-
Notifications
You must be signed in to change notification settings - Fork 95
Create volume on default datastore if default_ds is set for _DEFAULT tenant #1095
Conversation
0c9e3ba
to
a65fb75
Compare
Per offline discussion with Mark and Sam, I reverted the change in _tenant_access_add. |
Run the following test manually. step1: Add a privilege for _DEFAULT vm-group with "--default-datastore" flag specified to set the default datastore of _DEFAULT vm-group to "datastore2"
step2: check default_datastore of vm-group _DEFAULT
step3: create a volume with short name, make sure this volume is created on the default datastore "datastore2" instead of vm datastore "datastore1".
|
@msterin @shaominchen I have changed this PR per yesterday's offline discussion. Please review it, thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Your changes looks OK to me. Can you please add some basic automated tests with your proposed code?
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this fixes the main issue - "when default_ds for named tenant is set, use it instead of VM DS", right ?
The code LGTM - please make sure CI passes before merge
esx_service/utils/auth_api.py
Outdated
""" | ||
Check if need update default_datastore for this tenant | ||
""" | ||
# In _tenant_access_add, we decide to automatically set the datastore for the first user added privilege |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please run this comment by someone in the office - the comment looks very confusing to me but maybe I am reading it wrong
esx_service/utils/auth_api.py
Outdated
@@ -654,6 +654,35 @@ def check_privilege_parameters(privilege): | |||
|
|||
return None | |||
|
|||
def need_update_default_ds(conn, tenant_id): | |||
""" | |||
Check if need update default_datastore for this tenant |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so what does it return ? Why a tuple ?
esx_service/utils/auth_api.py
Outdated
@@ -654,6 +654,35 @@ def check_privilege_parameters(privilege): | |||
|
|||
return None | |||
|
|||
def need_update_default_ds(conn, tenant_id): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the name is confusing. I can't suggest a better name because I don't understand what this is doing. Can you elaborate ?
|
||
# if default_datastore is not set for tenant, | ||
# default_datastore_url will be set to None | ||
error_info, default_datastore_url = auth_api.get_default_datastore_url(tenant_name) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please update the admin command line message on group creation to something like "vm-group xxx is created. Do not forget to vm-group vm add
and vm-group privilege add
to enable better access control"
(adjust to reflect the correct commands please)
@msterin @shuklanirdesh82 I have addressed your comments. Please review it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with 1 request to change the message text before merge
esx_service/cli/vmdkops_admin.py
Outdated
@@ -854,7 +854,8 @@ def tenant_create(args): | |||
if error_info: | |||
return operation_fail(error_info.msg) | |||
else: | |||
print("vm-group create succeeded") | |||
print("vm-group create succeeded. vm-group '{}' is created. Do not forget to run " | |||
"command 'vm-group vm add' and 'vm-group access add' to enable better access control.".format(args.name)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion:
"vm-group '{}' is created. Do not forget to run 'vm-group vm add' and 'vm-group access add' commands to enable access control.".format(args.name))
Fixed #1044
This PR includes the fix for: