etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removed all reminants of the IdentityService. Created the KeysManager to move the management 

of keys out of management server
This commit is contained in:
Alex Huang 2014-01-14 11:21:25 -08:00
parent 2893120f2a
commit 68b8891c62
36 changed files with 337 additions and 757 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
api/src/com/cloud/server/ResourceTag.java
View File

@ -24,25 +24,49 @@ public interface ResourceTag extends ControlledEntity, Identity, InternalIdentit
// FIXME - extract enum to another interface as its used both by resourceTags and resourceMetaData code
public enum ResourceObjectType {
UserVm(true, true), Template(true, true), ISO(true, false), Volume(true, true), Snapshot(true, false), Network(true, true), Nic(false, true), LoadBalancer(true, true), PortForwardingRule(
true, true), FirewallRule(true, true), SecurityGroup(true, false), PublicIpAddress(true, true), Project(true, false), Vpc(true, true), NetworkACL(true, true), StaticRoute(
true, false), VMSnapshot(true, false), RemoteAccessVpn(true, true), Zone(false, true), ServiceOffering(false, true), Storage(false, true), PrivateGateway(false,
true), NetworkACLList(false, true), VpnGateway(false, true), CustomerGateway(false, true), VpnConnection(false, true), User(true, true), DiskOffering(false, true);
UserVm(true, true),
Template(true, true),
ISO(true, false),
Volume(true, true),
Snapshot(true, false),
Network(true, true),
Nic(false, true),
LoadBalancer(true, true),
PortForwardingRule(true, true),
FirewallRule(true, true),
SecurityGroup(true, false),
PublicIpAddress(true, true),
Project(true, false),
Vpc(true, true),
NetworkACL(true, true),
StaticRoute(true, false),
VMSnapshot(true, false),
RemoteAccessVpn(true, true),
Zone(false, true),
ServiceOffering(false, true),
Storage(false, true),
PrivateGateway(false, true),
NetworkACLList(false, true),
VpnGateway(false, true),
CustomerGateway(false, true),
VpnConnection(false, true),
User(true, true),
DiskOffering(false, true);
ResourceObjectType(boolean resourceTagsSupport, boolean resourceMetadataSupport) {
this.resourceTagsSupport = resourceTagsSupport;
this.metadataSupport = resourceMetadataSupport;
metadataSupport = resourceMetadataSupport;
}
private final boolean resourceTagsSupport;
private final boolean metadataSupport;
public boolean resourceTagsSupport() {
return this.resourceTagsSupport;
return resourceTagsSupport;
}
public boolean resourceMetadataSupport() {
return this.metadataSupport;
return metadataSupport;
}
}

9
api/src/org/apache/cloudstack/api/BaseCmd.java
View File

@ -26,6 +26,8 @@ import java.util.regex.Pattern;
import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.affinity.AffinityGroupService;
import org.apache.cloudstack.alert.AlertService;
import org.apache.cloudstack.network.element.InternalLoadBalancerElementService;
@ -33,7 +35,6 @@ import org.apache.cloudstack.network.lb.ApplicationLoadBalancerService;
import org.apache.cloudstack.network.lb.InternalLoadBalancerVMService;
import org.apache.cloudstack.query.QueryService;
import org.apache.cloudstack.usage.UsageService;
import org.apache.log4j.Logger;
import com.cloud.configuration.ConfigurationService;
import com.cloud.domain.Domain;
@ -153,8 +154,6 @@ public abstract class BaseCmd {
@Inject
public ResourceLimitService _resourceLimitService;
@Inject
public IdentityService _identityService;
@Inject
public StorageNetworkService _storageNetworkService;
@Inject
public TaggedResourceService _taggedResourceService;
@ -358,11 +357,11 @@ public abstract class BaseCmd {
}
public void setFullUrlParams(Map<String, String> map) {
this.fullUrlParams = map;
fullUrlParams = map;
}
public Map<String, String> getFullUrlParams() {
return this.fullUrlParams;
return fullUrlParams;
}
public Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly) {

23
api/src/org/apache/cloudstack/api/IdentityService.java
View File

@ -1,23 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api;
public interface IdentityService {
Long getIdentityId(String tableName, String identityString);
String getIdentityUuid(String tableName, String identityString);
}

4
awsapi/pom.xml
View File

@ -223,7 +223,6 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.6.1</version>
<scope>runtime</scope>
</dependency>
<dependency>
@ -271,8 +270,6 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
<!-- TODO: do we need this explicit version override? -->
<version>1.45</version>
<scope>runtime</scope>
</dependency>
<dependency>
@ -320,7 +317,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>${cs.checkstyle.version}</version>
<executions>
<execution>
<phase>none</phase>

1
deps/XenServerJava/pom.xml vendored
View File

@ -40,7 +40,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>${cs.checkstyle.version}</version>
<executions>
<execution>
<phase>none</phase>

1
engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml
View File

@ -171,7 +171,6 @@
<bean id="hostTagsDaoImpl" class="com.cloud.host.dao.HostTagsDaoImpl" />
<bean id="hostTransferMapDaoImpl" class="com.cloud.cluster.agentlb.dao.HostTransferMapDaoImpl" />
<bean id="iPAddressDaoImpl" class="com.cloud.network.dao.IPAddressDaoImpl" />
<bean id="identityDaoImpl" class="com.cloud.uuididentity.dao.IdentityDaoImpl" />
<bean id="imageStoreDaoImpl" class="org.apache.cloudstack.storage.image.db.ImageStoreDaoImpl" />
<bean id="imageStoreDetailsDaoImpl" class="org.apache.cloudstack.storage.image.db.ImageStoreDetailsDaoImpl" />
<bean id="imageStoreJoinDaoImpl" class="com.cloud.api.query.dao.ImageStoreJoinDaoImpl" />

2
engine/storage/integration-test/pom.xml
View File

@ -119,8 +119,6 @@
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<!-- TODO: Is this version override required -->
<version>4.2.2</version>
<scope>compile</scope>
</dependency>
<dependency>

2
framework/config/src/org/apache/cloudstack/framework/config/ConfigDepot.java
View File

@ -27,4 +27,6 @@ public interface ConfigDepot {
ConfigKey<?> get(String paramName);
Set<ConfigKey<?>> getConfigListByScope(String scope);
<T> void set(ConfigKey<T> key, T value);
}

8
framework/config/src/org/apache/cloudstack/framework/config/impl/ConfigDepotImpl.java
View File

@ -172,7 +172,7 @@ public class ConfigDepotImpl implements ConfigDepot, ConfigDepotAdmin {
@Inject
public void setScopedStorages(List<ScopedConfigStorage> scopedStorages) {
this._scopedStorages = scopedStorages;
_scopedStorages = scopedStorages;
}
public List<Configurable> getConfigurables() {
@ -181,7 +181,7 @@ public class ConfigDepotImpl implements ConfigDepot, ConfigDepotAdmin {
@Inject
public void setConfigurables(List<Configurable> configurables) {
this._configurables = configurables;
_configurables = configurables;
}
@Override
@ -189,4 +189,8 @@ public class ConfigDepotImpl implements ConfigDepot, ConfigDepotAdmin {
return _scopeLevelConfigsMap.get(ConfigKey.Scope.valueOf(scope));
}
@Override
public <T> void set(ConfigKey<T> key, T value) {
_configDao.update(key.key(), value.toString());
}
}

8
framework/security/pom.xml
View File

@ -25,7 +25,7 @@
<artifactId>cloudstack-framework</artifactId>
<version>4.4.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
</parent>
<dependencies>
<dependency>
<groupId>org.apache.cloudstack</groupId>
@ -42,6 +42,10 @@
<artifactId>cloud-framework-ipc</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>
<dependency>
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloud-framework-db</artifactId>
@ -51,6 +55,6 @@
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloud-framework-config</artifactId>
<version>${project.version}</version>
</dependency>
</dependency>
</dependencies>
</project>

1
framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
View File

@ -28,4 +28,5 @@
>
<bean id="keystoreManagerImpl" class="org.apache.cloudstack.framework.security.keystore.KeystoreManagerImpl" />
<bean id="keystoreDaoImpl" class="org.apache.cloudstack.framework.security.keystore.KeystoreDaoImpl" />
<bean id="keysManagerImpl" class="org.apache.cloudstack.framework.security.keys.KeysManagerImpl"/>
</beans>

21
server/src/com/cloud/uuididentity/dao/IdentityVO.java → framework/security/src/org/apache/cloudstack/framework/security/keys/KeysManager.java
View File

@ -14,12 +14,25 @@
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.uuididentity.dao;
package org.apache.cloudstack.framework.security.keys;
import javax.persistence.Entity;
import org.apache.cloudstack.framework.config.ConfigKey;
/**
*
* Started this file to manage keys. Will be needed by other services.
*
*/
@Entity
public class IdentityVO {
public interface KeysManager {
final ConfigKey<String> EncryptionKey = new ConfigKey<String>("Hidden", String.class, "security.encryption.key", null, "base64 encoded key data", false);
final ConfigKey<String> EncryptionIV = new ConfigKey<String>("Hidden", String.class, "security.encryption.iv", null, "base64 encoded IV data", false);
final ConfigKey<String> HashKey = new ConfigKey<String>("Hidden", String.class, "security.hash.key", null, "for generic key-ed hash", false);
String getEncryptionKey();
String getEncryptionIV();
void resetEncryptionKeyIV();
String getHashKey();
}

127
framework/security/src/org/apache/cloudstack/framework/security/keys/KeysManagerImpl.java Normal file
View File

@ -0,0 +1,127 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.framework.security.keys;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.inject.Inject;
import javax.net.ssl.KeyManager;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.apache.cloudstack.framework.config.ConfigDepot;
import org.apache.cloudstack.framework.config.ConfigKey;
import org.apache.cloudstack.framework.config.Configurable;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.framework.config.impl.ConfigurationVO;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
/**
* To be perfectly honest, I'm not sure why we need this class. This used
* to be in ManagementServerImpl. I moved the functionality because it seems
* many features will need this. However, the right thing will be for setup
* and upgrade to take care of key generation. Here, the methods appear to
* mainly be used for dynamic generation. I added this class because after
* talking to Kelven, we think there will be other functionalities we need
* to centralize to this class. We'll see how that works out.
*
* There's multiple problems here that we need to fix.
* - Multiple servers can be generating keys. This is not atomic.
* - The functionality of generating the keys should be moved over to setup/upgrade.
*
*/
public class KeysManagerImpl implements KeysManager, Configurable {
private static final Logger s_logger = Logger.getLogger(KeysManagerImpl.class);
@Inject
ConfigurationDao _configDao;
@Inject
ConfigDepot _configDepot;
@Override
public String getHashKey() {
String value = HashKey.value();
if (value == null) {
_configDepot.set(HashKey, getBase64EncodedRandomKey(128));
}
return HashKey.value();
}
@Override
public String getEncryptionKey() {
String value = EncryptionKey.value();
if (value == null) {
_configDepot.set(EncryptionKey, getBase64EncodedRandomKey(128));
}
return EncryptionKey.value();
}
@Override
public String getEncryptionIV() {
String value = EncryptionIV.value();
if (value == null) {
_configDepot.set(EncryptionIV, getBase64EncodedRandomKey(128));
}
return EncryptionIV.value();
}
private static String getBase64EncodedRandomKey(int nBits) {
SecureRandom random;
try {
random = SecureRandom.getInstance("SHA1PRNG");
byte[] keyBytes = new byte[nBits / 8];
random.nextBytes(keyBytes);
return Base64.encodeBase64URLSafeString(keyBytes);
} catch (NoSuchAlgorithmException e) {
s_logger.error("Unhandled exception: ", e);
}
return null;
}
@Override
@DB
public void resetEncryptionKeyIV() {
SearchBuilder<ConfigurationVO> sb = _configDao.createSearchBuilder();
sb.and("name1", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.or("name2", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.done();
SearchCriteria<ConfigurationVO> sc = sb.create();
sc.setParameters("name1", EncryptionKey.key());
sc.setParameters("name2", EncryptionIV.key());
_configDao.expunge(sc);
}
@Override
public String getConfigComponentName() {
return KeyManager.class.getSimpleName();
}
@Override
public ConfigKey<?>[] getConfigKeys() {
return new ConfigKey<?>[] {EncryptionKey, EncryptionIV, HashKey};
}
}

1
plugins/hypervisors/hyperv/pom.xml
View File

@ -90,7 +90,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.12</version>
<configuration>
<!-- Exclude tests that require an agent, they appear under a different profile -->
<excludes>

2
plugins/hypervisors/kvm/pom.xml
View File

@ -67,7 +67,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.5.1</version>
<executions>
<execution>
<id>copy-dependencies</id>
@ -85,7 +84,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.14</version>
<configuration>
<excludes>
<exclude>**/Qemu*.java</exclude>

2
plugins/hypervisors/xen/pom.xml
View File

@ -33,8 +33,6 @@
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<!-- TODO: Check if we need this version override -->
<version>4.2.2</version>
<scope>compile</scope>
</dependency>
<dependency>

1
plugins/network-elements/dns-notifier/resources/components-example.xml
View File

@ -185,7 +185,6 @@ under the License.
<dao name="UserDao" class="com.cloud.user.dao.UserDaoImpl" singleton="false"/>
<dao name="NetworkOfferingServiceDao" class="com.cloud.offerings.dao.NetworkOfferingServiceMapDaoImpl" singleton="false"/>
<dao name="VirtualRouterProviderDao" class="com.cloud.network.dao.VirtualRouterProviderDaoImpl" singleton="false"/>
<dao name="IdentityDao" class="com.cloud.uuididentity.dao.IdentityDaoImpl" singleton="false"/>
<dao name="Site2SiteCustomerGatewayDao" class="com.cloud.network.dao.Site2SiteCustomerGatewayDaoImpl" singleton="false"/>
<dao name="Site2SiteVpnGatewayDao" class="com.cloud.network.dao.Site2SiteVpnGatewayDaoImpl" singleton="false"/>
<dao name="Site2SiteVpnConnectionDao" class="com.cloud.network.dao.Site2SiteVpnConnectionDaoImpl" singleton="false"/>

2
plugins/network-elements/juniper-contrail/pom.xml
View File

@ -85,7 +85,6 @@
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>${cs.guava.version}</version>
</dependency>
<dependency>
<groupId>net.juniper.contrail</groupId>
@ -95,7 +94,6 @@
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${cs.mysql.version}</version>
<scope>provided</scope>
</dependency>
<dependency>

5
plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/IntegrationTestConfiguration.java
View File

