Moti Asayag has uploaded a new change for review. Change subject: engine: Allow using vnic profiles internally ......................................................................
engine: Allow using vnic profiles internally When action is being executed internally, there is no user associated with the action, and the action should be treated as executed by the admin. In that case, there is no need to search for a permissions on a vnic profile to be used by the user. Change-Id: I7665d5d53519cdb2560ae2aed0b02c4229c80964 Bug-Url: https://bugzilla.redhat.com/1018229 Signed-off-by: Moti Asayag <[email protected]> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmFromSnapshotCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmTemplateCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RestoreAllSnapshotsCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/TryBackToAllSnapshotsOfVmCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/VmTemplateInterfaceCommandBase.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/AbstractVmInterfaceCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/VnicProfileHelper.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/snapshots/SnapshotsManager.java 9 files changed, 32 insertions(+), 26 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/74/20774/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmFromSnapshotCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmFromSnapshotCommand.java index 906315a..d1aa503 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmFromSnapshotCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmFromSnapshotCommand.java @@ -135,7 +135,7 @@ AuditLogType.ADD_VM_FROM_SNAPSHOT_INVALID_INTERFACES); for (VmNetworkInterface iface : vmFromConfiguration.getInterfaces()) { - vnicProfileHelper.updateNicWithVnicProfileForUser(iface, getCurrentUser().getUserId()); + vnicProfileHelper.updateNicWithVnicProfileForUser(iface, getCurrentUser()); } vnicProfileHelper.auditInvalidInterfaces(getVmName()); diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmCommand.java index f2f0f35..3abfdc5 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmCommand.java @@ -1050,7 +1050,7 @@ for (VmNetworkInterface iface : getVm().getInterfaces()) { initInterface(iface); - vnicProfileHelper.updateNicWithVnicProfileForUser(iface, getCurrentUser().getUserId()); + vnicProfileHelper.updateNicWithVnicProfileForUser(iface, getCurrentUser()); vmInterfaceManager.add(iface, getCompensationContext(), getParameters().isImportAsNewEntity(), getVdsGroup().getcompatibility_version()); macsAdded.add(iface.getMacAddress()); diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmTemplateCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmTemplateCommand.java index b3a3d6b..b187e7f 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmTemplateCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmTemplateCommand.java @@ -391,7 +391,7 @@ nic.setSpeed(iface.getSpeed()); nic.setType(iface.getType()); - vnicProfileHelper.updateNicWithVnicProfileForUser(iface, getCurrentUser().getUserId()); + vnicProfileHelper.updateNicWithVnicProfileForUser(iface, getCurrentUser()); nic.setVnicProfileId(iface.getVnicProfileId()); getVmNicDao().save(nic); getCompensationContext().snapshotNewEntity(nic); diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RestoreAllSnapshotsCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RestoreAllSnapshotsCommand.java index b296f40..d0381ed 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RestoreAllSnapshotsCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RestoreAllSnapshotsCommand.java @@ -267,7 +267,7 @@ snapshotsManager.attempToRestoreVmConfigurationFromSnapshot(getVm(), targetSnapshot, targetSnapshot.getId(), - getCompensationContext(), getVm().getVdsGroupCompatibilityVersion(), getCurrentUser().getUserId()); + getCompensationContext(), getVm().getVdsGroupCompatibilityVersion(), getCurrentUser()); getSnapshotDao().remove(targetSnapshot.getId()); // add active snapshot with status locked, so that other commands that depend on the VM's snapshots won't run in parallel