This PR introduces several features and fixes some bugs:
- account tags feature
- fixed resource tags bugs which happened during tags search (found wrong entries because of mysql string to number translation - see #905, but this PR does more and fixes also resource access - vulnerability during list resource tags)
- some marvin improvements (speed, sanity)
Improved resource tags code:
1. Enhanced listTags security
2. Added support for account tags (account tags are required to support tags common for all users of an account)
3. Improved the tag management code (refactoring and cleanup)
Marvin:
1. Fixed Marvin wait timeout between async pools. To decrease polling interval and improve CI speed.
2. Fixed /tmp/ to /tmp in zone configuration files.
3. Fixed + to os.path.join in log class.
4. Fixed + to os.path.join in deployDataCenter class.
5. Fixed typos in tag tests.
6. Modified Tags base class delete method.
Deploy Datacenter script:
1. Improved deployDatacenter. Added option logdir to specify where script places results of evaluation.
ConfigurationManagerImpl:
1. Added logging to ConfigurationManagerImpl to log when vlan is not found. Added test stubs for tags. Found accidental exception during simulator running after CI.
tests_tags.py:
1. Fixed stale undeleted tags.
2. Changed region:India to scope:TestName.
This feature allows root administrators to define new roles and associate API
permissions to them.
A limited form of role-based access control for the CloudStack management server
API is provided through a properties file, commands.properties, embedded in the
WAR distribution. Therefore, customizing API permissions requires unpacking the
distribution and modifying this file consistently on all servers. The old system
also does not permit the specification of additional roles.
FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
DB-Backed Dynamic Role Based API Access Checker for CloudStack brings following
changes, features and use-cases:
- Moves the API access definitions from commands.properties to the mgmt server DB
- Allows defining custom roles (such as a read-only ROOT admin) beyond the
current set of four (4) roles
- All roles will resolve to one of the four known roles types (Admin, Resource
Admin, Domain Admin and User) which maintains this association by requiring
all new defined roles to specify a role type.
- Allows changes to roles and API permissions per role at runtime including additions or
removal of roles and/or modifications of permissions, without the need
of restarting management server(s)
Upgrade/installation notes:
- The feature will be enabled by default for new installations, existing
deployments will continue to use the older static role based api access checker
with an option to enable this feature
- During fresh installation or upgrade, the upgrade paths will add four default
roles based on the four default role types
- For ease of migration, at the time of upgrade commands.properties will be used
to add existing set of permissions to the default roles. cloud.account
will have a new role_id column which will be populated based on default roles
as well
Dynamic-roles migration tool: scripts/util/migrate-dynamicroles.py
- Allows admins to migrate to the dynamic role based checker at a future date
- Performs a harder one-way migrate and update
- Migrates rules from existing commands.properties file into db and deprecates it
- Enables an internal hidden switch to enable dynamic role based checker feature
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Fixed pep8 issues arising as part of merge
Signed-off-by: root <root@localhost.localdomain>
Signed-off-by: SrikanteswaraRao Talluri <talluri@apache.org>
1. Added pep8 changes, delete dc flag.
2. Now, delete dc works only if flag is set under config.
3. SSH, retries and delay were altered to reduce the time
for ssh connection
Signed-off-by: Santhosh Edukulla <Santhosh.Edukulla@citrix.com>
Signed-off-by: SrikanteswaraRao Talluri <talluri@apache.org>
Fixed issues mentioned for CLOUDSTACK-5674.
More changes in the bug
Signed-off-by: Santhosh Edukulla <Santhosh.Edukulla@citrix.com>
Signed-off-by: SrikanteswaraRao Talluri <talluri@apache.org>
Added few enhancements to marvin.
Added new module for Logging Facility to marvin.
Added new Init facility to marvin.
Currently, there are multiple ways we are doing logging
Removed few unwanted logging cases.
Removed few command line switch options for logging.
The new way of logging now provides consolidated logging
under one single folder timestamped under the configured
folder path.
Removed parsing configuration from deploydata center
Added parsing,start logging and deploy as part of init
Added new error handling facility to catch unknown exception from
test cases. Currently, lot of scripts are throwing unknown
exceptions, add a handler to plugin to dump them to a file
ToDO:
Will do clean up in phase2 for this patch.
Separate deployDatacenter from creating test client.
Clean up configGenerator
Fixed a connection issue under asyncmgr.
Added __init__.py files to directory to make it
a package.This file was missing under few directories and
so not appearing as packages while refactoring.
Adding one None Check
There were few unwanted calls as part of test client, did some clean up
Made the test client API uniform to accept both mgmt and dbsvr details
Did some minor bug fixes as well.
Signed-off-by: Santhosh Edukulla <Santhosh.Edukulla@citrix.com>
setup/dev/advanced.cfg is used by the simulator deployments that are
usually not https. disabled the http within this config file.
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
advanced.cfg: Contains three additional flags "useHttps,certCAPath,certPath"
for https usage in marvin for establishing cs connection. We will use the
configuraiton under advanced.cfg provided by user to establish connection over
https. If establishing the connection over https failed, then the default certs
will be used. or else raise the exception, the existing http will work as it
is when useHttps flag set to "False"
Signed-off-by: Santhosh Edukulla <Santhosh.Edukulla@citrix.com>
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
On 2.6 response.json returns the JSOn in the response while on 2.7
response.json() is a method. Since Marvin installs on both platforms
fixing the error appropriately
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
cloudConnection object should always have "user" and "passwd" attributes.
And they are "None" while creating userAPIClient. As we already
have "user" and "password" for mgmt server.
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
Changes to marvin_request and base libraries to accomadate POST
requests.
Additional tests for sending userdata through GET Userdata tests - send
size>2k data via GET and POST.
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
Use python-requests [1] for Marvin. Requests enables graceful handling
of http connections. Marvin's cloudstackConnection has been refactored,
cleaned up to act as a single module for all kinds of cloudstack API
requesting.
TODO:
1. session based login mechanism of the UI should work from
cloudstackConnection
2. cloudmonkey can also reuse /import marvin.cloudstackConnection
3. More graceful handling of POST requests
[1] http://docs.python-requests.org/en/latest/
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
This is the first part of fixing CLOUDSTACK-514, and is hopefully
backward compatible with previous use of Marvin. I added two new
parameters to the cloudstackConnection module, protocol and path.
Both have been defaulted to the previously *assumed* values.
Signed-off-by: Chip Childers <chip.childers@gmail.com>
$ant package-marvin
will create a packaged source tarball of the testclient that is
redistributable and decoupled from the rest of the cloudstack build
reviewed-by: unittest
Bitworks Software, Ltd
Rohit Yadav
Gaurav Aradhye
SrikanteswaraRao Talluri
santhoshe
root
Santhosh Edukulla
Girish Shilamkar
Prasanna Santhanam
Daan Hoogland
Mike Tutkowski
Nitin Mehta
Talluri
Chiradeep Vittal
John Burwell
Edison Su
Chip Childers
Rohit Yadav
Prasanna Santhanam
David Nalley