networkfilter.diff
| install.sh (revision 24) | ||
|---|---|---|
| 553 | 553 |
src/cli/onevnet \ |
| 554 | 554 |
src/cli/oneuser \ |
| 555 | 555 |
src/cli/oneimage \ |
| 556 |
src/cli/onenetworkfilter \ |
|
| 556 | 557 |
src/cli/onegroup \ |
| 557 | 558 |
src/cli/onetemplate \ |
| 558 | 559 |
src/cli/oneacl \ |
| ... | ... | |
| 939 | 940 |
src/oca/ruby/OpenNebula/VirtualNetworkPool.rb \ |
| 940 | 941 |
src/oca/ruby/OpenNebula/Image.rb \ |
| 941 | 942 |
src/oca/ruby/OpenNebula/ImagePool.rb \ |
| 943 |
src/oca/ruby/OpenNebula/Networkfilter.rb \ |
|
| 944 |
src/oca/ruby/OpenNebula/NetworkfilterPool.rb \ |
|
| 942 | 945 |
src/oca/ruby/OpenNebula/Template.rb \ |
| 943 | 946 |
src/oca/ruby/OpenNebula/TemplatePool.rb \ |
| 944 | 947 |
src/oca/ruby/OpenNebula/Group.rb \ |
| ... | ... | |
| 1045 | 1048 |
ONE_CLI_LIB_FILES="src/cli/one_helper/onegroup_helper.rb \ |
| 1046 | 1049 |
src/cli/one_helper/onehost_helper.rb \ |
| 1047 | 1050 |
src/cli/one_helper/oneimage_helper.rb \ |
| 1051 |
src/cli/one_helper/onenetworkfilter_helper.rb \ |
|
| 1048 | 1052 |
src/cli/one_helper/onetemplate_helper.rb \ |
| 1049 | 1053 |
src/cli/one_helper/oneuser_helper.rb \ |
| 1050 | 1054 |
src/cli/one_helper/onevm_helper.rb \ |
| ... | ... | |
| 1056 | 1060 |
src/cli/onevnet \ |
| 1057 | 1061 |
src/cli/oneuser \ |
| 1058 | 1062 |
src/cli/oneimage \ |
| 1063 |
src/cli/onenetworkfilter \ |
|
| 1059 | 1064 |
src/cli/onetemplate \ |
| 1060 | 1065 |
src/cli/onegroup \ |
| 1061 | 1066 |
src/cli/oneacl" |
| ... | ... | |
| 1063 | 1068 |
CLI_CONF_FILES="src/cli/etc/onegroup.yaml \ |
| 1064 | 1069 |
src/cli/etc/onehost.yaml \ |
| 1065 | 1070 |
src/cli/etc/oneimage.yaml \ |
| 1071 |
src/cli/etc/onenetworkfilter.yaml \ |
|
| 1066 | 1072 |
src/cli/etc/onetemplate.yaml \ |
| 1067 | 1073 |
src/cli/etc/oneuser.yaml \ |
| 1068 | 1074 |
src/cli/etc/onevm.yaml \ |
| ... | ... | |
| 1096 | 1102 |
src/sunstone/models/OpenNebulaJSON/VirtualMachineJSON.rb \ |
| 1097 | 1103 |
src/sunstone/models/OpenNebulaJSON/TemplateJSON.rb \ |
| 1098 | 1104 |
src/sunstone/models/OpenNebulaJSON/AclJSON.rb \ |
| 1105 |
src/sunstone/models/OpenNebulaJSON/NetworkfilterJSON.rb \ |
|
| 1099 | 1106 |
src/sunstone/models/OpenNebulaJSON/VirtualNetworkJSON.rb" |
| 1100 | 1107 | |
| 1101 | 1108 |
SUNSTONE_TEMPLATE_FILES="src/sunstone/templates/login.html \ |
| include/PoolObjectSQL.h (revision 24) | ||
|---|---|---|
| 56 | 56 |
USER = 0x0000010000000000LL, |
| 57 | 57 |
TEMPLATE = 0x0000020000000000LL, |
| 58 | 58 |
GROUP = 0x0000040000000000LL, |
| 59 |
ACL = 0x0000080000000000LL |
|
| 59 |
NETWORKFILTER = 0x0000080000000000LL, |
|
| 60 |
ACL = 0x0000100000000000LL |
|
| 60 | 61 |
}; |
| 62 |
/* added the NETWORKFILTER on 0x80000000000 and bumped ACL one down... */ |
|
| 61 | 63 | |
| 62 | 64 |
static string type_to_str(ObjectType ob) |
| 63 | 65 |
{
|
| ... | ... | |
| 70 | 72 |
case USER: return "USER" ; break; |
| 71 | 73 |
case TEMPLATE: return "TEMPLATE" ; break; |
| 72 | 74 |
case GROUP: return "GROUP" ; break; |
| 75 |
case NETWORKFILTER: return "NETWORKFILTER" ; break; |
|
| 73 | 76 |
case ACL: return "ACL" ; break; |
| 74 | 77 |
default: return ""; |
| 75 | 78 |
} |
| include/RequestManager.h (revision 24) | ||
|---|---|---|
| 25 | 25 |
#include "ImagePool.h" |
| 26 | 26 |
#include "VMTemplatePool.h" |
| 27 | 27 |
#include "GroupPool.h" |
| 28 |
#include "NetworkfilterPool.h" |
|
| 28 | 29 | |
| 29 | 30 |
#include "AuthManager.h" |
| 30 | 31 | |
| include/NetworkfilterPool.h (revision 24) | ||
|---|---|---|
| 1 |
/* -------------------------------------------------------------------------- */ |
|
| 2 |
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ |
|
| 3 |
/* */ |
|
| 4 |
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ |
|
| 5 |
/* not use this file except in compliance with the License. You may obtain */ |
|
| 6 |
/* a copy of the License at */ |
|
| 7 |
/* */ |
|
| 8 |
/* http://www.apache.org/licenses/LICENSE-2.0 */ |
|
| 9 |
/* */ |
|
| 10 |
/* Unless required by applicable law or agreed to in writing, software */ |
|
| 11 |
/* distributed under the License is distributed on an "AS IS" BASIS, */ |
|
| 12 |
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ |
|
| 13 |
/* See the License for the specific language governing permissions and */ |
|
| 14 |
/* limitations under the License. */ |
|
| 15 |
/* -------------------------------------------------------------------------- */ |
|
| 16 | ||
| 17 |
#ifndef NETWORKFILTER_POOL_H_ |
|
| 18 |
#define NETWORKFILTER_POOL_H_ |
|
| 19 | ||
| 20 |
#include "PoolSQL.h" |
|
| 21 |
#include "Networkfilter.h" |
|
| 22 |
#include "NebulaLog.h" |
|
| 23 | ||
| 24 |
#include <time.h> |
|
| 25 |
#include <sstream> |
|
| 26 | ||
| 27 |
#include <iostream> |
|
| 28 |
#include <vector> |
|
| 29 | ||
| 30 |
class AuthRequest; |
|
| 31 | ||
| 32 |
using namespace std; |
|
| 33 | ||
| 34 |
/** |
|
| 35 |
* The Networkfilter Pool class. |
|
| 36 |
*/ |
|
| 37 |
class NetworkfilterPool : public PoolSQL |
|
| 38 |
{
|
|
| 39 |
public: |
|
| 40 | ||
| 41 |
NetworkfilterPool(SqlDB * db); |
|
| 42 | ||
| 43 |
~NetworkfilterPool(){};
|
|
| 44 | ||
| 45 |
/** |
|
| 46 |
* Function to allocate a new Networkfilter object |
|
| 47 |
* @param uid the user id of the Networkfilter's owner |
|
| 48 |
* @param gid the id of the group this object is assigned to |
|
| 49 |
* @param uname name of the user |
|
| 50 |
* @param gname name of the group |
|
| 51 |
* @param fw_template template associated with the Networkfilter |
|
| 52 |
* @param oid the id assigned to the Networkfilter |
|
| 53 |
* @param error_str Returns the error reason, if any |
|
| 54 |
* @return the oid assigned to the object, |
|
| 55 |
* -1 in case of failure |
|
| 56 |
* -2 in case of template parse failure |
|
| 57 |
*/ |
|
| 58 |
int allocate ( |
|
| 59 |
int uid, |
|
| 60 |
int gid, |
|
| 61 |
const string& uname, |
|
| 62 |
const string& gname, |
|
| 63 |
NetworkfilterTemplate * nf_template, |
|
| 64 |
int * oid, |
|
| 65 |
string& error_str); |
|
| 66 | ||
| 67 |
/** |
|
| 68 |
** Function to get a Networkfilter from the pool, if the object is not in memory |
|
| 69 |
* it is loaded from the DB |
|
| 70 |
* @param oid Networkfilter unique id |
|
| 71 |
* @param lock locks the Networkfilter mutex |
|
| 72 |
* @return a pointer to the Networkfilter, 0 if the Networkfilter could not be loaded |
|
| 73 |
*/ |
|
| 74 |
Networkfilter * get(int oid, bool lock) |
|
| 75 |
{
|
|
| 76 |
return static_cast<Networkfilter *>(PoolSQL::get(oid,lock)); |
|
| 77 |
}; |
|
| 78 | ||
| 79 |
/** |
|
| 80 |
* Gets an object from the pool (if needed the object is loaded from the |
|
| 81 |
* database). |
|
| 82 |
* @param name of the object |
|
| 83 |
* @param uid id of owner |
|
| 84 |
* @param lock locks the object if true |
|
| 85 |
* |
|
| 86 |
* @return a pointer to the object, 0 in case of failure |
|
| 87 |
*/ |
|
| 88 |
Networkfilter * get(const string& name, int uid, bool lock) |
|
| 89 |
{
|
|
| 90 |
