From 214bbf3ebd957f571901869f319da61ebad7ed23 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Wed, 17 Oct 2012 16:00:43 -0700 Subject: [PATCH] CLOUDSTACK-279: fixed deleteProject when executed by the regular user. Always pass System account as a caller when do account cleanup Conflicts: api/src/com/cloud/api/commands/DeleteRemoteAccessVpnCmd.java server/src/com/cloud/network/element/CiscoNexusVSMElement.java server/src/com/cloud/network/element/ElasticLoadBalancerElement.java server/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java server/src/com/cloud/network/element/NetscalerElement.java server/src/com/cloud/network/element/OvsElement.java server/src/com/cloud/network/element/VpcJuniperSRXExternalFirewallElement.java server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java server/src/com/cloud/network/vpc/VpcManagerImpl.java server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java server/src/com/cloud/storage/StorageManager.java --- .../commands/DeleteRemoteAccessVpnCmd.java | 5 +++-- .../cloud/api/commands/DeleteVolumeCmd.java | 2 +- .../cloud/api/commands/DestroyRouterCmd.java | 6 ++++-- .../cloud/api/commands/RemoveVpnUserCmd.java | 2 +- .../VirtualNetworkApplianceService.java | 3 ++- .../cloud/network/element/NetworkElement.java | 3 ++- .../cloud/network/element/VpcProvider.java | 3 ++- .../network/vpn/RemoteAccessVpnService.java | 5 +++-- api/src/com/cloud/storage/StorageService.java | 4 +++- .../element/ElasticLoadBalancerElement.java | 2 +- .../network/element/NiciraNvpElement.java | 2 +- .../com/cloud/network/element/OvsElement.java | 2 +- .../com/cloud/network/NetworkManagerImpl.java | 4 ++-- .../network/element/BareMetalElement.java | 2 +- .../element/CloudZonesNetworkElement.java | 2 +- .../network/element/ExternalDhcpElement.java | 2 +- .../network/element/SecurityGroupElement.java | 2 +- .../network/element/VirtualRouterElement.java | 8 ++++---- .../element/VpcVirtualRouterElement.java | 6 +++--- .../VirtualNetworkApplianceManagerImpl.java | 15 ++++++++------ .../src/com/cloud/network/vpc/VpcManager.java | 4 +++- .../com/cloud/network/vpc/VpcManagerImpl.java | 20 +++++++++---------- .../vpn/RemoteAccessVpnManagerImpl.java | 8 ++------ .../cloud/projects/ProjectManagerImpl.java | 4 +++- .../src/com/cloud/storage/StorageManager.java | 6 ++++-- .../com/cloud/storage/StorageManagerImpl.java | 7 +------ .../com/cloud/user/AccountManagerImpl.java | 10 +++++----- .../com/cloud/vpc/MockVpcManagerImpl.java | 2 +- server/test/com/cloud/vpc/VpcApiUnitTest.java | 2 +- .../vpc/dao/MockVpcVirtualRouterElement.java | 3 ++- 30 files changed, 78 insertions(+), 68 deletions(-) diff --git a/api/src/com/cloud/api/commands/DeleteRemoteAccessVpnCmd.java b/api/src/com/cloud/api/commands/DeleteRemoteAccessVpnCmd.java index c924fd9fe13..899142b357f 100644 --- a/api/src/com/cloud/api/commands/DeleteRemoteAccessVpnCmd.java +++ b/api/src/com/cloud/api/commands/DeleteRemoteAccessVpnCmd.java @@ -28,7 +28,8 @@ import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.RemoteAccessVpn; - +import com.cloud.user.UserContext; + @Implementation(description="Destroys a l2tp/ipsec remote access vpn", responseObject=SuccessResponse.class) public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(DeleteRemoteAccessVpnCmd.class.getName()); @@ -83,7 +84,7 @@ public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd { @Override public void execute() throws ResourceUnavailableException { - _ravService.destroyRemoteAccessVpn(publicIpId); + _ravService.destroyRemoteAccessVpn(publicIpId, UserContext.current().getCaller()); } @Override diff --git a/api/src/com/cloud/api/commands/DeleteVolumeCmd.java b/api/src/com/cloud/api/commands/DeleteVolumeCmd.java index a998311321a..6364e0bdf55 100644 --- a/api/src/com/cloud/api/commands/DeleteVolumeCmd.java +++ b/api/src/com/cloud/api/commands/DeleteVolumeCmd.java @@ -79,7 +79,7 @@ public class DeleteVolumeCmd extends BaseCmd { @Override public void execute() throws ConcurrentOperationException { UserContext.current().setEventDetails("Volume Id: "+getId()); - boolean result = _storageService.deleteVolume(id); + boolean result = _storageService.deleteVolume(id, UserContext.current().getCaller()); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); this.setResponseObject(response); diff --git a/api/src/com/cloud/api/commands/DestroyRouterCmd.java b/api/src/com/cloud/api/commands/DestroyRouterCmd.java index 2026e8727c3..f5286d6a6ad 100644 --- a/api/src/com/cloud/api/commands/DestroyRouterCmd.java +++ b/api/src/com/cloud/api/commands/DestroyRouterCmd.java @@ -96,8 +96,10 @@ public class DestroyRouterCmd extends BaseAsyncCmd { @Override public void execute() throws ConcurrentOperationException, ResourceUnavailableException { - UserContext.current().setEventDetails("Router Id: "+getId()); - VirtualRouter result = _routerService.destroyRouter(getId()); + UserContext ctx = UserContext.current(); + ctx.setEventDetails("Router Id: "+getId()); + + VirtualRouter result = _routerService.destroyRouter(getId(), ctx.getCaller(), ctx.getCallerUserId()); if (result != null) { DomainRouterResponse response = _responseGenerator.createDomainRouterResponse(result); response.setResponseName(getCommandName()); diff --git a/api/src/com/cloud/api/commands/RemoveVpnUserCmd.java b/api/src/com/cloud/api/commands/RemoveVpnUserCmd.java index 28fe3670c24..151b3512273 100644 --- a/api/src/com/cloud/api/commands/RemoveVpnUserCmd.java +++ b/api/src/com/cloud/api/commands/RemoveVpnUserCmd.java @@ -108,7 +108,7 @@ public class RemoveVpnUserCmd extends BaseAsyncCmd { @Override public void execute(){ Account owner = _accountService.getAccount(getEntityOwnerId()); - boolean result = _ravService.removeVpnUser(owner.getId(), userName); + boolean result = _ravService.removeVpnUser(owner.getId(), userName, UserContext.current().getCaller()); if (!result) { throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to remove vpn user"); } diff --git a/api/src/com/cloud/network/VirtualNetworkApplianceService.java b/api/src/com/cloud/network/VirtualNetworkApplianceService.java index d0fb527037b..300c9932829 100644 --- a/api/src/com/cloud/network/VirtualNetworkApplianceService.java +++ b/api/src/com/cloud/network/VirtualNetworkApplianceService.java @@ -21,6 +21,7 @@ import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.router.VirtualRouter; +import com.cloud.user.Account; public interface VirtualNetworkApplianceService { /** @@ -60,6 +61,6 @@ public interface VirtualNetworkApplianceService { VirtualRouter startRouter(long id) throws ResourceUnavailableException, InsufficientCapacityException, ConcurrentOperationException; - VirtualRouter destroyRouter(long routerId) throws ResourceUnavailableException, ConcurrentOperationException; + VirtualRouter destroyRouter(long routerId, Account caller, Long callerUserId) throws ResourceUnavailableException, ConcurrentOperationException; } diff --git a/api/src/com/cloud/network/element/NetworkElement.java b/api/src/com/cloud/network/element/NetworkElement.java index ec8e7bce2e8..10ea5095b58 100644 --- a/api/src/com/cloud/network/element/NetworkElement.java +++ b/api/src/com/cloud/network/element/NetworkElement.java @@ -104,10 +104,11 @@ public interface NetworkElement extends Adapter { /** * The network is being destroyed. * @param network + * @param context TODO * @return * @throws ConcurrentOperationException */ - boolean destroy(Network network) throws ConcurrentOperationException, ResourceUnavailableException; + boolean destroy(Network network, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException; /** * Check if the instances of this Element are configured to be used on the physical network referred by this provider. diff --git a/api/src/com/cloud/network/element/VpcProvider.java b/api/src/com/cloud/network/element/VpcProvider.java index e4593e9dbdd..aa5d2245a44 100644 --- a/api/src/com/cloud/network/element/VpcProvider.java +++ b/api/src/com/cloud/network/element/VpcProvider.java @@ -41,11 +41,12 @@ public interface VpcProvider extends NetworkElement{ /** * @param vpc + * @param context TODO * @return * @throws ConcurrentOperationException * @throws ResourceUnavailableException */ - boolean shutdownVpc(Vpc vpc) throws ConcurrentOperationException, ResourceUnavailableException; + boolean shutdownVpc(Vpc vpc, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException; boolean createPrivateGateway(PrivateGateway gateway) throws ConcurrentOperationException, ResourceUnavailableException; diff --git a/api/src/com/cloud/network/vpn/RemoteAccessVpnService.java