diff --git a/cmd/climc/shell/nodealert.go b/cmd/climc/shell/nodealert.go index 16ec689043..81885697ca 100644 --- a/cmd/climc/shell/nodealert.go +++ b/cmd/climc/shell/nodealert.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/cmd/climc/shell/policies.go b/cmd/climc/shell/policies.go index 305a2ca4d3..1cae9b5151 100644 --- a/cmd/climc/shell/policies.go +++ b/cmd/climc/shell/policies.go @@ -62,8 +62,10 @@ func init() { }) type PolicyCreateOptions struct { - TYPE string `help:"type of the policy"` - FILE string `help:"path to policy file"` + TYPE string `help:"type of the policy"` + FILE string `help:"path to policy file"` + Enabled bool `help:"create policy enabled"` + Disabled bool `help:"create policy disabled"` } R(&PolicyCreateOptions{}, "policy-create", "Create a new policy", func(s *mcclient.ClientSession, args *PolicyCreateOptions) error { policyBytes, err := ioutil.ReadFile(args.FILE) @@ -74,6 +76,11 @@ func init() { params := jsonutils.NewDict() params.Add(jsonutils.NewString(args.TYPE), "type") params.Add(jsonutils.NewString(string(policyBytes)), "policy") + if args.Enabled { + params.Add(jsonutils.JSONTrue, "enabled") + } else if args.Disabled { + params.Add(jsonutils.JSONFalse, "enabled") + } result, err := modules.Policies.Create(s, params) if err != nil { @@ -86,9 +93,11 @@ func init() { }) type PolicyPatchOptions struct { - ID string `help:"ID of policy"` - File string `help:"path to policy file"` - Type string `help:"policy type"` + ID string `help:"ID of policy"` + File string `help:"path to policy file"` + Type string `help:"policy type"` + Enabled bool `help:"update policy enabled"` + Disabled bool `help:"update policy disabled"` } R(&PolicyPatchOptions{}, "policy-patch", "Patch policy", func(s *mcclient.ClientSession, args *PolicyPatchOptions) error { policyId, err := modules.Policies.GetId(s, args.ID, nil) @@ -106,6 +115,11 @@ func init() { } params.Add(jsonutils.NewString(string(policyBytes)), "policy") } + if args.Enabled { + params.Add(jsonutils.JSONTrue, "enabled") + } else if args.Disabled { + params.Add(jsonutils.JSONFalse, "enabled") + } result, err := modules.Policies.Patch(s, policyId, params) if err != nil { return err diff --git a/cmd/climc/shell/services.go b/cmd/climc/shell/services.go index a1474a7b93..189cfe3d41 100644 --- a/cmd/climc/shell/services.go +++ b/cmd/climc/shell/services.go @@ -27,6 +27,7 @@ func init() { Offset int64 `help:"Offset, default 0, i.e. no offset"` Name string `help:"Search by name"` Type string `help:"Search by type"` + Search string `help:"search any fields"` } R(&ServiceListOptions{}, "service-list", "List services", func(s *mcclient.ClientSession, args *ServiceListOptions) error { query := jsonutils.NewDict() @@ -42,6 +43,9 @@ func init() { if len(args.Type) > 0 { query.Add(jsonutils.NewString(args.Type), "type__icontains") } + if len(args.Search) > 0 { + query.Add(jsonutils.NewString(args.Search), "search") + } result, err := modules.ServicesV3.List(s, query) if err != nil { return err diff --git a/cmd/cryptool/shell/fernet.go b/cmd/cryptool/shell/fernet.go index c32ce2c399..972f4c7cd1 100644 --- a/cmd/cryptool/shell/fernet.go +++ b/cmd/cryptool/shell/fernet.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/cmd/keystone/main.go b/cmd/keystone/main.go index 59259bda70..ba0c452cd8 100644 --- a/cmd/keystone/main.go +++ b/cmd/keystone/main.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package main import ( diff --git a/cmd/ldapcli/main.go b/cmd/ldapcli/main.go index 9ce280ff04..f59d4494f1 100644 --- a/cmd/ldapcli/main.go +++ b/cmd/ldapcli/main.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package main import ( diff --git a/cmd/ldapcli/shell/search.go b/cmd/ldapcli/shell/search.go index e4d129c38a..8f8ba1dd94 100644 --- a/cmd/ldapcli/shell/search.go +++ b/cmd/ldapcli/shell/search.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/cmd/ucloudcli/main.go b/cmd/ucloudcli/main.go index 660c929c17..51afbc9fec 100644 --- a/cmd/ucloudcli/main.go +++ b/cmd/ucloudcli/main.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package main import ( diff --git a/pkg/apis/billing/billing_const.go b/pkg/apis/billing/billing_const.go index 7d9c563f7d..6d9e67e428 100644 --- a/pkg/apis/billing/billing_const.go +++ b/pkg/apis/billing/billing_const.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package billing const ( diff --git a/pkg/apis/billing/doc.go b/pkg/apis/billing/doc.go index 6ff84376cb..ee6c09ce70 100644 --- a/pkg/apis/billing/doc.go +++ b/pkg/apis/billing/doc.go @@ -1 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package billing // import "yunion.io/x/onecloud/pkg/apis/billing" diff --git a/pkg/apis/compute/agent_const.go b/pkg/apis/compute/agent_const.go index 3fbeb75840..0760034c58 100644 --- a/pkg/apis/compute/agent_const.go +++ b/pkg/apis/compute/agent_const.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package compute const ( diff --git a/pkg/apis/compute/cachedimages_const.go b/pkg/apis/compute/cachedimages_const.go index 447866a382..06d6fbbaef 100644 --- a/pkg/apis/compute/cachedimages_const.go +++ b/pkg/apis/compute/cachedimages_const.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package compute const ( diff --git a/pkg/apis/compute/cloudaccount_const.go b/pkg/apis/compute/cloudaccount_const.go index d04d0cfd07..f9d5d11be9 100644 --- a/pkg/apis/compute/cloudaccount_const.go +++ b/pkg/apis/compute/cloudaccount_const.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package compute const ( diff --git a/pkg/apis/compute/cloudregions_const.go b/pkg/apis/compute/cloudregions_const.go index 07f8254ede..96f693e7fd 100644 --- a/pkg/apis/compute/cloudregions_const.go +++ b/pkg/apis/compute/cloudregions_const.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package compute const ( diff --git a/pkg/apis/compute/elasticips_const.go b/pkg/apis/compute/elasticips_const.go index cbc546ab5e..7ea708843a 100644 --- a/pkg/apis/compute/elasticips_const.go +++ b/pkg/apis/compute/elasticips_const.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package compute const ( diff --git a/pkg/apis/compute/esxi_const.go b/pkg/apis/compute/esxi_const.go index 0448718350..f5c2f55a32 100644 --- a/pkg/apis/compute/esxi_const.go +++ b/pkg/apis/compute/esxi_const.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package compute const ( diff --git a/pkg/apis/compute/guest_import_api.go b/pkg/apis/compute/guest_import_api.go index 885a977021..983c20d4e8 100644 --- a/pkg/apis/compute/guest_import_api.go +++ b/pkg/apis/compute/guest_import_api.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package compute type SImportNic struct { diff --git a/pkg/apis/compute/sku_const.go b/pkg/apis/compute/sku_const.go index 5d1e3e9d8f..990c58ae29 100644 --- a/pkg/apis/compute/sku_const.go +++ b/pkg/apis/compute/sku_const.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package compute const ( diff --git a/pkg/apis/compute/snapshot.go b/pkg/apis/compute/snapshot.go index 8788cac835..a3dd8b397f 100644 --- a/pkg/apis/compute/snapshot.go +++ b/pkg/apis/compute/snapshot.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package compute import "yunion.io/x/onecloud/pkg/apis" diff --git a/pkg/apis/compute/snapshot_const.go b/pkg/apis/compute/snapshot_const.go index e15ae434fb..64e10a64cb 100644 --- a/pkg/apis/compute/snapshot_const.go +++ b/pkg/apis/compute/snapshot_const.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package compute const ( diff --git a/pkg/apis/compute/vpcs_const.go b/pkg/apis/compute/vpcs_const.go index 6b5b5ca3ec..2f6c0865ac 100644 --- a/pkg/apis/compute/vpcs_const.go +++ b/pkg/apis/compute/vpcs_const.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package compute const ( diff --git a/pkg/apis/compute/zones_const.go b/pkg/apis/compute/zones_const.go index ec7be4cf10..2472aa2d29 100644 --- a/pkg/apis/compute/zones_const.go +++ b/pkg/apis/compute/zones_const.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package compute const ( diff --git a/pkg/apis/identity/config.go b/pkg/apis/identity/config.go index bce14be881..92580eddc4 100644 --- a/pkg/apis/identity/config.go +++ b/pkg/apis/identity/config.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package identity const ( diff --git a/pkg/apis/identity/consts.go b/pkg/apis/identity/consts.go index d1acdb6f0c..39ca09d07f 100644 --- a/pkg/apis/identity/consts.go +++ b/pkg/apis/identity/consts.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package identity const ( diff --git a/pkg/apis/identity/doc.go b/pkg/apis/identity/doc.go new file mode 100644 index 0000000000..41f9dbb0f4 --- /dev/null +++ b/pkg/apis/identity/doc.go @@ -0,0 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package identity // import "yunion.io/x/onecloud/pkg/apis/identity" diff --git a/pkg/apis/image/consts.go b/pkg/apis/image/consts.go index 15fc035ffe..7ca925a902 100644 --- a/pkg/apis/image/consts.go +++ b/pkg/apis/image/consts.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package image type TImageType string diff --git a/pkg/apis/image/doc.go b/pkg/apis/image/doc.go index e5e5fbe17c..9d7ea4ff24 100644 --- a/pkg/apis/image/doc.go +++ b/pkg/apis/image/doc.go @@ -1 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package image // import "yunion.io/x/onecloud/pkg/apis/image" diff --git a/pkg/appsrv/dispatcher/dispatcher_test.go b/pkg/appsrv/dispatcher/dispatcher_test.go index 0c88aead1b..924c525ef8 100644 --- a/pkg/appsrv/dispatcher/dispatcher_test.go +++ b/pkg/appsrv/dispatcher/dispatcher_test.