[Kimchi-devel] [PATCH v2] [Kimchi] Check if qemu/libvirt user has permission to use the image
Jose Ricardo Ziviani
joserz at linux.vnet.ibm.com
Thu May 12 21:25:27 UTC 2016
- Based on this check this patch returns a new field to the
interface be able to disable such ISO before creating any
templates with it.
Signed-off-by: Jose Ricardo Ziviani <joserz at linux.vnet.ibm.com>
---
v2:
- check permission is now generic for any image
control/storagevolumes.py | 3 ++-
docs/API.md | 2 ++
mockmodel.py | 6 ++++--
model/storagevolumes.py | 10 ++++++++--
tests/test_model_storagevolume.py | 2 +-
tests/test_rest.py | 1 +
6 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/control/storagevolumes.py b/control/storagevolumes.py
index a04ad35..e7f5b54 100644
--- a/control/storagevolumes.py
+++ b/control/storagevolumes.py
@@ -83,7 +83,8 @@ class StorageVolume(Resource):
'path': self.info['path'],
'used_by': self.info['used_by'],
'format': self.info['format'],
- 'isvalid': self.info['isvalid']}
+ 'isvalid': self.info['isvalid'],
+ 'has_permission': self.info['has_permission']}
for key in ('os_version', 'os_distro', 'bootable', 'base'):
val = self.info.get(key)
diff --git a/docs/API.md b/docs/API.md
index 6d502a9..83f9d38 100644
--- a/docs/API.md
+++ b/docs/API.md
@@ -614,6 +614,8 @@ A interface represents available network interface on VM.
* bootable *(optional)*: True if iso image is bootable and not corrupted.
* used_by: Name of vms which use this volume.
* isvalid: True if is a valid volume.
+ * has_permission: qemu/libvirt user has the right permission to
+ to use the image
* **DELETE**: Remove the Storage Volume
* **POST**: *See Storage Volume Actions*
diff --git a/mockmodel.py b/mockmodel.py
index 142e81f..38d08b5 100644
--- a/mockmodel.py
+++ b/mockmodel.py
@@ -476,14 +476,16 @@ class MockStorageVolumes(object):
'type': 'block',
'path': base_path + '1',
'used_by': [],
- 'isvalid': True},
+ 'isvalid': True,
+ 'has_permission': True},
'unit:0:0:2': {'capacity': 2048,
'format': 'unknown',
'allocation': 512,
'type': 'block',
'path': base_path + '2',
'used_by': [],
- 'isvalid': True}}
+ 'isvalid': True,
+ 'has_permission': True}}
class MockVolumeGroups(object):
diff --git a/model/storagevolumes.py b/model/storagevolumes.py
index e037e35..da42e85 100644
--- a/model/storagevolumes.py
+++ b/model/storagevolumes.py
@@ -30,12 +30,14 @@ from lxml.builder import E
from wok.exception import InvalidOperation, InvalidParameter, IsoFormatError
from wok.exception import MissingParameter, NotFoundError, OperationFailed
-from wok.utils import add_task, get_unique_file_name, wok_log
+from wok.utils import add_task, get_unique_file_name
+from wok.utils import probe_file_permission_as_user, wok_log
from wok.xmlutils.utils import xpath_get_text
from wok.model.tasks import TaskModel
from wok.plugins.kimchi.config import READONLY_POOL_TYPE
from wok.plugins.kimchi.isoinfo import IsoImage
+from wok.plugins.kimchi.kvmusertests import UserTests
from wok.plugins.kimchi.model.diskutils import get_disk_used_by
from wok.plugins.kimchi.model.diskutils import set_disk_used_by
from wok.plugins.kimchi.model.storagepools import StoragePoolModel
@@ -273,6 +275,7 @@ class StorageVolumeModel(object):
self.task = TaskModel(**kargs)
self.storagevolumes = StorageVolumesModel(**kargs)
self.storagepool = StoragePoolModel(**kargs)
+ self.libvirt_user = UserTests().probe_user()
@staticmethod
def get_storagevolume(poolname, name, conn):
@@ -329,13 +332,15 @@ class StorageVolumeModel(object):
isvalid = False
used_by = get_disk_used_by(self.objstore, self.conn, path)
+ ret, _ = probe_file_permission_as_user(path, self.libvirt_user)
res = dict(type=VOLUME_TYPE_MAP[info[0]],
capacity=info[1],
allocation=info[2],
path=path,
used_by=used_by,
format=fmt,
- isvalid=isvalid)
+ isvalid=isvalid,
+ has_permission=ret)
if fmt == 'iso':
if os.path.islink(path):
path = os.path.join(os.path.dirname(path), os.readlink(path))
@@ -347,6 +352,7 @@ class StorageVolumeModel(object):
bootable = True
except IsoFormatError:
bootable = False
+
res.update(
dict(os_distro=os_distro, os_version=os_version, path=path,
bootable=bootable))
diff --git a/tests/test_model_storagevolume.py b/tests/test_model_storagevolume.py
index 7dbda97..56dda8f 100644
--- a/tests/test_model_storagevolume.py
+++ b/tests/test_model_storagevolume.py
@@ -258,7 +258,7 @@ class StorageVolumeTests(unittest.TestCase):
self.assertEquals(200, resp.status)
keys = [u'name', u'type', u'capacity', u'allocation', u'path',
- u'used_by', u'format', u'isvalid']
+ u'used_by', u'format', u'isvalid', u'has_permission']
for vol in json.loads(resp.read()):
resp = self.request(uri + '/' + vol['name'])
self.assertEquals(200, resp.status)
diff --git a/tests/test_rest.py b/tests/test_rest.py
index c1294ee..cae196e 100644
--- a/tests/test_rest.py
+++ b/tests/test_rest.py
@@ -1174,6 +1174,7 @@ class RestTests(unittest.TestCase):
self.assertEquals('17', storagevolume['os_version'])
self.assertEquals('fedora', storagevolume['os_distro'])
self.assertEquals(True, storagevolume['bootable'])
+ self.assertEquals(True, storagevolume['has_permission'])
# Create a template
# In real model os distro/version can be omitted
--
2.7.4
More information about the Kimchi-devel
mailing list