You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by wi...@apache.org on 2015/03/04 11:05:59 UTC
[15/50] [abbrv] git commit: updated refs/heads/reporter to 178a938
CLOUDSTACK-8273: refactor baremetal user name to utils, restrict baremetal user
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit cb08707addbffa12abc50aec9ad980059f23910c)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Conflicts:
server/src/com/cloud/user/AccountManagerImpl.java
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6df2fe7a
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6df2fe7a
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6df2fe7a
Branch: refs/heads/reporter
Commit: 6df2fe7a8ad70a10b4584391d1c56fc03ff0f85b
Parents: f393199
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Thu Feb 26 17:42:21 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Thu Feb 26 17:47:01 2015 +0530
----------------------------------------------------------------------
.../baremetal/manager/BaremetalVlanManager.java | 4 -
.../manager/BaremetalVlanManagerImpl.java | 11 +--
.../src/com/cloud/user/AccountManagerImpl.java | 93 ++++++++++----------
.../utils/baremetal/BaremetalUtils.java | 24 +++++
4 files changed, 77 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6df2fe7a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManager.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManager.java b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManager.java
index 76f1052..b6311f7 100644
--- a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManager.java
+++ b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManager.java
@@ -27,11 +27,7 @@ import com.cloud.vm.VirtualMachineProfile;
import org.apache.cloudstack.api.AddBaremetalRctCmd;
import org.apache.cloudstack.api.DeleteBaremetalRctCmd;
-/**
- * Created by frank on 4/30/14.
- */
public interface BaremetalVlanManager extends Manager, PluggableService {
- public static final String BAREMETAL_SYSTEM_ACCOUNT_NAME = "baremetal-system-account";
BaremetalRctResponse addRct(AddBaremetalRctCmd cmd);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6df2fe7a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManagerImpl.java b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManagerImpl.java
index a77cf35..3169597 100644
--- a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManagerImpl.java
+++ b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManagerImpl.java
@@ -43,6 +43,7 @@ import org.apache.cloudstack.api.AddBaremetalRctCmd;
import org.apache.cloudstack.api.DeleteBaremetalRctCmd;
import org.apache.cloudstack.api.ListBaremetalRctCmd;
import org.apache.cloudstack.api.command.admin.user.RegisterCmd;
+import org.apache.cloudstack.utils.baremetal.BaremetalUtils;
import org.springframework.web.client.RestTemplate;
import javax.inject.Inject;
@@ -235,14 +236,14 @@ public class BaremetalVlanManagerImpl extends ManagerBase implements BaremetalVl
@Override
public boolean start() {
QueryBuilder<AccountVO> acntq = QueryBuilder.create(AccountVO.class);
- acntq.and(acntq.entity().getAccountName(), SearchCriteria.Op.EQ, BaremetalVlanManager.BAREMETAL_SYSTEM_ACCOUNT_NAME);
+ acntq.and(acntq.entity().getAccountName(), SearchCriteria.Op.EQ, BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME);
AccountVO acnt = acntq.find();
if (acnt != null) {
return true;
}
acnt = new AccountVO();
- acnt.setAccountName(BAREMETAL_SYSTEM_ACCOUNT_NAME);
+ acnt.setAccountName(BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME);
acnt.setUuid(UUID.randomUUID().toString());
acnt.setState(Account.State.enabled);
acnt.setDomainId(1);
@@ -252,9 +253,9 @@ public class BaremetalVlanManagerImpl extends ManagerBase implements BaremetalVl
user.setState(Account.State.enabled);
user.setUuid(UUID.randomUUID().toString());
user.setAccountId(acnt.getAccountId());
- user.setUsername(BAREMETAL_SYSTEM_ACCOUNT_NAME);
- user.setFirstname(BAREMETAL_SYSTEM_ACCOUNT_NAME);
- user.setLastname(BAREMETAL_SYSTEM_ACCOUNT_NAME);
+ user.setUsername(BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME);
+ user.setFirstname(BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME);
+ user.setLastname(BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME);
user.setPassword(UUID.randomUUID().toString());
user = userDao.persist(user);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6df2fe7a/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 28115a2..bced7b3 100644
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -16,52 +16,6 @@
// under the License.
package com.cloud.user;
-import java.net.URLEncoder;
-import java.net.InetAddress;
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
-import java.util.concurrent.Executors;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeUnit;
-
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-import javax.ejb.Local;
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang.StringUtils;
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.ControlledEntity;
-import org.apache.cloudstack.acl.QuerySelector;
-import org.apache.cloudstack.acl.RoleType;
-import org.apache.cloudstack.acl.SecurityChecker;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.affinity.AffinityGroup;
-import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
-import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd;
-import org.apache.cloudstack.api.command.admin.user.DeleteUserCmd;
-import org.apache.cloudstack.api.command.admin.user.RegisterCmd;
-import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
-import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
-import org.apache.cloudstack.framework.messagebus.MessageBus;
-import org.apache.cloudstack.framework.messagebus.PublishScope;
-import org.apache.cloudstack.managed.context.ManagedContextRunnable;
-import org.apache.cloudstack.region.gslb.GlobalLoadBalancerRuleDao;
-
import com.cloud.api.ApiDBUtils;
import com.cloud.api.query.vo.ControlledViewEntity;
import com.cloud.configuration.Config;
@@ -163,6 +117,49 @@ import com.cloud.vm.VirtualMachineManager;
import com.cloud.vm.dao.InstanceGroupDao;
import com.cloud.vm.dao.UserVmDao;
import com.cloud.vm.dao.VMInstanceDao;
+import org.apache.cloudstack.acl.ControlledEntity;
+import org.apache.cloudstack.acl.QuerySelector;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.affinity.AffinityGroup;
+import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
+import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd;
+import org.apache.cloudstack.api.command.admin.user.DeleteUserCmd;
+import org.apache.cloudstack.api.command.admin.user.RegisterCmd;
+import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
+import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.messagebus.MessageBus;
+import org.apache.cloudstack.framework.messagebus.PublishScope;
+import org.apache.cloudstack.managed.context.ManagedContextRunnable;
+import org.apache.cloudstack.region.gslb.GlobalLoadBalancerRuleDao;
+import org.apache.cloudstack.utils.baremetal.BaremetalUtils;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+import java.net.URLEncoder;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
@Local(value = {AccountManager.class, AccountService.class})
public class AccountManagerImpl extends ManagerBase implements AccountManager, Manager {
@@ -2194,6 +2191,10 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
if (user.getId() == User.UID_SYSTEM) {
throw new PermissionDeniedException("user id : " + user.getId() + " is system account, update is not allowed");
}
+ // don't allow baremetal system user
+ if (BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME.equals(user.getUsername())) {
+ throw new PermissionDeniedException("user id : " + user.getId() + " is system account, update is not allowed");
+ }
// generate both an api key and a secret key, update the user table with the keys, return the keys to the user
final String[] keys = new String[2];
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6df2fe7a/utils/src/org/apache/cloudstack/utils/baremetal/BaremetalUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/baremetal/BaremetalUtils.java b/utils/src/org/apache/cloudstack/utils/baremetal/BaremetalUtils.java
new file mode 100644
index 0000000..85704a5
--- /dev/null
+++ b/utils/src/org/apache/cloudstack/utils/baremetal/BaremetalUtils.java
@@ -0,0 +1,24 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package org.apache.cloudstack.utils.baremetal;
+
+public class BaremetalUtils {
+ public static final String BAREMETAL_SYSTEM_ACCOUNT_NAME = "baremetal-system-account";
+}