networkfilter.diff
install.sh (revision 24) | ||
---|---|---|
553 | 553 |
src/cli/onevnet \ |
554 | 554 |
src/cli/oneuser \ |
555 | 555 |
src/cli/oneimage \ |
556 |
src/cli/onenetworkfilter \ |
|
556 | 557 |
src/cli/onegroup \ |
557 | 558 |
src/cli/onetemplate \ |
558 | 559 |
src/cli/oneacl \ |
... | ... | |
939 | 940 |
src/oca/ruby/OpenNebula/VirtualNetworkPool.rb \ |
940 | 941 |
src/oca/ruby/OpenNebula/Image.rb \ |
941 | 942 |
src/oca/ruby/OpenNebula/ImagePool.rb \ |
943 |
src/oca/ruby/OpenNebula/Networkfilter.rb \ |
|
944 |
src/oca/ruby/OpenNebula/NetworkfilterPool.rb \ |
|
942 | 945 |
src/oca/ruby/OpenNebula/Template.rb \ |
943 | 946 |
src/oca/ruby/OpenNebula/TemplatePool.rb \ |
944 | 947 |
src/oca/ruby/OpenNebula/Group.rb \ |
... | ... | |
1045 | 1048 |
ONE_CLI_LIB_FILES="src/cli/one_helper/onegroup_helper.rb \ |
1046 | 1049 |
src/cli/one_helper/onehost_helper.rb \ |
1047 | 1050 |
src/cli/one_helper/oneimage_helper.rb \ |
1051 |
src/cli/one_helper/onenetworkfilter_helper.rb \ |
|
1048 | 1052 |
src/cli/one_helper/onetemplate_helper.rb \ |
1049 | 1053 |
src/cli/one_helper/oneuser_helper.rb \ |
1050 | 1054 |
src/cli/one_helper/onevm_helper.rb \ |
... | ... | |
1056 | 1060 |
src/cli/onevnet \ |
1057 | 1061 |
src/cli/oneuser \ |
1058 | 1062 |
src/cli/oneimage \ |
1063 |
src/cli/onenetworkfilter \ |
|
1059 | 1064 |
src/cli/onetemplate \ |
1060 | 1065 |
src/cli/onegroup \ |
1061 | 1066 |
src/cli/oneacl" |
... | ... | |
1063 | 1068 |
CLI_CONF_FILES="src/cli/etc/onegroup.yaml \ |
1064 | 1069 |
src/cli/etc/onehost.yaml \ |
1065 | 1070 |
src/cli/etc/oneimage.yaml \ |
1071 |
src/cli/etc/onenetworkfilter.yaml \ |
|
1066 | 1072 |
src/cli/etc/onetemplate.yaml \ |
1067 | 1073 |
src/cli/etc/oneuser.yaml \ |
1068 | 1074 |
src/cli/etc/onevm.yaml \ |
... | ... | |
1096 | 1102 |
src/sunstone/models/OpenNebulaJSON/VirtualMachineJSON.rb \ |
1097 | 1103 |
src/sunstone/models/OpenNebulaJSON/TemplateJSON.rb \ |
1098 | 1104 |
src/sunstone/models/OpenNebulaJSON/AclJSON.rb \ |
1105 |
src/sunstone/models/OpenNebulaJSON/NetworkfilterJSON.rb \ |
|
1099 | 1106 |
src/sunstone/models/OpenNebulaJSON/VirtualNetworkJSON.rb" |
1100 | 1107 | |
1101 | 1108 |
SUNSTONE_TEMPLATE_FILES="src/sunstone/templates/login.html \ |
include/PoolObjectSQL.h (revision 24) | ||
---|---|---|
56 | 56 |
USER = 0x0000010000000000LL, |
57 | 57 |
TEMPLATE = 0x0000020000000000LL, |
58 | 58 |
GROUP = 0x0000040000000000LL, |
59 |
ACL = 0x0000080000000000LL |
|
59 |
NETWORKFILTER = 0x0000080000000000LL, |
|
60 |
ACL = 0x0000100000000000LL |
|
60 | 61 |
}; |
62 |
/* added the NETWORKFILTER on 0x80000000000 and bumped ACL one down... */ |
|
61 | 63 | |
62 | 64 |
static string type_to_str(ObjectType ob) |
63 | 65 |
{ |
... | ... | |
70 | 72 |
case USER: return "USER" ; break; |
71 | 73 |
case TEMPLATE: return "TEMPLATE" ; break; |
72 | 74 |
case GROUP: return "GROUP" ; break; |
75 |
case NETWORKFILTER: return "NETWORKFILTER" ; break; |
|
73 | 76 |
case ACL: return "ACL" ; break; |
74 | 77 |
default: return ""; |
75 | 78 |
} |
include/RequestManager.h (revision 24) | ||
---|---|---|
25 | 25 |
#include "ImagePool.h" |
26 | 26 |
#include "VMTemplatePool.h" |
27 | 27 |
#include "GroupPool.h" |
28 |
#include "NetworkfilterPool.h" |
|
28 | 29 | |
29 | 30 |
#include "AuthManager.h" |
30 | 31 |
include/NetworkfilterPool.h (revision 24) | ||
---|---|---|
1 |
/* -------------------------------------------------------------------------- */ |
|
2 |
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ |
|
3 |
/* */ |
|
4 |
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ |
|
5 |
/* not use this file except in compliance with the License. You may obtain */ |
|
6 |
/* a copy of the License at */ |
|
7 |
/* */ |
|
8 |
/* http://www.apache.org/licenses/LICENSE-2.0 */ |
|
9 |
/* */ |
|
10 |
/* Unless required by applicable law or agreed to in writing, software */ |
|
11 |
/* distributed under the License is distributed on an "AS IS" BASIS, */ |
|
12 |
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ |
|
13 |
/* See the License for the specific language governing permissions and */ |
|
14 |
/* limitations under the License. */ |
|
15 |
/* -------------------------------------------------------------------------- */ |
|
16 | ||
17 |
#ifndef NETWORKFILTER_POOL_H_ |
|
18 |
#define NETWORKFILTER_POOL_H_ |
|
19 | ||
20 |
#include "PoolSQL.h" |
|
21 |
#include "Networkfilter.h" |
|
22 |
#include "NebulaLog.h" |
|
23 | ||
24 |
#include <time.h> |
|
25 |
#include <sstream> |
|
26 | ||
27 |
#include <iostream> |
|
28 |
#include <vector> |
|
29 | ||
30 |
class AuthRequest; |
|
31 | ||
32 |
using namespace std; |
|
33 | ||
34 |
/** |
|
35 |
* The Networkfilter Pool class. |
|
36 |
*/ |
|
37 |
class NetworkfilterPool : public PoolSQL |
|
38 |
{ |
|
39 |
public: |
|
40 | ||
41 |
NetworkfilterPool(SqlDB * db); |
|
42 | ||
43 |
~NetworkfilterPool(){}; |
|
44 | ||
45 |
/** |
|
46 |
* Function to allocate a new Networkfilter object |
|
47 |
* @param uid the user id of the Networkfilter's owner |
|
48 |
* @param gid the id of the group this object is assigned to |
|
49 |
* @param uname name of the user |
|
50 |
* @param gname name of the group |
|
51 |
* @param fw_template template associated with the Networkfilter |
|
52 |
* @param oid the id assigned to the Networkfilter |
|
53 |
* @param error_str Returns the error reason, if any |
|
54 |
* @return the oid assigned to the object, |
|
55 |
* -1 in case of failure |
|
56 |
* -2 in case of template parse failure |
|
57 |
*/ |
|
58 |
int allocate ( |
|
59 |
int uid, |
|
60 |
int gid, |
|
61 |
const string& uname, |
|
62 |
const string& gname, |
|
63 |
NetworkfilterTemplate * nf_template, |
|
64 |
int * oid, |
|
65 |
string& error_str); |
|
66 | ||
67 |
/** |
|
68 |
** Function to get a Networkfilter from the pool, if the object is not in memory |
|
69 |
* it is loaded from the DB |
|
70 |
* @param oid Networkfilter unique id |
|
71 |
* @param lock locks the Networkfilter mutex |
|
72 |
* @return a pointer to the Networkfilter, 0 if the Networkfilter could not be loaded |
|
73 |
*/ |
|
74 |
Networkfilter * get(int oid, bool lock) |
|
75 |
{ |
|
76 |
return static_cast<Networkfilter *>(PoolSQL::get(oid,lock)); |
|
77 |
}; |
|
78 | ||
79 |
/** |
|
80 |
* Gets an object from the pool (if needed the object is loaded from the |
|
81 |
* database). |
|
82 |
* @param name of the object |
|
83 |
* @param uid id of owner |
|
84 |
* @param lock locks the object if true |
|
85 |
* |
|
86 |
* @return a pointer to the object, 0 in case of failure |
|
87 |
*/ |
|
88 |
Networkfilter * get(const string& name, int uid, bool lock) |
|
89 |
{ |
|
90 |