return static_cast<Networkfilter *>(PoolSQL::get(name,uid,lock)); |
|
| 91 |
}; |
|
| 92 | ||
| 93 |
/** |
|
| 94 |
* Update a particular Networkfilter |
|
| 95 |
* @param image pointer to Networkfilter |
|
| 96 |
* @return 0 on success |
|
| 97 |
*/ |
|
| 98 |
int update(Networkfilter * networkfilter) |
|
| 99 |
{
|
|
| 100 |
return networkfilter->update(db); |
|
| 101 |
}; |
|
| 102 | ||
| 103 | ||
| 104 |
//-------------------------------------------------------------------------- |
|
| 105 |
// Virtual Network DB access functions |
|
| 106 |
//-------------------------------------------------------------------------- |
|
| 107 | ||
| 108 |
/** |
|
| 109 |
* Generates a NIC attribute for VM templates using the Networkfilter |
|
| 110 |
* metadata |
|
| 111 |
* @param nic the nic attribute to be generated |
|
| 112 |
* @param vid of the VM requesting the Networkfilter |
|
| 113 |
* @return 0 on success, |
|
| 114 |
* -1 error, |
|
| 115 |
*/ |
|
| 116 |
int nic_attribute(VectorAttribute * nic, int uid, int vid); |
|
| 117 | ||
| 118 |
/** |
|
| 119 |
* Bootstraps the database table(s) associated to the Networkfilter pool |
|
| 120 |
*/ |
|
| 121 |
static int bootstrap(SqlDB *_db) |
|
| 122 |
{
|
|
| 123 |
return Networkfilter::bootstrap(_db); |
|
| 124 |
}; |
|
| 125 | ||
| 126 |
/** |
|
| 127 |
* Generates an Authorization token for the NETWORKFILTER attribute |
|
| 128 |
* @param networkfilter the networkilter to be authorized |
|
| 129 |
* @param uid of owner (to look for the networkfilter id within her images) |
|
| 130 |
* @param ar the AuthRequest |
|
| 131 |
*/ |
|
| 132 |
void authorize_networkfilter(VectorAttribute * networkfilter, int uid, AuthRequest * ar); |
|
| 133 | ||
| 134 |
/** |
|
| 135 |
* Dumps the Networkfilter pool in XML format. A filter can be also added to the |
|
| 136 |
* query |
|
| 137 |
* @param oss the output stream to dump the pool contents |
|
| 138 |
* @param where filter for the objects, defaults to all |
|
| 139 |
* @return 0 on success |
|
| 140 |
*/ |
|
| 141 |
int dump(ostringstream& oss, const string& where) |
|
| 142 |
{
|
|
| 143 |
return PoolSQL::dump(oss, "NETWORKFILTER_POOL", Networkfilter::table, where); |
|
| 144 |
} |
|
| 145 | ||
| 146 |
private: |
|
| 147 |
//-------------------------------------------------------------------------- |
|
| 148 |
// Pool Attributes |
|
| 149 |
// ------------------------------------------------------------------------- |
|
| 150 |
/** |
|
| 151 |
* Factory method to produce Networkfilter objects |
|
| 152 |
* @return a pointer to the new Networkfilter |
|
| 153 |
*/ |
|
| 154 |
PoolObjectSQL * create() |
|
| 155 |
{
|
|
| 156 |
return new Networkfilter(-1,-1,"","",0); |
|
| 157 |
}; |
|
| 158 |
}; |
|
| 159 | ||
| 160 |
#endif /*NETWORKFILTER_POOL_H_*/ |
|
| include/RequestManagerNetworkfilter.h (revision 24) | ||
|---|---|---|
| 1 |
/* -------------------------------------------------------------------------- */ |
|
| 2 |
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ |
|
| 3 |
/* */ |
|
| 4 |
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ |
|
| 5 |
/* not use this file except in compliance with the License. You may obtain */ |
|
| 6 |
/* a copy of the License at */ |
|
| 7 |
/* */ |
|
| 8 |
/* http://www.apache.org/licenses/LICENSE-2.0 */ |
|
| 9 |
/* */ |
|
| 10 |
/* Unless required by applicable law or agreed to in writing, software */ |
|
| 11 |
/* distributed under the License is distributed on an "AS IS" BASIS, */ |
|
| 12 |
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ |
|
| 13 |
/* See the License for the specific language governing permissions and */ |
|
| 14 |
/* limitations under the License. */ |
|
| 15 |
/* -------------------------------------------------------------------------- */ |
|
| 16 | ||
| 17 |
#ifndef REQUEST_MANAGER_NETWORKFILTER_H |
|
| 18 |
#define REQUEST_MANAGER_NETWORKFILTER_H |
|
| 19 | ||
| 20 |
#include "Request.h" |
|
| 21 |
#include "Nebula.h" |
|
| 22 | ||
| 23 |
using namespace std; |
|
| 24 | ||
| 25 |
/* ------------------------------------------------------------------------- */ |
|
| 26 |
/* ------------------------------------------------------------------------- */ |
|
| 27 |
/* ------------------------------------------------------------------------- */ |
|
| 28 | ||
| 29 |
class RequestManagerNetworkfilter: public Request |
|
| 30 |
{
|
|
| 31 |
protected: |
|
| 32 |
RequestManagerNetworkfilter( const string& method_name, |
|
| 33 |
const string& help, |
|
| 34 |
const string& params) |
|
| 35 |
:Request(method_name,params,help) |
|
| 36 |
{
|
|
| 37 |
Nebula& nd = Nebula::instance(); |
|
| 38 |
pool = nd.get_nfpool(); |
|
| 39 | ||
| 40 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
| 41 |
auth_op = AuthRequest::MANAGE; |
|
| 42 |
}; |
|
| 43 | ||
| 44 |
~RequestManagerNetworkfilter(){};
|
|
| 45 | ||
| 46 |
/* -------------------------------------------------------------------- */ |
|
| 47 | ||
| 48 |
virtual void request_execute(xmlrpc_c::paramList const& _paramList, |
|
| 49 |
RequestAttributes& att) = 0; |
|
| 50 |
}; |
|
| 51 | ||
| 52 |
/* ------------------------------------------------------------------------- */ |
|
| 53 |
/* ------------------------------------------------------------------------- */ |
|
| 54 | ||
| 55 |
class NetworkfilterEnable : public RequestManagerNetworkfilter |
|
| 56 |
{
|
|
| 57 |
public: |
|
| 58 |
NetworkfilterEnable(): |
|
| 59 |
RequestManagerNetworkfilter("NetworkfilterEnable",
|
|
| 60 |
"Enables or disables a networkfilter", |
|
| 61 |
"A:sib"){};
|
|
| 62 |
~NetworkfilterEnable(){};
|
|
| 63 | ||
| 64 |
void request_execute(xmlrpc_c::paramList const& _paramList, |
|
| 65 |
RequestAttributes& att); |
|
| 66 |
}; |
|
| 67 | ||
| 68 |
/* -------------------------------------------------------------------------- */ |
|
| 69 |
/* -------------------------------------------------------------------------- */ |
|
| 70 |
/* -------------------------------------------------------------------------- */ |
|
| 71 | ||
| 72 |
#endif |
|
| include/Nebula.h (revision 24) | ||
|---|---|---|
| 91 | 91 |
return tpool; |
| 92 | 92 |
}; |
| 93 | 93 | |
| 94 |
NetworkfilterPool * get_nfpool() |
|
| 95 |
{
|
|
| 96 |
return nfpool; |
|
| 97 |
}; |
|
| 98 | ||
| 94 | 99 |
// -------------------------------------------------------------- |
| 95 | 100 |
// Manager Accessors |
| 96 | 101 |
// -------------------------------------------------------------- |
| ... | ... | |
| 323 | 328 |
delete tpool; |
| 324 | 329 |
} |
| 325 | 330 | |
| 331 |
if ( nfpool != 0) |
|
| 332 |
{
|
|
| 333 |
delete nfpool; |
|
| 334 |
} |
|
| 335 | ||
| 326 | 336 |
if ( vmm != 0) |
| 327 | 337 |
{
|
| 328 | 338 |
delete vmm; |
| ... | ... | |
| 421 | 431 |
ImagePool * ipool; |
| 422 | 432 |
GroupPool * gpool; |
| 423 | 433 |
VMTemplatePool * tpool; |
| 434 |
NetworkfilterPool * nfpool; |
|
| 424 | 435 | |
| 425 | 436 |
// --------------------------------------------------------------- |
| 426 | 437 |
// Nebula Managers |