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package dispatcher import "testing" diff --git a/pkg/appsrv/dispatcher/handlers.go b/pkg/appsrv/dispatcher/handlers.go index e014b944f7..15ffe336b8 100644 --- a/pkg/appsrv/dispatcher/handlers.go +++ b/pkg/appsrv/dispatcher/handlers.go @@ -71,7 +71,7 @@ type IJointModelDispatchHandler interface { MasterKeywordPlural() string SlaveKeywordPlural() string - List(ctx context.Context, query jsonutils.JSONObject, ctxId string) (*modules.ListResult, error) + List(ctx context.Context, query jsonutils.JSONObject, ctxIds []SResourceContext) (*modules.ListResult, error) ListMasterDescendent(ctx context.Context, idStr string, query jsonutils.JSONObject) (*modules.ListResult, error) ListSlaveDescendent(ctx context.Context, idStr string, query jsonutils.JSONObject) (*modules.ListResult, error) Get(ctx context.Context, id1 string, id2 string, query jsonutils.JSONObject) (jsonutils.JSONObject, error) diff --git a/pkg/appsrv/dispatcher/jointdispatcher.go b/pkg/appsrv/dispatcher/jointdispatcher.go index a7dcc92917..2ceb2db783 100644 --- a/pkg/appsrv/dispatcher/jointdispatcher.go +++ b/pkg/appsrv/dispatcher/jointdispatcher.go @@ -116,7 +116,7 @@ func fetchJointEnv(ctx context.Context, w http.ResponseWriter, r *http.Request) func jointListHandler(ctx context.Context, w http.ResponseWriter, r *http.Request) { manager, params, query, _ := fetchJointEnv(ctx, w, r) - listResult, err := manager.List(ctx, mergeQueryParams(params, query), "") + listResult, err := manager.List(ctx, mergeQueryParams(params, query), nil) if err != nil { httperrors.GeneralServerError(w, err) return diff --git a/pkg/baremetal/service/service.go b/pkg/baremetal/service/service.go index addc55d8ec..33af0c65b5 100644 --- a/pkg/baremetal/service/service.go +++ b/pkg/baremetal/service/service.go @@ -42,12 +42,12 @@ func (s *BaremetalService) StartService() { common_options.ParseOptions(&o.Options, os.Args, "baremetal.conf", "baremetal") app_common.InitAuth(&o.Options.CommonOptions, s.startAgent) - app := app_common.InitApp(&o.Options.CommonOptions, false) + app := app_common.InitApp(&o.Options.BaseOptions, false) handler.InitHandlers(app) s.startFileServer() - app_common.ServeForeverWithCleanup(app, &o.Options.CommonOptions, func() { + app_common.ServeForeverWithCleanup(app, &o.Options.BaseOptions, func() { tasks.OnStop() baremetal.Stop() }) diff --git a/pkg/cloudcommon/app/app.go b/pkg/cloudcommon/app/app.go index ead87ac761..aa121d4b15 100644 --- a/pkg/cloudcommon/app/app.go +++ b/pkg/cloudcommon/app/app.go @@ -54,6 +54,7 @@ func ServeForeverExtended(app *appsrv.Application, options *common_options.BaseO } log.Infof("Start listen on %s://%s", proto, addr) var certfile string + var sslfile string if options.EnableSsl { certfile := options.SslCertfile if len(options.SslCaCerts) > 0 { @@ -70,6 +71,7 @@ func ServeForeverExtended(app *appsrv.Application, options *common_options.BaseO if len(options.SslKeyfile) == 0 { log.Fatalf("Missing ssl-keyfile") } + sslfile = options.SslKeyfile } - app.ListenAndServeTLSWithCleanup2(addr, certfile, options.SslKeyfile, onStop, isMaster) + app.ListenAndServeTLSWithCleanup2(addr, certfile, sslfile, onStop, isMaster) } diff --git a/pkg/cloudcommon/db/count.go b/pkg/cloudcommon/db/count.go index a2882bb1f5..a78bdd2013 100644 --- a/pkg/cloudcommon/db/count.go +++ b/pkg/cloudcommon/db/count.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package db import ( diff --git a/pkg/cloudcommon/db/db_dispatcher.go b/pkg/cloudcommon/db/db_dispatcher.go index 39014b30b9..2b31ecb110 100644 --- a/pkg/cloudcommon/db/db_dispatcher.go +++ b/pkg/cloudcommon/db/db_dispatcher.go @@ -20,6 +20,7 @@ import ( "fmt" "net/http" "reflect" + "sort" "strings" "yunion.io/x/jsonutils" @@ -29,7 +30,6 @@ import ( "yunion.io/x/pkg/utils" "yunion.io/x/sqlchemy" - "sort" "yunion.io/x/onecloud/pkg/appsrv" "yunion.io/x/onecloud/pkg/appsrv/dispatcher" "yunion.io/x/onecloud/pkg/cloudcommon/consts" @@ -976,7 +976,7 @@ func doCreateItem(manager IModelManager, ctx context.Context, userCred mcclient. if err != nil { return nil, httperrors.NewGeneralError(err) } - err = manager.TableSpec().Insert(model) + err = manager.TableSpec().InsertOrUpdate(model) if err != nil { return nil, httperrors.NewGeneralError(err) } diff --git a/pkg/cloudcommon/db/models.go b/pkg/cloudcommon/db/models.go index cd17f43ae1..510965604f 100644 --- a/pkg/cloudcommon/db/models.go +++ b/pkg/cloudcommon/db/models.go @@ -59,11 +59,16 @@ func mustCheckModelManager(modelMan IModelManager) { func CheckSync(autoSync bool) bool { log.Infof("Start check database ...") + examinedTables := make(map[string]bool) allDropFKSqls := make([]string, 0) allSqls := make([]string, 0) for modelName, modelMan := range globalTables { log.Infof("# check table of model %s", modelName) tableSpec := modelMan.TableSpec() + if _, ok := examinedTables[tableSpec.Name()]; ok { + continue + } + examinedTables[tableSpec.Name()] = true dropFKSqls := tableSpec.DropForeignKeySQL() if len(dropFKSqls) > 0 { allDropFKSqls = append(allDropFKSqls, dropFKSqls...) diff --git a/pkg/cloudcommon/db/taskman/tasks.go b/pkg/cloudcommon/db/taskman/tasks.go index 39fda11e65..79a50a716d 100644 --- a/pkg/cloudcommon/db/taskman/tasks.go +++ b/pkg/cloudcommon/db/taskman/tasks.go @@ -750,13 +750,9 @@ func (manager *STaskManager) QueryTasksOfObject(obj db.IStandaloneModel, since t } } - // subq1 and subq2 do not intersect for the fact that they have - // different condition on tasks_tbl.obj_id field - uq := sqlchemy.Union(subq1, subq2) - uq = uq.Desc("created_at") - - q := uq.SubQuery().Query() - return q + // subq1 and subq2 do not overlap for the fact that they have + // different conditions on tasks_tbl.obj_id field + return sqlchemy.Union(subq1, subq2).Query().Desc("created_at") } func (manager *STaskManager) IsInTask(obj db.IStandaloneModel) bool { diff --git a/pkg/cloudcommon/etcd/handler/dispatcher.go b/pkg/cloudcommon/etcd/handler/dispatcher.go index dfd9d6a644..fd6eb81a47 100644 --- a/pkg/cloudcommon/etcd/handler/dispatcher.go +++ b/pkg/cloudcommon/etcd/handler/dispatcher.go @@ -26,6 +26,7 @@ import ( "yunion.io/x/pkg/utils" "yunion.io/x/onecloud/pkg/appsrv" + "yunion.io/x/onecloud/pkg/appsrv/dispatcher" "yunion.io/x/onecloud/pkg/cloudcommon/etcd" "yunion.io/x/onecloud/pkg/cloudcommon/etcd/models/base" "yunion.io/x/onecloud/pkg/cloudcommon/policy" @@ -56,7 +57,7 @@ func (disp *SEtcdModelHandler) KeywordPlural() string { return disp.manager.KeywordPlural() } -func (disp *SEtcdModelHandler) ContextKeywordPlural() []string { +func (disp *SEtcdModelHandler) ContextKeywordPlurals() [][]string { return nil } @@ -72,7 +73,7 @@ func (disp *SEtcdModelHandler) FetchUpdateHeaderData(ctx context.Context, header return disp.manager.FetchUpdateHeaderData(ctx, header) } -func (disp *SEtcdModelHandler) List(ctx context.Context, query jsonutils.JSONObject, ctxId string) (*modules.ListResult, error) { +func (disp *SEtcdModelHandler) List(ctx context.Context, query jsonutils.JSONObject, ctxIds []dispatcher.SResourceContext) (*modules.ListResult, error) { objs, err := disp.manager.AllJson(ctx) if err != nil { return nil, httperrors.NewGeneralError(err) @@ -166,11 +167,11 @@ func (disp *SEtcdModelHandler) GetSpecific(ctx context.Context, idstr string, sp } } -func (disp *SEtcdModelHandler) Create(ctx context.Context, query jsonutils.JSONObject, data jsonutils.JSONObject, ctxId string) (jsonutils.JSONObject, error) { +func (disp *SEtcdModelHandler) Create(ctx context.Context, query jsonutils.JSONObject, data jsonutils.JSONObject, ctxIds []dispatcher.SResourceContext) (jsonutils.JSONObject, error) { return nil, httperrors.NewNotImplementedError("not implemented") } -func (disp *SEtcdModelHandler) BatchCreate(ctx context.Context, query jsonutils.JSONObject, data jsonutils.JSONObject, count int, ctxId string) ([]modules.SubmitResult, error) { +func (disp *SEtcdModelHandler) BatchCreate(ctx context.Context, query jsonutils.JSONObject, data jsonutils.JSONObject, count int, ctxIds []dispatcher.SResourceContext) ([]modules.SubmitResult, error) { return nil, httperrors.NewNotImplementedError("not implemented") } @@ -182,10 +183,18 @@ func (disp *SEtcdModelHandler) PerformAction(ctx context.Context, idstr string, return nil, httperrors.NewNotImplementedError("not implemented") } -func (disp *SEtcdModelHandler) Update(ctx context.Context, idstr string, query jsonutils.JSONObject, data jsonutils.JSONObject) (jsonutils.JSONObject, error) { +func (disp *SEtcdModelHandler) Update(ctx context.Context, idstr string, query jsonutils.JSONObject, data jsonutils.JSONObject, ctxIds []dispatcher.SResourceContext) (jsonutils.JSONObject, error) { return nil, httperrors.NewNotImplementedError("not implemented") } -func (disp *SEtcdModelHandler) Delete(ctx context.Context, idstr string, query jsonutils.JSONObject, data jsonutils.JSONObject) (jsonutils.JSONObject, error) { +func (disp *SEtcdModelHandler) Delete(ctx context.Context, idstr string, query jsonutils.JSONObject, data jsonutils.JSONObject, ctxIds []dispatcher.SResourceContext) (jsonutils.JSONObject, error) { + return nil, httperrors.NewNotImplementedError("not implemented") +} + +func (disp *SEtcdModelHandler) UpdateSpec(ctx context.Context, idstr string, spec string, query jsonutils.JSONObject, data jsonutils.JSONObject) (jsonutils.JSONObject, error) { + return nil, httperrors.NewNotImplementedError("not implemented") +} + +func (disp *SEtcdModelHandler) DeleteSpec(ctx context.Context, idstr string, spec string, query jsonutils.JSONObject, data jsonutils.JSONObject) (jsonutils.JSONObject, error) { return nil, httperrors.NewNotImplementedError("not implemented") } diff --git a/pkg/cloudcommon/policy/defaults.go b/pkg/cloudcommon/policy/defaults.go index 78de4ed785..968da01c1d 100644 --- a/pkg/cloudcommon/policy/defaults.go +++ b/pkg/cloudcommon/policy/defaults.go @@ -178,17 +178,5 @@ var ( Action: PolicyActionGet, Result: rbacutils.OwnerAllow, }, - { - Service: "identity", - Resource: "policies", - Action: PolicyActionList, - Result: rbacutils.UserAllow, - }, - { - Service: "identity", - Resource: "policies", - Action: PolicyActionGet, - Result: rbacutils.UserAllow, - }, } ) diff --git a/pkg/cloudcommon/policy/policy.go b/pkg/cloudcommon/policy/policy.go index 3b3913f9f6..7baf4a49e6 100644 --- a/pkg/cloudcommon/policy/policy.go +++ b/pkg/cloudcommon/policy/policy.go @@ -25,6 +25,7 @@ import ( "yunion.io/x/jsonutils" "yunion.io/x/log" + "yunion.io/x/onecloud/pkg/appsrv" "yunion.io/x/onecloud/pkg/cloudcommon/consts" "yunion.io/x/onecloud/pkg/httperrors" "yunion.io/x/onecloud/pkg/mcclient" @@ -51,6 +52,8 @@ type PolicyFetchFunc func() (map[string]rbacutils.SRbacPolicy, map[string]rbacut var ( PolicyManager *SPolicyManager DefaultPolicyFetcher PolicyFetchFunc + + syncWorkerManager *appsrv.SWorkerManager ) func init() { @@ -58,6 +61,8 @@ func init() { lock: &sync.Mutex{}, } DefaultPolicyFetcher = remotePolicyFetcher + + syncWorkerManager = appsrv.NewWorkerManager("sync_policy_worker", 1, 1000, false) } type SPolicyManager struct { @@ -66,6 +71,8 @@ type SPolicyManager struct { defaultPolicy *rbacutils.SRbacPolicy lastSync time.Time + defaultAdminPolicy *rbacutils.SRbacPolicy + failedRetryInterval time.Duration refreshInterval time.Duration @@ -148,10 +155,14 @@ func (manager *SPolicyManager) start(refreshInterval time.Duration, retryInterva } manager.cache = hashcache.NewCache(2048, manager.refreshInterval/2) - manager.sync() + manager.SyncOnce() } -func (manager *SPolicyManager) SyncOnce() error { +func (manager *SPolicyManager) SyncOnce() { + syncWorkerManager.Run(manager.sync, nil, nil) +} + +func (manager *SPolicyManager) doSync() error { policies, adminPolicies, err := DefaultPolicyFetcher() if err != nil { log.Errorf("sync rbac policy failed: %s", err) @@ -170,15 +181,19 @@ func (manager *SPolicyManager) SyncOnce() error { return nil } +func (manager *SPolicyManager) RegisterDefaultAdminPolicy(policy *rbacutils.SRbacPolicy) { + manager.defaultAdminPolicy = policy +} + func (manager *SPolicyManager) sync() { - err := manager.SyncOnce() + err := manager.doSync() var interval time.Duration if err != nil { interval = manager.failedRetryInterval } else { interval = manager.refreshInterval } - time.AfterFunc(interval, manager.sync) + time.AfterFunc(interval, manager.SyncOnce) } func queryKey(isAdmin bool, userCred mcclient.TokenCredential, service string, resource string, action string, extra ...string) string { @@ -282,6 +297,14 @@ func (manager *SPolicyManager) allowWithoutCache(isAdmin bool, userCred mcclient } } } + if isAdmin && manager.defaultAdminPolicy != nil && manager.defaultAdminPolicy.Match(userCred) { + rule := manager.defaultAdminPolicy.GetMatchRule(service, resource, action, extra...) + if rule != nil { + if currentPriv.StricterThan(rule.Result) { + currentPriv = rule.Result + } + } + } if consts.IsRbacDebug() { log.Debugf("[RBAC: %v] %s %s %s %#v permission %s userCred: %s", isAdmin, service, resource, action, extra, currentPriv, userCred) } diff --git a/pkg/cloudcommon/validators/validators.go b/pkg/cloudcommon/validators/validators.go index a731989f53..fe4b3ed8ee 100644 --- a/pkg/cloudcommon/validators/validators.go +++ b/pkg/cloudcommon/validators/validators.go @@ -34,6 +34,7 @@ import ( "yunion.io/x/pkg/util/regutils" "yunion.io/x/sqlchemy" + identity "yunion.io/x/onecloud/pkg/apis/identity" "yunion.io/x/onecloud/pkg/cloudcommon/db" "yunion.io/x/onecloud/pkg/util/choices" ) @@ -395,6 +396,10 @@ func (v *ValidatorModelIdOrName) GetTenantId() string { return v.ProjectId } +func (v *ValidatorModelIdOrName) GetProjectDomainId() string { + return identity.DEFAULT_DOMAIN_ID +} + func (v *ValidatorModelIdOrName) getValue() interface{} { return v.Model } diff --git a/pkg/cloudir/service/service.go b/pkg/cloudir/service/service.go index 489a80a98e..d3f09a9c98 100644 --- a/pkg/cloudir/service/service.go +++ b/pkg/cloudir/service/service.go @@ -28,6 +28,7 @@ import ( func StartService() { opts := &options.Options + baseOpts := &opts.BaseOptions commonOpts := &opts.CommonOptions common_options.ParseOptions(opts, os.Args, "cloudir.conf", "cloudir") @@ -41,11 +42,11 @@ func StartService() { return } - app := app_common.InitApp(commonOpts, false) + app := app_common.InitApp(baseOpts, false) cloudcommon.AppDBInit(app) initHandlers(app) - app_common.ServeForeverWithCleanup(app, commonOpts, func() { + app_common.ServeForeverWithCleanup(app, baseOpts, func() { etcd.CloseDefaultEtcdClient() }) } diff --git a/pkg/cloutpost/service/service.go b/pkg/cloutpost/service/service.go index 31d7734269..d694b0181f 100644 --- a/pkg/cloutpost/service/service.go +++ b/pkg/cloutpost/service/service.go @@ -33,6 +33,7 @@ const ( func StartService() { opts := &options.Options + baseOpts := &opts.BaseOptions commonOpts := &opts.CommonOptions common_options.ParseOptions(opts, os.Args, "cloutpost.conf", SERVICE_TYPE) @@ -46,7 +47,7 @@ func StartService() { } defer etcd.CloseDefaultEtcdClient() - app := app_common.InitApp(commonOpts, false) + app := app_common.InitApp(baseOpts, false) cloudcommon.AppDBInit(app) initHandlers(app) @@ -65,5 +66,5 @@ func StartService() { log.Fatalf("fail to register service %s", err) } - app_common.ServeForever(app, commonOpts) + app_common.ServeForever(app, baseOpts) } diff --git a/pkg/compute/models/cloudregionresource.go b/pkg/compute/models/cloudregionresource.go index 5b662e4206..dc6e5a7064 100644 --- a/pkg/compute/models/cloudregionresource.go +++ b/pkg/compute/models/cloudregionresource.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/compute/models/guest_queries.go b/pkg/compute/models/guest_queries.go index 0a04a54e91..650c52760c 100644 --- a/pkg/compute/models/guest_queries.go +++ b/pkg/compute/models/guest_queries.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( @@ -278,7 +292,7 @@ func fetchSecgroups(guestIds []string) map[string][]sSecgroupInfo { q1 = q1.Filter(sqlchemy.In(guests.Field("id"), guestIds)) q2 := guestsecgroups.Query(guestsecgroups.Field("guest_id"), guestsecgroups.Field("secgroup_id")) q2 = q2.Filter(sqlchemy.In(guestsecgroups.Field("guest_id"), guestIds)) - uq := sqlchemy.Union(q1, q2).SubQuery() + uq := sqlchemy.Union(q1, q2) q := uq.Query(uq.Field("guest_id"), uq.Field("secgroup_id"), secgroups.Field("name").Label("secgroup_name")) q = q.Join(secgroups, sqlchemy.Equals(uq.Field("secgroup_id"), secgroups.Field("id"))) diff --git a/pkg/compute/models/networkschedtags.go b/pkg/compute/models/networkschedtags.go index 3174d113bf..630029a9b2 100644 --- a/pkg/compute/models/networkschedtags.go +++ b/pkg/compute/models/networkschedtags.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/compute/models/purge.go b/pkg/compute/models/purge.go index 96f0fa3f48..e638c2da7b 100644 --- a/pkg/compute/models/purge.go +++ b/pkg/compute/models/purge.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/compute/models/zoneresource.go b/pkg/compute/models/zoneresource.go index efa427b74c..594d210268 100644 --- a/pkg/compute/models/zoneresource.go +++ b/pkg/compute/models/zoneresource.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/compute/options/namesync.go b/pkg/compute/options/namesync.go index 10bfdc1bf6..88abfd44fa 100644 --- a/pkg/compute/options/namesync.go +++ b/pkg/compute/options/namesync.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package options import ( diff --git a/pkg/compute/regiondrivers/ucloud.go b/pkg/compute/regiondrivers/ucloud.go index be18a4d3e6..63abe50547 100644 --- a/pkg/compute/regiondrivers/ucloud.go +++ b/pkg/compute/regiondrivers/ucloud.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package regiondrivers import ( diff --git a/pkg/compute/tasks/cloud_account_delete_task.go b/pkg/compute/tasks/cloud_account_delete_task.go index 625e343acf..bbd8f3cd05 100644 --- a/pkg/compute/tasks/cloud_account_delete_task.go +++ b/pkg/compute/tasks/cloud_account_delete_task.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package tasks import ( diff --git a/pkg/compute/tasks/host_import_libvirt_servers_task.go b/pkg/compute/tasks/host_import_libvirt_servers_task.go index 911edea3ea..e621377743 100644 --- a/pkg/compute/tasks/host_import_libvirt_servers_task.go +++ b/pkg/compute/tasks/host_import_libvirt_servers_task.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package tasks import ( diff --git a/pkg/hostman/guestman/libvirt.go b/pkg/hostman/guestman/libvirt.go index 2e2c8286d3..ba26e76340 100644 --- a/pkg/hostman/guestman/libvirt.go +++ b/pkg/hostman/guestman/libvirt.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package guestman import ( diff --git a/pkg/hostman/hostinfo/hostbridge/linux_bridge.go b/pkg/hostman/hostinfo/hostbridge/linux_bridge.go index 6bb06afd09..b68cf7c2f5 100644 --- a/pkg/hostman/hostinfo/hostbridge/linux_bridge.go +++ b/pkg/hostman/hostinfo/hostbridge/linux_bridge.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package hostbridge import ( diff --git a/pkg/hostman/hostinfo/hostbridge/ovs.go b/pkg/hostman/hostinfo/hostbridge/ovs.go index d29a8c1f4f..056660f511 100644 --- a/pkg/hostman/hostinfo/hostbridge/ovs.go +++ b/pkg/hostman/hostinfo/hostbridge/ovs.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package hostbridge import ( diff --git a/pkg/hostman/system_service/servicemanager.go b/pkg/hostman/system_service/servicemanager.go index 01f3685f45..336fddd866 100644 --- a/pkg/hostman/system_service/servicemanager.go +++ b/pkg/hostman/system_service/servicemanager.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package system_service type SServiceStatus struct { diff --git a/pkg/hostman/system_service/systemd.go b/pkg/hostman/system_service/systemd.go index 30d8a58115..5543b9c30a 100644 --- a/pkg/hostman/system_service/systemd.go +++ b/pkg/hostman/system_service/systemd.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package system_service import ( diff --git a/pkg/hostman/system_service/systemd_test.go b/pkg/hostman/system_service/systemd_test.go index fc5b75a946..e10a1b73f3 100644 --- a/pkg/hostman/system_service/systemd_test.go +++ b/pkg/hostman/system_service/systemd_test.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package system_service import ( diff --git a/pkg/hostman/system_service/sysv.go b/pkg/hostman/system_service/sysv.go index 54e76d2c5b..c6ad64d4bf 100644 --- a/pkg/hostman/system_service/sysv.go +++ b/pkg/hostman/system_service/sysv.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package system_service import ( diff --git a/pkg/hostman/system_service/sysv_test.go b/pkg/hostman/system_service/sysv_test.go index e171d82ffe..7a65d0bd02 100644 --- a/pkg/hostman/system_service/sysv_test.go +++ b/pkg/hostman/system_service/sysv_test.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package system_service import ( diff --git a/pkg/image/models/images.go b/pkg/image/models/images.go index 7572c17f7e..804d806817 100644 --- a/pkg/image/models/images.go +++ b/pkg/image/models/images.go @@ -159,7 +159,7 @@ func (manager *SImageManager) GetPropertyDetail(ctx context.Context, userCred mc queryDict := query.(*jsonutils.JSONDict) queryDict.Add(jsonutils.JSONTrue, "details") - items, err := db.ListItems(manager, ctx, userCred, queryDict, "") + items, err := db.ListItems(manager, ctx, userCred, queryDict, nil) if err != nil { log.Errorf("Fail to list items: %s", err) return nil, httperrors.NewGeneralError(err) diff --git a/pkg/keystone/driver/base.go b/pkg/keystone/driver/base.go index a79f42673e..4bad16acf7 100644 --- a/pkg/keystone/driver/base.go +++ b/pkg/keystone/driver/base.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package driver import ( diff --git a/pkg/keystone/driver/doc.go b/pkg/keystone/driver/doc.go new file mode 100644 index 0000000000..6fd42d6493 --- /dev/null +++ b/pkg/keystone/driver/doc.go @@ -0,0 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package driver // import "yunion.io/x/onecloud/pkg/keystone/driver" diff --git a/pkg/keystone/driver/driver.go b/pkg/keystone/driver/driver.go index 91fcdcef7b..85c731295e 100644 --- a/pkg/keystone/driver/driver.go +++ b/pkg/keystone/driver/driver.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package driver import ( diff --git a/pkg/keystone/driver/ldap.go b/pkg/keystone/driver/ldap.go index 4e48f30107..1ab73c6e62 100644 --- a/pkg/keystone/driver/ldap.go +++ b/pkg/keystone/driver/ldap.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package driver import ( diff --git a/pkg/keystone/driver/sql.go b/pkg/keystone/driver/sql.go index d661fafcab..cb6d48b014 100644 --- a/pkg/keystone/driver/sql.go +++ b/pkg/keystone/driver/sql.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package driver import ( diff --git a/pkg/keystone/keys/doc.go b/pkg/keystone/keys/doc.go new file mode 100644 index 0000000000..9374cf1833 --- /dev/null +++ b/pkg/keystone/keys/doc.go @@ -0,0 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package keys // import "yunion.io/x/onecloud/pkg/keystone/keys" diff --git a/pkg/keystone/keys/keys.go b/pkg/keystone/keys/keys.go index 03de9f38ae..01556e3fe2 100644 --- a/pkg/keystone/keys/keys.go +++ b/pkg/keystone/keys/keys.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package keys import ( diff --git a/pkg/keystone/models/assignments.go b/pkg/keystone/models/assignments.go index 57d6c8f657..9399e63385 100644 --- a/pkg/keystone/models/assignments.go +++ b/pkg/keystone/models/assignments.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( @@ -15,6 +29,7 @@ import ( "yunion.io/x/onecloud/pkg/appsrv" "yunion.io/x/onecloud/pkg/cloudcommon/db" "yunion.io/x/onecloud/pkg/httperrors" + "yunion.io/x/onecloud/pkg/keystone/options" "yunion.io/x/onecloud/pkg/mcclient" "yunion.io/x/onecloud/pkg/util/stringutils2" ) @@ -59,6 +74,55 @@ type SAssignment struct { Inherited tristate.TriState `nullable:"false" primary:"true" list:"admin"` } +func (manager *SAssignmentManager) InitializeData() error { + return manager.initSysAssignment() +} + +func (manager *SAssignmentManager) initSysAssignment() error { + adminUser, err := UserManager.FetchUserExtended("", options.Options.AdminUserName, options.Options.AdminUserDomainId, "") + if err != nil { + return errors.WithMessage(err, "FetchUserExtended") + } + adminProject, err := ProjectManager.FetchProjectByName(options.Options.AdminProjectName, options.Options.AdminProjectDomainId, "") + if err != nil { + return errors.WithMessage(err, "FetchProjectByName") + } + adminRole, err := RoleManager.FetchRoleByName(options.Options.AdminRoleName, options.Options.AdminRoleDomainId, "") + if err != nil { + return errors.WithMessage(err, "FetchRoleByName") + } + + q := manager.Query().Equals("type", api.AssignmentUserProject) + q = q.Equals("actor_id", adminUser.Id) + q = q.Equals("target_id", adminProject.Id) + q = q.Equals("role_id", adminRole.Id) + q = q.IsFalse("inherited") + + assign := SAssignment{} + assign.SetModelManager(manager) + + err = q.First(&assign) + if err != nil && err != sql.ErrNoRows { + return errors.WithMessage(err, "query") + } + if err == nil { + return nil + } + // no data + assign.Type = api.AssignmentUserProject + assign.ActorId = adminUser.Id + assign.TargetId = adminProject.Id + assign.RoleId = adminRole.Id + assign.Inherited = tristate.False + + err = manager.TableSpec().Insert(&assign) + if err != nil { + return errors.WithMessage(err, "insert") + } + + return nil +} + func (manager *SAssignmentManager) FetchUserProjectRoles(userId, projId string) ([]SRole, error) { subq := manager.fetchUserProjectRoleIdsQuery(userId, projId) q := RoleManager.Query().In("id", subq.SubQuery()) diff --git a/pkg/keystone/models/configs.go b/pkg/keystone/models/configs.go index cd4d59a319..407ffc74e2 100644 --- a/pkg/keystone/models/configs.go +++ b/pkg/keystone/models/configs.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/keystone/models/credentials.go b/pkg/keystone/models/credentials.go index e88c317549..3bc22bb936 100644 --- a/pkg/keystone/models/credentials.go +++ b/pkg/keystone/models/credentials.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/keystone/models/default_admin.go b/pkg/keystone/models/default_admin.go index 41a7159af3..4c8436c782 100644 --- a/pkg/keystone/models/default_admin.go +++ b/pkg/keystone/models/default_admin.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/keystone/models/doc.go b/pkg/keystone/models/doc.go new file mode 100644 index 0000000000..5f77ab6685 --- /dev/null +++ b/pkg/keystone/models/doc.go @@ -0,0 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package models // import "yunion.io/x/onecloud/pkg/keystone/models" diff --git a/pkg/keystone/models/domains.go b/pkg/keystone/models/domains.go index a4864b1f9a..7f2b8857e9 100644 --- a/pkg/keystone/models/domains.go +++ b/pkg/keystone/models/domains.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( @@ -14,6 +28,7 @@ import ( "yunion.io/x/onecloud/pkg/appsrv" "yunion.io/x/onecloud/pkg/cloudcommon/db" "yunion.io/x/onecloud/pkg/httperrors" + "yunion.io/x/onecloud/pkg/keystone/options" "yunion.io/x/onecloud/pkg/mcclient" ) @@ -213,6 +228,9 @@ func (domain *SDomain) ValidateDeleteCondition(ctx context.Context) error { if grpCnt > 0 { return httperrors.NewNotEmptyError("domain is in use") } + if domain.Id == options.Options.AdminUserDomainId || domain.Id == options.Options.AdminProjectDomainId { + return httperrors.NewForbiddenError("cannot delete admin domain") + } return domain.SEnabledIdentityBaseResource.ValidateDeleteCondition(ctx) } diff --git a/pkg/keystone/models/endpoints.go b/pkg/keystone/models/endpoints.go index 0f0b49f581..80652aa2e2 100644 --- a/pkg/keystone/models/endpoints.go +++ b/pkg/keystone/models/endpoints.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( @@ -281,3 +295,29 @@ func (endpoint *SEndpoint) GetExtraDetails(ctx context.Context, userCred mcclien func endpointExtra(endpoint *SEndpoint, extra *jsonutils.JSONDict) *jsonutils.JSONDict { return extra } + +func (manager *SEndpointManager) ValidateCreateData(ctx context.Context, userCred mcclient.TokenCredential, ownerProjId string, query jsonutils.JSONObject, data *jsonutils.JSONDict) (*jsonutils.JSONDict, error) { + infname, _ := data.GetString("interface") + if len(infname) == 0 { + return nil, httperrors.NewInputParameterError("missing input field interface") + } + serviceStr := jsonutils.GetAnyString(data, []string{"service_id", "service"}) + if len(serviceStr) > 0 { + servObj, err := ServiceManager.FetchByIdOrName(userCred, serviceStr) + if err != nil { + if err == sql.ErrNoRows { + return nil, httperrors.NewResourceNotFoundError2(ServiceManager.Keyword(), serviceStr) + } else { + return nil, httperrors.NewGeneralError(err) + } + } + service := servObj.(*SService) + if !data.Contains("name") { + data.Set("name", jsonutils.NewString(fmt.Sprintf("%s-%s", service.Type, infname))) + } + data.Set("service_id", jsonutils.NewString(service.Id)) + } else { + return nil, httperrors.NewInputParameterError("missing input field service/service_id") + } + return manager.SStandaloneResourceBaseManager.ValidateCreateData(ctx, userCred, ownerProjId, query, data) +} diff --git a/pkg/keystone/models/federated_user.go b/pkg/keystone/models/federated_user.go index f225bf3bed..3765325ea6 100644 --- a/pkg/keystone/models/federated_user.go +++ b/pkg/keystone/models/federated_user.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import "yunion.io/x/onecloud/pkg/cloudcommon/db" diff --git a/pkg/keystone/models/federation_protocol.go b/pkg/keystone/models/federation_protocol.go index 53299f4440..75b0b3d9e3 100644 --- a/pkg/keystone/models/federation_protocol.go +++ b/pkg/keystone/models/federation_protocol.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import "yunion.io/x/onecloud/pkg/cloudcommon/db" diff --git a/pkg/keystone/models/groups.go b/pkg/keystone/models/groups.go index 380fd3a21d..b157967c12 100644 --- a/pkg/keystone/models/groups.go +++ b/pkg/keystone/models/groups.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/keystone/models/id_mappings.go b/pkg/keystone/models/id_mappings.go index 33ec076737..114c663e04 100644 --- a/pkg/keystone/models/id_mappings.go +++ b/pkg/keystone/models/id_mappings.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/keystone/models/identity_provider.go b/pkg/keystone/models/identity_provider.go index e8a149f9d0..a9d239cc5f 100644 --- a/pkg/keystone/models/identity_provider.go +++ b/pkg/keystone/models/identity_provider.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/keystone/models/identitybase.go b/pkg/keystone/models/identitybase.go index b75e2ff889..34c6cc0ffb 100644 --- a/pkg/keystone/models/identitybase.go +++ b/pkg/keystone/models/identitybase.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/keystone/models/idp_remote_ids.go b/pkg/keystone/models/idp_remote_ids.go index 536d0116d8..34abefc4f3 100644 --- a/pkg/keystone/models/idp_remote_ids.go +++ b/pkg/keystone/models/idp_remote_ids.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import "yunion.io/x/onecloud/pkg/cloudcommon/db" diff --git a/pkg/keystone/models/implied_role.go b/pkg/keystone/models/implied_role.go index c44c15d1c7..61c71a588f 100644 --- a/pkg/keystone/models/implied_role.go +++ b/pkg/keystone/models/implied_role.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import "yunion.io/x/onecloud/pkg/cloudcommon/db" diff --git a/pkg/keystone/models/initdb.go b/pkg/keystone/models/initdb.go index cf6453debd..2d812c4909 100644 --- a/pkg/keystone/models/initdb.go +++ b/pkg/keystone/models/initdb.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( @@ -21,6 +35,8 @@ func InitDB() error { ProjectManager, RoleManager, UserManager, + AssignmentManager, + CredentialManager, } { err := manager.InitializeData() if err != nil { diff --git a/pkg/keystone/models/localusers.go b/pkg/keystone/models/localusers.go index 3bc27ddd45..4e1b1fe6cb 100644 --- a/pkg/keystone/models/localusers.go +++ b/pkg/keystone/models/localusers.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/keystone/models/nonlocal_users.go b/pkg/keystone/models/nonlocal_users.go index fc7e0e4422..a2a48e0e80 100644 --- a/pkg/keystone/models/nonlocal_users.go +++ b/pkg/keystone/models/nonlocal_users.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/keystone/models/passwords.go b/pkg/keystone/models/passwords.go index 1cfd077886..40d2deeecf 100644 --- a/pkg/keystone/models/passwords.go +++ b/pkg/keystone/models/passwords.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/keystone/models/policies.go b/pkg/keystone/models/policies.go index 60b4798550..9a11c5b9d0 100644 --- a/pkg/keystone/models/policies.go +++ b/pkg/keystone/models/policies.go @@ -1,10 +1,30 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( + "context" "database/sql" + "yunion.io/x/jsonutils" - "yunion.io/x/onecloud/pkg/cloudcommon/db" "yunion.io/x/pkg/tristate" + + "yunion.io/x/onecloud/pkg/cloudcommon/db" + policyman "yunion.io/x/onecloud/pkg/cloudcommon/policy" + "yunion.io/x/onecloud/pkg/httperrors" + "yunion.io/x/onecloud/pkg/mcclient" ) type SPolicyManager struct { @@ -43,7 +63,7 @@ type SPolicy struct { Extra *jsonutils.JSONDict `nullable:"true" list:"user"` - Enabled tristate.TriState `nullable:"false" default:"false" list:"user" update:"admin" create:"admin_optional"` + Enabled tristate.TriState `nullable:"false" default:"true" list:"admin" update:"admin" create:"admin_optional"` } func (manager *SPolicyManager) InitializeData() error { @@ -75,3 +95,29 @@ func (manager *SPolicyManager) FetchEnabledPolicies() ([]SPolicy, error) { return policies, nil } + +func (manager *SPolicyManager) ValidateCreateData(ctx context.Context, userCred mcclient.TokenCredential, ownerProjId string, query jsonutils.JSONObject, data *jsonutils.JSONDict) (*jsonutils.JSONDict, error) { + typeStr, _ := data.GetString("type") + if len(typeStr) == 0 { + return nil, httperrors.NewInputParameterError("missing input field type") + } + if !data.Contains("name") { + data.Set("name", jsonutils.NewString(typeStr)) + } + return manager.SStandaloneResourceBaseManager.ValidateCreateData(ctx, userCred, ownerProjId, query, data) +} + +func (policy *SPolicy) PostCreate(ctx context.Context, userCred mcclient.TokenCredential, ownerProjId string, query jsonutils.JSONObject, data jsonutils.JSONObject) { + policy.SStandaloneResourceBase.PostCreate(ctx, userCred, ownerProjId, query, data) + policyman.PolicyManager.SyncOnce() +} + +func (policy *SPolicy) PostUpdate(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, data jsonutils.JSONObject) { + policy.SStandaloneResourceBase.PostUpdate(ctx, userCred, query, data) + policyman.PolicyManager.SyncOnce() +} + +func (policy *SPolicy) PostDelete(ctx context.Context, userCred mcclient.TokenCredential) { + policy.SStandaloneResourceBase.PostDelete(ctx, userCred) + policyman.PolicyManager.SyncOnce() +} diff --git a/pkg/keystone/models/projects.go b/pkg/keystone/models/projects.go index 4f242fe5f8..b1d9c47459 100644 --- a/pkg/keystone/models/projects.go +++ b/pkg/keystone/models/projects.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( @@ -5,7 +19,10 @@ import ( "database/sql" "fmt" + "github.com/pkg/errors" + "yunion.io/x/jsonutils" + "yunion.io/x/log" "yunion.io/x/pkg/tristate" "yunion.io/x/sqlchemy" @@ -68,6 +85,37 @@ func (manager *SProjectManager) GetContextManagers() [][]db.IModelManager { } func (manager *SProjectManager) InitializeData() error { + return manager.initSysProject() +} + +func (manager *SProjectManager) initSysProject() error { + q := manager.Query().Equals("name", options.Options.AdminProjectName) + q = q.Equals("domain_id", options.Options.AdminProjectDomainId) + cnt, err := q.CountWithError() + if err != nil { + return errors.WithMessage(err, "query") + } + if cnt == 1 { + return nil + } + if cnt > 2 { + // ??? + log.Fatalf("duplicate system project???") + } + // insert + project := SProject{} + project.Name = options.Options.AdminProjectName + project.DomainId = options.Options.AdminProjectDomainId + project.Enabled = tristate.True + project.Description = "Boostrap system default admin project" + project.IsDomain = tristate.False + project.ParentId = options.Options.AdminProjectDomainId + project.SetModelManager(manager) + + err = manager.TableSpec().Insert(&project) + if err != nil { + return errors.WithMessage(err, "insert") + } return nil } diff --git a/pkg/keystone/models/regions.go b/pkg/keystone/models/regions.go index 66fd06db5d..7de0ad25a9 100644 --- a/pkg/keystone/models/regions.go +++ b/pkg/keystone/models/regions.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( @@ -97,3 +111,24 @@ func regionExtra(region *SRegion, extra *jsonutils.JSONDict) *jsonutils.JSONDict extra.Add(jsonutils.NewInt(int64(epCnt)), "endpoint_count") return extra } + +func (manager *SRegionManager) ValidateCreateData(ctx context.Context, userCred mcclient.TokenCredential, ownerProjId string, query jsonutils.JSONObject, data *jsonutils.JSONDict) (*jsonutils.JSONDict, error) { + idStr, _ := data.GetString("id") + if len(idStr) == 0 { + return nil, httperrors.NewInputParameterError("missing input field id") + } + if !data.Contains("name") { + data.Set("name", jsonutils.NewString(idStr)) + } + return manager.SStandaloneResourceBaseManager.ValidateCreateData(ctx, userCred, ownerProjId, query, data) +} + +func (region *SRegion) CustomizeCreate(ctx context.Context, userCred mcclient.TokenCredential, ownerProjId string, query jsonutils.JSONObject, data jsonutils.JSONObject) error { + err := region.SStandaloneResourceBase.CustomizeCreate(ctx, userCred, ownerProjId, query, data) + if err != nil { + return err + } + idStr, _ := data.GetString("id") + region.Id = idStr + return nil +} diff --git a/pkg/keystone/models/roles.go b/pkg/keystone/models/roles.go index d85e4fac7c..8a25196998 100644 --- a/pkg/keystone/models/roles.go +++ b/pkg/keystone/models/roles.go @@ -1,15 +1,34 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( "context" "database/sql" + "fmt" + + "github.com/pkg/errors" "yunion.io/x/jsonutils" + "yunion.io/x/log" "yunion.io/x/sqlchemy" api "yunion.io/x/onecloud/pkg/apis/identity" "yunion.io/x/onecloud/pkg/cloudcommon/db" "yunion.io/x/onecloud/pkg/httperrors" + "yunion.io/x/onecloud/pkg/keystone/options" "yunion.io/x/onecloud/pkg/mcclient" ) @@ -63,19 +82,30 @@ func (manager *SRoleManager) InitializeData() error { roles := make([]SRole, 0) err := db.FetchModelObjects(manager, q, &roles) if err != nil { - return err + return errors.WithMessage(err, "query") } for i := range roles { desc, _ := roles[i].Extra.GetString("description") - db.Update(&roles[i], func() error { + _, err = db.Update(&roles[i], func() error { roles[i].Description = desc return nil }) + if err != nil { + return errors.WithMessage(err, "update description") + } } - return manager.InitializeDomainId() + err = manager.initializeDomainId() + if err != nil { + return errors.WithMessage(err, "InitializeDomainId") + } + err = manager.initSysRole() + if err != nil { + return errors.WithMessage(err, "initSysRole") + } + return nil } -func (manager *SRoleManager) InitializeDomainId() error { +func (manager *SRoleManager) initializeDomainId() error { q := manager.Query().Equals("domain_id", ROLE_DEFAULT_DOMAIN_ID) roles := make([]SRole, 0) err := db.FetchModelObjects(manager, q, &roles) @@ -91,6 +121,34 @@ func (manager *SRoleManager) InitializeDomainId() error { return nil } +func (manager *SRoleManager) initSysRole() error { + q := manager.Query().Equals("name", options.Options.AdminRoleName) + q = q.Equals("domain_id", options.Options.AdminRoleDomainId) + cnt, err := q.CountWithError() + if err != nil { + return errors.WithMessage(err, "query") + } + if cnt == 1 { + return nil + } + if cnt > 2 { + // ??? + log.Fatalf("duplicate system role???") + } + // insert + role := SRole{} + role.Name = options.Options.AdminRoleName + role.DomainId = options.Options.AdminRoleDomainId + role.Description = "Boostrap system default admin role" + role.SetModelManager(manager) + + err = manager.TableSpec().Insert(&role) + if err != nil { + return errors.WithMessage(err, "insert") + } + return nil +} + func (role *SRole) GetUserCount() (int, error) { q := AssignmentManager.fetchRoleUserIdsQuery(role.Id) return q.CountWithError() @@ -113,6 +171,10 @@ func (role *SRole) ValidateUpdateData(ctx context.Context, userCred mcclient.Tok return role.SIdentityBaseResource.ValidateUpdateData(ctx, userCred, query, data) } +func (role *SRole) IsSystemRole() bool { + return role.Name == options.Options.AdminRoleName && role.DomainId == options.Options.AdminRoleDomainId +} + func (role *SRole) ValidateDeleteCondition(ctx context.Context) error { usrCnt, _ := role.GetUserCount() if usrCnt > 0 { @@ -122,6 +184,9 @@ func (role *SRole) ValidateDeleteCondition(ctx context.Context) error { if grpCnt > 0 { return httperrors.NewNotEmptyError("role is being assigned to group") } + if role.IsSystemRole() { + return httperrors.NewForbiddenError("cannot delete system role") + } return role.SIdentityBaseResource.ValidateDeleteCondition(ctx) } @@ -239,3 +304,43 @@ func (role *SRole) DeleteInContext(ctx context.Context, userCred mcclient.TokenC return nil, httperrors.NewInputParameterError("not supported secondary update context %s", ctxObjs[0].Keyword()) } } + +func (manager *SRoleManager) FetchRoleByName(roleName string, domainId, domainName string) (*SRole, error) { + obj, err := db.NewModelObject(manager) + if err != nil { + return nil, err + } + domain, err := DomainManager.FetchDomain(domainId, domainName) + if err != nil { + return nil, err + } + q := manager.Query().Equals("name", roleName).Equals("domain_id", domain.Id) + err = q.First(obj) + if err != nil { + return nil, err + } + return obj.(*SRole), err +} + +func (manager *SRoleManager) FetchRoleById(roleId string) (*SRole, error) { + obj, err := db.NewModelObject(manager) + if err != nil { + return nil, err + } + q := manager.Query().Equals("id", roleId) + err = q.First(obj) + if err != nil { + return nil, err + } + return obj.(*SRole), err +} + +func (manager *SRoleManager) FetchRole(roleId, roleName string, domainId, domainName string) (*SRole, error) { + if len(roleId) > 0 { + return manager.FetchRoleById(roleId) + } + if len(roleName) > 0 { + return manager.FetchRoleByName(roleName, domainId, domainName) + } + return nil, fmt.Errorf("no role Id or name provided") +} diff --git a/pkg/keystone/models/services.go b/pkg/keystone/models/services.go index 274972b8a4..75a7b77682 100644 --- a/pkg/keystone/models/services.go +++ b/pkg/keystone/models/services.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/keystone/models/user_group_memberships.go b/pkg/keystone/models/user_group_memberships.go index cfc321c150..fd3e0ce92c 100644 --- a/pkg/keystone/models/user_group_memberships.go +++ b/pkg/keystone/models/user_group_memberships.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( diff --git a/pkg/keystone/models/user_option.go b/pkg/keystone/models/user_option.go index 5691878852..6e773b6726 100644 --- a/pkg/keystone/models/user_option.go +++ b/pkg/keystone/models/user_option.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import "yunion.io/x/onecloud/pkg/cloudcommon/db" diff --git a/pkg/keystone/models/users.go b/pkg/keystone/models/users.go index ff98dc3764..1f1c1176cd 100644 --- a/pkg/keystone/models/users.go +++ b/pkg/keystone/models/users.go @@ -1,16 +1,32 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package models import ( + "context" + "database/sql" "fmt" "time" + "github.com/pkg/errors" + + "yunion.io/x/jsonutils" + "yunion.io/x/log" + "yunion.io/x/pkg/tristate" "yunion.io/x/sqlchemy" - "context" - "database/sql" - "yunion.io/x/jsonutils" - - "yunion.io/x/log" api "yunion.io/x/onecloud/pkg/apis/identity" "yunion.io/x/onecloud/pkg/cloudcommon/db" "yunion.io/x/onecloud/pkg/httperrors" @@ -94,6 +110,39 @@ func (manager *SUserManager) InitializeData() error { return nil }) } + return manager.initSysUser() +} + +func (manager *SUserManager) initSysUser() error { + q := manager.Query().Equals("name", options.Options.AdminUserName) + q = q.Equals("domain_id", options.Options.AdminUserDomainId) + cnt, err := q.CountWithError() + if err != nil { + return errors.WithMessage(err, "query") + } + if cnt == 1 { + return nil + } + if cnt > 2 { + // ??? + log.Fatalf("duplicate sysadmin account???") + } + // insert + usr := SUser{} + usr.Name = options.Options.AdminUserName + usr.DomainId = options.Options.AdminUserDomainId + usr.Enabled = tristate.True + usr.Description = "Boostrap system default admin user" + usr.SetModelManager(manager) + + err = manager.TableSpec().Insert(&usr) + if err != nil { + return errors.WithMessage(err, "insert") + } + err = usr.initLocalData(options.Options.BootstrapAdminUserPassword) + if err != nil { + return errors.WithMessage(err, "initLocalData") + } return nil } @@ -303,22 +352,29 @@ func userExtra(user *SUser, extra *jsonutils.JSONDict) *jsonutils.JSONDict { return extra } -func (user *SUser) PostCreate(ctx context.Context, userCred mcclient.TokenCredential, ownerProjId string, query jsonutils.JSONObject, data jsonutils.JSONObject) { - user.SEnabledIdentityBaseResource.PostCreate(ctx, userCred, ownerProjId, query, data) - +func (user *SUser) initLocalData(passwd string) error { localUsr, err := LocalUserManager.register(user.Id, user.DomainId, user.Name) if err != nil { - log.Errorf("fail to register localUser %s", err) - return + return errors.WithMessage(err, "register localuser") } - passwd, _ := data.GetString("password") if len(passwd) > 0 { err = PasswordManager.savePassword(localUsr.Id, passwd) if err != nil { - log.Errorf("fail to set password %s", err) - return + return errors.WithMessage(err, "save password") } } + return nil +} + +func (user *SUser) PostCreate(ctx context.Context, userCred mcclient.TokenCredential, ownerProjId string, query jsonutils.JSONObject, data jsonutils.JSONObject) { + user.SEnabledIdentityBaseResource.PostCreate(ctx, userCred, ownerProjId, query, data) + + passwd, _ := data.GetString("password") + err := user.initLocalData(passwd) + if err != nil { + log.Errorf("fail to register localUser %s", err) + return + } } func (user *SUser) PostUpdate(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, data jsonutils.JSONObject) { @@ -348,6 +404,9 @@ func (user *SUser) ValidateDeleteCondition(ctx context.Context) error { if prjCnt > 0 { return httperrors.NewNotEmptyError("user joins project") } + if user.IsAdminUser() { + return httperrors.NewForbiddenError("cannot delete system user") + } return user.SIdentityBaseResource.ValidateDeleteCondition(ctx) } diff --git a/pkg/keystone/options/doc.go b/pkg/keystone/options/doc.go new file mode 100644 index 0000000000..b21b779741 --- /dev/null +++ b/pkg/keystone/options/doc.go @@ -0,0 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package options // import "yunion.io/x/onecloud/pkg/keystone/options" diff --git a/pkg/keystone/options/options.go b/pkg/keystone/options/options.go index 13f877b20e..1fa5c24566 100644 --- a/pkg/keystone/options/options.go +++ b/pkg/keystone/options/options.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package options import ( @@ -19,6 +33,10 @@ type SKeystoneOptions struct { AdminUserDomainId string `help:"Domain id of administrative user" default:"default"` AdminProjectName string `help:"Administrative project name" default:"system"` AdminProjectDomainId string `help:"Domain id of administrative project" default:"default"` + AdminRoleName string `help:"Administrative user role" default:"admin"` + AdminRoleDomainId string `help:"Domain id of administrative role" default:"default"` + + BootstrapAdminUserPassword string `help:"bootstreap sysadmin user password" default:"sysadmin"` } var ( diff --git a/pkg/keystone/service/doc.go b/pkg/keystone/service/doc.go new file mode 100644 index 0000000000..86fcf260c3 --- /dev/null +++ b/pkg/keystone/service/doc.go @@ -0,0 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package service // import "yunion.io/x/onecloud/pkg/keystone/service" diff --git a/pkg/keystone/service/handlers.go b/pkg/keystone/service/handlers.go index c72873b0e1..79d7436106 100644 --- a/pkg/keystone/service/handlers.go +++ b/pkg/keystone/service/handlers.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package service import ( diff --git a/pkg/keystone/service/localpolicy.go b/pkg/keystone/service/localpolicy.go index 21a2195518..fa7a81fbe1 100644 --- a/pkg/keystone/service/localpolicy.go +++ b/pkg/keystone/service/localpolicy.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package service import ( diff --git a/pkg/keystone/service/service.go b/pkg/keystone/service/service.go index 3e8f51725a..0c1de2babf 100644 --- a/pkg/keystone/service/service.go +++ b/pkg/keystone/service/service.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package service import ( @@ -19,6 +33,7 @@ import ( "yunion.io/x/onecloud/pkg/keystone/options" "yunion.io/x/onecloud/pkg/keystone/tokens" "yunion.io/x/onecloud/pkg/mcclient/auth" + "yunion.io/x/onecloud/pkg/util/rbacutils" ) func keystoneUUIDGenerator() string { @@ -53,6 +68,39 @@ func StartService() { models.InitDB() app_common.InitBaseAuth(commonOpts) + // register bootstrap default policy + defaultAdminPolicy := rbacutils.SRbacPolicy{ + IsAdmin: true, + Projects: []string{options.Options.AdminProjectName}, + Roles: []string{options.Options.AdminRoleName}, + Rules: []rbacutils.SRbacRule{ + { + Service: api.SERVICE_TYPE, + Resource: "policies", + Action: policy.PolicyActionCreate, + Result: rbacutils.AdminAllow, + }, + { + Service: api.SERVICE_TYPE, + Resource: "policies", + Action: policy.PolicyActionList, + Result: rbacutils.AdminAllow, + }, + { + Service: api.SERVICE_TYPE, + Resource: "policies", + Action: policy.PolicyActionUpdate, + Result: rbacutils.AdminAllow, + }, + { + Service: api.SERVICE_TYPE, + Resource: "policies", + Action: policy.PolicyActionGet, + Result: rbacutils.AdminAllow, + }, + }, + } + policy.PolicyManager.RegisterDefaultAdminPolicy(&defaultAdminPolicy) // cron := cronman.GetCronJobManager(true) // cron.AddJob1("CleanPendingDeleteImages", time.Duration(options.Options.PendingDeleteCheckSeconds)*time.Second, models.ImageManager.CleanPendingDeleteImages) diff --git a/pkg/keystone/tokens/auth.go b/pkg/keystone/tokens/auth.go index c099fc3afe..e670d9526d 100644 --- a/pkg/keystone/tokens/auth.go +++ b/pkg/keystone/tokens/auth.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package tokens import ( diff --git a/pkg/keystone/tokens/authmethods.go b/pkg/keystone/tokens/authmethods.go index 92acf756bb..2b283e5f1b 100644 --- a/pkg/keystone/tokens/authmethods.go +++ b/pkg/keystone/tokens/authmethods.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package tokens import ( diff --git a/pkg/keystone/tokens/doc.go b/pkg/keystone/tokens/doc.go new file mode 100644 index 0000000000..8ef5346eb7 --- /dev/null +++ b/pkg/keystone/tokens/doc.go @@ -0,0 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package tokens // import "yunion.io/x/onecloud/pkg/keystone/tokens" diff --git a/pkg/keystone/tokens/handlers.go b/pkg/keystone/tokens/handlers.go index febec18dd8..fa60a422c5 100644 --- a/pkg/keystone/tokens/handlers.go +++ b/pkg/keystone/tokens/handlers.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package tokens import ( diff --git a/pkg/keystone/tokens/payloads.go b/pkg/keystone/tokens/payloads.go index cdaa74e406..8788ad6768 100644 --- a/pkg/keystone/tokens/payloads.go +++ b/pkg/keystone/tokens/payloads.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package tokens import ( diff --git a/pkg/keystone/tokens/token.go b/pkg/keystone/tokens/token.go index 6d2075480f..1438b82fd8 100644 --- a/pkg/keystone/tokens/token.go +++ b/pkg/keystone/tokens/token.