You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2014/05/09 08:26:22 UTC
git commit: updated refs/heads/master to 0f79223
Repository: cloudstack
Updated Branches:
refs/heads/master 51cb0f9a4 -> 0f79223f2
CLOUDSTACK-6613:IAM: authorizeSecurityGroupIngress fails when SG Name is
passed.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0f79223f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0f79223f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0f79223f
Branch: refs/heads/master
Commit: 0f79223f2880432f7e745543e1ecbb4e6858a55c
Parents: 51cb0f9
Author: Min Chen <mi...@citrix.com>
Authored: Thu May 8 23:08:32 2014 -0700
Committer: Min Chen <mi...@citrix.com>
Committed: Thu May 8 23:19:28 2014 -0700
----------------------------------------------------------------------
.../AuthorizeSecurityGroupEgressCmd.java | 3 +-
.../AuthorizeSecurityGroupIngressCmd.java | 3 +-
server/src/com/cloud/api/ApiServer.java | 52 +++++++++++---------
.../cloud/api/dispatch/ParamProcessWorker.java | 3 +-
4 files changed, 35 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0f79223f/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
index aef0a7c..9909bf3 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
@@ -95,7 +95,8 @@ public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.SECURITY_GROUP_ID, type=CommandType.UUID, description="The ID of the security group. Mutually exclusive with securityGroupName parameter", entityType=SecurityGroupResponse.class)
private Long securityGroupId;
- @ACL(accessType = AccessType.OperateEntry)
+ // This @ACL will not work, since we don't have a way to convert this parameter to the entity like securityGroupId.
+ //@ACL(accessType = AccessType.OperateEntry)
@Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="The name of the security group. Mutually exclusive with securityGroupName parameter")
private String securityGroupName;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0f79223f/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
index 188df6e..3549d51 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
@@ -95,7 +95,8 @@ public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.SECURITY_GROUP_ID, type=CommandType.UUID, description="The ID of the security group. Mutually exclusive with securityGroupName parameter", entityType=SecurityGroupResponse.class)
private Long securityGroupId;
- @ACL(accessType = AccessType.OperateEntry)
+ // This @ACL will not work, since we don't have a way to convert this parameter to the entity like securityGroupId.
+ //@ACL(accessType = AccessType.OperateEntry)
@Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="The name of the security group. Mutually exclusive with securityGroupName parameter")
private String securityGroupName;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0f79223f/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index 9c65fed..0b24087 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -96,10 +96,14 @@ import org.apache.cloudstack.api.BaseListCmd;
import org.apache.cloudstack.api.ResponseObject;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.admin.account.ListAccountsCmdByAdmin;
import org.apache.cloudstack.api.command.admin.host.ListHostsCmd;
import org.apache.cloudstack.api.command.admin.router.ListRoutersCmd;
import org.apache.cloudstack.api.command.admin.storage.ListStoragePoolsCmd;
import org.apache.cloudstack.api.command.admin.user.ListUsersCmd;
+import org.apache.cloudstack.api.command.admin.vm.ListVMsCmdByAdmin;
+import org.apache.cloudstack.api.command.admin.volume.ListVolumesCmdByAdmin;
+import org.apache.cloudstack.api.command.admin.zone.ListZonesCmdByAdmin;
import org.apache.cloudstack.api.command.user.account.ListAccountsCmd;
import org.apache.cloudstack.api.command.user.account.ListProjectAccountsCmd;
import org.apache.cloudstack.api.command.user.event.ListEventsCmd;
@@ -138,8 +142,8 @@ import com.cloud.domain.Domain;
import com.cloud.domain.DomainVO;
import com.cloud.domain.dao.DomainDao;
import com.cloud.event.ActionEventUtils;
-import com.cloud.event.EventTypes;
import com.cloud.event.EventCategory;
+import com.cloud.event.EventTypes;
import com.cloud.exception.AccountLimitException;
import com.cloud.exception.CloudAuthenticationException;
