fix: cloudaccount is created as system shared by default

yunionio · Apr 20, 2020 · e0fc57b · e0fc57b
1 parent 76ee769
commit e0fc57b
Show file tree

Hide file tree

Showing 8 changed files with 62 additions and 30 deletions.
diff --git a/pkg/apigateway/handler/auth.go b/pkg/apigateway/handler/auth.go
@@ -16,6 +16,7 @@ package handler
 
 import (
 	"context"
+	"encoding/base64"
 	"fmt"
 	"net/http"
 	"strings"
@@ -269,6 +270,10 @@ func (h *AuthHandlers) doCredentialLogin(ctx context.Context, req *http.Request,
 		if err != nil {
 			return nil, httperrors.NewInputParameterError("get password in body")
 		}
+		// try base64 decryption
+		if decPasswd, err := base64.StdEncoding.DecodeString(passwd); err == nil {
+			passwd = string(decPasswd)
+		}
 		if len(uname) == 0 || len(passwd) == 0 {
 			return nil, httperrors.NewInputParameterError("username or password is empty")
 		}
@@ -533,14 +538,6 @@ func FetchRegion(req *http.Request) string {
 	return ""
 }
 
-func fetchDomain(req *http.Request) string {
-	r, e := req.Cookie("domain")
-	if e != nil {
-		return ""
-	}
-	return r.Value
-}
-
 type role struct {
 	id   string
 	name string

diff --git a/pkg/apis/compute/cloudaccount.go b/pkg/apis/compute/cloudaccount.go
@@ -167,10 +167,11 @@ type CloudaccountCreateInput struct {
 	IsOnPremise bool
 
 	// 指定云账号所属的项目
-	Tenant string `json:"tenant"`
-
+	// Tenant string `json:"tenant"`
 	// swagger:ignore
-	TenantId string
+	// TenantId string
+
+	apis.ProjectizedResourceInput
 
 	// 启用自动同步
 	// default: false

diff --git a/pkg/apis/identity/input.go b/pkg/apis/identity/input.go
@@ -23,6 +23,7 @@ import (
 
 type IdentityBaseResourceCreateInput struct {
 	apis.StandaloneResourceCreateInput
+	apis.DomainizedResourceCreateInput
 }
 
 type EnabledIdentityBaseResourceCreateInput struct {

diff --git a/pkg/apis/identity/zz_generated.model.go b/pkg/apis/identity/zz_generated.model.go
diff --git a/pkg/apis/monitor/zz_generated.model.go b/pkg/apis/monitor/zz_generated.model.go
diff --git a/pkg/cloudcommon/db/domain.go b/pkg/cloudcommon/db/domain.go
@@ -16,8 +16,10 @@ package db
 
 import (
 	"context"
+	"database/sql"
 
 	"yunion.io/x/jsonutils"
+	"yunion.io/x/pkg/errors"
 	"yunion.io/x/pkg/util/reflectutils"
 	"yunion.io/x/sqlchemy"
 
@@ -163,3 +165,16 @@ func (manager *SDomainizedResourceBaseManager) FetchCustomizeColumns(
 	}
 	return ret
 }
+
+func ValidateDomainizedResourceInput(ctx context.Context, input apis.DomainizedResourceInput) (*STenant, apis.DomainizedResourceInput, error) {
+	domain, err := DefaultDomainFetcher(ctx, input.ProjectDomain)
+	if err != nil {
+		if errors.Cause(err) == sql.ErrNoRows {
+			return nil, input, httperrors.NewResourceNotFoundError2("domain", input.ProjectDomain)
+		} else {
+			return nil, input, errors.Wrap(err, "TenantCacheManager.FetchDomainByIdOrName")
+		}
+	}
+	input.ProjectDomain = domain.GetId()
+	return domain, input, nil
+}
diff --git a/pkg/cloudcommon/db/project.go b/pkg/cloudcommon/db/project.go
@@ -16,6 +16,7 @@ package db
 
 import (
 	"context"
+	"database/sql"
 	"time"
 
 	"yunion.io/x/jsonutils"
@@ -197,3 +198,16 @@ func fetchProjects(ctx context.Context, projectIds []string, isDomain bool) map[
 	}
 	return ret
 }
+
+func ValidateProjectizedResourceInput(ctx context.Context, input apis.ProjectizedResourceInput) (*STenant, apis.ProjectizedResourceInput, error) {
+	tenant, err := DefaultProjectFetcher(ctx, input.Project)
+	if err != nil {
+		if errors.Cause(err) == sql.ErrNoRows {
+			return nil, input, httperrors.NewResourceNotFoundError2("project", input.Project)
+		} else {
+			return nil, input, errors.Wrap(err, "TenantCacheManager.FetchTenantByIdOrName")
+		}
+	}
+	input.Project = tenant.GetId()
+	return tenant, input, nil
+}
diff --git a/pkg/compute/models/cloudaccounts.go b/pkg/compute/models/cloudaccounts.go
@@ -342,15 +342,11 @@ func (manager *SCloudaccountManager) ValidateCreateData(
 		return input, err
 	}
 
-	if len(input.Tenant) > 0 {
-		tenantObj, err := db.TenantCacheManager.FetchTenantByIdOrName(ctx, input.Tenant)
+	if len(input.Project) > 0 {
+		_, input.ProjectizedResourceInput, err = db.ValidateProjectizedResourceInput(ctx, input.ProjectizedResourceInput)
 		if err != nil {
-			if err == sql.ErrNoRows {
-				return input, httperrors.NewResourceNotFoundError("failed to found tenant %s", input.Tenant)
-			}
-			return input, httperrors.NewGeneralError(errors.Wrap(err, "FetchTenantByIdOrName"))
+			return input, errors.Wrap(err, "db.ValidateProjectizedResourceInput")
 		}
-		input.TenantId = tenantObj.GetId()
 	}
 
 	if !cloudprovider.IsSupported(input.Provider) {
@@ -474,7 +470,12 @@ func (self *SCloudaccount) CustomizeCreate(ctx context.Context, userCred mcclien
 	}
 	self.DomainId = ownerId.GetProjectDomainId()
 	// self.EnableAutoSync = false
+	// force private and share_mode=account_domain
 	self.ShareMode = api.CLOUD_ACCOUNT_SHARE_MODE_ACCOUNT_DOMAIN
+	self.IsPublic = false
+	self.PublicScope = string(rbacutils.ScopeNone)
+	// mark the public_scope has been set
+	data.(*jsonutils.JSONDict).Set("public_scope", jsonutils.NewString(self.PublicScope))
 	return self.SEnabledStatusInfrasResourceBase.CustomizeCreate(ctx, userCred, ownerId, query, data)
 }