@ -21,6 +21,7 @@ import java.io.IOException;
import javax.inject.Inject;
import org.eclipse.jetty.security.IdentityService;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
@ -42,7 +43,6 @@ import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
import org.apache.cloudstack.affinity.dao.AffinityGroupDaoImpl;
import org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDaoImpl;
import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDaoImpl;
import org.apache.cloudstack.api.IdentityService;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.engine.datacenter.entity.api.db.dao.DcDetailsDaoImpl;
import org.apache.cloudstack.engine.orchestration.service.VolumeOrchestrationService;
@ -270,7 +270,6 @@ import com.cloud.utils.db.EntityManager;
import com.cloud.utils.db.Transaction;
import com.cloud.utils.db.TransactionCallbackNoReturn;
import com.cloud.utils.db.TransactionStatus;
import com.cloud.uuididentity.dao.IdentityDaoImpl;
import com.cloud.vm.ItWorkDaoImpl;
import com.cloud.vm.dao.ConsoleProxyDaoImpl;
import com.cloud.vm.dao.DomainRouterDaoImpl;
@ -298,7 +297,7 @@ import com.cloud.vm.snapshot.dao.VMSnapshotDaoImpl;
EventDaoImpl.class, EventJoinDaoImpl.class, EventUtils.class, EventUtils.class, FirewallManagerImpl.class, FirewallRulesCidrsDaoImpl.class,
FirewallRulesDaoImpl.class, GuestOSCategoryDaoImpl.class, GuestOSDaoImpl.class, HostDaoImpl.class, HostDetailsDaoImpl.class, HostJoinDaoImpl.class,
HostPodDaoImpl.class, HostTagsDaoImpl.class, HostTransferMapDaoImpl.class, HypervisorCapabilitiesDaoImpl.class, HypervisorGuruManagerImpl.class,
IdentityDaoImpl.class, ImageStoreDaoImpl.class, ImageStoreJoinDaoImpl.class, InstanceGroupDaoImpl.class, InstanceGroupJoinDaoImpl.class,
ImageStoreDaoImpl.class, ImageStoreJoinDaoImpl.class, InstanceGroupDaoImpl.class, InstanceGroupJoinDaoImpl.class,
InstanceGroupVMMapDaoImpl.class, IpAddressManagerImpl.class, Ipv6AddressManagerImpl.class, ItWorkDaoImpl.class, LBHealthCheckPolicyDaoImpl.class,
LBStickinessPolicyDaoImpl.class, LaunchPermissionDao.class, LoadBalancerDaoImpl.class, LoadBalancerVMMapDaoImpl.class, LoadBalancingRulesManagerImpl.class,
ManagementServerHostDaoImpl.class, MockAccountManager.class, NetworkACLDaoImpl.class, NetworkACLItemDaoImpl.class, NetworkACLManagerImpl.class,

1
server/pom.xml
View File

@ -189,7 +189,6 @@
</plugin>
<plugin>
<artifactId>maven-antrun-plugin</artifactId>
<version>1.7</version>
<executions>
<execution>
<id>generate-resource</id>

4
server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
View File

@ -120,12 +120,8 @@
<property name="hvGuruList" value="#{hypervisorGurusRegistry.registered}" />
</bean>
<bean id="identityServiceImpl" class="com.cloud.uuididentity.IdentityServiceImpl" />
<bean id="uUIDManagerImpl" class="com.cloud.uuididentity.UUIDManagerImpl" />
<bean id="keystoreManagerImpl" class="org.apache.cloudstack.framework.security.keystore.KeystoreManagerImpl" />
<bean id="loadBalancingRulesManagerImpl" class="com.cloud.network.lb.LoadBalancingRulesManagerImpl" >
<property name="lbProviders" value="#{loadBalancingServiceProvidersRegistry.registered}" />
</bean>

8
server/src/com/cloud/api/ApiDBUtils.java
View File

@ -738,14 +738,6 @@ public class ApiDBUtils {
return s_vmDao.findById(vmId);
}
public static long getMemoryOrCpuCapacitybyHost(Long hostId, short capacityType) {
// TODO: This method is for the API only, but it has configuration values (ramSize for system vms)
// so if this Utils class can have some kind of config rather than a static initializer (maybe from
// management server instantiation?) then maybe the management server method can be moved entirely
// into this utils class.
return s_ms.getMemoryOrCpuCapacityByHost(hostId, capacityType);
}
public static long getStorageCapacitybyPool(Long poolId, short capacityType) {
// TODO: This method is for the API only, but it has configuration values (ramSize for system vms)
// so if this Utils class can have some kind of config rather than a static initializer (maybe from

3
server/src/com/cloud/configuration/Config.java
View File

@ -1372,9 +1372,6 @@ public enum Config {
"The allowable clock difference in milliseconds between when an SSO login request is made and when it is received.",
null),
//NetworkType("Hidden", ManagementServer.class, String.class, "network.type", "vlan", "The type of network that this deployment will use.", "vlan,direct"),
HashKey("Hidden", ManagementServer.class, String.class, "security.hash.key", null, "for generic key-ed hash", null),
EncryptionKey("Hidden", ManagementServer.class, String.class, "security.encryption.key", null, "base64 encoded key data", null),
EncryptionIV("Hidden", ManagementServer.class, String.class, "security.encryption.iv", null, "base64 encoded IV data", null),
RouterRamSize("Hidden", NetworkOrchestrationService.class, Integer.class, "router.ram.size", "128", "Default RAM for router VM (in MB).", null),
DefaultPageSize("Advanced", ManagementServer.class, Long.class, "default.page.size", "500", "Default page size for API list* commands", null),

12
server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
View File

@ -25,6 +25,7 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.framework.security.keys.KeysManager;
import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import com.cloud.agent.AgentManager;
@ -53,7 +54,6 @@ public class AgentBasedConsoleProxyManager extends ManagerBase implements Consol
protected HostDao _hostDao;
@Inject
protected UserVmDao _userVmDao;
private String _instance;
protected String _consoleProxyUrlDomain;
@Inject
private VMInstanceDao _instanceDao;
@ -74,11 +74,13 @@ public class AgentBasedConsoleProxyManager extends ManagerBase implements Consol
ConfigurationDao _configDao;
@Inject
ManagementServer _ms;
@Inject
KeysManager _keysMgr;
public class AgentBasedAgentHook extends AgentHookBase {
public AgentBasedAgentHook(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr, AgentManager agentMgr, ManagementServer ms) {
super(instanceDao, hostDao, cfgDao, ksMgr, agentMgr, ms);
public AgentBasedAgentHook(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr, AgentManager agentMgr, KeysManager keysMgr) {
super(instanceDao, hostDao, cfgDao, ksMgr, agentMgr, keysMgr);
}
@Override
@ -119,11 +121,9 @@ public class AgentBasedConsoleProxyManager extends ManagerBase implements Consol
_sslEnabled = true;
}
_instance = configs.get("instance.name");
_consoleProxyUrlDomain = configs.get("consoleproxy.url.domain");
_listener = new ConsoleProxyListener(new AgentBasedAgentHook(_instanceDao, _hostDao, _configDao, _ksMgr, _agentMgr, _ms));
_listener = new ConsoleProxyListener(new AgentBasedAgentHook(_instanceDao, _hostDao, _configDao, _ksMgr, _agentMgr, _keysMgr));
_agentMgr.registerForHostEvents(_listener, true, true, false);
if (s_logger.isInfoEnabled()) {

25
server/src/com/cloud/consoleproxy/AgentHookBase.java
View File

@ -26,6 +26,7 @@ import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.framework.security.keys.KeysManager;
import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import com.cloud.agent.AgentManager;
@ -45,7 +46,6 @@ import com.cloud.host.Host;
import com.cloud.host.HostVO;
import com.cloud.host.Status;
import com.cloud.host.dao.HostDao;
import com.cloud.server.ManagementServer;
import com.cloud.servlet.ConsoleProxyPasswordBasedEncryptor;
import com.cloud.servlet.ConsoleProxyServlet;
import com.cloud.utils.Ternary;
@ -65,17 +65,16 @@ public abstract class AgentHookBase implements AgentHook {
ConfigurationDao _configDao;
AgentManager _agentMgr;
KeystoreManager _ksMgr;
ManagementServer _ms;
final Random _random = new Random(System.currentTimeMillis());
private String _hashKey;
KeysManager _keysMgr;
public AgentHookBase(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr, AgentManager agentMgr, ManagementServer ms) {
this._instanceDao = instanceDao;
this._hostDao = hostDao;
this._agentMgr = agentMgr;
this._configDao = cfgDao;
this._ksMgr = ksMgr;
this._ms = ms;
public AgentHookBase(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr, AgentManager agentMgr, KeysManager keysMgr) {
_instanceDao = instanceDao;
_hostDao = hostDao;
_agentMgr = agentMgr;
_configDao = cfgDao;
_ksMgr = ksMgr;
_keysMgr = keysMgr;
}
@Override
@ -230,15 +229,15 @@ public abstract class AgentHookBase implements AgentHook {
// if we failed after reset, something is definitely wrong
for (int i = 0; i < 2; i++) {
key = _ms.getEncryptionKey();
iv = _ms.getEncryptionIV();
key = _keysMgr.getEncryptionKey();
iv = _keysMgr.getEncryptionIV();
keyIvPair = new ConsoleProxyPasswordBasedEncryptor.KeyIVPair(key, iv);
if (keyIvPair.getIvBytes() == null || keyIvPair.getIvBytes().length != 16 || keyIvPair.getKeyBytes() == null || keyIvPair.getKeyBytes().length != 16) {
s_logger.warn("Console access AES KeyIV sanity check failed, reset and regenerate");
_ms.resetEncryptionKeyIV();
_keysMgr.resetEncryptionKeyIV();
} else {
break;
}

