cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject git commit: updated refs/heads/master to 0f79223
Date Fri, 09 May 2014 06:26:22 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/master 51cb0f9a4 -> 0f79223f2


CLOUDSTACK-6613:IAM: authorizeSecurityGroupIngress fails when SG Name is
passed.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0f79223f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0f79223f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0f79223f

Branch: refs/heads/master
Commit: 0f79223f2880432f7e745543e1ecbb4e6858a55c
Parents: 51cb0f9
Author: Min Chen <min.chen@citrix.com>
Authored: Thu May 8 23:08:32 2014 -0700
Committer: Min Chen <min.chen@citrix.com>
Committed: Thu May 8 23:19:28 2014 -0700

----------------------------------------------------------------------
 .../AuthorizeSecurityGroupEgressCmd.java        |  3 +-
 .../AuthorizeSecurityGroupIngressCmd.java       |  3 +-
 server/src/com/cloud/api/ApiServer.java         | 52 +++++++++++---------
 .../cloud/api/dispatch/ParamProcessWorker.java  |  3 +-
 4 files changed, 35 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0f79223f/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
index aef0a7c..9909bf3 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
@@ -95,7 +95,8 @@ public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd {
     @Parameter(name=ApiConstants.SECURITY_GROUP_ID, type=CommandType.UUID, description="The
ID of the security group. Mutually exclusive with securityGroupName parameter", entityType=SecurityGroupResponse.class)
     private Long securityGroupId;
 
-    @ACL(accessType = AccessType.OperateEntry)
+    // This @ACL will not work, since we don't have a way to convert this parameter to the
entity like securityGroupId.
+    //@ACL(accessType = AccessType.OperateEntry)
     @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="The
name of the security group. Mutually exclusive with securityGroupName parameter")
     private String securityGroupName;
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0f79223f/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
index 188df6e..3549d51 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
@@ -95,7 +95,8 @@ public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd {
     @Parameter(name=ApiConstants.SECURITY_GROUP_ID, type=CommandType.UUID, description="The
ID of the security group. Mutually exclusive with securityGroupName parameter", entityType=SecurityGroupResponse.class)
     private Long securityGroupId;
 
-    @ACL(accessType = AccessType.OperateEntry)
+    // This @ACL will not work, since we don't have a way to convert this parameter to the
entity like securityGroupId.
+    //@ACL(accessType = AccessType.OperateEntry)
     @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="The
name of the security group. Mutually exclusive with securityGroupName parameter")
     private String securityGroupName;
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0f79223f/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index 9c65fed..0b24087 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -96,10 +96,14 @@ import org.apache.cloudstack.api.BaseListCmd;
 import org.apache.cloudstack.api.ResponseObject;
 import org.apache.cloudstack.api.ResponseObject.ResponseView;
 import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.admin.account.ListAccountsCmdByAdmin;
 import org.apache.cloudstack.api.command.admin.host.ListHostsCmd;
 import org.apache.cloudstack.api.command.admin.router.ListRoutersCmd;
 import org.apache.cloudstack.api.command.admin.storage.ListStoragePoolsCmd;
 import org.apache.cloudstack.api.command.admin.user.ListUsersCmd;
+import org.apache.cloudstack.api.command.admin.vm.ListVMsCmdByAdmin;
+import org.apache.cloudstack.api.command.admin.volume.ListVolumesCmdByAdmin;
+import org.apache.cloudstack.api.command.admin.zone.ListZonesCmdByAdmin;
 import org.apache.cloudstack.api.command.user.account.ListAccountsCmd;
 import org.apache.cloudstack.api.command.user.account.ListProjectAccountsCmd;
 import org.apache.cloudstack.api.command.user.event.ListEventsCmd;
@@ -138,8 +142,8 @@ import com.cloud.domain.Domain;
 import com.cloud.domain.DomainVO;
 import com.cloud.domain.dao.DomainDao;
 import com.cloud.event.ActionEventUtils;
-import com.cloud.event.EventTypes;
 import com.cloud.event.EventCategory;
+import com.cloud.event.EventTypes;
 import com.cloud.exception.AccountLimitException;
 import com.cloud.exception.CloudAuthenticationException;
 import com.cloud.exception.InsufficientCapacityException;
@@ -210,7 +214,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
     private static Map<String, List<Class<?>>> s_apiNameCmdClassMap = new
HashMap<String, List<Class<?>>>();
 
     private static ExecutorService s_executor = new ThreadPoolExecutor(10, 150, 60, TimeUnit.SECONDS,
new LinkedBlockingQueue<Runnable>(), new NamedThreadFactory(
-        "ApiServer"));
+            "ApiServer"));
     @Inject
     MessageBus _messageBus;
 
@@ -442,7 +446,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
                 final Matcher matcher = pattern.matcher(value[0]);
                 if (matcher.find()) {
                     throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value
" + value[0] + " for parameter " + key +
-                        " is invalid, contains illegal ASCII non-printable characters");
+                            " is invalid, contains illegal ASCII non-printable characters");
                 }
             }
             stringMap.put(key, value[0]);
@@ -506,7 +510,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
                                 StringUtils.cleanString(response));
                     }
                     else
-                    buildAuditTrail(auditTrailSb, command[0], response);
+                        buildAuditTrail(auditTrailSb, command[0], response);
                 } else {
                     if (!command[0].equalsIgnoreCase("login") && !command[0].equalsIgnoreCase("logout"))
{
                         final String errorString = "Unknown API command: " + command[0];
@@ -612,7 +616,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
                 objectUuid = createCmd.getEntityUuid();
                 params.put("id", objectId.toString());
                 Class entityClass = EventTypes.getEntityClassForEvent(createCmd.getEventType());
-                if(entityClass != null)
+                if (entityClass != null)
                     ctx.putContextParameter(entityClass.getName(), objectId);
             } else {
                 // Extract the uuid before params are processed and id reflects internal
db id
@@ -628,7 +632,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
             if (caller != null) {
                 params.put("ctxAccountId", String.valueOf(caller.getId()));
             }
-            if(objectUuid != null){
+            if (objectUuid != null) {
                 params.put("uuid", objectUuid);
             }
 
@@ -637,14 +641,14 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
 
             // Add the resource id in the call context, also add some other first class object
ids (for now vm) if available.
             // TODO - this should be done for all the uuids passed in the cmd - so should
be moved where uuid to id conversion happens.
-            if(EventTypes.getEntityForEvent(asyncCmd.getEventType()) != null){
+            if (EventTypes.getEntityForEvent(asyncCmd.getEventType()) != null) {
                 ctx.putContextParameter(EventTypes.getEntityForEvent(asyncCmd.getEventType()),
objectUuid);
             }
 
             // save the scheduled event
             final Long eventId =
-                ActionEventUtils.onScheduledActionEvent((callerUserId == null) ? User.UID_SYSTEM
: callerUserId, asyncCmd.getEntityOwnerId(), asyncCmd.getEventType(),
-                    asyncCmd.getEventDescription(), asyncCmd.isDisplay(), startEventId);
+                    ActionEventUtils.onScheduledActionEvent((callerUserId == null) ? User.UID_SYSTEM
: callerUserId, asyncCmd.getEntityOwnerId(), asyncCmd.getEventType(),
+                            asyncCmd.getEventDescription(), asyncCmd.isDisplay(), startEventId);
             if (startEventId == 0) {
                 // There was no create event before, set current event id as start eventId
                 startEventId = eventId;
@@ -681,13 +685,15 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
             // if the command is of the listXXXCommand, we will need to also return the
             // the job id and status if possible
             // For those listXXXCommand which we have already created DB views, this step
is not needed since async job is joined in their db views.
-            if (cmdObj instanceof BaseListCmd && !(cmdObj instanceof ListVMsCmd)
&& !(cmdObj instanceof ListRoutersCmd) && !(cmdObj instanceof ListSecurityGroupsCmd)
&&
-                !(cmdObj instanceof ListTagsCmd) && !(cmdObj instanceof ListEventsCmd)
&& !(cmdObj instanceof ListVMGroupsCmd) && !(cmdObj instanceof ListProjectsCmd)
&&
-                !(cmdObj instanceof ListProjectAccountsCmd) && !(cmdObj instanceof
ListProjectInvitationsCmd) && !(cmdObj instanceof ListHostsCmd) &&
-                !(cmdObj instanceof ListVolumesCmd) && !(cmdObj instanceof ListUsersCmd)
&& !(cmdObj instanceof ListAccountsCmd) &&
-                !(cmdObj instanceof ListStoragePoolsCmd) && !(cmdObj instanceof ListDiskOfferingsCmd)
&& !(cmdObj instanceof ListServiceOfferingsCmd) &&
-                !(cmdObj instanceof ListZonesCmd)) {
-                buildAsyncListResponse((BaseListCmd) cmdObj, caller);
+            if (cmdObj instanceof BaseListCmd && !(cmdObj instanceof ListVMsCmd)
&& !(cmdObj instanceof ListVMsCmdByAdmin) && !(cmdObj instanceof ListRoutersCmd)
+                    && !(cmdObj instanceof ListSecurityGroupsCmd) &&
+                    !(cmdObj instanceof ListTagsCmd) && !(cmdObj instanceof ListEventsCmd)
&& !(cmdObj instanceof ListVMGroupsCmd) && !(cmdObj instanceof ListProjectsCmd)
&&
+                    !(cmdObj instanceof ListProjectAccountsCmd) && !(cmdObj instanceof
ListProjectInvitationsCmd) && !(cmdObj instanceof ListHostsCmd) &&
+                    !(cmdObj instanceof ListVolumesCmd) && !(cmdObj instanceof ListVolumesCmdByAdmin)
&& !(cmdObj instanceof ListUsersCmd) && !(cmdObj instanceof ListAccountsCmd)
+                    && !(cmdObj instanceof ListAccountsCmdByAdmin) &&
+                    !(cmdObj instanceof ListStoragePoolsCmd) && !(cmdObj instanceof
ListDiskOfferingsCmd) && !(cmdObj instanceof ListServiceOfferingsCmd) &&
+                    !(cmdObj instanceof ListZonesCmd) && !(cmdObj instanceof ListZonesCmdByAdmin))
{
+                buildAsyncListResponse((BaseListCmd)cmdObj, caller);
             }
 
