diff --git a/api/src/com/cloud/exception/RequestLimitException.java b/api/src/com/cloud/exception/RequestLimitException.java new file mode 100644 index 00000000000..0142f8e8726 --- /dev/null +++ b/api/src/com/cloud/exception/RequestLimitException.java @@ -0,0 +1,43 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.exception; + +import com.cloud.utils.SerialVersionUID; +import com.cloud.utils.exception.CloudRuntimeException; + +/** + * Exception thrown if number of requests is over api rate limit set. + * @author minc + * + */ +public class RequestLimitException extends CloudRuntimeException { + + private static final long serialVersionUID = SerialVersionUID.AccountLimitException; + + protected RequestLimitException() { + super(); + } + + public RequestLimitException(String msg) { + super(msg); + } + + public RequestLimitException(String msg, Throwable cause) { + super(msg, cause); + } + +} diff --git a/api/src/com/cloud/network/NetworkService.java b/api/src/com/cloud/network/NetworkService.java index d5841a4692e..39a746e6776 100755 --- a/api/src/com/cloud/network/NetworkService.java +++ b/api/src/com/cloud/network/NetworkService.java @@ -60,6 +60,8 @@ public interface NetworkService { Network getNetwork(long networkId); + Network getNetwork(String networkUuid); + IpAddress getIp(long id); NetworkProfile convertNetworkToNetworkProfile(long networkId); diff --git a/api/src/com/cloud/user/DomainService.java b/api/src/com/cloud/user/DomainService.java index 6fbe1b9a8db..cd20060b710 100644 --- a/api/src/com/cloud/user/DomainService.java +++ b/api/src/com/cloud/user/DomainService.java @@ -30,6 +30,8 @@ public interface DomainService { Domain getDomain(long id); + Domain getDomain(String uuid); + /** * Return whether a domain is a child domain of a given domain. * diff --git a/api/src/org/apache/cloudstack/acl/APIChecker.java b/api/src/org/apache/cloudstack/acl/APIChecker.java index 61dd7de75cb..2e2b73ba782 100644 --- a/api/src/org/apache/cloudstack/acl/APIChecker.java +++ b/api/src/org/apache/cloudstack/acl/APIChecker.java @@ -16,13 +16,16 @@ // under the License. package org.apache.cloudstack.acl; -import org.apache.cloudstack.acl.RoleType; +import com.cloud.exception.PermissionDeniedException; +import com.cloud.exception.RequestLimitException; +import com.cloud.user.User; import com.cloud.utils.component.Adapter; // APIChecker checks the ownership and access control to API requests public interface APIChecker extends Adapter { // Interface for checking access for a role using apiname - boolean checkAccess(RoleType roleType, String apiCommandName); - // Interface for checking existence of an api by name - boolean checkExistence(String apiCommandName); + // If true, apiChecker has checked the operation + // If false, apiChecker is unable to handle the operation or not implemented + // On exception, checkAccess failed don't allow + boolean checkAccess(User user, String apiCommandName) throws PermissionDeniedException, RequestLimitException; } diff --git a/api/src/org/apache/cloudstack/api/ResponseGenerator.java b/api/src/org/apache/cloudstack/api/ResponseGenerator.java index e9f988ade60..63df4dc5532 100644 --- a/api/src/org/apache/cloudstack/api/ResponseGenerator.java +++ b/api/src/org/apache/cloudstack/api/ResponseGenerator.java @@ -314,13 +314,6 @@ public interface ResponseGenerator { StorageNetworkIpRangeResponse createStorageNetworkIpRangeResponse(StorageNetworkIpRange result); - /** - * @param tableName TODO - * @param token - * @return - */ - Long getIdentiyId(String tableName, String token); - /** * @param resourceTag * @param keyValueOnly TODO diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java index 28bb80f72d3..e675c83dd6f 100644 --- a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java @@ -147,10 +147,9 @@ public class DeployVMCmd extends BaseAsyncCreateCmd { private List securityGroupNameList; @ACL(checkKeyAccess=true) - @Parameter(name = ApiConstants.IP_NETWORK_LIST, type = CommandType.MAP, entityType={Network.class,IpAddress.class}, + @Parameter(name = ApiConstants.IP_NETWORK_LIST, type = CommandType.MAP, entityType={Network.class, IpAddress.class}, description = "ip to network mapping. Can't be specified with networkIds parameter." + - " Example: iptonetworklist[0].ip=10.10.10.11&iptonetworklist[0].networkid=204 - requests to" + - " use ip 10.10.10.11 in network id=204") + " Example: iptonetworklist[0].ip=10.10.10.11&iptonetworklist[0].networkid=uuid - requests to use ip 10.10.10.11 in network id=uuid") private Map ipToNetworkList; @Parameter(name=ApiConstants.IP_ADDRESS, type=CommandType.STRING, description="the ip address for default vm's network") @@ -284,7 +283,17 @@ public class DeployVMCmd extends BaseAsyncCreateCmd { Iterator iter = ipsCollection.iterator(); while (iter.hasNext()) { HashMap ips = (HashMap) iter.next(); - Long networkId = Long.valueOf(_responseGenerator.getIdentiyId("networks", ips.get("networkid"))); + Long networkId; + Network network = _networkService.getNetwork(ips.get("networkid")); + if (network != null) { + networkId = network.getId(); + } else { + try { + networkId = Long.parseLong(ips.get("networkid")); + } catch(NumberFormatException e) { + throw new InvalidParameterValueException("Unable to translate and find entity with networkId: " + ips.get("networkid")); + } + } String requestedIp = (String) ips.get("ip"); ipToNetworkMap.put(networkId, requestedIp); } diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java index 7f6cd052470..43b25a83663 100644 --- a/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java @@ -137,7 +137,7 @@ public class ExtractVolumeCmd extends BaseAsyncCmd { Volume vol = _entityMgr.findById(Volume.class, id); response.setId(vol.getUuid()); response.setName(vol.getName()); - DataCenter zone = _entityMgr.findById(DataCenter.class, id); + DataCenter zone = _entityMgr.findById(DataCenter.class, zoneId); response.setZoneId(zone.getUuid()); response.setZoneName(zone.getName()); response.setMode(mode); diff --git a/client/bindir/cloud-setup-management.in b/client/bindir/cloud-setup-management.in index 469c9614b41..ca1327ae725 100755 --- a/client/bindir/cloud-setup-management.in +++ b/client/bindir/cloud-setup-management.in @@ -16,8 +16,9 @@ # specific language governing permissions and limitations # under the License. +import sys from cloudutils.syscfg import sysConfigFactory -from cloudutils.utilities import initLoging +from cloudutils.utilities import initLoging, UnknownSystemException from cloudutils.cloudException import CloudRuntimeException, CloudInternalException from cloudutils.globalEnv import globalEnv from cloudutils.serviceConfigServer import cloudManagementConfig @@ -35,7 +36,12 @@ if __name__ == '__main__': glbEnv.mode = "Server" print "Starting to configure CloudStack Management Server:" - syscfg = sysConfigFactory.getSysConfigFactory(glbEnv) + try: + syscfg = sysConfigFactory.getSysConfigFactory(glbEnv) + except UnknownSystemException: + print >>sys.stderr, ("Error: CloudStack failed to detect your " + "operating system. Exiting.") + sys.exit(1) try: syscfg.registerService(cloudManagementConfig) syscfg.config() diff --git a/client/tomcatconf/api-limit_commands.properties.in b/client/tomcatconf/api-limit_commands.properties.in deleted file mode 100644 index fcb963ac867..00000000000 --- a/client/tomcatconf/api-limit_commands.properties.in +++ /dev/null @@ -1,24 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = -# RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -# Please standardize naming conventions to camel-case (even for acronyms). - -# CloudStack API Rate Limit service command -getApiLimit=15 -resetApiLimit=1 diff --git a/client/tomcatconf/cisconexusvsm_commands.properties.in b/client/tomcatconf/cisconexusvsm_commands.properties.in deleted file mode 100644 index 0427ba2d212..00000000000 --- a/client/tomcatconf/cisconexusvsm_commands.properties.in +++ /dev/null @@ -1,25 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -#### Cisco Nexus 1000v Virtual Supervisor Module (VSM) commands -deleteCiscoNexusVSM=1 -enableCiscoNexusVSM=1 -disableCiscoNexusVSM=1 -listCiscoNexusVSMs=1 diff --git a/client/tomcatconf/commands-ext.properties.in b/client/tomcatconf/commands-ext.properties.in deleted file mode 100644 index cd1d0eac066..00000000000 --- a/client/tomcatconf/commands-ext.properties.in +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -#### usage commands -generateUsageRecords=com.cloud.api.commands.GenerateUsageRecordsCmd;1 -listUsageRecords=com.cloud.api.commands.GetUsageRecordsCmd;1 -listUsageTypes=com.cloud.api.commands.ListUsageTypesCmd;1 - -#### traffic monitor commands -addTrafficMonitor=com.cloud.api.commands.AddTrafficMonitorCmd;1 -deleteTrafficMonitor=com.cloud.api.commands.DeleteTrafficMonitorCmd;1 -listTrafficMonitors=com.cloud.api.commands.ListTrafficMonitorsCmd;1 - - diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in index 3872f2a8783..db722ad9c92 100644 --- a/client/tomcatconf/commands.properties.in +++ b/client/tomcatconf/commands.properties.in @@ -424,3 +424,92 @@ resetVpnConnection=15 listVpnCustomerGateways=15 listVpnGateways=15 listVpnConnections=15 + +#### router commands +createVirtualRouterElement=7 +configureVirtualRouterElement=7 +listVirtualRouterElements=7 + +#### usage commands +generateUsageRecords=1 +listUsageRecords=1 +listUsageTypes=1 + +#### traffic monitor commands +addTrafficMonitor=1 +deleteTrafficMonitor=1 +listTrafficMonitors=1 + +#### Cisco Nexus 1000v Virtual Supervisor Module (VSM) commands +deleteCiscoNexusVSM=1 +enableCiscoNexusVSM=1 +disableCiscoNexusVSM=1 +listCiscoNexusVSMs=1 + +#### f5 big ip load balancer commands + +#Deprecated commands +addExternalLoadBalancer=1 +deleteExternalLoadBalancer=1 +listExternalLoadBalancers=1 + +addF5LoadBalancer=1 +configureF5LoadBalancer=1 +deleteF5LoadBalancer=1 +listF5LoadBalancers=1 +listF5LoadBalancerNetworks=1 + +#### juniper srx firewall commands +addExternalFirewall=1 +deleteExternalFirewall=1 +listExternalFirewalls=1 + +addSrxFirewall=1 +deleteSrxFirewall=1 +configureSrxFirewall=1 +listSrxFirewalls=1 +listSrxFirewallNetworks=1 + +####Netapp integration commands +createVolumeOnFiler=15 +destroyVolumeOnFiler=15 +listVolumesOnFiler=15 +createLunOnFiler=15 +destroyLunOnFiler=15 +listLunsOnFiler=15 +associateLun=15 +dissociateLun=15 +createPool=15 +deletePool=15 +modifyPool=15 +listPools=15 + +#### netscaler load balancer commands +addNetscalerLoadBalancer=1 +deleteNetscalerLoadBalancer=1 +configureNetscalerLoadBalancer=1 +listNetscalerLoadBalancers=1 +listNetscalerLoadBalancerNetworks=1 + +#### nicira nvp commands + +addNiciraNvpDevice=1 +deleteNiciraNvpDevice=1 +listNiciraNvpDevices=1 +listNiciraNvpDeviceNetworks=1 + +# Not implemented (yet) +#configureNiciraNvpDevice=1 + +#### host simulator commands + +configureSimulator=1 + +#### api discovery commands + +listApis=15 + +#### API Rate Limit service command + +getApiLimit=15 +resetApiLimit=1 \ No newline at end of file diff --git a/client/tomcatconf/components.xml.in b/client/tomcatconf/components.xml.in index 630bd9769b2..e19b4186122 100755 --- a/client/tomcatconf/components.xml.in +++ b/client/tomcatconf/components.xml.in @@ -54,15 +54,13 @@ under the License. true - - - 1 25 50000 - - + + + diff --git a/client/tomcatconf/f5bigip_commands.properties.in b/client/tomcatconf/f5bigip_commands.properties.in deleted file mode 100644 index 8c3cc2a145a..00000000000 --- a/client/tomcatconf/f5bigip_commands.properties.in +++ /dev/null @@ -1,32 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -#### f5 big ip load balancer commands - -#Deprecated commands -addExternalLoadBalancer=1 -deleteExternalLoadBalancer=1 -listExternalLoadBalancers=1 - -addF5LoadBalancer=1 -configureF5LoadBalancer=1 -deleteF5LoadBalancer=1 -listF5LoadBalancers=1 -listF5LoadBalancerNetworks=1 diff --git a/client/tomcatconf/junipersrx_commands.properties.in b/client/tomcatconf/junipersrx_commands.properties.in deleted file mode 100644 index 2cadc62c57e..00000000000 --- a/client/tomcatconf/junipersrx_commands.properties.in +++ /dev/null @@ -1,30 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -#### juniper srx firewall commands -addExternalFirewall=1 -deleteExternalFirewall=1 -listExternalFirewalls=1 - -addSrxFirewall=1 -deleteSrxFirewall=1 -configureSrxFirewall=1 -listSrxFirewalls=1 -listSrxFirewallNetworks=1 diff --git a/client/tomcatconf/netapp_commands.properties.in b/client/tomcatconf/netapp_commands.properties.in deleted file mode 100644 index ea17ac0560b..00000000000 --- a/client/tomcatconf/netapp_commands.properties.in +++ /dev/null @@ -1,33 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -####Netapp integration commands -createVolumeOnFiler=15 -destroyVolumeOnFiler=15 -listVolumesOnFiler=15 -createLunOnFiler=15 -destroyLunOnFiler=15 -listLunsOnFiler=15 -associateLun=15 -dissociateLun=15 -createPool=15 -deletePool=15 -modifyPool=15 -listPools=15 diff --git a/client/tomcatconf/netscalerloadbalancer_commands.properties.in b/client/tomcatconf/netscalerloadbalancer_commands.properties.in deleted file mode 100644 index 9eeb8da9987..00000000000 --- a/client/tomcatconf/netscalerloadbalancer_commands.properties.in +++ /dev/null @@ -1,26 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -#### netscaler load balancer commands -addNetscalerLoadBalancer=1 -deleteNetscalerLoadBalancer=1 -configureNetscalerLoadBalancer=1 -listNetscalerLoadBalancers=1 -listNetscalerLoadBalancerNetworks=1 diff --git a/client/tomcatconf/nicira-nvp_commands.properties.in b/client/tomcatconf/nicira-nvp_commands.properties.in deleted file mode 100644 index 1b2b5253394..00000000000 --- a/client/tomcatconf/nicira-nvp_commands.properties.in +++ /dev/null @@ -1,29 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -#### nicira nvp commands - -addNiciraNvpDevice=1 -deleteNiciraNvpDevice=1 -listNiciraNvpDevices=1 -listNiciraNvpDeviceNetworks=1 - -# Not implemented (yet) -#configureNiciraNvpDevice=1 diff --git a/client/tomcatconf/simulator_commands.properties.in b/client/tomcatconf/simulator_commands.properties.in deleted file mode 100644 index b7213a28c05..00000000000 --- a/client/tomcatconf/simulator_commands.properties.in +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - - -configureSimulator=1 diff --git