Hello Emily Zhang,
I'd like you to do a code review. Please visit
http://gerrit.ovirt.org/16595
to review the following change.
Change subject: tools:Trusted Compute Pools - Open Attestation integration with
oVirt engine proposal
......................................................................
tools:Trusted Compute Pools - Open Attestation integration with oVirt engine
proposal
Detailed description: http://wiki.ovirt.org/Trusted_compute_pools
Edit a vm from a trusted/untrusted one to a untrusted/trusted one, then make an
audit event.
Change-Id: I477f0c76a011473ed0802b8e4a23738e34e52e18
Signed-off-by: Gang Wei <[email protected]>
Signed-off-by: Emily Zhang <[email protected]>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UpdateVmCommand.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
M
backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
M
backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
4 files changed, 19 insertions(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/95/16595/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UpdateVmCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UpdateVmCommand.java
index 3d244a9..ab13406 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UpdateVmCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UpdateVmCommand.java
@@ -47,7 +47,7 @@
import
org.ovirt.engine.core.utils.customprop.VmPropertiesUtils.VMCustomProperties;
import org.ovirt.engine.core.utils.linq.LinqUtils;
import org.ovirt.engine.core.utils.linq.Predicate;
-
+import org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector;
@LockIdNameAttribute
public class UpdateVmCommand<T extends VmManagementParametersBase> extends
VmManagementCommandBase<T>
@@ -86,9 +86,21 @@
updateVmPayload();
VmDeviceUtils.updateVmDevices(getParameters(), oldVm);
updateWatchdog();
+ checkTrustedService();
setSucceeded(true);
}
+ private void checkTrustedService() {
+ AuditLogableBase logable = new AuditLogableBase();
+ logable.addCustomValue("VmName", getVmName());
+ if (getParameters().getVm().isTrustedService() &&
!getVdsGroup().supportsTrustedService()) {
+ AuditLogDirector.log(logable,
AuditLogType.USER_UPDATE_VM_FROM_TRUSTED_TO_UNTRUSTED);
+ }
+ else if (!getParameters().getVm().isTrustedService() &&
getVdsGroup().supportsTrustedService()) {
+ AuditLogDirector.log(logable,
AuditLogType.USER_UPDATE_VM_FROM_UNTRUSTED_TO_TRUSTED);
+ }
+ }
+
private void updateWatchdog() {
// do not update if this flag is not set
if (getParameters().isUpdateWatchdog()) {
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
index f6d659f..36518ea 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
@@ -184,6 +184,8 @@
USER_RUN_UNLOCK_ENTITY_SCRIPT(2024),
USER_MOVE_IMAGE_GROUP_FAILED_TO_DELETE_SRC_IMAGE(2025),
USER_MOVE_IMAGE_GROUP_FAILED_TO_DELETE_DST_IMAGE(2026),
+ USER_UPDATE_VM_FROM_TRUSTED_TO_UNTRUSTED(2031),
+ USER_UPDATE_VM_FROM_UNTRUSTED_TO_TRUSTED(2032),
// Quota audit logs
USER_ADD_QUOTA(3000),
diff --git
a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
index dd8b31f..81c5d3d 100644
---
a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
+++
b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
@@ -614,6 +614,8 @@
severities.put(AuditLogType.HA_VM_RESTART_FAILED,
AuditLogSeverity.ERROR);
severities.put(AuditLogType.USER_FAILED_ATTACH_DISK_TO_VM,
AuditLogSeverity.ERROR);
severities.put(AuditLogType.WATCHDOG_EVENT, AuditLogSeverity.WARNING);
+ severities.put(AuditLogType.USER_UPDATE_VM_FROM_TRUSTED_TO_UNTRUSTED,
AuditLogSeverity.NORMAL);
+ severities.put(AuditLogType.USER_UPDATE_VM_FROM_UNTRUSTED_TO_TRUSTED,
AuditLogSeverity.NORMAL);
}
private static void initClusterSeverities() {
diff --git
a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
index 3b6fb11..7e3ff0b 100644
---
a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
+++
b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
@@ -22,6 +22,8 @@
USER_ADD_VM_TEMPLATE=Creation of Template ${VmTemplateName} from VM ${VmName}
was initiated by ${UserName}.
USER_ADD_VM_TEMPLATE_FINISHED_SUCCESS=Creation of Template ${VmTemplateName}
from VM ${VmName} has been completed.
USER_ADD_VM_TEMPLATE_FINISHED_FAILURE=Failed to complete creation of Template
${VmTemplateName} from VM ${VmName}.
+USER_UPDATE_VM_FROM_TRUSTED_TO_UNTRUSTED=the Vm ${VmName} was updated from
trusted cluster to non-trusted cluster.
+USER_UPDATE_VM_FROM_UNTRUSTED_TO_TRUSTED=the Vm ${VmName} was updated from
non-trusted cluster to trusted cluster.
USER_ADD_VM_TO_POOL=VM ${VmName} was added to VM Pool ${VmPoolName} by
${UserName}.
USER_ADD_VM_TO_POOL_FAILED=Failed to add VM ${VmName} to VM Pool
${VmPoolName}(User: ${UserName}).
USER_ATTACH_USER_TO_POOL=User ${AdUserName} was attached to VM Pool
${VmPoolName} by ${UserName}.
--
To view, visit http://gerrit.ovirt.org/16595
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I477f0c76a011473ed0802b8e4a23738e34e52e18
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Gang Wei <[email protected]>
Gerrit-Reviewer: Emily Zhang <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
