You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by "GaOrtiga (via GitHub)" <gi...@apache.org> on 2023/01/31 17:54:20 UTC
[GitHub] [cloudstack] GaOrtiga opened a new pull request, #7153: Implementation of Domain VPCs
GaOrtiga opened a new pull request, #7153:
URL: https://github.com/apache/cloudstack/pull/7153
In ACS the creation of tiers of a VPC is restricted to the same account that owns the VPC; so, each account needs to have its own VPC and it is not possible to group tiers owned by different accounts in the same VPC.
To address this situation, the concept of Domain VPCs has been created (only on the API so far), where a VPC can be managed by a domain and its tiers can be created to accounts inside this domain. In the `createNetwork` API it will be possible to create networks (tiers) to a VPC from a different account; however, the informed account must be accessible to the account that owns the VPC. The tiers will be isolated from the broadcast domain and will consume the same VR, in accordance with current behavior. Also, if a VPN is setup in the VPC, the user will have access to all networks, in accordance with the current behavior.
### Types of changes
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [X] New feature (non-breaking change which adds functionality)
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] Enhancement (improves an existing feature and functionality)
- [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
### Feature/Enhancement Scale or Bug Severity
#### Feature/Enhancement Scale
- [ ] Major
- [X] Minor
#### Bug Severity
- [ ] BLOCKER
- [ ] Critical
- [ ] Major
- [ ] Minor
- [ ] Trivial
### How Has This Been Tested?
I created VPCs with Root Admin, Domain Admin, and user accounts and tried creating tiers in these VPCs for the other accounts (should only be able to create if the VPC account has access to the account that owns the network).
| # | VPC owner account | Network Owner account | Same Domain | Could Create | Expected Result
| ------ | ------ | ------ | ------ |------ | ------ |
| 1 | cell |cell | cell |cell |cell |
| 1 | cell |cell | cell |cell |cell |
| 1 | cell |cell | cell |cell |cell |
| 1 | cell |cell | cell |cell |cell |
| 1 | cell |cell | cell |cell |cell |
<!-- Please read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/main/CONTRIBUTING.md) document -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #7153: Introducing concept of domain VPCs
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1632368786
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland closed pull request #7153: Introducing concept of domain VPCs
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland closed pull request #7153: Introducing concept of domain VPCs
URL: https://github.com/apache/cloudstack/pull/7153
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] github-actions[bot] commented on pull request #7153: Introducing concept of domain VPCs
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1609088411
This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] GaOrtiga commented on pull request #7153: Introducing concept of domain VPCs
Posted by "GaOrtiga (via GitHub)" <gi...@apache.org>.
GaOrtiga commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1637909380
> @GaOrtiga
>
> Another scenario where sub domains are present
>
> Also, what will happen if an account is present under a sub domains of a domain
>
> Ideally, the network should get created since the subdomain is also falls under the same domain
> VPC owner account Network Owner account Same Domain Could Create Expected Result Comments
> Domain Admin Account under a subdomain Y N Network tier should get created see_no_evil Error: (HTTP 531, error code 4365) Account <>does not have permission to operate within domain id=51427f97-6c38-4a7d-bf1c-8cdc86232cb8
hi @kiranchavala thanks for testing.
Which account did you use to run the API commands?
I ran both tests twice, once using the VPC owner and the other using the network owner. While running it with the VPC owner, both creations were successful. When running it with network owner I had the same results as you, however I do believe this is the correct outcome, since these accounts should not be able to access the the domain admin's resources such as the VPC.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #7153: Introducing concept of domain VPCs
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1655260620
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7153: Introducing concept of domain VPCs
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1633397383
<b>[SF] Trillian test result (tid-7060)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 47767 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7153-t7060-kvm-centos7.zip
Smoke tests completed. 109 look OK, 4 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_01_migrate_VM_and_root_volume | `Error` | 347.49 | test_vm_life_cycle.py
test_02_migrate_VM_with_two_data_disks | `Error` | 313.51 | test_vm_life_cycle.py
test_01_secure_vm_migration | `Error` | 407.44 | test_vm_life_cycle.py
test_02_unsecure_vm_migration | `Error` | 526.23 | test_vm_life_cycle.py
test_04_nonsecured_to_secured_vm_migration | `Error` | 453.27 | test_vm_life_cycle.py
ContextSuite context=TestVMLifeCycle>:setup | `Error` | 346.20 | test_vm_life_cycle.py
test_05_vmschedule_test_e2e | `Failure` | 276.11 | test_vm_schedule.py
ContextSuite context=TestCreateVolume>:setup | `Error` | 0.00 | test_volumes.py
test_11_attach_volume_with_unstarted_vm | `Error` | 437.94 | test_volumes.py
test_02_cancel_host_maintenace_with_migration_jobs | `Error` | 348.04 | test_host_maintenance.py
test_03_cancel_host_maintenace_with_migration_jobs_failure | `Error` | 305.69 | test_host_maintenance.py
test_01_cancel_host_maintenance_ssh_enabled_agent_connected | `Failure` | 331.74 | test_host_maintenance.py
test_03_cancel_host_maintenance_ssh_disabled_agent_connected | `Failure` | 319.59 | test_host_maintenance.py
ContextSuite context=TestHostMaintenanceAgents>:teardown | `Error` | 65.93 | test_host_maintenance.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7153: Introducing concept of domain VPCs
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1635550064
<b>[SF] Trillian test result (tid-7076)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 731 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7153-t7076-kvm-centos7.zip
Smoke tests completed. 0 look OK, 0 have errors, 113 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
all_test_safe_shutdown | `Skipped` | --- | test_safe_shutdown.py
all_test_scale_vm | `Skipped` | --- | test_scale_vm.py
all_test_2fa | `Skipped` | --- | test_2fa.py
all_test_regions | `Skipped` | --- | test_regions.py
all_test_accounts | `Skipped` | --- | test_accounts.py
all_test_nonstrict_affinity_group | `Skipped` | --- | test_nonstrict_affinity_group.py
all_test_affinity_groups | `Skipped` | --- | test_affinity_groups.py
all_test_internal_lb | `Skipped` | --- | test_internal_lb.py
all_test_usage | `Skipped` | --- | test_usage.py
all_test_affinity_groups_projects | `Skipped` | --- | test_affinity_groups_projects.py
all_test_register_userdata | `Skipped` | --- | test_register_userdata.py
all_test_annotations | `Skipped` | --- | test_annotations.py
all_test_reset_vm_on_reboot | `Skipped` | --- | test_reset_vm_on_reboot.py
all_test_async_job | `Skipped` | --- | test_async_job.py
all_test_ipv6_infra | `Skipped` | --- | test_ipv6_infra.py
all_test_attach_multiple_volumes | `Skipped` | --- | test_attach_multiple_volumes.py
all_test_kubernetes_clusters | `Skipped` | --- | test_kubernetes_clusters.py
all_test_backup_recovery_dummy | `Skipped` | --- | test_backup_recovery_dummy.py
all_test_outofbandmanagement | `Skipped` | --- | test_outofbandmanagement.py
all_test_certauthority_root | `Skipped` | --- | test_certauthority_root.py
all_test_over_provisioning | `Skipped` | --- | test_over_provisioning.py
all_test_console_endpoint | `Skipped` | --- | test_console_endpoint.py
all_test_set_sourcenat | `Skipped` | --- | test_set_sourcenat.py
all_test_create_list_domain_account_project | `Skipped` | --- | test_create_list_domain_account_project.py
all_test_password_server | `Skipped` | --- | test_password_server.py
all_test_create_network | `Skipped` | --- | test_create_network.py
all_test_iso | `Skipped` | --- | test_iso.py
all_test_snapshots | `Skipped` | --- | test_snapshots.py
all_test_deploy_vgpu_enabled_vm | `Skipped` | --- | test_deploy_vgpu_enabled_vm.py
all_test_migration | `Skipped` | --- | test_migration.py
all_test_deploy_virtio_scsi_vm | `Skipped` | --- | test_deploy_virtio_scsi_vm.py
all_test_multipleips_per_nic | `Skipped` | --- | test_multipleips_per_nic.py
all_test_deploy_vm_extra_config_data | `Skipped` | --- | test_deploy_vm_extra_config_data.py
all_test_persistent_network | `Skipped` | --- | test_persistent_network.py
all_test_deploy_vm_iso | `Skipped` | --- | test_deploy_vm_iso.py
all_test_portable_publicip | `Skipped` | --- | test_portable_publicip.py
all_test_deploy_vm_iso_uefi | `Skipped` | --- | test_deploy_vm_iso_uefi.py
all_test_nested_virtualization | `Skipped` | --- | test_nested_virtualization.py
all_test_deploy_vm_root_resize | `Skipped` | --- | test_deploy_vm_root_resize.py
all_test_network | `Skipped` | --- | test_network.py
all_test_deploy_vm_with_userdata | `Skipped` | --- | test_deploy_vm_with_userdata.py
all_test_network_acl | `Skipped` | --- | test_network_acl.py
all_test_deploy_vms_in_parallel | `Skipped` | --- | test_deploy_vms_in_parallel.py
all_test_ssvm | `Skipped` | --- | test_ssvm.py
all_test_deploy_vms_with_varied_deploymentplanners | `Skipped` | --- | test_deploy_vms_with_varied_deploymentplanners.py
all_test_resource_accounting | `Skipped` | --- | test_resource_accounting.py
all_test_diagnostics | `Skipped` | --- | test_diagnostics.py
all_test_portforwardingrules | `Skipped` | --- | test_portforwardingrules.py
all_test_direct_download | `Skipped` | --- | test_direct_download.py
