Updated Branches: refs/heads/4.2 a6c9d699b -> 12b05cfbc
CLOUDSTACK-4259 Dedicated Resources: createAffinityGroup API should not allow admin to create the group of this type through API Changes: - Block API from creating this type of group Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/12b05cfb Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/12b05cfb Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/12b05cfb Branch: refs/heads/4.2 Commit: 12b05cfbc32ba5708cddbf5528a79c8a51cc9bdd Parents: a6c9d69 Author: Prachi Damle <[email protected]> Authored: Mon Aug 12 11:46:29 2013 -0700 Committer: Prachi Damle <[email protected]> Committed: Mon Aug 12 12:06:06 2013 -0700 ---------------------------------------------------------------------- .../affinity/AffinityGroupService.java | 3 +++ .../dedicated/DedicatedResourceManagerImpl.java | 2 +- .../configuration/ConfigurationManagerImpl.java | 2 +- .../affinity/AffinityGroupServiceImpl.java | 28 ++++++++++++++++++++ 4 files changed, 33 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/12b05cfb/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java b/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java index 43a4994..0c4374c 100644 --- a/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java +++ b/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java @@ -79,4 +79,7 @@ public interface AffinityGroupService { boolean isAffinityGroupAvailableInDomain(long affinityGroupId, long domainId); + AffinityGroup createAffinityGroupInternal(String account, Long domainId, String affinityGroupName, + String affinityGroupType, String description); + } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/12b05cfb/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java ---------------------------------------------------------------------- diff --git a/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java b/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java index 6afbbad..9092a1a 100755 --- a/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java +++ b/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java @@ -608,7 +608,7 @@ public class DedicatedResourceManagerImpl implements DedicatedService { } - group = _affinityGroupService.createAffinityGroup(accountName, domainId, affinityGroupName, + group = _affinityGroupService.createAffinityGroupInternal(accountName, domainId, affinityGroupName, "ExplicitDedication", "dedicated resources group"); return group; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/12b05cfb/server/src/com/cloud/configuration/ConfigurationManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index 7f3ff10..570edca 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -2021,7 +2021,7 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati } } - group = _affinityGroupService.createAffinityGroup(accountName, domainId, affinityGroupName, + group = _affinityGroupService.createAffinityGroupInternal(accountName, domainId, affinityGroupName, "ExplicitDedication", "dedicated resources group"); return group; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/12b05cfb/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java ---------------------------------------------------------------------- diff --git a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java index 6989e39..cfed7e6 100644 --- a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java +++ b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java @@ -131,6 +131,34 @@ public class AffinityGroupServiceImpl extends ManagerBase implements AffinityGro AffinityGroupProcessor processor = typeProcessorMap.get(affinityGroupType); + if (processor.isAdminControlledGroup()) { + throw new PermissionDeniedException("Cannot create the affinity group"); + } + + return createAffinityGroupInternal(account, domainId, affinityGroupName, affinityGroupType, description); + } + + @DB + @Override + public AffinityGroup createAffinityGroupInternal(String account, Long domainId, String affinityGroupName, + String affinityGroupType, String description) { + + Account caller = UserContext.current().getCaller(); + + // validate the affinityGroupType + Map<String, AffinityGroupProcessor> typeProcessorMap = getAffinityTypeToProcessorMap(); + if (typeProcessorMap != null && !typeProcessorMap.isEmpty()) { + if (!typeProcessorMap.containsKey(affinityGroupType)) { + throw new InvalidParameterValueException("Unable to create affinity group, invalid affinity group type" + + affinityGroupType); + } + } else { + throw new InvalidParameterValueException( + "Unable to create affinity group, no Affinity Group Types configured"); + } + + AffinityGroupProcessor processor = typeProcessorMap.get(affinityGroupType); + if (processor.isAdminControlledGroup() && !_accountMgr.isRootAdmin(caller.getType())) { throw new PermissionDeniedException("Cannot create the affinity group"); }
