apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

iam/plugin: Rename Acl to IAM everywhere

Browse Source
This commit is contained in:
Prachi Damle 2014-02-24 16:59:27 -08:00
parent b2ba6c05b4
commit 187f9cd0a2
56 changed files with 1095 additions and 1088 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
api/src/com/cloud/event/EventTypes.java
View File

@ -455,17 +455,17 @@ public class EventTypes {
public static final String EVENT_UCS_ASSOCIATED_PROFILE = "UCS.ASSOCIATEPROFILE";
public static final String EVENT_ACL_POLICY_CREATE = "ACLPOLICY.CREATE";
public static final String EVENT_ACL_POLICY_DELETE = "ACLPOLICY.DELETE";
public static final String EVENT_ACL_POLICY_GRANT = "ACLPOLICY.GRANT";
public static final String EVENT_ACL_POLICY_REVOKE = "ACLPOLICY.REVOKE";
public static final String EVENT_IAM_POLICY_CREATE = "IAMPOLICY.CREATE";
public static final String EVENT_IAM_POLICY_DELETE = "IAMPOLICY.DELETE";
public static final String EVENT_IAM_POLICY_GRANT = "IAMPOLICY.GRANT";
public static final String EVENT_IAM_POLICY_REVOKE = "IAMPOLICY.REVOKE";
public static final String EVENT_ACL_GROUP_UPDATE = "ACLGROUP.UPDATE";
public static final String EVENT_ACL_GROUP_CREATE = "ACLGROUP.CREATE";
public static final String EVENT_ACL_GROUP_DELETE = "ACLGROUP.DELETE";
public static final String EVENT_ACL_GROUP_GRANT = "ACLGROUP.GRANT";
public static final String EVENT_ACL_GROUP_REVOKE = "ACLGROUP.REVOKE";
public static final String EVENT_ACL_ACCOUNT_POLICY_UPDATE = "ACLACCOUNTPOLICY.UPDATE";
public static final String EVENT_IAM_GROUP_UPDATE = "IAMGROUP.UPDATE";
public static final String EVENT_IAM_GROUP_CREATE = "IAMGROUP.CREATE";
public static final String EVENT_IAM_GROUP_DELETE = "IAMGROUP.DELETE";
public static final String EVENT_IAM_GROUP_GRANT = "IAMGROUP.GRANT";
public static final String EVENT_IAM_GROUP_REVOKE = "IAMGROUP.REVOKE";
public static final String EVENT_IAM_ACCOUNT_POLICY_UPDATE = "IAMACCOUNTPOLICY.UPDATE";
// Object store migration
public static final String EVENT_MIGRATE_PREPARE_SECONDARY_STORAGE = "MIGRATE.PREPARE.SS";

4
api/src/org/apache/cloudstack/api/ApiCommandJobType.java
View File

@ -50,6 +50,6 @@ public enum ApiCommandJobType {
AffinityGroup,
InternalLbVm,
DedicatedGuestVlanRange,
AclPolicy,
AclGroup
IAMPolicy,
IAMGroup
}

26
api/src/org/apache/cloudstack/api/ApiConstants.java
View File

@ -543,19 +543,19 @@ public class ApiConstants {
public static final String ROUTING = "isrouting";
public static final String MAX_CONNECTIONS = "maxconnections";
public static final String SERVICE_STATE = "servicestate";
public static final String ACL_ACCOUNT_IDS = "accountids";
public static final String ACL_MEMBER_ACCOUNTS = "memberaccounts";
public static final String ACL_PARENT_POLICY_ID = "parentpolicyid";
public static final String ACL_PARENT_POLICY_NAME = "parentpolicyname";
public static final String ACL_POLICY_IDS = "policyids";
public static final String ACL_POLICIES = "policies";
public static final String ACL_APIS = "apis";
public static final String ACL_GROUPS = "groups";
public static final String ACL_PERMISSIONS = "permission";
public static final String ACL_ACTION = "action";
public static final String ACL_SCOPE = "scope";
public static final String ACL_SCOPE_ID = "scopeid";
public static final String ACL_ALLOW_DENY = "permission";
public static final String IAM_ACCOUNT_IDS = "accountids";
public static final String IAM_MEMBER_ACCOUNTS = "memberaccounts";
public static final String IAM_PARENT_POLICY_ID = "parentpolicyid";
public static final String IAM_PARENT_POLICY_NAME = "parentpolicyname";
public static final String IAM_POLICY_IDS = "policyids";
public static final String IAM_POLICIES = "policies";
public static final String IAM_APIS = "apis";
public static final String IAM_GROUPS = "groups";
public static final String IAM_PERMISSIONS = "permission";
public static final String IAM_ACTION = "action";
public static final String IAM_SCOPE = "scope";
public static final String IAM_SCOPE_ID = "scopeid";
public static final String IAM_ALLOW_DENY = "permission";
public static final String ENTITY_TYPE = "entitytype";
public static final String ENTITY_ID = "entityid";
public static final String ACCESS_TYPE = "accesstype";

2
api/src/org/apache/cloudstack/api/response/AccountResponse.java
View File

@ -239,7 +239,7 @@ public class AccountResponse extends BaseResponse implements ResourceLimitAndCou
@Param(description = "true if account is default, false otherwise", since = "4.2.0")
private Boolean isDefault;
@SerializedName(ApiConstants.ACL_GROUPS)
@SerializedName(ApiConstants.IAM_GROUPS)
@Param(description = "the list of acl groups that account belongs to")
private List<String> groups;

4
server/src/com/cloud/template/TemplateManagerImpl.java
View File

@ -1273,7 +1273,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
permit.put(ApiConstants.ENTITY_TYPE, IAMEntityType.VirtualMachineTemplate.toString());
permit.put(ApiConstants.ENTITY_ID, id);
permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry);
permit.put(ApiConstants.ACL_ACTION, "listTemplates");
permit.put(ApiConstants.IAM_ACTION, "listTemplates");
permit.put(ApiConstants.ACCOUNTS, accountIds);
_messageBus.publish(_name, EntityManager.MESSAGE_GRANT_ENTITY_EVENT, PublishScope.LOCAL, permit);
} else if ("remove".equalsIgnoreCase(operation)) {
@ -1290,7 +1290,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
permit.put(ApiConstants.ENTITY_TYPE, IAMEntityType.VirtualMachineTemplate.toString());
permit.put(ApiConstants.ENTITY_ID, id);
permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry);
permit.put(ApiConstants.ACL_ACTION, "listTemplates");
permit.put(ApiConstants.IAM_ACTION, "listTemplates");
permit.put(ApiConstants.ACCOUNTS, accountIds);
_messageBus.publish(_name, EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, PublishScope.LOCAL, permit);
} else if ("reset".equalsIgnoreCase(operation)) {

8
services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml → services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
View File

@ -27,9 +27,9 @@
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
>
<bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.acl.RoleBasedAPIAccessChecker" />
<bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.acl.RoleBasedEntityAccessChecker" />
<bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.acl.RoleBasedEntityQuerySelector" />
<bean id="AclApiServiceImpl" class="org.apache.cloudstack.acl.api.AclApiServiceImpl" />
<bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.iam.RoleBasedAPIAccessChecker" />
<bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.iam.RoleBasedEntityAccessChecker" />
<bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.iam.RoleBasedEntityQuerySelector" />
<bean id="AclApiServiceImpl" class="org.apache.cloudstack.iam.AclApiServiceImpl" />
</beans>

36
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java
View File

@ -22,7 +22,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@ -32,9 +32,9 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.iam.AclGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.IAMGroup;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@ -42,13 +42,13 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "addAccountToAclGroup", description = "add account to an acl group", responseObject = AclGroupResponse.class)
public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName());
private static final String s_name = "addaccounttoaclgroupresponse";
@APICommand(name = "addAccountToIAMGroup", description = "add account to an iam group", responseObject = IAMGroupResponse.class)
public class AddAccountToIAMGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AddAccountToIAMGroupCmd.class.getName());
private static final String s_name = "addaccounttoiamgroupresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -56,12 +56,12 @@ public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
required = true, description = "The ID of the acl group")
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
required = true, description = "The ID of the iam group")
private Long id;
@ACL
@Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
@Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the iam group.")
private List<Long> accountIdList;
@ -98,30 +98,30 @@ public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl group Id: " + getId());
AclGroup result = _aclApiSrv.addAccountsToGroup(accountIdList, id);
CallContext.current().setEventDetails("IAM group Id: " + getId());
IAMGroup result = _iamApiSrv.addAccountsToGroup(accountIdList, id);
if (result != null){
AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to acl group");
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to iam group");
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_GROUP_UPDATE;
return EventTypes.EVENT_IAM_GROUP_UPDATE;
}
@Override
public String getEventDescription() {
return "adding accounts to acl group";
return "adding accounts to iam group";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
return ApiCommandJobType.IAMGroup;
}
}

45
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
View File

@ -21,7 +21,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@ -30,10 +30,10 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@ -41,13 +41,13 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "addAclPermissionToAclPolicy", description = "Add Acl permission to an acl policy", responseObject = AclPolicyResponse.class)
public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName());
private static final String s_name = "addaclpermissiontoaclpolicyresponse";
@APICommand(name = "addIAMPermissionToIAMPolicy", description = "Add IAM permission to an iam policy", responseObject = IAMPolicyResponse.class)
public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AddIAMPermissionToIAMPolicyCmd.class.getName());
private static final String s_name = "addiampermissiontoiampolicyresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -55,21 +55,21 @@ public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
required = true, description = "The ID of the acl policy")
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMPolicyResponse.class,
required = true, description = "The ID of the iam policy")
private Long id;
@Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
@Parameter(name = ApiConstants.IAM_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
private String action;
@Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
private String entityType;
@Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
required = false, description = "acl permission scope")
@Parameter(name = ApiConstants.IAM_SCOPE, type = CommandType.STRING,
required = false, description = "iam permission scope")
private String scope;
@Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
@Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
private Long scopeId;
@ -120,32 +120,33 @@ public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl policy Id: " + getId());
CallContext.current().setEventDetails("IAM policy Id: " + getId());
// Only explicit ALLOW is supported for this release, no explicit deny
AclPolicy result = _aclApiSrv.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope),
IAMPolicy result = _iamApiSrv.addIAMPermissionToIAMPolicy(id, entityType, PermissionScope.valueOf(scope),
scopeId, action, Permission.Allow, false);
if (result != null) {
AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl policy " + getId());
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to iam policy "
+ getId());
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_POLICY_GRANT;
return EventTypes.EVENT_IAM_POLICY_GRANT;
}
@Override
public String getEventDescription() {
return "granting permission to acl policy";
return "granting permission to iam policy";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclPolicy;
return ApiCommandJobType.IAMPolicy;
}
}

26
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java
View File

@ -22,7 +22,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@ -32,7 +32,7 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.SuccessResponse;
import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
@ -41,13 +41,13 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "attachAclPolicyToAccount", description = "attach acl policy to accounts", responseObject = SuccessResponse.class)
public class AttachAclPolicyToAccountCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAccountCmd.class.getName());
private static final String s_name = "attachaclpolicytoaccountresponse";
@APICommand(name = "attachIAMPolicyToAccount", description = "attach iam policy to accounts", responseObject = SuccessResponse.class)
public class AttachIAMPolicyToAccountCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AttachIAMPolicyToAccountCmd.class.getName());
private static final String s_name = "attachiampolicytoaccountresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -55,8 +55,8 @@ public class AttachAclPolicyToAccountCmd extends BaseAsyncCmd {
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
required = true, description = "The ID of the acl policy")
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMPolicyResponse.class,
required = true, description = "The ID of the iam policy")
private Long id;
@ACL
@ -97,8 +97,8 @@ public class AttachAclPolicyToAccountCmd extends BaseAsyncCmd {
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl policy Id: " + getId());
_aclApiSrv.attachAclPolicyToAccounts(id, accountIdList);
CallContext.current().setEventDetails("IAM policy Id: " + getId());
_iamApiSrv.attachIAMPolicyToAccounts(id, accountIdList);
SuccessResponse response = new SuccessResponse();
response.setResponseName(getCommandName());
setResponseObject(response);
@ -106,12 +106,12 @@ public class AttachAclPolicyToAccountCmd extends BaseAsyncCmd {
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
return EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE;
}
@Override
public String getEventDescription() {
return "adding acl policy to accounts";
return "adding IAM policy to accounts";
}
@Override

38
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java
View File

@ -22,7 +22,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@ -31,10 +31,10 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.iam.AclGroupResponse;
import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.IAMGroup;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@ -42,13 +42,13 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "attachAclPolicyToAclGroup", description = "attach acl policy to an acl group", responseObject = AclGroupResponse.class)
public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName());
private static final String s_name = "attachaclpolicytoaclgroupresponse";
@APICommand(name = "attachIAMPolicyToIAMGroup", description = "attach iam policy to an iam group", responseObject = IAMGroupResponse.class)
public class AttachIAMPolicyToIAMGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AttachIAMPolicyToIAMGroupCmd.class.getName());
private static final String s_name = "attachiampolicytoiamgroupresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -56,12 +56,12 @@ public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
required = true, description = "The ID of the acl group")
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
required = true, description = "The ID of the iam group")
private Long id;
@ACL
@Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
@Parameter(name = ApiConstants.IAM_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = IAMPolicyResponse.class, description = "comma separated list of iam policy id that are going to be applied to the iam group.")
private List<Long> policyIdList;
@ -98,30 +98,30 @@ public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl group Id: " + getId());
AclGroup result = _aclApiSrv.attachAclPoliciesToGroup(policyIdList, id);
CallContext.current().setEventDetails("IAM group Id: " + getId());
IAMGroup result = _iamApiSrv.attachIAMPoliciesToGroup(policyIdList, id);
if (result != null){
AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to iam group");
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_GROUP_UPDATE;
return EventTypes.EVENT_IAM_GROUP_UPDATE;
}
@Override
public String getEventDescription() {
return "adding acl roles to acl group";
return "adding iam roles to iam group";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
return ApiCommandJobType.IAMGroup;
}
}

44
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java
View File

@ -20,7 +20,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@ -29,37 +29,37 @@ import org.apache.cloudstack.api.BaseAsyncCreateCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.DomainResponse;
import org.apache.cloudstack.api.response.iam.AclGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.IAMGroup;
import com.cloud.event.EventTypes;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.user.Account;
@APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group")
public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAclGroupCmd.class.getName());
@APICommand(name = "createIAMGroup", responseObject = IAMGroupResponse.class, description = "Creates an IAM group")
public class CreateIAMGroupCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateIAMGroupCmd.class.getName());
private static final String s_name = "createaclgroupresponse";
private static final String s_name = "createiamgroupresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
// ///////////////////////////////////////////////////
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
@Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl group. Must be used with domainId.")
@Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the iam group. Must be used with domainId.")
private String accountName;
@Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl group", entityType = DomainResponse.class)
@Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the iam group", entityType = DomainResponse.class)
private Long domainId;
@Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl group")
@Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the iam group")
private String description;
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the iam group")
private String name;
@ -117,52 +117,52 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
@Override
public void execute() {
AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId());
IAMGroup grp = _entityMgr.findById(IAMGroup.class, getEntityId());
if (grp != null) {
AclGroupResponse response = _aclApiSrv.createAclGroupResponse(grp);
IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(grp);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group:" + name);
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam group:" + name);
}
}
@Override
public void create() throws ResourceAllocationException {
Account account = CallContext.current().getCallingAccount();
AclGroup result = _aclApiSrv.createAclGroup(account, name, description);
IAMGroup result = _iamApiSrv.createIAMGroup(account, name, description);
if (result != null) {
setEntityId(result.getId());
setEntityUuid(result.getUuid());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group entity" + name);
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam group entity" + name);
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_GROUP_CREATE;
return EventTypes.EVENT_IAM_GROUP_CREATE;
}
@Override
public String getEventDescription() {
return "creating Acl group";
return "creating IAM group";
}
@Override
public String getCreateEventType() {
return EventTypes.EVENT_ACL_GROUP_CREATE;
return EventTypes.EVENT_IAM_GROUP_CREATE;
}
@Override
public String getCreateEventDescription() {
return "creating acl group";
return "creating IAM group";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
return ApiCommandJobType.IAMGroup;
}
}

46
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMPolicyCmd.java
View File

@ -20,7 +20,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@ -30,41 +30,41 @@ import org.apache.cloudstack.api.BaseAsyncCreateCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.DomainResponse;
import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.IAMPolicy;
import com.cloud.event.EventTypes;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.user.Account;
@APICommand(name = "createAclPolicy", responseObject = AclPolicyResponse.class, description = "Creates an acl policy")
public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAclPolicyCmd.class.getName());
@APICommand(name = "createIAMPolicy", responseObject = IAMPolicyResponse.class, description = "Creates an iam policy")
public class CreateIAMPolicyCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateIAMPolicyCmd.class.getName());
private static final String s_name = "createaclpolicyresponse";
private static final String s_name = "createiampolicyresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
// ///////////////////////////////////////////////////
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
@Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl policy. Must be used with domainId.")
@Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the iam policy. Must be used with domainId.")
private String accountName;
@Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl policy", entityType = DomainResponse.class)
@Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the iam policy", entityType = DomainResponse.class)
private Long domainId;
@Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl policy")
@Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the iam policy")
private String description;
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl policy")
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the iam policy")
private String name;
@ACL
@Parameter(name = ApiConstants.ACL_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent acl policy.", entityType = AclPolicyResponse.class)
@Parameter(name = ApiConstants.IAM_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent iam policy.", entityType = IAMPolicyResponse.class)
private Long parentPolicyId;
@ -124,52 +124,52 @@ public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
@Override
public void execute() {
AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId());
IAMPolicy policy = _entityMgr.findById(IAMPolicy.class, getEntityId());
if (policy != null) {
AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(policy);
IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(policy);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy:" + name);
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam policy:" + name);
}
}
@Override
public void create() throws ResourceAllocationException {
Account account = CallContext.current().getCallingAccount();
AclPolicy result = _aclApiSrv.createAclPolicy(account, name, description, parentPolicyId);
IAMPolicy result = _iamApiSrv.createIAMPolicy(account, name, description, parentPolicyId);
if (result != null) {
setEntityId(result.getId());
setEntityUuid(result.getUuid());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy entity" + name);
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam policy entity" + name);
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_POLICY_CREATE;
return EventTypes.EVENT_IAM_POLICY_CREATE;
}
@Override
public String getEventDescription() {
return "creating Acl policy";
return "creating IAM policy";
}
@Override
public String getCreateEventType() {
return EventTypes.EVENT_ACL_POLICY_CREATE;
return EventTypes.EVENT_IAM_POLICY_CREATE;
}
@Override
public String getCreateEventDescription() {
return "creating acl policy";
return "creating IAM policy";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclPolicy;
return ApiCommandJobType.IAMPolicy;
}
}