return static_cast<Networkfilter *>(PoolSQL::get(name,uid,lock)); |
|
91 |
}; |
|
92 | ||
93 |
/** |
|
94 |
* Update a particular Networkfilter |
|
95 |
* @param image pointer to Networkfilter |
|
96 |
* @return 0 on success |
|
97 |
*/ |
|
98 |
int update(Networkfilter * networkfilter) |
|
99 |
{ |
|
100 |
return networkfilter->update(db); |
|
101 |
}; |
|
102 | ||
103 | ||
104 |
//-------------------------------------------------------------------------- |
|
105 |
// Virtual Network DB access functions |
|
106 |
//-------------------------------------------------------------------------- |
|
107 | ||
108 |
/** |
|
109 |
* Generates a NIC attribute for VM templates using the Networkfilter |
|
110 |
* metadata |
|
111 |
* @param nic the nic attribute to be generated |
|
112 |
* @param vid of the VM requesting the Networkfilter |
|
113 |
* @return 0 on success, |
|
114 |
* -1 error, |
|
115 |
*/ |
|
116 |
int nic_attribute(VectorAttribute * nic, int uid, int vid); |
|
117 | ||
118 |
/** |
|
119 |
* Bootstraps the database table(s) associated to the Networkfilter pool |
|
120 |
*/ |
|
121 |
static int bootstrap(SqlDB *_db) |
|
122 |
{ |
|
123 |
return Networkfilter::bootstrap(_db); |
|
124 |
}; |
|
125 | ||
126 |
/** |
|
127 |
* Generates an Authorization token for the NETWORKFILTER attribute |
|
128 |
* @param networkfilter the networkilter to be authorized |
|
129 |
* @param uid of owner (to look for the networkfilter id within her images) |
|
130 |
* @param ar the AuthRequest |
|
131 |
*/ |
|
132 |
void authorize_networkfilter(VectorAttribute * networkfilter, int uid, AuthRequest * ar); |
|
133 | ||
134 |
/** |
|
135 |
* Dumps the Networkfilter pool in XML format. A filter can be also added to the |
|
136 |
* query |
|
137 |
* @param oss the output stream to dump the pool contents |
|
138 |
* @param where filter for the objects, defaults to all |
|
139 |
* @return 0 on success |
|
140 |
*/ |
|
141 |
int dump(ostringstream& oss, const string& where) |
|
142 |
{ |
|
143 |
return PoolSQL::dump(oss, "NETWORKFILTER_POOL", Networkfilter::table, where); |
|
144 |
} |
|
145 | ||
146 |
private: |
|
147 |
//-------------------------------------------------------------------------- |
|
148 |
// Pool Attributes |
|
149 |
// ------------------------------------------------------------------------- |
|
150 |
/** |
|
151 |
* Factory method to produce Networkfilter objects |
|
152 |
* @return a pointer to the new Networkfilter |
|
153 |
*/ |
|
154 |
PoolObjectSQL * create() |
|
155 |
{ |
|
156 |
return new Networkfilter(-1,-1,"","",0); |
|
157 |
}; |
|
158 |
}; |
|
159 | ||
160 |
#endif /*NETWORKFILTER_POOL_H_*/ |
include/RequestManagerNetworkfilter.h (revision 24) | ||
---|---|---|
1 |
/* -------------------------------------------------------------------------- */ |
|
2 |
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ |
|
3 |
/* */ |
|
4 |
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ |
|
5 |
/* not use this file except in compliance with the License. You may obtain */ |
|
6 |
/* a copy of the License at */ |
|
7 |
/* */ |
|
8 |
/* http://www.apache.org/licenses/LICENSE-2.0 */ |
|
9 |
/* */ |
|
10 |
/* Unless required by applicable law or agreed to in writing, software */ |
|
11 |
/* distributed under the License is distributed on an "AS IS" BASIS, */ |
|
12 |
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ |
|
13 |
/* See the License for the specific language governing permissions and */ |
|
14 |
/* limitations under the License. */ |
|
15 |
/* -------------------------------------------------------------------------- */ |
|
16 | ||
17 |
#ifndef REQUEST_MANAGER_NETWORKFILTER_H |
|
18 |
#define REQUEST_MANAGER_NETWORKFILTER_H |
|
19 | ||
20 |
#include "Request.h" |
|
21 |
#include "Nebula.h" |
|
22 | ||
23 |
using namespace std; |
|
24 | ||
25 |
/* ------------------------------------------------------------------------- */ |
|
26 |
/* ------------------------------------------------------------------------- */ |
|
27 |
/* ------------------------------------------------------------------------- */ |
|
28 | ||
29 |
class RequestManagerNetworkfilter: public Request |
|
30 |
{ |
|
31 |
protected: |
|
32 |
RequestManagerNetworkfilter( const string& method_name, |
|
33 |
const string& help, |
|
34 |
const string& params) |
|
35 |
:Request(method_name,params,help) |
|
36 |
{ |
|
37 |
Nebula& nd = Nebula::instance(); |
|
38 |
pool = nd.get_nfpool(); |
|
39 | ||
40 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
41 |
auth_op = AuthRequest::MANAGE; |
|
42 |
}; |
|
43 | ||
44 |
~RequestManagerNetworkfilter(){}; |
|
45 | ||
46 |
/* -------------------------------------------------------------------- */ |
|
47 | ||
48 |
virtual void request_execute(xmlrpc_c::paramList const& _paramList, |
|
49 |
RequestAttributes& att) = 0; |
|
50 |
}; |
|
51 | ||
52 |
/* ------------------------------------------------------------------------- */ |
|
53 |
/* ------------------------------------------------------------------------- */ |
|
54 | ||
55 |
class NetworkfilterEnable : public RequestManagerNetworkfilter |
|
56 |
{ |
|
57 |
public: |
|
58 |
NetworkfilterEnable(): |
|
59 |
RequestManagerNetworkfilter("NetworkfilterEnable", |
|
60 |
"Enables or disables a networkfilter", |
|
61 |
"A:sib"){}; |
|
62 |
~NetworkfilterEnable(){}; |
|
63 | ||
64 |
void request_execute(xmlrpc_c::paramList const& _paramList, |
|
65 |
RequestAttributes& att); |
|
66 |
}; |
|
67 | ||
68 |
/* -------------------------------------------------------------------------- */ |
|
69 |
/* -------------------------------------------------------------------------- */ |
|
70 |
/* -------------------------------------------------------------------------- */ |
|
71 | ||
72 |
#endif |
include/Nebula.h (revision 24) | ||
---|---|---|
91 | 91 |
return tpool; |
92 | 92 |
}; |
93 | 93 | |
94 |
NetworkfilterPool * get_nfpool() |
|
95 |
{ |
|
96 |
return nfpool; |
|
97 |
}; |
|
98 | ||
94 | 99 |
// -------------------------------------------------------------- |
95 | 100 |
// Manager Accessors |
96 | 101 |
// -------------------------------------------------------------- |
... | ... | |
323 | 328 |
delete tpool; |
324 | 329 |
} |
325 | 330 | |
331 |
if ( nfpool != 0) |
|
332 |
{ |
|
333 |
delete nfpool; |
|
334 |
} |
|
335 | ||
326 | 336 |
if ( vmm != 0) |
327 | 337 |
{ |
328 | 338 |
delete vmm; |
... | ... | |
421 | 431 |
ImagePool * ipool; |
422 | 432 |
GroupPool * gpool; |
423 | 433 |
VMTemplatePool * tpool; |
434 |
NetworkfilterPool * nfpool; |
|
424 | 435 | |
425 | 436 |
// --------------------------------------------------------------- |
426 | 437 |
// Nebula Managers |
include/RequestManagerAllocate.h (revision 24) | ||
---|---|---|
23 | 23 |
#include "VirtualNetworkTemplate.h" |
24 | 24 |
#include "ImageTemplate.h" |
25 | 25 |
#include "VirtualMachineTemplate.h" |
26 |
#include "NetworkfilterTemplate.h" |
|
26 | 27 | |
27 | 28 |
using namespace std; |
28 | 29 | |
... | ... | |
204 | 205 |
/* ------------------------------------------------------------------------- */ |
205 | 206 |
/* ------------------------------------------------------------------------- */ |
206 | 207 | |
208 |
class NetworkfilterAllocate: public RequestManagerAllocate |
|
209 |
{ |
|
210 |
public: |
|
211 |
NetworkfilterAllocate(): |
|
212 |
RequestManagerAllocate("NetworkfilterAllocate", |
|
213 |
"Allocates a new networkfilter", |
|
214 |
"A:ss", |
|
215 |
true) |
|
216 |
{ |
|
217 |
Nebula& nd = Nebula::instance(); |
|
218 |
pool = nd.get_nfpool(); |
|
219 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
220 |
}; |
|
221 | ||
222 |
~NetworkfilterAllocate(){}; |
|
223 | ||
224 |
/* --------------------------------------------------------------------- */ |
|
225 | ||
226 |
Template * get_object_template() |
|
227 |
{ |
|
228 |
return new NetworkfilterTemplate; |
|
229 |
}; |
|
230 | ||
231 |
int pool_allocate(xmlrpc_c::paramList const& _paramList, |
|
232 |
Template * tmpl, |
|
233 |
int& id, |
|
234 |
string& error_str, |
|
235 |
RequestAttributes& att); |
|
236 |
}; |
|
237 | ||
238 |
/* ------------------------------------------------------------------------- */ |
|
239 |
/* ------------------------------------------------------------------------- */ |
|
240 | ||
207 | 241 |
class HostAllocate : public RequestManagerAllocate |
208 | 242 |
{ |
209 | 243 |
public: |
include/NetworkfilterTemplate.h (revision 24) | ||
---|---|---|
1 |
/* -------------------------------------------------------------------------- */ |
|
2 |
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ |
|
3 |
/* */ |
|
4 |
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ |
|
5 |
/* not use this file except in compliance with the License. You may obtain */ |
|
6 |
/* a copy of the License at */ |
|
7 |
/* */ |
|
8 |
/* http://www.apache.org/licenses/LICENSE-2.0 */ |
|
9 |
/* */ |
|
10 |
/* Unless required by applicable law or agreed to in writing, software */ |
|
11 |
/* distributed under the License is distributed on an "AS IS" BASIS, */ |
|
12 |
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ |
|
13 |
/* See the License for the specific language governing permissions and */ |
|
14 |
/* limitations under the License. */ |
|
15 |
/* -------------------------------------------------------------------------- */ |
|
16 | ||
17 |
#ifndef NETWORKFILTER_TEMPLATE_H_ |
|
18 |
#define NETWORKFILTER_TEMPLATE_H_ |
|
19 | ||
20 |
#include "Template.h" |
|
21 | ||
22 |
using namespace std; |
|
23 | ||
24 |
/** |
|
25 |
* Networkfilter Template class, it represents the attributes of a Host |
|
26 |
*/ |
|
27 |
class NetworkfilterTemplate : public Template |
|
28 |
{ |
|
29 |
public: |
|
30 |
NetworkfilterTemplate() : Template(false,'=',"TEMPLATE"){}; |
|
31 | ||
32 |
~NetworkfilterTemplate(){}; |
|
33 | ||
34 |
}; |
|
35 |
|
|
36 |
/* -------------------------------------------------------------------------- */ |
|
37 |
/* -------------------------------------------------------------------------- */ |
|
38 | ||
39 |
#endif /*NETWORKFILTER_TEMPLATE_H_*/ |
include/RequestManagerInfo.h (revision 24) | ||
---|---|---|
144 | 144 |
/* ------------------------------------------------------------------------- */ |
145 | 145 |
/* ------------------------------------------------------------------------- */ |
146 | 146 | |
147 |
class NetworkfilterInfo: public RequestManagerInfo |
|
148 |
{ |
|
149 |
public: |
|
150 |
NetworkfilterInfo(): |
|
151 |
RequestManagerInfo("NetworkfilterInfo", |
|
152 |
"Returns networkfilter information") |
|
153 |
{ |
|
154 |
Nebula& nd = Nebula::instance(); |
|
155 |
pool = nd.get_nfpool(); |
|
156 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
157 |
}; |
|
158 | ||
159 |
~NetworkfilterInfo(){}; |
|
160 | ||
161 |
}; |
|
162 | ||
163 |
/* ------------------------------------------------------------------------- */ |
|
164 |
/* ------------------------------------------------------------------------- */ |
|
165 | ||
147 | 166 |
class HostInfo : public RequestManagerInfo |
148 | 167 |
{ |
149 | 168 |
public: |
include/RequestManagerPoolInfoFilter.h (revision 24) | ||
---|---|---|
155 | 155 |
/* ------------------------------------------------------------------------- */ |
156 | 156 |
/* ------------------------------------------------------------------------- */ |
157 | 157 | |
158 |
class NetworkfilterPoolInfo: public RequestManagerPoolInfoFilter |
|
159 |
{ |
|
160 |
public: |
|
161 |
NetworkfilterPoolInfo(): |
|
162 |
RequestManagerPoolInfoFilter("NetworkfilterPoolInfo", |
|
163 |
"Returns the networkfilter pool", |
|
164 |
"A:siii") |
|
165 |
{ |
|
166 |
Nebula& nd = Nebula::instance(); |
|
167 |
pool = nd.get_nfpool(); |
|
168 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
169 |
}; |
|
170 | ||
171 |
~NetworkfilterPoolInfo(){}; |
|
172 |
}; |
|
173 | ||
174 |
/* -------------------------------------------------------------------------- */ |
|
175 |
/* -------------------------------------------------------------------------- */ |
|
176 | ||
158 | 177 |
class HostPoolInfo : public RequestManagerPoolInfoFilter |
159 | 178 |
{ |
160 | 179 |
public: |
include/RequestManagerChmod.h (revision 24) | ||
---|---|---|
117 | 117 | |
118 | 118 |
}; |
119 | 119 | |
120 |
/* ------------------------------------------------------------------------- */ |
|
121 |
/* ------------------------------------------------------------------------- */ |
|
122 | ||
123 |
class NetworkfilterChmod: public RequestManagerChmod |
|
124 |
{ |
|
125 |
public: |
|
126 |
NetworkfilterChmod(): |
|
127 |
RequestManagerChmod("NetworkfilterChmod", |
|
128 |
"Changes permission bits of a networkfilter") |
|
129 |
{ |
|
130 |
Nebula& nd = Nebula::instance(); |
|
131 |
pool = nd.get_nfpool(); |
|
132 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
133 |
}; |
|
134 | ||
135 |
~NetworkfilterChmod(){}; |
|
136 | ||
137 |
}; |
|
138 | ||
120 | 139 |
/* -------------------------------------------------------------------------- */ |
121 | 140 |
/* -------------------------------------------------------------------------- */ |
122 | 141 |
/* -------------------------------------------------------------------------- */ |
include/Networkfilter.h (revision 24) | ||
---|---|---|
1 |
/* ------------------------------------------------------------------------ */ |
|
2 |
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ |
|
3 |
/* */ |
|
4 |
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ |
|
5 |
/* not use this file except in compliance with the License. You may obtain */ |
|
6 |
/* a copy of the License at */ |
|
7 |
/* */ |
|
8 |
/* http://www.apache.org/licenses/LICENSE-2.0 */ |
|
9 |
/* */ |
|
10 |
/* Unless required by applicable law or agreed to in writing, software */ |
|
11 |
/* distributed under the License is distributed on an "AS IS" BASIS, */ |
|
12 |
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ |
|
13 |
/* See the License for the specific language governing permissions and */ |
|
14 |
/* limitations under the License. */ |
|
15 |
/* -------------------------------------------------------------------------*/ |
|
16 | ||
17 |
#ifndef NETWORKFILTER_H_ |
|
18 |
#define NETWORKFILTER_H_ |
|
19 | ||
20 |
#include "PoolSQL.h" |
|
21 |
#include "NetworkfilterTemplate.h" |
|
22 |
#include "NebulaLog.h" |
|
23 | ||
24 |
using namespace std; |
|
25 | ||
26 |
/** |
|
27 |
* The Networkfilter class. |
|
28 |
*/ |
|
29 |
class Networkfilter : public PoolObjectSQL |
|
30 |
{ |
|
31 |
public: |
|
32 |
// ************************************************************************* |
|
33 |
// Networkfilter Public Methods |
|
34 |
// ************************************************************************* |
|
35 | ||
36 |
/** |
|
37 |
* Function to print the Networkfilter object into a string in XML format |
|
38 |
* @param xml the resulting XML string |
|
39 |
* @return a reference to the generated string |
|
40 |
*/ |
|
41 |
string& to_xml(string& xml) const; |
|
42 | ||
43 |
/** |
|
44 |
* Rebuilds the object from an xml formatted string |
|
45 |
* @param xml_str The xml-formatted string |
|
46 |
* |
|
47 |
* @return 0 on success, -1 otherwise |
|
48 |
*/ |
|
49 |
int from_xml(const string &xml_str); |
|
50 | ||
51 |
/** |
|
52 |
* |
|
53 |
*/ |
|
54 |
int dec_running () |
|
55 |
{ |
|
56 |
return --running_vms; |
|
57 |
} |
|
58 | ||
59 |
/** |
|
60 |
* |
|
61 |
*/ |
|
62 |
int inc_running() |
|
63 |
{ |
|
64 |
return ++running_vms; |
|
65 |
} |
|
66 | ||
67 |
/** |
|
68 |
* |
|
69 |
*/ |
|
70 |
int get_running() |
|
71 |
{ |
|
72 |
return running_vms; |
|
73 |
} |
|
74 |
/** |
|
75 |
* Check if the image can be used by other users |
|
76 |
* @return true if group or others can access the image |
|
77 |
*/ |
|
78 |
bool isPublic() |
|
79 |
{ |
|
80 |
return (group_u == 1 || other_u == 1); |
|
81 |
} |
|
82 | ||
83 |
/** |
|
84 |
* Factory method for networkfilter templates |
|
85 |
*/ |
|
86 |
Template * get_new_template() |
|
87 |
{ |
|
88 |
return new NetworkfilterTemplate; |
|
89 |
} |
|
90 | ||
91 |
/** |
|
92 |
* Modifies the given nic attribute adding the filter attributes |
|
93 |
* @param nic attribute for the VM template |
|
94 |
* @param vid of the VM getting the lease |
|
95 |
* @return 0 on success |
|
96 |
*/ |
|
97 |
int nic_attribute(VectorAttribute * nic, int vid); |
|
98 | ||
99 |
private: |
|
100 | ||
101 |
// ------------------------------------------------------------------------- |
|
102 |
// Friends |
|
103 |
// ------------------------------------------------------------------------- |
|
104 | ||
105 |
friend class NetworkfilterPool; |
|
106 | ||
107 |
// ------------------------------------------------------------------------- |
|
108 |
// Networkfilter Description |
|
109 |
// ------------------------------------------------------------------------- |
|
110 | ||
111 |
/** |
|
112 |
* Registration time |
|
113 |
*/ |
|
114 |
time_t regtime; |
|
115 | ||
116 |
/** |
|
117 |
* Number of VMs using the image |
|
118 |
*/ |
|
119 |
int running_vms; |
|
120 | ||
121 |
// ************************************************************************* |
|
122 |
// DataBase implementation (Private) |
|
123 |
// ************************************************************************* |
|
124 | ||
125 |
/** |
|
126 |
* Execute an INSERT or REPLACE Sql query. |
|
127 |
* @param db The SQL DB |
|
128 |
* @param replace Execute an INSERT or a REPLACE |
|
129 |
* @return 0 on success |
|
130 |
*/ |
|
131 |
int insert_replace(SqlDB *db, bool replace, string& error_str); |
|
132 | ||
133 |
/** |
|
134 |
* Bootstraps the database table(s) associated to the Networkfilter |
|
135 |
* @return 0 on success |
|
136 |
*/ |
|
137 |
static int bootstrap(SqlDB * db) |
|
138 |
{ |
|
139 |
ostringstream oss_networkfilter(Networkfilter::db_bootstrap); |
|
140 | ||
141 |
return db->exec(oss_networkfilter); |
|
142 |
}; |
|
143 | ||
144 |
/** |
|
145 |
* "Encrypts" the password with SHA1 digest |
|
146 |
* @param password |
|
147 |
* @return sha1 encrypted password |
|
148 |
*/ |
|
149 |
static string sha1_digest(const string& pass); |
|
150 | ||
151 |
protected: |
|
152 | ||
153 |
// ************************************************************************* |
|
154 |
// Constructor |
|
155 |
// ************************************************************************* |
|
156 | ||
157 |
Networkfilter(int uid, |
|
158 |
int gid, |
|
159 |
const string& uname, |
|
160 |
const string& gname, |
|
161 |
NetworkfilterTemplate* fw_template); |
|
162 | ||
163 |
virtual ~Networkfilter(); |
|
164 | ||
165 |
// ************************************************************************* |
|
166 |
// DataBase implementation |
|
167 |
// ************************************************************************* |
|
168 | ||
169 |
static const char * db_names; |
|
170 | ||
171 |
static const char * db_bootstrap; |
|
172 | ||
173 |
static const char * table; |
|
174 | ||
175 |
/** |
|
176 |
* Writes the Networkfilter in the database. |
|
177 |
* @param db pointer to the db |
|
178 |
* @return 0 on success |
|
179 |
*/ |
|
180 |
virtual int insert(SqlDB *db, string& error_str); |
|
181 | ||
182 |
/** |
|
183 |
* Writes/updates the Networkfilter data fields in the database. |
|
184 |
* @param db pointer to the db |
|
185 |
* @return 0 on success |
|
186 |
*/ |
|
187 |
virtual int update(SqlDB *db); |
|
188 |
}; |
|
189 | ||
190 |
#endif /*Networkfilter_H_*/ |
include/RequestManagerDelete.h (revision 24) | ||
---|---|---|
122 | 122 |
/* ------------------------------------------------------------------------- */ |
123 | 123 |
/* ------------------------------------------------------------------------- */ |
124 | 124 | |
125 |
class NetworkfilterDelete: public RequestManagerDelete |
|
126 |
{ |
|
127 |
public: |
|
128 |
NetworkfilterDelete(): |
|
129 |
RequestManagerDelete("NetworkfilterDelete", "Deletes a networkfilter") |
|
130 |
{ |
|
131 |
Nebula& nd = Nebula::instance(); |
|
132 |
pool = nd.get_nfpool(); |
|
133 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
134 |
}; |
|
135 | ||
136 |
~NetworkfilterDelete(){}; |
|
137 | ||
138 |
}; |
|
139 | ||
140 |
/* ------------------------------------------------------------------------- */ |
|
141 |
/* ------------------------------------------------------------------------- */ |
|
142 | ||
125 | 143 |
class HostDelete : public RequestManagerDelete |
126 | 144 |
{ |
127 | 145 |
public: |
include/VirtualMachine.h (revision 24) | ||
---|---|---|
665 | 665 |
int get_disk_images(string &error_str); |
666 | 666 | |
667 | 667 |
/** |
668 |
* Releases all network filters taken by this Virtual Machine |
|
669 |
*/ |
|
670 |
void release_network_filters(); |
|
671 | ||
672 |
/** |
|
668 | 673 |
* Releases all disk images taken by this Virtual Machine |
669 | 674 |
*/ |
670 | 675 |
void release_disk_images(); |
... | ... | |
696 | 701 |
// ------------------------------------------------------------------------ |
697 | 702 |
/** |
698 | 703 |
* Sets an authorization request for a VirtualMachine template based on |
699 |
* the images and networks used |
|
704 |
* the images and networks and networkfilters used
|
|
700 | 705 |
* @param uid for template owner |
701 | 706 |
* @param ar the AuthRequest object |
702 | 707 |
* @param tmpl the virtual machine template |
include/RequestManagerUpdateTemplate.h (revision 24) | ||
---|---|---|
83 | 83 |
/* ------------------------------------------------------------------------- */ |
84 | 84 |
/* ------------------------------------------------------------------------- */ |
85 | 85 | |
86 |
class NetworkfilterUpdateTemplate: public RequestManagerUpdateTemplate |
|
87 |
{ |
|
88 |
public: |
|
89 |
NetworkfilterUpdateTemplate(): |
|
90 |
RequestManagerUpdateTemplate("NetworkfilterUpdateTemplate", |
|
91 |
"Updates a networkfilter template") |
|
92 |
{ |
|
93 |
Nebula& nd = Nebula::instance(); |
|
94 |
pool = nd.get_nfpool(); |
|
95 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
96 |
}; |
|
97 | ||
98 |
~NetworkfilterUpdateTemplate(){}; |
|
99 |
}; |
|
100 | ||
101 |
/* ------------------------------------------------------------------------- */ |
|
102 |
/* ------------------------------------------------------------------------- */ |
|
103 | ||
86 | 104 |
class HostUpdateTemplate : public RequestManagerUpdateTemplate |
87 | 105 |
{ |
88 | 106 |
public: |
include/RequestManagerChown.h (revision 24) | ||
---|---|---|
139 | 139 |
/* ------------------------------------------------------------------------- */ |
140 | 140 |
/* ------------------------------------------------------------------------- */ |
141 | 141 | |
142 |
class NetworkfilterChown: public RequestManagerChown |
|
143 |
{ |
|
144 |
public: |
|
145 |
NetworkfilterChown(): |
|
146 |
RequestManagerChown("NetworkfilterChown", |
|
147 |
"Changes ownership of an networkfilter") |
|
148 |
{ |
|
149 |
Nebula& nd = Nebula::instance(); |
|
150 |
pool = nd.get_nfpool(); |
|
151 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
152 |
}; |
|
153 | ||
154 |
~NetworkfilterChown(){}; |
|
155 | ||
156 |
}; |
|
157 | ||
158 |
/* ------------------------------------------------------------------------- */ |
|
159 |
/* ------------------------------------------------------------------------- */ |
|
160 | ||
142 | 161 |
class UserChown : public RequestManagerChown |
143 | 162 |
{ |
144 | 163 |
public: |
SConstruct (revision 24) | ||
---|---|---|
70 | 70 |
cwd+'/src/dm', |
71 | 71 |
cwd+'/src/im', |
72 | 72 |
cwd+'/src/image', |
73 |
cwd+'/src/networkfilter', |
|
73 | 74 |
cwd+'/src/rm', |
74 | 75 |
cwd+'/src/vnm', |
75 | 76 |
cwd+'/src/hm', |
... | ... | |
200 | 201 |
'src/tm/SConstruct', |
201 | 202 |
'src/im/SConstruct', |
202 | 203 |
'src/image/SConstruct', |
204 |
'src/networkfilter/SConstruct', |
|
203 | 205 |
'src/dm/SConstruct', |
204 | 206 |
'src/scheduler/SConstruct', |
205 | 207 |
'src/vnm/SConstruct', |
src/acl/AclRule.cc (revision 24) | ||
---|---|---|
253 | 253 |
PoolObjectSQL::IMAGE, |
254 | 254 |
PoolObjectSQL::USER, |
255 | 255 |
PoolObjectSQL::TEMPLATE, |
256 |
PoolObjectSQL::GROUP |
|
256 |
PoolObjectSQL::GROUP, |
|
257 |
PoolObjectSQL::NETWORKFILTER |
|
257 | 258 |
}; |
258 | 259 | |
259 | 260 |
bool prefix = false; |
260 | 261 | |
261 |
for ( int i = 0; i < 7; i++ ) |
|
262 |
int objects_size = sizeof( objects ) / sizeof( objects[0] ); |
|
263 |
for ( int i = 0; i < objects_size; i++ ) |
|
262 | 264 |
{ |
263 | 265 |
if ( (resource & objects[i]) != 0 ) |
264 | 266 |
{ |
src/dm/DispatchManagerActions.cc (revision 24) | ||
---|---|---|
626 | 626 | |
627 | 627 |
vm->release_disk_images(); |
628 | 628 | |
629 |
vm->release_network_filters(); |
|
630 | ||
629 | 631 |
vm->log("DiM", Log::INFO, "New VM state is DONE."); |
630 | 632 |
break; |
631 | 633 |
src/dm/DispatchManagerStates.cc (revision 24) | ||
---|---|---|
130 | 130 |
vm->release_network_leases(); |
131 | 131 | |
132 | 132 |
vm->release_disk_images(); |
133 | ||
134 |
vm->release_network_filters(); |
|
133 | 135 |
} |
134 | 136 |
else |
135 | 137 |
{ |
src/vnm/VirtualNetwork.cc (revision 24) | ||
---|---|---|
18 | 18 |
#include "VirtualNetwork.h" |
19 | 19 |
#include "VirtualNetworkPool.h" |
20 | 20 |
#include "VirtualNetworkTemplate.h" |
21 |
#include "NetworkfilterPool.h" |
|
21 | 22 | |
22 | 23 |
#include "NebulaLog.h" |
23 | 24 |
#include "RangedLeases.h" |
... | ... | |
25 | 26 | |
26 | 27 |
#include "AuthManager.h" |
27 | 28 | |
29 |
#include "Nebula.h" |
|
30 | ||
28 | 31 |
#define TO_UPPER(S) transform(S.begin(),S.end(),S.begin(),(int(*)(int))toupper) |
29 | 32 | |
30 | 33 |
/* ************************************************************************** */ |
... | ... | |
617 | 620 | |
618 | 621 |
string ip; |
619 | 622 |
string mac; |
623 |
string libvirt_filter; |
|
620 | 624 | |
621 | 625 |
ostringstream vnid; |
622 | 626 | |
627 |
NetworkfilterPool * nfpool = Nebula::instance().get_nfpool(); |
|
628 | ||
623 | 629 |
ip = nic->vector_value("IP"); |
624 | 630 |
vnid << oid; |
625 | 631 | |
... | ... | |
660 | 666 |
nic->replace("VLAN", "NO"); |
661 | 667 |
} |
662 | 668 | |
669 |
obj_template->get("LIBVIRT_FILTER",libvirt_filter); |
|
670 |
if (libvirt_filter != "") |
|
671 |
{ |
|
672 |
nic->replace("LIBVIRT_FILTER",libvirt_filter); |
|
673 |
} |
|
674 | ||
675 |
// GET NETWORKFILTER NIC ATTRIBUTES |
|
676 |
rc = nfpool->nic_attribute(nic, uid, vid); |
|
677 | ||
663 | 678 |
if (!phydev.empty()) |
664 | 679 |
{ |
665 | 680 |
nic->replace("PHYDEV", phydev); |
src/oca/ruby/OpenNebula/NetworkfilterPool.rb (revision 24) | ||
---|---|---|
1 |