b/api/src/com/cloud/network/vpn/RemoteAccessVpnService.java index 2f956374bfd..4d820a7a258 100644 --- a/api/src/com/cloud/network/vpn/RemoteAccessVpnService.java +++ b/api/src/com/cloud/network/vpn/RemoteAccessVpnService.java @@ -24,17 +24,18 @@ import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.RemoteAccessVpn; import com.cloud.network.VpnUser; +import com.cloud.user.Account; import com.cloud.utils.Pair; public interface RemoteAccessVpnService { RemoteAccessVpn createRemoteAccessVpn(long vpnServerAddressId, String ipRange, boolean openFirewall, long networkId) throws NetworkRuleConflictException; - void destroyRemoteAccessVpn(long vpnServerAddressId) throws ResourceUnavailableException; + void destroyRemoteAccessVpn(long vpnServerAddressId, Account caller) throws ResourceUnavailableException; RemoteAccessVpn startRemoteAccessVpn(long vpnServerAddressId, boolean openFirewall) throws ResourceUnavailableException; VpnUser addVpnUser(long vpnOwnerId, String userName, String password); - boolean removeVpnUser(long vpnOwnerId, String userName); + boolean removeVpnUser(long vpnOwnerId, String userName, Account caller); List listVpnUsers(long vpnOwnerId, String userName); boolean applyVpnUsers(long vpnOwnerId, String userName); diff --git a/api/src/com/cloud/storage/StorageService.java b/api/src/com/cloud/storage/StorageService.java index 1649e159deb..587c138465a 100644 --- a/api/src/com/cloud/storage/StorageService.java +++ b/api/src/com/cloud/storage/StorageService.java @@ -32,6 +32,7 @@ import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.ResourceInUseException; import com.cloud.exception.ResourceUnavailableException; +import com.cloud.user.Account; import com.cloud.utils.Pair; public interface StorageService{ @@ -72,7 +73,6 @@ public interface StorageService{ */ Volume createVolume(CreateVolumeCmd cmd); - boolean deleteVolume(long volumeId) throws ConcurrentOperationException; /** * Delete the storage pool @@ -126,4 +126,6 @@ public interface StorageService{ */ Volume uploadVolume(UploadVolumeCmd cmd) throws ResourceAllocationException; + boolean deleteVolume(long volumeId, Account caller) throws ConcurrentOperationException; + } diff --git a/plugins/network-elements/elastic-loadbalancer/src/com/cloud/network/element/ElasticLoadBalancerElement.java b/plugins/network-elements/elastic-loadbalancer/src/com/cloud/network/element/ElasticLoadBalancerElement.java index 8490534f613..34cbe086452 100644 --- a/plugins/network-elements/elastic-loadbalancer/src/com/cloud/network/element/ElasticLoadBalancerElement.java +++ b/plugins/network-elements/elastic-loadbalancer/src/com/cloud/network/element/ElasticLoadBalancerElement.java @@ -125,7 +125,7 @@ public class ElasticLoadBalancerElement extends AdapterBase implements LoadBalan } @Override - public boolean destroy(Network network) throws ConcurrentOperationException, ResourceUnavailableException { + public boolean destroy(Network network, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { // TODO kill all loadbalancer vms by calling the ElasticLoadBalancerManager return false; } diff --git a/plugins/network-elements/nicira-nvp/src/com/cloud/network/element/NiciraNvpElement.java b/plugins/network-elements/nicira-nvp/src/com/cloud/network/element/NiciraNvpElement.java index b3e87fd7004..b1e9af2fd52 100644 --- a/plugins/network-elements/nicira-nvp/src/com/cloud/network/element/NiciraNvpElement.java +++ b/plugins/network-elements/nicira-nvp/src/com/cloud/network/element/NiciraNvpElement.java @@ -475,7 +475,7 @@ public class NiciraNvpElement extends AdapterBase implements } @Override - public boolean destroy(Network network) + public boolean destroy(Network network, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { if (!canHandle(network, Service.Connectivity)) { return false; diff --git a/plugins/network-elements/ovs/src/com/cloud/network/element/OvsElement.java b/plugins/network-elements/ovs/src/com/cloud/network/element/OvsElement.java index bf785e6710c..b7a978e72d6 100644 --- a/plugins/network-elements/ovs/src/com/cloud/network/element/OvsElement.java +++ b/plugins/network-elements/ovs/src/com/cloud/network/element/OvsElement.java @@ -47,7 +47,7 @@ public class OvsElement extends AdapterBase implements NetworkElement { OvsTunnelManager _ovsTunnelMgr; @Override - public boolean