You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2014/02/26 02:05:34 UTC
[01/18] Renaming AclEntityType --> IAMEntityType
Repository: cloudstack
Updated Branches:
refs/heads/rbac b78cb2284 -> 45a96e4e4
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/MonitoringServiceVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/MonitoringServiceVO.java b/engine/schema/src/com/cloud/network/dao/MonitoringServiceVO.java
index 21e4f03..f1db7f4 100644
--- a/engine/schema/src/com/cloud/network/dao/MonitoringServiceVO.java
+++ b/engine/schema/src/com/cloud/network/dao/MonitoringServiceVO.java
@@ -25,7 +25,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.MonitoringService;
@@ -120,8 +120,8 @@ public class MonitoringServiceVO implements MonitoringService {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.MonitorService;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.MonitorService;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/NetworkVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/NetworkVO.java b/engine/schema/src/com/cloud/network/dao/NetworkVO.java
index cc5535a..c97a522 100644
--- a/engine/schema/src/com/cloud/network/dao/NetworkVO.java
+++ b/engine/schema/src/com/cloud/network/dao/NetworkVO.java
@@ -29,7 +29,7 @@ import javax.persistence.Table;
import javax.persistence.TableGenerator;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
import com.cloud.network.Network;
@@ -586,7 +586,7 @@ public class NetworkVO implements Network {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Network;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Network;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/RemoteAccessVpnVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/RemoteAccessVpnVO.java b/engine/schema/src/com/cloud/network/dao/RemoteAccessVpnVO.java
index f546bb7..c882d5d 100644
--- a/engine/schema/src/com/cloud/network/dao/RemoteAccessVpnVO.java
+++ b/engine/schema/src/com/cloud/network/dao/RemoteAccessVpnVO.java
@@ -25,7 +25,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.RemoteAccessVpn;
@@ -156,7 +156,7 @@ public class RemoteAccessVpnVO implements RemoteAccessVpn {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.RemoteAccessVpn;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.RemoteAccessVpn;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java b/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
index ab04eea..6de4d42 100644
--- a/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
+++ b/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
@@ -26,7 +26,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.Site2SiteCustomerGateway;
import com.cloud.utils.db.Encrypt;
@@ -211,7 +211,7 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Site2SiteCustomerGateway;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Site2SiteCustomerGateway;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/Site2SiteVpnConnectionVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/Site2SiteVpnConnectionVO.java b/engine/schema/src/com/cloud/network/dao/Site2SiteVpnConnectionVO.java
index b092a4a..19309c3 100644
--- a/engine/schema/src/com/cloud/network/dao/Site2SiteVpnConnectionVO.java
+++ b/engine/schema/src/com/cloud/network/dao/Site2SiteVpnConnectionVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.network.Site2SiteVpnConnection;
@@ -163,7 +163,7 @@ public class Site2SiteVpnConnectionVO implements Site2SiteVpnConnection, Interna
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Site2SiteVpnConnection;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Site2SiteVpnConnection;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/Site2SiteVpnGatewayVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/Site2SiteVpnGatewayVO.java b/engine/schema/src/com/cloud/network/dao/Site2SiteVpnGatewayVO.java
index c3ad360..842912e 100644
--- a/engine/schema/src/com/cloud/network/dao/Site2SiteVpnGatewayVO.java
+++ b/engine/schema/src/com/cloud/network/dao/Site2SiteVpnGatewayVO.java
@@ -26,7 +26,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.utils.db.GenericDao;
@@ -121,7 +121,7 @@ public class Site2SiteVpnGatewayVO implements Site2SiteVpnGateway {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Site2SiteVpnGateway;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Site2SiteVpnGateway;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/SslCertVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/SslCertVO.java b/engine/schema/src/com/cloud/network/dao/SslCertVO.java
index 52123a1..6ef7afd 100644
--- a/engine/schema/src/com/cloud/network/dao/SslCertVO.java
+++ b/engine/schema/src/com/cloud/network/dao/SslCertVO.java
@@ -23,7 +23,7 @@ import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.lb.SslCert;
import com.cloud.utils.db.Encrypt;
@@ -124,8 +124,8 @@ public class SslCertVO implements SslCert {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.SSLCert;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.SSLCert;
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java b/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
index 553812f..7d0ca79 100644
--- a/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
+++ b/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
@@ -34,7 +34,7 @@ import javax.persistence.InheritanceType;
import javax.persistence.Table;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
import com.cloud.utils.net.NetUtils;
@@ -272,7 +272,7 @@ public class FirewallRuleVO implements FirewallRule {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.FirewallRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.FirewallRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java b/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java
index d2e0bde..26859f7 100644
--- a/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java
+++ b/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java
@@ -25,7 +25,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
@Entity
@Table(name = ("security_group"))
@@ -97,7 +97,7 @@ public class SecurityGroupVO implements SecurityGroup {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.SecurityGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.SecurityGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/vpc/StaticRouteVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/vpc/StaticRouteVO.java b/engine/schema/src/com/cloud/network/vpc/StaticRouteVO.java
index b0e1123..a9ba051 100644
--- a/engine/schema/src/com/cloud/network/vpc/StaticRouteVO.java
+++ b/engine/schema/src/com/cloud/network/vpc/StaticRouteVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -139,7 +139,7 @@ public class StaticRouteVO implements StaticRoute {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.StaticRoute;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.StaticRoute;
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/vpc/VpcGatewayVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/vpc/VpcGatewayVO.java b/engine/schema/src/com/cloud/network/vpc/VpcGatewayVO.java
index f0a0e9c..723ec3b 100644
--- a/engine/schema/src/com/cloud/network/vpc/VpcGatewayVO.java
+++ b/engine/schema/src/com/cloud/network/vpc/VpcGatewayVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -219,7 +219,7 @@ public class VpcGatewayVO implements VpcGateway {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VpcGateway;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VpcGateway;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/vpc/VpcVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/vpc/VpcVO.java b/engine/schema/src/com/cloud/network/vpc/VpcVO.java
index dc4f80e..edd984a 100644
--- a/engine/schema/src/com/cloud/network/vpc/VpcVO.java
+++ b/engine/schema/src/com/cloud/network/vpc/VpcVO.java
@@ -26,7 +26,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -186,7 +186,7 @@ public class VpcVO implements Vpc {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Vpc;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Vpc;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/projects/ProjectInvitationVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/projects/ProjectInvitationVO.java b/engine/schema/src/com/cloud/projects/ProjectInvitationVO.java
index faa33d1..885c148 100644
--- a/engine/schema/src/com/cloud/projects/ProjectInvitationVO.java
+++ b/engine/schema/src/com/cloud/projects/ProjectInvitationVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -149,7 +149,7 @@ public class ProjectInvitationVO implements ProjectInvitation {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.ProjectInvitation;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.ProjectInvitation;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/storage/SnapshotVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/storage/SnapshotVO.java b/engine/schema/src/com/cloud/storage/SnapshotVO.java
index 3925708..4c8ceb7 100644
--- a/engine/schema/src/com/cloud/storage/SnapshotVO.java
+++ b/engine/schema/src/com/cloud/storage/SnapshotVO.java
@@ -30,7 +30,7 @@ import javax.persistence.Table;
import com.google.gson.annotations.Expose;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.utils.db.GenericDao;
@@ -239,7 +239,7 @@ public class SnapshotVO implements Snapshot {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Snapshot;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Snapshot;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/storage/VMTemplateVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/storage/VMTemplateVO.java b/engine/schema/src/com/cloud/storage/VMTemplateVO.java
index 1e19937..6501730 100755
--- a/engine/schema/src/com/cloud/storage/VMTemplateVO.java
+++ b/engine/schema/src/com/cloud/storage/VMTemplateVO.java
@@ -31,7 +31,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.storage.Storage.ImageFormat;
@@ -635,8 +635,8 @@ public class VMTemplateVO implements VirtualMachineTemplate {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachineTemplate;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachineTemplate;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/storage/VolumeVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/storage/VolumeVO.java b/engine/schema/src/com/cloud/storage/VolumeVO.java
index 69c9fa5..af80af8 100755
--- a/engine/schema/src/com/cloud/storage/VolumeVO.java
+++ b/engine/schema/src/com/cloud/storage/VolumeVO.java
@@ -32,7 +32,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.storage.Storage.StoragePoolType;
import com.cloud.utils.NumbersUtil;
@@ -590,8 +590,8 @@ public class VolumeVO implements Volume {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Volume;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Volume;
}
public void setHypervisorSnapshotReserve(Integer hypervisorSnapshotReserve) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/tags/ResourceTagVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/tags/ResourceTagVO.java b/engine/schema/src/com/cloud/tags/ResourceTagVO.java
index add8f50..6b743ff 100644
--- a/engine/schema/src/com/cloud/tags/ResourceTagVO.java
+++ b/engine/schema/src/com/cloud/tags/ResourceTagVO.java
@@ -27,7 +27,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.server.ResourceTag;
@@ -166,7 +166,7 @@ public class ResourceTagVO implements ResourceTag {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.ResourceTag;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.ResourceTag;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/user/AccountVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/user/AccountVO.java b/engine/schema/src/com/cloud/user/AccountVO.java
index 3a29ecd..674cdb9 100644
--- a/engine/schema/src/com/cloud/user/AccountVO.java
+++ b/engine/schema/src/com/cloud/user/AccountVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -190,7 +190,7 @@ public class AccountVO implements Account {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Account;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Account;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/user/SSHKeyPairVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/user/SSHKeyPairVO.java b/engine/schema/src/com/cloud/user/SSHKeyPairVO.java
index d30060c..1f64911 100644
--- a/engine/schema/src/com/cloud/user/SSHKeyPairVO.java
+++ b/engine/schema/src/com/cloud/user/SSHKeyPairVO.java
@@ -24,7 +24,7 @@ import javax.persistence.Id;
import javax.persistence.Table;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
@Entity
@Table(name = "ssh_keypairs")
@@ -117,8 +117,8 @@ public class SSHKeyPairVO implements SSHKeyPair {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.SSHKeyPair;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.SSHKeyPair;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/vm/InstanceGroupVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/InstanceGroupVO.java b/engine/schema/src/com/cloud/vm/InstanceGroupVO.java
index 9a5a7ba..9b463d3 100644
--- a/engine/schema/src/com/cloud/vm/InstanceGroupVO.java
+++ b/engine/schema/src/com/cloud/vm/InstanceGroupVO.java
@@ -28,7 +28,7 @@ import javax.persistence.PrimaryKeyJoinColumn;
import javax.persistence.SecondaryTable;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -120,7 +120,7 @@ public class InstanceGroupVO implements InstanceGroup {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.InstanceGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.InstanceGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/vm/VMInstanceVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/VMInstanceVO.java b/engine/schema/src/com/cloud/vm/VMInstanceVO.java
index 9e771c7..a09c34f 100644
--- a/engine/schema/src/com/cloud/vm/VMInstanceVO.java
+++ b/engine/schema/src/com/cloud/vm/VMInstanceVO.java
@@ -36,7 +36,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.utils.db.Encrypt;
@@ -502,8 +502,8 @@ public class VMInstanceVO implements VirtualMachine, FiniteStateObject<State, Vi
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachine;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachine;
}
public VirtualMachine.PowerState getPowerState() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/vm/dao/NicIpAliasVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/dao/NicIpAliasVO.java b/engine/schema/src/com/cloud/vm/dao/NicIpAliasVO.java
index 91cd5a8..9517b7f 100644
--- a/engine/schema/src/com/cloud/vm/dao/NicIpAliasVO.java
+++ b/engine/schema/src/com/cloud/vm/dao/NicIpAliasVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
import com.cloud.utils.net.NetUtils;
@@ -235,8 +235,8 @@ public class NicIpAliasVO implements NicIpAlias {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.NicIpAlias;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.NicIpAlias;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/vm/dao/NicSecondaryIpVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/dao/NicSecondaryIpVO.java b/engine/schema/src/com/cloud/vm/dao/NicSecondaryIpVO.java
index 3510642..584f189 100644
--- a/engine/schema/src/com/cloud/vm/dao/NicSecondaryIpVO.java
+++ b/engine/schema/src/com/cloud/vm/dao/NicSecondaryIpVO.java
@@ -26,7 +26,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
import com.cloud.vm.NicSecondaryIp;
@@ -132,7 +132,7 @@ public class NicSecondaryIpVO implements NicSecondaryIp {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.NicSecondaryIp;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.NicSecondaryIp;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/vm/snapshot/VMSnapshotVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/snapshot/VMSnapshotVO.java b/engine/schema/src/com/cloud/vm/snapshot/VMSnapshotVO.java
index 5254e38..042b276 100644
--- a/engine/schema/src/com/cloud/vm/snapshot/VMSnapshotVO.java
+++ b/engine/schema/src/com/cloud/vm/snapshot/VMSnapshotVO.java
@@ -33,7 +33,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.subsystem.api.storage.VMSnapshotOptions;
import com.cloud.utils.db.GenericDao;
@@ -246,7 +246,7 @@ public class VMSnapshotVO implements VMSnapshot {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VMSnapshot;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VMSnapshot;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/org/apache/cloudstack/affinity/AffinityGroupVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/affinity/AffinityGroupVO.java b/engine/schema/src/org/apache/cloudstack/affinity/AffinityGroupVO.java
index 7630a01..ec267ee 100644
--- a/engine/schema/src/org/apache/cloudstack/affinity/AffinityGroupVO.java
+++ b/engine/schema/src/org/apache/cloudstack/affinity/AffinityGroupVO.java
@@ -27,7 +27,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
@Entity
@@ -126,8 +126,8 @@ public class AffinityGroupVO implements AffinityGroup {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.AffinityGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.AffinityGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/org/apache/cloudstack/engine/cloud/entity/api/db/VMEntityVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/engine/cloud/entity/api/db/VMEntityVO.java b/engine/schema/src/org/apache/cloudstack/engine/cloud/entity/api/db/VMEntityVO.java
index 16d98d5..4a4fd47 100644
--- a/engine/schema/src/org/apache/cloudstack/engine/cloud/entity/api/db/VMEntityVO.java
+++ b/engine/schema/src/org/apache/cloudstack/engine/cloud/entity/api/db/VMEntityVO.java
@@ -37,7 +37,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.utils.db.Encrypt;
@@ -538,8 +538,8 @@ public class VMEntityVO implements VirtualMachine, FiniteStateObject<State, Virt
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachine;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachine;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancerRuleVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancerRuleVO.java b/engine/schema/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancerRuleVO.java
index 326fb31..a37fec2 100644
--- a/engine/schema/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancerRuleVO.java
+++ b/engine/schema/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancerRuleVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.region.ha.GlobalLoadBalancerRule;
@@ -191,7 +191,7 @@ public class GlobalLoadBalancerRuleVO implements GlobalLoadBalancerRule {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.GlobalLoadBalancerRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.GlobalLoadBalancerRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/storage/image/src/org/apache/cloudstack/storage/image/store/TemplateObject.java
----------------------------------------------------------------------
diff --git a/engine/storage/image/src/org/apache/cloudstack/storage/image/store/TemplateObject.java b/engine/storage/image/src/org/apache/cloudstack/storage/image/store/TemplateObject.java
index f7d068e..2b77ac9 100644
--- a/engine/storage/image/src/org/apache/cloudstack/storage/image/store/TemplateObject.java
+++ b/engine/storage/image/src/org/apache/cloudstack/storage/image/store/TemplateObject.java
@@ -25,7 +25,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.subsystem.api.storage.DataObjectInStore;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.ObjectInDataStoreStateMachine;
@@ -438,8 +438,8 @@ public class TemplateObject implements TemplateInfo {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachineTemplate;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachineTemplate;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/storage/snapshot/src/org/apache/cloudstack/storage/snapshot/SnapshotObject.java
----------------------------------------------------------------------
diff --git a/engine/storage/snapshot/src/org/apache/cloudstack/storage/snapshot/SnapshotObject.java b/engine/storage/snapshot/src/org/apache/cloudstack/storage/snapshot/SnapshotObject.java
index b5573dd..a8f1a56 100644
--- a/engine/storage/snapshot/src/org/apache/cloudstack/storage/snapshot/SnapshotObject.java
+++ b/engine/storage/snapshot/src/org/apache/cloudstack/storage/snapshot/SnapshotObject.java
@@ -24,7 +24,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.subsystem.api.storage.DataObjectInStore;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.ObjectInDataStoreStateMachine;
@@ -383,7 +383,7 @@ public class SnapshotObject implements SnapshotInfo {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Snapshot;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Snapshot;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/storage/src/org/apache/cloudstack/storage/image/TemplateEntityImpl.java
----------------------------------------------------------------------
diff --git a/engine/storage/src/org/apache/cloudstack/storage/image/TemplateEntityImpl.java b/engine/storage/src/org/apache/cloudstack/storage/image/TemplateEntityImpl.java
index 4ddf053..da7677c 100644
--- a/engine/storage/src/org/apache/cloudstack/storage/image/TemplateEntityImpl.java
+++ b/engine/storage/src/org/apache/cloudstack/storage/image/TemplateEntityImpl.java
@@ -23,7 +23,7 @@ import java.util.Date;
import java.util.List;
import java.util.Map;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.cloud.entity.api.TemplateEntity;
import org.apache.cloudstack.engine.subsystem.api.storage.TemplateInfo;
import org.apache.cloudstack.storage.image.datastore.ImageStoreInfo;
@@ -287,7 +287,7 @@ public class TemplateEntityImpl implements TemplateEntity {
}
@Override
- public AclEntityType getEntityType() {
+ public IAMEntityType getEntityType() {
// TODO Auto-generated method stub
return null;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/storage/src/org/apache/cloudstack/storage/snapshot/SnapshotEntityImpl.java
----------------------------------------------------------------------
diff --git a/engine/storage/src/org/apache/cloudstack/storage/snapshot/SnapshotEntityImpl.java b/engine/storage/src/org/apache/cloudstack/storage/snapshot/SnapshotEntityImpl.java
index 05ee9f6..103c0db 100644
--- a/engine/storage/src/org/apache/cloudstack/storage/snapshot/SnapshotEntityImpl.java
+++ b/engine/storage/src/org/apache/cloudstack/storage/snapshot/SnapshotEntityImpl.java
@@ -21,7 +21,7 @@ import java.util.Date;
import java.util.List;
import java.util.Map;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.cloud.entity.api.SnapshotEntity;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
@@ -185,8 +185,8 @@ public class SnapshotEntityImpl implements SnapshotEntity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Snapshot;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Snapshot;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeObject.java
----------------------------------------------------------------------
diff --git a/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeObject.java b/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeObject.java
index eb08b3d..dc05278 100644
--- a/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeObject.java
+++ b/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeObject.java
@@ -22,7 +22,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.subsystem.api.storage.DataObjectInStore;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.ObjectInDataStoreStateMachine;
@@ -665,7 +665,7 @@ public class VolumeObject implements VolumeInfo {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Volume;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Volume;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/AffinityGroupJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/AffinityGroupJoinVO.java b/server/src/com/cloud/api/query/vo/AffinityGroupJoinVO.java
index d556c5c..8a213e2 100644
--- a/server/src/com/cloud/api/query/vo/AffinityGroupJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/AffinityGroupJoinVO.java
@@ -23,7 +23,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
import com.cloud.vm.VirtualMachine;
@@ -194,8 +194,8 @@ public class AffinityGroupJoinVO extends BaseViewVO implements ControlledViewEnt
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.AffinityGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.AffinityGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/AsyncJobJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/AsyncJobJoinVO.java b/server/src/com/cloud/api/query/vo/AsyncJobJoinVO.java
index d657bd4..7889b76 100644
--- a/server/src/com/cloud/api/query/vo/AsyncJobJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/AsyncJobJoinVO.java
@@ -25,7 +25,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.ApiCommandJobType;
import com.cloud.utils.db.GenericDao;
@@ -203,8 +203,8 @@ public class AsyncJobJoinVO extends BaseViewVO implements ControlledViewEntity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.AsyncJob;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.AsyncJob;
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/DomainRouterJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/DomainRouterJoinVO.java b/server/src/com/cloud/api/query/vo/DomainRouterJoinVO.java
index 4889b3d..ac32859 100644
--- a/server/src/com/cloud/api/query/vo/DomainRouterJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/DomainRouterJoinVO.java
@@ -26,7 +26,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.Network.GuestType;
import com.cloud.network.Networks.TrafficType;
@@ -514,7 +514,7 @@ public class DomainRouterJoinVO extends BaseViewVO implements ControlledViewEnti
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachine;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachine;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/EventJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/EventJoinVO.java b/server/src/com/cloud/api/query/vo/EventJoinVO.java
index 7312d64..757f0a7 100644
--- a/server/src/com/cloud/api/query/vo/EventJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/EventJoinVO.java
@@ -25,7 +25,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.event.Event.State;
import com.cloud.utils.db.GenericDao;
@@ -220,7 +220,7 @@ public class EventJoinVO extends BaseViewVO implements ControlledViewEntity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Event;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Event;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/InstanceGroupJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/InstanceGroupJoinVO.java b/server/src/com/cloud/api/query/vo/InstanceGroupJoinVO.java
index a05cc6e..98d1a52 100644
--- a/server/src/com/cloud/api/query/vo/InstanceGroupJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/InstanceGroupJoinVO.java
@@ -23,7 +23,7 @@ import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -160,7 +160,7 @@ public class InstanceGroupJoinVO extends BaseViewVO implements ControlledViewEnt
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.InstanceGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.InstanceGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java b/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java
index 6eed676..ba619a9 100644
--- a/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java
@@ -25,7 +25,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.projects.ProjectInvitation.State;
import com.cloud.utils.db.GenericDao;
@@ -164,7 +164,7 @@ public class ProjectInvitationJoinVO extends BaseViewVO implements ControlledVie
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.ProjectInvitation;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.ProjectInvitation;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/ResourceTagJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/ResourceTagJoinVO.java b/server/src/com/cloud/api/query/vo/ResourceTagJoinVO.java
index b395e34..e1b8b81 100644
--- a/server/src/com/cloud/api/query/vo/ResourceTagJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/ResourceTagJoinVO.java
@@ -23,7 +23,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.server.ResourceTag.ResourceObjectType;
@@ -182,7 +182,7 @@ public class ResourceTagJoinVO extends BaseViewVO implements ControlledViewEntit
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.ResourceTag;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.ResourceTag;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/SecurityGroupJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/SecurityGroupJoinVO.java b/server/src/com/cloud/api/query/vo/SecurityGroupJoinVO.java
index d613ac6..3c9e3bf 100644
--- a/server/src/com/cloud/api/query/vo/SecurityGroupJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/SecurityGroupJoinVO.java
@@ -23,7 +23,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.security.SecurityRule.SecurityRuleType;
import com.cloud.server.ResourceTag.ResourceObjectType;
@@ -306,7 +306,7 @@ public class SecurityGroupJoinVO extends BaseViewVO implements ControlledViewEnt
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.SecurityGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.SecurityGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/TemplateJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/TemplateJoinVO.java b/server/src/com/cloud/api/query/vo/TemplateJoinVO.java
index e395b18..de0da2f 100644
--- a/server/src/com/cloud/api/query/vo/TemplateJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/TemplateJoinVO.java
@@ -27,7 +27,7 @@ import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.subsystem.api.storage.ObjectInDataStoreStateMachine;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
@@ -544,7 +544,7 @@ public class TemplateJoinVO extends BaseViewVO implements ControlledViewEntity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachineTemplate;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachineTemplate;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/UserVmJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/UserVmJoinVO.java b/server/src/com/cloud/api/query/vo/UserVmJoinVO.java
index 4201ba5..fcee393 100644
--- a/server/src/com/cloud/api/query/vo/UserVmJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/UserVmJoinVO.java
@@ -28,7 +28,7 @@ import javax.persistence.Id;
import javax.persistence.Table;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.network.Network.GuestType;
@@ -913,7 +913,7 @@ public class UserVmJoinVO extends BaseViewVO implements ControlledViewEntity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachine;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachine;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/VolumeJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/VolumeJoinVO.java b/server/src/com/cloud/api/query/vo/VolumeJoinVO.java
index 405a959..9685d02 100644
--- a/server/src/com/cloud/api/query/vo/VolumeJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/VolumeJoinVO.java
@@ -27,7 +27,7 @@ import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.server.ResourceTag.ResourceObjectType;
@@ -570,7 +570,7 @@ public class VolumeJoinVO extends BaseViewVO implements ControlledViewEntity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Volume;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Volume;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/response/SecurityGroupResultObject.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/response/SecurityGroupResultObject.java b/server/src/com/cloud/api/response/SecurityGroupResultObject.java
index e618da5..98ed415 100644
--- a/server/src/com/cloud/api/response/SecurityGroupResultObject.java
+++ b/server/src/com/cloud/api/response/SecurityGroupResultObject.java
@@ -21,7 +21,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.api.InternalIdentity;
@@ -212,7 +212,7 @@ public class SecurityGroupResultObject implements ControlledEntity, InternalIden
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.SecurityGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.SecurityGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/network/vpc/PrivateGatewayProfile.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/PrivateGatewayProfile.java b/server/src/com/cloud/network/vpc/PrivateGatewayProfile.java
index 9ca5482..b912e22 100644
--- a/server/src/com/cloud/network/vpc/PrivateGatewayProfile.java
+++ b/server/src/com/cloud/network/vpc/PrivateGatewayProfile.java
@@ -16,7 +16,7 @@
// under the License.