a/client/tomcatconf/virtualrouter_commands.properties.in b/client/tomcatconf/virtualrouter_commands.properties.in deleted file mode 100644 index 169496b8f4d..00000000000 --- a/client/tomcatconf/virtualrouter_commands.properties.in +++ /dev/null @@ -1,24 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER -### Please standardize naming conventions to camel-case (even for acronyms). - -#### router commands -createVirtualRouterElement=7 -configureVirtualRouterElement=7 -listVirtualRouterElements=7 diff --git a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java index 740fbbc6456..16357846cba 100644 --- a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java +++ b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java @@ -16,16 +16,19 @@ // under the License. package org.apache.cloudstack.acl; +import com.cloud.exception.PermissionDeniedException; import com.cloud.server.ManagementServer; +import com.cloud.user.Account; +import com.cloud.user.AccountService; +import com.cloud.user.User; +import com.cloud.utils.PropertiesUtil; import com.cloud.utils.component.AdapterBase; import com.cloud.utils.component.ComponentLocator; -import com.cloud.utils.component.PluggableService; import javax.ejb.Local; import javax.naming.ConfigurationException; import java.util.HashMap; import java.util.HashSet; -import java.util.List; import java.util.Map; import java.util.Set; @@ -33,7 +36,7 @@ import org.apache.log4j.Logger; // This is the default API access checker that grab's the user's account // based on the account type, access is granted -@Local(value=APIChecker.class) +@Local(value = APIChecker.class) public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIChecker { protected static final Logger s_logger = Logger.getLogger(StaticRoleBasedAPIAccessChecker.class); @@ -41,25 +44,28 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC private static Map> s_roleBasedApisMap = new HashMap>(); + private static AccountService s_accountService; + protected StaticRoleBasedAPIAccessChecker() { super(); - for (RoleType roleType: RoleType.values()) { + for (RoleType roleType : RoleType.values()) s_roleBasedApisMap.put(roleType, new HashSet()); - } } @Override - public boolean checkAccess(RoleType roleType, String commandName) { - return s_roleBasedApisMap.get(roleType).contains(commandName); - } - - @Override - public boolean checkExistence(String apiName) { - for (RoleType roleType: RoleType.values()) { - if (s_roleBasedApisMap.get(roleType).contains(apiName)) - return true; + public boolean checkAccess(User user, String commandName) + throws PermissionDeniedException { + Account account = s_accountService.getAccount(user.getAccountId()); + if (account == null) { + throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null"); } - return false; + + RoleType roleType = s_accountService.getRoleType(account); + boolean isAllowed = s_roleBasedApisMap.get(roleType).contains(commandName); + if (!isAllowed) { + throw new PermissionDeniedException("The API does not exist or is blacklisted. Role type=" + roleType.toString() + " is not allowed to request the api: " + commandName); + } + return isAllowed; } @Override @@ -68,30 +74,26 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC // Read command properties files to build the static map per role. ComponentLocator locator = ComponentLocator.getLocator(ManagementServer.Name); - List services = locator.getAllPluggableServices(); - services.add((PluggableService) ComponentLocator.getComponent(ManagementServer.Name)); + s_accountService = locator.getManager(AccountService.class); - Map configPropertiesMap = new HashMap(); - for (PluggableService service : services) { - configPropertiesMap.putAll(service.getProperties()); - } + processMapping(PropertiesUtil.processConfigFile(new String[] + {"commands.properties"})); - processConfigFiles(configPropertiesMap); return true; } - private void processConfigFiles(Map configMap) { - for (Map.Entry entry: configMap.entrySet()) { + private void processMapping(Map configMap) { + for (Map.Entry entry : configMap.entrySet()) { String apiName = entry.getKey(); String roleMask = entry.getValue(); try { short cmdPermissions = Short.parseShort(roleMask); - for (RoleType roleType: RoleType.values()) { + for (RoleType roleType : RoleType.values()) { if ((cmdPermissions & roleType.getValue()) != 0) s_roleBasedApisMap.get(roleType).add(apiName); } } catch (NumberFormatException nfe) { - s_logger.info("Malformed commands.properties permissions value, for entry: " + entry.toString()); + s_logger.info("Malformed key=value pair for entry: " + entry.toString()); } } } diff --git a/plugins/api/discovery/src/org/apache/cloudstack/api/command/user/discovery/ListApisCmd.java b/plugins/api/discovery/src/org/apache/cloudstack/api/command/user/discovery/ListApisCmd.java index ed3e1751027..132416bac05 100644 --- a/plugins/api/discovery/src/org/apache/cloudstack/api/command/user/discovery/ListApisCmd.java +++ b/plugins/api/discovery/src/org/apache/cloudstack/api/command/user/discovery/ListApisCmd.java @@ -16,7 +16,10 @@ // under the License. package org.apache.cloudstack.api.command.user.discovery; +import com.cloud.user.AccountService; +import com.cloud.user.User; import com.cloud.user.UserContext; +import com.cloud.utils.component.Inject; import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; @@ -39,14 +42,17 @@ public class ListApisCmd extends BaseCmd { @PlugService ApiDiscoveryService _apiDiscoveryService; + @Inject + private AccountService _accountService; + @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, description="API name") private String name; @Override public void execute() throws ServerApiException { if (_apiDiscoveryService != null) { - RoleType roleType = _accountService.getRoleType(UserContext.current().getCaller()); - ListResponse response = (ListResponse) _apiDiscoveryService.listApis(roleType, name); + User user = _accountService.getActiveUser(UserContext.current().getCallerUserId()); + ListResponse response = (ListResponse) _apiDiscoveryService.listApis(user, name); if (response == null) { throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Api Discovery plugin was unable to find an api by that name or process any apis"); } diff --git a/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryService.java b/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryService.java index 611493bfc08..6458c5619e8 100644 --- a/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryService.java +++ b/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryService.java @@ -16,11 +16,11 @@ // under the License. package org.apache.cloudstack.discovery; +import com.cloud.user.User; import com.cloud.utils.component.PluggableService; -import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.BaseResponse; import org.apache.cloudstack.api.response.ListResponse; public interface ApiDiscoveryService extends PluggableService { - ListResponse listApis(RoleType roleType, String apiName); + ListResponse listApis(User user, String apiName); } diff --git a/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java b/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java index 5f84486ae49..7e2ed17ecdc 100644 --- a/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java +++ b/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java @@ -18,11 +18,15 @@ package org.apache.cloudstack.discovery; import com.cloud.serializer.Param; import com.cloud.server.ManagementServer; +import com.cloud.user.User; import com.cloud.utils.ReflectUtil; import com.cloud.utils.StringUtils; +import com.cloud.utils.component.Adapters; import com.cloud.utils.component.ComponentLocator; +import com.cloud.utils.component.Inject; import com.cloud.utils.component.PluggableService; import com.google.gson.annotations.SerializedName; +import org.apache.cloudstack.acl.APIChecker; import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.BaseCmd; @@ -30,6 +34,7 @@ import org.apache.cloudstack.api.BaseAsyncCmd; import org.apache.cloudstack.api.BaseAsyncCreateCmd; import org.apache.cloudstack.api.BaseResponse; import org.apache.cloudstack.api.Parameter; +import org.apache.cloudstack.api.command.user.discovery.ListApisCmd; import org.apache.cloudstack.api.response.ApiDiscoveryResponse; import org.apache.cloudstack.api.response.ApiParameterResponse; import org.apache.cloudstack.api.response.ApiResponseResponse; @@ -49,57 +54,31 @@ import java.util.Set; public class ApiDiscoveryServiceImpl implements ApiDiscoveryService { private static final Logger s_logger = Logger.getLogger(ApiDiscoveryServiceImpl.class); - private static Map> _roleTypeDiscoveryResponseListMap; + @Inject(adapter = APIChecker.class) + protected Adapters _apiAccessCheckers; - private static Map _apiNameDiscoveryResponseMap = - new HashMap(); - - private static Map> _apiNameRoleTypeListMap = null; + private static Map _apiNameDiscoveryResponseMap = null; protected ApiDiscoveryServiceImpl() { super(); - if (_roleTypeDiscoveryResponseListMap == null) { + if (_apiNameDiscoveryResponseMap == null) { long startTime = System.nanoTime(); - _roleTypeDiscoveryResponseListMap = new HashMap>(); - for (RoleType roleType: RoleType.values()) - _roleTypeDiscoveryResponseListMap.put(roleType, new ArrayList()); + _apiNameDiscoveryResponseMap = new HashMap(); cacheResponseMap(); long endTime = System.nanoTime(); s_logger.info("Api Discovery Service: Annotation, docstrings, api relation graph processed in " + (endTime - startTime) / 1000000.0 + " ms"); } } - private Map> getApiNameRoleTypeListMap() { - Map> apiNameRoleTypeMap = new HashMap>(); - ComponentLocator locator = ComponentLocator.getLocator(ManagementServer.Name); - List services = locator.getAllPluggableServices(); - services.add((PluggableService) ComponentLocator.getComponent(ManagementServer.Name)); - for (PluggableService service : services) { - for (Map.Entry entry: service.getProperties().entrySet()) { - String apiName = entry.getKey(); - String roleMask = entry.getValue(); - try { - short cmdPermissions = Short.parseShort(roleMask); - if (!apiNameRoleTypeMap.containsKey(apiName)) - apiNameRoleTypeMap.put(apiName, new ArrayList()); - for (RoleType roleType: RoleType.values()) { - if ((cmdPermissions & roleType.getValue()) != 0) - apiNameRoleTypeMap.get(apiName).add(roleType); - } - } catch (NumberFormatException nfe) { - } - } - } - return apiNameRoleTypeMap; - } - private void cacheResponseMap() { Set> cmdClasses = ReflectUtil.getClassesWithAnnotation(APICommand.class, new String[]{"org.apache.cloudstack.api", "com.cloud.api"}); + //TODO: Fix and use PluggableService to get the classes + Map> responseApiNameListMap = new HashMap>(); - for(Class cmdClass: cmdClasses) { + for (Class cmdClass : cmdClasses) { APICommand apiCmdAnnotation = cmdClass.getAnnotation(APICommand.class); if (apiCmdAnnotation == null) apiCmdAnnotation = cmdClass.getSuperclass().getAnnotation(APICommand.class); @@ -123,9 +102,9 @@ public class ApiDiscoveryServiceImpl implements ApiDiscoveryService { response.setRelated(responseName); Field[] responseFields = apiCmdAnnotation.responseObject().getDeclaredFields(); - for(Field responseField: responseFields) { + for (Field responseField : responseFields) { SerializedName serializedName = responseField.getAnnotation(SerializedName.class); - if(serializedName != null) { + if (serializedName != null) { ApiResponseResponse responseResponse = new ApiResponseResponse(); responseResponse.setName(serializedName.value()); Param param = responseField.getAnnotation(Param.class); @@ -137,14 +116,14 @@ public class ApiDiscoveryServiceImpl implements ApiDiscoveryService { } Field[] fields = ReflectUtil.getAllFieldsForClass(cmdClass, - new Class[] {BaseCmd.class, BaseAsyncCmd.class, BaseAsyncCreateCmd.class}); + new Class[]{BaseCmd.class, BaseAsyncCmd.class, BaseAsyncCreateCmd.class}); boolean isAsync = ReflectUtil.isCmdClassAsync(cmdClass, - new Class[] {BaseAsyncCmd.class, BaseAsyncCreateCmd.class}); + new Class[]{BaseAsyncCmd.class, BaseAsyncCreateCmd.class}); response.setAsync(isAsync); - for(Field field: fields) { + for (Field field : fields) { Parameter parameterAnnotation = field.getAnnotation(Parameter.class); if (parameterAnnotation != null && parameterAnnotation.expose() @@ -166,10 +145,10 @@ public class ApiDiscoveryServiceImpl implements ApiDiscoveryService { _apiNameDiscoveryResponseMap.put(apiName, response); } - for (String apiName: _apiNameDiscoveryResponseMap.keySet()) { + for (String apiName : _apiNameDiscoveryResponseMap.keySet()) { ApiDiscoveryResponse response = _apiNameDiscoveryResponseMap.get(apiName); Set processedParams = new HashSet(); - for (ApiParameterResponse param: response.getParams()) { + for (ApiParameterResponse param : response.getParams()) { if (responseApiNameListMap.containsKey(param.getRelated())) { List relatedApis = responseApiNameListMap.get(param.getRelated()); param.setRelated(StringUtils.join(relatedApis, ",")); @@ -192,41 +171,48 @@ public class ApiDiscoveryServiceImpl implements ApiDiscoveryService { } @Override - public ListResponse listApis(RoleType roleType, String name) { - // Creates roles based response list cache the first time listApis is called - // Due to how adapters work, this cannot be done when mgmt loads - if (_apiNameRoleTypeListMap == null) { - long startTime = System.nanoTime(); - _apiNameRoleTypeListMap = getApiNameRoleTypeListMap(); - for (Map.Entry> entry: _apiNameRoleTypeListMap.entrySet()) { - String apiName = entry.getKey(); - for (RoleType roleTypeInList: entry.getValue()) { - _roleTypeDiscoveryResponseListMap.get(roleTypeInList).add( - _apiNameDiscoveryResponseMap.get(apiName)); - } - } - long endTime = System.nanoTime(); - s_logger.info("Api Discovery Service: List apis cached in " + (endTime - startTime) / 1000000.0 + " ms"); - } + public ListResponse listApis(User user, String name) { ListResponse response = new ListResponse(); + List responseList = new ArrayList(); + + if (user == null) + return null; + if (name != null) { if (!