destroy(Network network) + public boolean destroy(Network network, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { return true; } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 2eff1891bda..8c91495a8d5 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -3551,7 +3551,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag s_logger.debug("Sending destroy to " + element); } - if (!element.destroy(network)) { + if (!element.destroy(network, context)) { success = false; s_logger.warn("Unable to complete destroy of the network: failed to destroy network element " + element.getName()); } @@ -4384,7 +4384,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag // the code would be triggered s_logger.debug("Cleaning up remote access vpns as a part of public IP id=" + ipId + " release..."); try { - _vpnMgr.destroyRemoteAccessVpn(ipId); + _vpnMgr.destroyRemoteAccessVpn(ipId, caller); } catch (ResourceUnavailableException e) { s_logger.warn("Unable to destroy remote access vpn for ip id=" + ipId + " as a part of ip release", e); success = false; diff --git a/server/src/com/cloud/network/element/BareMetalElement.java b/server/src/com/cloud/network/element/BareMetalElement.java index 842af833b6b..6900e890f58 100644 --- a/server/src/com/cloud/network/element/BareMetalElement.java +++ b/server/src/com/cloud/network/element/BareMetalElement.java @@ -103,7 +103,7 @@ public class BareMetalElement extends AdapterBase implements NetworkElement { } @Override - public boolean destroy(Network network) throws ConcurrentOperationException, ResourceUnavailableException { + public boolean destroy(Network network, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { return true; } diff --git a/server/src/com/cloud/network/element/CloudZonesNetworkElement.java b/server/src/com/cloud/network/element/CloudZonesNetworkElement.java index ca88a72be7f..bb9ae8101fb 100644 --- a/server/src/com/cloud/network/element/CloudZonesNetworkElement.java +++ b/server/src/com/cloud/network/element/CloudZonesNetworkElement.java @@ -129,7 +129,7 @@ public class CloudZonesNetworkElement extends AdapterBase implements NetworkElem } @Override - public boolean destroy(Network config) throws ConcurrentOperationException, ResourceUnavailableException { + public boolean destroy(Network config, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { return false; // assume that the agent will remove userdata etc } diff --git a/server/src/com/cloud/network/element/ExternalDhcpElement.java b/server/src/com/cloud/network/element/ExternalDhcpElement.java index 896cd85cd01..c5ad914e3ca 100755 --- a/server/src/com/cloud/network/element/ExternalDhcpElement.java +++ b/server/src/com/cloud/network/element/ExternalDhcpElement.java @@ -114,7 +114,7 @@ public class ExternalDhcpElement extends AdapterBase implements NetworkElement, } @Override - public boolean destroy(Network network) throws ConcurrentOperationException, ResourceUnavailableException { + public boolean destroy(Network network, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { return true; } diff --git a/server/src/com/cloud/network/element/SecurityGroupElement.java b/server/src/com/cloud/network/element/SecurityGroupElement.java index 26b33c949e6..517aed90dc9 100644 --- a/server/src/com/cloud/network/element/SecurityGroupElement.java +++ b/server/src/com/cloud/network/element/SecurityGroupElement.java @@ -86,7 +86,7 @@ public class SecurityGroupElement extends AdapterBase implements NetworkElement } @Override - public boolean destroy(Network network) throws ConcurrentOperationException, ResourceUnavailableException { + public boolean destroy(Network network, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { return true; } diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java index f3941b60996..07b182309db 100755 --- a/server/src/com/cloud/network/element/VirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VirtualRouterElement.java @@ -621,7 +621,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl if (!result) { s_logger.warn("Failed to stop virtual router element " + router + ", but would try to process clean up anyway."); } - result = (_routerMgr.destroyRouter(router.getId()) != null); + result = (_routerMgr.destroyRouter(router.getId(), context.getAccount(), context.getCaller().getId()) != null); if (!result) { s_logger.warn("Failed to clean up virtual router element " + router); } @@ -631,14 +631,14 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl } @Override - public boolean destroy(Network config) throws ConcurrentOperationException, ResourceUnavailableException { + public boolean destroy(Network config, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { List routers = _routerDao.listByNetworkAndRole(config.getId(), Role.VIRTUAL_ROUTER); if (routers == null || routers.isEmpty()) { return true; } boolean result = true; for (DomainRouterVO router : routers) { - result = result && (_routerMgr.destroyRouter(router.getId()) != null); + result = result && (_routerMgr.destroyRouter(router.getId(), context.getAccount(), context.getCaller().getId()) != null); } return result; } @@ -736,7 +736,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl List routers = _routerDao.listByElementId(elementId); boolean result = true; for (DomainRouterVO router : routers) { - result = result && (_routerMgr.destroyRouter(router.getId()) != null); + result = result && (_routerMgr.destroyRouter(router.getId(), context.getAccount(), context.getCaller().getId()) != null); } _vrProviderDao.remove(elementId); diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java index 77ae4d4d357..2a2d05a76ec 100644 --- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java @@ -121,14 +121,14 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc } @Override - public boolean shutdownVpc(Vpc vpc) throws ConcurrentOperationException, ResourceUnavailableException { + public boolean shutdownVpc(Vpc vpc, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { List routers = _routerDao.listByVpcId(vpc.getId()); if (routers == null || routers.isEmpty()) { return true; } boolean result = true; for (DomainRouterVO router : routers) { - result = result && (_routerMgr.destroyRouter(router.getId()) != null); + result = result && (_routerMgr.destroyRouter(router.getId(), context.getAccount(), context.getCaller().getId()) != null); } return result; } @@ -251,7 +251,7 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc } @Override - public boolean destroy(Network config) throws ConcurrentOperationException, ResourceUnavailableException { + public boolean destroy(Network config, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { boolean success = true; Long vpcId = config.getVpcId(); if (vpcId == null) { diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index dcb630e2895..928ce0e0863 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -17,6 +17,7 @@ package com.cloud.network.router; +import java.net.URI; import java.util.ArrayList; import java.util.Calendar; import java.util.Collections; @@ -66,6 +67,7 @@ import com.cloud.agent.api.routing.NetworkElementCommand; import com.cloud.agent.api.routing.RemoteAccessVpnCfgCommand; import com.cloud.agent.api.routing.SavePasswordCommand; import com.cloud.agent.api.routing.SetFirewallRulesCommand; +import com.cloud.agent.api.routing.SetNetworkACLCommand; import com.cloud.agent.api.routing.SetPortForwardingRulesCommand; import com.cloud.agent.api.routing.SetPortForwardingRulesVpcCommand; import com.cloud.agent.api.routing.SetStaticNatRulesCommand; @@ -74,6 +76,7 @@ import com.cloud.agent.api.routing.VpnUsersCfgCommand; import com.cloud.agent.api.to.FirewallRuleTO; import com.cloud.agent.api.to.IpAddressTO; import com.cloud.agent.api.to.LoadBalancerTO; +import com.cloud.agent.api.to.NetworkACLTO; import com.cloud.agent.api.to.NicTO; import com.cloud.agent.api.to.PortForwardingRuleTO; import com.cloud.agent.api.to.StaticNatRuleTO; @@ -363,11 +366,11 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian return false; } } + + @Override - public VirtualRouter destroyRouter(final long routerId) throws ResourceUnavailableException, ConcurrentOperationException { - UserContext context = UserContext.current(); - User user = _accountMgr.getActiveUser(context.getCallerUserId()); + public VirtualRouter destroyRouter(final long routerId, Account caller, Long callerUserId) throws ResourceUnavailableException, ConcurrentOperationException { if (s_logger.isDebugEnabled()) { s_logger.debug("Attempting to destroy router " + routerId); @@ -378,9 +381,9 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian return null; } - _accountMgr.checkAccess(context.getCaller(), null, true, router); + _accountMgr.checkAccess(caller, null, true, router); - boolean result = _itMgr.expunge(router, user, _accountMgr.getAccount(router.getAccountId())); + boolean result = _itMgr.expunge(router, _accountMgr.getActiveUser(callerUserId), _accountMgr.getAccount(router.getAccountId())); if (result) { return router; @@ -1465,7 +1468,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian s_logger.debug("Failed to start the VR " + router + " with hypervisor type " + hType + ", " + "destroying it and recreating one more time"); // destroy the router - destroyRouter(router.getId()); + destroyRouter(router.getId(), _accountMgr.getAccount(Account.ACCOUNT_ID_SYSTEM), User.UID_SYSTEM); continue; } else { throw ex; diff --git a/server/src/com/cloud/network/vpc/VpcManager.java b/server/src/com/cloud/network/vpc/VpcManager.java index 14fdbe933af..9d7aaa8152b 100644 --- a/server/src/com/cloud/network/vpc/VpcManager.java +++ b/server/src/com/cloud/network/vpc/VpcManager.java @@ -55,11 +55,13 @@ public interface VpcManager extends VpcService{ /** * @param vpc + * @param caller TODO + * @param callerUserId TODO * @return * @throws ConcurrentOperationException * @throws ResourceUnavailableException */ - boolean destroyVpc(Vpc vpc) throws ConcurrentOperationException, ResourceUnavailableException; + boolean destroyVpc(Vpc vpc, Account caller, Long callerUserId) throws ConcurrentOperationException, ResourceUnavailableException; /** * @param vpcId diff --git a/server/src/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/com/cloud/network/vpc/VpcManagerImpl.java index 987bd45ed54..dbaecbbc3cb 100644 --- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java +++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java @@ -615,7 +615,7 @@ public class VpcManagerImpl implements VpcManager, Manager{ @ActionEvent(eventType = EventTypes.EVENT_VPC_DELETE, eventDescription = "deleting VPC") public boolean deleteVpc(long vpcId) throws ConcurrentOperationException, ResourceUnavailableException { UserContext.current().setEventDetails(" Id: " + vpcId); - Account caller = UserContext.current().getCaller(); + UserContext ctx = UserContext.current(); // Verify vpc id Vpc vpc = getVpc(vpcId); @@ -624,15 +624,14 @@ public class VpcManagerImpl implements VpcManager, Manager{ } //verify permissions - _accountMgr.checkAccess(caller, null, false, vpc); - - return destroyVpc(vpc); + _accountMgr.checkAccess(ctx.getCaller(), null, false, vpc); + + return destroyVpc(vpc, ctx.getCaller(), ctx.getCallerUserId()); } @Override @DB - public boolean destroyVpc(Vpc vpc) throws ConcurrentOperationException, ResourceUnavailableException { - UserContext ctx = UserContext.current(); + public boolean destroyVpc(Vpc vpc, Account caller, Long callerUserId) throws ConcurrentOperationException, ResourceUnavailableException { s_logger.debug("Destroying vpc " + vpc); //don't allow to delete vpc if it's in use by existing networks @@ -663,7 +662,7 @@ public class VpcManagerImpl implements VpcManager, Manager{ } //cleanup vpc resources - if (!cleanupVpcResources(vpc.getId(), ctx.getCaller(), ctx.getCallerUserId())) { + if (!cleanupVpcResources(vpc.getId(), caller, callerUserId)) { s_logger.warn("Failed to cleanup resources for vpc " + vpc); return false; } @@ -892,7 +891,7 @@ public class VpcManagerImpl implements VpcManager, Manager{ //do cleanup if (!result && destroyOnFailure) { s_logger.debug("Destroying vpc " + vpc + " that failed to start"); - if (destroyVpc(vpc)) { + if (destroyVpc(vpc, caller, callerUser.getId())) { s_logger.warn("Successfully destroyed vpc " + vpc + " that failed to start"); } else { s_logger.warn("Failed to destroy vpc " + vpc + " that failed to start"); @@ -930,7 +929,8 @@ public class VpcManagerImpl implements VpcManager, Manager{ //shutdown provider s_logger.debug("Shutting down vpc " + vpc); - boolean success = getVpcElement().shutdownVpc(vpc); + ReservationContext context = new ReservationContextImpl(null, null, _accountMgr.getActiveUser(ctx.getCallerUserId()), caller); + boolean success = getVpcElement().shutdownVpc(vpc, context); //TODO - shutdown all vpc resources here (ACLs, gateways, etc) if (success) { @@ -1737,7 +1737,7 @@ public class VpcManagerImpl