             SerializationContext.current().setUuidTranslation(true);
@@ -861,7 +867,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
 
             if (user.getState() != Account.State.enabled || !account.getState().equals(Account.State.enabled))
{
                 s_logger.info("disabled or locked user accessing the api, userid = " + user.getId()
+ "; name = " + user.getUsername() + "; state: " + user.getState() +
-                    "; accountState: " + account.getState());
+                        "; accountState: " + account.getState());
                 return false;
             }
 
@@ -917,7 +923,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
 
     @Override
     public void loginUser(final HttpSession session, final String username, final String
password, Long domainId, final String domainPath, final String loginIpAddress,
-        final Map<String, Object[]> requestParameters) throws CloudAuthenticationException
{
+            final Map<String, Object[]> requestParameters) throws CloudAuthenticationException
{
         // We will always use domainId first. If that does not exist, we will use domain
name. If THAT doesn't exist
         // we will default to ROOT
         if (domainId == null) {
@@ -1006,7 +1012,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
         }
 
         if ((user == null) || (user.getRemoved() != null) || !user.getState().equals(Account.State.enabled)
|| (account == null) ||
-            !account.getState().equals(Account.State.enabled)) {
+                !account.getState().equals(Account.State.enabled)) {
             s_logger.warn("Deleted/Disabled/Locked user with id=" + userId + " attempting
to access public API");
             return false;
         }
@@ -1102,10 +1108,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
 
             _params = new BasicHttpParams();
             _params.setIntParameter(CoreConnectionPNames.SO_TIMEOUT, 30000)
-                .setIntParameter(CoreConnectionPNames.SOCKET_BUFFER_SIZE, 8 * 1024)
-                .setBooleanParameter(CoreConnectionPNames.STALE_CONNECTION_CHECK, false)
-                .setBooleanParameter(CoreConnectionPNames.TCP_NODELAY, true)
-            .setParameter(CoreProtocolPNames.ORIGIN_SERVER, "HttpComponents/1.1");
+                    .setIntParameter(CoreConnectionPNames.SOCKET_BUFFER_SIZE, 8 * 1024)
+                    .setBooleanParameter(CoreConnectionPNames.STALE_CONNECTION_CHECK, false)
+                    .setBooleanParameter(CoreConnectionPNames.TCP_NODELAY, true)
+                    .setParameter(CoreProtocolPNames.ORIGIN_SERVER, "HttpComponents/1.1");
 
             // Set up the HTTP protocol processor
             final BasicHttpProcessor httpproc = new BasicHttpProcessor();

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0f79223f/server/src/com/cloud/api/dispatch/ParamProcessWorker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/dispatch/ParamProcessWorker.java b/server/src/com/cloud/api/dispatch/ParamProcessWorker.java
index d862660..ba5bebf 100644
--- a/server/src/com/cloud/api/dispatch/ParamProcessWorker.java
+++ b/server/src/com/cloud/api/dispatch/ParamProcessWorker.java
@@ -155,7 +155,8 @@ public class ParamProcessWorker implements DispatchWorker {
                     // for maps, specify access to be checkd on key or value.
                     // Find the controlled entity DBid by uuid
 
-                    if (parameterAnnotation.entityType() != null) {
+                    if (parameterAnnotation.entityType() != null && parameterAnnotation.entityType().length
> 0
+                            && parameterAnnotation.entityType()[0].getAnnotation(EntityReference.class)
!= null) {
                         final Class<?>[] entityList = parameterAnnotation.entityType()[0].getAnnotation(EntityReference.class).value();
 
                         // Check if the parameter type is a single


Mime
View raw message