package com.cloud.network.vpc;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
public class PrivateGatewayProfile implements PrivateGateway {
VpcGateway vpcGateway;
@@ -113,7 +113,7 @@ public class PrivateGatewayProfile implements PrivateGateway {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VpcGateway;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VpcGateway;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/template/HypervisorTemplateAdapter.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/HypervisorTemplateAdapter.java b/server/src/com/cloud/template/HypervisorTemplateAdapter.java
index 3615c7a..d6a1ab5 100755
--- a/server/src/com/cloud/template/HypervisorTemplateAdapter.java
+++ b/server/src/com/cloud/template/HypervisorTemplateAdapter.java
@@ -27,7 +27,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.command.user.iso.DeleteIsoCmd;
import org.apache.cloudstack.api.command.user.iso.RegisterIsoCmd;
import org.apache.cloudstack.api.command.user.template.DeleteTemplateCmd;
@@ -406,7 +406,7 @@ public class HypervisorTemplateAdapter extends TemplateAdapterBase {
}
// remove its related ACL permission
- Pair<AclEntityType, Long> tmplt = new Pair<AclEntityType, Long>(AclEntityType.VirtualMachineTemplate, template.getId());
+ Pair<IAMEntityType, Long> tmplt = new Pair<IAMEntityType, Long>(IAMEntityType.VirtualMachineTemplate, template.getId());
_messageBus.publish(_name, EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, PublishScope.LOCAL, tmplt);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/template/TemplateManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/TemplateManagerImpl.java b/server/src/com/cloud/template/TemplateManagerImpl.java
index 6b72139..a8aa785 100755
--- a/server/src/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/com/cloud/template/TemplateManagerImpl.java
@@ -33,7 +33,7 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTemplateOrIsoPermissionsCmd;
@@ -1270,7 +1270,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
// add ACL permission in IAM
Map<String, Object> permit = new HashMap<String, Object>();
- permit.put(ApiConstants.ENTITY_TYPE, AclEntityType.VirtualMachineTemplate.toString());
+ permit.put(ApiConstants.ENTITY_TYPE, IAMEntityType.VirtualMachineTemplate.toString());
permit.put(ApiConstants.ENTITY_ID, id);
permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry);
permit.put(ApiConstants.ACL_ACTION, "listTemplates");
@@ -1287,7 +1287,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
_launchPermissionDao.removePermissions(id, accountIds);
// remove ACL permission in IAM
Map<String, Object> permit = new HashMap<String, Object>();
- permit.put(ApiConstants.ENTITY_TYPE, AclEntityType.VirtualMachineTemplate.toString());
+ permit.put(ApiConstants.ENTITY_TYPE, IAMEntityType.VirtualMachineTemplate.toString());
permit.put(ApiConstants.ENTITY_ID, id);
permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry);
permit.put(ApiConstants.ACL_ACTION, "listTemplates");
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
index 559d5ac..f375fde 100644
--- a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
+++ b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
@@ -28,7 +28,7 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@@ -218,7 +218,7 @@ public class AffinityGroupServiceImpl extends ManagerBase implements AffinityGro
_affinityGroupDomainMapDao.persist(domainMap);
//send event for storing the domain wide resource access
Map<String, Object> params = new HashMap<String, Object>();
- params.put(ApiConstants.ENTITY_TYPE, AclEntityType.AffinityGroup);
+ params.put(ApiConstants.ENTITY_TYPE, IAMEntityType.AffinityGroup);
params.put(ApiConstants.ENTITY_ID, group.getId());
params.put(ApiConstants.DOMAIN_ID, domainId);
params.put(ApiConstants.SUBDOMAIN_ACCESS, subDomainAccess);
@@ -300,7 +300,7 @@ public class AffinityGroupServiceImpl extends ManagerBase implements AffinityGro
_affinityGroupDomainMapDao.remove(groupDomain.getId());
}
// remove its related ACL permission
- Pair<AclEntityType, Long> params = new Pair<AclEntityType, Long>(AclEntityType.AffinityGroup, affinityGroupIdFinal);
+ Pair<IAMEntityType, Long> params = new Pair<IAMEntityType, Long>(IAMEntityType.AffinityGroup, affinityGroupIdFinal);
_messageBus.publish(_name, EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, PublishScope.LOCAL, params);
}
}
[03/18] Renaming AclEntityType --> IAMEntityType
Posted by pr...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java
index 7c205f3..1dbdf34 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -39,7 +39,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScaleVmGroup;
import com.cloud.user.Account;
-@APICommand(name = "updateAutoScaleVmGroup", description = "Updates an existing autoscale vm group.", responseObject = AutoScaleVmGroupResponse.class, entityType = { AclEntityType.AutoScaleVmGroup })
+@APICommand(name = "updateAutoScaleVmGroup", description = "Updates an existing autoscale vm group.", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
public class UpdateAutoScaleVmGroupCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateAutoScaleVmGroupCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java
index 959b829..87b936d 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java
@@ -21,7 +21,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScaleVmProfile;
import com.cloud.user.Account;
-@APICommand(name = "updateAutoScaleVmProfile", description = "Updates an existing autoscale vm profile.", responseObject = AutoScaleVmProfileResponse.class, entityType = { AclEntityType.AutoScaleVmProfile })
+@APICommand(name = "updateAutoScaleVmProfile", description = "Updates an existing autoscale vm profile.", responseObject = AutoScaleVmProfileResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile })
public class UpdateAutoScaleVmProfileCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateAutoScaleVmProfileCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java b/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java
index 506ca92..22eae05 100644
--- a/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -35,7 +35,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.user.Account;
-@APICommand(name = "archiveEvents", description = "Archive one or more events.", responseObject = SuccessResponse.class, entityType = { AclEntityType.Event })
+@APICommand(name = "archiveEvents", description = "Archive one or more events.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Event })
public class ArchiveEventsCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(ArchiveEventsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java b/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java
index e511ab9..ca802a4 100644
--- a/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -35,7 +35,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.user.Account;
-@APICommand(name = "deleteEvents", description = "Delete one or more events.", responseObject = SuccessResponse.class, entityType = { AclEntityType.Event })
+@APICommand(name = "deleteEvents", description = "Delete one or more events.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Event })
public class DeleteEventsCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteEventsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java b/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
index d72c4fa..620bd86 100644
--- a/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
@@ -20,7 +20,7 @@ import java.util.Date;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -28,7 +28,7 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.EventResponse;
import org.apache.cloudstack.api.response.ListResponse;
-@APICommand(name = "listEvents", description = "A command to list events.", responseObject = EventResponse.class, entityType = { AclEntityType.Event })
+@APICommand(name = "listEvents", description = "A command to list events.", responseObject = EventResponse.class, entityType = { IAMEntityType.Event })
public class ListEventsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListEventsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
index 0a7b0ab..20029bc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
@@ -22,7 +22,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -44,7 +44,7 @@ import com.cloud.network.rules.FirewallRule;
import com.cloud.user.Account;
import com.cloud.utils.net.NetUtils;
-@APICommand(name = "createEgressFirewallRule", description = "Creates a egress firewall rule for a given network ", responseObject = FirewallResponse.class, entityType = { AclEntityType.FirewallRule })
+@APICommand(name = "createEgressFirewallRule", description = "Creates a egress firewall rule for a given network ", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule })
public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements FirewallRule {
public static final Logger s_logger = Logger.getLogger(CreateEgressFirewallRuleCmd.class.getName());
@@ -343,8 +343,8 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.FirewallRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.FirewallRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
index a5137a3..e2fd492 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -43,7 +43,7 @@ import com.cloud.network.rules.FirewallRule;
import com.cloud.user.Account;
import com.cloud.utils.net.NetUtils;
-@APICommand(name = "createFirewallRule", description = "Creates a firewall rule for a given ip address", responseObject = FirewallResponse.class, entityType = { AclEntityType.FirewallRule })
+@APICommand(name = "createFirewallRule", description = "Creates a firewall rule for a given ip address", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule })
public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements FirewallRule {
public static final Logger s_logger = Logger.getLogger(CreateFirewallRuleCmd.class.getName());
@@ -335,8 +335,8 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.FirewallRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.FirewallRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
index deb618e..a072d90 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -44,7 +44,7 @@ import com.cloud.network.rules.PortForwardingRule;
import com.cloud.user.Account;
import com.cloud.utils.net.Ip;
-@APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class, entityType = { AclEntityType.PortForwardingRule })
+@APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class, entityType = { IAMEntityType.PortForwardingRule })
public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule {
public static final Logger s_logger = Logger.getLogger(CreatePortForwardingRuleCmd.class.getName());
@@ -417,8 +417,8 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.FirewallRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.FirewallRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
index 82c33be..7048826 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -39,7 +39,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.rules.FirewallRule;
-@APICommand(name = "deleteEgressFirewallRule", description = "Deletes an ggress firewall rule", responseObject = SuccessResponse.class, entityType = { AclEntityType.FirewallRule })
+@APICommand(name = "deleteEgressFirewallRule", description = "Deletes an ggress firewall rule", responseObject = SuccessResponse.class, entityType = { IAMEntityType.FirewallRule })
public class DeleteEgressFirewallRuleCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteEgressFirewallRuleCmd.class.getName());
private static final String s_name = "deleteegressfirewallruleresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
index 704c913..59612e9 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -38,7 +38,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.rules.FirewallRule;
-@APICommand(name = "deleteFirewallRule", description = "Deletes a firewall rule", responseObject = SuccessResponse.class, entityType = { AclEntityType.FirewallRule })
+@APICommand(name = "deleteFirewallRule", description = "Deletes a firewall rule", responseObject = SuccessResponse.class, entityType = { IAMEntityType.FirewallRule })
public class DeleteFirewallRuleCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteFirewallRuleCmd.class.getName());
private static final String s_name = "deletefirewallruleresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java
index eb88201..1457a32 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.rules.PortForwardingRule;
-@APICommand(name = "deletePortForwardingRule", description = "Deletes a port forwarding rule", responseObject = SuccessResponse.class, entityType = { AclEntityType.PortForwardingRule })
+@APICommand(name = "deletePortForwardingRule", description = "Deletes a port forwarding rule", responseObject = SuccessResponse.class, entityType = { IAMEntityType.PortForwardingRule })
public class DeletePortForwardingRuleCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeletePortForwardingRuleCmd.class.getName());
private static final String s_name = "deleteportforwardingruleresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java
index 6b2a78c..8307a9e 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java
@@ -22,7 +22,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.Parameter;
@@ -34,7 +34,7 @@ import org.apache.cloudstack.api.response.NetworkResponse;
import com.cloud.network.rules.FirewallRule;
import com.cloud.utils.Pair;
-@APICommand(name = "listEgressFirewallRules", description = "Lists all egress firewall rules for network id.", responseObject = FirewallResponse.class, entityType = { AclEntityType.FirewallRule })
+@APICommand(name = "listEgressFirewallRules", description = "Lists all egress firewall rules for network id.", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule })
public class ListEgressFirewallRulesCmd extends ListFirewallRulesCmd {
public static final Logger s_logger = Logger.getLogger(ListEgressFirewallRulesCmd.class.getName());
private static final String s_name = "listegressfirewallrulesresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java
index ec60b00..e1e83cd 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@ -35,7 +35,7 @@ import org.apache.cloudstack.api.response.NetworkResponse;
import com.cloud.network.rules.FirewallRule;
import com.cloud.utils.Pair;
-@APICommand(name = "listFirewallRules", description = "Lists all firewall rules for an IP address.", responseObject = FirewallResponse.class, entityType = { AclEntityType.FirewallRule })
+@APICommand(name = "listFirewallRules", description = "Lists all firewall rules for an IP address.", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule })
public class ListFirewallRulesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListFirewallRulesCmd.class.getName());
private static final String s_name = "listfirewallrulesresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java
index c0c1f3f..11f6592 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@ -34,7 +34,7 @@ import org.apache.cloudstack.api.response.NetworkResponse;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.utils.Pair;
-@APICommand(name = "listPortForwardingRules", description = "Lists all port forwarding rules for an IP address.", responseObject = FirewallRuleResponse.class, entityType = { AclEntityType.PortForwardingRule })
+@APICommand(name = "listPortForwardingRules", description = "Lists all port forwarding rules for an IP address.", responseObject = FirewallRuleResponse.class, entityType = { IAMEntityType.PortForwardingRule })
public class ListPortForwardingRulesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListPortForwardingRulesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
index 79d3ce6..fec9ba2 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCmd;
@@ -37,7 +37,7 @@ import com.cloud.user.Account;
@APICommand(name = "updatePortForwardingRule",
responseObject = FirewallRuleResponse.class,
- description = "Updates a port forwarding rule. Only the private port and the virtual machine can be updated.", entityType = {AclEntityType.PortForwardingRule})
+ description = "Updates a port forwarding rule. Only the private port and the virtual machine can be updated.", entityType = {IAMEntityType.PortForwardingRule})
public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdatePortForwardingRuleCmd.class.getName());
private static final String s_name = "updateportforwardingruleresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
index 201bd38..b500c11 100644
--- a/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -319,8 +319,8 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.FirewallRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.FirewallRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
index b867507..db3d2cb 100644
--- a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.network;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -44,7 +44,7 @@ import com.cloud.network.Network;
import com.cloud.network.Network.GuestType;
import com.cloud.offering.NetworkOffering;
-@APICommand(name = "createNetwork", description = "Creates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Network })
+@APICommand(name = "createNetwork", description = "Creates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Network })
public class CreateNetworkCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateNetworkCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
index 201bba6..4f6e9b6 100644
--- a/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.network;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.Network;
-@APICommand(name = "deleteNetwork", description = "Deletes a network", responseObject = SuccessResponse.class, entityType = { AclEntityType.Network })
+@APICommand(name = "deleteNetwork", description = "Deletes a network", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Network })
public class DeleteNetworkCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteNetworkOfferingCmd.class.getName());
private static final String s_name = "deletenetworkresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java
index e2490eb..c64031e 100644
--- a/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@ -36,7 +36,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.network.Network;
import com.cloud.utils.Pair;
-@APICommand(name = "listNetworks", description = "Lists all available networks.", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Network })
+@APICommand(name = "listNetworks", description = "Lists all available networks.", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Network })
public class ListNetworksCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListNetworksCmd.class.getName());
private static final String Name = "listnetworksresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java
index 2573489..ce0df8c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.network;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -41,7 +41,7 @@ import com.cloud.network.Network;
@APICommand(name = "restartNetwork",
description = "Restarts the network; includes 1) restarting network elements - virtual routers, dhcp servers 2) reapplying all public ips 3) reapplying loadBalancing/portForwarding rules",
- responseObject = IPAddressResponse.class, entityType = { AclEntityType.Network })
+ responseObject = IPAddressResponse.class, entityType = { IAMEntityType.Network })
public class RestartNetworkCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RestartNetworkCmd.class.getName());
private static final String s_name = "restartnetworkresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
index 215a1da..2d7643c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.network;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -42,7 +42,7 @@ import com.cloud.offering.NetworkOffering;
import com.cloud.user.Account;
import com.cloud.user.User;
-@APICommand(name = "updateNetwork", description = "Updates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Network })
+@APICommand(name = "updateNetwork", description = "Updates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Network })
public class UpdateNetworkCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateNetworkCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
index 4272e27..0650362 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
@@ -24,7 +24,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -45,7 +45,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.security.SecurityRule;
import com.cloud.utils.StringUtils;
-@APICommand(name = "authorizeSecurityGroupEgress", responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular egress rule for this security group", since = "3.0.0", entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "authorizeSecurityGroupEgress", responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular egress rule for this security group", since = "3.0.0", entityType = { IAMEntityType.SecurityGroup })
@SuppressWarnings("rawtypes")
public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
index 0653f60..13de69c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
@@ -24,7 +24,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -45,7 +45,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.security.SecurityRule;
import com.cloud.utils.StringUtils;
-@APICommand(name = "authorizeSecurityGroupIngress", responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular ingress rule for this security group", entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "authorizeSecurityGroupIngress", responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular ingress rule for this security group", entityType = { IAMEntityType.SecurityGroup })
@SuppressWarnings("rawtypes")
public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
index 4fb2033..824db25 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.securitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.network.security.SecurityGroup;
import com.cloud.user.Account;
-@APICommand(name = "createSecurityGroup", responseObject = SecurityGroupResponse.class, description = "Creates a security group", entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "createSecurityGroup", responseObject = SecurityGroupResponse.class, description = "Creates a security group", entityType = { IAMEntityType.SecurityGroup })
public class CreateSecurityGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateSecurityGroupCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
index ca26a97..03634ad 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.securitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceInUseException;
-@APICommand(name = "deleteSecurityGroup", description = "Deletes security group", responseObject = SuccessResponse.class, entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "deleteSecurityGroup", description = "Deletes security group", responseObject = SuccessResponse.class, entityType = { IAMEntityType.SecurityGroup })
public class DeleteSecurityGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteSecurityGroupCmd.class.getName());
private static final String s_name = "deletesecuritygroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java
index bb66d7d..23a8ad0 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.securitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -28,7 +28,7 @@ import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.SecurityGroupResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
-@APICommand(name = "listSecurityGroups", description = "Lists security groups", responseObject = SecurityGroupResponse.class, entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "listSecurityGroups", description = "Lists security groups", responseObject = SecurityGroupResponse.class, entityType = { IAMEntityType.SecurityGroup })
public class ListSecurityGroupsCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListSecurityGroupsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
index 8ce2881..0f74784 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.securitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.network.security.SecurityRule;
import com.cloud.user.Account;
-@APICommand(name = "revokeSecurityGroupEgress", responseObject = SuccessResponse.class, description = "Deletes a particular egress rule from this security group", since = "3.0.0", entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "revokeSecurityGroupEgress", responseObject = SuccessResponse.class, description = "Deletes a particular egress rule from this security group", since = "3.0.0", entityType = { IAMEntityType.SecurityGroup })
public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupEgressCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java
index 3342910..3a39ced 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.securitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.network.security.SecurityGroup;
import com.cloud.network.security.SecurityRule;
import com.cloud.user.Account;
-@APICommand(name = "revokeSecurityGroupIngress", responseObject = SuccessResponse.class, description = "Deletes a particular ingress rule from this security group", entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "revokeSecurityGroupIngress", responseObject = SuccessResponse.class, description = "Deletes a particular ingress rule from this security group", entityType = { IAMEntityType.SecurityGroup })
public class RevokeSecurityGroupIngressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupIngressCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java
index 34dc175..9097586 100644
--- a/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.snapshot;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -42,7 +42,7 @@ import com.cloud.storage.Snapshot;
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "createSnapshot", description = "Creates an instant snapshot of a volume.", responseObject = SnapshotResponse.class, entityType = { AclEntityType.Snapshot })
+@APICommand(name = "createSnapshot", description = "Creates an instant snapshot of a volume.", responseObject = SnapshotResponse.class, entityType = { IAMEntityType.Snapshot })
public class CreateSnapshotCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateSnapshotCmd.class.getName());
private static final String s_name = "createsnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java
index 95037cc..3771300 100644
--- a/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.snapshot;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.storage.Snapshot;
import com.cloud.user.Account;
-@APICommand(name = "deleteSnapshot", description = "Deletes a snapshot of a disk volume.", responseObject = SuccessResponse.class, entityType = { AclEntityType.Snapshot })
+@APICommand(name = "deleteSnapshot", description = "Deletes a snapshot of a disk volume.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Snapshot })
public class DeleteSnapshotCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteSnapshotCmd.class.getName());
private static final String s_name = "deletesnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java b/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java
index 887ebb3..b44e11f 100644
--- a/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -35,7 +35,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.storage.Snapshot;
import com.cloud.utils.Pair;
-@APICommand(name = "listSnapshots", description = "Lists all available snapshots for the account.", responseObject = SnapshotResponse.class, entityType = { AclEntityType.Snapshot })
+@APICommand(name = "listSnapshots", description = "Lists all available snapshots for the account.", responseObject = SnapshotResponse.class, entityType = { IAMEntityType.Snapshot })
public class ListSnapshotsCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListSnapshotsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java
index f156a75..0b91084 100644
--- a/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java
@@ -18,7 +18,7 @@
*/
package org.apache.cloudstack.api.command.user.snapshot;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.event.EventTypes;
import com.cloud.storage.Snapshot;
import com.cloud.user.Account;
-@APICommand(name = "revertSnapshot", description = "revert a volume snapshot.", responseObject = SnapshotResponse.class, entityType = { AclEntityType.Snapshot })
+@APICommand(name = "revertSnapshot", description = "revert a volume snapshot.", responseObject = SnapshotResponse.class, entityType = { IAMEntityType.Snapshot })
public class RevertSnapshotCmd extends BaseAsyncCmd {
private static final String s_name = "revertsnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java b/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
index 0038067..a56fe80 100644
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.ssh;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseCmd;
@@ -30,7 +30,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.user.SSHKeyPair;
-@APICommand(name = "createSSHKeyPair", description = "Create a new keypair and returns the private key", responseObject = CreateSSHKeyPairResponse.class, entityType = { AclEntityType.SSHKeyPair })
+@APICommand(name = "createSSHKeyPair", description = "Create a new keypair and returns the private key", responseObject = CreateSSHKeyPairResponse.class, entityType = { IAMEntityType.SSHKeyPair })
public class CreateSSHKeyPairCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateSSHKeyPairCmd.class.getName());
private static final String s_name = "createsshkeypairresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java b/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
index e764670..7e45ae5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.ssh;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseCmd;
@@ -30,7 +30,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.user.Account;
-@APICommand(name = "deleteSSHKeyPair", description = "Deletes a keypair by name", responseObject = SuccessResponse.class, entityType = { AclEntityType.SSHKeyPair })
+@APICommand(name = "deleteSSHKeyPair", description = "Deletes a keypair by name", responseObject = SuccessResponse.class, entityType = { IAMEntityType.SSHKeyPair })
public class DeleteSSHKeyPairCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateSSHKeyPairCmd.class.getName());
private static final String s_name = "deletesshkeypairresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java b/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
index c7cc145..2551865 100644
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.response.SSHKeyPairResponse;
import com.cloud.user.SSHKeyPair;
import com.cloud.utils.Pair;
-@APICommand(name = "listSSHKeyPairs", description = "List registered keypairs", responseObject = SSHKeyPairResponse.class, entityType = { AclEntityType.SSHKeyPair })
+@APICommand(name = "listSSHKeyPairs", description = "List registered keypairs", responseObject = SSHKeyPairResponse.class, entityType = { IAMEntityType.SSHKeyPair })
public class ListSSHKeyPairsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListSSHKeyPairsCmd.class.getName());
private static final String s_name = "listsshkeypairsresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java b/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
index 7e96f11..07fc2f5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.ssh;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseCmd;
@@ -30,7 +30,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.user.SSHKeyPair;
-@APICommand(name = "registerSSHKeyPair", description = "Register a public key in a keypair under a certain name", responseObject = SSHKeyPairResponse.class, entityType = { AclEntityType.SSHKeyPair })
+@APICommand(name = "registerSSHKeyPair", description = "Register a public key in a keypair under a certain name", responseObject = SSHKeyPairResponse.class, entityType = { IAMEntityType.SSHKeyPair })
public class RegisterSSHKeyPairCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(RegisterSSHKeyPairCmd.class.getName());
private static final String s_name = "registersshkeypairresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java b/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java
index eb096e5..4dc8ad1 100644
--- a/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java
@@ -25,7 +25,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -38,7 +38,7 @@ import com.cloud.event.EventTypes;
import com.cloud.server.ResourceTag;
import com.cloud.server.ResourceTag.ResourceObjectType;
-@APICommand(name = "createTags", description = "Creates resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0", entityType = { AclEntityType.ResourceTag })
+@APICommand(name = "createTags", description = "Creates resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0", entityType = { IAMEntityType.ResourceTag })
public class CreateTagsCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(CreateTagsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java b/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java
index 8c340cf..8aeea34 100644
--- a/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java
@@ -25,7 +25,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -37,7 +37,7 @@ import org.apache.cloudstack.api.response.SuccessResponse;
import com.cloud.event.EventTypes;
import com.cloud.server.ResourceTag.ResourceObjectType;
-@APICommand(name = "deleteTags", description = "Deleting resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0", entityType = { AclEntityType.ResourceTag })
+@APICommand(name = "deleteTags", description = "Deleting resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0", entityType = { IAMEntityType.ResourceTag })
public class DeleteTagsCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteTagsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java b/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java
index 535d1f0..dc025d7 100644
--- a/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java
@@ -17,7 +17,7 @@
package org.apache.cloudstack.api.command.user.tag;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -25,7 +25,7 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.ResourceTagResponse;
-@APICommand(name = "listTags", description = "List resource tag(s)", responseObject = ResourceTagResponse.class, since = "4.0.0", entityType = { AclEntityType.ResourceTag })
+@APICommand(name = "listTags", description = "List resource tag(s)", responseObject = ResourceTagResponse.class, since = "4.0.0", entityType = { IAMEntityType.ResourceTag })
public class ListTagsCmd extends BaseListProjectAndAccountResourcesCmd {
private static final String s_name = "listtagsresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java b/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
index 88a640e..9ef1e10 100644
--- a/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.template;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.template.VirtualMachineTemplate.TemplateFilter;
import com.cloud.user.Account;
-@APICommand(name = "listTemplates", description = "List all public, private, and privileged templates.", responseObject = TemplateResponse.class, entityType = {AclEntityType.VirtualMachineTemplate}, responseView = ResponseView.Restricted)
+@APICommand(name = "listTemplates", description = "List all public, private, and privileged templates.", responseObject = TemplateResponse.class, entityType = {IAMEntityType.VirtualMachineTemplate}, responseView = ResponseView.Restricted)
public class ListTemplatesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListTemplatesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java b/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
index 6b5c835..b2aee46 100644
--- a/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.template;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.BaseUpdateTemplateOrIsoPermissionsCmd;
import org.apache.cloudstack.api.response.SuccessResponse;
@@ -28,7 +28,7 @@ import com.cloud.user.Account;
@APICommand(name = "updateTemplatePermissions", responseObject = SuccessResponse.class, description = "Updates a template visibility permissions. "
+ "A public template is visible to all accounts within the same domain. " + "A private template is visible only to the owner of the template. "
- + "A priviledged template is a private template with account permissions added. " + "Only accounts specified under the template permissions are visible to them.", entityType = {AclEntityType.VirtualMachineTemplate})
+ + "A priviledged template is a private template with account permissions added. " + "Only accounts specified under the template permissions are visible to them.", entityType = {IAMEntityType.VirtualMachineTemplate})
public class UpdateTemplatePermissionsCmd extends BaseUpdateTemplateOrIsoPermissionsCmd {
@Override
protected String getResponseName() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java
index 5185aa5..7857594 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java
@@ -21,7 +21,7 @@ import java.util.EnumSet;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "addNicToVirtualMachine", description = "Adds VM to specified network by creating a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "addNicToVirtualMachine", description = "Adds VM to specified network by creating a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class AddNicToVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AddNicToVMCmd.class);
private static final String s_name = "addnictovirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
index e89f27d..4be416a 100755
--- a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
@@ -26,7 +26,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.ACL;
@@ -68,7 +68,7 @@ import com.cloud.template.VirtualMachineTemplate;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "deployVirtualMachine", description = "Creates and automatically starts a virtual machine based on a service offering, disk offering, and template.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "deployVirtualMachine", description = "Creates and automatically starts a virtual machine based on a service offering, disk offering, and template.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class DeployVMCmd extends BaseAsyncCreateCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(DeployVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
index f54b223..c34e427 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "destroyVirtualMachine", description = "Destroys a virtual machine. Once destroyed, only the administrator can recover it.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "destroyVirtualMachine", description = "Destroys a virtual machine. Once destroyed, only the administrator can recover it.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class DestroyVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DestroyVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java
index 13570fd..50fa761 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java
@@ -20,7 +20,7 @@ import java.security.InvalidParameterException;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.api.response.UserVmResponse;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "getVMPassword", responseObject = GetVMPasswordResponse.class, description = "Returns an encrypted password for the VM", entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "getVMPassword", responseObject = GetVMPasswordResponse.class, description = "Returns an encrypted password for the VM", entityType = { IAMEntityType.VirtualMachine })
public class GetVMPasswordCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(GetVMPasswordCmd.class.getName());
private static final String s_name = "getvmpasswordresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
index 3e2f43f..e6111fb 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
@@ -22,7 +22,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -46,7 +46,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.exception.InvalidParameterValueException;
-@APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class ListVMsCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVMsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
index 6771448..9904415 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -38,7 +38,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "rebootVirtualMachine", description = "Reboots a virtual machine.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "rebootVirtualMachine", description = "Reboots a virtual machine.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class RebootVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RebootVMCmd.class.getName());
private static final String s_name = "rebootvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java
index e04f8da..904f266 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java
@@ -21,7 +21,7 @@ import java.util.EnumSet;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "removeNicFromVirtualMachine", description = "Removes VM from specified network by deleting a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "removeNicFromVirtualMachine", description = "Removes VM from specified network by deleting a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class RemoveNicFromVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveNicFromVMCmd.class);
private static final String s_name = "removenicfromvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
index 3a1b5db..a6f132a 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.uservm.UserVm;
@APICommand(name = "resetPasswordForVirtualMachine", responseObject=UserVmResponse.class, description="Resets the password for virtual machine. " +
"The virtual machine must be in a \"Stopped\" state and the template must already " +
- "support this feature for this command to take effect. [async]", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+ "support this feature for this command to take effect. [async]", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class ResetVMPasswordCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ResetVMPasswordCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
index 20bd6b7..bdbd553 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -42,7 +42,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
@APICommand(name = "resetSSHKeyForVirtualMachine", responseObject = UserVmResponse.class, description = "Resets the SSH Key for virtual machine. " +
- "The virtual machine must be in a \"Stopped\" state. [async]", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+ "The virtual machine must be in a \"Stopped\" state. [async]", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class ResetVMSSHKeyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ResetVMSSHKeyCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
index 1102c26..7844028 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "restoreVirtualMachine", description = "Restore a VM to original template/ISO or new template/ISO", responseObject = UserVmResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "restoreVirtualMachine", description = "Restore a VM to original template/ISO or new template/ISO", responseObject = UserVmResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class RestoreVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RestoreVMCmd.class);
private static final String s_name = "restorevmresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
index b3159ff..acc4578 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
@@ -24,7 +24,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -48,7 +48,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class ScaleVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ScaleVMCmd.class.getName());
private static final String s_name = "scalevirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
index 8fac9e1..8237c0f 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -44,7 +44,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
import com.cloud.utils.exception.ExecutionException;
-@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class StartVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StartVMCmd.class.getName());
[04/18] git commit: updated refs/heads/rbac to 45a96e4
Posted by pr...@apache.org.