import com.cloud.exception.InsufficientCapacityException;
@@ -210,7 +214,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
private static Map<String, List<Class<?>>> s_apiNameCmdClassMap = new HashMap<String, List<Class<?>>>();
private static ExecutorService s_executor = new ThreadPoolExecutor(10, 150, 60, TimeUnit.SECONDS, new LinkedBlockingQueue<Runnable>(), new NamedThreadFactory(
- "ApiServer"));
+ "ApiServer"));
@Inject
MessageBus _messageBus;
@@ -442,7 +446,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
final Matcher matcher = pattern.matcher(value[0]);
if (matcher.find()) {
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter " + key +
- " is invalid, contains illegal ASCII non-printable characters");
+ " is invalid, contains illegal ASCII non-printable characters");
}
}
stringMap.put(key, value[0]);
@@ -506,7 +510,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
StringUtils.cleanString(response));
}
else
- buildAuditTrail(auditTrailSb, command[0], response);
+ buildAuditTrail(auditTrailSb, command[0], response);
} else {
if (!command[0].equalsIgnoreCase("login") && !command[0].equalsIgnoreCase("logout")) {
final String errorString = "Unknown API command: " + command[0];
@@ -612,7 +616,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
objectUuid = createCmd.getEntityUuid();
params.put("id", objectId.toString());
Class entityClass = EventTypes.getEntityClassForEvent(createCmd.getEventType());
- if(entityClass != null)
+ if (entityClass != null)
ctx.putContextParameter(entityClass.getName(), objectId);
} else {
// Extract the uuid before params are processed and id reflects internal db id
@@ -628,7 +632,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
if (caller != null) {
params.put("ctxAccountId", String.valueOf(caller.getId()));
}
- if(objectUuid != null){
+ if (objectUuid != null) {
params.put("uuid", objectUuid);
}
@@ -637,14 +641,14 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
// Add the resource id in the call context, also add some other first class object ids (for now vm) if available.
// TODO - this should be done for all the uuids passed in the cmd - so should be moved where uuid to id conversion happens.
- if(EventTypes.getEntityForEvent(asyncCmd.getEventType()) != null){
+ if (EventTypes.getEntityForEvent(asyncCmd.getEventType()) != null) {
ctx.putContextParameter(EventTypes.getEntityForEvent(asyncCmd.getEventType()), objectUuid);
}
// save the scheduled event
final Long eventId =
- ActionEventUtils.onScheduledActionEvent((callerUserId == null) ? User.UID_SYSTEM : callerUserId, asyncCmd.getEntityOwnerId(), asyncCmd.getEventType(),
- asyncCmd.getEventDescription(), asyncCmd.isDisplay(), startEventId);
+ ActionEventUtils.onScheduledActionEvent((callerUserId == null) ? User.UID_SYSTEM : callerUserId, asyncCmd.getEntityOwnerId(), asyncCmd.getEventType(),
+ asyncCmd.getEventDescription(), asyncCmd.isDisplay(), startEventId);
if (startEventId == 0) {
// There was no create event before, set current event id as start eventId
startEventId = eventId;
@@ -681,13 +685,15 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
// if the command is of the listXXXCommand, we will need to also return the
// the job id and status if possible
// For those listXXXCommand which we have already created DB views, this step is not needed since async job is joined in their db views.
- if (cmdObj instanceof BaseListCmd && !(cmdObj instanceof ListVMsCmd) && !(cmdObj instanceof ListRoutersCmd) && !(cmdObj instanceof ListSecurityGroupsCmd) &&
- !(cmdObj instanceof ListTagsCmd) && !(cmdObj instanceof ListEventsCmd) && !(cmdObj instanceof ListVMGroupsCmd) && !(cmdObj instanceof ListProjectsCmd) &&
- !(cmdObj instanceof ListProjectAccountsCmd) && !(cmdObj instanceof ListProjectInvitationsCmd) && !(cmdObj instanceof ListHostsCmd) &&
- !(cmdObj instanceof ListVolumesCmd) && !(cmdObj instanceof ListUsersCmd) && !(cmdObj instanceof ListAccountsCmd) &&
- !(cmdObj instanceof ListStoragePoolsCmd) && !(cmdObj instanceof ListDiskOfferingsCmd) && !(cmdObj instanceof ListServiceOfferingsCmd) &&
- !(cmdObj instanceof ListZonesCmd)) {
- buildAsyncListResponse((BaseListCmd) cmdObj, caller);
