cloudstack icon indicating copy to clipboard operation
cloudstack copied to clipboard

Published 20 hours ago verified publisher icon apache

Fix being able to expunge a VM through destroyVirtualMachine even when role rule does not allow

Open gpordeus opened this issue 1 year ago • 29 comments

Description

This PR adds a role access check to the expungeVirtualMachine command when calling destroyVirtualMachine with the expunge parameter.

Currently, if you are an admin (even if not Root), it bypasses the allow.user.expunge.recover.vm verification and you are always allowed to expunge when calling for destroyVirtualMachine.

The use case that called for this change was a need for a role of type domain admin to be unable to expunge VMs. It was then found that even with the DENY rule, the user could still expunge through destroyVirtualMachine (even on already destroyed VMs, with an API call) and the setting allow.user.expunge.recover.vm did nothing.

Types of changes

  • [ ] Breaking change (fix or feature that would cause existing functionality to change)
  • [ ] New feature (non-breaking change which adds functionality)
  • [X] Bug fix (non-breaking change which fixes an issue)
  • [ ] Enhancement (improves an existing feature and functionality)
  • [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
  • [ ] build/CI

Feature/Enhancement Scale or Bug Severity

Bug Severity

  • [ ] BLOCKER
  • [ ] Critical
  • [X] Major
  • [ ] Minor
  • [ ] Trivial

Screenshots (if appropriate):

How Has This Been Tested?

I created a role, based on the default Domain Admin, and changed the expungeVirtualMachine rule to DENY. I then created an account with said role.

I created two VMs and destroyed one of them, verifying that the expunge option did not show up on the GUI.

I then ran destroy virtualmachine on cloudmonkey with expunge = true on both VMs and both returned the error Account does not have permission for expunging. Calling the same command without the parameter destroyed the running VM successfully.

I repeated the tests with a role based on default User:

With allow.user.expunge.recover.vm = true, it behaved the same as the DomainAdmin-based one.

With allow.user.expunge.recover.vm = false, it did not allow the expunge action, no matter the role rules. Without the expunge parameter, the destroy action worked as expected.

gpordeus avatar Feb 21 '24 14:02 gpordeus

Codecov Report

Attention: Patch coverage is 50.00000% with 8 lines in your changes are missing coverage. Please review.

Project coverage is 23.13%. Comparing base (592038a) to head (007f1e1). Report is 81 commits behind head on main.

Files Patch % Lines
.../src/main/java/com/cloud/vm/UserVmManagerImpl.java 38.46% 4 Missing and 4 partials :warning:
Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #8689      +/-   ##
============================================
- Coverage     23.14%   23.13%   -0.02%     
- Complexity    23348    23485     +137     
============================================
  Files          5219     5234      +15     
  Lines        353412   355729    +2317     
  Branches      50883    51238     +355     
============================================
+ Hits          81805    82294     +489     
- Misses       259762   261540    +1778     
- Partials      11845    11895      +50
Flag Coverage Δ
simulator-marvin-tests 24.80% <50.00%> (-0.02%) :arrow_down:
uitests 4.34% <ø> (-0.03%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Feb 21 '24 14:02 codecov[bot]

@blueorangutan package

DaanHoogland avatar Feb 23 '24 08:02 DaanHoogland

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan avatar Feb 23 '24 08:02 blueorangutan

Packaging result [SF]: ✔️ el7 ✖️ el8 ✖️ el9 ✔️ debian ✖️ suse15. SL-JID 8745

blueorangutan avatar Feb 23 '24 09:02 blueorangutan

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 8755

blueorangutan avatar Feb 23 '24 12:02 blueorangutan

@gpordeus , this sounds like a good use case for an integration test. Will you consider that?

DaanHoogland avatar Feb 23 '24 12:02 DaanHoogland

@gpordeus , this sounds like a good use case for an integration test. Will you consider that?