_apiNameDiscoveryResponseMap.containsKey(name)) return null; - List singleResponse = new ArrayList(); - singleResponse.add(_apiNameDiscoveryResponseMap.get(name)); - response.setResponses(singleResponse); + for (APIChecker apiChecker : _apiAccessCheckers) { + try { + apiChecker.checkAccess(user, name); + } catch (Exception ex) { + return null; + } + } + responseList.add(_apiNameDiscoveryResponseMap.get(name)); } else { - response.setResponses(_roleTypeDiscoveryResponseListMap.get(roleType)); + for (String apiName : _apiNameDiscoveryResponseMap.keySet()) { + boolean isAllowed = true; + for (APIChecker apiChecker : _apiAccessCheckers) { + try { + apiChecker.checkAccess(user, name); + } catch (Exception ex) { + isAllowed = false; + } + } + if (isAllowed) + responseList.add(_apiNameDiscoveryResponseMap.get(apiName)); + } } + response.setResponses(responseList); return response; } @Override - public Map getProperties() { - Map apiDiscoveryPropertyMap = new HashMap(); - apiDiscoveryPropertyMap.put("listApis", "15"); - return apiDiscoveryPropertyMap; + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(ListApisCmd.class); + return cmdList; } } diff --git a/plugins/api/rate-limit/src/org/apache/cloudstack/api/command/admin/ratelimit/ResetApiLimitCmd.java b/plugins/api/rate-limit/src/org/apache/cloudstack/api/command/admin/ratelimit/ResetApiLimitCmd.java index 3c612faf302..771b63a9e78 100644 --- a/plugins/api/rate-limit/src/org/apache/cloudstack/api/command/admin/ratelimit/ResetApiLimitCmd.java +++ b/plugins/api/rate-limit/src/org/apache/cloudstack/api/command/admin/ratelimit/ResetApiLimitCmd.java @@ -83,7 +83,7 @@ public class ResetApiLimitCmd extends BaseCmd { @Override public void execute(){ - boolean result = _apiLimitService.resetApiLimit(this); + boolean result = _apiLimitService.resetApiLimit(this.accountId); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); this.setResponseObject(response); diff --git a/plugins/api/rate-limit/src/org/apache/cloudstack/api/command/user/ratelimit/GetApiLimitCmd.java b/plugins/api/rate-limit/src/org/apache/cloudstack/api/command/user/ratelimit/GetApiLimitCmd.java index 0397fa8ab54..ad1fb286c6e 100644 --- a/plugins/api/rate-limit/src/org/apache/cloudstack/api/command/user/ratelimit/GetApiLimitCmd.java +++ b/plugins/api/rate-limit/src/org/apache/cloudstack/api/command/user/ratelimit/GetApiLimitCmd.java @@ -78,7 +78,8 @@ public class GetApiLimitCmd extends BaseListCmd { @Override public void execute(){ - ApiLimitResponse response = _apiLimitService.searchApiLimit(this); + Account caller = UserContext.current().getCaller(); + ApiLimitResponse response = _apiLimitService.searchApiLimit(caller); response.setResponseName(getCommandName()); this.setResponseObject(response); } diff --git a/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitService.java b/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitService.java index 8c9d49b007f..c5b715019b6 100644 --- a/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitService.java +++ b/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitService.java @@ -16,11 +16,8 @@ // under the License. package org.apache.cloudstack.ratelimit; -import org.apache.cloudstack.api.command.admin.ratelimit.ResetApiLimitCmd; -import org.apache.cloudstack.api.command.user.ratelimit.GetApiLimitCmd; import org.apache.cloudstack.api.response.ApiLimitResponse; -import org.apache.cloudstack.api.response.ListResponse; - +import com.cloud.user.Account; import com.cloud.utils.component.PluggableService; /** @@ -30,9 +27,9 @@ import com.cloud.utils.component.PluggableService; */ public interface ApiRateLimitService extends PluggableService{ - public ApiLimitResponse searchApiLimit(GetApiLimitCmd cmd); + public ApiLimitResponse searchApiLimit(Account caller); - public boolean resetApiLimit(ResetApiLimitCmd cmd); + public boolean resetApiLimit(Long accountId); public void setTimeToLive(int timeToLive); diff --git a/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java b/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java index 00f39af1e1e..1e9b9adf41c 100644 --- a/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java +++ b/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java @@ -16,6 +16,8 @@ // under the License. package org.apache.cloudstack.ratelimit; +import java.util.ArrayList; +import java.util.List; import java.util.Map; import javax.ejb.Local; import javax.naming.ConfigurationException; @@ -25,19 +27,21 @@ import net.sf.ehcache.CacheManager; import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.APILimitChecker; -import org.apache.cloudstack.api.BaseCmd; -import org.apache.cloudstack.api.ServerApiException; +import org.apache.cloudstack.acl.APIChecker; import org.apache.cloudstack.api.command.admin.ratelimit.ResetApiLimitCmd; import org.apache.cloudstack.api.command.user.ratelimit.GetApiLimitCmd; import org.apache.cloudstack.api.response.ApiLimitResponse; -import com.cloud.user.Account; -import com.cloud.user.UserContext; -import com.cloud.utils.PropertiesUtil; -import com.cloud.utils.component.AdapterBase; -@Local(value = APILimitChecker.class) -public class ApiRateLimitServiceImpl extends AdapterBase implements APILimitChecker, ApiRateLimitService { +import com.cloud.exception.PermissionDeniedException; +import com.cloud.exception.RequestLimitException; +import com.cloud.user.Account; +import com.cloud.user.AccountService; +import com.cloud.user.User; +import com.cloud.utils.component.AdapterBase; +import com.cloud.utils.component.Inject; + +@Local(value = APIChecker.class) +public class ApiRateLimitServiceImpl extends AdapterBase implements APIChecker, ApiRateLimitService { private static final Logger s_logger = Logger.getLogger(ApiRateLimitServiceImpl.class); /** @@ -52,6 +56,10 @@ public class ApiRateLimitServiceImpl extends AdapterBase implements APILimitChec private LimitStore _store = null; + @Inject + AccountService _accountService; + + @Override public boolean configure(String name, Map params) throws ConfigurationException { @@ -80,9 +88,10 @@ public class ApiRateLimitServiceImpl extends AdapterBase implements APILimitChec CacheManager cm = CacheManager.create(); Cache cache = new Cache("api-limit-cache", maxElements, false, false, timeToLive, timeToLive); cm.addCache(cache); - s_logger.info("Limit Cache created: " + cache.toString()); + s_logger.info("Limit Cache created with timeToLive=" + timeToLive + ", maxAllowed=" + maxAllowed + ", maxElements=" + maxElements ); cacheStore.setCache(cache); _store = cacheStore; + } return true; @@ -92,8 +101,7 @@ public class ApiRateLimitServiceImpl extends AdapterBase implements APILimitChec @Override - public ApiLimitResponse searchApiLimit(GetApiLimitCmd cmd) { - Account caller = UserContext.current().getCaller(); + public ApiLimitResponse searchApiLimit(Account caller) { ApiLimitResponse response = new ApiLimitResponse(); response.setAccountId(caller.getUuid()); response.setAccountName(caller.getAccountName()); @@ -118,9 +126,9 @@ public class ApiRateLimitServiceImpl extends AdapterBase implements APILimitChec @Override - public boolean resetApiLimit(ResetApiLimitCmd cmd) { - if ( cmd.getAccountId() != null ){ - _store.create(cmd.getAccountId(), timeToLive); + public boolean resetApiLimit(Long accountId) { + if ( accountId != null ){ + _store.create(accountId, timeToLive); } else{ _store.resetCounters(); @@ -129,10 +137,15 @@ public class ApiRateLimitServiceImpl extends AdapterBase implements APILimitChec } - @Override - public void checkLimit(Account account) throws ServerApiException { - Long accountId = account.getId(); + @Override + public boolean checkAccess(User user, String apiCommandName) throws PermissionDeniedException, RequestLimitException { + Long accountId = user.getAccountId(); + Account account = _accountService.getAccount(accountId); + if ( _accountService.isRootAdmin(account.getType())){ + // no API throttling on root admin + return true; + } StoreEntry entry = _store.get(accountId); if (entry == null) { @@ -145,25 +158,27 @@ public class ApiRateLimitServiceImpl extends AdapterBase implements APILimitChec int current = entry.incrementAndGet(); if (current <= maxAllowed) { - return; + s_logger.info("current count = " + current); + return true; } else { long expireAfter = entry.getExpireDuration(); - s_logger.warn("The given user has reached his/her account api limit, please retry after " + expireAfter + " ms."); - throw new ServerApiException(BaseCmd.API_LIMIT_EXCEED, "The given user has reached his/her account api limit, please retry after " + - expireAfter + " ms."); + // for this exception, we can just show the same message to user and admin users. + String msg = "The given user has reached his/her account api limit, please retry after " + expireAfter + " ms."; + s_logger.warn(msg); + throw new RequestLimitException(msg); } } - @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "api-limit_commands.properties" }); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(ResetApiLimitCmd.class); + cmdList.add(GetApiLimitCmd.class); + return cmdList; } - @Override public void setTimeToLive(int timeToLive) { this.timeToLive = timeToLive; diff --git a/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java b/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java index ef3cf6d7948..850182d8f03 100644 --- a/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java +++ b/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java @@ -23,20 +23,18 @@ import java.util.concurrent.Executors; import javax.naming.ConfigurationException; -import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.command.admin.ratelimit.ResetApiLimitCmd; -import org.apache.cloudstack.api.command.user.ratelimit.GetApiLimitCmd; import org.apache.cloudstack.api.response.ApiLimitResponse; import org.apache.cloudstack.ratelimit.ApiRateLimitServiceImpl; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; -import com.cloud.configuration.Config; -import com.cloud.configuration.dao.ConfigurationDao; +import com.cloud.exception.RequestLimitException; import com.cloud.user.Account; +import com.cloud.user.AccountService; import com.cloud.user.AccountVO; -import com.cloud.user.UserContext; +import com.cloud.user.User; +import com.cloud.user.UserVO; import static org.junit.Assert.*; import static org.mockito.Mockito.*; @@ -44,25 +42,45 @@ import static org.mockito.Mockito.*; public class ApiRateLimitTest { static ApiRateLimitServiceImpl _limitService = new ApiRateLimitServiceImpl(); - private static long acctIdSeq = 0L; + static AccountService _accountService = mock(AccountService.class); + private static long acctIdSeq = 5L; + private static Account testAccount; @BeforeClass public static void setUp() throws ConfigurationException { _limitService.configure("ApiRateLimitTest", Collections. emptyMap()); + + _limitService._accountService = _accountService; + + // Standard responses + AccountVO acct = new AccountVO(acctIdSeq); + acct.setType(Account.ACCOUNT_TYPE_NORMAL); + acct.setAccountName("demo"); + testAccount = acct; + + when(_accountService.getAccount(5L)).thenReturn(testAccount); + when(_accountService.isRootAdmin(Account.ACCOUNT_TYPE_NORMAL)).thenReturn(false); } + @Before + public void testSetUp() { + // reset counter for each test + _limitService.resetApiLimit(null); + } - private Account createFakeAccount(){ - return new AccountVO(acctIdSeq++); + private User createFakeUser(){ + UserVO user = new UserVO(); + user.setAccountId(acctIdSeq); + return user; } - private boolean isUnderLimit(Account key){ + private boolean isUnderLimit(User key){ try{ - _limitService.checkLimit(key); + _limitService.checkAccess(key, null); return true; } - catch (ServerApiException ex){ + catch (RequestLimitException ex){ return false; } } @@ -73,7 +91,7 @@ public class ApiRateLimitTest { _limitService.setMaxAllowed(allowedRequests); _limitService.setTimeToLive(1); - Account key = createFakeAccount(); + User key = createFakeUser(); assertTrue("Allow for the first request", isUnderLimit(key)); assertFalse("Second request should be blocked, since we assume that the two api " @@ -86,10 +104,10 @@ public class ApiRateLimitTest { _limitService.setMaxAllowed(allowedRequests); _limitService.setTimeToLive(1); - Account key = createFakeAccount(); + User key = createFakeUser(); for (int i = 0; i < allowedRequests; i++) { - assertTrue("We should allow " + allowedRequests + " requests per second", isUnderLimit(key)); + assertTrue("We should allow " + allowedRequests + " requests per second, but failed at request " + i, isUnderLimit(key)); } @@ -103,7 +121,7 @@ public class ApiRateLimitTest { _limitService.setTimeToLive(1); - final Account key = createFakeAccount(); + final User key = createFakeUser(); int clientCount = allowedRequests; Runnable[] clients = new Runnable[clientCount]; @@ -158,7 +176,7 @@ public class ApiRateLimitTest { _limitService.setMaxAllowed(allowedRequests); _limitService.setTimeToLive(1); - Account key = this.createFakeAccount(); + User key = this.createFakeUser(); assertTrue("The first request should be allowed", isUnderLimit(key)); @@ -174,41 +192,35 @@ public class ApiRateLimitTest { _limitService.setMaxAllowed(allowedRequests); _limitService.setTimeToLive(1); - Account key = this.createFakeAccount(); + User key = this.createFakeUser(); assertTrue("The first request should be allowed", isUnderLimit(key)); assertFalse("Another request should be blocked", isUnderLimit(key)); - ResetApiLimitCmd cmd = new ResetApiLimitCmd(); - cmd.setAccountId(key.getId()); - - _limitService.resetApiLimit(cmd); + _limitService.resetApiLimit(key.getAccountId()); assertTrue("Another request should be allowed after reset counter", isUnderLimit(key)); } - /* Disable this since I cannot mock Static method UserContext.current() + @Test public void verifySearchCounter() throws Exception { int allowedRequests = 10; _limitService.setMaxAllowed(allowedRequests); _limitService.setTimeToLive(1); - Account key = this.createFakeAccount(); + User key = this.createFakeUser(); for ( int i = 0; i < 5; i++ ){ assertTrue("Issued 5 requests", isUnderLimit(key)); } - GetApiLimitCmd cmd = new GetApiLimitCmd(); - UserContext ctx = mock(UserContext.class); - when(UserContext.current().getCaller()).thenReturn(key); - ApiLimitResponse response = _limitService.searchApiLimit(cmd); + ApiLimitResponse response = _limitService.searchApiLimit(testAccount); assertEquals("apiIssued is incorrect", 5, response.getApiIssued()); assertEquals("apiAllowed is incorrect", 5, response.getApiAllowed()); - assertTrue("expiredAfter is incorrect", response.getExpireAfter() < 1); + assertTrue("expiredAfter is incorrect", response.getExpireAfter() < 1000); } - */ + } diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/KVMGuestOsMapper.