You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2014/03/14 00:55:09 UTC
[16/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
iam/plugin: Rename Acl to IAM everywhere
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/187f9cd0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/187f9cd0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/187f9cd0
Branch: refs/heads/master
Commit: 187f9cd0a2c5e0c1709605a1909a742e8dbba839
Parents: b2ba6c0
Author: Prachi Damle <pr...@cloud.com>
Authored: Mon Feb 24 16:59:27 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 16:43:23 2014 -0800
----------------------------------------------------------------------
api/src/com/cloud/event/EventTypes.java | 22 +-
.../cloudstack/api/ApiCommandJobType.java | 4 +-
.../org/apache/cloudstack/api/ApiConstants.java | 26 +-
.../api/response/AccountResponse.java | 2 +-
.../com/cloud/template/TemplateManagerImpl.java | 4 +-
...g-acl-role-based-access-checkers-context.xml | 35 -
.../spring-iam-access-checkers-context.xml | 35 +
.../command/iam/AddAccountToAclGroupCmd.java | 127 ----
.../command/iam/AddAccountToIAMGroupCmd.java | 127 ++++
.../iam/AddAclPermissionToAclPolicyCmd.java | 151 ----
.../iam/AddIAMPermissionToIAMPolicyCmd.java | 152 ++++
.../iam/AttachAclPolicyToAccountCmd.java | 122 ----
.../iam/AttachAclPolicyToAclGroupCmd.java | 127 ----
.../iam/AttachIAMPolicyToAccountCmd.java | 122 ++++
.../iam/AttachIAMPolicyToIAMGroupCmd.java | 127 ++++
.../api/command/iam/CreateAclGroupCmd.java | 168 -----
.../api/command/iam/CreateAclPolicyCmd.java | 175 -----
.../api/command/iam/CreateIAMGroupCmd.java | 168 +++++
.../api/command/iam/CreateIAMPolicyCmd.java | 175 +++++
.../api/command/iam/DeleteAclGroupCmd.java | 102 ---
.../api/command/iam/DeleteAclPolicyCmd.java | 102 ---
.../api/command/iam/DeleteIAMGroupCmd.java | 102 +++
.../api/command/iam/DeleteIAMPolicyCmd.java | 102 +++
.../api/command/iam/ListAclGroupsCmd.java | 88 ---
.../api/command/iam/ListAclPoliciesCmd.java | 88 ---
.../api/command/iam/ListIAMGroupsCmd.java | 88 +++
.../api/command/iam/ListIAMPoliciesCmd.java | 88 +++
.../iam/RemoveAccountFromAclGroupCmd.java | 127 ----
.../iam/RemoveAccountFromIAMGroupCmd.java | 127 ++++
.../RemoveAclPermissionFromAclPolicyCmd.java | 147 ----
.../iam/RemoveAclPolicyFromAccountCmd.java | 122 ----
.../iam/RemoveAclPolicyFromAclGroupCmd.java | 127 ----
.../RemoveIAMPermissionFromIAMPolicyCmd.java | 147 ++++
.../iam/RemoveIAMPolicyFromAccountCmd.java | 122 ++++
.../iam/RemoveIAMPolicyFromIAMGroupCmd.java | 127 ++++
.../api/response/iam/AclGroupResponse.java | 193 ------
.../api/response/iam/AclPermissionResponse.java | 125 ----
.../api/response/iam/AclPolicyResponse.java | 177 -----
.../api/response/iam/IAMGroupResponse.java | 193 ++++++
.../api/response/iam/IAMPermissionResponse.java | 125 ++++
.../api/response/iam/IAMPolicyResponse.java | 177 +++++
.../apache/cloudstack/iam/AclApiService.java | 84 ---
.../cloudstack/iam/AclApiServiceImpl.java | 690 -------------------
.../apache/cloudstack/iam/IAMApiService.java | 84 +++
.../cloudstack/iam/IAMApiServiceImpl.java | 690 +++++++++++++++++++
.../iam/RoleBasedAPIAccessChecker.java | 12 +-
.../iam/RoleBasedEntityAccessChecker.java | 34 +-
.../iam/RoleBasedEntityQuerySelector.java | 48 +-
.../cloudstack/acl/AclApiServiceTest.java | 357 ----------
.../cloudstack/iam/test/IAMApiServiceTest.java | 363 ++++++++++
.../org/apache/cloudstack/iam/api/AclGroup.java | 37 -
.../apache/cloudstack/iam/api/AclPolicy.java | 41 --
.../cloudstack/iam/api/AclPolicyPermission.java | 53 --
.../org/apache/cloudstack/iam/api/IAMGroup.java | 37 +
.../apache/cloudstack/iam/api/IAMPolicy.java | 41 ++
.../cloudstack/iam/api/IAMPolicyPermission.java | 53 ++
.../apache/cloudstack/iam/api/IAMService.java | 48 +-
.../iam/server/AclAccountPolicyMapVO.java | 77 ---
.../iam/server/AclGroupAccountMapVO.java | 78 ---
.../iam/server/AclGroupPolicyMapVO.java | 79 ---
.../cloudstack/iam/server/AclGroupVO.java | 122 ----
.../iam/server/AclPolicyPermissionVO.java | 181 -----
.../cloudstack/iam/server/AclPolicyVO.java | 138 ----
.../iam/server/IAMAccountPolicyMapVO.java | 77 +++
.../iam/server/IAMGroupAccountMapVO.java | 78 +++
.../iam/server/IAMGroupPolicyMapVO.java | 79 +++
.../cloudstack/iam/server/IAMGroupVO.java | 122 ++++
.../iam/server/IAMPolicyPermissionVO.java | 181 +++++
.../cloudstack/iam/server/IAMPolicyVO.java | 138 ++++
.../cloudstack/iam/server/IAMServiceImpl.java | 282 ++++----
.../iam/server/dao/AclAccountPolicyMapDao.java | 17 -
.../server/dao/AclAccountPolicyMapDaoImpl.java | 61 --
.../iam/server/dao/AclGroupAccountMapDao.java | 40 --
.../server/dao/AclGroupAccountMapDaoImpl.java | 119 ----
.../cloudstack/iam/server/dao/AclGroupDao.java | 28 -
.../iam/server/dao/AclGroupDaoImpl.java | 59 --
.../iam/server/dao/AclGroupPolicyMapDao.java | 16 -
.../server/dao/AclGroupPolicyMapDaoImpl.java | 61 --
.../cloudstack/iam/server/dao/AclPolicyDao.java | 28 -
.../iam/server/dao/AclPolicyDaoImpl.java | 57 --
.../iam/server/dao/AclPolicyPermissionDao.java | 39 --
.../server/dao/AclPolicyPermissionDaoImpl.java | 129 ----
.../iam/server/dao/IAMAccountPolicyMapDao.java | 17 +
.../server/dao/IAMAccountPolicyMapDaoImpl.java | 61 ++
.../iam/server/dao/IAMGroupAccountMapDao.java | 40 ++
.../server/dao/IAMGroupAccountMapDaoImpl.java | 119 ++++
.../cloudstack/iam/server/dao/IAMGroupDao.java | 28 +
.../iam/server/dao/IAMGroupDaoImpl.java | 59 ++
.../iam/server/dao/IAMGroupPolicyMapDao.java | 16 +
.../server/dao/IAMGroupPolicyMapDaoImpl.java | 61 ++
.../cloudstack/iam/server/dao/IAMPolicyDao.java | 28 +
.../iam/server/dao/IAMPolicyDaoImpl.java | 57 ++
.../iam/server/dao/IAMPolicyPermissionDao.java | 39 ++
.../server/dao/IAMPolicyPermissionDaoImpl.java | 129 ++++
.../cloudstack/iam/IAMServiceUnitTest.java | 76 +-
setup/db/db/schema-430to440.sql | 76 +-
96 files changed, 5218 insertions(+), 5211 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/api/src/com/cloud/event/EventTypes.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java
index ea49624..d0ade89 100755
--- a/api/src/com/cloud/event/EventTypes.java
+++ b/api/src/com/cloud/event/EventTypes.java
@@ -455,17 +455,17 @@ public class EventTypes {
public static final String EVENT_UCS_ASSOCIATED_PROFILE = "UCS.ASSOCIATEPROFILE";
- public static final String EVENT_ACL_POLICY_CREATE = "ACLPOLICY.CREATE";
- public static final String EVENT_ACL_POLICY_DELETE = "ACLPOLICY.DELETE";
- public static final String EVENT_ACL_POLICY_GRANT = "ACLPOLICY.GRANT";
- public static final String EVENT_ACL_POLICY_REVOKE = "ACLPOLICY.REVOKE";
-
- public static final String EVENT_ACL_GROUP_UPDATE = "ACLGROUP.UPDATE";
- public static final String EVENT_ACL_GROUP_CREATE = "ACLGROUP.CREATE";
- public static final String EVENT_ACL_GROUP_DELETE = "ACLGROUP.DELETE";
- public static final String EVENT_ACL_GROUP_GRANT = "ACLGROUP.GRANT";
- public static final String EVENT_ACL_GROUP_REVOKE = "ACLGROUP.REVOKE";
- public static final String EVENT_ACL_ACCOUNT_POLICY_UPDATE = "ACLACCOUNTPOLICY.UPDATE";
+ public static final String EVENT_IAM_POLICY_CREATE = "IAMPOLICY.CREATE";
+ public static final String EVENT_IAM_POLICY_DELETE = "IAMPOLICY.DELETE";
+ public static final String EVENT_IAM_POLICY_GRANT = "IAMPOLICY.GRANT";
+ public static final String EVENT_IAM_POLICY_REVOKE = "IAMPOLICY.REVOKE";
+
+ public static final String EVENT_IAM_GROUP_UPDATE = "IAMGROUP.UPDATE";
+ public static final String EVENT_IAM_GROUP_CREATE = "IAMGROUP.CREATE";
+ public static final String EVENT_IAM_GROUP_DELETE = "IAMGROUP.DELETE";
+ public static final String EVENT_IAM_GROUP_GRANT = "IAMGROUP.GRANT";
+ public static final String EVENT_IAM_GROUP_REVOKE = "IAMGROUP.REVOKE";
+ public static final String EVENT_IAM_ACCOUNT_POLICY_UPDATE = "IAMACCOUNTPOLICY.UPDATE";
// Object store migration
public static final String EVENT_MIGRATE_PREPARE_SECONDARY_STORAGE = "MIGRATE.PREPARE.SS";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiCommandJobType.java b/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
index 0e79e66..f27f001 100644
--- a/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
+++ b/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
@@ -50,6 +50,6 @@ public enum ApiCommandJobType {
AffinityGroup,
InternalLbVm,
DedicatedGuestVlanRange,
- AclPolicy,
- AclGroup
+ IAMPolicy,
+ IAMGroup
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index 3535872..b34f106 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -543,19 +543,19 @@ public class ApiConstants {
public static final String ROUTING = "isrouting";
public static final String MAX_CONNECTIONS = "maxconnections";
public static final String SERVICE_STATE = "servicestate";
- public static final String ACL_ACCOUNT_IDS = "accountids";
- public static final String ACL_MEMBER_ACCOUNTS = "memberaccounts";
- public static final String ACL_PARENT_POLICY_ID = "parentpolicyid";
