CLOUDSTACK-10044: Update role permission

[nvazquez]

JIRA TICKET: https://issues.apache.org/jira/browse/CLOUDSTACK-10044

Introduction

This feature allows to change permission for existing role permissions, as those were static and could not be changed once created. It also provides the ability to change these permissions in the UI using a drop down menu for each permission rule, in which admin can select ‘Allow’ or ‘Deny’ permission.

Changes in the API:

This feature modifies behaviour of updateRolePermission API method:

• New optional parameters ‘ruleid’ and ‘permission’ are introduced, they are mutual exclusive to ‘ruleorder’ parameter. This defines two use cases:
  • Update role permission: ‘ruleid’ and ‘permission’ parameters needed
  • Update rules order: ‘ruleorder’ parameter needed
• Parameter ‘ruleorder’ is now optional
• updateRolePermission providing ‘ruleorder’ parameter should be sent via POST

Changes in the UI:

Drop down menu added for role rule-permissions as seen in attached picture

[borisstoyanov]

Thanks @nvazquez
@blueorangutan package

[blueorangutan]

@borisstoyanov a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

[nvazquez]

@blueorangutan hi

[blueorangutan]

hello @nvazquez

[nvazquez]

@blueorangutan help

[blueorangutan]

@nvazquez I understand these words: "help", "hello", "thanks", "package", "test"
Test command usage: test [mgmt os] [hypervisor] [additional tests]
Mgmt OS options: ['centos6', 'centos7', 'ubuntu']
Hypervisor options: ['kvm-centos6', 'kvm-centos7', 'kvm-ubuntu', 'xenserver-65sp1', 'xenserver-62sp1', 'vmware-60u2', 'vmware-55u3', 'vmware-51u1', 'vmware-50u1']
Additional tests: list of comma separated tests with paths relative to the test/integration directory, for example: component/test_acl_listvm.py, component/test_volumes.py
Note: when additional tests are passed, you need to specify mgmt server os and hypervisor or use the matrix command.

Blessed contributors for kicking Trillian test jobs: ['rhtyd', 'nvazquez', 'PaulAngus', 'borisstoyanov', 'DaanHoogland']

[rohityadavcloud]

LGTM overall. Good work @nvazquez and @borisstoyanov - I've left few minor improvement suggestions.

Explicit trillian tests are not necessary as this is purely business layer changes, Travis should be able to verify that. However, let's run a single round if slots are available.

[rohityadavcloud]

@nvazquez This is a new arg, can you add a since field to say '4.11'?

[rohityadavcloud]

@nvazquez please add a since to 4.11 here as well

[blueorangutan]

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-946

[nvazquez]

Pushed changes @rhtyd. Thanks @borisstoyanov and @rhtyd.

[nvazquez]

@blueorangutan package

[blueorangutan]

@nvazquez a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-948

[borisstoyanov]

@blueorangutan test

[blueorangutan]

@borisstoyanov a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[blueorangutan]

Trillian test result (tid-1354)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 38032 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2236-t1354-kvm-centos7.zip
Intermitten failure detected: /marvin/tests/smoke/test_internal_lb.py
Intermitten failure detected: /marvin/tests/smoke/test_network.py
Intermitten failure detected: /marvin/tests/smoke/test_nic.py
Intermitten failure detected: /marvin/tests/smoke/test_privategw_acl.py
Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py
Intermitten failure detected: /marvin/tests/smoke/test_vpc_router_nics.py
Intermitten failure detected: /marvin/tests/smoke/test_vpc_vpn.py
Test completed. 50 look OK, 7 have error(s)

Test	Result	Time (s)	Test File
test_01_vpc_remote_access_vpn	Failure	60.69	test_vpc_vpn.py
test_01_VPC_nics_after_destroy	Failure	343.77	test_vpc_router_nics.py
test_05_rvpc_multi_tiers	Failure	180.28	test_vpc_redundant.py
test_04_rvpc_privategw_static_routes	Failure	349.72	test_privategw_acl.py
test_03_vpc_privategw_restart_vpc_cleanup	Error	298.33	test_privategw_acl.py
test_01_nic	Error	141.63	test_nic.py
test_reboot_router	Error	312.09	test_network.py
test_02_internallb_roundrobin_1RVPC_3VM_HTTP_port80	Error	526.05	test_internal_lb.py
test_change_service_offering_for_vm_with_snapshots	Skipped	0.00	test_vm_snapshots.py
test_09_copy_delete_template	Skipped	0.01	test_templates.py
test_06_copy_template	Skipped	0.00	test_templates.py
test_static_role_account_acls	Skipped	0.02	test_staticroles.py
test_11_ss_nfs_version_on_ssvm	Skipped	0.02	test_ssvm.py
test_01_scale_vm	Skipped	0.00	test_scale_vm.py
test_01_primary_storage_iscsi	Skipped	0.03	test_primary_storage.py
test_vm_nic_adapter_vmxnet3	Skipped	0.00	test_nic_adapter_type.py
test_nested_virtualization_vmware	Skipped	0.00	test_nested_virtualization.py
test_06_copy_iso	Skipped	0.00	test_iso.py
test_deploy_vgpu_enabled_vm	Skipped	0.04	test_deploy_vgpu_enabled_vm.py
test_3d_gpu_support	Skipped	0.04	test_deploy_vgpu_enabled_vm.py

[rohityadavcloud]

The test failures are unrelated to this PR and will be fixed/debugged next week after 4.9 freeze.
LGTM, I'll merge this now.

[borisstoyanov]

LGTM based on test results, code review and manual verification