fix: perform private on vpc will private all wires if no networks in …

…wires
yunionio · Jul 7, 2020 · 2286ef1 · 2286ef1
1 parent adc50ec
commit 2286ef1
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 1 deletion.
diff --git a/pkg/compute/models/networks.go b/pkg/compute/models/networks.go
@@ -1630,7 +1630,8 @@ func (self *SNetwork) IsManaged() bool {
 func (self *SNetwork) CustomizeCreate(ctx context.Context, userCred mcclient.TokenCredential, ownerId mcclient.IIdentityProvider, query jsonutils.JSONObject, data jsonutils.JSONObject) error {
 	if !data.Contains("public_scope") {
 		if self.ServerType == api.NETWORK_TYPE_GUEST && !self.IsManaged() {
-			if db.IsAdminAllowPerform(userCred, self, "public") && ownerId.GetProjectDomainId() == userCred.GetProjectDomainId() {
+			wire := self.GetWire()
+			if db.IsAdminAllowPerform(userCred, self, "public") && ownerId.GetProjectDomainId() == userCred.GetProjectDomainId() && wire != nil && wire.IsPublic && wire.PublicScope == string(rbacutils.ScopeSystem) {
 				self.SetShare(rbacutils.ScopeSystem)
 			} else if db.IsDomainAllowPerform(userCred, self, "public") && ownerId.GetProjectId() == userCred.GetProjectId() && consts.GetNonDefaultDomainProjects() {
 				// only if non_default_domain_projects turned on, share to domain

diff --git a/pkg/compute/models/vpcs.go b/pkg/compute/models/vpcs.go
@@ -30,6 +30,7 @@ import (
 
 	"yunion.io/x/onecloud/pkg/apis"
 	api "yunion.io/x/onecloud/pkg/apis/compute"
+	"yunion.io/x/onecloud/pkg/cloudcommon/consts"
 	"yunion.io/x/onecloud/pkg/cloudcommon/db"
 	"yunion.io/x/onecloud/pkg/cloudcommon/db/lockman"
 	"yunion.io/x/onecloud/pkg/cloudcommon/db/quotas"
@@ -1194,3 +1195,76 @@ func (manager *SVpcManager) ListItemExportKeys(ctx context.Context,
 
 	return q, nil
 }
+
+func (vpc *SVpc) PerformPublic(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, input apis.PerformPublicDomainInput) (jsonutils.JSONObject, error) {
+	_, err := vpc.SEnabledStatusInfrasResourceBase.PerformPublic(ctx, userCred, query, input)
+	if err != nil {
+		return nil, errors.Wrap(err, "SEnabledStatusInfrasResourceBase.PerformPublic")
+	}
+	// perform public for all emulated wires
+	wires := vpc.GetWires()
+	for i := range wires {
+		if wires[i].IsEmulated {
+			_, err := wires[i].PerformPublic(ctx, userCred, query, input)
+			if err != nil {
+				return nil, errors.Wrap(err, "wire.PerformPublic")
+			}
+		}
+	}
+	return nil, nil
+}
+
+func (vpc *SVpc) PerformPrivate(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, input apis.PerformPrivateInput) (jsonutils.JSONObject, error) {
+	// perform private for all emulated wires
+	emptyNets := true
+	wires := vpc.GetWires()
+	for i := range wires {
+		if wires[i].DomainId == vpc.DomainId {
+			nets, _ := wires[i].getNetworks(nil, rbacutils.ScopeNone)
+			for j := range nets {
+				if nets[j].DomainId != vpc.DomainId {
+					emptyNets = false
+					break
+				}
+			}
+			if !emptyNets {
+				break
+			}
+		} else {
+			emptyNets = false
+			break
+		}
+	}
+	if emptyNets {
+		for i := range wires {
+			nets, _ := wires[i].getNetworks(nil, rbacutils.ScopeNone)
+			netfail := false
+			for j := range nets {
+				if nets[j].IsPublic && nets[j].GetPublicScope().HigherEqual(rbacutils.ScopeDomain) {
+					var err error
+					if consts.GetNonDefaultDomainProjects() {
+						netinput := apis.PerformPublicProjectInput{}
+						netinput.Scope = string(rbacutils.ScopeDomain)
+						_, err = nets[j].PerformPublic(ctx, userCred, nil, netinput)
+					} else {
+						_, err = nets[j].PerformPrivate(ctx, userCred, nil, input)
+					}
+					if err != nil {
+						log.Errorf("nets[j].PerformPublic fail %s", err)
+						netfail = true
+						break
+					}
+				}
+			}
+			if netfail {
+				break
+			}
+			_, err := wires[i].PerformPrivate(ctx, userCred, query, input)
+			if err != nil {
+				log.Errorf("wires[i].PerformPrivate fail %s", err)
+				break
+			}
+		}
+	}
+	return vpc.SEnabledStatusInfrasResourceBase.PerformPrivate(ctx, userCred, query, input)
+}
diff --git a/pkg/compute/models/wires.go b/pkg/compute/models/wires.go
@@ -1010,6 +1010,15 @@ func (self *SWire) IsManaged() bool {
 }
 
 func (model *SWire) CustomizeCreate(ctx context.Context, userCred mcclient.TokenCredential, ownerId mcclient.IIdentityProvider, query jsonutils.JSONObject, data jsonutils.JSONObject) error {
+	if !data.Contains("public_scope") {
+		vpc := model.GetVpc()
+		if !model.IsManaged() && db.IsAdminAllowPerform(userCred, model, "public") && ownerId.GetProjectDomainId() == userCred.GetProjectDomainId() && vpc != nil && vpc.IsPublic && vpc.PublicScope == string(rbacutils.ScopeSystem) {
+			model.SetShare(rbacutils.ScopeSystem)
+		} else {
+			model.SetShare(rbacutils.ScopeNone)
+		}
+		data.(*jsonutils.JSONDict).Set("public_scope", jsonutils.NewString(model.PublicScope))
+	}
 	return model.SInfrasResourceBase.CustomizeCreate(ctx, userCred, ownerId, query, data)
 }