mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-24 21:34:01 +03:00
Feature #3167: Allow users to edit their VNet's AR, respecting restricted attributes
This commit is contained in:
parent
479a0eca5b
commit
631936e22b
@ -311,7 +311,10 @@ public:
|
|||||||
* the reason.
|
* the reason.
|
||||||
* @return 0 on success
|
* @return 0 on success
|
||||||
*/
|
*/
|
||||||
int update_attributes(VectorAttribute *vup, string& error_msg);
|
int update_attributes(
|
||||||
|
VectorAttribute * vup,
|
||||||
|
bool keep_restricted,
|
||||||
|
string& error_msg);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* add_ar from AddressRangePool needs to access the internal representation
|
* add_ar from AddressRangePool needs to access the internal representation
|
||||||
@ -319,6 +322,8 @@ public:
|
|||||||
*/
|
*/
|
||||||
friend int AddressRangePool::add_ar(AddressRange * ar);
|
friend int AddressRangePool::add_ar(AddressRange * ar);
|
||||||
|
|
||||||
|
static void set_restricted_attributes(vector<const Attribute *>& rattrs);
|
||||||
|
|
||||||
private:
|
private:
|
||||||
/* ---------------------------------------------------------------------- */
|
/* ---------------------------------------------------------------------- */
|
||||||
/* String to binary conversion functions for different address types */
|
/* String to binary conversion functions for different address types */
|
||||||
@ -424,7 +429,15 @@ private:
|
|||||||
/* ---------------------------------------------------------------------- */
|
/* ---------------------------------------------------------------------- */
|
||||||
bool check(string& rs_attr) const;
|
bool check(string& rs_attr) const;
|
||||||
|
|
||||||
static void set_restricted_attributes(vector<const Attribute *>& rattrs);
|
/**
|
||||||
|
* Deletes all restricted attributes
|
||||||
|
*/
|
||||||
|
void remove_restricted(VectorAttribute* va);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Deletes all the attributes, except the restricted ones
|
||||||
|
*/
|
||||||
|
void remove_all_except_restricted(VectorAttribute* va);
|
||||||
|
|
||||||
/* ---------------------------------------------------------------------- */
|
/* ---------------------------------------------------------------------- */
|
||||||
/* Address Range data */
|
/* Address Range data */
|
||||||
|
@ -75,11 +75,13 @@ public:
|
|||||||
* Updates the given address ranges
|
* Updates the given address ranges
|
||||||
* @param ars vector of address ranges as VectorAttributes obtained from
|
* @param ars vector of address ranges as VectorAttributes obtained from
|
||||||
* template in the form AR = [...]. Only one AR is processed.
|
* template in the form AR = [...]. Only one AR is processed.
|
||||||
|
* @param keep_restricted If true, the restricted attributes of the
|
||||||
|
* current template will override the new template
|
||||||
* @param error_msg If the action fails, this message contains
|
* @param error_msg If the action fails, this message contains
|
||||||
* the reason.
|
* the reason.
|
||||||
* @return 0 on success
|
* @return 0 on success
|
||||||
*/
|
*/
|
||||||
int update_ar(vector<Attribute *> ars, string& error_msg);
|
int update_ar(vector<Attribute *> ars, bool keep_restricted, string& error_msg);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Allocates a new *empty* address range. It is not added to the pool as it
|
* Allocates a new *empty* address range. It is not added to the pool as it
|
||||||
|
@ -142,7 +142,7 @@ public:
|
|||||||
RequestManagerVirtualNetwork("VirtualNetworkUpdateAddressRange",
|
RequestManagerVirtualNetwork("VirtualNetworkUpdateAddressRange",
|
||||||
"Updates address ranges to a virtual network")
|
"Updates address ranges to a virtual network")
|
||||||
{
|
{
|
||||||
auth_op = AuthRequest::ADMIN;
|
auth_op = AuthRequest::MANAGE;
|
||||||
};
|
};
|
||||||
|
|
||||||
~VirtualNetworkUpdateAddressRange(){};
|
~VirtualNetworkUpdateAddressRange(){};
|
||||||
@ -152,7 +152,14 @@ public:
|
|||||||
RequestAttributes& att,
|
RequestAttributes& att,
|
||||||
string& error_str)
|
string& error_str)
|
||||||
{
|
{
|
||||||
return vn->update_ar(tmpl, error_str);
|
if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID)
|
||||||
|
{
|
||||||
|
return vn->update_ar(tmpl, true, error_str);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return vn->update_ar(tmpl, false, error_str);
|
||||||
|
}
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -108,11 +108,16 @@ public:
|
|||||||
* Update an address range to the virtual network
|
* Update an address range to the virtual network
|
||||||
* @param ars_tmpl template in the form AR = [AR_ID=...]. The address range
|
* @param ars_tmpl template in the form AR = [AR_ID=...]. The address range
|
||||||
* is specified by the AR_ID attribute.
|
* is specified by the AR_ID attribute.
|
||||||
|
* @param keep_restricted If true, the restricted attributes of the
|
||||||
|
* current template will override the new template
|
||||||
* @param error_msg If the action fails, this message contains
|
* @param error_msg If the action fails, this message contains
|
||||||
* the reason.
|
* the reason.
|
||||||
* @return 0 on success
|
* @return 0 on success
|
||||||
*/
|
*/
|
||||||
int update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg);
|
int update_ar(
|
||||||
|
VirtualNetworkTemplate* ars_tmpl,
|
||||||
|
bool keep_restricted,
|
||||||
|
string& error_msg);
|
||||||
|
|
||||||
// *************************************************************************
|
// *************************************************************************
|
||||||
// Address hold/release interface
|
// Address hold/release interface
|
||||||
|
@ -736,6 +736,11 @@ VNET_RESTRICTED_ATTR = "VLAN_ID"
|
|||||||
VNET_RESTRICTED_ATTR = "VLAN"
|
VNET_RESTRICTED_ATTR = "VLAN"
|
||||||
VNET_RESTRICTED_ATTR = "BRIDGE"
|
VNET_RESTRICTED_ATTR = "BRIDGE"
|
||||||
|
|
||||||
|
VNET_RESTRICTED_ATTR = "AR/PHYDEV"
|
||||||
|
VNET_RESTRICTED_ATTR = "AR/VLAN_ID"
|
||||||
|
VNET_RESTRICTED_ATTR = "AR/VLAN"
|
||||||
|
VNET_RESTRICTED_ATTR = "AR/BRIDGE"
|
||||||
|
|
||||||
#*******************************************************************************
|
#*******************************************************************************
|
||||||
# Inherited Attributes Configuration
|
# Inherited Attributes Configuration
|
||||||
#*******************************************************************************
|
#*******************************************************************************
|
||||||
|
@ -353,7 +353,7 @@ tabs:
|
|||||||
Network.release_lease: true
|
Network.release_lease: true
|
||||||
Network.add_ar: false
|
Network.add_ar: false
|
||||||
Network.remove_ar: true
|
Network.remove_ar: true
|
||||||
Network.update_ar: false
|
Network.update_ar: true
|
||||||
marketplace-tab:
|
marketplace-tab:
|
||||||
panel_tabs:
|
panel_tabs:
|
||||||
marketplace_info_tab: true
|
marketplace_info_tab: true
|
||||||
|
@ -820,18 +820,8 @@ function updateVNetworkInfo(request,vn){
|
|||||||
$(this).addClass('markrowchecked');
|
$(this).addClass('markrowchecked');
|
||||||
});
|
});
|
||||||
|
|
||||||
if (get_ar(vn_info, id).PARENT_NETWORK_AR_ID != undefined &&
|
$("#update_ar_button", $("#vnet_info_panel")).attr("ar_id", id);
|
||||||
get_ar(vn_info, id).PARENT_NETWORK_AR_ID.length > 0){
|
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", false);
|
||||||
|
|
||||||
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", true);
|
|
||||||
$("#update_ar_button", $("#vnet_info_panel")).addClass("has-tip");
|
|
||||||
$("#update_ar_button", $("#vnet_info_panel")).attr("title", tr("This address range is a reservation"));
|
|
||||||
} else{
|
|
||||||
$("#update_ar_button", $("#vnet_info_panel")).attr("ar_id", id);
|
|
||||||
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", false);
|
|
||||||
$("#update_ar_button", $("#vnet_info_panel")).removeClass("has-tip");
|
|
||||||
$("#update_ar_button", $("#vnet_info_panel")).removeAttr("title");
|
|
||||||
}
|
|
||||||
|
|
||||||
$("#rm_ar_button", $("#vnet_info_panel")).attr("ar_id", id).removeAttr('disabled');
|
$("#rm_ar_button", $("#vnet_info_panel")).attr("ar_id", id).removeAttr('disabled');
|
||||||
|
|
||||||
|
@ -199,13 +199,21 @@ int AddressRange::from_vattr(VectorAttribute *vattr, string& error_msg)
|
|||||||
/* -------------------------------------------------------------------------- */
|
/* -------------------------------------------------------------------------- */
|
||||||
/* -------------------------------------------------------------------------- */
|
/* -------------------------------------------------------------------------- */
|
||||||
|
|
||||||
int AddressRange::update_attributes(VectorAttribute *vup, string& error_msg)
|
int AddressRange::update_attributes(
|
||||||
|
VectorAttribute * vup,
|
||||||
|
bool keep_restricted,
|
||||||
|
string& error_msg)
|
||||||
{
|
{
|
||||||
/* --------------- Do not allow to modify a reservation ------- */
|
/* --------------- Do not allow to modify a reservation ------- */
|
||||||
|
|
||||||
int pid;
|
int pid;
|
||||||
bool is_reservation = (get_attribute("PARENT_NETWORK_AR_ID", pid) == 0);
|
bool is_reservation = (get_attribute("PARENT_NETWORK_AR_ID", pid) == 0);
|
||||||
|
|
||||||
|
if (keep_restricted)
|
||||||
|
{
|
||||||
|
remove_restricted(vup);
|
||||||
|
}
|
||||||
|
|
||||||
/* --------------- Copy non-update attributes ----------------- */
|
/* --------------- Copy non-update attributes ----------------- */
|
||||||
|
|
||||||
vup->replace("TYPE", attr->vector_value("TYPE"));
|
vup->replace("TYPE", attr->vector_value("TYPE"));
|
||||||
@ -237,6 +245,14 @@ int AddressRange::update_attributes(VectorAttribute *vup, string& error_msg)
|
|||||||
attr->vector_value("PARENT_NETWORK_AR_ID"));
|
attr->vector_value("PARENT_NETWORK_AR_ID"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* ----------------- restricted attributes ----------------- */
|
||||||
|
|
||||||
|
if (keep_restricted)
|
||||||
|
{
|
||||||
|
remove_all_except_restricted(attr);
|
||||||
|
|
||||||
|
vup->merge(attr, true);
|
||||||
|
}
|
||||||
|
|
||||||
/* ----------------- update known attributes ----------------- */
|
/* ----------------- update known attributes ----------------- */
|
||||||
|
|
||||||
@ -1318,3 +1334,44 @@ void AddressRange::set_restricted_attributes(
|
|||||||
restricted_attributes.insert(one_util::toupper(attr_s));
|
restricted_attributes.insert(one_util::toupper(attr_s));
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* -------------------------------------------------------------------------- */
|
||||||
|
/* -------------------------------------------------------------------------- */
|
||||||
|
|
||||||
|
void AddressRange::remove_restricted(VectorAttribute* va)
|
||||||
|
{
|
||||||
|
set<string>::const_iterator it;
|
||||||
|
size_t pos;
|
||||||
|
|
||||||
|
for (it=restricted_attributes.begin(); it!=restricted_attributes.end(); it++)
|
||||||
|
{
|
||||||
|
pos = it->find("AR/");
|
||||||
|
|
||||||
|
if (pos != string::npos)
|
||||||
|
{
|
||||||
|
va->remove( it->substr(pos+3) );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* -------------------------------------------------------------------------- */
|
||||||
|
/* -------------------------------------------------------------------------- */
|
||||||
|
|
||||||
|
void AddressRange::remove_all_except_restricted(VectorAttribute* va)
|
||||||
|
{
|
||||||
|
map<string,string>::iterator it;
|
||||||
|
map<string,string> vals = va->value();
|
||||||
|
|
||||||
|
ostringstream oss;
|
||||||
|
|
||||||
|
for(it = vals.begin(); it != vals.end(); it++)
|
||||||
|
{
|
||||||
|
oss.str("");
|
||||||
|
oss << "AR/" << it->first;
|
||||||
|
|
||||||
|
if (restricted_attributes.count(oss.str()) == 0)
|
||||||
|
{
|
||||||
|
va->remove(it->first);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -81,7 +81,10 @@ int AddressRangePool::add_ar(AddressRange * ar)
|
|||||||
/* -------------------------------------------------------------------------- */
|
/* -------------------------------------------------------------------------- */
|
||||||
/* -------------------------------------------------------------------------- */
|
/* -------------------------------------------------------------------------- */
|
||||||
|
|
||||||
int AddressRangePool::update_ar(vector<Attribute *> ars, string& error_msg)
|
int AddressRangePool::update_ar(
|
||||||
|
vector<Attribute *> ars,
|
||||||
|
bool keep_restricted,
|
||||||
|
string& error_msg)
|
||||||
{
|
{
|
||||||
vector<Attribute *>::iterator it;
|
vector<Attribute *>::iterator it;
|
||||||
map<unsigned int, AddressRange *>::iterator ar_it;
|
map<unsigned int, AddressRange *>::iterator ar_it;
|
||||||
@ -115,7 +118,7 @@ int AddressRangePool::update_ar(vector<Attribute *> ars, string& error_msg)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ar_it->second->update_attributes(va, error_msg);
|
return ar_it->second->update_attributes(va, keep_restricted, error_msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
error_msg = "Wrong AR definition. AR vector attribute is missing.";
|
error_msg = "Wrong AR definition. AR vector attribute is missing.";
|
||||||
|
@ -670,7 +670,10 @@ int VirtualNetwork::add_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg)
|
|||||||
/* -------------------------------------------------------------------------- */
|
/* -------------------------------------------------------------------------- */
|
||||||
/* -------------------------------------------------------------------------- */
|
/* -------------------------------------------------------------------------- */
|
||||||
|
|
||||||
int VirtualNetwork::update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg)
|
int VirtualNetwork::update_ar(
|
||||||
|
VirtualNetworkTemplate* ars_tmpl,
|
||||||
|
bool keep_restricted,
|
||||||
|
string& error_msg)
|
||||||
{
|
{
|
||||||
vector<Attribute *> tmp_ars;
|
vector<Attribute *> tmp_ars;
|
||||||
|
|
||||||
@ -681,7 +684,7 @@ int VirtualNetwork::update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_m
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ar_pool.update_ar(tmp_ars, error_msg);
|
return ar_pool.update_ar(tmp_ars, keep_restricted, error_msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* -------------------------------------------------------------------------- */
|
/* -------------------------------------------------------------------------- */
|
||||||
|
@ -20,6 +20,7 @@
|
|||||||
#include "Nebula.h"
|
#include "Nebula.h"
|
||||||
#include "PoolObjectAuth.h"
|
#include "PoolObjectAuth.h"
|
||||||
#include "AuthManager.h"
|
#include "AuthManager.h"
|
||||||
|
#include "AddressRange.h"
|
||||||
#include <sstream>
|
#include <sstream>
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
|
|
||||||
@ -75,6 +76,7 @@ VirtualNetworkPool::VirtualNetworkPool(
|
|||||||
_mac_prefix += tmp;
|
_mac_prefix += tmp;
|
||||||
|
|
||||||
VirtualNetworkTemplate::set_restricted_attributes(restricted_attrs);
|
VirtualNetworkTemplate::set_restricted_attributes(restricted_attrs);
|
||||||
|
AddressRange::set_restricted_attributes(restricted_attrs);
|
||||||
|
|
||||||
register_hooks(hook_mads, remotes_location);
|
register_hooks(hook_mads, remotes_location);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user