cloudstack
cloudstack copied to clipboard
apache
Fix migrate volume permissions
Description
This PR aims to correct the migrateVolume API permissions for the default users role. While the ACS UI currently only allows users with the roleType admin to perform volume migration, all default non-read-only roles have permission to use the migrateVolume API. However, this permission does not make sense for a common user, not even via API; to properly use migrateVolume it`s necessary to have knowledge about the cloud structure. Therefore, a common user should not be allowed by default to this API method.
We are not saying that somebody cannot create a custom role allowing such a process; however, we should not provide such a scenario by default, as it might lead to some unexpected behaviors and/or misuses of the cloud environment.
Types of changes
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [ ] New feature (non-breaking change which adds functionality)
- [X] Bug fix (non-breaking change which fixes an issue)
- [ ] Enhancement (improves an existing feature and functionality)
- [x] Cleanup (Code refactoring and cleanup, that may add test cases)
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
- [ ] Major
- [X] Minor
Bug Severity
- [ ] BLOCKER
- [ ] Critical
- [ ] Major
- [X] Minor
- [ ] Trivial
Screenshots (if appropriate):
How Has This Been Tested?
The sql script was tested in a test db.
@acs-robot a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.
UI build: :heavy_check_mark: Live QA URL: http://qa.cloudstack.cloud:8080/client/pr/6224 (SL-JID-1460)
PR Coverage Report
| CLASS | INSTRUCTION MISSED | INSTRUCTION COVERED | BRANCH MISSED | BRANCH COVERED | LINE MISSED | LINE COVERED |
|---|---|---|---|---|---|---|
| Network | 554 | 0 | 42 | 0 | 107 | 0 |
| Volume | 109 | 0 | 2 | 0 | 44 | 0 |
| VirtualMachineGuru | 78 | 0 | 4 | 0 | 15 | 0 |
| NetworkOrchestrationService | 0 | 101 | 0 | 0 | 0 | 10 |
| StorageManager | 0 | 211 | 0 | 0 | 0 | 18 |
| AgentAttache | 1042 | 0 | 124 | 0 | 219 | 0 |
| ClusteredAgentManagerImpl | 2361 | 0 | 242 | 0 | 536 | 0 |
| ConnectedAgentAttache | 149 | 0 | 20 | 0 | 40 | 0 |
| VirtualMachineManagerImpl | 15659 | 0 | 1500 | 0 | 3079 | 0 |
| NetworkOrchestrator | 9806 | 0 | 1206 | 0 | 1928 | 0 |
| VolumeOrchestrator | 5170 | 0 | 560 | 0 | 977 | 0 |
| DataCenterVnetVO | 58 | 0 | 0 | 0 | 24 | 0 |
| VlanVO | 186 | 0 | 2 | 0 | 72 | 0 |
| HostDaoImpl | 4983 | 0 | 180 | 0 | 803 | 0 |
| AccountGuestVlanMapVO | 46 | 0 | 0 | 0 | 19 | 0 |
| NetworkDaoImpl | 3307 | 0 | 116 | 0 | 467 | 0 |
| NetworkOfferingVO | 414 | 31 | 0 | 0 | 126 | 12 |
| SnapshotVO | 172 | 58 | 12 | 0 | 48 | 20 |
| VolumeVO | 529 | 133 | 4 | 0 | 179 | 39 |
| SnapshotDaoImpl | 768 | 0 | 8 | 0 | 128 | 0 |
| DatabaseUpgradeChecker | 411 | 468 | 25 | 7 | 103 | 94 |
