bug 8710: Introducing a new user role in cloudstack called RESOURCE_DOMAIN_ADMIN. The role would have all the domain_admin rights and the rights to list zone,pods,clusters and so on. More info in the bug

api/src/com/cloud/user/Account.java

@@ -39,7 +39,8 @@ public interface Account extends ControlledEntity {
     public static final short ACCOUNT_TYPE_NORMAL = 0;
     public static final short ACCOUNT_TYPE_ADMIN = 1;
     public static final short ACCOUNT_TYPE_DOMAIN_ADMIN = 2;
-    public static final short ACCOUNT_TYPE_READ_ONLY_ADMIN = 3;
+    public static final short ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN = 3;
+    public static final short ACCOUNT_TYPE_READ_ONLY_ADMIN = 4;
 
     public static final String ACCOUNT_STATE_DISABLED = "disabled";
     public static final String ACCOUNT_STATE_ENABLED = "enabled";

client/tomcatconf/commands.properties.in

@@ -1,23 +1,23 @@
-### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = DOMAIN_ADMIN, 4 = READ_ONLY_ADMIN, 8 = USER
+### bitmap of permissions at the end of each classname, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER
 ### Please standardize naming conventions to camel-case (even for acronyms).
 
 ### Account commands
-createAccount=com.cloud.api.commands.CreateAccountCmd;1
-deleteAccount=com.cloud.api.commands.DeleteAccountCmd;1
-updateAccount=com.cloud.api.commands.UpdateAccountCmd;3
-disableAccount=com.cloud.api.commands.DisableAccountCmd;3
-enableAccount=com.cloud.api.commands.EnableAccountCmd;3
-###lockAccount=com.cloud.api.commands.LockAccountCmd;3
+createAccount=com.cloud.api.commands.CreateAccountCmd;3
+deleteAccount=com.cloud.api.commands.DeleteAccountCmd;3
+updateAccount=com.cloud.api.commands.UpdateAccountCmd;7
+disableAccount=com.cloud.api.commands.DisableAccountCmd;7
+enableAccount=com.cloud.api.commands.EnableAccountCmd;7
+###lockAccount=com.cloud.api.commands.LockAccountCmd;7
 listAccounts=com.cloud.api.commands.ListAccountsCmd;15
 
 #### User commands
-createUser=com.cloud.api.commands.CreateUserCmd;1
-deleteUser=com.cloud.api.commands.DeleteUserCmd;1
-updateUser=com.cloud.api.commands.UpdateUserCmd;1
+createUser=com.cloud.api.commands.CreateUserCmd;3
+deleteUser=com.cloud.api.commands.DeleteUserCmd;3
+updateUser=com.cloud.api.commands.UpdateUserCmd;3
 listUsers=com.cloud.api.commands.ListUsersCmd;7
-####lockUser=com.cloud.api.commands.LockUserCmd;3
-disableUser=com.cloud.api.commands.DisableUserCmd;3
-enableUser=com.cloud.api.commands.EnableUserCmd;3
+####lockUser=com.cloud.api.commands.LockUserCmd;7
+disableUser=com.cloud.api.commands.DisableUserCmd;7
+enableUser=com.cloud.api.commands.EnableUserCmd;7
 
 
 #### Domain commands
@@ -31,11 +31,11 @@ listDomainChildren=com.cloud.api.commands.ListDomainChildrenCmd;7
 getCloudIdentifier=com.cloud.api.commands.GetCloudIdentifierCmd;15
 
 #### Limit commands
-updateResourceLimit=com.cloud.api.commands.UpdateResourceLimitCmd;3
+updateResourceLimit=com.cloud.api.commands.UpdateResourceLimitCmd;7
 listResourceLimits=com.cloud.api.commands.ListResourceLimitsCmd;15
 
 #### VM commands
-deployVirtualMachine=com.cloud.api.commands.DeployVMCmd;11
+deployVirtualMachine=com.cloud.api.commands.DeployVMCmd;15
 destroyVirtualMachine=com.cloud.api.commands.DestroyVMCmd;15
 rebootVirtualMachine=com.cloud.api.commands.RebootVMCmd;15
 startVirtualMachine=com.cloud.api.commands.StartVMCmd;15
@@ -43,10 +43,10 @@ stopVirtualMachine=com.cloud.api.commands.StopVMCmd;15
 resetPasswordForVirtualMachine=com.cloud.api.commands.ResetVMPasswordCmd;15
 changeServiceForVirtualMachine=com.cloud.api.commands.UpgradeVMCmd;15
 updateVirtualMachine=com.cloud.api.commands.UpdateVMCmd;15
-recoverVirtualMachine=com.cloud.api.commands.RecoverVMCmd;3
+recoverVirtualMachine=com.cloud.api.commands.RecoverVMCmd;7
 listVirtualMachines=com.cloud.api.commands.ListVMsCmd;15
 getVMPassword=com.cloud.api.commands.GetVMPasswordCmd;15
-migrateVirtualMachine=com.cloud.api.commands.MigrateVMCmd;1
+migrateVirtualMachine=com.cloud.api.commands.MigrateVMCmd;1
 
 #### snapshot commands
 createSnapshot=com.cloud.api.commands.CreateSnapshotCmd;15
@@ -128,10 +128,10 @@ listLoadBalancerRuleInstances=com.cloud.api.commands.ListLoadBalancerRuleInstanc
 updateLoadBalancerRule=com.cloud.api.commands.UpdateLoadBalancerRuleCmd;15
 
 #### router commands
-startRouter=com.cloud.api.commands.StartRouterCmd;3
-rebootRouter=com.cloud.api.commands.RebootRouterCmd;3
-stopRouter=com.cloud.api.commands.StopRouterCmd;3
-changeServiceForRouter=com.cloud.api.commands.UpgradeRouterCmd;3
+startRouter=com.cloud.api.commands.StartRouterCmd;7
+rebootRouter=com.cloud.api.commands.RebootRouterCmd;7
+stopRouter=com.cloud.api.commands.StopRouterCmd;7
+changeServiceForRouter=com.cloud.api.commands.UpgradeRouterCmd;7
 listRouters=com.cloud.api.commands.ListRoutersCmd;7
 
 #### system vm commands
@@ -139,7 +139,7 @@ startSystemVm=com.cloud.api.commands.StartSystemVMCmd;1
 rebootSystemVm=com.cloud.api.commands.RebootSystemVmCmd;1
 stopSystemVm=com.cloud.api.commands.StopSystemVmCmd;1
 destroySystemVm=com.cloud.api.commands.DestroySystemVmCmd;1
-listSystemVms=com.cloud.api.commands.ListSystemVMsCmd;1
+listSystemVms=com.cloud.api.commands.ListSystemVMsCmd;3
 
 #### configuration commands
 updateConfiguration=com.cloud.api.commands.UpdateCfgCmd;1
@@ -151,7 +151,7 @@ listCapabilities=com.cloud.api.commands.ListCapabilitiesCmd;15
 createPod=com.cloud.api.commands.CreatePodCmd;1
 updatePod=com.cloud.api.commands.UpdatePodCmd;1
 deletePod=com.cloud.api.commands.DeletePodCmd;1
-listPods=com.cloud.api.commands.ListPodsByCmd;1
+listPods=com.cloud.api.commands.ListPodsByCmd;3
 
 #### zone commands
 createZone=com.cloud.api.commands.CreateZoneCmd;1
@@ -163,22 +163,22 @@ listZones=com.cloud.api.commands.ListZonesByCmd;15
 listEvents=com.cloud.api.commands.ListEventsCmd;15
 
 #### alerts commands
-listAlerts=com.cloud.api.commands.ListAlertsCmd;1
+listAlerts=com.cloud.api.commands.ListAlertsCmd;3
 
 #### system capacity commands
-listCapacity=com.cloud.api.commands.ListCapacityCmd;1
+listCapacity=com.cloud.api.commands.ListCapacityCmd;3
 
