You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2014/03/14 00:55:10 UTC
[17/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
iam/server changes: Rename Acl to IAM
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/63098878
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/63098878
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/63098878
Branch: refs/heads/master
Commit: 6309887800c74b4049558a85ba18f5a14749b72b
Parents: 187f9cd
Author: Prachi Damle <pr...@cloud.com>
Authored: Tue Feb 25 16:41:53 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 16:43:25 2014 -0800
----------------------------------------------------------------------
.../cloudstack/iam/IAMApiServiceImpl.java | 56 ++++-----
.../iam/RoleBasedAPIAccessChecker.java | 18 +--
.../iam/RoleBasedEntityAccessChecker.java | 10 +-
.../iam/RoleBasedEntityQuerySelector.java | 16 +--
.../apache/cloudstack/iam/api/IAMService.java | 42 +++----
.../iam/server/IAMAccountPolicyMapVO.java | 10 +-
.../cloudstack/iam/server/IAMServiceImpl.java | 116 +++++++++----------
.../server/dao/IAMAccountPolicyMapDaoImpl.java | 4 +-
.../cloudstack/iam/IAMServiceUnitTest.java | 12 +-
9 files changed, 142 insertions(+), 142 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index de57a41..393fe0e 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -149,7 +149,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (domainId != null) {
s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
Domain domain = _domainDao.findById(domainId);
- _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
+ _iamSrv.createIAMGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
}
}
});
@@ -163,7 +163,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
Domain domain = _domainDao.findById(domainId);
List<IAMGroup> groups = listDomainGroup(domain);
for (IAMGroup group : groups) {
- _iamSrv.deleteAclGroup(group.getId());
+ _iamSrv.deleteIAMGroup(group.getId());
}
}
}
@@ -175,9 +175,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
Long templateId = (Long)obj;
if (templateId != null) {
s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
}
}
@@ -202,7 +202,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
String entityType = entity.first().toString();
Long entityId = entity.second();
s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
- _iamSrv.removeAclPermissionForEntity(entityType, entityId);
+ _iamSrv.removeIAMPermissionForEntity(entityType, entityId);
}
}
});
@@ -275,8 +275,8 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
Domain domain = _domainDao.findById(domainId);
if (domain != null) {
- IAMPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
- _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
+ IAMPolicy policy = _iamSrv.createIAMPolicy(policyName, description, null, domain.getPath());
+ _iamSrv.addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
entityId, action, accessType.toString(), Permission.Allow, recursive);
List<Long> policyList = new ArrayList<Long>();
policyList.add(new Long(policy.getId()));
@@ -284,7 +284,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
List<IAMGroup> domainGroups = listDomainGroup(domain);
if (domainGroups != null) {
for (IAMGroup group : domainGroups) {
- _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
+ _iamSrv.attachIAMPoliciesToGroup(policyList, group.getId());
}
}
}
@@ -299,19 +299,19 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (callerDomain == null) {
throw new InvalidParameterValueException("Caller does not have a domain");
}
- return _iamSrv.createAclGroup(iamGroupName, description, callerDomain.getPath());
+ return _iamSrv.createIAMGroup(iamGroupName, description, callerDomain.getPath());
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_DELETE, eventDescription = "Deleting Acl Group")
public boolean deleteIAMGroup(final Long iamGroupId) {
- return _iamSrv.deleteAclGroup(iamGroupId);
+ return _iamSrv.deleteIAMGroup(iamGroupId);
}
@Override
public List<IAMGroup> listIAMGroups(long accountId) {
- return _iamSrv.listAclGroups(accountId);
+ return _iamSrv.listIAMGroups(accountId);
}
@@ -356,34 +356,34 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (callerDomain == null) {
throw new InvalidParameterValueException("Caller does not have a domain");
}
- return _iamSrv.createAclPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath());
+ return _iamSrv.createIAMPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath());
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_DELETE, eventDescription = "Deleting IAM Policy")
public boolean deleteIAMPolicy(final long iamPolicyId) {
- return _iamSrv.deleteAclPolicy(iamPolicyId);
+ return _iamSrv.deleteIAMPolicy(iamPolicyId);
}
@Override
public List<IAMPolicy> listIAMPolicies(long accountId) {
- return _iamSrv.listAclPolicies(accountId);
+ return _iamSrv.listIAMPolicies(accountId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
+ return _iamSrv.attachIAMPoliciesToGroup(policyIds, groupId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
+ return _iamSrv.removeIAMPoliciesFromGroup(policyIds, groupId);
}
@@ -391,14 +391,14 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
+ _iamSrv.attachIAMPolicyToAccounts(policyId, accountIds);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
+ _iamSrv.removeIAMPolicyFromAccounts(policyId, accountIds);
}
@DB
@@ -411,7 +411,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
accessType = AccessType.UseEntry;
}
- return _iamSrv.addAclPermissionToAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
+ return _iamSrv.addIAMPermissionToIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
accessType.toString(), perm, recursive);
}
@@ -419,12 +419,12 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_REVOKE, eventDescription = "Revoking acl permission from IAM Policy")
