You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ml...@apache.org on 2013/01/18 23:23:45 UTC
[6/50] [abbrv] git commit: Merge branch 'master' into api_limit
Merge branch 'master' into api_limit
Conflicts:
server/src/com/cloud/api/ApiServer.java
Signed-off-by: Min Chen <mi...@citrix.com>
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/57e67c57
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/57e67c57
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/57e67c57
Branch: refs/heads/add_remove_nics
Commit: 57e67c57d703735d678521d2a66910c2bff58842
Parents: d900345 1033200
Author: Min Chen <mi...@citrix.com>
Authored: Fri Jan 11 15:50:21 2013 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Fri Jan 11 15:50:21 2013 -0800
----------------------------------------------------------------------
api/src/com/cloud/user/AccountService.java | 3 +
.../apache/cloudstack/acl/APIAccessChecker.java | 32 --
api/src/org/apache/cloudstack/acl/APIChecker.java | 28 ++
api/src/org/apache/cloudstack/acl/RoleType.java | 37 ++
.../org/apache/cloudstack/api/ApiConstants.java | 1 +
.../cloudstack/discovery/ApiDiscoveryService.java | 25 --
.../api-discovery_commands.properties.in | 23 --
client/tomcatconf/components.xml.in | 2 +-
docs/en-US/accessing-vms.xml | 2 +-
docs/en-US/autoscale.xml | 284 +++++++++++++++
docs/en-US/building-marvin.xml | 46 +++
docs/en-US/configure-snmp-rhel.xml | 86 +++++
.../external-firewalls-and-load-balancers.xml | 43 ++-
docs/en-US/images/view-console-button.png | Bin 0 -> 59996 bytes
docs/en-US/marvin.xml | 1 +
...guration-of-external-firewalls-loadbalancer.xml | 46 +++
docs/en-US/system-service-offerings.xml | 1 +
.../acl/StaticRoleBasedAPIAccessChecker.java | 160 ++------
.../api/command/user/discovery/ListApisCmd.java | 23 +-
.../api/response/ApiDiscoveryResponse.java | 26 ++-
.../api/response/ApiParameterResponse.java | 11 +
.../api/response/ApiResponseResponse.java | 45 +++
.../cloudstack/discovery/ApiDiscoveryService.java | 26 ++
.../discovery/ApiDiscoveryServiceImpl.java | 163 +++++++--
.../server/ManagementServerSimulatorImpl.java | 18 +-
.../network/element/CiscoNexusVSMElement.java | 7 +-
.../element/F5ExternalLoadBalancerElement.java | 7 +-
.../element/JuniperSRXExternalFirewallElement.java | 7 +-
.../cloud/network/element/NetscalerElement.java | 6 +-
.../cloud/network/element/NiciraNvpElement.java | 6 +-
pom.xml | 2 +
server/src/com/cloud/api/ApiServer.java | 38 ++-
.../network/element/VirtualRouterElement.java | 6 +-
.../com/cloud/server/ManagementServerExtImpl.java | 6 +-
.../src/com/cloud/server/ManagementServerImpl.java | 6 +-
server/src/com/cloud/user/AccountManagerImpl.java | 26 ++
.../com/cloud/user/MockAccountManagerImpl.java | 6 +
tools/apidoc/gen_toc.py | 1 -
tools/apidoc/pom.xml | 2 +-
tools/devcloud-kvm/README.md | 21 +
tools/devcloud-kvm/devcloud-kvm.cfg | 97 +++++
tools/devcloud-kvm/devcloud-kvm.sql | 40 ++
tools/devcloud-kvm/pom.xml | 138 +++++++
utils/src/com/cloud/utils/PropertiesUtil.java | 40 ++
.../cloud/utils/component/PluggableService.java | 4 +-
.../utils/log/CglibThrowableRendererTest.java | 38 ++-
46 files changed, 1339 insertions(+), 297 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/57e67c57/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/api/ApiServer.java
index bf21664,7663e8e..b2a6a87
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@@ -51,9 -51,8 +51,9 @@@ import javax.servlet.http.HttpServletRe
import javax.servlet.http.HttpSession;
import com.cloud.utils.ReflectUtil;
- import org.apache.cloudstack.acl.APIAccessChecker;
+import org.apache.cloudstack.acl.APILimitChecker;
- import org.apache.cloudstack.acl.ControlledEntity;
+ import org.apache.cloudstack.acl.APIChecker;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.*;
import org.apache.cloudstack.api.command.user.account.ListAccountsCmd;
import org.apache.cloudstack.api.command.user.account.ListProjectAccountsCmd;
@@@ -147,10 -145,8 +147,10 @@@ public class ApiServer implements HttpR
@Inject private DomainManager _domainMgr = null;
@Inject private AsyncJobManager _asyncMgr = null;
+ @Inject(adapter = APILimitChecker.class)
+ protected Adapters<APILimitChecker> _apiLimitCheckers;
- @Inject(adapter = APIAccessChecker.class)
- protected Adapters<APIAccessChecker> _apiAccessCheckers;
+ @Inject(adapter = APIChecker.class)
+ protected Adapters<APIChecker> _apiAccessCheckers;
private Account _systemAccount = null;
private User _systemUser = null;
@@@ -555,16 -550,8 +555,16 @@@
// if userId not null, that mean that user is logged in
if (userId != null) {
User user = ApiDBUtils.findUserById(userId);
+ if (apiThrottlingEnabled){
+ // go through each API limit checker
+ if (!isRequestAllowed(user)) {
+ //FIXME: more detailed message regarding when he/she can retry
+ s_logger.warn("The given user has reached his/her account api limit, please retry later");
+ throw new ServerApiException(BaseCmd.API_LIMIT_EXCEED, "The given user has reached his/her account api limit");
+ }
+ }
if (!isCommandAvailable(user, commandName)) {
- s_logger.warn("The given command:" + commandName + " does not exist or it is not available for user");
+ s_logger.debug("The given command:" + commandName + " does not exist or it is not available for user with id:" + userId);
throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command does not exist or it is not available for user");
}
return true;
@@@ -802,24 -789,25 +802,40 @@@
return true;
}
++
+ private boolean isRequestAllowed(User user) {
+ Account account = ApiDBUtils.findAccountById(user.getAccountId());
+ if ( _accountMgr.isRootAdmin(account.getType()) ){
+ // no api throttling for root admin
+ return true;
+ }
+ for (APILimitChecker apiChecker : _apiLimitCheckers) {
+ // Fail the checking if any checker fails to verify
+ if (!apiChecker.isUnderLimit(account))
+ return false;
+ }
+ return true;
+ }
+
+ private boolean doesCommandExist(String apiName) {
+ for (APIChecker apiChecker : _apiAccessCheckers) {
+ // If any checker has api info on the command, return true
+ if (apiChecker.checkExistence(apiName))
+ return true;
+ }
+ return false;
+ }
+
private boolean isCommandAvailable(User user, String commandName) {
- for (APIAccessChecker apiChecker : _apiAccessCheckers) {
+ if (user == null) {
+ return false;
+ }
+
+ Account account = _accountMgr.getAccount(user.getAccountId());
+ RoleType roleType = _accountMgr.getRoleType(account);
+ for (APIChecker apiChecker : _apiAccessCheckers) {
// Fail the checking if any checker fails to verify
- if (!apiChecker.canAccessAPI(user, commandName))
+ if (!apiChecker.checkAccess(roleType, commandName))
return false;
}
return true;