- public static final String ACL_PARENT_POLICY_NAME = "parentpolicyname";
- public static final String ACL_POLICY_IDS = "policyids";
- public static final String ACL_POLICIES = "policies";
- public static final String ACL_APIS = "apis";
- public static final String ACL_GROUPS = "groups";
- public static final String ACL_PERMISSIONS = "permission";
- public static final String ACL_ACTION = "action";
- public static final String ACL_SCOPE = "scope";
- public static final String ACL_SCOPE_ID = "scopeid";
- public static final String ACL_ALLOW_DENY = "permission";
+ public static final String IAM_ACCOUNT_IDS = "accountids";
+ public static final String IAM_MEMBER_ACCOUNTS = "memberaccounts";
+ public static final String IAM_PARENT_POLICY_ID = "parentpolicyid";
+ public static final String IAM_PARENT_POLICY_NAME = "parentpolicyname";
+ public static final String IAM_POLICY_IDS = "policyids";
+ public static final String IAM_POLICIES = "policies";
+ public static final String IAM_APIS = "apis";
+ public static final String IAM_GROUPS = "groups";
+ public static final String IAM_PERMISSIONS = "permission";
+ public static final String IAM_ACTION = "action";
+ public static final String IAM_SCOPE = "scope";
+ public static final String IAM_SCOPE_ID = "scopeid";
+ public static final String IAM_ALLOW_DENY = "permission";
public static final String ENTITY_TYPE = "entitytype";
public static final String ENTITY_ID = "entityid";
public static final String ACCESS_TYPE = "accesstype";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/api/src/org/apache/cloudstack/api/response/AccountResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/AccountResponse.java b/api/src/org/apache/cloudstack/api/response/AccountResponse.java
index 7d36785..991b162 100644
--- a/api/src/org/apache/cloudstack/api/response/AccountResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/AccountResponse.java
@@ -239,7 +239,7 @@ public class AccountResponse extends BaseResponse implements ResourceLimitAndCou
@Param(description = "true if account is default, false otherwise", since = "4.2.0")
private Boolean isDefault;
- @SerializedName(ApiConstants.ACL_GROUPS)
+ @SerializedName(ApiConstants.IAM_GROUPS)
@Param(description = "the list of acl groups that account belongs to")
private List<String> groups;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/server/src/com/cloud/template/TemplateManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/TemplateManagerImpl.java b/server/src/com/cloud/template/TemplateManagerImpl.java
index a8aa785..f27fb74 100755
--- a/server/src/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/com/cloud/template/TemplateManagerImpl.java
@@ -1273,7 +1273,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
permit.put(ApiConstants.ENTITY_TYPE, IAMEntityType.VirtualMachineTemplate.toString());
permit.put(ApiConstants.ENTITY_ID, id);
permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry);
- permit.put(ApiConstants.ACL_ACTION, "listTemplates");
+ permit.put(ApiConstants.IAM_ACTION, "listTemplates");
permit.put(ApiConstants.ACCOUNTS, accountIds);
_messageBus.publish(_name, EntityManager.MESSAGE_GRANT_ENTITY_EVENT, PublishScope.LOCAL, permit);
} else if ("remove".equalsIgnoreCase(operation)) {
@@ -1290,7 +1290,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
permit.put(ApiConstants.ENTITY_TYPE, IAMEntityType.VirtualMachineTemplate.toString());
permit.put(ApiConstants.ENTITY_ID, id);
permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry);
- permit.put(ApiConstants.ACL_ACTION, "listTemplates");
+ permit.put(ApiConstants.IAM_ACTION, "listTemplates");
permit.put(ApiConstants.ACCOUNTS, accountIds);
_messageBus.publish(_name, EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, PublishScope.LOCAL, permit);
} else if ("reset".equalsIgnoreCase(operation)) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
deleted file mode 100644
index 5cc2dbd..0000000
--- a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-3.0.xsd"
- >
-
- <bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.acl.RoleBasedAPIAccessChecker" />
- <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.acl.RoleBasedEntityAccessChecker" />
- <bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.acl.RoleBasedEntityQuerySelector" />
- <bean id="AclApiServiceImpl" class="org.apache.cloudstack.acl.api.AclApiServiceImpl" />
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
new file mode 100644
index 0000000..fb0ddf3
--- /dev/null
+++ b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
@@ -0,0 +1,35 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+ >
+
+ <bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.iam.RoleBasedAPIAccessChecker" />
+ <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.iam.RoleBasedEntityAccessChecker" />
+ <bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.iam.RoleBasedEntityQuerySelector" />
+ <bean id="AclApiServiceImpl" class="org.apache.cloudstack.iam.AclApiServiceImpl" />
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
deleted file mode 100644
index b63f635..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAccountToAclGroup", description = "add account to an acl group", responseObject = AclGroupResponse.class)
-public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName());
- private static final String s_name = "addaccounttoaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.addAccountsToGroup(accountIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding accounts to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java
new file mode 100644
index 0000000..bea3fc9
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "addAccountToIAMGroup", description = "add account to an iam group", responseObject = IAMGroupResponse.class)
+public class AddAccountToIAMGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AddAccountToIAMGroupCmd.class.getName());
+ private static final String s_name = "addaccounttoiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ required = true, description = "The ID of the iam group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the iam group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM group Id: " + getId());
+ IAMGroup result = _iamApiSrv.addAccountsToGroup(accountIdList, id);
+ if (result != null){
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to iam group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding accounts to iam group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
deleted file mode 100644
index e0ecb50..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
+++ /dev/null
@@ -1,151 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAclPermissionToAclPolicy", description = "Add Acl permission to an acl policy", responseObject = AclPolicyResponse.class)
-public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName());
- private static final String s_name = "addaclpermissiontoaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
- private String action;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
- required = false, description = "acl permission scope")
- private String scope;
-
- @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public String getAction() {
- return action;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public String getScope() {
- return scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- // Only explicit ALLOW is supported for this release, no explicit deny
- AclPolicy result = _aclApiSrv.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope),
- scopeId, action, Permission.Allow, false);
- if (result != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl policy " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_GRANT;
- }
-
- @Override
- public String getEventDescription() {
- return "granting permission to acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
new file mode 100644
index 0000000..86afd10
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
@@ -0,0 +1,152 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "addIAMPermissionToIAMPolicy", description = "Add IAM permission to an iam policy", responseObject = IAMPolicyResponse.class)
+public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AddIAMPermissionToIAMPolicyCmd.class.getName());
+ private static final String s_name = "addiampermissiontoiampolicyresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMPolicyResponse.class,
+ required = true, description = "The ID of the iam policy")
+ private Long id;
+
+ @Parameter(name = ApiConstants.IAM_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
+ private String action;
+
+ @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
+ private String entityType;
+
+ @Parameter(name = ApiConstants.IAM_SCOPE, type = CommandType.STRING,
+ required = false, description = "iam permission scope")
