Skip to content

A
ansible
Commit fc3020c5 by Rene Moser
Options

cloudstack: prevent getting the wrong project. 

Since we use domain and account data to filter the project, listall is not needed and can return the wrong identical named project of another account if root admin permissions are used.

Fixed projects names are not case insensitive.
parent 8e3213a9
Showing with 4 additions and 4 deletions
lib/ansible/module_utils/cloudstack.py
...@@ -124,13 +124,12 @@ class AnsibleCloudStack: ...@@ -124,13 +124,12 @@ class AnsibleCloudStack:
if not project: if not project:
return None return None
args = {} args = {}
args['listall'] = True
args['account'] = self.get_account(key='name') args['account'] = self.get_account(key='name')
args['domainid'] = self.get_domain(key='id') args['domainid'] = self.get_domain(key='id')
projects = self.cs.listProjects(**args) projects = self.cs.listProjects(**args)
if projects: if projects:
for p in projects['project']: for p in projects['project']:
if project in [ p['name'], p['displaytext'], p['id'] ]: if project.lower() in [ p['name'].lower(), p['id'] ]:
self.project = p self.project = p
return self._get_by_key(key, self.project) return self._get_by_key(key, self.project)
self.module.fail_json(msg="project '%s' not found" % project) self.module.fail_json(msg="project '%s' not found" % project)
...@@ -361,6 +360,7 @@ class AnsibleCloudStack: ...@@ -361,6 +360,7 @@ class AnsibleCloudStack:
self.capabilities = capabilities['capability'] self.capabilities = capabilities['capability']
return self._get_by_key(key, self.capabilities) return self._get_by_key(key, self.capabilities)
# TODO: rename to poll_job() # TODO: rename to poll_job()
def _poll_job(self, job=None, key=None): def _poll_job(self, job=None, key=None):
if 'jobid' in job: if 'jobid' in job:
......
v1/ansible/module_utils/cloudstack.py
...@@ -122,13 +122,12 @@ class AnsibleCloudStack: ...@@ -122,13 +122,12 @@ class AnsibleCloudStack:
if not project: if not project:
return None return None
args = {} args = {}
args['listall'] = True
args['account'] = self.get_account(key='name') args['account'] = self.get_account(key='name')
args['domainid'] = self.get_domain(key='id') args['domainid'] = self.get_domain(key='id')
projects = self.cs.listProjects(**args) projects = self.cs.listProjects(**args)
if projects: if projects:
for p in projects['project']: for p in projects['project']:
if project in [ p['name'], p['displaytext'], p['id'] ]: if project.lower() in [ p['name'].lower(), p['id'] ]:
self.project = p self.project = p
return self._get_by_key(key, self.project) return self._get_by_key(key, self.project)
self.module.fail_json(msg="project '%s' not found" % project) self.module.fail_json(msg="project '%s' not found" % project)
...@@ -359,6 +358,7 @@ class AnsibleCloudStack: ...@@ -359,6 +358,7 @@ class AnsibleCloudStack:
self.capabilities = capabilities['capability'] self.capabilities = capabilities['capability']
return self._get_by_key(key, self.capabilities) return self._get_by_key(key, self.capabilities)
# TODO: rename to poll_job() # TODO: rename to poll_job()
def _poll_job(self, job=None, key=None): def _poll_job(self, job=None, key=None):
if 'jobid' in job: if 'jobid' in job:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment