cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alena Prokharchyk" <alena.prokharc...@citrix.com>
Subject Re: Review Request: CLOUDSTACK-84: FIX NPE error in listRouter etc. after deleting a user project.
Date Fri, 05 Oct 2012 19:00:02 GMT


> On Sept. 24, 2012, 6:12 p.m., Alex Huang wrote:
> > Does this need to go into 4.0?
> 
> Rohit Yadav wrote:
>     Yes, as per fix version on https://issues.apache.org/jira/browse/CLOUDSTACK-84
>     But, whatever you advise.

This fix will break the following case:

* have removed account. The removed account has some detached volume and user vm that weren't
cleaned up yet
* As ROOT admin, attach account's volume to account's vm. The patch makes it possible while
we should allow just LISTING the resources belonging to the removed account, but never allow
to manipulate/create/delete them.
 
We have to think about some other fix. As far as I remember, account/domain checkers are never
called when we do list commands through the API as we always do Joins with account table instead
of running account check on each and every object returned with the list response. 


- Alena


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/7168/#review11841
-----------------------------------------------------------


On Sept. 19, 2012, 3:38 p.m., Rohit Yadav wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/7168/
> -----------------------------------------------------------
> 
> (Updated Sept. 19, 2012, 3:38 p.m.)
> 
> 
> Review request for cloudstack, Abhinandan Prateek, Kishan Kavala, Nitin Mehta, Alena
Prokharchyk, and Alex Huang.
> 
> 
> Description
> -------
> 
> Domain ACL information should be valid even if account entry is marked
> removed. Patch fixes how account is obtained based on accountId, it
> finds among those entries which are marked deleted.
> 
> In case of project deletion, the project is marked removed first and
> then each of its elements are cleared/cleaned/deleted. While deleting
> network and router it failed because ACL only checks accounts which are
> not marked deleted.
> 
> Download original patch and git am <patch>: http://patchbin.baagi.org/p?id=40pdym
> 
> 
> This addresses bug CLOUDSTACK-84.
> 
> 
> Diffs
> -----
> 
>   server/src/com/cloud/acl/DomainChecker.java 6bc2cd3 
>   server/src/com/cloud/user/dao/AccountDao.java 3b7fa66 
>   server/src/com/cloud/user/dao/AccountDaoImpl.java 7300bb1 
> 
> Diff: https://reviews.apache.org/r/7168/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Rohit Yadav
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message