+ private String scope;
+
+ @Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
+ private Long scopeId;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getEntityType() {
+ return entityType;
+ }
+
+ public String getScope() {
+ return scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM policy Id: " + getId());
+ // Only explicit ALLOW is supported for this release, no explicit deny
+ IAMPolicy result = _iamApiSrv.addIAMPermissionToIAMPolicy(id, entityType, PermissionScope.valueOf(scope),
+ scopeId, action, Permission.Allow, false);
+ if (result != null) {
+ IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to iam policy "
+ + getId());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_POLICY_GRANT;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "granting permission to iam policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
deleted file mode 100644
index c16f8bd..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
+++ /dev/null
@@ -1,122 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "attachAclPolicyToAccount", description = "attach acl policy to accounts", responseObject = SuccessResponse.class)
-public class AttachAclPolicyToAccountCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAccountCmd.class.getName());
- private static final String s_name = "attachaclpolicytoaccountresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that the policy will attach to.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- _aclApiSrv.attachAclPolicyToAccounts(id, accountIdList);
- SuccessResponse response = new SuccessResponse();
- response.setResponseName(getCommandName());
- setResponseObject(response);
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding acl policy to accounts";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.Account;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
deleted file mode 100644
index cd2a3d5..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "attachAclPolicyToAclGroup", description = "attach acl policy to an acl group", responseObject = AclGroupResponse.class)
-public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName());
- private static final String s_name = "attachaclpolicytoaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> policyIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getPolicyIdList() {
- return policyIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.attachAclPoliciesToGroup(policyIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding acl roles to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java
new file mode 100644
index 0000000..fc174cf
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java
@@ -0,0 +1,122 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "attachIAMPolicyToAccount", description = "attach iam policy to accounts", responseObject = SuccessResponse.class)
+public class AttachIAMPolicyToAccountCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AttachIAMPolicyToAccountCmd.class.getName());
+ private static final String s_name = "attachiampolicytoaccountresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMPolicyResponse.class,
+ required = true, description = "The ID of the iam policy")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that the policy will attach to.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM policy Id: " + getId());
+ _iamApiSrv.attachIAMPolicyToAccounts(id, accountIdList);
+ SuccessResponse response = new SuccessResponse();
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding IAM policy to accounts";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.Account;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java
new file mode 100644
index 0000000..1705c4a
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "attachIAMPolicyToIAMGroup", description = "attach iam policy to an iam group", responseObject = IAMGroupResponse.class)
+public class AttachIAMPolicyToIAMGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AttachIAMPolicyToIAMGroupCmd.class.getName());
+ private static final String s_name = "attachiampolicytoiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ required = true, description = "The ID of the iam group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.IAM_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = IAMPolicyResponse.class, description = "comma separated list of iam policy id that are going to be applied to the iam group.")
+ private List<Long> policyIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getPolicyIdList() {
+ return policyIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM group Id: " + getId());
+ IAMGroup result = _iamApiSrv.attachIAMPoliciesToGroup(policyIdList, id);
+ if (result != null){
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to iam group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding iam roles to iam group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
deleted file mode 100644
index 3805c9f..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
+++ /dev/null
@@ -1,168 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
-
-@APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group")
-public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclGroupCmd.class.getName());
-
- private static final String s_name = "createaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl group. Must be used with domainId.")
- private String accountName;
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl group", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl group")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
- private String name;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = CallContext.current().getCallingAccount();
- if ((account == null) || _accountService.isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
- // command to SYSTEM so ERROR events
- // are tracked
- }
-
- @Override
- public void execute() {
- AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId());
- if (grp != null) {
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(grp);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- Account account = CallContext.current().getCallingAccount();
- AclGroup result = _aclApiSrv.createAclGroup(account, name, description);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl group";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_GROUP_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
deleted file mode 100644
index 3bddc35..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
+++ /dev/null
@@ -1,175 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
-
-@APICommand(name = "createAclPolicy", responseObject = AclPolicyResponse.class, description = "Creates an acl policy")
-public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclPolicyCmd.class.getName());
-
- private static final String s_name = "createaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl policy. Must be used with domainId.")
- private String accountName;
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl policy", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl policy")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl policy")
- private String name;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent acl policy.", entityType = AclPolicyResponse.class)
- private Long parentPolicyId;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
- public Long getParentPolicyId() {
- return parentPolicyId;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = CallContext.current().getCallingAccount();
- if ((account == null) || _accountService.isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
- // command to SYSTEM so ERROR events
- // are tracked
- }
-
- @Override
- public void execute() {
- AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId());
- if (policy != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(policy);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- Account account = CallContext.current().getCallingAccount();
- AclPolicy result = _aclApiSrv.createAclPolicy(account, name, description, parentPolicyId);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl policy";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_POLICY_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java
new file mode 100644
index 0000000..d0b9bc6
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java
@@ -0,0 +1,168 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.user.Account;
+
+@APICommand(name = "createIAMGroup", responseObject = IAMGroupResponse.class, description = "Creates an IAM group")
+public class CreateIAMGroupCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIAMGroupCmd.class.getName());
+
+ private static final String s_name = "createiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the iam group. Must be used with domainId.")
+ private String accountName;
+
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the iam group", entityType = DomainResponse.class)
+ private Long domainId;
+
+ @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the iam group")
+ private String description;
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the iam group")
+ private String name;
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = CallContext.current().getCallingAccount();
+ if ((account == null) || _accountService.isAdmin(account.getType())) {
+ if ((domainId != null) && (accountName != null)) {
+ Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+ if (userAccount != null) {
+ return userAccount.getId();
+ }
+ }
+ }
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
+ // command to SYSTEM so ERROR events
+ // are tracked
+ }
+
+ @Override
+ public void execute() {
+ IAMGroup grp = _entityMgr.findById(IAMGroup.class, getEntityId());
+ if (grp != null) {
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(grp);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam group:" + name);
+ }
+ }
+
+ @Override
+ public void create() throws ResourceAllocationException {
+ Account account = CallContext.current().getCallingAccount();
+ IAMGroup result = _iamApiSrv.createIAMGroup(account, name, description);
+ if (result != null) {
+ setEntityId(result.getId());
+ setEntityUuid(result.getUuid());
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam group entity" + name);
+ }
+
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_CREATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "creating IAM group";
+ }
+
+ @Override
+ public String getCreateEventType() {
+ return EventTypes.EVENT_IAM_GROUP_CREATE;
+ }
+
+ @Override
+ public String getCreateEventDescription() {
+ return "creating IAM group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}