70
server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
View File

@ -36,6 +36,7 @@ import com.google.gson.GsonBuilder;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.framework.security.keys.KeysManager;
import org.apache.cloudstack.framework.security.keystore.KeystoreDao;
import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import org.apache.cloudstack.framework.security.keystore.KeystoreVO;
@ -54,7 +55,6 @@ import com.cloud.agent.api.check.CheckSshAnswer;
import com.cloud.agent.api.check.CheckSshCommand;
import com.cloud.agent.api.proxy.ConsoleProxyLoadAnswer;
import com.cloud.agent.manager.Commands;
import com.cloud.certificate.dao.CertificateDao;
import com.cloud.cluster.ClusterManager;
import com.cloud.configuration.Config;
import com.cloud.configuration.ZoneConfig;
@ -99,16 +99,13 @@ import com.cloud.resource.ResourceManager;
import com.cloud.resource.ResourceStateAdapter;
import com.cloud.resource.ServerResource;
import com.cloud.resource.UnableDeleteHostException;
import com.cloud.server.ManagementServer;
import com.cloud.service.ServiceOfferingVO;
import com.cloud.service.dao.ServiceOfferingDao;
import com.cloud.storage.StorageManager;
import com.cloud.storage.StoragePoolStatus;
import com.cloud.storage.VMTemplateStorageResourceAssoc.Status;
import com.cloud.storage.VMTemplateVO;
import com.cloud.storage.dao.DiskOfferingDao;
import com.cloud.storage.dao.VMTemplateDao;
import com.cloud.template.TemplateManager;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
import com.cloud.utils.DateUtil;
@ -182,57 +179,44 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
@Inject
private ConfigurationDao _configDao;
@Inject
private CertificateDao _certDao;
@Inject
private VMInstanceDao _instanceDao;
@Inject
private TemplateDataStoreDao _vmTemplateStoreDao;
@Inject
private AgentManager _agentMgr;
@Inject
private StorageManager _storageMgr;
private NetworkOrchestrationService _networkMgr;
@Inject
NetworkOrchestrationService _networkMgr;
private NetworkModel _networkModel;
@Inject
NetworkModel _networkModel;
private AccountManager _accountMgr;
@Inject
AccountManager _accountMgr;
private ServiceOfferingDao _offeringDao;
@Inject
ServiceOfferingDao _offeringDao;
private DiskOfferingDao _diskOfferingDao;
@Inject
DiskOfferingDao _diskOfferingDao;
private NetworkOfferingDao _networkOfferingDao;
@Inject
NetworkOfferingDao _networkOfferingDao;
private PrimaryDataStoreDao _storagePoolDao;
@Inject
PrimaryDataStoreDao _storagePoolDao;
private UserVmDetailsDao _vmDetailsDao;
@Inject
UserVmDetailsDao _vmDetailsDao;
private ResourceManager _resourceMgr;
@Inject
ResourceManager _resourceMgr;
private NetworkDao _networkDao;
@Inject
NetworkDao _networkDao;
private RulesManager _rulesMgr;
@Inject
RulesManager _rulesMgr;
private IPAddressDao _ipAddressDao;
@Inject
TemplateManager templateMgr;
private KeysManager _keysMgr;
@Inject
IPAddressDao _ipAddressDao;
@Inject
ManagementServer _ms;
@Inject
ClusterManager _clusterMgr;
private VirtualMachineManager _itMgr;
private ConsoleProxyListener _listener;
private ServiceOfferingVO _serviceOffering;
NetworkOffering _publicNetworkOffering;
NetworkOffering _managementNetworkOffering;
NetworkOffering _linkLocalNetworkOffering;
@Inject
private VirtualMachineManager _itMgr;
/*
* private final ExecutorService _requestHandlerScheduler = Executors.newCachedThreadPool(new
* NamedThreadFactory("Request-handler"));
@ -267,8 +251,8 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
public class VmBasedAgentHook extends AgentHookBase {
public VmBasedAgentHook(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr, AgentManager agentMgr, ManagementServer ms) {
super(instanceDao, hostDao, cfgDao, ksMgr, agentMgr, ms);
public VmBasedAgentHook(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr, AgentManager agentMgr, KeysManager keysMgr) {
super(instanceDao, hostDao, cfgDao, ksMgr, agentMgr, keysMgr);
}
@Override
@ -884,14 +868,6 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
return l.size() < launchLimit;
}
private HypervisorType currentHypervisorType(long dcId) {
List<ConsoleProxyVO> l =
_consoleProxyDao.getProxyListInStates(dcId, VirtualMachine.State.Starting, VirtualMachine.State.Running, VirtualMachine.State.Stopping,
VirtualMachine.State.Stopped, VirtualMachine.State.Migrating, VirtualMachine.State.Shutdowned, VirtualMachine.State.Unknown);
return l.size() > 0 ? l.get(0).getHypervisorType() : HypervisorType.Any;
}
private boolean checkCapacity(ConsoleProxyLoadInfo proxyCountInfo, ConsoleProxyLoadInfo vmCountInfo) {
if (proxyCountInfo.getCount() * _capacityPerProxy - vmCountInfo.getCount() <= _standbyCapacity) {
@ -969,11 +945,7 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
}
} else {
if (s_logger.isDebugEnabled()) {
if (template == null) {
s_logger.debug("Zone host is ready, but console proxy template is null");
} else {
s_logger.debug("Zone host is ready, but console proxy template: " + template.getId() + " is not ready on secondary storage.");
}
s_logger.debug("Zone host is ready, but console proxy template: " + template.getId() + " is not ready on secondary storage.");
}
}
}
@ -1262,7 +1234,7 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
value = agentMgrConfigs.get("port");
_mgmtPort = NumbersUtil.parseInt(value, 8250);
_listener = new ConsoleProxyListener(new VmBasedAgentHook(_instanceDao, _hostDao, _configDao, _ksMgr, _agentMgr, _ms));
_listener = new ConsoleProxyListener(new VmBasedAgentHook(_instanceDao, _hostDao, _configDao, _ksMgr, _agentMgr, _keysMgr));
_agentMgr.registerForHostEvents(_listener, true, true, false);
_itMgr.registerGuru(VirtualMachine.Type.ConsoleProxy, this);
@ -1677,13 +1649,11 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
@Override
public HostVO createHostVOForDirectConnectAgent(HostVO host, StartupCommand[] startup, ServerResource resource, Map<String, String> details, List<String> hostTags) {
// TODO Auto-generated method stub
return null;
}
@Override
public DeleteHostAnswer deleteHost(HostVO host, boolean isForced, boolean isForceDeleteStorage) throws UnableDeleteHostException {
// TODO Auto-generated method stub
return null;
}
@ -1704,7 +1674,7 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
@Inject
public void setConsoleProxyAllocators(List<ConsoleProxyAllocator> consoleProxyAllocators) {
this._consoleProxyAllocators = consoleProxyAllocators;
_consoleProxyAllocators = consoleProxyAllocators;
}
}

