1
0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-23 17:33:56 +03:00

Feature #3167: Allow users to edit their VNet's AR, respecting restricted attributes

This commit is contained in:
Carlos Martín 2014-09-04 13:38:11 +02:00 committed by Ruben S. Montero
parent 479a0eca5b
commit 631936e22b
11 changed files with 111 additions and 24 deletions

View File

@ -311,7 +311,10 @@ public:
* the reason. * the reason.
* @return 0 on success * @return 0 on success
*/ */
int update_attributes(VectorAttribute *vup, string& error_msg); int update_attributes(
VectorAttribute * vup,
bool keep_restricted,
string& error_msg);
/* /*
* add_ar from AddressRangePool needs to access the internal representation * add_ar from AddressRangePool needs to access the internal representation
@ -319,6 +322,8 @@ public:
*/ */
friend int AddressRangePool::add_ar(AddressRange * ar); friend int AddressRangePool::add_ar(AddressRange * ar);
static void set_restricted_attributes(vector<const Attribute *>& rattrs);
private: private:
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
/* String to binary conversion functions for different address types */ /* String to binary conversion functions for different address types */
@ -424,7 +429,15 @@ private:
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
bool check(string& rs_attr) const; bool check(string& rs_attr) const;
static void set_restricted_attributes(vector<const Attribute *>& rattrs); /**
* Deletes all restricted attributes
*/
void remove_restricted(VectorAttribute* va);
/**
* Deletes all the attributes, except the restricted ones
*/
void remove_all_except_restricted(VectorAttribute* va);
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
/* Address Range data */ /* Address Range data */

View File

@ -75,11 +75,13 @@ public:
* Updates the given address ranges * Updates the given address ranges
* @param ars vector of address ranges as VectorAttributes obtained from * @param ars vector of address ranges as VectorAttributes obtained from
* template in the form AR = [...]. Only one AR is processed. * template in the form AR = [...]. Only one AR is processed.
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error_msg If the action fails, this message contains * @param error_msg If the action fails, this message contains
* the reason. * the reason.
* @return 0 on success * @return 0 on success
*/ */
int update_ar(vector<Attribute *> ars, string& error_msg); int update_ar(vector<Attribute *> ars, bool keep_restricted, string& error_msg);
/** /**
* Allocates a new *empty* address range. It is not added to the pool as it * Allocates a new *empty* address range. It is not added to the pool as it

View File

@ -142,7 +142,7 @@ public:
RequestManagerVirtualNetwork("VirtualNetworkUpdateAddressRange", RequestManagerVirtualNetwork("VirtualNetworkUpdateAddressRange",
"Updates address ranges to a virtual network") "Updates address ranges to a virtual network")
{ {
auth_op = AuthRequest::ADMIN; auth_op = AuthRequest::MANAGE;
}; };
~VirtualNetworkUpdateAddressRange(){}; ~VirtualNetworkUpdateAddressRange(){};
@ -152,7 +152,14 @@ public:
RequestAttributes& att, RequestAttributes& att,
string& error_str) string& error_str)
{ {
return vn->update_ar(tmpl, error_str); if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID)
{
return vn->update_ar(tmpl, true, error_str);
}
else
{
return vn->update_ar(tmpl, false, error_str);
}
}; };
}; };

View File

@ -108,11 +108,16 @@ public:
* Update an address range to the virtual network * Update an address range to the virtual network
* @param ars_tmpl template in the form AR = [AR_ID=...]. The address range * @param ars_tmpl template in the form AR = [AR_ID=...]. The address range
* is specified by the AR_ID attribute. * is specified by the AR_ID attribute.
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error_msg If the action fails, this message contains * @param error_msg If the action fails, this message contains
* the reason. * the reason.
* @return 0 on success * @return 0 on success
*/ */
int update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg); int update_ar(
VirtualNetworkTemplate* ars_tmpl,
bool keep_restricted,
string& error_msg);
// ************************************************************************* // *************************************************************************
// Address hold/release interface // Address hold/release interface

View File

@ -736,6 +736,11 @@ VNET_RESTRICTED_ATTR = "VLAN_ID"
VNET_RESTRICTED_ATTR = "VLAN" VNET_RESTRICTED_ATTR = "VLAN"
VNET_RESTRICTED_ATTR = "BRIDGE" VNET_RESTRICTED_ATTR = "BRIDGE"
VNET_RESTRICTED_ATTR = "AR/PHYDEV"
VNET_RESTRICTED_ATTR = "AR/VLAN_ID"
VNET_RESTRICTED_ATTR = "AR/VLAN"
VNET_RESTRICTED_ATTR = "AR/BRIDGE"
#******************************************************************************* #*******************************************************************************
# Inherited Attributes Configuration # Inherited Attributes Configuration
#******************************************************************************* #*******************************************************************************

View File

@ -353,7 +353,7 @@ tabs:
Network.release_lease: true Network.release_lease: true
Network.add_ar: false Network.add_ar: false
Network.remove_ar: true Network.remove_ar: true
Network.update_ar: false Network.update_ar: true
marketplace-tab: marketplace-tab:
panel_tabs: panel_tabs:
marketplace_info_tab: true marketplace_info_tab: true

