You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by sudhansu7 <gi...@git.apache.org> on 2016/11/11 14:13:54 UTC
[GitHub] cloudstack pull request #1763: CLOUDSTACK-9594: API "list templates template...
GitHub user sudhansu7 opened a pull request:
https://github.com/apache/cloudstack/pull/1763
CLOUDSTACK-9594: API "list templates templatefilter=all" reveals all
API "list templates templatefilter=all" reveals all templates.
Using a "list templates templatefilter=all" API call any domain admin can see all templates of all domains in ACS. Information returned includes the account and domain of the template's owner.
The template data shows what that VM is using and any hints from the label. This would give an advantage in what attack vectors to use. The account and domain can possibly be used in brute force attack to guess the password and login information.
Test Scenario:
created two accounts in different domain.
{noformat}
mysql> select account_id,username,api_key from user where id in (4,5);
+------------+-----------+----------------------------------------------------------------------------------------+
| account_id | username | api_key |
+------------+-----------+----------------------------------------------------------------------------------------+
| 4 | sudadmin1 | 3qeSuWadNzUFZ_i6c6zbwafjM3Eo0TWpkHw3En9jNsg5Ditk2N18DnbbL2quBYQ7FsdXQ8rwxbyFlE8vyUTwEg |
| 5 | sudadmin | N5uHVOrg1Ek1F1a_5OXTz4WpLG3ewHqcbPUSBjQ-2CTJdxmUe2go0S8fyqH4Np0scYiehYg2KqthZXCWEyKx1A |
+------------+-----------+----------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> select account_name,domain_id from account where id in (4,5);
+--------------+-----------+
| account_name | domain_id |
+--------------+-----------+
| sudadmin | 2 |
| sudadmin1 | 3 |
+--------------+-----------+
2 rows in set (0.00 sec)
{noformat}
User sudadmin registered a private template named 'Debian'.
http://10.147.59.107:8080/client/api?apikey=N5uHVOrg1Ek1F1a_5OXTz4WpLG3ewHqcbPUSBjQ-2CTJdxmUe2go0S8fyqH4Np0scYiehYg2KqthZXCWEyKx1A&command=listTemplates&templatefilter=self&signature=ODt7zEWCLL20z1FT%2FIkd1molRaM%3D
listTemplate with "templatefilter=self", lists the newly registered template.
{noformat}
<listtemplatesresponse cloud-stack-version="4.8.0">
<count>1</count>
<template>
<id>51026d32-60ee-4e25-8ffd-3fa3c57fc14c</id>
<name>Debian</name>
<displaytext>Debian</displaytext>
<ispublic>false</ispublic>
<created>2016-11-10T17:18:00-0500</created>
<isready>true</isready>
<passwordenabled>false</passwordenabled>
<format>VHD</format>
<isfeatured>false</isfeatured>
<crossZones>false</crossZones>
<ostypeid>38c1fc84-a687-11e6-a8c8-06f654000053</ostypeid>
<ostypename>Debian GNU/Linux 7(64-bit)</ostypename>
<account>sudadmin</account>
<zoneid>25fa5b74-d4c2-4bad-8e3a-ceffcd10985e</zoneid>
<zonename>z1</zonename>
<status>Download Complete</status>
<size>2621440000</size>
<templatetype>USER</templatetype>
<hypervisor>XenServer</hypervisor>
<domain>SUDDOMAIN</domain>
<domainid>a350c00d-4048-4876-ae09-74ad4b7bb28c</domainid>
<isextractable>false</isextractable>
<checksum>e87a6d7291b999c92baa9623c9c3c207</checksum>
<details>{hypervisortoolsversion=xenserver61}</details>
<sshkeyenabled>false</sshkeyenabled>
<isdynamicallyscalable>false</isdynamicallyscalable>
</template>
</listtemplatesresponse>
{noformat}
User: sudadmin1
listTemplate with "templatefilter=self" does not list any template.
