Skip to content

Commit

Permalink
Fix shared ports (#2031)
Browse files Browse the repository at this point in the history 
fix: allow open and close exposed ports to shared user

close #2030
  • Loading branch information
@frankiejol
frankiejol committed Feb 27, 2024
1 parent 1f5a90e commit 07a4953
Show file tree
Hide file tree
Showing 6 changed files with 89 additions and 49 deletions.
14 changes: 12 additions & 2 deletions lib/Ravada.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5614,7 +5614,8 @@ sub _cmd_refresh_machine_ports($self, $request) {
my $domain = Ravada::Domain->open($id_domain) or confess "Error: domain $id_domain not found";

die "USER $uid not authorized to refresh machine ports for domain ".$domain->name
unless $domain->_data('id_owner') == $user->id || $user->is_operator;
unless $domain->_data('id_owner') == $user->id || $user->is_operator
|| $user->can_start_machine($domain->id);

return if !$domain->is_active;

Expand Down Expand Up @@ -6762,6 +6763,14 @@ sub _cmd_open_exposed_ports($self, $request) {
my $domain = Ravada::Domain->open($request->id_domain) or return;
return if !$domain->list_ports();

my $uid = $request->args('uid');
my $user = Ravada::Auth::SQL->search_by_id( $uid )
or die "Error: user $uid not found";

die "Error: user ".$user->name." not authorized to open ports"
unless $user->is_admin || $domain->_data('id_owner') == $uid
|| $user->can_start_machine($domain);

my $remote_ip = $request->defined_arg('remote_ip');

$domain->open_exposed_ports($remote_ip);
Expand All @@ -6783,7 +6792,8 @@ sub _cmd_close_exposed_ports($self, $request) {
return if !$domain;

die "Error: user ".$user->name." not authorized to delete iptables rule"
unless $user->is_admin || $domain->_data('id_owner') == $uid;
unless $user->is_admin || $domain->_data('id_owner') == $uid
|| $user->can_start_machine($domain);

my $port = $request->defined_arg('port');

Expand Down
2 changes: 1 addition & 1 deletion lib/Ravada/Request.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,7 +252,7 @@ our %COMMAND = (
limit => 50
,priority => 4
,commands => ['shutdown','shutdown_now', 'enforce_limits', 'set_time'
,'remove_domain','refresh_machine_ports'
,'remove_domain', 'remove', 'refresh_machine_ports'
]
}

Expand Down
9 changes: 0 additions & 9 deletions t/device/10_templates.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -938,24 +938,15 @@ for my $vm_name ( vm_names()) {

test_frontend_list($vm);

warn 1;

test_templates_gone_usb_2($vm);

warn 2;

test_templates_gone_usb($vm);
warn 3;
test_templates_changed_usb($vm);

warn 4;
test_templates_start_nohd($vm);
warn 5;
test_templates_change_filter($vm);

warn 6;
test_templates($vm);
warn 7;
test_templates_change_devices($vm);

}
Expand Down
11 changes: 7 additions & 4 deletions t/lib/Test/Ravada.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1542,18 +1542,21 @@ sub remove_void_networks($vm=undef) {
}

sub remove_networks_req() {
my $sth = connector()->dbh->prepare("SELECT id,id_vm,name FROM virtual_networks "
." WHERE name like ? "
my $sth = connector()->dbh->prepare(
"SELECT vn.id,id_vm,vn.name,v.name "
." FROM virtual_networks vn, vms v"
." WHERE vn.name like ? "
." AND vn.id_vm=v.id"
);
$sth->execute(base_domain_name."%");
while (my ($id, $id_vm, $name) = $sth->fetchrow) {
while (my ($id, $id_vm, $name, $node) = $sth->fetchrow) {
my $req = Ravada::Request->remove_network(
uid => user_admin()->id
,id => $id
,id_vm => $id_vm
);
}
wait_request();
wait_request(debug => 1);
}

sub remove_qemu_networks($vm=undef) {
Expand Down
83 changes: 52 additions & 31 deletions t/mojo/70_volatile.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,13 +142,6 @@ sub _set_base_vms($vm_name, $id_base, $network) {
while ( my ($id_vm) = $sth->fetchrow) {
$t->post_ok("/node/enable/$id_vm.json");

my $req = Ravada::Request->create_network(
uid => user_admin->id
,id_vm => $id_vm
,data => $network
);
wait_request(check_error => 0);

