You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2014/02/05 00:39:31 UTC
[47/50] [abbrv] Merge branch 'master' into rbac
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f8437544/server/src/com/cloud/storage/VolumeApiServiceImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/storage/VolumeApiServiceImpl.java
index 1d78789,c856379..c763169
--- a/server/src/com/cloud/storage/VolumeApiServiceImpl.java
+++ b/server/src/com/cloud/storage/VolumeApiServiceImpl.java
@@@ -445,29 -445,31 +445,31 @@@ public class VolumeApiServiceImpl exten
return Transaction.execute(new TransactionCallback<VolumeVO>() {
@Override
public VolumeVO doInTransaction(TransactionStatus status) {
- VolumeVO volume = new VolumeVO(volumeName, zoneId, -1, -1, -1, new Long(-1), null, null, 0, Volume.Type.DATADISK);
- volume.setPoolId(null);
- volume.setDataCenterId(zoneId);
- volume.setPodId(null);
+ VolumeVO volume = new VolumeVO(volumeName, zoneId, -1, -1, -1, new Long(-1), null, null, 0, Volume.Type.DATADISK);
+ volume.setPoolId(null);
+ volume.setDataCenterId(zoneId);
+ volume.setPodId(null);
- volume.setAccountId(owner.getAccountId());
- volume.setDomainId(owner.getDomainId());
+ // to prevent a nullpointer deref I put the system account id here when no owner is given.
+ // TODO Decide if this is valid or whether throwing a CloudRuntimeException is more appropriate
+ volume.setAccountId((owner == null) ? Account.ACCOUNT_ID_SYSTEM : owner.getAccountId());
+ volume.setDomainId((owner == null) ? Domain.ROOT_DOMAIN : owner.getDomainId());
- long diskOfferingId = _diskOfferingDao.findByUniqueName("Cloud.com-Custom").getId();
- volume.setDiskOfferingId(diskOfferingId);
- // volume.setSize(size);
- volume.setInstanceId(null);
- volume.setUpdated(new Date());
- volume.setDomainId((owner == null) ? Domain.ROOT_DOMAIN : owner.getDomainId());
- volume.setFormat(ImageFormat.valueOf(format));
- volume = _volsDao.persist(volume);
- CallContext.current().setEventDetails("Volume Id: " + volume.getId());
-
- // Increment resource count during allocation; if actual creation fails,
- // decrement it
- _resourceLimitMgr.incrementResourceCount(volume.getAccountId(), ResourceType.volume);
- _resourceLimitMgr.incrementResourceCount(volume.getAccountId(), ResourceType.secondary_storage, UriUtils.getRemoteSize(url));
+ long diskOfferingId = _diskOfferingDao.findByUniqueName("Cloud.com-Custom").getId();
+ volume.setDiskOfferingId(diskOfferingId);
+ // volume.setSize(size);
+ volume.setInstanceId(null);
+ volume.setUpdated(new Date());
+ volume.setDomainId((owner == null) ? Domain.ROOT_DOMAIN : owner.getDomainId());
+ volume.setFormat(ImageFormat.valueOf(format));
+ volume = _volsDao.persist(volume);
+ CallContext.current().setEventDetails("Volume Id: " + volume.getId());
+
+ // Increment resource count during allocation; if actual creation fails,
+ // decrement it
+ _resourceLimitMgr.incrementResourceCount(volume.getAccountId(), ResourceType.volume);
+ _resourceLimitMgr.incrementResourceCount(volume.getAccountId(), ResourceType.secondary_storage, UriUtils.getRemoteSize(url));
- return volume;
- }
+ return volume;
+ }
});
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f8437544/server/src/com/cloud/tags/TaggedResourceManagerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f8437544/server/src/com/cloud/template/HypervisorTemplateAdapter.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/template/HypervisorTemplateAdapter.java
index 96e3fca,96bf9a3..3615c7a
--- a/server/src/com/cloud/template/HypervisorTemplateAdapter.java
+++ b/server/src/com/cloud/template/HypervisorTemplateAdapter.java
@@@ -393,20 -382,17 +393,22 @@@ public class HypervisorTemplateAdapter
// find all eligible image stores for this template
List<DataStore> iStores = templateMgr.getImageStoreByTemplate(template.getId(), null);
if (iStores == null || iStores.size() == 0) {
- // remove template from vm_templates table
- if (_tmpltDao.remove(template.getId())) {
+ // Mark template as Inactive.
