etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Implemented vm* api commands to be executed against the project

This commit is contained in:
alena 2011-09-28 17:09:09 -07:00
parent eda1b53c76
commit 12e25fb988
18 changed files with 178 additions and 355 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
api/src/com/cloud/api/BaseCmd.java
View File

@ -576,7 +576,7 @@ public abstract class BaseCmd {
return this.fullUrlParams;
}
public Long getAccountId(String accountName, String projectName, Long domainId) {
public Long getAccountId(String accountName, Long domainId, Long projectId) {
if (accountName != null) {
if (domainId == null) {
throw new InvalidParameterValueException("Account must be specified with domainId parameter");
@ -589,18 +589,16 @@ public abstract class BaseCmd {
}
}
if (projectName != null) {
if (domainId == null) {
throw new InvalidParameterValueException("Project must be specified with domainId parameter");
}
Project project = _projectService.findByNameAndDomainId(projectName, domainId);
if (projectId != null) {
Project project = _projectService.getProject(projectId);
if (project != null) {
return project.getProjectAccountId();
} else {
throw new InvalidParameterValueException("Unable to find project by name " + project + " in domain id=" + domainId);
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
}
return null;
return UserContext.current().getCaller().getId();
}
}

22
api/src/com/cloud/api/commands/DeployVMCmd.java
View File

@ -124,6 +124,9 @@ public class DeployVMCmd extends BaseAsyncCreateCmd {
@Parameter(name=ApiConstants.KEYBOARD, type=CommandType.STRING, description="an optional keyboard device type for the virtual machine. valid value can be one of de,de-ch,es,fi,fr,fr-be,fr-ch,is,it,jp,nl-be,no,pt,uk,us")
private String keyboard;
@Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="Deploy vm for the project")
private Long projectId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
@ -271,19 +274,7 @@ public class DeployVMCmd extends BaseAsyncCreateCmd {
@Override
public long getEntityOwnerId() {
Account account = UserContext.current().getCaller();
if ((account == null) || isAdmin(account.getType())) {
if ((domainId != null) && (accountName != null)) {
Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
if (userAccount != null) {
return userAccount.getId();
} else {
throw new InvalidParameterValueException("Unable to find account by name " + getAccountName() + " in domain " + getDomainId());
}
}
}
return account.getId();
return getAccountId(accountName, domainId, projectId);
}
@Override
@ -346,10 +337,7 @@ public class DeployVMCmd extends BaseAsyncCreateCmd {
public void create() throws ResourceAllocationException{
try {
//Verify that all objects exist before passing them to the service
Account owner = _accountService.getActiveAccountByName(getAccountName(), getDomainId());
if (owner == null) {
throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId);
}
Account owner = _accountService.getActiveAccountById(getEntityOwnerId());
DataCenter zone = _configService.getZone(zoneId);
if (zone == null) {

6
api/src/com/cloud/api/commands/ListResourceLimitsCmd.java
View File

@ -44,8 +44,8 @@ public class ListResourceLimitsCmd extends BaseListCmd {
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="Lists resource limits by account. Must be used with the domainId parameter.")
private String accountName;
@Parameter(name=ApiConstants.PROJECT, type=CommandType.STRING, description="Lists resource limits by project. Must be used with the domainId parameter.")
private String projectName;
@Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="Lists resource limits by project")
private Long projectId;
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="Lists resource limits by domain ID. If used with the account parameter, lists resource limits for a specified account in a specified domain.")
private Long domainId;
@ -91,7 +91,7 @@ public class ListResourceLimitsCmd extends BaseListCmd {
@Override
public void execute(){
List<? extends ResourceLimit> result = _resourceLimitService.searchForLimits(id, getAccountId(accountName, projectName, domainId), domainId, resourceType, this.getStartIndex(), this.getPageSizeVal());
List<? extends ResourceLimit> result = _resourceLimitService.searchForLimits(id, getAccountId(accountName, domainId, projectId), domainId, resourceType, this.getStartIndex(), this.getPageSizeVal());
ListResponse<ResourceLimitResponse> response = new ListResponse<ResourceLimitResponse>();
List<ResourceLimitResponse> limitResponses = new ArrayList<ResourceLimitResponse>();
for (ResourceLimit limit : result) {

8
api/src/com/cloud/api/commands/ListVMsCmd.java
View File

@ -25,6 +25,7 @@ import com.cloud.api.ApiConstants;
import com.cloud.api.BaseListCmd;
import com.cloud.api.Implementation;
import com.cloud.api.Parameter;
import com.cloud.api.BaseCmd.CommandType;
import com.cloud.api.response.ListResponse;
import com.cloud.api.response.UserVmResponse;
import com.cloud.async.AsyncJob;
@ -81,6 +82,9 @@ public class ListVMsCmd extends BaseListCmd {
@Parameter(name=ApiConstants.STORAGE_ID, type=CommandType.LONG, description="the storage ID where vm's volumes belong to")
private Long storageId;
@Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list vms by project")
private Long projectId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
@ -146,6 +150,10 @@ public class ListVMsCmd extends BaseListCmd {
return storageId;
}
public Long getProjectId() {
return projectId;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////