18
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java
View File

@ -20,7 +20,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@ -30,25 +30,25 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.SuccessResponse;
import org.apache.cloudstack.api.response.iam.AclGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
import com.cloud.event.EventTypes;
import com.cloud.user.Account;
@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
public class DeleteAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAclGroupCmd.class.getName());
public class DeleteIAMGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteIAMGroupCmd.class.getName());
private static final String s_name = "deleteaclgroupresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _aclApiSrv;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = AclGroupResponse.class)
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = IAMGroupResponse.class)
private Long id;
@ -76,7 +76,7 @@ public class DeleteAclGroupCmd extends BaseAsyncCmd {
@Override
public void execute(){
boolean result = _aclApiSrv.deleteAclGroup(id);
boolean result = _aclApiSrv.deleteIAMGroup(id);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
setResponseObject(response);
@ -87,7 +87,7 @@ public class DeleteAclGroupCmd extends BaseAsyncCmd {
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_GROUP_DELETE;
return EventTypes.EVENT_IAM_GROUP_DELETE;
}
@Override
@ -97,6 +97,6 @@ public class DeleteAclGroupCmd extends BaseAsyncCmd {
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
return ApiCommandJobType.IAMGroup;
}
}

26
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMPolicyCmd.java
View File

@ -20,7 +20,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@ -30,25 +30,25 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.SuccessResponse;
import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import com.cloud.event.EventTypes;
import com.cloud.user.Account;
@APICommand(name = "deleteAclPolicy", description = "Deletes acl policy", responseObject = SuccessResponse.class)
public class DeleteAclPolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName());
private static final String s_name = "deleteaclpolicyresponse";
@APICommand(name = "deleteIAMPolicy", description = "Deletes iam policy", responseObject = SuccessResponse.class)
public class DeleteIAMPolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteIAMPolicyCmd.class.getName());
private static final String s_name = "deleteiampolicyresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl role.", required = true, entityType = AclPolicyResponse.class)
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the iam policy.", required = true, entityType = IAMPolicyResponse.class)
private Long id;
@ -76,27 +76,27 @@ public class DeleteAclPolicyCmd extends BaseAsyncCmd {
@Override
public void execute(){
boolean result = _aclApiSrv.deleteAclPolicy(id);
boolean result = _iamApiSrv.deleteIAMPolicy(id);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl policy");
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete iam policy");
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_POLICY_DELETE;
return EventTypes.EVENT_IAM_POLICY_DELETE;
}
@Override
public String getEventDescription() {
return "Deleting Acl role";
return "Deleting IAM policy";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclPolicy;
return ApiCommandJobType.IAMPolicy;
}
}

28
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMGroupsCmd.java
View File

@ -20,41 +20,41 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.iam.AclGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
@APICommand(name = "listAclGroups", description = "Lists acl groups", responseObject = AclGroupResponse.class)
public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAclGroupsCmd.class.getName());
@APICommand(name = "listIAMGroups", description = "Lists iam groups", responseObject = IAMGroupResponse.class)
public class ListIAMGroupsCmd extends BaseListDomainResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListIAMGroupsCmd.class.getName());
private static final String s_name = "listaclgroupsresponse";
private static final String s_name = "listiamgroupsresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl groups by name")
private String aclGroupName;
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists iam groups by name")
private String iamGroupName;
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl group by the id provided", entityType = AclGroupResponse.class)
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the iam group by the id provided", entityType = IAMGroupResponse.class)
private Long id;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public String getAclGroupName() {
return aclGroupName;
public String getIAMGroupName() {
return iamGroupName;
}
@ -74,7 +74,7 @@ public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
@Override
public void execute(){
ListResponse<AclGroupResponse> response = _aclApiSrv.listAclGroups(id, aclGroupName, getDomainId(),
ListResponse<IAMGroupResponse> response = _iamApiSrv.listIAMGroups(id, iamGroupName, getDomainId(),
getStartIndex(), getPageSizeVal());
response.setResponseName(getCommandName());
setResponseObject(response);
@ -83,6 +83,6 @@ public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
return ApiCommandJobType.IAMGroup;
}
}

28
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMPoliciesCmd.java
View File

@ -20,41 +20,41 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
@APICommand(name = "listAclPolicies", description = "Lists acl policies", responseObject = AclPolicyResponse.class)
public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAclPoliciesCmd.class.getName());
@APICommand(name = "listIAMPolicies", description = "Lists IAM policies", responseObject = IAMPolicyResponse.class)
public class ListIAMPoliciesCmd extends BaseListDomainResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListIAMPoliciesCmd.class.getName());
private static final String s_name = "listaclpoliciesresponse";
private static final String s_name = "listiampoliciesresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl policies by name")
private String aclPolicyName;
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists iam policies by name")
private String iamPolicyName;
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl policy by the id provided", entityType = AclPolicyResponse.class)
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the iam policy by the id provided", entityType = IAMPolicyResponse.class)
private Long id;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public String getAclPolicyName() {
return aclPolicyName;
public String getIAMPolicyName() {
return iamPolicyName;
}
@ -74,7 +74,7 @@ public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
@Override
public void execute(){
ListResponse<AclPolicyResponse> response = _aclApiSrv.listAclPolicies(id, aclPolicyName, getDomainId(),
ListResponse<IAMPolicyResponse> response = _iamApiSrv.listIAMPolicies(id, iamPolicyName, getDomainId(),
getStartIndex(), getPageSizeVal());
response.setResponseName(getCommandName());
setResponseObject(response);
@ -83,6 +83,6 @@ public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclPolicy;
return ApiCommandJobType.IAMPolicy;
}
}

36
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromIAMGroupCmd.java
View File

@ -22,7 +22,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@ -32,9 +32,9 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.iam.AclGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.IAMGroup;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@ -42,13 +42,13 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "removeAccountFromAclGroup", description = "remove accounts from an acl group", responseObject = AclGroupResponse.class)
public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveAccountFromAclGroupCmd.class.getName());
private static final String s_name = "removeaccountfromaclgroupresponse";
@APICommand(name = "removeAccountFromIAMGroup", description = "remove accounts from an iam group", responseObject = IAMGroupResponse.class)
public class RemoveAccountFromIAMGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveAccountFromIAMGroupCmd.class.getName());
private static final String s_name = "removeaccountfromiamgroupresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -56,12 +56,12 @@ public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
required = true, description = "The ID of the acl group")
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
required = true, description = "The ID of the iam group")
private Long id;
@ACL
@Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
@Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the iam group.")
private List<Long> accountIdList;
@ -98,30 +98,30 @@ public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl group Id: " + getId());
AclGroup result = _aclApiSrv.removeAccountsFromGroup(accountIdList, id);
CallContext.current().setEventDetails("IAM group Id: " + getId());
IAMGroup result = _iamApiSrv.removeAccountsFromGroup(accountIdList, id);
if (result != null){
AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from acl group");
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from iam group");
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_GROUP_UPDATE;
return EventTypes.EVENT_IAM_GROUP_UPDATE;
}
@Override
public String getEventDescription() {
return "removing accounts from acl group";
return "removing accounts from iam group";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
return ApiCommandJobType.IAMGroup;
}
}

42
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java
View File

@ -21,7 +21,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@ -30,9 +30,9 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.IAMPolicy;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@ -40,13 +40,13 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "removeAclPermissionFromAclPolicy", description = "Remove acl permission from an acl policy", responseObject = AclPolicyResponse.class)
public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName());
private static final String s_name = "removeaclpermissionfromaclpolicyresponse";
@APICommand(name = "removeIAMPermissionFromIAMPolicy", description = "Remove iam permission from an iam policy", responseObject = IAMPolicyResponse.class)
public class RemoveIAMPermissionFromIAMPolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveIAMPermissionFromIAMPolicyCmd.class.getName());
private static final String s_name = "removeiampermissionfromiampolicyresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -54,21 +54,21 @@ public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
required = true, description = "The ID of the acl policy")
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMPolicyResponse.class,
required = true, description = "The ID of the iam policy")
private Long id;
@Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
@Parameter(name = ApiConstants.IAM_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
private String action;
@Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
private String entityType;
@Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
required = false, description = "acl permission scope")
@Parameter(name = ApiConstants.IAM_SCOPE, type = CommandType.STRING,
required = false, description = "iam permission scope")
private String scope;
@Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
@Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
private Long scopeId;
@ -118,30 +118,30 @@ public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl policy Id: " + getId());
AclPolicy result = _aclApiSrv.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
CallContext.current().setEventDetails("IAM policy Id: " + getId());
IAMPolicy result = _iamApiSrv.removeIAMPermissionFromIAMPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
if (result != null) {
AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from acl policy " + getId());
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from iam policy " + getId());
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_POLICY_REVOKE;
return EventTypes.EVENT_IAM_POLICY_REVOKE;
}
@Override
public String getEventDescription() {
return "removing permission from acl policy";
return "removing permission from iam policy";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclPolicy;
return ApiCommandJobType.IAMPolicy;
}
}

30
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
View File

@ -22,7 +22,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@ -31,8 +31,8 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.SuccessResponse;
import org.apache.cloudstack.api.response.iam.AclGroupResponse;
import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
@ -41,13 +41,13 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "removeAclPolicyFromAccount", description = "remove acl policy from accounts", responseObject = SuccessResponse.class)
public class RemoveAclPolicyFromAccountCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAccountCmd.class.getName());
private static final String s_name = "removeaclpolicyfromaccountresponse";
@APICommand(name = "removeIAMPolicyFromAccount", description = "remove iam policy from accounts", responseObject = SuccessResponse.class)
public class RemoveIAMPolicyFromAccountCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveIAMPolicyFromAccountCmd.class.getName());
private static final String s_name = "removeiampolicyfromaccountresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -55,12 +55,12 @@ public class RemoveAclPolicyFromAccountCmd extends BaseAsyncCmd {
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
required = true, description = "The ID of the acl group")
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
required = true, description = "The ID of the iam group")
private Long id;
@ACL
@Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
@Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = IAMPolicyResponse.class, description = "comma separated list of iam policy id that are going to be applied to the iam group.")
private List<Long> accountIdList;
@ -97,8 +97,8 @@ public class RemoveAclPolicyFromAccountCmd extends BaseAsyncCmd {
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl policy Id: " + getId());
_aclApiSrv.removeAclPolicyFromAccounts(id, accountIdList);
CallContext.current().setEventDetails("IAM policy Id: " + getId());
_iamApiSrv.removeIAMPolicyFromAccounts(id, accountIdList);
SuccessResponse response = new SuccessResponse();
response.setResponseName(getCommandName());
setResponseObject(response);
@ -106,12 +106,12 @@ public class RemoveAclPolicyFromAccountCmd extends BaseAsyncCmd {
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
return EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE;
}
@Override
public String getEventDescription() {
return "removing acl policy from accounts";
return "removing iam policy from accounts";
}
@Override

38
services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java → services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromIAMGroupCmd.java
View File

@ -22,7 +22,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@ -31,10 +31,10 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.iam.AclGroupResponse;
import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.IAMGroup;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@ -42,13 +42,13 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "removeAclPolicyFromAclGroup", description = "remove acl policy from an acl group", responseObject = AclGroupResponse.class)
public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName());
private static final String s_name = "removeaclpolicyfromaclgroupresponse";
@APICommand(name = "removeIAMPolicyFromIAMGroup", description = "remove iam policy from an iam group", responseObject = IAMGroupResponse.class)
public class RemoveIAMPolicyFromIAMGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveIAMPolicyFromIAMGroupCmd.class.getName());
private static final String s_name = "removeiampolicyfromiamgroupresponse";
@Inject
public AclApiService _aclApiSrv;
public IAMApiService _iamApiSrv;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -56,12 +56,12 @@ public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
required = true, description = "The ID of the acl group")
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
required = true, description = "The ID of the iam group")
private Long id;
@ACL
@Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
@Parameter(name = ApiConstants.IAM_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = IAMPolicyResponse.class, description = "comma separated list of iam policy id that are going to be applied to the iam group.")
private List<Long> policyIdList;
@ -98,30 +98,30 @@ public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl group Id: " + getId());
AclGroup result = _aclApiSrv.removeAclPoliciesFromGroup(policyIdList, id);
CallContext.current().setEventDetails("IAM group Id: " + getId());
IAMGroup result = _iamApiSrv.removeIAMPoliciesFromGroup(policyIdList, id);
if (result != null){
AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to iam group");
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_GROUP_UPDATE;
return EventTypes.EVENT_IAM_GROUP_UPDATE;
}
@Override
public String getEventDescription() {
return "removing acl roles from acl group";
return "removing IAM roles from IAM group";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
return ApiCommandJobType.IAMGroup;
}
}

28
services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java → services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java
View File

@ -25,47 +25,47 @@ import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.api.EntityReference;
import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.IAMGroup;
import com.cloud.serializer.Param;
@SuppressWarnings("unused")
@EntityReference(value = AclGroup.class)
public class AclGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
@EntityReference(value = IAMGroup.class)
public class IAMGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
@SerializedName(ApiConstants.ID)
@Param(description = "the ID of the acl group")
@Param(description = "the ID of the iam group")
private String id;
@SerializedName(ApiConstants.NAME)
@Param(description = "the name of the acl group")
@Param(description = "the name of the iam group")
private String name;
@SerializedName(ApiConstants.DESCRIPTION)
@Param(description = "the description of the acl group")
@Param(description = "the description of the iam group")
private String description;
@SerializedName(ApiConstants.DOMAIN_ID)
@Param(description = "the domain ID of the acl group")
@Param(description = "the domain ID of the iam group")
private String domainId;
@SerializedName(ApiConstants.DOMAIN)
@Param(description = "the domain name of the acl role")
@Param(description = "the domain name of the iam role")
private String domainName;
@SerializedName(ApiConstants.ACCOUNT)
@Param(description = "the account owning the policy")
private String accountName;
@SerializedName(ApiConstants.ACL_MEMBER_ACCOUNTS)
@Param(description = "account names assigned to this acl group ")
@SerializedName(ApiConstants.IAM_MEMBER_ACCOUNTS)
@Param(description = "account names assigned to this iam group ")
private Set<String> accountNameList;
@SerializedName(ApiConstants.ACL_POLICIES)
@Param(description = "acl policies attached to this acl group ")
@SerializedName(ApiConstants.IAM_POLICIES)
@Param(description = "iam policies attached to this iam group ")
private Set<String> policyNameList;
public AclGroupResponse() {
public IAMGroupResponse() {
accountNameList = new LinkedHashSet<String>();
policyNameList = new LinkedHashSet<String>();
}
@ -181,7 +181,7 @@ public class AclGroupResponse extends BaseResponse implements ControlledViewEnti
return false;
if (getClass() != obj.getClass())
return false;
AclGroupResponse other = (AclGroupResponse)obj;
IAMGroupResponse other = (IAMGroupResponse)obj;
if (id == null) {
if (other.id != null)
return false;

20
services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java → services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
View File

@ -22,13 +22,13 @@ import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import com.cloud.serializer.Param;
public class AclPermissionResponse extends BaseResponse {
public class IAMPermissionResponse extends BaseResponse {
@SerializedName(ApiConstants.ACL_ACTION)
@SerializedName(ApiConstants.IAM_ACTION)
@Param(description = "action of this permission")
private String action;
@ -36,17 +36,17 @@ public class AclPermissionResponse extends BaseResponse {
@Param(description = "the entity type of this permission")
private IAMEntityType entityType;
@SerializedName(ApiConstants.ACL_SCOPE)
@SerializedName(ApiConstants.IAM_SCOPE)
@Param(description = "scope of this permission")
private PermissionScope scope;
@SerializedName(ApiConstants.ACL_SCOPE_ID)
@SerializedName(ApiConstants.IAM_SCOPE_ID)
@Param(description = "scope id of this permission")
private Long scopeId;
@SerializedName(ApiConstants.ACL_ALLOW_DENY)
@SerializedName(ApiConstants.IAM_ALLOW_DENY)
@Param(description = "allow or deny of this permission")
private AclPolicyPermission.Permission permission;
private IAMPolicyPermission.Permission permission;
public IAMEntityType getEntityType() {
return entityType;
@ -80,11 +80,11 @@ public class AclPermissionResponse extends BaseResponse {
this.scopeId = scopeId;
}
public AclPolicyPermission.Permission getPermission() {
public IAMPolicyPermission.Permission getPermission() {
return permission;
}
public void setPermission(AclPolicyPermission.Permission permission) {
public void setPermission(IAMPolicyPermission.Permission permission) {
this.permission = permission;
}
@ -107,7 +107,7 @@ public class AclPermissionResponse extends BaseResponse {
return false;
if (getClass() != obj.getClass())
return false;
AclPermissionResponse other = (AclPermissionResponse) obj;
IAMPermissionResponse other = (IAMPermissionResponse) obj;
if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
return false;
} else if ((action == null && other.action != null) || !action.equals(other.action)) {

34
services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java → services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java
View File

@ -25,44 +25,44 @@ import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.api.EntityReference;
import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.IAMPolicy;
import com.cloud.serializer.Param;
@SuppressWarnings("unused")
@EntityReference(value = AclPolicy.class)
public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
@EntityReference(value = IAMPolicy.class)
public class IAMPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
@SerializedName(ApiConstants.ID)
@Param(description = "the ID of the acl policy")
@Param(description = "the ID of the iam policy")
private String id;
@SerializedName(ApiConstants.NAME)
@Param(description = "the name of the acl policy")
@Param(description = "the name of the iam policy")
private String name;
@SerializedName(ApiConstants.DESCRIPTION)
@Param(description = "the description of the acl policy")
@Param(description = "the description of the iam policy")
private String description;
@SerializedName(ApiConstants.DOMAIN_ID)
@Param(description = "the domain ID of the acl policy")
@Param(description = "the domain ID of the iam policy")
private String domainId;
@SerializedName(ApiConstants.DOMAIN)
@Param(description = "the domain name of the acl policy")
@Param(description = "the domain name of the iam policy")
private String domainName;
@SerializedName(ApiConstants.ACCOUNT)
@Param(description = "the account owning the policy")
private String accountName;
@SerializedName(ApiConstants.ACL_PERMISSIONS)
@Param(description = "set of permissions for the acl policy")
private Set<AclPermissionResponse> permissionList;
@SerializedName(ApiConstants.IAM_PERMISSIONS)
@Param(description = "set of permissions for the iam policy")
private Set<IAMPermissionResponse> permissionList;
public AclPolicyResponse() {
permissionList = new LinkedHashSet<AclPermissionResponse>();
public IAMPolicyResponse() {
permissionList = new LinkedHashSet<IAMPermissionResponse>();
}
@Override
@ -98,15 +98,15 @@ public class AclPolicyResponse extends BaseResponse implements ControlledViewEnt
this.domainName = domainName;
}
public Set<AclPermissionResponse> getPermissionList() {
public Set<IAMPermissionResponse> getPermissionList() {
return permissionList;
}
public void setPermissionList(Set<AclPermissionResponse> perms) {
public void setPermissionList(Set<IAMPermissionResponse> perms) {
permissionList = perms;
}
public void addPermission(AclPermissionResponse perm) {
public void addPermission(IAMPermissionResponse perm) {
permissionList.add(perm);
}
@ -163,7 +163,7 @@ public class AclPolicyResponse extends BaseResponse implements ControlledViewEnt
return false;
if (getClass() != obj.getClass())
return false;
AclPolicyResponse other = (AclPolicyResponse) obj;
IAMPolicyResponse other = (IAMPolicyResponse) obj;
if (id == null) {
if (other.id != null)
return false;

