Skip to content

Commit

Permalink
fix: network allocation according to sharing status
Browse files Browse the repository at this point in the history
  • Loading branch information
Qiu Jian committed Apr 25, 2020
1 parent 74eef22 commit 68c0377
Show file tree
Hide file tree
Showing 9 changed files with 59 additions and 39 deletions.
4 changes: 2 additions & 2 deletions pkg/compute/guestdrivers/baremetals.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,9 +193,9 @@ func (self *SBaremetalGuestDriver) Attach2RandomNetwork(guest *models.SGuest, ct
}
var net *models.SNetwork
if netConfig.Private {
net, _ = wire.GetCandidatePrivateNetwork(userCred, netConfig.Exit, netTypes)
net, _ = wire.GetCandidatePrivateNetwork(userCred, models.NetworkManager.AllowScope(userCred), netConfig.Exit, netTypes)
} else {
net, _ = wire.GetCandidatePublicNetwork(netConfig.Exit, netTypes)
net, _ = wire.GetCandidatePublicNetwork(userCred, models.NetworkManager.AllowScope(userCred), netConfig.Exit, netTypes)
}
if net != nil {
netsAvaiable = append(netsAvaiable, *net)
Expand Down
4 changes: 2 additions & 2 deletions pkg/compute/guestdrivers/virtualization.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,9 +121,9 @@ func (self *SVirtualizedGuestDriver) Attach2RandomNetwork(guest *models.SGuest,

var net *models.SNetwork
if netConfig.Private {
net, _ = wire.GetCandidatePrivateNetwork(userCred, netConfig.Exit, netTypes)
net, _ = wire.GetCandidatePrivateNetwork(userCred, models.NetworkManager.AllowScope(userCred), netConfig.Exit, netTypes)
} else {
net, _ = wire.GetCandidatePublicNetwork(netConfig.Exit, netTypes)
net, _ = wire.GetCandidatePublicNetwork(userCred, models.NetworkManager.AllowScope(userCred), netConfig.Exit, netTypes)
}
if net != nil {
netsAvaiable = append(netsAvaiable, *net)
Expand Down
6 changes: 3 additions & 3 deletions pkg/compute/models/guests.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2690,16 +2690,16 @@ func getCloudNicNetwork(vnic cloudprovider.ICloudNic, host *SHost, ipList []stri
vnet := vnic.GetINetwork()
if vnet == nil {
if vnic.InClassicNetwork() {
vpc, err := VpcManager.NewVpcForClassicNetwork(host)
vpc, err := VpcManager.GetOrCreateVpcForClassicNetwork(host)
if err != nil {
return nil, errors.Wrap(err, "NewVpcForClassicNetwork")
}
zone := host.GetZone()
wire, err := WireManager.NewWireForClassicNetwork(vpc, zone)
wire, err := WireManager.GetOrCreateWireForClassicNetwork(vpc, zone)
if err != nil {
return nil, errors.Wrap(err, "NewWireForClassicNetwork")
}
return NetworkManager.NewClassicNetwork(wire)
return NetworkManager.GetOrCreateClassicNetwork(wire)
}
ip := vnic.GetIP()
if len(ip) == 0 {
Expand Down
10 changes: 5 additions & 5 deletions pkg/compute/models/hosts.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2137,7 +2137,7 @@ func (self *SHost) SyncHostVMs(ctx context.Context, userCred mcclient.TokenCrede
func (self *SHost) getNetworkOfIPOnHost(ipAddr string) (*SNetwork, error) {
netInterfaces := self.GetNetInterfaces()
for _, netInterface := range netInterfaces {
network, err := netInterface.GetCandidateNetworkForIp(auth.AdminCredential(), ipAddr)
network, err := netInterface.GetCandidateNetworkForIp(nil, rbacutils.ScopeNone, ipAddr)
if err == nil && network != nil {
return network, nil
}
Expand Down Expand Up @@ -2989,7 +2989,7 @@ func (manager *SHostManager) ValidateCreateData(
wire := wireObj.(*SWire)
lockman.LockObject(ctx, wire)
defer lockman.ReleaseObject(ctx, wire)
net, err := wire.GetCandidatePrivateNetwork(userCred, false, []string{api.NETWORK_TYPE_PXE, api.NETWORK_TYPE_BAREMETAL, api.NETWORK_TYPE_GUEST})
net, err := wire.GetCandidatePrivateNetwork(userCred, NetworkManager.AllowScope(userCred), false, []string{api.NETWORK_TYPE_PXE, api.NETWORK_TYPE_BAREMETAL, api.NETWORK_TYPE_GUEST})
if err != nil {
return input, httperrors.NewGeneralError(err)
}
Expand Down Expand Up @@ -3699,7 +3699,7 @@ func (self *SHost) addNetif(ctx context.Context, userCred mcclient.TokenCredenti
return httperrors.NewInputParameterError("invalid ipaddr %s", ipAddr)
}
findAddr := false
swNets, err := sw.getNetworks()
swNets, err := sw.getNetworks(userCred, NetworkManager.AllowScope(userCred))
if err != nil {
return httperrors.NewInputParameterError("no networks on wire %s", wire)
}
Expand Down Expand Up @@ -3872,7 +3872,7 @@ func (self *SHost) EnableNetif(ctx context.Context, userCred mcclient.TokenCrede
var net *SNetwork
var err error
if len(ipAddr) > 0 {
net, err = netif.GetCandidateNetworkForIp(userCred, ipAddr)
net, err = netif.GetCandidateNetworkForIp(userCred, NetworkManager.AllowScope(userCred), ipAddr)
if net != nil {
log.Infof("find network %s for ip %s", net.GetName(), ipAddr)
} else if requireDesignatedIp {
Expand Down Expand Up @@ -3911,7 +3911,7 @@ func (self *SHost) EnableNetif(ctx context.Context, userCred mcclient.TokenCrede
} else {
netTypes = []string{api.NETWORK_TYPE_BAREMETAL}
}
net, err = wire.GetCandidatePrivateNetwork(userCred, false, netTypes)
net, err = wire.GetCandidatePrivateNetwork(userCred, NetworkManager.AllowScope(userCred), false, netTypes)
if err != nil {
return fmt.Errorf("fail to find network %s", err)
}
Expand Down
5 changes: 3 additions & 2 deletions pkg/compute/models/netinterfaces.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
api "yunion.io/x/onecloud/pkg/apis/compute"
"yunion.io/x/onecloud/pkg/cloudcommon/db"
"yunion.io/x/onecloud/pkg/mcclient"
"yunion.io/x/onecloud/pkg/util/rbacutils"
)

