bug 11811: Changing permissions for extraction of volumes based out of isos.

As per the new design following would be done. (a) any ISO-derived disk can be extracted (b) there will be a global config to disable extraction of ISO based volumes. That way people concerned about (a) can just use (b) to fix it. Reviewed by : Kishan. status 11811: resolved fixed
2011-11-21 16:58:09 +05:30 · 2011-11-21 16:58:09 +05:30 · 57aa7dec91
parent 354b4af63b
commit 57aa7dec91
5 changed files with 26 additions and 10 deletions
--- a/api/src/com/cloud/api/commands/ExtractVolumeCmd.java
+++ b/api/src/com/cloud/api/commands/ExtractVolumeCmd.java
@ -47,16 +47,13 @@ public class ExtractVolumeCmd extends BaseAsyncCmd {
    //////////////// API parameters /////////////////////
    /////////////////////////////////////////////////////

-    //FIXME - add description
    @IdentityMapper(entityTableName="volumes")
    @Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="the ID of the volume")
    private Long id;

-    //FIXME - add description
    @Parameter(name=ApiConstants.URL, type=CommandType.STRING, required=false, description="the url to which the volume would be extracted")
    private String url;

-    //FIXME - add description
    @IdentityMapper(entityTableName="data_center")
    @Parameter(name=ApiConstants.ZONE_ID, type=CommandType.LONG, required=true, description="the ID of the zone where the volume is located")
    private Long zoneId;
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@ -654,6 +654,12 @@ public class ApiDBUtils {
        return cpuOverprovisioningFactor;
    }
    
+
+    public static boolean isIsoBasedVolumesExtractionAllowed() {
+        String isIsoBasedVolumesExtractionAllowed = _configDao.getValue(Config.AllowIsoBasedVolumesExtraction.key()); 
+        return (isIsoBasedVolumesExtractionAllowed == null) ? true : Boolean.parseBoolean(isIsoBasedVolumesExtractionAllowed);        
+    }
+    
    public static SecurityGroup getSecurityGroup(String groupName, long ownerId) {
        return _securityGroupMgr.getSecurityGroup(groupName, ownerId);
    }
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@ -150,6 +150,7 @@ public enum Config {
 	ExpungeWorkers("Advanced", UserVmManager.class, Integer.class, "expunge.workers",  "1", "Number of workers performing expunge ", null),
 	ExtractURLCleanUpInterval("Advanced", ManagementServer.class, Integer.class, "extract.url.cleanup.interval",  "7200", "The interval (in seconds) to wait before cleaning up the extract URL's ", null),
 	ExtractURLExpirationInterval("Advanced", ManagementServer.class, Integer.class, "extract.url.expiration.interval",  "14400", "The life of an extract URL after which it is deleted ", null),
+	AllowIsoBasedVolumesExtraction("Advanced", ManagementServer.class, Boolean.class, "allow.iso.based.volumes.extraction",  "true", "Flag for allowing/disallowing extraction of Iso based Volumes ", null),
 	HostStatsInterval("Advanced", ManagementServer.class, Integer.class, "host.stats.interval", "60000", "The interval (in milliseconds) when host stats are retrieved from agents.", null),
 	HostRetry("Advanced", AgentManager.class, Integer.class, "host.retry", "2", "Number of times to retry hosts for creating a volume", null),
 	IntegrationAPIPort("Advanced", ManagementServer.class, Integer.class, "integration.api.port", "8096", "Defaul API port", null),
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@ -3425,17 +3425,25 @@ public class ManagementServerImpl implements ManagementServer {
        if (volume.getPoolId() == null) {
            throw new InvalidParameterValueException("The volume doesnt belong to a storage pool so cant extract it");
        }
+        
        // Extract activity only for detached volumes or for volumes whose instance is stopped
        if (volume.getInstanceId() != null && ApiDBUtils.findVMInstanceById(volume.getInstanceId()).getState() != State.Stopped) {
            s_logger.debug("Invalid state of the volume with ID: " + volumeId + ". It should be either detached or the VM should be in stopped state.");
            throw new PermissionDeniedException("Invalid state of the volume with ID: " + volumeId + ". It should be either detached or the VM should be in stopped state.");
        }
-
-        VMTemplateVO template = ApiDBUtils.findTemplateById(volume.getTemplateId());
-        if (volume.getVolumeType() != Volume.Type.DATADISK){ //Datadisk dont have any template dependence.
-            boolean isExtractable = template != null && template.isExtractable() && template.getTemplateType() != Storage.TemplateType.SYSTEM;
-            if (!isExtractable && account != null && account.getType() != Account.ACCOUNT_TYPE_ADMIN) { // Global admins are allowed
-                // to extract
+        
+        if (volume.getVolumeType() != Volume.Type.DATADISK){ // Datadisk don't have any template dependence.
+        	
+        	VMTemplateVO template = ApiDBUtils.findTemplateById(volume.getTemplateId());
+        	boolean isExtractable = false;
+        	
+        	if (template == null){ // Volume is ISO based.
+        		isExtractable = ApiDBUtils.isIsoBasedVolumesExtractionAllowed();
+        	}else { // Volume is Template based.
+        		isExtractable = template.isExtractable() && template.getTemplateType() != Storage.TemplateType.SYSTEM;
+        	}        	                        
+            
+            if (!isExtractable && account != null && account.getType() != Account.ACCOUNT_TYPE_ADMIN) { // Global admins are always allowed to extract
                throw new PermissionDeniedException("The volume:" + volumeId + " is not allowed to be extracted");
            }
        }
--- a/setup/db/db/schema-2214to30.sql
+++ b/setup/db/db/schema-2214to30.sql
@ -100,6 +100,7 @@ INSERT IGNORE INTO configuration VALUES ('Alert', 'DEFAULT', 'management-server'
 INSERT IGNORE INTO configuration VALUES ('Alert', 'DEFAULT', 'management-server', 'cluster.localStorage.capacity.notificationthreshold' , .75, 'Percentage (as a value between 0 and 1) of Direct Network Public Ip Utilization above which alerts will be sent about low number of direct network public ips.');
 INSERT IGNORE INTO configuration VALUES ('Alert', 'DEFAULT', 'management-server', 'zone.directnetwork.publicip.capacity.notificationthreshold' , .75, 'Percentage (as a value between 0 and 1) of Direct Network Public Ip Utilization above which alerts will be sent about low number of direct network public ips.');
 INSERT IGNORE INTO configuration VALUES ('Alert', 'DEFAULT', 'management-server', 'zone.secstorage.capacity.notificationthreshold' , .75, 'Percentage (as a value between 0 and 1) of secondary storage utilization above which alerts will be sent about low storage available.');
+INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'allow.iso.based.volumes.extraction' , 'true', 'Flag for allowing/disallowing extraction of Iso based Volumes ');

 update configuration set name = 'cluster.storage.allocated.capacity.notificationthreshold' , category = 'Alert' where name = 'storage.allocated.capacity.threshold' ;
 update configuration set name = 'cluster.storage.capacity.notificationthreshold' , category = 'Alert' where name = 'storage.capacity.threshold' ;
@ -265,4 +266,7 @@ CREATE TABLE  `cloud_usage`.`usage_vpn_user` (

 ALTER TABLE `cloud_usage`.`usage_vpn_user` ADD INDEX `i_usage_vpn_user__account_id`(`account_id`);
 ALTER TABLE `cloud_usage`.`usage_vpn_user` ADD INDEX `i_usage_vpn_user__created`(`created`);
-ALTER TABLE `cloud_usage`.`usage_vpn_user` ADD INDEX `i_usage_vpn_user__deleted`(`deleted`);
+ALTER TABLE `cloud_usage`.`usage_vpn_user` ADD INDEX `i_usage_vpn_user__deleted`(`deleted`);
+DELETE FROM configuration WHERE name='host.capacity.checker.wait';
+DELETE FROM configuration WHERE name='host.capacity.checker.interval';
+