[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread rhtyd 
Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1502#issuecomment-213618402
  
@DaanHoogland additional notes on how tests work; we've introduce a new 
dependency `ipmisim` that I wrote for this feature, ipmisim is both a tool and 
a library that simulates an ipmi 2.0 service; we use ipmisim to spin up fake 
ipmi bmcs and configure them to a host. The marvin test uses that so we can run 
the tests without explicitly requiring an actual iLo/iDRAC bmc. `ipmisim`: 
https://pypi.python.org/pypi/ipmisim/0.6


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread rhtyd 
Github user rhtyd commented on the pull request:

https://github.com/apache/cloudstack/pull/1502#issuecomment-213617967
  
@DaanHoogland thanks, in your test environment you'll need to install 
ipmitool (yum/apt-get) and the oobm tests would pass. These tests are also run 
by Travis, and see they pass too; in travis's before_install.sh we 
install/setup ipmitool see the changes for details


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread DaanHoogland 
Github user DaanHoogland commented on the pull request:

https://github.com/apache/cloudstack/pull/1502#issuecomment-213616553
  
ok, @swill reporting without upr. two manual retests did make it equal in 
effort.

all regular bubble tests passed on this except for the two I never get 
right the first time. 


[1502.results.network.txt](https://github.com/apache/cloudstack/files/232648/1502.results.network.txt)

[1502.results.vpc_router.txt](https://github.com/apache/cloudstack/files/232650/1502.results.vpc_router.txt)

retests:


[1502.results.routers_network_ops.txt](https://github.com/apache/cloudstack/files/232649/1502.results.routers_network_ops.txt)

[dahn@blimbing templates]$ ssh root@192.168.23.7
Warning: Permanently added '192.168.23.7' (ECDSA) to the list of known 
hosts.
root@192.168.23.7's password: 
# ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=46 time=24.063 ms
64 bytes from 8.8.8.8: seq=1 ttl=46 time=65.177 ms
64 bytes from 8.8.8.8: seq=2 ttl=46 time=23.749 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 23.749/37.663/65.177 ms


I also started the tests added in this PR, though ILO technology is not 
really relevant in a virtualised environment. Some but not all of them passed, 
I don't think it should keep us from merging this experimental feature in. I 
will look at the configuration changes in advanced.cfg to see if I can get them 
to run in the 2kvm bubble cfg. probably not all of them.


[1502.results.outofbandmanagement.txt](https://github.com/apache/cloudstack/files/232653/1502.results.outofbandmanagement.txt)

@rhtyd maybe in a follow-up; can we split the test in  hardware required 
true and false?



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1502#issuecomment-213605569
  
Perfect thanks @DaanHoogland.  Once we get more people using bubble, maybe 
we can start posting to the PR that we are kicking off a CI run (like you did 
here) so we can be sure to best use our limited resources.  I have been helping 
@kiwiflyer and @dmabry get bubble setup in their environment and I think they 
are all set now, so they will likely be contributing to this effort as well.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: Taking fast and efficient volume snapshot...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1403#issuecomment-213603509
  
@DaanHoogland no, that is the next iteration.  I just started on a smaller 
scale to try to get some better coverage.  I will be working continually to 
increase the test coverage in bubble (expect some pull requests soon to bubble 
with more complete testing), as well as starting to try to improve testing in 
general by fixing tests that are currently failing.  It is going to be a slow 
process, but I am slowly working on getting us to a place where we can have 
more confidence in the tests we are running.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread pyr 
Github user pyr commented on the pull request:

https://github.com/apache/cloudstack/pull/1502#issuecomment-213593763
  
First read-through didn't raise any eyebrows on my end. LGTM


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread DaanHoogland 
Github user DaanHoogland commented on the pull request:

https://github.com/apache/cloudstack/pull/1502#issuecomment-213592386
  
@swill I am running the tests on this one. You want to both run it or beat 
me at it?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: Taking fast and efficient volume snapshot...

2016-04-22 Thread DaanHoogland 
Github user DaanHoogland commented on the pull request:

https://github.com/apache/cloudstack/pull/1403#issuecomment-213591446
  
h @swill, 120/120 passed :+1: so how did you decide on them? Are these the 
ones you send the 'here goes nothing' mail about?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60802098
  
--- Diff: utils/src/main/java/com/cloud/utils/PropertiesUtil.java ---
@@ -34,6 +34,10 @@
 public class PropertiesUtil {
 private static final Logger s_logger = 
Logger.getLogger(PropertiesUtil.class);
 
+public static String getDefaultApiCommandsFileName() {
+return "commands.properties";
+}
--- End diff --

@bhaisaab my thinking is that commands.properties is only managed/used by 
the Authenticator mechanism.  Is it used more widely?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60801905
  
--- Diff: 
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
 ---
@@ -119,6 +131,9 @@ private Long getDomainId() {
 
 @Override
 public void execute() throws ServerApiException {
+if (getAccountType() == null && getRoleId() == null) {
+throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Both 
account type and role ID are not provided");
--- End diff --

@bhaisaab this check seems more restrictive than the previous version.  
Before this change, ``accountType`` was completely optional.  With this change, 
an script using this API call that did not include ``accountType`` and wouldn't 
include ``roleId``because it is a new parameter would fail.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8745 : verify usage after root...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/713#issuecomment-213565364
  
I think this one is ready unless anyone has any final words...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8745 : verify usage after root...

2016-04-22 Thread swill 
Github user swill commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/713#discussion_r60792255
  
--- Diff: test/integration/component/maint/test_ha_pool_maintenance.py ---
@@ -0,0 +1,229 @@
+#!/usr/bin/env python
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from nose.plugins.attrib import attr
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.cloudstackAPI import (enableStorageMaintenance,
+  cancelStorageMaintenance
+  )
+from marvin.lib.utils import (cleanup_resources,
+  validateList)
+from marvin.lib.base import (Account,
+ VirtualMachine,
+ ServiceOffering,
+ Cluster,
+ StoragePool,
+ Volume)
+from marvin.lib.common import (get_zone,
+   get_domain,
+   get_template,
+   list_hosts
+   )
+from marvin.codes import PASS
+
+
+def maintenance(self, storageid):
+"""enables maintenance mode of a Storage pool"""
+
+cmd = enableStorageMaintenance.enableStorageMaintenanceCmd()
+cmd.id = storageid
+return self.api_client.enableStorageMaintenance(cmd)
+
+
+def cancelmaintenance(self, storageid):
+"""cancel maintenance mode of a Storage pool"""
+
+cmd = cancelStorageMaintenance.cancelStorageMaintenanceCmd()
+cmd.id = storageid
+return self.api_client.cancelStorageMaintenance(cmd)
+
+
+class testHaPoolMaintenance(cloudstackTestCase):
+
+@classmethod
+def setUpClass(cls):
+try:
+cls._cleanup = []
+cls.testClient = super(
+testHaPoolMaintenance,
+cls).getClsTestClient()
+cls.api_client = cls.testClient.getApiClient()
+cls.services = cls.testClient.getParsedTestDataConfig()
+# Get Domain, Zone, Template
+cls.domain = get_domain(cls.api_client)
+cls.zone = get_zone(
+cls.api_client,
+cls.testClient.getZoneForTests())
+cls.template = get_template(
+cls.api_client,
+cls.zone.id,
+cls.services["ostype"]
+)
+cls.hypervisor = cls.testClient.getHypervisorInfo()
+cls.services['mode'] = cls.zone.networktype
+cls.hypervisor = cls.testClient.getHypervisorInfo()
+cls.services["virtual_machine"]["zoneid"] = cls.zone.id
+cls.services["virtual_machine"]["template"] = cls.template.id
+cls.clusterWithSufficientPool = None
+clusters = Cluster.list(cls.api_client, zoneid=cls.zone.id)
+
+if not validateList(clusters)[0]:
+
+cls.debug(
+"check list cluster response for zone id %s" %
+cls.zone.id)
+
+for cluster in clusters:
+cls.pool = StoragePool.list(cls.api_client,
+clusterid=cluster.id,
+keyword="NetworkFilesystem"
+)
+
+if not validateList(cls.pool)[0]:
+
+cls.debug(
+"check list cluster response for zone id %s" %
+cls.zone.id)
+
+if len(cls.pool) >= 2:
+cls.clusterWithSufficientPool = cluster
+break
+if not cls.clusterWithSufficientPool:
+return
+
+cls.services["service_offerings"][
+

[GitHub] cloudstack pull request: 4.9 mvn version safeupgradeonly

2016-04-22 Thread jburwell 
Github user jburwell commented on the pull request:

https://github.com/apache/cloudstack/pull/1510#issuecomment-213558371
  
@bhaisaab @swill it is important to note that Spring 3 only supports 
running JDK8 for applications built using a target version of 1.7.  
Applications built using Spring 3 a 1.8 version target will be unstable and 
eventually crash.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: 4.9 mvn version safeupgradeonly

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1510#issuecomment-213540008
  
@bhaisaab yep, already got it.  👍 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Here goes nothing... :)

2016-04-22 Thread Will Stevens 
​In an effort to figure out which tests are working and which are not and
to start compiling a list of tests with issues I have written a small
python script which auto discovers and categorizes the tests in the 'smoke'
and 'component' directories.

This will be interesting:

# HARDWARE REQUIRED
echo "Running tests with required_hardware=true"
nosetests --with-marvin --marvin-config=${marvinCfg} -s -a
tags=advanced,required_hardware=true \
smoke/test_deploy_vgpu_enabled_vm.py \
smoke/test_deploy_vm_iso.py \
smoke/test_deploy_vm_root_resize.py \
smoke/test_deploy_vm_with_userdata.py \
smoke/test_internal_lb.py \
smoke/test_iso.py \
smoke/test_loadbalance.py \
smoke/test_network.py \
smoke/test_network_acl.py \
smoke/test_nic.py \
smoke/test_password_server.py \
smoke/test_primary_storage.py \
smoke/test_privategw_acl.py \
smoke/test_regions.py \
smoke/test_router_dhcphosts.py \
smoke/test_routers.py \
smoke/test_routers_iptables_default_policy.py \
smoke/test_routers_network_ops.py \
smoke/test_service_offerings.py \
smoke/test_snapshots.py \
smoke/test_ssvm.py \
smoke/test_templates.py \
smoke/test_usage_events.py \
smoke/test_vm_life_cycle.py \
smoke/test_vm_snapshots.py \
smoke/test_volumes.py \
smoke/test_vpc_redundant.py \
smoke/test_vpc_router_nics.py \
smoke/test_vpc_vpn.py \
component/test_accounts.py \
component/test_add_remove_network.py \
component/test_blocker_bugs.py \
component/test_browse_templates.py \
component/test_browse_volumes.py \
component/test_concurrent_snapshots_limit.py \
component/test_cpu_domain_limits.py \
component/test_cpu_limits.py \
component/test_cpu_project_limits.py \
component/test_deploy_vgpu_vm.py \
component/test_deploy_vm_userdata_reg.py \
component/test_dynamic_compute_offering.py \
component/test_egress_fw_rules.py \
component/test_escalation_listTemplateDomainAdmin.py \
component/test_escalations_instances.py \
component/test_escalations_ipaddresses.py \
component/test_escalations_isos.py \
component/test_escalations_networks.py \
component/test_escalations_routers.py \
component/test_escalations_securitygroups.py \
component/test_escalations_snapshots.py \
component/test_escalations_templates.py \
component/test_escalations_vmware.py \
component/test_escalations_volumes.py \
component/test_escalations_vpncustomergateways.py \
component/test_haproxy.py \
component/test_interop_xd_ccp.py \
component/test_ip_reservation.py \
component/test_lb_secondary_ip.py \
component/test_memory_limits.py \
component/test_mm_domain_limits.py \
component/test_mm_project_limits.py \
component/test_netscaler_configs.py \
component/test_netscaler_nw_off.py \
component/test_network_offering.py \
component/test_overcommit.py \
component/test_persistent_networks.py \
component/test_portable_ip.py \
component/test_project_limits.py \
component/test_project_usage.py \
component/test_ps_domain_limits.py \
component/test_ps_limits.py \
component/test_ps_resize_volume.py \
component/test_ps_resource_limits_volume.py \
component/test_recurring_snapshots.py \
component/test_reset_ssh_keypair.py \
component/test_routers.py \
component/test_security_groups.py \
component/test_shared_networks.py \
component/test_simultaneous_volume_attach.py \
component/test_snapshot_gc.py \
component/test_snapshot_limits.py \
component/test_snapshots.py \
component/test_snapshots_improvement.py \
component/test_ss_domain_limits.py \
component/test_ss_limits.py \
component/test_ss_max_limits.py \
component/test_ss_project_limits.py \
component/test_stopped_vm.py \
component/test_storage_motion.py \
component/test_templates.py \
component/test_usage.py \
component/test_VirtualRouter_alerts.py \
component/test_vm_passwdenabled.py \
component/test_vmware_drs.py \
component/test_volumes.py \
component/test_vpc.py \
component/test_vpc_network.py \
component/test_vpc_network_lbrules.py \
component/test_vpc_network_pfrules.py \
component/test_vpc_network_staticnatrule.py \
component/test_vpc_offerings.py \
component/test_vpc_routers.py \
component/test_vpc_vm_life_cycle.py \
component/test_vpc_vms_deployment.py

# HARDWARE NOT REQUIRED
echo "Running tests with required_hardware=false"
nosetests --with-marvin --marvin-config=${marvinCfg} -s -a
tags=advanced,required_hardware=false \
smoke/test_affinity_groups.py \
smoke/test_affinity_groups_projects.py \
smoke/test_deploy_vms_with_varied_deploymentplanners.py \
smoke/test_disk_offerings.py \
smoke/test_global_settings.py \
smoke/test_guest_vlan_range.py \
smoke/test_iso.py \
smoke/test_multipleips_per_nic.py \
smoke/test_network.py \
smoke/test_non_contigiousvlan.py \
smoke/test_over_provisioning.py \
smoke/test_portable_publicip.py \
smoke/test_primary_storage.py \
smoke/test_public_ip_range.py \
smoke/test_pvlan.py \
smoke/test_reset_vm_on_reboot.py \
smoke/test_resource_detail.py \
smoke/test_routers.py \
smoke/test_scale_vm.py \
smoke/test_secondary_storage.py \
smoke/test_service_offerings.py \
smoke/test_ssvm.py \
smoke/test_templates.py \

[GitHub] cloudstack pull request: 4.9 mvn version safeupgradeonly

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1510#issuecomment-213521104
  
@swill please include this PR in your list, thanks


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9366: Capacity of one zone-wid...

2016-04-22 Thread sudhansu7 
GitHub user sudhansu7 opened a pull request:

https://github.com/apache/cloudstack/pull/1516

CLOUDSTACK-9366: Capacity of one zone-wide primary storage ignored

Disable and Remove Host operation disables the primary storage capacity.

Steps to replicate:
Base Condition: There exists a host and storage pool with same id
Steps:
1. Find a host and storage pool having same id
2. Disable the host
3. verify that the CPU(1) and MEMORY(0) capacity in op_host_capacity for 
above host is disabled
4. verify that the STORAGE(3) capacity in op_host_capacity for storage pool 
with id same as above host is also disabled

RCA:
'host_id' column in 'op_host_capacity' table used for storing both storage 
pool id (for STORAGE capacity) and host id (MEMORY and CPU). While removing a 
HOST we also disable the capacity associated with host.

Ideally while disabling capacity we should only disable MEMORY and CPU 
capacity, but we are not doing so.

Code Path:
ResourceManagerImpl.doDeleteHost() -> 
ResourceManagerImpl.resourceStateTransitTo() -> 
CapacityDaoImpl.updateCapacityState(null, null, null, host.getId(), 
capacityState.toString())

updateCapacityState is updating disabling all entries which matches the 
host_id. This will also disable a entry having storage pool id same as that of 
host id.

Changes:
introduced new capacityType parameter in updateCapacityState method and 
necessary changes to add capacity_type clause in sql
also fixed incorrect sql builder logic (unused code path for which it is 
never surfaced )
Added marvin test to  check host and storagepool capacity when host is 
disabled

Test Result:
```
mysql> select ohc.host_id, ohc.`capacity_state`,  case capacity_type  when 
0 then  'MEMORY'  when 1 then  'CPU'  ELSE  'STORAGE'  END as 'capacity_type' , 
 total_capacity, case capacity_type  when 0 then  'HOST'  when 1 then  'HOST' 
ELSE  'STORAGE POOL' END as 'HOST/STORAGE POOL'  from op_host_capacity ohc 
where host_id=3;

+-++---++---+
| host_id | capacity_state | capacity_type | total_capacity | HOST/STORAGE 
POOL |

+-++---++---+
|   3 | Enabled| MEMORY| 8589934592 | HOST  
|
|   3 | Enabled| CPU   |  32000 | HOST  
|
|   3 | Enabled| STORAGE   |  219902322 | STORAGE POOL  
|

+-++---++---+

9 rows in set (0.00 sec)

Disable Host 3 from UI.

mysql> select ohc.host_id, ohc.`capacity_state`,  case capacity_type  when 
0 then  'MEMORY'  when 1 then  'CPU'  ELSE  'STORAGE'  END as 'capacity_type' , 
 total_capacity, case capacity_type  when 0 then  'HOST'  when 1 then  'HOST' 
ELSE  'STORAGE POOL' END as 'HOST/STORAGE POOL'  from op_host_capacity ohc 
where host_id=3;

+-++---++---+
| host_id | capacity_state | capacity_type | total_capacity | HOST/STORAGE 
POOL |

+-++---++---+
|   3 | Disabled   | MEMORY| 8589934592 | HOST  
|
|   3 | Disabled   | CPU   |  32000 | HOST  
|
|   3 | Disabled   | STORAGE   |  219902322 | STORAGE POOL  
|

+-++---++---+

After Fix:

mysql> select ohc.host_id, ohc.`capacity_state`,  case capacity_type  when 
0 then  'MEMORY'  when 1 then  'CPU'  ELSE  'STORAGE'  END as 'capacity_type' , 
 total_capacity, case capacity_type  when 0 then  'HOST'  when 1 then  'HOST' 
ELSE  'STORAGE POOL' END as 'HOST/STORAGE POOL'  from op_host_capacity ohc 
where host_id=3;

+-++---++---+
| host_id | capacity_state | capacity_type | total_capacity | HOST/STORAGE 
POOL |

+-++---++---+
|   3 | Enabled| MEMORY| 8589934592 | HOST  
|
|   3 | Enabled| CPU   |  32000 | HOST  
|
|   3 | Enabled| STORAGE   |  219902322 | STORAGE POOL  
|

+-++---++---+
3 rows in set (0.01 sec)

Disable Host 3 from UI.

mysql> select ohc.host_id, ohc.`capacity_state`,  case capacity_type  when 
0 then  'MEMORY'  when 1 then  'CPU'  ELSE  'STORAGE'  END as 'capacity_type' , 
 total_capacity, case capacity_type  when 0 then  'HOST'  when 1 then  'HOST' 
ELSE  'STORAGE POOL' END as

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1502#issuecomment-213520037
  
Thanks @swill @kiwiflyer 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60772858
  
--- Diff: engine/schema/src/com/cloud/upgrade/dao/Upgrade481to490.java ---
@@ -53,6 +62,138 @@ public boolean supportsRollingUpgrade() {
 
 @Override
 public void performDataMigration(Connection conn) {
+setupRolesAndPermissionsForDynamicRBAC(conn);
+}
+
+private void createDefaultRole(final Connection conn, final Long id, 
final String name, final RoleType roleType) {
+final String insertSql = String.format("INSERT INTO 
`cloud`.`roles` (`id`, `uuid`, `name`, `role_type`, `description`) values (%d, 
UUID(), '%s', '%s', 'Default %s role');",
+id, name, roleType.name(), roleType.name().toLowerCase());
+try ( PreparedStatement updatePstmt = 
conn.prepareStatement(insertSql) ) {
+updatePstmt.executeUpdate();
+} catch (SQLException e) {
+throw new CloudRuntimeException("Unable to create default role 
with id: " + id + " name: " + name, e);
+}
+}
+
+private void createRoleMapping(final Connection conn, final Long 
roleId, final String apiName) {
+final String insertSql = String.format("INSERT INTO 
`cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values 
(UUID(), %d, '%s', 'ALLOW') ON DUPLICATE KEY UPDATE rule=rule;",
+roleId, apiName);
+try ( PreparedStatement updatePstmt = 
conn.prepareStatement(insertSql)) {
+updatePstmt.executeUpdate();
+} catch (SQLException ignored) {
+s_logger.warn("Unable to insert mapping for role id:" + roleId 
+ " apiName: " + apiName);
+}
+}
+
+private void addRoleColumnAndMigrateAccountTable(final Connection 
conn, final RoleType[] roleTypes) {
+final String alterTableSql = "ALTER TABLE `cloud`.`account` ADD 
COLUMN `role_id` bigint(20) unsigned COMMENT 'role id for this account' AFTER 
`type`, " +
+"ADD KEY `fk_account__role_id` (`role_id`), " +
+"ADD CONSTRAINT `fk_account__role_id` FOREIGN KEY 
(`role_id`) REFERENCES `roles` (`id`);";
+try (PreparedStatement pstmt = 
conn.prepareStatement(alterTableSql)) {
+pstmt.executeUpdate();
+s_logger.info("Altered cloud.account table and added column 
role_id");
+} catch (SQLException e) {
+if (e.getMessage().contains("role_id")) {
+s_logger.warn("cloud.account table already has the role_id 
column, skipping altering table and migration of accounts");
+return;
+} else {
+throw new CloudRuntimeException("Unable to create column 
quota_calculated in table cloud_usage.cloud_usage", e);
+}
+}
+migrateAccountsToDefaultRoles(conn, roleTypes);
+}
+
+private void migrateAccountsToDefaultRoles(final Connection conn, 
final RoleType[] roleTypes) {
+try (PreparedStatement selectStatement = 
conn.prepareStatement("SELECT `id`, `type` FROM `cloud`.`account`;");
+ ResultSet selectResultSet = selectStatement.executeQuery()) {
+while (selectResultSet.next()) {
+Long accountId = selectResultSet.getLong(1);
+Short accountType = selectResultSet.getShort(2);
+Long roleId = null;
+for (RoleType roleType : roleTypes) {
+if (roleType.getAccountType() == accountType) {
+roleId = roleType.getId();
+break;
+}
+}
+if (roleId == null) {
+continue;
+}
+try (PreparedStatement updateStatement = 
conn.prepareStatement("UPDATE `cloud`.`account` SET role_id = ? WHERE id = 
?;")) {
+updateStatement.setLong(1, roleId);
+updateStatement.setLong(2, accountId);
+updateStatement.executeUpdate();
+updateStatement.close();
--- End diff --

Thanks, will fix this.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60772677
  
--- Diff: utils/src/main/java/com/cloud/utils/PropertiesUtil.java ---
@@ -34,6 +34,10 @@
 public class PropertiesUtil {
 private static final Logger s_logger = 
Logger.getLogger(PropertiesUtil.class);
 
+public static String getDefaultApiCommandsFileName() {
+return "commands.properties";
+}
--- End diff --

PropertiesUtil deals with commands.properties file related processing, so 
I've put it here. Also, utils is a common packages used by several other 
modules, putting this in an authenticator (server or plugin package) won't make 
it generally consumable across several modules if needed.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60772392
  
--- Diff: server/src/com/cloud/api/dispatch/ParamProcessWorker.java ---
@@ -92,6 +94,55 @@ public void handle(final DispatchTask task) {
 processParameters(task.getCmd(), task.getParams());
 }
 
+private void validateNonEmptyString(final Object param, final String 
argName) {
+if (param == null || Strings.isNullOrEmpty(param.toString())) {
+throw new ServerApiException(ApiErrorCode.PARAM_ERROR, 
String.format("Empty or null value provided for API arg: %s", argName));
+}
+}
+
+private void validateNaturalNumber(final Object param, final String 
argName) {
+Long value = null;
+if (param != null && param instanceof Long) {
+value = (Long) param;
+} else if (param != null) {
+value = Long.valueOf(param.toString());
+}
+if (value == null || value < 1L) {
+throw new ServerApiException(ApiErrorCode.PARAM_ERROR, 
String.format("Invalid value provided for API arg: %s", argName));
+}
+}
+
+private void validateField(final Object paramObj, final Parameter 
annotation) throws ServerApiException {
+if (annotation == null) {
+return;
+}
+final String argName = annotation.name();
+for (final ApiArgValidator validator : annotation.validations()) {
+if (validator == null) {
+continue;
+}
+switch (validator) {
+case NotNullOrEmpty:
+switch (annotation.type()) {
+case UUID:
+case STRING:
+validateNonEmptyString(paramObj, argName);
+break;
+}
+break;
+case PositiveNumber:
+switch (annotation.type()) {
+case SHORT:
+case INTEGER:
+case LONG:
+validateNaturalNumber(paramObj, argName);
+break;
+}
--- End diff --

annotation fields need an exact value, so it could either have a list of 
enum or classes; using a list of classes would make implementation complex and 
creation of several classes for each new validator. We also needed to know what 
the annotation type is to only execute operation based on type, for example 
PositiveNumber validator on a  string or boolean field/arg type won't make 
sense. It was easiest in terms of maintainability and implementation to pass in 
enum, and handle them here like this. I'm not sure the best way of doing this, 
advise if there are better ways of doing validation?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60771928
  
--- Diff: scripts/util/migrate-dynamicroles.py ---
@@ -0,0 +1,134 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+import os
+import sys
+import uuid
+
+from contextlib import closing
+from optparse import OptionParser
+
+try:
+import MySQLdb
+except ImportError:
+print("MySQLdb cannot be imported, please install python-mysqldb(apt) 
or mysql-python(yum)")
+sys.exit(1)
+
+dryrun = False
+
+
+def runSql(conn, query):
+if dryrun:
+print("Running SQL query: " + query)
+return
+with closing(conn.cursor()) as cursor:
+cursor.execute(query)
+
+
+def migrateApiRolePermissions(apis, conn):
+# All allow for root admin role Admin(id:1)
+runSql(conn, "INSERT INTO `cloud`.`role_permissions` (`uuid`, 
`role_id`, `rule`, `permission`) values (UUID(), 1, '*', 'Allow');")
+# Migrate rules based on commands.properties rule for 
ResourceAdmin(id:2), DomainAdmin(id:3), User(id:4)
+octetKey = {2:2, 3:4, 4:8}
+for role in [2, 3, 4]:
+for api in sorted(apis.keys()):
+# Ignore auth commands
+if api in ['login', 'logout', 'samlSso', 'samlSlo', 
'listIdps', 'listAndSwitchSamlAccount', 'getSPMetadata']:
+continue
+if (octetKey[role] & int(apis[api])) > 0:
+runSql(conn, "INSERT INTO `cloud`.`role_permissions` 
(`uuid`, `role_id`, `rule`, `permission`) values (UUID(), %d, '%s', 'Allow');" 
% (role, api))
+
+
+def main():
+parser = OptionParser()
+parser.add_option("-b", "--db", action="store", type="string", 
dest="db", default="cloud",
+help="The name of the database, default: cloud")
+parser.add_option("-u", "--user", action="store", type="string", 
dest="user", default="cloud",
+help="User name a MySQL user with privileges on 
cloud database")
+parser.add_option("-p", "--password", action="store", type="string", 
dest="password", default="cloud",
+help="Password of a MySQL user with privileges on 
cloud database")
+parser.add_option("-H", "--host", action="store", type="string", 
dest="host", default="127.0.0.1",
+help="Host or IP of the MySQL server")
+parser.add_option("-P", "--port", action="store", type="int", 
dest="port", default=3306,
+help="Host or IP of the MySQL server")
+parser.add_option("-f", "--properties-file", action="store", 
type="string", dest="commandsfile", 
default="/etc/cloudstack/management/commands.properties",
+help="The commands.properties file")
+parser.add_option("-d", "--dryrun", action="store_true", 
dest="dryrun", default=False,
+help="Dry run and debug operations this tool will 
perform")
+(options, args) = parser.parse_args()
+
+print("Apache CloudStack Role Permission Migration Tool")
+print("(c) Apache CloudStack Authors and the ASF, under the Apache 
License, Version 2.0\n")
+
+global dryrun
+if options.dryrun:
+dryrun = True
+
+conn = MySQLdb.connect(
+host=options.host,
+user=options.user,
+passwd=options.password,
+port=int(options.port),
+db=options.db)
+
+if not os.path.isfile(options.commandsfile):
+print("Provided commands.properties cannot be accessed or does not 
exist, please check check permissions")
+sys.exit(1)
+
+while True:
+choice = raw_input("Running this migration tool will remove any " +
+   "default-role rules in cloud.role_permissions. 
" +
+   "Do you want to

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60771659
  
--- Diff: scripts/util/migrate-dynamicroles.py ---
@@ -0,0 +1,134 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+import os
+import sys
+import uuid
+
+from contextlib import closing
+from optparse import OptionParser
+
+try:
+import MySQLdb
+except ImportError:
+print("MySQLdb cannot be imported, please install python-mysqldb(apt) 
or mysql-python(yum)")
+sys.exit(1)
+
+dryrun = False
+
+
+def runSql(conn, query):
+if dryrun:
+print("Running SQL query: " + query)
+return
+with closing(conn.cursor()) as cursor:
+cursor.execute(query)
+
+
+def migrateApiRolePermissions(apis, conn):
+# All allow for root admin role Admin(id:1)
+runSql(conn, "INSERT INTO `cloud`.`role_permissions` (`uuid`, 
`role_id`, `rule`, `permission`) values (UUID(), 1, '*', 'Allow');")
+# Migrate rules based on commands.properties rule for 
ResourceAdmin(id:2), DomainAdmin(id:3), User(id:4)
+octetKey = {2:2, 3:4, 4:8}
+for role in [2, 3, 4]:
+for api in sorted(apis.keys()):
+# Ignore auth commands
+if api in ['login', 'logout', 'samlSso', 'samlSlo', 
'listIdps', 'listAndSwitchSamlAccount', 'getSPMetadata']:
+continue
+if (octetKey[role] & int(apis[api])) > 0:
+runSql(conn, "INSERT INTO `cloud`.`role_permissions` 
(`uuid`, `role_id`, `rule`, `permission`) values (UUID(), %d, '%s', 'Allow');" 
% (role, api))
+
+
+def main():
+parser = OptionParser()
+parser.add_option("-b", "--db", action="store", type="string", 
dest="db", default="cloud",
+help="The name of the database, default: cloud")
+parser.add_option("-u", "--user", action="store", type="string", 
dest="user", default="cloud",
+help="User name a MySQL user with privileges on 
cloud database")
+parser.add_option("-p", "--password", action="store", type="string", 
dest="password", default="cloud",
+help="Password of a MySQL user with privileges on 
cloud database")
+parser.add_option("-H", "--host", action="store", type="string", 
dest="host", default="127.0.0.1",
+help="Host or IP of the MySQL server")
+parser.add_option("-P", "--port", action="store", type="int", 
dest="port", default=3306,
+help="Host or IP of the MySQL server")
+parser.add_option("-f", "--properties-file", action="store", 
type="string", dest="commandsfile", 
default="/etc/cloudstack/management/commands.properties",
+help="The commands.properties file")
+parser.add_option("-d", "--dryrun", action="store_true", 
dest="dryrun", default=False,
+help="Dry run and debug operations this tool will 
perform")
+(options, args) = parser.parse_args()
+
+print("Apache CloudStack Role Permission Migration Tool")
+print("(c) Apache CloudStack Authors and the ASF, under the Apache 
License, Version 2.0\n")
+
+global dryrun
+if options.dryrun:
+dryrun = True
+
+conn = MySQLdb.connect(
+host=options.host,
+user=options.user,
+passwd=options.password,
+port=int(options.port),
+db=options.db)
+
+if not os.path.isfile(options.commandsfile):
+print("Provided commands.properties cannot be accessed or does not 
exist, please check check permissions")
+sys.exit(1)
+
+while True:
+choice = raw_input("Running this migration tool will remove any " +