http://10.147.59.107:8080/client/api?apikey=3qeSuWadNzUFZ_i6c6zbwafjM3Eo0TWpkHw3En9jNsg5Ditk2N18DnbbL2quBYQ7FsdXQ8rwxbyFlE8vyUTwEg&command=listTemplates&templatefilter=self&signature=RfKsdg3RxDkqJotbTlHU2RdbdPA%3D
{noformat}
<listtemplatesresponse cloud-stack-version="4.8.0"/>
{noformat}
NO TEMPLATES
**listTemplate with "templatefilter=all" lists all templates**
http://10.147.59.107:8080/client/api?apikey=3qeSuWadNzUFZ_i6c6zbwafjM3Eo0TWpkHw3En9jNsg5Ditk2N18DnbbL2quBYQ7FsdXQ8rwxbyFlE8vyUTwEg&command=listTemplates&templatefilter=all&signature=l5tubfyABT67d1jY702dvtZODbc%3D
Result:
{noformat}
<listtemplatesresponse cloud-stack-version="4.8.0">
<count>3</count>
<template>
<id>38451a02-a687-11e6-a8c8-06f654000053</id>
<name>CentOS 5.6(64-bit) no GUI (XenServer)</name>
<displaytext>CentOS 5.6(64-bit) no GUI (XenServer)</displaytext>
<ispublic>true</ispublic>
....
</template>
<template>
<id>51026d32-60ee-4e25-8ffd-3fa3c57fc14c</id>
<name>Debian</name>
<displaytext>Debian</displaytext>
<ispublic>false</ispublic>
<created>2016-11-10T17:18:00-0500</created>
<isready>true</isready>
<passwordenabled>false</passwordenabled>
<format>VHD</format>
<isfeatured>false</isfeatured>
<crossZones>false</crossZones>
<ostypeid>38c1fc84-a687-11e6-a8c8-06f654000053</ostypeid>
<ostypename>Debian GNU/Linux 7(64-bit)</ostypename>
**<account>sudadmin</account>**
<zoneid>25fa5b74-d4c2-4bad-8e3a-ceffcd10985e</zoneid>
<zonename>z1</zonename>
<size>2621440000</size>
<templatetype>USER</templatetype>
<hypervisor>XenServer</hypervisor>
<domain>SUDDOMAIN</domain>
<domainid>a350c00d-4048-4876-ae09-74ad4b7bb28c</domainid>
<isextractable>false</isextractable>
<checksum>e87a6d7291b999c92baa9623c9c3c207</checksum>
<details>{hypervisortoolsversion=xenserver61}</details>
<sshkeyenabled>false</sshkeyenabled>
<isdynamicallyscalable>false</isdynamicallyscalable>
</template>
<template>
<id>5f6af7bb-d965-4b9b-ab45-6d455b0d6bbe</id>
<name>SystemVM Template (XenServer)</name>
<displaytext>SystemVM Template (XenServer)</displaytext>
<ispublic>false</ispublic>
.....
</template>
</listtemplatesresponse>
{noformat}
**After Fix:**
http://10.147.59.107:8080/client/api?apikey=3qeSuWadNzUFZ_i6c6zbwafjM3Eo0TWpkHw3En9jNsg5Ditk2N18DnbbL2quBYQ7FsdXQ8rwxbyFlE8vyUTwEg&command=listTemplates&templatefilter=all&signature=l5tubfyABT67d1jY702dvtZODbc%3D
{noformat}
<listtemplatesresponse cloud-stack-version="4.8.0">
<count>1</count>
<template>
<id>38451a02-a687-11e6-a8c8-06f654000053</id>
<name>CentOS 5.6(64-bit) no GUI (XenServer)</name>
<displaytext>CentOS 5.6(64-bit) no GUI (XenServer)</displaytext>
<ispublic>true</ispublic>
<created>2016-11-10T09:32:44-0500</created>
<isready>true</isready>
<passwordenabled>false</passwordenabled>
<format>VHD</format>
<isfeatured>true</isfeatured>
<crossZones>true</crossZones>
<ostypeid>38a2bfd6-a687-11e6-a8c8-06f654000053</ostypeid>
<ostypename>CentOS 5.6 (64-bit)</ostypename>
<account>system</account>
<zoneid>25fa5b74-d4c2-4bad-8e3a-ceffcd10985e</zoneid>
<zonename>z1</zonename>
<size>21474836480</size>
<templatetype>BUILTIN</templatetype>
<hypervisor>XenServer</hypervisor>
<domain>ROOT</domain>
<domainid>383e0ea6-a687-11e6-a8c8-06f654000053</domainid>
<isextractable>true</isextractable>
<checksum>905cec879afd9c9d22ecc8036131a180</checksum>
<sshkeyenabled>false</sshkeyenabled>
<isdynamicallyscalable>true</isdynamicallyscalable>
</template>
</listtemplatesresponse>
{noformat}
Bug has been fixed considering below points
1. templatefilter=all or isofilter=all is applicable only to admin and domain admin.
