& error_msg)
|
||||
return -1;
|
||||
}
|
||||
|
||||
return ar_it->second->update_attributes(va, error_msg);
|
||||
return ar_it->second->update_attributes(va, keep_restricted, error_msg);
|
||||
}
|
||||
|
||||
error_msg = "Wrong AR definition. AR vector attribute is missing.";
|
||||
|
@ -670,7 +670,10 @@ int VirtualNetwork::add_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg)
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
int VirtualNetwork::update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg)
|
||||
int VirtualNetwork::update_ar(
|
||||
VirtualNetworkTemplate* ars_tmpl,
|
||||
bool keep_restricted,
|
||||
string& error_msg)
|
||||
{
|
||||
vector<Attribute *> tmp_ars;
|
||||
|
||||
@ -681,7 +684,7 @@ int VirtualNetwork::update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_m
|
||||
return -1;
|
||||
}
|
||||
|
||||
return ar_pool.update_ar(tmp_ars, error_msg);
|
||||
return ar_pool.update_ar(tmp_ars, keep_restricted, error_msg);
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
@ -20,6 +20,7 @@
|
||||
#include "Nebula.h"
|
||||
#include "PoolObjectAuth.h"
|
||||
#include "AuthManager.h"
|
||||
#include "AddressRange.h"
|
||||
#include <sstream>
|
||||
#include <ctype.h>
|
||||
|
||||
@ -75,6 +76,7 @@ VirtualNetworkPool::VirtualNetworkPool(
|
||||
_mac_prefix += tmp;
|
||||
|
||||
VirtualNetworkTemplate::set_restricted_attributes(restricted_attrs);
|
||||
AddressRange::set_restricted_attributes(restricted_attrs);
|
||||
|
||||
register_hooks(hook_mads, remotes_location);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user