implements VpcManager, Manager{ s_logger.info("Found " + inactiveVpcs.size() + " removed VPCs to cleanup"); for (VpcVO vpc : inactiveVpcs) { s_logger.debug("Cleaning up " + vpc); - destroyVpc(vpc); + destroyVpc(vpc, _accountMgr.getAccount(Account.ACCOUNT_ID_SYSTEM), User.UID_SYSTEM); } } catch (Exception e) { s_logger.error("Exception ", e); diff --git a/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java index 0556e8e40aa..a1345910bce 100755 --- a/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java +++ b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java @@ -212,9 +212,7 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag } @Override @DB - public void destroyRemoteAccessVpn(long ipId) throws ResourceUnavailableException { - Account caller = UserContext.current().getCaller(); - + public void destroyRemoteAccessVpn(long ipId, Account caller) throws ResourceUnavailableException { RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findById(ipId); if (vpn == null) { s_logger.debug("vpn id=" + ipId + " does not exists "); @@ -337,9 +335,7 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag } @DB @Override - public boolean removeVpnUser(long vpnOwnerId, String username) { - Account caller = UserContext.current().getCaller(); - + public boolean removeVpnUser(long vpnOwnerId, String username, Account caller) { VpnUserVO user = _vpnUsersDao.findByAccountAndUsername(vpnOwnerId, username); if (user == null) { throw new InvalidParameterValueException("Could not find vpn user " + username); diff --git a/server/src/com/cloud/projects/ProjectManagerImpl.java b/server/src/com/cloud/projects/ProjectManagerImpl.java index 8cbd31370ac..4fa520c88d7 100755 --- a/server/src/com/cloud/projects/ProjectManagerImpl.java +++ b/server/src/com/cloud/projects/ProjectManagerImpl.java @@ -68,6 +68,7 @@ import com.cloud.user.AccountManager; import com.cloud.user.AccountVO; import com.cloud.user.DomainManager; import com.cloud.user.ResourceLimitService; +import com.cloud.user.User; import com.cloud.user.UserContext; import com.cloud.user.dao.AccountDao; import com.cloud.utils.DateUtil; @@ -284,7 +285,8 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ txn.commit(); if (updateResult) { - if (!cleanupProject(project, _accountDao.findById(caller.getId()), callerUserId)) { + //pass system caller when clenaup projects account + if (!cleanupProject(project, _accountDao.findById(Account.ACCOUNT_ID_SYSTEM), User.UID_SYSTEM)) { s_logger.warn("Failed to cleanup project's id=" + project.getId() + " resources, not removing the project yet"); return false; } else { diff --git a/server/src/com/cloud/storage/StorageManager.java b/server/src/com/cloud/storage/StorageManager.java index d535af4bd7e..ce00cbf4e81 100755 --- a/server/src/com/cloud/storage/StorageManager.java +++ b/server/src/com/cloud/storage/StorageManager.java @@ -236,5 +236,7 @@ public interface StorageManager extends StorageService, Manager { HypervisorType getHypervisorTypeFromFormat(ImageFormat format); - boolean storagePoolHasEnoughSpace(List volume, StoragePool pool); -} + boolean storagePoolHasEnoughSpace(List volume, StoragePool pool); + + boolean deleteVolume(long volumeId, Account caller) throws ConcurrentOperationException; +} diff --git a/server/src/com/cloud/storage/StorageManagerImpl.java b/server/src/com/cloud/storage/StorageManagerImpl.java index 7ec50f9ff27..f5d0796530b 100755 --- a/server/src/com/cloud/storage/StorageManagerImpl.java +++ b/server/src/com/cloud/storage/StorageManagerImpl.java @@ -2864,15 +2864,10 @@ public class StorageManagerImpl implements StorageManager, Manager, ClusterManag } } - private boolean isAdmin(short accountType) { - return ((accountType == Account.ACCOUNT_TYPE_ADMIN) || (accountType == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) || (accountType == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN)); - } - @Override @DB @ActionEvent(eventType = EventTypes.EVENT_VOLUME_DELETE, eventDescription = "deleting volume") - public boolean deleteVolume(long volumeId) throws ConcurrentOperationException { - Account caller = UserContext.current().getCaller(); + public boolean deleteVolume(long volumeId, Account caller) throws ConcurrentOperationException { // Check that the volume ID is valid VolumeVO volume = _volsDao.findById(volumeId); diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 62d21bed5d3..f1e606e76a1 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -572,7 +572,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag for (VolumeVO volume : volumes) { if (!volume.getState().equals(Volume.State.Destroy)) { try { - _storageMgr.deleteVolume(volume.getId()); + _storageMgr.deleteVolume(volume.getId(), caller); } catch (Exception ex) { s_logger.warn("Failed to cleanup volumes as a part of account id=" + accountId + " cleanup due to Exception: ", ex); accountCleanupNeeded = true; @@ -585,12 +585,12 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag List vpnUsers = _vpnUser.listByAccount(accountId); for (VpnUserVO vpnUser : vpnUsers) { - _remoteAccessVpnMgr.removeVpnUser(accountId, vpnUser.getUsername()); + _remoteAccessVpnMgr.removeVpnUser(accountId, vpnUser.getUsername(), caller); } try { for (RemoteAccessVpnVO vpn : remoteAccessVpns) { - _remoteAccessVpnMgr.destroyRemoteAccessVpn(vpn.getServerAddressId()); + _remoteAccessVpnMgr.destroyRemoteAccessVpn(vpn.getServerAddressId(), caller); } } catch (ResourceUnavailableException ex) { s_logger.warn("Failed to cleanup remote access vpn resources as a part of account id=" + accountId + " cleanup due to Exception: ", ex); @@ -608,7 +608,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag if (networks != null) { for (NetworkVO network : networks) { - ReservationContext context = new ReservationContextImpl(null, null, getActiveUser(callerUserId), account); + ReservationContext context = new ReservationContextImpl(null, null, getActiveUser(callerUserId), caller); if (!_networkMgr.destroyNetwork(network.getId(), context)) { s_logger.warn("Unable to destroy network " + network + " as a part of account id=" + accountId + " cleanup."); @@ -626,7 +626,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag List vpcs = _vpcMgr.getVpcsForAccount(account.getId()); for (Vpc vpc : vpcs) { - if (!_vpcMgr.destroyVpc(vpc)) { + if (!_vpcMgr.destroyVpc(vpc, caller, callerUserId)) { s_logger.warn("Unable to destroy VPC " + vpc + " as a part of account id=" + accountId + " cleanup."); accountCleanupNeeded = true; vpcsDeleted = false; diff --git a/server/test/com/cloud/vpc/MockVpcManagerImpl.java b/server/test/com/cloud/vpc/MockVpcManagerImpl.java index 22693397e57..1f41395b16a 100644 --- a/server/test/com/cloud/vpc/MockVpcManagerImpl.java +++ b/server/test/com/cloud/vpc/MockVpcManagerImpl.java @@ -344,7 +344,7 @@ public class MockVpcManagerImpl implements VpcManager, Manager{ * @see com.cloud.network.vpc.VpcManager#destroyVpc(com.cloud.network.vpc.Vpc) */ @Override - public boolean destroyVpc(Vpc vpc) throws ConcurrentOperationException, ResourceUnavailableException { + public boolean destroyVpc(Vpc vpc, Account caller, Long callerUserId) throws ConcurrentOperationException, ResourceUnavailableException { // TODO Auto-generated method stub return false; } diff --git a/server/test/com/cloud/vpc/VpcApiUnitTest.java b/server/test/com/cloud/vpc/VpcApiUnitTest.java index ad323d29e5b..5cc325ffac0 100644 --- a/server/test/com/cloud/vpc/VpcApiUnitTest.java +++ b/server/test/com/cloud/vpc/VpcApiUnitTest.java @@ -193,7 +193,7 @@ public class VpcApiUnitTest extends TestCase{ protected void destroyVpc() { try { - _vpcService.destroyVpc(_vpcService.getVpc(1)); + _vpcService.destroyVpc(_vpcService.getVpc(1), new AccountVO(), 1L); } catch (Exception ex) { s_logger.error("Destroy VPC TEST FAILED due to exc ", ex); } diff --git a/server/test/com/cloud/vpc/dao/MockVpcVirtualRouterElement.java b/server/test/com/cloud/vpc/dao/MockVpcVirtualRouterElement.java index 5d759b8aa3a..8b9d362276d 100644 --- a/server/test/com/cloud/vpc/dao/MockVpcVirtualRouterElement.java +++ b/server/test/com/cloud/vpc/dao/MockVpcVirtualRouterElement.java @@ -20,10 +20,11 @@ import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.element.VpcVirtualRouterElement; import com.cloud.network.vpc.Vpc; +import com.cloud.vm.ReservationContext; public class MockVpcVirtualRouterElement extends VpcVirtualRouterElement{ @Override - public boolean shutdownVpc(Vpc vpc) throws ConcurrentOperationException, ResourceUnavailableException { + public boolean shutdownVpc(Vpc vpc, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { return true; }