54
services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java → services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
View File

@ -21,50 +21,50 @@ import java.util.List;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.iam.AclGroupResponse;
import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.iam.api.IAMGroup;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import com.cloud.user.Account;
import com.cloud.utils.component.PluggableService;
public interface AclApiService extends PluggableService {
public interface IAMApiService extends PluggableService {
/* ACL group related interfaces */
AclGroup createAclGroup(Account caller, String aclGroupName, String description);
IAMGroup createIAMGroup(Account caller, String iamGroupName, String description);
boolean deleteAclGroup(Long aclGroupId);
boolean deleteIAMGroup(Long iamGroupId);
List<AclGroup> listAclGroups(long accountId);
List<IAMGroup> listIAMGroups(long accountId);
AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
IAMGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
IAMGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
/* ACL Policy related interfaces */
AclPolicy createAclPolicy(Account caller, String aclPolicyName, String description, Long parentPolicyId);
/* IAM Policy related interfaces */
IAMPolicy createIAMPolicy(Account caller, String iamPolicyName, String description, Long parentPolicyId);
boolean deleteAclPolicy(long aclPolicyId);
boolean deleteIAMPolicy(long iamPolicyId);
List<AclPolicy> listAclPolicies(long accountId);
List<IAMPolicy> listIAMPolicies(long accountId);
AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
IAMGroup attachIAMPoliciesToGroup(List<Long> policyIds, Long groupId);
AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
IAMGroup removeIAMPoliciesFromGroup(List<Long> policyIds, Long groupId);
void attachAclPolicyToAccounts(Long policyId, List<Long> accountIds);
void attachIAMPolicyToAccounts(Long policyId, List<Long> accountIds);
void removeAclPolicyFromAccounts(Long policyId, List<Long> accountIds);
void removeIAMPolicyFromAccounts(Long policyId, List<Long> accountIds);
AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId,
IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId,
String action, Permission perm, Boolean recursive);
AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action);
/* Utility routine to grant/revoke invidivual resource to list of accounts */
void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
@ -72,13 +72,13 @@ public interface AclApiService extends PluggableService {
void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
/* Response Generation */
AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
IAMPolicyResponse createIAMPolicyResponse(IAMPolicy policy);
AclGroupResponse createAclGroupResponse(AclGroup group);
IAMGroupResponse createIAMGroupResponse(IAMGroup group);
ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
ListResponse<IAMGroupResponse> listIAMGroups(Long iamGroupId, String iamGroupName,
Long domainId, Long startIndex, Long pageSize);
ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
ListResponse<IAMPolicyResponse> listIAMPolicies(Long iamPolicyId, String iamPolicyName,
Long domainId, Long startIndex, Long pageSize);
}

250
services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java → services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
View File

@ -33,31 +33,31 @@ import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListCmd;
import org.apache.cloudstack.api.command.iam.AddAccountToAclGroupCmd;
import org.apache.cloudstack.api.command.iam.AddAclPermissionToAclPolicyCmd;
import org.apache.cloudstack.api.command.iam.AttachAclPolicyToAccountCmd;
import org.apache.cloudstack.api.command.iam.AttachAclPolicyToAclGroupCmd;
import org.apache.cloudstack.api.command.iam.CreateAclGroupCmd;
import org.apache.cloudstack.api.command.iam.CreateAclPolicyCmd;
import org.apache.cloudstack.api.command.iam.DeleteAclGroupCmd;
import org.apache.cloudstack.api.command.iam.DeleteAclPolicyCmd;
import org.apache.cloudstack.api.command.iam.ListAclGroupsCmd;
import org.apache.cloudstack.api.command.iam.ListAclPoliciesCmd;
import org.apache.cloudstack.api.command.iam.RemoveAccountFromAclGroupCmd;
import org.apache.cloudstack.api.command.iam.RemoveAclPermissionFromAclPolicyCmd;
import org.apache.cloudstack.api.command.iam.RemoveAclPolicyFromAccountCmd;
import org.apache.cloudstack.api.command.iam.RemoveAclPolicyFromAclGroupCmd;
import org.apache.cloudstack.api.command.iam.AddAccountToIAMGroupCmd;
import org.apache.cloudstack.api.command.iam.AddIAMPermissionToIAMPolicyCmd;
import org.apache.cloudstack.api.command.iam.AttachIAMPolicyToAccountCmd;
import org.apache.cloudstack.api.command.iam.AttachIAMPolicyToIAMGroupCmd;
import org.apache.cloudstack.api.command.iam.CreateIAMGroupCmd;
import org.apache.cloudstack.api.command.iam.CreateIAMPolicyCmd;
import org.apache.cloudstack.api.command.iam.DeleteIAMGroupCmd;
import org.apache.cloudstack.api.command.iam.DeleteIAMPolicyCmd;
import org.apache.cloudstack.api.command.iam.ListIAMGroupsCmd;
import org.apache.cloudstack.api.command.iam.ListIAMPoliciesCmd;
import org.apache.cloudstack.api.command.iam.RemoveAccountFromIAMGroupCmd;
import org.apache.cloudstack.api.command.iam.RemoveIAMPermissionFromIAMPolicyCmd;
import org.apache.cloudstack.api.command.iam.RemoveIAMPolicyFromAccountCmd;
import org.apache.cloudstack.api.command.iam.RemoveIAMPolicyFromIAMGroupCmd;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.iam.AclGroupResponse;
import org.apache.cloudstack.api.response.iam.AclPermissionResponse;
import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMPermissionResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.framework.messagebus.MessageBus;
import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMGroup;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.api.ApiServerService;
@ -79,10 +79,10 @@ import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.EntityManager;
@Local(value = {AclApiService.class})
public class AclApiServiceImpl extends ManagerBase implements AclApiService, Manager {
@Local(value = {IAMApiService.class})
public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Manager {
public static final Logger s_logger = Logger.getLogger(AclApiServiceImpl.class);
public static final Logger s_logger = Logger.getLogger(IAMApiServiceImpl.class);
private String _name;
@Inject
@ -113,16 +113,16 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
Long groupId = acctGroupMap.get(accountId);
s_logger.debug("MessageBus message: new Account Added: " + accountId + ", adding it to groupId :"
+ groupId);
addAccountToAclGroup(accountId, groupId);
addAccountToIAMGroup(accountId, groupId);
// add it to domain group too
AccountVO account = _accountDao.findById(accountId);
Domain domain = _domainDao.findById(account.getDomainId());
if (domain != null) {
List<AclGroup> domainGroups = listDomainGroup(domain);
List<IAMGroup> domainGroups = listDomainGroup(domain);
if (domainGroups != null) {
for (AclGroup group : domainGroups) {
addAccountToAclGroup(accountId, new Long(group.getId()));
for (IAMGroup group : domainGroups) {
addAccountToIAMGroup(accountId, new Long(group.getId()));
}
}
}
@ -137,7 +137,7 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
if (accountId != null) {
s_logger.debug("MessageBus message: Account removed: " + accountId
+ ", releasing the group associations");
removeAccountFromAclGroups(accountId);
removeAccountFromIAMGroups(accountId);
}
}
});
@ -161,8 +161,8 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
if (domainId != null) {
s_logger.debug("MessageBus message: Domain removed: " + domainId + ", removing the domain group");
Domain domain = _domainDao.findById(domainId);
List<AclGroup> groups = listDomainGroup(domain);
for (AclGroup group : groups) {
List<IAMGroup> groups = listDomainGroup(domain);
for (IAMGroup group : groups) {
_iamSrv.deleteAclGroup(group.getId());
}
}
@ -216,7 +216,7 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
String action = (String)permit.get(ApiConstants.ACL_ACTION);
String action = (String)permit.get(ApiConstants.IAM_ACTION);
List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
s_logger.debug("MessageBus message: grant accounts permission to an entity: (" + entityType + "," + entityId + ")");
grantEntityPermissioinToAccounts(entityType, entityId, accessType, action, acctIds);
@ -232,7 +232,7 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
String action = (String)permit.get(ApiConstants.ACL_ACTION);
String action = (String)permit.get(ApiConstants.IAM_ACTION);
List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
s_logger.debug("MessageBus message: revoke from accounts permission to an entity: (" + entityType + "," + entityId + ")");
revokeEntityPermissioinFromAccounts(entityType, entityId, accessType, action, acctIds);
@ -275,15 +275,15 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
Domain domain = _domainDao.findById(domainId);
if (domain != null) {
AclPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
IAMPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
_iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
entityId, action, accessType.toString(), Permission.Allow, recursive);
List<Long> policyList = new ArrayList<Long>();
policyList.add(new Long(policy.getId()));
List<AclGroup> domainGroups = listDomainGroup(domain);
List<IAMGroup> domainGroups = listDomainGroup(domain);
if (domainGroups != null) {
for (AclGroup group : domainGroups) {
for (IAMGroup group : domainGroups) {
_iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
}
}
@ -292,49 +292,49 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
public AclGroup createAclGroup(Account caller, String aclGroupName, String description) {
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
public IAMGroup createIAMGroup(Account caller, String iamGroupName, String description) {
Long domainId = caller.getDomainId();
Domain callerDomain = _domainDao.findById(domainId);
if (callerDomain == null) {
throw new InvalidParameterValueException("Caller does not have a domain");
}
return _iamSrv.createAclGroup(aclGroupName, description, callerDomain.getPath());
return _iamSrv.createAclGroup(iamGroupName, description, callerDomain.getPath());
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_DELETE, eventDescription = "Deleting Acl Group")
public boolean deleteAclGroup(final Long aclGroupId) {
return _iamSrv.deleteAclGroup(aclGroupId);
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_DELETE, eventDescription = "Deleting Acl Group")
public boolean deleteIAMGroup(final Long iamGroupId) {
return _iamSrv.deleteAclGroup(iamGroupId);
}
@Override
public List<AclGroup> listAclGroups(long accountId) {
public List<IAMGroup> listIAMGroups(long accountId) {
return _iamSrv.listAclGroups(accountId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
public IAMGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
return _iamSrv.addAccountsToGroup(acctIds, groupId);
}
private void removeAccountFromAclGroups(long accountId) {
List<AclGroup> groups = listAclGroups(accountId);
private void removeAccountFromIAMGroups(long accountId) {
List<IAMGroup> groups = listIAMGroups(accountId);
List<Long> accts = new ArrayList<Long>();
accts.add(accountId);
if (groups != null) {
for (AclGroup grp : groups) {
for (IAMGroup grp : groups) {
removeAccountsFromGroup(accts, grp.getId());
}
}
}
private void addAccountToAclGroup(long accountId, long groupId) {
private void addAccountToIAMGroup(long accountId, long groupId) {
List<Long> accts = new ArrayList<Long>();
accts.add(accountId);
addAccountsToGroup(accts, groupId);
@ -342,96 +342,96 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
public IAMGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
return _iamSrv.removeAccountsFromGroup(acctIds, groupId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_CREATE, eventDescription = "Creating Acl Policy", create = true)
public AclPolicy createAclPolicy(Account caller, final String aclPolicyName, final String description, final Long parentPolicyId) {
@ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_CREATE, eventDescription = "Creating IAM Policy", create = true)
public IAMPolicy createIAMPolicy(Account caller, final String iamPolicyName, final String description, final Long parentPolicyId) {
Long domainId = caller.getDomainId();
Domain callerDomain = _domainDao.findById(domainId);
if (callerDomain == null) {
throw new InvalidParameterValueException("Caller does not have a domain");
}
return _iamSrv.createAclPolicy(aclPolicyName, description, parentPolicyId, callerDomain.getPath());
return _iamSrv.createAclPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath());
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_DELETE, eventDescription = "Deleting Acl Policy")
public boolean deleteAclPolicy(final long aclPolicyId) {
return _iamSrv.deleteAclPolicy(aclPolicyId);
@ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_DELETE, eventDescription = "Deleting IAM Policy")
public boolean deleteIAMPolicy(final long iamPolicyId) {
return _iamSrv.deleteAclPolicy(iamPolicyId);
}
@Override
public List<AclPolicy> listAclPolicies(long accountId) {
public List<IAMPolicy> listIAMPolicies(long accountId) {
return _iamSrv.listAclPolicies(accountId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
public void attachAclPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
@ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
_iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
@ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
_iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_GRANT, eventDescription = "Granting acl permission to Acl Policy")
public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope,
@ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_GRANT, eventDescription = "Granting acl permission to IAM Policy")
public IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope,
Long scopeId, String action, Permission perm, Boolean recursive) {
Class<?> cmdClass = _apiServer.getCmdClass(action);
AccessType accessType = null;
if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
accessType = AccessType.UseEntry;
}
return _iamSrv.addAclPermissionToAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action,
return _iamSrv.addAclPermissionToAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
accessType.toString(), perm, recursive);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_REVOKE, eventDescription = "Revoking acl permission from Acl Policy")
public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
return _iamSrv.removeAclPermissionFromAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action);
@ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_REVOKE, eventDescription = "Revoking acl permission from IAM Policy")
public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
return _iamSrv.removeAclPermissionFromAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action);
}
@Override
public AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action) {
List<AclPolicy> policies = _iamSrv.listAclPolicies(accountId);
AclPolicyPermission curPerm = null;
for (AclPolicy policy : policies) {
List<AclPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
public IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action) {
List<IAMPolicy> policies = _iamSrv.listAclPolicies(accountId);
IAMPolicyPermission curPerm = null;
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
entityType);
if (perms == null || perms.size() == 0)
continue;
AclPolicyPermission perm = perms.get(0); // just pick one
IAMPolicyPermission perm = perms.get(0); // just pick one
if (curPerm == null) {
curPerm = perm;
} else if (PermissionScope.valueOf(perm.getScope()).greaterThan(PermissionScope.valueOf(curPerm.getScope()))) {
@ -445,8 +445,8 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@Override
public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
AclPolicyResponse response = new AclPolicyResponse();
public IAMPolicyResponse createIAMPolicyResponse(IAMPolicy policy) {
IAMPolicyResponse response = new IAMPolicyResponse();
response.setId(policy.getUuid());
response.setName(policy.getName());
response.setDescription(policy.getDescription());
@ -464,10 +464,10 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
response.setAccountName(owner.getAccountName());
}
// find permissions associated with this policy
List<AclPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
List<IAMPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
if (permissions != null && permissions.size() > 0) {
for (AclPolicyPermission permission : permissions) {
AclPermissionResponse perm = new AclPermissionResponse();
for (IAMPolicyPermission permission : permissions) {
IAMPermissionResponse perm = new IAMPermissionResponse();
perm.setAction(permission.getAction());
if (permission.getEntityType() != null) {
perm.setEntityType(IAMEntityType.valueOf(permission.getEntityType()));
@ -485,8 +485,8 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
}
@Override
public AclGroupResponse createAclGroupResponse(AclGroup group) {
AclGroupResponse response = new AclGroupResponse();
public IAMGroupResponse createIAMGroupResponse(IAMGroup group) {
IAMGroupResponse response = new IAMGroupResponse();
response.setId(group.getUuid());
response.setName(group.getName());
response.setDescription(group.getDescription());
@ -515,9 +515,9 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
}
// find all the policies attached to this group
List<AclPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
List<IAMPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
if (policies != null && policies.size() > 0) {
for (AclPolicy policy : policies) {
for (IAMPolicy policy : policies) {
response.addPolicy(policy.getName());
}
}
@ -527,21 +527,21 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
}
public List<AclGroup> listDomainGroup(Domain domain) {
public List<IAMGroup> listDomainGroup(Domain domain) {
if (domain != null) {
String domainPath = domain.getPath();
// search for groups
Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
domainPath, null, null);
return result.first();
}
return new ArrayList<AclGroup>();
return new ArrayList<IAMGroup>();
}
@Override
public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
public ListResponse<IAMGroupResponse> listIAMGroups(Long iamGroupId, String iamGroupName, Long domainId, Long startIndex, Long pageSize) {
// acl check
Account caller = CallContext.current().getCallingAccount();
@ -558,12 +558,12 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
}
String domainPath = domain.getPath();
// search for groups
Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(aclGroupId, aclGroupName, domainPath, startIndex, pageSize);
Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize);
// generate group response
ListResponse<AclGroupResponse> response = new ListResponse<AclGroupResponse>();
List<AclGroupResponse> groupResponses = new ArrayList<AclGroupResponse>();
for (AclGroup group : result.first()) {
AclGroupResponse resp = createAclGroupResponse(group);
ListResponse<IAMGroupResponse> response = new ListResponse<IAMGroupResponse>();
List<IAMGroupResponse> groupResponses = new ArrayList<IAMGroupResponse>();
for (IAMGroup group : result.first()) {
IAMGroupResponse resp = createIAMGroupResponse(group);
groupResponses.add(resp);
}
response.setResponses(groupResponses, result.second());
@ -571,7 +571,7 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
}
@Override
public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
public ListResponse<IAMPolicyResponse> listIAMPolicies(Long iamPolicyId, String iamPolicyName, Long domainId, Long startIndex,
Long pageSize) {
// acl check
Account caller = CallContext.current().getCallingAccount();
@ -589,12 +589,12 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
}
String domainPath = domain.getPath();
// search for policies
Pair<List<AclPolicy>, Integer> result = _iamSrv.listAclPolicies(aclPolicyId, aclPolicyName, domainPath, startIndex, pageSize);
Pair<List<IAMPolicy>, Integer> result = _iamSrv.listAclPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize);
// generate policy response
ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
List<AclPolicyResponse> policyResponses = new ArrayList<AclPolicyResponse>();
for (AclPolicy policy : result.first()) {
AclPolicyResponse resp = createAclPolicyResponse(policy);
ListResponse<IAMPolicyResponse> response = new ListResponse<IAMPolicyResponse>();
List<IAMPolicyResponse> policyResponses = new ArrayList<IAMPolicyResponse>();
for (IAMPolicy policy : result.first()) {
IAMPolicyResponse resp = createIAMPolicyResponse(policy);
policyResponses.add(resp);
}
response.setResponses(policyResponses, result.second());
@ -604,21 +604,21 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@Override
public void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
// check if there is already a policy with only this permission added to it
AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
IAMPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
if (policy == null) {
// not found, just create a policy with resource grant permission
Account caller = CallContext.current().getCallingAccount();
String aclPolicyName = "policyGrant" + entityType + entityId;
String description = "Policy to grant permission to " + entityType + entityId;
policy = createAclPolicy(caller, aclPolicyName, description, null);
policy = createIAMPolicy(caller, aclPolicyName, description, null);
// add permission to this policy
addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
}
// attach this policy to list of accounts if not attached already
Long policyId = policy.getId();
for (Long acctId : accountIds) {
if (!isPolicyAttachedToAccount(policyId, acctId)) {
attachAclPolicyToAccounts(policyId, Collections.singletonList(acctId));
attachIAMPolicyToAccounts(policyId, Collections.singletonList(acctId));
}
}
}
@ -626,7 +626,7 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@Override
public void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
// there should already a policy with only this permission added to it, this call is mainly used
AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
IAMPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
if (policy == null) {
s_logger.warn("Cannot find a policy associated with this entity permissioin to be revoked, just return");
return;
@ -635,15 +635,15 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
Long policyId = policy.getId();
for (Long acctId : accountIds) {
if (isPolicyAttachedToAccount(policyId, acctId)) {
removeAclPolicyFromAccounts(policyId, Collections.singletonList(acctId));
removeIAMPolicyFromAccounts(policyId, Collections.singletonList(acctId));
}
}
}
private boolean isPolicyAttachedToAccount(Long policyId, Long accountId) {
List<AclPolicy> pList = listAclPolicies(accountId);
for (AclPolicy p : pList) {
List<IAMPolicy> pList = listIAMPolicies(accountId);
for (IAMPolicy p : pList) {
if (p.getId() == policyId.longValue()) {
return true;
}
@ -658,7 +658,7 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
_iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
// check if there is a policy with only UseEntry permission for this template added
AclPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
IAMPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
if ( policy == null ){
s_logger.info("No policy found for this template grant: " + templateId + ", no detach to be done");
return;
@ -671,20 +671,20 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@Override
public List<Class<?>> getCommands() {
List<Class<?>> cmdList = new ArrayList<Class<?>>();
cmdList.add(CreateAclPolicyCmd.class);
cmdList.add(DeleteAclPolicyCmd.class);
cmdList.add(ListAclPoliciesCmd.class);
cmdList.add(AddAclPermissionToAclPolicyCmd.class);
cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
cmdList.add(AttachAclPolicyToAclGroupCmd.class);
cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
cmdList.add(CreateAclGroupCmd.class);
cmdList.add(DeleteAclGroupCmd.class);
cmdList.add(ListAclGroupsCmd.class);
cmdList.add(AddAccountToAclGroupCmd.class);
cmdList.add(RemoveAccountFromAclGroupCmd.class);
cmdList.add(AttachAclPolicyToAccountCmd.class);
cmdList.add(RemoveAclPolicyFromAccountCmd.class);
cmdList.add(CreateIAMPolicyCmd.class);
cmdList.add(DeleteIAMPolicyCmd.class);
cmdList.add(ListIAMPoliciesCmd.class);
cmdList.add(AddIAMPermissionToIAMPolicyCmd.class);
cmdList.add(RemoveIAMPermissionFromIAMPolicyCmd.class);
cmdList.add(AttachIAMPolicyToIAMGroupCmd.class);
cmdList.add(RemoveIAMPolicyFromIAMGroupCmd.class);
cmdList.add(CreateIAMGroupCmd.class);
cmdList.add(DeleteIAMGroupCmd.class);
cmdList.add(ListIAMGroupsCmd.class);
cmdList.add(AddAccountToIAMGroupCmd.class);
cmdList.add(RemoveAccountFromIAMGroupCmd.class);
cmdList.add(AttachIAMPolicyToAccountCmd.class);
cmdList.add(RemoveIAMPolicyFromAccountCmd.class);
return cmdList;
}
}