Renaming AclEntityType --> IAMEntityType
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f41604fc
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f41604fc
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f41604fc
Branch: refs/heads/rbac
Commit: f41604fc6c2bc866fd3332ab38a4b743a0ed6cfe
Parents: b78cb22
Author: Prachi Damle <pr...@cloud.com>
Authored: Wed Feb 19 16:36:53 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 16:43:17 2014 -0800
----------------------------------------------------------------------
api/src/com/cloud/network/NetworkProfile.java | 6 +--
.../cloud/network/vpc/StaticRouteProfile.java | 6 +--
.../apache/cloudstack/acl/AclEntityType.java | 45 --------------------
.../apache/cloudstack/acl/ControlledEntity.java | 2 +-
.../apache/cloudstack/acl/IAMEntityType.java | 45 ++++++++++++++++++++
.../org/apache/cloudstack/api/APICommand.java | 4 +-
.../command/admin/router/DestroyRouterCmd.java | 4 +-
.../command/admin/router/ListRoutersCmd.java | 4 +-
.../command/admin/router/RebootRouterCmd.java | 4 +-
.../command/admin/router/StartRouterCmd.java | 4 +-
.../api/command/admin/router/StopRouterCmd.java | 4 +-
.../command/admin/router/UpgradeRouterCmd.java | 4 +-
.../admin/systemvm/DestroySystemVmCmd.java | 4 +-
.../admin/systemvm/ListSystemVMsCmd.java | 4 +-
.../admin/systemvm/MigrateSystemVMCmd.java | 4 +-
.../admin/systemvm/RebootSystemVmCmd.java | 4 +-
.../admin/systemvm/ScaleSystemVMCmd.java | 4 +-
.../admin/systemvm/StartSystemVMCmd.java | 4 +-
.../command/admin/systemvm/StopSystemVmCmd.java | 4 +-
.../admin/systemvm/UpgradeSystemVMCmd.java | 4 +-
.../admin/template/ListTemplatesCmdByAdmin.java | 4 +-
.../admin/template/PrepareTemplateCmd.java | 4 +-
.../api/command/admin/vm/AssignVMCmd.java | 4 +-
.../api/command/admin/vm/ExpungeVMCmd.java | 4 +-
.../api/command/admin/vm/MigrateVMCmd.java | 4 +-
.../vm/MigrateVirtualMachineWithVolumeCmd.java | 4 +-
.../api/command/admin/vm/RecoverVMCmd.java | 4 +-
.../admin/vpc/CreatePrivateGatewayCmd.java | 4 +-
.../admin/vpc/DeletePrivateGatewayCmd.java | 4 +-
.../command/user/account/ListAccountsCmd.java | 4 +-
.../affinitygroup/CreateAffinityGroupCmd.java | 4 +-
.../affinitygroup/DeleteAffinityGroupCmd.java | 4 +-
.../affinitygroup/ListAffinityGroupsCmd.java | 4 +-
.../affinitygroup/UpdateVMAffinityGroupCmd.java | 4 +-
.../autoscale/CreateAutoScalePolicyCmd.java | 4 +-
.../autoscale/CreateAutoScaleVmGroupCmd.java | 4 +-
.../autoscale/CreateAutoScaleVmProfileCmd.java | 4 +-
.../user/autoscale/CreateConditionCmd.java | 4 +-
.../autoscale/DeleteAutoScalePolicyCmd.java | 4 +-
.../autoscale/DeleteAutoScaleVmGroupCmd.java | 4 +-
.../autoscale/DeleteAutoScaleVmProfileCmd.java | 4 +-
.../user/autoscale/DeleteConditionCmd.java | 4 +-
.../autoscale/DisableAutoScaleVmGroupCmd.java | 4 +-
.../autoscale/EnableAutoScaleVmGroupCmd.java | 4 +-
.../autoscale/ListAutoScalePoliciesCmd.java | 4 +-
.../autoscale/ListAutoScaleVmGroupsCmd.java | 4 +-
.../autoscale/ListAutoScaleVmProfilesCmd.java | 4 +-
.../autoscale/UpdateAutoScalePolicyCmd.java | 4 +-
.../autoscale/UpdateAutoScaleVmGroupCmd.java | 4 +-
.../autoscale/UpdateAutoScaleVmProfileCmd.java | 4 +-
.../command/user/event/ArchiveEventsCmd.java | 4 +-
.../api/command/user/event/DeleteEventsCmd.java | 4 +-
.../api/command/user/event/ListEventsCmd.java | 4 +-
.../firewall/CreateEgressFirewallRuleCmd.java | 8 ++--
.../user/firewall/CreateFirewallRuleCmd.java | 8 ++--
.../firewall/CreatePortForwardingRuleCmd.java | 8 ++--
.../firewall/DeleteEgressFirewallRuleCmd.java | 4 +-
.../user/firewall/DeleteFirewallRuleCmd.java | 4 +-
.../firewall/DeletePortForwardingRuleCmd.java | 4 +-
.../firewall/ListEgressFirewallRulesCmd.java | 4 +-
.../user/firewall/ListFirewallRulesCmd.java | 4 +-
.../firewall/ListPortForwardingRulesCmd.java | 4 +-
.../firewall/UpdatePortForwardingRuleCmd.java | 4 +-
.../user/nat/CreateIpForwardingRuleCmd.java | 6 +--
.../command/user/network/CreateNetworkCmd.java | 4 +-
.../command/user/network/DeleteNetworkCmd.java | 4 +-
.../command/user/network/ListNetworksCmd.java | 4 +-
.../command/user/network/RestartNetworkCmd.java | 4 +-
.../command/user/network/UpdateNetworkCmd.java | 4 +-
.../AuthorizeSecurityGroupEgressCmd.java | 4 +-
.../AuthorizeSecurityGroupIngressCmd.java | 4 +-
.../securitygroup/CreateSecurityGroupCmd.java | 4 +-
.../securitygroup/DeleteSecurityGroupCmd.java | 4 +-
.../securitygroup/ListSecurityGroupsCmd.java | 4 +-
.../RevokeSecurityGroupEgressCmd.java | 4 +-
.../RevokeSecurityGroupIngressCmd.java | 4 +-
.../user/snapshot/CreateSnapshotCmd.java | 4 +-
.../user/snapshot/DeleteSnapshotCmd.java | 4 +-
.../command/user/snapshot/ListSnapshotsCmd.java | 4 +-
.../user/snapshot/RevertSnapshotCmd.java | 4 +-
.../command/user/ssh/CreateSSHKeyPairCmd.java | 4 +-
.../command/user/ssh/DeleteSSHKeyPairCmd.java | 4 +-
.../command/user/ssh/ListSSHKeyPairsCmd.java | 4 +-
.../command/user/ssh/RegisterSSHKeyPairCmd.java | 4 +-
.../api/command/user/tag/CreateTagsCmd.java | 4 +-
.../api/command/user/tag/DeleteTagsCmd.java | 4 +-
.../api/command/user/tag/ListTagsCmd.java | 4 +-
.../command/user/template/ListTemplatesCmd.java | 4 +-
.../template/UpdateTemplatePermissionsCmd.java | 4 +-
.../api/command/user/vm/AddNicToVMCmd.java | 4 +-
.../api/command/user/vm/DeployVMCmd.java | 4 +-
.../api/command/user/vm/DestroyVMCmd.java | 4 +-
.../api/command/user/vm/GetVMPasswordCmd.java | 4 +-
.../api/command/user/vm/ListVMsCmd.java | 4 +-
.../api/command/user/vm/RebootVMCmd.java | 4 +-
.../api/command/user/vm/RemoveNicFromVMCmd.java | 4 +-
.../api/command/user/vm/ResetVMPasswordCmd.java | 4 +-
.../api/command/user/vm/ResetVMSSHKeyCmd.java | 4 +-
.../api/command/user/vm/RestoreVMCmd.java | 4 +-
.../api/command/user/vm/ScaleVMCmd.java | 4 +-
.../api/command/user/vm/StartVMCmd.java | 4 +-
.../api/command/user/vm/StopVMCmd.java | 4 +-
.../user/vm/UpdateDefaultNicForVMCmd.java | 4 +-
.../api/command/user/vm/UpdateVMCmd.java | 4 +-
.../api/command/user/vm/UpgradeVMCmd.java | 4 +-
.../command/user/vmgroup/CreateVMGroupCmd.java | 4 +-
.../command/user/vmgroup/DeleteVMGroupCmd.java | 4 +-
.../command/user/vmgroup/ListVMGroupsCmd.java | 4 +-
.../command/user/vmgroup/UpdateVMGroupCmd.java | 4 +-
.../user/vmsnapshot/CreateVMSnapshotCmd.java | 4 +-
.../user/vmsnapshot/DeleteVMSnapshotCmd.java | 4 +-
.../user/vmsnapshot/ListVMSnapshotCmd.java | 4 +-
.../command/user/volume/AttachVolumeCmd.java | 4 +-
.../command/user/volume/CreateVolumeCmd.java | 4 +-
.../command/user/volume/DeleteVolumeCmd.java | 4 +-
.../command/user/volume/DetachVolumeCmd.java | 4 +-
.../command/user/volume/ExtractVolumeCmd.java | 4 +-
.../api/command/user/volume/ListVolumesCmd.java | 4 +-
.../command/user/volume/MigrateVolumeCmd.java | 4 +-
.../command/user/volume/ResizeVolumeCmd.java | 4 +-
.../command/user/volume/UpdateVolumeCmd.java | 4 +-
.../command/user/volume/UploadVolumeCmd.java | 4 +-
.../command/user/vpc/CreateStaticRouteCmd.java | 4 +-
.../api/command/user/vpc/CreateVPCCmd.java | 4 +-
.../command/user/vpc/DeleteStaticRouteCmd.java | 4 +-
.../api/command/user/vpc/DeleteVPCCmd.java | 4 +-
.../user/vpc/ListPrivateGatewaysCmd.java | 4 +-
.../command/user/vpc/ListStaticRoutesCmd.java | 4 +-
.../api/command/user/vpc/ListVPCsCmd.java | 4 +-
.../api/command/user/vpc/RestartVPCCmd.java | 4 +-
.../api/command/user/vpc/UpdateVPCCmd.java | 4 +-
.../api/command/user/vpn/AddVpnUserCmd.java | 4 +-
.../user/vpn/CreateRemoteAccessVpnCmd.java | 4 +-
.../user/vpn/CreateVpnConnectionCmd.java | 4 +-
.../user/vpn/CreateVpnCustomerGatewayCmd.java | 4 +-
.../command/user/vpn/CreateVpnGatewayCmd.java | 4 +-
.../user/vpn/DeleteRemoteAccessVpnCmd.java | 4 +-
.../user/vpn/DeleteVpnConnectionCmd.java | 4 +-
.../user/vpn/DeleteVpnCustomerGatewayCmd.java | 4 +-
.../command/user/vpn/DeleteVpnGatewayCmd.java | 4 +-
.../user/vpn/ListRemoteAccessVpnsCmd.java | 4 +-
.../command/user/vpn/ListVpnConnectionsCmd.java | 4 +-
.../user/vpn/ListVpnCustomerGatewaysCmd.java | 4 +-
.../command/user/vpn/ListVpnGatewaysCmd.java | 4 +-
.../api/command/user/vpn/ListVpnUsersCmd.java | 4 +-
.../api/command/user/vpn/RemoveVpnUserCmd.java | 4 +-
.../command/user/vpn/ResetVpnConnectionCmd.java | 4 +-
.../user/vpn/UpdateVpnCustomerGatewayCmd.java | 4 +-
.../src/com/cloud/network/addr/PublicIp.java | 6 +--
.../cloud/network/rules/StaticNatRuleImpl.java | 6 +--
.../orchestration/NetworkOrchestrator.java | 6 +--
engine/schema/src/com/cloud/event/EventVO.java | 6 +--
.../com/cloud/network/UserIpv6AddressVO.java | 6 +--
.../schema/src/com/cloud/network/VpnUserVO.java | 6 +--
.../com/cloud/network/as/AutoScalePolicyVO.java | 6 +--
.../cloud/network/as/AutoScaleVmGroupVO.java | 6 +--
.../cloud/network/as/AutoScaleVmProfileVO.java | 6 +--
.../src/com/cloud/network/as/ConditionVO.java | 6 +--
.../src/com/cloud/network/dao/IPAddressVO.java | 6 +--
.../cloud/network/dao/MonitoringServiceVO.java | 6 +--
.../src/com/cloud/network/dao/NetworkVO.java | 6 +--
.../cloud/network/dao/RemoteAccessVpnVO.java | 6 +--
.../network/dao/Site2SiteCustomerGatewayVO.java | 6 +--
.../network/dao/Site2SiteVpnConnectionVO.java | 6 +--
.../network/dao/Site2SiteVpnGatewayVO.java | 6 +--
.../src/com/cloud/network/dao/SslCertVO.java | 6 +--
.../com/cloud/network/rules/FirewallRuleVO.java | 6 +--
.../cloud/network/security/SecurityGroupVO.java | 6 +--
.../com/cloud/network/vpc/StaticRouteVO.java | 6 +--
.../src/com/cloud/network/vpc/VpcGatewayVO.java | 6 +--
.../schema/src/com/cloud/network/vpc/VpcVO.java | 6 +--
.../com/cloud/projects/ProjectInvitationVO.java | 6 +--
.../src/com/cloud/storage/SnapshotVO.java | 6 +--
.../src/com/cloud/storage/VMTemplateVO.java | 6 +--
.../schema/src/com/cloud/storage/VolumeVO.java | 6 +--
.../src/com/cloud/tags/ResourceTagVO.java | 6 +--
engine/schema/src/com/cloud/user/AccountVO.java | 6 +--
.../schema/src/com/cloud/user/SSHKeyPairVO.java | 6 +--
.../src/com/cloud/vm/InstanceGroupVO.java | 6 +--
.../schema/src/com/cloud/vm/VMInstanceVO.java | 6 +--
.../src/com/cloud/vm/dao/NicIpAliasVO.java | 6 +--
.../src/com/cloud/vm/dao/NicSecondaryIpVO.java | 6 +--
.../src/com/cloud/vm/snapshot/VMSnapshotVO.java | 6 +--
.../cloudstack/affinity/AffinityGroupVO.java | 6 +--
.../engine/cloud/entity/api/db/VMEntityVO.java | 6 +--
.../region/gslb/GlobalLoadBalancerRuleVO.java | 6 +--
.../storage/image/store/TemplateObject.java | 6 +--
.../storage/snapshot/SnapshotObject.java | 6 +--
.../storage/image/TemplateEntityImpl.java | 4 +-
.../storage/snapshot/SnapshotEntityImpl.java | 6 +--
.../cloudstack/storage/volume/VolumeObject.java | 6 +--
.../cloud/api/query/vo/AffinityGroupJoinVO.java | 6 +--
.../com/cloud/api/query/vo/AsyncJobJoinVO.java | 6 +--
.../cloud/api/query/vo/DomainRouterJoinVO.java | 6 +--
.../src/com/cloud/api/query/vo/EventJoinVO.java | 6 +--
.../cloud/api/query/vo/InstanceGroupJoinVO.java | 6 +--
.../api/query/vo/ProjectInvitationJoinVO.java | 6 +--
.../cloud/api/query/vo/ResourceTagJoinVO.java | 6 +--
.../cloud/api/query/vo/SecurityGroupJoinVO.java | 6 +--
.../com/cloud/api/query/vo/TemplateJoinVO.java | 6 +--
.../com/cloud/api/query/vo/UserVmJoinVO.java | 6 +--
.../com/cloud/api/query/vo/VolumeJoinVO.java | 6 +--
.../api/response/SecurityGroupResultObject.java | 6 +--
.../network/vpc/PrivateGatewayProfile.java | 6 +--
.../template/HypervisorTemplateAdapter.java | 4 +-
.../com/cloud/template/TemplateManagerImpl.java | 6 +--
.../affinity/AffinityGroupServiceImpl.java | 6 +--
207 files changed, 520 insertions(+), 520 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/com/cloud/network/NetworkProfile.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/NetworkProfile.java b/api/src/com/cloud/network/NetworkProfile.java
index c77b765..3f57694 100644
--- a/api/src/com/cloud/network/NetworkProfile.java
+++ b/api/src/com/cloud/network/NetworkProfile.java
@@ -18,7 +18,7 @@ package com.cloud.network;
import java.net.URI;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.Networks.BroadcastDomainType;
import com.cloud.network.Networks.Mode;
@@ -279,7 +279,7 @@ public class NetworkProfile implements Network {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Network;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Network;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/com/cloud/network/vpc/StaticRouteProfile.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/vpc/StaticRouteProfile.java b/api/src/com/cloud/network/vpc/StaticRouteProfile.java
index e4942a0..941b5b2 100644
--- a/api/src/com/cloud/network/vpc/StaticRouteProfile.java
+++ b/api/src/com/cloud/network/vpc/StaticRouteProfile.java
@@ -16,7 +16,7 @@
// under the License.
package com.cloud.network.vpc;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
public class StaticRouteProfile implements StaticRoute {
private long id;
@@ -104,8 +104,8 @@ public class StaticRouteProfile implements StaticRoute {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.StaticRoute;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.StaticRoute;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/acl/AclEntityType.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclEntityType.java b/api/src/org/apache/cloudstack/acl/AclEntityType.java
deleted file mode 100644
index 0e1fe5b..0000000
--- a/api/src/org/apache/cloudstack/acl/AclEntityType.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package org.apache.cloudstack.acl;
-
-public enum AclEntityType {
- // currently supported entity, to be added one by one after we support acl on the entity
- VirtualMachine,
- Volume,
- ResourceTag,
- Account,
- AffinityGroup,
- AutoScalePolicy,
- AutoScaleVmGroup,
- AutoScaleVmProfile,
- Condition,
- Vpc,
- VpcGateway,
- PrivateGateway,
- VpnUser,
- VMSnapshot,
- VirtualMachineTemplate,
- UserIpv6Address,
- StaticRoute,
- SSHKeyPair,
- Snapshot,
- Site2SiteVpnGateway,
- Site2SiteVpnConnection,
- Site2SiteCustomerGateway,
- SecurityGroup,
- RemoteAccessVpn,
- PublicIpAddress,
- ProjectInvitation,
- NicSecondaryIp,
- NicIpAlias,
- Network,
- IpAddress,
- InstanceGroup,
- GlobalLoadBalancerRule,
- FirewallRule,
- PortForwardingRule,
- Event,
- AsyncJob,
- AclPolicy,
- AclGroup,
- MonitorService,
- SSLCert
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/acl/ControlledEntity.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/ControlledEntity.java b/api/src/org/apache/cloudstack/acl/ControlledEntity.java
index 29a857f..2572705 100644
--- a/api/src/org/apache/cloudstack/acl/ControlledEntity.java
+++ b/api/src/org/apache/cloudstack/acl/ControlledEntity.java
@@ -29,5 +29,5 @@ public interface ControlledEntity extends OwnedBy, PartOf {
Account, Domain
}
- AclEntityType getEntityType();
+ IAMEntityType getEntityType();
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/acl/IAMEntityType.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/IAMEntityType.java b/api/src/org/apache/cloudstack/acl/IAMEntityType.java
new file mode 100644
index 0000000..0a44253
--- /dev/null
+++ b/api/src/org/apache/cloudstack/acl/IAMEntityType.java
@@ -0,0 +1,45 @@
+package org.apache.cloudstack.acl;
+
+public enum IAMEntityType {
+ // currently supported entity, to be added one by one after we support acl on the entity
+ VirtualMachine,
+ Volume,
+ ResourceTag,
+ Account,
+ AffinityGroup,
+ AutoScalePolicy,
+ AutoScaleVmGroup,
+ AutoScaleVmProfile,
+ Condition,
+ Vpc,
+ VpcGateway,
+ PrivateGateway,
+ VpnUser,
+ VMSnapshot,
+ VirtualMachineTemplate,
+ UserIpv6Address,
+ StaticRoute,
+ SSHKeyPair,
+ Snapshot,
+ Site2SiteVpnGateway,
+ Site2SiteVpnConnection,
+ Site2SiteCustomerGateway,
+ SecurityGroup,
+ RemoteAccessVpn,
+ PublicIpAddress,
+ ProjectInvitation,
+ NicSecondaryIp,
+ NicIpAlias,
+ Network,
+ IpAddress,
+ InstanceGroup,
+ GlobalLoadBalancerRule,
+ FirewallRule,
+ PortForwardingRule,
+ Event,
+ AsyncJob,
+ AclPolicy,
+ AclGroup,
+ MonitorService,
+ SSLCert
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/APICommand.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/APICommand.java b/api/src/org/apache/cloudstack/api/APICommand.java
index ce795b1..690dd9a 100644
--- a/api/src/org/apache/cloudstack/api/APICommand.java
+++ b/api/src/org/apache/cloudstack/api/APICommand.java
@@ -24,7 +24,7 @@ import java.lang.annotation.Target;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
@Retention(RetentionPolicy.RUNTIME)
@Target({TYPE})
@@ -45,5 +45,5 @@ public @interface APICommand {
RoleType[] authorized() default {};
- AclEntityType[] entityType() default {};
+ IAMEntityType[] entityType() default {};
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java b/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java
index e464c41..462219e 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.router;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -35,7 +35,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.router.VirtualRouter;
import com.cloud.user.Account;
-@APICommand(name = "destroyRouter", description = "Destroys a router.", responseObject = DomainRouterResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "destroyRouter", description = "Destroys a router.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class DestroyRouterCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DestroyRouterCmd.class.getName());
private static final String s_name = "destroyrouterresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java b/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java
index abca5e5..c0e54c8 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.router;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -36,7 +36,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.network.router.VirtualRouter.Role;
-@APICommand(name = "listRouters", description = "List routers.", responseObject = DomainRouterResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "listRouters", description = "List routers.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class ListRoutersCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListRoutersCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java b/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java
index 47a692c..f4200c5 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.router;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -36,7 +36,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.router.VirtualRouter;
import com.cloud.user.Account;
-@APICommand(name = "rebootRouter", description = "Starts a router.", responseObject = DomainRouterResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "rebootRouter", description = "Starts a router.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class RebootRouterCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RebootRouterCmd.class.getName());
private static final String s_name = "rebootrouterresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java b/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java
index 5e5f335..0c553be 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.router;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -38,7 +38,7 @@ import com.cloud.network.router.VirtualRouter;
import com.cloud.network.router.VirtualRouter.Role;
import com.cloud.user.Account;
-@APICommand(name = "startRouter", responseObject = DomainRouterResponse.class, description = "Starts a router.", entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "startRouter", responseObject = DomainRouterResponse.class, description = "Starts a router.", entityType = { IAMEntityType.VirtualMachine })
public class StartRouterCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StartRouterCmd.class.getName());
private static final String s_name = "startrouterresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java b/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java
index cc5f7a8..9472e4a 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.router;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -37,7 +37,7 @@ import com.cloud.network.router.VirtualRouter;
import com.cloud.network.router.VirtualRouter.Role;
import com.cloud.user.Account;
-@APICommand(name = "stopRouter", description = "Stops a router.", responseObject = DomainRouterResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "stopRouter", description = "Stops a router.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class StopRouterCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StopRouterCmd.class.getName());
private static final String s_name = "stoprouterresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java b/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java
index dc76129..e414fc9 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.router;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -31,7 +31,7 @@ import org.apache.cloudstack.api.response.ServiceOfferingResponse;
import com.cloud.network.router.VirtualRouter;
import com.cloud.user.Account;
-@APICommand(name = "changeServiceForRouter", description = "Upgrades domain router to a new service offering", responseObject = DomainRouterResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "changeServiceForRouter", description = "Upgrades domain router to a new service offering", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class UpgradeRouterCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeRouterCmd.class.getName());
private static final String s_name = "changeserviceforrouterresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java
index 62f73aa..24687ec 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.systemvm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
-@APICommand(name = "destroySystemVm", responseObject = SystemVmResponse.class, description = "Destroyes a system virtual machine.", entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "destroySystemVm", responseObject = SystemVmResponse.class, description = "Destroyes a system virtual machine.", entityType = { IAMEntityType.VirtualMachine })
public class DestroySystemVmCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DestroySystemVmCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java
index 41fd0ad..6add394 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -37,7 +37,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.utils.Pair;
import com.cloud.vm.VirtualMachine;
-@APICommand(name = "listSystemVms", description = "List system virtual machines.", responseObject = SystemVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "listSystemVms", description = "List system virtual machines.", responseObject = SystemVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class ListSystemVMsCmd extends BaseListCmd {
public static final Logger s_logger = Logger.getLogger(ListSystemVMsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java
index f01d885..44a5586 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.systemvm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -41,7 +41,7 @@ import com.cloud.host.Host;
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
-@APICommand(name = "migrateSystemVm", description = "Attempts Migration of a system virtual machine to the host specified.", responseObject = SystemVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "migrateSystemVm", description = "Attempts Migration of a system virtual machine to the host specified.", responseObject = SystemVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class MigrateSystemVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(MigrateSystemVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java
index 628e6ce..68c941c 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.systemvm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
-@APICommand(name = "rebootSystemVm", description = "Reboots a system VM.", responseObject = SystemVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "rebootSystemVm", description = "Reboots a system VM.", responseObject = SystemVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class RebootSystemVmCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RebootSystemVmCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java
index 2c9bc57..c220e2a 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java
@@ -21,7 +21,7 @@ import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -47,7 +47,7 @@ import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
@APICommand(name = "scaleSystemVm", responseObject = SystemVmResponse.class, description = "Scale the service offering for a system vm (console proxy or secondary storage). "
- + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.", entityType = { AclEntityType.VirtualMachine })
+ + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.", entityType = { IAMEntityType.VirtualMachine })
public class ScaleSystemVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeVMCmd.class.getName());
private static final String s_name = "changeserviceforsystemvmresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java
index 65f6614..ce6a47f 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.systemvm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
-@APICommand(name = "startSystemVm", responseObject = SystemVmResponse.class, description = "Starts a system virtual machine.", entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "startSystemVm", responseObject = SystemVmResponse.class, description = "Starts a system virtual machine.", entityType = { IAMEntityType.VirtualMachine })
public class StartSystemVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StartSystemVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java
index dfaaeca..d5e5f00 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.systemvm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
-@APICommand(name = "stopSystemVm", description = "Stops a system VM.", responseObject = SystemVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "stopSystemVm", description = "Stops a system VM.", responseObject = SystemVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class StopSystemVmCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StopSystemVmCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java
index fc30197..c12d6b0 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java
@@ -21,7 +21,7 @@ import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -42,7 +42,7 @@ import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
@APICommand(name = "changeServiceForSystemVm", responseObject = SystemVmResponse.class, description = "Changes the service offering for a system vm (console proxy or secondary storage). "
- + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.", entityType = { AclEntityType.VirtualMachine })
+ + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.", entityType = { IAMEntityType.VirtualMachine })
public class UpgradeSystemVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeVMCmd.class.getName());
private static final String s_name = "changeserviceforsystemvmresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/template/ListTemplatesCmdByAdmin.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/template/ListTemplatesCmdByAdmin.java b/api/src/org/apache/cloudstack/api/command/admin/template/ListTemplatesCmdByAdmin.java
index ae90840..b2e9ef5 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/template/ListTemplatesCmdByAdmin.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/template/ListTemplatesCmdByAdmin.java
@@ -16,13 +16,13 @@
// under the License.
package org.apache.cloudstack.api.command.admin.template;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.command.user.template.ListTemplatesCmd;
import org.apache.cloudstack.api.response.TemplateResponse;
-@APICommand(name = "listTemplates", description = "List all public, private, and privileged templates.", responseObject = TemplateResponse.class, entityType = {AclEntityType.VirtualMachineTemplate}, responseView = ResponseView.Full)
+@APICommand(name = "listTemplates", description = "List all public, private, and privileged templates.", responseObject = TemplateResponse.class, entityType = {IAMEntityType.VirtualMachineTemplate}, responseView = ResponseView.Full)
public class ListTemplatesCmdByAdmin extends ListTemplatesCmd {
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java b/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java
index 170d379..af214e0 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.template.VirtualMachineTemplate;
import com.cloud.user.Account;
-@APICommand(name = "prepareTemplate", responseObject = TemplateResponse.class, description = "load template into primary storage", entityType = { AclEntityType.VirtualMachineTemplate })
+@APICommand(name = "prepareTemplate", responseObject = TemplateResponse.class, description = "load template into primary storage", entityType = { IAMEntityType.VirtualMachineTemplate })
public class PrepareTemplateCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(PrepareTemplateCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
index c6e15d0..71ababd 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -39,7 +39,7 @@ import com.cloud.uservm.UserVm;
@APICommand(name = "assignVirtualMachine",
description = "Change ownership of a VM from one account to another. This API is available for Basic zones with security groups and Advanced zones with guest networks. A root administrator can reassign a VM from any account to any other account in any domain. A domain administrator can reassign a VM to any account in the same domain.",
responseObject = UserVmResponse.class,
- since = "3.0.0", entityType = { AclEntityType.VirtualMachine })
+ since = "3.0.0", entityType = { IAMEntityType.VirtualMachine })
public class AssignVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(AssignVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java
index fcc9ec2f7..2fb6a1e 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
import com.cloud.utils.exception.CloudRuntimeException;
-@APICommand(name = "expungeVirtualMachine", description = "Expunge a virtual machine. Once expunged, it cannot be recoverd.", responseObject = SuccessResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "expungeVirtualMachine", description = "Expunge a virtual machine. Once expunged, it cannot be recoverd.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class ExpungeVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ExpungeVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java
index e2ef31f..b3615fc 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -45,7 +45,7 @@ import com.cloud.vm.VirtualMachine;
@APICommand(name = "migrateVirtualMachine",
description = "Attempts Migration of a VM to a different host or Root volume of the vm to a different storage pool",
- responseObject = UserVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+ responseObject = UserVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class MigrateVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(MigrateVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java
index 33355e8..4920250 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java
@@ -23,7 +23,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -47,7 +47,7 @@ import com.cloud.vm.VirtualMachine;
@APICommand(name = "migrateVirtualMachineWithVolume",
description = "Attempts Migration of a VM with its volumes to a different host",
- responseObject = UserVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+ responseObject = UserVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class MigrateVirtualMachineWithVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(MigrateVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java
index ea103a1..c7917b6 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "recoverVirtualMachine", description = "Recovers a virtual machine.", responseObject = UserVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "recoverVirtualMachine", description = "Recovers a virtual machine.", responseObject = UserVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class RecoverVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(RecoverVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java
index 1070662..33c9c55 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -43,7 +43,7 @@ import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
-@APICommand(name = "createPrivateGateway", description = "Creates a private gateway", responseObject = PrivateGatewayResponse.class, entityType = { AclEntityType.PrivateGateway })
+@APICommand(name = "createPrivateGateway", description = "Creates a private gateway", responseObject = PrivateGatewayResponse.class, entityType = { IAMEntityType.PrivateGateway })
public class CreatePrivateGatewayCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreatePrivateGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java
index 7c2c471..27e71cf 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -37,7 +37,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.VpcGateway;
import com.cloud.user.Account;
-@APICommand(name = "deletePrivateGateway", description = "Deletes a Private gateway", responseObject = SuccessResponse.class, entityType = { AclEntityType.PrivateGateway })
+@APICommand(name = "deletePrivateGateway", description = "Deletes a Private gateway", responseObject = SuccessResponse.class, entityType = { IAMEntityType.PrivateGateway })
public class DeletePrivateGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeletePrivateGatewayCmd.class.getName());
private static final String s_name = "deleteprivategatewayresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java b/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java
index b1a8d3e..492dd57 100644
--- a/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.account;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
@@ -27,7 +27,7 @@ import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.ListResponse;
-@APICommand(name = "listAccounts", description = "Lists accounts and provides detailed account information for listed accounts", responseObject = AccountResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Account })
+@APICommand(name = "listAccounts", description = "Lists accounts and provides detailed account information for listed accounts", responseObject = AccountResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Account })
public class ListAccountsCmd extends BaseListDomainResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAccountsCmd.class.getName());
private static final String s_name = "listaccountsresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
index a79e9fd..cf00787 100644
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.affinitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.user.Account;
-@APICommand(name = "createAffinityGroup", responseObject = AffinityGroupResponse.class, description = "Creates an affinity/anti-affinity group", entityType = { AclEntityType.AffinityGroup })
+@APICommand(name = "createAffinityGroup", responseObject = AffinityGroupResponse.class, description = "Creates an affinity/anti-affinity group", entityType = { IAMEntityType.AffinityGroup })
public class CreateAffinityGroupCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAffinityGroupCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
index d467db3..2722889 100644
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.affinitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.ACL;
@@ -37,7 +37,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.user.Account;
-@APICommand(name = "deleteAffinityGroup", description = "Deletes affinity group", responseObject = SuccessResponse.class, entityType = { AclEntityType.AffinityGroup })
+@APICommand(name = "deleteAffinityGroup", description = "Deletes affinity group", responseObject = SuccessResponse.class, entityType = { IAMEntityType.AffinityGroup })
public class DeleteAffinityGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAffinityGroupCmd.class.getName());
private static final String s_name = "deleteaffinitygroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java
index 262ecc7..5e209dc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java
@@ -17,7 +17,7 @@
package org.apache.cloudstack.api.command.user.affinitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -27,7 +27,7 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
-@APICommand(name = "listAffinityGroups", description = "Lists affinity groups", responseObject = AffinityGroupResponse.class, entityType = { AclEntityType.AffinityGroup })
+@APICommand(name = "listAffinityGroups", description = "Lists affinity groups", responseObject = AffinityGroupResponse.class, entityType = { IAMEntityType.AffinityGroup })
public class ListAffinityGroupsCmd extends BaseListAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAffinityGroupsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java
index 222e791..75f01c1 100644
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java
@@ -22,7 +22,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.ACL;
@@ -46,7 +46,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
@APICommand(name = "updateVMAffinityGroup", description = "Updates the affinity/anti-affinity group associations of a virtual machine. The VM has to be stopped and restarted for the "
- + "new properties to take effect.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+ + "new properties to take effect.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class UpdateVMAffinityGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVMAffinityGroupCmd.class.getName());
private static final String s_name = "updatevirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java
index c88d77d..e722a6e 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -40,7 +40,7 @@ import com.cloud.user.Account;
@APICommand(name = "createAutoScalePolicy",
description = "Creates an autoscale policy for a provision or deprovision action, the action is taken when the all the conditions evaluates to true for the specified duration. The policy is in effect once it is attached to a autscale vm group.",
- responseObject = AutoScalePolicyResponse.class, entityType = { AclEntityType.AutoScalePolicy })
+ responseObject = AutoScalePolicyResponse.class, entityType = { IAMEntityType.AutoScalePolicy })
public class CreateAutoScalePolicyCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAutoScalePolicyCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java
index 4c6f9fb..65bbafa 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -41,7 +41,7 @@ import com.cloud.network.rules.LoadBalancer;
@APICommand(name = "createAutoScaleVmGroup",
description = "Creates and automatically starts a virtual machine based on a service offering, disk offering, and template.",
- responseObject = AutoScaleVmGroupResponse.class, entityType = { AclEntityType.AutoScaleVmGroup })
+ responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
public class CreateAutoScaleVmGroupCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAutoScaleVmGroupCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java
index afedf90..617b335 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java
@@ -21,7 +21,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -45,7 +45,7 @@ import com.cloud.user.User;
@APICommand(name = "createAutoScaleVmProfile",
description = "Creates a profile that contains information about the virtual machine which will be provisioned automatically by autoscale feature.",
- responseObject = AutoScaleVmProfileResponse.class, entityType = { AclEntityType.AutoScaleVmProfile })
+ responseObject = AutoScaleVmProfileResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile })
@SuppressWarnings("rawtypes")
public class CreateAutoScaleVmProfileCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAutoScaleVmProfileCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
index 1138acb..f99aecc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.network.as.Condition;
-@APICommand(name = "createCondition", description = "Creates a condition", responseObject = ConditionResponse.class, entityType = { AclEntityType.Condition })
+@APICommand(name = "createCondition", description = "Creates a condition", responseObject = ConditionResponse.class, entityType = { IAMEntityType.Condition })
public class CreateConditionCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateConditionCmd.class.getName());
private static final String s_name = "conditionresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java
index 212896f..7d5741e 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScalePolicy;
import com.cloud.user.Account;
-@APICommand(name = "deleteAutoScalePolicy", description = "Deletes a autoscale policy.", responseObject = SuccessResponse.class, entityType = { AclEntityType.AutoScalePolicy })
+@APICommand(name = "deleteAutoScalePolicy", description = "Deletes a autoscale policy.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.AutoScalePolicy })
public class DeleteAutoScalePolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAutoScalePolicyCmd.class.getName());
private static final String s_name = "deleteautoscalepolicyresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java
index ea287dc..c8d32bd 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScaleVmGroup;
import com.cloud.user.Account;
-@APICommand(name = "deleteAutoScaleVmGroup", description = "Deletes a autoscale vm group.", responseObject = SuccessResponse.class, entityType = { AclEntityType.AutoScaleVmGroup })
+@APICommand(name = "deleteAutoScaleVmGroup", description = "Deletes a autoscale vm group.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
public class DeleteAutoScaleVmGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAutoScaleVmGroupCmd.class.getName());
private static final String s_name = "deleteautoscalevmgroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java
index 31ee281..79e0a17 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScaleVmProfile;
import com.cloud.user.Account;
-@APICommand(name = "deleteAutoScaleVmProfile", description = "Deletes a autoscale vm profile.", responseObject = SuccessResponse.class, entityType = { AclEntityType.AutoScaleVmProfile })
+@APICommand(name = "deleteAutoScaleVmProfile", description = "Deletes a autoscale vm profile.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile })
public class DeleteAutoScaleVmProfileCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAutoScaleVmProfileCmd.class.getName());
private static final String s_name = "deleteautoscalevmprofileresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java
index 977a260..9d12149 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.exception.ResourceInUseException;
import com.cloud.network.as.Condition;
import com.cloud.user.Account;
-@APICommand(name = "deleteCondition", description = "Removes a condition", responseObject = SuccessResponse.class, entityType = { AclEntityType.Condition })
+@APICommand(name = "deleteCondition", description = "Removes a condition", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Condition })
public class DeleteConditionCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteConditionCmd.class.getName());
private static final String s_name = "deleteconditionresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java
index 1698d82..a6e736a 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScaleVmGroup;
import com.cloud.user.Account;
-@APICommand(name = "disableAutoScaleVmGroup", description = "Disables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class, entityType = { AclEntityType.AutoScaleVmGroup })
+@APICommand(name = "disableAutoScaleVmGroup", description = "Disables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
public class DisableAutoScaleVmGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DisableAutoScaleVmGroupCmd.class.getName());
private static final String s_name = "disableautoscalevmGroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java
index 290d293..49a6cee 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScaleVmGroup;
import com.cloud.user.Account;
-@APICommand(name = "enableAutoScaleVmGroup", description = "Enables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class, entityType = { AclEntityType.AutoScaleVmGroup })
+@APICommand(name = "enableAutoScaleVmGroup", description = "Enables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
public class EnableAutoScaleVmGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(EnableAutoScaleVmGroupCmd.class.getName());
private static final String s_name = "enableautoscalevmGroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java
index a60dff3..c6eb40c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListAccountResourcesCmd;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.api.response.ListResponse;
import com.cloud.network.as.AutoScalePolicy;
-@APICommand(name = "listAutoScalePolicies", description = "Lists autoscale policies.", responseObject = AutoScalePolicyResponse.class, entityType = { AclEntityType.AutoScalePolicy })
+@APICommand(name = "listAutoScalePolicies", description = "Lists autoscale policies.", responseObject = AutoScalePolicyResponse.class, entityType = { IAMEntityType.AutoScalePolicy })
public class ListAutoScalePoliciesCmd extends BaseListAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAutoScalePoliciesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java
index 8e76842..5e35e63 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -36,7 +36,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.as.AutoScaleVmGroup;
-@APICommand(name = "listAutoScaleVmGroups", description = "Lists autoscale vm groups.", responseObject = AutoScaleVmGroupResponse.class, entityType = { AclEntityType.AutoScaleVmGroup })
+@APICommand(name = "listAutoScaleVmGroups", description = "Lists autoscale vm groups.", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
public class ListAutoScaleVmGroupsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAutoScaleVmGroupsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java
index 1affd75..8a4a522 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import java.util.ArrayList;
import java.util.List;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -32,7 +32,7 @@ import org.apache.log4j.Logger;
import com.cloud.network.as.AutoScaleVmProfile;
-@APICommand(name = "listAutoScaleVmProfiles", description = "Lists autoscale vm profiles.", responseObject = AutoScaleVmProfileResponse.class, entityType = { AclEntityType.AutoScaleVmProfile })
+@APICommand(name = "listAutoScaleVmProfiles", description = "Lists autoscale vm profiles.", responseObject = AutoScaleVmProfileResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile })
public class ListAutoScaleVmProfilesCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAutoScaleVmProfilesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java
index ba0d086..26f06bd 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -39,7 +39,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScalePolicy;
import com.cloud.user.Account;
-@APICommand(name = "updateAutoScalePolicy", description = "Updates an existing autoscale policy.", responseObject = AutoScalePolicyResponse.class, entityType = { AclEntityType.AutoScalePolicy })
+@APICommand(name = "updateAutoScalePolicy", description = "Updates an existing autoscale policy.", responseObject = AutoScalePolicyResponse.class, entityType = { IAMEntityType.AutoScalePolicy })
public class UpdateAutoScalePolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateAutoScalePolicyCmd.class.getName());
[12/18] iam/plugin: Rename Acl to IAM everywhere
Posted by pr...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
new file mode 100644
index 0000000..de57a41
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -0,0 +1,690 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.command.iam.AddAccountToIAMGroupCmd;
+import org.apache.cloudstack.api.command.iam.AddIAMPermissionToIAMPolicyCmd;
+import org.apache.cloudstack.api.command.iam.AttachIAMPolicyToAccountCmd;
+import org.apache.cloudstack.api.command.iam.AttachIAMPolicyToIAMGroupCmd;
+import org.apache.cloudstack.api.command.iam.CreateIAMGroupCmd;
+import org.apache.cloudstack.api.command.iam.CreateIAMPolicyCmd;
+import org.apache.cloudstack.api.command.iam.DeleteIAMGroupCmd;
+import org.apache.cloudstack.api.command.iam.DeleteIAMPolicyCmd;
+import org.apache.cloudstack.api.command.iam.ListIAMGroupsCmd;
+import org.apache.cloudstack.api.command.iam.ListIAMPoliciesCmd;
+import org.apache.cloudstack.api.command.iam.RemoveAccountFromIAMGroupCmd;
+import org.apache.cloudstack.api.command.iam.RemoveIAMPermissionFromIAMPolicyCmd;
+import org.apache.cloudstack.api.command.iam.RemoveIAMPolicyFromAccountCmd;
+import org.apache.cloudstack.api.command.iam.RemoveIAMPolicyFromIAMGroupCmd;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPermissionResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.messagebus.MessageBus;
+import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMService;
+
+import com.cloud.api.ApiServerService;
+import com.cloud.domain.Domain;
+import com.cloud.domain.DomainVO;
+import com.cloud.domain.dao.DomainDao;
+import com.cloud.event.ActionEvent;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.template.TemplateManager;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountVO;
+import com.cloud.user.DomainManager;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.Pair;
+import com.cloud.utils.component.Manager;
+import com.cloud.utils.component.ManagerBase;
+import com.cloud.utils.db.DB;
+import com.cloud.utils.db.EntityManager;
+
+@Local(value = {IAMApiService.class})
+public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Manager {
+
+ public static final Logger s_logger = Logger.getLogger(IAMApiServiceImpl.class);
+ private String _name;
+
+ @Inject
+ ApiServerService _apiServer;
+
+ @Inject
+ IAMService _iamSrv;
+
+ @Inject
+ DomainDao _domainDao;
+
+ @Inject
+ AccountDao _accountDao;
+
+ @Inject
+ AccountManager _accountMgr;
+
+ @Inject
+ MessageBus _messageBus;
+
+ @Override
+ public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
+ _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ HashMap<Long, Long> acctGroupMap = (HashMap<Long, Long>) obj;
+ for (Long accountId : acctGroupMap.keySet()) {
+ Long groupId = acctGroupMap.get(accountId);
+ s_logger.debug("MessageBus message: new Account Added: " + accountId + ", adding it to groupId :"
+ + groupId);
+ addAccountToIAMGroup(accountId, groupId);
+ // add it to domain group too
+ AccountVO account = _accountDao.findById(accountId);
+ Domain domain = _domainDao.findById(account.getDomainId());
+ if (domain != null) {
+ List<IAMGroup> domainGroups = listDomainGroup(domain);
+
+ if (domainGroups != null) {
+ for (IAMGroup group : domainGroups) {
+ addAccountToIAMGroup(accountId, new Long(group.getId()));
+ }
+ }
+ }
+ }
+ }
+ });
+
+ _messageBus.subscribe(AccountManager.MESSAGE_REMOVE_ACCOUNT_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long accountId = ((Long) obj);
+ if (accountId != null) {
+ s_logger.debug("MessageBus message: Account removed: " + accountId
+ + ", releasing the group associations");
+ removeAccountFromIAMGroups(accountId);
+ }
+ }
+ });
+
+ _messageBus.subscribe(DomainManager.MESSAGE_ADD_DOMAIN_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long domainId = ((Long) obj);
+ if (domainId != null) {
+ s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
+ Domain domain = _domainDao.findById(domainId);
+ _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
+ }
+ }
+ });
+
+ _messageBus.subscribe(DomainManager.MESSAGE_REMOVE_DOMAIN_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long domainId = ((Long) obj);
+ if (domainId != null) {
+ s_logger.debug("MessageBus message: Domain removed: " + domainId + ", removing the domain group");
+ Domain domain = _domainDao.findById(domainId);
+ List<IAMGroup> groups = listDomainGroup(domain);
+ for (IAMGroup group : groups) {
+ _iamSrv.deleteAclGroup(group.getId());
+ }
+ }
+ }
+ });
+
+ _messageBus.subscribe(TemplateManager.MESSAGE_REGISTER_PUBLIC_TEMPLATE_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long templateId = (Long)obj;
+ if (templateId != null) {
+ s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
+ }
+ }
+ });
+
+ _messageBus.subscribe(TemplateManager.MESSAGE_RESET_TEMPLATE_PERMISSION_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long templateId = (Long)obj;
+ if (templateId != null) {
+ s_logger.debug("MessageBus message: reset template permission: " + templateId);
+ resetTemplatePermission(templateId);
+ }
+ }
+ });
+
+ _messageBus.subscribe(EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Pair<IAMEntityType, Long> entity = (Pair<IAMEntityType, Long>)obj;
+ if (entity != null) {
+ String entityType = entity.first().toString();
+ Long entityId = entity.second();
+ s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
+ _iamSrv.removeAclPermissionForEntity(entityType, entityId);
+ }
+ }
+ });
+
+
+ _messageBus.subscribe(EntityManager.MESSAGE_GRANT_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Map<String, Object> permit = (Map<String, Object>)obj;
+ if (permit != null) {
+ String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
+ Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
+ AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
+ String action = (String)permit.get(ApiConstants.IAM_ACTION);
+ List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
+ s_logger.debug("MessageBus message: grant accounts permission to an entity: (" + entityType + "," + entityId + ")");
+ grantEntityPermissioinToAccounts(entityType, entityId, accessType, action, acctIds);
+ }
+ }
+ });
+
+ _messageBus.subscribe(EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Map<String, Object> permit = (Map<String, Object>)obj;
+ if (permit != null) {
+ String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
+ Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
+ AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
+ String action = (String)permit.get(ApiConstants.IAM_ACTION);
+ List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
+ s_logger.debug("MessageBus message: revoke from accounts permission to an entity: (" + entityType + "," + entityId + ")");
+ revokeEntityPermissioinFromAccounts(entityType, entityId, accessType, action, acctIds);
+ }
+ }
+ });
+
+ _messageBus.subscribe(EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Map<String, Object> params = (Map<String, Object>) obj;
+ if (params != null) {
+ addDomainWideResourceAccess(params);
+ }
+ }
+ });
+
+ return super.configure(name, params);
+ }
+
+ private void addDomainWideResourceAccess(Map<String, Object> params) {
+
+ IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);
+ Long entityId = (Long) params.get(ApiConstants.ENTITY_ID);
+ Long domainId = (Long) params.get(ApiConstants.DOMAIN_ID);
+ Boolean isRecursive = (Boolean) params.get(ApiConstants.SUBDOMAIN_ACCESS);
+
+ if (entityType == IAMEntityType.Network) {
+ createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType.toString(),
+ entityId, "listNetworks", AccessType.UseEntry, domainId, isRecursive);
+ } else if (entityType == IAMEntityType.AffinityGroup) {
+ createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide affinityGroup", entityType.toString(),
+ entityId, "listAffinityGroups", AccessType.UseEntry, domainId, isRecursive);
+ }
+
+ }
+
+ private void createPolicyAndAddToDomainGroup(String policyName, String description, String entityType,
+ Long entityId, String action, AccessType accessType, Long domainId, Boolean recursive) {
+
+ Domain domain = _domainDao.findById(domainId);
+ if (domain != null) {
+ IAMPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
+ _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
+ entityId, action, accessType.toString(), Permission.Allow, recursive);
+ List<Long> policyList = new ArrayList<Long>();
+ policyList.add(new Long(policy.getId()));
+
+ List<IAMGroup> domainGroups = listDomainGroup(domain);
+ if (domainGroups != null) {
+ for (IAMGroup group : domainGroups) {
+ _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
+ }
+ }
+ }
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
+ public IAMGroup createIAMGroup(Account caller, String iamGroupName, String description) {
+ Long domainId = caller.getDomainId();
+ Domain callerDomain = _domainDao.findById(domainId);
+ if (callerDomain == null) {
+ throw new InvalidParameterValueException("Caller does not have a domain");
+ }
+ return _iamSrv.createAclGroup(iamGroupName, description, callerDomain.getPath());
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_DELETE, eventDescription = "Deleting Acl Group")
+ public boolean deleteIAMGroup(final Long iamGroupId) {
+ return _iamSrv.deleteAclGroup(iamGroupId);
+ }
+
+ @Override
+ public List<IAMGroup> listIAMGroups(long accountId) {
+ return _iamSrv.listAclGroups(accountId);
+ }
+
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
+ public IAMGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
+ return _iamSrv.addAccountsToGroup(acctIds, groupId);
+ }
+
+
+ private void removeAccountFromIAMGroups(long accountId) {
+ List<IAMGroup> groups = listIAMGroups(accountId);
+ List<Long> accts = new ArrayList<Long>();
+ accts.add(accountId);
+ if (groups != null) {
+ for (IAMGroup grp : groups) {
+ removeAccountsFromGroup(accts, grp.getId());
+ }
+ }
+ }
+
+ private void addAccountToIAMGroup(long accountId, long groupId) {
+ List<Long> accts = new ArrayList<Long>();
+ accts.add(accountId);
+ addAccountsToGroup(accts, groupId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
+ public IAMGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
+ return _iamSrv.removeAccountsFromGroup(acctIds, groupId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_CREATE, eventDescription = "Creating IAM Policy", create = true)
+ public IAMPolicy createIAMPolicy(Account caller, final String iamPolicyName, final String description, final Long parentPolicyId) {
+ Long domainId = caller.getDomainId();
+ Domain callerDomain = _domainDao.findById(domainId);
+ if (callerDomain == null) {
+ throw new InvalidParameterValueException("Caller does not have a domain");
+ }
+ return _iamSrv.createAclPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath());
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_DELETE, eventDescription = "Deleting IAM Policy")
+ public boolean deleteIAMPolicy(final long iamPolicyId) {
+ return _iamSrv.deleteAclPolicy(iamPolicyId);
+ }
+
+
+ @Override
+ public List<IAMPolicy> listIAMPolicies(long accountId) {
+ return _iamSrv.listAclPolicies(accountId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
+ public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
+ return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
+ public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
+ return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
+ }
+
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
+ public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
+ _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
+ public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
+ _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_GRANT, eventDescription = "Granting acl permission to IAM Policy")
+ public IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope,
+ Long scopeId, String action, Permission perm, Boolean recursive) {
+ Class<?> cmdClass = _apiServer.getCmdClass(action);
+ AccessType accessType = null;
+ if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
+ accessType = AccessType.UseEntry;
+ }
+ return _iamSrv.addAclPermissionToAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
+ accessType.toString(), perm, recursive);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_REVOKE, eventDescription = "Revoking acl permission from IAM Policy")
+ public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
+ return _iamSrv.removeAclPermissionFromAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action);
+ }
+
+ @Override
+ public IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action) {
+ List<IAMPolicy> policies = _iamSrv.listAclPolicies(accountId);
+ IAMPolicyPermission curPerm = null;
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
+ entityType);
+ if (perms == null || perms.size() == 0)
+ continue;
+ IAMPolicyPermission perm = perms.get(0); // just pick one
+ if (curPerm == null) {
+ curPerm = perm;
+ } else if (PermissionScope.valueOf(perm.getScope()).greaterThan(PermissionScope.valueOf(curPerm.getScope()))) {
+ // pick the more relaxed allowed permission
+ curPerm = perm;
+ }
+ }
+
+ return curPerm;
+ }
+
+
+ @Override
+ public IAMPolicyResponse createIAMPolicyResponse(IAMPolicy policy) {
+ IAMPolicyResponse response = new IAMPolicyResponse();
+ response.setId(policy.getUuid());
+ response.setName(policy.getName());
+ response.setDescription(policy.getDescription());
+ String domainPath = policy.getPath();
+ if (domainPath != null) {
+ DomainVO domain = _domainDao.findDomainByPath(domainPath);
+ if (domain != null) {
+ response.setDomainId(domain.getUuid());
+ response.setDomainName(domain.getName());
+ }
+ }
+ long accountId = policy.getAccountId();
+ AccountVO owner = _accountDao.findById(accountId);
+ if (owner != null) {
+ response.setAccountName(owner.getAccountName());
+ }
+ // find permissions associated with this policy
+ List<IAMPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
+ if (permissions != null && permissions.size() > 0) {
+ for (IAMPolicyPermission permission : permissions) {
+ IAMPermissionResponse perm = new IAMPermissionResponse();
+ perm.setAction(permission.getAction());
+ if (permission.getEntityType() != null) {
+ perm.setEntityType(IAMEntityType.valueOf(permission.getEntityType()));
+ }
+ if (permission.getScope() != null) {
+ perm.setScope(PermissionScope.valueOf(permission.getScope()));
+ }
+ perm.setScopeId(permission.getScopeId());
+ perm.setPermission(permission.getPermission());
+ response.addPermission(perm);
+ }
+ }
+ response.setObjectName("aclpolicy");
+ return response;
+ }
+
+ @Override
+ public IAMGroupResponse createIAMGroupResponse(IAMGroup group) {
+ IAMGroupResponse response = new IAMGroupResponse();
+ response.setId(group.getUuid());
+ response.setName(group.getName());
+ response.setDescription(group.getDescription());
+ String domainPath = group.getPath();
+ if (domainPath != null) {
+ DomainVO domain = _domainDao.findDomainByPath(domainPath);
+ if (domain != null) {
+ response.setDomainId(domain.getUuid());
+ response.setDomainName(domain.getName());
+ }
+ }
+ long accountId = group.getAccountId();
+ AccountVO owner = _accountDao.findById(accountId);
+ if (owner != null) {
+ response.setAccountName(owner.getAccountName());
+ }
+ // find all the members in this group
+ List<Long> members = _iamSrv.listAccountsByGroup(group.getId());
+ if (members != null && members.size() > 0) {
+ for (Long member : members) {
+ AccountVO mem = _accountDao.findById(member);
+ if (mem != null) {
+ response.addMemberAccount(mem.getAccountName());
+ }
+ }
+ }
+
+ // find all the policies attached to this group
+ List<IAMPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
+ if (policies != null && policies.size() > 0) {
+ for (IAMPolicy policy : policies) {
+ response.addPolicy(policy.getName());
+ }
+ }
+
+ response.setObjectName("aclgroup");
+ return response;
+
+ }
+
+ public List<IAMGroup> listDomainGroup(Domain domain) {
+
+ if (domain != null) {
+ String domainPath = domain.getPath();
+ // search for groups
+ Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
+ domainPath, null, null);
+ return result.first();
+ }
+ return new ArrayList<IAMGroup>();
+
+ }
+
+ @Override
+ public ListResponse<IAMGroupResponse> listIAMGroups(Long iamGroupId, String iamGroupName, Long domainId, Long startIndex, Long pageSize) {
+ // acl check
+ Account caller = CallContext.current().getCallingAccount();
+
+ Domain domain = null;
+ if (domainId != null) {
+ domain = _domainDao.findById(domainId);
+ if (domain == null) {
+ throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
+ }
+
+ _accountMgr.checkAccess(caller, domain);
+ } else {
+ domain = _domainDao.findById(caller.getDomainId());
+ }
+ String domainPath = domain.getPath();
+ // search for groups
+ Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize);
+ // generate group response
+ ListResponse<IAMGroupResponse> response = new ListResponse<IAMGroupResponse>();
+ List<IAMGroupResponse> groupResponses = new ArrayList<IAMGroupResponse>();
+ for (IAMGroup group : result.first()) {
+ IAMGroupResponse resp = createIAMGroupResponse(group);
+ groupResponses.add(resp);
+ }
+ response.setResponses(groupResponses, result.second());
+ return response;
+ }
+
+ @Override
+ public ListResponse<IAMPolicyResponse> listIAMPolicies(Long iamPolicyId, String iamPolicyName, Long domainId, Long startIndex,
+ Long pageSize) {
+ // acl check
+ Account caller = CallContext.current().getCallingAccount();
+
+ Domain domain = null;
+ if (domainId != null) {
+ domain = _domainDao.findById(domainId);
+ if (domain == null) {
+ throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
+ }
+
+ _accountMgr.checkAccess(caller, domain);
+ } else {
+ domain = _domainDao.findById(caller.getDomainId());
+ }
+ String domainPath = domain.getPath();
+ // search for policies
+ Pair<List<IAMPolicy>, Integer> result = _iamSrv.listAclPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize);
+ // generate policy response
+ ListResponse<IAMPolicyResponse> response = new ListResponse<IAMPolicyResponse>();
+ List<IAMPolicyResponse> policyResponses = new ArrayList<IAMPolicyResponse>();
+ for (IAMPolicy policy : result.first()) {
+ IAMPolicyResponse resp = createIAMPolicyResponse(policy);
+ policyResponses.add(resp);
+ }
+ response.setResponses(policyResponses, result.second());
+ return response;
+ }
+
+ @Override
+ public void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
+ // check if there is already a policy with only this permission added to it
+ IAMPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
+ if (policy == null) {
+ // not found, just create a policy with resource grant permission
+ Account caller = CallContext.current().getCallingAccount();
+ String aclPolicyName = "policyGrant" + entityType + entityId;
+ String description = "Policy to grant permission to " + entityType + entityId;
+ policy = createIAMPolicy(caller, aclPolicyName, description, null);
+ // add permission to this policy
+ addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
+ }
+ // attach this policy to list of accounts if not attached already
+ Long policyId = policy.getId();
+ for (Long acctId : accountIds) {
+ if (!isPolicyAttachedToAccount(policyId, acctId)) {
+ attachIAMPolicyToAccounts(policyId, Collections.singletonList(acctId));
+ }
+ }
+ }
+
+ @Override
+ public void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
+ // there should already a policy with only this permission added to it, this call is mainly used
+ IAMPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
+ if (policy == null) {
+ s_logger.warn("Cannot find a policy associated with this entity permissioin to be revoked, just return");
+ return;
+ }
+ // detach this policy from list of accounts if not detached already
+ Long policyId = policy.getId();
+ for (Long acctId : accountIds) {
+ if (isPolicyAttachedToAccount(policyId, acctId)) {
+ removeIAMPolicyFromAccounts(policyId, Collections.singletonList(acctId));
+ }
+ }
+
+ }
+
+ private boolean isPolicyAttachedToAccount(Long policyId, Long accountId) {
+ List<IAMPolicy> pList = listIAMPolicies(accountId);
+ for (IAMPolicy p : pList) {
+ if (p.getId() == policyId.longValue()) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private void resetTemplatePermission(Long templateId){
+ // reset template will change template to private, so we need to remove its permission for domain admin and normal user group
+ _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
+ _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
+ // check if there is a policy with only UseEntry permission for this template added
+ IAMPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
+ if ( policy == null ){
+ s_logger.info("No policy found for this template grant: " + templateId + ", no detach to be done");
+ return;
+ }
+ // delete the policy, which should detach it from groups and accounts
+ _iamSrv.deleteAclPolicy(policy.getId());
+
+ }
+
+ @Override
+ public List<Class<?>> getCommands() {
+ List<Class<?>> cmdList = new ArrayList<Class<?>>();
+ cmdList.add(CreateIAMPolicyCmd.class);
+ cmdList.add(DeleteIAMPolicyCmd.class);
+ cmdList.add(ListIAMPoliciesCmd.class);
+ cmdList.add(AddIAMPermissionToIAMPolicyCmd.class);
+ cmdList.add(RemoveIAMPermissionFromIAMPolicyCmd.class);
+ cmdList.add(AttachIAMPolicyToIAMGroupCmd.class);
+ cmdList.add(RemoveIAMPolicyFromIAMGroupCmd.class);
+ cmdList.add(CreateIAMGroupCmd.class);
+ cmdList.add(DeleteIAMGroupCmd.class);
+ cmdList.add(ListIAMGroupsCmd.class);
+ cmdList.add(AddAccountToIAMGroupCmd.class);
+ cmdList.add(RemoveAccountFromIAMGroupCmd.class);
+ cmdList.add(AttachIAMPolicyToAccountCmd.class);
+ cmdList.add(RemoveIAMPolicyFromAccountCmd.class);
+ return cmdList;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
index 448e45f..48e6ede 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
@@ -37,9 +37,9 @@ import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.BaseAsyncCreateCmd;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.BaseListCmd;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.api.ApiServerService;
@@ -90,7 +90,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
+ "is null");
}
- List<AclPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
+ List<IAMPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
if (!isAllowed) {
@@ -259,11 +259,11 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
if (entityTypes == null || entityTypes.length == 0) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
} else {
for (IAMEntityType entityType : entityTypes) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 5420f84..13f6914 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -28,9 +28,9 @@ import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker;
import org.apache.cloudstack.api.InternalIdentity;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.acl.DomainChecker;
@@ -64,7 +64,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
if (entity == null && action != null) {
// check if caller can do this action
- List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
+ List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies);
if (!isAllowed) {
@@ -80,11 +80,11 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
}
// get all Policies of this caller w.r.t the entity
- List<AclPolicy> policies = getEffectivePolicies(caller, entity);
- HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();
+ List<IAMPolicy> policies = getEffectivePolicies(caller, entity);
+ HashMap<IAMPolicy, Boolean> policyPermissionMap = new HashMap<IAMPolicy, Boolean>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> permissions = new ArrayList<AclPolicyPermission>();
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermission> permissions = new ArrayList<IAMPolicyPermission>();
if (action != null) {
permissions = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action, entityType);
@@ -100,7 +100,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
accessType.toString(), entityType));
}
}
- for (AclPolicyPermission permission : permissions) {
+ for (IAMPolicyPermission permission : permissions) {
if (checkPermissionScope(caller, permission.getScope(), permission.getScopeId(), entity)) {
if (permission.getEntityType().equals(entityType)) {
policyPermissionMap.put(policy, permission.getPermission().isGranted());
@@ -129,7 +129,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
private boolean checkPermissionScope(Account caller, String scope, Long scopeId, ControlledEntity entity) {
- if(scopeId != null && !scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))){
+ if(scopeId != null && !scopeId.equals(new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))){
//scopeId is set
if (scope.equals(PermissionScope.ACCOUNT.name())) {
if(scopeId == entity.getAccountId()){
@@ -147,7 +147,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
}
}
}
- } else if (scopeId == null || scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))) {
+ } else if (scopeId == null || scopeId.equals(new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))) {
if (scope.equals(PermissionScope.ACCOUNT.name())) {
if(caller.getAccountId() == entity.getAccountId()){
return true;
@@ -161,10 +161,10 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
return false;
}
- private List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
+ private List<IAMPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
// Get the static Policies of the Caller
- List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
+ List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
// add any dynamic policies w.r.t the entity
if (caller.getId() == entity.getAccountId()) {
@@ -172,11 +172,11 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
policies.add(_iamSrv.getResourceOwnerPolicy());
}
- List<AclGroup> groups = _iamSrv.listAclGroups(caller.getId());
- for (AclGroup group : groups) {
+ List<IAMGroup> groups = _iamSrv.listAclGroups(caller.getId());
+ for (IAMGroup group : groups) {
// for each group find the grand parent groups.