all_test_primary_storage | `Skipped` | --- | test_primary_storage.py
all_test_disk_offerings | `Skipped` | --- | test_disk_offerings.py
all_test_network_ipv6 | `Skipped` | --- | test_network_ipv6.py
all_test_disk_provisioning_types | `Skipped` | --- | test_disk_provisioning_types.py
all_test_network_permissions | `Skipped` | --- | test_network_permissions.py
all_test_domain_disk_offerings | `Skipped` | --- | test_domain_disk_offerings.py
all_test_nic | `Skipped` | --- | test_nic.py
all_test_staticroles | `Skipped` | --- | test_staticroles.py
all_test_domain_network_offerings | `Skipped` | --- | test_domain_network_offerings.py
all_test_nic_adapter_type | `Skipped` | --- | test_nic_adapter_type.py
all_test_domain_service_offerings | `Skipped` | --- | test_domain_service_offerings.py
all_test_private_roles | `Skipped` | --- | test_private_roles.py
all_test_domain_vpc_offerings | `Skipped` | --- | test_domain_vpc_offerings.py
all_test_resource_detail | `Skipped` | --- | test_resource_detail.py
all_test_dynamicroles | `Skipped` | --- | test_dynamicroles.py
all_test_hostha_simulator | `Skipped` | --- | test_hostha_simulator.py
all_test_enable_account_settings_for_domain | `Skipped` | --- | test_enable_account_settings_for_domain.py
all_test_human_readable_logs | `Skipped` | --- | test_human_readable_logs.py
all_test_enable_role_based_users_in_projects | `Skipped` | --- | test_enable_role_based_users_in_projects.py
all_test_privategw_acl | `Skipped` | --- | test_privategw_acl.py
all_test_events_resource | `Skipped` | --- | test_events_resource.py
all_test_non_contigiousvlan | `Skipped` | --- | test_non_contigiousvlan.py
all_test_gateway_on_shared_networks | `Skipped` | --- | test_gateway_on_shared_networks.py
all_test_privategw_acl_ovs_gre | `Skipped` | --- | test_privategw_acl_ovs_gre.py
all_test_global_settings | `Skipped` | --- | test_global_settings.py
all_test_router_dhcphosts | `Skipped` | --- | test_router_dhcphosts.py
all_test_guest_os | `Skipped` | --- | test_guest_os.py
all_test_projects | `Skipped` | --- | test_projects.py
all_test_guest_vlan_range | `Skipped` | --- | test_guest_vlan_range.py
all_test_public_ip_range | `Skipped` | --- | test_public_ip_range.py
all_test_host_control_state | `Skipped` | --- | test_host_control_state.py
all_test_kubernetes_supported_versions | `Skipped` | --- | test_kubernetes_supported_versions.py
all_test_pvlan | `Skipped` | --- | test_pvlan.py
all_test_list_ids_parameter | `Skipped` | --- | test_list_ids_parameter.py
all_test_router_dns | `Skipped` | --- | test_router_dns.py
all_test_loadbalance | `Skipped` | --- | test_loadbalance.py
all_test_router_dnsservice | `Skipped` | --- | test_router_dnsservice.py
all_test_login | `Skipped` | --- | test_login.py
all_test_routers | `Skipped` | --- | test_routers.py
all_test_metrics_api | `Skipped` | --- | test_metrics_api.py
all_test_routers_network_ops | `Skipped` | --- | test_routers_network_ops.py
all_test_outofbandmanagement_nestedplugin | `Skipped` | --- | test_outofbandmanagement_nestedplugin.py
all_test_reset_configuration_settings | `Skipped` | --- | test_reset_configuration_settings.py
all_test_routers_iptables_default_policy | `Skipped` | --- | test_routers_iptables_default_policy.py
all_test_secondary_storage | `Skipped` | --- | test_secondary_storage.py
all_test_service_offerings | `Skipped` | --- | test_service_offerings.py
all_test_storage_policy | `Skipped` | --- | test_storage_policy.py
all_test_templates | `Skipped` | --- | test_templates.py
all_test_update_security_group | `Skipped` | --- | test_update_security_group.py
all_test_usage_events | `Skipped` | --- | test_usage_events.py
all_test_vm_autoscaling | `Skipped` | --- | test_vm_autoscaling.py
all_test_vm_deployment_planner | `Skipped` | --- | test_vm_deployment_planner.py
all_test_vm_life_cycle | `Skipped` | --- | test_vm_life_cycle.py
all_test_vm_lifecycle_unmanage_import | `Skipped` | --- | test_vm_lifecycle_unmanage_import.py
all_test_vm_schedule | `Skipped` | --- | test_vm_schedule.py
all_test_vm_snapshot_kvm | `Skipped` | --- | test_vm_snapshot_kvm.py
all_test_vm_snapshots | `Skipped` | --- | test_vm_snapshots.py
all_test_volumes | `Skipped` | --- | test_volumes.py
all_test_vpc_ipv6 | `Skipped` | --- | test_vpc_ipv6.py
all_test_vpc_redundant | `Skipped` | --- | test_vpc_redundant.py
all_test_vpc_router_nics | `Skipped` | --- | test_vpc_router_nics.py
all_test_vpc_vpn | `Skipped` | --- | test_vpc_vpn.py
all_test_host_maintenance | `Skipped` | --- | test_host_maintenance.py
all_test_hostha_kvm | `Skipped` | --- | test_hostha_kvm.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7153: Introducing concept of domain VPCs
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1655262927
@DaanHoogland a [SF] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7153: Introducing concept of domain VPCs
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1640012535