12
services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
View File

@ -37,9 +37,9 @@ import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.BaseAsyncCreateCmd;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.BaseListCmd;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.api.ApiServerService;
@ -90,7 +90,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
+ "is null");
}
List<AclPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
List<IAMPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
if (!isAllowed) {
@ -259,11 +259,11 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
if (entityTypes == null || entityTypes.length == 0) {
_iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
_iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
} else {
for (IAMEntityType entityType : entityTypes) {
_iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
_iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
}
}

34
services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
View File

@ -28,9 +28,9 @@ import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker;
import org.apache.cloudstack.api.InternalIdentity;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.IAMGroup;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.acl.DomainChecker;
@ -64,7 +64,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
if (entity == null && action != null) {
// check if caller can do this action
List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies);
if (!isAllowed) {
@ -80,11 +80,11 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
}
// get all Policies of this caller w.r.t the entity
List<AclPolicy> policies = getEffectivePolicies(caller, entity);
HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();
List<IAMPolicy> policies = getEffectivePolicies(caller, entity);
HashMap<IAMPolicy, Boolean> policyPermissionMap = new HashMap<IAMPolicy, Boolean>();
for (AclPolicy policy : policies) {
List<AclPolicyPermission> permissions = new ArrayList<AclPolicyPermission>();
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> permissions = new ArrayList<IAMPolicyPermission>();
if (action != null) {
permissions = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action, entityType);
@ -100,7 +100,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
accessType.toString(), entityType));
}
}
for (AclPolicyPermission permission : permissions) {
for (IAMPolicyPermission permission : permissions) {
if (checkPermissionScope(caller, permission.getScope(), permission.getScopeId(), entity)) {
if (permission.getEntityType().equals(entityType)) {
policyPermissionMap.put(policy, permission.getPermission().isGranted());
@ -129,7 +129,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
private boolean checkPermissionScope(Account caller, String scope, Long scopeId, ControlledEntity entity) {
if(scopeId != null && !scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))){
if(scopeId != null && !scopeId.equals(new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))){
//scopeId is set
if (scope.equals(PermissionScope.ACCOUNT.name())) {
if(scopeId == entity.getAccountId()){
@ -147,7 +147,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
}
}
}
} else if (scopeId == null || scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))) {
} else if (scopeId == null || scopeId.equals(new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))) {
if (scope.equals(PermissionScope.ACCOUNT.name())) {
if(caller.getAccountId() == entity.getAccountId()){
return true;
@ -161,10 +161,10 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
return false;
}
private List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
private List<IAMPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
// Get the static Policies of the Caller
List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
// add any dynamic policies w.r.t the entity
if (caller.getId() == entity.getAccountId()) {
@ -172,11 +172,11 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
policies.add(_iamSrv.getResourceOwnerPolicy());
}
List<AclGroup> groups = _iamSrv.listAclGroups(caller.getId());
for (AclGroup group : groups) {
List<IAMGroup> groups = _iamSrv.listAclGroups(caller.getId());
for (IAMGroup group : groups) {
// for each group find the grand parent groups.
List<AclGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
for (AclGroup parentGroup : parentGroups) {
List<IAMGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
for (IAMGroup parentGroup : parentGroups) {
policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
}
}

48
services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
View File

@ -25,9 +25,9 @@ import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.QuerySelector;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.IAMGroup;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.user.Account;
@ -44,13 +44,13 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedDomains(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
// for each policy, find granted permission with Domain scope
List<Long> domainIds = new ArrayList<Long>();
for (AclPolicy policy : policies) {
List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.DOMAIN.toString());
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.DOMAIN.toString());
if (pp != null) {
for (AclPolicyPermission p : pp) {
for (IAMPolicyPermission p : pp) {
if (p.getScopeId() != null) {
if (p.getScopeId().longValue() == -1) {
domainIds.add(caller.getDomainId());
@ -68,13 +68,13 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedAccounts(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
// for each policy, find granted permission with Account scope
List<Long> accountIds = new ArrayList<Long>();
for (AclPolicy policy : policies) {
List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ACCOUNT.toString());
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ACCOUNT.toString());
if (pp != null) {
for (AclPolicyPermission p : pp) {
for (IAMPolicyPermission p : pp) {
if (p.getScopeId() != null) {
if (p.getScopeId().longValue() == -1) {
accountIds.add(caller.getId());
@ -92,24 +92,24 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedResources(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
// add the policies that grant recursive access
List<AclGroup> groups = _iamService.listAclGroups(caller.getId());
for (AclGroup group : groups) {
List<IAMGroup> groups = _iamService.listAclGroups(caller.getId());
for (IAMGroup group : groups) {
// for each group find the grand parent groups.
List<AclGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
for (AclGroup parentGroup : parentGroups) {
List<IAMGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
for (IAMGroup parentGroup : parentGroups) {
policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
}
}
// for each policy, find granted permission with Resource scope
List<Long> entityIds = new ArrayList<Long>();
for (AclPolicy policy : policies) {
List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.RESOURCE.toString());
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.RESOURCE.toString());
if (pp != null) {
for (AclPolicyPermission p : pp) {
for (IAMPolicyPermission p : pp) {
if (p.getScopeId() != null) {
entityIds.add(p.getScopeId());
}
@ -123,10 +123,10 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public boolean isGrantedAll(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
// for each policy, find granted permission with ALL scope
for (AclPolicy policy : policies) {
List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
if (pp != null && pp.size() > 0) {
return true;
}
@ -136,9 +136,9 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
@Override
public List<String> listAclGroupsByAccount(long accountId) {
List<AclGroup> groups = _iamService.listAclGroups(accountId);
List<IAMGroup> groups = _iamService.listAclGroups(accountId);
List<String> groupNames = new ArrayList<String>();
for (AclGroup grp : groups) {
for (IAMGroup grp : groups) {
groupNames.add(grp.getName());
}
return groupNames;

186
services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java → services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
View File

@ -1,4 +1,4 @@
package org.apache.cloudstack.acl;
package org.apache.cloudstack.iam.test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
@ -34,24 +34,26 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.support.AnnotationConfigContextLoader;
import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.iam.AclApiService;
import org.apache.cloudstack.iam.AclApiServiceImpl;
import org.apache.cloudstack.iam.IAMApiServiceImpl;
import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.command.user.vm.ListVMsCmd;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.iam.AclGroupResponse;
import org.apache.cloudstack.api.response.iam.AclPermissionResponse;
import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMPermissionResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.framework.messagebus.MessageBus;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMGroup;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMService;
import org.apache.cloudstack.iam.server.AclGroupVO;
import org.apache.cloudstack.iam.server.AclPolicyPermissionVO;
import org.apache.cloudstack.iam.server.AclPolicyVO;
import org.apache.cloudstack.iam.server.IAMGroupVO;
import org.apache.cloudstack.iam.server.IAMPolicyPermissionVO;
import org.apache.cloudstack.iam.server.IAMPolicyVO;
import org.apache.cloudstack.test.utils.SpringUtils;
import com.cloud.api.ApiServerService;
@ -68,7 +70,7 @@ import com.cloud.utils.component.ComponentContext;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(loader = AnnotationConfigContextLoader.class)
public class AclApiServiceTest {
public class IAMApiServiceTest {
@Inject
IAMService _iamSrv;
@ -77,7 +79,7 @@ public class AclApiServiceTest {
DomainDao _domainDao;
@Inject
AclApiService _aclSrv;
IAMApiService _aclSrv;
@Inject
AccountManager _accountMgr;
@ -114,44 +116,44 @@ public class AclApiServiceTest {
}
@Test
public void createAclGroupTest() {
AclGroup group = new AclGroupVO("group1", "tester group1");
List<AclGroup> groups = new ArrayList<AclGroup>();
public void createIAMGroupTest() {
IAMGroup group = new IAMGroupVO("group1", "tester group1");
List<IAMGroup> groups = new ArrayList<IAMGroup>();
groups.add(group);
Pair<List<AclGroup>, Integer> grpList = new Pair<List<AclGroup>, Integer>(groups, 1);
when(_iamSrv.createAclGroup("group1", "tester group1", callerDomainPath)).thenReturn(group);
when(_iamSrv.listAclGroups(null, null, callerDomainPath, 0L, 20L)).thenReturn(grpList);
Pair<List<IAMGroup>, Integer> grpList = new Pair<List<IAMGroup>, Integer>(groups, 1);
when(_iamSrv.createIAMGroup("group1", "tester group1", callerDomainPath)).thenReturn(group);
when(_iamSrv.listIAMGroups(null, null, callerDomainPath, 0L, 20L)).thenReturn(grpList);
AclGroup createdGrp = _aclSrv.createAclGroup(caller, "group1", "tester group1");
assertNotNull("Acl group 'group1' failed to create ", createdGrp);
ListResponse<AclGroupResponse> grpResp = _aclSrv.listAclGroups(null, null, callerDomainId, 0L, 20L);
IAMGroup createdGrp = _aclSrv.createIAMGroup(caller, "group1", "tester group1");
assertNotNull("IAM group 'group1' failed to create ", createdGrp);
ListResponse<IAMGroupResponse> grpResp = _aclSrv.listIAMGroups(null, null, callerDomainId, 0L, 20L);
assertTrue("No. of response items should be one", grpResp.getCount() == 1);
AclGroupResponse resp = grpResp.getResponses().get(0);
IAMGroupResponse resp = grpResp.getResponses().get(0);
assertEquals("Error in created group name", "group1", resp.getName());
}
@Test
public void deleteAclGroupTest() {
when(_iamSrv.deleteAclGroup(1L)).thenReturn(true);
assertTrue("failed to delete acl group 1", _aclSrv.deleteAclGroup(1L));
public void deleteIAMGroupTest() {
when(_iamSrv.deleteIAMGroup(1L)).thenReturn(true);
assertTrue("failed to delete acl group 1", _aclSrv.deleteIAMGroup(1L));
}
@Test
public void listAclGroupTest() {
AclGroup group = new AclGroupVO("group1", "tester group1");
List<AclGroup> groups = new ArrayList<AclGroup>();
public void listIAMGroupTest() {
IAMGroup group = new IAMGroupVO("group1", "tester group1");
List<IAMGroup> groups = new ArrayList<IAMGroup>();
groups.add(group);
when(_iamSrv.listAclGroups(callerId)).thenReturn(groups);
List<AclGroup> grps = _aclSrv.listAclGroups(callerId);
when(_iamSrv.listIAMGroups(callerId)).thenReturn(groups);
List<IAMGroup> grps = _aclSrv.listIAMGroups(callerId);
assertTrue(grps != null && grps.size() == 1);
AclGroup grp = grps.get(0);
IAMGroup grp = grps.get(0);
assertEquals("Error to retrieve group", "group1", grp.getName());
}
@Test
public void addRemoveAccountToGroupTest() {
AclGroup group = new AclGroupVO("group1", "tester group1");
List<AclGroup> groups = new ArrayList<AclGroup>();
IAMGroup group = new IAMGroupVO("group1", "tester group1");
List<IAMGroup> groups = new ArrayList<IAMGroup>();
groups.add(group);
Long groupId = group.getId();
List<Long> acctIds = new ArrayList<Long>();
@ -165,12 +167,12 @@ public class AclApiServiceTest {
when(_accountDao.findById(acct2.getId())).thenReturn(acct2);
when(_iamSrv.addAccountsToGroup(acctIds, groupId)).thenReturn(group);
when(_iamSrv.listAccountsByGroup(groupId)).thenReturn(acctIds);
Pair<List<AclGroup>, Integer> grpList = new Pair<List<AclGroup>, Integer>(groups, 1);
when(_iamSrv.listAclGroups(null, "group1", callerDomainPath, 0L, 20L)).thenReturn(grpList);
Pair<List<IAMGroup>, Integer> grpList = new Pair<List<IAMGroup>, Integer>(groups, 1);
when(_iamSrv.listIAMGroups(null, "group1", callerDomainPath, 0L, 20L)).thenReturn(grpList);
_aclSrv.addAccountsToGroup(acctIds, groupId);
ListResponse<AclGroupResponse> grpResp = _aclSrv.listAclGroups(null, "group1", callerDomainId, 0L, 20L);
ListResponse<IAMGroupResponse> grpResp = _aclSrv.listIAMGroups(null, "group1", callerDomainId, 0L, 20L);
assertTrue("No. of response items should be one", grpResp.getCount() == 1);
AclGroupResponse resp = grpResp.getResponses().get(0);
IAMGroupResponse resp = grpResp.getResponses().get(0);
Set<String> acctNames = resp.getAccountNameList();
assertEquals("There should be 2 accounts in the group", 2, acctNames.size());
assertTrue("account1 should be assigned to the group", acctNames.contains("account1"));
@ -181,7 +183,7 @@ public class AclApiServiceTest {
rmAccts.add(acct2.getId());
when(_iamSrv.removeAccountsFromGroup(rmAccts, groupId)).thenReturn(group);
_aclSrv.removeAccountsFromGroup(acctIds, groupId);
grpResp = _aclSrv.listAclGroups(null, "group1", callerDomainId, 0L, 20L);
grpResp = _aclSrv.listIAMGroups(null, "group1", callerDomainId, 0L, 20L);
assertTrue("No. of response items should be one", grpResp.getCount() == 1);
resp = grpResp.getResponses().get(0);
acctNames = resp.getAccountNameList();
@ -190,62 +192,62 @@ public class AclApiServiceTest {
}
@Test
public void createAclPolicyTest() {
AclPolicy policy = new AclPolicyVO("policy1", "tester policy1");
List<AclPolicy> policies = new ArrayList<AclPolicy>();
public void createIAMPolicyTest() {
IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
policies.add(policy);
Pair<List<AclPolicy>, Integer> policyList = new Pair<List<AclPolicy>, Integer>(policies, 1);
when(_iamSrv.createAclPolicy("policy1", "tester policy1", null, callerDomainPath)).thenReturn(policy);
when(_iamSrv.listAclPolicies(null, null, callerDomainPath, 0L, 20L)).thenReturn(policyList);
Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>, Integer>(policies, 1);
when(_iamSrv.createIAMPolicy("policy1", "tester policy1", null, callerDomainPath)).thenReturn(policy);
when(_iamSrv.listIAMPolicies(null, null, callerDomainPath, 0L, 20L)).thenReturn(policyList);
AclPolicy createdPolicy = _aclSrv.createAclPolicy(caller, "policy1", "tester policy1", null);
assertNotNull("Acl policy 'policy1' failed to create ", createdPolicy);
ListResponse<AclPolicyResponse> policyResp = _aclSrv.listAclPolicies(null, null, callerDomainId, 0L, 20L);
IAMPolicy createdPolicy = _aclSrv.createIAMPolicy(caller, "policy1", "tester policy1", null);
assertNotNull("IAM policy 'policy1' failed to create ", createdPolicy);
ListResponse<IAMPolicyResponse> policyResp = _aclSrv.listIAMPolicies(null, null, callerDomainId, 0L, 20L);
assertTrue("No. of response items should be one", policyResp.getCount() == 1);
AclPolicyResponse resp = policyResp.getResponses().get(0);
IAMPolicyResponse resp = policyResp.getResponses().get(0);
assertEquals("Error in created group name", "policy1", resp.getName());
}
@Test
public void deleteAclPolicyTest() {
when(_iamSrv.deleteAclPolicy(1L)).thenReturn(true);
assertTrue("failed to delete acl policy 1", _aclSrv.deleteAclPolicy(1L));
public void deleteIAMPolicyTest() {
when(_iamSrv.deleteIAMPolicy(1L)).thenReturn(true);
assertTrue("failed to delete acl policy 1", _aclSrv.deleteIAMPolicy(1L));
}
@Test
public void listAclPolicyTest() {
AclPolicy policy = new AclPolicyVO("policy1", "tester policy1");
List<AclPolicy> policies = new ArrayList<AclPolicy>();
public void listIAMPolicyTest() {
IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
policies.add(policy);
when(_iamSrv.listAclPolicies(callerId)).thenReturn(policies);
List<AclPolicy> polys = _aclSrv.listAclPolicies(callerId);
when(_iamSrv.listIAMPolicies(callerId)).thenReturn(policies);
List<IAMPolicy> polys = _aclSrv.listIAMPolicies(callerId);
assertTrue(polys != null && polys.size() == 1);
AclPolicy p = polys.get(0);
IAMPolicy p = polys.get(0);
assertEquals("Error to retrieve group", "policy1", p.getName());
}
@Test
public void addRemovePolicyToGroupTest() {
AclGroup group = new AclGroupVO("group1", "tester group1");
List<AclGroup> groups = new ArrayList<AclGroup>();
IAMGroup group = new IAMGroupVO("group1", "tester group1");
List<IAMGroup> groups = new ArrayList<IAMGroup>();
groups.add(group);
Long groupId = group.getId();
List<Long> policyIds = new ArrayList<Long>();
policyIds.add(100L);
policyIds.add(200L);
AclPolicy policy1 = new AclPolicyVO("policy1", "my first policy");
AclPolicy policy2 = new AclPolicyVO("policy2", "my second policy");
List<AclPolicy> policies = new ArrayList<AclPolicy>();
IAMPolicy policy1 = new IAMPolicyVO("policy1", "my first policy");
IAMPolicy policy2 = new IAMPolicyVO("policy2", "my second policy");
List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
policies.add(policy1);
policies.add(policy2);
when(_iamSrv.attachAclPoliciesToGroup(policyIds, groupId)).thenReturn(group);
when(_iamSrv.listAclPoliciesByGroup(groupId)).thenReturn(policies);
Pair<List<AclGroup>, Integer> grpList = new Pair<List<AclGroup>, Integer>(groups, 1);
when(_iamSrv.listAclGroups(null, "group1", callerDomainPath, 0L, 20L)).thenReturn(grpList);
_aclSrv.attachAclPoliciesToGroup(policyIds, groupId);
ListResponse<AclGroupResponse> grpResp = _aclSrv.listAclGroups(null, "group1", callerDomainId, 0L, 20L);
when(_iamSrv.attachIAMPoliciesToGroup(policyIds, groupId)).thenReturn(group);
when(_iamSrv.listIAMPoliciesByGroup(groupId)).thenReturn(policies);
Pair<List<IAMGroup>, Integer> grpList = new Pair<List<IAMGroup>, Integer>(groups, 1);
when(_iamSrv.listIAMGroups(null, "group1", callerDomainPath, 0L, 20L)).thenReturn(grpList);
_aclSrv.attachIAMPoliciesToGroup(policyIds, groupId);
ListResponse<IAMGroupResponse> grpResp = _aclSrv.listIAMGroups(null, "group1", callerDomainId, 0L, 20L);
assertTrue("No. of response items should be one", grpResp.getCount() == 1);
AclGroupResponse resp = grpResp.getResponses().get(0);
IAMGroupResponse resp = grpResp.getResponses().get(0);
Set<String> policyNames = resp.getPolicyList();
assertEquals("There should be 2 policies in the group", 2, policyNames.size());
assertTrue("policy1 should be assigned to the group", policyNames.contains("policy1"));
@ -253,9 +255,9 @@ public class AclApiServiceTest {
// remove "policy2" from group1
policyIds.remove(1);
policies.remove(policy2);
when(_iamSrv.removeAclPoliciesFromGroup(policyIds, groupId)).thenReturn(group);
_aclSrv.removeAclPoliciesFromGroup(policyIds, groupId);
grpResp = _aclSrv.listAclGroups(null, "group1", callerDomainId, 0L, 20L);
when(_iamSrv.removeIAMPoliciesFromGroup(policyIds, groupId)).thenReturn(group);
_aclSrv.removeIAMPoliciesFromGroup(policyIds, groupId);
grpResp = _aclSrv.listIAMGroups(null, "group1", callerDomainId, 0L, 20L);
assertTrue("No. of response items should be one", grpResp.getCount() == 1);
resp = grpResp.getResponses().get(0);
policyNames = resp.getPolicyList();
@ -265,37 +267,41 @@ public class AclApiServiceTest {
@Test
public void addRemovePermissionToPolicyTest() {
AclPolicy policy = new AclPolicyVO("policy1", "tester policy1");
List<AclPolicy> policies = new ArrayList<AclPolicy>();
IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
policies.add(policy);
Long policyId = policy.getId();
Long resId = 200L;
Class clz = ListVMsCmd.class;
when(_apiServer.getCmdClass("listVirtualMachines")).thenReturn(clz);
when(
_iamSrv.addAclPermissionToAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
_iamSrv.addIAMPermissionToIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
_aclSrv.addAclPermissionToAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
Pair<List<AclPolicy>, Integer> policyList = new Pair<List<AclPolicy>, Integer>(policies, 1);
List<AclPolicyPermission> policyPerms = new ArrayList<AclPolicyPermission>();
AclPolicyPermission perm = new AclPolicyPermissionVO(policyId, "listVirtualMachines", IAMEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
_aclSrv.addIAMPermissionToIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>, Integer>(policies, 1);
List<IAMPolicyPermission> policyPerms = new ArrayList<IAMPolicyPermission>();
IAMPolicyPermission perm = new IAMPolicyPermissionVO(policyId, "listVirtualMachines",
IAMEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
PermissionScope.RESOURCE.toString(),
resId, Permission.Allow, false);
policyPerms.add(perm);
when(_iamSrv.listAclPolicies(null, "policy1", callerDomainPath, 0L, 20L)).thenReturn(policyList);
when(_iamSrv.listIAMPolicies(null, "policy1", callerDomainPath, 0L, 20L)).thenReturn(policyList);
when(_iamSrv.listPolicyPermissions(policyId)).thenReturn(policyPerms);
ListResponse<AclPolicyResponse> policyResp = _aclSrv.listAclPolicies(null, "policy1", callerDomainId, 0L, 20L);
ListResponse<IAMPolicyResponse> policyResp = _aclSrv.listIAMPolicies(null, "policy1", callerDomainId, 0L, 20L);
assertTrue("No. of response items should be one", policyResp.getCount() == 1);
AclPolicyResponse resp = policyResp.getResponses().get(0);
Set<AclPermissionResponse> permList = resp.getPermissionList();
IAMPolicyResponse resp = policyResp.getResponses().get(0);
Set<IAMPermissionResponse> permList = resp.getPermissionList();
assertTrue("Permission list should not be empty", permList != null && permList.size() > 0);
AclPermissionResponse permResp = permList.iterator().next();
IAMPermissionResponse permResp = permList.iterator().next();
assertEquals("There should be one permission for listVirtualMachines", "listVirtualMachines", permResp.getAction());
//remove permission from policy
policyPerms.remove(perm);
_aclSrv.removeAclPermissionFromAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines");
policyResp = _aclSrv.listAclPolicies(null, "policy1", callerDomainId, 0L, 20L);
_aclSrv.removeIAMPermissionFromIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
PermissionScope.RESOURCE, resId, "listVirtualMachines");
policyResp = _aclSrv.listIAMPolicies(null, "policy1", callerDomainId, 0L, 20L);
assertTrue("No. of response items should be one", policyResp.getCount() == 1);
resp = policyResp.getResponses().get(0);
permList = resp.getPermissionList();
@ -307,7 +313,7 @@ public class AclApiServiceTest {
}
@Configuration
@ComponentScan(basePackageClasses = {AclApiServiceImpl.class}, includeFilters = {@Filter(value = TestConfiguration.Library.class, type = FilterType.CUSTOM)}, useDefaultFilters = false)
@ComponentScan(basePackageClasses = {IAMApiServiceImpl.class}, includeFilters = {@Filter(value = TestConfiguration.Library.class, type = FilterType.CUSTOM)}, useDefaultFilters = false)
public static class TestConfiguration extends SpringUtils.CloudStackTestConfiguration {
@Bean

