This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new 575fffc097e Allow root admin to deploy in VPCs in child domains (#6832)
575fffc097e is described below
commit 575fffc097ed6787ec98bd616d1524ff163de669
Author: dahn <[email protected]>
AuthorDate: Tue Dec 20 03:39:04 2022 -0800
Allow root admin to deploy in VPCs in child domains (#6832)
and make root admin permissions configurable
---
.../main/java/com/cloud/network/NetworkModel.java | 5 +-
.../java/com/cloud/network/NetworkModelImpl.java | 75 ++---
.../java/com/cloud/network/NetworkServiceImpl.java | 2 +-
.../java/com/cloud/network/NetworkModelTest.java | 18 ++
.../component/test_acl_sharednetwork.py | 311 ++++++++++-----------
.../src/main/java/com/cloud/utils/StringUtils.java | 20 +-
6 files changed, 230 insertions(+), 201 deletions(-)
diff --git a/api/src/main/java/com/cloud/network/NetworkModel.java
b/api/src/main/java/com/cloud/network/NetworkModel.java
index fa44eac4a4a..9fd4fcb9862 100644
--- a/api/src/main/java/com/cloud/network/NetworkModel.java
+++ b/api/src/main/java/com/cloud/network/NetworkModel.java
@@ -89,9 +89,12 @@ public interface NetworkModel {
List<String> metadataFileNames = new
ArrayList<>(Arrays.asList(SERVICE_OFFERING_FILE, AVAILABILITY_ZONE_FILE,
LOCAL_HOSTNAME_FILE, LOCAL_IPV4_FILE, PUBLIC_HOSTNAME_FILE, PUBLIC_IPV4_FILE,
INSTANCE_ID_FILE, VM_ID_FILE, PUBLIC_KEYS_FILE,
CLOUD_IDENTIFIER_FILE, HYPERVISOR_HOST_NAME_FILE));
- static final ConfigKey<Integer> MACIdentifier = new
ConfigKey<Integer>("Advanced",Integer.class, "mac.identifier", "0",
+ static final ConfigKey<Integer> MACIdentifier = new
ConfigKey<>("Advanced",Integer.class, "mac.identifier", "0",
"This value will be used while generating the mac addresses for
isolated and shared networks. The hexadecimal equivalent value will be present
at the 2nd octet of the mac address. Default value is null which means this
feature is disabled.Its scope is global.", true, ConfigKey.Scope.Global);
+ static final ConfigKey<Boolean> AdminIsAllowedToDeployAnywhere = new
ConfigKey<>("Advanced",Boolean.class, "admin.is.allowed.to.deploy.anywhere",
"false",
+ "This will determine if the root admin is allowed to deploy in
networks in subdomains.", true, ConfigKey.Scope.Global);
+
/**
* Lists IP addresses that belong to VirtualNetwork VLANs
*
diff --git a/server/src/main/java/com/cloud/network/NetworkModelImpl.java
b/server/src/main/java/com/cloud/network/NetworkModelImpl.java
index d34a307c8e6..2367527fdc1 100644
--- a/server/src/main/java/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkModelImpl.java
@@ -147,6 +147,7 @@ import com.cloud.vm.dao.VMInstanceDao;
public class NetworkModelImpl extends ManagerBase implements NetworkModel,
Configurable {
static final Logger s_logger = Logger.getLogger(NetworkModelImpl.class);
+ public static final String UNABLE_TO_USE_NETWORK = "Unable to use network
with id= %s, permission denied";
@Inject
EntityManager _entityMgr;
@Inject
@@ -1665,39 +1666,49 @@ public class NetworkModelImpl extends ManagerBase
implements NetworkModel, Confi
}
@Override
- public void checkNetworkPermissions(Account caller, Network network) {
- // dahn 20140310: I was thinking of making this an assert but
- // as we hardly ever test with asserts I think
- // we better make sure at runtime.
- if (network == null) {
- throw new CloudRuntimeException("cannot check permissions on
(Network) <null>");
- }
- // Perform account permission check
- if (network.getGuestType() != GuestType.Shared || network.getAclType()
== ACLType.Account) {
- AccountVO networkOwner =
_accountDao.findById(network.getAccountId());
- if (networkOwner == null)
- throw new PermissionDeniedException("Unable to use network
with id= " + ((NetworkVO)network).getUuid() +
- ", network does not have an owner");
- if (!Account.Type.PROJECT.equals(caller.getType()) &&
Account.Type.PROJECT.equals(networkOwner.getType())) {
- checkProjectNetworkPermissions(caller, networkOwner, network);
+ public final void checkNetworkPermissions(Account caller, Network network)
{
+ if (_accountMgr.isRootAdmin(caller.getAccountId()) &&
Boolean.TRUE.equals(AdminIsAllowedToDeployAnywhere.value())) {
+ if (s_logger.isDebugEnabled()) {
+ s_logger.debug("root admin is permitted to do stuff on every
network");
+ }
+ } else {
+ if (network == null) {
+ throw new CloudRuntimeException("cannot check permissions on
(Network) <null>");
+ }
+ s_logger.info(String.format("Checking permission for account %s
(%s) on network %s (%s)", caller.getAccountName(), caller.getUuid(),
network.getName(), network.getUuid()));
+ if (network.getGuestType() != GuestType.Shared ||
network.getAclType() == ACLType.Account) {
+ checkAccountNetworkPermissions(caller, network);
+
} else {
- List<NetworkVO> networkMap =
_networksDao.listBy(caller.getId(), network.getId());
- NetworkPermissionVO networkPermission =
_networkPermissionDao.findByNetworkAndAccount(network.getId(), caller.getId());
- if (CollectionUtils.isEmpty(networkMap) && networkPermission
== null) {
- throw new PermissionDeniedException("Unable to use network
with id= " + ((NetworkVO)network).getUuid() +
- ", permission denied");
- }
+ checkDomainNetworkPermissions(caller, network);
}
+ }
+ }
+ private void checkAccountNetworkPermissions(Account caller, Network
network) {
+ AccountVO networkOwner = _accountDao.findById(network.getAccountId());
+ if (networkOwner == null)
+ throw new PermissionDeniedException("Unable to use network with
id= " + ((NetworkVO) network).getUuid() +
+ ", network does not have an owner");
+ if (!Account.Type.PROJECT.equals(caller.getType()) &&
Account.Type.PROJECT.equals(networkOwner.getType())) {
+ checkProjectNetworkPermissions(caller, networkOwner, network);
} else {
- if (!isNetworkAvailableInDomain(network.getId(),
caller.getDomainId())) {
- DomainVO callerDomain =
_domainDao.findById(caller.getDomainId());
- if (callerDomain == null) {
- throw new CloudRuntimeException("cannot check permission
on account " + caller.getAccountName() + " whose domain does not exist");
- }
- throw new PermissionDeniedException("Shared network id=" +
((NetworkVO)network).getUuid() + " is not available in domain id=" +
- callerDomain.getUuid());
+ List<NetworkVO> networkMap = _networksDao.listBy(caller.getId(),
network.getId());
+ NetworkPermissionVO networkPermission =
_networkPermissionDao.findByNetworkAndAccount(network.getId(), caller.getId());
+ if (CollectionUtils.isEmpty(networkMap) && networkPermission ==