public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
- return _iamSrv.removeAclPermissionFromAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action);
+ return _iamSrv.removeIAMPermissionFromIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action);
}
@Override
public IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action) {
- List<IAMPolicy> policies = _iamSrv.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamSrv.listIAMPolicies(accountId);
IAMPolicyPermission curPerm = null;
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
@@ -515,7 +515,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
}
// find all the policies attached to this group
- List<IAMPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
+ List<IAMPolicy> policies = _iamSrv.listIAMPoliciesByGroup(group.getId());
if (policies != null && policies.size() > 0) {
for (IAMPolicy policy : policies) {
response.addPolicy(policy.getName());
@@ -532,7 +532,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (domain != null) {
String domainPath = domain.getPath();
// search for groups
- Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
+ Pair<List<IAMGroup>, Integer> result = _iamSrv.listIAMGroups(null, "DomainGrp-" + domain.getUuid(),
domainPath, null, null);
return result.first();
}
@@ -558,7 +558,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
}
String domainPath = domain.getPath();
// search for groups
- Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize);
+ Pair<List<IAMGroup>, Integer> result = _iamSrv.listIAMGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize);
// generate group response
ListResponse<IAMGroupResponse> response = new ListResponse<IAMGroupResponse>();
List<IAMGroupResponse> groupResponses = new ArrayList<IAMGroupResponse>();
@@ -589,7 +589,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
}
String domainPath = domain.getPath();
// search for policies
- Pair<List<IAMPolicy>, Integer> result = _iamSrv.listAclPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize);
+ Pair<List<IAMPolicy>, Integer> result = _iamSrv.listIAMPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize);
// generate policy response
ListResponse<IAMPolicyResponse> response = new ListResponse<IAMPolicyResponse>();
List<IAMPolicyResponse> policyResponses = new ArrayList<IAMPolicyResponse>();
@@ -653,9 +653,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
private void resetTemplatePermission(Long templateId){
// reset template will change template to private, so we need to remove its permission for domain admin and normal user group
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
// check if there is a policy with only UseEntry permission for this template added
IAMPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
@@ -664,7 +664,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
return;
}
// delete the policy, which should detach it from groups and accounts
- _iamSrv.deleteAclPolicy(policy.getId());
+ _iamSrv.deleteIAMPolicy(policy.getId());
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
index 48e6ede..fb75db3 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
@@ -90,7 +90,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
+ "is null");
}
- List<IAMPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
+ List<IAMPolicy> policies = _iamSrv.listIAMPolicies(account.getAccountId());
boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
if (!isAllowed) {
@@ -117,25 +117,25 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
for (RoleType role : RoleType.values()) {
Long policyId = getDefaultPolicyId(role);
if (policyId != null) {
- _iamSrv.resetAclPolicy(policyId);
+ _iamSrv.resetIAMPolicy(policyId);
}
}
// add the system-domain capability
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null,
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null,
"SystemCapability", null, Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null,
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null,
"DomainCapability", null, Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null,
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null,
"DomainResourceCapability", null, Permission.Allow, false);
// add permissions for public templates
List<VMTemplateVO> pTmplts = _templateDao.listByPublic();
for (VMTemplateVO tmpl : pTmplts){
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
}
@@ -259,11 +259,11 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
if (entityTypes == null || entityTypes.length == 0) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
} else {
for (IAMEntityType entityType : entityTypes) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 13f6914..d0d9d88 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -64,7 +64,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
if (entity == null && action != null) {
// check if caller can do this action
- List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
+ List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getAccountId());
boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies);
if (!isAllowed) {
@@ -164,7 +164,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
private List<IAMPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
+ List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getId());
// add any dynamic policies w.r.t the entity
if (caller.getId() == entity.getAccountId()) {
@@ -172,12 +172,12 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
policies.add(_iamSrv.getResourceOwnerPolicy());
}
- List<IAMGroup> groups = _iamSrv.listAclGroups(caller.getId());
+ List<IAMGroup> groups = _iamSrv.listIAMGroups(caller.getId());
for (IAMGroup group : groups) {
// for each group find the grand parent groups.
- List<IAMGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
+ List<IAMGroup> parentGroups = _iamSrv.listParentIAMGroups(group.getId());
for (IAMGroup parentGroup : parentGroups) {
- policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
+ policies.addAll(_iamSrv.listRecursiveIAMPoliciesByGroup(parentGroup.getId()));
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
index 596ac7e..23c57a1 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
@@ -44,7 +44,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedDomains(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// for each policy, find granted permission with Domain scope
List<Long> domainIds = new ArrayList<Long>();
for (IAMPolicy policy : policies) {
@@ -68,7 +68,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedAccounts(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// for each policy, find granted permission with Account scope
List<Long> accountIds = new ArrayList<Long>();
for (IAMPolicy policy : policies) {
@@ -92,15 +92,15 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedResources(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// add the policies that grant recursive access
- List<IAMGroup> groups = _iamService.listAclGroups(caller.getId());
+ List<IAMGroup> groups = _iamService.listIAMGroups(caller.getId());
for (IAMGroup group : groups) {
// for each group find the grand parent groups.
- List<IAMGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
+ List<IAMGroup> parentGroups = _iamService.listParentIAMGroups(group.getId());
for (IAMGroup parentGroup : parentGroups) {
- policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
+ policies.addAll(_iamService.listRecursiveIAMPoliciesByGroup(parentGroup.getId()));
}
}
@@ -123,7 +123,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public boolean isGrantedAll(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// for each policy, find granted permission with ALL scope
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
@@ -136,7 +136,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
@Override
public List<String> listAclGroupsByAccount(long accountId) {
- List<IAMGroup> groups = _iamService.listAclGroups(accountId);
+ List<IAMGroup> groups = _iamService.listIAMGroups(accountId);
List<String> groupNames = new ArrayList<String>();
for (IAMGroup grp : groups) {
groupNames.add(grp.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
index 6eb61fa..74a0885 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
@@ -24,12 +24,12 @@ import com.cloud.utils.Pair;
public interface IAMService {
- /* ACL group related interfaces */
- IAMGroup createAclGroup(String aclGroupName, String description, String path);
+ /* IAM group related interfaces */
+ IAMGroup createIAMGroup(String iamGroupName, String description, String path);
- boolean deleteAclGroup(Long aclGroupId);
+ boolean deleteIAMGroup(Long iamGroupId);
- List<IAMGroup> listAclGroups(long accountId);
+ List<IAMGroup> listIAMGroups(long accountId);
IAMGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
@@ -37,34 +37,34 @@ public interface IAMService {
List<Long> listAccountsByGroup(long groupId);
- Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
+ Pair<List<IAMGroup>, Integer> listIAMGroups(Long iamGroupId, String iamGroupName, String path, Long startIndex, Long pageSize);
- /* ACL Policy related interfaces */
- IAMPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path);
+ /* IAM Policy related interfaces */
+ IAMPolicy createIAMPolicy(String iamPolicyName, String description, Long parentPolicyId, String path);
- boolean deleteAclPolicy(long aclPolicyId);
+ boolean deleteIAMPolicy(long iamPolicyId);
- List<IAMPolicy> listAclPolicies(long accountId);
+ List<IAMPolicy> listIAMPolicies(long accountId);
- List<IAMPolicy> listAclPoliciesByGroup(long groupId);
+ List<IAMPolicy> listIAMPoliciesByGroup(long groupId);
- Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize);
+ Pair<List<IAMPolicy>, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize);
- IAMGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
+ IAMGroup attachIAMPoliciesToGroup(List<Long> policyIds, Long groupId);
- IAMGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
+ IAMGroup removeIAMPoliciesFromGroup(List<Long> policyIds, Long groupId);
- void attachAclPolicyToAccounts(Long policyId, List<Long> acctIds);
+ void attachIAMPolicyToAccounts(Long policyId, List<Long> acctIds);
- void removeAclPolicyFromAccounts(Long policyId, List<Long> acctIds);
+ void removeIAMPolicyFromAccounts(Long policyId, List<Long> acctIds);
- IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
String action, String accessType, Permission perm, Boolean recursive);
- IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
String action);
- void removeAclPermissionForEntity(final String entityType, final Long entityId);
+ void removeIAMPermissionForEntity(final String entityType, final Long entityId);
IAMPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action);
@@ -80,13 +80,13 @@ public interface IAMService {
List<Long> getGrantedEntities(long accountId, String action, String scope);
- IAMPolicy resetAclPolicy(long aclPolicyId);
+ IAMPolicy resetIAMPolicy(long iamPolicyId);
List<IAMPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
String entityType);
- List<IAMGroup> listParentAclGroups(long groupId);
+ List<IAMGroup> listParentIAMGroups(long groupId);
- List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId);
+ List<IAMPolicy> listRecursiveIAMPoliciesByGroup(long groupId);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
index 8f3ac7d..a537655 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
@@ -39,7 +39,7 @@ public class IAMAccountPolicyMapVO {
private long accountId;
@Column(name = "policy_id")
- private long aclPolicyId;
+ private long iamPolicyId;
@Column(name = GenericDao.REMOVED_COLUMN)
private Date removed;
@@ -50,9 +50,9 @@ public class IAMAccountPolicyMapVO {
public IAMAccountPolicyMapVO() {
}
- public IAMAccountPolicyMapVO(long accountId, long aclPolicyId) {
+ public IAMAccountPolicyMapVO(long accountId, long iamPolicyId) {
this.accountId = accountId;
- this.aclPolicyId = aclPolicyId;
+ this.iamPolicyId = iamPolicyId;
}
public long getId() {
@@ -63,8 +63,8 @@ public class IAMAccountPolicyMapVO {
return accountId;
}
- public long getAclPolicyId() {
- return aclPolicyId;
+ public long getIAMPolicyId() {
+ return iamPolicyId;
}
public Date getRemoved() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index 02da7c3..11af27e 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -84,15 +84,15 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMGroup createAclGroup(String aclGroupName, String description, String path) {
+ public IAMGroup createIAMGroup(String iamGroupName, String description, String path) {
// check if the group is already existing
- IAMGroup grp = _aclGroupDao.findByName(path, aclGroupName);
+ IAMGroup grp = _aclGroupDao.findByName(path, iamGroupName);
if (grp != null) {
throw new InvalidParameterValueException(
- "Unable to create acl group with name " + aclGroupName
+ "Unable to create acl group with name " + iamGroupName
+ " already exisits for path " + path);
}
- IAMGroupVO rvo = new IAMGroupVO(aclGroupName, description);
+ IAMGroupVO rvo = new IAMGroupVO(iamGroupName, description);
rvo.setPath(path);
return _aclGroupDao.persist(rvo);
@@ -100,11 +100,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public boolean deleteAclGroup(final Long aclGroupId) {
+ public boolean deleteIAMGroup(final Long iamGroupId) {
// get the Acl Group entity
- final IAMGroup grp = _aclGroupDao.findById(aclGroupId);
+ final IAMGroup grp = _aclGroupDao.findById(iamGroupId);
if (grp == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + aclGroupId
+ throw new InvalidParameterValueException("Unable to find acl group: " + iamGroupId
+ "; failed to delete acl group.");
}
@@ -128,7 +128,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
// remove this group from acl_group table
- _aclGroupDao.remove(aclGroupId);
+ _aclGroupDao.remove(iamGroupId);
}
});
@@ -137,7 +137,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<IAMGroup> listAclGroups(long accountId) {
+ public List<IAMGroup> listIAMGroups(long accountId) {
GenericSearchBuilder<IAMGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class);
groupSB.selectFields(groupSB.entity().getAclGroupId());
@@ -225,11 +225,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) {
- if (aclGroupId != null) {
- IAMGroup group = _aclGroupDao.findById(aclGroupId);
+ public Pair<List<IAMGroup>, Integer> listIAMGroups(Long iamGroupId, String iamGroupName, String path, Long startIndex, Long pageSize) {
+ if (iamGroupId != null) {
+ IAMGroup group = _aclGroupDao.findById(iamGroupId);
if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId);
+ throw new InvalidParameterValueException("Unable to find acl group by id " + iamGroupId);
}
}
@@ -242,12 +242,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
SearchCriteria<IAMGroupVO> sc = sb.create();
- if (aclGroupName != null) {
- sc.setParameters("name", aclGroupName);
+ if (iamGroupName != null) {
+ sc.setParameters("name", iamGroupName);
}
- if (aclGroupId != null) {
- sc.setParameters("id", aclGroupId);
+ if (iamGroupId != null) {
+ sc.setParameters("id", iamGroupId);
}
sc.setParameters("path", path + "%");
@@ -257,7 +257,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public List<IAMGroup> listParentAclGroups(long groupId) {
+ public List<IAMGroup> listParentIAMGroups(long groupId) {
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + groupId);
@@ -294,20 +294,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) {
+ public IAMPolicy createIAMPolicy(final String iamPolicyName, final String description, final Long parentPolicyId, final String path) {
// check if the policy is already existing
- IAMPolicy ro = _aclPolicyDao.findByName(aclPolicyName);
+ IAMPolicy ro = _aclPolicyDao.findByName(iamPolicyName);
if (ro != null) {
throw new InvalidParameterValueException(
- "Unable to create acl policy with name " + aclPolicyName
+ "Unable to create acl policy with name " + iamPolicyName
+ " already exisits");
}
IAMPolicy role = Transaction.execute(new TransactionCallback<IAMPolicy>() {
@Override
public IAMPolicy doInTransaction(TransactionStatus status) {
- IAMPolicyVO rvo = new IAMPolicyVO(aclPolicyName, description);
+ IAMPolicyVO rvo = new IAMPolicyVO(iamPolicyName, description);
rvo.setPath(path);
IAMPolicy role = _aclPolicyDao.persist(rvo);
@@ -331,11 +331,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public boolean deleteAclPolicy(final long aclPolicyId) {
+ public boolean deleteIAMPolicy(final long iamPolicyId) {
// get the Acl Policy entity
- final IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ final IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
+ "; failed to delete acl policy.");
}
@@ -367,7 +367,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
// remove this role from acl_role table
- _aclPolicyDao.remove(aclPolicyId);
+ _aclPolicyDao.remove(iamPolicyId);
}
});
@@ -377,7 +377,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<IAMPolicy> listAclPolicies(long accountId) {
+ public List<IAMPolicy> listIAMPolicies(long accountId) {
// static policies of the account
SearchBuilder<IAMGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
@@ -395,7 +395,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
// add policies directly attached to the account
List<IAMAccountPolicyMapVO> acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId);
for (IAMAccountPolicyMapVO p : acctPolicies) {
- policyIds.add(p.getAclPolicyId());
+ policyIds.add(p.getIAMPolicyId());
}
if (policyIds.size() == 0) {
return new ArrayList<IAMPolicy>();
@@ -413,7 +413,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<IAMPolicy> listAclPoliciesByGroup(long groupId) {
+ public List<IAMPolicy> listIAMPoliciesByGroup(long groupId) {
List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
return new ArrayList<IAMPolicy>();
@@ -436,7 +436,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId) {
+ public List<IAMPolicy> listRecursiveIAMPoliciesByGroup(long groupId) {
List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
return new ArrayList<IAMPolicy>();
@@ -468,12 +468,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
+ public Pair<List<IAMPolicy>, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize) {
- if (aclPolicyId != null) {
- IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ if (iamPolicyId != null) {
+ IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId);
+ throw new InvalidParameterValueException("Unable to find acl policy by id " + iamPolicyId);
}
}
@@ -486,12 +486,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
SearchCriteria<IAMPolicyVO> sc = sb.create();
- if (aclPolicyName != null) {
- sc.setParameters("name", aclPolicyName);
+ if (iamPolicyName != null) {
+ sc.setParameters("name", iamPolicyName);
}
- if (aclPolicyId != null) {
- sc.setParameters("id", aclPolicyId);
+ if (iamPolicyId != null) {
+ sc.setParameters("id", iamPolicyId);
}
sc.setParameters("path", path + "%");
@@ -504,7 +504,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
+ public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
@@ -538,7 +538,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
+ public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
@@ -570,7 +570,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
- public void attachAclPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
+ public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
@@ -594,7 +594,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> acctIds) {
+ public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> acctIds) {
IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
@@ -619,20 +619,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ public IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
String action, String accessType, Permission perm, Boolean recursive) {
// get the Acl Policy entity
- IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
+ "; failed to add permission to policy.");
}
// add entry in acl_policy_permission table
- IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
+ IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(iamPolicyId, entityType, scope, scopeId, action, perm);
if (permit == null) {
// not there already
- permit = new IAMPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm,
+ permit = new IAMPolicyPermissionVO(iamPolicyId, action, entityType, accessType, scope, scopeId, perm,
recursive);
_policyPermissionDao.persist(permit);
}
@@ -642,16 +642,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
String action) {
// get the Acl Policy entity
- IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
+ "; failed to revoke permission from policy.");
}
// remove entry from acl_entity_permission table
- IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, Permission.Allow);
+ IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(iamPolicyId, entityType, scope, scopeId, action, Permission.Allow);
if (permit != null) {
// not removed yet
_policyPermissionDao.remove(permit.getId());
@@ -661,7 +661,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public void removeAclPermissionForEntity(final String entityType, final Long entityId) {
+ public void removeIAMPermissionForEntity(final String entityType, final Long entityId) {
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
@@ -673,7 +673,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
// remove the policy if there are no other permissions
if ((_policyPermissionDao.listByPolicy(policyId)).isEmpty()) {
- deleteAclPolicy(policyId);
+ deleteIAMPolicy(policyId);
}
}
}
@@ -682,11 +682,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMPolicy resetAclPolicy(long aclPolicyId) {
+ public IAMPolicy resetIAMPolicy(long iamPolicyId) {
// get the Acl Policy entity
- IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
+ "; failed to reset the policy.");
}
@@ -695,7 +695,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ);
sb.done();
SearchCriteria<IAMPolicyPermissionVO> permissionSC = sb.create();
- permissionSC.setParameters("policyId", aclPolicyId);
+ permissionSC.setParameters("policyId", iamPolicyId);
_policyPermissionDao.expunge(permissionSC);
return policy;
@@ -736,7 +736,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public List<Long> getGrantedEntities(long accountId, String action, String scope) {
// Get the static Policies of the Caller
- List<IAMPolicy> policies = listAclPolicies(accountId);
+ List<IAMPolicy> policies = listIAMPolicies(accountId);
// for each policy, find granted permission within the given scope
List<Long> entityIds = new ArrayList<Long>();
for (IAMPolicy policy : policies) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
index 883fd5c..a112a3e 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
@@ -26,11 +26,11 @@ public class IAMAccountPolicyMapDaoImpl extends GenericDaoBase<IAMAccountPolicyM
ListByAccountId.done();
ListByPolicyId = createSearchBuilder();
- ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ ListByPolicyId.and("policyId", ListByPolicyId.entity().getIAMPolicyId(), SearchCriteria.Op.EQ);
ListByPolicyId.done();
findByPolicyAccountId = createSearchBuilder();
- findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getIAMPolicyId(), SearchCriteria.Op.EQ);
findByPolicyAccountId.and("accountId", findByPolicyAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
findByPolicyAccountId.done();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
----------------------------------------------------------------------
diff --git a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
index 8760199..53cfc71 100644
--- a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
+++ b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
@@ -114,19 +114,19 @@ public class IAMServiceUnitTest {
@Test(expected = InvalidParameterValueException.class)
public void createAclGroupTest() {
- IAMGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
+ IAMGroup group = _iamService.createIAMGroup("group1", "my first group", "/root/mydomain");
assertNotNull("Acl group 'group1' failed to create ", group);
IAMGroupVO group2 = new IAMGroupVO("group1", "my second group");
when(_aclGroupDao.findByName(eq("/root/mydomain"), eq("group1"))).thenReturn(group2);
- IAMGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
+ IAMGroup group3 = _iamService.createIAMGroup("group1", "my first group", "/root/mydomain");
}
@Test(expected = InvalidParameterValueException.class)
public void deleteAclGroupInvalidIdTest() {
when(_aclGroupDao.findById(20L)).thenReturn(null);
- _iamService.deleteAclGroup(20L);
+ _iamService.deleteIAMGroup(20L);
}
@Test
@@ -145,19 +145,19 @@ public class IAMServiceUnitTest {
@Test(expected = InvalidParameterValueException.class)
public void createAclPolicyTest() {
- IAMPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain");
+ IAMPolicy policy = _iamService.createIAMPolicy("policy1", "my first policy", null, "/root/mydomain");
assertNotNull("Acl policy 'policy1' failed to create ", policy);
IAMPolicyVO rvo = new IAMPolicyVO("policy2", "second policy");
when(_aclPolicyDao.findByName(eq("policy2"))).thenReturn(rvo);
- _iamService.createAclPolicy("policy2", "second policy", null, "/root/mydomain");
+ _iamService.createIAMPolicy("policy2", "second policy", null, "/root/mydomain");
}
@Test(expected = InvalidParameterValueException.class)
public void deleteAclPolicyInvalidIdTest() {
when(_aclPolicyDao.findById(34L)).thenReturn(null);
- _iamService.deleteAclPolicy(34L);
+ _iamService.deleteIAMPolicy(34L);
}
@Configuration