Change in ovirt-engine[ovirt-engine-3.6]: core: Added Roles and groups for cpu profiling
piotr.kliczewski at gmail.com
piotr.kliczewski at gmail.com
Tue Feb 23 13:13:33 UTC 2016
Piotr Kliczewski has submitted this change and it was merged.
Change subject: core: Added Roles and groups for cpu profiling
......................................................................
core: Added Roles and groups for cpu profiling
The following CPU Profiles were added in order to prevent unauthorized
access to cpu profiles:
CpuProfileOperator - Will have the ability to Assign CPU Profile to VMs.
CpuProfileCreator - Will have the ability to Create/Update/Delete and
Assign CPU Profile to VMs.
Action groups that were added to engine and REST API:
Create CPU Profile, Update CPU Profile, Remove CPU Profile,
Assign CPU Profile.
Roles that were granted Create/Update/Delete and Assign permissions for
cpu profiles (Same as CpuProfileCreator + CpuProfileOperator):
SuperUser, PowerUser, ClusterAdmin, DataCenterAdmin.
Other roles that were granted permission same as the ones for
CpuProfileOperator:
CpuProfileCreator, UserVmManager, VmPoolAdmin, VmCreator,
UserTemplateBasedVm and UserVmRuntimeManager.
Before this patch, any user that had permissions for the cluster
associated with the CPU Profile, could Create/Update/Delete and Assign
it.
The Data Access Objects tests(DAO tests) were changed inorder to comply
with the new behaviour.
Change-Id: I8217f0146d83afe3ae740bd1d1e37825091ed206
Bug-Url: https://bugzilla.redhat.com/1143869
Bug-Url: https://bugzilla.redhat.com/1310541
Signed-off-by: Tomer Saban <tsaban at redhat.com>
Signed-off-by: Martin Sivak <msivak at redhat.com>
---
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
M backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/FixturesTool.java
M backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/RoleDaoTest.java
M backend/manager/modules/dal/src/test/resources/fixtures.xml
M backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/model/PermitType.java
M packaging/dbscripts/cpu_profiles_sp.sql
M packaging/dbscripts/create_views.sql
A packaging/dbscripts/upgrade/03_06_2040_attach_cpu_profile_permissions.sql
A packaging/dbscripts/upgrade/03_06_2050_create_index_cpu_profiles.sql
10 files changed, 249 insertions(+), 26 deletions(-)
Approvals:
Martin Sivák: Verified
Jenkins CI: Passed CI tests
Roy Golan: Looks good to me, approved
--
To view, visit https://gerrit.ovirt.org/53885
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I8217f0146d83afe3ae740bd1d1e37825091ed206
Gerrit-PatchSet: 4
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.6
Gerrit-Owner: Martin Sivák <msivak at redhat.com>
Gerrit-Reviewer: Eli Mesika <emesika at redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Martin Sivák <msivak at redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali at redhat.com>
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski at gmail.com>
Gerrit-Reviewer: Roy Golan <rgolan at redhat.com>
Gerrit-Reviewer: Sandro Bonazzola <sbonazzo at redhat.com>
Gerrit-Reviewer: Tal Nisan <tnisan at redhat.com>
Gerrit-Reviewer: Tomer Saban <tsaban at redhat.com>
More information about the Engine-commits
mailing list