CLOUDSTACK-4259 Dedicated Resources: createAffinityGroup API should not allow admin to create the group of this type through API
Changes: - Block API from creating this type of group Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/96ca70e2 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/96ca70e2 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/96ca70e2 Branch: refs/heads/master Commit: 96ca70e2daae5d60240fb14c5ca2f13480b94716 Parents: 25cc9eb Author: Prachi Damle <[email protected]> Authored: Mon Aug 12 11:46:29 2013 -0700 Committer: Prachi Damle <[email protected]> Committed: Tue Sep 3 20:02:53 2013 -0700 ---------------------------------------------------------------------- .../affinity/AffinityGroupService.java | 3 +++ .../dedicated/DedicatedResourceManagerImpl.java | 2 +- .../configuration/ConfigurationManagerImpl.java | 2 +- .../affinity/AffinityGroupServiceImpl.java | 28 ++++++++++++++++++++ 4 files changed, 33 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/96ca70e2/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java b/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java index 43a4994..0c4374c 100644 --- a/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java +++ b/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java @@ -79,4 +79,7 @@ public interface AffinityGroupService { boolean isAffinityGroupAvailableInDomain(long affinityGroupId, long domainId); + AffinityGroup createAffinityGroupInternal(String account, Long domainId, String affinityGroupName, + String affinityGroupType, String description); + } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/96ca70e2/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java ---------------------------------------------------------------------- diff --git a/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java b/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java index 68adb2b..9eaf589 100755 --- a/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java +++ b/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java @@ -609,7 +609,7 @@ public class DedicatedResourceManagerImpl implements DedicatedService { } - group = _affinityGroupService.createAffinityGroup(accountName, domainId, affinityGroupName, + group = _affinityGroupService.createAffinityGroupInternal(accountName, domainId, affinityGroupName, "ExplicitDedication", "dedicated resources group"); return group; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/96ca70e2/server/src/com/cloud/configuration/ConfigurationManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index b017ef1..113df5a 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -1852,7 +1852,7 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati } } - group = _affinityGroupService.createAffinityGroup(accountName, domainId, affinityGroupName, + group = _affinityGroupService.createAffinityGroupInternal(accountName, domainId, affinityGroupName, "ExplicitDedication", "dedicated resources group"); return group; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/96ca70e2/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java ---------------------------------------------------------------------- diff --git a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java index c6f1b92..96da87b 100644 --- a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java +++ b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java @@ -134,6 +134,34 @@ public class AffinityGroupServiceImpl extends ManagerBase implements AffinityGro AffinityGroupProcessor processor = typeProcessorMap.get(affinityGroupType); + if (processor.isAdminControlledGroup()) { + throw new PermissionDeniedException("Cannot create the affinity group"); + } + + return createAffinityGroupInternal(account, domainId, affinityGroupName, affinityGroupType, description); + } + + @DB + @Override + public AffinityGroup createAffinityGroupInternal(String account, Long domainId, String affinityGroupName, + String affinityGroupType, String description) { + + Account caller = UserContext.current().getCaller(); + + // validate the affinityGroupType + Map<String, AffinityGroupProcessor> typeProcessorMap = getAffinityTypeToProcessorMap(); + if (typeProcessorMap != null && !typeProcessorMap.isEmpty()) { + if (!typeProcessorMap.containsKey(affinityGroupType)) { + throw new InvalidParameterValueException("Unable to create affinity group, invalid affinity group type" + + affinityGroupType); + } + } else { + throw new InvalidParameterValueException( + "Unable to create affinity group, no Affinity Group Types configured"); + } + + AffinityGroupProcessor processor = typeProcessorMap.get(affinityGroupType); + if (processor.isAdminControlledGroup() && !_accountMgr.isRootAdmin(caller.getType())) { throw new PermissionDeniedException("Cannot create the affinity group"); }
