bernardodemarco commented on code in PR #11616:
URL: https://github.com/apache/cloudstack/pull/11616#discussion_r2380482333
##########
server/src/main/java/com/cloud/vm/snapshot/VMSnapshotManagerImpl.java:
##########
@@ -399,7 +399,7 @@ public VMSnapshot allocVMSnapshot(Long vmId, String
vsDisplayName, String vsDesc
_accountMgr.checkAccess(caller, null, true, userVmVo);
// check max snapshot limit for per VM
- int vmSnapshotMax = VMSnapshotManager.VMSnapshotMax.value();
+ int vmSnapshotMax =
VMSnapshotManager.VMSnapshotMax.valueIn(userVmVo.getAccountId());
Review Comment:
@harikrishna-patnala, that sounds ok for me. My only concern is a scenario
like the following:
| Account | `vmsnapshot.max` value |
| ------------ | ----------------------------------- |
| `account-a` | `2` |
| `account-b` | `6` |
| `vmsnapshot.max` global value |
| ---------------------------------------------- |
| `1` |
And, let's say that `account-a` and `account-b` belong to the same project,
with a VM deployed in it.
Considering the current implementation, each project's VM will have, at
maximum, `1` VM snapshot (global value).
If we consider the caller's configuration value, `account-a` would be
allowed to create the first and second snapshots for a given VM. When trying to
create the third, an error message will be raised.
However, `account-b` will be able to access the VM and create the third
snapshot for it. Wouldn't it be a little bit awkward if `account-a` notices
that the VM has more than 2 snapshots?
And, do you guys think that we should always consider the caller account? Or
should we only consider it when the VM belongs to a project?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