74
services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java → services/iam/server/src/org/apache/cloudstack/iam/api/IAMGroup.java
View File

@ -1,37 +1,37 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.iam.api;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.api.InternalIdentity;
public interface AclGroup extends InternalIdentity, Identity {
String getName();
String getDescription();
@Override
long getId();
@Override
String getUuid();
String getPath();
long getAccountId();
}
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.iam.api;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.api.InternalIdentity;
public interface IAMGroup extends InternalIdentity, Identity {
String getName();
String getDescription();
@Override
long getId();
@Override
String getUuid();
String getPath();
long getAccountId();
}

82
services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java → services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicy.java
View File

@ -1,41 +1,41 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.iam.api;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.api.InternalIdentity;
public interface AclPolicy extends InternalIdentity, Identity {
String getName();
String getDescription();
public enum PolicyType {
Static, Dynamic
}
@Override
long getId();
@Override
String getUuid();
String getPath();
long getAccountId();
}
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.iam.api;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.api.InternalIdentity;
public interface IAMPolicy extends InternalIdentity, Identity {
String getName();
String getDescription();
public enum PolicyType {
Static, Dynamic
}
@Override
long getId();
@Override
String getUuid();
String getPath();
long getAccountId();
}

2
services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicyPermission.java → services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicyPermission.java
View File

@ -17,7 +17,7 @@
package org.apache.cloudstack.iam.api;
public interface AclPolicyPermission {
public interface IAMPolicyPermission {
String getAction();

48
services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
View File

@ -18,75 +18,75 @@ package org.apache.cloudstack.iam.api;
import java.util.List;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import com.cloud.utils.Pair;
public interface IAMService {
/* ACL group related interfaces */
AclGroup createAclGroup(String aclGroupName, String description, String path);
IAMGroup createAclGroup(String aclGroupName, String description, String path);
boolean deleteAclGroup(Long aclGroupId);
List<AclGroup> listAclGroups(long accountId);
List<IAMGroup> listAclGroups(long accountId);
AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
IAMGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
IAMGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
List<Long> listAccountsByGroup(long groupId);
Pair<List<AclGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
/* ACL Policy related interfaces */
AclPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path);
IAMPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path);
boolean deleteAclPolicy(long aclPolicyId);
List<AclPolicy> listAclPolicies(long accountId);
List<IAMPolicy> listAclPolicies(long accountId);
List<AclPolicy> listAclPoliciesByGroup(long groupId);
List<IAMPolicy> listAclPoliciesByGroup(long groupId);
Pair<List<AclPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize);
Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize);
AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
IAMGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
IAMGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
void attachAclPolicyToAccounts(Long policyId, List<Long> acctIds);
void removeAclPolicyFromAccounts(Long policyId, List<Long> acctIds);
AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action, String accessType, Permission perm, Boolean recursive);
AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action);
void removeAclPermissionForEntity(final String entityType, final Long entityId);
AclPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action);
IAMPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action);
AclPolicy getResourceOwnerPolicy();
IAMPolicy getResourceOwnerPolicy();
List<AclPolicyPermission> listPolicyPermissions(long policyId);
List<IAMPolicyPermission> listPolicyPermissions(long policyId);
List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope);
List<IAMPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope);
List<AclPolicyPermission> listPolicyPermissionByActionAndEntity(long policyId, String action, String entityType);
List<IAMPolicyPermission> listPolicyPermissionByActionAndEntity(long policyId, String action, String entityType);
boolean isActionAllowedForPolicies(String action, List<AclPolicy> policies);
boolean isActionAllowedForPolicies(String action, List<IAMPolicy> policies);
List<Long> getGrantedEntities(long accountId, String action, String scope);
AclPolicy resetAclPolicy(long aclPolicyId);
IAMPolicy resetAclPolicy(long aclPolicyId);
List<AclPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
List<IAMPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
String entityType);
List<AclGroup> listParentAclGroups(long groupId);
List<IAMGroup> listParentAclGroups(long groupId);
List<AclPolicy> listRecursiveAclPoliciesByGroup(long groupId);
List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId);
}

8
services/iam/server/src/org/apache/cloudstack/iam/server/AclAccountPolicyMapVO.java → services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
View File

@ -28,8 +28,8 @@ import javax.persistence.Table;
import com.cloud.utils.db.GenericDao;
@Entity
@Table(name = ("acl_account_policy_map"))
public class AclAccountPolicyMapVO {
@Table(name = ("iam_account_policy_map"))
public class IAMAccountPolicyMapVO {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@ -47,10 +47,10 @@ public class AclAccountPolicyMapVO {
@Column(name = GenericDao.CREATED_COLUMN)
private Date created;
public AclAccountPolicyMapVO() {
public IAMAccountPolicyMapVO() {
}
public AclAccountPolicyMapVO(long accountId, long aclPolicyId) {
public IAMAccountPolicyMapVO(long accountId, long aclPolicyId) {
this.accountId = accountId;
this.aclPolicyId = aclPolicyId;
}

8
services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupAccountMapVO.java → services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupAccountMapVO.java
View File

@ -28,8 +28,8 @@ import javax.persistence.Table;
import com.cloud.utils.db.GenericDao;
@Entity
@Table(name = ("acl_group_account_map"))
public class AclGroupAccountMapVO {
@Table(name = ("iam_group_account_map"))
public class IAMGroupAccountMapVO {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@ -47,10 +47,10 @@ public class AclGroupAccountMapVO {
@Column(name = GenericDao.CREATED_COLUMN)
private Date created;
public AclGroupAccountMapVO() {
public IAMGroupAccountMapVO() {
}
public AclGroupAccountMapVO(long aclGroupId, long accountId) {
public IAMGroupAccountMapVO(long aclGroupId, long accountId) {
this.aclGroupId = aclGroupId;
this.accountId = accountId;
}

8
services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupPolicyMapVO.java → services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupPolicyMapVO.java
View File

@ -29,8 +29,8 @@ import javax.persistence.Table;
import com.cloud.utils.db.GenericDao;
@Entity
@Table(name = ("acl_group_policy_map"))
public class AclGroupPolicyMapVO {
@Table(name = ("iam_group_policy_map"))
public class IAMGroupPolicyMapVO {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@ -48,10 +48,10 @@ public class AclGroupPolicyMapVO {
@Column(name = GenericDao.CREATED_COLUMN)
private Date created;
public AclGroupPolicyMapVO() {
public IAMGroupPolicyMapVO() {
}
public AclGroupPolicyMapVO(long aclGroupId, long aclPolicyId) {
public IAMGroupPolicyMapVO(long aclGroupId, long aclPolicyId) {
this.aclGroupId = aclGroupId;
this.aclPolicyId = aclPolicyId;
}

10
services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java → services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupVO.java
View File

@ -26,13 +26,13 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.IAMGroup;
import com.cloud.utils.db.GenericDao;
@Entity
@Table(name = ("acl_group"))
public class AclGroupVO implements AclGroup {
@Table(name = ("iam_group"))
public class IAMGroupVO implements IAMGroup {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@ -59,11 +59,11 @@ public class AclGroupVO implements AclGroup {
@Column(name = GenericDao.CREATED_COLUMN)
private Date created;
public AclGroupVO() {
public IAMGroupVO() {
uuid = UUID.randomUUID().toString();
}
public AclGroupVO(String name, String description) {
public IAMGroupVO(String name, String description) {
this.name = name;
this.description = description;
uuid = UUID.randomUUID().toString();

10
services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java → services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyPermissionVO.java
View File

@ -27,12 +27,12 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import com.cloud.utils.db.GenericDao;
@Entity
@Table(name = ("acl_policy_permission"))
public class AclPolicyPermissionVO implements AclPolicyPermission {
@Table(name = ("iam_policy_permission"))
public class IAMPolicyPermissionVO implements IAMPolicyPermission {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@ -70,11 +70,11 @@ public class AclPolicyPermissionVO implements AclPolicyPermission {
@Column(name = GenericDao.CREATED_COLUMN)
private Date created;
public AclPolicyPermissionVO() {
public IAMPolicyPermissionVO() {
}
public AclPolicyPermissionVO(long aclPolicyId, String action, String entityType, String accessType, String scope,
public IAMPolicyPermissionVO(long aclPolicyId, String action, String entityType, String accessType, String scope,
Long scopeId, Permission permission, Boolean recursive) {
this.aclPolicyId = aclPolicyId;
this.action = action;

18
services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java → services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyVO.java
View File

@ -28,13 +28,13 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.IAMPolicy;
import com.cloud.utils.db.GenericDao;
@Entity
@Table(name = ("acl_policy"))
public class AclPolicyVO implements AclPolicy {
@Table(name = ("iam_policy"))
public class IAMPolicyVO implements IAMPolicy {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@ -63,17 +63,17 @@ public class AclPolicyVO implements AclPolicy {
@Column(name = "policy_type")
@Enumerated(value = EnumType.STRING)
private AclPolicy.PolicyType policyType;
private IAMPolicy.PolicyType policyType;
public AclPolicyVO() {
public IAMPolicyVO() {
uuid = UUID.randomUUID().toString();
}
public AclPolicyVO(String name, String description) {
public IAMPolicyVO(String name, String description) {
this.name = name;
this.description = description;
uuid = UUID.randomUUID().toString();
policyType = AclPolicy.PolicyType.Static;
policyType = IAMPolicy.PolicyType.Static;
}
@Override
@ -127,11 +127,11 @@ public class AclPolicyVO implements AclPolicy {
this.accountId = accountId;
}
public AclPolicy.PolicyType getPolicyType() {
public IAMPolicy.PolicyType getPolicyType() {
return policyType;
}
public void setPolicyType(AclPolicy.PolicyType policyType) {
public void setPolicyType(IAMPolicy.PolicyType policyType) {
this.policyType = policyType;
}

282
services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
View File

@ -25,17 +25,17 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMGroup;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMService;
import org.apache.cloudstack.iam.server.dao.AclAccountPolicyMapDao;
import org.apache.cloudstack.iam.server.dao.AclGroupAccountMapDao;
import org.apache.cloudstack.iam.server.dao.AclGroupDao;
import org.apache.cloudstack.iam.server.dao.AclGroupPolicyMapDao;
import org.apache.cloudstack.iam.server.dao.AclPolicyDao;
import org.apache.cloudstack.iam.server.dao.AclPolicyPermissionDao;
import org.apache.cloudstack.iam.server.dao.IAMAccountPolicyMapDao;
import org.apache.cloudstack.iam.server.dao.IAMGroupAccountMapDao;
import org.apache.cloudstack.iam.server.dao.IAMGroupDao;
import org.apache.cloudstack.iam.server.dao.IAMGroupPolicyMapDao;
import org.apache.cloudstack.iam.server.dao.IAMPolicyDao;
import org.apache.cloudstack.iam.server.dao.IAMPolicyPermissionDao;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.utils.Pair;
@ -62,37 +62,37 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
private String _name;
@Inject
AclPolicyDao _aclPolicyDao;
IAMPolicyDao _aclPolicyDao;
@Inject
AclGroupDao _aclGroupDao;
IAMGroupDao _aclGroupDao;
@Inject
EntityManager _entityMgr;
@Inject
AclGroupPolicyMapDao _aclGroupPolicyMapDao;
IAMGroupPolicyMapDao _aclGroupPolicyMapDao;
@Inject
AclAccountPolicyMapDao _aclAccountPolicyMapDao;
IAMAccountPolicyMapDao _aclAccountPolicyMapDao;
@Inject
AclGroupAccountMapDao _aclGroupAccountMapDao;
IAMGroupAccountMapDao _aclGroupAccountMapDao;
@Inject
AclPolicyPermissionDao _policyPermissionDao;
IAMPolicyPermissionDao _policyPermissionDao;
@DB
@Override
public AclGroup createAclGroup(String aclGroupName, String description, String path) {
public IAMGroup createAclGroup(String aclGroupName, String description, String path) {
// check if the group is already existing
AclGroup grp = _aclGroupDao.findByName(path, aclGroupName);
IAMGroup grp = _aclGroupDao.findByName(path, aclGroupName);
if (grp != null) {
throw new InvalidParameterValueException(
"Unable to create acl group with name " + aclGroupName
+ " already exisits for path " + path);
}
AclGroupVO rvo = new AclGroupVO(aclGroupName, description);
IAMGroupVO rvo = new IAMGroupVO(aclGroupName, description);
rvo.setPath(path);
return _aclGroupDao.persist(rvo);
@ -102,7 +102,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public boolean deleteAclGroup(final Long aclGroupId) {
// get the Acl Group entity
final AclGroup grp = _aclGroupDao.findById(aclGroupId);
final IAMGroup grp = _aclGroupDao.findById(aclGroupId);
if (grp == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + aclGroupId
+ "; failed to delete acl group.");
@ -112,17 +112,17 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove this group related entry in acl_group_role_map
List<AclGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByGroupId(grp.getId());
List<IAMGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByGroupId(grp.getId());
if (groupPolicyMap != null) {
for (AclGroupPolicyMapVO gr : groupPolicyMap) {
for (IAMGroupPolicyMapVO gr : groupPolicyMap) {
_aclGroupPolicyMapDao.remove(gr.getId());
}
}
// remove this group related entry in acl_group_account table
List<AclGroupAccountMapVO> groupAcctMap = _aclGroupAccountMapDao.listByGroupId(grp.getId());
List<IAMGroupAccountMapVO> groupAcctMap = _aclGroupAccountMapDao.listByGroupId(grp.getId());
if (groupAcctMap != null) {
for (AclGroupAccountMapVO grpAcct : groupAcctMap) {
for (IAMGroupAccountMapVO grpAcct : groupAcctMap) {
_aclGroupAccountMapDao.remove(grpAcct.getId());
}
}
@ -137,9 +137,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
public List<AclGroup> listAclGroups(long accountId) {
public List<IAMGroup> listAclGroups(long accountId) {
GenericSearchBuilder<AclGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class);
GenericSearchBuilder<IAMGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class);
groupSB.selectFields(groupSB.entity().getAclGroupId());
groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ);
SearchCriteria<Long> groupSc = groupSB.create();
@ -147,9 +147,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
List<Long> groupIds = _aclGroupAccountMapDao.customSearch(groupSc, null);
SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
SearchBuilder<IAMGroupVO> sb = _aclGroupDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
SearchCriteria<AclGroupVO> sc = sb.create();
SearchCriteria<IAMGroupVO> sc = sb.create();
sc.setParameters("ids", groupIds.toArray(new Object[groupIds.size()]));
@SuppressWarnings("rawtypes")
List groups = _aclGroupDao.search(sc, null);
@ -158,9 +158,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
public IAMGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
// get the Acl Group entity
AclGroup group = _aclGroupDao.findById(groupId);
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId
+ "; failed to add accounts to acl group.");
@ -172,10 +172,10 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
// add entries in acl_group_account_map table
for (Long acctId : acctIds) {
// check account permissions
AclGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
IAMGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
if (grMap == null) {
// not there already
grMap = new AclGroupAccountMapVO(groupId, acctId);
grMap = new IAMGroupAccountMapVO(groupId, acctId);
_aclGroupAccountMapDao.persist(grMap);
}
}
@ -186,9 +186,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
public IAMGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
// get the Acl Group entity
AclGroup group = _aclGroupDao.findById(groupId);
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId
+ "; failed to remove accounts from acl group.");
@ -199,7 +199,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove entries from acl_group_account_map table
for (Long acctId : acctIds) {
AclGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
IAMGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
if (grMap != null) {
// not removed yet
_aclGroupAccountMapDao.remove(grMap.getId());
@ -212,35 +212,35 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public List<Long> listAccountsByGroup(long groupId) {
List<AclGroupAccountMapVO> grpAcctMap = _aclGroupAccountMapDao.listByGroupId(groupId);
List<IAMGroupAccountMapVO> grpAcctMap = _aclGroupAccountMapDao.listByGroupId(groupId);
if (grpAcctMap == null || grpAcctMap.size() == 0) {
return new ArrayList<Long>();
}
List<Long> accts = new ArrayList<Long>();
for (AclGroupAccountMapVO grpAcct : grpAcctMap) {
for (IAMGroupAccountMapVO grpAcct : grpAcctMap) {
accts.add(grpAcct.getAccountId());
}
return accts;
}
@Override
public Pair<List<AclGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) {
public Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) {
if (aclGroupId != null) {
AclGroup group = _aclGroupDao.findById(aclGroupId);
IAMGroup group = _aclGroupDao.findById(aclGroupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId);
}
}
Filter searchFilter = new Filter(AclGroupVO.class, "id", true, startIndex, pageSize);
Filter searchFilter = new Filter(IAMGroupVO.class, "id", true, startIndex, pageSize);
SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
SearchBuilder<IAMGroupVO> sb = _aclGroupDao.createSearchBuilder();
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
SearchCriteria<AclGroupVO> sc = sb.create();
SearchCriteria<IAMGroupVO> sc = sb.create();
if (aclGroupName != null) {
sc.setParameters("name", aclGroupName);
@ -252,13 +252,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sc.setParameters("path", path + "%");
Pair<List<AclGroupVO>, Integer> groups = _aclGroupDao.searchAndCount(sc, searchFilter);
return new Pair<List<AclGroup>, Integer>(new ArrayList<AclGroup>(groups.first()), groups.second());
Pair<List<IAMGroupVO>, Integer> groups = _aclGroupDao.searchAndCount(sc, searchFilter);
return new Pair<List<IAMGroup>, Integer>(new ArrayList<IAMGroup>(groups.first()), groups.second());
}
@Override
public List<AclGroup> listParentAclGroups(long groupId) {
AclGroup group = _aclGroupDao.findById(groupId);
public List<IAMGroup> listParentAclGroups(long groupId) {
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + groupId);
}
@ -277,45 +277,45 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
if (pathList.isEmpty()) {
return new ArrayList<AclGroup>();
return new ArrayList<IAMGroup>();
}
SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
SearchBuilder<IAMGroupVO> sb = _aclGroupDao.createSearchBuilder();
sb.and("paths", sb.entity().getPath(), SearchCriteria.Op.IN);
SearchCriteria<AclGroupVO> sc = sb.create();
SearchCriteria<IAMGroupVO> sc = sb.create();
sc.setParameters("paths", pathList.toArray());
List<AclGroupVO> groups = _aclGroupDao.search(sc, null);
List<IAMGroupVO> groups = _aclGroupDao.search(sc, null);
return new ArrayList<AclGroup>(groups);
return new ArrayList<IAMGroup>(groups);
}
@DB
@Override
public AclPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) {
public IAMPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) {
// check if the policy is already existing
AclPolicy ro = _aclPolicyDao.findByName(aclPolicyName);
IAMPolicy ro = _aclPolicyDao.findByName(aclPolicyName);
if (ro != null) {
throw new InvalidParameterValueException(
"Unable to create acl policy with name " + aclPolicyName
+ " already exisits");
}
AclPolicy role = Transaction.execute(new TransactionCallback<AclPolicy>() {
IAMPolicy role = Transaction.execute(new TransactionCallback<IAMPolicy>() {
@Override
public AclPolicy doInTransaction(TransactionStatus status) {
AclPolicyVO rvo = new AclPolicyVO(aclPolicyName, description);
public IAMPolicy doInTransaction(TransactionStatus status) {
IAMPolicyVO rvo = new IAMPolicyVO(aclPolicyName, description);
rvo.setPath(path);
AclPolicy role = _aclPolicyDao.persist(rvo);
IAMPolicy role = _aclPolicyDao.persist(rvo);
if (parentPolicyId != null) {
// copy parent role permissions
List<AclPolicyPermissionVO> perms = _policyPermissionDao.listByPolicy(parentPolicyId);
List<IAMPolicyPermissionVO> perms = _policyPermissionDao.listByPolicy(parentPolicyId);
if (perms != null) {
for (AclPolicyPermissionVO perm : perms) {
for (IAMPolicyPermissionVO perm : perms) {
perm.setAclPolicyId(role.getId());
_policyPermissionDao.persist(perm);
}
@ -333,7 +333,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public boolean deleteAclPolicy(final long aclPolicyId) {
// get the Acl Policy entity
final AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
final IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ "; failed to delete acl policy.");
@ -343,25 +343,25 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove this role related entry in acl_group_role_map
List<AclGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByPolicyId(policy.getId());
List<IAMGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByPolicyId(policy.getId());
if (groupPolicyMap != null) {
for (AclGroupPolicyMapVO gr : groupPolicyMap) {
for (IAMGroupPolicyMapVO gr : groupPolicyMap) {
_aclGroupPolicyMapDao.remove(gr.getId());
}
}
// remove this policy related entry in acl_account_policy_map table
List<AclAccountPolicyMapVO> policyAcctMap = _aclAccountPolicyMapDao.listByPolicyId(policy.getId());
List<IAMAccountPolicyMapVO> policyAcctMap = _aclAccountPolicyMapDao.listByPolicyId(policy.getId());
if (policyAcctMap != null) {
for (AclAccountPolicyMapVO policyAcct : policyAcctMap) {
for (IAMAccountPolicyMapVO policyAcct : policyAcctMap) {
_aclAccountPolicyMapDao.remove(policyAcct.getId());
}
}
// remove this policy related entry in acl_policy_permission table
List<AclPolicyPermissionVO> policyPermMap = _policyPermissionDao.listByPolicy(policy.getId());
List<IAMPolicyPermissionVO> policyPermMap = _policyPermissionDao.listByPolicy(policy.getId());
if (policyPermMap != null) {
for (AclPolicyPermissionVO policyPerm : policyPermMap) {
for (IAMPolicyPermissionVO policyPerm : policyPermMap) {
_policyPermissionDao.remove(policyPerm.getId());
}
}
@ -377,13 +377,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
public List<AclPolicy> listAclPolicies(long accountId) {
public List<IAMPolicy> listAclPolicies(long accountId) {
// static policies of the account
SearchBuilder<AclGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
SearchBuilder<IAMGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ);
GenericSearchBuilder<AclGroupPolicyMapVO, Long> policySB = _aclGroupPolicyMapDao.createSearchBuilder(Long.class);
GenericSearchBuilder<IAMGroupPolicyMapVO, Long> policySB = _aclGroupPolicyMapDao.createSearchBuilder(Long.class);
policySB.selectFields(policySB.entity().getAclPolicyId());
policySB.join("accountgroupjoin", groupSB, groupSB.entity().getAclGroupId(), policySB.entity().getAclGroupId(),
JoinType.INNER);
@ -393,16 +393,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
List<Long> policyIds = _aclGroupPolicyMapDao.customSearch(policySc, null);
// add policies directly attached to the account
List<AclAccountPolicyMapVO> acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId);
for (AclAccountPolicyMapVO p : acctPolicies) {
List<IAMAccountPolicyMapVO> acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId);
for (IAMAccountPolicyMapVO p : acctPolicies) {
policyIds.add(p.getAclPolicyId());
}
if (policyIds.size() == 0) {
return new ArrayList<AclPolicy>();
return new ArrayList<IAMPolicy>();
}
SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
SearchCriteria<AclPolicyVO> sc = sb.create();
SearchCriteria<IAMPolicyVO> sc = sb.create();
sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
@SuppressWarnings("rawtypes")
List policies = _aclPolicyDao.customSearch(sc, null);
@ -413,20 +413,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
public List<AclPolicy> listAclPoliciesByGroup(long groupId) {
List<AclGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
public List<IAMPolicy> listAclPoliciesByGroup(long groupId) {
List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
return new ArrayList<AclPolicy>();
return new ArrayList<IAMPolicy>();
}
List<Long> policyIds = new ArrayList<Long>();
for (AclGroupPolicyMapVO pg : policyGrpMap) {
for (IAMGroupPolicyMapVO pg : policyGrpMap) {
policyIds.add(pg.getAclPolicyId());
}
SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
SearchCriteria<AclPolicyVO> sc = sb.create();
SearchCriteria<IAMPolicyVO> sc = sb.create();
sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
@SuppressWarnings("rawtypes")
List policies = _aclPolicyDao.customSearch(sc, null);
@ -436,26 +436,26 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
public List<AclPolicy> listRecursiveAclPoliciesByGroup(long groupId) {
List<AclGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
public List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId) {
List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
return new ArrayList<AclPolicy>();
return new ArrayList<IAMPolicy>();
}
List<Long> policyIds = new ArrayList<Long>();
for (AclGroupPolicyMapVO pg : policyGrpMap) {
for (IAMGroupPolicyMapVO pg : policyGrpMap) {
policyIds.add(pg.getAclPolicyId());
}
SearchBuilder<AclPolicyPermissionVO> permSb = _policyPermissionDao.createSearchBuilder();
SearchBuilder<IAMPolicyPermissionVO> permSb = _policyPermissionDao.createSearchBuilder();
permSb.and("isRecursive", permSb.entity().isRecursive(), Op.EQ);
SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
sb.join("recursivePerm", permSb, sb.entity().getId(), permSb.entity().getAclPolicyId(),
JoinBuilder.JoinType.INNER);
SearchCriteria<AclPolicyVO> sc = sb.create();
SearchCriteria<IAMPolicyVO> sc = sb.create();
sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
sc.setJoinParameters("recursivePerm", "isRecursive", true);
@ -468,23 +468,23 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
public Pair<List<AclPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
public Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
if (aclPolicyId != null) {
AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId);
}
}
Filter searchFilter = new Filter(AclPolicyVO.class, "id", true, startIndex, pageSize);
Filter searchFilter = new Filter(IAMPolicyVO.class, "id", true, startIndex, pageSize);
SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
SearchCriteria<AclPolicyVO> sc = sb.create();
SearchCriteria<IAMPolicyVO> sc = sb.create();
if (aclPolicyName != null) {
sc.setParameters("name", aclPolicyName);
@ -496,17 +496,17 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sc.setParameters("path", path + "%");
Pair<List<AclPolicyVO>, Integer> policies = _aclPolicyDao.searchAndCount(sc, searchFilter);
Pair<List<IAMPolicyVO>, Integer> policies = _aclPolicyDao.searchAndCount(sc, searchFilter);
@SuppressWarnings("rawtypes")
List policyList = policies.first();
return new Pair<List<AclPolicy>, Integer>(policyList, policies.second());
return new Pair<List<IAMPolicy>, Integer>(policyList, policies.second());
}
@DB
@Override
public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
public IAMGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
AclGroup group = _aclGroupDao.findById(groupId);
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId
+ "; failed to add roles to acl group.");
@ -517,16 +517,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_policy_map table
for (Long policyId : policyIds) {
AclPolicy policy = _aclPolicyDao.findById(policyId);
IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
+ "; failed to add policies to acl group.");
}
AclGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
IAMGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
if (grMap == null) {
// not there already
grMap = new AclGroupPolicyMapVO(groupId, policyId);
grMap = new IAMGroupPolicyMapVO(groupId, policyId);
_aclGroupPolicyMapDao.persist(grMap);
}
}
@ -538,9 +538,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
public IAMGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
AclGroup group = _aclGroupDao.findById(groupId);
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId
+ "; failed to remove roles from acl group.");
@ -551,13 +551,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_role_map table
for (Long policyId : policyIds) {
AclPolicy policy = _aclPolicyDao.findById(policyId);
IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
+ "; failed to add policies to acl group.");
}
AclGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
IAMGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
if (grMap != null) {
// not removed yet
_aclGroupPolicyMapDao.remove(grMap.getId());
@ -571,7 +571,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void attachAclPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
AclPolicy policy = _aclPolicyDao.findById(policyId);
IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
+ "; failed to add policy to account.");
@ -582,10 +582,10 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_policy_map table
for (Long acctId : acctIds) {
AclAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
IAMAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
if (acctMap == null) {
// not there already
acctMap = new AclAccountPolicyMapVO(acctId, policyId);
acctMap = new IAMAccountPolicyMapVO(acctId, policyId);
_aclAccountPolicyMapDao.persist(acctMap);
}
}
@ -595,7 +595,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> acctIds) {
AclPolicy policy = _aclPolicyDao.findById(policyId);
IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
+ "; failed to add policy to account.");
@ -606,10 +606,10 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_policy_map table
for (Long acctId : acctIds) {
AclAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
IAMAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
if (acctMap == null) {
// not there already
acctMap = new AclAccountPolicyMapVO(acctId, policyId);
acctMap = new IAMAccountPolicyMapVO(acctId, policyId);
_aclAccountPolicyMapDao.remove(acctMap.getId());
}
}
@ -619,20 +619,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
public IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action, String accessType, Permission perm, Boolean recursive) {
// get the Acl Policy entity
AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ "; failed to add permission to policy.");
}
// add entry in acl_policy_permission table
AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
if (permit == null) {
// not there already
permit = new AclPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm,
permit = new IAMPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm,
recursive);
_policyPermissionDao.persist(permit);
}
@ -642,16 +642,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
public IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action) {
// get the Acl Policy entity
AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ "; failed to revoke permission from policy.");
}
// remove entry from acl_entity_permission table
AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, Permission.Allow);
IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, Permission.Allow);
if (permit != null) {
// not removed yet
_policyPermissionDao.remove(permit.getId());
@ -666,8 +666,8 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove entry from acl_entity_permission table
List<AclPolicyPermissionVO> permitList = _policyPermissionDao.listByEntity(entityType, entityId);
for (AclPolicyPermissionVO permit : permitList) {
List<IAMPolicyPermissionVO> permitList = _policyPermissionDao.listByEntity(entityType, entityId);
for (IAMPolicyPermissionVO permit : permitList) {
long policyId = permit.getAclPolicyId();
_policyPermissionDao.remove(permit.getId());
@ -682,19 +682,19 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
public AclPolicy resetAclPolicy(long aclPolicyId) {
public IAMPolicy resetAclPolicy(long aclPolicyId) {
// get the Acl Policy entity
AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ "; failed to reset the policy.");
}
SearchBuilder<AclPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
SearchBuilder<IAMPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
sb.and("policyId", sb.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ);
sb.done();
SearchCriteria<AclPolicyPermissionVO> permissionSC = sb.create();
SearchCriteria<IAMPolicyPermissionVO> permissionSC = sb.create();
permissionSC.setParameters("policyId", aclPolicyId);
_policyPermissionDao.expunge(permissionSC);
@ -702,7 +702,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
public boolean isActionAllowedForPolicies(String action, List<AclPolicy> policies) {
public boolean isActionAllowedForPolicies(String action, List<IAMPolicy> policies) {
boolean allowed = false;
@ -711,19 +711,19 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
List<Long> policyIds = new ArrayList<Long>();
for (AclPolicy policy : policies) {
for (IAMPolicy policy : policies) {
policyIds.add(policy.getId());
}
SearchBuilder<AclPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
SearchBuilder<IAMPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
sb.and("action", sb.entity().getAction(), Op.EQ);
sb.and("policyId", sb.entity().getAclPolicyId(), Op.IN);
SearchCriteria<AclPolicyPermissionVO> sc = sb.create();
SearchCriteria<IAMPolicyPermissionVO> sc = sb.create();
sc.setParameters("policyId", policyIds.toArray(new Object[policyIds.size()]));
sc.setParameters("action", action);
List<AclPolicyPermissionVO> permissions = _policyPermissionDao.customSearch(sc, null);
List<IAMPolicyPermissionVO> permissions = _policyPermissionDao.customSearch(sc, null);
if (permissions != null && !permissions.isEmpty()) {
allowed = true;
@ -736,14 +736,14 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public List<Long> getGrantedEntities(long accountId, String action, String scope) {
// Get the static Policies of the Caller
List<AclPolicy> policies = listAclPolicies(accountId);
List<IAMPolicy> policies = listAclPolicies(accountId);
// for each policy, find granted permission within the given scope
List<Long> entityIds = new ArrayList<Long>();
for (AclPolicy policy : policies) {
List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action,
for (IAMPolicy policy : policies) {
List<IAMPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action,
scope);
if (pp != null) {
for (AclPolicyPermissionVO p : pp) {
for (IAMPolicyPermissionVO p : pp) {
if (p.getScopeId() != null) {
entityIds.add(p.getScopeId());
}
@ -755,7 +755,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
@SuppressWarnings("unchecked")
public List<AclPolicyPermission> listPolicyPermissions(long policyId) {
public List<IAMPolicyPermission> listPolicyPermissions(long policyId) {
@SuppressWarnings("rawtypes")
List pp = _policyPermissionDao.listByPolicy(policyId);
return pp;
@ -763,7 +763,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
public List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope) {
public List<IAMPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope) {
@SuppressWarnings("rawtypes")
List pp = _policyPermissionDao.listGrantedByActionAndScope(policyId, action, scope);
return pp;
@ -771,7 +771,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
public List<AclPolicyPermission> listPolicyPermissionByActionAndEntity(long policyId, String action,
public List<IAMPolicyPermission> listPolicyPermissionByActionAndEntity(long policyId, String action,
String entityType) {
@SuppressWarnings("rawtypes")
List pp = _policyPermissionDao.listByPolicyActionAndEntity(policyId, action, entityType);
@ -780,7 +780,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
public List<AclPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
public List<IAMPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
String entityType) {
@SuppressWarnings("rawtypes")
List pp = _policyPermissionDao.listByPolicyAccessAndEntity(policyId, accessType, entityType);
@ -788,19 +788,19 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
public AclPolicy getResourceOwnerPolicy() {
public IAMPolicy getResourceOwnerPolicy() {
return _aclPolicyDao.findByName("RESOURCE_OWNER");
}
// search for policy with only one resource grant permission
@Override
public AclPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action) {
List<AclPolicyVO> policyList = _aclPolicyDao.listAll();
for (AclPolicyVO policy : policyList){
List<AclPolicyPermission> pp = listPolicyPermissions(policy.getId());
public IAMPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action) {
List<IAMPolicyVO> policyList = _aclPolicyDao.listAll();
for (IAMPolicyVO policy : policyList){
List<IAMPolicyPermission> pp = listPolicyPermissions(policy.getId());
if ( pp != null && pp.size() == 1){
// resource grant policy should only have one ACL permission assigned
AclPolicyPermission permit = pp.get(0);
IAMPolicyPermission permit = pp.get(0);
if ( permit.getEntityType().equals(entityType) && permit.getScope().equals(PermissionScope.RESOURCE.toString()) && permit.getScopeId().longValue() == entityId.longValue()){
if (accessType != null && permit.getAccessType().equals(accessType)){
return policy;