- List<AclGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
- for (AclGroup parentGroup : parentGroups) {
+ List<IAMGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
+ for (IAMGroup parentGroup : parentGroups) {
policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
index 4cec0d9..596ac7e 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
@@ -25,9 +25,9 @@ import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.QuerySelector;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.user.Account;
@@ -44,13 +44,13 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedDomains(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
// for each policy, find granted permission with Domain scope
List<Long> domainIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.DOMAIN.toString());
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.DOMAIN.toString());
if (pp != null) {
- for (AclPolicyPermission p : pp) {
+ for (IAMPolicyPermission p : pp) {
if (p.getScopeId() != null) {
if (p.getScopeId().longValue() == -1) {
domainIds.add(caller.getDomainId());
@@ -68,13 +68,13 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedAccounts(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
// for each policy, find granted permission with Account scope
List<Long> accountIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ACCOUNT.toString());
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ACCOUNT.toString());
if (pp != null) {
- for (AclPolicyPermission p : pp) {
+ for (IAMPolicyPermission p : pp) {
if (p.getScopeId() != null) {
if (p.getScopeId().longValue() == -1) {
accountIds.add(caller.getId());
@@ -92,24 +92,24 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedResources(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
// add the policies that grant recursive access
- List<AclGroup> groups = _iamService.listAclGroups(caller.getId());
- for (AclGroup group : groups) {
+ List<IAMGroup> groups = _iamService.listAclGroups(caller.getId());
+ for (IAMGroup group : groups) {
// for each group find the grand parent groups.
- List<AclGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
- for (AclGroup parentGroup : parentGroups) {
+ List<IAMGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
+ for (IAMGroup parentGroup : parentGroups) {
policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
}
}
// for each policy, find granted permission with Resource scope
List<Long> entityIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.RESOURCE.toString());
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.RESOURCE.toString());
if (pp != null) {
- for (AclPolicyPermission p : pp) {
+ for (IAMPolicyPermission p : pp) {
if (p.getScopeId() != null) {
entityIds.add(p.getScopeId());
}
@@ -123,10 +123,10 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public boolean isGrantedAll(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
// for each policy, find granted permission with ALL scope
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
if (pp != null && pp.size() > 0) {
return true;
}
@@ -136,9 +136,9 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
@Override
public List<String> listAclGroupsByAccount(long accountId) {
- List<AclGroup> groups = _iamService.listAclGroups(accountId);
+ List<IAMGroup> groups = _iamService.listAclGroups(accountId);
List<String> groupNames = new ArrayList<String>();
- for (AclGroup grp : groups) {
+ for (IAMGroup grp : groups) {
groupNames.add(grp.getName());
}
return groupNames;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java b/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
deleted file mode 100644
index daf5b64..0000000
--- a/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
+++ /dev/null
@@ -1,357 +0,0 @@
-package org.apache.cloudstack.acl;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-import static org.mockito.Mockito.doNothing;
-import static org.mockito.Mockito.when;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-import java.util.UUID;
-
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mockito;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.ComponentScan.Filter;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.FilterType;
-import org.springframework.core.type.classreading.MetadataReader;
-import org.springframework.core.type.classreading.MetadataReaderFactory;
-import org.springframework.core.type.filter.TypeFilter;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.support.AnnotationConfigContextLoader;
-
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.iam.AclApiServiceImpl;
-import org.apache.cloudstack.api.command.user.vm.ListVMsCmd;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPermissionResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.framework.messagebus.MessageBus;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.api.IAMService;
-import org.apache.cloudstack.iam.server.AclGroupVO;
-import org.apache.cloudstack.iam.server.AclPolicyPermissionVO;
-import org.apache.cloudstack.iam.server.AclPolicyVO;
-import org.apache.cloudstack.test.utils.SpringUtils;
-
-import com.cloud.api.ApiServerService;
-import com.cloud.domain.DomainVO;
-import com.cloud.domain.dao.DomainDao;
-import com.cloud.network.dao.NetworkDomainDao;
-import com.cloud.user.Account;
-import com.cloud.user.AccountManager;
-import com.cloud.user.AccountVO;
-import com.cloud.user.UserVO;
-import com.cloud.user.dao.AccountDao;
-import com.cloud.utils.Pair;
-import com.cloud.utils.component.ComponentContext;
-
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration(loader = AnnotationConfigContextLoader.class)
-public class AclApiServiceTest {
-
- @Inject
- IAMService _iamSrv;
-
- @Inject
- DomainDao _domainDao;
-
- @Inject
- AclApiService _aclSrv;
-
- @Inject
- AccountManager _accountMgr;
-
- @Inject
- AccountDao _accountDao;
-
- @Inject
- ApiServerService _apiServer;
-
- private static Account caller;
- private static Long callerId;
- private static String callerAccountName = "tester";
- private static Long callerDomainId = 3L;
- private static String callerDomainPath = "/root/testdomain";
- private static DomainVO callerDomain;
-
- @BeforeClass
- public static void setUpClass() throws ConfigurationException {
- }
-
- @Before
- public void setUp() {
- ComponentContext.initComponentsLifeCycle();
- caller = new AccountVO(callerAccountName, callerDomainId, null, Account.ACCOUNT_TYPE_ADMIN, UUID.randomUUID().toString());
- callerId = caller.getId();
- callerDomain = new DomainVO();
- callerDomain.setPath(callerDomainPath);
- UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
- CallContext.register(user, caller);
-
- when(_domainDao.findById(callerDomainId)).thenReturn(callerDomain);
- doNothing().when(_accountMgr).checkAccess(caller, callerDomain);
- }
-
- @Test
- public void createAclGroupTest() {
- AclGroup group = new AclGroupVO("group1", "tester group1");
- List<AclGroup> groups = new ArrayList<AclGroup>();
- groups.add(group);
- Pair<List<AclGroup>, Integer> grpList = new Pair<List<AclGroup>, Integer>(groups, 1);
- when(_iamSrv.createAclGroup("group1", "tester group1", callerDomainPath)).thenReturn(group);
- when(_iamSrv.listAclGroups(null, null, callerDomainPath, 0L, 20L)).thenReturn(grpList);
-
- AclGroup createdGrp = _aclSrv.createAclGroup(caller, "group1", "tester group1");
- assertNotNull("Acl group 'group1' failed to create ", createdGrp);
- ListResponse<AclGroupResponse> grpResp = _aclSrv.listAclGroups(null, null, callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", grpResp.getCount() == 1);
- AclGroupResponse resp = grpResp.getResponses().get(0);
- assertEquals("Error in created group name", "group1", resp.getName());
- }
-
- @Test
- public void deleteAclGroupTest() {
- when(_iamSrv.deleteAclGroup(1L)).thenReturn(true);
- assertTrue("failed to delete acl group 1", _aclSrv.deleteAclGroup(1L));
- }
-
- @Test
- public void listAclGroupTest() {
- AclGroup group = new AclGroupVO("group1", "tester group1");
- List<AclGroup> groups = new ArrayList<AclGroup>();
- groups.add(group);
- when(_iamSrv.listAclGroups(callerId)).thenReturn(groups);
- List<AclGroup> grps = _aclSrv.listAclGroups(callerId);
- assertTrue(grps != null && grps.size() == 1);
- AclGroup grp = grps.get(0);
- assertEquals("Error to retrieve group", "group1", grp.getName());
- }
-
- @Test
- public void addRemoveAccountToGroupTest() {
- AclGroup group = new AclGroupVO("group1", "tester group1");
- List<AclGroup> groups = new ArrayList<AclGroup>();
- groups.add(group);
- Long groupId = group.getId();
- List<Long> acctIds = new ArrayList<Long>();
- AccountVO acct1 = new AccountVO(100L);
- acct1.setAccountName("account1");
- AccountVO acct2 = new AccountVO(200L);
- acct2.setAccountName("account2");
- acctIds.add(acct1.getId());
- acctIds.add(acct2.getId());
- when(_accountDao.findById(acct1.getId())).thenReturn(acct1);
- when(_accountDao.findById(acct2.getId())).thenReturn(acct2);
- when(_iamSrv.addAccountsToGroup(acctIds, groupId)).thenReturn(group);
- when(_iamSrv.listAccountsByGroup(groupId)).thenReturn(acctIds);
- Pair<List<AclGroup>, Integer> grpList = new Pair<List<AclGroup>, Integer>(groups, 1);
- when(_iamSrv.listAclGroups(null, "group1", callerDomainPath, 0L, 20L)).thenReturn(grpList);
- _aclSrv.addAccountsToGroup(acctIds, groupId);
- ListResponse<AclGroupResponse> grpResp = _aclSrv.listAclGroups(null, "group1", callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", grpResp.getCount() == 1);
- AclGroupResponse resp = grpResp.getResponses().get(0);
- Set<String> acctNames = resp.getAccountNameList();
- assertEquals("There should be 2 accounts in the group", 2, acctNames.size());
- assertTrue("account1 should be assigned to the group", acctNames.contains("account1"));
- assertTrue("account2 should be assigned to the group", acctNames.contains("account2"));
- // remove "account2" from group1
- acctIds.remove(1);
- List<Long> rmAccts = new ArrayList<Long>();
- rmAccts.add(acct2.getId());
- when(_iamSrv.removeAccountsFromGroup(rmAccts, groupId)).thenReturn(group);
- _aclSrv.removeAccountsFromGroup(acctIds, groupId);
- grpResp = _aclSrv.listAclGroups(null, "group1", callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", grpResp.getCount() == 1);
- resp = grpResp.getResponses().get(0);
- acctNames = resp.getAccountNameList();
- assertEquals("There should be 1 accounts in the group", 1, acctNames.size());
- assertFalse("account2 should not belong to the group anymore", acctNames.contains("account2"));
- }
-
- @Test
- public void createAclPolicyTest() {
- AclPolicy policy = new AclPolicyVO("policy1", "tester policy1");
- List<AclPolicy> policies = new ArrayList<AclPolicy>();
- policies.add(policy);
- Pair<List<AclPolicy>, Integer> policyList = new Pair<List<AclPolicy>, Integer>(policies, 1);
- when(_iamSrv.createAclPolicy("policy1", "tester policy1", null, callerDomainPath)).thenReturn(policy);
- when(_iamSrv.listAclPolicies(null, null, callerDomainPath, 0L, 20L)).thenReturn(policyList);
-
- AclPolicy createdPolicy = _aclSrv.createAclPolicy(caller, "policy1", "tester policy1", null);
- assertNotNull("Acl policy 'policy1' failed to create ", createdPolicy);
- ListResponse<AclPolicyResponse> policyResp = _aclSrv.listAclPolicies(null, null, callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", policyResp.getCount() == 1);
- AclPolicyResponse resp = policyResp.getResponses().get(0);
- assertEquals("Error in created group name", "policy1", resp.getName());
- }
-
- @Test
- public void deleteAclPolicyTest() {
- when(_iamSrv.deleteAclPolicy(1L)).thenReturn(true);
- assertTrue("failed to delete acl policy 1", _aclSrv.deleteAclPolicy(1L));
- }
-
- @Test
- public void listAclPolicyTest() {
- AclPolicy policy = new AclPolicyVO("policy1", "tester policy1");
- List<AclPolicy> policies = new ArrayList<AclPolicy>();
- policies.add(policy);
- when(_iamSrv.listAclPolicies(callerId)).thenReturn(policies);
- List<AclPolicy> polys = _aclSrv.listAclPolicies(callerId);
- assertTrue(polys != null && polys.size() == 1);
- AclPolicy p = polys.get(0);
- assertEquals("Error to retrieve group", "policy1", p.getName());
- }
-
- @Test
- public void addRemovePolicyToGroupTest() {
- AclGroup group = new AclGroupVO("group1", "tester group1");
- List<AclGroup> groups = new ArrayList<AclGroup>();
- groups.add(group);
- Long groupId = group.getId();
- List<Long> policyIds = new ArrayList<Long>();
- policyIds.add(100L);
- policyIds.add(200L);
- AclPolicy policy1 = new AclPolicyVO("policy1", "my first policy");
- AclPolicy policy2 = new AclPolicyVO("policy2", "my second policy");
- List<AclPolicy> policies = new ArrayList<AclPolicy>();
- policies.add(policy1);
- policies.add(policy2);
- when(_iamSrv.attachAclPoliciesToGroup(policyIds, groupId)).thenReturn(group);
- when(_iamSrv.listAclPoliciesByGroup(groupId)).thenReturn(policies);
- Pair<List<AclGroup>, Integer> grpList = new Pair<List<AclGroup>, Integer>(groups, 1);
- when(_iamSrv.listAclGroups(null, "group1", callerDomainPath, 0L, 20L)).thenReturn(grpList);
- _aclSrv.attachAclPoliciesToGroup(policyIds, groupId);
- ListResponse<AclGroupResponse> grpResp = _aclSrv.listAclGroups(null, "group1", callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", grpResp.getCount() == 1);
- AclGroupResponse resp = grpResp.getResponses().get(0);
- Set<String> policyNames = resp.getPolicyList();
- assertEquals("There should be 2 policies in the group", 2, policyNames.size());
- assertTrue("policy1 should be assigned to the group", policyNames.contains("policy1"));
- assertTrue("policy2 should be assigned to the group", policyNames.contains("policy2"));
- // remove "policy2" from group1
- policyIds.remove(1);
- policies.remove(policy2);
- when(_iamSrv.removeAclPoliciesFromGroup(policyIds, groupId)).thenReturn(group);
- _aclSrv.removeAclPoliciesFromGroup(policyIds, groupId);
- grpResp = _aclSrv.listAclGroups(null, "group1", callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", grpResp.getCount() == 1);
- resp = grpResp.getResponses().get(0);
- policyNames = resp.getPolicyList();
- assertEquals("There should be 1 policy attached to the group", 1, policyNames.size());
- assertFalse("policy2 should not belong to the group anymore", policyNames.contains("policy2"));
- }
-
- @Test
- public void addRemovePermissionToPolicyTest() {
- AclPolicy policy = new AclPolicyVO("policy1", "tester policy1");
- List<AclPolicy> policies = new ArrayList<AclPolicy>();
- policies.add(policy);
- Long policyId = policy.getId();
- Long resId = 200L;
- Class clz = ListVMsCmd.class;
- when(_apiServer.getCmdClass("listVirtualMachines")).thenReturn(clz);
- when(
- _iamSrv.addAclPermissionToAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
- AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
- _aclSrv.addAclPermissionToAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
- Pair<List<AclPolicy>, Integer> policyList = new Pair<List<AclPolicy>, Integer>(policies, 1);
- List<AclPolicyPermission> policyPerms = new ArrayList<AclPolicyPermission>();
- AclPolicyPermission perm = new AclPolicyPermissionVO(policyId, "listVirtualMachines", IAMEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
- PermissionScope.RESOURCE.toString(),
- resId, Permission.Allow, false);
- policyPerms.add(perm);
- when(_iamSrv.listAclPolicies(null, "policy1", callerDomainPath, 0L, 20L)).thenReturn(policyList);
- when(_iamSrv.listPolicyPermissions(policyId)).thenReturn(policyPerms);
- ListResponse<AclPolicyResponse> policyResp = _aclSrv.listAclPolicies(null, "policy1", callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", policyResp.getCount() == 1);
- AclPolicyResponse resp = policyResp.getResponses().get(0);
- Set<AclPermissionResponse> permList = resp.getPermissionList();
- assertTrue("Permission list should not be empty", permList != null && permList.size() > 0);
- AclPermissionResponse permResp = permList.iterator().next();
- assertEquals("There should be one permission for listVirtualMachines", "listVirtualMachines", permResp.getAction());
-
- //remove permission from policy
- policyPerms.remove(perm);
- _aclSrv.removeAclPermissionFromAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines");
- policyResp = _aclSrv.listAclPolicies(null, "policy1", callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", policyResp.getCount() == 1);
- resp = policyResp.getResponses().get(0);
- permList = resp.getPermissionList();
- assertTrue("Permission list should be empty", permList != null && permList.size() == 0);
- }
-
- @After
- public void tearDown() {
- }
-
- @Configuration
- @ComponentScan(basePackageClasses = {AclApiServiceImpl.class}, includeFilters = {@Filter(value = TestConfiguration.Library.class, type = FilterType.CUSTOM)}, useDefaultFilters = false)
- public static class TestConfiguration extends SpringUtils.CloudStackTestConfiguration {
-
- @Bean
- public DomainDao domainDao() {
- return Mockito.mock(DomainDao.class);
- }
-
- @Bean
- public IAMService iamService() {
- return Mockito.mock(IAMService.class);
- }
-
- @Bean
- public AccountDao accountDao() {
- return Mockito.mock(AccountDao.class);
- }
-
- @Bean
- public NetworkDomainDao networkDomainDao() {
- return Mockito.mock(NetworkDomainDao.class);
- }
-
- @Bean
- public AccountManager accountManager() {
- return Mockito.mock(AccountManager.class);
- }
-
- @Bean
- public MessageBus messageBus() {
- return Mockito.mock(MessageBus.class);
- }
-
- @Bean
- public ApiServerService apiServerService() {
- return Mockito.mock(ApiServerService.class);
- }
-
- public static class Library implements TypeFilter {
-
- @Override
- public boolean match(MetadataReader mdr, MetadataReaderFactory arg1) throws IOException {
- ComponentScan cs = TestConfiguration.class.getAnnotation(ComponentScan.class);
- return SpringUtils.includedInBasePackageClasses(mdr.getClassMetadata().getClassName(), cs);
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
new file mode 100644
index 0000000..4b376ce
--- /dev/null
+++ b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
@@ -0,0 +1,363 @@
+package org.apache.cloudstack.iam.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.doNothing;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import java.util.UUID;
+
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mockito;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.ComponentScan.Filter;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.FilterType;
+import org.springframework.core.type.classreading.MetadataReader;
+import org.springframework.core.type.classreading.MetadataReaderFactory;
+import org.springframework.core.type.filter.TypeFilter;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.support.AnnotationConfigContextLoader;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.iam.IAMApiServiceImpl;
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.command.user.vm.ListVMsCmd;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPermissionResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.messagebus.MessageBus;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMService;
+import org.apache.cloudstack.iam.server.IAMGroupVO;
+import org.apache.cloudstack.iam.server.IAMPolicyPermissionVO;
+import org.apache.cloudstack.iam.server.IAMPolicyVO;
+import org.apache.cloudstack.test.utils.SpringUtils;
+
+import com.cloud.api.ApiServerService;
+import com.cloud.domain.DomainVO;
+import com.cloud.domain.dao.DomainDao;
+import com.cloud.network.dao.NetworkDomainDao;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountVO;
+import com.cloud.user.UserVO;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.Pair;
+import com.cloud.utils.component.ComponentContext;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(loader = AnnotationConfigContextLoader.class)
+public class IAMApiServiceTest {
+
+ @Inject
+ IAMService _iamSrv;
+
+ @Inject
+ DomainDao _domainDao;
+
+ @Inject
+ IAMApiService _aclSrv;
+
+ @Inject
+ AccountManager _accountMgr;
+
+ @Inject
+ AccountDao _accountDao;
+
+ @Inject
+ ApiServerService _apiServer;
+
+ private static Account caller;
+ private static Long callerId;
+ private static String callerAccountName = "tester";
+ private static Long callerDomainId = 3L;
+ private static String callerDomainPath = "/root/testdomain";
+ private static DomainVO callerDomain;
+
+ @BeforeClass
+ public static void setUpClass() throws ConfigurationException {
+ }
+
+ @Before
+ public void setUp() {
+ ComponentContext.initComponentsLifeCycle();
+ caller = new AccountVO(callerAccountName, callerDomainId, null, Account.ACCOUNT_TYPE_ADMIN, UUID.randomUUID().toString());
+ callerId = caller.getId();
+ callerDomain = new DomainVO();
+ callerDomain.setPath(callerDomainPath);
+ UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+ CallContext.register(user, caller);
+
+ when(_domainDao.findById(callerDomainId)).thenReturn(callerDomain);
+ doNothing().when(_accountMgr).checkAccess(caller, callerDomain);
+ }
+
+ @Test
+ public void createIAMGroupTest() {
+ IAMGroup group = new IAMGroupVO("group1", "tester group1");
+ List<IAMGroup> groups = new ArrayList<IAMGroup>();
+ groups.add(group);
+ Pair<List<IAMGroup>, Integer> grpList = new Pair<List<IAMGroup>, Integer>(groups, 1);
+ when(_iamSrv.createIAMGroup("group1", "tester group1", callerDomainPath)).thenReturn(group);
+ when(_iamSrv.listIAMGroups(null, null, callerDomainPath, 0L, 20L)).thenReturn(grpList);
+
+ IAMGroup createdGrp = _aclSrv.createIAMGroup(caller, "group1", "tester group1");
+ assertNotNull("IAM group 'group1' failed to create ", createdGrp);
+ ListResponse<IAMGroupResponse> grpResp = _aclSrv.listIAMGroups(null, null, callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", grpResp.getCount() == 1);
+ IAMGroupResponse resp = grpResp.getResponses().get(0);
+ assertEquals("Error in created group name", "group1", resp.getName());
+ }
+
+ @Test
+ public void deleteIAMGroupTest() {
+ when(_iamSrv.deleteIAMGroup(1L)).thenReturn(true);
+ assertTrue("failed to delete acl group 1", _aclSrv.deleteIAMGroup(1L));
+ }
+
+ @Test
+ public void listIAMGroupTest() {
+ IAMGroup group = new IAMGroupVO("group1", "tester group1");
+ List<IAMGroup> groups = new ArrayList<IAMGroup>();
+ groups.add(group);
+ when(_iamSrv.listIAMGroups(callerId)).thenReturn(groups);
+ List<IAMGroup> grps = _aclSrv.listIAMGroups(callerId);
+ assertTrue(grps != null && grps.size() == 1);
+ IAMGroup grp = grps.get(0);
+ assertEquals("Error to retrieve group", "group1", grp.getName());
+ }
+
+ @Test
+ public void addRemoveAccountToGroupTest() {
+ IAMGroup group = new IAMGroupVO("group1", "tester group1");
+ List<IAMGroup> groups = new ArrayList<IAMGroup>();
+ groups.add(group);
+ Long groupId = group.getId();
+ List<Long> acctIds = new ArrayList<Long>();
+ AccountVO acct1 = new AccountVO(100L);
+ acct1.setAccountName("account1");
+ AccountVO acct2 = new AccountVO(200L);
+ acct2.setAccountName("account2");
+ acctIds.add(acct1.getId());
+ acctIds.add(acct2.getId());
+ when(_accountDao.findById(acct1.getId())).thenReturn(acct1);
+ when(_accountDao.findById(acct2.getId())).thenReturn(acct2);
+ when(_iamSrv.addAccountsToGroup(acctIds, groupId)).thenReturn(group);
+ when(_iamSrv.listAccountsByGroup(groupId)).thenReturn(acctIds);
+ Pair<List<IAMGroup>, Integer> grpList = new Pair<List<IAMGroup>, Integer>(groups, 1);
+ when(_iamSrv.listIAMGroups(null, "group1", callerDomainPath, 0L, 20L)).thenReturn(grpList);
+ _aclSrv.addAccountsToGroup(acctIds, groupId);
+ ListResponse<IAMGroupResponse> grpResp = _aclSrv.listIAMGroups(null, "group1", callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", grpResp.getCount() == 1);
+ IAMGroupResponse resp = grpResp.getResponses().get(0);
+ Set<String> acctNames = resp.getAccountNameList();
+ assertEquals("There should be 2 accounts in the group", 2, acctNames.size());
+ assertTrue("account1 should be assigned to the group", acctNames.contains("account1"));
+ assertTrue("account2 should be assigned to the group", acctNames.contains("account2"));
+ // remove "account2" from group1
+ acctIds.remove(1);
+ List<Long> rmAccts = new ArrayList<Long>();
+ rmAccts.add(acct2.getId());
+ when(_iamSrv.removeAccountsFromGroup(rmAccts, groupId)).thenReturn(group);
+ _aclSrv.removeAccountsFromGroup(acctIds, groupId);
+ grpResp = _aclSrv.listIAMGroups(null, "group1", callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", grpResp.getCount() == 1);
+ resp = grpResp.getResponses().get(0);
+ acctNames = resp.getAccountNameList();
+ assertEquals("There should be 1 accounts in the group", 1, acctNames.size());
+ assertFalse("account2 should not belong to the group anymore", acctNames.contains("account2"));
+ }
+
+ @Test
+ public void createIAMPolicyTest() {
+ IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
+ List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
+ policies.add(policy);
+ Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>, Integer>(policies, 1);
+ when(_iamSrv.createIAMPolicy("policy1", "tester policy1", null, callerDomainPath)).thenReturn(policy);
+ when(_iamSrv.listIAMPolicies(null, null, callerDomainPath, 0L, 20L)).thenReturn(policyList);
+
+ IAMPolicy createdPolicy = _aclSrv.createIAMPolicy(caller, "policy1", "tester policy1", null);
+ assertNotNull("IAM policy 'policy1' failed to create ", createdPolicy);
+ ListResponse<IAMPolicyResponse> policyResp = _aclSrv.listIAMPolicies(null, null, callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", policyResp.getCount() == 1);
