From c32198838f78e797e45a2ab32c046e42626b74c8 Mon Sep 17 00:00:00 2001 From: alena Date: Mon, 14 Mar 2011 15:30:54 -0700 Subject: [PATCH] bug 8724: can create sshKeyPair in behalf of other users now status 8724: resolved fixed --- .../cloud/api/commands/CreateSSHKeyPairCmd.java | 16 +++++++++++++++- api/src/com/cloud/api/commands/DeployVMCmd.java | 1 - .../com/cloud/server/ManagementServerImpl.java | 9 +++++++-- server/src/com/cloud/vm/UserVmManagerImpl.java | 4 +++- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/api/src/com/cloud/api/commands/CreateSSHKeyPairCmd.java b/api/src/com/cloud/api/commands/CreateSSHKeyPairCmd.java index af6dcc82b1c..db95a7269e4 100644 --- a/api/src/com/cloud/api/commands/CreateSSHKeyPairCmd.java +++ b/api/src/com/cloud/api/commands/CreateSSHKeyPairCmd.java @@ -24,6 +24,13 @@ public class CreateSSHKeyPairCmd extends BaseCmd { @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="Name of the keypair") private String name; + //Owner information + @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the ssh key. Must be used with domainId.") + private String accountName; + + @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the ssh key. If the account parameter is used, domainId must also be used.") + private Long domainId; + ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -33,11 +40,18 @@ public class CreateSSHKeyPairCmd extends BaseCmd { return name; } + public String getAccountName() { + return accountName; + } + + public Long getDomainId() { + return domainId; + } + ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// - @Override public long getEntityOwnerId() { Account account = UserContext.current().getCaller(); diff --git a/api/src/com/cloud/api/commands/DeployVMCmd.java b/api/src/com/cloud/api/commands/DeployVMCmd.java index c3733bb95b4..735eda8dd6a 100644 --- a/api/src/com/cloud/api/commands/DeployVMCmd.java +++ b/api/src/com/cloud/api/commands/DeployVMCmd.java @@ -38,7 +38,6 @@ import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.ResourceUnavailableException; -import com.cloud.hypervisor.Hypervisor; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.offering.ServiceOffering; import com.cloud.template.VirtualMachineTemplate; diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 0ad6886b3ec..48cf91d5093 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -4806,8 +4806,13 @@ public class ManagementServerImpl implements ManagementServer { @Override public SSHKeyPair createSSHKeyPair(CreateSSHKeyPairCmd cmd) { - Account account = UserContext.current().getCaller(); - SSHKeyPairVO s = _sshKeyPairDao.findByName(account.getAccountId(), account.getDomainId(), cmd.getName()); + Account caller = UserContext.current().getCaller(); + String accountName = cmd.getAccountName(); + Long domainId = cmd.getDomainId(); + + Account owner = _accountMgr.finalizeOwner(caller, accountName, domainId); + + SSHKeyPairVO s = _sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), cmd.getName()); if (s != null) { throw new InvalidParameterValueException("A key pair with name '" + cmd.getName() + "' already exists."); } diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index 174b58ef7ec..38e8ba20920 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -2068,8 +2068,10 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager if (domain == null) { throw new CloudRuntimeException("Unable to find the domain " + zone.getDomainId() + " for the zone: " + zone); } + //check that caller can operate with domain _accountMgr.checkAccess(caller, domain); - _accountMgr.checkAccess(caller, domain); + //check that vm owner can create vm in the domain + _accountMgr.checkAccess(owner, domain); } //check if account/domain is with in resource limits to create a new vm