13
api/src/com/cloud/api/commands/UpdateResourceLimitCmd.java
View File

@ -46,8 +46,8 @@ public class UpdateResourceLimitCmd extends BaseCmd {
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="Update resource limits for all accounts in specified domain. If used with the account parameter, updates resource limits for a specified account in specified domain.")
private Long domainId;
@Parameter(name=ApiConstants.PROJECT, type=CommandType.STRING, description="Update resource limits for project")
private String projectName;
@Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="Update resource limits for project")
private Long projectId;
@Parameter(name=ApiConstants.MAX, type=CommandType.LONG, description=" Maximum resource limit.")
private Long max;
@ -86,17 +86,12 @@ public class UpdateResourceLimitCmd extends BaseCmd {
@Override
public long getEntityOwnerId() {
Long accountId = getAccountId(accountName, projectName, domainId);
if (accountId != null) {
return accountId;
}
return Account.ACCOUNT_ID_SYSTEM;
return getAccountId(accountName, domainId, projectId);
}
@Override
public void execute(){
ResourceLimit result = _resourceLimitService.updateResourceLimit(getAccountId(accountName, projectName, domainId), getDomainId(), resourceType, max);
ResourceLimit result = _resourceLimitService.updateResourceLimit(getEntityOwnerId(), getDomainId(), resourceType, max);
if (result != null || (result == null && max != null && max.longValue() == -1L)){
ResourceLimitResponse response = _responseGenerator.createResourceLimitResponse(result);
response.setResponseName(getCommandName());

2
api/src/com/cloud/api/response/ControlledEntityResponse.java
View File

@ -4,6 +4,8 @@ public interface ControlledEntityResponse {
public void setAccountName(String accountName);
public void setProjectId(Long projectId);
public void setProjectName(String projectName);
public void setDomainId(Long domainId);

10
api/src/com/cloud/api/response/ResourceLimitResponse.java
View File

@ -38,9 +38,12 @@ public class ResourceLimitResponse extends BaseResponse implements ControlledEnt
@SerializedName("max") @Param(description="the maximum number of the resource. A -1 means the resource currently has no limit.")
private Long max;
@SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the resource limit")
private Long projectId;
@SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the resource limit")
private String projectName;
@Override
public void setAccountName(String accountName) {
this.accountName = accountName;
@ -68,4 +71,9 @@ public class ResourceLimitResponse extends BaseResponse implements ControlledEnt
public void setMax(Long max) {
this.max = max;
}
@Override
public void setProjectId(Long projectId) {
this.projectId = projectId;
}
}

