apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implementing listAclGroup and listAclPolicy API based on iam plugin

Browse Source 
model without using db views. AclGroupJoinVO and AclPolicyJoinVO can be
removed later.
This commit is contained in:
Min Chen 2014-01-02 16:18:29 -08:00
parent d9be7bb968
commit dd8dcd9492
8 changed files with 292 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
View File

@ -16,6 +16,7 @@
// under the License.
package org.apache.cloudstack.acl.api;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@ -24,13 +25,16 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.acl.api.response.AclGroupResponse;
import org.apache.cloudstack.acl.api.response.AclPermissionResponse;
import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.BaseListCmd;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
@ -39,6 +43,7 @@ import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.api.ApiServerService;
import com.cloud.domain.Domain;
import com.cloud.domain.DomainVO;
import com.cloud.domain.dao.DomainDao;
import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes;
@ -47,7 +52,11 @@ import com.cloud.storage.Snapshot;
import com.cloud.storage.Volume;
import com.cloud.template.VirtualMachineTemplate;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
import com.cloud.user.AccountVO;
import com.cloud.user.dao.AccountDao;
import com.cloud.uservm.UserVm;
import com.cloud.utils.Pair;
import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
@ -67,6 +76,12 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@Inject
DomainDao _domainDao;
@Inject
AccountDao _accountDao;
@Inject
AccountManager _accountMgr;
public static HashMap<String, Class> entityClassMap = new HashMap<String, Class>();
@ -278,27 +293,142 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@Override
public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
// TODO Auto-generated method stub
return null;
AclPolicyResponse response = new AclPolicyResponse();
response.setId(policy.getUuid());
response.setName(policy.getName());
response.setDescription(policy.getDescription());
String domainPath = policy.getPath();
if (domainPath != null) {
DomainVO domain = _domainDao.findDomainByPath(domainPath);
if (domain != null) {
response.setDomainId(domain.getUuid());
response.setDomainName(domain.getName());
}
}
long accountId = policy.getAccountId();
AccountVO owner = _accountDao.findById(accountId);
if (owner != null) {
response.setAccountName(owner.getAccountName());
}
// find permissions associated with this policy
List<AclPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
if (permissions != null && permissions.size() > 0) {
for (AclPolicyPermission permission : permissions) {
AclPermissionResponse perm = new AclPermissionResponse();
perm.setAction(permission.getAction());
perm.setEntityType(AclEntityType.valueOf(permission.getEntityType()));
perm.setScope(PermissionScope.valueOf(permission.getScope()));
perm.setScopeId(permission.getScopeId());
perm.setPermission(permission.getPermission());
response.addPermission(perm);
}
}
response.setObjectName("aclpolicy");
return response;
}
@Override
public AclGroupResponse createAclGroupResponse(AclGroup group) {
// TODO Auto-generated method stub
return null;
AclGroupResponse response = new AclGroupResponse();
response.setId(group.getUuid());
response.setName(group.getName());
response.setDescription(group.getDescription());
String domainPath = group.getPath();
if (domainPath != null) {
DomainVO domain = _domainDao.findDomainByPath(domainPath);
if (domain != null) {
response.setDomainId(domain.getUuid());
response.setDomainName(domain.getName());
}
}
long accountId = group.getAccountId();
AccountVO owner = _accountDao.findById(accountId);
if (owner != null) {
response.setAccountName(owner.getAccountName());
}
// find all the members in this group
List<Long> members = _iamSrv.listAccountsByGroup(group.getId());
if (members != null && members.size() > 0) {
for (Long member : members) {
AccountVO mem = _accountDao.findById(accountId);
if (mem != null) {
response.addMemberAccount(mem.getAccountName());
}
}
}
// find all the policies attached to this group
List<AclPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
if (policies != null && policies.size() > 0) {
for (AclPolicy policy : policies) {
response.addPolicy(policy.getName());
}
}
response.setObjectName("aclgroup");
return response;
}
@Override
public ListResponse<org.apache.cloudstack.acl.api.response.AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
// TODO Auto-generated method stub
return null;
public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
// acl check
Account caller = CallContext.current().getCallingAccount();
Domain domain = null;
if (domainId != null) {
domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
}
_accountMgr.checkAccess(caller, domain);
} else {
domain = _domainDao.findById(caller.getDomainId());
}
String domainPath = domain.getPath();
// search for groups
Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(aclGroupId, aclGroupName, domainPath, startIndex, pageSize);
// generate group response
ListResponse<AclGroupResponse> response = new ListResponse<AclGroupResponse>();
List<AclGroupResponse> groupResponses = new ArrayList<AclGroupResponse>();
for (AclGroup group : result.first()) {
AclGroupResponse resp = createAclGroupResponse(group);
groupResponses.add(resp);
}
response.setResponses(groupResponses, result.second());
return response;
}
@Override
public ListResponse<org.apache.cloudstack.acl.api.response.AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
Long pageSize) {
// TODO Auto-generated method stub
return null;
// acl check
Account caller = CallContext.current().getCallingAccount();
Domain domain = null;
if (domainId != null) {
domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
}
_accountMgr.checkAccess(caller, domain);
} else {
domain = _domainDao.findById(caller.getDomainId());
}
String domainPath = domain.getPath();
// search for policies
Pair<List<AclPolicy>, Integer> result = _iamSrv.listAclPolicies(aclPolicyId, aclPolicyName, domainPath, startIndex, pageSize);
// generate policy response
ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
List<AclPolicyResponse> policyResponses = new ArrayList<AclPolicyResponse>();
for (AclPolicy policy : result.first()) {
AclPolicyResponse resp = createAclPolicyResponse(policy);
policyResponses.add(resp);
}
response.setResponses(policyResponses, result.second());
return response;
}
}

