Revision 621a1869

View differences:

include/AclManager.h
261 261
     *    @return true if any rule grants permission
262 262
     */
263 263
    bool match_rules(
264
            long long user_req,
265
            long long resource_oid_req,
266
            long long resource_gid_req,
267
            long long resource_cid_req,
268
            long long resource_all_req,
269
            long long rights_req,
270
            long long individual_obj_type,
271
            long long group_obj_type,
272
            long long cluster_obj_type,
273
            multimap<long long, AclRule*> &rules);
264
            const long long                     &user_req,
265
            const long long                     &resource_oid_req,
266
            const long long                     &resource_gid_req,
267
            const set<long long>                &resource_cid_req,
268
            const long long                     &resource_all_req,
269
            const long long                     &rights_req,
270
            const long long                     &resource_oid_mask,
271
            const long long                     &resource_gid_mask,
272
            const long long                     &resource_cid_mask,
273
            const multimap<long long, AclRule*> &rules);
274 274

  
275 275
    /**
276 276
     *  Wrapper for match_rules. It will check if any rules in the temporary
......
290 290
     *    @return true if any rule grants permission
291 291
     */
292 292
    bool match_rules_wrapper(
293
            long long user_req,
294
            long long resource_oid_req,
295
            long long resource_gid_req,
296
            long long resource_cid_req,
297
            long long resource_all_req,
298
            long long rights_req,
299
            long long individual_obj_type,
300
            long long group_obj_type,
301
            long long cluster_obj_type,
302
            multimap<long long, AclRule*> &tmp_rules);
293
            const long long                     &user_req,
294
            const long long                     &resource_oid_req,
295
            const long long                     &resource_gid_req,
296
            const set<long long>                &resource_cid_req,
297
            const long long                     &resource_all_req,
298
            const long long                     &rights_req,
299
            const long long                     &individual_obj_type,
300
            const long long                     &group_obj_type,
301
            const long long                     &cluster_obj_type,
302
            const multimap<long long, AclRule*> &tmp_rules);
303 303

  
304 304
    /**
305 305
     * Deletes all rules that match the user mask
include/Cluster.h
201 201
     */
202 202
    int from_xml(const string &xml_str);
203 203

  
204
    static const char * host_table;
205

  
206
    static const char * datastore_table;
207

  
208
    static const char * network_table;
209

  
204 210
private:
205 211

  
206 212
    // -------------------------------------------------------------------------
......
232 238
    // *************************************************************************
233 239

  
234 240
    static const char * db_names;
235

  
236 241
    static const char * db_bootstrap;
237

  
238 242
    static const char * table;
239 243

  
244
    static const char * host_db_names;
245
    static const char * host_db_bootstrap;
246

  
247
    static const char * datastore_db_names;
248
    static const char * datastore_db_bootstrap;
249

  
250
    static const char * network_db_names;
251
    static const char * network_db_bootstrap;
252

  
240 253
    /**
241 254
     *  Execute an INSERT or REPLACE Sql query.
242 255
     *    @param db The SQL DB
......
252 265
     */
253 266
    static int bootstrap(SqlDB * db)
254 267
    {
255
        ostringstream oss(Cluster::db_bootstrap);
268
        int rc;
269
        ostringstream oss;
270

  
271
        oss.str(Cluster::db_bootstrap);
272
        rc = db->exec(oss);
273

  
274
        oss.str(Cluster::host_db_bootstrap);
275
        rc += db->exec(oss);
256 276

  
257
        return db->exec(oss);
277
        oss.str(Cluster::datastore_db_bootstrap);
278
        rc += db->exec(oss);
279

  
280
        oss.str(Cluster::network_db_bootstrap);
281
        rc += db->exec(oss);
282

  
283
        return rc;
258 284
    };
259 285

  
260 286
    /**
include/PoolObjectAuth.h
34 34
        oid(-1),
35 35
        uid(-1),
36 36
        gid(-1),
37
        cid(-1),
38 37
        owner_u(1),
39 38
        owner_m(1),
40 39
        owner_a(0),
......
65 64
    int oid;
66 65
    int uid;
67 66
    int gid;
68
    int cid;
67
    set<int> cids;
69 68