+ template.setState(VirtualMachineTemplate.State.Inactive);
+ _tmpltDao.update(template.getId(), template);
+
- // Decrement the number of templates and total secondary storage
- // space used by the account
- Account account = _accountDao.findByIdIncludingRemoved(template.getAccountId());
- _resourceLimitMgr.decrementResourceCount(template.getAccountId(), ResourceType.template);
- _resourceLimitMgr.recalculateResourceCount(template.getAccountId(), account.getDomainId(), ResourceType.secondary_storage.getOrdinal());
+ // Decrement the number of templates and total secondary storage
+ // space used by the account
+ Account account = _accountDao.findByIdIncludingRemoved(template.getAccountId());
+ _resourceLimitMgr.decrementResourceCount(template.getAccountId(), ResourceType.template);
+ _resourceLimitMgr.recalculateResourceCount(template.getAccountId(), account.getDomainId(), ResourceType.secondary_storage.getOrdinal());
- }
+
}
+
+ // remove its related ACL permission
+ Pair<AclEntityType, Long> tmplt = new Pair<AclEntityType, Long>(AclEntityType.VirtualMachineTemplate, template.getId());
+ _messageBus.publish(_name, EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, PublishScope.LOCAL, tmplt);
+
}
return success;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f8437544/server/src/com/cloud/template/TemplateAdapterBase.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/template/TemplateAdapterBase.java
index d111a5d,e399912..f3c16ca
--- a/server/src/com/cloud/template/TemplateAdapterBase.java
+++ b/server/src/com/cloud/template/TemplateAdapterBase.java
@@@ -170,9 -175,15 +170,15 @@@ public abstract class TemplateAdapterBa
sshkeyEnabled = Boolean.FALSE;
}
- boolean isAdmin = _accountDao.findById(templateOwner.getId()).getType() == Account.ACCOUNT_TYPE_ADMIN;
+ boolean isAdmin = _accountMgr.isRootAdmin(templateOwner.getId());
+ boolean isRegionStore = false;
+ List<ImageStoreVO> stores = _imgStoreDao.findRegionImageStores();
+ if (stores != null && stores.size() > 0) {
+ isRegionStore = true;
+ }
- if (!isAdmin && zoneId == null) {
+ if (!isAdmin && zoneId == null && !isRegionStore ) {
+ // domain admin and user should also be able to register template on a region store
throw new InvalidParameterValueException("Please specify a valid zone Id.");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f8437544/server/src/com/cloud/template/TemplateManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/template/TemplateManagerImpl.java
index 55443fd,c2ce344..77dbbec
--- a/server/src/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/com/cloud/template/TemplateManagerImpl.java
@@@ -425,9 -425,9 +425,9 @@@ public class TemplateManagerImpl extend
if (isISO) {
desc = Upload.Type.ISO.toString();
}
- eventId = eventId == null ? 0 : eventId;
+ eventId = (eventId == null ? 0 : eventId);
- if (!_accountMgr.isRootAdmin(caller.getType()) && _disableExtraction) {
+ if (!_accountMgr.isRootAdmin(caller.getId()) && _disableExtraction) {
throw new PermissionDeniedException("Extraction has been disabled by admin");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f8437544/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/vm/UserVmManagerImpl.java
index 4b9eceb,7efea69..0089476
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@@ -3754,7 -3933,12 +3754,12 @@@ public class UserVmManagerImpl extends
collectVmDiskStatistics(uservm);
}
_itMgr.migrate(vm.getUuid(), srcHostId, dest);
+ VMInstanceVO vmInstance = _vmInstanceDao.findById(vmId);
+ if (vmInstance.getType().equals(VirtualMachine.Type.User)) {
- return _vmDao.findById(vmId);
+ return _vmDao.findById(vmId);
+ } else {
+ return vmInstance;
+ }
}
private boolean checkIfHostIsDedicated(HostVO host) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f8437544/server/src/com/cloud/vm/snapshot/VMSnapshotManagerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f8437544/setup/db/db/schema-430to440.sql
----------------------------------------------------------------------
diff --cc setup/db/db/schema-430to440.sql
index e792480,70f7352..4ce7ba9
--- a/setup/db/db/schema-430to440.sql
+++ b/setup/db/db/schema-430to440.sql
@@@ -443,112 -446,24 +446,133 @@@ CREATE VIEW `cloud`.`user_vm_view` A
left join
`cloud`.`user_vm_details` `custom_ram_size` ON (((`custom_ram_size`.`vm_id` = `cloud`.`vm_instance`.`id`) and (`custom_ram_size`.`name` = 'memory')));
+-- ACL DB schema
+CREATE TABLE `cloud`.`acl_group` (
+ `id` bigint unsigned NOT NULL UNIQUE auto_increment,
+ `name` varchar(255) NOT NULL,
+ `description` varchar(255) default NULL,
+ `uuid` varchar(40),
+ `path` varchar(255) NOT NULL,
+ `account_id` bigint unsigned NOT NULL,
+ `view` varchar(40) default 'User' COMMENT 'response review this group account should see for result',
+ `removed` datetime COMMENT 'date the group was removed',
+ `created` datetime COMMENT 'date the group was created',
+ PRIMARY KEY (`id`),
+ INDEX `i_acl_group__removed`(`removed`),
+ CONSTRAINT `uc_acl_group__uuid` UNIQUE (`uuid`)
+) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
+
+CREATE TABLE `cloud`.`acl_group_account_map` (
+ `id` bigint unsigned NOT NULL auto_increment,
+ `group_id` bigint unsigned NOT NULL,
+ `account_id` bigint unsigned NOT NULL,
+ `removed` datetime COMMENT 'date the account was removed from the group',
+ `created` datetime COMMENT 'date the account was assigned to the group',
+ PRIMARY KEY (`id`),
+ CONSTRAINT `fk_acl_group_vm_map__group_id` FOREIGN KEY(`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE,
+ CONSTRAINT `fk_acl_group_vm_map__account_id` FOREIGN KEY(`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+
+CREATE TABLE `cloud`.`acl_policy` (
+ `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+ `name` varchar(255) NOT NULL,
+ `description` varchar(255) DEFAULT NULL,
+ `uuid` varchar(40) DEFAULT NULL,
+ `path` varchar(255) NOT NULL,
+ `account_id` bigint unsigned NOT NULL,
+ `removed` datetime DEFAULT NULL COMMENT 'date the role was removed',
+ `created` datetime DEFAULT NULL COMMENT 'date the role was created',
+ `policy_type` varchar(64) DEFAULT 'Static' COMMENT 'Static or Dynamic',
+ PRIMARY KEY (`id`),
+ UNIQUE KEY `id` (`id`),
+ UNIQUE KEY `uc_acl_policy__uuid` (`uuid`),
+ KEY `i_acl_policy__removed` (`removed`)
+) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
+
+CREATE TABLE `cloud`.`acl_group_policy_map` (
+ `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+ `group_id` bigint(20) unsigned NOT NULL,
+ `policy_id` bigint(20) unsigned NOT NULL,
+ `removed` datetime DEFAULT NULL COMMENT 'date the policy was revoked from the group',
+ `created` datetime DEFAULT NULL COMMENT 'date the policy was attached to the group',
+ PRIMARY KEY (`id`),
+ KEY `fk_acl_group_policy_map__group_id` (`group_id`),
+ KEY `fk_acl_group_policy_map__policy_id` (`policy_id`),
+ CONSTRAINT `fk_acl_group_policy_map__group_id` FOREIGN KEY (`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE,
+ CONSTRAINT `fk_acl_group_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `cloud`.`acl_account_policy_map` (
+ `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+ `account_id` bigint(20) unsigned NOT NULL,
+ `policy_id` bigint(20) unsigned NOT NULL,
+ `removed` datetime DEFAULT NULL COMMENT 'date the policy was revoked from the account',
+ `created` datetime DEFAULT NULL COMMENT 'date the policy was attached to the account',
+ PRIMARY KEY (`id`),
+ KEY `fk_acl_account_policy_map__account_id` (`account_id`),
+ KEY `fk_acl_account_policy_map__policy_id` (`policy_id`),
+ CONSTRAINT `fk_acl_account_policy_map__account_id` FOREIGN KEY (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE,
+ CONSTRAINT `fk_acl_account_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `cloud`.`acl_policy_permission` (
+ `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+ `policy_id` bigint(20) unsigned NOT NULL,
+ `action` varchar(100) NOT NULL,
+ `resource_type` varchar(100) DEFAULT NULL,
+ `scope_id` bigint(20) DEFAULT NULL,
+ `scope` varchar(40) DEFAULT NULL,
+ `access_type` varchar(40) DEFAULT NULL,
+ `permission` varchar(40) NOT NULL COMMENT 'Allow or Deny',
+ `recursive` int(1) unsigned NOT NULL DEFAULT 0 COMMENT '1 if this permission applies recursively in a group/policy hierarchy',
+ `removed` datetime DEFAULT NULL COMMENT 'date the permission was revoked',
+ `created` datetime DEFAULT NULL COMMENT 'date the permission was granted',
+ PRIMARY KEY (`id`),
+ UNIQUE KEY `id` (`id`),
+ KEY `fk_acl_policy_permission__policy_id` (`policy_id`),
+ CONSTRAINT `fk_acl_policy_permission__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
+
+
+INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (1, 'NORMAL', 'Domain user role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (2, 'ADMIN', 'Root admin role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (6, 'RESOURCE_OWNER', 'Resource owner role', UUID(), '/', 1, Now(), 'Dynamic');
+
+
+INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (1, 'NORMAL', 'Domain user group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (2, 'ADMIN', 'Root admin group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin group', UUID(), '/', 1, Now());
+
+INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(1, 1, Now());
+INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(2, 2, Now());
+INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(3, 3, Now());
+INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(4, 4, Now());
+INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(5, 5, Now());
+
+ INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('NetworkManager', 'DEFAULT', 'management-server', 'vm.network.nic.max.secondary.ipaddresses', NULL, 'Specify the number of secondary ip addresses per nic per vm', '256') ON DUPLICATE KEY UPDATE category='NetworkManager';
+
+ CREATE TABLE `cloud`.`autoscale_vmprofile_details` (
+ `id` bigint unsigned NOT NULL auto_increment,
+ `autoscale_vmprofile_id` bigint unsigned NOT NULL COMMENT 'VPC gateway id',
+ `name` varchar(255) NOT NULL,
+ `value` varchar(1024) NOT NULL,
+ `display` tinyint(1) NOT NULL DEFAULT '0' COMMENT 'True if the detail can be displayed to the end autoscale_vmprofile',
+ PRIMARY KEY (`id`),
+ CONSTRAINT `fk_autoscale_vmprofile_details__autoscale_vmprofile_id` FOREIGN KEY `fk_autoscale_vmprofile_details__autoscale_vmprofile_id`(`autoscale_vmprofile_id`) REFERENCES `autoscale_vmprofiles`(`id`) ON DELETE CASCADE
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+ CREATE TABLE `cloud`.`autoscale_vmgroup_details` (
+ `id` bigint unsigned NOT NULL auto_increment,
+ `autoscale_vmgroup_id` bigint unsigned NOT NULL COMMENT 'VPC gateway id',
+ `name` varchar(255) NOT NULL,
+ `value` varchar(1024) NOT NULL,
+ `display` tinyint(1) NOT NULL DEFAULT '0' COMMENT 'True if the detail can be displayed to the end autoscale_vmgroup',
+ PRIMARY KEY (`id`),
+ CONSTRAINT `fk_autoscale_vmgroup_details__autoscale_vmgroup_id` FOREIGN KEY `fk_autoscale_vmgroup_details__autoscale_vmgroup_id`(`autoscale_vmgroup_id`) REFERENCES `autoscale_vmgroups`(`id`) ON DELETE CASCADE
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f8437544/tools/apidoc/gen_toc.py
----------------------------------------------------------------------
diff --cc tools/apidoc/gen_toc.py
index a94e709,29ff3bf..ef30a79
--- a/tools/apidoc/gen_toc.py
+++ b/tools/apidoc/gen_toc.py
@@@ -160,8 -160,8 +160,9 @@@ known_categories =
'Ucs' : 'UCS',
'CacheStores' : 'Cache Stores',
'CacheStore' : 'Cache Store',
+ 'Acl' : 'Acl',
- 'OvsElement' : 'Ovs Element'
+ 'OvsElement' : 'Ovs Element',
+ 'StratosphereSsp' : ' Stratosphere SSP'
}