type SNetInterface struct {
Expand Down Expand Up @@ -265,12 +266,12 @@ func (self *SNetInterface) Remove(ctx context.Context, userCred mcclient.TokenCr
return err
}

func (self *SNetInterface) GetCandidateNetworkForIp(userCred mcclient.TokenCredential, ipAddr string) (*SNetwork, error) {
func (self *SNetInterface) GetCandidateNetworkForIp(ownerId mcclient.IIdentityProvider, scope rbacutils.TRbacScope, ipAddr string) (*SNetwork, error) {
wire := self.GetWire()
if wire == nil {
return nil, nil
}
return wire.GetCandidateNetworkForIp(userCred, ipAddr)
return wire.GetCandidateNetworkForIp(ownerId, scope, ipAddr)
}

func (self *SNetInterface) IsUsableServernic() bool {
Expand Down
18 changes: 16 additions & 2 deletions pkg/compute/models/networks.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,11 @@ import (

"yunion.io/x/onecloud/pkg/apis"
api "yunion.io/x/onecloud/pkg/apis/compute"
"yunion.io/x/onecloud/pkg/cloudcommon/consts"
"yunion.io/x/onecloud/pkg/cloudcommon/db"
"yunion.io/x/onecloud/pkg/cloudcommon/db/lockman"
"yunion.io/x/onecloud/pkg/cloudcommon/db/taskman"
"yunion.io/x/onecloud/pkg/cloudcommon/policy"
"yunion.io/x/onecloud/pkg/cloudprovider"
"yunion.io/x/onecloud/pkg/compute/options"
"yunion.io/x/onecloud/pkg/httperrors"
Expand Down Expand Up @@ -310,7 +312,7 @@ func (self *SNetwork) GetNetworkInterfacesCount() (int, error) {
return NetworkInterfaceManager.Query().In("id", sq).CountWithError()
}

func (manager *SNetworkManager) NewClassicNetwork(wire *SWire) (*SNetwork, error) {
func (manager *SNetworkManager) GetOrCreateClassicNetwork(wire *SWire) (*SNetwork, error) {
_network, err := db.FetchByExternalId(manager, wire.Id)
if err == nil {
return _network.(*SNetwork), nil
Expand Down Expand Up @@ -575,7 +577,7 @@ func (self *SNetwork) IsExitNetwork() bool {
}