+ IAMPolicyResponse resp = policyResp.getResponses().get(0);
+ assertEquals("Error in created group name", "policy1", resp.getName());
+ }
+
+ @Test
+ public void deleteIAMPolicyTest() {
+ when(_iamSrv.deleteIAMPolicy(1L)).thenReturn(true);
+ assertTrue("failed to delete acl policy 1", _aclSrv.deleteIAMPolicy(1L));
+ }
+
+ @Test
+ public void listIAMPolicyTest() {
+ IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
+ List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
+ policies.add(policy);
+ when(_iamSrv.listIAMPolicies(callerId)).thenReturn(policies);
+ List<IAMPolicy> polys = _aclSrv.listIAMPolicies(callerId);
+ assertTrue(polys != null && polys.size() == 1);
+ IAMPolicy p = polys.get(0);
+ assertEquals("Error to retrieve group", "policy1", p.getName());
+ }
+
+ @Test
+ public void addRemovePolicyToGroupTest() {
+ IAMGroup group = new IAMGroupVO("group1", "tester group1");
+ List<IAMGroup> groups = new ArrayList<IAMGroup>();
+ groups.add(group);
+ Long groupId = group.getId();
+ List<Long> policyIds = new ArrayList<Long>();
+ policyIds.add(100L);
+ policyIds.add(200L);
+ IAMPolicy policy1 = new IAMPolicyVO("policy1", "my first policy");
+ IAMPolicy policy2 = new IAMPolicyVO("policy2", "my second policy");
+ List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
+ policies.add(policy1);
+ policies.add(policy2);
+ when(_iamSrv.attachIAMPoliciesToGroup(policyIds, groupId)).thenReturn(group);
+ when(_iamSrv.listIAMPoliciesByGroup(groupId)).thenReturn(policies);
+ Pair<List<IAMGroup>, Integer> grpList = new Pair<List<IAMGroup>, Integer>(groups, 1);
+ when(_iamSrv.listIAMGroups(null, "group1", callerDomainPath, 0L, 20L)).thenReturn(grpList);
+ _aclSrv.attachIAMPoliciesToGroup(policyIds, groupId);
+ ListResponse<IAMGroupResponse> grpResp = _aclSrv.listIAMGroups(null, "group1", callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", grpResp.getCount() == 1);
+ IAMGroupResponse resp = grpResp.getResponses().get(0);
+ Set<String> policyNames = resp.getPolicyList();
+ assertEquals("There should be 2 policies in the group", 2, policyNames.size());
+ assertTrue("policy1 should be assigned to the group", policyNames.contains("policy1"));
+ assertTrue("policy2 should be assigned to the group", policyNames.contains("policy2"));
+ // remove "policy2" from group1
+ policyIds.remove(1);
+ policies.remove(policy2);
+ when(_iamSrv.removeIAMPoliciesFromGroup(policyIds, groupId)).thenReturn(group);
+ _aclSrv.removeIAMPoliciesFromGroup(policyIds, groupId);
+ grpResp = _aclSrv.listIAMGroups(null, "group1", callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", grpResp.getCount() == 1);
+ resp = grpResp.getResponses().get(0);
+ policyNames = resp.getPolicyList();
+ assertEquals("There should be 1 policy attached to the group", 1, policyNames.size());
+ assertFalse("policy2 should not belong to the group anymore", policyNames.contains("policy2"));
+ }
+
+ @Test
+ public void addRemovePermissionToPolicyTest() {
+ IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
+ List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
+ policies.add(policy);
+ Long policyId = policy.getId();
+ Long resId = 200L;
+ Class clz = ListVMsCmd.class;
+ when(_apiServer.getCmdClass("listVirtualMachines")).thenReturn(clz);
+ when(
+ _iamSrv.addIAMPermissionToIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
+ PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
+ AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
+ _aclSrv.addIAMPermissionToIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
+ PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
+ Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>, Integer>(policies, 1);
+ List<IAMPolicyPermission> policyPerms = new ArrayList<IAMPolicyPermission>();
+ IAMPolicyPermission perm = new IAMPolicyPermissionVO(policyId, "listVirtualMachines",
+ IAMEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
+ PermissionScope.RESOURCE.toString(),
+ resId, Permission.Allow, false);
+ policyPerms.add(perm);
+ when(_iamSrv.listIAMPolicies(null, "policy1", callerDomainPath, 0L, 20L)).thenReturn(policyList);
+ when(_iamSrv.listPolicyPermissions(policyId)).thenReturn(policyPerms);
+ ListResponse<IAMPolicyResponse> policyResp = _aclSrv.listIAMPolicies(null, "policy1", callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", policyResp.getCount() == 1);
+ IAMPolicyResponse resp = policyResp.getResponses().get(0);
+ Set<IAMPermissionResponse> permList = resp.getPermissionList();
+ assertTrue("Permission list should not be empty", permList != null && permList.size() > 0);
+ IAMPermissionResponse permResp = permList.iterator().next();
+ assertEquals("There should be one permission for listVirtualMachines", "listVirtualMachines", permResp.getAction());
+
+ //remove permission from policy
+ policyPerms.remove(perm);
+ _aclSrv.removeIAMPermissionFromIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
+ PermissionScope.RESOURCE, resId, "listVirtualMachines");
+ policyResp = _aclSrv.listIAMPolicies(null, "policy1", callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", policyResp.getCount() == 1);
+ resp = policyResp.getResponses().get(0);
+ permList = resp.getPermissionList();
+ assertTrue("Permission list should be empty", permList != null && permList.size() == 0);
+ }
+
+ @After
+ public void tearDown() {
+ }
+
+ @Configuration
+ @ComponentScan(basePackageClasses = {IAMApiServiceImpl.class}, includeFilters = {@Filter(value = TestConfiguration.Library.class, type = FilterType.CUSTOM)}, useDefaultFilters = false)
+ public static class TestConfiguration extends SpringUtils.CloudStackTestConfiguration {
+
+ @Bean
+ public DomainDao domainDao() {
+ return Mockito.mock(DomainDao.class);
+ }
+
+ @Bean
+ public IAMService iamService() {
+ return Mockito.mock(IAMService.class);
+ }
+
+ @Bean
+ public AccountDao accountDao() {
+ return Mockito.mock(AccountDao.class);
+ }
+
+ @Bean
+ public NetworkDomainDao networkDomainDao() {
+ return Mockito.mock(NetworkDomainDao.class);
+ }
+
+ @Bean
+ public AccountManager accountManager() {
+ return Mockito.mock(AccountManager.class);
+ }
+
+ @Bean
+ public MessageBus messageBus() {
+ return Mockito.mock(MessageBus.class);
+ }
+
+ @Bean
+ public ApiServerService apiServerService() {
+ return Mockito.mock(ApiServerService.class);
+ }
+
+ public static class Library implements TypeFilter {
+
+ @Override
+ public boolean match(MetadataReader mdr, MetadataReaderFactory arg1) throws IOException {
+ ComponentScan cs = TestConfiguration.class.getAnnotation(ComponentScan.class);
+ return SpringUtils.includedInBasePackageClasses(mdr.getClassMetadata().getClassName(), cs);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java b/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java
deleted file mode 100644
index 2bdddf7..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java
+++ /dev/null
@@ -1,37 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.api;
-
-import org.apache.cloudstack.api.Identity;
-import org.apache.cloudstack.api.InternalIdentity;
-
-public interface AclGroup extends InternalIdentity, Identity {
-
- String getName();
-
- String getDescription();
-
- @Override
- long getId();
-
- @Override
- String getUuid();
-
- String getPath();
-
- long getAccountId();
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java b/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java
deleted file mode 100644
index 302bbf3..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java
+++ /dev/null
@@ -1,41 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.api;
-
-import org.apache.cloudstack.api.Identity;
-import org.apache.cloudstack.api.InternalIdentity;
-
-public interface AclPolicy extends InternalIdentity, Identity {
-
- String getName();
-
- String getDescription();
-
- public enum PolicyType {
- Static, Dynamic
- }
-
- @Override
- long getId();
-
- @Override
- String getUuid();
-
- String getPath();
-
- long getAccountId();
-}
[07/18] Renaming plugin packages to 'iam' instead if 'acl'
Posted by pr...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAclGroupCmd.java
deleted file mode 100644
index 294642b..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "attachAclPolicyToAclGroup", description = "attach acl policy to an acl group", responseObject = AclGroupResponse.class)
-public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName());
- private static final String s_name = "attachaclpolicytoaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> policyIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getPolicyIdList() {
- return policyIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.attachAclPoliciesToGroup(policyIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding acl roles to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclGroupCmd.java
deleted file mode 100644
index 2364f0f..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclGroupCmd.java
+++ /dev/null
@@ -1,168 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
-
-@APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group")
-public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclGroupCmd.class.getName());
-
- private static final String s_name = "createaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl group. Must be used with domainId.")
- private String accountName;
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl group", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl group")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
- private String name;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = CallContext.current().getCallingAccount();
- if ((account == null) || _accountService.isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
- // command to SYSTEM so ERROR events
- // are tracked
- }
-
- @Override
- public void execute() {
- AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId());
- if (grp != null) {
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(grp);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- Account account = CallContext.current().getCallingAccount();
- AclGroup result = _aclApiSrv.createAclGroup(account, name, description);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl group";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_GROUP_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclPolicyCmd.java
deleted file mode 100644
index 9cc282a..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclPolicyCmd.java
+++ /dev/null
@@ -1,175 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
-
-@APICommand(name = "createAclPolicy", responseObject = AclPolicyResponse.class, description = "Creates an acl policy")
-public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclPolicyCmd.class.getName());
-
- private static final String s_name = "createaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl policy. Must be used with domainId.")
- private String accountName;
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl policy", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl policy")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl policy")
- private String name;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent acl policy.", entityType = AclPolicyResponse.class)
- private Long parentPolicyId;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
- public Long getParentPolicyId() {
- return parentPolicyId;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = CallContext.current().getCallingAccount();
- if ((account == null) || _accountService.isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
- // command to SYSTEM so ERROR events
- // are tracked
- }
-
- @Override
- public void execute() {
- AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId());
- if (policy != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(policy);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- Account account = CallContext.current().getCallingAccount();
- AclPolicy result = _aclApiSrv.createAclPolicy(account, name, description, parentPolicyId);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl policy";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_POLICY_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclGroupCmd.java
deleted file mode 100644
index 447342e..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclGroupCmd.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-
-import com.cloud.event.EventTypes;
-import com.cloud.user.Account;
-
-@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
-public class DeleteAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteAclGroupCmd.class.getName());
- private static final String s_name = "deleteaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = AclGroupResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM;
- }
-
- @Override
- public void execute(){
- boolean result = _aclApiSrv.deleteAclGroup(id);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return "Deleting Acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclPolicyCmd.java
deleted file mode 100644
index 7977ad0..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclPolicyCmd.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-
-import com.cloud.event.EventTypes;
-import com.cloud.user.Account;
-
-@APICommand(name = "deleteAclPolicy", description = "Deletes acl policy", responseObject = SuccessResponse.class)
-public class DeleteAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName());
- private static final String s_name = "deleteaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl role.", required = true, entityType = AclPolicyResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM;
- }
-
- @Override
- public void execute(){
- boolean result = _aclApiSrv.deleteAclPolicy(id);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl policy");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return "Deleting Acl role";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclGroupsCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclGroupsCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclGroupsCmd.java
deleted file mode 100644
index d626a4c..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclGroupsCmd.java
+++ /dev/null
@@ -1,88 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-
-
-@APICommand(name = "listAclGroups", description = "Lists acl groups", responseObject = AclGroupResponse.class)
-public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListAclGroupsCmd.class.getName());
-
- private static final String s_name = "listaclgroupsresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl groups by name")
- private String aclGroupName;
-
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl group by the id provided", entityType = AclGroupResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
- public String getAclGroupName() {
- return aclGroupName;
- }
-
-
- public Long getId(){
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
-
- ListResponse<AclGroupResponse> response = _aclApiSrv.listAclGroups(id, aclGroupName, getDomainId(),
- getStartIndex(), getPageSizeVal());
- response.setResponseName(getCommandName());
- setResponseObject(response);
-
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclPoliciesCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclPoliciesCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclPoliciesCmd.java
deleted file mode 100644
index d4866dd..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclPoliciesCmd.java
+++ /dev/null
@@ -1,88 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-
-
-@APICommand(name = "listAclPolicies", description = "Lists acl policies", responseObject = AclPolicyResponse.class)
-public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListAclPoliciesCmd.class.getName());
-
- private static final String s_name = "listaclpoliciesresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl policies by name")
- private String aclPolicyName;
-
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl policy by the id provided", entityType = AclPolicyResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
- public String getAclPolicyName() {
- return aclPolicyName;
- }
-
-
- public Long getId(){
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
-
- ListResponse<AclPolicyResponse> response = _aclApiSrv.listAclPolicies(id, aclPolicyName, getDomainId(),
- getStartIndex(), getPageSizeVal());
- response.setResponseName(getCommandName());
- setResponseObject(response);
-
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAccountFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAccountFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAccountFromAclGroupCmd.java
deleted file mode 100644
index ab03f84..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAccountFromAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAccountFromAclGroup", description = "remove accounts from an acl group", responseObject = AclGroupResponse.class)
-public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAccountFromAclGroupCmd.class.getName());
- private static final String s_name = "removeaccountfromaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.removeAccountsFromGroup(accountIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing accounts from acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPermissionFromAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPermissionFromAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPermissionFromAclPolicyCmd.java
deleted file mode 100644
index f9e54b0..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPermissionFromAclPolicyCmd.java
+++ /dev/null
@@ -1,147 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPermissionFromAclPolicy", description = "Remove acl permission from an acl policy", responseObject = AclPolicyResponse.class)
-public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName());
- private static final String s_name = "removeaclpermissionfromaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
- private String action;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
- required = false, description = "acl permission scope")
- private String scope;
-
- @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public String getAction() {
- return action;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public String getScope() {
- return scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- AclPolicy result = _aclApiSrv.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
- if (result != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from acl policy " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_REVOKE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing permission from acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAccountCmd.java
deleted file mode 100644
index fb63282..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAccountCmd.java
+++ /dev/null
@@ -1,122 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPolicyFromAccount", description = "remove acl policy from accounts", responseObject = SuccessResponse.class)
-public class RemoveAclPolicyFromAccountCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAccountCmd.class.getName());
- private static final String s_name = "removeaclpolicyfromaccountresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- _aclApiSrv.removeAclPolicyFromAccounts(id, accountIdList);
- SuccessResponse response = new SuccessResponse();
- response.setResponseName(getCommandName());
- setResponseObject(response);
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing acl policy from accounts";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.Account;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAclGroupCmd.java
deleted file mode 100644
index ecf709d..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPolicyFromAclGroup", description = "remove acl policy from an acl group", responseObject = AclGroupResponse.class)
-public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName());
- private static final String s_name = "removeaclpolicyfromaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> policyIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getRoleIdList() {
- return policyIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.removeAclPoliciesFromGroup(policyIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing acl roles from acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
new file mode 100644
index 0000000..b63f635
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "addAccountToAclGroup", description = "add account to an acl group", responseObject = AclGroupResponse.class)
+public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName());
+ private static final String s_name = "addaccounttoaclgroupresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
+ required = true, description = "The ID of the acl group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl group Id: " + getId());
+ AclGroup result = _aclApiSrv.addAccountsToGroup(accountIdList, id);
+ if (result != null){
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding accounts to acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
new file mode 100644
index 0000000..e0ecb50
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
@@ -0,0 +1,151 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "addAclPermissionToAclPolicy", description = "Add Acl permission to an acl policy", responseObject = AclPolicyResponse.class)
+public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName());
+ private static final String s_name = "addaclpermissiontoaclpolicyresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
+ required = true, description = "The ID of the acl policy")
+ private Long id;
+
+ @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
+ private String action;
+
+ @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
+ private String entityType;
+
+ @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
+ required = false, description = "acl permission scope")
+ private String scope;
+
+ @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
+ private Long scopeId;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getEntityType() {
+ return entityType;
+ }
+
+ public String getScope() {
+ return scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl policy Id: " + getId());
+ // Only explicit ALLOW is supported for this release, no explicit deny
+ AclPolicy result = _aclApiSrv.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope),
+ scopeId, action, Permission.Allow, false);
+ if (result != null) {
+ AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl policy " + getId());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_POLICY_GRANT;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "granting permission to acl policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
new file mode 100644
index 0000000..c16f8bd
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
@@ -0,0 +1,122 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "attachAclPolicyToAccount", description = "attach acl policy to accounts", responseObject = SuccessResponse.class)
+public class AttachAclPolicyToAccountCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAccountCmd.class.getName());
+ private static final String s_name = "attachaclpolicytoaccountresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
+ required = true, description = "The ID of the acl policy")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that the policy will attach to.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl policy Id: " + getId());
+ _aclApiSrv.attachAclPolicyToAccounts(id, accountIdList);
+ SuccessResponse response = new SuccessResponse();
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding acl policy to accounts";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.Account;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
new file mode 100644
index 0000000..cd2a3d5
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "attachAclPolicyToAclGroup", description = "attach acl policy to an acl group", responseObject = AclGroupResponse.class)
+public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName());
+ private static final String s_name = "attachaclpolicytoaclgroupresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
+ required = true, description = "The ID of the acl group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
+ private List<Long> policyIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getPolicyIdList() {
+ return policyIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl group Id: " + getId());
+ AclGroup result = _aclApiSrv.attachAclPoliciesToGroup(policyIdList, id);
+ if (result != null){
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding acl roles to acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
new file mode 100644
index 0000000..3805c9f
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
@@ -0,0 +1,168 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.user.Account;
+
+@APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group")
+public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateAclGroupCmd.class.getName());
+
+ private static final String s_name = "createaclgroupresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl group. Must be used with domainId.")
