list only own zones for resource manager #11087
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR tightens zone-level access for resource managers and applies broad Java refactoring to modernize code style.
- Enforce per-zone permissions in
listDataCentersInternalby renamingidtozoneIdand invokingcheckAccessAndSpecifyAuthority. - Remove unused imports and private methods across
QueryManagerImpl, and standardize Java 7+ features (diamond operators,toArray(new T[0])). - Simplify API commands by dropping redundant static names/overrides and adopting diamond operators in response list declarations.
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| server/src/main/java/com/cloud/api/query/QueryManagerImpl.java | Enforce zone access control, remove unused code, and refactor to use diamond operators and array patterns. |
| api/src/main/java/org/apache/cloudstack/api/command/user/zone/ListZonesCmd.java | Remove obsolete getCommandName() override and static response name. |
| api/src/main/java/org/apache/cloudstack/api/command/admin/pod/ListPodsByCmd.java | Adopt diamond operators in ListResponse and collection initializations. |
| api/src/main/java/org/apache/cloudstack/api/command/admin/cluster/ListClustersCmd.java | Simplify Pair constructions and apply diamond operators to list declarations. |
Comments suppressed due to low confidence (2)
server/src/main/java/com/cloud/api/query/QueryManagerImpl.java:3151
- The internal method
searchForStorageTagsInternalno longer accepts the command parameter, so any filtering based onListStorageTagsCmdfields may be skipped. Restore or pass the command to preserve expected filtering behavior.
Pair<List<StoragePoolTagVO>, Integer> result = searchForStorageTagsInternal();
server/src/main/java/com/cloud/api/query/QueryManagerImpl.java:3192
- The signature for
searchForHostTagsInternalwas changed to drop theListHostTagsCmdargument, which likely removes filtering by command parameters. Confirm that host-tag filters are still applied or reintroduce the parameter.
Pair<List<HostTagVO>, Integer> result = searchForHostTagsInternal();
| // TODO fix bug : id is always null from here | ||
| Long id = null; | ||
|
|
||
| if (caller.getType() == Account.Type.NORMAL) { | ||
| long currentId = CallContext.current().getCallingUser().getId(); | ||
| if (id != null && currentId != id.longValue()) { | ||
| throw new PermissionDeniedException("Calling user is not authorized to see the user requested by id"); | ||
| } | ||
| id = currentId; | ||
| id = CallContext.current().getCallingUser().getId(); |
There was a problem hiding this comment.
[nitpick] This TODO indicates a known issue where id is always null. Consider removing or addressing this comment by fixing the initialization logic or clarifying its intended behavior.
Copilot uses AI. Check for mistakes.
There was a problem hiding this comment.
issue created for this in #11088
| Long zoneId = cmd.getId(); | ||
| zoneId = accountMgr.checkAccessAndSpecifyAuthority(CallContext.current().getCallingAccount(), zoneId); |
There was a problem hiding this comment.
for reviewer; this is the actual change. (i’ve been going overboard on cleanup during investigation)
|
@blueorangutan package |
|
@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13913 |
|
@blueorangutan test |
|
@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## 4.20 #11087 +/- ##
=========================================
Coverage 16.15% 16.15%
- Complexity 13273 13278 +5
=========================================
Files 5657 5657
Lines 497898 497892 -6
Branches 60374 60384 +10
=========================================
+ Hits 80435 80445 +10
+ Misses 408505 408481 -24
- Partials 8958 8966 +8
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Description
This PR...
Fixes: #10906
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
How did you try to break this feature and the system with this change?