| include/RequestManagerAllocate.h (revision 24) | ||
|---|---|---|
| 23 | 23 |
#include "VirtualNetworkTemplate.h" |
| 24 | 24 |
#include "ImageTemplate.h" |
| 25 | 25 |
#include "VirtualMachineTemplate.h" |
| 26 |
#include "NetworkfilterTemplate.h" |
|
| 26 | 27 | |
| 27 | 28 |
using namespace std; |
| 28 | 29 | |
| ... | ... | |
| 204 | 205 |
/* ------------------------------------------------------------------------- */ |
| 205 | 206 |
/* ------------------------------------------------------------------------- */ |
| 206 | 207 | |
| 208 |
class NetworkfilterAllocate: public RequestManagerAllocate |
|
| 209 |
{
|
|
| 210 |
public: |
|
| 211 |
NetworkfilterAllocate(): |
|
| 212 |
RequestManagerAllocate("NetworkfilterAllocate",
|
|
| 213 |
"Allocates a new networkfilter", |
|
| 214 |
"A:ss", |
|
| 215 |
true) |
|
| 216 |
{
|
|
| 217 |
Nebula& nd = Nebula::instance(); |
|
| 218 |
pool = nd.get_nfpool(); |
|
| 219 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
| 220 |
}; |
|
| 221 | ||
| 222 |
~NetworkfilterAllocate(){};
|
|
| 223 | ||
| 224 |
/* --------------------------------------------------------------------- */ |
|
| 225 | ||
| 226 |
Template * get_object_template() |
|
| 227 |
{
|
|
| 228 |
return new NetworkfilterTemplate; |
|
| 229 |
}; |
|
| 230 | ||
| 231 |
int pool_allocate(xmlrpc_c::paramList const& _paramList, |
|
| 232 |
Template * tmpl, |
|
| 233 |
int& id, |
|
| 234 |
string& error_str, |
|
| 235 |
RequestAttributes& att); |
|
| 236 |
}; |
|
| 237 | ||
| 238 |
/* ------------------------------------------------------------------------- */ |
|
| 239 |
/* ------------------------------------------------------------------------- */ |
|
| 240 | ||
| 207 | 241 |
class HostAllocate : public RequestManagerAllocate |
| 208 | 242 |
{
|
| 209 | 243 |
public: |
| include/NetworkfilterTemplate.h (revision 24) | ||
|---|---|---|
| 1 |
/* -------------------------------------------------------------------------- */ |
|
| 2 |
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ |
|
| 3 |
/* */ |
|
| 4 |
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ |
|
| 5 |
/* not use this file except in compliance with the License. You may obtain */ |
|
| 6 |
/* a copy of the License at */ |
|
| 7 |
/* */ |
|
| 8 |
/* http://www.apache.org/licenses/LICENSE-2.0 */ |
|
| 9 |
/* */ |
|
| 10 |
/* Unless required by applicable law or agreed to in writing, software */ |
|
| 11 |
/* distributed under the License is distributed on an "AS IS" BASIS, */ |
|
| 12 |
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ |
|
| 13 |
/* See the License for the specific language governing permissions and */ |
|
| 14 |
/* limitations under the License. */ |
|
| 15 |
/* -------------------------------------------------------------------------- */ |
|
| 16 | ||
| 17 |
#ifndef NETWORKFILTER_TEMPLATE_H_ |
|
| 18 |
#define NETWORKFILTER_TEMPLATE_H_ |
|
| 19 | ||
| 20 |
#include "Template.h" |
|
| 21 | ||
| 22 |
using namespace std; |
|
| 23 | ||
| 24 |
/** |
|
| 25 |
* Networkfilter Template class, it represents the attributes of a Host |
|
| 26 |
*/ |
|
| 27 |
class NetworkfilterTemplate : public Template |
|
| 28 |
{
|
|
| 29 |
public: |
|
| 30 |
NetworkfilterTemplate() : Template(false,'=',"TEMPLATE"){};
|
|
| 31 | ||
| 32 |
~NetworkfilterTemplate(){};
|
|
| 33 | ||
| 34 |
}; |
|
| 35 |
|
|
| 36 |
/* -------------------------------------------------------------------------- */ |
|
| 37 |
/* -------------------------------------------------------------------------- */ |
|
| 38 | ||
| 39 |
#endif /*NETWORKFILTER_TEMPLATE_H_*/ |
|
| include/RequestManagerInfo.h (revision 24) | ||
|---|---|---|
| 144 | 144 |
/* ------------------------------------------------------------------------- */ |
| 145 | 145 |
/* ------------------------------------------------------------------------- */ |
| 146 | 146 | |
| 147 |
class NetworkfilterInfo: public RequestManagerInfo |
|
| 148 |
{
|
|
| 149 |
public: |
|
| 150 |
NetworkfilterInfo(): |
|
| 151 |
RequestManagerInfo("NetworkfilterInfo",
|
|
| 152 |
"Returns networkfilter information") |
|
| 153 |
{
|
|
| 154 |
Nebula& nd = Nebula::instance(); |
|
| 155 |
pool = nd.get_nfpool(); |
|
| 156 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
| 157 |
}; |
|
| 158 | ||
| 159 |
~NetworkfilterInfo(){};
|
|
| 160 | ||
| 161 |
}; |
|
| 162 | ||
| 163 |
/* ------------------------------------------------------------------------- */ |
|
| 164 |
/* ------------------------------------------------------------------------- */ |
|
| 165 | ||
| 147 | 166 |
class HostInfo : public RequestManagerInfo |
| 148 | 167 |
{
|
| 149 | 168 |
public: |
| include/RequestManagerPoolInfoFilter.h (revision 24) | ||
|---|---|---|
| 155 | 155 |
/* ------------------------------------------------------------------------- */ |
| 156 | 156 |
/* ------------------------------------------------------------------------- */ |
| 157 | 157 | |
| 158 |
class NetworkfilterPoolInfo: public RequestManagerPoolInfoFilter |
|
| 159 |
{
|
|
| 160 |
public: |
|
| 161 |
NetworkfilterPoolInfo(): |
|
| 162 |
RequestManagerPoolInfoFilter("NetworkfilterPoolInfo",
|
|
| 163 |
"Returns the networkfilter pool", |
|
| 164 |
"A:siii") |
|
| 165 |
{
|
|
| 166 |
Nebula& nd = Nebula::instance(); |
|
| 167 |
pool = nd.get_nfpool(); |
|
| 168 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
| 169 |
}; |
|
| 170 | ||
| 171 |
~NetworkfilterPoolInfo(){};
|
|
| 172 |
}; |
|
| 173 | ||
| 174 |
/* -------------------------------------------------------------------------- */ |
|
| 175 |
/* -------------------------------------------------------------------------- */ |
|
| 176 | ||
| 158 | 177 |
class HostPoolInfo : public RequestManagerPoolInfoFilter |
| 159 | 178 |
{
|
| 160 | 179 |
public: |
| include/RequestManagerChmod.h (revision 24) | ||
|---|---|---|
| 117 | 117 | |
| 118 | 118 |
}; |
| 119 | 119 | |
| 120 |
/* ------------------------------------------------------------------------- */ |
|
| 121 |
/* ------------------------------------------------------------------------- */ |
|
| 122 | ||
| 123 |
class NetworkfilterChmod: public RequestManagerChmod |
|
| 124 |
{
|
|
| 125 |
public: |
|
| 126 |
NetworkfilterChmod(): |
|
| 127 |
RequestManagerChmod("NetworkfilterChmod",
|
|
| 128 |
"Changes permission bits of a networkfilter") |
|
| 129 |
{
|
|
| 130 |
Nebula& nd = Nebula::instance(); |
|
| 131 |
pool = nd.get_nfpool(); |
|
| 132 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
| 133 |
}; |
|
| 134 | ||
| 135 |
~NetworkfilterChmod(){};
|
|
| 136 | ||
| 137 |
}; |
|
| 138 | ||
| 120 | 139 |
/* -------------------------------------------------------------------------- */ |
| 121 | 140 |
/* -------------------------------------------------------------------------- */ |
| 122 | 141 |
/* -------------------------------------------------------------------------- */ |
| include/Networkfilter.h (revision 24) | ||
|---|---|---|
| 1 |
/* ------------------------------------------------------------------------ */ |
