diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java index be158c9de02..6151b6a29db 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java @@ -43,7 +43,12 @@ import com.cloud.network.rules.FirewallRule; import com.cloud.user.Account; import com.cloud.utils.net.NetUtils; -@APICommand(name = CreateIpv6FirewallRuleCmd.APINAME, description = "Creates an Ipv6 firewall rule in the given network (the network has to belong to VPC)", responseObject = FirewallRuleResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false) +@APICommand(name = CreateIpv6FirewallRuleCmd.APINAME, + description = "Creates an Ipv6 firewall rule in the given network (the network has to belong to VPC)", + responseObject = FirewallRuleResponse.class, + requestHasSensitiveInfo = false, + responseHasSensitiveInfo = false, + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class CreateIpv6FirewallRuleCmd extends BaseAsyncCreateCmd { public static final Logger s_logger = Logger.getLogger(CreateIpv6FirewallRuleCmd.class.getName()); diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/DeleteIpv6FirewallRuleCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/DeleteIpv6FirewallRuleCmd.java index e7343a80d05..274f736a62b 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/DeleteIpv6FirewallRuleCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/DeleteIpv6FirewallRuleCmd.java @@ -16,6 +16,7 @@ // under the License. package org.apache.cloudstack.api.command.user.ipv6; +import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandResourceType; import org.apache.cloudstack.api.ApiConstants; @@ -33,8 +34,12 @@ import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.rules.FirewallRule; import com.cloud.user.Account; -@APICommand(name = DeleteIpv6FirewallRuleCmd.APINAME, description = "Deletes a IPv6 firewall rule", responseObject = SuccessResponse.class, - requestHasSensitiveInfo = false, responseHasSensitiveInfo = false) +@APICommand(name = DeleteIpv6FirewallRuleCmd.APINAME, + description = "Deletes a IPv6 firewall rule", + responseObject = SuccessResponse.class, + requestHasSensitiveInfo = false, + responseHasSensitiveInfo = false, + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class DeleteIpv6FirewallRuleCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(DeleteIpv6FirewallRuleCmd.class.getName()); public static final String APINAME = "deleteIpv6FirewallRule"; diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/ListIpv6FirewallRulesCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/ListIpv6FirewallRulesCmd.java index 3f91f523edc..fc2714cf1bf 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/ListIpv6FirewallRulesCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/ListIpv6FirewallRulesCmd.java @@ -34,8 +34,12 @@ import org.apache.log4j.Logger; import com.cloud.network.rules.FirewallRule; import com.cloud.utils.Pair; -@APICommand(name = ListIpv6FirewallRulesCmd.APINAME, description = "Lists all IPv6 firewall rules", responseObject = FirewallRuleResponse.class, - requestHasSensitiveInfo = false, responseHasSensitiveInfo = false) +@APICommand(name = ListIpv6FirewallRulesCmd.APINAME, + description = "Lists all IPv6 firewall rules", + responseObject = FirewallRuleResponse.class, + requestHasSensitiveInfo = false, + responseHasSensitiveInfo = false, + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class ListIpv6FirewallRulesCmd extends BaseListTaggedResourcesCmd implements IListFirewallRulesCmd { public static final Logger s_logger = Logger.getLogger(ListIpv6FirewallRulesCmd.class.getName()); diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/UpdateIpv6FirewallRuleCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/UpdateIpv6FirewallRuleCmd.java index 8a05d02ae59..2295a17db83 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/UpdateIpv6FirewallRuleCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/UpdateIpv6FirewallRuleCmd.java @@ -34,7 +34,12 @@ import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.rules.FirewallRule; import