| SystemVmTemplateRegistration | 1773 | 0 | 86 | 0 | 376 | 0 |
| Upgrade41520to41600 | 262 | 17 | 16 | 0 | 62 | 5 |
| Upgrade41610to41700 | 159 | 7 | 6 | 0 | 43 | 2 |
| Upgrade41700to41800 | 58 | 3 | 4 | 0 | 14 | 1 |
| DomainRouterVO | 116 | 50 | 0 | 0 | 41 | 14 |
| ConsoleProxyDaoImpl | 635 | 0 | 20 | 0 | 144 | 0 |
| DomainRouterDaoImpl | 1600 | 0 | 22 | 0 | 228 | 0 |
| DirectDownloadCertificateHostMapDaoImpl | 121 | 0 | 0 | 0 | 18 | 0 |
| DirectDownloadCertificateHostMapVO | 54 | 0 | 4 | 0 | 19 | 0 |
| AncientDataMotionStrategy | 1458 | 52 | 170 | 4 | 338 | 10 |
| DefaultSnapshotStrategy | 758 | 220 | 100 | 10 | 164 | 37 |
| SnapshotDataFactoryImpl | 152 | 58 | 15 | 5 | 37 | 13 |
| SnapshotObject | 748 | 30 | 64 | 0 | 151 | 11 |
| DefaultVMSnapshotStrategy | 486 | 677 | 52 | 30 | 100 | 140 |
| ScaleIOVMSnapshotStrategy | 1063 | 4 | 80 | 0 | 224 | 1 |
| StorageStrategyFactoryImpl | 37 | 77 | 1 | 5 | 8 | 18 |
| SnapshotDataStoreDaoImpl | 1683 | 60 | 44 | 2 | 292 | 13 |
| DefaultHostListener | 537 | 0 | 40 | 0 | 101 | 0 |
| VolumeObject | 773 | 665 | 77 | 39 | 178 | 117 |
| CloudStackContextLoaderListener | 77 | 0 | 2 | 0 | 21 | 0 |
| LibvirtComputingResource | 8888 | 1988 | 1087 | 147 | 1983 | 451 |
| LibvirtVMDef | 37 | 114 | 6 | 4 | 11 | 36 |
| LibvirtRevertSnapshotCommandWrapper | 387 | 130 | 20 | 0 | 69 | 16 |
| LibvirtStartCommandWrapper | 75 | 295 | 16 | 22 | 15 | 72 |
| LibvirtUtilitiesHelper | 115 | 58 | 4 | 2 | 27 | 8 |
| IscsiAdmStorageAdaptor | 981 | 0 | 52 | 0 | 178 | 0 |
| IscsiAdmStoragePool | 129 | 0 | 0 | 0 | 32 | 0 |
| KVMStoragePoolManager | 926 | 4 | 76 | 0 | 192 | 1 |
| KVMStorageProcessor | 5992 | 498 | 448 | 22 | 1239 | 71 |
| LibvirtStorageAdaptor | 3376 | 19 | 257 | 0 | 797 | 2 |
| LibvirtStoragePool | 239 | 89 | 15 | 9 | 64 | 29 |
| LinstorStorageAdaptor | 1076 | 0 | 50 | 0 | 246 | 0 |
| ManagedNfsStorageAdaptor | 446 | 0 | 20 | 0 | 125 | 0 |
| ScaleIOStorageAdaptor | 684 | 121 | 75 | 13 | 152 | 31 |
| QemuImg | 674 | 0 | 64 | 0 | 160 | 0 |
| MockVmManagerImpl | 1495 | 0 | 90 | 0 | 338 | 0 |
| VmwareManagerImpl | 2613 | 528 | 296 | 38 | 615 | 117 |
| VmwareResource | 20395 | 0 | 2274 | 0 | 4397 | 0 |
| VmwareStorageProcessor | 9892 | 9 | 940 | 0 | 2122 | 2 |
| CitrixResourceBase | 14658 | 557 | 1456 | 34 | 3169 | 122 |
| CitrixCheckSshCommandWrapper | 15 | 51 | 3 | 3 | 3 | 14 |
| CitrixNetworkElementCommandWrapper | 0 | 14 | 0 | 0 | 0 | 4 |
| CitrixRebootRouterCommandWrapper | 28 | 25 | 3 | 1 | 5 | 7 |
| CitrixStartCommandWrapper | 690 | 62 | 81 | 1 | 116 | 16 |
| KubernetesClusterManagerImpl | 4724 | 0 | 480 | 0 | 760 | 0 |
| KubernetesClusterActionWorker | 1540 | 0 | 114 | 0 | 281 | 0 |
| KubernetesClusterResourceModifierActionWorker | 1843 | 0 | 140 | 0 | 325 | 0 |
| ListVMsMetricsCmd | 39 | 0 | 0 | 0 | 10 | 0 |
| MetricsServiceImpl | 2130 | 0 | 134 | 0 | 446 | 0 |