  
70 69
    int owner_u;
71 70
    int owner_m;
src/acl/AclManager.cc
241 241
        resource_gid_req = AclRule::NONE_ID;
242 242
    }
243 243

  
244
    long long resource_cid_req;
244
    set<long long> resource_cid_req;
245 245

  
246
    if ((obj_perms.cid >= 0) && (!obj_perms.disable_cluster_acl))
246
    if (!obj_perms.disable_cluster_acl)
247 247
    {
248
        resource_cid_req = obj_perms.obj_type |
249
                           AclRule::CLUSTER_ID |
250
                           obj_perms.cid;
251
    }
252
    else
253
    {
254
        resource_cid_req = AclRule::NONE_ID;
248
        set<int>::iterator i;
249

  
250
        for(i = obj_perms.cids.begin(); i != obj_perms.cids.end(); i++)
251
        {
252
            resource_cid_req.insert(    obj_perms.obj_type |
253
                                        AclRule::CLUSTER_ID |
254
                                        *i
255
                                    );
256
        }
255 257
    }
256 258

  
257 259
    long long resource_all_req ;
......
290 292
    {
291 293
        log_resource = resource_gid_req;
292 294
    }
293
    else if ( obj_perms.cid >= 0 )
294
    {
295
        log_resource = resource_cid_req;
296
    }
297 295
    else
298 296
    {
299 297
        log_resource = resource_all_req;
......
398 396
/* -------------------------------------------------------------------------- */
399 397

  
400 398
bool AclManager::match_rules_wrapper(
401
        long long user_req,
402
        long long resource_oid_req,
403
        long long resource_gid_req,
404
        long long resource_cid_req,
405
        long long resource_all_req,
406
        long long rights_req,
407
        long long individual_obj_type,
408
        long long group_obj_type,
409
        long long cluster_obj_type,
410
        multimap<long long, AclRule*> &tmp_rules)
399
        const long long                     &user_req,
400
        const long long                     &resource_oid_req,
401
        const long long                     &resource_gid_req,
402
        const set<long long>                &resource_cid_req,
403
        const long long                     &resource_all_req,
404
        const long long                     &rights_req,
405
        const long long                     &individual_obj_type,
406
        const long long                     &group_obj_type,
407
        const long long                     &cluster_obj_type,
408
        const multimap<long long, AclRule*> &tmp_rules)
411 409
{
412 410
    bool auth = false;
413 411

  
......
452 450
/* -------------------------------------------------------------------------- */
453 451
/* -------------------------------------------------------------------------- */
454 452

  
453
inline bool match_cluster_req(
454
        const set<long long>  &resource_cid_req,
455
        const long long       &resource_cid_mask,
456
        const long long       &rule_resource)
457
{
458
    set<long long>::iterator i;
459

  
460
    for(i = resource_cid_req.begin(); i != resource_cid_req.end(); i++)
461
    {
462
        // rule's object type and cluster object ID match
463
        if ( ( rule_resource & resource_cid_mask ) == *i )
464
        {
465
            return true;
466
        }
467
    }
468

  
469
    return false;
470
}
471

  
472
/* -------------------------------------------------------------------------- */
473

  
455 474
bool AclManager::match_rules(
456
        long long user_req,
457
        long long resource_oid_req,
458
        long long resource_gid_req,
459
        long long resource_cid_req,
460
        long long resource_all_req,
461
        long long rights_req,
462
        long long resource_oid_mask,
463
        long long resource_gid_mask,
464
        long long resource_cid_mask,
465
        multimap<long long, AclRule*> &rules)
475
        const long long                     &user_req,
476
        const long long                     &resource_oid_req,
477
        const long long                     &resource_gid_req,
478
        const set<long long>                &resource_cid_req,
479
        const long long                     &resource_all_req,
480
        const long long                     &rights_req,
481
        const long long                     &resource_oid_mask,
482
        const long long                     &resource_gid_mask,
483
        const long long                     &resource_cid_mask,
484
        const multimap<long long, AclRule*> &rules)
466 485