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/KVMGuestOsMapper.java index b4771cacb10..bd1573c9fa9 100644 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/KVMGuestOsMapper.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/KVMGuestOsMapper.java @@ -91,6 +91,8 @@ public class KVMGuestOsMapper { s_mapper.put("Fedora 10", "Fedora 10"); s_mapper.put("Fedora 9", "Fedora 9"); s_mapper.put("Fedora 8", "Fedora 8"); + s_mapper.put("Ubuntu 12.04 (32-bit)", "Ubuntu 12.04"); + s_mapper.put("Ubuntu 12.04 (64-bit)", "Ubuntu 12.04"); s_mapper.put("Ubuntu 10.04 (32-bit)", "Ubuntu 10.04"); s_mapper.put("Ubuntu 10.04 (64-bit)", "Ubuntu 10.04"); s_mapper.put("Ubuntu 10.10 (32-bit)", "Ubuntu 10.10"); diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java index b52e2d8a0b0..6b5f6df3bff 100755 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java @@ -2901,9 +2901,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements NicTO[] nics = vmSpec.getNics(); for (NicTO nic : nics) { - if (nic.getIsolationUri() != null - && nic.getIsolationUri().getScheme() - .equalsIgnoreCase(IsolationType.Ec2.toString())) { + if (nic.isSecurityGroupEnabled() || ( nic.getIsolationUri() != null + && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString()))) { if (vmSpec.getType() != VirtualMachine.Type.User) { default_network_rules_for_systemvm(conn, vmName); break; diff --git a/plugins/hypervisors/simulator/src/com/cloud/server/ManagementServerSimulatorImpl.java b/plugins/hypervisors/simulator/src/com/cloud/server/ManagementServerSimulatorImpl.java index 44ab26a020a..c639a556cb7 100644 --- a/plugins/hypervisors/simulator/src/com/cloud/server/ManagementServerSimulatorImpl.java +++ b/plugins/hypervisors/simulator/src/com/cloud/server/ManagementServerSimulatorImpl.java @@ -17,16 +17,17 @@ package com.cloud.server; +import com.cloud.api.commands.ConfigureSimulator; import com.cloud.utils.PropertiesUtil; +import java.util.List; import java.util.Map; public class ManagementServerSimulatorImpl extends ManagementServerExtImpl { @Override - public Map getProperties() { - Map apiNameRoleMaskMapping = super.getProperties(); - apiNameRoleMaskMapping.putAll(PropertiesUtil.processConfigFile(new String[] - {"commands-simulator.properties"})); - return apiNameRoleMaskMapping; + public List> getCommands() { + List> cmdList = super.getCommands(); + cmdList.add(ConfigureSimulator.class); + return cmdList; } } diff --git a/plugins/hypervisors/vmware/src/com/cloud/network/element/CiscoNexusVSMElement.java b/plugins/hypervisors/vmware/src/com/cloud/network/element/CiscoNexusVSMElement.java index 2cf87877859..68388a6fb18 100644 --- a/plugins/hypervisors/vmware/src/com/cloud/network/element/CiscoNexusVSMElement.java +++ b/plugins/hypervisors/vmware/src/com/cloud/network/element/CiscoNexusVSMElement.java @@ -17,6 +17,7 @@ package com.cloud.network.element; +import java.lang.Class; import java.lang.String; import java.util.List; import java.util.Map; @@ -239,8 +240,12 @@ public class CiscoNexusVSMElement extends CiscoNexusVSMDeviceManagerImpl impleme } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "cisconexusvsm_commands.properties" }); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(ListCiscoNexusVSMsCmd.class); + cmdList.add(EnableCiscoNexusVSMCmd.class); + cmdList.add(DisableCiscoNexusVSMCmd.class); + cmdList.add(DeleteCiscoNexusVSMCmd.class); + return cmdList; } } diff --git a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java index 36a12b1b4fa..66a5918b177 100644 --- a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java +++ b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java @@ -1324,7 +1324,8 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe NicTO[] nics = vmSpec.getNics(); boolean secGrpEnabled = false; for (NicTO nic : nics) { - if (nic.getIsolationUri() != null && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString())) { + if (nic.isSecurityGroupEnabled() || (nic.getIsolationUri() != null + && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString()))) { secGrpEnabled = true; break; } @@ -1342,7 +1343,8 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe //For user vm, program the rules for each nic if the isolation uri scheme is ec2 NicTO[] nics = vmSpec.getNics(); for (NicTO nic : nics) { - if (nic.getIsolationUri() != null && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString())) { + if ( nic.isSecurityGroupEnabled() || nic.getIsolationUri() != null + && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString())) { result = callHostPlugin(conn, "vmops", "default_network_rules", "vmName", vmName, "vmIP", nic.getIp(), "vmMAC", nic.getMac(), "vmID", Long.toString(vmSpec.getId())); if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) { diff --git a/plugins/network-elements/f5/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java b/plugins/network-elements/f5/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java index 438498ff38c..b9739ec21df 100644 --- a/plugins/network-elements/f5/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java +++ b/plugins/network-elements/f5/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java @@ -16,6 +16,7 @@ // under the License. package com.cloud.network.element; +import java.lang.Class; import java.lang.String; import java.util.ArrayList; import java.util.HashMap; @@ -262,9 +263,17 @@ public class F5ExternalLoadBalancerElement extends ExternalLoadBalancerDeviceMan } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "f5bigip_commands.properties" }); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(AddExternalLoadBalancerCmd.class); + cmdList.add(AddF5LoadBalancerCmd.class); + cmdList.add(ConfigureF5LoadBalancerCmd.class); + cmdList.add(DeleteExternalLoadBalancerCmd.class); + cmdList.add(DeleteF5LoadBalancerCmd.class); + cmdList.add(ListExternalLoadBalancersCmd.class); + cmdList.add(ListF5LoadBalancerNetworksCmd.class); + cmdList.add(ListF5LoadBalancersCmd.class); + return cmdList; } @Override diff --git a/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java b/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java index 55722ae23ab..6e9d32daa99 100644 --- a/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java +++ b/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java @@ -404,9 +404,17 @@ public class JuniperSRXExternalFirewallElement extends ExternalFirewallDeviceMan } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "junipersrx_commands.properties"}); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(AddExternalFirewallCmd.class); + cmdList.add(AddSrxFirewallCmd.class); + cmdList.add(ConfigureSrxFirewallCmd.class); + cmdList.add(DeleteExternalFirewallCmd.class); + cmdList.add(DeleteSrxFirewallCmd.class); + cmdList.add(ListExternalFirewallsCmd.class); + cmdList.add(ListSrxFirewallNetworksCmd.class); + cmdList.add(ListSrxFirewallsCmd.class); + return cmdList; } @Override diff --git a/plugins/network-elements/midokura-midonet/src/com/cloud/network/element/MidokuraMidonetElement.java b/plugins/network-elements/midokura-midonet/src/com/cloud/network/element/MidokuraMidonetElement.java index 56734669020..a45c5c0a47c 100644 --- a/plugins/network-elements/midokura-midonet/src/com/cloud/network/element/MidokuraMidonetElement.java +++ b/plugins/network-elements/midokura-midonet/src/com/cloud/network/element/MidokuraMidonetElement.java @@ -38,15 +38,10 @@ import com.cloud.vm.VirtualMachineProfile; import org.apache.log4j.Logger; import javax.ejb.Local; +import java.lang.Class; import java.util.Map; import java.util.Set; -/** - * User: tomoe - * Date: 8/8/12 - * Time: 1:38 PM - */ - @Local(value = NetworkElement.class) public class MidokuraMidonetElement extends AdapterBase implements ConnectivityProvider, PluggableService { private static final Logger s_logger = Logger.getLogger(MidokuraMidonetElement.class); @@ -126,7 +121,7 @@ public class MidokuraMidonetElement extends AdapterBase implements ConnectivityP } @Override - public String getPropertiesFile() { + public List> getCommands() { // TODO: implement this. return null; } diff --git a/plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java b/plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java index ac1619ef1f8..a1782107e19 100644 --- a/plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java +++ b/plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java @@ -16,6 +16,7 @@ // under the License. package com.cloud.network.element; +import java.lang.Class; import java.net.URI; import java.util.ArrayList; import java.util.HashMap; @@ -465,9 +466,14 @@ StaticNatServiceProvider { } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "netscalerloadbalancer_commands.properties" }); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(AddNetscalerLoadBalancerCmd.class); + cmdList.add(ConfigureNetscalerLoadBalancerCmd.class); + cmdList.add(DeleteNetscalerLoadBalancerCmd.class); + cmdList.add(ListNetscalerLoadBalancerNetworksCmd.class); + cmdList.add(ListNetscalerLoadBalancersCmd.class); + return cmdList; } @Override diff --git a/plugins/network-elements/nicira-nvp/src/com/cloud/network/element/NiciraNvpElement.java b/plugins/network-elements/nicira-nvp/src/com/cloud/network/element/NiciraNvpElement.java index 22fab500fdb..6bcaeeeb235 100644 --- a/plugins/network-elements/nicira-nvp/src/com/cloud/network/element/NiciraNvpElement.java +++ b/plugins/network-elements/nicira-nvp/src/com/cloud/network/element/NiciraNvpElement.java @@ -541,9 +541,13 @@ public class NiciraNvpElement extends AdapterBase implements } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "nicira-nvp_commands.properties" }); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(AddNiciraNvpDeviceCmd.class); + cmdList.add(DeleteNiciraNvpDeviceCmd.class); + cmdList.add(ListNiciraNvpDeviceNetworksCmd.class); + cmdList.add(ListNiciraNvpDevicesCmd.class); + return cmdList; } @Override diff --git a/pom.xml b/pom.xml index aad124b0baf..f752d266a9d 100644 --- a/pom.xml +++ b/pom.xml @@ -245,7 +245,9 @@ scripts/vm/systemvm/id_rsa.cloud tools/devcloud/basebuild/puppet-devcloudinitial/files/network.conf tools/devcloud/devcloud.cfg + tools/devcloud/devcloud-advanced.cfg tools/devcloud-kvm/devcloud-kvm.cfg + tools/devcloud-kvm/devcloud-kvm-advanced.cfg ui/lib/flot/jquery.colorhelpers.js ui/lib/flot/jquery.flot.crosshair.js ui/lib/flot/jquery.flot.fillbetween.js diff --git a/python/lib/cloudutils/utilities.py b/python/lib/cloudutils/utilities.py index adf81fcbd4c..3f5f2a9dc8b 100755 --- a/python/lib/cloudutils/utilities.py +++ b/python/lib/cloudutils/utilities.py @@ -96,6 +96,10 @@ def writeProgressBar(msg, result): output = "[%-6s]\n"%"Failed" sys.stdout.write(output) sys.stdout.flush() + +class UnknownSystemException(Exception): + "This Excption is raised if the current operating enviornment is unknown" + pass class Distribution: def __init__(self): @@ -120,7 +124,7 @@ class Distribution: self.arch = bash("uname -m").getStdout() else: - self.distro = "Unknown" + raise UnknownSystemException def getVersion(self): return self.distro diff --git a/server/src/com/cloud/api/ApiDispatcher.java b/server/src/com/cloud/api/ApiDispatcher.java index 7bc3271523b..55d7f429ca1 100755 --- a/server/src/com/cloud/api/ApiDispatcher.java +++ b/server/src/com/cloud/api/ApiDispatcher.java @@ -64,7 +64,6 @@ import com.cloud.utils.component.PluggableService; import com.cloud.utils.db.GenericDao; import com.cloud.utils.exception.CSExceptionErrorCode; import com.cloud.utils.exception.CloudRuntimeException; -import com.cloud.uuididentity.dao.IdentityDao; // ApiDispatcher: A class that dispatches API commands to the appropriate manager for execution. public class ApiDispatcher { @@ -75,7 +74,6 @@ public class ApiDispatcher { @Inject private AsyncJobManager _asyncMgr = null; @Inject private AccountManager _accountMgr = null; @Inject EntityManager _entityMgr = null; - @Inject IdentityDao _identityDao = null; Map> _daoNameMap = new HashMap>(); // singleton class @@ -708,8 +706,4 @@ public class ApiDispatcher { throw new CloudRuntimeException("Internal error at plugService for command " + cmd.getCommandName() + " [field " + field.getName() + " is not accessible]"); } } - - public static Long getIdentiyId(String tableName, String token) { - return s_instance._identityDao.getIdentityId(tableName, token); - } } diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index edb798b812e..c346a6b86f1 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -2791,11 +2791,6 @@ public class ApiResponseHelper implements ResponseGenerator { return response; } - @Override - public Long getIdentiyId(String tableName, String token) { - return ApiDispatcher.getIdentiyId(tableName, token); - } - @Override public ResourceTagResponse createResourceTagResponse(ResourceTag resourceTag, boolean keyValueOnly) { ResourceTagJoinVO rto = ApiDBUtils.newResourceTagView(resourceTag); diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index 1d15acf0b6f..72bed44ca1b 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -115,6 +115,7 @@ import com.cloud.event.EventUtils; import com.cloud.exception.CloudAuthenticationException; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.PermissionDeniedException; +import com.cloud.exception.RequestLimitException; import com.cloud.server.ManagementServer; import com.cloud.user.Account; import com.cloud.user.AccountManager; @@ -132,14 +133,12 @@ import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.db.SearchCriteria; import com.cloud.utils.db.Transaction; import com.cloud.utils.exception.CSExceptionErrorCode; -import com.cloud.uuididentity.dao.IdentityDao; public class ApiServer implements HttpRequestHandler { private static final Logger s_logger = Logger.getLogger(ApiServer.class.getName()); private static final Logger s_accessLogger = Logger.getLogger("apiserver." + ApiServer.class.getName()); public static boolean encodeApiResponse = false; - public static boolean apiThrottlingEnabled = true; public static String jsonContentType = "text/javascript"; private ApiDispatcher _dispatcher; @@ -218,7 +217,6 @@ public class ApiServer implements HttpRequestHandler { if (jsonType != null) { jsonContentType = jsonType; } - apiThrottlingEnabled = Boolean.valueOf(configDao.getValue(Config.ApiLimitEnabled.key())); if (apiPort != null) { ListenerThread listenerThread = new ListenerThread(this, apiPort); @@ -555,19 +553,22 @@ public class ApiServer implements HttpRequestHandler { // if userId not null, that mean that user is logged in if (userId != null) { User user = ApiDBUtils.findUserById(userId); - if (apiThrottlingEnabled){ - // go through each API limit checker, throw exception inside adapter implementation so that message - // can contain some detailed information only known for each adapter implementation. - checkRequestLimit(user); + + try{ + checkCommandAvailable(user, commandName); } - if (!isCommandAvailable(user, commandName)) { + catch (PermissionDeniedException ex){ s_logger.debug("The given command:" + commandName + " does not exist or it is not available for user with id:" + userId); throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command does not exist or it is not available for user"); } + catch (RequestLimitException ex){ + s_logger.debug(ex.getMessage()); + throw new ServerApiException(BaseCmd.API_LIMIT_EXCEED, ex.getMessage()); + } return true; } else { // check against every available command to see if the command exists or not - if (!doesCommandExist(commandName) && !commandName.equals("login") && !commandName.equals("logout")) { + if (!_apiNameCmdClassMap.containsKey(commandName) && !commandName.equals("login") && !commandName.equals("logout")) { s_logger.debug("The given command:" + commandName + " does not exist or it is not available for user with id:" + userId); throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command does not exist or it is not available for user"); } @@ -612,30 +613,29 @@ public class ApiServer implements HttpRequestHandler { // if api/secret key are passed to the parameters if ((signature == null) || (apiKey == null)) { - if (s_logger.isDebugEnabled()) { - s_logger.info("expired session, missing signature, or missing apiKey -- ignoring request...sig: " + signature + ", apiKey: " + apiKey); - } + s_logger.debug("Expired session, missing signature, or missing apiKey -- ignoring request. Signature: " + signature + ", apiKey: " + apiKey); return false; // no signature, bad request } Date expiresTS = null; + // FIXME: Hard coded signature, why not have an enum if ("3".equals(signatureVersion)) { // New signature authentication. Check for expire parameter and its validity if (expires == null) { - s_logger.info("missing Expires parameter -- ignoring request...sig: " + signature + ", apiKey: " + apiKey); + s_logger.debug("Missing Expires parameter -- ignoring request. Signature: " + signature + ", apiKey: " + apiKey); return false; } synchronized (_dateFormat) { try { expiresTS = _dateFormat.parse(expires); } catch (ParseException pe) { - s_logger.info("Incorrect date format for Expires parameter", pe); + s_logger.debug("Incorrect date format for Expires parameter", pe); return false; } } Date now = new Date(System.currentTimeMillis()); if (expiresTS.before(now)) { - s_logger.info("Request expired -- ignoring ...sig: " + signature + ", apiKey: " + apiKey); + s_logger.debug("Request expired -- ignoring ...sig: " + signature + ", apiKey: " + apiKey); return false; } } @@ -646,7 +646,7 @@ public class ApiServer implements HttpRequestHandler { // verify there is a user with this api key Pair userAcctPair = _accountMgr.findUserByApiKey(apiKey); if (userAcctPair == null) { - s_logger.info("apiKey does not map to a valid user -- ignoring request, apiKey: " + apiKey); + s_logger.debug("apiKey does not map to a valid user -- ignoring request, apiKey: " + apiKey); return false; } @@ -661,7 +661,10 @@ public class ApiServer implements HttpRequestHandler { UserContext.updateContext(user.getId(), account, null); - if (!isCommandAvailable(user, commandName)) { + try{ + checkCommandAvailable(user, commandName); + } + catch (PermissionDeniedException ex){ s_logger.debug("The given command:" + commandName + " does not exist or it is not available for user"); throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command:" + commandName + " does not exist or it is not available for user with id:" + userId); } @@ -686,24 +689,16 @@ public class ApiServer implements HttpRequestHandler { s_logger.info("User signature: " + signature + " is not equaled to computed signature: " + computedSignature); } return equalSig; - } catch (Exception ex) { - if (ex instanceof ServerApiException && ((ServerApiException) ex).getErrorCode() == BaseCmd.UNSUPPORTED_ACTION_ERROR) { - throw (ServerApiException) ex; - } - s_logger.error("unable to verifty request signature", ex); + } catch (ServerApiException ex){ + throw ex; + } catch (Exception ex){ + s_logger.error("unable to verify request signature"); } return false; } - public Long fetchDomainId(String domainUUID){ - ComponentLocator locator = ComponentLocator.getLocator(ManagementServer.Name); - IdentityDao identityDao = locator.getDao(IdentityDao.class); - try{ - Long domainId = identityDao.getIdentityId("domain", domainUUID); - return domainId; - }catch(InvalidParameterValueException ex){ - return null; - } + public Long fetchDomainId(String domainUUID) { + return _domainMgr.getDomain(domainUUID).getId(); } public void loginUser(HttpSession session, String username, String password, Long domainId, String domainPath, String loginIpAddress ,Map requestParameters) throws CloudAuthenticationException { @@ -800,41 +795,14 @@ public class ApiServer implements HttpRequestHandler { } - private void checkRequestLimit(User user) throws ServerApiException { - Account account = ApiDBUtils.findAccountById(user.getAccountId()); - if ( _accountMgr.isRootAdmin(account.getType()) ){ - // no api throttling for root admin - return; - } - for (APILimitChecker apiChecker : _apiLimitCheckers) { - // Fail the checking if any checker fails to verify - apiChecker.checkLimit(account); - } - } - - - private boolean doesCommandExist(String apiName) { - for (APIChecker apiChecker : _apiAccessCheckers) { - // If any checker has api info on the command, return true - if (apiChecker.checkExistence(apiName)) - return true; - } - return false; - } - - private boolean isCommandAvailable(User user, String commandName) { + private void checkCommandAvailable(User user, String commandName) throws PermissionDeniedException { if (user == null) { - return false; + throw new PermissionDeniedException("User is null for role based API access check for command" + commandName); } - Account account = _accountMgr.getAccount(user.getAccountId()); - RoleType roleType = _accountMgr.getRoleType(account); for (APIChecker apiChecker : _apiAccessCheckers) { - // Fail the checking if any checker fails to verify - if (!apiChecker.checkAccess(roleType, commandName)) - return false; + apiChecker.checkAccess(user, commandName); } - return true; } private Class getCmdClass(String cmdName) { diff --git a/server/src/com/cloud/api/ApiServlet.java b/server/src/com/cloud/api/ApiServlet.java index 19091f25ff2..21373cdf17f 100755 --- a/server/src/com/cloud/api/ApiServlet.java +++ b/server/src/com/cloud/api/ApiServlet.java @@ -128,7 +128,7 @@ public class ApiServlet extends HttpServlet { reqStr = auditTrailSb.toString() + " " + req.getQueryString(); s_logger.debug("===START=== " + StringUtils.cleanString(reqStr)); } - + try { HttpSession session = req.getSession(false); Object[] responseTypeParam = params.get("response"); @@ -298,24 +298,16 @@ public class ApiServlet extends HttpServlet { * params.put(BaseCmd.Properties.ACCOUNT_OBJ.getName(), new Object[] { accountObj }); } else { * params.put(BaseCmd.Properties.USER_ID.getName(), new String[] { userId }); * params.put(BaseCmd.Properties.ACCOUNT_OBJ.getName(), new Object[] { accountObj }); } } - * + * * // update user context info here so that we can take information if the request is authenticated // via api * key mechanism updateUserContext(params, session != null ? session.getId() : null); */ - auditTrailSb.insert(0, - "(userId=" + UserContext.current().getCallerUserId() + " accountId=" + UserContext.current().getCaller().getId() + " sessionId=" + (session != null ? session.getId() : null) - + ")"); + auditTrailSb.insert(0, "(userId=" + UserContext.current().getCallerUserId() + " accountId=" + + UserContext.current().getCaller().getId() + " sessionId=" + (session != null ? session.getId() : null) + ")"); - try { - String response = _apiServer.handleRequest(params, false, responseType, auditTrailSb); - writeResponse(resp, response != null ? response : "", HttpServletResponse.SC_OK, responseType); - } catch (ServerApiException se) { - String serializedResponseText = _apiServer.getSerializedApiError(se.getErrorCode(), se.getDescription(), params, responseType, null); - resp.setHeader("X-Description", se.getDescription()); - writeResponse(resp, serializedResponseText, se.getErrorCode(), responseType); - auditTrailSb.append(" " + se.getErrorCode() + " " + se.getDescription()); - } + String response = _apiServer.handleRequest(params, false, responseType, auditTrailSb); + writeResponse(resp, response != null ? response : "", HttpServletResponse.SC_OK, responseType); } else { if (session != null) { try { @@ -329,17 +321,14 @@ public class ApiServlet extends HttpServlet { writeResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED, responseType); } + } catch (ServerApiException se) { + String serializedResponseText = _apiServer.getSerializedApiError(se.getErrorCode(), se.getDescription(), params, responseType, null); + resp.setHeader("X-Description", se.getDescription()); + writeResponse(resp, serializedResponseText, se.getErrorCode(), responseType); + auditTrailSb.append(" " + se.getErrorCode() + " " + se.getDescription()); } catch (Exception ex) { - if (ex instanceof ServerApiException && ((ServerApiException) ex).getErrorCode() == BaseCmd.UNSUPPORTED_ACTION_ERROR) { - ServerApiException se = (ServerApiException) ex; - String serializedResponseText = _apiServer.getSerializedApiError(se.getErrorCode(), se.getDescription(), params, responseType, null); - resp.setHeader("X-Description", se.getDescription()); - writeResponse(resp, serializedResponseText, se.getErrorCode(), responseType); - auditTrailSb.append(" " + se.getErrorCode() + " " + se.getDescription()); - } else { - s_logger.error("unknown exception writing api response", ex); - auditTrailSb.append(" unknown exception writing api response"); - } + s_logger.error("unknown exception writing api response", ex); + auditTrailSb.append(" unknown exception writing api response"); } finally { s_accessLogger.info(auditTrailSb.toString()); if (s_logger.isDebugEnabled()) { @@ -354,9 +343,9 @@ public class ApiServlet extends HttpServlet { * private void updateUserContext(Map requestParameters, String sessionId) { String userIdStr = * (String)(requestParameters.get(BaseCmd.Properties.USER_ID.getName())[0]); Account accountObj = * (Account)(requestParameters.get(BaseCmd.Properties.ACCOUNT_OBJ.getName())[0]); - * + * * Long userId = null; Long accountId = null; if(userIdStr != null) userId = Long.parseLong(userIdStr); - * + * * if(accountObj != null) accountId = accountObj.getId(); UserContext.updateContext(userId, accountId, sessionId); } */ @@ -386,7 +375,7 @@ public class ApiServlet extends HttpServlet { private String getLoginSuccessResponse(HttpSession session, String responseType) { StringBuffer sb = new StringBuffer(); int inactiveInterval = session.getMaxInactiveInterval(); - + String user_UUID = (String)session.getAttribute("user_UUID"); session.removeAttribute("user_UUID"); diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index e6bf3d543de..59abd9982c6 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -358,10 +358,7 @@ public enum Config { DetailBatchQuerySize("Advanced", ManagementServer.class, Integer.class, "detail.batch.query.size", "2000", "Default entity detail batch query size for listing", null), ConcurrentSnapshotsThresholdPerHost("Advanced", ManagementServer.class, Long.class, "concurrent.snapshots.threshold.perhost", - null, "Limits number of snapshots that can be handled by the host concurrently; default is NULL - unlimited", null), - - // API throttling - ApiLimitEnabled("Advanced", ManagementServer.class, Boolean.class, "api.throttling.enable", "true", "If true, api throttline feature is enabled", "true,false"); + null, "Limits number of snapshots that can be handled by the host concurrently; default is NULL - unlimited", null); private final String _category; private final Class _componentClass; diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index 2e20c134b54..b21c5a38bb7 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -2071,7 +2071,12 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura Long projectId = cmd.getProjectId(); Long domainId = cmd.getDomainId(); Account vlanOwner = null; - + + // if end ip is not specified, default it to startIp + if (endIP == null && startIP != null) { + endIP = startIP; + } + if (projectId != null) { if (accountName != null) { throw new InvalidParameterValueException("Account and projectId are mutually exclusive"); @@ -2176,6 +2181,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura throw new InvalidParameterValueException("Nework id is required for Direct vlan creation "); } networkId = network.getId(); + zoneId = network.getDataCenterId(); } } else if (network.getGuestType() == null || network.getGuestType() == Network.GuestType.Isolated) { throw new InvalidParameterValueException("Can't create direct vlan for network id=" + networkId + " with type: " + network.getGuestType()); @@ -2192,34 +2198,34 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura endIP = startIP; } - if (forVirtualNetwork || zone.getNetworkType() == DataCenter.NetworkType.Basic || zone.isSecurityGroupEnabled()) { - if (vlanGateway == null || vlanNetmask == null || zoneId == null) { - throw new InvalidParameterValueException("Gateway, netmask and zoneId have to be passed in for virtual and direct untagged networks"); - } - } else { - // check if startIp and endIp belong to network Cidr - String networkCidr = network.getCidr(); - String networkGateway = network.getGateway(); - Long networkZoneId = network.getDataCenterId(); - String networkNetmask = NetUtils.getCidrNetmask(networkCidr); - - // Check if ip addresses are in network range - if (!NetUtils.sameSubnet(startIP, networkGateway, networkNetmask)) { - throw new InvalidParameterValueException("Start ip is not in network cidr: " + networkCidr); - } - - if (endIP != null) { - if (!NetUtils.sameSubnet(endIP, networkGateway, networkNetmask)) { - throw new InvalidParameterValueException("End ip is not in network cidr: " + networkCidr); + if ( zone.getNetworkType() == DataCenter.NetworkType.Advanced ) { + if (network.getTrafficType() == TrafficType.Guest) { + if (network.getGuestType() != GuestType.Shared) { + throw new InvalidParameterValueException("Can execute createVLANIpRanges on shared guest network, but type of this guest network " + + network.getId() + " is " + network.getGuestType()); } + List vlans = _vlanDao.listVlansByNetworkId(network.getId()); + if ( vlans != null && vlans.size() > 0 ) { + VlanVO vlan = vlans.get(0); + if ( vlanId == null ) { + vlanId = vlan.getVlanTag(); + } else if ( vlan.getVlanTag() != vlanId ) { + throw new InvalidParameterValueException("there is already one vlan " + vlan.getVlanTag() + " on network :" + + + network.getId() + ", only one vlan is allowed on guest network"); + } + vlanGateway = vlan.getVlanGateway(); + vlanNetmask = vlan.getVlanNetmask(); + } + } else if (network.getTrafficType() == TrafficType.Management) { + throw new InvalidParameterValueException("Cannot execute createVLANIpRanges on management network"); } - - // set gateway, netmask, zone from network object - vlanGateway = networkGateway; - vlanNetmask = networkNetmask; - zoneId = networkZoneId; } + if (vlanGateway == null || vlanNetmask == null || zoneId == null) { + throw new InvalidParameterValueException("Gateway, netmask and zoneId have to be passed in for virtual and direct untagged networks"); + } + + // if it's an account specific range, associate ip address list to the account boolean associateIpRangeToAccount = false; diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java index 4994f4f526b..5bc5d27ee08 100755 --- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java +++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java @@ -31,6 +31,8 @@ import javax.ejb.Local; import javax.naming.ConfigurationException; import javax.persistence.Table; +import com.cloud.offering.DiskOffering; +import com.cloud.storage.dao.DiskOfferingDao; import org.apache.log4j.Logger; import com.cloud.agent.AgentManager; @@ -107,7 +109,6 @@ import com.cloud.resource.UnableDeleteHostException; import com.cloud.service.ServiceOfferingVO; import com.cloud.service.dao.ServiceOfferingDao; import com.cloud.servlet.ConsoleProxyServlet; -import com.cloud.storage.DiskOfferingVO; import com.cloud.storage.StorageManager; import com.cloud.storage.StoragePoolStatus; import com.cloud.storage.StoragePoolVO; @@ -138,7 +139,6 @@ import com.cloud.utils.db.Transaction; import com.cloud.utils.events.SubscriptionMgr; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.net.NetUtils; -import com.cloud.uuididentity.dao.IdentityDao; import com.cloud.vm.ConsoleProxyVO; import com.cloud.vm.NicProfile; import com.cloud.vm.ReservationContext; @@ -216,6 +216,8 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx @Inject ServiceOfferingDao _offeringDao; @Inject + DiskOfferingDao _diskOfferingDao; + @Inject NetworkOfferingDao _networkOfferingDao; @Inject StoragePoolDao _storagePoolDao; @@ -224,8 +226,6 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx @Inject ResourceManager _resourceMgr; @Inject - IdentityDao _identityDao; - @Inject NetworkDao _networkDao; @Inject RulesManager _rulesMgr; @@ -928,14 +928,12 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx return new ConsoleAccessAuthenticationAnswer(cmd, false); } - vmId = _identityDao.getIdentityId("vm_instance", cmd.getVmId()); - if (vmId == null) { - s_logger.error("Invalid vm id " + cmd.getVmId() + " sent from console access authentication"); - return new ConsoleAccessAuthenticationAnswer(cmd, false); - } - - VMInstanceVO vm = _instanceDao.findById(vmId); + VirtualMachine vm = _instanceDao.findByUuid(cmd.getVmId()); if (vm == null) { + vm = _instanceDao.findById(Long.parseLong(cmd.getVmId())); + } + if (vm == null) { + s_logger.error("Invalid vm id " + cmd.getVmId() + " sent from console access authentication"); return new ConsoleAccessAuthenticationAnswer(cmd, false); } @@ -1525,16 +1523,13 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx //check if there is a default service offering configured String cpvmSrvcOffIdStr = configs.get(Config.ConsoleProxyServiceOffering.key()); if (cpvmSrvcOffIdStr != null) { - - Long cpvmSrvcOffId = null; - try { - cpvmSrvcOffId = _identityDao.getIdentityId(DiskOfferingVO.class.getAnnotation(Table.class).name(),cpvmSrvcOffIdStr); - } catch (Exception e) { - String msg = "Can't find system service offering specified by global config, uuid=" + cpvmSrvcOffIdStr + " for console proxy vm"; - s_logger.warn(msg); - } - if(cpvmSrvcOffId != null){ - _serviceOffering = _offeringDao.findById(cpvmSrvcOffId); + DiskOffering diskOffering = _diskOfferingDao.findByUuid(cpvmSrvcOffIdStr); + if (diskOffering == null) + diskOffering = _diskOfferingDao.findById(Long.parseLong(cpvmSrvcOffIdStr)); + if (diskOffering != null) { + _serviceOffering = _offeringDao.findById(diskOffering.getId()); + } else { + s_logger.warn("Can't find system service offering specified by global config, uuid=" + cpvmSrvcOffIdStr + " for console proxy vm"); } } diff --git a/server/src/com/cloud/hypervisor/HypervisorGuruBase.java b/server/src/com/cloud/hypervisor/HypervisorGuruBase.java index 242852fc681..2efe6d35098 100644 --- a/server/src/com/cloud/hypervisor/HypervisorGuruBase.java +++ b/server/src/com/cloud/hypervisor/HypervisorGuruBase.java @@ -62,6 +62,7 @@ public abstract class HypervisorGuruBase extends AdapterBase implements Hypervis to.setIsolationuri(profile.getIsolationUri()); to.setNetworkRateMbps(profile.getNetworkRate()); to.setName(profile.getName()); + to.setSecurityGroupEnabled(profile.isSecurityGroupEnabled()); // Workaround to make sure the TO has the UUID we need for Niciri integration NicVO nicVO = _nicDao.findById(profile.getId()); diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index c5003760b68..206392dce49 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -2441,6 +2441,12 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return _networksDao.findById(id); } + @Override + @DB + public Network getNetwork(String uuid) { + return _networksDao.findByUuid(uuid); + } + @Override public List getRemoteAccessVpnElements() { List elements = new ArrayList(); diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java index 823b74f269b..02a239e72d9 100755 --- a/server/src/com/cloud/network/element/VirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VirtualRouterElement.java @@ -26,6 +26,7 @@ import javax.ejb.Local; import com.cloud.utils.PropertiesUtil; import org.apache.cloudstack.api.command.admin.router.ConfigureVirtualRouterElementCmd; +import org.apache.cloudstack.api.command.admin.router.CreateVirtualRouterElementCmd; import org.apache.cloudstack.api.command.admin.router.ListVirtualRouterElementsCmd; import org.apache.log4j.Logger; @@ -681,9 +682,12 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "virtualrouter_commands.properties" }); + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(CreateVirtualRouterElementCmd.class); + cmdList.add(ConfigureVirtualRouterElementCmd.class); + cmdList.add(ListVirtualRouterElementsCmd.class); + return cmdList; } @Override diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 1f74c7174e8..492e1dc20b1 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1381,9 +1381,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian assert guestNetwork.getTrafficType() == TrafficType.Guest; // 1) Get deployment plan and find out the list of routers - boolean isPodBased = (dest.getDataCenter().getNetworkType() == NetworkType.Basic || - _networkMgr.areServicesSupportedInNetwork(guestNetwork.getId(), Service.SecurityGroup)) - && guestNetwork.getTrafficType() == TrafficType.Guest; + boolean isPodBased = (dest.getDataCenter().getNetworkType() == NetworkType.Basic); // dest has pod=null, for Basic Zone findOrDeployVRs for all Pods List destinations = new ArrayList(); diff --git a/server/src/com/cloud/server/ManagementServerExtImpl.java b/server/src/com/cloud/server/ManagementServerExtImpl.java index 8a59d2f9c1c..c8c188b38ad 100644 --- a/server/src/com/cloud/server/ManagementServerExtImpl.java +++ b/server/src/com/cloud/server/ManagementServerExtImpl.java @@ -207,9 +207,9 @@ public class ManagementServerExtImpl extends ManagementServerImpl implements Man } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "commands.properties", "commands-ext.properties" }); + public List> getCommands() { + //TODO: Add api cmd classes + return null; } private Date computeAdjustedTime(Date initialDate, TimeZone targetTZ, boolean adjustToDayStart) { diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 79ad759dd0b..4efae630f36 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -760,7 +760,6 @@ public class ManagementServerImpl implements ManagementServer { sc.addAnd("vm_type", SearchCriteria.Op.EQ, vmTypeStr); } - sc.addAnd("systemUse", SearchCriteria.Op.EQ, isSystem); sc.addAnd("removed", SearchCriteria.Op.NULL); return _offeringsDao.search(sc, searchFilter); @@ -2298,9 +2297,9 @@ public class ManagementServerImpl implements ManagementServer { } @Override - public Map getProperties() { - return PropertiesUtil.processConfigFile(new String[] - { "commands.properties" }); + public List> getCommands() { + //TODO: Add cmd classes + return null; } protected class EventPurgeTask implements Runnable { diff --git a/server/src/com/cloud/user/DomainManagerImpl.java b/server/src/com/cloud/user/DomainManagerImpl.java index 123b8951b2e..54ca2ac44bd 100644 --- a/server/src/com/cloud/user/DomainManagerImpl.java +++ b/server/src/com/cloud/user/DomainManagerImpl.java @@ -85,6 +85,11 @@ public class DomainManagerImpl implements DomainManager, DomainService, Manager return _domainDao.findById(domainId); } + @Override + public Domain getDomain(String domainUuid) { + return _domainDao.findByUuid(domainUuid); + } + @Override public String getName() { return _name; diff --git a/server/test/com/cloud/api/ListPerfTest.java b/server/test/com/cloud/api/ListPerfTest.java index e5d277a314f..350dde88b1c 100644 --- a/server/test/com/cloud/api/ListPerfTest.java +++ b/server/test/com/cloud/api/ListPerfTest.java @@ -16,6 +16,8 @@ // under the License. package com.cloud.api; +import static org.junit.Assert.*; + import java.util.HashMap; import java.util.concurrent.CountDownLatch; import java.util.concurrent.ExecutorService; @@ -24,6 +26,8 @@ import java.util.concurrent.Executors; import org.junit.Before; import org.junit.Test; +import com.cloud.utils.exception.CloudRuntimeException; + /** * Test fixture to do performance test for list command @@ -175,7 +179,8 @@ public class ListPerfTest extends APITest { params.put("response", "json"); params.put("listAll", "true"); params.put("sessionkey", sessionKey); - int clientCount = 6; + // assuming ApiRateLimitService set api.throttling.max = 25 + int clientCount = 26; Runnable[] clients = new Runnable[clientCount]; final boolean[] isUsable = new boolean[clientCount]; @@ -196,8 +201,13 @@ public class ListPerfTest extends APITest { try { startGate.await(); - System.out.println(sendRequest("listAccounts", params)); + sendRequest("listAccounts", params); + isUsable[j] = true; + + } catch (CloudRuntimeException e){ + isUsable[j] = false; + e.printStackTrace(); } catch (InterruptedException e) { e.printStackTrace(); } finally { @@ -217,6 +227,14 @@ public class ListPerfTest extends APITest { endGate.await(); + int rejectCount = 0; + for ( int i = 0; i < isUsable.length; ++i){ + if ( !isUsable[i]) + rejectCount++; + } + + assertEquals("Only one request should be rejected!", 1, rejectCount); + } } diff --git a/server/test/com/cloud/network/MockNetworkManagerImpl.java b/server/test/com/cloud/network/MockNetworkManagerImpl.java index 26a6e60f714..874e01767a9 100755 --- a/server/test/com/cloud/network/MockNetworkManagerImpl.java +++ b/server/test/com/cloud/network/MockNetworkManagerImpl.java @@ -112,6 +112,12 @@ public class MockNetworkManagerImpl implements NetworkManager, Manager, NetworkS return null; } + @Override + public Network getNetwork(String networkUuid) { + // TODO Auto-generated method stub + return null; + } + @Override public IpAddress getIp(long id) { // TODO Auto-generated method stub diff --git a/server/test/com/cloud/user/MockDomainManagerImpl.java b/server/test/com/cloud/user/MockDomainManagerImpl.java index 6dc4d075b9e..9f49535ce68 100644 --- a/server/test/com/cloud/user/MockDomainManagerImpl.java +++ b/server/test/com/cloud/user/MockDomainManagerImpl.java @@ -46,6 +46,12 @@ public class MockDomainManagerImpl implements Manager, DomainManager { return null; } + @Override + public Domain getDomain(String uuid) { + // TODO Auto-generated method stub + return null; + } + @Override public boolean isChildDomain(Long parentId, Long childId) { // TODO Auto-generated method stub diff --git a/server/test/com/cloud/vpc/MockNetworkManagerImpl.java b/server/test/com/cloud/vpc/MockNetworkManagerImpl.java index 8cb9dd53948..bd8d8bc3a69 100644 --- a/server/test/com/cloud/vpc/MockNetworkManagerImpl.java +++ b/server/test/com/cloud/vpc/MockNetworkManagerImpl.java @@ -156,6 +156,12 @@ public class MockNetworkManagerImpl implements NetworkManager, Manager{ return null; } + @Override + public Network getNetwork(String networkUuid) { + // TODO Auto-generated method stub + return null; + } + /* (non-Javadoc) * @see com.cloud.network.NetworkService#getIp(long) */ diff --git a/setup/db/db/schema-40to410.sql b/setup/db/db/schema-40to410.sql index a6b102a057c..bf3fb303e5b 100644 --- a/setup/db/db/schema-40to410.sql +++ b/setup/db/db/schema-40to410.sql @@ -142,8 +142,6 @@ UPDATE `cloud`.