186
api/src/com/cloud/api/response/UserVmResponse.java
View File

@ -24,7 +24,8 @@ import com.cloud.api.ApiConstants;
import com.cloud.serializer.Param;
import com.google.gson.annotations.SerializedName;
public class UserVmResponse extends BaseResponse {
@SuppressWarnings("unused")
public class UserVmResponse extends BaseResponse implements ControlledEntityResponse {
@SerializedName(ApiConstants.ID) @Param(description="the ID of the virtual machine")
private Long id;
@ -39,6 +40,12 @@ public class UserVmResponse extends BaseResponse {
@SerializedName(ApiConstants.ACCOUNT) @Param(description="the account associated with the virtual machine")
private String accountName;
@SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the vm")
private Long projectId;
@SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the vm")
private String projectName;
@SerializedName(ApiConstants.DOMAIN_ID) @Param(description="the ID of the domain in which the virtual machine exists")
private Long domainId;
@ -148,335 +155,182 @@ public class UserVmResponse extends BaseResponse {
@SerializedName("hypervisor") @Param(description="the hypervisor on which the template runs")
private String hypervisor;
public String getHypervisor() {
return hypervisor;
}
public void setHypervisor(String hypervisor) {
this.hypervisor = hypervisor;
}
public Long getObjectId() {
return getId();
}
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getName() {
return name;
public Long getId() {
return id;
}
public void setName(String name) {
this.name = name;
}
public String getDisplayName() {
return displayName;
}
public void setDisplayName(String displayName) {
this.displayName = displayName;
}
public String getIpAddress() {
return ipAddress;
}
public void setIpAddress(String ipAddress) {
this.ipAddress = ipAddress;
}
public String getAccountName() {
return accountName;
}
public void setAccountName(String accountName) {
this.accountName = accountName;
}
public Long getDomainId() {
return domainId;
}
public void setDomainId(Long domainId) {
this.domainId = domainId;
}
public String getDomainName() {
return domainName;
}
public void setDomainName(String domainName) {
this.domainName = domainName;
}
public Date getCreated() {
return created;
}
public void setCreated(Date created) {
this.created = created;
}
public String getState() {
return state;
}
public void setState(String state) {
this.state = state;
}
public Boolean getHaEnable() {
return haEnable;
}
public void setHaEnable(Boolean haEnable) {
this.haEnable = haEnable;
}
public Long getGroupId() {
return groupId;
}
public void setGroupId(Long groupId) {
this.groupId = groupId;
}
public String getGroup() {
return group;
}
public void setGroup(String group) {
this.group = group;
}
public Long getZoneId() {
return zoneId;
}
public void setZoneId(Long zoneId) {
this.zoneId = zoneId;
}
public String getZoneName() {
return zoneName;
}
public void setZoneName(String zoneName) {
this.zoneName = zoneName;
}
public Long getHostId() {
return hostId;
}
public void setHostId(Long hostId) {
this.hostId = hostId;
}
public String getHostName() {
return hostName;
}
public void setHostName(String hostName) {
this.hostName = hostName;
}
public Long getTemplateId() {
return templateId;
}
public void setTemplateId(Long templateId) {
this.templateId = templateId;
}
public String getTemplateName() {
return templateName;
}
public void setTemplateName(String templateName) {
this.templateName = templateName;
}
public String getTemplateDisplayText() {
return templateDisplayText;
}
public void setTemplateDisplayText(String templateDisplayText) {
this.templateDisplayText = templateDisplayText;
}
public Boolean getPasswordEnabled() {
return passwordEnabled;
}
public void setPasswordEnabled(Boolean passwordEnabled) {
this.passwordEnabled = passwordEnabled;
}
public Long getIsoId() {
return isoId;
}
public void setIsoId(Long isoId) {
this.isoId = isoId;
}
public String getIsoName() {
return isoName;
}
public void setIsoName(String isoName) {
this.isoName = isoName;
}
public String getIsoDisplayText() {
return isoDisplayText;
}
public void setIsoDisplayText(String isoDisplayText) {
this.isoDisplayText = isoDisplayText;
}
public Long getServiceOfferingId() {
return serviceOfferingId;
}
public void setServiceOfferingId(Long serviceOfferingId) {
this.serviceOfferingId = serviceOfferingId;
}
public String getServiceOfferingName() {
return serviceOfferingName;
}
public void setServiceOfferingName(String serviceOfferingName) {
this.serviceOfferingName = serviceOfferingName;
}
public Integer getCpuNumber() {
return cpuNumber;
}
public void setCpuNumber(Integer cpuNumber) {
this.cpuNumber = cpuNumber;
}
public Integer getCpuSpeed() {
return cpuSpeed;
}
public void setCpuSpeed(Integer cpuSpeed) {
this.cpuSpeed = cpuSpeed;
}
public Integer getMemory() {
return memory;
}
public void setMemory(Integer memory) {
this.memory = memory;
}
public String getCpuUsed() {
return cpuUsed;
}
public void setCpuUsed(String cpuUsed) {
this.cpuUsed = cpuUsed;
}
public Long getNetworkKbsRead() {
return networkKbsRead;
}
public void setNetworkKbsRead(Long networkKbsRead) {
this.networkKbsRead = networkKbsRead;
}
public Long getNetworkKbsWrite() {
return networkKbsWrite;
}
public void setNetworkKbsWrite(Long networkKbsWrite) {
this.networkKbsWrite = networkKbsWrite;
}
public Long getGuestOsId() {
return guestOsId;
}
public void setGuestOsId(Long guestOsId) {
this.guestOsId = guestOsId;
}
public Long getRootDeviceId() {
return rootDeviceId;
}
public void setRootDeviceId(Long rootDeviceId) {
this.rootDeviceId = rootDeviceId;
}
public String getRootDeviceType() {
return rootDeviceType;
}
public void setRootDeviceType(String rootDeviceType) {
this.rootDeviceType = rootDeviceType;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Long getJobId() {
return jobId;
}
public void setJobId(Long jobId) {
this.jobId = jobId;
}
public Integer getJobStatus() {
return jobStatus;
}
public void setJobStatus(Integer jobStatus) {
this.jobStatus = jobStatus;
}
public Boolean getForVirtualNetwork() {
return forVirtualNetwork;
}
public void setForVirtualNetwork(Boolean forVirtualNetwork) {
this.forVirtualNetwork = forVirtualNetwork;
}
public List<NicResponse> getNics() {
return nics;
}
public void setNics(List<NicResponse> nics) {
this.nics = nics;
}
public List<SecurityGroupResponse> getSecurityGroupList() {
return securityGroupList;
}
public void setSecurityGroupList(List<SecurityGroupResponse> securityGroups) {
this.securityGroupList = securityGroups;
}
@Override
public void setProjectId(Long projectId) {
this.projectId = projectId;
}
@Override
public void setProjectName(String projectName) {
this.projectName = projectName;
}
}

5
api/src/com/cloud/vm/InstanceGroup.java
View File

@ -19,10 +19,9 @@ package com.cloud.vm;
import java.util.Date;
import com.cloud.domain.PartOf;
import com.cloud.user.OwnedBy;
import com.cloud.acl.ControlledEntity;
public interface InstanceGroup extends OwnedBy, PartOf {
public interface InstanceGroup extends ControlledEntity {
long getId();
String getName();
Date getCreated();