2. With templatefilter=all or isofilter=all below are the visiblity of templates in system.
- admin should be able to see all templates/iso in system.
- domain admin should be able to see all public template and templates under its domain tree (including sub domain).
- domain admin in a project context should be able to see all public templates and templates registered
as project account and templates which are shared(using updateTemplatePermission api) with project account.
Also Modified "test/integration/component/test_escalation_listTemplateDomainAdmin.py"
This marvin test was written for this scenario but for the second account "templatefilter=all" is not used.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/sudhansu7/cloudstack CLOUDSTACK-9594
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cloudstack/pull/1763.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1763
----
commit 692a6eaaa2c54ae206d27a055579f948277cc62b
Author: Sudhansu <su...@accelerite.com>
Date: 2016-11-11T11:50:24Z
CLOUDSTACK-9594: API "list templates templatefilter=all" reveals all
templates of all domains
Bug has been fixed considering below points
1. templatefilter=all or isofilter=all is applicable only to admin
and domain admin.
2. With templatefilter=all or isofilter=all below are the visiblity
of templates in system.
a. admin should be able to see all templates/iso in system.
b. domain admin should be able to see all public template and
templates under its domain tree (including sub domain).
c. domain admin in a project context should be able to see all public
templates and templates registered as project account and templates
which are shared(using updateTemplatePermission api) with project account.
Modified
"test/integration/component/test_escalation_listTemplateDomainAdmin.py"
This marvin test is written for this scenario but for the second account
"templatefilter=all" is not used.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by blueorangutan <gi...@git.apache.org>.
Github user blueorangutan commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@borisstoyanov a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by sudhansu7 <gi...@git.apache.org>.
Github user sudhansu7 commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@rhtyd @jburwell
I think the fix for CLOUDSTACK-9376 will not address below scenario. I will test this and confirm.
1. templatefilter=all or isofilter=all is applicable only to admin
and domain admin.
2. With templatefilter=all or isofilter=all below are the visiblity
of templates in system.
a. admin should be able to see all templates/iso in system.
b. domain admin should be able to see all public template and
templates under its domain tree (including sub domain).
c. domain admin in a project context should be able to see all public
templates and templates registered as project account and templates
which are shared(using updateTemplatePermission api) with project account.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by blueorangutan <gi...@git.apache.org>.
Github user blueorangutan commented on the issue:
https://github.com/apache/cloudstack/pull/1763
Packaging result: \u2714centos6 \u2714centos7 \u2714debian. JID-353
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by rhtyd <gi...@git.apache.org>.
Github user rhtyd commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@blueorangutan package
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by blueorangutan <gi...@git.apache.org>.
Github user blueorangutan commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by blueorangutan <gi...@git.apache.org>.
Github user blueorangutan commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by rhtyd <gi...@git.apache.org>.
Github user rhtyd commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@blueorangutan package
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request #1763: CLOUDSTACK-9594: API "list templates template...
Posted by rhtyd <gi...@git.apache.org>.
Github user rhtyd commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/1763#discussion_r91479045
--- Diff: server/src/com/cloud/api/query/QueryManagerImpl.java ---
@@ -3054,9 +3054,9 @@ private boolean isPermissible(Long accountDomainId, Long offeringDomainId) {
boolean listAll = false;
if (templateFilter != null && templateFilter == TemplateFilter.all) {
- if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+ if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
--- End diff --
@sudhansu7 what is the user is a domain admin or resource admin, the `all` filter was only allowed for admin?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by blueorangutan <gi...@git.apache.org>.
Github user blueorangutan commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by rhtyd <gi...@git.apache.org>.
Github user rhtyd commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@sudhansu7 can you squash your changes, include information about the partial revert in the commit message?
@murali-reddy can you help review this as well, thanks.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by blueorangutan <gi...@git.apache.org>.
Github user blueorangutan commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by jburwell <gi...@git.apache.org>.
Github user jburwell commented on the issue:
https://github.com/apache/cloudstack/pull/1763
Thank you for your submission, but this issue has already been addressed as part of security fix ([CLOUDSTACK-9376](https://issues.apache.org/jira/browse/CLOUDSTACK-9376)) for 4.5+. Please see commit 0cb60a72fea2a216b5e3f6b0d769878b76a3eb03 for more information regarding the fix.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by rhtyd <gi...@git.apache.org>.