null) {
+ throw new
PermissionDeniedException(String.format(UNABLE_TO_USE_NETWORK, ((NetworkVO)
network).getUuid()));
+ }
+ }
+ }
+
+ private void checkDomainNetworkPermissions(Account caller, Network
network) {
+ if (!isNetworkAvailableInDomain(network.getId(),
caller.getDomainId())) {
+ DomainVO callerDomain = _domainDao.findById(caller.getDomainId());
+ if (callerDomain == null) {
+ throw new CloudRuntimeException("cannot check permission on
account " + caller.getAccountName() + " whose domain does not exist");
}
+ throw new PermissionDeniedException("Shared network id=" +
((NetworkVO) network).getUuid() + " is not available in domain id=" +
+ callerDomain.getUuid());
}
}
@@ -1710,13 +1721,11 @@ public class NetworkModelImpl extends ManagerBase
implements NetworkModel, Confi
ProjectAccount projectAccountUser =
_projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(),
user.getId());
if (projectAccountUser != null) {
if
(!_projectAccountDao.canUserAccessProjectAccount(user.getAccountId(),
user.getId(), networkOwner.getId())) {
- throw new PermissionDeniedException("Unable to use network
with id= " + ((NetworkVO)network).getUuid() +
- ", permission denied");
+ throw new
PermissionDeniedException(String.format(UNABLE_TO_USE_NETWORK,
((NetworkVO)network).getUuid()));
}
} else {
if
(!_projectAccountDao.canAccessProjectAccount(owner.getAccountId(),
networkOwner.getId())) {
- throw new PermissionDeniedException("Unable to use network
with id= " + ((NetworkVO) network).getUuid() +
- ", permission denied");
+ throw new
PermissionDeniedException(String.format(UNABLE_TO_USE_NETWORK, ((NetworkVO)
network).getUuid()));
}
}
}
@@ -2663,7 +2672,7 @@ public class NetworkModelImpl extends ManagerBase
implements NetworkModel, Confi
@Override
public ConfigKey<?>[] getConfigKeys() {
- return new ConfigKey<?>[] {MACIdentifier};
+ return new ConfigKey<?>[] {MACIdentifier,
AdminIsAllowedToDeployAnywhere};
}
@Override
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index a6a6bc64faf..2cac85e9966 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1938,7 +1938,7 @@ public class NetworkServiceImpl extends ManagerBase
implements NetworkService, C
Boolean isSystem = cmd.getIsSystem();
String aclType = cmd.getAclType();
Long projectId = cmd.getProjectId();
- List<Long> permittedAccounts = new ArrayList<Long>();
+ List<Long> permittedAccounts = new ArrayList<>();
String path = null;
Long physicalNetworkId = cmd.getPhysicalNetworkId();
List<String> supportedServicesStr = cmd.getSupportedServices();
diff --git a/server/src/test/java/com/cloud/network/NetworkModelTest.java
b/server/src/test/java/com/cloud/network/NetworkModelTest.java
index b52335035fd..dd4de3b460f 100644
--- a/server/src/test/java/com/cloud/network/NetworkModelTest.java
+++ b/server/src/test/java/com/cloud/network/NetworkModelTest.java
@@ -33,6 +33,7 @@ import java.util.Collections;
import java.util.List;
import java.util.Set;
+import com.cloud.user.AccountManager;
import org.apache.cloudstack.network.NetworkPermissionVO;
import org.apache.cloudstack.network.dao.NetworkPermissionDao;
import org.junit.Before;
@@ -114,6 +115,8 @@ public class NetworkModelTest {
private DomainDao domainDao;
@Mock
private ProjectDao projectDao;
+ @Mock
+ private AccountManager _accountMgr;
private static final long ZONE_1_ID = 1L;
private static final long ZONE_2_ID = 2L;
@@ -307,6 +310,21 @@ public class NetworkModelTest {
networkModel.checkNetworkPermissions(caller, network);
}
+ @Test
+ public void testCheckNetworkPermissionsForAdmin() {
+ long accountId = 1L;
+ AccountVO caller = mock(AccountVO.class);
+ when(caller.getId()).thenReturn(accountId);
+ when(caller.getType()).thenReturn(Account.Type.ADMIN);
+ NetworkVO network = mock(NetworkVO.class);
+ when(network.getGuestType()).thenReturn(Network.GuestType.Isolated);
+ when(network.getAccountId()).thenReturn(accountId);
+ when(accountDao.findById(accountId)).thenReturn(caller);
+ when(networkDao.listBy(caller.getId(),
network.getId())).thenReturn(List.of(network));
+ when(networkPermissionDao.findByNetworkAndAccount(network.getId(),
caller.getId())).thenReturn(mock(NetworkPermissionVO.class));
+ networkModel.checkNetworkPermissions(caller, network);
+ }
+
@Test(expected = CloudRuntimeException.class)
public void testCheckNetworkPermissionsNullNetwork() {
AccountVO caller = mock(AccountVO.class);
diff --git a/test/integration/component/test_acl_sharednetwork.py
b/test/integration/component/test_acl_sharednetwork.py
index 42f4a899e12..2d538f6c6f9 100644
--- a/test/integration/component/test_acl_sharednetwork.py
+++ b/test/integration/component/test_acl_sharednetwork.py
@@ -59,7 +59,7 @@ class TestSharedNetwork(cloudstackTestCase):
cls.acldata = cls.testdata["acl"]
cls.domain_1 = None
cls.domain_2 = None
- cls.cleanup = []
+ cls._cleanup = []
try:
@@ -72,25 +72,30 @@ class TestSharedNetwork(cloudstackTestCase):
cls.apiclient,
cls.acldata["domain1"]
)
+ cls._cleanup.append(cls.domain_1)
cls.domain_11 = Domain.create(
cls.apiclient,
cls.acldata["domain11"],
parentdomainid=cls.domain_1.id
)
+ cls._cleanup.append(cls.domain_11)
cls.domain_111 = Domain.create(
cls.apiclient,
cls.acldata["domain111"],
parentdomainid=cls.domain_11.id,
)
+ cls._cleanup.append(cls.domain_111)
cls.domain_12 = Domain.create(
cls.apiclient,
cls.acldata["domain12"],
parentdomainid=cls.domain_1.id
)
+ cls._cleanup.append(cls.domain_12)
cls.domain_2 = Domain.create(
cls.apiclient,
cls.acldata["domain2"]
)
+ cls._cleanup.append(cls.domain_2)
# Create 1 admin account and 2 user accounts for doamin_1
cls.account_d1 = Account.create(
cls.apiclient,
@@ -98,6 +103,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=True,
domainid=cls.domain_1.id
)
+ cls._cleanup.append(cls.account_d1)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d1)
cls.user_d1_apikey = user.apikey
@@ -109,6 +115,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_1.id
)
+ cls._cleanup.append(cls.account_d1a)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d1a)
cls.user_d1a_apikey = user.apikey
cls.user_d1a_secretkey = user.secretkey
@@ -120,6 +127,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_1.id
)
+ cls._cleanup.append(cls.account_d1b)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d1b)
cls.user_d1b_apikey = user.apikey
@@ -132,6 +140,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=True,
domainid=cls.domain_11.id
)
+ cls._cleanup.append(cls.account_d11)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d11)