  
467 486
{
468 487
    bool auth = false;
469 488
    ostringstream oss;
470 489

  
471
    multimap<long long, AclRule *>::iterator        it;
490
    multimap<long long, AclRule *>::const_iterator        it;
472 491

  
473
    pair<multimap<long long, AclRule *>::iterator,
474
         multimap<long long, AclRule *>::iterator>  index;
492
    pair<multimap<long long, AclRule *>::const_iterator,
493
         multimap<long long, AclRule *>::const_iterator>  index;
475 494

  
476 495
    long long zone_oid_mask = AclRule::INDIVIDUAL_ID | 0x00000000FFFFFFFFLL;
477 496
    long long zone_req      = AclRule::INDIVIDUAL_ID | zone_id;
......
507 526
            // Or rule's object type and individual object ID match
508 527
            ( ( it->second->resource & resource_oid_mask ) == resource_oid_req )
509 528
            ||
510
            // Or rule's object type and cluster object ID match
511
            ( ( it->second->resource & resource_cid_mask ) == resource_cid_req )
529
            // Or rule's object type and one of the cluster object ID match
530
            match_cluster_req(resource_cid_req, resource_cid_mask, it->second->resource)
512 531
          );
513 532

  
514 533
        if ( auth == true )
src/cluster/Cluster.cc
34 34
    "gid INTEGER, owner_u INTEGER, group_u INTEGER, other_u INTEGER, "
35 35
    "UNIQUE(name))";
36 36

  
37
const char * Cluster::host_table = "cluster_host_relation";
38
const char * Cluster::host_db_names = "cid, oid";
39
const char * Cluster::host_db_bootstrap =
40
    "CREATE TABLE IF NOT EXISTS cluster_host_relation ("
41
    "cid INTEGER, oid INTEGER, PRIMARY KEY(cid, oid))";
42

  
43
const char * Cluster::datastore_table = "cluster_datastore_relation";
44
const char * Cluster::datastore_db_names = "cid, oid";
45
const char * Cluster::datastore_db_bootstrap =
46
    "CREATE TABLE IF NOT EXISTS cluster_datastore_relation ("
47
    "cid INTEGER, oid INTEGER, PRIMARY KEY(cid, oid))";
48

  
49
const char * Cluster::network_table = "cluster_network_relation";
50
const char * Cluster::network_db_names = "cid, oid";
51
const char * Cluster::network_db_bootstrap =
52
    "CREATE TABLE IF NOT EXISTS cluster_network_relation ("
53
    "cid INTEGER, oid INTEGER, PRIMARY KEY(cid, oid))";
54

  
37 55
/* ************************************************************************** */
38 56
/* Cluster :: Constructor/Destructor                                          */
39 57
/* ************************************************************************** */
......
247 265
    db->free_str(sql_name);
248 266
    db->free_str(sql_xml);
249 267

  
268
    if (rc == 0)
269
    {
270
        oss.str("");
271
        oss << "BEGIN TRANSACTION; "
272
            << "DELETE FROM " << host_table     << " WHERE cid = " << oid << "; "
273
            << "DELETE FROM " << network_table  << " WHERE cid = " << oid << "; "
274
            << "DELETE FROM " << datastore_table<< " WHERE cid = " << oid << "; ";
275

  
276
        // TODO
277
        //if (db->multiple_values_support())
278
        if (false)
279
        {
280
        }
281
        else
282
        {
283
            set<int>::iterator i;
284

  
285
            set<int> host_set = hosts.get_collection();
286

  
287
            for(i = host_set.begin(); i != host_set.end(); i++)
288
            {
289
                oss << "INSERT INTO " << host_table
290
                    << " (" << host_db_names << ") VALUES ("
291
                    << oid  << ","
292
                    << *i   << "); ";
293
            }
294

  
295
            set<int> datastore_set = datastores.get_collection();
296

  
297
            for(i = datastore_set.begin(); i != datastore_set.end(); i++)
298
            {
299
                oss << "INSERT INTO " << datastore_table
300
                    << " (" << datastore_db_names << ") VALUES ("
301
                    << oid  << ","
302
                    << *i   << "); ";
303
            }
304