+ private String accountName;
+
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl group", entityType = DomainResponse.class)
+ private Long domainId;
+
+ @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl group")
+ private String description;
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
+ private String name;
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = CallContext.current().getCallingAccount();
+ if ((account == null) || _accountService.isAdmin(account.getType())) {
+ if ((domainId != null) && (accountName != null)) {
+ Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+ if (userAccount != null) {
+ return userAccount.getId();
+ }
+ }
+ }
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
+ // command to SYSTEM so ERROR events
+ // are tracked
+ }
+
+ @Override
+ public void execute() {
+ AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId());
+ if (grp != null) {
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(grp);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group:" + name);
+ }
+ }
+
+ @Override
+ public void create() throws ResourceAllocationException {
+ Account account = CallContext.current().getCallingAccount();
+ AclGroup result = _aclApiSrv.createAclGroup(account, name, description);
+ if (result != null) {
+ setEntityId(result.getId());
+ setEntityUuid(result.getUuid());
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group entity" + name);
+ }
+
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_CREATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "creating Acl group";
+ }
+
+ @Override
+ public String getCreateEventType() {
+ return EventTypes.EVENT_ACL_GROUP_CREATE;
+ }
+
+ @Override
+ public String getCreateEventDescription() {
+ return "creating acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+
+}
[09/18] iam/plugin: Rename Acl to IAM everywhere
Posted by pr...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java
new file mode 100644
index 0000000..54408a6
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java
@@ -0,0 +1,28 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.server.IAMGroupVO;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface IAMGroupDao extends GenericDao<IAMGroupVO, Long> {
+
+ IAMGroup findByName(String path, String groupName);
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java
new file mode 100644
index 0000000..45be0b3
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java
@@ -0,0 +1,59 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.server.IAMGroupVO;
+import org.springframework.stereotype.Component;
+
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+@Component
+public class IAMGroupDaoImpl extends GenericDaoBase<IAMGroupVO, Long> implements IAMGroupDao {
+ private SearchBuilder<IAMGroupVO> nameSearch;
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ nameSearch = createSearchBuilder();
+ nameSearch.and("name", nameSearch.entity().getName(), SearchCriteria.Op.EQ);
+ nameSearch.and("path", nameSearch.entity().getPath(), SearchCriteria.Op.EQ);
+ nameSearch.done();
+
+
+ return true;
+ }
+
+ @Override
+ public IAMGroup findByName(String path, String name) {
+ SearchCriteria<IAMGroupVO> sc = nameSearch.create();
+ sc.setParameters("name", name);
+ if (path != null) {
+ sc.setParameters("path", path);
+ }
+ return findOneBy(sc);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java
new file mode 100644
index 0000000..6a2df89
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java
@@ -0,0 +1,16 @@
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+
+import org.apache.cloudstack.iam.server.IAMGroupPolicyMapVO;
+import com.cloud.utils.db.GenericDao;
+
+public interface IAMGroupPolicyMapDao extends GenericDao<IAMGroupPolicyMapVO, Long> {
+
+ List<IAMGroupPolicyMapVO> listByGroupId(long groupId);
+
+ List<IAMGroupPolicyMapVO> listByPolicyId(long policyId);
+
+ IAMGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId);
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java
new file mode 100644
index 0000000..95b6bac
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java
@@ -0,0 +1,61 @@
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.iam.server.IAMGroupPolicyMapVO;
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+public class IAMGroupPolicyMapDaoImpl extends GenericDaoBase<IAMGroupPolicyMapVO, Long> implements IAMGroupPolicyMapDao {
+
+ private SearchBuilder<IAMGroupPolicyMapVO> ListByGroupId;
+ private SearchBuilder<IAMGroupPolicyMapVO> ListByPolicyId;
+ private SearchBuilder<IAMGroupPolicyMapVO> findByPolicyGroupId;
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ ListByGroupId = createSearchBuilder();
+ ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
+ ListByGroupId.done();
+
+ ListByPolicyId = createSearchBuilder();
+ ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ ListByPolicyId.done();
+
+ findByPolicyGroupId = createSearchBuilder();
+ findByPolicyGroupId.and("policyId", findByPolicyGroupId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ findByPolicyGroupId.and("groupId", findByPolicyGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
+ findByPolicyGroupId.done();
+
+ return true;
+ }
+
+ @Override
+ public List<IAMGroupPolicyMapVO> listByGroupId(long groupId) {
+ SearchCriteria<IAMGroupPolicyMapVO> sc = ListByGroupId.create();
+ sc.setParameters("groupId", groupId);
+ return listBy(sc);
+ }
+
+ @Override
+ public List<IAMGroupPolicyMapVO> listByPolicyId(long policyId) {
+ SearchCriteria<IAMGroupPolicyMapVO> sc = ListByPolicyId.create();
+ sc.setParameters("policyId", policyId);
+ return listBy(sc);
+ }
+
+ @Override
+ public IAMGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId) {
+ SearchCriteria<IAMGroupPolicyMapVO> sc = findByPolicyGroupId.create();
+ sc.setParameters("policyId", policyId);
+ sc.setParameters("groupId", groupId);
+ return findOneBy(sc);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java
new file mode 100644
index 0000000..ace7d85
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java
@@ -0,0 +1,28 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.server.IAMPolicyVO;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface IAMPolicyDao extends GenericDao<IAMPolicyVO, Long> {
+
+ IAMPolicy findByName(String policyName);
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java
new file mode 100644
index 0000000..293cf6f
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java
@@ -0,0 +1,57 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.server.IAMPolicyVO;
+import org.springframework.stereotype.Component;
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+@Component
+public class IAMPolicyDaoImpl extends GenericDaoBase<IAMPolicyVO, Long> implements IAMPolicyDao {
+ private SearchBuilder<IAMPolicyVO> nameSearch;
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ nameSearch = createSearchBuilder();
+ nameSearch.and("name", nameSearch.entity().getName(), SearchCriteria.Op.EQ);
+ // nameSearch.and("domainId", nameSearch.entity().getDomainId(),
+ // SearchCriteria.Op.EQ);
+ nameSearch.done();
+
+
+ return true;
+ }
+
+ @Override
+ public IAMPolicy findByName(String name) {
+ SearchCriteria<IAMPolicyVO> sc = nameSearch.create();
+ sc.setParameters("name", name);
+
+ return findOneBy(sc);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java
new file mode 100644
index 0000000..cdcb02b
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java
@@ -0,0 +1,39 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+import java.util.List;
+
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+import org.apache.cloudstack.iam.server.IAMPolicyPermissionVO;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface IAMPolicyPermissionDao extends GenericDao<IAMPolicyPermissionVO, Long> {
+
+ List<IAMPolicyPermissionVO> listByPolicy(long policyId);
+
+ IAMPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId,
+ String action, Permission perm);
+
+ List<IAMPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope);
+
+ List<IAMPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType);
+
+ List<IAMPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType, String entityType);
+
+ List<IAMPolicyPermissionVO> listByEntity(String entityType, Long entityId);
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java
new file mode 100644
index 0000000..3f976cf
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java
@@ -0,0 +1,129 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+import org.apache.cloudstack.iam.server.IAMPolicyPermissionVO;
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+public class IAMPolicyPermissionDaoImpl extends GenericDaoBase<IAMPolicyPermissionVO, Long> implements
+ IAMPolicyPermissionDao {
+
+ private SearchBuilder<IAMPolicyPermissionVO> policyIdSearch;
+ private SearchBuilder<IAMPolicyPermissionVO> fullSearch;
+ private SearchBuilder<IAMPolicyPermissionVO> actionScopeSearch;
+ private SearchBuilder<IAMPolicyPermissionVO> entitySearch;
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ policyIdSearch = createSearchBuilder();
+ policyIdSearch.and("policyId", policyIdSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ policyIdSearch.done();
+
+ fullSearch = createSearchBuilder();
+ fullSearch.and("policyId", fullSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ fullSearch.and("entityType", fullSearch.entity().getEntityType(), SearchCriteria.Op.EQ);
+ fullSearch.and("scope", fullSearch.entity().getScope(), SearchCriteria.Op.EQ);
+ fullSearch.and("scopeId", fullSearch.entity().getScopeId(), SearchCriteria.Op.EQ);
+ fullSearch.and("action", fullSearch.entity().getAction(), SearchCriteria.Op.EQ);
+ fullSearch.and("permission", fullSearch.entity().getPermission(), SearchCriteria.Op.EQ);
+ fullSearch.and("accessType", fullSearch.entity().getAccessType(), SearchCriteria.Op.EQ);
+ fullSearch.done();
+
+ actionScopeSearch = createSearchBuilder();
+ actionScopeSearch.and("policyId", actionScopeSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ actionScopeSearch.and("scope", actionScopeSearch.entity().getScope(), SearchCriteria.Op.EQ);
+ actionScopeSearch.and("action", actionScopeSearch.entity().getAction(), SearchCriteria.Op.EQ);
+ actionScopeSearch.and("permission", actionScopeSearch.entity().getPermission(), SearchCriteria.Op.EQ);
+ actionScopeSearch.done();
+
+ entitySearch = createSearchBuilder();
+ entitySearch.and("entityType", entitySearch.entity().getEntityType(), SearchCriteria.Op.EQ);
+ entitySearch.and("scopeId", entitySearch.entity().getScopeId(), SearchCriteria.Op.EQ);
+ entitySearch.done();
+
+ return true;
+ }
+
+ @Override
+ public List<IAMPolicyPermissionVO> listByPolicy(long policyId) {
+ SearchCriteria<IAMPolicyPermissionVO> sc = policyIdSearch.create();
+ sc.setParameters("policyId", policyId);
+ return listBy(sc);
+ }
+
+ @Override
+ public IAMPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId,
+ String action, Permission perm) {
+ SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create();
+ sc.setParameters("policyId", policyId);
+ sc.setParameters("entityType", entityType);
+ sc.setParameters("scope", scope);
+ sc.setParameters("scopeId", scopeId);
+ sc.setParameters("action", action);
+ sc.setParameters("permission", perm);
+ return findOneBy(sc);
+ }
+
+ @Override
+ public List<IAMPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope) {
+ SearchCriteria<IAMPolicyPermissionVO> sc = actionScopeSearch.create();
+ sc.setParameters("policyId", policyId);
+ sc.setParameters("action", action);
+ sc.setParameters("scope", scope);
+ sc.setParameters("permission", Permission.Allow);
+ return listBy(sc);
+ }
+
+ @Override
+ public List<IAMPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType) {
+ SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create();
+ sc.setParameters("policyId", policyId);
+ sc.setParameters("entityType", entityType);
+ sc.setParameters("action", action);
+ return listBy(sc);
+ }
+
+ @Override
+ public List<IAMPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType,
+ String entityType) {
+ SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create();
+ sc.setParameters("policyId", policyId);
+ sc.setParameters("entityType", entityType);
+ sc.setParameters("accessType", accessType);
+ return listBy(sc);
+ }
+
+ @Override
+ public List<IAMPolicyPermissionVO> listByEntity(String entityType, Long entityId) {
+ SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create();
+ sc.setParameters("entityType", entityType);
+ sc.setParameters("scopeId", entityId);
+ return listBy(sc);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
----------------------------------------------------------------------
diff --git a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
index 01eab61..8760199 100644
--- a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
+++ b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
@@ -45,18 +45,18 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.support.AnnotationConfigContextLoader;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMService;
-import org.apache.cloudstack.iam.server.AclGroupVO;
-import org.apache.cloudstack.iam.server.AclPolicyVO;
+import org.apache.cloudstack.iam.server.IAMGroupVO;
+import org.apache.cloudstack.iam.server.IAMPolicyVO;
import org.apache.cloudstack.iam.server.IAMServiceImpl;
-import org.apache.cloudstack.iam.server.dao.AclAccountPolicyMapDao;
-import org.apache.cloudstack.iam.server.dao.AclGroupAccountMapDao;
-import org.apache.cloudstack.iam.server.dao.AclGroupDao;
-import org.apache.cloudstack.iam.server.dao.AclGroupPolicyMapDao;
-import org.apache.cloudstack.iam.server.dao.AclPolicyDao;
-import org.apache.cloudstack.iam.server.dao.AclPolicyPermissionDao;
+import org.apache.cloudstack.iam.server.dao.IAMAccountPolicyMapDao;
+import org.apache.cloudstack.iam.server.dao.IAMGroupAccountMapDao;
+import org.apache.cloudstack.iam.server.dao.IAMGroupDao;
+import org.apache.cloudstack.iam.server.dao.IAMGroupPolicyMapDao;
+import org.apache.cloudstack.iam.server.dao.IAMPolicyDao;
+import org.apache.cloudstack.iam.server.dao.IAMPolicyPermissionDao;
import org.apache.cloudstack.test.utils.SpringUtils;
import com.cloud.exception.InvalidParameterValueException;
@@ -72,22 +72,22 @@ public class IAMServiceUnitTest {
IAMService _iamService;
@Inject
- AclPolicyDao _aclPolicyDao;
+ IAMPolicyDao _aclPolicyDao;
@Inject
- AclGroupDao _aclGroupDao;
+ IAMGroupDao _aclGroupDao;
@Inject
EntityManager _entityMgr;
@Inject
- AclGroupPolicyMapDao _aclGroupPolicyMapDao;
+ IAMGroupPolicyMapDao _aclGroupPolicyMapDao;
@Inject
- AclGroupAccountMapDao _aclGroupAccountMapDao;
+ IAMGroupAccountMapDao _aclGroupAccountMapDao;
@Inject
- AclPolicyPermissionDao _policyPermissionDao;
+ IAMPolicyPermissionDao _policyPermissionDao;
@BeforeClass
public static void setUpClass() throws ConfigurationException {
@@ -96,15 +96,15 @@ public class IAMServiceUnitTest {
@Before
public void setUp() {
ComponentContext.initComponentsLifeCycle();
- AclGroupVO group = new AclGroupVO("group1", "my first group");
- Mockito.when(_aclGroupDao.persist(Mockito.any(AclGroupVO.class))).thenReturn(group);
- List<AclGroupVO> groups = new ArrayList<AclGroupVO>();
+ IAMGroupVO group = new IAMGroupVO("group1", "my first group");
+ Mockito.when(_aclGroupDao.persist(Mockito.any(IAMGroupVO.class))).thenReturn(group);
+ List<IAMGroupVO> groups = new ArrayList<IAMGroupVO>();
groups.add(group);
when(_aclGroupDao.search(Mockito.any(SearchCriteria.class), Mockito.any(com.cloud.utils.db.Filter.class)))
.thenReturn(groups);
- AclPolicyVO policy = new AclPolicyVO("policy1", "my first policy");
- Mockito.when(_aclPolicyDao.persist(Mockito.any(AclPolicyVO.class))).thenReturn(policy);
+ IAMPolicyVO policy = new IAMPolicyVO("policy1", "my first policy");
+ Mockito.when(_aclPolicyDao.persist(Mockito.any(IAMPolicyVO.class))).thenReturn(policy);
}
@@ -114,13 +114,13 @@ public class IAMServiceUnitTest {
@Test(expected = InvalidParameterValueException.class)
public void createAclGroupTest() {
- AclGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
+ IAMGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
assertNotNull("Acl group 'group1' failed to create ", group);
- AclGroupVO group2 = new AclGroupVO("group1", "my second group");
+ IAMGroupVO group2 = new IAMGroupVO("group1", "my second group");
when(_aclGroupDao.findByName(eq("/root/mydomain"), eq("group1"))).thenReturn(group2);
- AclGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
+ IAMGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
}
@Test(expected = InvalidParameterValueException.class)
@@ -132,7 +132,7 @@ public class IAMServiceUnitTest {
@Test
public void accountGroupMaptest() {
// create group
- AclGroupVO group = new AclGroupVO("group1", "my first group");
+ IAMGroupVO group = new IAMGroupVO("group1", "my first group");
// add account to group
List<Long> accountIds = new ArrayList<Long>();
@@ -145,10 +145,10 @@ public class IAMServiceUnitTest {
@Test(expected = InvalidParameterValueException.class)
public void createAclPolicyTest() {
- AclPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain");
+ IAMPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain");
assertNotNull("Acl policy 'policy1' failed to create ", policy);
- AclPolicyVO rvo = new AclPolicyVO("policy2", "second policy");
+ IAMPolicyVO rvo = new IAMPolicyVO("policy2", "second policy");
when(_aclPolicyDao.findByName(eq("policy2"))).thenReturn(rvo);
_iamService.createAclPolicy("policy2", "second policy", null, "/root/mydomain");
@@ -165,13 +165,13 @@ public class IAMServiceUnitTest {
public static class TestConfiguration extends SpringUtils.CloudStackTestConfiguration {
@Bean
- public AclPolicyDao aclPolicyDao() {
- return Mockito.mock(AclPolicyDao.class);
+ public IAMPolicyDao aclPolicyDao() {
+ return Mockito.mock(IAMPolicyDao.class);
}
@Bean
- public AclGroupDao aclGroupDao() {
- return Mockito.mock(AclGroupDao.class);
+ public IAMGroupDao aclGroupDao() {
+ return Mockito.mock(IAMGroupDao.class);
}
@Bean
@@ -180,23 +180,23 @@ public class IAMServiceUnitTest {
}
@Bean
- public AclGroupPolicyMapDao aclGroupPolicyMapDao() {
- return Mockito.mock(AclGroupPolicyMapDao.class);
+ public IAMGroupPolicyMapDao aclGroupPolicyMapDao() {
+ return Mockito.mock(IAMGroupPolicyMapDao.class);
}
@Bean
- public AclGroupAccountMapDao aclGroupAccountMapDao() {
- return Mockito.mock(AclGroupAccountMapDao.class);
+ public IAMGroupAccountMapDao aclGroupAccountMapDao() {
+ return Mockito.mock(IAMGroupAccountMapDao.class);
}
@Bean
- public AclAccountPolicyMapDao aclAccountPolicyMapDao() {
- return Mockito.mock(AclAccountPolicyMapDao.class);
+ public IAMAccountPolicyMapDao aclAccountPolicyMapDao() {
+ return Mockito.mock(IAMAccountPolicyMapDao.class);
}
@Bean
- public AclPolicyPermissionDao aclPolicyPermissionDao() {
- return Mockito.mock(AclPolicyPermissionDao.class);
+ public IAMPolicyPermissionDao aclPolicyPermissionDao() {
+ return Mockito.mock(IAMPolicyPermissionDao.class);
}
public static class Library implements TypeFilter {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/setup/db/db/schema-430to440.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-430to440.sql b/setup/db/db/schema-430to440.sql
index 4ce7ba9..917a954 100644
--- a/setup/db/db/schema-430to440.sql
+++ b/setup/db/db/schema-430to440.sql
@@ -447,7 +447,7 @@ CREATE VIEW `cloud`.`user_vm_view` AS
`cloud`.`user_vm_details` `custom_ram_size` ON (((`custom_ram_size`.`vm_id` = `cloud`.`vm_instance`.`id`) and (`custom_ram_size`.`name` = 'memory')));
-- ACL DB schema
-CREATE TABLE `cloud`.`acl_group` (
+CREATE TABLE `cloud`.`iam_group` (
`id` bigint unsigned NOT NULL UNIQUE auto_increment,
`name` varchar(255) NOT NULL,
`description` varchar(255) default NULL,
@@ -458,23 +458,23 @@ CREATE TABLE `cloud`.`acl_group` (
`removed` datetime COMMENT 'date the group was removed',
`created` datetime COMMENT 'date the group was created',
PRIMARY KEY (`id`),
- INDEX `i_acl_group__removed`(`removed`),
- CONSTRAINT `uc_acl_group__uuid` UNIQUE (`uuid`)
+ INDEX `i_iam_group__removed`(`removed`),
+ CONSTRAINT `uc_iam_group__uuid` UNIQUE (`uuid`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`acl_group_account_map` (
+CREATE TABLE `cloud`.`iam_group_account_map` (
`id` bigint unsigned NOT NULL auto_increment,
`group_id` bigint unsigned NOT NULL,
`account_id` bigint unsigned NOT NULL,
`removed` datetime COMMENT 'date the account was removed from the group',
`created` datetime COMMENT 'date the account was assigned to the group',
PRIMARY KEY (`id`),
- CONSTRAINT `fk_acl_group_vm_map__group_id` FOREIGN KEY(`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE,
- CONSTRAINT `fk_acl_group_vm_map__account_id` FOREIGN KEY(`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE
+ CONSTRAINT `fk_iam_group_vm_map__group_id` FOREIGN KEY(`group_id`) REFERENCES `iam_group` (`id`) ON DELETE CASCADE,
+ CONSTRAINT `fk_iam_group_vm_map__account_id` FOREIGN KEY(`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`acl_policy` (
+CREATE TABLE `cloud`.`iam_policy` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(255) NOT NULL,
`description` varchar(255) DEFAULT NULL,
@@ -486,37 +486,37 @@ CREATE TABLE `cloud`.`acl_policy` (
`policy_type` varchar(64) DEFAULT 'Static' COMMENT 'Static or Dynamic',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`),
- UNIQUE KEY `uc_acl_policy__uuid` (`uuid`),
- KEY `i_acl_policy__removed` (`removed`)
+ UNIQUE KEY `uc_iam_policy__uuid` (`uuid`),
+ KEY `i_iam_policy__removed` (`removed`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`acl_group_policy_map` (
+CREATE TABLE `cloud`.`iam_group_policy_map` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`group_id` bigint(20) unsigned NOT NULL,
`policy_id` bigint(20) unsigned NOT NULL,
`removed` datetime DEFAULT NULL COMMENT 'date the policy was revoked from the group',
`created` datetime DEFAULT NULL COMMENT 'date the policy was attached to the group',
PRIMARY KEY (`id`),
- KEY `fk_acl_group_policy_map__group_id` (`group_id`),
- KEY `fk_acl_group_policy_map__policy_id` (`policy_id`),
- CONSTRAINT `fk_acl_group_policy_map__group_id` FOREIGN KEY (`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE,
- CONSTRAINT `fk_acl_group_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE
+ KEY `fk_iam_group_policy_map__group_id` (`group_id`),
+ KEY `fk_iam_group_policy_map__policy_id` (`policy_id`),
+ CONSTRAINT `fk_iam_group_policy_map__group_id` FOREIGN KEY (`group_id`) REFERENCES `iam_group` (`id`) ON DELETE CASCADE,
+ CONSTRAINT `fk_iam_group_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_policy` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`acl_account_policy_map` (
+CREATE TABLE `cloud`.`iam_account_policy_map` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`account_id` bigint(20) unsigned NOT NULL,
`policy_id` bigint(20) unsigned NOT NULL,
`removed` datetime DEFAULT NULL COMMENT 'date the policy was revoked from the account',
`created` datetime DEFAULT NULL COMMENT 'date the policy was attached to the account',
PRIMARY KEY (`id`),
- KEY `fk_acl_account_policy_map__account_id` (`account_id`),
- KEY `fk_acl_account_policy_map__policy_id` (`policy_id`),
- CONSTRAINT `fk_acl_account_policy_map__account_id` FOREIGN KEY (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE,
- CONSTRAINT `fk_acl_account_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE
+ KEY `fk_iam_account_policy_map__account_id` (`account_id`),
+ KEY `fk_iam_account_policy_map__policy_id` (`policy_id`),
+ CONSTRAINT `fk_iam_account_policy_map__account_id` FOREIGN KEY (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE,
+ CONSTRAINT `fk_iam_account_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_policy` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`acl_policy_permission` (
+CREATE TABLE `cloud`.`iam_policy_permission` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`policy_id` bigint(20) unsigned NOT NULL,
`action` varchar(100) NOT NULL,
@@ -530,30 +530,30 @@ CREATE TABLE `cloud`.`acl_policy_permission` (
`created` datetime DEFAULT NULL COMMENT 'date the permission was granted',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`),
- KEY `fk_acl_policy_permission__policy_id` (`policy_id`),
- CONSTRAINT `fk_acl_policy_permission__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE
+ KEY `fk_iam_policy_permission__policy_id` (`policy_id`),
+ CONSTRAINT `fk_iam_policy_permission__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_policy` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (1, 'NORMAL', 'Domain user role', UUID(), '/', 1, Now(), 'Static');
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (2, 'ADMIN', 'Root admin role', UUID(), '/', 1, Now(), 'Static');
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin role', UUID(), '/', 1, Now(), 'Static');
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin role', UUID(), '/', 1, Now(), 'Static');
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin role', UUID(), '/', 1, Now(), 'Static');
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (6, 'RESOURCE_OWNER', 'Resource owner role', UUID(), '/', 1, Now(), 'Dynamic');
+INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (1, 'NORMAL', 'Domain user role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (2, 'ADMIN', 'Root admin role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (6, 'RESOURCE_OWNER', 'Resource owner role', UUID(), '/', 1, Now(), 'Dynamic');
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (1, 'NORMAL', 'Domain user group', UUID(), '/', 1, Now());
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (2, 'ADMIN', 'Root admin group', UUID(), '/', 1, Now());
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin group', UUID(), '/', 1, Now());
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin group', UUID(), '/', 1, Now());
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (1, 'NORMAL', 'Domain user group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (2, 'ADMIN', 'Root admin group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin group', UUID(), '/', 1, Now());
-INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(1, 1, Now());
-INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(2, 2, Now());
-INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(3, 3, Now());
-INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(4, 4, Now());
-INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(5, 5, Now());
+INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(1, 1, Now());
+INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(2, 2, Now());
+INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(3, 3, Now());
+INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(4, 4, Now());
+INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(5, 5, Now());
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('NetworkManager', 'DEFAULT', 'management-server', 'vm.network.nic.max.secondary.ipaddresses', NULL, 'Specify the number of secondary ip addresses per nic per vm', '256') ON DUPLICATE KEY UPDATE category='NetworkManager';
[14/18] iam/plugin: Rename Acl to IAM everywhere
Posted by pr...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMPolicyCmd.java
new file mode 100644
index 0000000..be863de
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMPolicyCmd.java
@@ -0,0 +1,175 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.user.Account;
+
+@APICommand(name = "createIAMPolicy", responseObject = IAMPolicyResponse.class, description = "Creates an iam policy")
+public class CreateIAMPolicyCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIAMPolicyCmd.class.getName());
+
+ private static final String s_name = "createiampolicyresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the iam policy. Must be used with domainId.")
+ private String accountName;
+
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the iam policy", entityType = DomainResponse.class)
+ private Long domainId;
+
+ @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the iam policy")
+ private String description;
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the iam policy")
+ private String name;
+
+ @ACL
+ @Parameter(name = ApiConstants.IAM_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent iam policy.", entityType = IAMPolicyResponse.class)
+ private Long parentPolicyId;
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public Long getParentPolicyId() {
+ return parentPolicyId;
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = CallContext.current().getCallingAccount();
+ if ((account == null) || _accountService.isAdmin(account.getType())) {
+ if ((domainId != null) && (accountName != null)) {
+ Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+ if (userAccount != null) {
+ return userAccount.getId();
+ }
+ }
+ }
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
+ // command to SYSTEM so ERROR events
+ // are tracked
+ }
+
+ @Override
+ public void execute() {
+ IAMPolicy policy = _entityMgr.findById(IAMPolicy.class, getEntityId());
+ if (policy != null) {
+ IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(policy);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam policy:" + name);
+ }
+ }
+
+ @Override
+ public void create() throws ResourceAllocationException {
+ Account account = CallContext.current().getCallingAccount();
+ IAMPolicy result = _iamApiSrv.createIAMPolicy(account, name, description, parentPolicyId);
+ if (result != null) {
+ setEntityId(result.getId());
+ setEntityUuid(result.getUuid());
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam policy entity" + name);
+ }
+
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_POLICY_CREATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "creating IAM policy";
+ }
+
+ @Override
+ public String getCreateEventType() {
+ return EventTypes.EVENT_IAM_POLICY_CREATE;
+ }
+
+ @Override
+ public String getCreateEventDescription() {
+ return "creating IAM policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java
deleted file mode 100644
index 38f13f4..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-
-import com.cloud.event.EventTypes;
-import com.cloud.user.Account;
-
-@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
-public class DeleteAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteAclGroupCmd.class.getName());
- private static final String s_name = "deleteaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = AclGroupResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM;
- }
-
- @Override
- public void execute(){
- boolean result = _aclApiSrv.deleteAclGroup(id);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return "Deleting Acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java
deleted file mode 100644
index c9fc9ba..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-
-import com.cloud.event.EventTypes;
-import com.cloud.user.Account;
-
-@APICommand(name = "deleteAclPolicy", description = "Deletes acl policy", responseObject = SuccessResponse.class)
-public class DeleteAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName());
- private static final String s_name = "deleteaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl role.", required = true, entityType = AclPolicyResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM;
- }
-
- @Override
- public void execute(){
- boolean result = _aclApiSrv.deleteAclPolicy(id);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl policy");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return "Deleting Acl role";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java
new file mode 100644
index 0000000..f5d40fc
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+
+import com.cloud.event.EventTypes;
+import com.cloud.user.Account;
+
+@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
+public class DeleteIAMGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteIAMGroupCmd.class.getName());
+ private static final String s_name = "deleteaclgroupresponse";
+
+ @Inject
+ public IAMApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = IAMGroupResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+ @Override
+ public void execute(){
+ boolean result = _aclApiSrv.deleteIAMGroup(id);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_DELETE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Deleting Acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMPolicyCmd.java
new file mode 100644
index 0000000..037f4cd
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMPolicyCmd.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+
+import com.cloud.event.EventTypes;
+import com.cloud.user.Account;
+
+@APICommand(name = "deleteIAMPolicy", description = "Deletes iam policy", responseObject = SuccessResponse.class)
+public class DeleteIAMPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteIAMPolicyCmd.class.getName());
+ private static final String s_name = "deleteiampolicyresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the iam policy.", required = true, entityType = IAMPolicyResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+ @Override
+ public void execute(){
+ boolean result = _iamApiSrv.deleteIAMPolicy(id);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete iam policy");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_POLICY_DELETE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Deleting IAM policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMPolicy;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java
deleted file mode 100644
index 2e72493..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java
+++ /dev/null
@@ -1,88 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-
-
-@APICommand(name = "listAclGroups", description = "Lists acl groups", responseObject = AclGroupResponse.class)
-public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListAclGroupsCmd.class.getName());
-
- private static final String s_name = "listaclgroupsresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl groups by name")
- private String aclGroupName;
-
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl group by the id provided", entityType = AclGroupResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
- public String getAclGroupName() {
- return aclGroupName;
- }
-
-
- public Long getId(){
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
-
- ListResponse<AclGroupResponse> response = _aclApiSrv.listAclGroups(id, aclGroupName, getDomainId(),
- getStartIndex(), getPageSizeVal());
- response.setResponseName(getCommandName());
- setResponseObject(response);
-
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java
deleted file mode 100644
index b5b2d8d..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java
+++ /dev/null
@@ -1,88 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-
-
-@APICommand(name = "listAclPolicies", description = "Lists acl policies", responseObject = AclPolicyResponse.class)
-public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListAclPoliciesCmd.class.getName());
-
- private static final String s_name = "listaclpoliciesresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl policies by name")
- private String aclPolicyName;
-
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl policy by the id provided", entityType = AclPolicyResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
- public String getAclPolicyName() {
- return aclPolicyName;
- }
-
-
- public Long getId(){
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
-
- ListResponse<AclPolicyResponse> response = _aclApiSrv.listAclPolicies(id, aclPolicyName, getDomainId(),
- getStartIndex(), getPageSizeVal());
- response.setResponseName(getCommandName());
- setResponseObject(response);
-
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMGroupsCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMGroupsCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMGroupsCmd.java
new file mode 100644
index 0000000..ece87fa
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMGroupsCmd.java
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+
+
+@APICommand(name = "listIAMGroups", description = "Lists iam groups", responseObject = IAMGroupResponse.class)
+public class ListIAMGroupsCmd extends BaseListDomainResourcesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListIAMGroupsCmd.class.getName());
+
+ private static final String s_name = "listiamgroupsresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists iam groups by name")
+ private String iamGroupName;
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the iam group by the id provided", entityType = IAMGroupResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+ public String getIAMGroupName() {
+ return iamGroupName;
+ }
+
+
+ public Long getId(){
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public void execute(){
+
+ ListResponse<IAMGroupResponse> response = _iamApiSrv.listIAMGroups(id, iamGroupName, getDomainId(),
+ getStartIndex(), getPageSizeVal());
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMPoliciesCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMPoliciesCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMPoliciesCmd.java
new file mode 100644
index 0000000..096cc3b
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMPoliciesCmd.java
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+
+
+@APICommand(name = "listIAMPolicies", description = "Lists IAM policies", responseObject = IAMPolicyResponse.class)
+public class ListIAMPoliciesCmd extends BaseListDomainResourcesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListIAMPoliciesCmd.class.getName());
+
+ private static final String s_name = "listiampoliciesresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists iam policies by name")
+ private String iamPolicyName;
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the iam policy by the id provided", entityType = IAMPolicyResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+ public String getIAMPolicyName() {
+ return iamPolicyName;
+ }
+
+
+ public Long getId(){
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public void execute(){
+
+ ListResponse<IAMPolicyResponse> response = _iamApiSrv.listIAMPolicies(id, iamPolicyName, getDomainId(),
+ getStartIndex(), getPageSizeVal());
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMPolicy;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java
deleted file mode 100644
index a370e0a..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAccountFromAclGroup", description = "remove accounts from an acl group", responseObject = AclGroupResponse.class)
-public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAccountFromAclGroupCmd.class.getName());
- private static final String s_name = "removeaccountfromaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.removeAccountsFromGroup(accountIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing accounts from acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromIAMGroupCmd.java
new file mode 100644
index 0000000..5ff5039
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromIAMGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeAccountFromIAMGroup", description = "remove accounts from an iam group", responseObject = IAMGroupResponse.class)
+public class RemoveAccountFromIAMGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveAccountFromIAMGroupCmd.class.getName());
+ private static final String s_name = "removeaccountfromiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ required = true, description = "The ID of the iam group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the iam group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM group Id: " + getId());
+ IAMGroup result = _iamApiSrv.removeAccountsFromGroup(accountIdList, id);
+ if (result != null){
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from iam group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing accounts from iam group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java
deleted file mode 100644
index 9236ef1..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java
+++ /dev/null
@@ -1,147 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPermissionFromAclPolicy", description = "Remove acl permission from an acl policy", responseObject = AclPolicyResponse.class)
-public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName());
- private static final String s_name = "removeaclpermissionfromaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
- private String action;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
- required = false, description = "acl permission scope")
- private String scope;
-
- @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public String getAction() {
- return action;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public String getScope() {
- return scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- AclPolicy result = _aclApiSrv.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
- if (result != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from acl policy " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_REVOKE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing permission from acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java
deleted file mode 100644
index bf2c493..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java
+++ /dev/null
@@ -1,122 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPolicyFromAccount", description = "remove acl policy from accounts", responseObject = SuccessResponse.class)
-public class RemoveAclPolicyFromAccountCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAccountCmd.class.getName());
- private static final String s_name = "removeaclpolicyfromaccountresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- _aclApiSrv.removeAclPolicyFromAccounts(id, accountIdList);
- SuccessResponse response = new SuccessResponse();
- response.setResponseName(getCommandName());
- setResponseObject(response);
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing acl policy from accounts";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.Account;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java
deleted file mode 100644
index 88dfa7b..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPolicyFromAclGroup", description = "remove acl policy from an acl group", responseObject = AclGroupResponse.class)
-public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName());
- private static final String s_name = "removeaclpolicyfromaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> policyIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getRoleIdList() {
- return policyIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.removeAclPoliciesFromGroup(policyIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing acl roles from acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java
new file mode 100644
index 0000000..db04ef7
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java
@@ -0,0 +1,147 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeIAMPermissionFromIAMPolicy", description = "Remove iam permission from an iam policy", responseObject = IAMPolicyResponse.class)
+public class RemoveIAMPermissionFromIAMPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveIAMPermissionFromIAMPolicyCmd.class.getName());
+ private static final String s_name = "removeiampermissionfromiampolicyresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMPolicyResponse.class,
+ required = true, description = "The ID of the iam policy")
+ private Long id;
+
+ @Parameter(name = ApiConstants.IAM_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
+ private String action;
+
+ @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
+ private String entityType;
+
+ @Parameter(name = ApiConstants.IAM_SCOPE, type = CommandType.STRING,
+ required = false, description = "iam permission scope")
+ private String scope;
+
+ @Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
+ private Long scopeId;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getEntityType() {
+ return entityType;
+ }
+
+ public String getScope() {
+ return scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM policy Id: " + getId());
+ IAMPolicy result = _iamApiSrv.removeIAMPermissionFromIAMPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
+ if (result != null) {
+ IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from iam policy " + getId());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_POLICY_REVOKE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing permission from iam policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
new file mode 100644
index 0000000..b665e84
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
@@ -0,0 +1,122 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeIAMPolicyFromAccount", description = "remove iam policy from accounts", responseObject = SuccessResponse.class)
+public class RemoveIAMPolicyFromAccountCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveIAMPolicyFromAccountCmd.class.getName());
+ private static final String s_name = "removeiampolicyfromaccountresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ required = true, description = "The ID of the iam group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = IAMPolicyResponse.class, description = "comma separated list of iam policy id that are going to be applied to the iam group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM policy Id: " + getId());
+ _iamApiSrv.removeIAMPolicyFromAccounts(id, accountIdList);
+ SuccessResponse response = new SuccessResponse();
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing iam policy from accounts";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.Account;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromIAMGroupCmd.java
new file mode 100644
index 0000000..a99143d
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromIAMGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeIAMPolicyFromIAMGroup", description = "remove iam policy from an iam group", responseObject = IAMGroupResponse.class)
+public class RemoveIAMPolicyFromIAMGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveIAMPolicyFromIAMGroupCmd.class.getName());
+ private static final String s_name = "removeiampolicyfromiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ required = true, description = "The ID of the iam group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.IAM_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = IAMPolicyResponse.class, description = "comma separated list of iam policy id that are going to be applied to the iam group.")