8
server/src/com/cloud/server/ManagementServer.java
View File

@ -61,12 +61,4 @@ public interface ManagementServer extends ManagementService, PluggableService {
public long getMemoryOrCpuCapacityByHost(Long hostId, short capacityType);
String getHashKey();
String getEncryptionKey();
String getEncryptionIV();
void resetEncryptionKeyIV();
}

73
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -19,8 +19,6 @@ package com.cloud.server;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Field;
import java.net.URLDecoder;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
@ -756,9 +754,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
@Inject
ClusterManager _clusterMgr;
private String _hashKey = null;
private String _encryptionKey = null;
private String _encryptionIV = null;
@Inject
protected AffinityGroupVMMapDao _affinityGroupVMMapDao;
@ -942,15 +937,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
return result;
}
private Date massageDate(Date date, int hourOfDay, int minute, int second) {
Calendar cal = Calendar.getInstance();
cal.setTime(date);
cal.set(Calendar.HOUR_OF_DAY, hourOfDay);
cal.set(Calendar.MINUTE, minute);
cal.set(Calendar.SECOND, second);
return cal.getTime();
}
@Override
public List<? extends Cluster> searchForClusters(long zoneId, Long startIndex, Long pageSizeVal, String hypervisorType) {
Filter searchFilter = new Filter(ClusterVO.class, "id", true, startIndex, pageSizeVal);
@ -3391,65 +3377,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
return result;
}
@Override
public String getHashKey() {
// although we may have race conditioning here, database transaction serialization should
// give us the same key
if (_hashKey == null) {
_hashKey = _configDao.getValueAndInitIfNotExist(Config.HashKey.key(), Config.HashKey.getCategory(), getBase64EncodedRandomKey(128), Config.HashKey.getDescription());
}
return _hashKey;
}
@Override
public String getEncryptionKey() {
if (_encryptionKey == null) {
_encryptionKey = _configDao.getValueAndInitIfNotExist(Config.EncryptionKey.key(), Config.EncryptionKey.getCategory(), getBase64EncodedRandomKey(128),
Config.EncryptionKey.getDescription());
}
return _encryptionKey;
}
@Override
public String getEncryptionIV() {
if (_encryptionIV == null) {
_encryptionIV = _configDao.getValueAndInitIfNotExist(Config.EncryptionIV.key(), Config.EncryptionIV.getCategory(), getBase64EncodedRandomKey(128),
Config.EncryptionIV.getDescription());
}
return _encryptionIV;
}
@Override
@DB
public void resetEncryptionKeyIV() {
SearchBuilder<ConfigurationVO> sb = _configDao.createSearchBuilder();
sb.and("name1", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.or("name2", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.done();
SearchCriteria<ConfigurationVO> sc = sb.create();
sc.setParameters("name1", Config.EncryptionKey.key());
sc.setParameters("name2", Config.EncryptionIV.key());
_configDao.expunge(sc);
_encryptionKey = null;
_encryptionIV = null;
}
private static String getBase64EncodedRandomKey(int nBits) {
SecureRandom random;
try {
random = SecureRandom.getInstance("SHA1PRNG");
byte[] keyBytes = new byte[nBits / 8];
random.nextBytes(keyBytes);
return Base64.encodeBase64URLSafeString(keyBytes);
} catch (NoSuchAlgorithmException e) {
s_logger.error("Unhandled exception: ", e);
}
return null;
}
@Override
public SSHKeyPair createSSHKeyPair(CreateSSHKeyPairCmd cmd) {
Account caller = CallContext.current().getCallingAccount();

27
server/src/com/cloud/servlet/ConsoleProxyServlet.java
View File

@ -43,7 +43,7 @@ import org.springframework.web.context.support.SpringBeanAutowiringSupport;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import org.apache.cloudstack.api.IdentityService;
import org.apache.cloudstack.framework.security.keys.KeysManager;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.host.HostVO;
@ -81,13 +81,13 @@ public class ConsoleProxyServlet extends HttpServlet {
@Inject
ManagementServer _ms;
@Inject
IdentityService _identityService;
@Inject
EntityManager _entityMgr;
@Inject
UserVmDetailsDao _userVmDetailsDao;
@Inject
KeysManager _keysMgr;
static ManagementServer s_ms;
static KeysManager s_keysMgr;
private final Gson _gson = new GsonBuilder().create();
@ -97,7 +97,7 @@ public class ConsoleProxyServlet extends HttpServlet {
@Override
public void init(ServletConfig config) throws ServletException {
SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this, config.getServletContext());
s_ms = _ms;
s_keysMgr = _keysMgr;
}
@Override
@ -114,7 +114,7 @@ public class ConsoleProxyServlet extends HttpServlet {
return;
}
if (_ms.getHashKey() == null) {
if (_keysMgr.getHashKey() == null) {
s_logger.debug("Console/thumbnail access denied. Ticket service is not ready yet");
sendResponse(resp, "Service is not ready");
return;
@ -165,13 +165,15 @@ public class ConsoleProxyServlet extends HttpServlet {
}
String vmIdString = req.getParameter("vm");
Long vmId = _identityService.getIdentityId("vm_instance", vmIdString);
if (vmId == null) {
VirtualMachine vm = _entityMgr.findByUuid(VirtualMachine.class, vmIdString);
if (vm == null) {
s_logger.info("invalid console servlet command parameter: " + vmIdString);
sendResponse(resp, "");
return;
}
Long vmId = vm.getId();
if (!checkSessionPermision(req, vmId, accountObj)) {
sendResponse(resp, "Permission denied");
return;
@ -344,8 +346,8 @@ public class ConsoleProxyServlet extends HttpServlet {
}
private String getEncryptorPassword() {
String key = _ms.getEncryptionKey();
String iv = _ms.getEncryptionIV();
String key = _keysMgr.getEncryptionKey();
String iv = _keysMgr.getEncryptionIV();
ConsoleProxyPasswordBasedEncryptor.KeyIVPair keyIvPair = new ConsoleProxyPasswordBasedEncryptor.KeyIVPair(key, iv);
return _gson.toJson(keyIvPair);
@ -360,8 +362,7 @@ public class ConsoleProxyServlet extends HttpServlet {
Ternary<String, String, String> parsedHostInfo = parseHostInfo(portInfo.first());
String sid = vm.getVncPassword();
String tag = String.valueOf(vm.getId());
tag = _identityService.getIdentityUuid("vm_instance", tag);
String tag = vm.getUuid();
String ticket = genAccessTicket(host, String.valueOf(portInfo.second()), sid, tag);
ConsoleProxyPasswordBasedEncryptor encryptor = new ConsoleProxyPasswordBasedEncryptor(getEncryptorPassword());
@ -440,7 +441,7 @@ public class ConsoleProxyServlet extends HttpServlet {
long ts = normalizedHashTime.getTime();
ts = ts / 60000; // round up to 1 minute
String secretKey = s_ms.getHashKey();
String secretKey = s_keysMgr.getHashKey();
SecretKeySpec keySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA1");
mac.init(keySpec);