my $id_req = mojo_request($t,"set_base_vm", { id_vm => $id_vm, id_domain => $id_base, value => 1 }, 0);
mojo_request($t,"clone", { id_domain => $id_base , after_request => $id_req, name => new_domain_name()
,options => { network => $network->{name} }
Expand Down Expand Up @@ -176,38 +169,63 @@ sub _count_nodes($vm_name) {
return ($count or 1);
}

sub _new_network($id_vm) {
sub _new_network($vm_name,$id_vm) {

my $req_new = Ravada::Request->new_network(
uid => user_admin->id
,id_vm => $id_vm
,name => base_domain_name()
);
wait_request(debug => 0);
like($req_new->output , qr/\d+/) or exit;
my ($req,$net);

my $net = decode_json($req_new->output);
my $name = $net->{name};
for my $cont ( 140 .. 150 ) {
my $req_new = Ravada::Request->new_network(
uid => user_admin->id
,id_vm => $id_vm
,name => base_domain_name()
);
wait_request(debug => 0);
like($req_new->output , qr/\d+/) or exit;

my $user = create_user();
my $req = Ravada::Request->create_network(
uid => user_admin->id
,id_vm => $id_vm
,data => $net
);
wait_request(check_error => 0);
$net = decode_json($req_new->output);
$net->{ip_address} =~ s/(\d+\.\d+\.)\d+(.*)/$1$cont$2/;
my $name = $net->{name};

my $user = create_user();
$req = Ravada::Request->create_network(
uid => user_admin->id
,id_vm => $id_vm
,data => $net
);
wait_request(check_error => 0);

last if !$req->error;
}
die $req->error if $req->error;

_create_network_nodes($vm_name, $net);

return $net;
}

sub _create_network_nodes($vm_name, $net) {
my $sth = connector->dbh->prepare(
"SELECT id FROM vms WHERE vm_type=?"
." AND is_active=1 AND enabled=1"
);
$sth->execute($vm_name);
while ( my ($id_vm) = $sth->fetchrow ) {
$net->{id_vm} = $id_vm;
Ravada::Request->create_network(
uid => user_admin->id
,id_vm => $id_vm
,data => $net
);

}
}

sub test_clone($vm_name, $n=10) {
my $id_vm = _id_vm($vm_name);

my @bases = bases($vm_name);

my $network = _new_network($id_vm);
my $network = _new_network($vm_name, $id_vm);
my $network_name = $network->{name};

for my $base ( @bases ) {
Expand Down Expand Up @@ -257,8 +275,10 @@ sub test_clone($vm_name, $n=10) {
);
delete_request('set_time','force_shutdown');
next if $vm_name eq 'Void';
wait_request(debug => 1);
_wait_ip($name,$seconds++);
if (_slightly_loaded() ) {
wait_request(debug => 1);
_wait_ip($name,$seconds++);
}
last if _too_loaded();
}
}
Expand Down Expand Up @@ -292,22 +312,23 @@ sub _search_domain_by_name($name) {
return $id;
}

sub _too_loaded($msg) {
sub _slightly_loaded($msg="") {
open my $in,"<","/proc/loadavg" or die $!;
my ($load) = <$in>;
close $in;
chomp $load;
$load =~ s/\s.*//;
return $load>$MAX_LOAD;
return $load>$MAX_LOAD/3;
}

sub _too_loaded() {

sub _too_loaded($msg="") {
open my $in,"<","/proc/loadavg" or die $!;
my ($load) = <$in>;
close $in;
chomp $load;
$load =~ s/\s.*//;
diag("$load / $MAX_LOAD");
diag("$msg $load / $MAX_LOAD");
return $load>$MAX_LOAD;
}

Expand Down
19 changes: 17 additions & 2 deletions t/user/35_share.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,15 +100,30 @@ sub test_requests_shared($user, $clone) {
wait_request();
is($req3->status,'done');
is($req3->error,'');

my $req4 = Ravada::Request->list_cpu_models(
my @args = (
uid => $user->id
,id_domain => $clone->id
);
my $req4 = Ravada::Request->list_cpu_models(@args);
wait_request();
is($req4->status,'done');
is($req4->error,'');

my $req5 = Ravada::Request->open_exposed_ports(@args);
wait_request();
is($req5->status,'done');
is($req5->error,'');

$req5 = Ravada::Request->refresh_machine_ports(@args);
wait_request();
is($req5->status,'done');
is($req5->error,'');

$req5 = Ravada::Request->close_exposed_ports(@args);
wait_request();
is($req5->status,'done');
is($req5->error,'');

}

sub test_machine_info_shared($user, $clone) {
Expand Down

0 comments on commit 07a4953

Please sign in to comment.