bugfixes

pkg/cloudcommon/etcd/models/base/basemodel.go

@@ -19,10 +19,13 @@ import (
 
 	"yunion.io/x/jsonutils"
 
+	"yunion.io/x/onecloud/pkg/cloudcommon/object"
 	"yunion.io/x/onecloud/pkg/mcclient"
 )
 
 type SEtcdBaseModel struct {
+	object.SObject
+
 	manager IEtcdModelManager
 
 	ID string
@@ -36,8 +39,9 @@ func (model *SEtcdBaseModel) GetModelManager() IEtcdModelManager {
 	return model.manager
 }
 
-func (model *SEtcdBaseModel) SetModelManager(manager IEtcdModelManager) {
+func (model *SEtcdBaseModel) SetModelManager(manager IEtcdModelManager, virtual IEtcdModel) {
 	model.manager = manager
+	model.SetVirtualObject(virtual)
 }
 
 func (model *SEtcdBaseModel) GetId() string {

pkg/cloudcommon/etcd/models/base/interface.go

@@ -51,7 +51,7 @@ type IEtcdModel interface {
 	lockman.ILockedObject
 
 	GetModelManager() IEtcdModelManager
-	SetModelManager(IEtcdModelManager)
+	SetModelManager(IEtcdModelManager, IEtcdModel)
 
 	SetId(id string)
 

pkg/cloudcommon/object/doc.go

@@ -0,0 +1 @@
+package object // import "yunion.io/x/onecloud/pkg/cloudcommon/object"

pkg/cloudcommon/userdata/doc.go

@@ -0,0 +1 @@
+package userdata // import "yunion.io/x/onecloud/pkg/cloudcommon/userdata"

pkg/compute/models/disks.go

@@ -1129,7 +1129,7 @@ func (self *SDisk) syncWithCloudDisk(ctx context.Context, userCred mcclient.Toke
 		}
 		// self.TemplateId = extDisk.GetTemplateId() no sync template ID
 		if templateId := extDisk.GetTemplateId(); len(templateId) > 0 {
-			cachedImage, err := CachedimageManager.FetchByExternalId(templateId)
+			cachedImage, err := db.FetchByExternalId(CachedimageManager, templateId)
 			if err == nil && cachedImage != nil {
 				self.TemplateId = cachedImage.GetId()
 			}

pkg/compute/models/elasticips.go

@@ -387,7 +387,7 @@ func (manager *SElasticipManager) newFromCloudEip(ctx context.Context, userCred
 	eip.CloudregionId = region.Id
 	eip.ChargeType = extEip.GetInternetChargeType()
 	if networkId := extEip.GetINetworkId(); len(networkId) > 0 {
-		network, err := NetworkManager.FetchByExternalId(networkId)
+		network, err := db.FetchByExternalId(NetworkManager, networkId)
 		if err != nil {
 			msg := fmt.Sprintf("failed to found network by externalId %s error: %v", networkId, err)
 			log.Errorf(msg)

pkg/compute/models/guests.go

@@ -641,7 +641,7 @@ func (guest *SGuest) GetVpc() (*SVpc, error) {
 	if err != nil {
 		return nil, err
 	}
-	guestnic.SetModelManager(GuestnetworkManager)
+	guestnic.SetModelManager(GuestnetworkManager, guestnic)
 	network := guestnic.GetNetwork()
 	if network == nil {
 		return nil, fmt.Errorf("failed to found network for guest %s(%s)", guest.Name, guest.Id)

pkg/compute/models/loadbalanceracls.go

@@ -146,11 +146,10 @@ func (man *SLoadbalancerAclManager) ListItemFilter(ctx context.Context, q *sqlch
 	if err != nil {
 		return nil, err
 	}
-	userProjId := userCred.GetProjectId()
 	data := query.(*jsonutils.JSONDict)
 	q, err = validators.ApplyModelFilters(q, data, []*validators.ModelFilterOptions{
-		{Key: "cloudregion", ModelKeyword: "cloudregion", ProjectId: userProjId},
-		{Key: "manager", ModelKeyword: "cloudprovider", ProjectId: userProjId},
+		{Key: "cloudregion", ModelKeyword: "cloudregion", OwnerId: userCred},
+		{Key: "manager", ModelKeyword: "cloudprovider", OwnerId: userCred},
 	})
 	if err != nil {
 		return nil, err

pkg/compute/regiondrivers/zstack.go

@@ -51,7 +51,7 @@ func (self *SZStackRegionDriver) ValidateCreateLoadbalancerCertificateData(ctx c
 }
 
 func (self *SZStackRegionDriver) ValidateCreateEipData(ctx context.Context, userCred mcclient.TokenCredential, data *jsonutils.JSONDict) (*jsonutils.JSONDict, error) {
-	networkV := validators.NewModelIdOrNameValidator("network", "network", "")
+	networkV := validators.NewModelIdOrNameValidator("network", "network", nil)
 	err := networkV.Validate(data)
 	if err != nil {
 		return nil, err

pkg/logger/service/handlers.go

@@ -32,7 +32,7 @@ func initHandlers(app *appsrv.Application) {
 	}
 
 	for _, manager := range []db.IModelManager{
-		models.ActonLog,
+		models.ActionLog,
 	} {
 		db.RegisterModelManager(manager)
 		handler := db.NewModelHandler(manager)

pkg/mcclient/modules/mod_policies.go

@@ -16,8 +16,6 @@ package modules
 
 import (
 	"yunion.io/x/jsonutils"
-	"yunion.io/x/log"
-	"yunion.io/x/pkg/utils"
 
 	"yunion.io/x/onecloud/pkg/mcclient"
 	"yunion.io/x/onecloud/pkg/util/rbacutils"

pkg/util/rbacutils/rabc_test.go

@@ -19,7 +19,6 @@ import (
 
 	"yunion.io/x/jsonutils"
 
-	"yunion.io/x/onecloud/pkg/mcclient"
 	"yunion.io/x/pkg/util/netutils"
 )
 
@@ -293,16 +292,39 @@ func TestConditionParser(t *testing.T) {
 	t.Logf("%s", roles)
 }
 
+type sRbacIdentity struct {
+	DomainId string
+	Project string
+	Roles []string
+	Ip string
+}
+
+func (ri *sRbacIdentity) GetProjectDomainId() string {
+	return ri.DomainId
+}
+
+func (ri *sRbacIdentity) GetProjectName() string {
+	return ri.Project
+}
+
+func (ri *sRbacIdentity) GetRoles() []string {
+	return ri.Roles
+}
+
+func (ri *sRbacIdentity) GetLoginIp() string {
+	return ri.Ip
+}
+
 func TestSRbacPolicyMatch(t *testing.T) {
 	prefix, _ := netutils.NewIPV4Prefix("10.168.22.0/24")
 	cases := []struct {
 		policy   SRbacPolicy
-		userCred mcclient.TokenCredential
+		userCred IRbacIdentity
 		want     bool
 	}{
 		{
 			SRbacPolicy{},
-			&mcclient.SSimpleToken{},
+			&sRbacIdentity{},
 			true,
 		},
 		{
@@ -314,7 +336,7 @@ func TestSRbacPolicyMatch(t *testing.T) {
 			SRbacPolicy{
 				Projects: []string{"system"},
 			},
-			&mcclient.SSimpleToken{
+			&sRbacIdentity{
 				Project: "system",
 			},
 			true,
@@ -323,7 +345,7 @@ func TestSRbacPolicyMatch(t *testing.T) {
 			SRbacPolicy{
 				Projects: []string{"system"},
 			},
-			&mcclient.SSimpleToken{
+			&sRbacIdentity{
 				Project: "demo",
 			},
 			false,
@@ -333,9 +355,9 @@ func TestSRbacPolicyMatch(t *testing.T) {
 				Projects: []string{"system"},
 				Roles:    []string{"admin"},
 			},
-			&mcclient.SSimpleToken{
+			&sRbacIdentity{
 				Project: "system",
-				Roles:   "admin",
+				Roles:   []string{"admin"},
 			},
 			true,
 		},
@@ -344,9 +366,9 @@ func TestSRbacPolicyMatch(t *testing.T) {
 				Projects: []string{"system"},
 				Roles:    []string{"admin"},
 			},
-			&mcclient.SSimpleToken{
+			&sRbacIdentity{
 				Project: "system",
-				Roles:   "admin,_member_",
+				Roles:   []string{"admin", "_member_"},
 			},
 			true,
 		},
@@ -355,9 +377,9 @@ func TestSRbacPolicyMatch(t *testing.T) {
 				Projects: []string{"system"},
 				Roles:    []string{"admin"},
 			},
-			&mcclient.SSimpleToken{
+			&sRbacIdentity{
 				Project: "system",
-				Roles:   "_member_",
+				Roles:   []string{"_member_"},
 			},
 			false,
 		},
@@ -382,12 +404,10 @@ func TestSRbacPolicyMatch(t *testing.T) {
 				Roles:    []string{"admin"},
 				Ips:      []netutils.IPV4Prefix{prefix},
 			},
-			&mcclient.SSimpleToken{
+			&sRbacIdentity{
 				Project: "system",
-				Roles:   "admin",
-				Context: mcclient.SAuthContext{
-					Ip: "10.0.0.23",
-				},
+				Roles:   []string{"admin"},
+				Ip: "10.0.0.23",
 			},
 			false,
 		},
@@ -397,12 +417,10 @@ func TestSRbacPolicyMatch(t *testing.T) {
 				Roles:    []string{"admin"},
 				Ips:      []netutils.IPV4Prefix{prefix},
 			},
-			&mcclient.SSimpleToken{
+			&sRbacIdentity{
 				Project: "system",
-				Roles:   "admin",
-				Context: mcclient.SAuthContext{
-					Ip: "10.168.22.23",
-				},
+				Roles:   []string{"admin"},
+				Ip: "10.168.22.23",
 			},
 			true,
 		},
@@ -412,12 +430,10 @@ func TestSRbacPolicyMatch(t *testing.T) {
 				Roles:    []string{"admin"},
 				Ips:      []netutils.IPV4Prefix{prefix},
 			},
-			&mcclient.SSimpleToken{
+			&sRbacIdentity{
 				Project: "system",
-				Roles:   "_member_",
-				Context: mcclient.SAuthContext{
-					Ip: "10.168.22.23",
-				},
+				Roles:   []string{"_member_"},
+				Ip: "10.168.22.23",
 			},
 			false,
 		},
@@ -426,12 +442,10 @@ func TestSRbacPolicyMatch(t *testing.T) {
 				Roles: []string{"admin"},
 				Ips:   []netutils.IPV4Prefix{prefix},
 			},
-			&mcclient.SSimpleToken{
+			&sRbacIdentity{
 				Project: "system",
-				Roles:   "_member_,admin",
-				Context: mcclient.SAuthContext{
-					Ip: "10.168.22.23",
-				},
+				Roles:   []string{"_member_", "admin"},
+				Ip: "10.168.22.23",
 			},
 			true,
 		},
@@ -441,12 +455,10 @@ func TestSRbacPolicyMatch(t *testing.T) {
 				Roles:    []string{"admin", "_member_"},
 				Ips:      []netutils.IPV4Prefix{prefix},
 			},
-			&mcclient.SSimpleToken{
+			&sRbacIdentity{
 				Project: "system",
-				Roles:   "_member_,projectowner",
-				Context: mcclient.SAuthContext{
-					Ip: "10.168.22.23",
-				},
+				Roles:   []string{"_member_", "projectowner"},
+				Ip: "10.168.22.23",
 			},
 			true,
 		},

pkg/yunionconf/models/parameters.go

@@ -31,6 +31,7 @@ import (
 	"yunion.io/x/onecloud/pkg/cloudcommon/policy"
 	"yunion.io/x/onecloud/pkg/httperrors"
 	"yunion.io/x/onecloud/pkg/mcclient"
+	"yunion.io/x/onecloud/pkg/util/rbacutils"
 )
 
 const (
@@ -140,7 +141,7 @@ func getNamespaceInContext(userCred mcclient.TokenCredential, query jsonutils.JS
 
 func getNamespace(userCred mcclient.TokenCredential, resource string, query jsonutils.JSONObject, data *jsonutils.JSONDict) (string, string, error) {
 	var namespace, namespace_id string
-	if userCred.IsAdminAllow(consts.GetServiceType(), resource, policy.PolicyActionList) {
+	if userCred.IsAllow(rbacutils.ScopeSystem, consts.GetServiceType(), resource, policy.PolicyActionList) {
 		if name, nameId, e := getNamespaceInContext(userCred, query, data); e != nil {
 			return "", "", e
 		} else {

pkg/yunionconf/service/service.go

@@ -23,7 +23,6 @@ import (
 
 	"yunion.io/x/onecloud/pkg/cloudcommon"
 	app_common "yunion.io/x/onecloud/pkg/cloudcommon/app"
-	"yunion.io/x/onecloud/pkg/cloudcommon/consts"
 	"yunion.io/x/onecloud/pkg/cloudcommon/db"
 	common_options "yunion.io/x/onecloud/pkg/cloudcommon/options"
 	"yunion.io/x/onecloud/pkg/yunionconf"
@@ -42,10 +41,6 @@ func StartService() {
 		log.Infof("Auth complete!!")
 	})
 
-	if opts.GlobalVirtualResourceNamespace {
-		consts.EnableGlobalVirtualResourceNamespace()
-	}
-
 	cloudcommon.InitDB(dbOpts)
 
 	app := app_common.InitApp(baseOpts, true)