16
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -2369,9 +2369,10 @@ public class ApiResponseHelper implements ResponseGenerator {
userVmResponse.setName(userVmData.getName());
userVmResponse.setDisplayName(userVmData.getDisplayName());
userVmResponse.setIpAddress(userVmData.getIpAddress());
userVmResponse.setAccountName(userVmData.getAccountName());
userVmResponse.setDomainId(userVmData.getDomainId());
userVmResponse.setDomainName(userVmData.getDomainName());
populateAccount(userVmResponse, userVmData.getAccountId());
populateDomain(userVmResponse, userVmData.getDomainId());
userVmResponse.setCreated(userVmData.getCreated());
userVmResponse.setState(userVmData.getState());
userVmResponse.setHaEnable(userVmData.getHaEnable());
@ -2458,6 +2459,7 @@ public class ApiResponseHelper implements ResponseGenerator {
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
//find the project
Project project = ApiDBUtils.findProjectByProjectAccountId(account.getId());
response.setProjectId(project.getId());
response.setProjectName(project.getName());
} else {
response.setAccountName(account.getAccountName());
@ -2473,6 +2475,7 @@ public class ApiResponseHelper implements ResponseGenerator {
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
//find the project
Project project = ApiDBUtils.findProjectByProjectAccountId(account.getId());
response.setProjectId(project.getId());
response.setProjectName(project.getName());
} else {
response.setAccountName(account.getAccountName());
@ -2481,8 +2484,15 @@ public class ApiResponseHelper implements ResponseGenerator {
private void populateDomain(ControlledEntityResponse response, long domainId) {
Domain domain = ApiDBUtils.findDomainById(domainId);
if (domain.getType() == Domain.Type.Project) {
Project project = ApiDBUtils.findProjectByProjectDomainId(domainId);
domain = ApiDBUtils.findDomainById(project.getDomainId());
}
response.setDomainId(domain.getId());
response.setDomainName(domain.getName());
}
@Override

1
server/src/com/cloud/network/firewall/FirewallManagerImpl.java
View File

@ -104,6 +104,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
ConfigurationDao _configDao;
@Inject
DomainManager _domainMgr;
@Inject
PortForwardingRulesDao _pfRulesDao;
@Inject
UserVmDao _vmDao;

4
server/src/com/cloud/projects/ProjectManager.java
View File

@ -1,5 +1,7 @@
package com.cloud.projects;
import java.util.List;
import com.cloud.user.Account;
public interface ProjectManager extends ProjectService {
@ -12,4 +14,6 @@ public interface ProjectManager extends ProjectService {
boolean canModifyProjectDomain(Account caller, long domainId);
boolean deleteAccountFromProject(long projectId, long accountId);
List<Long> listPermittedProjectAccounts(long accountId);
}

5
server/src/com/cloud/projects/ProjectManagerImpl.java
View File

@ -718,4 +718,9 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
return result;
}
@Override
public List<Long> listPermittedProjectAccounts(long accountId) {
return _projectAccountDao.listPermittedAccountIds(accountId);
}
}

2
server/src/com/cloud/projects/dao/ProjectAccountDao.java
View File

@ -33,4 +33,6 @@ public interface ProjectAccountDao extends GenericDao<ProjectAccountVO, Long>{
boolean canModifyProjectAccount(long accountId, long projectAccountId);
boolean canModifyProjectDomain(long accountId, long projectDomainId);
List<Long> listPermittedAccountIds(long accountId);
}

16
server/src/com/cloud/projects/dao/ProjectAccountDaoImpl.java
View File

@ -17,6 +17,7 @@
*/
package com.cloud.projects.dao;
import java.util.ArrayList;
import java.util.List;
import javax.ejb.Local;
@ -123,4 +124,19 @@ public class ProjectAccountDaoImpl extends GenericDaoBase<ProjectAccountVO, Long
return false;
}
}
@Override
public List<Long> listPermittedAccountIds(long accountId) {
List<Long> permittedAccounts = new ArrayList<Long>();
SearchCriteria<ProjectAccountVO> sc = AllFieldsSearch.create();
sc.setParameters("accountId", accountId);
List<ProjectAccountVO> records = listBy(sc);
for (ProjectAccountVO record : records) {
permittedAccounts.add(record.getProjectAccountId());
}
return permittedAccounts;
}
}

203
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -142,6 +142,8 @@ import com.cloud.offerings.NetworkOfferingVO;
import com.cloud.offerings.dao.NetworkOfferingDao;
import com.cloud.org.Cluster;
import com.cloud.org.Grouping;
import com.cloud.projects.Project;
import com.cloud.projects.ProjectManager;
import com.cloud.server.Criteria;
import com.cloud.service.ServiceOfferingVO;
import com.cloud.service.dao.ServiceOfferingDao;
@ -343,6 +345,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
protected ResourceLimitService _resourceLimitMgr;
@Inject
protected FirewallManager _firewallMgr;
@Inject
protected ProjectManager _projectMgr;
protected ScheduledExecutorService _executor = null;
protected int _expungeInterval;
@ -368,8 +372,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
@Override
@ActionEvent(eventType = EventTypes.EVENT_VM_RESETPASSWORD, eventDescription = "resetting Vm password", async = true)
public UserVm resetVMPassword(ResetVMPasswordCmd cmd, String password) throws ResourceUnavailableException, InsufficientCapacityException {
Account account = UserContext.current().getCaller();
Long userId = UserContext.current().getCallerUserId();
Account caller = UserContext.current().getCaller();
Long vmId = cmd.getId();
UserVmVO userVm = _vmDao.findById(cmd.getId());
@ -388,7 +391,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
throw new InvalidParameterValueException("Vm with id " + vmId + " is not in the right state");
}
userId = accountAndUserValidation(vmId, account, userId, userVm);
_accountMgr.checkAccess(caller, null, userVm);
boolean result = resetVMPasswordInternal(cmd, password);
@ -557,18 +560,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
// If the account is not an admin, check that the volume and the virtual machine are owned by the account that was
// passed in
_accountMgr.checkAccess(account, null, volume);
/*
* if (account != null) { if (!isAdmin(account.getType())) { if (account.getId() != volume.getAccountId()) { throw new
* PermissionDeniedException("Unable to find volume with ID: " + volumeId + " for account: " + account.getAccountName()
* + ". Permission denied."); }
*
* if (account.getId() != vm.getAccountId()) { throw new PermissionDeniedException("Unable to find VM with ID: " + vmId
* + " for account: " + account.getAccountName() + ". Permission denied"); } } else { if
* (!_domainDao.isChildDomain(account.getDomainId(), volume.getDomainId()) ||
* !_domainDao.isChildDomain(account.getDomainId(), vm.getDomainId())) { throw new
* PermissionDeniedException("Unable to attach volume " + volumeId + " to virtual machine instance " + vmId +
* ". Permission denied."); } } }
*/
VolumeVO rootVolumeOfVm = null;
List<VolumeVO> rootVolumesOfVm = _volsDao.findByInstanceAndType(vmId, Volume.Type.ROOT);
@ -750,13 +741,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
// If the account is not an admin, check that the volume is owned by the account that was passed in
_accountMgr.checkAccess(account, null, volume);
/*
* if (!isAdmin) { if (account.getId() != volume.getAccountId()) { throw new
* InvalidParameterValueException("Unable to find volume with ID: " + volumeId + " for account: " +
* account.getAccountName()); } } else if (account != null) { if (!_domainDao.isChildDomain(account.getDomainId(),
* volume.getDomainId())) { throw new PermissionDeniedException("Unable to detach volume with ID: " + volumeId +
* ", permission denied."); } }
*/
// Check that the volume is a data volume
if (volume.getVolumeType() != Volume.Type.DATADISK) {
@ -902,8 +886,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
public UserVm upgradeVirtualMachine(UpgradeVMCmd cmd) {
Long virtualMachineId = cmd.getId();
Long serviceOfferingId = cmd.getServiceOfferingId();
Account account = UserContext.current().getCaller();
Long userId = UserContext.current().getCallerUserId();
Account caller = UserContext.current().getCaller();
// Verify input parameters
UserVmVO vmInstance = _vmDao.findById(virtualMachineId);
@ -911,7 +894,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
throw new InvalidParameterValueException("unable to find a virtual machine with id " + virtualMachineId);
}
userId = accountAndUserValidation(virtualMachineId, account, userId, vmInstance);
_accountMgr.checkAccess(caller, null, vmInstance);
// Check that the specified service offering ID is valid
ServiceOfferingVO newServiceOffering = _offeringDao.findById(serviceOfferingId);
@ -977,22 +960,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
return _vmDao.findById(vmInstance.getId());
}
private Long accountAndUserValidation(Long virtualMachineId, Account account, Long userId, UserVmVO vmInstance) {
if (account != null) {
if (!isAdmin(account.getType()) && (account.getId() != vmInstance.getAccountId())) {
throw new InvalidParameterValueException("Unable to find a virtual machine with id " + virtualMachineId + " for this account");
} else if (!_domainDao.isChildDomain(account.getDomainId(), vmInstance.getDomainId())) {
throw new InvalidParameterValueException("Invalid virtual machine id (" + virtualMachineId + ") given, unable to upgrade virtual machine.");
}
}
// If command is executed via 8096 port, set userId to the id of System account (1)
if (userId == null) {
userId = Long.valueOf(User.UID_SYSTEM);
}
return userId;
}
@Override
public HashMap<Long, VmStatsEntry> getVirtualMachineStatistics(long hostId, String hostName, List<Long> vmIds) throws CloudRuntimeException {
HashMap<Long, VmStatsEntry> vmStatsById = new HashMap<Long, VmStatsEntry>();
@ -1033,12 +1000,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
public UserVm recoverVirtualMachine(RecoverVMCmd cmd) throws ResourceAllocationException, CloudRuntimeException {
Long vmId = cmd.getId();
Account accountHandle = UserContext.current().getCaller();
// if account is removed, return error
if (accountHandle != null && accountHandle.getRemoved() != null) {
throw new InvalidParameterValueException("The account " + accountHandle.getId() + " is removed");
}
Account caller = UserContext.current().getCaller();
// Verify input parameters
UserVmVO vm = _vmDao.findById(vmId.longValue());
@ -1046,11 +1008,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
if (vm == null) {
throw new InvalidParameterValueException("unable to find a virtual machine with id " + vmId);
}
if ((accountHandle != null) && !_domainDao.isChildDomain(accountHandle.getDomainId(), vm.getDomainId())) {
// the domain in which the VM lives is not in the admin's domain tree
throw new InvalidParameterValueException("Unable to recover virtual machine with id " + vmId + ", invalid id given.");