| ClusterMetricsResponse | 523 | 0 | 132 | 0 | 60 | 0 |
| VmMetricsResponse | 142 | 0 | 22 | 0 | 25 | 0 |
| VolumeMetricsResponse | 69 | 0 | 8 | 0 | 10 | 0 |
| ZoneMetricsResponse | 501 | 0 | 126 | 0 | 56 | 0 |
| NetScalerControlCenterResource | 1943 | 0 | 144 | 0 | 468 | 0 |
| NetscalerResource | 6882 | 0 | 806 | 0 | 1623 | 0 |
| ElastistorHostListener | 150 | 0 | 14 | 0 | 30 | 0 |
| DateraPrimaryDataStoreDriver | 3195 | 0 | 283 | 0 | 748 | 0 |
| DateraHostListener | 635 | 0 | 74 | 0 | 136 | 0 |
| CloudStackPrimaryDataStoreDriverImpl | 903 | 0 | 114 | 0 | 229 | 0 |
| LinstorPrimaryDataStoreDriverImpl | 1442 | 0 | 91 | 0 | 348 | 0 |
| ScaleIOPrimaryDataStoreDriver | 2537 | 0 | 246 | 0 | 537 | 0 |
| ScaleIOHostListener | 196 | 0 | 14 | 0 | 43 | 0 |
| SolidFirePrimaryDataStoreDriver | 3347 | 0 | 284 | 0 | 697 | 0 |
| SolidFireHostListener | 545 | 0 | 60 | 0 | 112 | 0 |
| SolidFireSharedHostListener | 407 | 0 | 30 | 0 | 82 | 0 |
| SAMLUtils | 202 | 465 | 41 | 11 | 53 | 108 |
| DomainChecker | 1206 | 0 | 300 | 0 | 238 | 0 |
| ApiDBUtils | 2374 | 0 | 210 | 0 | 592 | 0 |
| ApiResponseHelper | 12147 | 0 | 1276 | 0 | 2779 | 0 |
| ApiServer | 2863 | 112 | 346 | 0 | 672 | 14 |
| ResponseObjectTypeAdapter | 161 | 8 | 14 | 0 | 37 | 2 |
| ParamProcessWorker | 1050 | 0 | 155 | 0 | 241 | 0 |
| QueryManagerImpl | 14257 | 0 | 1248 | 0 | 2409 | 0 |
| ViewResponseHelper | 1662 | 0 | 150 | 0 | 305 | 0 |
| DomainRouterJoinDaoImpl | 801 | 0 | 80 | 0 | 195 | 0 |
| UserVmJoinDaoImpl | 1531 | 0 | 184 | 0 | 328 | 0 |
| VolumeJoinDaoImpl | 770 | 0 | 94 | 0 | 171 | 0 |
| DomainRouterJoinVO | 237 | 0 | 0 | 0 | 80 | 0 |
| VolumeJoinVO | 267 | 0 | 0 | 0 | 93 | 0 |
| Config | 152 | 5162 | 30 | 6 | 42 | 342 |
| ConfigurationManagerImpl | 18104 | 0 | 3032 | 0 | 3570 | 0 |
| ConsoleProxyManagerImpl | 3717 | 0 | 423 | 0 | 726 | 0 |
| LibvirtServerDiscoverer | 994 | 0 | 116 | 0 | 218 | 0 |
| IpAddressManagerImpl | 4045 | 0 | 461 | 0 | 806 | 0 |
| NetworkModelImpl | 6182 | 0 | 838 | 0 | 1300 | 0 |
| NetworkServiceImpl | 13383 | 0 | 1864 | 0 | 2551 | 0 |
| ConfigDriveNetworkElement | 1466 | 0 | 173 | 0 | 306 | 0 |
| GuestNetworkGuru | 622 | 298 | 98 | 34 | 124 | 64 |
| PrivateNetworkGuru | 394 | 0 | 46 | 0 | 88 | 0 |
| LoadBalancingRulesManagerImpl | 6024 | 0 | 666 | 0 | 1254 | 0 |
| NetworkHelperImpl | 2080 | 0 | 276 | 0 | 443 | 0 |
| VirtualNetworkApplianceManagerImpl | 7585 | 0 | 780 | 0 | 1521 | 0 |
| RulesManagerImpl | 4074 | 0 | 492 | 0 | 790 | 0 |
| NetworkACLServiceImpl | 2698 | 0 | 302 | 0 | 520 | 0 |
| VpcManagerImpl | 6883 | 0 | 762 | 0 | 1314 | 0 |
| ResourceManagerImpl | 8512 | 0 | 982 | 0 | 1658 | 0 |
| ConfigurationServerImpl | 2061 | 0 | 176 | 0 | 495 | 0 |
| ManagementServerImpl | 12159 | 0 | 1076 | 0 | 2428 | 0 |
| StatsCollector | 2178 | 0 | 124 | 0 | 359 | 0 |
| StorageManagerImpl | 8580 | 0 | 976 | 0 | 1710 | 0 |