+   "default-role rules in cloud.role_permissions. 
" +
+   "Do you want to

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60771393
  
--- Diff: 
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapImportUsersCmd.java
 ---
@@ -131,7 +135,9 @@ private void createCloudstackUserAccount(LdapUser user, 
String accountName, Doma
 @Override
 public void execute() throws ResourceUnavailableException, 
InsufficientCapacityException, ServerApiException, ConcurrentOperationException,
 ResourceAllocationException, NetworkRuleConflictException {
-
+if (getAccountType() == null && getRoleId() == null) {
+throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Both 
account type and role ID are not provided");
--- End diff --

same reasons from above 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60771374
  
--- Diff: 
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
 ---
@@ -119,6 +131,9 @@ private Long getDomainId() {
 
 @Override
 public void execute() throws ServerApiException {
+if (getAccountType() == null && getRoleId() == null) {
+throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Both 
account type and role ID are not provided");
--- End diff --

@jburwell because of backward compatibility we cannot make roleid param as 
required, while accounttype used to be required but is now made non-required; 
this checks ensures that at least one of them is passed. When only account type 
is passed, we translate that to one of the four default roles (id).


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: L10n update 4.8 20160127

2016-04-22 Thread milamberspace 
Github user milamberspace closed the pull request at:

https://github.com/apache/cloudstack/pull/1375


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: L10n update 4.8 20160127

2016-04-22 Thread milamberspace 
Github user milamberspace commented on the pull request:

https://github.com/apache/cloudstack/pull/1375#issuecomment-213496639
  
Close, replace by #1515


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: L10n update 4.8 20160422

2016-04-22 Thread milamberspace 
GitHub user milamberspace opened a pull request:

https://github.com/apache/cloudstack/pull/1515

L10n update 4.8 20160422

@swill the good PR for 4.8 branch.

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/milamberspace/cloudstack 
L10N-update-4.8-20160422

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1515.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1515


commit 618c49bc63009bda74e209a80e59929c89ba8d63
Author: Milamber <milam...@apache.org>
Date:   2016-04-20T08:13:32Z

Force "translator" mode with the transifex client.

commit d8f3de650da3f45e97bc35408917768f594d0c7c
Author: Milamber <milam...@apache.org>
Date:   2016-04-22T16:14:11Z

Update Transifex client config file for 4.8 resources (generated by Tx 
client)

commit af70cc761904492429a323fd90edbba59d145223
Author: Milamber <milam...@apache.org>
Date:   2016-04-22T16:16:00Z

Add reference for L18N files for 4.8 resources (generated by Tx client)

commit 819a5b4c85af6f6dc6628d02d1362bd95e7af804
Author: Milamber <milam...@apache.org>
Date:   2016-04-22T16:16:06Z

Update L10N resource files with 4.8 strings from Transifex (20160422)




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

CaaS in CloudStack with Kubernetes

2016-04-22 Thread Sebastien Goasguen 
Hi folks,

I have been quite silent this past few weeks because aside from voting in a new 
VP (soon to be announced), I  have been hard at work for my new endeavors with 
Skippbox.

I am quite excited that today we could not wait and Skippbox together with 
Shapeblue announced a preview of a Kubernetes/CloudStack integration:
http://www.benzinga.com/pressreleases/16/04/g7872516/shapeblue-harness-the-power-of-kubernetes-and-apache-cloudstack-to-give

This is currently still a by request preview, but once we are done with much 
better testing and even tighter integration, the code will be open sourced as a 
CloudStack plugin.

I wouldn’t mind couple supportive tweets and if you want a demo before you can 
run it yourself, ping me.

Cheers,

-Sebastien

[GitHub] cloudstack pull request: CLOUDSTACK-6975: Prevent dnsmasq from sta...

2016-04-22 Thread jburwell 
Github user jburwell commented on the pull request:

https://github.com/apache/cloudstack/pull/1514#issuecomment-213486309
  
@dsclose would it be possible for you to enhance 
``test/ntegration/component/test_redundant_router_services.py`` to verify that 
dnsmasq is only running on the master router and that dnsmasq properly starts 
on failover?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: Taking fast and efficient volume snapshot...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1403#issuecomment-213479837
  





## CI RESULTS

### 120/120 TESTS PASSED!

View the results below...


**Associated Uploads**

**`/tmp/MarvinLogs/DeployDataCenter__Apr_22_2016_07_25_29_9Y5PQH`:**

* 
[dc_entries.obj](https://objects-east.cloud.ca/v1/e465abe2f9ae4478b9fff416eab61bd9/PR1403/tmp/MarvinLogs/DeployDataCenter__Apr_22_2016_07_25_29_9Y5PQH/dc_entries.obj)
* 
[failed_plus_exceptions.txt](https://objects-east.cloud.ca/v1/e465abe2f9ae4478b9fff416eab61bd9/PR1403/tmp/MarvinLogs/DeployDataCenter__Apr_22_2016_07_25_29_9Y5PQH/failed_plus_exceptions.txt)
* 
[runinfo.txt](https://objects-east.cloud.ca/v1/e465abe2f9ae4478b9fff416eab61bd9/PR1403/tmp/MarvinLogs/DeployDataCenter__Apr_22_2016_07_25_29_9Y5PQH/runinfo.txt)

**`/tmp/MarvinLogs/test_projects_P6EJRK`:**

* 
[failed_plus_exceptions.txt](https://objects-east.cloud.ca/v1/e465abe2f9ae4478b9fff416eab61bd9/PR1403/tmp/MarvinLogs/test_projects_P6EJRK/failed_plus_exceptions.txt)
* 
[results.txt](https://objects-east.cloud.ca/v1/e465abe2f9ae4478b9fff416eab61bd9/PR1403/tmp/MarvinLogs/test_projects_P6EJRK/results.txt)
* 
[runinfo.txt](https://objects-east.cloud.ca/v1/e465abe2f9ae4478b9fff416eab61bd9/PR1403/tmp/MarvinLogs/test_projects_P6EJRK/runinfo.txt)

**`/tmp/MarvinLogs/test_templates_5NPAZM`:**

* 
[failed_plus_exceptions.txt](https://objects-east.cloud.ca/v1/e465abe2f9ae4478b9fff416eab61bd9/PR1403/tmp/MarvinLogs/test_templates_5NPAZM/failed_plus_exceptions.txt)
* 
[results.txt](https://objects-east.cloud.ca/v1/e465abe2f9ae4478b9fff416eab61bd9/PR1403/tmp/MarvinLogs/test_templates_5NPAZM/results.txt)
* 
[runinfo.txt](https://objects-east.cloud.ca/v1/e465abe2f9ae4478b9fff416eab61bd9/PR1403/tmp/MarvinLogs/test_templates_5NPAZM/runinfo.txt)


Uploads will be available until `2016-06-22 02:00:00 +0200 CEST`

*Comment created by [`upr comment`](https://github.com/swill/upr).*




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs when rewriti...

2016-04-22 Thread insom 
Github user insom closed the pull request at:

https://github.com/apache/cloudstack/pull/1512


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-6975: Prevent dnsmasq from sta...

2016-04-22 Thread dsclose 
Github user dsclose commented on the pull request:

https://github.com/apache/cloudstack/pull/1509#issuecomment-213467207
  
@swill and thank you for you're support - much appreciated :-)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-6975: Prevent dnsmasq from sta...

2016-04-22 Thread dsclose 
Github user dsclose commented on the pull request:

https://github.com/apache/cloudstack/pull/1509#issuecomment-213465470
  
Rebased off of 4.7 branch and opened PR #1514 - closing this PR.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-6975: Prevent dnsmasq from sta...

2016-04-22 Thread dsclose 
Github user dsclose closed the pull request at:

https://github.com/apache/cloudstack/pull/1509


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-6975: Prevent dnsmasq from sta...

2016-04-22 Thread dsclose 
GitHub user dsclose opened a pull request:

https://github.com/apache/cloudstack/pull/1514

CLOUDSTACK-6975: Prevent dnsmasq from starting on backup redundant RvR

Rebase of PR #1509 against the 4.7 branch as requested by @swill 

One LGTM from @ustcweizhou carried from previous PR. Previous PR will be 
closed.

Description from PR #1509:

CLOUDSTACK-6975 refers to service monitoring bringing up dnsmasq but this 
is no-longer accurate, as service monitoring is not active on the post-4.6 
routers. These routers still suffer an essentially identical issue, however, 
because "dnsmasq needs to be restarted each time configure.py is called in 
order to avoid lease problems." As such, dnsmasq is still running on backup 
RvRs, causing the issues described in CLOUDSTACK-6975.

This PR is based on a patch submitted by @ustcweizhou. The code now checks 
the redundant state of the router before restarting dnsmasq.

RvR networks without this patch have dnsmasq running on both master and 
backup routers. RvR networks with this patch have dnsmasq running on only the 
master router.

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/dsclose/cloudstack CLOUDSTACK-6975

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1514.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1514


commit cb16ce7e6c8197ae289d105bbf829c68db6d5086
Author: dean.close 
Date:   2016-04-22T14:58:16Z

CLOUDSTACK-6975: Prevent dnsmasq from starting on backup redundant routers.




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

RE: [GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs when rewriti...

2016-04-22 Thread Richard Klein (RSI) 
First time poster to the development mailing list so greetings everyone.  We 
ran across this issue in our environment as well (CentOS 7 with KVM) with CS 
4.7.0.  The problem appeared to use as a behavior of libvirt because we could 
reproduce the error independent of CS by manually creating a VM and migrating 
it outside of CS but on the CS host.  This led us to believe it was a libvirt 
issue.  However, based on the code change in the Git repository I was unaware 
there were hooks into libvirt.

We worked around the issue by just changing the name of the bridge from 
brvx-1234 to vxbr-1234 and that resolved the issue for us.  Not that this is a 
better solution but just wondering if we are talking about the same issue.



Richard Klein   
RSI 
5426 Guadalupe, Suite 100 
Austin TX 78751 



> -Original Message-
> From: insom [mailto:g...@git.apache.org]
> Sent: Friday, April 22, 2016 9:21 AM
> To: dev@cloudstack.apache.org
> Subject: [GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs
> when rewriti...
> 
> GitHub user insom opened a pull request:
> 
> https://github.com/apache/cloudstack/pull/1513
> 
> CLOUDSTACK-9362: Skip VXLANs when rewriting the bridge name for
> migrations (4.8-2)
> 
> From the [JIRA issue](https://issues.apache.org/jira/browse/CLOUDSTACK-
> 9362):
> 
> >
> https://github.com/apache/cloudstack/commit/bb8f7c652e42caacff5adce1ce6
> 0342603677605
> >
> > The above commit introduces rewriting of bridge device names when
> migrating a virtual machine from one host to another. However, it also
> matches bridges called "brvx-1234" and rewrites them to (in my case) "brem1-
> 1234" - this doesn't match the bridge name on the destination and causes the
> migration to fail with the error:
> >
> > error : virNetDevGetMTU:397 : Cannot get interface MTU on 'brem1-
> 1234': No such device
> >
> > I have flagged this as major because it's not possible to migrate VMs 
> using
> VXLANs for maintenance, which seems important (it's certainly important to
> me!).
> 
> This is a version of #1508 based against 4.8 (sorry!)
> 
> You can merge this pull request into a Git repository by running:
> 
> $ git pull https://github.com/insom/cloudstack CLOUDSTACK-9362-2
> 
> Alternatively you can review and apply these changes as the patch at:
> 
> https://github.com/apache/cloudstack/pull/1513.patch
> 
> To close this pull request, make a commit to your master/trunk branch with (at
> least) the following in the commit message:
> 
> This closes #1513
> 
> 
> commit d2eb0a537a1f279a83f4af4f8f1bbae9d5aefba8
> Author: Aaron Brady 
> Date:   2016-04-21T14:19:56Z
> 
> Skip VXLANs when rewriting the bridge name for migrations
> 
> 
> 
> 
> ---
> If your project is set up for it, you can reply to this email and have your 
> reply
> appear on GitHub as well. If your project does not have this feature enabled
> and wishes so, or if the feature is enabled but not working, please contact
> infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA.
> ---

[GitHub] cloudstack pull request: [CLOUDSTACK-9207] Test to verify restarti...

2016-04-22 Thread sanju1010 
Github user sanju1010 commented on the pull request:

https://github.com/apache/cloudstack/pull/1304#issuecomment-213448269
  
I have made changes as per @pavanb018's comments and tested it on my 
environment.
Following are the test results:
Test restart network with cleanup ... === TestName: 
test_restart_network_with_cleanup | Status : SUCCESS ===
ok

--
Ran 1 test in 474.544s

OK

@pavanb018 , can you please review the changes?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs when rewriti...

2016-04-22 Thread insom 
GitHub user insom opened a pull request:

https://github.com/apache/cloudstack/pull/1513

CLOUDSTACK-9362: Skip VXLANs when rewriting the bridge name for migrations 
(4.8-2)

From the [JIRA 
issue](https://issues.apache.org/jira/browse/CLOUDSTACK-9362):

> 
https://github.com/apache/cloudstack/commit/bb8f7c652e42caacff5adce1ce60342603677605
> 
> The above commit introduces rewriting of bridge device names when 
migrating a virtual machine from one host to another. However, it also matches 
bridges called "brvx-1234" and rewrites them to (in my case) "brem1-1234" - 
this doesn't match the bridge name on the destination and causes the migration 
to fail with the error:
> 
> error : virNetDevGetMTU:397 : Cannot get interface MTU on 'brem1-1234': 
No such device
> 
> I have flagged this as major because it's not possible to migrate VMs 
using VXLANs for maintenance, which seems important (it's certainly important 
to me!).

This is a version of #1508 based against 4.8 (sorry!)

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/insom/cloudstack CLOUDSTACK-9362-2

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1513.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1513


commit d2eb0a537a1f279a83f4af4f8f1bbae9d5aefba8
Author: Aaron Brady 
Date:   2016-04-21T14:19:56Z

Skip VXLANs when rewriting the bridge name for migrations




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60745471
  
--- Diff: utils/src/main/java/com/cloud/utils/PropertiesUtil.java ---
@@ -34,6 +34,10 @@
 public class PropertiesUtil {
 private static final Logger s_logger = 
Logger.getLogger(PropertiesUtil.class);
 
+public static String getDefaultApiCommandsFileName() {
+return "commands.properties";
+}
--- End diff --

Why is this method not defined in a common class/interface of the 
authenticator mechanism?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60744905
  
--- Diff: test/integration/smoke/test_dynamicroles.py ---
@@ -0,0 +1,474 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from marvin.cloudstackAPI import *
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.cloudstackException import CloudstackAPIException
+from marvin.lib.base import Account, Role, RolePermission
+from marvin.lib.utils import cleanup_resources
+from nose.plugins.attrib import attr
+
+import random
+import re
+
+
+class TestData(object):
+"""Test data object that is required to create resources
+"""
+def __init__(self):
+self.testdata = {
+"account": {
+"email": "mtu@test.cloud",
+"firstname": "Marvin",
+"lastname": "TestUser",
+"username": "roletest",
+"password": "password",
+},
+"role": {
+"name": "MarvinFake Role ",
+"type": "User",
+"description": "Fake Role created by Marvin test"
+},
+"roleadmin": {
+"name": "MarvinFake Admin Role ",
+"type": "Admin",
+"description": "Fake Admin Role created by Marvin test"
+},
+"roledomainadmin": {
+"name": "MarvinFake DomainAdmin Role ",
+"type": "DomainAdmin",
+"description": "Fake Domain-Admin Role created by Marvin 
test"
+},
+"rolepermission": {
+"roleid": 1,
+"rule": "listVirtualMachines",
+"permission": "allow",
+"description": "Fake role permission created by Marvin 
test"
+},
+"apiConfig": {
+"listApis": "allow",
+"listAccounts": "allow",
+"listClusters": "deny",
+"*VM*": "allow",
+"*Host*": "deny"
+}
+}
+
+
+class TestDynamicRoles(cloudstackTestCase):
+"""Tests dynamic role and role permission management in CloudStack
+"""
+
+def setUp(self):
+self.apiclient = self.testClient.getApiClient()
+self.dbclient = self.testClient.getDbConnection()
+self.testdata = TestData().testdata
+
+feature_enabled = 
self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
+if not feature_enabled:
+self.skipTest("Dynamic Role-Based API checker not enabled, 
skipping test")
+
+self.testdata["role"]["name"] += self.getRandomString()
+self.role = Role.create(
+self.apiclient,
+self.testdata["role"]
+)
+
+self.testdata["rolepermission"]["roleid"] = self.role.id
+self.rolepermission = RolePermission.create(
+self.apiclient,
+self.testdata["rolepermission"]
+)
+
+self.account = Account.create(
+self.apiclient,
+self.testdata["account"],
+roleid=self.role.id
+)
+self.cleanup = [
+self.account,
+self.rolepermission,
+self.role
+]
+
+
+def tearDown(self):
+try:
+   cleanup_resources(self.apiclient, self.cleanup)
+except Exception as e:
+self.debug("Warning! Exception in tearDown: %s" % e)
+
+
+def translateRoleToAccountType(self, role_type):
+if role_type == "User":
+return 0
+elif role_type == "Admin":
+return 1
+elif role_type == "DomainAdmin":
+return

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60744764
  
--- Diff: test/integration/smoke/test_dynamicroles.py ---
@@ -0,0 +1,474 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from marvin.cloudstackAPI import *
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.cloudstackException import CloudstackAPIException
+from marvin.lib.base import Account, Role, RolePermission
+from marvin.lib.utils import cleanup_resources
+from nose.plugins.attrib import attr
+
+import random
+import re
+
+
+class TestData(object):
+"""Test data object that is required to create resources
+"""
+def __init__(self):
+self.testdata = {
+"account": {
+"email": "mtu@test.cloud",
+"firstname": "Marvin",
+"lastname": "TestUser",
+"username": "roletest",
+"password": "password",
+},
+"role": {
+"name": "MarvinFake Role ",
+"type": "User",
+"description": "Fake Role created by Marvin test"
+},
+"roleadmin": {
+"name": "MarvinFake Admin Role ",
+"type": "Admin",
+"description": "Fake Admin Role created by Marvin test"
+},
+"roledomainadmin": {
+"name": "MarvinFake DomainAdmin Role ",
+"type": "DomainAdmin",
+"description": "Fake Domain-Admin Role created by Marvin 
test"
+},
+"rolepermission": {
+"roleid": 1,
+"rule": "listVirtualMachines",
+"permission": "allow",
+"description": "Fake role permission created by Marvin 
test"
+},
+"apiConfig": {
+"listApis": "allow",
+"listAccounts": "allow",
+"listClusters": "deny",
+"*VM*": "allow",
+"*Host*": "deny"
+}
+}
+
+
+class TestDynamicRoles(cloudstackTestCase):
+"""Tests dynamic role and role permission management in CloudStack
+"""
+
+def setUp(self):
+self.apiclient = self.testClient.getApiClient()
+self.dbclient = self.testClient.getDbConnection()
+self.testdata = TestData().testdata
+
+feature_enabled = 
self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
+if not feature_enabled:
+self.skipTest("Dynamic Role-Based API checker not enabled, 
skipping test")
+
+self.testdata["role"]["name"] += self.getRandomString()
+self.role = Role.create(
+self.apiclient,
+self.testdata["role"]
+)
+
+self.testdata["rolepermission"]["roleid"] = self.role.id
+self.rolepermission = RolePermission.create(
+self.apiclient,
+self.testdata["rolepermission"]
+)
+
+self.account = Account.create(
+self.apiclient,
+self.testdata["account"],
+roleid=self.role.id
+)
+self.cleanup = [
+self.account,
+self.rolepermission,
+self.role
+]
+
+
+def tearDown(self):
+try:
+   cleanup_resources(self.apiclient, self.cleanup)
+except Exception as e:
+self.debug("Warning! Exception in tearDown: %s" % e)
+
+
+def translateRoleToAccountType(self, role_type):
+if role_type == "User":
+return 0
+elif role_type == "Admin":
+return 1
+elif role_type == "DomainAdmin":
+return

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60744675
  
--- Diff: test/integration/smoke/test_dynamicroles.py ---
@@ -0,0 +1,474 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from marvin.cloudstackAPI import *
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.cloudstackException import CloudstackAPIException
+from marvin.lib.base import Account, Role, RolePermission
+from marvin.lib.utils import cleanup_resources
+from nose.plugins.attrib import attr
+
+import random
+import re
+
+
+class TestData(object):
+"""Test data object that is required to create resources
+"""
+def __init__(self):
+self.testdata = {
+"account": {
+"email": "mtu@test.cloud",
+"firstname": "Marvin",
+"lastname": "TestUser",
+"username": "roletest",
+"password": "password",
+},
+"role": {
+"name": "MarvinFake Role ",
+"type": "User",
+"description": "Fake Role created by Marvin test"
+},
+"roleadmin": {
+"name": "MarvinFake Admin Role ",
+"type": "Admin",
+"description": "Fake Admin Role created by Marvin test"
+},
+"roledomainadmin": {
+"name": "MarvinFake DomainAdmin Role ",
+"type": "DomainAdmin",
+"description": "Fake Domain-Admin Role created by Marvin 
test"
+},
+"rolepermission": {
+"roleid": 1,
+"rule": "listVirtualMachines",
+"permission": "allow",
+"description": "Fake role permission created by Marvin 
test"
+},
+"apiConfig": {
+"listApis": "allow",
+"listAccounts": "allow",
+"listClusters": "deny",
+"*VM*": "allow",
+"*Host*": "deny"
+}
+}
+
+
+class TestDynamicRoles(cloudstackTestCase):
+"""Tests dynamic role and role permission management in CloudStack
+"""
+
+def setUp(self):
+self.apiclient = self.testClient.getApiClient()
+self.dbclient = self.testClient.getDbConnection()
+self.testdata = TestData().testdata
+
+feature_enabled = 
self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
+if not feature_enabled:
+self.skipTest("Dynamic Role-Based API checker not enabled, 
skipping test")
+
+self.testdata["role"]["name"] += self.getRandomString()
+self.role = Role.create(
+self.apiclient,
+self.testdata["role"]
+)
+
+self.testdata["rolepermission"]["roleid"] = self.role.id
+self.rolepermission = RolePermission.create(
+self.apiclient,
+self.testdata["rolepermission"]
+)
+
+self.account = Account.create(
+self.apiclient,
+self.testdata["account"],
+roleid=self.role.id
+)
+self.cleanup = [
+self.account,
+self.rolepermission,
+self.role
+]
+
+
+def tearDown(self):
+try:
+   cleanup_resources(self.apiclient, self.cleanup)
+except Exception as e:
+self.debug("Warning! Exception in tearDown: %s" % e)
+
+
+def translateRoleToAccountType(self, role_type):
+if role_type == "User":
+return 0
+elif role_type == "Admin":
+return 1
+elif role_type == "DomainAdmin":
+return

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60744698
  
--- Diff: test/integration/smoke/test_dynamicroles.py ---
@@ -0,0 +1,474 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from marvin.cloudstackAPI import *
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.cloudstackException import CloudstackAPIException
+from marvin.lib.base import Account, Role, RolePermission
+from marvin.lib.utils import cleanup_resources
+from nose.plugins.attrib import attr
+
+import random
+import re
+
+
+class TestData(object):
+"""Test data object that is required to create resources
+"""
+def __init__(self):
+self.testdata = {
+"account": {
+"email": "mtu@test.cloud",
+"firstname": "Marvin",
+"lastname": "TestUser",
+"username": "roletest",
+"password": "password",
+},
+"role": {
+"name": "MarvinFake Role ",
+"type": "User",
+"description": "Fake Role created by Marvin test"
+},
+"roleadmin": {
+"name": "MarvinFake Admin Role ",
+"type": "Admin",
+"description": "Fake Admin Role created by Marvin test"
+},
+"roledomainadmin": {
+"name": "MarvinFake DomainAdmin Role ",
+"type": "DomainAdmin",
+"description": "Fake Domain-Admin Role created by Marvin 
test"
+},
+"rolepermission": {
+"roleid": 1,
+"rule": "listVirtualMachines",
+"permission": "allow",
+"description": "Fake role permission created by Marvin 
test"
+},
+"apiConfig": {
+"listApis": "allow",
+"listAccounts": "allow",
+"listClusters": "deny",
+"*VM*": "allow",
+"*Host*": "deny"
+}
+}
+
+
+class TestDynamicRoles(cloudstackTestCase):
+"""Tests dynamic role and role permission management in CloudStack
+"""
+
+def setUp(self):
+self.apiclient = self.testClient.getApiClient()
+self.dbclient = self.testClient.getDbConnection()
+self.testdata = TestData().testdata
+
+feature_enabled = 
self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
+if not feature_enabled:
+self.skipTest("Dynamic Role-Based API checker not enabled, 
skipping test")
+
+self.testdata["role"]["name"] += self.getRandomString()
+self.role = Role.create(
+self.apiclient,
+self.testdata["role"]
+)
+
+self.testdata["rolepermission"]["roleid"] = self.role.id
+self.rolepermission = RolePermission.create(
+self.apiclient,
+self.testdata["rolepermission"]
+)
+
+self.account = Account.create(
+self.apiclient,
+self.testdata["account"],
+roleid=self.role.id
+)
+self.cleanup = [
+self.account,
+self.rolepermission,
+self.role
+]
+
+
+def tearDown(self):
+try:
+   cleanup_resources(self.apiclient, self.cleanup)
+except Exception as e:
+self.debug("Warning! Exception in tearDown: %s" % e)
+
+
+def translateRoleToAccountType(self, role_type):
+if role_type == "User":
+return 0
+elif role_type == "Admin":
+return 1
+elif role_type == "DomainAdmin":
+return

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60744528
  
--- Diff: test/integration/smoke/test_dynamicroles.py ---
@@ -0,0 +1,474 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from marvin.cloudstackAPI import *
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.cloudstackException import CloudstackAPIException
+from marvin.lib.base import Account, Role, RolePermission
+from marvin.lib.utils import cleanup_resources
+from nose.plugins.attrib import attr
+
+import random
+import re
+
+
+class TestData(object):
+"""Test data object that is required to create resources
+"""
+def __init__(self):
+self.testdata = {
+"account": {
+"email": "mtu@test.cloud",
+"firstname": "Marvin",
+"lastname": "TestUser",
+"username": "roletest",
+"password": "password",
+},
+"role": {
+"name": "MarvinFake Role ",
+"type": "User",
+"description": "Fake Role created by Marvin test"
+},
+"roleadmin": {
+"name": "MarvinFake Admin Role ",
+"type": "Admin",
+"description": "Fake Admin Role created by Marvin test"
+},
+"roledomainadmin": {
+"name": "MarvinFake DomainAdmin Role ",
+"type": "DomainAdmin",
+"description": "Fake Domain-Admin Role created by Marvin 
test"
+},
+"rolepermission": {
+"roleid": 1,
+"rule": "listVirtualMachines",
+"permission": "allow",
+"description": "Fake role permission created by Marvin 
test"
+},
+"apiConfig": {
+"listApis": "allow",
+"listAccounts": "allow",
+"listClusters": "deny",
+"*VM*": "allow",
+"*Host*": "deny"
+}
+}
+
+
+class TestDynamicRoles(cloudstackTestCase):
+"""Tests dynamic role and role permission management in CloudStack
+"""
+
+def setUp(self):
+self.apiclient = self.testClient.getApiClient()
+self.dbclient = self.testClient.getDbConnection()
+self.testdata = TestData().testdata
+
+feature_enabled = 
self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
+if not feature_enabled:
+self.skipTest("Dynamic Role-Based API checker not enabled, 
skipping test")
+
+self.testdata["role"]["name"] += self.getRandomString()
+self.role = Role.create(
+self.apiclient,
+self.testdata["role"]
+)
+
+self.testdata["rolepermission"]["roleid"] = self.role.id
+self.rolepermission = RolePermission.create(
+self.apiclient,
+self.testdata["rolepermission"]
+)
+
+self.account = Account.create(
+self.apiclient,
+self.testdata["account"],
+roleid=self.role.id
+)
+self.cleanup = [
+self.account,
+self.rolepermission,
+self.role
+]
+
+
+def tearDown(self):
+try:
+   cleanup_resources(self.apiclient, self.cleanup)
+except Exception as e:
+self.debug("Warning! Exception in tearDown: %s" % e)
+
+
+def translateRoleToAccountType(self, role_type):
+if role_type == "User":
+return 0
+elif role_type == "Admin":
+return 1
+elif role_type == "DomainAdmin":
+return

[GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs when rewriti...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1512#issuecomment-213443134
  
You opened it against master again...  


![image](https://cloud.githubusercontent.com/assets/13644/14743978/7e8dbfd6-0872-11e6-83bc-73ebe2699a9c.png)



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60744168
  
--- Diff: test/integration/smoke/test_dynamicroles.py ---
@@ -0,0 +1,474 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from marvin.cloudstackAPI import *
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.cloudstackException import CloudstackAPIException
+from marvin.lib.base import Account, Role, RolePermission
+from marvin.lib.utils import cleanup_resources
+from nose.plugins.attrib import attr
+
+import random
+import re
+
+
+class TestData(object):
+"""Test data object that is required to create resources
+"""
+def __init__(self):
+self.testdata = {
+"account": {
+"email": "mtu@test.cloud",
+"firstname": "Marvin",
+"lastname": "TestUser",
+"username": "roletest",
+"password": "password",
+},
+"role": {
+"name": "MarvinFake Role ",
+"type": "User",
+"description": "Fake Role created by Marvin test"
+},
+"roleadmin": {
+"name": "MarvinFake Admin Role ",
+"type": "Admin",
+"description": "Fake Admin Role created by Marvin test"
+},
+"roledomainadmin": {
+"name": "MarvinFake DomainAdmin Role ",
+"type": "DomainAdmin",
+"description": "Fake Domain-Admin Role created by Marvin 
test"
+},
+"rolepermission": {
+"roleid": 1,
+"rule": "listVirtualMachines",
+"permission": "allow",
+"description": "Fake role permission created by Marvin 
test"
+},
+"apiConfig": {
+"listApis": "allow",
+"listAccounts": "allow",
+"listClusters": "deny",
+"*VM*": "allow",
+"*Host*": "deny"
+}
+}
+
+
+class TestDynamicRoles(cloudstackTestCase):
+"""Tests dynamic role and role permission management in CloudStack
+"""
+
+def setUp(self):
+self.apiclient = self.testClient.getApiClient()
+self.dbclient = self.testClient.getDbConnection()
+self.testdata = TestData().testdata
+
+feature_enabled = 
self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
+if not feature_enabled:
+self.skipTest("Dynamic Role-Based API checker not enabled, 
skipping test")
+
+self.testdata["role"]["name"] += self.getRandomString()
+self.role = Role.create(
+self.apiclient,
+self.testdata["role"]
+)
+
+self.testdata["rolepermission"]["roleid"] = self.role.id
+self.rolepermission = RolePermission.create(
+self.apiclient,
+self.testdata["rolepermission"]
+)
+
+self.account = Account.create(
+self.apiclient,
+self.testdata["account"],
+roleid=self.role.id
+)
+self.cleanup = [
+self.account,
+self.rolepermission,
+self.role
+]
+
+
+def tearDown(self):
+try:
+   cleanup_resources(self.apiclient, self.cleanup)
+except Exception as e:
+self.debug("Warning! Exception in tearDown: %s" % e)
+
+
+def translateRoleToAccountType(self, role_type):
+if role_type == "User":
+return 0
+elif role_type == "Admin":
+return 1
+elif role_type == "DomainAdmin":
+return

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60743961
  
--- Diff: server/src/org/apache/cloudstack/acl/RoleManagerImpl.java ---
@@ -0,0 +1,273 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.acl;
+
+import com.cloud.event.ActionEvent;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.PermissionDeniedException;
+import com.cloud.user.Account;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.component.ManagerBase;
+import com.cloud.utils.component.PluggableService;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.db.TransactionCallback;
+import com.cloud.utils.db.TransactionStatus;
+import com.google.common.base.Strings;
+import org.apache.cloudstack.acl.dao.RoleDao;
+import org.apache.cloudstack.acl.dao.RolePermissionsDao;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.admin.acl.CreateRoleCmd;
+import org.apache.cloudstack.api.command.admin.acl.CreateRolePermissionCmd;
+import org.apache.cloudstack.api.command.admin.acl.DeleteRoleCmd;
+import org.apache.cloudstack.api.command.admin.acl.DeleteRolePermissionCmd;
+import org.apache.cloudstack.api.command.admin.acl.ListRolePermissionsCmd;
+import org.apache.cloudstack.api.command.admin.acl.ListRolesCmd;
+import org.apache.cloudstack.api.command.admin.acl.UpdateRoleCmd;
+import org.apache.cloudstack.api.command.admin.acl.UpdateRolePermissionCmd;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.framework.config.Configurable;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import java.io.File;
+import java.util.ArrayList;
+import java.util.List;
+
+@Local(value = {RoleService.class})
+public class RoleManagerImpl extends ManagerBase implements RoleService, 
Configurable, PluggableService {
+@Inject
+private AccountDao accountDao;
+@Inject
+private RoleDao roleDao;
+@Inject
+private RolePermissionsDao rolePermissionsDao;
+
+private void checkCallerAccess() {
+if (!isEnabled()) {
+throw new PermissionDeniedException("Dynamic api checker is 
not enabled, aborting role operation");
+}
+Account caller = CallContext.current().getCallingAccount();
+if (caller == null || caller.getRoleId() == null) {
+throw new PermissionDeniedException("Restricted API called by 
an invalid user account");
+}
+Role callerRole = findRole(caller.getRoleId());
+if (callerRole == null || callerRole.getRoleType() != 
RoleType.Admin) {
+throw new PermissionDeniedException("Restricted API called by 
an user account of non-Admin role type");
+}
+}
+
+@Override
+public boolean isEnabled() {
+File apiCmdFile = 
PropertiesUtil.findConfigFile(PropertiesUtil.getDefaultApiCommandsFileName());
+return RoleService.EnableDynamicApiChecker.value() && (apiCmdFile 
== null || !apiCmdFile.exists());
+}
+
+@Override
+public Role findRole(final Long id) {
+if (id == null || id < 1L) {
+return null;
+}
+return roleDao.findById(id);
+}
+
+@Override
+public RolePermission findRolePermission(final Long id) {
+if (id == null) {
+return null;
+}
+return rolePermissionsDao.findById(id);
+}
+
+@Override
+@ActionEvent(eventType = EventTypes.EVENT_ROLE_CREATE, 
eventDescription = "creating Role")
+public Role createRole(final String name, final RoleType roleType, 
final String description) {
+

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60743595
  
--- Diff: server/src/org/apache/cloudstack/acl/RoleManagerImpl.java ---
@@ -0,0 +1,273 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.acl;
+
+import com.cloud.event.ActionEvent;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.PermissionDeniedException;
+import com.cloud.user.Account;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.component.ManagerBase;
+import com.cloud.utils.component.PluggableService;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.db.TransactionCallback;
+import com.cloud.utils.db.TransactionStatus;
+import com.google.common.base.Strings;
+import org.apache.cloudstack.acl.dao.RoleDao;
+import org.apache.cloudstack.acl.dao.RolePermissionsDao;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.admin.acl.CreateRoleCmd;
+import org.apache.cloudstack.api.command.admin.acl.CreateRolePermissionCmd;
+import org.apache.cloudstack.api.command.admin.acl.DeleteRoleCmd;
+import org.apache.cloudstack.api.command.admin.acl.DeleteRolePermissionCmd;
+import org.apache.cloudstack.api.command.admin.acl.ListRolePermissionsCmd;
+import org.apache.cloudstack.api.command.admin.acl.ListRolesCmd;
+import org.apache.cloudstack.api.command.admin.acl.UpdateRoleCmd;
+import org.apache.cloudstack.api.command.admin.acl.UpdateRolePermissionCmd;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.framework.config.Configurable;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import java.io.File;
+import java.util.ArrayList;
+import java.util.List;
+
+@Local(value = {RoleService.class})
+public class RoleManagerImpl extends ManagerBase implements RoleService, 
Configurable, PluggableService {
+@Inject
+private AccountDao accountDao;
+@Inject
+private RoleDao roleDao;
+@Inject
+private RolePermissionsDao rolePermissionsDao;
+
+private void checkCallerAccess() {
+if (!isEnabled()) {
+throw new PermissionDeniedException("Dynamic api checker is 
not enabled, aborting role operation");
+}
+Account caller = CallContext.current().getCallingAccount();
+if (caller == null || caller.getRoleId() == null) {
+throw new PermissionDeniedException("Restricted API called by 
an invalid user account");
+}
+Role callerRole = findRole(caller.getRoleId());
+if (callerRole == null || callerRole.getRoleType() != 
RoleType.Admin) {
+throw new PermissionDeniedException("Restricted API called by 
an user account of non-Admin role type");
+}
+}
+
+@Override
+public boolean isEnabled() {
+File apiCmdFile = 
PropertiesUtil.findConfigFile(PropertiesUtil.getDefaultApiCommandsFileName());
+return RoleService.EnableDynamicApiChecker.value() && (apiCmdFile 
== null || !apiCmdFile.exists());
+}
+
+@Override
+public Role findRole(final Long id) {
+if (id == null || id < 1L) {
+return null;
+}
+return roleDao.findById(id);
+}
+
+@Override
+public RolePermission findRolePermission(final Long id) {
+if (id == null) {
+return null;
+}
+return rolePermissionsDao.findById(id);
+}
+
+@Override
+@ActionEvent(eventType = EventTypes.EVENT_ROLE_CREATE, 
eventDescription = "creating Role")
+public Role createRole(final String name, final RoleType roleType, 
final String description) {
+

[GitHub] cloudstack pull request: CLOUDSTACK-6975: Prevent dnsmasq from sta...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1509#issuecomment-213442284
  
Lets close this PR and open it based off the 4.7 branch.  @ustcweizhou's 
LGTM vote will still count on the new PR.  Lets just reference this PR in the 
new PR so we remember to count his vote.  :)

Basically how this works is as follows:
- The current release is 4.8.  
- We support fixes in one release prior the the current release, and those 
fixes are put against the main branch, so in this case 4.7.  I am not sure of 
the release cycle on this branch, but at some point a newer minor release may 
be cut from this branch (something like 4.7.2 for example).
- Whenever a fix is made in a previous release, the fix is then forward 
merged into the later releases.  This is so the commit hash is consistent 
between all branches making it easier to understand if a specific fix is in a 
specific branch.  So if a commit is added to the 4.7 branch, it will be forward 
merged to the 4.8 branch, and then forward merged again to master.
- We treat master as the next release and add new features there and make 
sure everything is stable for the next release (in this case 4.9).

Does that all make sense?  Don't be shy if you have questions.  I will do 
my best to support you.  :)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs when rewriti...

2016-04-22 Thread insom 
Github user insom closed the pull request at:

https://github.com/apache/cloudstack/pull/1508


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs when rewriti...

2016-04-22 Thread insom 
Github user insom commented on the pull request:

https://github.com/apache/cloudstack/pull/1508#issuecomment-213441018
  
#1512 is the new version of this.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs when rewriti...

2016-04-22 Thread insom 
GitHub user insom opened a pull request:

https://github.com/apache/cloudstack/pull/1512

CLOUDSTACK-9362: Skip VXLANs when rewriting the bridge name for migrations 
(4.8)

From the [JIRA 
issue](https://issues.apache.org/jira/browse/CLOUDSTACK-9362):

> 
https://github.com/apache/cloudstack/commit/bb8f7c652e42caacff5adce1ce60342603677605
> 
> The above commit introduces rewriting of bridge device names when 
migrating a virtual machine from one host to another. However, it also matches 
bridges called "brvx-1234" and rewrites them to (in my case) "brem1-1234" - 
this doesn't match the bridge name on the destination and causes the migration 
to fail with the error:
> 
> error : virNetDevGetMTU:397 : Cannot get interface MTU on 'brem1-1234': 
No such device
> 
> I have flagged this as major because it's not possible to migrate VMs 
using VXLANs for maintenance, which seems important (it's certainly important 
to me!).

This is a version of #1508 based against 4.8

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/insom/cloudstack CLOUDSTACK-9362-2

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1512.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1512


commit d2eb0a537a1f279a83f4af4f8f1bbae9d5aefba8
Author: Aaron Brady 
Date:   2016-04-21T14:19:56Z

Skip VXLANs when rewriting the bridge name for migrations




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: Fix Sync of template.properties in Swift

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1331#discussion_r60742612
  
--- Diff: 
services/secondary-storage/server/test/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResourceTest.java
 ---
@@ -18,91 +18,68 @@
  */
 package org.apache.cloudstack.storage.resource;
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.net.URI;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.naming.ConfigurationException;
-
-import junit.framework.Assert;
-import junit.framework.TestCase;
-
+import org.apache.cloudstack.storage.command.DeleteCommand;
+import org.apache.cloudstack.storage.to.TemplateObjectTO;
 import org.apache.log4j.Level;
 import org.apache.log4j.Logger;
+import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mockito;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
 
-import com.cloud.utils.PropertiesUtil;
-import com.cloud.utils.exception.CloudRuntimeException;
+import java.io.BufferedWriter;
+import java.io.FileWriter;
+import java.io.StringWriter;
 
-public class NfsSecondaryStorageResourceTest extends TestCase {
-private static Map testParams;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.spy;
 
-private static final Logger s_logger = 
Logger.getLogger(NfsSecondaryStorageResourceTest.class.getName());
+@RunWith(PowerMockRunner.class)
+public class NfsSecondaryStorageResourceTest {
 
-NfsSecondaryStorageResource resource;
+private NfsSecondaryStorageResource resource;
 
 @Before
-@Override
-public void setUp() throws ConfigurationException {
-s_logger.setLevel(Level.ALL);
+public void setUp() {
 resource = new NfsSecondaryStorageResource();
-resource.setInSystemVM(true);
-testParams = PropertiesUtil.toMap(loadProperties());
-resource.configureStorageLayerClass(testParams);
-Object testLocalRoot = testParams.get("testLocalRoot");
-if (testLocalRoot != null) {
-resource.setParentPath((String)testLocalRoot);
-}
 }
 
 @Test
-public void testMount() throws Exception {
-String sampleUriStr = 
"cifs://192.168.1.128/CSHV3?user=administrator=1pass%40word1=bar";
-URI sampleUri = new URI(sampleUriStr);
-
-s_logger.info("Check HostIp parsing");
-String hostIpStr = resource.getUriHostIp(sampleUri);
-Assert.assertEquals("Expected host IP " + sampleUri.getHost() + " 
and actual host IP " + hostIpStr + " differ.", sampleUri.getHost(), hostIpStr);
-
-s_logger.info("Check option parsing");
-String expected = 
"user=administrator,password=1pass@word1,foo=bar,";
-String actualOpts = resource.parseCifsMountOptions(sampleUri);
-Assert.assertEquals("Options should be " + expected + " and not " 
+ actualOpts, expected, actualOpts);
-
-// attempt a configured mount
-final Map params = 
PropertiesUtil.toMap(loadProperties());
-String sampleMount = (String)params.get("testCifsMount");
-if (!sampleMount.isEmpty()) {
-s_logger.info("functional test, mount " + sampleMount);
-URI realMntUri = new URI(sampleMount);
-String mntSubDir = resource.mountUri(realMntUri);
-s_logger.info("functional test, umount " + mntSubDir);
-resource.umount(resource.getMountingRoot() + mntSubDir, 
realMntUri);
-} else {
-s_logger.info("no entry for testCifsMount in " + 
"./conf/agent.properties - skip functional test");
-}
-}
+@PrepareForTest(NfsSecondaryStorageResource.class)
+public void testSwiftWriteMetadataFile() throws Exception {
+String expected = 
"uniquename=test\nfilename=testfile\nsize=100\nvirtualsize=1000";
 
-public static Properties loadProperties() throws 
ConfigurationException {
-Properties properties = new Properties();
-final File file = 
PropertiesUtil.findConfigFile("agent.properties");
-if (file == null) {
-throw new ConfigurationException("Unable to find 
agent.properties.");
-}
-s_logger.info("agent.properties found at " + 
file.getAbsolutePath());
-

[GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs when rewriti...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1508#issuecomment-213439120
  
@insom, yes @kiwiflyer is correct.  You will need to base your change off 
the 4.8 branch and close this PR and open a new PR based off the 4.8 branch.  
Thanks for the effort.  :)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: Fix Sync of template.properties in Swift

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1331#discussion_r60742145
  
--- Diff: 
services/secondary-storage/server/test/org/apache/cloudstack/storage/resource/TestAppender.java
 ---
@@ -0,0 +1,173 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.apache.cloudstack.storage.resource;
+
+import com.google.common.base.Joiner;
+import com.google.common.base.Objects;
+import com.google.common.collect.ImmutableMap;
+import org.apache.log4j.AppenderSkeleton;
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.apache.log4j.spi.LoggingEvent;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.regex.Pattern;
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkState;
+import static com.google.common.base.Strings.isNullOrEmpty;
+import static java.lang.String.format;
+import static org.apache.log4j.Level.ALL;
+import static org.apache.log4j.Level.DEBUG;
+import static org.apache.log4j.Level.ERROR;
+import static org.apache.log4j.Level.FATAL;
+import static org.apache.log4j.Level.INFO;
+import static org.apache.log4j.Level.OFF;
+import static org.junit.Assert.fail;
+
+/**
+*
+* Tracks one or more patterns to determine whether or not they have been
+* logged. It uses a streaming approach to determine whether or not a 
message
+* has a occurred to prevent unnecessary memory consumption. Instances of 
this
+* of this class are created using the {@link TestAppenderBuilder}.
+*
+* To use this class, register a one or more expected patterns by level as 
part
+* of the test setup and retain an reference to the appender instance. 
After the
+* expected logging events have occurred in the test case, call
+* {@link TestAppender#assertMessagesLogged()} which will fail the test if 
any of the
+* expected patterns were not logged.
+*
+*/
+public final class TestAppender extends AppenderSkeleton {
+private final static String APPENDER_NAME = "test_appender";
+private final ImmutableMap 
expectedPatternResults;
+private TestAppender(final Map 
expectedPatterns) {
+super();
+expectedPatternResults = ImmutableMap.copyOf(expectedPatterns);
+}
+protected void append(LoggingEvent loggingEvent) {
+checkArgument(loggingEvent != null, "append requires a non-null 
loggingEvent");
+final Level level = loggingEvent.getLevel();
+checkState(expectedPatternResults.containsKey(level), "level " + 
level + " not supported by append");
+for (final PatternResult patternResult : 
expectedPatternResults.get(level)) {
+if 
(patternResult.getPattern().matcher(loggingEvent.getRenderedMessage()).matches())
 {
+patternResult.markFound();
+}
+}
+}
+public void close() {
+// Do nothing ...
+}
+public boolean requiresLayout() {
+return false;
+}
+public void assertMessagesLogged() {
+final List unloggedPatterns = new ArrayList<>();
+for (final Map.Entry 
expectedPatternResult : expectedPatternResults.entrySet()) {
+for (final PatternResult patternResults : 
expectedPatternResult.getValue()) {
+if (!patternResults.isFound()) {
+unloggedPatterns.add(format("%1$s was not logged for 
level %2$s",
+patternResults.getPattern().toString(), 
expectedPatternResult.getKey()));
+}
+}
+}
+if (!unloggedPatterns.isEmpty()) {
+fail(Joiner.on(",").join(unloggedPatterns));
+}
+}
+private static final class

[GitHub] cloudstack pull request: maven: Upgrade dependency versions

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1397#issuecomment-213438660
  
Thanks for all the effort @bhaisaab.  :)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-6975: Prevent dnsmasq from sta...

2016-04-22 Thread dsclose 
Github user dsclose commented on the pull request:

https://github.com/apache/cloudstack/pull/1509#issuecomment-213437832
  
@swill I raised the PR against `apache:4.7.1-RC20160120T2318` because it 
seemed sensible to include it in the latest 4.7 branch. I'd assumed it could be 
forward merged but as this is only my second PR for Cloudstack I don't think I 
should be making any recommendations.

It's not clear to me how to determine which branch I should raise PRs 
against - but that's probably a question for the mailing list rather than here. 
Let me know if you want it based off something else and I'll sort that out.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: Fix Sync of template.properties in Swift

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1331#discussion_r60740846
  
--- Diff: 
services/secondary-storage/server/test/org/apache/cloudstack/storage/resource/TestAppender.java
 ---
@@ -0,0 +1,173 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.apache.cloudstack.storage.resource;
--- End diff --

Since there is nothing about that is specific to secondary storage, Why not 
place this class in a more general package such as ``com.cloud.test.utils``?  


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs when rewriti...

2016-04-22 Thread kiwiflyer 
Github user kiwiflyer commented on the pull request:

https://github.com/apache/cloudstack/pull/1508#issuecomment-213434581
  
@insom Yes, rebase it against the 4.8 branch and yes you'll need to issue a 
new PR and close this one.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs when rewriti...

2016-04-22 Thread insom 
Github user insom commented on the pull request:

https://github.com/apache/cloudstack/pull/1508#issuecomment-213431813
  
@swill Thanks! Should I rebase this against the latest 4.8 branch then? I 
don't think I can change where a PR is based against, so I think I'd need to 
open a new PR - is that right call?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs when rewriti...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1508#issuecomment-213431039
  
@kiwiflyer if you wouldn't mind posting the results of your tests that 
would be appreciated.  :)

@insom if this was actually introduced in 4.8, I agree that we should open 
this against 4.8 and then I will forward merge into master.  Thank you for the 
effort.  Cheers...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60738990
  
--- Diff: server/src/com/cloud/api/dispatch/ParamProcessWorker.java ---
@@ -92,6 +94,55 @@ public void handle(final DispatchTask task) {
 processParameters(task.getCmd(), task.getParams());
 }
 
+private void validateNonEmptyString(final Object param, final String 
argName) {
+if (param == null || Strings.isNullOrEmpty(param.toString())) {
+throw new ServerApiException(ApiErrorCode.PARAM_ERROR, 
String.format("Empty or null value provided for API arg: %s", argName));
+}
+}
+
+private void validateNaturalNumber(final Object param, final String 
argName) {
+Long value = null;
+if (param != null && param instanceof Long) {
+value = (Long) param;
+} else if (param != null) {
+value = Long.valueOf(param.toString());
+}
+if (value == null || value < 1L) {
+throw new ServerApiException(ApiErrorCode.PARAM_ERROR, 
String.format("Invalid value provided for API arg: %s", argName));
+}
+}
+
+private void validateField(final Object paramObj, final Parameter 
annotation) throws ServerApiException {
+if (annotation == null) {
+return;
+}
+final String argName = annotation.name();
+for (final ApiArgValidator validator : annotation.validations()) {
+if (validator == null) {
+continue;
+}
+switch (validator) {
+case NotNullOrEmpty:
+switch (annotation.type()) {
+case UUID:
+case STRING:
+validateNonEmptyString(paramObj, argName);
+break;
+}
+break;
+case PositiveNumber:
+switch (annotation.type()) {
+case SHORT:
+case INTEGER:
+case LONG:
+validateNaturalNumber(paramObj, argName);
+break;
+}
--- End diff --

Why not place these validation methods on the ``ApiArgValidator`` 
instances?  Not only would it simplify this code (i.e. reducing the switch to a 
single line), but it would also make it easier to add new validators without 
changing this class.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8855 Improve Error Message for...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/837#issuecomment-213430064
  
@bvbharatk no problem.  :)  Thanks for the continued effort testing.  I 
just wanted to make sure we understood what was going on.  


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60738644
  
--- Diff: scripts/util/migrate-dynamicroles.py ---
@@ -0,0 +1,134 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+import os
+import sys
+import uuid
+
+from contextlib import closing
+from optparse import OptionParser
+
+try:
+import MySQLdb
+except ImportError:
+print("MySQLdb cannot be imported, please install python-mysqldb(apt) 
or mysql-python(yum)")
+sys.exit(1)
+
+dryrun = False
+
+
+def runSql(conn, query):
+if dryrun:
+print("Running SQL query: " + query)
+return
+with closing(conn.cursor()) as cursor:
+cursor.execute(query)
+
+
+def migrateApiRolePermissions(apis, conn):
+# All allow for root admin role Admin(id:1)
+runSql(conn, "INSERT INTO `cloud`.`role_permissions` (`uuid`, 
`role_id`, `rule`, `permission`) values (UUID(), 1, '*', 'Allow');")
+# Migrate rules based on commands.properties rule for 
ResourceAdmin(id:2), DomainAdmin(id:3), User(id:4)
+octetKey = {2:2, 3:4, 4:8}
+for role in [2, 3, 4]:
+for api in sorted(apis.keys()):
+# Ignore auth commands
+if api in ['login', 'logout', 'samlSso', 'samlSlo', 
'listIdps', 'listAndSwitchSamlAccount', 'getSPMetadata']:
+continue
+if (octetKey[role] & int(apis[api])) > 0:
+runSql(conn, "INSERT INTO `cloud`.`role_permissions` 
(`uuid`, `role_id`, `rule`, `permission`) values (UUID(), %d, '%s', 'Allow');" 
% (role, api))
+
+
+def main():
+parser = OptionParser()
+parser.add_option("-b", "--db", action="store", type="string", 
dest="db", default="cloud",
+help="The name of the database, default: cloud")
+parser.add_option("-u", "--user", action="store", type="string", 
dest="user", default="cloud",
+help="User name a MySQL user with privileges on 
cloud database")
+parser.add_option("-p", "--password", action="store", type="string", 
dest="password", default="cloud",
+help="Password of a MySQL user with privileges on 
cloud database")
+parser.add_option("-H", "--host", action="store", type="string", 
dest="host", default="127.0.0.1",
+help="Host or IP of the MySQL server")
+parser.add_option("-P", "--port", action="store", type="int", 
dest="port", default=3306,
+help="Host or IP of the MySQL server")
+parser.add_option("-f", "--properties-file", action="store", 
type="string", dest="commandsfile", 
default="/etc/cloudstack/management/commands.properties",
+help="The commands.properties file")
+parser.add_option("-d", "--dryrun", action="store_true", 
dest="dryrun", default=False,
+help="Dry run and debug operations this tool will 
perform")
+(options, args) = parser.parse_args()
+
+print("Apache CloudStack Role Permission Migration Tool")
+print("(c) Apache CloudStack Authors and the ASF, under the Apache 
License, Version 2.0\n")
+
+global dryrun
+if options.dryrun:
+dryrun = True
+
+conn = MySQLdb.connect(
+host=options.host,
+user=options.user,
+passwd=options.password,
+port=int(options.port),
+db=options.db)
+
+if not os.path.isfile(options.commandsfile):
+print("Provided commands.properties cannot be accessed or does not 
exist, please check check permissions")
+sys.exit(1)
+
+while True:
+choice = raw_input("Running this migration tool will remove any " +
+   "default-role rules in cloud.role_permissions. 
" +
+   "Do you want to

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60738403
  
--- Diff: scripts/util/migrate-dynamicroles.py ---
@@ -0,0 +1,134 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+import os
+import sys
+import uuid
+
+from contextlib import closing
+from optparse import OptionParser
+
+try:
+import MySQLdb
+except ImportError:
+print("MySQLdb cannot be imported, please install python-mysqldb(apt) 
or mysql-python(yum)")
+sys.exit(1)
+
+dryrun = False
+
+
+def runSql(conn, query):
+if dryrun:
+print("Running SQL query: " + query)
+return
+with closing(conn.cursor()) as cursor:
+cursor.execute(query)
+
+
+def migrateApiRolePermissions(apis, conn):
+# All allow for root admin role Admin(id:1)
+runSql(conn, "INSERT INTO `cloud`.`role_permissions` (`uuid`, 
`role_id`, `rule`, `permission`) values (UUID(), 1, '*', 'Allow');")
+# Migrate rules based on commands.properties rule for 
ResourceAdmin(id:2), DomainAdmin(id:3), User(id:4)
+octetKey = {2:2, 3:4, 4:8}
+for role in [2, 3, 4]:
+for api in sorted(apis.keys()):
+# Ignore auth commands
+if api in ['login', 'logout', 'samlSso', 'samlSlo', 
'listIdps', 'listAndSwitchSamlAccount', 'getSPMetadata']:
+continue
+if (octetKey[role] & int(apis[api])) > 0:
+runSql(conn, "INSERT INTO `cloud`.`role_permissions` 
(`uuid`, `role_id`, `rule`, `permission`) values (UUID(), %d, '%s', 'Allow');" 
% (role, api))
+
+
+def main():
+parser = OptionParser()
+parser.add_option("-b", "--db", action="store", type="string", 
dest="db", default="cloud",
+help="The name of the database, default: cloud")
+parser.add_option("-u", "--user", action="store", type="string", 
dest="user", default="cloud",
+help="User name a MySQL user with privileges on 
cloud database")
+parser.add_option("-p", "--password", action="store", type="string", 
dest="password", default="cloud",
+help="Password of a MySQL user with privileges on 
cloud database")
+parser.add_option("-H", "--host", action="store", type="string", 
dest="host", default="127.0.0.1",
+help="Host or IP of the MySQL server")
+parser.add_option("-P", "--port", action="store", type="int", 
dest="port", default=3306,
+help="Host or IP of the MySQL server")
+parser.add_option("-f", "--properties-file", action="store", 
type="string", dest="commandsfile", 
default="/etc/cloudstack/management/commands.properties",
+help="The commands.properties file")
+parser.add_option("-d", "--dryrun", action="store_true", 
dest="dryrun", default=False,
+help="Dry run and debug operations this tool will 
perform")
+(options, args) = parser.parse_args()
+
+print("Apache CloudStack Role Permission Migration Tool")
+print("(c) Apache CloudStack Authors and the ASF, under the Apache 
License, Version 2.0\n")
+
+global dryrun
+if options.dryrun:
+dryrun = True
+
+conn = MySQLdb.connect(
+host=options.host,
+user=options.user,
+passwd=options.password,
+port=int(options.port),
+db=options.db)
+
+if not os.path.isfile(options.commandsfile):
+print("Provided commands.properties cannot be accessed or does not 
exist, please check check permissions")
+sys.exit(1)
+
+while True:
+choice = raw_input("Running this migration tool will remove any " +
+   "default-role rules in cloud.role_permissions. 
" +
+   "Do you want to

[GitHub] cloudstack pull request: CLOUDSTACK-9362: Skip VXLANs when rewriti...

2016-04-22 Thread kiwiflyer 
Github user kiwiflyer commented on the pull request:

https://github.com/apache/cloudstack/pull/1508#issuecomment-213428079
  
@insom Thanks for the PR. We'll pull this in for testing as we use vxlan.

As it looks like this bug was introduced in 4.8, I'd suggest you may want 
to issue your PR against the 4.8 branch. It can then be forward committed into 
master as well.

//cc @dmabry  @swill 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60737450
  
--- Diff: 
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapImportUsersCmd.java
 ---
@@ -131,7 +135,9 @@ private void createCloudstackUserAccount(LdapUser user, 
String accountName, Doma
 @Override
 public void execute() throws ResourceUnavailableException, 
InsufficientCapacityException, ServerApiException, ConcurrentOperationException,
 ResourceAllocationException, NetworkRuleConflictException {
-
+if (getAccountType() == null && getRoleId() == null) {
+throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Both 
account type and role ID are not provided");
--- End diff --

Why not mark these two parameters as required and let the framework perform 
the validation?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60737225
  
--- Diff: 
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
 ---
@@ -119,6 +131,9 @@ private Long getDomainId() {
 
 @Override
 public void execute() throws ServerApiException {
+if (getAccountType() == null && getRoleId() == null) {
+throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Both 
account type and role ID are not provided");
--- End diff --

Why not mark these two parameters as required and let the framework perform 
the validation?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9289:Automation for feature de...

2016-04-22 Thread nitt10prashant 
Github user nitt10prashant commented on the pull request:

https://github.com/apache/cloudstack/pull/1417#issuecomment-213424673
  
@swill  thanks for comment , i just did a force push 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8855 Improve Error Message for...

2016-04-22 Thread bvbharatk 
Github user bvbharatk commented on the pull request:

https://github.com/apache/cloudstack/pull/837#issuecomment-213424108
  
@swill 

This is because of a problem with the CI environment. i will fix this and 