}
//check permissions
_accountMgr.checkAccess(caller, null, vm);
if (vm.getRemoved() != null) {
if (s_logger.isDebugEnabled()) {
@ -1300,12 +1260,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
@ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_CREATE, eventDescription = "creating template", create = true)
public VMTemplateVO createPrivateTemplateRecord(CreateTemplateCmd cmd) throws ResourceAllocationException {
Long userId = UserContext.current().getCallerUserId();
if (userId == null) {
userId = User.UID_SYSTEM;
}
Account account = UserContext.current().getCaller();
boolean isAdmin = ((account == null) || isAdmin(account.getType()));
Account caller = UserContext.current().getCaller();
boolean isAdmin = ((caller == null) || isAdmin(caller.getType()));
VMTemplateVO privateTemplate = null;
@ -1321,7 +1278,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
}
if(cmd.getTemplateTag() != null){
if(!_accountService.isRootAdmin(account.getType())){
if(!_accountService.isRootAdmin(caller.getType())){
throw new PermissionDeniedException("Parameter templatetag can only be specified by a Root Admin, permission denied");
}
}
@ -1361,6 +1318,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
if (volume == null) {
throw new InvalidParameterValueException("Failed to create private template record, unable to find volume " + volumeId);
}
//check permissions
_accountMgr.checkAccess(caller, null, volume);
// If private template is created from Volume, check that the volume will not be active when the private template is
// created
if (!_storageMgr.volumeInactive(volume)) {
@ -1378,6 +1338,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
if (snapshot == null) {
throw new InvalidParameterValueException("Failed to create private template record, unable to find snapshot " + snapshotId);
}
//check permissions
_accountMgr.checkAccess(caller, null, snapshot);
if (snapshot.getStatus() != Snapshot.Status.BackedUp) {
throw new InvalidParameterValueException("Snapshot id=" + snapshotId + " is not in " + Snapshot.Status.BackedUp + " state yet and can't be used for template creation");
@ -1389,14 +1352,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
volume = _volsDao.findById(snapshot.getVolumeId());
}
if (!isAdmin) {
if (account.getId() != accountId) {
throw new PermissionDeniedException("Unable to create a template permission denied.");
}
} else if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
throw new PermissionDeniedException("Unable to create a template permission denied.");
}
VMTemplateVO existingTemplate = _templateDao.findByTemplateNameAccountId(name, accountId);
if (existingTemplate != null) {
throw new InvalidParameterValueException("Failed to create private template " + name + ", a template with that name already exists.");
@ -1747,8 +1702,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
Boolean ha = cmd.getHaEnable();
Long id = cmd.getId();
Long osTypeId = cmd.getOsTypeId();
Account account = UserContext.current().getCaller();
Long userId = UserContext.current().getCallerUserId();
String userData = cmd.getUserData();
// Input validation
@ -1766,7 +1719,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
throw new InvalidParameterValueException("Can't enable ha for the vm as it's created from the Service offering having HA disabled");
}
userId = accountAndUserValidation(id, account, userId, vmInstance);
_accountMgr.checkAccess(UserContext.current().getCaller(), null, vmInstance);
if (displayName == null) {
displayName = vmInstance.getDisplayName();
@ -1832,8 +1785,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
@Override
@ActionEvent(eventType = EventTypes.EVENT_VM_REBOOT, eventDescription = "rebooting Vm", async = true)
public UserVm rebootVirtualMachine(RebootVMCmd cmd) throws InsufficientCapacityException, ResourceUnavailableException {
Account account = UserContext.current().getCaller();
Long userId = UserContext.current().getCallerUserId();
Account caller = UserContext.current().getCaller();
Long vmId = cmd.getId();
// Verify input parameters
@ -1842,9 +1794,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
throw new InvalidParameterValueException("unable to find a virtual machine with id " + vmId);
}
userId = accountAndUserValidation(vmId, account, userId, vmInstance);
_accountMgr.checkAccess(caller, null, vmInstance);
return rebootVirtualMachine(userId, vmId);
return rebootVirtualMachine(UserContext.current().getCallerUserId(), vmId);
}
@Override
@ -1856,41 +1808,13 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
@Override
@DB
public InstanceGroupVO createVmGroup(CreateVMGroupCmd cmd) {
Account account = UserContext.current().getCaller();
Account caller = UserContext.current().getCaller();
Long domainId = cmd.getDomainId();
String accountName = cmd.getAccountName();
Long accountId = null;
String groupName = cmd.getGroupName();
if (account == null) {
account = _accountDao.findById(1L);
}
if (account != null) {
if (isAdmin(account.getType())) {
if ((domainId != null) && (accountName != null)) {
if (!_domainDao.isChildDomain(account.getDomainId(), domainId)) {
throw new PermissionDeniedException("Unable to create vm group in domain " + domainId + ", permission denied.");
}
Account userAccount = _accountDao.findActiveAccount(accountName, domainId);
if (userAccount != null) {
accountId = userAccount.getId();
} else {
throw new InvalidParameterValueException("Failed to create vm group " + groupName + ", unable to find account " + accountName + " in domain " + domainId);
}
} else {
// the admin must be creating the vm group
accountId = account.getId();
}
} else {
accountId = account.getId();
}
}
if (accountId == null) {
throw new InvalidParameterValueException("Failed to create vm group " + groupName + ", unable to find account for which to create a group.");
}
Account owner = _accountMgr.finalizeOwner(caller, accountName, domainId);
long accountId = owner.getId();
// Check if name is already in use by this account
boolean isNameInUse = _vmGroupDao.isNameInUse(accountId, groupName);
@ -1903,7 +1827,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
}
@DB
private InstanceGroupVO createVmGroup(String groupName, long accountId) {
protected InstanceGroupVO createVmGroup(String groupName, long accountId) {
Account account = null;
final Transaction txn = Transaction.currentTxn();
txn.start();
@ -1929,7 +1853,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
@Override
public boolean deleteVmGroup(DeleteVMGroupCmd cmd) {
Account account = UserContext.current().getCaller();