`conditions` set uuid=id WHERE uuid is NULL; INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', '"detail.batch.query.size"', '2000', 'Default entity detail batch query size for listing'); -INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'api.throttling.enabled', 'true, 'enable api rate limiting'); - --- DB views for list api --- use cloud; diff --git a/setup/db/templates.kvm.sql b/setup/db/templates.kvm.sql index bc275f5285d..8a5582540af 100644 --- a/setup/db/templates.kvm.sql +++ b/setup/db/templates.kvm.sql @@ -51,11 +51,12 @@ INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (U INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 5, 'Fedora 10', 'Fedora 10'); INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 5, 'Fedora 9', 'Fedora 9'); INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 5, 'Fedora 8', 'Fedora 8'); -INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Ubuntu 10.04', 'Ubuntu 10.04'); -INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Ubuntu 9.10', 'Ubuntu 9.10'); -INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Ubuntu 9.04', 'Ubuntu 9.04'); -INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Ubuntu 8.10', 'Ubuntu 8.10'); -INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Ubuntu 8.04', 'Ubuntu 8.04'); +INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 10, 'Ubuntu 12.04', 'Ubuntu 12.04'); +INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 10, 'Ubuntu 10.04', 'Ubuntu 10.04'); +INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 10, 'Ubuntu 9.10', 'Ubuntu 9.10'); +INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 10, 'Ubuntu 9.04', 'Ubuntu 9.04'); +INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 10, 'Ubuntu 8.10', 'Ubuntu 8.10'); +INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 10, 'Ubuntu 8.04', 'Ubuntu 8.04'); INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Debian Squeeze', 'Debian Squeeze'); INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Debian Lenny', 'Debian Lenny'); INSERT INTO `cloud`.`guest_os` (uuid, category_id, name, display_name) VALUES (UUID(), 2, 'Debian Etch', 'Debian Etch'); diff --git a/setup/db/templates.sql b/setup/db/templates.sql index 3867d4fe9d2..9980b159630 100755 --- a/setup/db/templates.sql +++ b/setup/db/templates.sql @@ -211,6 +211,8 @@ INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (159 INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (160, UUID(), 6, 'Windows PV'); INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (161, UUID(), 1, 'CentOS 5.7 (32-bit)'); INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (162, UUID(), 1, 'CentOS 5.7 (64-bit)'); +INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (163, UUID(), 10, 'Ubuntu 12.04 (32-bit)'); +INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (164, UUID(), 10, 'Ubuntu 12.04 (64-bit)'); INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (200, UUID(), 1, 'Other CentOS (32-bit)'); INSERT INTO `cloud`.`guest_os` (id, uuid, category_id, display_name) VALUES (201, UUID(), 1, 'Other CentOS (64-bit)'); @@ -370,11 +372,13 @@ INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Debian GNU/Linux 4(32-bit)', 73); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Debian GNU/Linux 4(64-bit)', 74); +INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 12.04 (32-bit)', 162); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 10.04 (32-bit)', 121); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 9.10 (32-bit)', 122); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 9.04 (32-bit)', 123); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 8.10 (32-bit)', 124); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 8.04 (32-bit)', 125); +INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 12.04 (64-bit)', 163); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 10.04 (64-bit)', 126); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 9.10 (64-bit)', 127); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Ubuntu 9.04 (64-bit)', 128); @@ -385,6 +389,7 @@ INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Other Ubuntu Linux (32-bit)', 59); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Other Ubuntu (64-bit)', 100); + INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Other 2.6x Linux (32-bit)', 75); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Other 2.6x Linux (64-bit)', 76); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ("VmWare", 'Other Linux (32-bit)', 98); @@ -454,6 +459,8 @@ INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Fedora 8', 120); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 10.04', 121); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 10.04', 126); +INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 10.04', 162); +INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 10.04', 163); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 9.10', 122); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 9.10', 127); INSERT INTO `cloud`.`guest_os_hypervisor` (hypervisor_type, guest_os_name, guest_os_id) VALUES ('KVM', 'Ubuntu 9.04', 123); diff --git a/tools/apidoc/gen_toc.py b/tools/apidoc/gen_toc.py index 0b281a29c1d..7739aea633f 100644 --- a/tools/apidoc/gen_toc.py +++ b/tools/apidoc/gen_toc.py @@ -129,6 +129,7 @@ known_categories = { 'AutoScale': 'AutoScale', 'Counter': 'AutoScale', 'Condition': 'AutoScale', + 'Api': 'API Discovery', } diff --git a/tools/apidoc/pom.xml b/tools/apidoc/pom.xml index bc7411f7013..6b159ff54eb 100644 --- a/tools/apidoc/pom.xml +++ b/tools/apidoc/pom.xml @@ -57,7 +57,7 @@ ${client.config.jars} ./target -f - ${client.config.conf}/commands.properties,${client.config.conf}/commands-ext.properties,${client.config.conf}/virtualrouter_commands.properties,${client.config.conf}/nicira-nvp_commands.properties + ${client.config.conf}/commands.properties diff --git a/tools/devcloud-kvm/devcloud-kvm-advanced.cfg b/tools/devcloud-kvm/devcloud-kvm-advanced.cfg new file mode 100644 index 00000000000..1110863d848 --- /dev/null +++ b/tools/devcloud-kvm/devcloud-kvm-advanced.cfg @@ -0,0 +1,115 @@ +{ + "zones": [ + { + "localstorageenabled": "true", + "name": "testzone", + "guestcidraddress": "10.1.1.0/24", + "dns1": "8.8.8.8", + "physical_networks": [ + { + "broadcastdomainrange": "Zone", + "vlan": "3900-4000", + "name": "eth0", + "traffictypes": [ + { + "kvm": "cloudbr0", + "typ": "Management" + }, + { + "kvm": "cloudbr0", + "typ": "Guest" + } + ], + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + }, + { + "broadcastdomainrange": "ZONE", + "name": "VpcVirtualRouter" + } + ] + }, + { + "broadcastdomainrange": "Zone", + "name": "eth1", + "traffictypes": [ + { + "kvm": "cloudbr1", + "typ": "Public" + } + ], + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + } + ] + } + ], + "ipranges": [ + { + "startip": "192.168.100.100", + "endip": "192.168.100.199", + "netmask": "255.255.255.0", + "vlan": "untagged", + "gateway": "192.168.100.1" + } + ], + "networktype": "Advanced", + "pods": [ + { + "endip": "172.17.10.199", + "name": "testpod", + "startip": "172.17.10.100", + "netmask": "255.255.255.0", + "clusters": [ + { + "clustername": "testcluster", + "hypervisor": "KVM", + "hosts": [ + { + "username": "root", + "url": "http://172.17.10.10/", + "password": "password" + } + ], + "clustertype": "CloudManaged" + } + ], + "gateway": "172.17.10.1" + } + ], + "internaldns1": "8.8.4.4", + "secondaryStorages": [ + { + "url": "nfs://172.17.10.10:/nfs/secondary" + } + ] + } + ], + "dbSvr": { + "dbSvr": "127.0.0.1", + "passwd": "cloud", + "db": "cloud", + "port": 3306, + "user": "cloud" + }, + "logger": [ + { + "name": "TestClient", + "file": "/var/log/testclient.log" + }, + { + "name": "TestCase", + "file": "/var/log/testcase.log" + } + ], + "mgtSvr": [ + { + "mgtSvrIp": "172.17.10.10", + "port": 8096 + } + ] +} diff --git a/tools/devcloud-kvm/devcloud-kvm.py b/tools/devcloud-kvm/devcloud-kvm.py new file mode 100644 index 00000000000..dd551b58552 --- /dev/null +++ b/tools/devcloud-kvm/devcloud-kvm.py @@ -0,0 +1,157 @@ +#!/usr/bin/env python +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +''' +############################################################ +# Experimental state of scripts +# * Need to be reviewed +# * Only a sandbox +############################################################ +''' +import random +import marvin +from ConfigParser import SafeConfigParser +from optparse import OptionParser +from marvin.configGenerator import * + + +def getGlobalSettings(config): + for k, v in dict(config.items('globals')).iteritems(): + cfg = configuration() + cfg.name = k + cfg.value = v + yield cfg + + +def describeDevcloudKvmResources(config): + zs = cloudstackConfiguration() + + z = zone() + z.dns1 = config.get('environment', 'dns') + z.internaldns1 = config.get('environment', 'dns') + z.name = 'Devcloud-%s'%(config.get('cloudstack', 'hypervisor')) + z.networktype = 'Advanced' + z.guestcidraddress = '10.1.1.0/24' + z.localstorageenabled = 'true' + + vpcprovider = provider() + vpcprovider.name = 'VpcVirtualRouter' + + pn = physical_network() + pn.name = "eth0" + pn.vlan = config.get('cloudstack', 'pnet.vlan') + pn.tags = ["devcloud-guest"] + pn.traffictypes = [traffictype("Guest", {"kvm" :"kvm-guest" }), traffictype("Management")] + pn.providers.append(vpcprovider) + + pn2 = physical_network() + pn2.name = "eth1" + pn2.vlan = config.get('cloudstack', 'pnet2.vlan') + pn2.tags = ["devcloud-public"] + pn2.traffictypes = [traffictype("Public", {"kvm" : "kvm-public"})] + pn2.providers.append(vpcprovider) + + z.physical_networks.append(pn) + z.physical_networks.append(pn2) + + p = pod() + p.name = 'POD0' + p.gateway = config.get('cloudstack', 'private.gateway') + p.startip = config.get('cloudstack', 'private.pod.startip') + p.endip = config.get('cloudstack', 'private.pod.endip') + p.netmask = config.get('cloudstack', 'private.netmask') + + v = iprange() + v.gateway = config.get('cloudstack', 'public.gateway') + v.startip = config.get('cloudstack', 'public.vlan.startip') + v.endip = config.get('cloudstack', 'public.vlan.endip') + v.netmask = config.get('cloudstack', 'public.netmask') + v.vlan = config.get('cloudstack', 'public.vlan') + z.ipranges.append(v) + + c = cluster() + c.clustername = 'C0' + c.hypervisor = config.get('cloudstack', 'hypervisor') + c.clustertype = 'CloudManaged' + + h = host() + h.username = 'root' + h.password = config.get('cloudstack', 'host.password') + h.url = 'http://%s'%(config.get('cloudstack', 'host')) + c.hosts.append(h) + + ps = primaryStorage() + ps.name = 'PS0' + ps.url = config.get('cloudstack', 'primary.pool') + c.primaryStorages.append(ps) + + p.clusters.append(c) + z.pods.append(p) + + secondary = secondaryStorage() + secondary.url = config.get('cloudstack', 'secondary.pool') + z.secondaryStorages.append(secondary) + + '''Add zone''' + zs.zones.append(z) + + '''Add mgt server''' + mgt = managementServer() + mgt.mgtSvrIp = config.get('environment', 'mshost') + mgt.user = config.get('environment', 'mshost.user') + mgt.passwd = config.get('environment', 'mshost.passwd') + zs.mgtSvr.append(mgt) + + '''Add a database''' + db = dbServer() + db.dbSvr = config.get('environment', 'mysql.host') + db.user = config.get('environment', 'mysql.cloud.user') + db.passwd = config.get('environment', 'mysql.cloud.passwd') + zs.dbSvr = db + + '''Add some configuration''' + [zs.globalConfig.append(cfg) for cfg in getGlobalSettings(config)] + + ''''add loggers''' + testClientLogger = logger() + testClientLogger.name = 'TestClient' + testClientLogger.file = 'testclient.log' + + testCaseLogger = logger() + testCaseLogger.name = 'TestCase' + testCaseLogger.file = 'testcase.log' + + zs.logger.append(testClientLogger) + zs.logger.append(testCaseLogger) + return zs + + +if __name__ == '__main__': + parser = OptionParser() + parser.add_option('-i', '--input', action='store', default='setup.properties', \ + dest='input', help='file containing environment setup information') + parser.add_option('-o', '--output', action='store', default='./devcloud-kvm-advanced.cfg', \ + dest='output', help='path where environment json will be generated') + + + (opts, args) = parser.parse_args() + + cfg_parser = SafeConfigParser() + cfg_parser.read(opts.input) + + cfg = describeDevcloudKvmResources(cfg_parser) + generate_setup_config(cfg, opts.output) diff --git a/tools/devcloud-kvm/kvm.properties b/tools/devcloud-kvm/kvm.properties new file mode 100644 index 00000000000..79afcd4a8ea --- /dev/null +++ b/tools/devcloud-kvm/kvm.properties @@ -0,0 +1,62 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + + +[globals] +#global settings in cloudstack +expunge.delay=60 +expunge.interval=60 +storage.cleanup.interval=300 +account.cleanup.interval=600 +expunge.workers=3 +workers=10 +vm.allocation.algorithm=random +vm.op.wait.interval=5 +guest.domain.suffix=devcloud.kvm +instance.name=vm +check.pod.cidrs=true +secstorage.allowed.internal.sites=10.147.28.0/24 +[environment] +dns=8.8.8.8 +mshost=127.0.0.1 +mshost.user=root +mshost.passwd=password +mysql.host=127.0.0.1 +mysql.cloud.user=cloud +mysql.cloud.passwd=cloud +[cloudstack] +#guest VLAN +pnet.vlan=3900-3919 +pnet2.vlan=3920-3939 +#management network +private.gateway=192.168.56.1 +private.pod.startip=192.168.56.200 +private.pod.endip=192.168.56.249 +private.netmask=255.255.255.0 +#public network +public.gateway=10.0.3.2 +public.vlan=31 +public.vlan.startip=10.0.3.100 +public.vlan.endip=10.0.3.199 +public.netmask=255.255.255.0 +#hypervisor host information +hypervisor=KVM +host=192.168.56.10 +host.password=password +#storage pools +primary.pool=nfs://192.168.56.10/opt/storage/primary +secondary.pool=nfs://192.168.56.10/opt/storage/secondary diff --git a/tools/devcloud/devcloud-advanced.cfg b/tools/devcloud/devcloud-advanced.cfg new file mode 100644 index 00000000000..cfbc815dc69 --- /dev/null +++ b/tools/devcloud/devcloud-advanced.cfg @@ -0,0 +1,118 @@ +# This configuration is meant for running advanced networking, with management server on the laptop. +# It requires that the user run a DNS resolver within devcloud via 'apt-get install dnsmasq' + +{ + "zones": [ + { + "localstorageenabled": "true", + "name": "testzone", + "guestcidraddress": "10.1.1.0/24", + "dns1": "8.8.8.8", + "physical_networks": [ + { + "broadcastdomainrange": "Zone", + "vlan": "3900-4000", + "name": "eth0", + "traffictypes": [ + { + "xen": "Pool-wide network