Sure, on it.

gpordeus avatar Feb 23 '24 13:02 gpordeus

@blueorangutan package

weizhouapache avatar Feb 23 '24 21:02 weizhouapache

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan avatar Feb 23 '24 21:02 blueorangutan

Packaging result [SF]: ✖️ el7 ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 8764

blueorangutan avatar Feb 23 '24 21:02 blueorangutan

Packaging result [SF]: ✖️ el7 ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 8780

blueorangutan avatar Feb 26 '24 11:02 blueorangutan

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 8787

blueorangutan avatar Feb 26 '24 14:02 blueorangutan

@blueorangutan package

weizhouapache avatar Mar 07 '24 10:03 weizhouapache

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan avatar Mar 07 '24 10:03 blueorangutan

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 8874

blueorangutan avatar Mar 07 '24 11:03 blueorangutan

@blueorangutan test alma9 kvm-alma9

DaanHoogland avatar Mar 11 '24 15:03 DaanHoogland

@DaanHoogland a [SL] Trillian-Jenkins test job (alma9 mgmt + kvm-alma9) has been kicked to run smoke tests

blueorangutan avatar Mar 11 '24 15:03 blueorangutan

[SF] Trillian Build Failed (tid-9434)

blueorangutan avatar Mar 11 '24 15:03 blueorangutan

@DaanHoogland I've added the integration test.

gpordeus avatar Mar 12 '24 15:03 gpordeus

@blueorangutan package

DaanHoogland avatar Mar 29 '24 13:03 DaanHoogland

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan avatar Mar 29 '24 13:03 blueorangutan

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 9091

blueorangutan avatar Mar 29 '24 14:03 blueorangutan

@blueorangutan test alma9 kvm-alma9

DaanHoogland avatar Apr 02 '24 09:04 DaanHoogland

@DaanHoogland a [SL] Trillian-Jenkins test job (alma9 mgmt + kvm-alma9) has been kicked to run smoke tests

blueorangutan avatar Apr 02 '24 09:04 blueorangutan

[SF] Trillian test result (tid-9650) Environment: kvm-alma9 (x2), Advanced Networking with Mgmt server a9 Total time taken: 54702 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr8689-t9650-kvm-alma9.zip Smoke tests completed. 129 look OK, 0 have errors, 0 did not run Only failed and skipped tests results shown below:

Test Result Time (s) Test File

blueorangutan avatar Apr 03 '24 01:04 blueorangutan

@weizhouapache are all your concerns met?

DaanHoogland avatar Apr 23 '24 09:04 DaanHoogland

This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.

github-actions[bot] avatar May 07 '24 07:05 github-actions[bot]

Codecov Report

Attention: Patch coverage is 52.17391% with 11 lines in your changes missing coverage. Please review.

Project coverage is 15.32%. Comparing base (2542582) to head (bfbb0a5). Report is 252 commits behind head on main.

Files Patch % Lines
...c/main/java/com/cloud/user/AccountManagerImpl.java 0.00% 6 Missing :warning:
.../src/main/java/com/cloud/vm/UserVmManagerImpl.java 70.58% 5 Missing :warning:
Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #8689      +/-   ##
============================================
+ Coverage     15.28%   15.32%   +0.03%     
- Complexity    11545    11656     +111     
============================================
  Files          5424     5452      +28     
  Lines        474414   476544    +2130     
  Branches      60529    58001    -2528     
============================================
+ Hits          72531    73022     +491     
- Misses       393818   395454    +1636     
- Partials       8065     8068       +3
Flag Coverage Δ
uitests 4.20% <ø> (-0.04%) :arrow_down:
unittests 16.07% <52.17%> (+0.04%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov-commenter avatar May 07 '24 07:05 codecov-commenter

This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.

github-actions[bot] avatar May 08 '24 15:05 github-actions[bot]

@blueorangutan package

DaanHoogland avatar Jun 07 '24 07:06 DaanHoogland