View File

@ -820,18 +820,8 @@ function updateVNetworkInfo(request,vn){
$(this).addClass('markrowchecked'); $(this).addClass('markrowchecked');
}); });
if (get_ar(vn_info, id).PARENT_NETWORK_AR_ID != undefined && $("#update_ar_button", $("#vnet_info_panel")).attr("ar_id", id);
get_ar(vn_info, id).PARENT_NETWORK_AR_ID.length > 0){ $("#update_ar_button", $("#vnet_info_panel")).prop("disabled", false);
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", true);
$("#update_ar_button", $("#vnet_info_panel")).addClass("has-tip");
$("#update_ar_button", $("#vnet_info_panel")).attr("title", tr("This address range is a reservation"));
} else{
$("#update_ar_button", $("#vnet_info_panel")).attr("ar_id", id);
$("#update_ar_button", $("#vnet_info_panel")).prop("disabled", false);
$("#update_ar_button", $("#vnet_info_panel")).removeClass("has-tip");
$("#update_ar_button", $("#vnet_info_panel")).removeAttr("title");
}
$("#rm_ar_button", $("#vnet_info_panel")).attr("ar_id", id).removeAttr('disabled'); $("#rm_ar_button", $("#vnet_info_panel")).attr("ar_id", id).removeAttr('disabled');

View File

@ -199,13 +199,21 @@ int AddressRange::from_vattr(VectorAttribute *vattr, string& error_msg)
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
int AddressRange::update_attributes(VectorAttribute *vup, string& error_msg) int AddressRange::update_attributes(
VectorAttribute * vup,
bool keep_restricted,
string& error_msg)
{ {
/* --------------- Do not allow to modify a reservation ------- */ /* --------------- Do not allow to modify a reservation ------- */
int pid; int pid;
bool is_reservation = (get_attribute("PARENT_NETWORK_AR_ID", pid) == 0); bool is_reservation = (get_attribute("PARENT_NETWORK_AR_ID", pid) == 0);
if (keep_restricted)
{
remove_restricted(vup);
}
/* --------------- Copy non-update attributes ----------------- */ /* --------------- Copy non-update attributes ----------------- */
vup->replace("TYPE", attr->vector_value("TYPE")); vup->replace("TYPE", attr->vector_value("TYPE"));
@ -237,6 +245,14 @@ int AddressRange::update_attributes(VectorAttribute *vup, string& error_msg)
attr->vector_value("PARENT_NETWORK_AR_ID")); attr->vector_value("PARENT_NETWORK_AR_ID"));
} }
/* ----------------- restricted attributes ----------------- */
if (keep_restricted)
{
remove_all_except_restricted(attr);
vup->merge(attr, true);
}
/* ----------------- update known attributes ----------------- */ /* ----------------- update known attributes ----------------- */
@ -1318,3 +1334,44 @@ void AddressRange::set_restricted_attributes(
restricted_attributes.insert(one_util::toupper(attr_s)); restricted_attributes.insert(one_util::toupper(attr_s));
} }
}; };
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void AddressRange::remove_restricted(VectorAttribute* va)
{
set<string>::const_iterator it;
size_t pos;
for (it=restricted_attributes.begin(); it!=restricted_attributes.end(); it++)
{
pos = it->find("AR/");
if (pos != string::npos)
{
va->remove( it->substr(pos+3) );
}
}
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void AddressRange::remove_all_except_restricted(VectorAttribute* va)
{
map<string,string>::iterator it;
map<string,string> vals = va->value();
ostringstream oss;
for(it = vals.begin(); it != vals.end(); it++)
{
oss.str("");
oss << "AR/" << it->first;
if (restricted_attributes.count(oss.str()) == 0)
{
va->remove(it->first);
}
}
}

View File

@ -81,7 +81,10 @@ int AddressRangePool::add_ar(AddressRange * ar)
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
int AddressRangePool::update_ar(vector<Attribute *> ars, string& error_msg) int AddressRangePool::update_ar(
vector<Attribute *> ars,
bool keep_restricted,
string& error_msg)
{ {
vector<Attribute *>::iterator it; vector<Attribute *>::iterator it;
map<unsigned int, AddressRange *>::iterator ar_it; map<unsigned int, AddressRange *>::iterator ar_it;
@ -115,7 +118,7 @@ int AddressRangePool::update_ar(vector<Attribute *> ars, string& error_msg)
return -1; return -1;
} }
return ar_it->second->update_attributes(va, error_msg); return ar_it->second->update_attributes(va, keep_restricted, error_msg);
} }
error_msg = "Wrong AR definition. AR vector attribute is missing."; error_msg = "Wrong AR definition. AR vector attribute is missing.";

View File

@ -670,7 +670,10 @@ int VirtualNetwork::add_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg)
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
int VirtualNetwork::update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_msg) int VirtualNetwork::update_ar(
VirtualNetworkTemplate* ars_tmpl,
bool keep_restricted,
string& error_msg)
{ {
vector<Attribute *> tmp_ars; vector<Attribute *> tmp_ars;
@ -681,7 +684,7 @@ int VirtualNetwork::update_ar(VirtualNetworkTemplate * ars_tmpl, string& error_m
return -1; return -1;
} }
return ar_pool.update_ar(tmp_ars, error_msg); return ar_pool.update_ar(tmp_ars, keep_restricted, error_msg);
} }
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */

View File

@ -20,6 +20,7 @@
#include "Nebula.h" #include "Nebula.h"
#include "PoolObjectAuth.h" #include "PoolObjectAuth.h"
#include "AuthManager.h" #include "AuthManager.h"
#include "AddressRange.h"
#include <sstream> #include <sstream>
#include <ctype.h> #include <ctype.h>
@ -75,6 +76,7 @@ VirtualNetworkPool::VirtualNetworkPool(
_mac_prefix += tmp; _mac_prefix += tmp;
VirtualNetworkTemplate::set_restricted_attributes(restricted_attrs); VirtualNetworkTemplate::set_restricted_attributes(restricted_attrs);
AddressRange::set_restricted_attributes(restricted_attrs);
register_hooks(hook_mads, remotes_location); register_hooks(hook_mads, remotes_location);