cls.user_d11_apikey = user.apikey
cls.user_d11_secretkey = user.secretkey
@@ -142,6 +151,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_11.id
)
+ cls._cleanup.append(cls.account_d11a)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d11a)
cls.user_d11a_apikey = user.apikey
cls.user_d11a_secretkey = user.secretkey
@@ -152,6 +162,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_11.id
)
+ cls._cleanup.append(cls.account_d11b)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d11b)
cls.user_d11b_apikey = user.apikey
cls.user_d11b_secretkey = user.secretkey
@@ -164,6 +175,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=True,
domainid=cls.domain_111.id
)
+ cls._cleanup.append(cls.account_d111)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d111)
cls.user_d111_apikey = user.apikey
cls.user_d111_secretkey = user.secretkey
@@ -174,6 +186,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_111.id
)
+ cls._cleanup.append(cls.account_d111a)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d111a)
cls.user_d111a_apikey = user.apikey
cls.user_d111a_secretkey = user.secretkey
@@ -184,6 +197,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_111.id
)
+ cls._cleanup.append(cls.account_d111b)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d111b)
cls.user_d111b_apikey = user.apikey
cls.user_d111b_secretkey = user.secretkey
@@ -195,6 +209,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_12.id
)
+ cls._cleanup.append(cls.account_d12a)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d12a)
cls.user_d12a_apikey = user.apikey
cls.user_d12a_secretkey = user.secretkey
@@ -205,6 +220,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_12.id
)
+ cls._cleanup.append(cls.account_d12b)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d12b)
cls.user_d12b_apikey = user.apikey
@@ -218,6 +234,7 @@ class TestSharedNetwork(cloudstackTestCase):
admin=False,
domainid=cls.domain_2.id
)
+ cls._cleanup.append(cls.account_d2a)
user = cls.generateKeysForUser(cls.apiclient,cls.account_d2a)
cls.user_d2a_apikey = user.apikey
@@ -231,6 +248,7 @@ class TestSharedNetwork(cloudstackTestCase):
cls.acldata["accountROOTA"],
admin=False,
)
+ cls._cleanup.append(cls.account_roota)
user = cls.generateKeysForUser(cls.apiclient,cls.account_roota)
cls.user_roota_apikey = user.apikey
@@ -241,6 +259,7 @@ class TestSharedNetwork(cloudstackTestCase):
cls.acldata["accountROOTA"],
admin=True,
)
+ cls._cleanup.append(cls.account_root)
user = cls.generateKeysForUser(cls.apiclient,cls.account_root)
cls.user_root_apikey = user.apikey
@@ -251,6 +270,7 @@ class TestSharedNetwork(cloudstackTestCase):
cls.apiclient,
cls.acldata["service_offering"]["small"]
)
+ cls._cleanup.append(cls.service_offering)
cls.zone = get_zone(cls.apiclient,cls.testclient.getZoneForTests())
cls.acldata['mode'] = cls.zone.networktype
@@ -279,6 +299,7 @@ class TestSharedNetwork(cloudstackTestCase):
networkofferingid=cls.shared_network_offering_id,
zoneid=cls.zone.id
)
+ cls._cleanup.append(cls.shared_network_all)
cls.shared_network_domain_d11 = Network.create(
cls.apiclient,
@@ -288,6 +309,7 @@ class TestSharedNetwork(cloudstackTestCase):
domainid=cls.domain_11.id,
subdomainaccess=False
)
+ cls._cleanup.append(cls.shared_network_domain_d11)
cls.shared_network_domain_with_subdomain_d11 = Network.create(
cls.apiclient,
@@ -297,6 +319,7 @@ class TestSharedNetwork(cloudstackTestCase):
domainid=cls.domain_11.id,
subdomainaccess=True
)
+ cls._cleanup.append(cls.shared_network_domain_with_subdomain_d11)
cls.shared_network_account_d111a = Network.create(
cls.apiclient,
@@ -306,40 +329,35 @@ class TestSharedNetwork(cloudstackTestCase):
domainid=cls.domain_111.id,
accountid=cls.account_d111a.user[0].username
)
+ cls._cleanup.append(cls.shared_network_account_d111a)
cls.vmdata = {"name": "test",
"displayname" : "test"
}
- cls.cleanup = [
- cls.account_root,
- cls.account_roota,
- cls.shared_network_all,
- cls.service_offering,
- ]
except Exception as e:
- cls.domain_1.delete(cls.apiclient,cleanup="true")
- cls.domain_2.delete(cls.apiclient,cleanup="true")
- cleanup_resources(cls.apiclient, cls.cleanup)
- raise Exception("Failed to create the setup required to
execute the test cases: %s" % e)
+ cls.tearDownClass()
+ raise Exception("Failed to create the setup required to execute
the test cases: %s" % e)
@classmethod
def tearDownClass(cls):
- cls.apiclient = super(TestSharedNetwork,
cls).getClsTestClient().getApiClient()
cls.apiclient.connection.apiKey = cls.default_apikey
cls.apiclient.connection.securityKey = cls.default_secretkey
cls.domain_1.delete(cls.apiclient,cleanup="true")
cls.domain_2.delete(cls.apiclient,cleanup="true")
cleanup_resources(cls.apiclient, cls.cleanup)
- return
+# super(TestSharedNetwork, cls).tearDownClass()
- def setUp(cls):
- cls.apiclient = cls.testClient.getApiClient()
- cls.dbclient = cls.testClient.getDbConnection()
+ def setUp(self):
+ self.debug(f"===setup===")
+ self.apiclient = self.testClient.getApiClient()
+ self.dbclient = self.testClient.getDbConnection()
+ self.cleanup = []
- def tearDown(cls):
+ def tearDown(self):
# restore back default apikey and secretkey
- cls.apiclient.connection.apiKey = cls.default_apikey
- cls.apiclient.connection.securityKey = cls.default_secretkey
- return
+ self.apiclient.connection.apiKey = self.default_apikey
+ self.apiclient.connection.securityKey = self.default_secretkey
+ self.debug(f"===tearDown=== cleanup list length {self.cleanup.len()}")
+ super(TestSharedNetwork, self).tearDown()
## Test cases relating to deploying Virtual Machine in shared network with
scope=all
@@ -355,7 +373,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD1A"]["name"]
+"-shared-scope-all"
self.vmdata["displayname"] = self.acldata["vmD1A"]["displayname"]
+"-shared-scope-all"
- vm_d1a = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -363,17 +381,16 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_all.id
)
+ self.cleanup.append(vm)
- self.assertEqual(vm_d1a.state == "Running",
+ self.assertEqual(vm.state == "Running",
True,
"User in a domain under ROOT failed to deploy VM in a
shared network with scope=all")
-
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_all_domainadminuser(self):
"""
Validate that regular user in "ROOT" domain is allowed to deploy VM in
a shared network created with scope="all"
-
"""