Github user rhtyd commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@blueorangutan package
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request #1763: CLOUDSTACK-9594: API "list templates template...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/cloudstack/pull/1763
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by jburwell <gi...@git.apache.org>.
Github user jburwell commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@sudhansu7 could you please create a Marvin test case with the tests outlined in your [comment](https://github.com/apache/cloudstack/pull/1763#issuecomment-265221113)? When it is available, it can be run along with the regression test suite on blueorangutan to complete testing.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by cloudmonger <gi...@git.apache.org>.
Github user cloudmonger commented on the issue:
https://github.com/apache/cloudstack/pull/1763
### ACS CI BVT Run
**Sumarry:**
Build Number 134
Hypervisor xenserver
NetworkType Advanced
Passed=103
Failed=2
Skipped=6
_Link to logs Folder (search by build_no):_ https://www.dropbox.com/sh/yj3wnzbceo9uef2/AAB6u-Iap-xztdm6jHX9SjPja?dl=0
**Failed tests:**
* test_deploy_vm_iso.py
* test_deploy_vm_from_iso Failing since 18 runs
* test_vm_life_cycle.py
* test_10_attachAndDetach_iso Failing since 19 runs
**Skipped tests:**
test_01_test_vm_volume_snapshot
test_vm_nic_adapter_vmxnet3
test_static_role_account_acls
test_11_ss_nfs_version_on_ssvm
test_3d_gpu_support
test_deploy_vgpu_enabled_vm
**Passed test suits:**
test_deploy_vm_with_userdata.py
test_affinity_groups_projects.py
test_portable_publicip.py
test_over_provisioning.py
test_global_settings.py
test_scale_vm.py
test_service_offerings.py
test_routers_iptables_default_policy.py
test_loadbalance.py
test_routers.py
test_reset_vm_on_reboot.py
test_snapshots.py
test_deploy_vms_with_varied_deploymentplanners.py
test_network.py
test_router_dns.py
test_non_contigiousvlan.py
test_login.py
test_list_ids_parameter.py
test_public_ip_range.py
test_multipleips_per_nic.py
test_regions.py
test_affinity_groups.py
test_network_acl.py
test_pvlan.py
test_volumes.py
test_nic.py
test_deploy_vm_root_resize.py
test_resource_detail.py
test_secondary_storage.py
test_routers_network_ops.py
test_disk_offerings.py
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by rhtyd <gi...@git.apache.org>.
Github user rhtyd commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@sudhansu7 can you share component tests results for `component/test_templates.py` in your env? You may need to modified expected exception description in this test: https://github.com/apache/cloudstack/commit/0cb60a72fea2a216b5e3f6b0d769878b76a3eb03#diff-6d5b393d9c0b364be876fbad5541b09fR652
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by borisstoyanov <gi...@git.apache.org>.
Github user borisstoyanov commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@rhtyd I'll restart the testing since I noticed the job failed in Trillian
```
10:06:40 PLAY [cloudstack_manager_hosts] ************************************************
10:06:41
10:06:41 TASK [timezone : wait for ssh] *************************************************
10:13:24 fatal: [pr1763-t623-kvm-centos7-mgmt1 -> localhost]: FAILED! => {"changed": false, "elapsed": 401, "failed": true, "msg": "Timeout when waiting for 10.2.2.23:22"}
10:13:24
10:13:24 NO MORE HOSTS LEFT *************************************************************
10:13:24 [WARNING]: Could not create retry file 'deployvms.retry'. [Errno 2] No
```
@blueorangutan test
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by jburwell <gi...@git.apache.org>.
Github user jburwell commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@rhtyd can you investigate why the fix for this issue in 4.5 was not pulled forward? For traceability purposes, it would be preferable to forward merge the fix than commit a new version of it.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by blueorangutan <gi...@git.apache.org>.
Github user blueorangutan commented on the issue:
https://github.com/apache/cloudstack/pull/1763
Packaging result: \u2714centos6 \u2714centos7 \u2714debian. JID-168
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by rhtyd <gi...@git.apache.org>.
Github user rhtyd commented on the issue:
https://github.com/apache/cloudstack/pull/1763
Merging this based on code review and test results.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by rhtyd <gi...@git.apache.org>.
Github user rhtyd commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@blueorangutan test
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by abhinandanprateek <gi...@git.apache.org>.
Github user abhinandanprateek commented on the issue:
https://github.com/apache/cloudstack/pull/1763
LGTM on code review
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by blueorangutan <gi...@git.apache.org>.