# -------------------------------------------------------------------------- # |
|
2 |
# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) # |
|
3 |
# # |
|
4 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may # |
|
5 |
# not use this file except in compliance with the License. You may obtain # |
|
6 |
# a copy of the License at # |
|
7 |
# # |
|
8 |
# http://www.apache.org/licenses/LICENSE-2.0 # |
|
9 |
# # |
|
10 |
# Unless required by applicable law or agreed to in writing, software # |
|
11 |
# distributed under the License is distributed on an "AS IS" BASIS, # |
|
12 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # |
|
13 |
# See the License for the specific language governing permissions and # |
|
14 |
# limitations under the License. # |
|
15 |
#--------------------------------------------------------------------------- # |
|
16 | ||
17 |
require 'OpenNebula/Pool' |
|
18 | ||
19 |
module OpenNebula |
|
20 |
class NetworkfilterPool < Pool |
|
21 |
####################################################################### |
|
22 |
# Constants and Class attribute accessors |
|
23 |
####################################################################### |
|
24 |
|
|
25 |
NETWORKFILTER_POOL_METHODS = { |
|
26 |
:info => "networkfilterpool.info" |
|
27 |
} |
|
28 | ||
29 |
####################################################################### |
|
30 |
# Class constructor & Pool Methods |
|
31 |
####################################################################### |
|
32 |
|
|
33 |
# +client+ a Client object that represents a XML-RPC connection |
|
34 |
# +user_id+ is to refer to a Pool with Networkfilters from that user |
|
35 |
def initialize(client, user_id=-1) |
|
36 |
super('NETWORKFILTER_POOL','NETWORKFILTER',client) |
|
37 | ||
38 |
@user_id = user_id |
|
39 |
end |
|
40 | ||
41 |
# Default Factory Method for the Pools |
|
42 |
def factory(element_xml) |
|
43 |
OpenNebula::Networkfilter.new(element_xml,@client) |
|
44 |
end |
|
45 | ||
46 |
####################################################################### |
|
47 |
# XML-RPC Methods for the Networkfilter Object |
|
48 |
####################################################################### |
|
49 | ||
50 |
# Retrieves all or part of the VirtualMachines in the pool. |
|
51 |
def info(*args) |
|
52 |
case args.size |
|
53 |
when 0 |
|
54 |
info_filter(NETWORKFILTER_POOL_METHODS[:info],@user_id,-1,-1) |
|
55 |
when 3 |
|
56 |
info_filter(NETWORKFILTER_POOL_METHODS[:info],args[0],args[1],args[2]) |
|
57 |
end |
|
58 |
end |
|
59 | ||
60 |
def info_all() |
|
61 |
return super(NETWORKFILTER_POOL_METHODS[:info]) |
|
62 |
end |
|
63 | ||
64 |
def info_mine() |
|
65 |
return super(NETWORKFILTER_POOL_METHODS[:info]) |
|
66 |
end |
|
67 | ||
68 |
def info_group() |
|
69 |
return super(NETWORKFILTER_POOL_METHODS[:info]) |
|
70 |
end |
|
71 |
end |
|
72 |
end |
src/oca/ruby/OpenNebula/Acl.rb (revision 24) | ||
---|---|---|
30 | 30 |
# USER |
31 | 31 |
# TEMPLATE |
32 | 32 |
# GROUP |
33 |
# NETWORKFILTER |
|
33 | 34 |
# ACL |
34 | 35 |
# RIGHTS -> + separated list |
35 | 36 |
# USE |
... | ... | |
52 | 53 |
"IMAGE" => 0x8000000000, |
53 | 54 |
"USER" => 0x10000000000, |
54 | 55 |
"TEMPLATE" => 0x20000000000, |
55 |
"GROUP" => 0x40000000000 |
|
56 |
"GROUP" => 0x40000000000, |
|
57 |
"NETWORKFILTER" => 0x80000000000 |
|
58 | ||
56 | 59 |
} |
57 | 60 | |
58 | 61 |
RIGHTS = |
src/oca/ruby/OpenNebula/Networkfilter.rb (revision 24) | ||
---|---|---|
1 |
# -------------------------------------------------------------------------- # |
|
2 |
# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) # |
|
3 |
# # |
|
4 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may # |
|
5 |
# not use this file except in compliance with the License. You may obtain # |
|
6 |
# a copy of the License at # |
|
7 |
# # |
|
8 |
# http://www.apache.org/licenses/LICENSE-2.0 # |
|
9 |
# # |
|
10 |
# Unless required by applicable law or agreed to in writing, software # |
|
11 |
# distributed under the License is distributed on an "AS IS" BASIS, # |
|
12 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # |
|
13 |
# See the License for the specific language governing permissions and # |
|
14 |
# limitations under the License. # |
|
15 |
#--------------------------------------------------------------------------- # |
|
16 | ||
17 |
require 'OpenNebula/Pool' |
|
18 |
require 'fileutils' |
|
19 | ||
20 |
module OpenNebula |
|
21 |
class Networkfilter < PoolElement |
|
22 |
# --------------------------------------------------------------------- |
|
23 |
# Constants and Class Methods |
|
24 |
# --------------------------------------------------------------------- |
|
25 |
NETWORKFILTER_METHODS = { |
|
26 |
:info => "networkfilter.info", |
|
27 |
:allocate => "networkfilter.allocate", |
|
28 |
:update => "networkfilter.update", |
|
29 |
:enable => "networkfilter.enable", |
|
30 |
:delete => "networkfilter.delete", |
|
31 |
:chown => "networkfilter.chown", |
|
32 |
:chmod => "networkfilter.chmod" |
|
33 |
} |
|
34 | ||
35 |
# Creates a Network filter description with just its identifier |
|
36 |
# this method should be used to create plain Network filter objects. |
|
37 |
# +id+ the id of the networkfilter |
|
38 |
# |
|
39 |
# Example: |
|
40 |
# networkfilter = Networkfilter.new(Networkfilter.build_xml(3),rpc_client) |
|
41 |
# |
|
42 |
def Networkfilter.build_xml(pe_id=nil) |
|
43 |
if pe_id |
|
44 |
networkfilter_xml = "<NETWORKFILTER><ID>#{pe_id}</ID></NETWORKFILTER>" |
|
45 |
else |
|
46 |
networkfilter_xml = "<NETWORKFILTER></NETWORKFILTER>" |
|
47 |
end |
|
48 | ||
49 |
XMLElement.build_xml(networkfilter_xml,'NETWORKFILTER') |
|
50 |
end |
|
51 | ||
52 |
# Class constructor |
|
53 |
def initialize(xml, client) |
|
54 |
super(xml,client) |
|
55 | ||
56 |
@client = client |
|
57 |
end |
|
58 | ||
59 |
####################################################################### |
|
60 |
# XML-RPC Methods for the Network filter Object |
|
61 |
####################################################################### |
|
62 | ||
63 |
# Retrieves the information of the given Network filter. |
|
64 |
def info() |
|
65 |
super(NETWORKFILTER_METHODS[:info], 'NETWORKFILTER') |
|
66 |
end |
|
67 | ||
68 |
# Allocates a new Network filter in OpenNebula |
|
69 |
# |
|
70 |
# +description+ A string containing the template of the Network filter. |
|
71 |
def allocate(description) |
|
72 |
super(NETWORKFILTER_METHODS[:allocate],description) |
|
73 |
end |
|
74 | ||
75 |
# Replaces the template contents |
|
76 |
# |
|
77 |
# +new_template+ New template contents |
|
78 |
def update(new_template) |
|
79 |
super(NETWORKFILTER_METHODS[:update], new_template) |
|
80 |
end |
|
81 | ||
82 |
# Enables an Network filter |
|
83 |
def enable |
|
84 |
set_enabled(true) |
|
85 |
end |
|
86 | ||
87 |
# Disables an Network filter |
|
88 |
def disable |
|
89 |
set_enabled(false) |
|
90 |
end |
|
91 | ||
92 |
# Deletes the Network filter |
|
93 |
def delete() |
|
94 |
super(NETWORKFILTER_METHODS[:delete]) |
|
95 |
end |
|
96 | ||
97 |
# Changes the owner/group |
|
98 |
# uid:: _Integer_ the new owner id. Set to -1 to leave the current one |
|
99 |
# gid:: _Integer_ the new group id. Set to -1 to leave the current one |
|
100 |
# [return] nil in case of success or an Error object |
|
101 |
def chown(uid, gid) |
|
102 |
super(NETWORKFILTER_METHODS[:chown], uid, gid) |
|
103 |
end |
|
104 | ||
105 |
# Changes the networkfilter permissions. |
|
106 |
# |
|
107 |
# @param octet [String] Permissions octed , e.g. 640 |
|
108 |
# @return [nil, OpenNebula::Error] nil in case of success, Error |
|
109 |
# otherwise |
|
110 |
def chmod_octet(octet) |
|
111 |
super(NETWORKFILTER_METHODS[:chmod], octet) |
|
112 |
end |
|
113 | ||
114 |
# Changes the networkfilter permissions. |
|
115 |
# Each [Integer] argument must be 1 to allow, 0 deny, -1 do not change |
|
116 |
# |
|
117 |
# @return [nil, OpenNebula::Error] nil in case of success, Error |
|
118 |
# otherwise |
|
119 |
def chmod(owner_u, owner_m, owner_a, group_u, group_m, group_a, other_u, |
|
120 |
other_m, other_a) |
|
121 |
super(NETWORKFILTER_METHODS[:chmod], owner_u, owner_m, owner_a, group_u, |
|
122 |
group_m, group_a, other_u, other_m, other_a) |
|
123 |
end |
|
124 | ||
125 |
####################################################################### |
|
126 |
# Helpers to get Network filter information |
|
127 |
####################################################################### |
|
128 | ||
129 |
# Returns the group identifier |
|
130 |
# [return] _Integer_ the element's group ID |
|
131 |
def gid |
|
132 |
self['GID'].to_i |
|
133 |
end |
|
134 | ||
135 |
private |
|
136 | ||
137 |
def set_enabled(enabled) |
|
138 |
return Error.new('ID not defined') if !@pe_id |
|
139 | ||
140 |
rc = @client.call(NETWORKFILTER_METHODS[:enable], @pe_id, enabled) |
|
141 |
rc = nil if !OpenNebula.is_error?(rc) |
|
142 | ||
143 |
return rc |
|
144 |
end |
|
145 | ||
146 |
def set_publish(published) |
|
147 |
return Error.new('ID not defined') if !@pe_id |
|
148 | ||
149 |
rc = @client.call(NETWORKFILTER_METHODS[:publish], @pe_id, published) |
|
150 |
rc = nil if !OpenNebula.is_error?(rc) |
|
151 | ||
152 |
return rc |
|
153 |
end |
|
154 |
|
|
155 |
end |
|
156 |
end |
src/oca/ruby/OpenNebula.rb (revision 24) | ||
---|---|---|
42 | 42 |
require 'OpenNebula/GroupPool' |
43 | 43 |
require 'OpenNebula/Acl' |
44 | 44 |
require 'OpenNebula/AclPool' |
45 |
require 'OpenNebula/Networkfilter' |
|
46 |
require 'OpenNebula/NetworkfilterPool' |
|
45 | 47 | |
46 | 48 |
module OpenNebula |
47 | 49 |
src/rm/RequestManagerNetworkfilter.cc (revision 24) | ||
---|---|---|
1 |
/* -------------------------------------------------------------------------- */ |
|
2 |
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ |
|
3 |
/* */ |
|
4 |
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ |
|
5 |
/* not use this file except in compliance with the License. You may obtain */ |
|
6 |
/* a copy of the License at */ |
|
7 |
/* */ |
|
8 |
/* http://www.apache.org/licenses/LICENSE-2.0 */ |
|
9 |
/* */ |
|
10 |
/* Unless required by applicable law or agreed to in writing, software */ |
|
11 |
/* distributed under the License is distributed on an "AS IS" BASIS, */ |
|
12 |
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ |
|
13 |
/* See the License for the specific language governing permissions and */ |
|
14 |
/* limitations under the License. */ |
|
15 |
/* -------------------------------------------------------------------------- */ |
|
16 | ||
17 |
#include "RequestManagerNetworkfilter.h" |
|
18 |
#include "Nebula.h" |
|
19 | ||
20 |
/* -------------------------------------------------------------------------- */ |
|
21 |
/* -------------------------------------------------------------------------- */ |
|
22 | ||
23 |
void NetworkfilterEnable::request_execute(xmlrpc_c::paramList const& paramList, |
|
24 |
RequestAttributes& att) |
|
25 |
{ |
|
26 |
int id = xmlrpc_c::value_int(paramList.getInt(1)); |
|
27 | ||
28 |
Networkfilter * networkfilter; |
|
29 | ||
30 |
NetworkfilterPool * nfpool = static_cast<NetworkfilterPool *>(pool); |
|
31 | ||
32 |
string error_str; |
|
33 | ||
34 |
if ( basic_authorization(id, att) == false ) |
|
35 |
{ |
|
36 |
return; |
|
37 |
} |
|
38 | ||
39 |
networkfilter = nfpool->get(id,true); |
|
40 | ||
41 |
if ( networkfilter == 0 ) |
|
42 |
{ |
|
43 |
failure_response(NO_EXISTS, |
|
44 |
get_error(object_name(auth_object),id), |
|
45 |
att); |
|
46 | ||
47 |
return; |
|
48 |
} |
|
49 | ||
50 |
nfpool->update(networkfilter); |
|
51 | ||
52 |
networkfilter->unlock(); |
|
53 | ||
54 |
success_response(id, att); |
|
55 |
} |
|
56 | ||
57 |
/* -------------------------------------------------------------------------- */ |
|
58 |
/* -------------------------------------------------------------------------- */ |
|
59 |
src/rm/SConstruct (revision 24) | ||
---|---|---|
35 | 35 |
'RequestManagerUser.cc', |
36 | 36 |
'RequestManagerHost.cc', |
37 | 37 |
'RequestManagerImage.cc', |
38 |
'RequestManagerNetworkfilter.cc', |
|
38 | 39 |
'RequestManagerChown.cc', |
39 | 40 |
'RequestManagerAcl.cc', |
40 | 41 |
'RequestManagerChmod.cc', |
src/rm/RequestManager.cc (revision 24) | ||
---|---|---|
33 | 33 |
#include "RequestManagerImage.h" |
34 | 34 |
#include "RequestManagerUser.h" |
35 | 35 |
#include "RequestManagerAcl.h" |
36 |
#include "RequestManagerNetworkfilter.h" |
|
36 | 37 | |
37 | 38 |
#include <sys/signal.h> |
38 | 39 |
#include <sys/socket.h> |
... | ... | |
254 | 255 |
xmlrpc_c::methodPtr host_update(new HostUpdateTemplate()); |
255 | 256 |
xmlrpc_c::methodPtr vn_update(new VirtualNetworkUpdateTemplate()); |
256 | 257 |
xmlrpc_c::methodPtr user_update(new UserUpdateTemplate()); |
258 |
xmlrpc_c::methodPtr networkfilter_update(new NetworkfilterUpdateTemplate()); |
|
257 | 259 | |
258 | 260 |
// Allocate Methods |
259 | 261 |
xmlrpc_c::methodPtr vm_allocate(new VirtualMachineAllocate()); |
... | ... | |
263 | 265 |
xmlrpc_c::methodPtr template_allocate(new TemplateAllocate()); |
264 | 266 |
xmlrpc_c::methodPtr host_allocate(new HostAllocate()); |
265 | 267 |
xmlrpc_c::methodPtr user_allocate(new UserAllocate()); |
268 |
xmlrpc_c::methodPtr networkfilter_allocate(new NetworkfilterAllocate()); |
|
266 | 269 | |
267 | 270 |
// Delete Methods |
268 | 271 |
xmlrpc_c::methodPtr host_delete(new HostDelete()); |
... | ... | |
271 | 274 |
xmlrpc_c::methodPtr vn_delete(new VirtualNetworkDelete()); |
272 | 275 |
xmlrpc_c::methodPtr user_delete(new UserDelete()); |
273 | 276 |
xmlrpc_c::methodPtr image_delete(new ImageDelete()); |
277 |
xmlrpc_c::methodPtr networkfilter_delete(new NetworkfilterDelete()); |
|
274 | 278 | |
275 | 279 |
// Info Methods |
276 | 280 |
xmlrpc_c::methodPtr vm_info(new VirtualMachineInfo()); |
... | ... | |
280 | 284 |
xmlrpc_c::methodPtr vn_info(new VirtualNetworkInfo()); |
281 | 285 |
xmlrpc_c::methodPtr user_info(new UserInfo()); |
282 | 286 |
xmlrpc_c::methodPtr image_info(new ImageInfo()); |
287 |
xmlrpc_c::methodPtr networkfilter_info(new NetworkfilterInfo()); |
|
283 | 288 | |
284 | 289 |
// PoolInfo Methods |
285 | 290 |
xmlrpc_c::methodPtr hostpool_info(new HostPoolInfo()); |
... | ... | |
291 | 296 |
xmlrpc_c::methodPtr template_pool_info(new TemplatePoolInfo()); |
292 | 297 |
xmlrpc_c::methodPtr vnpool_info(new VirtualNetworkPoolInfo()); |
293 | 298 |
xmlrpc_c::methodPtr imagepool_info(new ImagePoolInfo()); |
299 |
xmlrpc_c::methodPtr networkfilterpool_info(new NetworkfilterPoolInfo()); |
|
294 | 300 | |
295 | 301 |
// Host Methods |
296 | 302 |
xmlrpc_c::methodPtr host_enable(new HostEnable()); |
... | ... | |
306 | 312 |
xmlrpc_c::methodPtr vn_chown(new VirtualNetworkChown()); |
307 | 313 |
xmlrpc_c::methodPtr image_chown(new ImageChown()); |
308 | 314 |
xmlrpc_c::methodPtr user_chown(new UserChown()); |
315 |
xmlrpc_c::methodPtr networkfilter_chown(new NetworkfilterChown()); |
|
309 | 316 | |
310 | 317 |
// Chmod Methods |
311 | 318 |
xmlrpc_c::methodPtr vm_chmod(new VirtualMachineChmod()); |
312 | 319 |
xmlrpc_c::methodPtr template_chmod(new TemplateChmod()); |
313 | 320 |
xmlrpc_c::methodPtr vn_chmod(new VirtualNetworkChmod()); |
314 | 321 |
xmlrpc_c::methodPtr image_chmod(new ImageChmod()); |
322 |
xmlrpc_c::methodPtr networkfilter_chmod(new NetworkfilterChmod()); |
|
315 | 323 | |
316 | 324 |
// ACL Methods |
317 | 325 |
xmlrpc_c::methodPtr acl_addrule(new AclAddRule()); |
... | ... | |
395 | 403 | |
396 | 404 |
RequestManagerRegistry.addMethod("one.imagepool.info", imagepool_info); |
397 | 405 | |
406 |
/* Networkfilter related methods*/ |
|
407 | ||
408 |
RequestManagerRegistry.addMethod("one.networkfilter.update", networkfilter_update); |
|
409 |
RequestManagerRegistry.addMethod("one.networkfilter.allocate", networkfilter_allocate); |
|
410 |
RequestManagerRegistry.addMethod("one.networkfilter.delete", networkfilter_delete); |
|
411 |
RequestManagerRegistry.addMethod("one.networkfilter.info", networkfilter_info); |
|
412 |
RequestManagerRegistry.addMethod("one.networkfilter.chown", networkfilter_chown); |
|
413 |
RequestManagerRegistry.addMethod("one.networkfilter.chmod", networkfilter_chmod); |
|
414 | ||
415 |
RequestManagerRegistry.addMethod("one.networkfilterpool.info", networkfilterpool_info); |
|
416 | ||
398 | 417 |
/* ACL related methods */ |
399 | 418 |
RequestManagerRegistry.addMethod("one.acl.addrule", acl_addrule); |
400 | 419 |
RequestManagerRegistry.addMethod("one.acl.delrule", acl_delrule); |
src/rm/RequestManagerAllocate.cc (revision 24) | ||
---|---|---|
200 | 200 |
/* -------------------------------------------------------------------------- */ |
201 | 201 |
/* -------------------------------------------------------------------------- */ |
202 | 202 | |
203 |
int NetworkfilterAllocate::pool_allocate(xmlrpc_c::paramList const& _paramList, |
|
204 |
Template * tmpl, |
|
205 |
int& id, |
|
206 |
string& error_str, |
|
207 |
RequestAttributes& att) |
|
208 |
{ |
|
209 |
NetworkfilterPool * nfpool = static_cast<NetworkfilterPool *>(pool); |
|
210 |
NetworkfilterTemplate * nftmpl = static_cast<NetworkfilterTemplate *>(tmpl); |
|
211 | ||
212 |
return nfpool->allocate(att.uid, att.gid, att.uname, att.gname, nftmpl, &id, |
|
213 |
error_str); |
|
214 |
} |
|
215 | ||
216 |
/* -------------------------------------------------------------------------- */ |
|
217 |
/* -------------------------------------------------------------------------- */ |
|
218 | ||
203 | 219 |
int HostAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, |
204 | 220 |
Template * tmpl, |
205 | 221 |
int& id, |
src/rm/Request.cc (revision 24) | ||
---|---|---|
169 | 169 |
return "virtual network"; |
170 | 170 |
case PoolObjectSQL::IMAGE: |
171 | 171 |
return "image"; |
172 |
case PoolObjectSQL::NETWORKFILTER: |
|
173 |
return "network filter"; |
|
172 | 174 |
case PoolObjectSQL::USER: |
173 | 175 |
return "user"; |
174 | 176 |
case PoolObjectSQL::TEMPLATE: |
src/sunstone/models/OpenNebulaJSON/PoolJSON.rb (revision 24) | ||
---|---|---|
25 | 25 |
class GroupPoolJSON < OpenNebula::GroupPool; include JSONUtils; end |
26 | 26 |
class UserPoolJSON < OpenNebula::UserPool; include JSONUtils; end |
27 | 27 |
class AclPoolJSON < OpenNebula::AclPool; include JSONUtils; end |
28 |
class NetworkfilterPoolJSON < OpenNebula::NetworkfilterPool; include JSONUtils; end |
|
28 | 29 |
end |
src/sunstone/models/OpenNebulaJSON/NetworkfilterJSON.rb (revision 24) | ||
---|---|---|
1 |
# -------------------------------------------------------------------------- # |
|
2 |
# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) # |
|
3 |
# # |
|
4 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may # |
|
5 |
# not use this file except in compliance with the License. You may obtain # |
|
6 |
# a copy of the License at # |
|
7 |
# # |
|
8 |
# http://www.apache.org/licenses/LICENSE-2.0 # |
|
9 |
# # |
|
10 |
# Unless required by applicable law or agreed to in writing, software # |
|
11 |
# distributed under the License is distributed on an "AS IS" BASIS, # |
|
12 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # |
|
13 |
# See the License for the specific language governing permissions and # |
|
14 |
# limitations under the License. # |
|
15 |
#--------------------------------------------------------------------------- # |
|
16 | ||
17 |
require 'OpenNebulaJSON/JSONUtils' |
|
18 | ||
19 |
module OpenNebulaJSON |
|
20 |
class NetworkfilterJSON < OpenNebula::Networkfilter |
|
21 |
include JSONUtils |
|
22 | ||
23 |
def create(template_json) |
|
24 |
networkfilter_hash = parse_json(template_json, 'networkfilter') |
|
25 |
if OpenNebula.is_error?(networkfilter_hash) |
|
26 |
return networkfilter_hash |
|
27 |
end |
|
28 | ||
29 |
if networkfilter_hash['networkfilter_raw'] |
|
30 |
template = networkfilter_hash['networkfilter_raw'] |
|
31 |
else |
|
32 |
template = template_to_str(networkfilter_hash) |
|
33 |
end |