Changes:
- Only way to choose a certain storage pool is by using disk_offering_tags
- Added a parameter to take in a disk offering Id.
- Admin will have to create a custom sized disk offering and tag it as necessary for the user
- This custom offering Id should be passed during uploadVolume to associate the volume with this disk offering
(cherry picked from commit 13bd8beb91)
Changes:
-DeploymentPlanner should include disabled resources only when the VM owner is Admin account. The disabled resources should be ignored when VM is owned by any other user.
(cherry picked from commit 40e28de727)
store requires storage migration resulting in failure of VM migration. This also
improves the hostsformigration api. Firstly we were trying to list all hosts and
then finding suitable storage pools for all volumes and then we were checking
whether vm migration requires storage migration to that host. Now the process is
updated. We are checking for only those volumes which are not in zone wide primary
store. We are verifying by comparing volumes->poolid->clusterid to host clusterid.
If it uses local or clusterids are different then verifying whether host has
suitable storage pools for the volume of the vm to be migrated too.
(cherry picked from commit 64153a4371)
Conflicts:
engine/orchestration/src/com/cloud/vm/VirtualMachineManagerImpl.java
disabled zone does not fail
Fix ensures that connectivity service provider is enabled in the zone on
to which nework is being streched.
(cherry picked from commit d8cbba1bc6)
2. Add ctxDetails in the ParamGenericValidationWorker to avoid warning for api validation
3. Add some missing events.
4. Correcting mapping for ResourceObjectType.NetworkACL and ResourceObjectType.NetworkACLItem
(cherry picked from commit 8a9092c3cd)
Conflicts:
api/src/com/cloud/event/EventTypes.java
api/src/org/apache/cloudstack/api/BaseCmd.java
1. Adding the missing Template/Volume URLs expiration functionality
2. Improvement - While deleting the volume during expiration use rm -rf as vmware now contains directoy
3. Improvement - Use standard Answer so that the error gets logged in case deletion of expiration link didnt work fine.
4. Improvement - In case of domain change, expire the old urls
(cherry picked from commit 48ea9e0b5e)
Adding missing KVM mappings
Testing Done:
Local testing with removing CentOS mapping and launch a VM.
Signed-off-by: Nitin Mehta <nitin.mehta@citrix.com>
Local env
1. Create user defined mapping
2. Delete / modify user defined mapping. Should pass
3. Delete / modify system defined mapping. Should fail
Signed off by :- Nitin Mehta<nitin.mehta@citrix.com>
This restriction was purposely avoid confusion of VPN setup, but later found too
strictly and cause troubles for deployment. Removed after testing one customer
gateway with multiple connections.
This patch is for KVM
1. Local testing on KVM
2. Successfully got up system VMs
3. Successfully created a CentOS VM
4. Snapshots are not supported for KVM
Signed off by :- Nitin Mehta<nitin.mehta@citrix.com>
getting applied when a tier in VPC is created.
fix ensures, VpcRoutingPolicyUpdate is send when network rules are
programmed when network tier in VPC is created
the provider only if at least one capability is specified
Fix avoids the check, and only if the createNetworkOffering
'StrechedL2'Subnet' capability is specified then it should match against
'Connectivity' service provider
Changes:
- CS 4.3 handled Network entity in two ways:
a) Specified "UseNetwork" access and did a strict check w.r.t who can use this network. Regular users and Domain Admin went through the strict check. Root admin got access always.
b) Specified "null" access and that meant admins can access this network for the calling API that passes null access.
- Fixing CS 4.4 IAM to handle this behavior:
a) "UseNetwork" is mapped to "UseEntry" and IAM check will be done only for domain admin and regular users when this access is specified. Root Admin is grated access.
b) If "null" access is specified, root and domain admin both are granted access. Regular users still go through IAM.
Changes:
- IAM was applying ordering on accessTypes. Thus if an account had Operate, he got USe access as well. So even if IAM schema did not have 'UseEntry" permission for IpAddress, some other 'OperateEntry' permission on IpAddress was letting this operation go through.
- Fixed IAM to NOT do ordering of access types anymore. IAm will perform strict accessType check only.
- This fix is needed so that admin does not get permission to USE resources from other account just becase he has OPERATE access on those resources due to some other APIs.
- However due to this fix, we break backwards compatibilty with CS 4.3.
- CS 4.3 allowed root admin to do the createPF operation for a user by passing in networkId of the user.
- Same was the case for domain admins within their domains
- Why this worked was due to CS 4.3 simply returning true for root admin/domain admin
- So to maintain backwards compatibilty, we are adding the logic to return "true" for root admin and domain admin just like CS 4.3.
- Exception is: For Network, AffinityGroup and Templates, we still call IAM even for root admin/domain admin, since thats what CS 4.3 did. Just for these 3 resource_types, it used to perform access checks even for root admin/domain admin.
affinity groups available for regular users by passing account and
domainId paramater. This is to revert IAM way of implementing
listAffinityGroupsCmd, will bring it back when we have implemented real
impersonation.
templatefilter="shared" is used , we see public templates also being
included in the list. This commit reverts listTemplates behavior to 4.3
old logic without using consistent interpretation of list parameters
adopted in new IAM model.
Prachi Damle
Min Chen
Alena Prokharchyk
Rajani Karuturi
Anthony Xu
Nitin Mehta
wrodrigues
Daan Hoogland
amoghvk
Prachi Damle
Jayapal
Sanjay Tripathi
Ian Duffy
Ian Duffy
Daan Hoogland
Anshul Gangwar
Kelven Yang
Murali Reddy
Rajesh Battala
Santhosh Edukulla
Saksham Srivastava
Harikrishna Patnala
Olivier Lemasle
Koushik Das
Edison Su
Hiroki Ohashi
Devdeep Singh
Sheng Yang
sonal.ojha
Sam Schmit
Sebastien Goasguen
Tanner Danzey
Mike Tutkowski