func (manager *SNetworkManager) getNetworksByWire(wire *SWire) ([]SNetwork, error) {
return wire.getNetworks()
return wire.getNetworks(nil, rbacutils.ScopeNone)
/* nets := make([]SNetwork, 0)
q := manager.Query().Equals("wire_id", wire.Id)
err := db.FetchModelObjects(manager, q, &nets)
Expand Down Expand Up @@ -2587,3 +2589,15 @@ func (manager *SNetworkManager) ListItemExportKeys(ctx context.Context,
}
return q, nil
}

func (manager *SNetworkManager) AllowScope(userCred mcclient.TokenCredential) rbacutils.TRbacScope {
if consts.IsRbacEnabled() {
return policy.PolicyManager.AllowScope(userCred, api.SERVICE_TYPE, NetworkManager.KeywordPlural(), policy.PolicyActionGet)
} else {
if userCred.HasSystemAdminPrivilege() {
return rbacutils.ScopeSystem
} else {
return rbacutils.ScopeProject
}
}
}
3 changes: 2 additions & 1 deletion pkg/compute/models/purge.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"yunion.io/x/onecloud/pkg/cloudcommon/db"
"yunion.io/x/onecloud/pkg/cloudcommon/db/lockman"
"yunion.io/x/onecloud/pkg/mcclient"
"yunion.io/x/onecloud/pkg/util/rbacutils"
)

type IPurgeableManager interface {
Expand Down Expand Up @@ -939,7 +940,7 @@ func (net *SNetwork) purge(ctx context.Context, userCred mcclient.TokenCredentia
}

func (wire *SWire) purgeNetworks(ctx context.Context, userCred mcclient.TokenCredential) error {
nets, err := wire.getNetworks()
nets, err := wire.getNetworks(nil, rbacutils.ScopeNone)
if err != nil {
return err
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/compute/models/vpcs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ func (manager *SVpcManager) getVpcExternalIdForClassicNetwork(regionId, cloudpro
return fmt.Sprintf("%s-%s", regionId, cloudproviderId)
}

func (manager *SVpcManager) NewVpcForClassicNetwork(host *SHost) (*SVpc, error) {
func (manager *SVpcManager) GetOrCreateVpcForClassicNetwork(host *SHost) (*SVpc, error) {
region := host.GetRegion()
cloudprovider := host.GetCloudprovider()
externalId := manager.getVpcExternalIdForClassicNetwork(region.Id, cloudprovider.Id)
Expand Down
46 changes: 25 additions & 21 deletions pkg/compute/models/wires.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ func (manager *SWireManager) getWireExternalIdForClassicNetwork(provider string,
return vpcId
}

func (manager *SWireManager) NewWireForClassicNetwork(vpc *SVpc, zone *SZone) (*SWire, error) {
func (manager *SWireManager) GetOrCreateWireForClassicNetwork(vpc *SVpc, zone *SZone) (*SWire, error) {
cloudprovider := vpc.GetCloudprovider()
if cloudprovider == nil {
return nil, fmt.Errorf("failed to found cloudprovider for vpc %s(%s)", vpc.Id, vpc.Id)
Expand Down Expand Up @@ -373,7 +373,7 @@ func (self *SWire) syncWithCloudWire(ctx context.Context, userCred mcclient.Toke
}

func (self *SWire) markNetworkUnknown(userCred mcclient.TokenCredential) error {
nets, err := self.getNetworks()
nets, err := self.getNetworks(nil, rbacutils.ScopeNone)
if err != nil {
return err
}
Expand Down Expand Up @@ -602,12 +602,16 @@ func (manager *SWireManager) TotalCount(
return stat
}

func (self *SWire) getNetworkQuery() *sqlchemy.SQuery {
return NetworkManager.Query().Equals("wire_id", self.Id)
func (self *SWire) getNetworkQuery(ownerId mcclient.IIdentityProvider, scope rbacutils.TRbacScope) *sqlchemy.SQuery {
q := NetworkManager.Query().Equals("wire_id", self.Id)
if ownerId != nil {
q = NetworkManager.FilterByOwner(q, ownerId, scope)
}
return q
}

func (self *SWire) getNetworks() ([]SNetwork, error) {
q := self.getNetworkQuery()
func (self *SWire) getNetworks(ownerId mcclient.IIdentityProvider, scope rbacutils.TRbacScope) ([]SNetwork, error) {
q := self.getNetworkQuery(ownerId, scope)
nets := make([]SNetwork, 0)
err := db.FetchModelObjects(NetworkManager, q, &nets)
if err != nil {
Expand All @@ -616,15 +620,15 @@ func (self *SWire) getNetworks() ([]SNetwork, error) {
return nets, nil
}