|
| 2 |
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ |
|
| 3 |
/* */ |
|
| 4 |
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ |
|
| 5 |
/* not use this file except in compliance with the License. You may obtain */ |
|
| 6 |
/* a copy of the License at */ |
|
| 7 |
/* */ |
|
| 8 |
/* http://www.apache.org/licenses/LICENSE-2.0 */ |
|
| 9 |
/* */ |
|
| 10 |
/* Unless required by applicable law or agreed to in writing, software */ |
|
| 11 |
/* distributed under the License is distributed on an "AS IS" BASIS, */ |
|
| 12 |
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ |
|
| 13 |
/* See the License for the specific language governing permissions and */ |
|
| 14 |
/* limitations under the License. */ |
|
| 15 |
/* -------------------------------------------------------------------------*/ |
|
| 16 | ||
| 17 |
#ifndef NETWORKFILTER_H_ |
|
| 18 |
#define NETWORKFILTER_H_ |
|
| 19 | ||
| 20 |
#include "PoolSQL.h" |
|
| 21 |
#include "NetworkfilterTemplate.h" |
|
| 22 |
#include "NebulaLog.h" |
|
| 23 | ||
| 24 |
using namespace std; |
|
| 25 | ||
| 26 |
/** |
|
| 27 |
* The Networkfilter class. |
|
| 28 |
*/ |
|
| 29 |
class Networkfilter : public PoolObjectSQL |
|
| 30 |
{
|
|
| 31 |
public: |
|
| 32 |
// ************************************************************************* |
|
| 33 |
// Networkfilter Public Methods |
|
| 34 |
// ************************************************************************* |
|
| 35 | ||
| 36 |
/** |
|
| 37 |
* Function to print the Networkfilter object into a string in XML format |
|
| 38 |
* @param xml the resulting XML string |
|
| 39 |
* @return a reference to the generated string |
|
| 40 |
*/ |
|
| 41 |
string& to_xml(string& xml) const; |
|
| 42 | ||
| 43 |
/** |
|
| 44 |
* Rebuilds the object from an xml formatted string |
|
| 45 |
* @param xml_str The xml-formatted string |
|
| 46 |
* |
|
| 47 |
* @return 0 on success, -1 otherwise |
|
| 48 |
*/ |
|
| 49 |
int from_xml(const string &xml_str); |
|
| 50 | ||
| 51 |
/** |
|
| 52 |
* |
|
| 53 |
*/ |
|
| 54 |
int dec_running () |
|
| 55 |
{
|
|
| 56 |
return --running_vms; |
|
| 57 |
} |
|
| 58 | ||
| 59 |
/** |
|
| 60 |
* |
|
| 61 |
*/ |
|
| 62 |
int inc_running() |
|
| 63 |
{
|
|
| 64 |
return ++running_vms; |
|
| 65 |
} |
|
| 66 | ||
| 67 |
/** |
|
| 68 |
* |
|
| 69 |
*/ |
|
| 70 |
int get_running() |
|
| 71 |
{
|
|
| 72 |
return running_vms; |
|
| 73 |
} |
|
| 74 |
/** |
|
| 75 |
* Check if the image can be used by other users |
|
| 76 |
* @return true if group or others can access the image |
|
| 77 |
*/ |
|
| 78 |
bool isPublic() |
|
| 79 |
{
|
|
| 80 |
return (group_u == 1 || other_u == 1); |
|
| 81 |
} |
|
| 82 | ||
| 83 |
/** |
|
| 84 |
* Factory method for networkfilter templates |
|
| 85 |
*/ |
|
| 86 |
Template * get_new_template() |
|
| 87 |
{
|
|
| 88 |
return new NetworkfilterTemplate; |
|
| 89 |
} |
|
| 90 | ||
| 91 |
/** |
|
| 92 |
* Modifies the given nic attribute adding the filter attributes |
|
| 93 |
* @param nic attribute for the VM template |
|
| 94 |
* @param vid of the VM getting the lease |
|
| 95 |
* @return 0 on success |
|
| 96 |
*/ |
|
| 97 |
int nic_attribute(VectorAttribute * nic, int vid); |
|
| 98 | ||
| 99 |
private: |
|
| 100 | ||
| 101 |
// ------------------------------------------------------------------------- |
|
| 102 |
// Friends |
|
| 103 |
// ------------------------------------------------------------------------- |
|
| 104 | ||
| 105 |
friend class NetworkfilterPool; |
|
| 106 | ||
| 107 |
// ------------------------------------------------------------------------- |
|
| 108 |
// Networkfilter Description |
|
| 109 |
// ------------------------------------------------------------------------- |
|
| 110 | ||
| 111 |
/** |
|
| 112 |
* Registration time |
|
| 113 |
*/ |
|
| 114 |
time_t regtime; |
|
| 115 | ||
| 116 |
/** |
|
| 117 |
* Number of VMs using the image |
|
| 118 |
*/ |
|
| 119 |
int running_vms; |
|
| 120 | ||
| 121 |
// ************************************************************************* |
|
| 122 |
// DataBase implementation (Private) |
|
| 123 |
// ************************************************************************* |
|
| 124 | ||
| 125 |
/** |
|
| 126 |
* Execute an INSERT or REPLACE Sql query. |
|
| 127 |
* @param db The SQL DB |
|
| 128 |
* @param replace Execute an INSERT or a REPLACE |
|
| 129 |
* @return 0 on success |
|
| 130 |
*/ |
|
| 131 |
int insert_replace(SqlDB *db, bool replace, string& error_str); |
|
| 132 | ||
| 133 |
/** |
|
| 134 |
* Bootstraps the database table(s) associated to the Networkfilter |
|
| 135 |
* @return 0 on success |
|
| 136 |
*/ |
|
| 137 |
static int bootstrap(SqlDB * db) |
|
| 138 |
{
|
|
| 139 |
ostringstream oss_networkfilter(Networkfilter::db_bootstrap); |
|
| 140 | ||
| 141 |
return db->exec(oss_networkfilter); |
|
| 142 |
}; |
|
| 143 | ||
| 144 |
/** |
|
| 145 |
* "Encrypts" the password with SHA1 digest |
|
| 146 |
* @param password |
|
| 147 |
* @return sha1 encrypted password |
|
| 148 |
*/ |
|
| 149 |
static string sha1_digest(const string& pass); |
|
| 150 | ||
| 151 |
protected: |
|
| 152 | ||
| 153 |
// ************************************************************************* |
|
| 154 |
// Constructor |
|
| 155 |
// ************************************************************************* |
|
| 156 | ||
| 157 |
Networkfilter(int uid, |
|
| 158 |
int gid, |
|
| 159 |
const string& uname, |
|
| 160 |
const string& gname, |
|
| 161 |
NetworkfilterTemplate* fw_template); |
|
| 162 | ||
| 163 |
virtual ~Networkfilter(); |
|
| 164 | ||
| 165 |
// ************************************************************************* |
|
| 166 |
// DataBase implementation |
|
| 167 |
// ************************************************************************* |
|
| 168 | ||
| 169 |
static const char * db_names; |
|
| 170 | ||
| 171 |
static const char * db_bootstrap; |
|
| 172 | ||
| 173 |
static const char * table; |
|
| 174 | ||
| 175 |
/** |
|
| 176 |
* Writes the Networkfilter in the database. |
|
| 177 |
* @param db pointer to the db |
|
| 178 |
* @return 0 on success |
|
| 179 |
*/ |
|
| 180 |
virtual int insert(SqlDB *db, string& error_str); |
|
| 181 | ||
| 182 |
/** |
|
| 183 |
* Writes/updates the Networkfilter data fields in the database. |
|
| 184 |
* @param db pointer to the db |
|
| 185 |
* @return 0 on success |
|
| 186 |
*/ |
|
| 187 |
virtual int update(SqlDB *db); |
|
| 188 |
}; |
|
| 189 | ||
| 190 |
#endif /*Networkfilter_H_*/ |
|
| include/RequestManagerDelete.h (revision 24) | ||
|---|---|---|
| 122 | 122 |
/* ------------------------------------------------------------------------- */ |
| 123 | 123 |
/* ------------------------------------------------------------------------- */ |
| 124 | 124 | |
| 125 |
class NetworkfilterDelete: public RequestManagerDelete |
|
| 126 |
{
|
|
| 127 |
public: |
|
| 128 |
NetworkfilterDelete(): |
|
| 129 |
RequestManagerDelete("NetworkfilterDelete", "Deletes a networkfilter")
|
|
| 130 |