<b>[SF] Trillian test result (tid-7104)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 773 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7153-t7104-kvm-centos7.zip
Smoke tests completed. 0 look OK, 0 have errors, 113 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
all_test_safe_shutdown | `Skipped` | --- | test_safe_shutdown.py
all_test_scale_vm | `Skipped` | --- | test_scale_vm.py
all_test_2fa | `Skipped` | --- | test_2fa.py
all_test_regions | `Skipped` | --- | test_regions.py
all_test_accounts | `Skipped` | --- | test_accounts.py
all_test_nonstrict_affinity_group | `Skipped` | --- | test_nonstrict_affinity_group.py
all_test_affinity_groups | `Skipped` | --- | test_affinity_groups.py
all_test_internal_lb | `Skipped` | --- | test_internal_lb.py
all_test_usage | `Skipped` | --- | test_usage.py
all_test_affinity_groups_projects | `Skipped` | --- | test_affinity_groups_projects.py
all_test_register_userdata | `Skipped` | --- | test_register_userdata.py
all_test_annotations | `Skipped` | --- | test_annotations.py
all_test_reset_vm_on_reboot | `Skipped` | --- | test_reset_vm_on_reboot.py
all_test_async_job | `Skipped` | --- | test_async_job.py
all_test_ipv6_infra | `Skipped` | --- | test_ipv6_infra.py
all_test_attach_multiple_volumes | `Skipped` | --- | test_attach_multiple_volumes.py
all_test_kubernetes_clusters | `Skipped` | --- | test_kubernetes_clusters.py
all_test_backup_recovery_dummy | `Skipped` | --- | test_backup_recovery_dummy.py
all_test_outofbandmanagement | `Skipped` | --- | test_outofbandmanagement.py
all_test_certauthority_root | `Skipped` | --- | test_certauthority_root.py
all_test_over_provisioning | `Skipped` | --- | test_over_provisioning.py
all_test_console_endpoint | `Skipped` | --- | test_console_endpoint.py
all_test_set_sourcenat | `Skipped` | --- | test_set_sourcenat.py
all_test_create_list_domain_account_project | `Skipped` | --- | test_create_list_domain_account_project.py
all_test_password_server | `Skipped` | --- | test_password_server.py
all_test_create_network | `Skipped` | --- | test_create_network.py
all_test_iso | `Skipped` | --- | test_iso.py
all_test_snapshots | `Skipped` | --- | test_snapshots.py
all_test_deploy_vgpu_enabled_vm | `Skipped` | --- | test_deploy_vgpu_enabled_vm.py
all_test_migration | `Skipped` | --- | test_migration.py
all_test_deploy_virtio_scsi_vm | `Skipped` | --- | test_deploy_virtio_scsi_vm.py
all_test_multipleips_per_nic | `Skipped` | --- | test_multipleips_per_nic.py
all_test_deploy_vm_extra_config_data | `Skipped` | --- | test_deploy_vm_extra_config_data.py
all_test_persistent_network | `Skipped` | --- | test_persistent_network.py
all_test_deploy_vm_iso | `Skipped` | --- | test_deploy_vm_iso.py
all_test_portable_publicip | `Skipped` | --- | test_portable_publicip.py
all_test_deploy_vm_iso_uefi | `Skipped` | --- | test_deploy_vm_iso_uefi.py
all_test_nested_virtualization | `Skipped` | --- | test_nested_virtualization.py
all_test_deploy_vm_root_resize | `Skipped` | --- | test_deploy_vm_root_resize.py
all_test_network | `Skipped` | --- | test_network.py
all_test_deploy_vm_with_userdata | `Skipped` | --- | test_deploy_vm_with_userdata.py
all_test_network_acl | `Skipped` | --- | test_network_acl.py
all_test_deploy_vms_in_parallel | `Skipped` | --- | test_deploy_vms_in_parallel.py
all_test_ssvm | `Skipped` | --- | test_ssvm.py
all_test_deploy_vms_with_varied_deploymentplanners | `Skipped` | --- | test_deploy_vms_with_varied_deploymentplanners.py
all_test_resource_accounting | `Skipped` | --- | test_resource_accounting.py
all_test_diagnostics | `Skipped` | --- | test_diagnostics.py
all_test_portforwardingrules | `Skipped` | --- | test_portforwardingrules.py
all_test_direct_download | `Skipped` | --- | test_direct_download.py
all_test_primary_storage | `Skipped` | --- | test_primary_storage.py
all_test_disk_offerings | `Skipped` | --- | test_disk_offerings.py
all_test_network_ipv6 | `Skipped` | --- | test_network_ipv6.py
all_test_disk_provisioning_types | `Skipped` | --- | test_disk_provisioning_types.py
all_test_network_permissions | `Skipped` | --- | test_network_permissions.py
all_test_domain_disk_offerings | `Skipped` | --- | test_domain_disk_offerings.py
all_test_nic | `Skipped` | --- | test_nic.py
all_test_staticroles | `Skipped` | --- | test_staticroles.py
all_test_domain_network_offerings | `Skipped` | --- | test_domain_network_offerings.py
all_test_nic_adapter_type | `Skipped` | --- | test_nic_adapter_type.py
all_test_domain_service_offerings | `Skipped` | --- | test_domain_service_offerings.py
all_test_private_roles | `Skipped` | --- | test_private_roles.py
all_test_domain_vpc_offerings | `Skipped` | --- | test_domain_vpc_offerings.py
all_test_resource_detail | `Skipped` | --- | test_resource_detail.py
all_test_dynamicroles | `Skipped` | --- | test_dynamicroles.py
all_test_hostha_simulator | `Skipped` | --- | test_hostha_simulator.py
all_test_enable_account_settings_for_domain | `Skipped` | --- | test_enable_account_settings_for_domain.py
all_test_human_readable_logs | `Skipped` | --- | test_human_readable_logs.py
