bug 8724: can create sshKeyPair in behalf of other users now

status 8724: resolved fixed
2011-03-14 15:30:54 -07:00 · 2011-03-14 15:30:54 -07:00 · c32198838f
parent aa8183e660
commit c32198838f
4 changed files with 25 additions and 5 deletions
--- a/api/src/com/cloud/api/commands/CreateSSHKeyPairCmd.java
+++ b/api/src/com/cloud/api/commands/CreateSSHKeyPairCmd.java
@ -24,6 +24,13 @@ public class CreateSSHKeyPairCmd extends BaseCmd {
 	@Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="Name of the keypair") 
 	private String name;
 	
+    //Owner information
+    @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the ssh key. Must be used with domainId.")
+    private String accountName;
+    
+    @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the ssh key. If the account parameter is used, domainId must also be used.")
+    private Long domainId;
+	
    
    /////////////////////////////////////////////////////
    /////////////////// Accessors ///////////////////////
@ -33,11 +40,18 @@ public class CreateSSHKeyPairCmd extends BaseCmd {
 		return name;
 	}
 	
+    public String getAccountName() {
+        return accountName;
+    }
+    
+    public Long getDomainId() {
+        return domainId;
+    }
+
 	
    /////////////////////////////////////////////////////
    /////////////// API Implementation///////////////////
 	/////////////////////////////////////////////////////
-	
    @Override
    public long getEntityOwnerId() {
        Account account = UserContext.current().getCaller();
--- a/api/src/com/cloud/api/commands/DeployVMCmd.java
+++ b/api/src/com/cloud/api/commands/DeployVMCmd.java
@ -38,7 +38,6 @@ import com.cloud.exception.InsufficientCapacityException;
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.ResourceAllocationException;
 import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.hypervisor.Hypervisor;
 import com.cloud.hypervisor.Hypervisor.HypervisorType;
 import com.cloud.offering.ServiceOffering;
 import com.cloud.template.VirtualMachineTemplate;
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@ -4806,8 +4806,13 @@ public class ManagementServerImpl implements ManagementServer {
 	
    @Override
    public SSHKeyPair createSSHKeyPair(CreateSSHKeyPairCmd cmd) {
-        Account account = UserContext.current().getCaller();
-        SSHKeyPairVO s = _sshKeyPairDao.findByName(account.getAccountId(), account.getDomainId(), cmd.getName());
+        Account caller = UserContext.current().getCaller();
+        String accountName = cmd.getAccountName();
+        Long domainId = cmd.getDomainId();
+        
+        Account owner = _accountMgr.finalizeOwner(caller, accountName, domainId);
+        
+        SSHKeyPairVO s = _sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), cmd.getName());
        if (s != null) {
            throw new InvalidParameterValueException("A key pair with name '" + cmd.getName() + "' already exists.");
        }
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@ -2068,8 +2068,10 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
            if (domain == null) {
                throw new CloudRuntimeException("Unable to find the domain " + zone.getDomainId() + " for the zone: " + zone);
            }
+            //check that caller can operate with domain
            _accountMgr.checkAccess(caller, domain);
-            _accountMgr.checkAccess(caller, domain);
+            //check that vm owner can create vm in the domain
+            _accountMgr.checkAccess(owner, domain);
        }

        //check if account/domain is with in resource limits to create a new vm