post the results again. Will remove these results for now. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread kiwiflyer 
Github user kiwiflyer commented on the pull request:

https://github.com/apache/cloudstack/pull/1502#issuecomment-213423589
  
Really exciting PR @bhaisaab!

We'll pull this in for testing as well.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8855 Improve Error Message for...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/837#issuecomment-213422548
  
I am a bit concerned about this CI run.  There is a LOT failing which does 
not usually fail.  We will need to review the CI results and try to 
understand/fix the problems...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1502#issuecomment-213421943
  
Thanks guys.  I will try to get this one queued up for CI.  


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9164: Prevent firefox's quick ...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1271#issuecomment-213421066
  
Ok, perfect.  Thanks @footplus for confirming.  :)

@anshul1886, I just need this PR to be force pushed to kick off jenkins 
again to get everything green so we can merge.  Thanks...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-6975: Prevent dnsmasq from sta...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1509#issuecomment-213419572
  
@dsclose this PR is currently opened against 
`apache:4.7.1-RC20160120T2318`.  Should this be merged into 4.7 and then we 
will forward merge it to 4.8 and master?

Need one more LGTM code review and I would like to verify this PR via CI.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: L10n update master 20160127

2016-04-22 Thread swill 
Github user swill commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1376#discussion_r60733737
  
--- Diff: tools/transifex/.tx/config ---
@@ -89,3 +89,41 @@ trans.pt_BR = work-dir/messages_pt_BR.properties
 trans.ru_RU = work-dir/messages_ru_RU.properties
 trans.zh_CN = work-dir/messages_zh_CN.properties
 
+[CloudStack_UI.48xmessagesproperties]
--- End diff --

If it will be added in #1375, I think we should be removing it from this 
PR?  Once we get #1375 in, you will have to rebase and fix conflicts.  When the 
changes are added to 4.8, they will then be forward merged into master (4.9), 
so we will want to get #1375 in first and then rebase this PR against master 
after that PR has been merged into master.  Thanks...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: L10n update 4.8 20160127

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1375#issuecomment-213415473
  
@milamberspace can you close and reopen this against the 4.8 branch.  It is 
currently opened against master.  Thanks...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60732671
  
--- Diff: engine/schema/src/com/cloud/upgrade/dao/Upgrade481to490.java ---
@@ -53,6 +62,139 @@ public boolean supportsRollingUpgrade() {
 
 @Override
 public void performDataMigration(Connection conn) {
+setupRolesAndPermissionsForDynamicRBAC(conn);
+}
+
+private void createDefaultRole(final Connection conn, final Long id, 
final String name, final RoleType roleType) {
+final String insertSql = String.format("INSERT INTO 
`cloud`.`roles` (`id`, `uuid`, `name`, `role_type`, `description`) values (%d, 
UUID(), '%s', '%s', 'Default %s role');",
+id, name, roleType.name(), roleType.name().toLowerCase());
+try ( PreparedStatement updatePstmt = 
conn.prepareStatement(insertSql) ) {
+updatePstmt.executeUpdate();
+} catch (SQLException e) {
+throw new CloudRuntimeException("Unable to create default role 
with id: " + id + " name: " + name, e);
+}
+}
+
+private void createRoleMapping(final Connection conn, final Long 
roleId, final String apiName) {
+final String insertSql = String.format("INSERT INTO 
`cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values 
(UUID(), %d, '%s', 'ALLOW') ON DUPLICATE KEY UPDATE rule=rule;",
+roleId, apiName);
+try ( PreparedStatement updatePstmt = 
conn.prepareStatement(insertSql)) {
+updatePstmt.executeUpdate();
+} catch (SQLException ignored) {
+s_logger.debug("Unable to insert mapping for role id:" + 
roleId + " apiName: " + apiName);
+}
+}
+
+private void addRoleColumnAndMigrateAccountTable(final Connection 
conn, final RoleType[] roleTypes) {
+final String alterTableSql = "ALTER TABLE `cloud`.`account` ADD 
COLUMN `role_id` bigint(20) unsigned COMMENT 'role id for this account' AFTER 
`type`, " +
+"ADD KEY `fk_account__role_id` (`role_id`), " +
+"ADD CONSTRAINT `fk_account__role_id` FOREIGN KEY 
(`role_id`) REFERENCES `roles` (`id`);";
+try (PreparedStatement pstmt = 
conn.prepareStatement(alterTableSql)) {
+pstmt.executeUpdate();
+s_logger.info("Altered cloud.account table and added column 
role_id");
+} catch (SQLException e) {
+if (e.getMessage().contains("role_id")) {
+s_logger.warn("cloud.account table already has the role_id 
column, skipping altering table and migration of accounts");
+return;
+} else {
+throw new CloudRuntimeException("Unable to create column 
quota_calculated in table cloud_usage.cloud_usage", e);
+}
+}
+migrateAccountsToDefaultRoles(conn, roleTypes);
+}
+
+private void migrateAccountsToDefaultRoles(final Connection conn, 
final RoleType[] roleTypes) {
+try (PreparedStatement selectStatement = 
conn.prepareStatement("SELECT `id`, `type` FROM `cloud`.`account`;");
+ ResultSet selectResultSet = selectStatement.executeQuery()) {
+while (selectResultSet.next()) {
+Long accountId = selectResultSet.getLong(1);
+Short accountType = selectResultSet.getShort(2);
+Long roleId = null;
+for (RoleType roleType : roleTypes) {
+if (roleType.getAccountType() == accountType) {
+roleId = roleType.getId();
+break;
+}
+}
+if (roleId == null) {
+continue;
+}
+try (PreparedStatement updateStatement = 
conn.prepareStatement("UPDATE `cloud`.`account` SET role_id = ? WHERE id = 
?;")) {
+updateStatement.setLong(1, roleId);
+updateStatement.setLong(2, accountId);
+updateStatement.executeUpdate();
+updateStatement.close();
+
+} catch (SQLException e) {
+s_logger.error("Failed to update cloud.account role_id 
for account id:" + accountId + " with exception: " + e.getMessage());
+throw new CloudRuntimeException("Exception while 
updating cloud.account role_id", e);
+}
+}
+} catch (SQLException e) {
+throw new CloudRuntimeException("Exception while migrating 
existing account table's role_id column to a role based on account type", e);
+}
+s_logger.debug("Done migrating existing accounts to use one of

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60732582
  
--- Diff: engine/schema/src/com/cloud/upgrade/dao/Upgrade481to490.java ---
@@ -53,6 +62,139 @@ public boolean supportsRollingUpgrade() {
 
 @Override
 public void performDataMigration(Connection conn) {
+setupRolesAndPermissionsForDynamicRBAC(conn);
+}
+
+private void createDefaultRole(final Connection conn, final Long id, 
final String name, final RoleType roleType) {
+final String insertSql = String.format("INSERT INTO 
`cloud`.`roles` (`id`, `uuid`, `name`, `role_type`, `description`) values (%d, 
UUID(), '%s', '%s', 'Default %s role');",
+id, name, roleType.name(), roleType.name().toLowerCase());
+try ( PreparedStatement updatePstmt = 
conn.prepareStatement(insertSql) ) {
+updatePstmt.executeUpdate();
+} catch (SQLException e) {
+throw new CloudRuntimeException("Unable to create default role 
with id: " + id + " name: " + name, e);
+}
+}
+
+private void createRoleMapping(final Connection conn, final Long 
roleId, final String apiName) {
+final String insertSql = String.format("INSERT INTO 
`cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values 
(UUID(), %d, '%s', 'ALLOW') ON DUPLICATE KEY UPDATE rule=rule;",
+roleId, apiName);
+try ( PreparedStatement updatePstmt = 
conn.prepareStatement(insertSql)) {
+updatePstmt.executeUpdate();
+} catch (SQLException ignored) {
+s_logger.debug("Unable to insert mapping for role id:" + 
roleId + " apiName: " + apiName);
+}
+}
+
+private void addRoleColumnAndMigrateAccountTable(final Connection 
conn, final RoleType[] roleTypes) {
+final String alterTableSql = "ALTER TABLE `cloud`.`account` ADD 
COLUMN `role_id` bigint(20) unsigned COMMENT 'role id for this account' AFTER 
`type`, " +
+"ADD KEY `fk_account__role_id` (`role_id`), " +
+"ADD CONSTRAINT `fk_account__role_id` FOREIGN KEY 
(`role_id`) REFERENCES `roles` (`id`);";
+try (PreparedStatement pstmt = 
conn.prepareStatement(alterTableSql)) {
+pstmt.executeUpdate();
+s_logger.info("Altered cloud.account table and added column 
role_id");
+} catch (SQLException e) {
+if (e.getMessage().contains("role_id")) {
+s_logger.warn("cloud.account table already has the role_id 
column, skipping altering table and migration of accounts");
+return;
+} else {
+throw new CloudRuntimeException("Unable to create column 
quota_calculated in table cloud_usage.cloud_usage", e);
+}
+}
+migrateAccountsToDefaultRoles(conn, roleTypes);
+}
+
+private void migrateAccountsToDefaultRoles(final Connection conn, 
final RoleType[] roleTypes) {
+try (PreparedStatement selectStatement = 
conn.prepareStatement("SELECT `id`, `type` FROM `cloud`.`account`;");
+ ResultSet selectResultSet = selectStatement.executeQuery()) {
+while (selectResultSet.next()) {
+Long accountId = selectResultSet.getLong(1);
+Short accountType = selectResultSet.getShort(2);
+Long roleId = null;
+for (RoleType roleType : roleTypes) {
+if (roleType.getAccountType() == accountType) {
+roleId = roleType.getId();
+break;
+}
+}
+if (roleId == null) {
+continue;
+}
+try (PreparedStatement updateStatement = 
conn.prepareStatement("UPDATE `cloud`.`account` SET role_id = ? WHERE id = 
?;")) {
+updateStatement.setLong(1, roleId);
+updateStatement.setLong(2, accountId);
+updateStatement.executeUpdate();
+updateStatement.close();
+
+} catch (SQLException e) {
+s_logger.error("Failed to update cloud.account role_id 
for account id:" + accountId + " with exception: " + e.getMessage());
+throw new CloudRuntimeException("Exception while 
updating cloud.account role_id", e);
+}
+}
--- End diff --

so the upgrade process can leave the database in an inconsistent state?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60732532
  
--- Diff: engine/schema/src/com/cloud/upgrade/dao/Upgrade481to490.java ---
@@ -53,6 +62,138 @@ public boolean supportsRollingUpgrade() {
 
 @Override
 public void performDataMigration(Connection conn) {
+setupRolesAndPermissionsForDynamicRBAC(conn);
+}
+
+private void createDefaultRole(final Connection conn, final Long id, 
final String name, final RoleType roleType) {
+final String insertSql = String.format("INSERT INTO 
`cloud`.`roles` (`id`, `uuid`, `name`, `role_type`, `description`) values (%d, 
UUID(), '%s', '%s', 'Default %s role');",
+id, name, roleType.name(), roleType.name().toLowerCase());
+try ( PreparedStatement updatePstmt = 
conn.prepareStatement(insertSql) ) {
+updatePstmt.executeUpdate();
+} catch (SQLException e) {
+throw new CloudRuntimeException("Unable to create default role 
with id: " + id + " name: " + name, e);
+}
+}
+
+private void createRoleMapping(final Connection conn, final Long 
roleId, final String apiName) {
+final String insertSql = String.format("INSERT INTO 
`cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values 
(UUID(), %d, '%s', 'ALLOW') ON DUPLICATE KEY UPDATE rule=rule;",
+roleId, apiName);
+try ( PreparedStatement updatePstmt = 
conn.prepareStatement(insertSql)) {
+updatePstmt.executeUpdate();
+} catch (SQLException ignored) {
+s_logger.warn("Unable to insert mapping for role id:" + roleId 
+ " apiName: " + apiName);
+}
+}
+
+private void addRoleColumnAndMigrateAccountTable(final Connection 
conn, final RoleType[] roleTypes) {
+final String alterTableSql = "ALTER TABLE `cloud`.`account` ADD 
COLUMN `role_id` bigint(20) unsigned COMMENT 'role id for this account' AFTER 
`type`, " +
+"ADD KEY `fk_account__role_id` (`role_id`), " +
+"ADD CONSTRAINT `fk_account__role_id` FOREIGN KEY 
(`role_id`) REFERENCES `roles` (`id`);";
+try (PreparedStatement pstmt = 
conn.prepareStatement(alterTableSql)) {
+pstmt.executeUpdate();
+s_logger.info("Altered cloud.account table and added column 
role_id");
+} catch (SQLException e) {
+if (e.getMessage().contains("role_id")) {
+s_logger.warn("cloud.account table already has the role_id 
column, skipping altering table and migration of accounts");
+return;
+} else {
+throw new CloudRuntimeException("Unable to create column 
quota_calculated in table cloud_usage.cloud_usage", e);
+}
+}
+migrateAccountsToDefaultRoles(conn, roleTypes);
+}
+
+private void migrateAccountsToDefaultRoles(final Connection conn, 
final RoleType[] roleTypes) {
+try (PreparedStatement selectStatement = 
conn.prepareStatement("SELECT `id`, `type` FROM `cloud`.`account`;");
+ ResultSet selectResultSet = selectStatement.executeQuery()) {
+while (selectResultSet.next()) {
+Long accountId = selectResultSet.getLong(1);
+Short accountType = selectResultSet.getShort(2);
+Long roleId = null;
+for (RoleType roleType : roleTypes) {
+if (roleType.getAccountType() == accountType) {
+roleId = roleType.getId();
+break;
+}
+}
+if (roleId == null) {
+continue;
+}
+try (PreparedStatement updateStatement = 
conn.prepareStatement("UPDATE `cloud`.`account` SET role_id = ? WHERE id = 
?;")) {
+updateStatement.setLong(1, roleId);
+updateStatement.setLong(2, accountId);
+updateStatement.executeUpdate();
+updateStatement.close();
--- End diff --

``close`` is unnecessary since ``updateStatement`` is in the surrounding 
try with resources block.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8818: Use MySQL native connect...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1054#issuecomment-213413569
  
@wido I just want to verify that the standard CI run does not have any 
issues.  However, @bhaisaab does bring up some good points.  We should try to 
fix this everywhere if we can.  I will try to do some `grep`ing today to see if 
I can find everywhere this is used.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8562: Dynamic Role-Based API C...

2016-04-22 Thread jburwell 
Github user jburwell commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1489#discussion_r60732469
  
--- Diff: engine/schema/src/com/cloud/upgrade/dao/Upgrade481to490.java ---
@@ -53,6 +62,139 @@ public boolean supportsRollingUpgrade() {
 
 @Override
 public void performDataMigration(Connection conn) {
+setupRolesAndPermissionsForDynamicRBAC(conn);
+}
+
+private void createDefaultRole(final Connection conn, final Long id, 
final String name, final RoleType roleType) {
+final String insertSql = String.format("INSERT INTO 
`cloud`.`roles` (`id`, `uuid`, `name`, `role_type`, `description`) values (%d, 
UUID(), '%s', '%s', 'Default %s role');",
+id, name, roleType.name(), roleType.name().toLowerCase());
+try ( PreparedStatement updatePstmt = 
conn.prepareStatement(insertSql) ) {
+updatePstmt.executeUpdate();
+} catch (SQLException e) {
+throw new CloudRuntimeException("Unable to create default role 
with id: " + id + " name: " + name, e);
+}
+}
+
+private void createRoleMapping(final Connection conn, final Long 
roleId, final String apiName) {
+final String insertSql = String.format("INSERT INTO 
`cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values 
(UUID(), %d, '%s', 'ALLOW') ON DUPLICATE KEY UPDATE rule=rule;",
+roleId, apiName);
+try ( PreparedStatement updatePstmt = 
conn.prepareStatement(insertSql)) {
+updatePstmt.executeUpdate();
+} catch (SQLException ignored) {
+s_logger.debug("Unable to insert mapping for role id:" + 
roleId + " apiName: " + apiName);
+}
+}
+