277
server/src/com/cloud/tags/TaggedResourceManagerImpl.java
View File

@ -25,70 +25,101 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.api.InternalIdentity;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
import com.cloud.api.query.dao.ResourceTagJoinDao;
import com.cloud.dc.dao.DataCenterDao;
import com.cloud.dc.DataCenterVO;
import com.cloud.domain.Domain;
import com.cloud.domain.PartOf;
import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.network.dao.FirewallRulesDao;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.LoadBalancerDao;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.RemoteAccessVpnDao;
import com.cloud.network.dao.Site2SiteCustomerGatewayDao;
import com.cloud.network.dao.Site2SiteVpnConnectionDao;
import com.cloud.network.dao.Site2SiteVpnGatewayDao;
import com.cloud.network.rules.dao.PortForwardingRulesDao;
import com.cloud.network.security.dao.SecurityGroupDao;
import com.cloud.network.vpc.NetworkACLItemDao;
import com.cloud.network.vpc.dao.NetworkACLDao;
import com.cloud.network.vpc.dao.StaticRouteDao;
import com.cloud.network.vpc.dao.VpcDao;
import com.cloud.network.vpc.dao.VpcGatewayDao;
import com.cloud.projects.dao.ProjectDao;
import com.cloud.network.dao.IPAddressVO;
import com.cloud.network.dao.LoadBalancerVO;
import com.cloud.network.dao.NetworkVO;
import com.cloud.network.dao.RemoteAccessVpnVO;
import com.cloud.network.dao.Site2SiteCustomerGatewayVO;
import com.cloud.network.dao.Site2SiteVpnConnectionVO;
import com.cloud.network.dao.Site2SiteVpnGatewayVO;
import com.cloud.network.rules.FirewallRuleVO;
import com.cloud.network.rules.PortForwardingRuleVO;
import com.cloud.network.security.SecurityGroupVO;
import com.cloud.network.vpc.NetworkACLItemVO;
import com.cloud.network.vpc.NetworkACLVO;
import com.cloud.network.vpc.StaticRouteVO;
import com.cloud.network.vpc.VpcVO;
import com.cloud.projects.ProjectVO;
import com.cloud.server.ResourceTag;
import com.cloud.server.ResourceTag.ResourceObjectType;
import com.cloud.server.TaggedResourceService;
import com.cloud.service.dao.ServiceOfferingDao;
import com.cloud.storage.dao.DiskOfferingDao;
import com.cloud.storage.dao.SnapshotDao;
import com.cloud.storage.dao.VMTemplateDao;
import com.cloud.storage.dao.VolumeDao;
import com.cloud.service.ServiceOfferingVO;
import com.cloud.storage.DiskOfferingVO;
import com.cloud.storage.SnapshotVO;
import com.cloud.storage.VMTemplateVO;
import com.cloud.storage.VolumeVO;
import com.cloud.tags.dao.ResourceTagDao;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
import com.cloud.user.DomainManager;
import com.cloud.user.dao.UserDao;
import com.cloud.user.OwnedBy;
import com.cloud.user.UserVO;
import com.cloud.utils.Pair;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.DbUtil;
import com.cloud.utils.db.GenericDao;
import com.cloud.utils.db.EntityManager;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
import com.cloud.utils.db.Transaction;
import com.cloud.utils.db.TransactionCallbackNoReturn;
import com.cloud.utils.db.TransactionStatus;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.uuididentity.dao.IdentityDao;
import com.cloud.vm.dao.NicDao;
import com.cloud.vm.dao.UserVmDao;
import com.cloud.vm.snapshot.dao.VMSnapshotDao;
import com.cloud.vm.NicVO;
import com.cloud.vm.UserVmVO;
import com.cloud.vm.snapshot.VMSnapshotVO;
@Component
@Local(value = {TaggedResourceService.class})
public class TaggedResourceManagerImpl extends ManagerBase implements TaggedResourceService {
public static final Logger s_logger = Logger.getLogger(TaggedResourceManagerImpl.class);
private static Map<ResourceObjectType, GenericDao<?, Long>> s_daoMap = new HashMap<ResourceObjectType, GenericDao<?, Long>>();
private static final Map<ResourceObjectType, Class<?>> s_typeMap = new HashMap<ResourceObjectType, Class<?>>();
static {
s_typeMap.put(ResourceObjectType.UserVm, UserVmVO.class);
s_typeMap.put(ResourceObjectType.Volume, VolumeVO.class);
s_typeMap.put(ResourceObjectType.Template, VMTemplateVO.class);
s_typeMap.put(ResourceObjectType.ISO, VMTemplateVO.class);
s_typeMap.put(ResourceObjectType.Snapshot, SnapshotVO.class);
s_typeMap.put(ResourceObjectType.Network, NetworkVO.class);
s_typeMap.put(ResourceObjectType.LoadBalancer, LoadBalancerVO.class);
s_typeMap.put(ResourceObjectType.PortForwardingRule, PortForwardingRuleVO.class);
s_typeMap.put(ResourceObjectType.FirewallRule, FirewallRuleVO.class);
s_typeMap.put(ResourceObjectType.SecurityGroup, SecurityGroupVO.class);
s_typeMap.put(ResourceObjectType.PublicIpAddress, IPAddressVO.class);
s_typeMap.put(ResourceObjectType.Project, ProjectVO.class);
s_typeMap.put(ResourceObjectType.Vpc, VpcVO.class);
s_typeMap.put(ResourceObjectType.Nic, NicVO.class);
s_typeMap.put(ResourceObjectType.NetworkACL, NetworkACLVO.class);
s_typeMap.put(ResourceObjectType.StaticRoute, StaticRouteVO.class);
s_typeMap.put(ResourceObjectType.VMSnapshot, VMSnapshotVO.class);
s_typeMap.put(ResourceObjectType.RemoteAccessVpn, RemoteAccessVpnVO.class);
s_typeMap.put(ResourceObjectType.Zone, DataCenterVO.class);
s_typeMap.put(ResourceObjectType.ServiceOffering, ServiceOfferingVO.class);
s_typeMap.put(ResourceObjectType.Storage, StoragePoolVO.class);
s_typeMap.put(ResourceObjectType.PrivateGateway, RemoteAccessVpnVO.class);
s_typeMap.put(ResourceObjectType.NetworkACLList, NetworkACLItemVO.class);
s_typeMap.put(ResourceObjectType.VpnGateway, Site2SiteVpnGatewayVO.class);
s_typeMap.put(ResourceObjectType.CustomerGateway, Site2SiteCustomerGatewayVO.class);
s_typeMap.put(ResourceObjectType.VpnConnection, Site2SiteVpnConnectionVO.class);
s_typeMap.put(ResourceObjectType.User, UserVO.class);
s_typeMap.put(ResourceObjectType.DiskOffering, DiskOfferingVO.class);
}
@Inject
EntityManager _entityMgr;
@Inject
AccountManager _accountMgr;
@Inject
@ -96,95 +127,11 @@ public class TaggedResourceManagerImpl extends ManagerBase implements TaggedReso
@Inject
ResourceTagJoinDao _resourceTagJoinDao;
@Inject
IdentityDao _identityDao;
@Inject
DomainManager _domainMgr;
@Inject
UserVmDao _userVmDao;
@Inject
VolumeDao _volumeDao;
@Inject
VMTemplateDao _templateDao;
@Inject
SnapshotDao _snapshotDao;
@Inject
NetworkDao _networkDao;
@Inject
LoadBalancerDao _lbDao;
@Inject
PortForwardingRulesDao _pfDao;
@Inject
FirewallRulesDao _firewallDao;
@Inject
SecurityGroupDao _securityGroupDao;
@Inject
RemoteAccessVpnDao _vpnDao;
@Inject
IPAddressDao _publicIpDao;
@Inject
ProjectDao _projectDao;
@Inject
VpcDao _vpcDao;
@Inject
StaticRouteDao _staticRouteDao;
@Inject
VMSnapshotDao _vmSnapshotDao;
@Inject
NicDao _nicDao;
@Inject
NetworkACLItemDao _networkACLItemDao;
@Inject
DataCenterDao _dataCenterDao;
@Inject
ServiceOfferingDao _serviceOffDao;
@Inject
PrimaryDataStoreDao _storagePoolDao;
@Inject
VpcGatewayDao _vpcGatewayDao;
@Inject
NetworkACLDao _networkACLListDao;
@Inject
Site2SiteVpnGatewayDao _vpnGatewayDao;
@Inject
Site2SiteCustomerGatewayDao _customerGatewayDao;
@Inject
Site2SiteVpnConnectionDao _vpnConnectionDao;
@Inject
UserDao _userDao;
@Inject
DiskOfferingDao _diskOffDao;
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
s_daoMap.put(ResourceObjectType.UserVm, _userVmDao);
s_daoMap.put(ResourceObjectType.Volume, _volumeDao);
s_daoMap.put(ResourceObjectType.Template, _templateDao);
s_daoMap.put(ResourceObjectType.ISO, _templateDao);
s_daoMap.put(ResourceObjectType.Snapshot, _snapshotDao);
s_daoMap.put(ResourceObjectType.Network, _networkDao);
s_daoMap.put(ResourceObjectType.LoadBalancer, _lbDao);
s_daoMap.put(ResourceObjectType.PortForwardingRule, _pfDao);
s_daoMap.put(ResourceObjectType.FirewallRule, _firewallDao);
s_daoMap.put(ResourceObjectType.SecurityGroup, _securityGroupDao);
s_daoMap.put(ResourceObjectType.PublicIpAddress, _publicIpDao);
s_daoMap.put(ResourceObjectType.Project, _projectDao);
s_daoMap.put(ResourceObjectType.Vpc, _vpcDao);
s_daoMap.put(ResourceObjectType.Nic, _nicDao);
s_daoMap.put(ResourceObjectType.NetworkACL, _networkACLItemDao);
s_daoMap.put(ResourceObjectType.StaticRoute, _staticRouteDao);
s_daoMap.put(ResourceObjectType.VMSnapshot, _vmSnapshotDao);
s_daoMap.put(ResourceObjectType.RemoteAccessVpn, _vpnDao);
s_daoMap.put(ResourceObjectType.Zone, _dataCenterDao);
s_daoMap.put(ResourceObjectType.ServiceOffering, _serviceOffDao);
s_daoMap.put(ResourceObjectType.Storage, _storagePoolDao);
s_daoMap.put(ResourceObjectType.PrivateGateway, _vpcGatewayDao);
s_daoMap.put(ResourceObjectType.NetworkACLList, _networkACLListDao);
s_daoMap.put(ResourceObjectType.VpnGateway, _vpnGatewayDao);
s_daoMap.put(ResourceObjectType.CustomerGateway, _customerGatewayDao);
s_daoMap.put(ResourceObjectType.VpnConnection, _vpnConnectionDao);
s_daoMap.put(ResourceObjectType.User, _userDao);
s_daoMap.put(ResourceObjectType.DiskOffering, _diskOffDao);
return true;
}
@ -200,59 +147,31 @@ public class TaggedResourceManagerImpl extends ManagerBase implements TaggedReso
@Override
public long getResourceId(String resourceId, ResourceObjectType resourceType) {
GenericDao<?, Long> dao = s_daoMap.get(resourceType);
if (dao == null) {
throw new CloudRuntimeException("Dao is not loaded for the resource type " + resourceType);
Class<?> clazz = s_typeMap.get(resourceType);
Object entity = _entityMgr.findByUuid(clazz, resourceId);
if (entity != null) {
return ((InternalIdentity)entity).getId();
}
Class<?> claz = DbUtil.getEntityBeanType(dao);
Long identityId = null;
while (claz != null && claz != Object.class) {
try {
String tableName = DbUtil.getTableName(claz);
if (tableName == null) {
throw new InvalidParameterValueException("Unable to find resource of type " + resourceType + " in the database");
}
identityId = _identityDao.getIdentityId(tableName, resourceId);
if (identityId != null) {
break;
}
} catch (Exception ex) {
//do nothing here, it might mean uuid field is missing and we have to search further
}
claz = claz.getSuperclass();
entity = _entityMgr.findById(clazz, resourceId);
if (entity != null) {
return ((InternalIdentity)entity).getId();
}
if (identityId == null) {
throw new InvalidParameterValueException("Unable to find resource by id " + resourceId + " and type " + resourceType);
}
return identityId;
throw new InvalidParameterValueException("Unable to find resource by id " + resourceId + " and type " + resourceType);
}
private Pair<Long, Long> getAccountDomain(long resourceId, ResourceObjectType resourceType) {
Class<?> clazz = s_typeMap.get(resourceType);
Pair<Long, Long> pair = null;
GenericDao<?, Long> dao = s_daoMap.get(resourceType);
Class<?> claz = DbUtil.getEntityBeanType(dao);
while (claz != null && claz != Object.class) {
try {
String tableName = DbUtil.getTableName(claz);
if (tableName == null) {
throw new InvalidParameterValueException("Unable to find resource of type " + resourceType + " in the database");
}
pair = _identityDao.getAccountDomainInfo(tableName, resourceId, resourceType);
if (pair.first() != null || pair.second() != null) {
break;
}
} catch (Exception ex) {
//do nothing here, it might mean uuid field is missing and we have to search further
}
claz = claz.getSuperclass();
Object entity = _entityMgr.findById(clazz, resourceId);
Long accountId = null;
Long domainId = null;
if (entity instanceof OwnedBy) {
accountId = ((OwnedBy)entity).getAccountId();
}
Long accountId = pair.first();
Long domainId = pair.second();
if (entity instanceof PartOf) {
domainId = ((PartOf)entity).getDomainId();
}
if (accountId == null) {
accountId = Account.ACCOUNT_ID_SYSTEM;
@ -327,32 +246,14 @@ public class TaggedResourceManagerImpl extends ManagerBase implements TaggedReso
@Override
public String getUuid(String resourceId, ResourceObjectType resourceType) {
GenericDao<?, Long> dao = s_daoMap.get(resourceType);
Class<?> claz = DbUtil.getEntityBeanType(dao);
Class<?> clazz = s_typeMap.get(resourceType);
String identiyUUId = null;
while (claz != null && claz != Object.class) {
try {
String tableName = DbUtil.getTableName(claz);
if (tableName == null) {
throw new InvalidParameterValueException("Unable to find resource of type " + resourceType + " in the database");
}
claz = claz.getSuperclass();
if (claz == Object.class) {
identiyUUId = _identityDao.getIdentityUuid(tableName, resourceId);
}
} catch (Exception ex) {
//do nothing here, it might mean uuid field is missing and we have to search further
}
Object entity = _entityMgr.findById(clazz, resourceId);
if (entity != null && entity instanceof Identity) {
return ((Identity)entity).getUuid();
}
if (identiyUUId == null) {
return resourceId;
}
return identiyUUId;
return resourceId;
}
@Override