snapshotsManager.addActiveSnapshot(targetSnapshot.getId(), diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/TryBackToAllSnapshotsOfVmCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/TryBackToAllSnapshotsOfVmCommand.java index c14e8e4..02b5cff 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/TryBackToAllSnapshotsOfVmCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/TryBackToAllSnapshotsOfVmCommand.java @@ -112,7 +112,7 @@ snapshotsManager.attempToRestoreVmConfigurationFromSnapshot(getVm(), getDstSnapshot(), getSnapshotDao().getId(getVm().getId(), SnapshotType.ACTIVE), - getCompensationContext(), getVm().getVdsGroupCompatibilityVersion(), getCurrentUser().getUserId()); + getCompensationContext(), getVm().getVdsGroupCompatibilityVersion(), getCurrentUser()); } @Override diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/VmTemplateInterfaceCommandBase.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/VmTemplateInterfaceCommandBase.java index 1c069c2..0582dbc 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/VmTemplateInterfaceCommandBase.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/VmTemplateInterfaceCommandBase.java @@ -52,7 +52,7 @@ getParameters().getNetworkName(), getParameters().isPortMirroring(), getVmTemplate(), - getCurrentUser().getUserId()))) { + getCurrentUser()))) { return false; } diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/AbstractVmInterfaceCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/AbstractVmInterfaceCommand.java index f4abe73..9bdd494 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/AbstractVmInterfaceCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/AbstractVmInterfaceCommand.java @@ -99,7 +99,7 @@ getParameters().getNetworkName(), getParameters().isPortMirroring(), getVm().getStaticData(), - getCurrentUser().getUserId()))) { + getCurrentUser()))) { return false; } diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/VnicProfileHelper.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/VnicProfileHelper.java index 95b241b..6e1bf26 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/VnicProfileHelper.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/VnicProfileHelper.java @@ -19,6 +19,7 @@ import org.ovirt.engine.core.common.businessentities.network.VnicProfile; import org.ovirt.engine.core.common.businessentities.network.VnicProfileView; import org.ovirt.engine.core.common.errors.VdcBllMessages; +import org.ovirt.engine.core.common.users.VdcUser; import org.ovirt.engine.core.compat.Guid; import org.ovirt.engine.core.compat.Version; import org.ovirt.engine.core.dal.dbbroker.DbFacade; @@ -52,11 +53,11 @@ * * @param iface * The vm network interface to be updated - * @param userId - * The id of the user which performs the action + * @param user + * The user which performs the action */ - public void updateNicWithVnicProfileForUser(VmNetworkInterface vmInterface, Guid userId) { - if (!updateNicWithVnicProfile(vmInterface, userId)) { + public void updateNicWithVnicProfileForUser(VmNetworkInterface vmInterface, VdcUser user) { + if (!updateNicWithVnicProfile(vmInterface, user)) { markNicHasNoProfile(vmInterface); } } @@ -66,11 +67,11 @@ * * @param iface * The vm network interface to be updated - * @param userId - * The id of the user which performs the action + * @param user + * The user which performs the action * @return {@code true} if the vnic profile id is updated, else {@code false} */ - private boolean updateNicWithVnicProfile(VmNetworkInterface iface, Guid userId) { + private boolean updateNicWithVnicProfile(VmNetworkInterface iface, VdcUser user) { if (iface.getNetworkName() == null) { if (FeatureSupported.networkLinking(compatibilityVersion)) { @@ -88,7 +89,7 @@ VnicProfile vnicProfile = getVnicProfileForNetwork(network, iface.getVnicProfileName()); if (vnicProfile == null) { - vnicProfile = findVnicProfileForUser(userId, network); + vnicProfile = findVnicProfileForUser(user, network); if (vnicProfile == null) { return false; } @@ -98,11 +99,12 @@ return true; } - private VnicProfile findVnicProfileForUser(Guid userId, Network network) { + private VnicProfile findVnicProfileForUser(VdcUser user, Network network) { List<VnicProfile> networkProfiles = getVnicProfileDao().getAllForNetwork(network.getId()); for (VnicProfile profile : networkProfiles) { - if (isVnicProfilePermitted(userId, profile, false)) { + if ((user == null && !profile.isPortMirroring()) + || (user != null && isVnicProfilePermitted(user, profile, false))) { return profile; } } @@ -126,9 +128,9 @@ return null; } - private static boolean isVnicProfilePermitted(Guid userId, VnicProfile profile, boolean portMirroringRequired) { + private static boolean isVnicProfilePermitted(VdcUser user, VnicProfile profile, boolean portMirroringRequired) { return portMirroringRequired == profile.isPortMirroring() - && getPermissionDAO().getEntityPermissions(userId, + && getPermissionDAO().getEntityPermissions(user.getUserId(), ActionGroup.CONFIGURE_VM_NETWORK, profile.getId(), VdcObjectType.VnicProfile) != null; @@ -154,7 +156,7 @@ String networkName, boolean portMirroring, VmBase vm, - Guid userId) { + VdcUser user) { if (networkName == null) { return ValidationResult.VALID; @@ -177,7 +179,7 @@ List<VnicProfile> vnicProfiles = getVnicProfileDao().getAllForNetwork(network.getId()); for (VnicProfile profile : vnicProfiles) { - if (isVnicProfilePermitted(userId, profile, portMirroring)) { + if (isVnicProfilePermitted(user, profile, portMirroring)) { nic.setVnicProfileId(profile.getId()); return ValidationResult.VALID; } diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/snapshots/SnapshotsManager.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/snapshots/SnapshotsManager.java index 499a561..1e19390 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/snapshots/SnapshotsManager.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/snapshots/SnapshotsManager.java @@ -28,6 +28,7 @@ import org.ovirt.engine.core.common.businessentities.VmTemplate; import org.ovirt.engine.core.common.businessentities.image_storage_domain_map; import org.ovirt.engine.core.common.businessentities.network.VmNetworkInterface; +import org.ovirt.engine.core.common.users.VdcUser; import org.ovirt.engine.core.common.utils.VmDeviceType; import org.ovirt.engine.core.compat.Guid; import org.ovirt.engine.core.compat.Version; @@ -299,12 +300,13 @@ * The snapshot containing the configuration. * @param version * The compatibility version of the VM's cluster - * @param userId + * @param user + * The user that performs the action */ public void attempToRestoreVmConfigurationFromSnapshot(VM vm, Snapshot snapshot, Guid activeSnapshotId, - CompensationContext compensationContext, Version version, Guid userId) { + CompensationContext compensationContext, Version version, VdcUser user) { boolean vmUpdatedFromConfiguration = false; if (snapshot.getVmConfiguration() != null) { vmUpdatedFromConfiguration = updateVmFromConfiguration(vm, snapshot.getVmConfiguration()); @@ -320,7 +322,7 @@ if (vmUpdatedFromConfiguration) { getVmStaticDao().update(vm.getStaticData()); - synchronizeNics(vm, compensationContext, userId); + synchronizeNics(vm, compensationContext, user); for (VmDevice vmDevice : getVmDeviceDao().getVmDeviceByVmId(vm.getId())) { if (deviceCanBeRemoved(vmDevice)) { @@ -406,8 +408,10 @@ * The nics from snapshot. * @param version * The compatibility version of the VM's cluster + * @param user + * The user that performs the action */ - protected void synchronizeNics(VM vm, CompensationContext compensationContext, Guid userId) { + protected void synchronizeNics(VM vm, CompensationContext compensationContext, VdcUser user) { VmInterfaceManager vmInterfaceManager = new VmInterfaceManager(); VnicProfileHelper vnicProfileHelper = new VnicProfileHelper(vm.getVdsGroupId(), @@ -423,7 +427,7 @@ vmInterface.setId(Guid.newGuid()); } - vnicProfileHelper.updateNicWithVnicProfileForUser(vmInterface, userId); + vnicProfileHelper.updateNicWithVnicProfileForUser(vmInterface, user); vmInterfaceManager.add(vmInterface, compensationContext, false, vm.getVdsGroupCompatibilityVersion()); } -- To view, visit http://gerrit.ovirt.org/20774 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7665d5d53519cdb2560ae2aed0b02c4229c80964 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.3 Gerrit-Owner: Moti Asayag <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
