Automatic merge from release/2.7.0 -> release/2.8.0

* commit 'e0f5adfc3a78dcbfcf88b5fc95aac4e56020c6e0':
  fix: validate IPMI address if it is given

pkg/compute/models/guests.go

@@ -410,48 +410,6 @@ func (manager *SGuestManager) ListItemFilter(ctx context.Context, q *sqlchemy.SQ
 		}
 	}
 
-	/*managerFilter, _ := queryDict.GetString("manager")
-	if len(managerFilter) > 0 {
-		managerI, _ := CloudproviderManager.FetchByIdOrName(userCred, managerFilter)
-		if managerI == nil {
-			return nil, httperrors.NewResourceNotFoundError("cloud provider %s not found", managerFilter)
-		}
-		hosts := HostManager.Query().SubQuery()
-		sq := hosts.Query(hosts.Field("id")).Equals("manager_id", managerI.GetId()).SubQuery()
-		q = q.In("host_id", sq)
-	}
-
-	accountStr := jsonutils.GetAnyString(query, []string{"account", "account_id", "cloudaccount", "cloudaccount_id"})
-	if len(accountStr) > 0 {
-		account, err := CloudaccountManager.FetchByIdOrName(nil, accountStr)
-		if err != nil {
-			if err == sql.ErrNoRows {
-				return nil, httperrors.NewResourceNotFoundError2(CloudaccountManager.Keyword(), accountStr)
-			}
-			return nil, httperrors.NewGeneralError(err)
-		}
-		hosts := HostManager.Query().SubQuery()
-		cloudproviders := CloudproviderManager.Query().SubQuery()
-
-		subq := hosts.Query(hosts.Field("id"))
-		subq = subq.Join(cloudproviders, sqlchemy.Equals(cloudproviders.Field("id"), hosts.Field("manager_id")))
-		subq = subq.Filter(sqlchemy.Equals(cloudproviders.Field("cloudaccount_id"), account.GetId()))
-
-		q = q.Filter(sqlchemy.In(q.Field("host_id"), subq.SubQuery()))
-	}
-
-	providerStr := jsonutils.GetAnyString(query, []string{"provider"})
-	if len(providerStr) > 0 {
-		hosts := HostManager.Query().SubQuery()
-		cloudproviders := CloudproviderManager.Query().SubQuery()
-
-		subq := hosts.Query(hosts.Field("id"))
-		subq = subq.Join(cloudproviders, sqlchemy.Equals(cloudproviders.Field("id"), hosts.Field("manager_id")))
-		subq = subq.Filter(sqlchemy.Equals(cloudproviders.Field("provider"), providerStr))
-
-		q = q.Filter(sqlchemy.In(q.Field("host_id"), subq.SubQuery()))
-	}*/
-
 	regionFilter, _ := queryDict.GetString("region")
 	if len(regionFilter) > 0 {
 		regionObj, err := CloudregionManager.FetchByIdOrName(userCred, regionFilter)

pkg/compute/models/hosts.go

@@ -2318,12 +2318,10 @@ func (self *SHost) GetLocalStoragecache() *SStoragecache {
 func (self *SHost) PostCreate(ctx context.Context, userCred mcclient.TokenCredential, ownerProjId string, query jsonutils.JSONObject, data jsonutils.JSONObject) {
 	self.SEnabledStatusStandaloneResourceBase.PostCreate(ctx, userCred, ownerProjId, query, data)
 	kwargs := data.(*jsonutils.JSONDict)
-	ipmiInfo, err := self.FetchIpmiInfo(kwargs)
+	ipmiInfo, err := fetchIpmiInfo(kwargs, self.Id)
 	if err != nil {
 		log.Errorln(err.Error())
-		return
-	}
-	if ipmiInfo.Length() > 0 {
+	} else if ipmiInfo.Length() > 0 {
 		_, err := self.SaveUpdates(func() error {
 			self.IpmiInfo = ipmiInfo
 			return nil
@@ -2415,6 +2413,15 @@ func (manager *SHostManager) ValidateCreateData(ctx context.Context, userCred mc
 			data.Set("mem_reserved", jsonutils.NewInt(0))
 		}
 	}
+	ipmiInfo, err := fetchIpmiInfo(data, "")
+	if err != nil {
+		log.Errorln(err.Error())
+		return nil, httperrors.NewInputParameterError("%s", err)
+	}
+	ipmiIpAddr, _ := ipmiInfo.GetString("ip_addr")
+	if len(ipmiIpAddr) > 0 && !NetworkManager.IsValidOnPremiseNetworkIP(ipmiIpAddr) {
+		return nil, httperrors.NewInputParameterError("%s is out of network IP ranges", ipmiIpAddr)
+	}
 	return manager.SEnabledStatusStandaloneResourceBaseManager.ValidateCreateData(ctx, userCred, ownerProjId, query, data)
 }
 