17
services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDao.java
View File

@ -1,17 +0,0 @@
package org.apache.cloudstack.iam.server.dao;
import java.util.List;
import org.apache.cloudstack.iam.server.AclAccountPolicyMapVO;
import com.cloud.utils.db.GenericDao;
public interface AclAccountPolicyMapDao extends GenericDao<AclAccountPolicyMapVO, Long> {
List<AclAccountPolicyMapVO> listByAccountId(long acctId);
List<AclAccountPolicyMapVO> listByPolicyId(long policyId);
AclAccountPolicyMapVO findByAccountAndPolicy(long acctId, long policyId);
}

16
services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDao.java
View File

@ -1,16 +0,0 @@
package org.apache.cloudstack.iam.server.dao;
import java.util.List;
import org.apache.cloudstack.iam.server.AclGroupPolicyMapVO;
import com.cloud.utils.db.GenericDao;
public interface AclGroupPolicyMapDao extends GenericDao<AclGroupPolicyMapVO, Long> {
List<AclGroupPolicyMapVO> listByGroupId(long groupId);
List<AclGroupPolicyMapVO> listByPolicyId(long policyId);
AclGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId);
}

17
services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java Normal file
View File

@ -0,0 +1,17 @@
package org.apache.cloudstack.iam.server.dao;
import java.util.List;
import org.apache.cloudstack.iam.server.IAMAccountPolicyMapVO;
import com.cloud.utils.db.GenericDao;
public interface IAMAccountPolicyMapDao extends GenericDao<IAMAccountPolicyMapVO, Long> {
List<IAMAccountPolicyMapVO> listByAccountId(long acctId);
List<IAMAccountPolicyMapVO> listByPolicyId(long policyId);
IAMAccountPolicyMapVO findByAccountAndPolicy(long acctId, long policyId);
}

22
services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDaoImpl.java → services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
View File

@ -5,17 +5,17 @@ import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.iam.server.AclAccountPolicyMapVO;
import org.apache.cloudstack.iam.server.IAMAccountPolicyMapVO;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
public class AclAccountPolicyMapDaoImpl extends GenericDaoBase<AclAccountPolicyMapVO, Long> implements AclAccountPolicyMapDao {
public class IAMAccountPolicyMapDaoImpl extends GenericDaoBase<IAMAccountPolicyMapVO, Long> implements IAMAccountPolicyMapDao {
private SearchBuilder<AclAccountPolicyMapVO> ListByAccountId;
private SearchBuilder<AclAccountPolicyMapVO> ListByPolicyId;
private SearchBuilder<AclAccountPolicyMapVO> findByPolicyAccountId;
private SearchBuilder<IAMAccountPolicyMapVO> ListByAccountId;
private SearchBuilder<IAMAccountPolicyMapVO> ListByPolicyId;
private SearchBuilder<IAMAccountPolicyMapVO> findByPolicyAccountId;
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
@ -38,22 +38,22 @@ public class AclAccountPolicyMapDaoImpl extends GenericDaoBase<AclAccountPolicyM
}
@Override
public List<AclAccountPolicyMapVO> listByAccountId(long acctId) {
SearchCriteria<AclAccountPolicyMapVO> sc = ListByAccountId.create();
public List<IAMAccountPolicyMapVO> listByAccountId(long acctId) {
SearchCriteria<IAMAccountPolicyMapVO> sc = ListByAccountId.create();
sc.setParameters("accountId", acctId);
return listBy(sc);
}
@Override
public List<AclAccountPolicyMapVO> listByPolicyId(long policyId) {
SearchCriteria<AclAccountPolicyMapVO> sc = ListByPolicyId.create();
public List<IAMAccountPolicyMapVO> listByPolicyId(long policyId) {
SearchCriteria<IAMAccountPolicyMapVO> sc = ListByPolicyId.create();
sc.setParameters("policyId", policyId);
return listBy(sc);
}
@Override
public AclAccountPolicyMapVO findByAccountAndPolicy(long acctId, long policyId) {
SearchCriteria<AclAccountPolicyMapVO> sc = findByPolicyAccountId.create();
public IAMAccountPolicyMapVO findByAccountAndPolicy(long acctId, long policyId) {
SearchCriteria<IAMAccountPolicyMapVO> sc = findByPolicyAccountId.create();
sc.setParameters("policyId", policyId);
sc.setParameters("accountId", acctId);
return findOneBy(sc);

16
services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDao.java → services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDao.java
View File

@ -18,23 +18,23 @@ package org.apache.cloudstack.iam.server.dao;
import java.util.List;
import org.apache.cloudstack.iam.server.AclGroupAccountMapVO;
import org.apache.cloudstack.iam.server.IAMGroupAccountMapVO;
import com.cloud.utils.db.GenericDao;
public interface AclGroupAccountMapDao extends GenericDao<AclGroupAccountMapVO, Long> {
public interface IAMGroupAccountMapDao extends GenericDao<IAMGroupAccountMapVO, Long> {
List<AclGroupAccountMapVO> listByGroupId(long groupId);
List<IAMGroupAccountMapVO> listByGroupId(long groupId);
List<AclGroupAccountMapVO> listByAccountId(long accountId);
List<IAMGroupAccountMapVO> listByAccountId(long accountId);
AclGroupAccountMapVO findAccountInAdminGroup(long accountId);
IAMGroupAccountMapVO findAccountInAdminGroup(long accountId);
AclGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId);
IAMGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId);
void removeAccountFromGroups(long accountId);
AclGroupAccountMapVO findAccountInDomainAdminGroup(long accountId);
IAMGroupAccountMapVO findAccountInDomainAdminGroup(long accountId);
AclGroupAccountMapVO findAccountInUserGroup(long accountId);
IAMGroupAccountMapVO findAccountInUserGroup(long accountId);
}

40
services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDaoImpl.java → services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDaoImpl.java
View File

@ -21,7 +21,7 @@ import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.iam.server.AclGroupAccountMapVO;
import org.apache.cloudstack.iam.server.IAMGroupAccountMapVO;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
@ -31,12 +31,12 @@ import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Component
public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMapVO, Long> implements AclGroupAccountMapDao {
private SearchBuilder<AclGroupAccountMapVO> ListByGroupId;
private SearchBuilder<AclGroupAccountMapVO> ListByAccountId;
private SearchBuilder<AclGroupAccountMapVO> _findByAccountAndGroupId;
public class IAMGroupAccountMapDaoImpl extends GenericDaoBase<IAMGroupAccountMapVO, Long> implements IAMGroupAccountMapDao {
private SearchBuilder<IAMGroupAccountMapVO> ListByGroupId;
private SearchBuilder<IAMGroupAccountMapVO> ListByAccountId;
private SearchBuilder<IAMGroupAccountMapVO> _findByAccountAndGroupId;
public static final Logger s_logger = Logger.getLogger(AclGroupAccountMapDaoImpl.class.getName());
public static final Logger s_logger = Logger.getLogger(IAMGroupAccountMapDaoImpl.class.getName());
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
@ -61,46 +61,46 @@ public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMap
}
@Override
public List<AclGroupAccountMapVO> listByGroupId(long groupId) {
SearchCriteria<AclGroupAccountMapVO> sc = ListByGroupId.create();
public List<IAMGroupAccountMapVO> listByGroupId(long groupId) {
SearchCriteria<IAMGroupAccountMapVO> sc = ListByGroupId.create();
sc.setParameters("groupId", groupId);
return listBy(sc);
}
@Override
public List<AclGroupAccountMapVO> listByAccountId(long accountId) {
SearchCriteria<AclGroupAccountMapVO> sc = ListByAccountId.create();
public List<IAMGroupAccountMapVO> listByAccountId(long accountId) {
SearchCriteria<IAMGroupAccountMapVO> sc = ListByAccountId.create();
sc.setParameters("accountId", accountId);
return listBy(sc);
}
@Override
public AclGroupAccountMapVO findAccountInAdminGroup(long accountId) {
SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
public IAMGroupAccountMapVO findAccountInAdminGroup(long accountId) {
SearchCriteria<IAMGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
sc.setParameters("accountId", accountId);
sc.setParameters("groupId", 2);
return findOneBy(sc);
}
@Override
public AclGroupAccountMapVO findAccountInDomainAdminGroup(long accountId) {
SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
public IAMGroupAccountMapVO findAccountInDomainAdminGroup(long accountId) {
SearchCriteria<IAMGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
sc.setParameters("accountId", accountId);
sc.setParameters("groupId", 3);
return findOneBy(sc);
}
@Override
public AclGroupAccountMapVO findAccountInUserGroup(long accountId) {
SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
public IAMGroupAccountMapVO findAccountInUserGroup(long accountId) {
SearchCriteria<IAMGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
sc.setParameters("accountId", accountId);
sc.setParameters("groupId", 1);
return findOneBy(sc);
}
@Override
public AclGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId) {
SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
public IAMGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId) {
SearchCriteria<IAMGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
sc.setParameters("accountId", acctId);
sc.setParameters("groupId", groupId);
return findOneBy(sc);
@ -108,7 +108,7 @@ public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMap
@Override
public void removeAccountFromGroups(long accountId) {
SearchCriteria<AclGroupAccountMapVO> sc = ListByAccountId.create();
SearchCriteria<IAMGroupAccountMapVO> sc = ListByAccountId.create();
sc.setParameters("accountId", accountId);
int rowsRemoved = remove(sc);
@ -116,4 +116,4 @@ public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMap
s_logger.debug("Removed account id=" + accountId + " from " + rowsRemoved + " groups");
}
}
}
}

8
services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDao.java → services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java
View File

@ -16,13 +16,13 @@
// under the License.
package org.apache.cloudstack.iam.server.dao;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.server.AclGroupVO;
import org.apache.cloudstack.iam.api.IAMGroup;
import org.apache.cloudstack.iam.server.IAMGroupVO;
import com.cloud.utils.db.GenericDao;
public interface AclGroupDao extends GenericDao<AclGroupVO, Long> {
public interface IAMGroupDao extends GenericDao<IAMGroupVO, Long> {
AclGroup findByName(String path, String groupName);
IAMGroup findByName(String path, String groupName);
}

14
services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDaoImpl.java → services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java
View File

@ -20,8 +20,8 @@ import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.server.AclGroupVO;
import org.apache.cloudstack.iam.api.IAMGroup;
import org.apache.cloudstack.iam.server.IAMGroupVO;
import org.springframework.stereotype.Component;
@ -30,8 +30,8 @@ import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Component
public class AclGroupDaoImpl extends GenericDaoBase<AclGroupVO, Long> implements AclGroupDao {
private SearchBuilder<AclGroupVO> nameSearch;
public class IAMGroupDaoImpl extends GenericDaoBase<IAMGroupVO, Long> implements IAMGroupDao {
private SearchBuilder<IAMGroupVO> nameSearch;
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
@ -47,8 +47,8 @@ public class AclGroupDaoImpl extends GenericDaoBase<AclGroupVO, Long> implements
}
@Override
public AclGroup findByName(String path, String name) {
SearchCriteria<AclGroupVO> sc = nameSearch.create();
public IAMGroup findByName(String path, String name) {
SearchCriteria<IAMGroupVO> sc = nameSearch.create();
sc.setParameters("name", name);
if (path != null) {
sc.setParameters("path", path);
@ -56,4 +56,4 @@ public class AclGroupDaoImpl extends GenericDaoBase<AclGroupVO, Long> implements
return findOneBy(sc);
}
}
}

16
services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java Normal file
View File

@ -0,0 +1,16 @@
package org.apache.cloudstack.iam.server.dao;
import java.util.List;
import org.apache.cloudstack.iam.server.IAMGroupPolicyMapVO;
import com.cloud.utils.db.GenericDao;
public interface IAMGroupPolicyMapDao extends GenericDao<IAMGroupPolicyMapVO, Long> {
List<IAMGroupPolicyMapVO> listByGroupId(long groupId);
List<IAMGroupPolicyMapVO> listByPolicyId(long policyId);
IAMGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId);
}

22
services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDaoImpl.java → services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java
View File

@ -5,17 +5,17 @@ import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.iam.server.AclGroupPolicyMapVO;
import org.apache.cloudstack.iam.server.IAMGroupPolicyMapVO;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
public class AclGroupPolicyMapDaoImpl extends GenericDaoBase<AclGroupPolicyMapVO, Long> implements AclGroupPolicyMapDao {
public class IAMGroupPolicyMapDaoImpl extends GenericDaoBase<IAMGroupPolicyMapVO, Long> implements IAMGroupPolicyMapDao {
private SearchBuilder<AclGroupPolicyMapVO> ListByGroupId;
private SearchBuilder<AclGroupPolicyMapVO> ListByPolicyId;
private SearchBuilder<AclGroupPolicyMapVO> findByPolicyGroupId;
private SearchBuilder<IAMGroupPolicyMapVO> ListByGroupId;
private SearchBuilder<IAMGroupPolicyMapVO> ListByPolicyId;
private SearchBuilder<IAMGroupPolicyMapVO> findByPolicyGroupId;
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
@ -38,22 +38,22 @@ public class AclGroupPolicyMapDaoImpl extends GenericDaoBase<AclGroupPolicyMapVO
}
@Override
public List<AclGroupPolicyMapVO> listByGroupId(long groupId) {
SearchCriteria<AclGroupPolicyMapVO> sc = ListByGroupId.create();
public List<IAMGroupPolicyMapVO> listByGroupId(long groupId) {
SearchCriteria<IAMGroupPolicyMapVO> sc = ListByGroupId.create();
sc.setParameters("groupId", groupId);
return listBy(sc);
}
@Override
public List<AclGroupPolicyMapVO> listByPolicyId(long policyId) {
SearchCriteria<AclGroupPolicyMapVO> sc = ListByPolicyId.create();
public List<IAMGroupPolicyMapVO> listByPolicyId(long policyId) {
SearchCriteria<IAMGroupPolicyMapVO> sc = ListByPolicyId.create();
sc.setParameters("policyId", policyId);
return listBy(sc);
}
@Override
public AclGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId) {
SearchCriteria<AclGroupPolicyMapVO> sc = findByPolicyGroupId.create();
public IAMGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId) {
SearchCriteria<IAMGroupPolicyMapVO> sc = findByPolicyGroupId.create();
sc.setParameters("policyId", policyId);
sc.setParameters("groupId", groupId);
return findOneBy(sc);

8
services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDao.java → services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java
View File

@ -16,13 +16,13 @@
// under the License.
package org.apache.cloudstack.iam.server.dao;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.server.AclPolicyVO;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.server.IAMPolicyVO;
import com.cloud.utils.db.GenericDao;
public interface AclPolicyDao extends GenericDao<AclPolicyVO, Long> {
public interface IAMPolicyDao extends GenericDao<IAMPolicyVO, Long> {
AclPolicy findByName(String policyName);
IAMPolicy findByName(String policyName);
}

14
services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDaoImpl.java → services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java
View File

@ -20,8 +20,8 @@ import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.server.AclPolicyVO;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.server.IAMPolicyVO;
import org.springframework.stereotype.Component;
import com.cloud.utils.db.GenericDaoBase;
@ -29,8 +29,8 @@ import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Component
public class AclPolicyDaoImpl extends GenericDaoBase<AclPolicyVO, Long> implements AclPolicyDao {
private SearchBuilder<AclPolicyVO> nameSearch;
public class IAMPolicyDaoImpl extends GenericDaoBase<IAMPolicyVO, Long> implements IAMPolicyDao {
private SearchBuilder<IAMPolicyVO> nameSearch;
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
@ -47,11 +47,11 @@ public class AclPolicyDaoImpl extends GenericDaoBase<AclPolicyVO, Long> implemen
}
@Override
public AclPolicy findByName(String name) {
SearchCriteria<AclPolicyVO> sc = nameSearch.create();
public IAMPolicy findByName(String name) {
SearchCriteria<IAMPolicyVO> sc = nameSearch.create();
sc.setParameters("name", name);
return findOneBy(sc);
}
}
}