all_test_enable_role_based_users_in_projects | `Skipped` | --- | test_enable_role_based_users_in_projects.py
all_test_privategw_acl | `Skipped` | --- | test_privategw_acl.py
all_test_events_resource | `Skipped` | --- | test_events_resource.py
all_test_non_contigiousvlan | `Skipped` | --- | test_non_contigiousvlan.py
all_test_gateway_on_shared_networks | `Skipped` | --- | test_gateway_on_shared_networks.py
all_test_privategw_acl_ovs_gre | `Skipped` | --- | test_privategw_acl_ovs_gre.py
all_test_global_settings | `Skipped` | --- | test_global_settings.py
all_test_router_dhcphosts | `Skipped` | --- | test_router_dhcphosts.py
all_test_guest_os | `Skipped` | --- | test_guest_os.py
all_test_projects | `Skipped` | --- | test_projects.py
all_test_guest_vlan_range | `Skipped` | --- | test_guest_vlan_range.py
all_test_public_ip_range | `Skipped` | --- | test_public_ip_range.py
all_test_host_control_state | `Skipped` | --- | test_host_control_state.py
all_test_kubernetes_supported_versions | `Skipped` | --- | test_kubernetes_supported_versions.py
all_test_pvlan | `Skipped` | --- | test_pvlan.py
all_test_list_ids_parameter | `Skipped` | --- | test_list_ids_parameter.py
all_test_router_dns | `Skipped` | --- | test_router_dns.py
all_test_loadbalance | `Skipped` | --- | test_loadbalance.py
all_test_router_dnsservice | `Skipped` | --- | test_router_dnsservice.py
all_test_login | `Skipped` | --- | test_login.py
all_test_routers | `Skipped` | --- | test_routers.py
all_test_metrics_api | `Skipped` | --- | test_metrics_api.py
all_test_routers_network_ops | `Skipped` | --- | test_routers_network_ops.py
all_test_outofbandmanagement_nestedplugin | `Skipped` | --- | test_outofbandmanagement_nestedplugin.py
all_test_reset_configuration_settings | `Skipped` | --- | test_reset_configuration_settings.py
all_test_routers_iptables_default_policy | `Skipped` | --- | test_routers_iptables_default_policy.py
all_test_secondary_storage | `Skipped` | --- | test_secondary_storage.py
all_test_service_offerings | `Skipped` | --- | test_service_offerings.py
all_test_storage_policy | `Skipped` | --- | test_storage_policy.py
all_test_templates | `Skipped` | --- | test_templates.py
all_test_update_security_group | `Skipped` | --- | test_update_security_group.py
all_test_usage_events | `Skipped` | --- | test_usage_events.py
all_test_vm_autoscaling | `Skipped` | --- | test_vm_autoscaling.py
all_test_vm_deployment_planner | `Skipped` | --- | test_vm_deployment_planner.py
all_test_vm_life_cycle | `Skipped` | --- | test_vm_life_cycle.py
all_test_vm_lifecycle_unmanage_import | `Skipped` | --- | test_vm_lifecycle_unmanage_import.py
all_test_vm_schedule | `Skipped` | --- | test_vm_schedule.py
all_test_vm_snapshot_kvm | `Skipped` | --- | test_vm_snapshot_kvm.py
all_test_vm_snapshots | `Skipped` | --- | test_vm_snapshots.py
all_test_volumes | `Skipped` | --- | test_volumes.py
all_test_vpc_ipv6 | `Skipped` | --- | test_vpc_ipv6.py
all_test_vpc_redundant | `Skipped` | --- | test_vpc_redundant.py
all_test_vpc_router_nics | `Skipped` | --- | test_vpc_router_nics.py
all_test_vpc_vpn | `Skipped` | --- | test_vpc_vpn.py
all_test_host_maintenance | `Skipped` | --- | test_host_maintenance.py
all_test_hostha_kvm | `Skipped` | --- | test_hostha_kvm.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #7153: Introducing concept of domain VPCs
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1631978982
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7153: Introducing concept of domain VPCs
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1655372754
Packaging result [SF]: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: el9 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 6593
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7153: Introducing concept of domain VPCs
Posted by "sonarcloud[bot] (via GitHub)" <gi...@apache.org>.
sonarcloud[bot] commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1446243327
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7153)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_coverage&view=list) [6.9% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on a diff in pull request #7153: Introducing concept of domain VPCs
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on code in PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#discussion_r1180042689
##########
server/src/main/java/com/cloud/api/ApiResponseHelper.java:
##########
@@ -2534,7 +2534,12 @@ public NetworkResponse createNetworkResponse(ResponseView view, Network network)
if (network.getVpcId() != null) {
Vpc vpc = ApiDBUtils.findVpcById(network.getVpcId());
if (vpc != null) {
- response.setVpcId(vpc.getUuid());
+ try {
+ _accountMgr.checkAccess(CallContext.current().getCallingAccount(), null, false, vpc);
+ response.setVpcId(vpc.getUuid());
+ } catch (PermissionDeniedException e){
+ s_logger.debug("Not setting the vpcId to the response because the caller does not have access to the VPC");
+ }
Review Comment:
Can you extract this as a separate method?