  
305
            set<int> vnet_set = vnets.get_collection();
306

  
307
            for(i = vnet_set.begin(); i != vnet_set.end(); i++)
308
            {
309
                oss << "INSERT INTO " << network_table
310
                    << " (" << network_db_names << ") VALUES ("
311
                    << oid  << ","
312
                    << *i   << "); ";
313
            }
314
        }
315

  
316
        oss << "COMMIT";
317

  
318
        rc = db->exec(oss);
319
    }
320

  
250 321
    return rc;
251 322

  
252 323
error_xml:
src/pool/PoolObjectSQL.cc
362 362

  
363 363
    if(cl != 0)
364 364
    {
365
        auth.cid = cl->get_cluster_id();
365
        auth.cids = cl->get_cluster_ids();
366 366
    }
367 367
}
368 368

  
src/pool/PoolSQL.cc
740 740
        acl_filter << " OR gid = " << *it;
741 741
    }
742 742

  
743
    for ( it = cids.begin(); it < cids.end(); it++ )
743
    string cl_table;
744

  
745
    if (auth_object == PoolObjectSQL::HOST)
746
    {
747
        cl_table = Cluster::host_table;
748
    }
749
    else if (auth_object == PoolObjectSQL::DATASTORE)
750
    {
751
        cl_table = Cluster::datastore_table;
752
    }
753
    else if (auth_object == PoolObjectSQL::NET)
744 754
    {
745
        acl_filter << " OR cid = " << *it;
755
        cl_table = Cluster::network_table;
756
    }
757

  
758
    if (!cl_table.empty())
759
    {
760
        for ( it = cids.begin(); it < cids.end(); it++ )
761
        {
762
            acl_filter << " OR oid IN ("
763
                << "SELECT oid from " << cl_table
764
                << " WHERE cid = " << *it << ")";
765
        }
746 766
    }
747 767

  
748 768
    filter = acl_filter.str();
src/scheduler/include/DatastoreXML.h
70 70
        return oid;
71 71
    };
72 72

  
73
    int get_cid() const
73
    bool is_in_cluster(const set<int> &cids) const
74 74
    {
75
        return cluster_id;
75
        set<int>::const_iterator i;
76

  
77
        for (i = cids.begin(); i != cids.end(); i++)
78
        {
79
            if (cluster_ids.find(*i) != cluster_ids.end())
80
            {
81
                return true;
82
            }
83
        }
84

  
85
        return false;
76 86
    };
77 87

  
78 88
    /**
......
103 113
private:
104 114

  
105 115
    int oid;
106
    int cluster_id;
116
    set<int> cluster_ids;
107 117

  
108 118
    int uid;
109 119
    int gid;
src/scheduler/include/HostXML.h
42 42
        return oid;
43 43
    };
44 44

  
45
    int get_cid() const
45
    set<int> get_cids() const
46 46
    {
47
        return cluster_id;
47
        return cluster_ids;
48 48
    };
49 49

  
50 50
    /**
......
160 160

  
161 161
private:
162 162
    int oid;
163
    int cluster_id;
163
    set<int> cluster_ids;
164 164

  
165 165
    // Host share values
166 166
    long long mem_usage;  /**< Memory allocated to VMs (in KB)       */
src/scheduler/src/pool/DatastoreXML.cc
19 19
#include "DatastoreXML.h"
20 20
#include "NebulaUtil.h"
21 21
#include "NebulaLog.h"
22
#include "ObjectCollection.h"
22 23

  
23 24
/* -------------------------------------------------------------------------- */
24 25
/* -------------------------------------------------------------------------- */
......
35 36

  
36 37
void DatastoreXML::init_attributes()
37 38
{
38
    xpath(oid,        "/DATASTORE/ID",          -1);
39
    xpath(cluster_id, "/DATASTORE/CLUSTER_ID",  -1);
39
    xpath(oid,  "/DATASTORE/ID",          -1);
40