 #### host commands
-addHost=com.cloud.api.commands.AddHostCmd;1
+addHost=com.cloud.api.commands.AddHostCmd;3
 addCluster=com.cloud.api.commands.AddClusterCmd;1
 deleteCluster=com.cloud.api.commands.DeleteClusterCmd;1
 updateCluster=com.cloud.api.commands.UpdateClusterCmd;1
 reconnectHost=com.cloud.api.commands.ReconnectHostCmd;1
 updateHost=com.cloud.api.commands.UpdateHostCmd;1
-deleteHost=com.cloud.api.commands.DeleteHostCmd;1
+deleteHost=com.cloud.api.commands.DeleteHostCmd;3
 prepareHostForMaintenance=com.cloud.api.commands.PrepareForMaintenanceCmd;1
 cancelHostMaintenance=com.cloud.api.commands.CancelMaintenanceCmd;1
-listHosts=com.cloud.api.commands.ListHostsCmd;1
+listHosts=com.cloud.api.commands.ListHostsCmd;3
 addSecondaryStorage=com.cloud.api.commands.AddSecondaryStorageCmd;1
 
 #### volume commands
@@ -201,20 +201,20 @@ queryAsyncJobResult=com.cloud.api.commands.QueryAsyncJobResultCmd;15
 listAsyncJobs=com.cloud.api.commands.ListAsyncJobsCmd;15
 
 #### storage pools commands
-listStoragePools=com.cloud.api.commands.ListStoragePoolsCmd;1
+listStoragePools=com.cloud.api.commands.ListStoragePoolsCmd;3
 createStoragePool=com.cloud.api.commands.CreateStoragePoolCmd;1
 #### updateStoragePool=com.cloud.api.commands.UpdateStoragePoolCmd;1
 deleteStoragePool=com.cloud.api.commands.DeletePoolCmd;1
-listClusters=com.cloud.api.commands.ListClustersCmd;1
+listClusters=com.cloud.api.commands.ListClustersCmd;3
 enableStorageMaintenance=com.cloud.api.commands.PreparePrimaryStorageForMaintenanceCmd;1
 cancelStorageMaintenance=com.cloud.api.commands.CancelPrimaryStorageMaintenanceCmd;1
 
 #### security group commands
-createSecurityGroup=com.cloud.api.commands.CreateSecurityGroupCmd;11
-deleteSecurityGroup=com.cloud.api.commands.DeleteSecurityGroupCmd;11
-authorizeSecurityGroupIngress=com.cloud.api.commands.AuthorizeSecurityGroupIngressCmd;11
-revokeSecurityGroupIngress=com.cloud.api.commands.RevokeSecurityGroupIngressCmd;11
-listSecurityGroups=com.cloud.api.commands.ListSecurityGroupsCmd;11
+createSecurityGroup=com.cloud.api.commands.CreateSecurityGroupCmd;15
+deleteSecurityGroup=com.cloud.api.commands.DeleteSecurityGroupCmd;15
+authorizeSecurityGroupIngress=com.cloud.api.commands.AuthorizeSecurityGroupIngressCmd;15
+revokeSecurityGroupIngress=com.cloud.api.commands.RevokeSecurityGroupIngressCmd;15
+listSecurityGroups=com.cloud.api.commands.ListSecurityGroupsCmd;15
 
 #### vm group commands
 createInstanceGroup=com.cloud.api.commands.CreateVMGroupCmd;15
@@ -248,11 +248,11 @@ createNetwork=com.cloud.api.commands.CreateNetworkCmd;15
 deleteNetwork=com.cloud.api.commands.DeleteNetworkCmd;15
 listNetworks=com.cloud.api.commands.ListNetworksCmd;15
 restartNetwork=com.cloud.api.commands.RestartNetworkCmd;15
-updateNetwork=com.cloud.api.commands.UpdateNetworkCmd;15
-
-#### SSH key pair commands
-registerSSHKeyPair=com.cloud.api.commands.RegisterSSHKeyPairCmd;15
-createSSHKeyPair=com.cloud.api.commands.CreateSSHKeyPairCmd;15
-deleteSSHKeyPair=com.cloud.api.commands.DeleteSSHKeyPairCmd;15
+updateNetwork=com.cloud.api.commands.UpdateNetworkCmd;15
+
+#### SSH key pair commands
+registerSSHKeyPair=com.cloud.api.commands.RegisterSSHKeyPairCmd;15
+createSSHKeyPair=com.cloud.api.commands.CreateSSHKeyPairCmd;15
+deleteSSHKeyPair=com.cloud.api.commands.DeleteSSHKeyPairCmd;15
 listSSHKeyPairs=com.cloud.api.commands.ListSSHKeyPairsCmd;15
 

server/src/com/cloud/api/ApiServer.java

@@ -109,10 +109,10 @@ public class ApiServer implements HttpRequestHandler {
     private static final Logger s_logger = Logger.getLogger(ApiServer.class.getName());
     private static final Logger s_accessLogger = Logger.getLogger("apiserver." + ApiServer.class.getName());
 
-    private static final short ADMIN_COMMAND = 1;
-    private static final short DOMAIN_ADMIN_COMMAND = 2;
-    private static final short READ_ONLY_ADMIN_COMMAND = 4;
-    private static final short USER_COMMAND = 8;
+    public static final short ADMIN_COMMAND = 1;
+    public static final short DOMAIN_ADMIN_COMMAND = 4;
+    public static final short RESOURCE_DOMAIN_ADMIN_COMMAND = 2;
+    public static final short USER_COMMAND = 8;
     private Properties _apiCommands = null;
     private ApiDispatcher _dispatcher;
     private ManagementServer _ms = null;
@@ -127,7 +127,7 @@ public class ApiServer implements HttpRequestHandler {
     private static List<String> s_userCommands = null;
     private static List<String> s_resellerCommands = null; // AKA domain-admin
     private static List<String> s_adminCommands = null;
-    private static List<String> s_readOnlyAdminCommands = null;
+    private static List<String> s_resourceDomainAdminCommands = null;
     private static List<String> s_allCommands = null;
     
     private static ExecutorService _executor = new ThreadPoolExecutor(10, 150, 60, TimeUnit.SECONDS, new LinkedBlockingQueue<Runnable>(), new NamedThreadFactory("ApiServer"));
@@ -136,7 +136,7 @@ public class ApiServer implements HttpRequestHandler {
         s_userCommands = new ArrayList<String>();
         s_resellerCommands = new ArrayList<String>();
         s_adminCommands = new ArrayList<String>();
-        s_readOnlyAdminCommands = new ArrayList<String>();
+        s_resourceDomainAdminCommands = new ArrayList<String>();
         s_allCommands = new ArrayList<String>();
     }
 
@@ -179,12 +179,12 @@ public class ApiServer implements HttpRequestHandler {
                             if ((cmdPermissions & ADMIN_COMMAND) != 0) {
                                 s_adminCommands.add((String)key);
                             }
+                            if ((cmdPermissions & RESOURCE_DOMAIN_ADMIN_COMMAND) != 0) {
+                                s_resourceDomainAdminCommands.add((String)key);
+                            }
                             if ((cmdPermissions & DOMAIN_ADMIN_COMMAND) != 0) {
                                 s_resellerCommands.add((String)key);
-                            }
-                            if ((cmdPermissions & READ_ONLY_ADMIN_COMMAND) != 0) {
-                                s_readOnlyAdminCommands.add((String)key);
-                            }
+                            }                            
                             if ((cmdPermissions & USER_COMMAND) != 0) {
                                 s_userCommands.add((String)key);
                             }
@@ -195,7 +195,7 @@ public class ApiServer implements HttpRequestHandler {
                 }
                 
                 s_allCommands.addAll(s_adminCommands);
-                s_allCommands.addAll(s_readOnlyAdminCommands);
+                s_allCommands.addAll(s_resourceDomainAdminCommands);
                 s_allCommands.addAll(s_userCommands);
                 s_allCommands.addAll(s_resellerCommands);
             }
@@ -738,8 +738,8 @@ public class ApiServer implements HttpRequestHandler {
         case Account.ACCOUNT_TYPE_DOMAIN_ADMIN:
             isCommandAvailable = s_resellerCommands.contains(commandName);
             break;
-        case Account.ACCOUNT_TYPE_READ_ONLY_ADMIN:
-            isCommandAvailable = s_readOnlyAdminCommands.contains(commandName);
+        case Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN:
+            isCommandAvailable = s_resourceDomainAdminCommands.contains(commandName);
             break;
         case Account.ACCOUNT_TYPE_NORMAL:
             isCommandAvailable = s_userCommands.contains(commandName);