##########
server/src/main/java/com/cloud/network/IpAddressManagerImpl.java:
##########
@@ -1476,7 +1476,8 @@ public IPAddressVO associateIPToGuestNetwork(long ipId, long networkId, boolean
// - if shared network in Advanced zone
// - and it belongs to the system
if (network.getAccountId() != owner.getId()) {
- if (zone.getNetworkType() != NetworkType.Basic && !(zone.getNetworkType() == NetworkType.Advanced && network.getGuestType() == Network.GuestType.Shared)) {
+ if (zone.getNetworkType() != NetworkType.Basic &&
+ !(zone.getNetworkType() == NetworkType.Advanced && network.getGuestType() == Network.GuestType.Shared || network.getVpcId().equals(ipToAssoc.getVpcId()))) {
Review Comment:
So if `network.getVpcId().equals(ipToAssoc.getVpcId())` we should throw an exception! Can you explain?
##########
server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java:
##########
@@ -1764,9 +1764,14 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
}
}
- // 4) vpc and network should belong to the same owner
- if (vpc.getAccountId() != networkOwner.getId()) {
- throw new InvalidParameterValueException("Vpc " + vpc + " owner is different from the network owner " + networkOwner);
+ // 4) Vpc's account should be able to access network owner's account
+ Account vpcaccount = _accountMgr.getAccount(vpc.getAccountId());
+ try {
+ _accountMgr.checkAccess(vpcaccount, null, false, networkOwner);
+ }
+ catch (PermissionDeniedException e) {
+ s_logger.error(e.getMessage());
+ throw new InvalidParameterValueException(String.format("VPC owner does not have access to account [%s].", networkOwner.getAccountName()));
Review Comment:
can you extract this as a method?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] GaOrtiga commented on a diff in pull request #7153: Introducing concept of domain VPCs
Posted by "GaOrtiga (via GitHub)" <gi...@apache.org>.
GaOrtiga commented on code in PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#discussion_r1183062659
##########
server/src/main/java/com/cloud/network/IpAddressManagerImpl.java:
##########
@@ -1476,7 +1476,8 @@ public IPAddressVO associateIPToGuestNetwork(long ipId, long networkId, boolean
// - if shared network in Advanced zone
// - and it belongs to the system
if (network.getAccountId() != owner.getId()) {
- if (zone.getNetworkType() != NetworkType.Basic && !(zone.getNetworkType() == NetworkType.Advanced && network.getGuestType() == Network.GuestType.Shared)) {
+ if (zone.getNetworkType() != NetworkType.Basic &&
+ !(zone.getNetworkType() == NetworkType.Advanced && network.getGuestType() == Network.GuestType.Shared || network.getVpcId().equals(ipToAssoc.getVpcId()))) {
Review Comment:
Theres a subtle "!" in the beginning of the expression
`(zone.getNetworkType() == NetworkType.Advanced && network.getGuestType() == Network.GuestType.Shared || network.getVpcId().equals(ipToAssoc.getVpcId()))`
which makes it equivalent to the following expression
`(!zone.getNetworkType() == NetworkType.Advanced && !network.getVpcId().equals(ipToAssoc.getVpcId()) || !network.getGuestType() == Network.GuestType.Shared && !network.getVpcId().equals(ipToAssoc.getVpcId()))`
So we are actually checking if both VpcIds are different and throwing an exception if that is the case.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7153: Introducing concept of domain VPCs
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1631981482
@DaanHoogland a [SF] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on a diff in pull request #7153: Introducing concept of domain VPCs
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on code in PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#discussion_r1187176420
##########
server/src/main/java/com/cloud/network/IpAddressManagerImpl.java:
##########
@@ -1476,7 +1476,8 @@ public IPAddressVO associateIPToGuestNetwork(long ipId, long networkId, boolean
// - if shared network in Advanced zone
// - and it belongs to the system
if (network.getAccountId() != owner.getId()) {
- if (zone.getNetworkType() != NetworkType.Basic && !(zone.getNetworkType() == NetworkType.Advanced && network.getGuestType() == Network.GuestType.Shared)) {
+ if (zone.getNetworkType() != NetworkType.Basic &&
+ !(zone.getNetworkType() == NetworkType.Advanced && network.getGuestType() == Network.GuestType.Shared || network.getVpcId().equals(ipToAssoc.getVpcId()))) {
Review Comment:
right, missed that. Maybe you can extract the expression to a method for clarity?
thanks for the explanation.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7153: Introducing concept of domain VPCs
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1632369953
@DaanHoogland a [SF] Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] kiranchavala commented on pull request #7153: Introducing concept of domain VPCs
Posted by "kiranchavala (via GitHub)" <gi...@apache.org>.
kiranchavala commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1637920188
Hi @GaOrtiga
Thanks for the update
I used the network owner account to execute the api calls
Also Let me do a quick check with the VPC owner account
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #7153: Introducing concept of domain VPCs
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1635593861
@blueorangutan test keepEnv
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7153: Introducing concept of domain VPCs
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1632069222
Packaging result [SF]: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: el9 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 6466
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7153: Introducing concept of domain VPCs
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1656471466
<b>[SF] Trillian test result (tid-7197)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 43295 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr7153-t7197-kvm-centos7.zip
Smoke tests completed. 112 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_01_migrate_VM_and_root_volume | `Error` | 76.63 | test_vm_life_cycle.py
test_02_migrate_VM_with_two_data_disks | `Error` | 50.28 | test_vm_life_cycle.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland merged pull request #7153: Introducing concept of domain VPCs
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland merged PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7153: Introducing concept of domain VPCs
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1639959692
@DaanHoogland a [SF] Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7153: Introducing concept of domain VPCs
Posted by "sonarcloud[bot] (via GitHub)" <gi...@apache.org>.
sonarcloud[bot] commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1416011451
Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7153)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_coverage&view=list) [12.5% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] GaOrtiga commented on a diff in pull request #7153: Introducing concept of domain VPCs
Posted by "GaOrtiga (via GitHub)" <gi...@apache.org>.
GaOrtiga commented on code in PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#discussion_r1095823504
##########
server/src/main/java/com/cloud/api/ApiResponseHelper.java:
##########
@@ -2490,7 +2490,11 @@ public NetworkResponse createNetworkResponse(ResponseView view, Network network)
if (network.getVpcId() != null) {
Vpc vpc = ApiDBUtils.findVpcById(network.getVpcId());
if (vpc != null) {
- response.setVpcId(vpc.getUuid());
+ try {
+ _accountMgr.checkAccess(CallContext.current().getCallingAccount(), null, false, vpc);
+ response.setVpcId(vpc.getUuid());
+ } catch (PermissionDeniedException e){
+ }
Review Comment:
@DaanHoogland , the reason to do this is to abstract the ID of the VPC from the account that does not have access to it; this way, the account would know the network belongs to a VPC, but would not be able to redirect to the VPC tab in the UI. Here follows an example, with VPCUser being accessible by the account and VPCRoot not being accessible:
You are right, there should be a log there, I will add it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] github-actions[bot] commented on pull request #7153: Introducing concept of domain VPCs
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1502959289
This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7153: Introducing concept of domain VPCs
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1655521643
@DaanHoogland a [SF] Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #7153: Introducing concept of domain VPCs
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1639959010
@blueorangutan test keepEnv
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #7153: Introducing concept of domain VPCs
Posted by "blueorangutan (via GitHub)" <gi...@apache.org>.
blueorangutan commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1635596439
@DaanHoogland a [SF] Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on a diff in pull request #7153: Introducing concept of domain VPCs
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on code in PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#discussion_r1093127563
##########
server/src/main/java/com/cloud/api/ApiResponseHelper.java:
##########
@@ -2490,7 +2490,11 @@ public NetworkResponse createNetworkResponse(ResponseView view, Network network)
if (network.getVpcId() != null) {
Vpc vpc = ApiDBUtils.findVpcById(network.getVpcId());
if (vpc != null) {
- response.setVpcId(vpc.getUuid());
+ try {
+ _accountMgr.checkAccess(CallContext.current().getCallingAccount(), null, false, vpc);
+ response.setVpcId(vpc.getUuid());
+ } catch (PermissionDeniedException e){
+ }
Review Comment:
this is strange, we check on access but there is no consequence?
at least we should log that something was denied/not setting or disclosing vpcid.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] codecov[bot] commented on pull request #7153: Implementation of Domain VPCs
Posted by codecov.
codecov[bot] commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1410901242
# [Codecov](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#7153](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (91cff83) into [main](https://codecov.io/gh/apache/cloudstack/commit/83c2bfacd879d588816ae0f16f002b3a40ef11c8?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (83c2bfa) will **increase** coverage by `0.06%`.
> The diff coverage is `22.22%`.
```diff
@@ Coverage Diff @@
## main #7153 +/- ##
============================================
+ Coverage 11.79% 11.86% +0.06%
- Complexity 7692 7732 +40
============================================
Files 2511 2512 +1
Lines 246578 246832 +254
Branches 38446 38493 +47
============================================
+ Hits 29090 29287 +197
+ Misses 213703 213693 -10
- Partials 3785 3852 +67
```
| [Impacted Files](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...src/main/java/com/cloud/api/ApiResponseHelper.java](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2VydmVyL3NyYy9tYWluL2phdmEvY29tL2Nsb3VkL2FwaS9BcGlSZXNwb25zZUhlbHBlci5qYXZh) | `3.82% <0.00%> (-0.05%)` | :arrow_down: |
| [...ain/java/com/cloud/network/vpc/VpcManagerImpl.java](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2VydmVyL3NyYy9tYWluL2phdmEvY29tL2Nsb3VkL25ldHdvcmsvdnBjL1ZwY01hbmFnZXJJbXBsLmphdmE=) | `8.84% <50.00%> (+0.22%)` | :arrow_up: |
| [...dstack/network/contrail/model/ModelObjectBase.java](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-cGx1Z2lucy9uZXR3b3JrLWVsZW1lbnRzL2p1bmlwZXItY29udHJhaWwvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2Nsb3Vkc3RhY2svbmV0d29yay9jb250cmFpbC9tb2RlbC9Nb2RlbE9iamVjdEJhc2UuamF2YQ==) | `21.15% <0.00%> (-26.93%)` | :arrow_down: |
| [...cloudstack/network/contrail/model/ModelObject.java](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-cGx1Z2lucy9uZXR3b3JrLWVsZW1lbnRzL2p1bmlwZXItY29udHJhaWwvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2Nsb3Vkc3RhY2svbmV0d29yay9jb250cmFpbC9tb2RlbC9Nb2RlbE9iamVjdC5qYXZh) | `29.16% <0.00%> (-4.17%)` | :arrow_down: |
| [.../src/main/java/com/cloud/configuration/Config.java](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2VydmVyL3NyYy9tYWluL2phdmEvY29tL2Nsb3VkL2NvbmZpZ3VyYXRpb24vQ29uZmlnLmphdmE=) | `88.91% <0.00%> (-0.82%)` | :arrow_down: |
