From: Marcus Granado Date: Mon, 23 Aug 2010 14:54:37 +0000 (+0100) Subject: CP-1807: do not allow assigning a VMPP to a Dom0 VM X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=06996fbaf1753eea7722c59f64985921e66c80d6;p=xcp%2Fxen-api.git CP-1807: do not allow assigning a VMPP to a Dom0 VM Signed-off-by: Marcus Granado --- diff --git a/ocaml/idl/datamodel.ml b/ocaml/idl/datamodel.ml index d971b738..335ec96c 100644 --- a/ocaml/idl/datamodel.ml +++ b/ocaml/idl/datamodel.ml @@ -1916,6 +1916,17 @@ let vm_copy_bios_strings = call ~allowed_roles:_R_VM_ADMIN () +let vm_set_protection_policy = call + ~name:"set_protection_policy" + ~in_oss_since:None + ~in_product_since:rel_orlando + ~doc:"Set the value of the protection_policy field" + ~params:[Ref _vm, "self", "The VM"; + Ref _vmpp, "value", "The value"] + ~flags:[`Session] + ~allowed_roles:_R_POOL_OP + () + (* ------------------------------------------------------------------------------------------------------------ Host Management ------------------------------------------------------------------------------------------------------------ *) @@ -5734,6 +5745,7 @@ let vm = vm_update_snapshot_metadata; vm_retrieve_wlb_recommendations; vm_copy_bios_strings; + vm_set_protection_policy; ] ~contents: ([ uid _vm; @@ -5795,7 +5807,7 @@ let vm = field ~writer_roles:_R_VM_POWER_ADMIN ~qualifier:DynamicRO ~in_product_since:rel_midnight_ride ~ty:(Set (Ref _vm)) "children" "List pointing to all the children of this VM"; field ~qualifier:DynamicRO ~in_product_since:rel_midnight_ride ~default_value:(Some (VMap [])) ~ty:(Map (String,String)) "bios_strings" "BIOS strings"; - field ~writer_roles:_R_VM_POWER_ADMIN ~qualifier:RW ~in_product_since:rel_cowley ~default_value:(Some (VRef (Ref.string_of Ref.null))) ~ty:(Ref _vmpp) "protection_policy" "Ref pointing to a protection policy for this VM"; + field ~writer_roles:_R_VM_POWER_ADMIN ~qualifier:StaticRO ~in_product_since:rel_cowley ~default_value:(Some (VRef (Ref.string_of Ref.null))) ~ty:(Ref _vmpp) "protection_policy" "Ref pointing to a protection policy for this VM"; field ~writer_roles:_R_POOL_OP ~qualifier:StaticRO ~in_product_since:rel_cowley ~default_value:(Some (VBool false)) ~ty:Bool "is_snapshot_from_vmpp" "true if this snapshot was created by the protection policy"; ]) () diff --git a/ocaml/xapi/message_forwarding.ml b/ocaml/xapi/message_forwarding.ml index 441a813d..ab11c713 100644 --- a/ocaml/xapi/message_forwarding.ml +++ b/ocaml/xapi/message_forwarding.ml @@ -1673,6 +1673,11 @@ module Forward = functor(Local: Custom_actions.CUSTOM_ACTIONS) -> struct let copy_bios_strings ~__context ~vm ~host = info "VM.copy_bios_strings: VM = '%s'; host = '%s'" (vm_uuid ~__context vm) (host_uuid ~__context host); Local.VM.copy_bios_strings ~__context ~vm ~host + + let set_protection_policy ~__context ~self ~value = + info "VM.set_protection_policy: self = '%s'; " (vm_uuid ~__context self); + Local.VM.set_protection_policy ~__context ~self ~value + end module VM_metrics = struct diff --git a/ocaml/xapi/xapi_vm.ml b/ocaml/xapi/xapi_vm.ml index 12b62454..89de584d 100644 --- a/ocaml/xapi/xapi_vm.ml +++ b/ocaml/xapi/xapi_vm.ml @@ -1196,3 +1196,11 @@ let copy_bios_strings ~__context ~vm ~host = Db.VM.set_affinity ~__context ~self:vm ~value:host end +let set_protection_policy ~__context ~self ~value = + if Db.VM.get_is_control_domain ~__context ~self + then ( (* do not assign vmpps to the dom0 vm of any host in the pool *) + raise (Api_errors.Server_error(Api_errors.invalid_value, [Ref.string_of value])) + ) + else ( + Db.VM.set_protection_policy ~__context ~self ~value + ) diff --git a/ocaml/xapi/xapi_vm.mli b/ocaml/xapi/xapi_vm.mli index 243e691c..f7b62934 100644 --- a/ocaml/xapi/xapi_vm.mli +++ b/ocaml/xapi/xapi_vm.mli @@ -260,3 +260,4 @@ val copy_bios_strings : (** Copy the BIOS strings from a host to the VM, unless the VM's BIOS strings * had already been set. *) +val set_protection_policy : __context:Context.t -> self:API.ref_VM -> value:API.ref_VMPP -> unit