From c3e5964dcbbd3b3ff34562aeeb9f8daa154ee7d1 Mon Sep 17 00:00:00 2001 From: Rajani Karuturi Date: Tue, 4 Nov 2014 18:16:50 +0530 Subject: [PATCH 1/2] Fixed CLOUDSTACK-7242: Adding a securing config using configDepo doesnt work In ConfigurationVo, changed the setter to do the encryption if required like the getter. Called the setter in constructor as well. Removed references of encryption check in different places. Reviewed-by: Santhosh Edukulla This closes #35 --- .../config/dao/ConfigurationDaoImpl.java | 3 --- .../framework/config/impl/ConfigurationVO.java | 18 +++++++++++++++--- .../cloud/server/ConfigurationServerImpl.java | 3 +-- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/framework/config/src/org/apache/cloudstack/framework/config/dao/ConfigurationDaoImpl.java b/framework/config/src/org/apache/cloudstack/framework/config/dao/ConfigurationDaoImpl.java index 2934b018474..f3f04952666 100644 --- a/framework/config/src/org/apache/cloudstack/framework/config/dao/ConfigurationDaoImpl.java +++ b/framework/config/src/org/apache/cloudstack/framework/config/dao/ConfigurationDaoImpl.java @@ -210,9 +210,6 @@ public class ConfigurationDaoImpl extends GenericDaoBase key) { @@ -122,11 +122,23 @@ public class ConfigurationVO implements Configuration { @Override public String getValue() { - return (("Hidden".equals(getCategory()) || "Secure".equals(getCategory())) ? DBEncryptionUtil.decrypt(value) : value); + if(isEncryptedConfig()) { + return DBEncryptionUtil.decrypt(value); + } else { + return value; + } } public void setValue(String value) { - this.value = value; + if(isEncryptedConfig()) { + this.value = DBEncryptionUtil.encrypt(value); + } else { + this.value = value; + } + } + + private boolean isEncryptedConfig() { + return "Hidden".equals(getCategory()) || "Secure".equals(getCategory()); } @Override diff --git a/server/src/com/cloud/server/ConfigurationServerImpl.java b/server/src/com/cloud/server/ConfigurationServerImpl.java index 990f2ff3042..7b0d8985597 100755 --- a/server/src/com/cloud/server/ConfigurationServerImpl.java +++ b/server/src/com/cloud/server/ConfigurationServerImpl.java @@ -203,7 +203,6 @@ public class ConfigurationServerImpl extends ManagerBase implements Configuratio String instance = "DEFAULT"; String component = c.getComponent(); String value = c.getDefaultValue(); - value = ("Hidden".equals(category) || "Secure".equals(category)) ? DBEncryptionUtil.encrypt(value) : value; String description = c.getDescription(); ConfigurationVO configVO = new ConfigurationVO(category, instance, component, name, value, description); configVO.setDefaultValue(value); @@ -635,7 +634,7 @@ public class ConfigurationServerImpl extends ManagerBase implements Configuratio } String base64Keystore = getBase64Keystore(keystorePath); ConfigurationVO configVO = - new ConfigurationVO("Hidden", "DEFAULT", "management-server", "ssl.keystore", DBEncryptionUtil.encrypt(base64Keystore), + new ConfigurationVO("Hidden", "DEFAULT", "management-server", "ssl.keystore", base64Keystore, "SSL Keystore for the management servers"); _configDao.persist(configVO); s_logger.info("Stored SSL keystore to database."); From 2cd4ad201adbee3ad75dd57d8196b633cdd0494b Mon Sep 17 00:00:00 2001 From: Gaurav Aradhye Date: Tue, 4 Nov 2014 18:08:15 +0530 Subject: [PATCH 2/2] CLOUDSTACK-7800: Correcting code related to unplug NIC on VMware Signed-off-by: SrikanteswaraRao Talluri --- test/integration/smoke/test_nic.py | 90 ++++++++++-------------------- 1 file changed, 30 insertions(+), 60 deletions(-) diff --git a/test/integration/smoke/test_nic.py b/test/integration/smoke/test_nic.py index f130bbe3541..86faa56b3c7 100644 --- a/test/integration/smoke/test_nic.py +++ b/test/integration/smoke/test_nic.py @@ -24,6 +24,8 @@ from marvin.lib.base import (Account, from marvin.lib.common import (get_zone, get_template, get_domain) +from marvin.lib.utils import validateList +from marvin.codes import PASS from nose.plugins.attrib import attr import signal @@ -149,7 +151,6 @@ class TestNic(cloudstackTestCase): hypervisorIsVmware = False isVmwareToolInstalled = False - assertForExceptionForNicOperations = False if self.hypervisor.lower() == "vmware": hypervisorIsVmware = True @@ -163,59 +164,18 @@ class TestNic(cloudstackTestCase): mode=self.zone.networktype if hypervisorIsVmware else "default" ) - # If hypervisor is Vmware, then check if - # the vmware tools are installed and the process is running - # Vmware tools are necessary for add and remove nic operations - if hypervisorIsVmware: - sshClient = self.virtual_machine.get_ssh_client() - result = str( - sshClient.execute("service vmware-tools status")).lower() - self.debug("and result is: %s" % result) - if "running" in result: - isVmwareToolInstalled = True - - # If Vmware tools are not installed in case of vmware hypervisor - # then check for exception while performing add and remove nic - # operations - if hypervisorIsVmware and not isVmwareToolInstalled: - assertForExceptionForNicOperations = True - self.cleanup.insert(0, self.virtual_machine) - list_vm_response = VirtualMachine.list( + vms = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id ) - self.debug( - "Verify listVirtualMachines response for virtual machine: %s" - % self.virtual_machine.id - ) - self.assertEqual( - isinstance(list_vm_response, list), - True, - "Check list response returns a valid list" - ) + validateList(vms)[0], + PASS, + "vms list validation failed") - self.assertNotEqual( - len(list_vm_response), - 0, - "Check VM available in List Virtual Machines" - ) - vm_response = list_vm_response[0] - - self.assertEqual( - - vm_response.id, - self.virtual_machine.id, - "Check virtual machine id in listVirtualMachines" - ) - - self.assertEqual( - vm_response.name, - self.virtual_machine.name, - "Check virtual machine name in listVirtualMachines" - ) + vm_response = vms[0] self.assertEqual( len(vm_response.nic), @@ -231,30 +191,40 @@ class TestNic(cloudstackTestCase): existing_nic_ip = vm_response.nic[0].ipaddress existing_nic_id = vm_response.nic[0].id - if assertForExceptionForNicOperations: - with self.assertRaises(Exception): - self.virtual_machine.add_nic( + self.virtual_machine.add_nic( self.apiclient, self.test_network2.id) - - else: - # 1. add a nic - self.virtual_machine.add_nic(self.apiclient, self.test_network2.id) - - time.sleep(5) - # now go get the vm list? - - list_vm_response = VirtualMachine.list( + list_vm_response = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id ) - self.assertEqual( + self.assertEqual( len(list_vm_response[0].nic), 2, "Verify we have 2 NIC's now" ) + # If hypervisor is Vmware, then check if + # the vmware tools are installed and the process is running + # Vmware tools are necessary for remove nic operations (vmware 5.5+) + if hypervisorIsVmware: + sshClient = self.virtual_machine.get_ssh_client() + result = str( + sshClient.execute("service vmware-tools status")).lower() + self.debug("and result is: %s" % result) + if "running" in result: + isVmwareToolInstalled = True + + goForUnplugOperation = True + # If Vmware tools are not installed in case of vmware hypervisor + # then don't go further for unplug operation (remove nic) as it won't + # be supported + if hypervisorIsVmware and not isVmwareToolInstalled: + goForUnplugOperation = False + + + if goForUnplugOperation: new_nic_id = "" for nc in list_vm_response[0].nic: if nc.ipaddress != existing_nic_ip: