Hello Emily Zhang,
I'd like you to do a code review. Please visit
http://gerrit.ovirt.org/16596
to review the following change.
Change subject: tools:Trusted Compute Pools - Open Attestation integration with
oVirt engine proposal
......................................................................
tools:Trusted Compute Pools - Open Attestation integration with oVirt engine
proposal
Detailed description: http://wiki.ovirt.org/Trusted_compute_pools
Import trusted vm into a untrusted cluster, then make an audit event.
Change-Id: Ib934302c603c8646f750bafbf343e4481b4d36b7
Signed-off-by: Jimmy <[email protected]>
Signed-off-by: Emily <[email protected]>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmCommand.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
M
backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
M
backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
4 files changed, 18 insertions(+), 0 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/96/16596/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmCommand.java
index ea64c38..ad3d94a 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ImportVmCommand.java
@@ -910,9 +910,21 @@
@Override
protected void endSuccessfully() {
+ checkTrustedService();
endImportCommand();
}
+ private void checkTrustedService() {
+ AuditLogableBase logable = new AuditLogableBase();
+ logable.addCustomValue("VmName", getVmName());
+ if (getVm().isTrustedService() &&
!getVdsGroup().supportsTrustedService()) {
+ AuditLogDirector.log(logable,
AuditLogType.IMPORTEXPORT_IMPORT_VM_FROM_TRUSTED_TO_UNTRUSTED);
+ }
+ else if (!getVm().isTrustedService() &&
getVdsGroup().supportsTrustedService()) {
+ AuditLogDirector.log(logable,
AuditLogType.IMPORTEXPORT_IMPORT_VM_FROM_UNTRUSTED_TO_TRUSTED);
+ }
+ }
+
@Override
protected void endActionOnAllImageGroups() {
for (VdcActionParametersBase p :
getParameters().getImagesParameters()) {
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
index f6d659f..8c4e777 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
@@ -598,6 +598,8 @@
IMPORTEXPORT_FAILED_TO_IMPORT_VM(1168),
IMPORTEXPORT_FAILED_TO_IMPORT_TEMPLATE(1169),
IMPORTEXPORT_IMPORT_TEMPLATE_INVALID_INTERFACES(1170,
AuditLogTimeInterval.MINUTE.getValue()),
+ IMPORTEXPORT_IMPORT_VM_FROM_TRUSTED_TO_UNTRUSTED(1171),
+ IMPORTEXPORT_IMPORT_VM_FROM_UNTRUSTED_TO_TRUSTED(1172),
USER_ADD_PERMISSION(850),
USER_ADD_PERMISSION_FAILED(851),
diff --git
a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
index dd8b31f..7d80927 100644
---
a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
+++
b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
@@ -626,6 +626,8 @@
severities.put(AuditLogType.SYSTEM_UPDATE_VDS_GROUP,
AuditLogSeverity.NORMAL);
severities.put(AuditLogType.SYSTEM_UPDATE_VDS_GROUP_FAILED,
AuditLogSeverity.NORMAL);
severities.put(AuditLogType.USER_UPDATE_VM_CLUSTER_DEFAULT_HOST_CLEARED,
AuditLogSeverity.NORMAL);
+
severities.put(AuditLogType.IMPORTEXPORT_IMPORT_VM_FROM_TRUSTED_TO_UNTRUSTED,
AuditLogSeverity.NORMAL);
+
severities.put(AuditLogType.IMPORTEXPORT_IMPORT_VM_FROM_UNTRUSTED_TO_TRUSTED,
AuditLogSeverity.NORMAL);
}
private static void initTagSeverities() {
diff --git
a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
index 3b6fb11..e597a0f 100644
---
a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
+++
b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
@@ -519,6 +519,8 @@
IMPORTEXPORT_REMOVE_VM=Vm ${VmName} was removed from ${StorageDomainName}
IMPORTEXPORT_REMOVE_VM_FAILED=Failed to remove Vm ${VmName} remove from
${StorageDomainName}
IMPORTEXPORT_GET_VMS_INFO_FAILED=Failed to retrieve VM/Templates information
from export domain ${StorageDomainName}
+IMPORTEXPORT_IMPORT_VM_FROM_TRUSTED_TO_UNTRUSTED=the Vm ${VmName} was created
in trusted cluster and imported into a non-trusted cluster
+IMPORTEXPORT_IMPORT_VM_FROM_UNTRUSTED_TO_TRUSTED=the Vm ${VmName} was created
in non-trusted cluster and imported into a trusted cluster
USER_ADD_ROLE_WITH_ACTION_GROUP=Role ${RoleName} was added by ${UserName}
USER_ADD_ROLE_WITH_ACTION_GROUP_FAILED=Failed to add role ${RoleName}
VDS_ALERT_FENCE_IS_NOT_CONFIGURED=Failed to verify Power Management
configuration for Host ${VdsName}.
--
To view, visit http://gerrit.ovirt.org/16596
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib934302c603c8646f750bafbf343e4481b4d36b7
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Gang Wei <[email protected]>
Gerrit-Reviewer: Emily Zhang <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