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package tokens import ( @@ -114,10 +128,12 @@ func (t *SAuthToken) GetSimpleUserCred(token string) (mcclient.TokenCredential, return nil, err } ret := mcclient.SSimpleToken{ - Token: token, - UserId: t.UserId, - User: userExt.Name, - Expires: t.ExpiresAt, + Token: token, + UserId: t.UserId, + User: userExt.Name, + Domain: userExt.DomainName, + DomainId: userExt.DomainId, + Expires: t.ExpiresAt, } var roles []models.SRole if len(t.ProjectId) > 0 { @@ -127,15 +143,16 @@ func (t *SAuthToken) GetSimpleUserCred(token string) (mcclient.TokenCredential, } ret.ProjectId = t.ProjectId ret.Project = proj.Name + ret.ProjectDomainId = proj.DomainId + ret.ProjectDomain = proj.GetDomain().Name roles, err = models.AssignmentManager.FetchUserProjectRoles(t.UserId, t.ProjectId) } else if len(t.DomainId) > 0 { domain, err := models.DomainManager.FetchDomainById(t.DomainId) if err != nil { return nil, err } - - ret.DomainId = t.DomainId - ret.Domain = domain.Name + ret.ProjectDomainId = t.DomainId + ret.ProjectDomain = domain.Name roles, err = models.AssignmentManager.FetchUserProjectRoles(t.UserId, t.DomainId) } roleStrs := make([]string, len(roles)) diff --git a/pkg/keystone/tokens/token_test.go b/pkg/keystone/tokens/token_test.go index fb1bd5d5ce..636dabdd7d 100644 --- a/pkg/keystone/tokens/token_test.go +++ b/pkg/keystone/tokens/token_test.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package tokens import ( diff --git a/pkg/keystone/tokens/verify.go b/pkg/keystone/tokens/verify.go index 41cb102ba8..b91a450b68 100644 --- a/pkg/keystone/tokens/verify.go +++ b/pkg/keystone/tokens/verify.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package tokens import ( diff --git a/pkg/keystone/usages/doc.go b/pkg/keystone/usages/doc.go new file mode 100644 index 0000000000..061d7cb4df --- /dev/null +++ b/pkg/keystone/usages/doc.go @@ -0,0 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package usages // import "yunion.io/x/onecloud/pkg/keystone/usages" diff --git a/pkg/keystone/usages/handler.go b/pkg/keystone/usages/handler.go index 355b8fa6ca..c43f6f4587 100644 --- a/pkg/keystone/usages/handler.go +++ b/pkg/keystone/usages/handler.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package usages import ( diff --git a/pkg/logger/service/service.go b/pkg/logger/service/service.go index 1a2604d9ca..d406bc9ac0 100644 --- a/pkg/logger/service/service.go +++ b/pkg/logger/service/service.go @@ -39,6 +39,7 @@ func StartService() { consts.DisableOpsLog() opts := &options.Options + baseOpts := &opts.BaseOptions commonOpts := &opts.CommonOptions dbOpts := &opts.DBOptions common_options.ParseOptions(opts, os.Args, "log.conf", SERVICE_TYPE) @@ -52,7 +53,7 @@ func StartService() { models.StartNotifyToWebsocketWorker() - app := app_common.InitApp(commonOpts, true) + app := app_common.InitApp(baseOpts, true) cloudcommon.AppDBInit(app) initHandlers(app) @@ -60,5 +61,5 @@ func StartService() { log.Fatalf("database schema not in sync!") } - app_common.ServeForever(app, commonOpts) + app_common.ServeForever(app, baseOpts) } diff --git a/pkg/mcclient/input.go b/pkg/mcclient/input.go index 929e240eae..1a9b708afc 100644 --- a/pkg/mcclient/input.go +++ b/pkg/mcclient/input.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package mcclient type SAuthenticationInputV2 struct { diff --git a/pkg/mcclient/mcclient.go b/pkg/mcclient/mcclient.go index 9935a34455..731a1e57e0 100644 --- a/pkg/mcclient/mcclient.go +++ b/pkg/mcclient/mcclient.go @@ -320,127 +320,3 @@ func (this *Client) NewSession(ctx context.Context, region, zone, endpointType s Header: http.Header{}, } } - -/* -func (this *Client) fetchTenants(Token string) error { - _, body, err := this.jsonRequest(this.authUrl, Token, "GET", "/tenants", nil, nil) - if err != nil { - return fmt.Errorf("Fetch tenant error: %s", err) - } - tarr, err := body.GetArray("tenant") - if err != nil { - return fmt.Errorf("Invalid response: %s", err) - } - for _, t := range tarr { - id, err := t.GetString("id") - if err != nil { - return fmt.Errorf("Invalid tenant: %s", err) - } - name, err := t.GetString("name") - if err != nil { - return fmt.Errorf("Invalid tenant: %s", err) - } - this.tenantsManager.Add(id, name) - } - return nil -} - -func (this *Client) SetTenant(tenantId, tenantName string) error { - tenant := this.tenantsManager.GetTenant(tenantId, tenantName) - if tenant == nil { - return this.authenticate(tenantId, tenantName) - }else { - this.defaultTenant = tenant - return nil - } -} - -func (this *Client) GetTenants() ([]KeystoneTenant, error) { - err := this.authenticate("", "") - return []KeystoneTenant(this.tenantsManager), err -} - -func (this *Client) getMatchEndpoint(eplist []Endpoint) (*Endpoint, error) { - if len(this.region) == 0 { - if len(eplist) == 1 { - return &eplist[0], nil - }else if len(eplist) > 1 { - return nil, fmt.Errorf("Need to specify OS_REGION_NAME") - }else { - return nil, fmt.Errorf("Empty endpoints") - } - }else { - var match, matchZone, matchRegion *Endpoint = nil, nil, nil - region := this.region - zone := fmt.Sprintf("%s/%s", this.region, this.zone) - for _, ep := range eplist { - switch ep.Region { - case zone: - matchZone = &ep - case region: - matchRegion = &ep - } - } - if matchZone != nil { - match = matchZone - }else if matchRegion != nil { - match = matchRegion - } - if match != nil { - return match, nil - }else { - return nil, fmt.Errorf("No match endpoint") - } - } -} - -func (this *Client) GetEndpoint(service string) (string, error) { - for _, srv := range this.serviceCatalog { - if srv.Type == service { - ep, err := this.getMatchEndpoint(srv.Endpoints) - if err != nil { - return "", err - }else { - switch this.endpointType { - case "adminURL": - return ep.AdminURL, nil - case "internalURL": - return ep.InternalURL, nil - default: - return ep.PublicURL, nil - } - } - } - } - return "", fmt.Errorf("%s not found", service) -} - -func (this *Client) RequestService(method string, service string, requrl string, body jsonutils.JSONObject) (jsonutils.JSONObject, error) { - ep, err := this.GetEndpoint(service) - if err != nil { - return nil, err - } - Token := this.defaultTenant.Token.Id - _, rbody, err := this.json_request(ep, Token, method, requrl, nil, body) - return rbody, err -} - -func (this *Client) IsSystemAdmin() bool { - if this.defaultTenant != nil { - return this.defaultTenant.isSystemAdmin() - } - return false -} - -func (this *KeystoneTenant) isSystemAdmin() bool { - if this.Name != "system" { - return false - } - for _, r := range this.User.Roles { - if r.Name == "admin" { - return true - } - } - return false -} -*/ diff --git a/pkg/mcclient/modules/mod_copyright.go b/pkg/mcclient/modules/mod_copyright.go index fb09cb1b84..c9da808316 100644 --- a/pkg/mcclient/modules/mod_copyright.go +++ b/pkg/mcclient/modules/mod_copyright.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package modules type CopyrightManager struct { diff --git a/pkg/mcclient/modules/mod_nodealert.go b/pkg/mcclient/modules/mod_nodealert.go index 3c2ca8d3d5..c56bab1046 100644 --- a/pkg/mcclient/modules/mod_nodealert.go +++ b/pkg/mcclient/modules/mod_nodealert.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package modules var ( diff --git a/pkg/mcclient/modules/mod_policies.go b/pkg/mcclient/modules/mod_policies.go index b866c566bc..f3fbd01360 100644 --- a/pkg/mcclient/modules/mod_policies.go +++ b/pkg/mcclient/modules/mod_policies.go @@ -31,7 +31,7 @@ var Policies SPolicyManager func policyReadFilter(session *mcclient.ClientSession, s jsonutils.JSONObject, query jsonutils.JSONObject) (jsonutils.JSONObject, error) { ss := s.(*jsonutils.JSONDict) - ret := ss.CopyIncludes("id", "type") + ret := ss.CopyIncludes("id", "type", "enabled") blobStr, _ := ss.GetString("blob") if len(blobStr) > 0 { for blobStr[0] == '"' { @@ -89,12 +89,19 @@ func policyWriteFilter(session *mcclient.ClientSession, s jsonutils.JSONObject, } ret.Add(jsonutils.NewString(typeStr), "type") } + if s.Contains("enabled") { + enabled, err := s.Get("enabled") + if err != nil { + return nil, err + } + ret.Add(enabled, "enabled") + } return ret, nil } func init() { Policies = SPolicyManager{NewIdentityV3Manager("policy", "policies", - []string{"id", "type", "policy"}, + []string{"id", "type", "policy", "enabled"}, []string{})} Policies.SetReadFilter(policyReadFilter).SetWriteFilter(policyWriteFilter).SetNameField("type") diff --git a/pkg/mcclient/rand.go b/pkg/mcclient/rand.go index 0633652145..703baf589f 100644 --- a/pkg/mcclient/rand.go +++ b/pkg/mcclient/rand.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package mcclient import ( diff --git a/pkg/mcclient/session.go b/pkg/mcclient/session.go index 309429a8bd..3f2b327b3f 100644 --- a/pkg/mcclient/session.go +++ b/pkg/mcclient/session.go @@ -144,6 +144,9 @@ func (this *ClientSession) GetServiceVersionURL(service, endpointType, apiVersio if err != nil { url, err = this.client.serviceCatalog.GetServiceURL(service, this.region, this.zone, endpointType) } + if err != nil && service == api.SERVICE_TYPE { + return this.client.authUrl, nil + } return url, err } @@ -161,6 +164,9 @@ func (this *ClientSession) GetServiceVersionURLs(service, endpointType, apiVersi if err != nil { urls, err = this.client.serviceCatalog.GetServiceURLs(service, this.region, this.zone, endpointType) } + if err != nil && service == api.SERVICE_TYPE { + return []string{this.client.authUrl}, nil + } return urls, err } diff --git a/pkg/scheduler/algorithm/predicates/network_schedtag_predicate.go b/pkg/scheduler/algorithm/predicates/network_schedtag_predicate.go index 1485d875ee..41adcd756c 100644 --- a/pkg/scheduler/algorithm/predicates/network_schedtag_predicate.go +++ b/pkg/scheduler/algorithm/predicates/network_schedtag_predicate.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package predicates import ( diff --git a/pkg/util/atexit/atexit.go b/pkg/util/atexit/atexit.go index 38efa8c65d..df6157fa9c 100644 --- a/pkg/util/atexit/atexit.go +++ b/pkg/util/atexit/atexit.