1
0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-23 17:33:56 +03:00

Feature #3167: Allow users to edit their VNet's AR, respecting restricted attributes

This commit is contained in:
Carlos Martín 2014-09-04 13:38:11 +02:00 committed by Ruben S. Montero
parent 479a0eca5b
commit 631936e22b
11 changed files with 111 additions and 24 deletions

View File

@ -311,7 +311,10 @@ public:
* the reason.
* @return 0 on success
*/
int update_attributes(VectorAttribute *vup, string& error_msg);
int update_attributes(
VectorAttribute * vup,
bool keep_restricted,
string& error_msg);
/*
* add_ar from AddressRangePool needs to access the internal representation
@ -319,6 +322,8 @@ public:
*/
friend int AddressRangePool::add_ar(AddressRange * ar);
static void set_restricted_attributes(vector<const Attribute *>& rattrs);
private:
/* ---------------------------------------------------------------------- */
/* String to binary conversion functions for different address types */
@ -424,7 +429,15 @@ private:
/* ---------------------------------------------------------------------- */
bool check(string& rs_attr) const;
static void set_restricted_attributes(vector<const Attribute *>& rattrs);
/**
* Deletes all restricted attributes
*/
void remove_restricted(VectorAttribute* va);
/**
* Deletes all the attributes, except the restricted ones
*/
void remove_all_except_restricted(VectorAttribute* va);
/* ---------------------------------------------------------------------- */
/* Address Range data */

View File

@ -75,11 +75,13 @@ public:
* Updates the given address ranges
* @param ars vector of address ranges as VectorAttributes obtained from
* template in the form AR = [...]. Only one AR is processed.
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error_msg If the action fails, this message contains
* the reason.
* @return 0 on success
*/
int update_ar(vector<Attribute *> ars, string& error_msg);
int update_ar(vector<Attribute *> ars, bool keep_restricted, string& error_msg);
/**
* Allocates a new *empty* address range. It is not added to the pool as it

View File

@ -142,7 +142,7 @@ public:
RequestManagerVirtualNetwork("VirtualNetworkUpdateAddressRange",
"Updates address ranges to a virtual network")
{
auth_op = AuthRequest::ADMIN;
auth_op = AuthRequest::MANAGE;
};
~VirtualNetworkUpdateAddressRange(){};
@ -152,7 +152,14 @@ public:
RequestAttributes& att,
string& error_str)
{
return vn->update_ar(tmpl, error_str);
if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID)
{
return vn->update_ar(tmpl, true, error_str);
}
else
{
return vn->update_ar(tmpl, false, error_str);
}
};
};

View File

@ -108,11 +108,16 @@ public:
* Update an address range to the virtual network
* @param ars_tmpl template in the form AR = [AR_ID=...]. The address range
* is specified by the AR_ID attribute.
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error_msg If the action fails, this message contains
* the reason.
* @return 0 on success
*/
int update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg);
int update_ar(
VirtualNetworkTemplate* ars_tmpl,
bool keep_restricted,
string& error_msg);
// *************************************************************************
// Address hold/release interface

View File

@ -736,6 +736,11 @@ VNET_RESTRICTED_ATTR = "VLAN_ID"
VNET_RESTRICTED_ATTR = "VLAN"
VNET_RESTRICTED_ATTR = "BRIDGE"
VNET_RESTRICTED_ATTR = "AR/PHYDEV"
VNET_RESTRICTED_ATTR = "AR/VLAN_ID"
VNET_RESTRICTED_ATTR = "AR/VLAN"
VNET_RESTRICTED_ATTR = "AR/BRIDGE"
#*******************************************************************************
# Inherited Attributes Configuration
#*******************************************************************************

View File

@ -353,7 +353,7 @@ tabs:
Network.release_lease: true
Network.add_ar: false
Network.remove_ar: true
Network.update_ar: false
Network.update_ar: true
marketplace-tab:
panel_tabs:
marketplace_info_tab: true

View File

@ -820,18 +820,8 @@ function updateVNetworkInfo(request,vn){
$(this).addClass('markrowchecked');
});
if (get_ar(vn_info, id).PARENT_NETWORK_AR_ID != undefined &&
get_ar(vn_info, id).PARENT_NETWORK_AR_ID.length > 0){
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", true);
$("#update_ar_button", $("#vnet_info_panel")).addClass("has-tip");
$("#update_ar_button", $("#vnet_info_panel")).attr("title", tr("This address range is a reservation"));
} else{
$("#update_ar_button", $("#vnet_info_panel")).attr("ar_id", id);
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", false);
$("#update_ar_button", $("#vnet_info_panel")).removeClass("has-tip");
$("#update_ar_button", $("#vnet_info_panel")).removeAttr("title");
}
$("#update_ar_button", $("#vnet_info_panel")).attr("ar_id", id);
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", false);
$("#rm_ar_button", $("#vnet_info_panel")).attr("ar_id", id).removeAttr('disabled');

View File

@ -199,13 +199,21 @@ int AddressRange::from_vattr(VectorAttribute *vattr, string& error_msg)
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int AddressRange::update_attributes(VectorAttribute *vup, string& error_msg)
int AddressRange::update_attributes(
VectorAttribute * vup,
bool keep_restricted,
string& error_msg)
{
/* --------------- Do not allow to modify a reservation ------- */
int pid;
bool is_reservation = (get_attribute("PARENT_NETWORK_AR_ID", pid) == 0);
if (keep_restricted)
{
remove_restricted(vup);
}
/* --------------- Copy non-update attributes ----------------- */
vup->replace("TYPE", attr->vector_value("TYPE"));
@ -237,6 +245,14 @@ int AddressRange::update_attributes(VectorAttribute *vup, string& error_msg)
attr->vector_value("PARENT_NETWORK_AR_ID"));
}
/* ----------------- restricted attributes ----------------- */
if (keep_restricted)
{
remove_all_except_restricted(attr);
vup->merge(attr, true);
}
/* ----------------- update known attributes ----------------- */
@ -1318,3 +1334,44 @@ void AddressRange::set_restricted_attributes(
restricted_attributes.insert(one_util::toupper(attr_s));
}
};
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void AddressRange::remove_restricted(VectorAttribute* va)
{
set<string>::const_iterator it;
size_t pos;
for (it=restricted_attributes.begin(); it!=restricted_attributes.end(); it++)
{
pos = it->find("AR/");
if (pos != string::npos)
{
va->remove( it->substr(pos+3) );
}
}
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void AddressRange::remove_all_except_restricted(VectorAttribute* va)
{
map<string,string>::iterator it;
map<string,string> vals = va->value();
ostringstream oss;
for(it = vals.begin(); it != vals.end(); it++)
{
oss.str("");
oss << "AR/" << it->first;
if (restricted_attributes.count(oss.str()) == 0)
{
va->remove(it->first);
}
}
}

View File

@ -81,7 +81,10 @@ int AddressRangePool::add_ar(AddressRange * ar)
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int AddressRangePool::update_ar(vector<Attribute *> ars, string& error_msg)
int AddressRangePool::update_ar(
vector<Attribute *> ars,
bool keep_restricted,
string& error_msg)
{
vector<Attribute *>::iterator it;
map<unsigned int, AddressRange *>::iterator ar_it;
@ -115,7 +118,7 @@ int AddressRangePool::update_ar(vector<Attribute *> ars, string& error_msg)
return -1;
}
return ar_it->second->update_attributes(va, error_msg);
return ar_it->second->update_attributes(va, keep_restricted, error_msg);
}
error_msg = "Wrong AR definition. AR vector attribute is missing.";

View File

@ -670,7 +670,10 @@ int VirtualNetwork::add_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg)
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int VirtualNetwork::update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg)
int VirtualNetwork::update_ar(
VirtualNetworkTemplate* ars_tmpl,
bool keep_restricted,
string& error_msg)
{
vector<Attribute *> tmp_ars;
@ -681,7 +684,7 @@ int VirtualNetwork::update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_m
return -1;
}
return ar_pool.update_ar(tmp_ars, error_msg);
return ar_pool.update_ar(tmp_ars, keep_restricted, error_msg);
}
/* -------------------------------------------------------------------------- */

View File

@ -20,6 +20,7 @@
#include "Nebula.h"
#include "PoolObjectAuth.h"
#include "AuthManager.h"
#include "AddressRange.h"
#include <sstream>
#include <ctype.h>
@ -75,6 +76,7 @@ VirtualNetworkPool::VirtualNetworkPool(
_mac_prefix += tmp;
VirtualNetworkTemplate::set_restricted_attributes(restricted_attrs);
AddressRange::set_restricted_attributes(restricted_attrs);
register_hooks(hook_mads, remotes_location);