You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2022/12/20 11:39:13 UTC
[cloudstack] branch main updated: Allow root admin to deploy in VPCs in child domains (#6832)
This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new 575fffc097e Allow root admin to deploy in VPCs in child domains (#6832)
575fffc097e is described below
commit 575fffc097ed6787ec98bd616d1524ff163de669
Author: dahn <da...@onecht.net>
AuthorDate: Tue Dec 20 03:39:04 2022 -0800
Allow root admin to deploy in VPCs in child domains (#6832)
and make root admin permissions configurable
---
.../main/java/com/cloud/network/NetworkModel.java | 5 +-
.../java/com/cloud/network/NetworkModelImpl.java | 75 ++---
.../java/com/cloud/network/NetworkServiceImpl.java | 2 +-
.../java/com/cloud/network/NetworkModelTest.java | 18 ++
.../component/test_acl_sharednetwork.py | 311 ++++++++++-----------
.../src/main/java/com/cloud/utils/StringUtils.java | 20 +-
6 files changed, 230 insertions(+), 201 deletions(-)
diff --git a/api/src/main/java/com/cloud/network/NetworkModel.java b/api/src/main/java/com/cloud/network/NetworkModel.java
index fa44eac4a4a..9fd4fcb9862 100644
--- a/api/src/main/java/com/cloud/network/NetworkModel.java
+++ b/api/src/main/java/com/cloud/network/NetworkModel.java
@@ -89,9 +89,12 @@ public interface NetworkModel {
List<String> metadataFileNames = new ArrayList<>(Arrays.asList(SERVICE_OFFERING_FILE, AVAILABILITY_ZONE_FILE, LOCAL_HOSTNAME_FILE, LOCAL_IPV4_FILE, PUBLIC_HOSTNAME_FILE, PUBLIC_IPV4_FILE,
INSTANCE_ID_FILE, VM_ID_FILE, PUBLIC_KEYS_FILE, CLOUD_IDENTIFIER_FILE, HYPERVISOR_HOST_NAME_FILE));
- static final ConfigKey<Integer> MACIdentifier = new ConfigKey<Integer>("Advanced",Integer.class, "mac.identifier", "0",
+ static final ConfigKey<Integer> MACIdentifier = new ConfigKey<>("Advanced",Integer.class, "mac.identifier", "0",
"This value will be used while generating the mac addresses for isolated and shared networks. The hexadecimal equivalent value will be present at the 2nd octet of the mac address. Default value is null which means this feature is disabled.Its scope is global.", true, ConfigKey.Scope.Global);
+ static final ConfigKey<Boolean> AdminIsAllowedToDeployAnywhere = new ConfigKey<>("Advanced",Boolean.class, "admin.is.allowed.to.deploy.anywhere", "false",
+ "This will determine if the root admin is allowed to deploy in networks in subdomains.", true, ConfigKey.Scope.Global);
+
/**
* Lists IP addresses that belong to VirtualNetwork VLANs
*
diff --git a/server/src/main/java/com/cloud/network/NetworkModelImpl.java b/server/src/main/java/com/cloud/network/NetworkModelImpl.java
index d34a307c8e6..2367527fdc1 100644
--- a/server/src/main/java/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkModelImpl.java
@@ -147,6 +147,7 @@ import com.cloud.vm.dao.VMInstanceDao;
public class NetworkModelImpl extends ManagerBase implements NetworkModel, Configurable {
static final Logger s_logger = Logger.getLogger(NetworkModelImpl.class);
+ public static final String UNABLE_TO_USE_NETWORK = "Unable to use network with id= %s, permission denied";
@Inject
EntityManager _entityMgr;
@Inject
@@ -1665,39 +1666,49 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi
}
@Override
- public void checkNetworkPermissions(Account caller, Network network) {
- // dahn 20140310: I was thinking of making this an assert but
- // as we hardly ever test with asserts I think
- // we better make sure at runtime.
- if (network == null) {
- throw new CloudRuntimeException("cannot check permissions on (Network) <null>");
- }
- // Perform account permission check
- if (network.getGuestType() != GuestType.Shared || network.getAclType() == ACLType.Account) {
- AccountVO networkOwner = _accountDao.findById(network.getAccountId());
- if (networkOwner == null)
- throw new PermissionDeniedException("Unable to use network with id= " + ((NetworkVO)network).getUuid() +
- ", network does not have an owner");
- if (!Account.Type.PROJECT.equals(caller.getType()) && Account.Type.PROJECT.equals(networkOwner.getType())) {
- checkProjectNetworkPermissions(caller, networkOwner, network);
+ public final void checkNetworkPermissions(Account caller, Network network) {
+ if (_accountMgr.isRootAdmin(caller.getAccountId()) && Boolean.TRUE.equals(AdminIsAllowedToDeployAnywhere.value())) {
+ if (s_logger.isDebugEnabled()) {
+ s_logger.debug("root admin is permitted to do stuff on every network");
+ }
+ } else {
+ if (network == null) {
+ throw new CloudRuntimeException("cannot check permissions on (Network) <null>");
+ }
+ s_logger.info(String.format("Checking permission for account %s (%s) on network %s (%s)", caller.getAccountName(), caller.getUuid(), network.getName(), network.getUuid()));
+ if (network.getGuestType() != GuestType.Shared || network.getAclType() == ACLType.Account) {
+ checkAccountNetworkPermissions(caller, network);
+
} else {
- List<NetworkVO> networkMap = _networksDao.listBy(caller.getId(), network.getId());
- NetworkPermissionVO networkPermission = _networkPermissionDao.findByNetworkAndAccount(network.getId(), caller.getId());
- if (CollectionUtils.isEmpty(networkMap) && networkPermission == null) {
- throw new PermissionDeniedException("Unable to use network with id= " + ((NetworkVO)network).getUuid() +
- ", permission denied");
- }
+ checkDomainNetworkPermissions(caller, network);
}
+ }
+ }
+ private void checkAccountNetworkPermissions(Account caller, Network network) {
+ AccountVO networkOwner = _accountDao.findById(network.getAccountId());
+ if (networkOwner == null)
+ throw new PermissionDeniedException("Unable to use network with id= " + ((NetworkVO) network).getUuid() +
+ ", network does not have an owner");
+ if (!Account.Type.PROJECT.equals(caller.getType()) && Account.Type.PROJECT.equals(networkOwner.getType())) {
+ checkProjectNetworkPermissions(caller, networkOwner, network);
} else {
- if (!isNetworkAvailableInDomain(network.getId(), caller.getDomainId())) {
- DomainVO callerDomain = _domainDao.findById(caller.getDomainId());
- if (callerDomain == null) {
- throw new CloudRuntimeException("cannot check permission on account " + caller.getAccountName() + " whose domain does not exist");
- }
- throw new PermissionDeniedException("Shared network id=" + ((NetworkVO)network).getUuid() + " is not available in domain id=" +
- callerDomain.getUuid());
+ List<NetworkVO> networkMap = _networksDao.listBy(caller.getId(), network.getId());
+ NetworkPermissionVO networkPermission = _networkPermissionDao.findByNetworkAndAccount(network.getId(), caller.getId());
+ if (CollectionUtils.isEmpty(networkMap) && networkPermission == null) {
+ throw new PermissionDeniedException(String.format(UNABLE_TO_USE_NETWORK, ((NetworkVO) network).getUuid()));
+ }
+ }
+ }
+
+ private void checkDomainNetworkPermissions(Account caller, Network network) {
+ if (!isNetworkAvailableInDomain(network.getId(), caller.getDomainId())) {
+ DomainVO callerDomain = _domainDao.findById(caller.getDomainId());
+ if (callerDomain == null) {
+ throw new CloudRuntimeException("cannot check permission on account " + caller.getAccountName() + " whose domain does not exist");
}
+ throw new PermissionDeniedException("Shared network id=" + ((NetworkVO) network).getUuid() + " is not available in domain id=" +
+ callerDomain.getUuid());
}
}
@@ -1710,13 +1721,11 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi
ProjectAccount projectAccountUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
if (projectAccountUser != null) {
if (!_projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), networkOwner.getId())) {
- throw new PermissionDeniedException("Unable to use network with id= " + ((NetworkVO)network).getUuid() +
- ", permission denied");
+ throw new PermissionDeniedException(String.format(UNABLE_TO_USE_NETWORK, ((NetworkVO)network).getUuid()));
}
} else {
if (!_projectAccountDao.canAccessProjectAccount(owner.getAccountId(), networkOwner.getId())) {
- throw new PermissionDeniedException("Unable to use network with id= " + ((NetworkVO) network).getUuid() +
- ", permission denied");
+ throw new PermissionDeniedException(String.format(UNABLE_TO_USE_NETWORK, ((NetworkVO) network).getUuid()));
}
}
}
@@ -2663,7 +2672,7 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi
@Override
public ConfigKey<?>[] getConfigKeys() {
- return new ConfigKey<?>[] {MACIdentifier};
+ return new ConfigKey<?>[] {MACIdentifier, AdminIsAllowedToDeployAnywhere};
}
@Override
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index a6a6bc64faf..2cac85e9966 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1938,7 +1938,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
Boolean isSystem = cmd.getIsSystem();
String aclType = cmd.getAclType();
Long projectId = cmd.getProjectId();
- List<Long> permittedAccounts = new ArrayList<Long>();
+ List<Long> permittedAccounts = new ArrayList<>();
String path = null;
Long physicalNetworkId = cmd.getPhysicalNetworkId();
List<String> supportedServicesStr = cmd.getSupportedServices();
diff --git a/server/src/test/java/com/cloud/network/NetworkModelTest.java b/server/src/test/java/com/cloud/network/NetworkModelTest.java
index b52335035fd..dd4de3b460f 100644
--- a/server/src/test/java/com/cloud/network/NetworkModelTest.java
+++ b/server/src/test/java/com/cloud/network/NetworkModelTest.java
@@ -33,6 +33,7 @@ import java.util.Collections;
import java.util.List;
import java.util.Set;
+import com.cloud.user.AccountManager;
import org.apache.cloudstack.network.NetworkPermissionVO;
import org.apache.cloudstack.network.dao.NetworkPermissionDao;
import org.junit.Before;
@@ -114,6 +115,8 @@ public class NetworkModelTest {
private DomainDao domainDao;
@Mock
private ProjectDao projectDao;
+ @Mock
+ private AccountManager _accountMgr;
private static final long ZONE_1_ID = 1L;
private static final long ZONE_2_ID = 2L;
@@ -307,6 +310,21 @@ public class NetworkModelTest {
networkModel.checkNetworkPermissions(caller, network);
}
+ @Test
+ public void testCheckNetworkPermissionsForAdmin() {
+ long accountId = 1L;
+ AccountVO caller = mock(AccountVO.class);
+ when(caller.getId()).thenReturn(accountId);
+ when(caller.getType()).thenReturn(Account.Type.ADMIN);
+ NetworkVO network = mock(NetworkVO.class);
+ when(network.getGuestType()).thenReturn(Network.GuestType.Isolated);
+ when(network.getAccountId()).thenReturn(accountId);
+ when(accountDao.findById(accountId)).thenReturn(caller);
+ when(networkDao.listBy(caller.getId(), network.getId())).thenReturn(List.of(network));
+ when(networkPermissionDao.findByNetworkAndAccount(network.getId(), caller.getId())).thenReturn(mock(NetworkPermissionVO.class));
+ networkModel.checkNetworkPermissions(caller, network);
+ }
+
@Test(expected = CloudRuntimeException.class)
public void testCheckNetworkPermissionsNullNetwork() {
AccountVO caller = mock(AccountVO.class);
diff --git a/test/integration/component/test_acl_sharednetwork.py b/test/integration/component/test_acl_sharednetwork.py
index 42f4a899e12..2d538f6c6f9 100644
--- a/test/integration/component/test_acl_sharednetwork.py
+++ b/test/integration/component/test_acl_sharednetwork.py
@@ -59,7 +59,7 @@ class TestSharedNetwork(cloudstackTestCase):
cls.acldata = cls.testdata["acl"]
cls.domain_1 = None
cls.domain_2 = None
- cls.cleanup = []
+ cls._cleanup = []
try:
@@ -72,25 +72,30 @@ class TestSharedNetwork(cloudstackTestCase):
cls.apiclient,
cls.acldata["domain1"]
)
+ cls._cleanup.append(cls.domain_1)
cls.domain_11 = Domain.create(
cls.apiclient,
cls.acldata["domain11"],
parentdomainid=cls.domain_1.id
)
+ cls._cleanup.append(cls.domain_11)
cls.domain_111 = Domain.create(
cls.apiclient,
cls.acldata["domain111"],
parentdomainid=cls.domain_11.id,
)
+ cls._cleanup.append(cls.domain_111)
cls.domain_12 = Domain.create(
cls.apiclient,
cls.acldata["domain12"],
parentdomainid=cls.domain_1.id
)
+ cls._cleanup.append(cls.domain_12)
cls.domain_2 = Domain.create(
cls.apiclient,
cls.acldata["domain2"]
)
+ cls._cleanup.append(cls.domain_2)
# Create 1 admin account and 2 user accounts for doamin_1
cls.account_d1 = Account.create(
cls.apiclient,
@@ -98,6 +103,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=True,
domainid=cls.domain_1.id
)
+ cls._cleanup.append(cls.account_d1)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d1)
cls.user_d1_apikey = user.apikey
@@ -109,6 +115,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_1.id
)
+ cls._cleanup.append(cls.account_d1a)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d1a)
cls.user_d1a_apikey = user.apikey
cls.user_d1a_secretkey = user.secretkey
@@ -120,6 +127,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_1.id
)
+ cls._cleanup.append(cls.account_d1b)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d1b)
cls.user_d1b_apikey = user.apikey
@@ -132,6 +140,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=True,
domainid=cls.domain_11.id
)
+ cls._cleanup.append(cls.account_d11)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d11)
cls.user_d11_apikey = user.apikey
cls.user_d11_secretkey = user.secretkey
@@ -142,6 +151,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_11.id
)
+ cls._cleanup.append(cls.account_d11a)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d11a)
cls.user_d11a_apikey = user.apikey
cls.user_d11a_secretkey = user.secretkey
@@ -152,6 +162,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_11.id
)
+ cls._cleanup.append(cls.account_d11b)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d11b)
cls.user_d11b_apikey = user.apikey
cls.user_d11b_secretkey = user.secretkey
@@ -164,6 +175,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=True,
domainid=cls.domain_111.id
)
+ cls._cleanup.append(cls.account_d111)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d111)
cls.user_d111_apikey = user.apikey
cls.user_d111_secretkey = user.secretkey
@@ -174,6 +186,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_111.id
)
+ cls._cleanup.append(cls.account_d111a)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d111a)
cls.user_d111a_apikey = user.apikey
cls.user_d111a_secretkey = user.secretkey
@@ -184,6 +197,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_111.id
)
+ cls._cleanup.append(cls.account_d111b)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d111b)
cls.user_d111b_apikey = user.apikey
cls.user_d111b_secretkey = user.secretkey
@@ -195,6 +209,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_12.id
)
+ cls._cleanup.append(cls.account_d12a)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d12a)
cls.user_d12a_apikey = user.apikey
cls.user_d12a_secretkey = user.secretkey
@@ -205,6 +220,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_12.id
)
+ cls._cleanup.append(cls.account_d12b)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d12b)
cls.user_d12b_apikey = user.apikey
@@ -218,6 +234,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_2.id
)
+ cls._cleanup.append(cls.account_d2a)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d2a)
cls.user_d2a_apikey = user.apikey
@@ -231,6 +248,7 @@ class TestSharedNetwork(cloudstackTestCase):
cls.acldata["accountROOTA"],
admin=False,
)
+ cls._cleanup.append(cls.account_roota)
user = cls.generateKeysForUser(cls.apiclient,cls.account_roota)
cls.user_roota_apikey = user.apikey
@@ -241,6 +259,7 @@ class TestSharedNetwork(cloudstackTestCase):
cls.acldata["accountROOTA"],
admin=True,
)
+ cls._cleanup.append(cls.account_root)
user = cls.generateKeysForUser(cls.apiclient,cls.account_root)
cls.user_root_apikey = user.apikey
@@ -251,6 +270,7 @@ class TestSharedNetwork(cloudstackTestCase):
cls.apiclient,
cls.acldata["service_offering"]["small"]
)
+ cls._cleanup.append(cls.service_offering)
cls.zone = get_zone(cls.apiclient,cls.testclient.getZoneForTests())
cls.acldata['mode'] = cls.zone.networktype
@@ -279,6 +299,7 @@ class TestSharedNetwork(cloudstackTestCase):
networkofferingid=cls.shared_network_offering_id,
zoneid=cls.zone.id
)
+ cls._cleanup.append(cls.shared_network_all)
cls.shared_network_domain_d11 = Network.create(
cls.apiclient,
@@ -288,6 +309,7 @@ class TestSharedNetwork(cloudstackTestCase):
domainid=cls.domain_11.id,
subdomainaccess=False
)
+ cls._cleanup.append(cls.shared_network_domain_d11)
cls.shared_network_domain_with_subdomain_d11 = Network.create(
cls.apiclient,
@@ -297,6 +319,7 @@ class TestSharedNetwork(cloudstackTestCase):
domainid=cls.domain_11.id,
subdomainaccess=True
)
+ cls._cleanup.append(cls.shared_network_domain_with_subdomain_d11)
cls.shared_network_account_d111a = Network.create(
cls.apiclient,
@@ -306,40 +329,35 @@ class TestSharedNetwork(cloudstackTestCase):
domainid=cls.domain_111.id,
accountid=cls.account_d111a.user[0].username
)
+ cls._cleanup.append(cls.shared_network_account_d111a)
cls.vmdata = {"name": "test",
"displayname" : "test"
}
- cls.cleanup = [
- cls.account_root,
- cls.account_roota,
- cls.shared_network_all,
- cls.service_offering,
- ]
except Exception as e:
- cls.domain_1.delete(cls.apiclient,cleanup="true")
- cls.domain_2.delete(cls.apiclient,cleanup="true")
- cleanup_resources(cls.apiclient, cls.cleanup)
- raise Exception("Failed to create the setup required to execute the test cases: %s" % e)
+ cls.tearDownClass()
+ raise Exception("Failed to create the setup required to execute the test cases: %s" % e)
@classmethod
def tearDownClass(cls):
- cls.apiclient = super(TestSharedNetwork, cls).getClsTestClient().getApiClient()
cls.apiclient.connection.apiKey = cls.default_apikey
cls.apiclient.connection.securityKey = cls.default_secretkey
cls.domain_1.delete(cls.apiclient,cleanup="true")
cls.domain_2.delete(cls.apiclient,cleanup="true")
cleanup_resources(cls.apiclient, cls.cleanup)
- return
+# super(TestSharedNetwork, cls).tearDownClass()
- def setUp(cls):
- cls.apiclient = cls.testClient.getApiClient()
- cls.dbclient = cls.testClient.getDbConnection()
+ def setUp(self):
+ self.debug(f"===setup===")
+ self.apiclient = self.testClient.getApiClient()
+ self.dbclient = self.testClient.getDbConnection()
+ self.cleanup = []
- def tearDown(cls):
+ def tearDown(self):
# restore back default apikey and secretkey
- cls.apiclient.connection.apiKey = cls.default_apikey
- cls.apiclient.connection.securityKey = cls.default_secretkey
- return
+ self.apiclient.connection.apiKey = self.default_apikey
+ self.apiclient.connection.securityKey = self.default_secretkey
+ self.debug(f"===tearDown=== cleanup list length {self.cleanup.len()}")
+ super(TestSharedNetwork, self).tearDown()
## Test cases relating to deploying Virtual Machine in shared network with scope=all
@@ -355,7 +373,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD1A"]["name"] +"-shared-scope-all"
self.vmdata["displayname"] = self.acldata["vmD1A"]["displayname"] +"-shared-scope-all"
- vm_d1a = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -363,17 +381,16 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_all.id
)
+ self.cleanup.append(vm)
- self.assertEqual(vm_d1a.state == "Running",
+ self.assertEqual(vm.state == "Running",
True,
"User in a domain under ROOT failed to deploy VM in a shared network with scope=all")
-
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_all_domainadminuser(self):
"""
Validate that regular user in "ROOT" domain is allowed to deploy VM in a shared network created with scope="all"
-
"""
# deploy VM as an admin user in a domain under ROOT
@@ -390,25 +407,24 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_all.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
"Admin User in a domain under ROOT failed to deploy VM in a shared network with scope=all")
-
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_all_subdomainuser(self):
"""
Validate that regular user in any subdomain is allowed to deploy VM in a shared network created with scope="all"
"""
-
# deploy VM as user in a subdomain under ROOT
self.apiclient.connection.apiKey = self.user_d11a_apikey
self.apiclient.connection.securityKey = self.user_d11a_secretkey
self.vmdata["name"] = self.acldata["vmD11A"]["name"] +"-shared-scope-all"
self.vmdata["displayname"] = self.acldata["vmD11A"]["displayname"] +"-shared-scope-all"
- vm_d11a = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -416,8 +432,9 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_all.id
)
+ self.cleanup.append(vm)
- self.assertEqual(vm_d11a.state == "Running",
+ self.assertEqual(vm.state == "Running",
True,
"User in a domain under ROOT failed to deploy VM in a shared network with scope=all")
@@ -425,7 +442,6 @@ class TestSharedNetwork(cloudstackTestCase):
def test_deployVM_in_sharedNetwork_scope_all_subdomainadminuser(self):
"""
Validate that regular user in a subdomain under ROOT is allowed to deploy VM in a shared network created with scope="all"
-
"""
# deploy VM as an admin user in a subdomain under ROOT
@@ -441,17 +457,16 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_all.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
"Admin User in a domain under ROOT failed to deploy VM in a shared network with scope=all")
-
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_all_ROOTuser(self):
"""
Validate that regular user in ROOT domain is allowed to deploy VM in a shared network created with scope="all"
-
"""
# deploy VM as user in ROOT domain
@@ -467,6 +482,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_all.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -491,6 +507,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_all.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -503,7 +520,6 @@ class TestSharedNetwork(cloudstackTestCase):
"""
Validate that regular user in a domain is allowed to deploy VM in a shared network created with scope="domain" and no subdomain access
"""
-
# deploy VM as user in a domain that has shared network with no subdomain access
self.apiclient.connection.apiKey = self.user_d11a_apikey
@@ -519,17 +535,16 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
"User in a domain that has a shared network with no subdomain access failed to deploy VM in a shared network with scope=domain with no subdomain access")
-
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_domainadminuser(self):
"""
Validate that admin user in a domain is allowed to deploy VM in a shared network created with scope="domain" and no subdomain access
-
"""
#deploy VM as an admin user in a domain that has shared network with no subdomain access
@@ -546,6 +561,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -555,7 +571,6 @@ class TestSharedNetwork(cloudstackTestCase):
def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_subdomainuser(self):
"""
Validate that regular user in a subdomain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access
-
"""
# deploy VM as user in a subdomain under a domain that has shared network with no subdomain access
@@ -564,7 +579,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD111A"]["name"] +"-shared-scope-domain-nosubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD111A"]["displayname"] +"-shared-scope-domain-nosubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -572,17 +587,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
- self.fail("Subdomain user is able to deploy VM in a shared network with scope=domain with no subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("Subdomain user is able to deploy VM in a shared network with scope=domain with no subdomain access ")
except Exception as e:
- self.debug ("When a user from a subdomain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when Subdomain user tries to deploy VM in a shared network with scope=domain with no subdomain access")
+ self.debug ("When a user from a subdomain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when Subdomain user tries to deploy VM in a shared network with scope=domain with no subdomain access")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_subdomainadminuser(self):
"""
Validate that admin user in a subdomain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access
-
"""
# deploy VM as an admin user in a subdomain under a domain that has shared network with no subdomain access
@@ -591,7 +606,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD111"]["name"] +"-shared-scope-domain-nosubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD111"]["displayname"] +"-shared-scope-domain-nosubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -599,19 +614,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
- self.fail("Subdomain admin user is able to deploy VM in a shared network with scope=domain with no subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("Subdomain admin user is able to deploy VM in a shared network with scope=domain with no subdomain access ")
except Exception as e:
- self.debug ("When a admin user from a subdomain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when Subdomain admin user tries to deploy VM in a shared network with scope=domain with no subdomain access")
-
-
+ self.debug ("When a admin user from a subdomain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when Subdomain admin user tries to deploy VM in a shared network with scope=domain with no subdomain access")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_parentdomainuser(self):
"""
Validate that user in the parent domain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access
-
"""
# deploy VM as user in parentdomain of a domain that has shared network with no subdomain access
@@ -620,7 +633,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD1A"]["name"] +"-shared-scope-domain-nosubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD1A"]["displayname"] +"-shared-scope-domain-nosubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -628,18 +641,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
- self.fail("Parent domain user is able to deploy VM in a shared network with scope=domain with no subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("Parent domain user is able to deploy VM in a shared network with scope=domain with no subdomain access ")
except Exception as e:
- self.debug ("When a user from parent domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when Parent domain user tries to deploy VM in a shared network with scope=domain with no subdomain access")
-
+ self.debug ("When a user from parent domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when Parent domain user tries to deploy VM in a shared network with scope=domain with no subdomain access")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_parentdomainadminuser(self):
"""
Validate that admin user in the parent domain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access
-
"""
# deploy VM as an admin user in parentdomain of a domain that has shared network with no subdomain access
@@ -648,7 +660,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD1"]["name"] +"-shared-scope-domain-nosubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD1"]["displayname"] +"-shared-scope-domain-nosubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -656,20 +668,18 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
- self.fail("Parent domain's admin user is able to deploy VM in a shared network with scope=domain with no subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("Parent domain's admin user is able to deploy VM in a shared network with scope=domain with no subdomain access ")
except Exception as e:
- self.debug ("When an admin user from parent domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when Parent domain's admin user tries to deploy VM in a shared network with scope=domain with no subdomain access")
-
-
+ self.debug ("When an admin user from parent domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when Parent domain's admin user tries to deploy VM in a shared network with scope=domain with no subdomain access")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_ROOTuser(self):
"""
Validate that user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access
"""
-
# deploy VM as user in ROOT domain
self.apiclient.connection.apiKey = self.user_roota_apikey
@@ -677,7 +687,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmROOTA"]["name"] + "-shared-scope-domain-nosubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmROOTA"]["displayname"] + "-shared-scope-domain-nosubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -685,19 +695,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
- self.fail("ROOT domain's user is able to deploy VM in a shared network with scope=domain with no subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("ROOT domain's user is able to deploy VM in a shared network with scope=domain with no subdomain access ")
except Exception as e:
- self.debug ("When a regular user from ROOT domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when ROOT domain's user tries to deploy VM in a shared network with scope=domain with no subdomain access")
-
-
+ self.debug ("When a regular user from ROOT domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when ROOT domain's user tries to deploy VM in a shared network with scope=domain with no subdomain access")
- @attr("simulator_only",tags=["advanced"],required_hardware="false")
+ @attr("simulator_only",tags=["advanced", "bla"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_ROOTadmin(self):
"""
Validate that admin in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access
-
"""
# deploy VM as admin user in ROOT domain
@@ -706,21 +714,21 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmROOT"]["name"] + "-shared-scope-domain-nosubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmROOT"]["displayname"] + "-shared-scope-domain-nosubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
- networkids=self.shared_network_domain_d11.id
- )
- self.fail("ROOT domain's admin user is able to deploy VM in a shared network with scope=domain with no subdomain access ")
+ networkids=self.shared_network_domain_d11.id)
+ self.cleanup.append(vm)
+ vm.stop(self.apiclient, forced=True)
+ vm.assign_virtual_machine(self.apiclient, self.account_d11.name, self.domain_11.id)
+ self.fail("ROOT domain's admin user is able to deploy VM in a shared network with scope=domain with no subdomain access ")
except Exception as e:
- self.debug ("When a admin user from ROOT domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when ROOT domain's admin user tries to deploy VM in a shared network with scope=domain with no subdomain access")
-
-
+ self.debug ("When a admin user from ROOT domain deploys a VM in a shared network with scope=domain with no subdomain access %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when ROOT domain's admin user tries to deploy VM in a shared network with scope=domain with no subdomain access")
## Test cases relating to deploying Virtual Machine in shared network with scope=Domain and with subdomain access
@@ -728,7 +736,6 @@ class TestSharedNetwork(cloudstackTestCase):
def test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_domainuser(self):
"""
Validate that regular user in a domain is allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the domain
-
"""
# deploy VM as user in a domain that has shared network with subdomain access
@@ -745,18 +752,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
"User in a domain that has a shared network with subdomain access failed to deploy VM in a shared network with scope=domain with no subdomain access")
-
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_domainadminuser(self):
"""
Validate that admin user in a domain is allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the domain
"""
-
# deploy VM as an admin user in a domain that has shared network with subdomain access
self.apiclient.connection.apiKey = self.user_d11_apikey
@@ -772,6 +778,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -782,7 +789,6 @@ class TestSharedNetwork(cloudstackTestCase):
"""
Validate that regular user in a subdomain is allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the parent domain
"""
-
# deploy VM as user in a subdomain under a domain that has shared network with subdomain access
self.apiclient.connection.apiKey = self.user_d111a_apikey
@@ -797,6 +803,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -807,7 +814,6 @@ class TestSharedNetwork(cloudstackTestCase):
"""
Validate that an admin user in a subdomain is allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the parent domain
"""
-
# deploy VM as an admin user in a subdomain under a domain that has shared network with subdomain access
self.apiclient.connection.apiKey = self.user_d111_apikey
@@ -822,6 +828,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -832,7 +839,6 @@ class TestSharedNetwork(cloudstackTestCase):
"""
Validate that regular user in a parent domain is NOT allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the domain
"""
-
# deploy VM as user in parentdomain of a domain that has shared network with subdomain access
self.apiclient.connection.apiKey = self.user_d1a_apikey
@@ -840,7 +846,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD1A"]["name"] +"-shared-scope-domain-withsubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD1A"]["displayname"] +"-shared-scope-domain-withsubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -848,19 +854,18 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
- self.fail("Parent domain's user is able to deploy VM in a shared network with scope=domain with subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("Parent domain's user is able to deploy VM in a shared network with scope=domain with subdomain access ")
except Exception as e:
- self.debug ("When a user from parent domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when Parent domain's user tries to deploy VM in a shared network with scope=domain with subdomain access ")
-
+ self.debug ("When a user from parent domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when Parent domain's user tries to deploy VM in a shared network with scope=domain with subdomain access ")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_parentdomainadminuser(self):
"""
Validate that admin user in a parent domain is NOT allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for any domain
"""
-
# deploy VM as an admin user in parentdomain of a domain that has shared network with subdomain access
self.apiclient.connection.apiKey = self.user_d1_apikey
@@ -868,7 +873,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD1"]["name"] +"-shared-scope-domain-withsubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD1"]["displayname"] +"-shared-scope-domain-withsubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -876,20 +881,18 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
- self.fail("Parent domain's admin user is able to deploy VM in a shared network with scope=domain with subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("Parent domain's admin user is able to deploy VM in a shared network with scope=domain with subdomain access ")
except Exception as e:
- self.debug ("When an admin user from parent domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when Parent domain's admin user tries to deploy VM in a shared network with scope=domain with subdomain access")
-
-
+ self.debug ("When an admin user from parent domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when Parent domain's admin user tries to deploy VM in a shared network with scope=domain with subdomain access")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_ROOTuser(self):
"""
Validate that regular user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for any domain
"""
-
# deploy VM as user in ROOT domain
self.apiclient.connection.apiKey = self.user_roota_apikey
@@ -897,7 +900,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmROOTA"]["name"] + "-shared-scope-domain-withsubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmROOTA"]["displayname"] + "-shared-scope-domain-withsubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -905,19 +908,18 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
- self.fail("ROOT domain's user is able to deploy VM in a shared network with scope=domain with subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("ROOT domain's user is able to deploy VM in a shared network with scope=domain with subdomain access ")
except Exception as e:
- self.debug ("When a user from ROOT domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when ROOT domain's user tries to deploy VM in a shared network with scope=domain with subdomain access")
-
+ self.debug ("When a user from ROOT domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when ROOT domain's user tries to deploy VM in a shared network with scope=domain with subdomain access")
- @attr("simulator_only",tags=["advanced"],required_hardware="false")
+ @attr("simulator_only",tags=["advanced", "bla"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_ROOTadmin(self):
"""
Validate that admin user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for any domain
"""
-
# deploy VM as admin user in ROOT domain
self.apiclient.connection.apiKey = self.user_root_apikey
@@ -925,7 +927,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmROOT"]["name"] + "-shared-scope-domain-withsubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmROOT"]["displayname"] + "-shared-scope-domain-withsubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -933,13 +935,14 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
- self.fail("ROOT domain's admin user is able to deploy VM in a shared network with scope=domain with subdomain access ")
+ self.cleanup.append(vm)
+ vm.stop(self.apiclient, forced=True)
+ vm.assign_virtual_machine(self.apiclient, self.account_d11.name, self.domain_11.id)
+ self.fail("ROOT domain's admin user is able to deploy VM in a shared network with scope=domain with subdomain access ")
except Exception as e:
- self.debug ("When an admin user from ROOT domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when ROOT domain's admin user tries to deploy VM in a shared network with scope=domain with subdomain access")
-
-
+ self.debug ("When an admin user from ROOT domain deploys a VM in a shared network with scope=domain with subdomain access %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when ROOT domain's admin user tries to deploy VM in a shared network with scope=domain with subdomain access")
## Test cases relating to deploying Virtual Machine in shared network with scope=account
@@ -948,7 +951,6 @@ class TestSharedNetwork(cloudstackTestCase):
"""
Validate that any other user in same domain is NOT allowed to deploy VM in a shared network created with scope="account" for an account
"""
-
# deploy VM as user under the same domain but belonging to a different account from the acount that has a shared network with scope=account
self.apiclient.connection.apiKey = self.user_d111b_apikey
@@ -956,7 +958,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD111B"]["name"] +"-shared-scope-domain-withsubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD111B"]["displayname"] +"-shared-scope-domain-withsubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -964,19 +966,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_account_d111a.id
)
- self.fail("User from same domain but different account is able to deploy VM in a shared network with scope=account")
+ self.cleanup.append(vm)
+ self.fail("User from same domain but different account is able to deploy VM in a shared network with scope=account")
except Exception as e:
- self.debug ("When a user from same domain but different account deploys a VM in a shared network with scope=account %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
- self.fail("Error message validation failed when User from same domain but different account tries to deploy VM in a shared network with scope=account")
-
-
+ self.debug ("When a user from same domain but different account deploys a VM in a shared network with scope=account %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
+ self.fail("Error message validation failed when User from same domain but different account tries to deploy VM in a shared network with scope=account")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_account_domainadminuser(self):
"""
Validate that an admin user under the same domain but belonging to a different account is allowed to deploy VM in a shared network created with scope="account" for an account
-
"""
# deploy VM as admin user for a domain that has an account with shared network with scope=account
@@ -985,7 +985,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD111"]["name"] +"-shared-scope-domain-withsubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD111"]["displayname"] +"-shared-scope-domain-withsubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -993,19 +993,18 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_account_d111a.id
)
- self.fail("User from same domain but different account is able to deploy VM in a shared network with scope=account")
+ self.cleanup.append(vm)
+ self.fail("User from same domain but different account is able to deploy VM in a shared network with scope=account")
except Exception as e:
- self.debug ("When a user from same domain but different account deploys a VM in a shared network with scope=account %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
- self.fail("Error message validation failed when User from same domain but different account tries to deploy VM in a shared network with scope=account")
-
+ self.debug ("When a user from same domain but different account deploys a VM in a shared network with scope=account %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
+ self.fail("Error message validation failed when User from same domain but different account tries to deploy VM in a shared network with scope=account")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_account_user(self):
"""
Validate that regular user in the account is allowed to deploy VM in a shared network created with scope="account" for an account
"""
-
# deploy VM as account with shared network with scope=account
self.apiclient.connection.apiKey = self.user_d111a_apikey
@@ -1021,6 +1020,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_account_d111a.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -1031,7 +1031,6 @@ class TestSharedNetwork(cloudstackTestCase):
"""
Validate that regular user from a domain different from that of the account is NOT allowed to deploy VM in a shared network created with scope="account" for an account
"""
-
# deploy VM as a user in a subdomain under ROOT
self.apiclient.connection.apiKey = self.user_d2a_apikey
@@ -1039,7 +1038,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD2A"]["name"] +"-shared-scope-account"
self.vmdata["displayname"] = self.acldata["vmD2A"]["displayname"] +"-shared-scope-account"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -1047,19 +1046,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_account_d111a.id
)
- self.fail("User from different domain is able to deploy VM in a shared network with scope=account ")
+ self.cleanup.append(vm)
+ self.fail("User from different domain is able to deploy VM in a shared network with scope=account ")
except Exception as e:
- self.debug ("When a user from different domain deploys a VM in a shared network with scope=account %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
- self.fail("Error message validation failed when User from different domain tries to deploy VM in a shared network with scope=account")
-
-
+ self.debug ("When a user from different domain deploys a VM in a shared network with scope=account %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
+ self.fail("Error message validation failed when User from different domain tries to deploy VM in a shared network with scope=account")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_account_ROOTuser(self):
"""
Validate that user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="account" for an account
-
"""
# deploy VM as user in ROOT domain
@@ -1068,7 +1065,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmROOTA"]["name"] + "-shared-scope-account"
self.vmdata["displayname"] = self.acldata["vmROOTA"]["displayname"] + "-shared-scope-account"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -1076,19 +1073,18 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_account_d111a.id
)
- self.fail("ROOT domain's user is able to deploy VM in a shared network with scope=account ")
+ self.cleanup.append(vm)
+ self.fail("ROOT domain's user is able to deploy VM in a shared network with scope=account ")
except Exception as e:
- self.debug ("When a user from ROOT domain deploys a VM in a shared network with scope=account %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
- self.fail("Error message validation failed when ROOT domain's user tries to deploy VM in a shared network with scope=account ")
+ self.debug ("When a user from ROOT domain deploys a VM in a shared network with scope=account %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
+ self.fail("Error message validation failed when ROOT domain's user tries to deploy VM in a shared network with scope=account ")
-
- @attr("simulator_only",tags=["advanced"],required_hardware="false")
+ @attr("simulator_only",tags=["advanced", "bla"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_account_ROOTadmin(self):
"""
Validate that admin user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="account" for an account
"""
-
# deploy VM as admin user in ROOT domain
self.apiclient.connection.apiKey = self.user_root_apikey
@@ -1096,7 +1092,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmROOT"]["name"] + "-shared-scope-account"
self.vmdata["displayname"] = self.acldata["vmROOT"]["displayname"] + "-shared-scope-account"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -1104,11 +1100,14 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_account_d111a.id
)
- self.fail("ROOT domain's admin user is able to deploy VM in a shared network with scope=account ")
+ self.cleanup.append(vm)
+ vm.stop(self.apiclient, forced=True)
+ vm.assign_virtual_machine(self.apiclient, self.account_d111a.name, self.domain_111.id)
+ self.fail("ROOT domain's admin user is able to deploy VM in a shared network with scope=account ")
except Exception as e:
- self.debug ("When an admin user from ROOT domain deploys a VM in a shared network with scope=account %s" %e)
- if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
- self.fail("Error message validation failed when ROOT domain's admin user tries to deploy VM in a shared network with scope=account")
+ self.debug ("When an admin user from ROOT domain deploys a VM in a shared network with scope=account %s" %e)
+ if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
+ self.fail("Error message validation failed when ROOT domain's admin user tries to deploy VM in a shared network with scope=account")
diff --git a/utils/src/main/java/com/cloud/utils/StringUtils.java b/utils/src/main/java/com/cloud/utils/StringUtils.java
index 4bb48dacf11..817cb696ef4 100644
--- a/utils/src/main/java/com/cloud/utils/StringUtils.java
+++ b/utils/src/main/java/com/cloud/utils/StringUtils.java
@@ -249,16 +249,16 @@ public class StringUtils {
final boolean applyPagination = startIndex != null && pageSizeVal != null
&& startIndex <= Integer.MAX_VALUE && startIndex >= 0 && pageSizeVal <= Integer.MAX_VALUE
&& pageSizeVal > 0;
- List<T> listWPagination = null;
- if (applyPagination) {
- listWPagination = new ArrayList<>();
- final int index = startIndex.intValue() == 0 ? 0 : startIndex.intValue() / pageSizeVal.intValue();
- final List<List<T>> partitions = StringUtils.partitionList(originalList, pageSizeVal.intValue());
- if (index < partitions.size()) {
- listWPagination = partitions.get(index);
- }
- }
- return listWPagination;
+ List<T> listWPagination = null;
+ if (applyPagination) {
+ listWPagination = new ArrayList<>();
+ final int index = startIndex.intValue() == 0 ? 0 : startIndex.intValue() / pageSizeVal.intValue();
+ final List<List<T>> partitions = StringUtils.partitionList(originalList, pageSizeVal.intValue());
+ if (index < partitions.size()) {
+ listWPagination = partitions.get(index);
+ }
+ }
+ return listWPagination;
}
private static <T> List<List<T>> partitionList(final List<T> originalList, final int chunkSize) {