com.cloud.user.Account; -@APICommand(name = UpdateIpv6FirewallRuleCmd.APINAME, description = "Updates Ipv6 firewall rule with specified ID", responseObject = FirewallRuleResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false) +@APICommand(name = UpdateIpv6FirewallRuleCmd.APINAME, + description = "Updates Ipv6 firewall rule with specified ID", + responseObject = FirewallRuleResponse.class, + requestHasSensitiveInfo = false, + responseHasSensitiveInfo = false, + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class UpdateIpv6FirewallRuleCmd extends BaseAsyncCustomIdCmd { public static final Logger s_logger = Logger.getLogger(UpdateIpv6FirewallRuleCmd.class.getName()); diff --git a/test/integration/component/test_network_ipv6.py b/test/integration/component/test_network_ipv6.py index 29afb8d97be..30734d73d95 100644 --- a/test/integration/component/test_network_ipv6.py +++ b/test/integration/component/test_network_ipv6.py @@ -209,6 +209,10 @@ class TestIpv6Network(cloudstackTestCase): def setUp(self): self.services = self.testClient.getParsedTestDataConfig() self.apiclient = self.testClient.getApiClient() + self.userapiclient = self.testClient.getUserApiClient( + UserName=self.account.name, + DomainName=self.account.domain + ) self.dbclient = self.testClient.getDbConnection() self.thread = None self.cleanup = [] @@ -266,10 +270,8 @@ class TestIpv6Network(cloudstackTestCase): def deployNetwork(self): self.services["network"]["networkoffering"] = self.network_offering.id self.network = Network.create( - self.apiclient, + self.userapiclient, self.services["network"], - self.account.name, - self.account.domainid, zoneid=self.zone.id ) self.cleanup.append(self.network) @@ -279,11 +281,9 @@ class TestIpv6Network(cloudstackTestCase): assert False, "get_test_template() failed to return template" self.services["virtual_machine"]["zoneid"] = self.zone.id self.virtual_machine = VirtualMachine.create( - self.apiclient, + self.userapiclient, self.services["virtual_machine"], templateid=self.template.id, - accountid=self.account.name, - domainid=self.account.domainid, networkids=self.network.id, serviceofferingid=self.service_offering.id ) @@ -541,11 +541,11 @@ class TestIpv6Network(cloudstackTestCase): "IPv6 gateway for VM %s NIC is empty" % nic.traffictype) def restartNetworkWithCleanup(self): - self.network.restart(self.apiclient, cleanup=True) + self.network.restart(self.userapiclient, cleanup=True) time.sleep(SLEEP_BEFORE_VR_CHANGES) def updateNetworkWithOffering(self): - self.network.update(self.apiclient, networkofferingid=self.network_offering_update.id) + self.network.update(self.userapiclient, networkofferingid=self.network_offering_update.id) time.sleep(SLEEP_BEFORE_VR_CHANGES) def createIpv6FirewallRuleInNetwork(self, network_id, traffic_type, source_cidr, dest_cidr, protocol, @@ -567,7 +567,7 @@ class TestIpv6Network(cloudstackTestCase): cmd.icmptype = icmp_type if icmp_code is not None: cmd.icmpcode = icmp_code - fw_rule = self.apiclient.createIpv6FirewallRule(cmd) + fw_rule = self.userapiclient.createIpv6FirewallRule(cmd) return fw_rule def deployRoutingTestResources(self): @@ -655,7 +655,7 @@ class TestIpv6Network(cloudstackTestCase): cmd = deleteIpv6FirewallRule.deleteIpv6FirewallRuleCmd() cmd.id = fw2.id - self.apiclient.deleteIpv6FirewallRule(cmd) + self.userapiclient.deleteIpv6FirewallRule(cmd) def createAndVerifyIpv6FirewallRule(self, traffic_type, source_cidr, dest_cidr, protocol, start_port, end_port, icmp_type, icmp_code, parsed_rule, delete=False): @@ -664,7 +664,7 @@ class TestIpv6Network(cloudstackTestCase): start_port, end_port, icmp_type, icmp_code) cmd = listIpv6FirewallRules.listIpv6FirewallRulesCmd() cmd.id = fw_rule.id - rules = self.apiclient.listIpv6FirewallRules(cmd) + rules = self.userapiclient.listIpv6FirewallRules(cmd) self.assertTrue( isinstance(rules, list), "Check listIpv6FirewallRules response returns a valid list" @@ -702,7 +702,7 @@ class TestIpv6Network(cloudstackTestCase): if delete == True: cmd = deleteIpv6FirewallRule.deleteIpv6FirewallRuleCmd() cmd.id = fw_rule.id - self.apiclient.deleteIpv6FirewallRule(cmd) + self.userapiclient.deleteIpv6FirewallRule(cmd) res = self.getRouterProcessStatus(self.getNetworkRouter(self.network), routerCmd) self.assertFalse(parsed_rule in res, "Firewall rule present in nft list chain failure despite delete for rule: %s" % parsed_rule) diff --git a/test/integration/smoke/test_network_ipv6.py b/test/integration/smoke/test_network_ipv6.py index 385ff636b16..41b7c85dea0 100644 --- a/test/integration/smoke/test_network_ipv6.py +++ b/test/integration/smoke/test_network_ipv6.py @@ -209,6 +209,10 @@ class TestIpv6Network(cloudstackTestCase): def setUp(self): self.services = self.testClient.getParsedTestDataConfig() self.apiclient = self.testClient.getApiClient() + self.userapiclient = self.testClient.getUserApiClient( + UserName=self.account.name, + DomainName=self.account.domain + ) self.dbclient = self.testClient.getDbConnection() self.thread = None self.cleanup = [] @@ -266,10 +270,8 @@ class TestIpv6Network(cloudstackTestCase): def deployNetwork(self): self.services["network"]["networkoffering"] = self.network_offering.id self.network = Network.create( - self.apiclient, + self.userapiclient, self.services["network"], - self.account.name, - self.account.domainid, zoneid=self.zone.id ) self.cleanup.append(self.network) @@ -279,11 +281,9 @@ class TestIpv6Network(cloudstackTestCase): assert False, "get_test_template() failed to return template" self.services["virtual_machine"]["zoneid"] = self.zone.id self.virtual_machine = VirtualMachine.create( - self.apiclient, + self.userapiclient, self.services["virtual_machine"], templateid=self.template.id, - accountid=self.account.name, - domainid=self.account.domainid, networkids=self.network.id, serviceofferingid=self.service_offering.id ) @@ -541,11 +541,11 @@ class TestIpv6Network(cloudstackTestCase): "IPv6 gateway for VM %s NIC is empty" % nic.traffictype) def restartNetworkWithCleanup(self): - self.network.restart(self.apiclient, cleanup=True) + self.network.restart(self.userapiclient, cleanup=True) time.sleep(SLEEP_BEFORE_VR_CHANGES) def updateNetworkWithOffering(self): - self.network.update(self.apiclient, networkofferingid=self.network_offering_update.id) + self.network.update(self.userapiclient, networkofferingid=self.network_offering_update.id) time.sleep(SLEEP_BEFORE_VR_CHANGES) def createIpv6FirewallRuleInNetwork(self, network_id, traffic_type, source_cidr, dest_cidr, protocol, @@ -567,7 +567,7 @@ class TestIpv6Network(cloudstackTestCase): cmd.icmptype = icmp_type if icmp_code is not None: cmd.icmpcode = icmp_code - fw_rule = self.apiclient.createIpv6FirewallRule(cmd) + fw_rule = self.userapiclient.createIpv6FirewallRule(cmd) return fw_rule def deployRoutingTestResources(self): @@ -655,7 +655,7 @@ class TestIpv6Network(cloudstackTestCase): cmd = deleteIpv6FirewallRule.deleteIpv6FirewallRuleCmd() cmd.id = fw2.id - self.apiclient.deleteIpv6FirewallRule(cmd) + self.userapiclient.deleteIpv6FirewallRule(cmd) def createAndVerifyIpv6FirewallRule(self, traffic_type, source_cidr, dest_cidr, protocol, start_port, end_port, icmp_type, icmp_code, parsed_rule, delete=False): @@ -664,7 +664,7 @@ class TestIpv6Network(cloudstackTestCase): start_port, end_port, icmp_type, icmp_code) cmd = listIpv6FirewallRules.listIpv6FirewallRulesCmd() cmd.id = fw_rule.id - rules = self.apiclient.listIpv6FirewallRules(cmd) + rules = self.userapiclient.listIpv6FirewallRules(cmd) self.assertTrue( isinstance(rules, list), "Check listIpv6FirewallRules response returns a valid list" @@ -702,7 +702,7 @@ class TestIpv6Network(cloudstackTestCase): if delete == True: cmd = deleteIpv6FirewallRule.deleteIpv6FirewallRuleCmd() cmd.id = fw_rule.id - self.apiclient.deleteIpv6FirewallRule(cmd) + self.userapiclient.deleteIpv6FirewallRule(cmd) res = self.getRouterProcessStatus(self.getNetworkRouter(self.network), routerCmd) self.assertFalse(parsed_rule in res, "Firewall rule present in nft list chain failure despite delete for rule: %s" % parsed_rule)