func (self *SWire) getGatewayNetworkQuery() *sqlchemy.SQuery {
q := self.getNetworkQuery()
func (self *SWire) getGatewayNetworkQuery(ownerId mcclient.IIdentityProvider, scope rbacutils.TRbacScope) *sqlchemy.SQuery {
q := self.getNetworkQuery(ownerId, scope)
q = q.IsNotNull("guest_gateway").IsNotEmpty("guest_gateway")
q = q.Equals("status", api.NETWORK_STATUS_AVAILABLE)
return q
}

func (self *SWire) getPublicNetworks() ([]SNetwork, error) {
q := self.getGatewayNetworkQuery()
func (self *SWire) getPublicNetworks(ownerId mcclient.IIdentityProvider, scope rbacutils.TRbacScope) ([]SNetwork, error) {
q := self.getGatewayNetworkQuery(ownerId, scope)
q = q.IsTrue("is_public")
nets := make([]SNetwork, 0)
err := db.FetchModelObjects(NetworkManager, q, &nets)
Expand All @@ -634,9 +638,9 @@ func (self *SWire) getPublicNetworks() ([]SNetwork, error) {
return nets, nil
}

func (self *SWire) getPrivateNetworks(userCred mcclient.TokenCredential) ([]SNetwork, error) {
q := self.getGatewayNetworkQuery()
q = q.Equals("tenant_id", userCred.GetProjectId()).IsFalse("is_public")
func (self *SWire) getPrivateNetworks(ownerId mcclient.IIdentityProvider, scope rbacutils.TRbacScope) ([]SNetwork, error) {
q := self.getGatewayNetworkQuery(ownerId, scope)
q = q.IsFalse("is_public")
nets := make([]SNetwork, 0)
err := db.FetchModelObjects(NetworkManager, q, &nets)
if err != nil {
Expand All @@ -645,28 +649,28 @@ func (self *SWire) getPrivateNetworks(userCred mcclient.TokenCredential) ([]SNet
return nets, nil
}

func (self *SWire) GetCandidatePrivateNetwork(userCred mcclient.TokenCredential, isExit bool, serverTypes []string) (*SNetwork, error) {
nets, err := self.getPrivateNetworks(userCred)
func (self *SWire) GetCandidatePrivateNetwork(ownerId mcclient.IIdentityProvider, scope rbacutils.TRbacScope, isExit bool, serverTypes []string) (*SNetwork, error) {
nets, err := self.getPrivateNetworks(ownerId, scope)
if err != nil {
return nil, err
}
return ChooseCandidateNetworks(nets, isExit, serverTypes), nil
}

func (self *SWire) GetCandidatePublicNetwork(isExit bool, serverTypes []string) (*SNetwork, error) {
nets, err := self.getPublicNetworks()
func (self *SWire) GetCandidatePublicNetwork(ownerId mcclient.IIdentityProvider, scope rbacutils.TRbacScope, isExit bool, serverTypes []string) (*SNetwork, error) {
nets, err := self.getPublicNetworks(ownerId, scope)
if err != nil {
return nil, err
}
return ChooseCandidateNetworks(nets, isExit, serverTypes), nil
}

func (self *SWire) GetCandidateNetworkForIp(userCred mcclient.TokenCredential, ipAddr string) (*SNetwork, error) {
func (self *SWire) GetCandidateNetworkForIp(ownerId mcclient.IIdentityProvider, scope rbacutils.TRbacScope, ipAddr string) (*SNetwork, error) {
ip, err := netutils.NewIPV4Addr(ipAddr)
if err != nil {
return nil, err
}
netPrivates, err := self.getPrivateNetworks(userCred)
netPrivates, err := self.getPrivateNetworks(ownerId, scope)
if err != nil {
return nil, err
}
Expand All @@ -675,7 +679,7 @@ func (self *SWire) GetCandidateNetworkForIp(userCred mcclient.TokenCredential, i
return &net, nil
}
}
netPublics, err := self.getPublicNetworks()
netPublics, err := self.getPublicNetworks(ownerId, scope)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -1016,7 +1020,7 @@ func (wire *SWire) GetChangeOwnerCandidateDomainIds() []string {
}

func (wire *SWire) GetRequiredSharedDomainIds() []string {
networks, _ := wire.getNetworks()
networks, _ := wire.getNetworks(nil, rbacutils.ScopeNone)
if len(networks) == 0 {
return wire.SInfrasResourceBase.GetRequiredSharedDomainIds()
}
Expand Down

0 comments on commit 68c0377

Please sign in to comment.