{
|
|
| 131 |
Nebula& nd = Nebula::instance(); |
|
| 132 |
pool = nd.get_nfpool(); |
|
| 133 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
| 134 |
}; |
|
| 135 | ||
| 136 |
~NetworkfilterDelete(){};
|
|
| 137 | ||
| 138 |
}; |
|
| 139 | ||
| 140 |
/* ------------------------------------------------------------------------- */ |
|
| 141 |
/* ------------------------------------------------------------------------- */ |
|
| 142 | ||
| 125 | 143 |
class HostDelete : public RequestManagerDelete |
| 126 | 144 |
{
|
| 127 | 145 |
public: |
| include/VirtualMachine.h (revision 24) | ||
|---|---|---|
| 665 | 665 |
int get_disk_images(string &error_str); |
| 666 | 666 | |
| 667 | 667 |
/** |
| 668 |
* Releases all network filters taken by this Virtual Machine |
|
| 669 |
*/ |
|
| 670 |
void release_network_filters(); |
|
| 671 | ||
| 672 |
/** |
|
| 668 | 673 |
* Releases all disk images taken by this Virtual Machine |
| 669 | 674 |
*/ |
| 670 | 675 |
void release_disk_images(); |
| ... | ... | |
| 696 | 701 |
// ------------------------------------------------------------------------ |
| 697 | 702 |
/** |
| 698 | 703 |
* Sets an authorization request for a VirtualMachine template based on |
| 699 |
* the images and networks used |
|
| 704 |
* the images and networks and networkfilters used
|
|
| 700 | 705 |
* @param uid for template owner |
| 701 | 706 |
* @param ar the AuthRequest object |
| 702 | 707 |
* @param tmpl the virtual machine template |
| include/RequestManagerUpdateTemplate.h (revision 24) | ||
|---|---|---|
| 83 | 83 |
/* ------------------------------------------------------------------------- */ |
| 84 | 84 |
/* ------------------------------------------------------------------------- */ |
| 85 | 85 | |
| 86 |
class NetworkfilterUpdateTemplate: public RequestManagerUpdateTemplate |
|
| 87 |
{
|
|
| 88 |
public: |
|
| 89 |
NetworkfilterUpdateTemplate(): |
|
| 90 |
RequestManagerUpdateTemplate("NetworkfilterUpdateTemplate",
|
|
| 91 |
"Updates a networkfilter template") |
|
| 92 |
{
|
|
| 93 |
Nebula& nd = Nebula::instance(); |
|
| 94 |
pool = nd.get_nfpool(); |
|
| 95 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
| 96 |
}; |
|
| 97 | ||
| 98 |
~NetworkfilterUpdateTemplate(){};
|
|
| 99 |
}; |
|
| 100 | ||
| 101 |
/* ------------------------------------------------------------------------- */ |
|
| 102 |
/* ------------------------------------------------------------------------- */ |
|
| 103 | ||
| 86 | 104 |
class HostUpdateTemplate : public RequestManagerUpdateTemplate |
| 87 | 105 |
{
|
| 88 | 106 |
public: |
| include/RequestManagerChown.h (revision 24) | ||
|---|---|---|
| 139 | 139 |
/* ------------------------------------------------------------------------- */ |
| 140 | 140 |
/* ------------------------------------------------------------------------- */ |
| 141 | 141 | |
| 142 |
class NetworkfilterChown: public RequestManagerChown |
|
| 143 |
{
|
|
| 144 |
public: |
|
| 145 |
NetworkfilterChown(): |
|
| 146 |
RequestManagerChown("NetworkfilterChown",
|
|
| 147 |
"Changes ownership of an networkfilter") |
|
| 148 |
{
|
|
| 149 |
Nebula& nd = Nebula::instance(); |
|
| 150 |
pool = nd.get_nfpool(); |
|
| 151 |
auth_object = PoolObjectSQL::NETWORKFILTER; |
|
| 152 |
}; |
|
| 153 | ||
| 154 |
~NetworkfilterChown(){};
|
|
| 155 | ||
| 156 |
}; |
|
| 157 | ||
| 158 |
/* ------------------------------------------------------------------------- */ |
|
| 159 |
/* ------------------------------------------------------------------------- */ |
|
| 160 | ||
| 142 | 161 |
class UserChown : public RequestManagerChown |
| 143 | 162 |
{
|
| 144 | 163 |
public: |
| SConstruct (revision 24) | ||
|---|---|---|
| 70 | 70 |
cwd+'/src/dm', |
| 71 | 71 |
cwd+'/src/im', |
| 72 | 72 |
cwd+'/src/image', |
| 73 |
cwd+'/src/networkfilter', |
|
| 73 | 74 |
cwd+'/src/rm', |
| 74 | 75 |
cwd+'/src/vnm', |
| 75 | 76 |
cwd+'/src/hm', |
| ... | ... | |
| 200 | 201 |
'src/tm/SConstruct', |
| 201 | 202 |
'src/im/SConstruct', |
| 202 | 203 |
'src/image/SConstruct', |
| 204 |
'src/networkfilter/SConstruct', |
|
| 203 | 205 |
'src/dm/SConstruct', |
| 204 | 206 |
'src/scheduler/SConstruct', |
| 205 | 207 |
'src/vnm/SConstruct', |
| src/acl/AclRule.cc (revision 24) | ||
|---|---|---|
| 253 | 253 |
PoolObjectSQL::IMAGE, |
| 254 | 254 |
PoolObjectSQL::USER, |
| 255 | 255 |
PoolObjectSQL::TEMPLATE, |
| 256 |
PoolObjectSQL::GROUP |
|
| 256 |
PoolObjectSQL::GROUP, |
|
| 257 |
PoolObjectSQL::NETWORKFILTER |
|
| 257 | 258 |
}; |
| 258 | 259 | |
| 259 | 260 |
bool prefix = false; |
| 260 | 261 | |
| 261 |
for ( int i = 0; i < 7; i++ ) |
|
| 262 |
int objects_size = sizeof( objects ) / sizeof( objects[0] ); |
|
| 263 |
for ( int i = 0; i < objects_size; i++ ) |
|
| 262 | 264 |
{
|
| 263 | 265 |
if ( (resource & objects[i]) != 0 ) |
| 264 | 266 |
{
|
| src/dm/DispatchManagerActions.cc (revision 24) | ||
|---|---|---|
| 626 | 626 | |
| 627 | 627 |
vm->release_disk_images(); |
| 628 | 628 | |
| 629 |
vm->release_network_filters(); |
|
| 630 | ||
| 629 | 631 |
vm->log("DiM", Log::INFO, "New VM state is DONE.");
|
| 630 | 632 |
break; |
| 631 | 633 | |
| src/dm/DispatchManagerStates.cc (revision 24) | ||
|---|---|---|
| 130 | 130 |
vm->release_network_leases(); |
| 131 | 131 | |
| 132 | 132 |
vm->release_disk_images(); |
| 133 | ||
| 134 |
vm->release_network_filters(); |
|
| 133 | 135 |
} |
| 134 | 136 |
else |
| 135 | 137 |
{
|
| src/vnm/VirtualNetwork.cc (revision 24) | ||
|---|---|---|
| 18 | 18 |
#include "VirtualNetwork.h" |
| 19 | 19 |
#include "VirtualNetworkPool.h" |
| 20 | 20 |
#include "VirtualNetworkTemplate.h" |
| 21 |
#include "NetworkfilterPool.h" |
|
| 21 | 22 | |
| 22 | 23 |
#include "NebulaLog.h" |
| 23 | 24 |
#include "RangedLeases.h" |
| ... | ... | |
| 25 | 26 | |
| 26 | 27 |
#include "AuthManager.h" |
| 27 | 28 | |
| 29 |
#include "Nebula.h" |
|
| 30 | ||
| 28 | 31 |
#define TO_UPPER(S) transform(S.begin(),S.end(),S.begin(),(int(*)(int))toupper) |
| 29 | 32 | |
| 30 | 33 |
/* ************************************************************************** */ |
| ... | ... | |
| 617 | 620 | |
| 618 | 621 |
string ip; |
| 619 | 622 |
string mac; |
| 623 |
string libvirt_filter; |
|
| 620 | 624 | |
| 621 | 625 |
ostringstream vnid; |
| 622 | 626 | |
| 627 |
NetworkfilterPool * nfpool = Nebula::instance().get_nfpool(); |
|
| 628 | ||
| 623 | 629 |
ip = nic->vector_value("IP");
|
| 624 | 630 |
vnid << oid; |
| 625 | 631 | |
| ... | ... | |
| 660 | 666 |
nic->replace("VLAN", "NO");
|
| 661 | 667 |
} |
| 662 | 668 | |
| 669 |
obj_template->get("LIBVIRT_FILTER",libvirt_filter);
|
|
| 670 |
if (libvirt_filter != "") |
|
| 671 |
{
|
|
| 672 |
nic->replace("LIBVIRT_FILTER",libvirt_filter);
|
|
| 673 |
} |
|
| 674 | ||
| 675 |
// GET NETWORKFILTER NIC ATTRIBUTES |
|
| 676 |
rc = nfpool->nic_attribute(nic, uid, vid); |
|
| 677 | ||
| 663 | 678 |
if (!phydev.empty()) |
| 664 | 679 |
{
|
| 665 | 680 |
nic->replace("PHYDEV", phydev);
|
| src/oca/ruby/OpenNebula/NetworkfilterPool.rb (revision 24) | ||