@@ -2450,11 +2457,15 @@ func (self *SHost) ValidateUpdateData(ctx context.Context, userCred mcclient.Tok
 	if err != nil {
 		return nil, httperrors.NewInputParameterError(err.Error())
 	}
-	ipmiInfo, err := self.FetchIpmiInfo(data)
+	ipmiInfo, err := fetchIpmiInfo(data, self.Id)
 	if err != nil {
 		return nil, err
 	}
 	if ipmiInfo.Length() > 0 {
+		ipmiIpAddr, _ := ipmiInfo.GetString("ip_addr")
+		if len(ipmiIpAddr) > 0 && !NetworkManager.IsValidOnPremiseNetworkIP(ipmiIpAddr) {
+			return nil, httperrors.NewInputParameterError("%s is out of network IP ranges", ipmiIpAddr)
+		}
 		val := jsonutils.NewDict()
 		val.Update(self.IpmiInfo)
 		val.Update(ipmiInfo)
@@ -2502,7 +2513,7 @@ func (self *SHost) GetNetifName(netif *SNetInterface) string {
 	return ""
 }
 
-func (self *SHost) FetchIpmiInfo(data *jsonutils.JSONDict) (*jsonutils.JSONDict, error) {
+func fetchIpmiInfo(data *jsonutils.JSONDict, hostId string) (*jsonutils.JSONDict, error) {
 	IPMI_KEY_PERFIX := "ipmi_"
 	ipmiInfo := jsonutils.NewDict()
 	kv, _ := data.GetMap()
@@ -2512,16 +2523,18 @@ func (self *SHost) FetchIpmiInfo(data *jsonutils.JSONDict) (*jsonutils.JSONDict,
 			value, _ := data.GetString(key)
 			subkey := key[len(IPMI_KEY_PERFIX):]
 			data.Remove(key)
-			if subkey == "password" {
-				value, err = utils.EncryptAESBase64(self.Id, value)
+			if subkey == "password" && len(hostId) > 0 {
+				value, err = utils.EncryptAESBase64(hostId, value)
 				if err != nil {
 					log.Errorf("encrypt password failed %s", err)
 					return nil, err
 				}
 			} else if subkey == "ip_addr" {
 				if !regutils.MatchIP4Addr(value) {
-					log.Errorf("%s: %s not match ip address", key, value)
-					continue
+					msg := fmt.Sprintf("%s: %s not valid ipv4 address", key, value)
+					log.Errorf(msg)
+					err = fmt.Errorf(msg)
+					return nil, err
 				}
 			}
 			ipmiInfo.Set(subkey, jsonutils.NewString(value))

pkg/compute/models/networks.go

@@ -1791,3 +1791,11 @@ func (network *SNetwork) getAllocTimoutDuration() time.Duration {
 	}
 	return time.Duration(tos) * time.Second
 }
+
+func (manager *SNetworkManager) IsValidOnPremiseNetworkIP(ipStr string) bool {
+	net, _ := manager.GetOnPremiseNetworkOfIP(ipStr, "", tristate.None)
+	if net != nil {
+		return true
+	}
+	return false
+}