2
services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java
View File

@ -19,10 +19,10 @@ package org.apache.cloudstack.acl.api.response;
import com.google.gson.annotations.SerializedName;
import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.acl.AclPolicyPermission;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import com.cloud.serializer.Param;

4
services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java
View File

@ -25,4 +25,8 @@ public interface AclGroup {
long getId();
String getUuid();
String getPath();
long getAccountId();
}

4
services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java
View File

@ -29,4 +29,8 @@ public interface AclPolicy {
long getId();
String getUuid();
String getPath();
long getAccountId();
}

12
services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
View File

@ -20,6 +20,8 @@ import java.util.List;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import com.cloud.utils.Pair;
public interface IAMService {
/* ACL group related interfaces */
@ -33,6 +35,10 @@ public interface IAMService {
AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
List<Long> listAccountsByGroup(long groupId);
Pair<List<AclGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
/* ACL Policy related interfaces */
AclPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId);
@ -40,6 +46,10 @@ public interface IAMService {
List<AclPolicy> listAclPolicies(long accountId);
List<AclPolicy> listAclPoliciesByGroup(long groupId);
Pair<List<AclPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize);
AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
@ -52,6 +62,8 @@ public interface IAMService {
AclPolicy getResourceOwnerPolicy();
List<AclPolicyPermission> listPolicyPermissions(long policyId);
List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope);
List<AclPolicyPermission> listPollcyPermissionByEntityType(long policyId, String action, String entityType);

13
services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java
View File

@ -50,6 +50,9 @@ public class AclGroupVO implements AclGroup {
@Column(name = "path")
private String path;
@Column(name = "account_id")
private long accountId;
@Column(name = GenericDao.REMOVED_COLUMN)
private Date removed;
@ -82,6 +85,7 @@ public class AclGroupVO implements AclGroup {
return description;
}
@Override
public String getPath() {
return path;
}
@ -90,6 +94,15 @@ public class AclGroupVO implements AclGroup {
this.path = path;
}
@Override
public long getAccountId() {
return accountId;
}
public void setAccountId(long acctId) {
accountId = acctId;
}
@Override
public String getUuid() {
return uuid;

14
services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java
View File

@ -49,8 +49,8 @@ public class AclPolicyVO implements AclPolicy {
@Column(name = "uuid")
private String uuid;
@Column(name = "domain_id")
private long domainId;
@Column(name = "path")
private String path;
@Column(name = "account_id")
private long accountId;
@ -109,14 +109,16 @@ public class AclPolicyVO implements AclPolicy {
return created;
}
public long getDomainId() {
return domainId;
@Override
public String getPath() {
return path;
}
public void setDomainId(long domainId) {
this.domainId = domainId;
public void setPath(String path) {
this.path = path;
}
@Override
public long getAccountId() {
return accountId;
}

112
services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
View File

@ -36,14 +36,14 @@ import org.apache.cloudstack.iam.server.dao.AclGroupPolicyMapDao;
import org.apache.cloudstack.iam.server.dao.AclPolicyDao;
import org.apache.cloudstack.iam.server.dao.AclPolicyPermissionDao;
import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.user.Account;
import com.cloud.utils.Pair;
import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.EntityManager;
import com.cloud.utils.db.Filter;
import com.cloud.utils.db.GenericSearchBuilder;
import com.cloud.utils.db.JoinBuilder.JoinType;
import com.cloud.utils.db.SearchBuilder;
@ -204,6 +204,52 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
return group;
}
@Override
public List<Long> listAccountsByGroup(long groupId) {
List<AclGroupAccountMapVO> grpAcctMap = _aclGroupAccountMapDao.listByGroupId(groupId);
if (grpAcctMap == null || grpAcctMap.size() == 0) {
return new ArrayList<Long>();
}
List<Long> accts = new ArrayList<Long>();
for (AclGroupAccountMapVO grpAcct : grpAcctMap) {
accts.add(grpAcct.getAccountId());
}
return accts;
}
@Override
public Pair<List<AclGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) {
if (aclGroupId != null) {
AclGroup group = _aclGroupDao.findById(aclGroupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId);
}
}
Filter searchFilter = new Filter(AclGroupVO.class, "id", true, startIndex, pageSize);
SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
SearchCriteria<AclGroupVO> sc = sb.create();
if (aclGroupName != null) {
sc.setParameters("name", aclGroupName);
}
if (aclGroupId != null) {
sc.setParameters("id", aclGroupId);
}
sc.setParameters("path", path + "%");
Pair<List<AclGroupVO>, Integer> groups = _aclGroupDao.searchAndCount(sc, searchFilter);
return new Pair<List<AclGroup>, Integer>(new ArrayList<AclGroup>(groups.first()), groups.second());
}
@DB
@Override
public AclPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId) {
@ -304,6 +350,60 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
return new ArrayList<AclPolicy>(policies);
}
@Override
public List<AclPolicy> listAclPoliciesByGroup(long groupId) {
List<AclGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
return new ArrayList<AclPolicy>();
}
List<Long> policyIds = new ArrayList<Long>();
for (AclGroupPolicyMapVO pg : policyGrpMap) {
policyIds.add(pg.getAclPolicyId());
}
SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
SearchCriteria<AclPolicyVO> sc = sb.create();
sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
List<AclPolicyVO> policies = _aclPolicyDao.customSearch(sc, null);
return new ArrayList<AclPolicy>(policies);
}
@Override
public Pair<List<AclPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
if (aclPolicyId != null) {
AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId);
}
}
Filter searchFilter = new Filter(AclPolicyVO.class, "id", true, startIndex, pageSize);
SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
SearchCriteria<AclPolicyVO> sc = sb.create();
if (aclPolicyName != null) {
sc.setParameters("name", aclPolicyName);
}
if (aclPolicyId != null) {
sc.setParameters("id", aclPolicyId);
}
sc.setParameters("path", path + "%");
Pair<List<AclPolicyVO>, Integer> policies = _aclPolicyDao.searchAndCount(sc, searchFilter);
return new Pair<List<AclPolicy>, Integer>(new ArrayList<AclPolicy>(policies.first()), policies.second());
}
@DB
@Override
public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
@ -527,6 +627,14 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
return entityIds;
}
@Override
public List<AclPolicyPermission> listPolicyPermissions(long policyId) {
List<AclPolicyPermissionVO> pp = _policyPermissionDao.listByPolicy(policyId);
List<AclPolicyPermission> pl = new ArrayList<AclPolicyPermission>();
pl.addAll(pp);
return pl;
}
@Override
public List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope) {
List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policyId, action, scope);