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package atexit import ( diff --git a/pkg/util/atexit/atexit_test.go b/pkg/util/atexit/atexit_test.go index b2a69c8948..7bf890e7ca 100644 --- a/pkg/util/atexit/atexit_test.go +++ b/pkg/util/atexit/atexit_test.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package atexit import ( diff --git a/pkg/util/atexit/const.go b/pkg/util/atexit/const.go index 8bed426fc3..47c4ff55c2 100644 --- a/pkg/util/atexit/const.go +++ b/pkg/util/atexit/const.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package atexit const ( diff --git a/pkg/util/atexit/doc.go b/pkg/util/atexit/doc.go index 5d4b49534f..1e1c55e0d0 100644 --- a/pkg/util/atexit/doc.go +++ b/pkg/util/atexit/doc.go @@ -1 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package atexit // import "yunion.io/x/onecloud/pkg/util/atexit" diff --git a/pkg/util/aws/shell/s3.go b/pkg/util/aws/shell/s3.go index d84d010e0a..c5be520990 100644 --- a/pkg/util/aws/shell/s3.go +++ b/pkg/util/aws/shell/s3.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/pkg/util/dhcp/conn.go b/pkg/util/dhcp/conn.go index 4a4cb0ef78..a43a3ffb98 100644 --- a/pkg/util/dhcp/conn.go +++ b/pkg/util/dhcp/conn.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + // Copyright 2019 Yunion // Copyright 2016 Google Inc. // diff --git a/pkg/util/dhcp/conn_linux.go b/pkg/util/dhcp/conn_linux.go index 446cd470a0..b1c8d1768c 100644 --- a/pkg/util/dhcp/conn_linux.go +++ b/pkg/util/dhcp/conn_linux.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + // Copyright 2019 Yunion // Copyright 2016 Google Inc. // diff --git a/pkg/util/dhcp/conn_unsupported.go b/pkg/util/dhcp/conn_unsupported.go index d27bc49eec..327c1e8b24 100644 --- a/pkg/util/dhcp/conn_unsupported.go +++ b/pkg/util/dhcp/conn_unsupported.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + // Copyright 2019 Yunion // Copyright 2016 Google Inc. // diff --git a/pkg/util/dhcp/doc.go b/pkg/util/dhcp/doc.go index 577cdf06df..939e548915 100644 --- a/pkg/util/dhcp/doc.go +++ b/pkg/util/dhcp/doc.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + // Copyright 2019 Yunion // Copyright 2016 Google Inc. // diff --git a/pkg/util/fernetool/doc.go b/pkg/util/fernetool/doc.go new file mode 100644 index 0000000000..f53c588e19 --- /dev/null +++ b/pkg/util/fernetool/doc.go @@ -0,0 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fernetool // import "yunion.io/x/onecloud/pkg/util/fernetool" diff --git a/pkg/util/fernetool/fernet.go b/pkg/util/fernetool/fernet.go index 5bf15e7fcc..236dfdb82f 100644 --- a/pkg/util/fernetool/fernet.go +++ b/pkg/util/fernetool/fernet.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package fernetool import ( diff --git a/pkg/util/fernetool/fernet_test.go b/pkg/util/fernetool/fernet_test.go index 27c75bb1b3..79a78febea 100644 --- a/pkg/util/fernetool/fernet_test.go +++ b/pkg/util/fernetool/fernet_test.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package fernetool import ( diff --git a/pkg/util/ldaputils/doc.go b/pkg/util/ldaputils/doc.go new file mode 100644 index 0000000000..b2c3657fb6 --- /dev/null +++ b/pkg/util/ldaputils/doc.go @@ -0,0 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ldaputils // import "yunion.io/x/onecloud/pkg/util/ldaputils" diff --git a/pkg/util/ldaputils/ldaputils.go b/pkg/util/ldaputils/ldaputils.go index 0936608e4b..b4aad2d82a 100644 --- a/pkg/util/ldaputils/ldaputils.go +++ b/pkg/util/ldaputils/ldaputils.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package ldaputils import ( diff --git a/pkg/util/stringutils2/sortedstrings.go b/pkg/util/stringutils2/sortedstrings.go index 0dd70fff5c..17eed8d07d 100644 --- a/pkg/util/stringutils2/sortedstrings.go +++ b/pkg/util/stringutils2/sortedstrings.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package stringutils2 import ( diff --git a/pkg/util/stringutils2/sortedstrings_test.go b/pkg/util/stringutils2/sortedstrings_test.go index 28b1b803ac..70985479a4 100644 --- a/pkg/util/stringutils2/sortedstrings_test.go +++ b/pkg/util/stringutils2/sortedstrings_test.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package stringutils2 import ( diff --git a/pkg/util/sysutils/hostname.go b/pkg/util/sysutils/hostname.go index 51d8ac9a80..4c7c561f16 100644 --- a/pkg/util/sysutils/hostname.go +++ b/pkg/util/sysutils/hostname.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package sysutils import ( diff --git a/pkg/util/sysutils/kvm.go b/pkg/util/sysutils/kvm.go index a37a72b485..94417d5f17 100644 --- a/pkg/util/sysutils/kvm.go +++ b/pkg/util/sysutils/kvm.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package sysutils import ( diff --git a/pkg/util/tftp/tftp.go b/pkg/util/tftp/tftp.go index 625604a9f9..2ff5ead986 100644 --- a/pkg/util/tftp/tftp.go +++ b/pkg/util/tftp/tftp.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + // Copyright 2019 Yunion // Copyright 2016 Google Inc. // diff --git a/pkg/util/ucloud/shell/disk.go b/pkg/util/ucloud/shell/disk.go index d954b087cc..39c6c0c9d1 100644 --- a/pkg/util/ucloud/shell/disk.go +++ b/pkg/util/ucloud/shell/disk.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/pkg/util/ucloud/shell/doc.go b/pkg/util/ucloud/shell/doc.go index 71ea030888..077bc31c21 100644 --- a/pkg/util/ucloud/shell/doc.go +++ b/pkg/util/ucloud/shell/doc.go @@ -1 +1,15 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell // import "yunion.io/x/onecloud/pkg/util/ucloud/shell" diff --git a/pkg/util/ucloud/shell/eip.go b/pkg/util/ucloud/shell/eip.go index 6cff306c96..60708bcda6 100644 --- a/pkg/util/ucloud/shell/eip.go +++ b/pkg/util/ucloud/shell/eip.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/pkg/util/ucloud/shell/image.go b/pkg/util/ucloud/shell/image.go index 02ac582cbf..75c05191c2 100644 --- a/pkg/util/ucloud/shell/image.go +++ b/pkg/util/ucloud/shell/image.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/pkg/util/ucloud/shell/instance.go b/pkg/util/ucloud/shell/instance.go index 573cb0ff69..b272df5dd6 100644 --- a/pkg/util/ucloud/shell/instance.go +++ b/pkg/util/ucloud/shell/instance.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/pkg/util/ucloud/shell/network.go b/pkg/util/ucloud/shell/network.go index 11bbcaed5c..e60afe3203 100644 --- a/pkg/util/ucloud/shell/network.go +++ b/pkg/util/ucloud/shell/network.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/pkg/util/ucloud/shell/printutils.go b/pkg/util/ucloud/shell/printutils.go index 6d573bce88..1b46ec704a 100644 --- a/pkg/util/ucloud/shell/printutils.go +++ b/pkg/util/ucloud/shell/printutils.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import "yunion.io/x/onecloud/pkg/util/printutils" diff --git a/pkg/util/ucloud/shell/region.go b/pkg/util/ucloud/shell/region.go index c003cb3df6..e9c628627f 100644 --- a/pkg/util/ucloud/shell/region.go +++ b/pkg/util/ucloud/shell/region.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/pkg/util/ucloud/shell/secgroup.go b/pkg/util/ucloud/shell/secgroup.go index bddb9aaaf0..ae91578037 100644 --- a/pkg/util/ucloud/shell/secgroup.go +++ b/pkg/util/ucloud/shell/secgroup.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/pkg/util/ucloud/shell/snapshot.go b/pkg/util/ucloud/shell/snapshot.go index 7a037be028..c5bbc78ae6 100644 --- a/pkg/util/ucloud/shell/snapshot.go +++ b/pkg/util/ucloud/shell/snapshot.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/pkg/util/ucloud/shell/vpc.go b/pkg/util/ucloud/shell/vpc.go index c372362bfe..bb80c3867f 100644 --- a/pkg/util/ucloud/shell/vpc.go +++ b/pkg/util/ucloud/shell/vpc.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/pkg/util/ucloud/shell/zone.go b/pkg/util/ucloud/shell/zone.go index e4cb0b0580..a7cb3c235d 100644 --- a/pkg/util/ucloud/shell/zone.go +++ b/pkg/util/ucloud/shell/zone.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package shell import ( diff --git a/pkg/util/ucloud/ufile.go b/pkg/util/ucloud/ufile.go index a572562378..0102dec1d0 100644 --- a/pkg/util/ucloud/ufile.go +++ b/pkg/util/ucloud/ufile.go @@ -1,3 +1,17 @@ +// Copyright 2019 Yunion +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package ucloud import ( diff --git a/pkg/webconsole/service/service.go b/pkg/webconsole/service/service.go index a5d1060fc6..4b8c833dd6 100644 --- a/pkg/webconsole/service/service.go +++ b/pkg/webconsole/service/service.go @@ -63,8 +63,9 @@ func StartService() { } func start() { - commonOpts := &o.Options.CommonOptions - app := app_common.InitApp(commonOpts, false) + baseOpts := &o.Options.BaseOptions + // commonOpts := &o.Options.CommonOptions + app := app_common.InitApp(baseOpts, false) webconsole.InitHandlers(app) root := mux.NewRouter() diff --git a/pkg/yunionconf/service/service.go b/pkg/yunionconf/service/service.go index 4b67b22b23..0619b13686 100644 --- a/pkg/yunionconf/service/service.go +++ b/pkg/yunionconf/service/service.go @@ -34,6 +34,7 @@ import ( func StartService() { opts := &options.Options + baseOpts := &options.Options.BaseOptions commonOpts := &options.Options.CommonOptions dbOpts := &options.Options.DBOptions common_options.ParseOptions(opts, os.Args, "yunionconf.conf", "yunionconf") @@ -47,14 +48,14 @@ func StartService() { cloudcommon.InitDB(dbOpts) - app := app_common.InitApp(commonOpts, true) + app := app_common.InitApp(baseOpts, true) yunionconf.InitHandlers(app) cloudcommon.AppDBInit(app) if db.CheckSync(opts.AutoSyncTable) { err := models.InitDB() if err == nil { - app_common.ServeForeverWithCleanup(app, commonOpts, func() { + app_common.ServeForeverWithCleanup(app, baseOpts, func() { cloudcommon.CloseDB() }) } else { diff --git a/scripts/rbac/projectowner.yaml b/scripts/rbac/projectowner.yaml index b1d82b6dd2..120456273f 100644 --- a/scripts/rbac/projectowner.yaml +++ b/scripts/rbac/projectowner.yaml @@ -1,5 +1,6 @@ # rbac for project owner, not allow for delete -condition: roles.contains("project_owner") +roles: + - project_owner is_admin: false policy: *: diff --git a/scripts/rbac/sysadmin.yaml b/scripts/rbac/sysadmin.yaml index 61ddf503ec..0f4e6e429d 100644 --- a/scripts/rbac/sysadmin.yaml +++ b/scripts/rbac/sysadmin.yaml @@ -1,5 +1,8 @@ # rbac for sysadmin -condition: tenant=="system" && roles.contains("admin") +projects: + - system +roles: + - admin is_admin: true policy: *: allow