+ if (cmdObj instanceof BaseListCmd && !(cmdObj instanceof ListVMsCmd) && !(cmdObj instanceof ListVMsCmdByAdmin) && !(cmdObj instanceof ListRoutersCmd)
+ && !(cmdObj instanceof ListSecurityGroupsCmd) &&
+ !(cmdObj instanceof ListTagsCmd) && !(cmdObj instanceof ListEventsCmd) && !(cmdObj instanceof ListVMGroupsCmd) && !(cmdObj instanceof ListProjectsCmd) &&
+ !(cmdObj instanceof ListProjectAccountsCmd) && !(cmdObj instanceof ListProjectInvitationsCmd) && !(cmdObj instanceof ListHostsCmd) &&
+ !(cmdObj instanceof ListVolumesCmd) && !(cmdObj instanceof ListVolumesCmdByAdmin) && !(cmdObj instanceof ListUsersCmd) && !(cmdObj instanceof ListAccountsCmd)
+ && !(cmdObj instanceof ListAccountsCmdByAdmin) &&
+ !(cmdObj instanceof ListStoragePoolsCmd) && !(cmdObj instanceof ListDiskOfferingsCmd) && !(cmdObj instanceof ListServiceOfferingsCmd) &&
+ !(cmdObj instanceof ListZonesCmd) && !(cmdObj instanceof ListZonesCmdByAdmin)) {
+ buildAsyncListResponse((BaseListCmd)cmdObj, caller);
}
SerializationContext.current().setUuidTranslation(true);
@@ -861,7 +867,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
if (user.getState() != Account.State.enabled || !account.getState().equals(Account.State.enabled)) {
s_logger.info("disabled or locked user accessing the api, userid = " + user.getId() + "; name = " + user.getUsername() + "; state: " + user.getState() +
- "; accountState: " + account.getState());
+ "; accountState: " + account.getState());
return false;
}
@@ -917,7 +923,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
@Override
public void loginUser(final HttpSession session, final String username, final String password, Long domainId, final String domainPath, final String loginIpAddress,
- final Map<String, Object[]> requestParameters) throws CloudAuthenticationException {
+ final Map<String, Object[]> requestParameters) throws CloudAuthenticationException {
// We will always use domainId first. If that does not exist, we will use domain name. If THAT doesn't exist
// we will default to ROOT
if (domainId == null) {
@@ -1006,7 +1012,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
}
if ((user == null) || (user.getRemoved() != null) || !user.getState().equals(Account.State.enabled) || (account == null) ||
- !account.getState().equals(Account.State.enabled)) {
+ !account.getState().equals(Account.State.enabled)) {
s_logger.warn("Deleted/Disabled/Locked user with id=" + userId + " attempting to access public API");
return false;
}
@@ -1102,10 +1108,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
_params = new BasicHttpParams();
_params.setIntParameter(CoreConnectionPNames.SO_TIMEOUT, 30000)
- .setIntParameter(CoreConnectionPNames.SOCKET_BUFFER_SIZE, 8 * 1024)
- .setBooleanParameter(CoreConnectionPNames.STALE_CONNECTION_CHECK, false)
- .setBooleanParameter(CoreConnectionPNames.TCP_NODELAY, true)
- .setParameter(CoreProtocolPNames.ORIGIN_SERVER, "HttpComponents/1.1");
+ .setIntParameter(CoreConnectionPNames.SOCKET_BUFFER_SIZE, 8 * 1024)
+ .setBooleanParameter(CoreConnectionPNames.STALE_CONNECTION_CHECK, false)
+ .setBooleanParameter(CoreConnectionPNames.TCP_NODELAY, true)
+ .setParameter(CoreProtocolPNames.ORIGIN_SERVER, "HttpComponents/1.1");
// Set up the HTTP protocol processor
final BasicHttpProcessor httpproc = new BasicHttpProcessor();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0f79223f/server/src/com/cloud/api/dispatch/ParamProcessWorker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/dispatch/ParamProcessWorker.java b/server/src/com/cloud/api/dispatch/ParamProcessWorker.java
index d862660..ba5bebf 100644
--- a/server/src/com/cloud/api/dispatch/ParamProcessWorker.java
+++ b/server/src/com/cloud/api/dispatch/ParamProcessWorker.java
@@ -155,7 +155,8 @@ public class ParamProcessWorker implements DispatchWorker {
// for maps, specify access to be checkd on key or value.
// Find the controlled entity DBid by uuid
- if (parameterAnnotation.entityType() != null) {
+ if (parameterAnnotation.entityType() != null && parameterAnnotation.entityType().length > 0
+ && parameterAnnotation.entityType()[0].getAnnotation(EntityReference.class) != null) {
final Class<?>[] entityList = parameterAnnotation.entityType()[0].getAnnotation(EntityReference.class).value();
// Check if the parameter type is a single