Allow custom command role ACL files on classpath in Static Role API Checker.

This commit has a small refactoring of cloud-plugin-acl-static-role-based to allow it to read files on the classpath that might have a different name than "commands.properties". It also allows more than one file to be read from. Rationale: Third-party plugins may want to keep their API command access level configuration separate from the main file so as to reduce configuration maintenance work during packaging and deployments. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> This closes #354
2025-10-26 08:42:29 +01:00 · 2015-06-03 17:15:57 +00:00 · 2015-06-03 17:15:57 +00:00 · 93b201d43a
commit 93b201d43a
parent 299c07c3e1
2 changed files with 17 additions and 1 deletions
--- a/plugins/acl/static-role-based/resources/META-INF/cloudstack/acl-static-role-based/spring-acl-static-role-based-context.xml
+++ b/plugins/acl/static-role-based/resources/META-INF/cloudstack/acl-static-role-based/spring-acl-static-role-based-context.xml
@ -29,6 +29,11 @@

    <bean id="StaticRoleBasedAPIAccessChecker" class="org.apache.cloudstack.acl.StaticRoleBasedAPIAccessChecker" >
        <property name="services" value="#{apiCommandsRegistry.registered}" />
+        <property name="commandPropertyFiles">
+            <set>
+                <value>commands.properties</value>
+            </set>
+        </property>
    </bean>

 </beans>
--- a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
+++ b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
@ -45,6 +45,7 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC

    protected static final Logger s_logger = Logger.getLogger(StaticRoleBasedAPIAccessChecker.class);

+    Set<String> commandPropertyFiles = new HashSet<String>();
    Set<String> commandsPropertiesOverrides = new HashSet<String>();
    Map<RoleType, Set<String>> commandsPropertiesRoleBasedApisMap = new HashMap<RoleType, Set<String>>();
    Map<RoleType, Set<String>> annotationRoleBasedApisMap = new HashMap<RoleType, Set<String>>();
@ -84,7 +85,9 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC
    public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
        super.configure(name, params);

-        processMapping(PropertiesUtil.processConfigFile(new String[] {"commands.properties"}));
+        for (String commandPropertyFile : commandPropertyFiles) {
+            processMapping(PropertiesUtil.processConfigFile(new String[] { commandPropertyFile }));
+        }
        return true;
    }

@ -129,4 +132,12 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC
        this._services = services;
    }

+    public Set<String> getCommandPropertyFiles() {
+        return commandPropertyFiles;
+    }
+
+    public void setCommandPropertyFiles(Set<String> commandPropertyFiles) {
+        this.commandPropertyFiles = commandPropertyFiles;
+    }
+
 }