# deploy VM as an admin user in a domain under ROOT
@@ -390,25 +407,24 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_all.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
"Admin User in a domain under ROOT failed to deploy VM in
a shared network with scope=all")
-
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_all_subdomainuser(self):
"""
Validate that regular user in any subdomain is allowed to deploy VM in
a shared network created with scope="all"
"""
-
# deploy VM as user in a subdomain under ROOT
self.apiclient.connection.apiKey = self.user_d11a_apikey
self.apiclient.connection.securityKey = self.user_d11a_secretkey
self.vmdata["name"] = self.acldata["vmD11A"]["name"]
+"-shared-scope-all"
self.vmdata["displayname"] = self.acldata["vmD11A"]["displayname"]
+"-shared-scope-all"
- vm_d11a = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -416,8 +432,9 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_all.id
)
+ self.cleanup.append(vm)
- self.assertEqual(vm_d11a.state == "Running",
+ self.assertEqual(vm.state == "Running",
True,
"User in a domain under ROOT failed to deploy VM in a
shared network with scope=all")
@@ -425,7 +442,6 @@ class TestSharedNetwork(cloudstackTestCase):
def test_deployVM_in_sharedNetwork_scope_all_subdomainadminuser(self):
"""
Validate that regular user in a subdomain under ROOT is allowed to
deploy VM in a shared network created with scope="all"
-
"""
# deploy VM as an admin user in a subdomain under ROOT
@@ -441,17 +457,16 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_all.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
"Admin User in a domain under ROOT failed to deploy VM in
a shared network with scope=all")
-
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_all_ROOTuser(self):
"""
Validate that regular user in ROOT domain is allowed to deploy VM in a
shared network created with scope="all"
-
"""
# deploy VM as user in ROOT domain
@@ -467,6 +482,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_all.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -491,6 +507,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_all.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -503,7 +520,6 @@ class TestSharedNetwork(cloudstackTestCase):
"""
Validate that regular user in a domain is allowed to deploy VM in a
shared network created with scope="domain" and no subdomain access
"""
-
# deploy VM as user in a domain that has shared network with no
subdomain access
self.apiclient.connection.apiKey = self.user_d11a_apikey
@@ -519,17 +535,16 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
"User in a domain that has a shared network with no
subdomain access failed to deploy VM in a shared network with scope=domain with
no subdomain access")
-
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def
test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_domainadminuser(self):
"""
Validate that admin user in a domain is allowed to deploy VM in a
shared network created with scope="domain" and no subdomain access
-
"""
#deploy VM as an admin user in a domain that has shared network with
no subdomain access
@@ -546,6 +561,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -555,7 +571,6 @@ class TestSharedNetwork(cloudstackTestCase):
def
test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_subdomainuser(self):
"""
Validate that regular user in a subdomain is NOT allowed to deploy VM
in a shared network created with scope="domain" and no subdomain access
-
"""
# deploy VM as user in a subdomain under a domain that has shared
network with no subdomain access
@@ -564,7 +579,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD111A"]["name"]
+"-shared-scope-domain-nosubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD111A"]["displayname"]
+"-shared-scope-domain-nosubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -572,17 +587,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
- self.fail("Subdomain user is able to deploy VM in a shared
network with scope=domain with no subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("Subdomain user is able to deploy VM in a shared network
with scope=domain with no subdomain access ")
except Exception as e:
- self.debug ("When a user from a subdomain deploys a VM in a
shared network with scope=domain with no subdomain access %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when Subdomain
user tries to deploy VM in a shared network with scope=domain with no subdomain
access")
+ self.debug ("When a user from a subdomain deploys a VM in a shared
network with scope=domain with no subdomain access %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when Subdomain user
tries to deploy VM in a shared network with scope=domain with no subdomain
access")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def
test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_subdomainadminuser(self):
"""
Validate that admin user in a subdomain is NOT allowed to deploy VM in
a shared network created with scope="domain" and no subdomain access
-
"""
# deploy VM as an admin user in a subdomain under a domain that has
shared network with no subdomain access
@@ -591,7 +606,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD111"]["name"]
+"-shared-scope-domain-nosubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD111"]["displayname"]
+"-shared-scope-domain-nosubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -599,19 +614,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
- self.fail("Subdomain admin user is able to deploy VM in a
shared network with scope=domain with no subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("Subdomain admin user is able to deploy VM in a shared
network with scope=domain with no subdomain access ")
except Exception as e:
- self.debug ("When a admin user from a subdomain deploys a VM
in a shared network with scope=domain with no subdomain access %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when Subdomain
admin user tries to deploy VM in a shared network with scope=domain with no
subdomain access")
-
-
+ self.debug ("When a admin user from a subdomain deploys a VM in a
shared network with scope=domain with no subdomain access %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when Subdomain
admin user tries to deploy VM in a shared network with scope=domain with no
subdomain access")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def
test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_parentdomainuser(self):
"""
Validate that user in the parent domain is NOT allowed to deploy VM in
a shared network created with scope="domain" and no subdomain access
-
"""
# deploy VM as user in parentdomain of a domain that has shared
network with no subdomain access
@@ -620,7 +633,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD1A"]["name"]
+"-shared-scope-domain-nosubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD1A"]["displayname"]
+"-shared-scope-domain-nosubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -628,18 +641,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
- self.fail("Parent domain user is able to deploy VM in a shared
network with scope=domain with no subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("Parent domain user is able to deploy VM in a shared
network with scope=domain with no subdomain access ")
except Exception as e:
- self.debug ("When a user from parent domain deploys a VM in a
shared network with scope=domain with no subdomain access %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when Parent
domain user tries to deploy VM in a shared network with scope=domain with no
subdomain access")
-
+ self.debug ("When a user from parent domain deploys a VM in a
shared network with scope=domain with no subdomain access %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when Parent domain
user tries to deploy VM in a shared network with scope=domain with no subdomain
access")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def
test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_parentdomainadminuser(self):
"""
Validate that admin user in the parent domain is NOT allowed to deploy
VM in a shared network created with scope="domain" and no subdomain access
-
"""
# deploy VM as an admin user in parentdomain of a domain that has
shared network with no subdomain access
@@ -648,7 +660,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD1"]["name"]
+"-shared-scope-domain-nosubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD1"]["displayname"]
+"-shared-scope-domain-nosubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -656,20 +668,18 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
- self.fail("Parent domain's admin user is able to deploy VM in
a shared network with scope=domain with no subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("Parent domain's admin user is able to deploy VM in a
shared network with scope=domain with no subdomain access ")
except Exception as e:
- self.debug ("When an admin user from parent domain deploys a
VM in a shared network with scope=domain with no subdomain access %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when Parent
domain's admin user tries to deploy VM in a shared network with scope=domain
with no subdomain access")
-
-
+ self.debug ("When an admin user from parent domain deploys a VM in
a shared network with scope=domain with no subdomain access %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when Parent
domain's admin user tries to deploy VM in a shared network with scope=domain
with no subdomain access")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def
test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_ROOTuser(self):
"""
Validate that user in ROOT domain is NOT allowed to deploy VM in a
shared network created with scope="domain" and no subdomain access
"""
-
# deploy VM as user in ROOT domain
self.apiclient.connection.apiKey = self.user_roota_apikey
@@ -677,7 +687,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmROOTA"]["name"] +
"-shared-scope-domain-nosubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmROOTA"]["displayname"] +
"-shared-scope-domain-nosubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -685,19 +695,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_d11.id
)
- self.fail("ROOT domain's user is able to deploy VM in a shared
network with scope=domain with no subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("ROOT domain's user is able to deploy VM in a shared
network with scope=domain with no subdomain access ")
except Exception as e:
- self.debug ("When a regular user from ROOT domain deploys a VM
in a shared network with scope=domain with no subdomain access %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when ROOT
domain's user tries to deploy VM in a shared network with scope=domain with no
subdomain access")
-
-
+ self.debug ("When a regular user from ROOT domain deploys a VM in
a shared network with scope=domain with no subdomain access %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when ROOT domain's
user tries to deploy VM in a shared network with scope=domain with no subdomain
access")
- @attr("simulator_only",tags=["advanced"],required_hardware="false")
+ @attr("simulator_only",tags=["advanced", "bla"],required_hardware="false")
def
test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_ROOTadmin(self):
"""
Validate that admin in ROOT domain is NOT allowed to deploy VM in a
shared network created with scope="domain" and no subdomain access
-
"""
# deploy VM as admin user in ROOT domain
@@ -706,21 +714,21 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmROOT"]["name"] +
"-shared-scope-domain-nosubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmROOT"]["displayname"] +
"-shared-scope-domain-nosubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
- networkids=self.shared_network_domain_d11.id
- )
- self.fail("ROOT domain's admin user is able to deploy VM in a
shared network with scope=domain with no subdomain access ")
+ networkids=self.shared_network_domain_d11.id)
+ self.cleanup.append(vm)
+ vm.stop(self.apiclient, forced=True)
+ vm.assign_virtual_machine(self.apiclient, self.account_d11.name,
self.domain_11.id)
+ self.fail("ROOT domain's admin user is able to deploy VM in a
shared network with scope=domain with no subdomain access ")
except Exception as e:
- self.debug ("When a admin user from ROOT domain deploys a VM
in a shared network with scope=domain with no subdomain access %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when ROOT
domain's admin user tries to deploy VM in a shared network with scope=domain
with no subdomain access")
-
-
+ self.debug ("When a admin user from ROOT domain deploys a VM in a
shared network with scope=domain with no subdomain access %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when ROOT domain's
admin user tries to deploy VM in a shared network with scope=domain with no
subdomain access")