+private void addRoleColumnAndMigrateAccountTable(final Connection 
conn, final RoleType[] roleTypes) {
+final String alterTableSql = "ALTER TABLE `cloud`.`account` ADD 
COLUMN `role_id` bigint(20) unsigned COMMENT 'role id for this account' AFTER 
`type`, " +
+"ADD KEY `fk_account__role_id` (`role_id`), " +
+"ADD CONSTRAINT `fk_account__role_id` FOREIGN KEY 
(`role_id`) REFERENCES `roles` (`id`);";
+try (PreparedStatement pstmt = 
conn.prepareStatement(alterTableSql)) {
+pstmt.executeUpdate();
+s_logger.info("Altered cloud.account table and added column 
role_id");
+} catch (SQLException e) {
+if (e.getMessage().contains("role_id")) {
+s_logger.warn("cloud.account table already has the role_id 
column, skipping altering table and migration of accounts");
+return;
+} else {
+throw new CloudRuntimeException("Unable to create column 
quota_calculated in table cloud_usage.cloud_usage", e);
+}
+}
+migrateAccountsToDefaultRoles(conn, roleTypes);
+}
+
+private void migrateAccountsToDefaultRoles(final Connection conn, 
final RoleType[] roleTypes) {
+try (PreparedStatement selectStatement = 
conn.prepareStatement("SELECT `id`, `type` FROM `cloud`.`account`;");
+ ResultSet selectResultSet = selectStatement.executeQuery()) {
--- End diff --

@bhaisaab ``selectResultSet`` needs to be added to the enclosing try with 
resources block.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9289:Automation for feature de...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/1417#issuecomment-213408951
  
I need one more LGTM code review on this one.  I will try to test this in 
my lab today.  Can you do a force push of this PR again to kick off jenkins so 
we can get this PR all green.  Thanks...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8745 : verify usage after root...

2016-04-22 Thread swill 
Github user swill commented on the pull request:

https://github.com/apache/cloudstack/pull/713#issuecomment-213407542
  
I need one more LGTM code review on this one.  I will try to test this in 
my lab today.  Thanks...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: 4.9 mvn version safeupgradeonly

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1510#issuecomment-213398409
  
With this change we would be able to use JDK8 for building cloudstack once 
we fix the build issues of F5 plugin (that's the only component that fails to 
build with javac 1.8 now).


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: 4.9 bountycastle daan

2016-04-22 Thread bhaisaab 
GitHub user bhaisaab opened a pull request:

https://github.com/apache/cloudstack/pull/1511

4.9 bountycastle daan

This PR adds bountycastle related version and code fixes from @DaanHoogland 
on top of https://github.com/apache/cloudstack/pull/1510

I could not fix java compilation issues when using version 1.54 with 
openjdk 1.7.0_99, @DaanHoogland can you take over? The branch in on asf remote 
so you can push/pull as necessary. Thanks.

cc @swill 

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/apache/cloudstack 4.9-bountycastle-daan

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1511.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1511


commit bb29b1d06389e41c779d94f2d433f3b7c48009b3
Author: Rohit Yadav 
Date:   2016-01-27T00:41:02Z

maven: Upgrade dependency versions

Updated most dependencies to latest minor releases, EXCEPT:

- Gson 2.x
- Major spring framework version
- Servlet version
- Embedded jetty version
- Mockito version (beta)
- Mysql lib minor version upgrade (breaks mysql-ha plugin)

Signed-off-by: Rohit Yadav 

commit 770aa0133ee3011239033e2dfe3f6ed41b76761a
Author: Rohit Yadav 
Date:   2016-02-02T18:55:06Z

framework/quota: fix checkstyle issue

Fixes enum name to supress checkstyle failure due to the latest checkstyle
version

Signed-off-by: Rohit Yadav 

commit 101668994dd27e3ca67c09a8118dbcea255805fd
Author: Daan Hoogland 
Date:   2016-04-22T10:55:27Z

further maven dependency updates from Daan

Signed-off-by: Rohit Yadav 

commit 8af677a0f0b2a74db74223fc3d0e2d3e9549e960
Author: Rohit Yadav 
Date:   2016-01-28T12:06:08Z

maven: fix dependency version support by JDK7

- Fix jetty dependency that is compatible with Java7
- Upgrade minor revisions of dependencies
- Upgrade vmware mvn sdk dependency to 6.0
- Downgrade bounty castle version to 1.46 (same as before)

Signed-off-by: Rohit Yadav 

commit 2ac0837765f1bbf407706fef5002a6fbfa0dba8b
Author: Daan Hoogland 
Date:   2016-04-22T10:58:33Z

maven: upgrade bounty castle version to 1.54

Upgrades bountycastle dependency version to bcprov-15on v1.54




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: maven: Upgrade dependency versions

2016-04-22 Thread bhaisaab 
Github user bhaisaab closed the pull request at:

https://github.com/apache/cloudstack/pull/1397


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: maven: Upgrade dependency versions

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1397#issuecomment-213397292
  
@swill closing this PR, opened two new PRs that split changes from this PR


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: 4.9 mvn version safeupgradeonly

2016-04-22 Thread bhaisaab 
GitHub user bhaisaab opened a pull request:

https://github.com/apache/cloudstack/pull/1510

4.9 mvn version safeupgradeonly

Upgrades maven dependencies versions that can be safely upgraded without 
breaking console-proxy/crypto usage.

Bisected changes from: https://github.com/apache/cloudstack/pull/1397

cc @swill @DaanHoogland 


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/shapeblue/cloudstack 
4.9-mvn-version-safeupgradeonly

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1510.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1510


commit bb29b1d06389e41c779d94f2d433f3b7c48009b3
Author: Rohit Yadav 
Date:   2016-01-27T00:41:02Z

maven: Upgrade dependency versions

Updated most dependencies to latest minor releases, EXCEPT:

- Gson 2.x
- Major spring framework version
- Servlet version
- Embedded jetty version
- Mockito version (beta)
- Mysql lib minor version upgrade (breaks mysql-ha plugin)

Signed-off-by: Rohit Yadav 

commit 770aa0133ee3011239033e2dfe3f6ed41b76761a
Author: Rohit Yadav 
Date:   2016-02-02T18:55:06Z

framework/quota: fix checkstyle issue

Fixes enum name to supress checkstyle failure due to the latest checkstyle
version

Signed-off-by: Rohit Yadav 

commit 101668994dd27e3ca67c09a8118dbcea255805fd
Author: Daan Hoogland 
Date:   2016-04-22T10:55:27Z

further maven dependency updates from Daan

Signed-off-by: Rohit Yadav 

commit 8af677a0f0b2a74db74223fc3d0e2d3e9549e960
Author: Rohit Yadav 
Date:   2016-01-28T12:06:08Z

maven: fix dependency version support by JDK7

- Fix jetty dependency that is compatible with Java7
- Upgrade minor revisions of dependencies
- Upgrade vmware mvn sdk dependency to 6.0
- Downgrade bounty castle version to 1.46 (same as before)

Signed-off-by: Rohit Yadav 




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8855 Improve Error Message for...

2016-04-22 Thread bvbharatk 
Github user bvbharatk commented on the pull request:

https://github.com/apache/cloudstack/pull/837#issuecomment-213395917
  
### ACS CI BVT Run
 **Sumarry:**
 Build Number 3
 Hypervisor xenserver
 NetworkType Advanced
 Passed=69
 Failed=19
 Skipped=3

_Link to logs Folder (search by build_no):_ 
https://www.dropbox.com/sh/yj3wnzbceo9uef2/AAB6u-Iap-xztdm6jHX9SjPja?dl=0


**Failed tests:**
* test_vm_snapshots.py

 * test_01_create_vm_snapshots Failed

 * test_02_revert_vm_snapshots Failed

 * test_03_delete_vm_snapshots Failed

* test_guest_vlan_range.py

 * test_dedicateGuestVlanRange Failed

* test_scale_vm.py

 * test_02_scale_vm_without_hypervisor_specifics Failed

* test_service_offerings.py

 * test_04_change_offering_small Failed

* test_loadbalance.py

 * test_01_create_lb_rule_src_nat Failed

 * test_02_create_lb_rule_non_nat Failed

 * test_assign_and_removal_lb Failed

* test_deploy_vm_iso.py

 * test_deploy_vm_from_iso Failed

* test_volumes.py

 * test_01_create_volume Failed

 * test_02_attach_volume Failed

 * test_06_download_detached_volume Failed

* test_internal_lb.py

 * test_internallb Failed

* test_vm_life_cycle.py

 * test_10_attachAndDetach_iso Failed

* test_templates.py

 * test_01_create_template Failed

 * test_03_delete_template Failed

* test_iso.py

 * test_01_create_iso Failing since 2 runs

 * ContextSuite context=TestISO>:setup Failing since 2 runs


**Skipped tests:**
test_vm_nic_adapter_vmxnet3
test_deploy_vgpu_enabled_vm
test_06_copy_template

**Passed test suits:**
test_deploy_vm_with_userdata.py
test_portable_publicip.py
test_vpc_vpn.py
test_over_provisioning.py
test_global_settings.py
test_privategw_acl.py
test_routers.py
test_reset_vm_on_reboot.py
test_snapshots.py
test_deploy_vms_with_varied_deploymentplanners.py
test_non_contigiousvlan.py
test_public_ip_range.py
test_multipleips_per_nic.py
test_regions.py
test_affinity_groups.py
test_network_acl.py
test_pvlan.py
test_nic.py
test_deploy_vm_root_resize.py
test_resource_detail.py
test_secondary_storage.py
test_disk_offerings.py


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1502#issuecomment-213395335
  
@DaanHoogland thanks, @borisstoyanov will share QA results next week as well


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1502#discussion_r60727764
  
--- Diff: api/src/org/apache/cloudstack/api/response/ZoneResponse.java ---
@@ -233,6 +234,9 @@ public void addTag(ResourceTagResponse tag) {
 }
 
 public void setResourceDetails(Map details) {
-this.resourceDetails = details;
+if (details == null) {
--- End diff --

yes, if its null no point in setting it as nothing will be marshaled by 
gson/xml processor, also we don't want to consume the map but create a new copy 
out of it to avoid polluting user's datastructures


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread DaanHoogland 
Github user DaanHoogland commented on the pull request:

https://github.com/apache/cloudstack/pull/1502#issuecomment-213391362
  
I did an one hour code review and found nothing that will make me :-1:  it 
so; LGTM @swill I will however start integration tests and find more time as 
the size of the change warrants a two day review.

looks good @bhaisaab 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9164: Prevent firefox's quick ...

2016-04-22 Thread footplus 
Github user footplus commented on the pull request:

https://github.com/apache/cloudstack/pull/1271#issuecomment-213389763
  
@swill this is completely a LGTM :) We have this working on CS 4.8 in 
production.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread DaanHoogland 
Github user DaanHoogland commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1502#discussion_r60726125
  
--- Diff: api/src/org/apache/cloudstack/api/response/ZoneResponse.java ---
@@ -233,6 +234,9 @@ public void addTag(ResourceTagResponse tag) {
 }
 
 public void setResourceDetails(Map details) {
-this.resourceDetails = details;
+if (details == null) {
--- End diff --

are you solving an extra bug here? seems like it is no longer possible to 
set details to null. I suppose it is intended.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread DaanHoogland 
Github user DaanHoogland commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1502#discussion_r60725627
  
--- Diff: 
api/src/org/apache/cloudstack/api/command/admin/outofbandmanagement/DisableOutOfBandManagementForHostCmd.java
 ---
@@ -0,0 +1,107 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.admin.outofbandmanagement;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.host.Host;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.HostResponse;
+import org.apache.cloudstack.api.response.OutOfBandManagementResponse;
+import org.apache.cloudstack.context.CallContext;
+import 
org.apache.cloudstack.outofbandmanagement.OutOfBandManagementService;
+
+import javax.inject.Inject;
+
+@APICommand(name = "disableOutOfBandManagementForHost", description = 
"Disables out-of-band management for a host",
+responseObject = OutOfBandManagementResponse.class, 
requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, authorized = 
{RoleType.Admin})
+public class DisableOutOfBandManagementForHostCmd extends BaseAsyncCmd {
+
+@Inject
+private OutOfBandManagementService outOfBandManagementService;
+
+/
+ API parameters /
+/
+
+@Parameter(name = ApiConstants.HOST_ID, type = 
BaseCmd.CommandType.UUID, required = true, entityType = HostResponse.class, 
description = "the ID of the host")
+private Long hostId;
+
+/
+/// API Implementation///
+/
+
+private void validateParams() {
--- End diff --

pity your new Annotation parameter for @Parameter, validators is not in yet.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1502#issuecomment-213375165
  
Pinging for review @jburwell @swill @wido @pyr @koushik-das @agneya2001 
@DaanHoogland @rafaelweingartner @GabrielBrascher @kishankavala 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1502#discussion_r60716885
  
--- Diff: client/tomcatconf/commands.properties.in ---
@@ -799,3 +799,14 @@ quotaCredits=1
 quotaEmailTemplateList=1
 quotaEmailTemplateUpdate=1
 quotaIsEnabled=15
+
+### Out-of-band Management
--- End diff --

If rbac gets merged, we won't need changes in this file as well


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9299: Out-of-band Management f...

2016-04-22 Thread bhaisaab 
Github user bhaisaab commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/1502#discussion_r60716681
  
--- Diff: 
api/src/org/apache/cloudstack/api/command/admin/outofbandmanagement/ChangeOutOfBandManagementPasswordCmd.java
 ---
@@ -0,0 +1,116 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.outofbandmanagement;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.host.Host;
+import com.google.common.base.Strings;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.HostResponse;
+import org.apache.cloudstack.api.response.OutOfBandManagementResponse;
+import org.apache.cloudstack.context.CallContext;
+import 
org.apache.cloudstack.outofbandmanagement.OutOfBandManagementService;
+
+import javax.inject.Inject;
+
+@APICommand(name = "changeOutOfBandManagementPassword", description = 
"Changes out-of-band management interface password on the host and updates the 
interface configuration in CloudStack if the operation succeeds, else reverts 
the old password",
+responseObject = OutOfBandManagementResponse.class, 
requestHasSensitiveInfo = true, responseHasSensitiveInfo = false, authorized = 
{RoleType.Admin})
+public class ChangeOutOfBandManagementPasswordCmd extends BaseAsyncCmd {
+@Inject
+private OutOfBandManagementService outOfBandManagementService;
+
+/
+ API parameters /
+/
+
+@Parameter(name = ApiConstants.HOST_ID, type = CommandType.UUID, 
entityType = HostResponse.class, required = true, description = "the ID of the 
host")
+private Long hostId;
+
+@Parameter(name = ApiConstants.PASSWORD, type = CommandType.STRING, 
description = "the new host management interface password of maximum length 16, 
if none is provided a random password would be used")
+private String password;
+
+/
+/// API Implementation///
+/
+
+@Override
+public String getCommandName() {
+return "changeoutofbandmanagementpasswordresponse";
+}
+
+private void validateParams() {
+if (getHostId() == null || getHostId() < 1L) {
--- End diff --

I'll remove validateParams() as soon as rbac gets merged to master, I'll 
rebase this PR and use the new validations annotations field.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

  1   2   >