44
server/src/com/cloud/uuididentity/IdentityServiceImpl.java
View File

@ -1,44 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.uuididentity;
import javax.ejb.Local;
import javax.inject.Inject;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.api.IdentityService;
import com.cloud.utils.component.ManagerBase;
import com.cloud.uuididentity.dao.IdentityDao;
@Component
@Local(value = {IdentityService.class})
public class IdentityServiceImpl extends ManagerBase implements IdentityService {
@Inject
private IdentityDao _identityDao;
@Override
public Long getIdentityId(String tableName, String identityString) {
return _identityDao.getIdentityId(tableName, identityString);
}
@Override
public String getIdentityUuid(String tableName, String identityString) {
return _identityDao.getIdentityUuid(tableName, identityString);
}
}

38
server/src/com/cloud/uuididentity/dao/IdentityDao.java
View File

@ -1,38 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.uuididentity.dao;
import com.cloud.server.ResourceTag.ResourceObjectType;
import com.cloud.utils.Pair;
import com.cloud.utils.db.GenericDao;
public interface IdentityDao extends GenericDao<IdentityVO, Long> {
Long getIdentityId(String tableName, String identityString);
String getIdentityUuid(String tableName, String identityString);
void initializeDefaultUuid(String tableName);
/**
* @param tableName
* @param identityId
* @param resourceType TODO
* @return
*/
Pair<Long, Long> getAccountDomainInfo(String tableName, Long identityId, ResourceObjectType resourceType);
}

241
server/src/com/cloud/uuididentity/dao/IdentityDaoImpl.java
View File

@ -1,241 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.uuididentity.dao;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import javax.ejb.Local;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.server.ResourceTag.ResourceObjectType;
import com.cloud.utils.Pair;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.TransactionLegacy;
@Component
@Local(value = {IdentityDao.class})
public class IdentityDaoImpl extends GenericDaoBase<IdentityVO, Long> implements IdentityDao {
private static final Logger s_logger = Logger.getLogger(IdentityDaoImpl.class);
public IdentityDaoImpl() {
}
@Override
@DB
public Long getIdentityId(String tableName, String identityString) {
assert (tableName != null);
assert (identityString != null);
PreparedStatement pstmt = null;
TransactionLegacy txn = TransactionLegacy.open(TransactionLegacy.CLOUD_DB);
try {
try {
try {
pstmt = txn.prepareAutoCloseStatement(String.format("SELECT uuid FROM `%s`", tableName));
pstmt.executeQuery();
} catch (SQLException e) {
throw new InvalidParameterValueException("uuid field doesn't exist in table " + tableName);
}
pstmt = txn.prepareAutoCloseStatement(String.format("SELECT id FROM `%s` WHERE id=? OR uuid=?", tableName)
// TODO : after graceful period, use following line turn on more secure check
// String.format("SELECT id FROM %s WHERE (id=? AND uuid IS NULL) OR uuid=?", mapper.entityTableName())
);
long id = 0;
try {
// TODO : use regular expression to determine
id = Long.parseLong(identityString);
} catch (NumberFormatException e) {
// this could happen when it is a uuid string, so catch and ignore it
}
pstmt.setLong(1, id);
pstmt.setString(2, identityString);
ResultSet rs = pstmt.executeQuery();
if (rs.next()) {
return rs.getLong(1);
} else {
if (id == -1L)
return id;
throw new InvalidParameterValueException("Object " + tableName + "(uuid: " + identityString + ") does not exist.");
}
} catch (SQLException e) {
s_logger.error("Unexpected exception ", e);
}
} finally {
txn.close();
}
return null;
}
@DB
@Override
public Pair<Long, Long> getAccountDomainInfo(String tableName, Long identityId, ResourceObjectType resourceType) {
assert (tableName != null);
PreparedStatement pstmt = null;
TransactionLegacy txn = TransactionLegacy.open(TransactionLegacy.CLOUD_DB);
try {
Long domainId = null;
Long accountId = null;
//get domainId
try {
pstmt = txn.prepareAutoCloseStatement(String.format("SELECT domain_id FROM `%s` WHERE id=?", tableName));
pstmt.setLong(1, identityId);
ResultSet rs = pstmt.executeQuery();
if (rs.next()) {
if (rs.getLong(1) != 0) {
domainId = rs.getLong(1);
}
}
} catch (SQLException e) {
}
//get accountId
try {
String account = "account_id";
if (resourceType == ResourceObjectType.Project) {
account = "project_account_id";
}
pstmt = txn.prepareAutoCloseStatement(String.format("SELECT " + account + " FROM `%s` WHERE id=?", tableName));
pstmt.setLong(1, identityId);
ResultSet rs = pstmt.executeQuery();
if (rs.next()) {
if (rs.getLong(1) != 0) {
accountId = rs.getLong(1);
}
}
} catch (SQLException e) {
}
return new Pair<Long, Long>(accountId, domainId);
} finally {
txn.close();
}
}
@DB
@Override
public String getIdentityUuid(String tableName, String identityString) {
assert (tableName != null);
assert (identityString != null);
PreparedStatement pstmt = null;
TransactionLegacy txn = TransactionLegacy.open(TransactionLegacy.CLOUD_DB);
try {
try {
pstmt = txn.prepareAutoCloseStatement(String.format("SELECT uuid FROM `%s` WHERE id=? OR uuid=?", tableName)
// String.format("SELECT uuid FROM %s WHERE (id=? AND uuid IS NULL) OR uuid=?", tableName)
);
long id = 0;
try {
// TODO : use regular expression to determine
id = Long.parseLong(identityString);
} catch (NumberFormatException e) {
// this could happen when it is a uuid string, so catch and ignore it
}
pstmt.setLong(1, id);
pstmt.setString(2, identityString);
ResultSet rs = pstmt.executeQuery();
if (rs.next()) {
String uuid = rs.getString(1);
if (uuid != null && !uuid.isEmpty())
return uuid;
return identityString;
}
} catch (SQLException e) {
s_logger.error("Unexpected exception ", e);
}
} finally {
txn.close();
}
return identityString;
}
@Override
@DB
public void initializeDefaultUuid(String tableName) {
assert (tableName != null);
List<Long> l = getNullUuidRecords(tableName);
TransactionLegacy txn = TransactionLegacy.open(TransactionLegacy.CLOUD_DB);
try {
try {
txn.start();
for (Long id : l) {
setInitialUuid(tableName, id);
}
txn.commit();
} catch (SQLException e) {
txn.rollback();
s_logger.error("Unexpected exception ", e);
}
} finally {
txn.close();
}
}
@DB
List<Long> getNullUuidRecords(String tableName) {
List<Long> l = new ArrayList<Long>();
PreparedStatement pstmt = null;
TransactionLegacy txn = TransactionLegacy.open(TransactionLegacy.CLOUD_DB);
try {
try {
pstmt = txn.prepareAutoCloseStatement(String.format("SELECT id FROM `%s` WHERE uuid IS NULL", tableName));
ResultSet rs = pstmt.executeQuery();
while (rs.next()) {
l.add(rs.getLong(1));
}
} catch (SQLException e) {
s_logger.error("Unexpected exception ", e);
}
} finally {
txn.close();
}
return l;
}
@DB
void setInitialUuid(String tableName, long id) throws SQLException {
TransactionLegacy txn = TransactionLegacy.currentTxn();
PreparedStatement pstmtUpdate = null;
pstmtUpdate = txn.prepareAutoCloseStatement(String.format("UPDATE `%s` SET uuid=? WHERE id=?", tableName));
pstmtUpdate.setString(1, String.valueOf(id));
pstmtUpdate.setLong(2, id);
pstmtUpdate.executeUpdate();
}
}

1
server/test/resources/network-mgr-component.xml
View File

@ -174,7 +174,6 @@ under the License.
<dao name="UserDao" class="com.cloud.user.dao.UserDaoImpl" singleton="false"/>
<dao name="NetworkOfferingServiceDao" class="com.cloud.offerings.dao.NetworkOfferingServiceMapDaoImpl" singleton="false"/>
<dao name="VirtualRouterProviderDao" class="com.cloud.network.dao.VirtualRouterProviderDaoImpl" singleton="false"/>
<dao name="IdentityDao" class="com.cloud.uuididentity.dao.IdentityDaoImpl" singleton="false"/>
<dao name="Site2SiteCustomerGatewayDao" class="com.cloud.network.dao.Site2SiteCustomerGatewayDaoImpl" singleton="false"/>
<dao name="Site2SiteVpnGatewayDao" class="com.cloud.network.dao.Site2SiteVpnGatewayDaoImpl" singleton="false"/>
<dao name="Site2SiteVpnConnectionDao" class="com.cloud.network.dao.Site2SiteVpnConnectionDaoImpl" singleton="false"/>

1
services/console-proxy-rdp/rdpconsole/pom.xml
View File

@ -72,7 +72,6 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
<version>1.46</version>
</dependency>
</dependencies>
</project>

3
systemvm/pom.xml
View File

@ -51,7 +51,6 @@
<plugins>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<version>2.3</version>
<configuration>
<finalName>systemvm</finalName>
<appendAssemblyId>false</appendAssemblyId>
@ -71,7 +70,6 @@
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>2.6</version>
<executions>
<execution>
<id>copy-resources</id>
@ -102,7 +100,6 @@
</plugin>
<plugin>
<artifactId>maven-antrun-plugin</artifactId>
<version>1.7</version>
<executions>
<execution>
<id>build-cloud-scripts</id>