Account caller = UserContext.current().getCaller();
Long groupId = cmd.getId();
// Verify input parameters
@ -1937,15 +1861,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
if ((group == null) || (group.getRemoved() != null)) {
throw new InvalidParameterValueException("unable to find a vm group with id " + groupId);
}
if (account != null) {
Account tempAccount = _accountDao.findById(group.getAccountId());
if (!isAdmin(account.getType()) && (account.getId() != group.getAccountId())) {
throw new PermissionDeniedException("unable to find a group with id " + groupId);
} else if (!_domainDao.isChildDomain(account.getDomainId(), tempAccount.getDomainId())) {
throw new PermissionDeniedException("Invalid group id (" + groupId + ") given, unable to update the group.");
}
}
_accountMgr.checkAccess(caller, null, group);
return deleteVmGroup(groupId);
}
@ -2031,7 +1948,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
return null;
}
} catch (Exception e) {
s_logger.warn("Error trying to get group for a vm: " + e);
s_logger.warn("Error trying to get group for a vm: ", e);
return null;
}
}
@ -2046,7 +1963,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
_groupVMMapDao.expunge(sc);
}
} catch (Exception e) {
s_logger.warn("Error trying to remove vm from group: " + e);
s_logger.warn("Error trying to remove vm from group: ", e);
}
}
@ -2837,7 +2754,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
@Override
@ActionEvent(eventType = EventTypes.EVENT_VM_STOP, eventDescription = "stopping Vm", async = true)
public UserVm stopVirtualMachine(long vmId, boolean forced) throws ConcurrentOperationException {
// Input validation
Account caller = UserContext.current().getCaller();
Long userId = UserContext.current().getCallerUserId();
@ -2852,7 +2768,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
throw new InvalidParameterValueException("unable to find a virtual machine with id " + vmId);
}
userId = accountAndUserValidation(vmId, caller, userId, vm);
_accountMgr.checkAccess(caller, null, vm);
UserVO user = _userDao.findById(userId);
try {
@ -2877,12 +2793,12 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
@Override
public UserVm startVirtualMachine(long vmId) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
// Input validation
Account account = UserContext.current().getCaller();
Account caller = UserContext.current().getCaller();
Long userId = UserContext.current().getCallerUserId();
// if account is removed, return error
if (account != null && account.getRemoved() != null) {
throw new PermissionDeniedException("The account " + account.getId() + " is removed");
if (caller != null && caller.getRemoved() != null) {
throw new PermissionDeniedException("The account " + caller.getId() + " is removed");
}
UserVmVO vm = _vmDao.findById(vmId);
@ -2890,7 +2806,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
throw new InvalidParameterValueException("unable to find a virtual machine with id " + vmId);
}
userId = accountAndUserValidation(vmId, account, userId, vm);
_accountMgr.checkAccess(caller, null, vm);
UserVO user = _userDao.findById(userId);
//check if vm is security group enabled
@ -2908,12 +2824,12 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
}
}
return _itMgr.start(vm, null, user, account);
return _itMgr.start(vm, null, user, caller);
}
@Override
public UserVm destroyVm(long vmId) throws ResourceUnavailableException, ConcurrentOperationException {
Account account = UserContext.current().getCaller();
Account caller = UserContext.current().getCaller();
Long userId = UserContext.current().getCallerUserId();
// Verify input parameters
@ -2927,14 +2843,14 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
return vm;
}
userId = accountAndUserValidation(vmId, account, userId, vm);
User caller = _userDao.findById(userId);
_accountMgr.checkAccess(caller, null, vm);
User userCaller = _userDao.findById(userId);
boolean status;
State vmState = vm.getState();
try {
status = _itMgr.destroy(vm, caller, account);
status = _itMgr.destroy(vm, userCaller, caller);
} catch (OperationTimedoutException e) {
throw new CloudRuntimeException("Unable to destroy " + vm, e);
}
@ -2966,8 +2882,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
String accountName = cmd.getAccountName();
Boolean isRecursive = cmd.isRecursive();
String hypervisor = cmd.getHypervisor();
Long accountId = null;
List<Long> permittedAccounts = new ArrayList<Long>();
String path = null;
Long projectId = cmd.getProjectId();
if (isRecursive != null && isRecursive && domainId == null) {
throw new InvalidParameterValueException("Please enter a parent domain id for listing vms recursively");
@ -2987,11 +2904,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
if (_accountMgr.isAdmin(caller.getType())) {
isAdmin = true;
if (accountName != null && domainId != null) {
caller = _accountDao.findActiveAccount(accountName, domainId);
if (caller == null) {
Account account = _accountDao.findActiveAccount(accountName, domainId);
if (account == null) {
throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId);
}
accountId = caller.getId();
permittedAccounts.add(caller.getId());
}
if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
@ -3005,7 +2922,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
if (domainId != null && domainId.longValue() != caller.getDomainId()) {
throw new PermissionDeniedException("Caller is not authorised to see domain id=" + domainId + " entries");
}
accountId = caller.getId();
permittedAccounts.add(caller.getId());
}
if (isRecursive != null && isRecursive && isAdmin) {
@ -3015,6 +2932,20 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
domainId = null;
}
}
//set project information
if (projectId != null) {
Project project = _projectMgr.getProject(projectId);
if (project == null) {
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
if (!_projectMgr.canAccessAccount(caller, project.getProjectAccountId())) {
throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId);
}
permittedAccounts.add(project.getProjectAccountId());
} else {
permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId()));
}
Criteria c = new Criteria("id", Boolean.TRUE, cmd.getStartIndex(), cmd.getPageSizeVal());
c.addCriteria(Criteria.KEYWORD, cmd.getKeyword());
@ -3047,8 +2978,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
c.addCriteria(Criteria.STORAGE_ID, cmd.getStorageId());
}
if (accountId != null) {
c.addCriteria(Criteria.ACCOUNTID, new Object[] { accountId });
if (!permittedAccounts.isEmpty()) {
c.addCriteria(Criteria.ACCOUNTID, permittedAccounts.toArray());
}
c.addCriteria(Criteria.ISADMIN, isAdmin);

4
server/src/com/cloud/vm/dao/UserVmDaoImpl.java
View File

@ -30,7 +30,6 @@ import javax.ejb.Local;
import org.apache.log4j.Logger;
import com.cloud.host.dao.HostDaoImpl;
import com.cloud.user.Account;
import com.cloud.utils.component.ComponentLocator;
import com.cloud.utils.db.Attribute;
@ -77,7 +76,7 @@ public class UserVmDaoImpl extends GenericDaoBase<UserVmVO, Long> implements Use
private static final int VM_DETAILS_BATCH_SIZE=100;
private static final String VM_DETAILS = "select vm_instance.id, " +
"account.account_name, account.type, domain.name, instance_group.id, instance_group.name," +
"account.id, account.account_name, account.type, domain.name, instance_group.id, instance_group.name," +
"data_center.id, data_center.name, data_center.is_security_group_enabled, host.id, host.name, " +
"vm_template.id, vm_template.name, vm_template.display_text, iso.id, iso.name, " +
"vm_template.enable_password, service_offering.id, disk_offering.name, storage_pool.id, storage_pool.pool_type, " +
@ -419,6 +418,7 @@ public class UserVmDaoImpl extends GenericDaoBase<UserVmVO, Long> implements Use
if (!userVmData.isInitialized()){
//account.account_name, account.type, domain.name, instance_group.id, instance_group.name,"
userVmData.setAccountId(rs.getLong("account.id"));
userVmData.setAccountName(rs.getString("account.account_name"));
userVmData.setDomainName(rs.getString("domain.name"));

16
server/src/com/cloud/vm/dao/UserVmData.java
View File

@ -17,18 +17,12 @@
*/
package com.cloud.vm.dao;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import com.cloud.api.ApiConstants;
import com.cloud.api.response.IngressRuleResponse;
import com.cloud.api.response.NicResponse;
import com.cloud.api.response.SecurityGroupResponse;
import com.cloud.serializer.Param;
import com.google.gson.annotations.SerializedName;
public class UserVmData {
private Long id;
@ -72,6 +66,7 @@ public class UserVmData {
private Integer jobStatus;
private Set<NicData> nics;
private String hypervisor;
private long accountId;
private boolean initialized;
@ -673,6 +668,13 @@ public class UserVmData {
public String toString(){
return "id=" + id + ", name=" + name;
}
public long getAccountId() {
return accountId;
}
public void setAccountId(long accountId) {
this.accountId = accountId;
}
}