From b62f59ac956f9d8188fe1678d6d20d0b56dd2c93 Mon Sep 17 00:00:00 2001 From: Harikrishna Date: Sun, 31 Jul 2022 16:45:36 +0530 Subject: [PATCH] Fixed list networks in projects after setting network permissions (#6546) This PR fixes #6544 where it could not list networks in a project even after network permissions are set. * Added test cases to existing component tests to test network permissions * Moved test_network_permissions.py from component to smoke tests * Added test_network_permissions to travis.yml under smoke tests --- .travis.yml | 2 +- .../com/cloud/network/NetworkServiceImpl.java | 10 +++---- .../test_network_permissions.py | 29 +++++++++++++++++++ 3 files changed, 35 insertions(+), 6 deletions(-) rename test/integration/{component => smoke}/test_network_permissions.py (94%) diff --git a/.travis.yml b/.travis.yml index 365de7dcc2c..eb51ab9ec8b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -78,6 +78,7 @@ env: smoke/test_nested_virtualization smoke/test_network smoke/test_network_acl + smoke/test_network_permissions smoke/test_nic smoke/test_nic_adapter_type smoke/test_non_contigiousvlan @@ -131,7 +132,6 @@ env: - TESTS="component/test_acl_sharednetwork component/test_acl_sharednetwork_deployVM-impersonation - component/test_network_permissions component/test_user_private_gateway component/test_user_shared_network" diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java index cb6e2a526d6..a3a3e4d9702 100644 --- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java +++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java @@ -2022,7 +2022,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C if (Arrays.asList(Network.NetworkFilter.Shared, Network.NetworkFilter.All).contains(networkFilter)) { // get shared networks List sharedNetworks = listSharedNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId, - aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, permittedAccounts); + aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, permittedAccounts); addNetworksToReturnIfNotExist(networksToReturn, sharedNetworks); } @@ -2035,23 +2035,23 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C if (Arrays.asList(Network.NetworkFilter.Domain, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) { //add domain specific networks of domain + parent domains networksToReturn.addAll(listDomainSpecificNetworksByDomainPath(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId, - aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive)); + aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive)); //add networks of subdomains if (domainId == null) { networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId, - aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, caller.getDomainId(), true)); + aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, caller.getDomainId(), true)); } } if (Arrays.asList(Network.NetworkFilter.Shared, Network.NetworkFilter.All).contains(networkFilter)) { // get shared networks List sharedNetworks = listSharedNetworksByDomainPath(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId, - aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive); + aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive); addNetworksToReturnIfNotExist(networksToReturn, sharedNetworks); } } } else { networksToReturn = _networksDao.search(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId, - null, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter); + null, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter); } if (supportedServicesStr != null && !supportedServicesStr.isEmpty() && !networksToReturn.isEmpty()) { diff --git a/test/integration/component/test_network_permissions.py b/test/integration/smoke/test_network_permissions.py similarity index 94% rename from test/integration/component/test_network_permissions.py rename to test/integration/smoke/test_network_permissions.py index b6c545f1027..1b4a331f260 100644 --- a/test/integration/component/test_network_permissions.py +++ b/test/integration/smoke/test_network_permissions.py @@ -758,3 +758,32 @@ class TestNetworkPermissions(cloudstackTestCase): command = """self.reset_network_permission({apiclient}, self.user_network, expected=True)""" self.exec_command("self.otheruser_apiclient", command, expected=False) self.exec_command("self.user_apiclient", command, expected=True) + + @attr(tags=["advanced"], required_hardware="false") + def test_05_list_networks_under_project(self): + """ Testing list networks under a project """ + self.create_network_permission(self.apiclient, self.user_network, self.domain_admin, self.project, expected=True) + self.list_network(self.apiclient, self.domain_admin, self.user_network, self.project, None, expected=True) + + self.remove_network_permission(self.apiclient, self.user_network, self.domain_admin, self.project, expected=True) + self.list_network(self.apiclient, self.domain_admin, self.user_network, self.project, None, expected=False) + + @attr(tags=["advanced"], required_hardware="false") + def test_06_list_networks_under_account(self): + """ Testing list networks under a domain admin account and user account """ + self.create_network_permission(self.apiclient, self.user_network, self.domain_admin, None, expected=True) + self.list_network(self.apiclient, self.domain_admin, self.user_network, None, None, expected=True) + self.list_network(self.domainadmin_apiclient, self.domain_admin, self.user_network, None, None, expected=True) + self.list_network(self.user_apiclient, self.domain_admin, self.user_network, None, None, expected=False) + + self.remove_network_permission(self.apiclient, self.user_network, self.domain_admin, None, expected=True) + self.list_network(self.apiclient, self.domain_admin, self.user_network, None, None, expected=False) + self.list_network(self.domainadmin_apiclient, self.domain_admin, self.user_network, None, None, expected=False) + + self.create_network_permission(self.apiclient, self.user_network, self.other_user, None, expected=True) + self.list_network(self.apiclient, self.other_user, self.user_network, None, None, expected=True) + self.list_network(self.otheruser_apiclient, self.other_user, self.user_network, None, None, expected=True) + + self.remove_network_permission(self.apiclient, self.user_network, self.other_user, None, expected=True) + self.list_network(self.apiclient, self.other_user, self.user_network, None, None, expected=False) + self.list_network(self.otheruser_apiclient, self.other_user, self.user_network, None, None, expected=False) \ No newline at end of file