Github user blueorangutan commented on the issue:
https://github.com/apache/cloudstack/pull/1763
<b>Trillian test result (tid-625)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 26317 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr1763-t625-kvm-centos7.zip
Test completed. 42 look ok, 1 have error(s)
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_04_extract_Iso | `Error` | 5.92 | test_iso.py
test_01_vpc_site2site_vpn | Success | 135.27 | test_vpc_vpn.py
test_01_vpc_remote_access_vpn | Success | 61.77 | test_vpc_vpn.py
test_01_redundant_vpc_site2site_vpn | Success | 272.31 | test_vpc_vpn.py
test_02_VPC_default_routes | Success | 298.18 | test_vpc_router_nics.py
test_01_VPC_nics_after_destroy | Success | 618.04 | test_vpc_router_nics.py
test_05_rvpc_multi_tiers | Success | 517.90 | test_vpc_redundant.py
test_04_rvpc_network_garbage_collector_nics | Success | 1446.17 | test_vpc_redundant.py
test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers | Success | 568.61 | test_vpc_redundant.py
test_02_redundant_VPC_default_routes | Success | 761.93 | test_vpc_redundant.py
test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL | Success | 1316.27 | test_vpc_redundant.py
test_09_delete_detached_volume | Success | 15.81 | test_volumes.py
test_08_resize_volume | Success | 15.57 | test_volumes.py
test_07_resize_fail | Success | 20.53 | test_volumes.py
test_06_download_detached_volume | Success | 15.34 | test_volumes.py
test_05_detach_volume | Success | 100.32 | test_volumes.py
test_04_delete_attached_volume | Success | 10.28 | test_volumes.py
test_03_download_attached_volume | Success | 15.39 | test_volumes.py
test_02_attach_volume | Success | 43.84 | test_volumes.py
test_01_create_volume | Success | 683.52 | test_volumes.py
test_deploy_vm_multiple | Success | 279.61 | test_vm_life_cycle.py
test_deploy_vm | Success | 0.03 | test_vm_life_cycle.py
test_advZoneVirtualRouter | Success | 0.02 | test_vm_life_cycle.py
test_10_attachAndDetach_iso | Success | 26.89 | test_vm_life_cycle.py
test_09_expunge_vm | Success | 125.26 | test_vm_life_cycle.py
test_08_migrate_vm | Success | 36.27 | test_vm_life_cycle.py
test_07_restore_vm | Success | 0.13 | test_vm_life_cycle.py
test_06_destroy_vm | Success | 125.99 | test_vm_life_cycle.py
test_03_reboot_vm | Success | 126.34 | test_vm_life_cycle.py
test_02_start_vm | Success | 10.19 | test_vm_life_cycle.py
test_01_stop_vm | Success | 35.37 | test_vm_life_cycle.py
test_CreateTemplateWithDuplicateName | Success | 80.93 | test_templates.py
test_08_list_system_templates | Success | 0.03 | test_templates.py
test_07_list_public_templates | Success | 0.03 | test_templates.py
test_05_template_permissions | Success | 0.06 | test_templates.py
test_04_extract_template | Success | 5.34 | test_templates.py
test_03_delete_template | Success | 5.13 | test_templates.py
test_02_edit_template | Success | 90.09 | test_templates.py
test_01_create_template | Success | 61.13 | test_templates.py
test_10_destroy_cpvm | Success | 161.70 | test_ssvm.py
test_09_destroy_ssvm | Success | 163.28 | test_ssvm.py
test_08_reboot_cpvm | Success | 101.72 | test_ssvm.py
test_07_reboot_ssvm | Success | 134.31 | test_ssvm.py
test_06_stop_cpvm | Success | 131.84 | test_ssvm.py
test_05_stop_ssvm | Success | 133.93 | test_ssvm.py
test_04_cpvm_internals | Success | 1.35 | test_ssvm.py
test_03_ssvm_internals | Success | 4.41 | test_ssvm.py
test_02_list_cpvm_vm | Success | 0.12 | test_ssvm.py
test_01_list_sec_storage_vm | Success | 0.14 | test_ssvm.py
test_01_snapshot_root_disk | Success | 16.33 | test_snapshots.py
test_04_change_offering_small | Success | 210.20 | test_service_offerings.py
test_03_delete_service_offering | Success | 0.12 | test_service_offerings.py
test_02_edit_service_offering | Success | 0.21 | test_service_offerings.py
test_01_create_service_offering | Success | 0.10 | test_service_offerings.py
test_02_sys_template_ready | Success | 0.21 | test_secondary_storage.py
test_01_sys_vm_start | Success | 0.28 | test_secondary_storage.py
test_09_reboot_router | Success | 55.66 | test_routers.py
test_08_start_router | Success | 40.48 | test_routers.py
test_07_stop_router | Success | 10.19 | test_routers.py
test_06_router_advanced | Success | 0.05 | test_routers.py
test_05_router_basic | Success | 0.04 | test_routers.py
test_04_restart_network_wo_cleanup | Success | 5.74 | test_routers.py
test_03_restart_network_cleanup | Success | 65.68 | test_routers.py
test_02_router_internal_adv | Success | 1.10 | test_routers.py
test_01_router_internal_basic | Success | 0.58 | test_routers.py
test_router_dhcphosts | Success | 256.23 | test_router_dhcphosts.py
test_router_dhcp_opts | Success | 24.14 | test_router_dhcphosts.py
test_01_updatevolumedetail | Success | 5.35 | test_resource_detail.py
test_01_reset_vm_on_reboot | Success | 132.63 | test_reset_vm_on_reboot.py
test_createRegion | Success | 0.15 | test_regions.py
test_create_pvlan_network | Success | 5.62 | test_pvlan.py
test_dedicatePublicIpRange | Success | 1.16 | test_public_ip_range.py
test_04_rvpc_privategw_static_routes | Success | 545.03 | test_privategw_acl.py
test_03_vpc_privategw_restart_vpc_cleanup | Success | 510.39 | test_privategw_acl.py
test_02_vpc_privategw_static_routes | Success | 353.45 | test_privategw_acl.py
test_01_vpc_privategw_acl | Success | 84.23 | test_privategw_acl.py
test_01_primary_storage_nfs | Success | 35.99 | test_primary_storage.py
test_createPortablePublicIPRange | Success | 15.24 | test_portable_publicip.py
test_createPortablePublicIPAcquire | Success | 15.55 | test_portable_publicip.py
test_isolate_network_password_server | Success | 87.37 | test_password_server.py
test_UpdateStorageOverProvisioningFactor | Success | 0.15 | test_over_provisioning.py
test_extendPhysicalNetworkVlan | Success | 15.40 | test_non_contigiousvlan.py
test_01_nic | Success | 699.70 | test_nic.py
test_releaseIP | Success | 150.25 | test_network.py
test_reboot_router | Success | 404.07 | test_network.py
test_public_ip_user_account | Success | 10.53 | test_network.py
test_public_ip_admin_account | Success | 40.44 | test_network.py
test_network_rules_acquired_public_ip_3_Load_Balancer_Rule | Success | 67.05 | test_network.py
test_network_rules_acquired_public_ip_2_nat_rule | Success | 62.07 | test_network.py
test_network_rules_acquired_public_ip_1_static_nat_rule | Success | 124.31 | test_network.py
test_delete_account | Success | 300.42 | test_network.py
test_02_port_fwd_on_non_src_nat | Success | 56.40 | test_network.py
test_01_port_fwd_on_src_nat | Success | 112.56 | test_network.py
test_nic_secondaryip_add_remove | Success | 237.60 | test_multipleips_per_nic.py
login_test_saml_user | Success | 31.13 | test_login.py
test_assign_and_removal_lb | Success | 133.78 | test_loadbalance.py
test_02_create_lb_rule_non_nat | Success | 187.80 | test_loadbalance.py
test_01_create_lb_rule_src_nat | Success | 188.43 | test_loadbalance.py
test_07_list_default_iso | Success | 0.24 | test_iso.py
test_05_iso_permissions | Success | 0.11 | test_iso.py
test_03_delete_iso | Success | 95.26 | test_iso.py
test_02_edit_iso | Success | 0.10 | test_iso.py
test_01_create_iso | Success | 24.79 | test_iso.py
test_04_rvpc_internallb_haproxy_stats_on_all_interfaces | Success | 328.09 | test_internal_lb.py
test_03_vpc_internallb_haproxy_stats_on_all_interfaces | Success | 206.76 | test_internal_lb.py
test_02_internallb_roundrobin_1RVPC_3VM_HTTP_port80 | Success | 594.52 | test_internal_lb.py
test_01_internallb_roundrobin_1VPC_3VM_HTTP_port80 | Success | 497.16 | test_internal_lb.py
test_dedicateGuestVlanRange | Success | 10.53 | test_guest_vlan_range.py
test_UpdateConfigParamWithScope | Success | 0.63 | test_global_settings.py
test_04_create_fat_type_disk_offering | Success | 0.11 | test_disk_offerings.py
test_03_delete_disk_offering | Success | 0.05 | test_disk_offerings.py
test_02_edit_disk_offering | Success | 0.07 | test_disk_offerings.py
test_02_create_sparse_type_disk_offering | Success | 0.10 | test_disk_offerings.py
test_01_create_disk_offering | Success | 0.24 | test_disk_offerings.py
test_deployvm_userdispersing | Success | 32.37 | test_deploy_vms_with_varied_deploymentplanners.py
test_deployvm_userconcentrated | Success | 72.16 | test_deploy_vms_with_varied_deploymentplanners.py
test_deployvm_firstfit | Success | 76.47 | test_deploy_vms_with_varied_deploymentplanners.py
test_deployvm_userdata_post | Success | 11.41 | test_deploy_vm_with_userdata.py
test_deployvm_userdata | Success | 93.40 | test_deploy_vm_with_userdata.py
test_02_deploy_vm_root_resize | Success | 7.39 | test_deploy_vm_root_resize.py
test_01_deploy_vm_root_resize | Success | 11.16 | test_deploy_vm_root_resize.py
test_00_deploy_vm_root_resize | Success | 293.40 | test_deploy_vm_root_resize.py
test_deploy_vm_from_iso | Success | 241.03 | test_deploy_vm_iso.py
test_DeployVmAntiAffinityGroup | Success | 126.81 | test_affinity_groups.py
test_03_delete_vm_snapshots | Skipped | 0.00 | test_vm_snapshots.py
test_02_revert_vm_snapshots | Skipped | 0.00 | test_vm_snapshots.py
test_01_test_vm_volume_snapshot | Skipped | 0.00 | test_vm_snapshots.py
test_01_create_vm_snapshots | Skipped | 0.00 | test_vm_snapshots.py
test_06_copy_template | Skipped | 0.00 | test_templates.py
test_01_scale_vm | Skipped | 0.00 | test_scale_vm.py
test_01_primary_storage_iscsi | Skipped | 0.04 | test_primary_storage.py
test_06_copy_iso | Skipped | 0.00 | test_iso.py
test_deploy_vgpu_enabled_vm | Skipped | 0.01 | test_deploy_vgpu_enabled_vm.py
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by blueorangutan <gi...@git.apache.org>.
Github user blueorangutan commented on the issue:
https://github.com/apache/cloudstack/pull/1763
Packaging result: \u2716centos6 \u2714centos7 \u2714debian. JID-355
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by abhinandanprateek <gi...@git.apache.org>.
Github user abhinandanprateek commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@sudhansu7 can you update on CLOUDSTACK-9376, were you able to check/test ?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1763: CLOUDSTACK-9594: API "list templates templatefilter=...
Posted by sudhansu7 <gi...@git.apache.org>.
Github user sudhansu7 commented on the issue:
https://github.com/apache/cloudstack/pull/1763
@abhinandanprateek
Below is test scenario and result. I have also reverted the changes introduced in CLOUDSTACK-9376.
Test Scenario:
Domain: SUDDOMAIN
Domain Admin: sudadmin
Registered a template Debian.
```
{
"account": "sudadmin",
"checksum": "e87a6d7291b999c92baa9623c9c3c207",
"created": "2016-11-10T17:18:00-0500",
"crossZones": false,
"details": {
"hypervisortoolsversion": "xenserver61"
},
"displaytext": "Debian",
"domain": "SUDDOMAIN",
"domainid": "a350c00d-4048-4876-ae09-74ad4b7bb28c",
"format": "VHD",
"hypervisor": "XenServer",
"id": "51026d32-60ee-4e25-8ffd-3fa3c57fc14c",
"isdynamicallyscalable": false,
"isextractable": false,
"isfeatured": false,
"ispublic": false,
"isready": true,
"name": "Debian",
"ostypeid": "38c1fc84-a687-11e6-a8c8-06f654000053",
"ostypename": "Debian GNU/Linux 7(64-bit)",
"passwordenabled": false,
"size": 2621440000,
"sshkeyenabled": false,
"tags": [],
"templatetype": "USER",
"zoneid": "25fa5b74-d4c2-4bad-8e3a-ceffcd10985e",
"zonename": "z1"
}
```
Domain: SUDDOMAIN1
Domain Admin user: sudadmin1
No template resigtered.
normal user: suduser1
Registed a template 'debian-user'
```
{
"account": "suduser1",
"checksum": "b118393ea4a86c494669d915d8a788cf",
"created": "2016-12-06T16:20:57-0500",
"crossZones": false,
"details": {
"hypervisortoolsversion": "xenserver61"
},
"displaytext": "debian-user",
"domain": "SUDDOMAIN1",
"domainid": "204c25e0-307e-4cf9-974c-e6aca6cc5257",
"format": "VHD",
"hypervisor": "XenServer",
"id": "696fcbf5-5644-44a2-a0b4-88d131bb70cb",
"isdynamicallyscalable": false,
"isextractable": false,
"isfeatured": false,
"ispublic": false,
"isready": true,
"name": "debian-user",
"ostypeid": "38c1fc84-a687-11e6-a8c8-06f654000053",
"ostypename": "Debian GNU/Linux 7(64-bit)",
"passwordenabled": false,
"size": 2621440000,
"sshkeyenabled": false,
"tags": [],
"templatetype": "USER",
"zoneid": "25fa5b74-d4c2-4bad-8e3a-ceffcd10985e",
"zonename": "z1"
}
```
API results:
With (CLOUDSTACK-9376) for 4.5+. commit 0cb60a7:
http://10.147.59.107:8080/client/api?command=listTemplates&response=json&listAll=true&page=1&pagesize=200&templatefilter=self&_=1481042783138
{"listtemplatesresponse":{}}
Result: Domain admin does not have any templates and so no results.
http://10.147.59.107:8080/client/api?command=listTemplates&response=json&listAll=true&page=1&pagesize=200&templatefilter=all&_=1481042783138
{"listtemplatesresponse":{"uuidList":[],"errorcode":431,"cserrorcode":4350,"errortext":"Filter all can be specified by admin only"}}
Result: with templatefilter=all we are getting above error respose as expected. But with this domain admin does not have any visibility of templates resgistered under his domain.
With the current fix:
http://10.147.59.107:8080/client/api?command=listTemplates&response=json&listAll=true&page=1&pagesize=200&templatefilter=all&_=1481045782311
```
{
"listtemplatesresponse": {
"count": 2,
"template": [
{
"account": "system",
"checksum": "905cec879afd9c9d22ecc8036131a180",
"created": "2016-11-10T09:32:44-0500",
"crossZones": true,
"displaytext": "CentOS 5.6(64-bit) no GUI (XenServer)",
"domain": "ROOT",
"domainid": "383e0ea6-a687-11e6-a8c8-06f654000053",
"format": "VHD",
"hypervisor": "XenServer",
"id": "38451a02-a687-11e6-a8c8-06f654000053",
"isdynamicallyscalable": true,
"isextractable": true,
"isfeatured": true,
"ispublic": true,
"isready": true,
"name": "CentOS 5.6(64-bit) no GUI (XenServer)",
"ostypeid": "38a2bfd6-a687-11e6-a8c8-06f654000053",
"ostypename": "CentOS 5.6 (64-bit)",
"passwordenabled": false,
"size": 21474836480,
"sshkeyenabled": false,
"tags": [],
"templatetype": "BUILTIN",
"zoneid": "25fa5b74-d4c2-4bad-8e3a-ceffcd10985e",
"zonename": "z1"
},
{
"account": "suduser1",
"checksum": "b118393ea4a86c494669d915d8a788cf",
"created": "2016-12-06T16:20:57-0500",
"crossZones": false,
"details": {
"hypervisortoolsversion": "xenserver61"
},
"displaytext": "debian-user",
"domain": "SUDDOMAIN1",
"domainid": "204c25e0-307e-4cf9-974c-e6aca6cc5257",
"format": "VHD",
"hypervisor": "XenServer",
"id": "696fcbf5-5644-44a2-a0b4-88d131bb70cb",
"isdynamicallyscalable": false,
"isextractable": false,
"isfeatured": false,
"ispublic": false,
"isready": true,
"name": "debian-user",
"ostypeid": "38c1fc84-a687-11e6-a8c8-06f654000053",
"ostypename": "Debian GNU/Linux 7(64-bit)",
"passwordenabled": false,
"size": 2621440000,
"sshkeyenabled": false,
"tags": [],
"templatetype": "USER",
"zoneid": "25fa5b74-d4c2-4bad-8e3a-ceffcd10985e",
"zonename": "z1"
}
]
}
}
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---