|---|---|---|
| 1 |
# -------------------------------------------------------------------------- # |
|
| 2 |
# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) # |
|
| 3 |
# # |
|
| 4 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may # |
|
| 5 |
# not use this file except in compliance with the License. You may obtain # |
|
| 6 |
# a copy of the License at # |
|
| 7 |
# # |
|
| 8 |
# http://www.apache.org/licenses/LICENSE-2.0 # |
|
| 9 |
# # |
|
| 10 |
# Unless required by applicable law or agreed to in writing, software # |
|
| 11 |
# distributed under the License is distributed on an "AS IS" BASIS, # |
|
| 12 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # |
|
| 13 |
# See the License for the specific language governing permissions and # |
|
| 14 |
# limitations under the License. # |
|
| 15 |
#--------------------------------------------------------------------------- # |
|
| 16 | ||
| 17 |
require 'OpenNebula/Pool' |
|
| 18 | ||
| 19 |
module OpenNebula |
|
| 20 |
class NetworkfilterPool < Pool |
|
| 21 |
####################################################################### |
|
| 22 |
# Constants and Class attribute accessors |
|
| 23 |
####################################################################### |
|
| 24 |
|
|
| 25 |
NETWORKFILTER_POOL_METHODS = {
|
|
| 26 |
:info => "networkfilterpool.info" |
|
| 27 |
} |
|
| 28 | ||
| 29 |
####################################################################### |
|
| 30 |
# Class constructor & Pool Methods |
|
| 31 |
####################################################################### |
|
| 32 |
|
|
| 33 |
# +client+ a Client object that represents a XML-RPC connection |
|
| 34 |
# +user_id+ is to refer to a Pool with Networkfilters from that user |
|
| 35 |
def initialize(client, user_id=-1) |
|
| 36 |
super('NETWORKFILTER_POOL','NETWORKFILTER',client)
|
|
| 37 | ||
| 38 |
@user_id = user_id |
|
| 39 |
end |
|
| 40 | ||
| 41 |
# Default Factory Method for the Pools |
|
| 42 |
def factory(element_xml) |
|
| 43 |
OpenNebula::Networkfilter.new(element_xml,@client) |
|
| 44 |
end |
|
| 45 | ||
| 46 |
####################################################################### |
|
| 47 |
# XML-RPC Methods for the Networkfilter Object |
|
| 48 |
####################################################################### |
|
| 49 | ||
| 50 |
# Retrieves all or part of the VirtualMachines in the pool. |
|
| 51 |
def info(*args) |
|
| 52 |
case args.size |
|
| 53 |
when 0 |
|
| 54 |
info_filter(NETWORKFILTER_POOL_METHODS[:info],@user_id,-1,-1) |
|
| 55 |
when 3 |
|
| 56 |
info_filter(NETWORKFILTER_POOL_METHODS[:info],args[0],args[1],args[2]) |
|
| 57 |
end |
|
| 58 |
end |
|
| 59 | ||
| 60 |
def info_all() |
|
| 61 |
return super(NETWORKFILTER_POOL_METHODS[:info]) |
|
| 62 |
end |
|
| 63 | ||
| 64 |
def info_mine() |
|
| 65 |
return super(NETWORKFILTER_POOL_METHODS[:info]) |
|
| 66 |
end |
|
| 67 | ||
| 68 |
def info_group() |
|
| 69 |
return super(NETWORKFILTER_POOL_METHODS[:info]) |
|
| 70 |
end |
|
| 71 |
end |
|
| 72 |
end |
|
| src/oca/ruby/OpenNebula/Acl.rb (revision 24) | ||
|---|---|---|
| 30 | 30 |
# USER |
| 31 | 31 |
# TEMPLATE |
| 32 | 32 |
# GROUP |
| 33 |
# NETWORKFILTER |
|
| 33 | 34 |
# ACL |
| 34 | 35 |
# RIGHTS -> + separated list |
| 35 | 36 |
# USE |
| ... | ... | |
| 52 | 53 |
"IMAGE" => 0x8000000000, |
| 53 | 54 |
"USER" => 0x10000000000, |
| 54 | 55 |
"TEMPLATE" => 0x20000000000, |
| 55 |
"GROUP" => 0x40000000000 |
|
| 56 |
"GROUP" => 0x40000000000, |
|
| 57 |
"NETWORKFILTER" => 0x80000000000 |
|
| 58 | ||
| 56 | 59 |
} |
| 57 | 60 | |
| 58 | 61 |
RIGHTS = |
| src/oca/ruby/OpenNebula/Networkfilter.rb (revision 24) | ||
|---|---|---|
| 1 |
# -------------------------------------------------------------------------- # |
|
| 2 |
# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) # |
|
| 3 |
# # |
|
| 4 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may # |
|
| 5 |
# not use this file except in compliance with the License. You may obtain # |
|
| 6 |
# a copy of the License at # |
|
| 7 |
# # |
|
| 8 |
# http://www.apache.org/licenses/LICENSE-2.0 # |
|
| 9 |
# # |
|
| 10 |
# Unless required by applicable law or agreed to in writing, software # |
|
| 11 |
# distributed under the License is distributed on an "AS IS" BASIS, # |
|
| 12 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # |
|
| 13 |
# See the License for the specific language governing permissions and # |
|
| 14 |
# limitations under the License. # |
|
| 15 |
#--------------------------------------------------------------------------- # |
|
| 16 | ||
| 17 |
require 'OpenNebula/Pool' |
|
| 18 |
require 'fileutils' |
|
| 19 | ||
| 20 |
module OpenNebula |
|
| 21 |
class Networkfilter < PoolElement |
|
| 22 |
# --------------------------------------------------------------------- |
|
| 23 |
# Constants and Class Methods |
|
| 24 |
# --------------------------------------------------------------------- |
|
| 25 |
NETWORKFILTER_METHODS = {
|
|
| 26 |
:info => "networkfilter.info", |
|
| 27 |
:allocate => "networkfilter.allocate", |
|
| 28 |
:update => "networkfilter.update", |
|
| 29 |
:enable => "networkfilter.enable", |
|
| 30 |
:delete => "networkfilter.delete", |
|
| 31 |
:chown => "networkfilter.chown", |
|
| 32 |
:chmod => "networkfilter.chmod" |
|
| 33 |
} |
|
| 34 | ||
| 35 |
# Creates a Network filter description with just its identifier |
|
| 36 |
# this method should be used to create plain Network filter objects. |
|
| 37 |
# +id+ the id of the networkfilter |
|
| 38 |
# |
|
| 39 |
# Example: |
|
| 40 |
# networkfilter = Networkfilter.new(Networkfilter.build_xml(3),rpc_client) |
|
| 41 |
# |
|
| 42 |
def Networkfilter.build_xml(pe_id=nil) |
|
| 43 |
if pe_id |
|
| 44 |
networkfilter_xml = "<NETWORKFILTER><ID>#{pe_id}</ID></NETWORKFILTER>"
|
|
| 45 |
else |
|
| 46 |
networkfilter_xml = "<NETWORKFILTER></NETWORKFILTER>" |
|
| 47 |
end |
|
| 48 | ||
| 49 |
XMLElement.build_xml(networkfilter_xml,'NETWORKFILTER') |
|
| 50 |
end |
|
| 51 | ||
| 52 |
# Class constructor |
|
| 53 |
def initialize(xml, client) |
|
| 54 |
super(xml,client) |
|
| 55 | ||
| 56 |
@client = client |
|
| 57 |
end |
|
| 58 | ||
| 59 |
####################################################################### |
|
| 60 |
# XML-RPC Methods for the Network filter Object |
|
| 61 |
####################################################################### |
|
| 62 | ||
| 63 |
# Retrieves the information of the given Network filter. |
|
| 64 |
def info() |
|
| 65 |
super(NETWORKFILTER_METHODS[:info], 'NETWORKFILTER') |
|
| 66 |
end |
|
| 67 | ||
| 68 |
# Allocates a new Network filter in OpenNebula |
|
| 69 |
# |
|
| 70 |
# +description+ A string containing the template of the Network filter. |
|
| 71 |
def allocate(description) |
|
| 72 |
super(NETWORKFILTER_METHODS[:allocate],description) |
|
| 73 |
end |
|
| 74 | ||
| 75 |
# Replaces the template contents |
|
| 76 |
# |
|
| 77 |
# +new_template+ New template contents |
|
| 78 |
def update(new_template) |
|
| 79 |
super(NETWORKFILTER_METHODS[:update], new_template) |
|
| 80 |
end |
|
| 81 | ||
| 82 |
# Enables an Network filter |
|
| 83 |
def enable |
|
| 84 |
set_enabled(true) |
|
| 85 |
end |
|
| 86 | ||
| 87 |
# Disables an Network filter |
|
| 88 |
def disable |
|
| 89 |
set_enabled(false) |
|
| 90 |
end |
|
| 91 | ||
| 92 |
# Deletes the Network filter |
|
| 93 |
def delete() |
|
| 94 |
super(NETWORKFILTER_METHODS[:delete]) |
|
| 95 |
end |
|
| 96 | ||
| 97 |
# Changes the owner/group |
|
| 98 |
# uid:: _Integer_ the new owner id. Set to -1 to leave the current one |
|
| 99 |
# gid:: _Integer_ the new group id. Set to -1 to leave the current one |
|
| 100 |
# [return] nil in case of success or an Error object |
|
| 101 |
def chown(uid, gid) |
|
| 102 |
super(NETWORKFILTER_METHODS[:chown], uid, gid) |
|
| 103 |
end |
|
| 104 | ||
| 105 |
# Changes the networkfilter permissions. |
|
| 106 |
# |
|
| 107 |
# @param octet [String] Permissions octed , e.g. 640 |
|
| 108 |
# @return [nil, OpenNebula::Error] nil in case of success, Error |
|
| 109 |
# otherwise |
|
| 110 |
def chmod_octet(octet) |
|
| 111 |
super(NETWORKFILTER_METHODS[:chmod], octet) |
|
| 112 |
end |
|
| 113 | ||
| 114 |
# Changes the networkfilter permissions. |
|
| 115 |
# Each [Integer] argument must be 1 to allow, 0 deny, -1 do not change |
|
| 116 |
# |
|
| 117 |
# @return [nil, OpenNebula::Error] nil in case of success, Error |
|
| 118 |
# otherwise |
|
| 119 |
def chmod(owner_u, owner_m, owner_a, group_u, group_m, group_a, other_u, |
|
| 120 |
other_m, other_a) |
|
| 121 |
super(NETWORKFILTER_METHODS[:chmod], owner_u, owner_m, owner_a, group_u, |
|
| 122 |
group_m, group_a, other_u, other_m, other_a) |
|
| 123 |
end |
|
| 124 | ||
| 125 |
####################################################################### |
|
| 126 |
# Helpers to get Network filter information |
|
| 127 |
####################################################################### |
|
| 128 | ||
| 129 |
# Returns the group identifier |
|
| 130 |
# [return] _Integer_ the element's group ID |
|
| 131 |
def gid |
|
| 132 |
self['GID'].to_i |
|
| 133 |
end |
|
| 134 | ||
| 135 |
private |
|
| 136 | ||
| 137 |
def set_enabled(enabled) |
|
| 138 |
return Error.new('ID not defined') if !@pe_id
|
|
| 139 | ||
| 140 |
rc = @client.call(NETWORKFILTER_METHODS[:enable], @pe_id, enabled) |
|
| 141 |
rc = nil if !OpenNebula.is_error?(rc) |
|
| 142 | ||
| 143 |
return rc |
|
| 144 |
end |
|
| 145 | ||
| 146 |
def set_publish(published) |
|
| 147 |
return Error.new('ID not defined') if !@pe_id
|
|
| 148 | ||
| 149 |
rc = @client.call(NETWORKFILTER_METHODS[:publish], @pe_id, published) |
|
| 150 |
rc = nil if !OpenNebula.is_error?(rc) |
|
| 151 | ||
| 152 |
return rc |
|
| 153 |
end |
|
| 154 |
|
|
| 155 |
end |
|
| 156 |
end |
|
| src/oca/ruby/OpenNebula.rb (revision 24) | ||
|---|---|---|
| 42 | 42 |
require 'OpenNebula/GroupPool' |
| 43 | 43 |
require 'OpenNebula/Acl' |
| 44 | 44 |
require 'OpenNebula/AclPool' |
| 45 |
require 'OpenNebula/Networkfilter' |
|
| 46 |
require 'OpenNebula/NetworkfilterPool' |
|
| 45 | 47 | |
| 46 | 48 |
module OpenNebula |
| 47 | 49 | |
| src/rm/RequestManagerNetworkfilter.cc (revision 24) | ||
|---|---|---|
| 1 |
/* -------------------------------------------------------------------------- */ |
|
| 2 |
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ |
|
| 3 |
/* */ |
|
| 4 |
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ |
|
| 5 |
/* not use this file except in compliance with the License. You may obtain */ |
|
| 6 |
/* a copy of the License at */ |
|
| 7 |
/* */ |
|
| 8 |
/* http://www.apache.org/licenses/LICENSE-2.0 */ |
|
| 9 |
/* */ |
|
| 10 |
/* Unless required by applicable law or agreed to in writing, software */ |
|
| 11 |
/* distributed under the License is distributed on an "AS IS" BASIS, */ |
|
| 12 |
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ |
|
| 13 |
/* See the License for the specific language governing permissions and */ |
|
| 14 |
/* limitations under the License. */ |
|
| 15 |
/* -------------------------------------------------------------------------- */ |
|
| 16 | ||
| 17 |
#include "RequestManagerNetworkfilter.h" |
|
| 18 |
#include "Nebula.h" |
|
| 19 | ||
| 20 |
/* -------------------------------------------------------------------------- */ |
|
| 21 |
/* -------------------------------------------------------------------------- */ |
|
| 22 | ||
| 23 |
void NetworkfilterEnable::request_execute(xmlrpc_c::paramList const& paramList, |
|
| 24 |
RequestAttributes& att) |
|
| 25 |
{
|
|
| 26 |
int id = xmlrpc_c::value_int(paramList.getInt(1)); |
|
| 27 | ||
| 28 |
Networkfilter * networkfilter; |
|
| 29 | ||
| 30 |
NetworkfilterPool * nfpool = static_cast<NetworkfilterPool *>(pool); |
|
| 31 | ||
| 32 |
string error_str; |
|
| 33 | ||
| 34 |
if ( basic_authorization(id, att) == false ) |
|
| 35 |
{
|
|
| 36 |
return; |
|
| 37 |
} |
|
| 38 | ||
| 39 |
networkfilter = nfpool->get(id,true); |
|
| 40 | ||
| 41 |
if ( networkfilter == 0 ) |
|
| 42 |
{
|
|
| 43 |
failure_response(NO_EXISTS, |
|
| 44 |
get_error(object_name(auth_object),id), |
|
| 45 |
att); |
|
| 46 | ||
| 47 |
return; |
|
| 48 |
} |
|
| 49 | ||
| 50 |
nfpool->update(networkfilter); |
|
| 51 | ||
| 52 |
networkfilter->unlock(); |
|
| 53 | ||
| 54 |
success_response(id, att); |
|
| 55 |
} |
|
| 56 | ||
| 57 |
/* -------------------------------------------------------------------------- */ |
|
| 58 |
/* -------------------------------------------------------------------------- */ |
|
| 59 | ||
| src/rm/SConstruct (revision 24) | ||
|---|---|---|
| 35 | 35 |
'RequestManagerUser.cc', |
| 36 | 36 |
'RequestManagerHost.cc', |
| 37 | 37 |
'RequestManagerImage.cc', |
| 38 |
'RequestManagerNetworkfilter.cc', |
|
| 38 | 39 |
'RequestManagerChown.cc', |
| 39 | 40 |
'RequestManagerAcl.cc', |
| 40 | 41 |
'RequestManagerChmod.cc', |
| src/rm/RequestManager.cc (revision 24) | ||
|---|---|---|
| 33 | 33 |
#include "RequestManagerImage.h" |
| 34 | 34 |
#include "RequestManagerUser.h" |
| 35 | 35 |
#include "RequestManagerAcl.h" |
| 36 |
#include "RequestManagerNetworkfilter.h" |
|
| 36 | 37 | |
| 37 | 38 |
#include <sys/signal.h> |
| 38 | 39 |
#include <sys/socket.h> |
| ... | ... | |
| 254 | 255 |
xmlrpc_c::methodPtr host_update(new HostUpdateTemplate()); |
| 255 | 256 |
xmlrpc_c::methodPtr vn_update(new VirtualNetworkUpdateTemplate()); |
| 256 | 257 |
xmlrpc_c::methodPtr user_update(new UserUpdateTemplate()); |
| 258 |
xmlrpc_c::methodPtr networkfilter_update(new NetworkfilterUpdateTemplate()); |
|
| 257 | 259 | |
| 258 | 260 |
// Allocate Methods |
| 259 | 261 |
xmlrpc_c::methodPtr vm_allocate(new VirtualMachineAllocate()); |
| ... | ... | |
| 263 | 265 |
xmlrpc_c::methodPtr template_allocate(new TemplateAllocate()); |
| 264 | 266 |
xmlrpc_c::methodPtr host_allocate(new HostAllocate()); |
| 265 | 267 |
xmlrpc_c::methodPtr user_allocate(new UserAllocate()); |
| 268 |
xmlrpc_c::methodPtr networkfilter_allocate(new NetworkfilterAllocate()); |
|
| 266 | 269 | |
| 267 | 270 |
// Delete Methods |
| 268 | 271 |
xmlrpc_c::methodPtr host_delete(new HostDelete()); |
| ... | ... | |
| 271 | 274 |
xmlrpc_c::methodPtr vn_delete(new VirtualNetworkDelete()); |
| 272 | 275 |
xmlrpc_c::methodPtr user_delete(new UserDelete()); |
| 273 | 276 |
xmlrpc_c::methodPtr image_delete(new ImageDelete()); |
| 277 |
xmlrpc_c::methodPtr networkfilter_delete(new NetworkfilterDelete()); |
|
| 274 | 278 | |
| 275 | 279 |
// Info Methods |
| 276 | 280 |
xmlrpc_c::methodPtr vm_info(new VirtualMachineInfo()); |
| ... | ... | |
| 280 | 284 |
xmlrpc_c::methodPtr vn_info(new VirtualNetworkInfo()); |
| 281 | 285 |
xmlrpc_c::methodPtr user_info(new UserInfo()); |
| 282 | 286 |
xmlrpc_c::methodPtr image_info(new ImageInfo()); |
| 287 |
xmlrpc_c::methodPtr networkfilter_info(new NetworkfilterInfo()); |
|
| 283 | 288 | |
| 284 | 289 |
// PoolInfo Methods |
| 285 | 290 |
xmlrpc_c::methodPtr hostpool_info(new HostPoolInfo()); |
| ... | ... | |
| 291 | 296 |
xmlrpc_c::methodPtr template_pool_info(new TemplatePoolInfo()); |
| 292 | 297 |
xmlrpc_c::methodPtr vnpool_info(new VirtualNetworkPoolInfo()); |
| 293 | 298 |
xmlrpc_c::methodPtr imagepool_info(new ImagePoolInfo()); |
| 299 |
xmlrpc_c::methodPtr networkfilterpool_info(new NetworkfilterPoolInfo()); |
|
| 294 | 300 | |
| 295 | 301 |
// Host Methods |
| 296 | 302 |
xmlrpc_c::methodPtr host_enable(new HostEnable()); |
| ... | ... | |
| 306 | 312 |
xmlrpc_c::methodPtr vn_chown(new VirtualNetworkChown()); |
| 307 | 313 |
xmlrpc_c::methodPtr image_chown(new ImageChown()); |
| 308 | 314 |
xmlrpc_c::methodPtr user_chown(new UserChown()); |
| 315 |
xmlrpc_c::methodPtr networkfilter_chown(new NetworkfilterChown()); |
|
| 309 | 316 | |
| 310 | 317 |
// Chmod Methods |
| 311 | 318 |
xmlrpc_c::methodPtr vm_chmod(new VirtualMachineChmod()); |
| 312 | 319 |
xmlrpc_c::methodPtr template_chmod(new TemplateChmod()); |
| 313 | 320 |
xmlrpc_c::methodPtr vn_chmod(new VirtualNetworkChmod()); |
| 314 | 321 |
xmlrpc_c::methodPtr image_chmod(new ImageChmod()); |
| 322 |
xmlrpc_c::methodPtr networkfilter_chmod(new NetworkfilterChmod()); |
|
| 315 | 323 | |
| 316 | 324 |
// ACL Methods |
| 317 | 325 |
xmlrpc_c::methodPtr acl_addrule(new AclAddRule()); |
| ... | ... | |
| 395 | 403 | |
| 396 | 404 |
RequestManagerRegistry.addMethod("one.imagepool.info", imagepool_info);
|
| 397 | 405 | |
| 406 |
/* Networkfilter related methods*/ |
|
| 407 | ||
| 408 |
RequestManagerRegistry.addMethod("one.networkfilter.update", networkfilter_update);
|
|
| 409 |
RequestManagerRegistry.addMethod("one.networkfilter.allocate", networkfilter_allocate);
|
|
| 410 |
RequestManagerRegistry.addMethod("one.networkfilter.delete", networkfilter_delete);
|
|
| 411 |
RequestManagerRegistry.addMethod("one.networkfilter.info", networkfilter_info);
|
|
| 412 |
RequestManagerRegistry.addMethod("one.networkfilter.chown", networkfilter_chown);
|
|
| 413 |
RequestManagerRegistry.addMethod("one.networkfilter.chmod", networkfilter_chmod);
|
|
| 414 | ||
| 415 |
RequestManagerRegistry.addMethod("one.networkfilterpool.info", networkfilterpool_info);
|
|
| 416 | ||
| 398 | 417 |
/* ACL related methods */ |
| 399 | 418 |
RequestManagerRegistry.addMethod("one.acl.addrule", acl_addrule);
|
| 400 | 419 |
RequestManagerRegistry.addMethod("one.acl.delrule", acl_delrule);
|
| src/rm/RequestManagerAllocate.cc (revision 24) | ||
|---|---|---|
| 200 | 200 |
/* -------------------------------------------------------------------------- */ |
| 201 | 201 |
/* -------------------------------------------------------------------------- */ |
| 202 | 202 | |
| 203 |
int NetworkfilterAllocate::pool_allocate(xmlrpc_c::paramList const& _paramList, |
|
| 204 |
Template * tmpl, |
|
| 205 |
int& id, |
|
| 206 |
string& error_str, |
|
| 207 |
RequestAttributes& att) |
|
| 208 |
{
|
|
| 209 |
NetworkfilterPool * nfpool = static_cast<NetworkfilterPool *>(pool); |
|
| 210 |
NetworkfilterTemplate * nftmpl = static_cast<NetworkfilterTemplate *>(tmpl); |
|
| 211 | ||
| 212 |
return nfpool->allocate(att.uid, att.gid, att.uname, att.gname, nftmpl, &id, |
|
| 213 |
error_str); |
|
| 214 |
} |
|
| 215 | ||
| 216 |
/* -------------------------------------------------------------------------- */ |
|
| 217 |
/* -------------------------------------------------------------------------- */ |
|
| 218 | ||
| 203 | 219 |
int HostAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, |
| 204 | 220 |
Template * tmpl, |
| 205 | 221 |
int& id, |
| src/rm/Request.cc (revision 24) | ||
|---|---|---|
| 169 | 169 |
return "virtual network"; |
| 170 | 170 |
case PoolObjectSQL::IMAGE: |
| 171 | 171 |
return "image"; |
| 172 |
case PoolObjectSQL::NETWORKFILTER: |
|
| 173 |
return "network filter"; |
|
| 172 | 174 |
case PoolObjectSQL::USER: |
| 173 | 175 |
return "user"; |
| 174 | 176 |
case PoolObjectSQL::TEMPLATE: |
| src/sunstone/models/OpenNebulaJSON/PoolJSON.rb (revision 24) | ||
|---|---|---|
| 25 | 25 |
class GroupPoolJSON < OpenNebula::GroupPool; include JSONUtils; end |
| 26 | 26 |
class UserPoolJSON < OpenNebula::UserPool; include JSONUtils; end |
| 27 | 27 |
class AclPoolJSON < OpenNebula::AclPool; include JSONUtils; end |
| 28 |
class NetworkfilterPoolJSON < OpenNebula::NetworkfilterPool; include JSONUtils; end |
|
| 28 | 29 |
end |
| src/sunstone/models/OpenNebulaJSON/NetworkfilterJSON.rb (revision 24) | ||
|---|---|---|
| 1 |
# -------------------------------------------------------------------------- # |
|
| 2 |
# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) # |
|
| 3 |
# # |
|
| 4 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may # |
|
| 5 |
# not use this file except in compliance with the License. You may obtain # |
|
| 6 |
# a copy of the License at # |
|
| 7 |
# # |
|
| 8 |
# http://www.apache.org/licenses/LICENSE-2.0 # |
|
| 9 |
# # |
|
| 10 |
# Unless required by applicable law or agreed to in writing, software # |
|
| 11 |
# distributed under the License is distributed on an "AS IS" BASIS, # |
|
| 12 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # |
|
| 13 |
# See the License for the specific language governing permissions and # |
|
| 14 |
# limitations under the License. # |
|
| 15 |
#--------------------------------------------------------------------------- # |
|
| 16 | ||
| 17 |
require 'OpenNebulaJSON/JSONUtils' |
|
| 18 | ||
| 19 |
module OpenNebulaJSON |
|
| 20 |
class NetworkfilterJSON < OpenNebula::Networkfilter |
|
| 21 |
include JSONUtils |
|
| 22 | ||
| 23 |
def create(template_json) |
|
| 24 |
networkfilter_hash = parse_json(template_json, 'networkfilter') |
|
| 25 |
if OpenNebula.is_error?(networkfilter_hash) |
|
| 26 |
return networkfilter_hash |
|
| 27 |
end |
|
| 28 | ||
| 29 |
if networkfilter_hash['networkfilter_raw'] |
|
| 30 |
template = networkfilter_hash['networkfilter_raw'] |
|
| 31 |
else |
|
| 32 |
template = template_to_str(networkfilter_hash) |
|
| 33 |
end |
|