| [...udstack/consoleproxy/ConsoleAccessManagerImpl.java](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2VydmVyL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9jbG91ZHN0YWNrL2NvbnNvbGVwcm94eS9Db25zb2xlQWNjZXNzTWFuYWdlckltcGwuamF2YQ==) | `5.10% <0.00%> (-0.12%)` | :arrow_down: |
| [...in/java/com/cloud/server/ManagementServerImpl.java](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2VydmVyL3NyYy9tYWluL2phdmEvY29tL2Nsb3VkL3NlcnZlci9NYW5hZ2VtZW50U2VydmVySW1wbC5qYXZh) | `5.66% <0.00%> (-0.06%)` | :arrow_down: |
| [...com/cloud/api/query/dao/DataCenterJoinDaoImpl.java](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2VydmVyL3NyYy9tYWluL2phdmEvY29tL2Nsb3VkL2FwaS9xdWVyeS9kYW8vRGF0YUNlbnRlckpvaW5EYW9JbXBsLmphdmE=) | `1.81% <0.00%> (-0.04%)` | :arrow_down: |
| [...java/com/cloud/server/ConfigurationServerImpl.java](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2VydmVyL3NyYy9tYWluL2phdmEvY29tL2Nsb3VkL3NlcnZlci9Db25maWd1cmF0aW9uU2VydmVySW1wbC5qYXZh) | `2.34% <0.00%> (-0.03%)` | :arrow_down: |
| ... and [25 more](https://codecov.io/gh/apache/cloudstack/pull/7153?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7153: Introducing concept of domain VPCs
Posted by "sonarcloud[bot] (via GitHub)" <gi...@apache.org>.
sonarcloud[bot] commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1440223655
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7153)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG) [1 Bug](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_coverage&view=list) [6.9% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on a diff in pull request #7153: Introducing concept of domain VPCs
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on code in PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#discussion_r1115387048
##########
server/src/main/java/com/cloud/network/IpAddressManagerImpl.java:
##########
@@ -1476,7 +1476,8 @@ public IPAddressVO associateIPToGuestNetwork(long ipId, long networkId, boolean
// - if shared network in Advanced zone
// - and it belongs to the system
if (network.getAccountId() != owner.getId()) {
- if (zone.getNetworkType() != NetworkType.Basic && !(zone.getNetworkType() == NetworkType.Advanced && network.getGuestType() == Network.GuestType.Shared)) {
+ if (zone.getNetworkType() != NetworkType.Basic &&
+ !(zone.getNetworkType() == NetworkType.Advanced && network.getGuestType() == Network.GuestType.Shared || network.getVpcId() == ipToAssoc.getVpcId())) {
Review Comment:
please look at the bug sonar reported, I think this one is serious.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7153: Introducing concept of domain VPCs
Posted by "sonarcloud[bot] (via GitHub)" <gi...@apache.org>.
sonarcloud[bot] commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1514871296
SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7153)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL) [7 Code Smells](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_coverage&view=list) [6.9% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sonarcloud[bot] commented on pull request #7153: Implementation of Domain VPCs
Posted by sonarcloud.
sonarcloud[bot] commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1410901566
Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_cloudstack&pullRequest=7153)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_cloudstack&pullRequest=7153&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_cloudstack&pullRequest=7153&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_coverage&view=list) [13.0% Coverage](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_cloudstack&pullRequest=7153&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] GaOrtiga commented on a diff in pull request #7153: Introducing concept of domain VPCs
Posted by "GaOrtiga (via GitHub)" <gi...@apache.org>.
GaOrtiga commented on code in PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#discussion_r1095823504
##########
server/src/main/java/com/cloud/api/ApiResponseHelper.java:
##########
@@ -2490,7 +2490,11 @@ public NetworkResponse createNetworkResponse(ResponseView view, Network network)
if (network.getVpcId() != null) {
Vpc vpc = ApiDBUtils.findVpcById(network.getVpcId());
if (vpc != null) {
- response.setVpcId(vpc.getUuid());
+ try {
+ _accountMgr.checkAccess(CallContext.current().getCallingAccount(), null, false, vpc);
+ response.setVpcId(vpc.getUuid());
+ } catch (PermissionDeniedException e){
+ }
Review Comment:
@DaanHoogland , the reason to do this is to abstract the ID of the VPC from the account that does not have access to it; this way, the account would know the network belongs to a VPC, but would not be able to redirect to the VPC tab in the UI. Here follows an example, with VPCUser being accessible by the account and VPCRoot not being accessible:
>at least we should log that something was denied/not setting or disclosing vpcid.
You are right, there should be a log there, I will add it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on pull request #7153: Introducing concept of domain VPCs
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#issuecomment-1655520572
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org