You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2014/03/11 01:31:51 UTC
git commit: updated refs/heads/rbac to 1c85af3
Repository: cloudstack
Updated Branches:
refs/heads/rbac 748c090b2 -> 1c85af319
A production/QA Setup does not populate the admin and SYSTEM accounts during database setup. So IAM plugin needs to insert the necessary group <-> account map in the DB during startup
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1c85af31
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1c85af31
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1c85af31
Branch: refs/heads/rbac
Commit: 1c85af319340b28152a75606da577ec8e6eb51ca
Parents: 748c090
Author: Prachi Damle <pr...@cloud.com>
Authored: Mon Mar 10 17:27:32 2014 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Mon Mar 10 17:30:00 2014 -0700
----------------------------------------------------------------------
.../cloudstack/iam/IAMApiServiceImpl.java | 95 ++++++++++++++++++++
1 file changed, 95 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1c85af31/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index 97519f2..47b7697 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -16,6 +16,9 @@
// under the License.
package org.apache.cloudstack.iam;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -111,6 +114,11 @@ import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.EntityManager;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.db.TransactionCallbackNoReturn;
+import com.cloud.utils.db.TransactionLegacy;
+import com.cloud.utils.db.TransactionStatus;
+import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.vm.InstanceGroupVO;
import com.cloud.vm.VMInstanceVO;
import com.cloud.vm.dao.NicIpAliasVO;
@@ -190,6 +198,11 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
@Override
public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
+
+ // populate group <-> account association if not present for CS admin
+ // and system accounts
+ populateIAMGroupAdminAccountMap();
+
_messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
@@ -338,6 +351,88 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
return super.configure(name, params);
}
+ private void populateIAMGroupAdminAccountMap() {
+
+ Transaction.execute(new TransactionCallbackNoReturn() {
+ @Override
+ public void doInTransactionWithoutResult(TransactionStatus status) {
+ TransactionLegacy txn = TransactionLegacy.currentTxn();
+
+ String searchQuery = "Select id from `cloud`.`iam_group_account_map` where account_id = ? and removed is null";
+ ResultSet rs = null;
+ PreparedStatement acctQuery = null;
+ PreparedStatement acctInsert = null;
+ // find if the system account is present in the map
+ try {
+ acctQuery = txn.prepareAutoCloseStatement(searchQuery);
+ acctQuery.setLong(1, Account.ACCOUNT_ID_SYSTEM);
+
+ rs = acctQuery.executeQuery();
+ if (!rs.next()) {
+ acctInsert = txn
+ .prepareAutoCloseStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())");
+ // insert entry in iam_group_account_map table
+ acctInsert.setLong(1, Account.ACCOUNT_TYPE_ADMIN + 1);
+ acctInsert.setLong(2, Account.ACCOUNT_ID_SYSTEM);
+ acctInsert.executeUpdate();
+ }
+ } catch (SQLException ex) {
+ String msg = "Unable to populate iam_group_account_map for SYSTEM account." + ex.getMessage();
+ s_logger.error(msg);
+ throw new CloudRuntimeException(msg, ex);
+ } finally {
+ try {
+ if (acctInsert != null) {
+ acctInsert.close();
+ }
+ if (rs != null) {
+ rs.close();
+ }
+ if (acctQuery != null) {
+ acctQuery.close();
+ }
+ } catch (SQLException e) {
+ }
+ }
+
+ // find if the admin account is present in the map
+ try {
+ acctQuery = txn.prepareAutoCloseStatement(searchQuery);
+ acctQuery.setLong(1, Account.ACCOUNT_ID_SYSTEM + 1);
+
+ rs = acctQuery.executeQuery();
+ if (!rs.next()) {
+ acctInsert = txn
+ .prepareAutoCloseStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())");
+ // insert entry in iam_group_account_map table
+ acctInsert.setLong(1, Account.ACCOUNT_TYPE_ADMIN + 1);
+ acctInsert.setLong(2, Account.ACCOUNT_ID_SYSTEM + 1);
+ acctInsert.executeUpdate();
+ }
+ } catch (SQLException ex) {
+ String msg = "Unable to populate iam_group_account_map for Admin account." + ex.getMessage();
+ s_logger.error(msg);
+ throw new CloudRuntimeException(msg, ex);
+ } finally {
+ try {
+ if (acctInsert != null) {
+ acctInsert.close();
+ }
+ if (rs != null) {
+ rs.close();
+ }
+ if (acctQuery != null) {
+ acctQuery.close();
+ }
+ } catch (SQLException e) {
+ }
+ }
+
+ }
+ });
+
+ }
+
private void addDomainWideResourceAccess(Map<String, Object> params) {
IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);