## Test cases relating to deploying Virtual Machine in shared network with
scope=Domain and with subdomain access
@@ -728,7 +736,6 @@ class TestSharedNetwork(cloudstackTestCase):
def
test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_domainuser(self):
"""
Validate that regular user in a domain is allowed to deploy VM in a
shared network created with scope="domain" and with subdomain access for the
domain
-
"""
# deploy VM as user in a domain that has shared network with subdomain
access
@@ -745,18 +752,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
"User in a domain that has a shared network with subdomain
access failed to deploy VM in a shared network with scope=domain with no
subdomain access")
-
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def
test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_domainadminuser(self):
"""
Validate that admin user in a domain is allowed to deploy VM in a
shared network created with scope="domain" and with subdomain access for the
domain
"""
-
# deploy VM as an admin user in a domain that has shared network with
subdomain access
self.apiclient.connection.apiKey = self.user_d11_apikey
@@ -772,6 +778,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -782,7 +789,6 @@ class TestSharedNetwork(cloudstackTestCase):
"""
Validate that regular user in a subdomain is allowed to deploy VM in a
shared network created with scope="domain" and with subdomain access for the
parent domain
"""
-
# deploy VM as user in a subdomain under a domain that has shared
network with subdomain access
self.apiclient.connection.apiKey = self.user_d111a_apikey
@@ -797,6 +803,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -807,7 +814,6 @@ class TestSharedNetwork(cloudstackTestCase):
"""
Validate that an admin user in a subdomain is allowed to deploy VM in
a shared network created with scope="domain" and with subdomain access for the
parent domain
"""
-
# deploy VM as an admin user in a subdomain under a domain that has
shared network with subdomain access
self.apiclient.connection.apiKey = self.user_d111_apikey
@@ -822,6 +828,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -832,7 +839,6 @@ class TestSharedNetwork(cloudstackTestCase):
"""
Validate that regular user in a parent domain is NOT allowed to deploy
VM in a shared network created with scope="domain" and with subdomain access
for the domain
"""
-
# deploy VM as user in parentdomain of a domain that has shared
network with subdomain access
self.apiclient.connection.apiKey = self.user_d1a_apikey
@@ -840,7 +846,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD1A"]["name"]
+"-shared-scope-domain-withsubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD1A"]["displayname"]
+"-shared-scope-domain-withsubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -848,19 +854,18 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
- self.fail("Parent domain's user is able to deploy VM in a
shared network with scope=domain with subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("Parent domain's user is able to deploy VM in a shared
network with scope=domain with subdomain access ")
except Exception as e:
- self.debug ("When a user from parent domain deploys a VM in a
shared network with scope=domain with subdomain access %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when Parent
domain's user tries to deploy VM in a shared network with scope=domain with
subdomain access ")
-
+ self.debug ("When a user from parent domain deploys a VM in a
shared network with scope=domain with subdomain access %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when Parent
domain's user tries to deploy VM in a shared network with scope=domain with
subdomain access ")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def
test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_parentdomainadminuser(self):
"""
Validate that admin user in a parent domain is NOT allowed to deploy
VM in a shared network created with scope="domain" and with subdomain access
for any domain
"""
-
# deploy VM as an admin user in parentdomain of a domain that has
shared network with subdomain access
self.apiclient.connection.apiKey = self.user_d1_apikey
@@ -868,7 +873,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD1"]["name"]
+"-shared-scope-domain-withsubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD1"]["displayname"]
+"-shared-scope-domain-withsubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -876,20 +881,18 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
- self.fail("Parent domain's admin user is able to deploy VM in
a shared network with scope=domain with subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("Parent domain's admin user is able to deploy VM in a
shared network with scope=domain with subdomain access ")
except Exception as e:
- self.debug ("When an admin user from parent domain deploys a
VM in a shared network with scope=domain with subdomain access %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when Parent
domain's admin user tries to deploy VM in a shared network with scope=domain
with subdomain access")
-
-
+ self.debug ("When an admin user from parent domain deploys a VM in
a shared network with scope=domain with subdomain access %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when Parent
domain's admin user tries to deploy VM in a shared network with scope=domain
with subdomain access")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def
test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_ROOTuser(self):
"""
Validate that regular user in ROOT domain is NOT allowed to deploy VM
in a shared network created with scope="domain" and with subdomain access for
any domain
"""
-
# deploy VM as user in ROOT domain
self.apiclient.connection.apiKey = self.user_roota_apikey
@@ -897,7 +900,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmROOTA"]["name"] +
"-shared-scope-domain-withsubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmROOTA"]["displayname"] +
"-shared-scope-domain-withsubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -905,19 +908,18 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
- self.fail("ROOT domain's user is able to deploy VM in a shared
network with scope=domain with subdomain access ")
+ self.cleanup.append(vm)
+ self.fail("ROOT domain's user is able to deploy VM in a shared
network with scope=domain with subdomain access ")
except Exception as e:
- self.debug ("When a user from ROOT domain deploys a VM in a
shared network with scope=domain with subdomain access %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when ROOT
domain's user tries to deploy VM in a shared network with scope=domain with
subdomain access")
-
+ self.debug ("When a user from ROOT domain deploys a VM in a shared
network with scope=domain with subdomain access %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when ROOT domain's
user tries to deploy VM in a shared network with scope=domain with subdomain
access")
- @attr("simulator_only",tags=["advanced"],required_hardware="false")
+ @attr("simulator_only",tags=["advanced", "bla"],required_hardware="false")
def
test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_ROOTadmin(self):
"""
Validate that admin user in ROOT domain is NOT allowed to deploy VM in
a shared network created with scope="domain" and with subdomain access for any
domain
"""
-
# deploy VM as admin user in ROOT domain
self.apiclient.connection.apiKey = self.user_root_apikey
@@ -925,7 +927,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmROOT"]["name"] +
"-shared-scope-domain-withsubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmROOT"]["displayname"] +
"-shared-scope-domain-withsubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -933,13 +935,14 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_domain_with_subdomain_d11.id
)
- self.fail("ROOT domain's admin user is able to deploy VM in a
shared network with scope=domain with subdomain access ")
+ self.cleanup.append(vm)
+ vm.stop(self.apiclient, forced=True)
+ vm.assign_virtual_machine(self.apiclient, self.account_d11.name,
self.domain_11.id)
+ self.fail("ROOT domain's admin user is able to deploy VM in a
shared network with scope=domain with subdomain access ")
except Exception as e:
- self.debug ("When an admin user from ROOT domain deploys a VM
in a shared network with scope=domain with subdomain access %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
- self.fail("Error message validation failed when ROOT
domain's admin user tries to deploy VM in a shared network with scope=domain
with subdomain access")
-
-
+ self.debug ("When an admin user from ROOT domain deploys a VM in a
shared network with scope=domain with subdomain access %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.NOT_AVAILABLE_IN_DOMAIN):
+ self.fail("Error message validation failed when ROOT domain's
admin user tries to deploy VM in a shared network with scope=domain with
subdomain access")
## Test cases relating to deploying Virtual Machine in shared network with
scope=account
@@ -948,7 +951,6 @@ class TestSharedNetwork(cloudstackTestCase):
"""
Validate that any other user in same domain is NOT allowed to deploy
VM in a shared network created with scope="account" for an account
"""
-
# deploy VM as user under the same domain but belonging to a different
account from the acount that has a shared network with scope=account
self.apiclient.connection.apiKey = self.user_d111b_apikey
@@ -956,7 +958,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD111B"]["name"]
+"-shared-scope-domain-withsubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD111B"]["displayname"]
+"-shared-scope-domain-withsubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -964,19 +966,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_account_d111a.id
)
- self.fail("User from same domain but different account is able
to deploy VM in a shared network with scope=account")
+ self.cleanup.append(vm)
+ self.fail("User from same domain but different account is able to
deploy VM in a shared network with scope=account")
except Exception as e:
- self.debug ("When a user from same domain but different
account deploys a VM in a shared network with scope=account %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
- self.fail("Error message validation failed when User from
same domain but different account tries to deploy VM in a shared network with
scope=account")
-
-
+ self.debug ("When a user from same domain but different account
deploys a VM in a shared network with scope=account %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
+ self.fail("Error message validation failed when User from same
domain but different account tries to deploy VM in a shared network with
scope=account")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_account_domainadminuser(self):
"""
Validate that an admin user under the same domain but belonging to a
different account is allowed to deploy VM in a shared network created with
scope="account" for an account
-
"""
# deploy VM as admin user for a domain that has an account with shared
network with scope=account
@@ -985,7 +985,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD111"]["name"]
+"-shared-scope-domain-withsubdomainaccess"
self.vmdata["displayname"] = self.acldata["vmD111"]["displayname"]
+"-shared-scope-domain-withsubdomainaccess"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -993,19 +993,18 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_account_d111a.id
)
- self.fail("User from same domain but different account is able
to deploy VM in a shared network with scope=account")
+ self.cleanup.append(vm)
+ self.fail("User from same domain but different account is able to
deploy VM in a shared network with scope=account")
except Exception as e:
- self.debug ("When a user from same domain but different
account deploys a VM in a shared network with scope=account %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
- self.fail("Error message validation failed when User from
same domain but different account tries to deploy VM in a shared network with
scope=account")
-
+ self.debug ("When a user from same domain but different account
deploys a VM in a shared network with scope=account %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
+ self.fail("Error message validation failed when User from same
domain but different account tries to deploy VM in a shared network with
scope=account")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_account_user(self):
"""
Validate that regular user in the account is allowed to deploy VM in a
shared network created with scope="account" for an account
"""
-
# deploy VM as account with shared network with scope=account
self.apiclient.connection.apiKey = self.user_d111a_apikey
@@ -1021,6 +1020,7 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_account_d111a.id
)
+ self.cleanup.append(vm)
self.assertEqual(vm.state == "Running",
True,
@@ -1031,7 +1031,6 @@ class TestSharedNetwork(cloudstackTestCase):
"""
Validate that regular user from a domain different from that of the
account is NOT allowed to deploy VM in a shared network created with
scope="account" for an account
"""
-
# deploy VM as a user in a subdomain under ROOT
self.apiclient.connection.apiKey = self.user_d2a_apikey
@@ -1039,7 +1038,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmD2A"]["name"]
+"-shared-scope-account"
self.vmdata["displayname"] = self.acldata["vmD2A"]["displayname"]
+"-shared-scope-account"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -1047,19 +1046,17 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_account_d111a.id
)
- self.fail("User from different domain is able to deploy VM in
a shared network with scope=account ")
+ self.cleanup.append(vm)
+ self.fail("User from different domain is able to deploy VM in a
shared network with scope=account ")
except Exception as e:
- self.debug ("When a user from different domain deploys a VM in
a shared network with scope=account %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
- self.fail("Error message validation failed when User from
different domain tries to deploy VM in a shared network with scope=account")
-
-
+ self.debug ("When a user from different domain deploys a VM in a
shared network with scope=account %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
+ self.fail("Error message validation failed when User from
different domain tries to deploy VM in a shared network with scope=account")
@attr("simulator_only",tags=["advanced"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_account_ROOTuser(self):
"""
Validate that user in ROOT domain is NOT allowed to deploy VM in a
shared network created with scope="account" for an account
-
"""
# deploy VM as user in ROOT domain
@@ -1068,7 +1065,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmROOTA"]["name"] +
"-shared-scope-account"
self.vmdata["displayname"] = self.acldata["vmROOTA"]["displayname"] +
"-shared-scope-account"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -1076,19 +1073,18 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_account_d111a.id
)
- self.fail("ROOT domain's user is able to deploy VM in a
shared network with scope=account ")
+ self.cleanup.append(vm)
+ self.fail("ROOT domain's user is able to deploy VM in a shared
network with scope=account ")
except Exception as e:
- self.debug ("When a user from ROOT domain deploys a VM in a
shared network with scope=account %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
- self.fail("Error message validation failed when ROOT
domain's user tries to deploy VM in a shared network with scope=account ")
+ self.debug ("When a user from ROOT domain deploys a VM in a shared
network with scope=account %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
+ self.fail("Error message validation failed when ROOT domain's
user tries to deploy VM in a shared network with scope=account ")
-
- @attr("simulator_only",tags=["advanced"],required_hardware="false")
+ @attr("simulator_only",tags=["advanced", "bla"],required_hardware="false")
def test_deployVM_in_sharedNetwork_scope_account_ROOTadmin(self):
"""
Validate that admin user in ROOT domain is NOT allowed to deploy VM in
a shared network created with scope="account" for an account
"""
-
# deploy VM as admin user in ROOT domain
self.apiclient.connection.apiKey = self.user_root_apikey
@@ -1096,7 +1092,7 @@ class TestSharedNetwork(cloudstackTestCase):
self.vmdata["name"] = self.acldata["vmROOT"]["name"] +
"-shared-scope-account"
self.vmdata["displayname"] = self.acldata["vmROOT"]["displayname"] +
"-shared-scope-account"
try:
- vm = VirtualMachine.create(
+ vm = VirtualMachine.create(
self.apiclient,
self.vmdata,
zoneid=self.zone.id,
@@ -1104,11 +1100,14 @@ class TestSharedNetwork(cloudstackTestCase):
templateid=self.template.id,
networkids=self.shared_network_account_d111a.id
)
- self.fail("ROOT domain's admin user is able to deploy VM in a
shared network with scope=account ")
+ self.cleanup.append(vm)
+ vm.stop(self.apiclient, forced=True)
+ vm.assign_virtual_machine(self.apiclient, self.account_d111a.name,
self.domain_111.id)
+ self.fail("ROOT domain's admin user is able to deploy VM in a
shared network with scope=account ")
except Exception as e:
- self.debug ("When an admin user from ROOT domain deploys a VM
in a shared network with scope=account %s" %e)
- if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
- self.fail("Error message validation failed when ROOT
domain's admin user tries to deploy VM in a shared network with scope=account")
+ self.debug ("When an admin user from ROOT domain deploys a VM in a
shared network with scope=account %s" %e)
+ if not
CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
+ self.fail("Error message validation failed when ROOT domain's
admin user tries to deploy VM in a shared network with scope=account")
diff --git a/utils/src/main/java/com/cloud/utils/StringUtils.java
b/utils/src/main/java/com/cloud/utils/StringUtils.java
index 4bb48dacf11..817cb696ef4 100644
--- a/utils/src/main/java/com/cloud/utils/StringUtils.java
+++ b/utils/src/main/java/com/cloud/utils/StringUtils.java
@@ -249,16 +249,16 @@ public class StringUtils {
final boolean applyPagination = startIndex != null && pageSizeVal !=
null
&& startIndex <= Integer.MAX_VALUE && startIndex >= 0 &&
pageSizeVal <= Integer.MAX_VALUE
&& pageSizeVal > 0;
- List<T> listWPagination = null;
- if (applyPagination) {
- listWPagination = new ArrayList<>();
- final int index = startIndex.intValue() == 0 ? 0 :
startIndex.intValue() / pageSizeVal.intValue();
- final List<List<T>> partitions =
StringUtils.partitionList(originalList, pageSizeVal.intValue());
- if (index < partitions.size()) {
- listWPagination = partitions.get(index);
- }
- }
- return listWPagination;
+ List<T> listWPagination = null;
+ if (applyPagination) {
+ listWPagination = new ArrayList<>();
+ final int index = startIndex.intValue() == 0 ? 0 :
startIndex.intValue() / pageSizeVal.intValue();
+ final List<List<T>> partitions =
StringUtils.partitionList(originalList, pageSizeVal.intValue());
+ if (index < partitions.size()) {
+ listWPagination = partitions.get(index);
+ }
+ }
+ return listWPagination;
}
private static <T> List<List<T>> partitionList(final List<T> originalList,
final int chunkSize) {