18
services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java → services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java
View File

@ -17,23 +17,23 @@
package org.apache.cloudstack.iam.server.dao;
import java.util.List;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import org.apache.cloudstack.iam.server.AclPolicyPermissionVO;
import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import org.apache.cloudstack.iam.server.IAMPolicyPermissionVO;
import com.cloud.utils.db.GenericDao;
public interface AclPolicyPermissionDao extends GenericDao<AclPolicyPermissionVO, Long> {
public interface IAMPolicyPermissionDao extends GenericDao<IAMPolicyPermissionVO, Long> {
List<AclPolicyPermissionVO> listByPolicy(long policyId);
List<IAMPolicyPermissionVO> listByPolicy(long policyId);
AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId,
IAMPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId,
String action, Permission perm);
List<AclPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope);
List<IAMPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope);
List<AclPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType);
List<IAMPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType);
List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType, String entityType);
List<IAMPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType, String entityType);
List<AclPolicyPermissionVO> listByEntity(String entityType, Long entityId);
List<IAMPolicyPermissionVO> listByEntity(String entityType, Long entityId);
}

42
services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java → services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java
View File

@ -21,20 +21,20 @@ import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import org.apache.cloudstack.iam.server.AclPolicyPermissionVO;
import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import org.apache.cloudstack.iam.server.IAMPolicyPermissionVO;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissionVO, Long> implements
AclPolicyPermissionDao {
public class IAMPolicyPermissionDaoImpl extends GenericDaoBase<IAMPolicyPermissionVO, Long> implements
IAMPolicyPermissionDao {
private SearchBuilder<AclPolicyPermissionVO> policyIdSearch;
private SearchBuilder<AclPolicyPermissionVO> fullSearch;
private SearchBuilder<AclPolicyPermissionVO> actionScopeSearch;
private SearchBuilder<AclPolicyPermissionVO> entitySearch;
private SearchBuilder<IAMPolicyPermissionVO> policyIdSearch;
private SearchBuilder<IAMPolicyPermissionVO> fullSearch;
private SearchBuilder<IAMPolicyPermissionVO> actionScopeSearch;
private SearchBuilder<IAMPolicyPermissionVO> entitySearch;
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
@ -70,16 +70,16 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
}
@Override
public List<AclPolicyPermissionVO> listByPolicy(long policyId) {
SearchCriteria<AclPolicyPermissionVO> sc = policyIdSearch.create();
public List<IAMPolicyPermissionVO> listByPolicy(long policyId) {
SearchCriteria<IAMPolicyPermissionVO> sc = policyIdSearch.create();
sc.setParameters("policyId", policyId);
return listBy(sc);
}
@Override
public AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId,
public IAMPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId,
String action, Permission perm) {
SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create();
sc.setParameters("policyId", policyId);
sc.setParameters("entityType", entityType);
sc.setParameters("scope", scope);
@ -90,8 +90,8 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
}
@Override
public List<AclPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope) {
SearchCriteria<AclPolicyPermissionVO> sc = actionScopeSearch.create();
public List<IAMPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope) {
SearchCriteria<IAMPolicyPermissionVO> sc = actionScopeSearch.create();
sc.setParameters("policyId", policyId);
sc.setParameters("action", action);
sc.setParameters("scope", scope);
@ -100,8 +100,8 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
}
@Override
public List<AclPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType) {
SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
public List<IAMPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType) {
SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create();
sc.setParameters("policyId", policyId);
sc.setParameters("entityType", entityType);
sc.setParameters("action", action);
@ -109,9 +109,9 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
}
@Override
public List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType,
public List<IAMPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType,
String entityType) {
SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create();
sc.setParameters("policyId", policyId);
sc.setParameters("entityType", entityType);
sc.setParameters("accessType", accessType);
@ -119,11 +119,11 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
}
@Override
public List<AclPolicyPermissionVO> listByEntity(String entityType, Long entityId) {
SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
public List<IAMPolicyPermissionVO> listByEntity(String entityType, Long entityId) {
SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create();
sc.setParameters("entityType", entityType);
sc.setParameters("scopeId", entityId);
return listBy(sc);
}
}
}

76
services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
View File

@ -45,18 +45,18 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.support.AnnotationConfigContextLoader;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.IAMGroup;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMService;
import org.apache.cloudstack.iam.server.AclGroupVO;
import org.apache.cloudstack.iam.server.AclPolicyVO;
import org.apache.cloudstack.iam.server.IAMGroupVO;
import org.apache.cloudstack.iam.server.IAMPolicyVO;
import org.apache.cloudstack.iam.server.IAMServiceImpl;
import org.apache.cloudstack.iam.server.dao.AclAccountPolicyMapDao;
import org.apache.cloudstack.iam.server.dao.AclGroupAccountMapDao;
import org.apache.cloudstack.iam.server.dao.AclGroupDao;
import org.apache.cloudstack.iam.server.dao.AclGroupPolicyMapDao;
import org.apache.cloudstack.iam.server.dao.AclPolicyDao;
import org.apache.cloudstack.iam.server.dao.AclPolicyPermissionDao;
import org.apache.cloudstack.iam.server.dao.IAMAccountPolicyMapDao;
import org.apache.cloudstack.iam.server.dao.IAMGroupAccountMapDao;
import org.apache.cloudstack.iam.server.dao.IAMGroupDao;
import org.apache.cloudstack.iam.server.dao.IAMGroupPolicyMapDao;
import org.apache.cloudstack.iam.server.dao.IAMPolicyDao;
import org.apache.cloudstack.iam.server.dao.IAMPolicyPermissionDao;
import org.apache.cloudstack.test.utils.SpringUtils;
import com.cloud.exception.InvalidParameterValueException;
@ -72,22 +72,22 @@ public class IAMServiceUnitTest {
IAMService _iamService;
@Inject
AclPolicyDao _aclPolicyDao;
IAMPolicyDao _aclPolicyDao;
@Inject
AclGroupDao _aclGroupDao;
IAMGroupDao _aclGroupDao;
@Inject
EntityManager _entityMgr;
@Inject
AclGroupPolicyMapDao _aclGroupPolicyMapDao;
IAMGroupPolicyMapDao _aclGroupPolicyMapDao;
@Inject
AclGroupAccountMapDao _aclGroupAccountMapDao;
IAMGroupAccountMapDao _aclGroupAccountMapDao;
@Inject
AclPolicyPermissionDao _policyPermissionDao;
IAMPolicyPermissionDao _policyPermissionDao;
@BeforeClass
public static void setUpClass() throws ConfigurationException {
@ -96,15 +96,15 @@ public class IAMServiceUnitTest {
@Before
public void setUp() {
ComponentContext.initComponentsLifeCycle();
AclGroupVO group = new AclGroupVO("group1", "my first group");
Mockito.when(_aclGroupDao.persist(Mockito.any(AclGroupVO.class))).thenReturn(group);
List<AclGroupVO> groups = new ArrayList<AclGroupVO>();
IAMGroupVO group = new IAMGroupVO("group1", "my first group");
Mockito.when(_aclGroupDao.persist(Mockito.any(IAMGroupVO.class))).thenReturn(group);
List<IAMGroupVO> groups = new ArrayList<IAMGroupVO>();
groups.add(group);
when(_aclGroupDao.search(Mockito.any(SearchCriteria.class), Mockito.any(com.cloud.utils.db.Filter.class)))
.thenReturn(groups);
AclPolicyVO policy = new AclPolicyVO("policy1", "my first policy");
Mockito.when(_aclPolicyDao.persist(Mockito.any(AclPolicyVO.class))).thenReturn(policy);
IAMPolicyVO policy = new IAMPolicyVO("policy1", "my first policy");
Mockito.when(_aclPolicyDao.persist(Mockito.any(IAMPolicyVO.class))).thenReturn(policy);
}
@ -114,13 +114,13 @@ public class IAMServiceUnitTest {
@Test(expected = InvalidParameterValueException.class)
public void createAclGroupTest() {
AclGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
IAMGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
assertNotNull("Acl group 'group1' failed to create ", group);
AclGroupVO group2 = new AclGroupVO("group1", "my second group");
IAMGroupVO group2 = new IAMGroupVO("group1", "my second group");
when(_aclGroupDao.findByName(eq("/root/mydomain"), eq("group1"))).thenReturn(group2);
AclGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
IAMGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
}
@Test(expected = InvalidParameterValueException.class)
@ -132,7 +132,7 @@ public class IAMServiceUnitTest {
@Test
public void accountGroupMaptest() {
// create group
AclGroupVO group = new AclGroupVO("group1", "my first group");
IAMGroupVO group = new IAMGroupVO("group1", "my first group");
// add account to group
List<Long> accountIds = new ArrayList<Long>();
@ -145,10 +145,10 @@ public class IAMServiceUnitTest {
@Test(expected = InvalidParameterValueException.class)
public void createAclPolicyTest() {
AclPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain");
IAMPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain");
assertNotNull("Acl policy 'policy1' failed to create ", policy);
AclPolicyVO rvo = new AclPolicyVO("policy2", "second policy");
IAMPolicyVO rvo = new IAMPolicyVO("policy2", "second policy");
when(_aclPolicyDao.findByName(eq("policy2"))).thenReturn(rvo);
_iamService.createAclPolicy("policy2", "second policy", null, "/root/mydomain");
@ -165,13 +165,13 @@ public class IAMServiceUnitTest {
public static class TestConfiguration extends SpringUtils.CloudStackTestConfiguration {
@Bean
public AclPolicyDao aclPolicyDao() {
return Mockito.mock(AclPolicyDao.class);
public IAMPolicyDao aclPolicyDao() {
return Mockito.mock(IAMPolicyDao.class);
}
@Bean
public AclGroupDao aclGroupDao() {
return Mockito.mock(AclGroupDao.class);
public IAMGroupDao aclGroupDao() {
return Mockito.mock(IAMGroupDao.class);
}
@Bean
@ -180,23 +180,23 @@ public class IAMServiceUnitTest {
}
@Bean
public AclGroupPolicyMapDao aclGroupPolicyMapDao() {
return Mockito.mock(AclGroupPolicyMapDao.class);
public IAMGroupPolicyMapDao aclGroupPolicyMapDao() {
return Mockito.mock(IAMGroupPolicyMapDao.class);
}
@Bean
public AclGroupAccountMapDao aclGroupAccountMapDao() {
return Mockito.mock(AclGroupAccountMapDao.class);
public IAMGroupAccountMapDao aclGroupAccountMapDao() {
return Mockito.mock(IAMGroupAccountMapDao.class);
}
@Bean
public AclAccountPolicyMapDao aclAccountPolicyMapDao() {
return Mockito.mock(AclAccountPolicyMapDao.class);
public IAMAccountPolicyMapDao aclAccountPolicyMapDao() {
return Mockito.mock(IAMAccountPolicyMapDao.class);
}
@Bean
public AclPolicyPermissionDao aclPolicyPermissionDao() {
return Mockito.mock(AclPolicyPermissionDao.class);
public IAMPolicyPermissionDao aclPolicyPermissionDao() {
return Mockito.mock(IAMPolicyPermissionDao.class);
}
public static class Library implements TypeFilter {

76
setup/db/db/schema-430to440.sql
View File

@ -447,7 +447,7 @@ CREATE VIEW `cloud`.`user_vm_view` AS
`cloud`.`user_vm_details` `custom_ram_size` ON (((`custom_ram_size`.`vm_id` = `cloud`.`vm_instance`.`id`) and (`custom_ram_size`.`name` = 'memory')));
-- ACL DB schema
CREATE TABLE `cloud`.`acl_group` (
CREATE TABLE `cloud`.`iam_group` (
`id` bigint unsigned NOT NULL UNIQUE auto_increment,
`name` varchar(255) NOT NULL,
`description` varchar(255) default NULL,
@ -458,23 +458,23 @@ CREATE TABLE `cloud`.`acl_group` (
`removed` datetime COMMENT 'date the group was removed',
`created` datetime COMMENT 'date the group was created',
PRIMARY KEY (`id`),
INDEX `i_acl_group__removed`(`removed`),
CONSTRAINT `uc_acl_group__uuid` UNIQUE (`uuid`)
INDEX `i_iam_group__removed`(`removed`),
CONSTRAINT `uc_iam_group__uuid` UNIQUE (`uuid`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`acl_group_account_map` (
CREATE TABLE `cloud`.`iam_group_account_map` (
`id` bigint unsigned NOT NULL auto_increment,
`group_id` bigint unsigned NOT NULL,
`account_id` bigint unsigned NOT NULL,
`removed` datetime COMMENT 'date the account was removed from the group',
`created` datetime COMMENT 'date the account was assigned to the group',
PRIMARY KEY (`id`),
CONSTRAINT `fk_acl_group_vm_map__group_id` FOREIGN KEY(`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE,
CONSTRAINT `fk_acl_group_vm_map__account_id` FOREIGN KEY(`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE
CONSTRAINT `fk_iam_group_vm_map__group_id` FOREIGN KEY(`group_id`) REFERENCES `iam_group` (`id`) ON DELETE CASCADE,
CONSTRAINT `fk_iam_group_vm_map__account_id` FOREIGN KEY(`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`acl_policy` (
CREATE TABLE `cloud`.`iam_policy` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(255) NOT NULL,
`description` varchar(255) DEFAULT NULL,
@ -486,37 +486,37 @@ CREATE TABLE `cloud`.`acl_policy` (
`policy_type` varchar(64) DEFAULT 'Static' COMMENT 'Static or Dynamic',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`),
UNIQUE KEY `uc_acl_policy__uuid` (`uuid`),
KEY `i_acl_policy__removed` (`removed`)
UNIQUE KEY `uc_iam_policy__uuid` (`uuid`),
KEY `i_iam_policy__removed` (`removed`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`acl_group_policy_map` (
CREATE TABLE `cloud`.`iam_group_policy_map` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`group_id` bigint(20) unsigned NOT NULL,
`policy_id` bigint(20) unsigned NOT NULL,
`removed` datetime DEFAULT NULL COMMENT 'date the policy was revoked from the group',
`created` datetime DEFAULT NULL COMMENT 'date the policy was attached to the group',
PRIMARY KEY (`id`),
KEY `fk_acl_group_policy_map__group_id` (`group_id`),
KEY `fk_acl_group_policy_map__policy_id` (`policy_id`),
CONSTRAINT `fk_acl_group_policy_map__group_id` FOREIGN KEY (`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE,
CONSTRAINT `fk_acl_group_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE
KEY `fk_iam_group_policy_map__group_id` (`group_id`),
KEY `fk_iam_group_policy_map__policy_id` (`policy_id`),
CONSTRAINT `fk_iam_group_policy_map__group_id` FOREIGN KEY (`group_id`) REFERENCES `iam_group` (`id`) ON DELETE CASCADE,
CONSTRAINT `fk_iam_group_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_policy` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`acl_account_policy_map` (
CREATE TABLE `cloud`.`iam_account_policy_map` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`account_id` bigint(20) unsigned NOT NULL,
`policy_id` bigint(20) unsigned NOT NULL,
`removed` datetime DEFAULT NULL COMMENT 'date the policy was revoked from the account',
`created` datetime DEFAULT NULL COMMENT 'date the policy was attached to the account',
PRIMARY KEY (`id`),
KEY `fk_acl_account_policy_map__account_id` (`account_id`),
KEY `fk_acl_account_policy_map__policy_id` (`policy_id`),
CONSTRAINT `fk_acl_account_policy_map__account_id` FOREIGN KEY (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE,
CONSTRAINT `fk_acl_account_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE
KEY `fk_iam_account_policy_map__account_id` (`account_id`),
KEY `fk_iam_account_policy_map__policy_id` (`policy_id`),
CONSTRAINT `fk_iam_account_policy_map__account_id` FOREIGN KEY (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE,
CONSTRAINT `fk_iam_account_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_policy` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`acl_policy_permission` (
CREATE TABLE `cloud`.`iam_policy_permission` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`policy_id` bigint(20) unsigned NOT NULL,
`action` varchar(100) NOT NULL,
@ -530,30 +530,30 @@ CREATE TABLE `cloud`.`acl_policy_permission` (
`created` datetime DEFAULT NULL COMMENT 'date the permission was granted',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`),
KEY `fk_acl_policy_permission__policy_id` (`policy_id`),
CONSTRAINT `fk_acl_policy_permission__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE
KEY `fk_iam_policy_permission__policy_id` (`policy_id`),
CONSTRAINT `fk_iam_policy_permission__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_policy` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (1, 'NORMAL', 'Domain user role', UUID(), '/', 1, Now(), 'Static');
INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (2, 'ADMIN', 'Root admin role', UUID(), '/', 1, Now(), 'Static');
INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin role', UUID(), '/', 1, Now(), 'Static');
INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin role', UUID(), '/', 1, Now(), 'Static');
INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin role', UUID(), '/', 1, Now(), 'Static');
INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (6, 'RESOURCE_OWNER', 'Resource owner role', UUID(), '/', 1, Now(), 'Dynamic');
INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (1, 'NORMAL', 'Domain user role', UUID(), '/', 1, Now(), 'Static');
INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (2, 'ADMIN', 'Root admin role', UUID(), '/', 1, Now(), 'Static');
INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin role', UUID(), '/', 1, Now(), 'Static');
INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin role', UUID(), '/', 1, Now(), 'Static');
INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin role', UUID(), '/', 1, Now(), 'Static');
INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (6, 'RESOURCE_OWNER', 'Resource owner role', UUID(), '/', 1, Now(), 'Dynamic');
INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (1, 'NORMAL', 'Domain user group', UUID(), '/', 1, Now());
INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (2, 'ADMIN', 'Root admin group', UUID(), '/', 1, Now());
INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin group', UUID(), '/', 1, Now());
INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin group', UUID(), '/', 1, Now());
INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin group', UUID(), '/', 1, Now());
INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (1, 'NORMAL', 'Domain user group', UUID(), '/', 1, Now());
INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (2, 'ADMIN', 'Root admin group', UUID(), '/', 1, Now());
INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin group', UUID(), '/', 1, Now());
INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin group', UUID(), '/', 1, Now());
INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin group', UUID(), '/', 1, Now());
INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(1, 1, Now());
INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(2, 2, Now());
INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(3, 3, Now());
INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(4, 4, Now());
INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(5, 5, Now());
INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(1, 1, Now());
INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(2, 2, Now());
INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(3, 3, Now());
INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(4, 4, Now());
INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(5, 5, Now());
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('NetworkManager', 'DEFAULT', 'management-server', 'vm.network.nic.max.secondary.ipaddresses', NULL, 'Specify the number of secondary ip addresses per nic per vm', '256') ON DUPLICATE KEY UPDATE category='NetworkManager';