| VolumeApiServiceImpl | 10873 | 0 | 1502 | 0 | 2041 | 0 |
| SnapshotManager | 107 | 0 | 0 | 0 | 9 | 0 |
| SnapshotManagerImpl | 4186 | 0 | 410 | 0 | 751 | 0 |
| TaggedResourceManagerImpl | 473 | 0 | 58 | 0 | 96 | 0 |
| TemplateManagerImpl | 4996 | 0 | 696 | 0 | 1042 | 0 |
| AccountManagerImpl | 6446 | 0 | 906 | 0 | 1351 | 0 |
| UserVmManagerImpl | 20798 | 0 | 2566 | 0 | 3869 | 0 |
| VMSnapshotManagerImpl | 3135 | 0 | 292 | 0 | 623 | 0 |
| CAManagerImpl | 633 | 0 | 80 | 0 | 129 | 0 |
| DirectDownloadManagerImpl | 1679 | 0 | 186 | 0 | 361 | 0 |
| UnmanagedVMsManagerImpl | 4881 | 0 | 542 | 0 | 800 | 0 |
| MockNetworkManagerImpl | 485 | 0 | 22 | 0 | 83 | 0 |
| PremiumSecondaryStorageManagerImpl | 775 | 0 | 64 | 0 | 116 | 0 |
| SecondaryStorageManagerImpl | 3544 | 149 | 343 | 11 | 629 | 32 |
| VirtualMachineMO | 8953 | 135 | 1063 | 17 | 1982 | 31 |
This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@acs-robot a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.
UI build: :heavy_check_mark: Live QA URL: http://qa.cloudstack.cloud:8080/client/pr/6224 (SL-JID-1695)
This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.
@acs-robot a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.
UI build: :heavy_check_mark: Live QA URL: http://qa.cloudstack.cloud:8080/client/pr/6224 (SL-JID-2087)
Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
No Duplication information
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.
@acs-robot a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.
UI build: :heavy_check_mark: Live QA URL: http://qa.cloudstack.cloud:8080/client/pr/6224 (SL-JID-2321)
This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.
@acs-robot a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.
UI build: :heavy_check_mark: Live QA URL: http://qa.cloudstack.cloud:8080/client/pr/6224 (SL-JID-2339)
Codecov Report
Merging #6224 (4d934ce) into main (68c09f9) will decrease coverage by
0.00%. The diff coverage isn/a.
@@ Coverage Diff @@
## main #6224 +/- ##
============================================
- Coverage 10.41% 10.41% -0.01%
+ Complexity 6685 6684 -1
============================================
Files 2454 2454
Lines 242975 242975
Branches 38036 38036
============================================
- Hits 25305 25303 -2
- Misses 214508 214511 +3
+ Partials 3162 3161 -1
| Impacted Files | Coverage Δ | |
|---|---|---|
| ...apache/cloudstack/alert/snmp/SnmpTrapAppender.java | 58.94% <0.00%> (-2.11%) |
:arrow_down: |
:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
@DaanHoogland a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
Packaging result: :heavy_check_mark: el7 :heavy_multiplication_x: el8 :heavy_check_mark: debian :heavy_multiplication_x: suse15. SL-JID 4264
@DaanHoogland a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests