CLOUDSTACK-9432: cluster/host dedicated to a domain is owned by the root domain#2124
Conversation
49ad69d to
1e4d30c
Compare
rafaelweingartner
left a comment
There was a problem hiding this comment.
@GabrielBrascher thanks for the PR.
Could you take a look at some issues that I pointed out?
| private AffinityGroupVO createAffinityGroup(final AffinityGroupProcessor processor, final Account owner, final ACLType aclType, final String affinityGroupName, final String affinityGroupType, final String description) { | ||
| private AffinityGroupVO createAffinityGroup(final AffinityGroupProcessor processor, final Account owner, final ACLType aclType, final String affinityGroupName, final String affinityGroupType, final String description, boolean domainLevel, Long domainId) { | ||
|
|
||
| Long domainIdBasedOnDomainLevel = owner.getDomainId(); |
There was a problem hiding this comment.
@GabrielBrascher what about extracting lines 181-184 to a method and then create a test case for it?
Also a documentation describing the method seems a good idea.
| // created only as an admin/system operation. | ||
| } | ||
| types.add(processor.getType()); | ||
| if (processor.isAdminControlledGroup()) { |
There was a problem hiding this comment.
Are these formatting changes needed?
Are you using the CloudStack code formatter style? Or was the code not formatted properly?
There was a problem hiding this comment.
At first I tried to submit without those changes in lines which I did not touch; however, it failed to pass in check style validation. When my environment formatted the code (with the CloudStack style), all checks have passed. I can review those changes and see if I can minimize them. But some will be necessary.
There was a problem hiding this comment.
Ah, ok.
So, let the changes there
|
Hi @GabrielBrascher thanks for the fix! Works better for me, although I think the |
1e4d30c to
05bc1b3
Compare
| } | ||
| return domainIdBasedOnDomainLevel; | ||
| } | ||
|
|
There was a problem hiding this comment.
@rafaelweingartner thanks for the review. The code now is in a method with tests and documentation.
05bc1b3 to
448744f
Compare
When dedicating a resource (cluster or host) to a domain, the affinity group which is created is visible to everyone rather than only to domain that the cluster is dedicated to.
448744f to
cd56112
Compare
|
Hi @remibergsma . Thanks for the feedback! (i) the account ID in the affinity_group table: I kept the account ID as the owner account id (in this case 1 because of the system account id) because I don't know the effect of letting it null; thus, the account ID stayed as it was being managed before this fix. Please feel free to provide any different approach if you have something in mind. (i) the domain ID in affinity_group table: if I didn't miss anything, the domain ID should be from the dedicated domain ID (instead of 1). Line 186 |
|
@blueorangutan package |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✔centos6 ✔centos7 ✔debian. JID-870 |
|
@blueorangutan test |
|
@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
|
Trillian test result (tid-1265)
|
|
From me you have an LGTM. |
|
@blueorangutan package |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1088 |
houthuis
left a comment
There was a problem hiding this comment.
tested locally, it works as described
|
Thanks for the review @rafaelweingartner @houthuis @remibergsma @rhtyd. I think this PR is ready for merge. |
|
@GabrielBrascher okay, I'll run regression tests on master later. Kindly use 'squash merge' in future and commits should include the JIRA id in their commit summary such as |
Issue: when dedicating a resource (cluster or host) to a domain, the affinity group which is created is visible to everyone rather than only to the domain that the cluster is dedicated to.
Cause: if a resource is not dedicated to an account but a domain, the account parameter is null. The code then uses the domain id from the system account, making the affinity group visible by all accounts.
Proposal: if the account is null, then it should use the domain id passed as a parameter, instead of the domain id from the system account.
Test scenario: a cluster is dedicated to a domain with id '3'. The affinity group domain map should have '3' as its domain id.
Before: id '8' links affinity group '11' to domain '1' (ROOT).
After: id '9' links affinity group '12' to domain '3'.