  
41
    ObjectCollection cluster_collection("CLUSTERS");
42
    cluster_collection.from_xml(this, "/DATASTORE/");
43

  
44
    cluster_ids = cluster_collection.clone();
40 45

  
41 46
    xpath(uid,      "/DATASTORE/UID",  -1);
42 47
    xpath(gid,      "/DATASTORE/GID",  -1);
......
125 130
    auth.oid = oid;
126 131
    auth.uid = uid;
127 132
    auth.gid = gid;
128
    auth.cid = cluster_id;
133
    auth.cids = cluster_ids;
129 134

  
130 135
    auth.owner_u = owner_u;
131 136
    auth.owner_m = owner_m;
src/scheduler/src/pool/HostPoolXML.cc
98 98

  
99 99
void HostPoolXML::merge_clusters(ClusterPoolXML * clpool)
100 100
{
101
    // TODO
102
    /*
101 103
    map<int,ObjectXML*>::iterator it;
102 104

  
103 105
    ClusterXML* cluster;
......
131 133
            }
132 134
        }
133 135
    }
136
    */
134 137
}
135 138

  
136 139
/* -------------------------------------------------------------------------- */
src/scheduler/src/pool/HostXML.cc
22 22
#include "HostXML.h"
23 23
#include "NebulaUtil.h"
24 24
#include "NebulaLog.h"
25
#include "ObjectCollection.h"
25 26

  
26 27
/* -------------------------------------------------------------------------- */
27 28
/* -------------------------------------------------------------------------- */
......
39 40
void HostXML::init_attributes()
40 41
{
41 42
    xpath(oid,         "/HOST/ID",                     -1);
42
    xpath(cluster_id,  "/HOST/CLUSTER_ID",             -1);
43

  
44
    ObjectCollection cluster_collection("CLUSTERS");
45
    cluster_collection.from_xml(this, "/HOST/");
46

  
47
    cluster_ids = cluster_collection.clone();
48

  
43 49
    xpath<long long>(mem_usage, "/HOST/HOST_SHARE/MEM_USAGE",   0);
44 50
    xpath<long long>(cpu_usage, "/HOST/HOST_SHARE/CPU_USAGE",   0);
45 51
    xpath<long long>(max_mem,   "/HOST/HOST_SHARE/MAX_MEM",     0);
......
172 178
    map<int, long long>::const_iterator it;
173 179

  
174 180
    o << "ID          : " << p.oid          << endl;
175
    o << "CLUSTER_ID  : " << p.cluster_id   << endl;
181
    o << "CLUSTER_IDS : " << one_util::join(p.cluster_ids, ',') << endl;
176 182
    o << "MEM_USAGE   : " << p.mem_usage    << endl;
177 183
    o << "CPU_USAGE   : " << p.cpu_usage    << endl;
178 184
    o << "MAX_MEM     : " << p.max_mem      << endl;
src/scheduler/src/sched/Scheduler.cc
546 546
        PoolObjectAuth hperms;
547 547

  
548 548
        hperms.oid      = host->get_hid();
549
        hperms.cid      = host->get_cid();
549
        hperms.cids     = host->get_cids();
550 550
        hperms.obj_type = PoolObjectSQL::HOST;
551 551

  
552 552
        UserXML * user = upool->get(vm->get_uid());
......
1050 1050
    long long dsk;
1051 1051
    vector<VectorAttribute *> pci;
1052 1052

  
1053
    int hid, dsid, cid;
1053
    int hid, dsid;
1054
    set<int> cids;
1054 1055
    bool test_cap_result;
1055 1056

  
1056 1057
    unsigned int dispatched_vms = 0;
......
1113 1114
                continue;
1114 1115
            }
1115 1116

  
1116
            cid = host->get_cid();
1117
            cids = host->get_cids();
1117 1118

  
1118 1119
            //------------------------------------------------------------------
1119 1120
            // Test host capacity
......
1170 1171
                //--------------------------------------------------------------
1171 1172
                // Test cluster membership for datastore and selected host
1172 1173
                //--------------------------------------------------------------
1173
                if (ds->get_cid() != cid)
1174
                if (!ds->is_in_cluster(cids))
1174 1175
                {
1175 1176
                    continue;
1176 1177
                }

Also available in: Unified diff