associated with eth0", + "typ": "Management" + }, + { + "xen": "Pool-wide network associated with eth0", + "typ": "Guest" + } + ], + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + }, + { + "broadcastdomainrange": "ZONE", + "name": "VpcVirtualRouter" + } + ] + }, + { + "broadcastdomainrange": "Zone", + "name": "eth1", + "traffictypes": [ + { + "xen": "Pool-wide network associated with eth1", + "typ": "Public" + } + ], + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + } + ] + } + ], + "ipranges": [ + { + "startip": "10.0.3.100", + "endip": "10.0.3.199", + "netmask": "255.255.255.0", + "vlan": "untagged", + "gateway": "10.0.3.2" + } + ], + "networktype": "Advanced", + "pods": [ + { + "endip": "192.168.56.249", + "name": "testpod", + "startip": "192.168.56.200", + "netmask": "255.255.255.0", + "clusters": [ + { + "clustername": "testcluster", + "hypervisor": "XenServer", + "hosts": [ + { + "username": "root", + "url": "http://192.168.56.10/", + "password": "password" + } + ], + "clustertype": "CloudManaged" + } + ], + "gateway": "192.168.56.1" + } + ], + "internaldns1": "192.168.56.10", + "secondaryStorages": [ + { + "url": "nfs://192.168.56.10:/opt/storage/secondary" + } + ] + } + ], + "dbSvr": { + "dbSvr": "127.0.0.1", + "passwd": "cloud", + "db": "cloud", + "port": 3306, + "user": "cloud" + }, + "logger": [ + { + "name": "TestClient", + "file": "/var/log/testclient.log" + }, + { + "name": "TestCase", + "file": "/var/log/testcase.log" + } + ], + "mgtSvr": [ + { + "mgtSvrIp": "192.168.56.10", + "port": 8096 + } + ] +} diff --git a/tools/devcloud/devcloud-advanced_internal-mgt.cfg b/tools/devcloud/devcloud-advanced_internal-mgt.cfg new file mode 100644 index 00000000000..e360b6b9e37 --- /dev/null +++ b/tools/devcloud/devcloud-advanced_internal-mgt.cfg @@ -0,0 +1,124 @@ +# This config is designed to run as an advanced network, with management server in devcloud +# It also requires an 'apt-get install dnsmasq' to run a resolver in devcloud for internal dns + +{ + "zones": [ + { + "localstorageenabled": "true", + "name": "testzone", + "guestcidraddress": "10.1.1.0/24", + "dns1": "8.8.8.8", + "physical_networks": [ + { + "broadcastdomainrange": "Zone", + "vlan": "3900-4000", + "name": "eth0", + "traffictypes": [ + { + "xen": "Pool-wide network associated with eth0", + "typ": "Management" + }, + { + "xen": "Pool-wide network associated with eth0", + "typ": "Guest" + } + ], + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + }, + { + "broadcastdomainrange": "ZONE", + "name": "VpcVirtualRouter" + } + ] + }, + { + "broadcastdomainrange": "Zone", + "name": "eth1", + "traffictypes": [ + { + "xen": "Pool-wide network associated with eth1", + "typ": "Public" + } + ], + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + } + ] + } + ], + "ipranges": [ + { + "startip": "10.0.3.100", + "endip": "10.0.3.199", + "netmask": "255.255.255.0", + "vlan": "untagged", + "gateway": "10.0.3.2" + } + ], + "networktype": "Advanced", + "pods": [ + { + "endip": "192.168.56.249", + "name": "testpod", + "startip": "192.168.56.200", + "netmask": "255.255.255.0", + "clusters": [ + { + "clustername": "testcluster", + "hypervisor": "XenServer", + "hosts": [ + { + "username": "root", + "url": "http://192.168.56.10/", + "password": "password" + } + ], + "clustertype": "CloudManaged" + } + ], + "gateway": "192.168.56.1" + } + ], + "internaldns1": "192.168.56.10", + "secondaryStorages": [ + { + "url": "nfs://192.168.56.10:/opt/storage/secondary" + } + ] + } + ], + "dbSvr": { + "dbSvr": "127.0.0.1", + "passwd": "cloud", + "db": "cloud", + "port": 3306, + "user": "cloud" + }, + "logger": [ + { + "name": "TestClient", + "file": "/var/log/testclient.log" + }, + { + "name": "TestCase", + "file": "/var/log/testcase.log" + } + ], + "mgtSvr": [ + { + "mgtSvrIp": "192.168.56.10", + "port": 8096 + } + ], + "globalConfig": [ + { + "name": "host", + "value": "192.168.56.10" + } + ] +} diff --git a/tools/marvin/marvin/configGenerator.py b/tools/marvin/marvin/configGenerator.py index d494beb6444..e2a6a24d69f 100644 --- a/tools/marvin/marvin/configGenerator.py +++ b/tools/marvin/marvin/configGenerator.py @@ -65,8 +65,6 @@ class zone(): self.internaldns2 = None self.securitygroupenabled = None self.localstorageenabled = None - ''' Guest Vlan range - only advanced zone''' - self.vlan = None '''default public network, in advanced mode''' self.ipranges = [] self.physical_networks = [] @@ -80,6 +78,7 @@ class traffictype(): self.xen = labeldict['xen'] if 'xen' in labeldict.keys() else None self.kvm = labeldict['kvm'] if 'kvm' in labeldict.keys() else None self.vmware = labeldict['vmware'] if 'vmware' in labeldict.keys() else None + self.simulator = labeldict['simulator'] if 'simulator' in labeldict.keys() else None #{ # 'xen' : 'cloud-xen', # 'kvm' : 'cloud-kvm', diff --git a/tools/marvin/marvin/deployDataCenter.py b/tools/marvin/marvin/deployDataCenter.py index 0d5f3bdc659..e4f7eace9bd 100644 --- a/tools/marvin/marvin/deployDataCenter.py +++ b/tools/marvin/marvin/deployDataCenter.py @@ -258,10 +258,10 @@ class deployDataCenters(): traffic_type = addTrafficType.addTrafficTypeCmd() traffic_type.physicalnetworkid = physical_network_id traffic_type.traffictype = traffictype.typ - if traffictype.labeldict is not None: - traffic_type.kvmnetworklabel = traffictype.labeldict.kvm - traffic_type.xennetworklabel = traffictype.labeldict.xen - traffic_type.vmwarenetworklabel = traffictype.labeldict.vmware + traffic_type.kvmnetworklabel = traffictype.kvm if traffictype.kvm is not None else None + traffic_type.xennetworklabel = traffictype.xen if traffictype.xen is not None else None + traffic_type.vmwarenetworklabel = traffictype.vmware if traffictype.vmware is not None else None + traffic_type.simulatorlabel = traffictype.simulator if traffictype.simulator is not None else None return self.apiClient.addTrafficType(traffic_type) def enableZone(self, zoneid, allocation_state="Enabled"): @@ -289,7 +289,7 @@ class deployDataCenters(): for pnet in zone.physical_networks: phynetwrk = self.createPhysicalNetwork(pnet, zoneId) self.configureProviders(phynetwrk, pnet.providers) - self.updatePhysicalNetwork(phynetwrk.id, "Enabled", vlan=zone.vlan) + self.updatePhysicalNetwork(phynetwrk.id, "Enabled", vlan=pnet.vlan) if zone.networktype == "Basic": listnetworkoffering = listNetworkOfferings.listNetworkOfferingsCmd() diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py index 0daea5dd579..726a628d070 100644 --- a/tools/marvin/marvin/integration/lib/base.py +++ b/tools/marvin/marvin/integration/lib/base.py @@ -1109,6 +1109,9 @@ class DiskOffering: if domainid: cmd.domainid = domainid + if services["storagetype"]: + cmd.storagetype = services["storagetype"] + return DiskOffering(apiclient.createDiskOffering(cmd).__dict__) def delete(self, apiclient): diff --git a/tools/marvin/marvin/sandbox/advanced/advanced_env.py b/tools/marvin/marvin/sandbox/advanced/advanced_env.py index 1873f31d50f..db78a84b33b 100644 --- a/tools/marvin/marvin/sandbox/advanced/advanced_env.py +++ b/tools/marvin/marvin/sandbox/advanced/advanced_env.py @@ -52,10 +52,22 @@ def describeResources(config): pn = physical_network() pn.name = "Sandbox-pnet" - pn.traffictypes = [traffictype("Guest"), traffictype("Management"), traffictype("Public")] + pn.vlan = config.get('cloudstack', 'pnet.vlan') + pn.tags = ["cloud-simulator-public"] + pn.traffictypes = [traffictype("Guest"), + traffictype("Management", {"simulator" : "cloud-simulator-mgmt"}), + traffictype("Public", {"simulator":"cloud-simulator-public"})] pn.providers.append(vpcprovider) + + pn2 = physical_network() + pn2.name = "Sandbox-pnet2" + pn2.vlan = config.get('cloudstack', 'pnet2.vlan') + pn2.tags = ["cloud-simulator-guest"] + pn2.traffictypes = [traffictype('Guest', {'simulator': 'cloud-simulator-guest'})] + pn2.providers.append(vpcprovider) z.physical_networks.append(pn) + z.physical_networks.append(pn2) p = pod() p.name = 'POD0' @@ -118,11 +130,11 @@ def describeResources(config): ''''add loggers''' testClientLogger = logger() testClientLogger.name = 'TestClient' - testClientLogger.file = '/var/log/testclient.log' + testClientLogger.file = 'testclient.log' testCaseLogger = logger() testCaseLogger.name = 'TestCase' - testCaseLogger.file = '/var/log/testcase.log' + testCaseLogger.file = 'testcase.log' zs.logger.append(testClientLogger) zs.logger.append(testCaseLogger) diff --git a/tools/marvin/marvin/sandbox/advanced/setup.properties b/tools/marvin/marvin/sandbox/advanced/setup.properties index ba44d5146b6..73eacc938d4 100644 --- a/tools/marvin/marvin/sandbox/advanced/setup.properties +++ b/tools/marvin/marvin/sandbox/advanced/setup.properties @@ -24,10 +24,9 @@ storage.cleanup.interval=300 account.cleanup.interval=600 expunge.workers=3 workers=10 -use.user.concentrated.pod.allocation=false vm.allocation.algorithm=random vm.op.wait.interval=5 -guest.domain.suffix=sandbox.kvm +guest.domain.suffix=sandbox.simulator instance.name=QA direct.agent.load.size=1000 default.page.size=10000 @@ -35,15 +34,16 @@ check.pod.cidrs=true secstorage.allowed.internal.sites=10.147.28.0/24 [environment] dns=10.147.28.6 -mshost=10.147.29.111 +mshost=localhost mshost.user=root mshost.passwd=password -mysql.host=10.147.29.111 +mysql.host=localhost mysql.cloud.user=cloud mysql.cloud.passwd=cloud [cloudstack] #guest VLAN -zone.vlan=675-679 +pnet.vlan=675-679 +pnet2.vlan=800-1000 #management network private.gateway=10.147.29.1 private.pod.startip=10.147.29.150 @@ -56,9 +56,9 @@ public.vlan.startip=10.147.31.150 public.vlan.endip=10.147.31.159 public.netmask=255.255.255.0 #hypervisor host information -hypervisor=XenServer -host=10.147.29.58 +hypervisor=Simulator +host=simulator0 host.password=password #storage pools -primary.pool=nfs://10.147.28.6:/export/home/sandbox/kamakura +primary.pool=nfs://10.147.28.6:/export/home/sandbox/primary secondary.pool=nfs://10.147.28.6:/export/home/sandbox/sstor diff --git a/ui/scripts/network.js b/ui/scripts/network.js index 4103c3e2b6e..f3308bb5ba7 100755 --- a/ui/scripts/network.js +++ b/ui/scripts/network.js @@ -1259,12 +1259,16 @@ data.listvirtualmachinesresponse.virtualmachine : [], function(instance) { var nonAutoScale=0; + if(instance.displayname == null) + nonAutoScale = 1; + else{ if( instance.displayname.match(/AutoScale-LB-/)==null) nonAutoScale =1; else { if(instance.displayname.match(/AutoScale-LB-/).length) nonAutoScale =0; } + } var isActiveState= $.inArray(instance.state, ['Destroyed','Expunging']) == -1; return nonAutoScale && isActiveState; } @@ -2623,12 +2627,16 @@ function(instance) { //Hiding the autoScale VMs var nonAutoScale =0; + if(instance.displayname == null) + nonAutoScale = 1 + else { if(instance.displayname.match(/AutoScale-LB-/) == null) nonAutoScale = 1; else { if( instance.displayname.match(/AutoScale-LB-/).length) nonAutoScale =0; - } + } + } var isActiveState = $.inArray(instance.state, ['Destroyed','Expunging']) == -1; var notExisting = !$.grep(itemData, function(item) { return item.id == instance.id; diff --git a/ui/scripts/sharedFunctions.js b/ui/scripts/sharedFunctions.js index eb78ad15da0..51c4fdb5902 100644 --- a/ui/scripts/sharedFunctions.js +++ b/ui/scripts/sharedFunctions.js @@ -208,12 +208,13 @@ function parseXMLHttpResponse(XMLHttpResponse) { var json = JSON.parse(XMLHttpResponse.responseText); if (json != null) { var property; - for(property in json) {} + for(property in json) { var errorObj = json[property]; if(errorObj.errorcode == 401 && errorObj.errortext == "unable to verify user credentials and/or request signature") return _l('label.session.expired'); else return _s(errorObj.errortext); + } } else { return ""; diff --git a/utils/src/com/cloud/utils/component/PluggableService.java b/utils/src/com/cloud/utils/component/PluggableService.java index f6f72a904d0..5e0e4dfff16 100644 --- a/utils/src/com/cloud/utils/component/PluggableService.java +++ b/utils/src/com/cloud/utils/component/PluggableService.java @@ -16,11 +16,12 @@ // under the License. package com.cloud.utils.component; +import java.util.List; import java.util.Map; // This interface defines methods for pluggable code within the Cloud Stack. public interface PluggableService { // The config command properties filenames that lists allowed API commands // and role masks supported by this pluggable service - Map getProperties(); + List> getCommands(); } diff --git a/utils/src/com/cloud/utils/db/GenericDao.java b/utils/src/com/cloud/utils/db/GenericDao.java index 2fae1afe43d..15d04b76a1c 100755 --- a/utils/src/com/cloud/utils/db/GenericDao.java +++ b/utils/src/com/cloud/utils/db/GenericDao.java @@ -56,7 +56,7 @@ public interface GenericDao { T findById(ID id, boolean fresh); // Finds one unique VO using uuid - T findByUuid(ID uuid); + T findByUuid(String uuid); /** * @return VO object ready to be used for update. It won't have any fields filled in. diff --git a/utils/src/com/cloud/utils/db/GenericDaoBase.java b/utils/src/com/cloud/utils/db/GenericDaoBase.java index 92e9e1c4405..880e9de22a8 100755 --- a/utils/src/com/cloud/utils/db/GenericDaoBase.java +++ b/utils/src/com/cloud/utils/db/GenericDaoBase.java @@ -915,7 +915,7 @@ public abstract class GenericDaoBase implements Gene @Override @DB(txn=false) @SuppressWarnings("unchecked") - public T findByUuid(final ID uuid) { + public T findByUuid(final String uuid) { SearchCriteria sc = createSearchCriteria(); sc.addAnd("uuid", SearchCriteria.Op.EQ, uuid); return findOneBy(sc); diff --git a/utils/src/com/cloud/utils/exception/CSExceptionErrorCode.java b/utils/src/com/cloud/utils/exception/CSExceptionErrorCode.java index 303e0d681fa..8f402336ba3 100755 --- a/utils/src/com/cloud/utils/exception/CSExceptionErrorCode.java +++ b/utils/src/com/cloud/utils/exception/CSExceptionErrorCode.java @@ -96,6 +96,7 @@ public class CSExceptionErrorCode { ExceptionErrorCodeMap.put("com.cloud.exception.UnsupportedServiceException", 4530); ExceptionErrorCodeMap.put("com.cloud.exception.VirtualMachineMigrationException", 4535); ExceptionErrorCodeMap.put("com.cloud.async.AsyncCommandQueued", 4540); + ExceptionErrorCodeMap.put("com.cloud.exception.RequestLimitException", 4545); // Have a special error code for ServerApiException when it is // thrown in a standalone manner when failing to detect any of the above