+ private List<Long> policyIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getRoleIdList() {
+ return policyIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM group Id: " + getId());
+ IAMGroup result = _iamApiSrv.removeIAMPoliciesFromGroup(policyIdList, id);
+ if (result != null){
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to iam group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing IAM roles from IAM group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java
deleted file mode 100644
index 8c4adc1..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java
+++ /dev/null
@@ -1,193 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.iam;
-
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.api.EntityReference;
-import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.serializer.Param;
-
-@SuppressWarnings("unused")
-@EntityReference(value = AclGroup.class)
-public class AclGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
-
- @SerializedName(ApiConstants.ID)
- @Param(description = "the ID of the acl group")
- private String id;
-
- @SerializedName(ApiConstants.NAME)
- @Param(description = "the name of the acl group")
- private String name;
-
- @SerializedName(ApiConstants.DESCRIPTION)
- @Param(description = "the description of the acl group")
- private String description;
-
- @SerializedName(ApiConstants.DOMAIN_ID)
- @Param(description = "the domain ID of the acl group")
- private String domainId;
-
- @SerializedName(ApiConstants.DOMAIN)
- @Param(description = "the domain name of the acl role")
- private String domainName;
-
- @SerializedName(ApiConstants.ACCOUNT)
- @Param(description = "the account owning the policy")
- private String accountName;
-
- @SerializedName(ApiConstants.ACL_MEMBER_ACCOUNTS)
- @Param(description = "account names assigned to this acl group ")
- private Set<String> accountNameList;
-
- @SerializedName(ApiConstants.ACL_POLICIES)
- @Param(description = "acl policies attached to this acl group ")
- private Set<String> policyNameList;
-
- public AclGroupResponse() {
- accountNameList = new LinkedHashSet<String>();
- policyNameList = new LinkedHashSet<String>();
- }
-
- @Override
- public String getObjectId() {
- return getId();
- }
-
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
-
- public void setName(String name) {
- this.name = name;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- @Override
- public void setDomainId(String domainId) {
- this.domainId = domainId;
- }
-
- @Override
- public void setDomainName(String domainName) {
- this.domainName = domainName;
- }
-
- @Override
- public void setAccountName(String accountName) {
- this.accountName = accountName;
-
- }
-
- @Override
- public void setProjectId(String projectId) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void setProjectName(String projectName) {
- // TODO Auto-generated method stub
-
- }
-
- public String getName() {
- return name;
- }
-
- public String getDescription() {
- return description;
- }
-
- public String getDomainId() {
- return domainId;
- }
-
- public String getDomainName() {
- return domainName;
- }
-
- public String getAccountName() {
- return accountName;
- }
-
- public Set<String> getAccountNameList() {
- return accountNameList;
- }
-
- public void setMemberAccounts(Set<String> accts) {
- accountNameList = accts;
- }
-
- public void addMemberAccount(String acct) {
- accountNameList.add(acct);
- }
-
- public void setPolicyList(Set<String> policies) {
- policyNameList = policies;
- }
-
- public void addPolicy(String policy) {
- policyNameList.add(policy);
- }
-
- public Set<String> getPolicyList() {
- return policyNameList;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclGroupResponse other = (AclGroupResponse)obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
-
-}
[16/18] git commit: updated refs/heads/rbac to 45a96e4
Posted by pr...@apache.org.
iam/server changes: Rename Acl to IAM
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/63098878
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/63098878
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/63098878
Branch: refs/heads/rbac
Commit: 6309887800c74b4049558a85ba18f5a14749b72b
Parents: 187f9cd
Author: Prachi Damle <pr...@cloud.com>
Authored: Tue Feb 25 16:41:53 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 16:43:25 2014 -0800
----------------------------------------------------------------------
.../cloudstack/iam/IAMApiServiceImpl.java | 56 ++++-----
.../iam/RoleBasedAPIAccessChecker.java | 18 +--
.../iam/RoleBasedEntityAccessChecker.java | 10 +-
.../iam/RoleBasedEntityQuerySelector.java | 16 +--
.../apache/cloudstack/iam/api/IAMService.java | 42 +++----
.../iam/server/IAMAccountPolicyMapVO.java | 10 +-
.../cloudstack/iam/server/IAMServiceImpl.java | 116 +++++++++----------
.../server/dao/IAMAccountPolicyMapDaoImpl.java | 4 +-
.../cloudstack/iam/IAMServiceUnitTest.java | 12 +-
9 files changed, 142 insertions(+), 142 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index de57a41..393fe0e 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -149,7 +149,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (domainId != null) {
s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
Domain domain = _domainDao.findById(domainId);
- _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
+ _iamSrv.createIAMGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
}
}
});
@@ -163,7 +163,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
Domain domain = _domainDao.findById(domainId);
List<IAMGroup> groups = listDomainGroup(domain);
for (IAMGroup group : groups) {
- _iamSrv.deleteAclGroup(group.getId());
+ _iamSrv.deleteIAMGroup(group.getId());
}
}
}
@@ -175,9 +175,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
Long templateId = (Long)obj;
if (templateId != null) {
s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
}
}
@@ -202,7 +202,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
String entityType = entity.first().toString();
Long entityId = entity.second();
s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
- _iamSrv.removeAclPermissionForEntity(entityType, entityId);
+ _iamSrv.removeIAMPermissionForEntity(entityType, entityId);
}
}
});
@@ -275,8 +275,8 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
Domain domain = _domainDao.findById(domainId);
if (domain != null) {
- IAMPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
- _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
+ IAMPolicy policy = _iamSrv.createIAMPolicy(policyName, description, null, domain.getPath());
+ _iamSrv.addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
entityId, action, accessType.toString(), Permission.Allow, recursive);
List<Long> policyList = new ArrayList<Long>();
policyList.add(new Long(policy.getId()));
@@ -284,7 +284,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
List<IAMGroup> domainGroups = listDomainGroup(domain);
if (domainGroups != null) {
for (IAMGroup group : domainGroups) {
- _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
+ _iamSrv.attachIAMPoliciesToGroup(policyList, group.getId());
}
}
}
@@ -299,19 +299,19 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (callerDomain == null) {
throw new InvalidParameterValueException("Caller does not have a domain");
}
- return _iamSrv.createAclGroup(iamGroupName, description, callerDomain.getPath());
+ return _iamSrv.createIAMGroup(iamGroupName, description, callerDomain.getPath());
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_DELETE, eventDescription = "Deleting Acl Group")
public boolean deleteIAMGroup(final Long iamGroupId) {
- return _iamSrv.deleteAclGroup(iamGroupId);
+ return _iamSrv.deleteIAMGroup(iamGroupId);
}
@Override
public List<IAMGroup> listIAMGroups(long accountId) {
- return _iamSrv.listAclGroups(accountId);
+ return _iamSrv.listIAMGroups(accountId);
}
@@ -356,34 +356,34 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (callerDomain == null) {
throw new InvalidParameterValueException("Caller does not have a domain");
}
- return _iamSrv.createAclPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath());
+ return _iamSrv.createIAMPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath());
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_DELETE, eventDescription = "Deleting IAM Policy")
public boolean deleteIAMPolicy(final long iamPolicyId) {
- return _iamSrv.deleteAclPolicy(iamPolicyId);
+ return _iamSrv.deleteIAMPolicy(iamPolicyId);
}
@Override
public List<IAMPolicy> listIAMPolicies(long accountId) {
- return _iamSrv.listAclPolicies(accountId);
+ return _iamSrv.listIAMPolicies(accountId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
+ return _iamSrv.attachIAMPoliciesToGroup(policyIds, groupId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
+ return _iamSrv.removeIAMPoliciesFromGroup(policyIds, groupId);
}
@@ -391,14 +391,14 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
+ _iamSrv.attachIAMPolicyToAccounts(policyId, accountIds);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
+ _iamSrv.removeIAMPolicyFromAccounts(policyId, accountIds);
}
@DB
@@ -411,7 +411,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
accessType = AccessType.UseEntry;
}
- return _iamSrv.addAclPermissionToAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
+ return _iamSrv.addIAMPermissionToIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
accessType.toString(), perm, recursive);
}
@@ -419,12 +419,12 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_REVOKE, eventDescription = "Revoking acl permission from IAM Policy")
public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
- return _iamSrv.removeAclPermissionFromAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action);
+ return _iamSrv.removeIAMPermissionFromIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action);
}
@Override
public IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action) {
- List<IAMPolicy> policies = _iamSrv.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamSrv.listIAMPolicies(accountId);
IAMPolicyPermission curPerm = null;
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
@@ -515,7 +515,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
}
// find all the policies attached to this group
- List<IAMPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
+ List<IAMPolicy> policies = _iamSrv.listIAMPoliciesByGroup(group.getId());
if (policies != null && policies.size() > 0) {
for (IAMPolicy policy : policies) {
response.addPolicy(policy.getName());
@@ -532,7 +532,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (domain != null) {
String domainPath = domain.getPath();
// search for groups
- Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
+ Pair<List<IAMGroup>, Integer> result = _iamSrv.listIAMGroups(null, "DomainGrp-" + domain.getUuid(),
domainPath, null, null);
return result.first();
}
@@ -558,7 +558,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
}
String domainPath = domain.getPath();
// search for groups
- Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize);
+ Pair<List<IAMGroup>, Integer> result = _iamSrv.listIAMGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize);
// generate group response
ListResponse<IAMGroupResponse> response = new ListResponse<IAMGroupResponse>();
List<IAMGroupResponse> groupResponses = new ArrayList<IAMGroupResponse>();
@@ -589,7 +589,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
}
String domainPath = domain.getPath();
// search for policies
- Pair<List<IAMPolicy>, Integer> result = _iamSrv.listAclPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize);
+ Pair<List<IAMPolicy>, Integer> result = _iamSrv.listIAMPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize);
// generate policy response
ListResponse<IAMPolicyResponse> response = new ListResponse<IAMPolicyResponse>();
List<IAMPolicyResponse> policyResponses = new ArrayList<IAMPolicyResponse>();
@@ -653,9 +653,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
private void resetTemplatePermission(Long templateId){
// reset template will change template to private, so we need to remove its permission for domain admin and normal user group
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
// check if there is a policy with only UseEntry permission for this template added
IAMPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
@@ -664,7 +664,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
return;
}
// delete the policy, which should detach it from groups and accounts
- _iamSrv.deleteAclPolicy(policy.getId());
+ _iamSrv.deleteIAMPolicy(policy.getId());
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
index 48e6ede..fb75db3 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
@@ -90,7 +90,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
+ "is null");
}
- List<IAMPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
+ List<IAMPolicy> policies = _iamSrv.listIAMPolicies(account.getAccountId());
boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
if (!isAllowed) {
@@ -117,25 +117,25 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
for (RoleType role : RoleType.values()) {
Long policyId = getDefaultPolicyId(role);
if (policyId != null) {
- _iamSrv.resetAclPolicy(policyId);
+ _iamSrv.resetIAMPolicy(policyId);
}
}
// add the system-domain capability
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null,
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null,
"SystemCapability", null, Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null,
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null,
"DomainCapability", null, Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null,
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null,
"DomainResourceCapability", null, Permission.Allow, false);
// add permissions for public templates
List<VMTemplateVO> pTmplts = _templateDao.listByPublic();
for (VMTemplateVO tmpl : pTmplts){
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
}
@@ -259,11 +259,11 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
if (entityTypes == null || entityTypes.length == 0) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
} else {
for (IAMEntityType entityType : entityTypes) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 13f6914..d0d9d88 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -64,7 +64,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
if (entity == null && action != null) {
// check if caller can do this action
- List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
+ List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getAccountId());
boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies);
if (!isAllowed) {
@@ -164,7 +164,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
private List<IAMPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
+ List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getId());
// add any dynamic policies w.r.t the entity
if (caller.getId() == entity.getAccountId()) {
@@ -172,12 +172,12 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
policies.add(_iamSrv.getResourceOwnerPolicy());
}
- List<IAMGroup> groups = _iamSrv.listAclGroups(caller.getId());
+ List<IAMGroup> groups = _iamSrv.listIAMGroups(caller.getId());
for (IAMGroup group : groups) {
// for each group find the grand parent groups.
- List<IAMGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
+ List<IAMGroup> parentGroups = _iamSrv.listParentIAMGroups(group.getId());
for (IAMGroup parentGroup : parentGroups) {
- policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
+ policies.addAll(_iamSrv.listRecursiveIAMPoliciesByGroup(parentGroup.getId()));
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
index 596ac7e..23c57a1 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
@@ -44,7 +44,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedDomains(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// for each policy, find granted permission with Domain scope
List<Long> domainIds = new ArrayList<Long>();
for (IAMPolicy policy : policies) {
@@ -68,7 +68,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedAccounts(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// for each policy, find granted permission with Account scope
List<Long> accountIds = new ArrayList<Long>();
for (IAMPolicy policy : policies) {
@@ -92,15 +92,15 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedResources(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// add the policies that grant recursive access
- List<IAMGroup> groups = _iamService.listAclGroups(caller.getId());
+ List<IAMGroup> groups = _iamService.listIAMGroups(caller.getId());
for (IAMGroup group : groups) {
// for each group find the grand parent groups.
- List<IAMGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
+ List<IAMGroup> parentGroups = _iamService.listParentIAMGroups(group.getId());
for (IAMGroup parentGroup : parentGroups) {
- policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
+ policies.addAll(_iamService.listRecursiveIAMPoliciesByGroup(parentGroup.getId()));
}
}
@@ -123,7 +123,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public boolean isGrantedAll(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// for each policy, find granted permission with ALL scope
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
@@ -136,7 +136,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
@Override
public List<String> listAclGroupsByAccount(long accountId) {
- List<IAMGroup> groups = _iamService.listAclGroups(accountId);
+ List<IAMGroup> groups = _iamService.listIAMGroups(accountId);
List<String> groupNames = new ArrayList<String>();
for (IAMGroup grp : groups) {
groupNames.add(grp.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
index 6eb61fa..74a0885 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
@@ -24,12 +24,12 @@ import com.cloud.utils.Pair;
public interface IAMService {
- /* ACL group related interfaces */
- IAMGroup createAclGroup(String aclGroupName, String description, String path);
+ /* IAM group related interfaces */
+ IAMGroup createIAMGroup(String iamGroupName, String description, String path);
- boolean deleteAclGroup(Long aclGroupId);
+ boolean deleteIAMGroup(Long iamGroupId);
- List<IAMGroup> listAclGroups(long accountId);
+ List<IAMGroup> listIAMGroups(long accountId);
IAMGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
@@ -37,34 +37,34 @@ public interface IAMService {
List<Long> listAccountsByGroup(long groupId);
- Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
+ Pair<List<IAMGroup>, Integer> listIAMGroups(Long iamGroupId, String iamGroupName, String path, Long startIndex, Long pageSize);
- /* ACL Policy related interfaces */
- IAMPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path);
+ /* IAM Policy related interfaces */
+ IAMPolicy createIAMPolicy(String iamPolicyName, String description, Long parentPolicyId, String path);
- boolean deleteAclPolicy(long aclPolicyId);
+ boolean deleteIAMPolicy(long iamPolicyId);
- List<IAMPolicy> listAclPolicies(long accountId);
+ List<IAMPolicy> listIAMPolicies(long accountId);
- List<IAMPolicy> listAclPoliciesByGroup(long groupId);
+ List<IAMPolicy> listIAMPoliciesByGroup(long groupId);
- Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize);
+ Pair<List<IAMPolicy>, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize);
- IAMGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
+ IAMGroup attachIAMPoliciesToGroup(List<Long> policyIds, Long groupId);
- IAMGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
+ IAMGroup removeIAMPoliciesFromGroup(List<Long> policyIds, Long groupId);
- void attachAclPolicyToAccounts(Long policyId, List<Long> acctIds);
+ void attachIAMPolicyToAccounts(Long policyId, List<Long> acctIds);
- void removeAclPolicyFromAccounts(Long policyId, List<Long> acctIds);
+ void removeIAMPolicyFromAccounts(Long policyId, List<Long> acctIds);
- IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
String action, String accessType, Permission perm, Boolean recursive);
- IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
String action);
- void removeAclPermissionForEntity(final String entityType, final Long entityId);
+ void removeIAMPermissionForEntity(final String entityType, final Long entityId);
IAMPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action);
@@ -80,13 +80,13 @@ public interface IAMService {
List<Long> getGrantedEntities(long accountId, String action, String scope);
- IAMPolicy resetAclPolicy(long aclPolicyId);
+ IAMPolicy resetIAMPolicy(long iamPolicyId);
List<IAMPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
String entityType);
- List<IAMGroup> listParentAclGroups(long groupId);
+ List<IAMGroup> listParentIAMGroups(long groupId);
- List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId);
+ List<IAMPolicy> listRecursiveIAMPoliciesByGroup(long groupId);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
index 8f3ac7d..a537655 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
@@ -39,7 +39,7 @@ public class IAMAccountPolicyMapVO {
private long accountId;
@Column(name = "policy_id")
- private long aclPolicyId;
+ private long iamPolicyId;
@Column(name = GenericDao.REMOVED_COLUMN)
private Date removed;
@@ -50,9 +50,9 @@ public class IAMAccountPolicyMapVO {
public IAMAccountPolicyMapVO() {
}
- public IAMAccountPolicyMapVO(long accountId, long aclPolicyId) {
+ public IAMAccountPolicyMapVO(long accountId, long iamPolicyId) {
this.accountId = accountId;
- this.aclPolicyId = aclPolicyId;
+ this.iamPolicyId = iamPolicyId;
}
public long getId() {
@@ -63,8 +63,8 @@ public class IAMAccountPolicyMapVO {
return accountId;
}
- public long getAclPolicyId() {
- return aclPolicyId;
+ public long getIAMPolicyId() {
+ return iamPolicyId;
}
public Date getRemoved() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index 02da7c3..11af27e 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -84,15 +84,15 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMGroup createAclGroup(String aclGroupName, String description, String path) {
+ public IAMGroup createIAMGroup(String iamGroupName, String description, String path) {
// check if the group is already existing
- IAMGroup grp = _aclGroupDao.findByName(path, aclGroupName);
+ IAMGroup grp = _aclGroupDao.findByName(path, iamGroupName);
if (grp != null) {
throw new InvalidParameterValueException(
- "Unable to create acl group with name " + aclGroupName
+ "Unable to create acl group with name " + iamGroupName
+ " already exisits for path " + path);
}
- IAMGroupVO rvo = new IAMGroupVO(aclGroupName, description);
+ IAMGroupVO rvo = new IAMGroupVO(iamGroupName, description);
rvo.setPath(path);
return _aclGroupDao.persist(rvo);
@@ -100,11 +100,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public boolean deleteAclGroup(final Long aclGroupId) {
+ public boolean deleteIAMGroup(final Long iamGroupId) {
// get the Acl Group entity
- final IAMGroup grp = _aclGroupDao.findById(aclGroupId);
+ final IAMGroup grp = _aclGroupDao.findById(iamGroupId);
if (grp == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + aclGroupId
+ throw new InvalidParameterValueException("Unable to find acl group: " + iamGroupId
+ "; failed to delete acl group.");
}
@@ -128,7 +128,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
// remove this group from acl_group table
- _aclGroupDao.remove(aclGroupId);
+ _aclGroupDao.remove(iamGroupId);
}
});
@@ -137,7 +137,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<IAMGroup> listAclGroups(long accountId) {
+ public List<IAMGroup> listIAMGroups(long accountId) {
GenericSearchBuilder<IAMGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class);
groupSB.selectFields(groupSB.entity().getAclGroupId());
@@ -225,11 +225,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) {
- if (aclGroupId != null) {
- IAMGroup group = _aclGroupDao.findById(aclGroupId);
+ public Pair<List<IAMGroup>, Integer> listIAMGroups(Long iamGroupId, String iamGroupName, String path, Long startIndex, Long pageSize) {
+ if (iamGroupId != null) {
+ IAMGroup group = _aclGroupDao.findById(iamGroupId);
if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId);
+ throw new InvalidParameterValueException("Unable to find acl group by id " + iamGroupId);
}
}
@@ -242,12 +242,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
SearchCriteria<IAMGroupVO> sc = sb.create();
- if (aclGroupName != null) {
- sc.setParameters("name", aclGroupName);
+ if (iamGroupName != null) {
+ sc.setParameters("name", iamGroupName);
}
- if (aclGroupId != null) {
- sc.setParameters("id", aclGroupId);
+ if (iamGroupId != null) {
+ sc.setParameters("id", iamGroupId);
}
sc.setParameters("path", path + "%");
@@ -257,7 +257,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public List<IAMGroup> listParentAclGroups(long groupId) {
+ public List<IAMGroup> listParentIAMGroups(long groupId) {
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + groupId);
@@ -294,20 +294,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) {
+ public IAMPolicy createIAMPolicy(final String iamPolicyName, final String description, final Long parentPolicyId, final String path) {
// check if the policy is already existing
- IAMPolicy ro = _aclPolicyDao.findByName(aclPolicyName);
+ IAMPolicy ro = _aclPolicyDao.findByName(iamPolicyName);
if (ro != null) {
throw new InvalidParameterValueException(
- "Unable to create acl policy with name " + aclPolicyName
+ "Unable to create acl policy with name " + iamPolicyName
+ " already exisits");
}
IAMPolicy role = Transaction.execute(new TransactionCallback<IAMPolicy>() {
@Override
public IAMPolicy doInTransaction(TransactionStatus status) {
- IAMPolicyVO rvo = new IAMPolicyVO(aclPolicyName, description);
+ IAMPolicyVO rvo = new IAMPolicyVO(iamPolicyName, description);
rvo.setPath(path);
IAMPolicy role = _aclPolicyDao.persist(rvo);
@@ -331,11 +331,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public boolean deleteAclPolicy(final long aclPolicyId) {
+ public boolean deleteIAMPolicy(final long iamPolicyId) {
// get the Acl Policy entity
- final IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ final IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
+ "; failed to delete acl policy.");
}
@@ -367,7 +367,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
// remove this role from acl_role table
- _aclPolicyDao.remove(aclPolicyId);
+ _aclPolicyDao.remove(iamPolicyId);
}
});
@@ -377,7 +377,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<IAMPolicy> listAclPolicies(long accountId) {
+ public List<IAMPolicy> listIAMPolicies(long accountId) {
// static policies of the account
SearchBuilder<IAMGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
@@ -395,7 +395,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
// add policies directly attached to the account
List<IAMAccountPolicyMapVO> acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId);
for (IAMAccountPolicyMapVO p : acctPolicies) {
- policyIds.add(p.getAclPolicyId());
+ policyIds.add(p.getIAMPolicyId());
}
if (policyIds.size() == 0) {
return new ArrayList<IAMPolicy>();
@@ -413,7 +413,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<IAMPolicy> listAclPoliciesByGroup(long groupId) {
+ public List<IAMPolicy> listIAMPoliciesByGroup(long groupId) {
List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
return new ArrayList<IAMPolicy>();
@@ -436,7 +436,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId) {
+ public List<IAMPolicy> listRecursiveIAMPoliciesByGroup(long groupId) {
List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
return new ArrayList<IAMPolicy>();
@@ -468,12 +468,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
+ public Pair<List<IAMPolicy>, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize) {
- if (aclPolicyId != null) {
- IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ if (iamPolicyId != null) {
+ IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId);
+ throw new InvalidParameterValueException("Unable to find acl policy by id " + iamPolicyId);
}
}
@@ -486,12 +486,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
SearchCriteria<IAMPolicyVO> sc = sb.create();
- if (aclPolicyName != null) {
- sc.setParameters("name", aclPolicyName);
+ if (iamPolicyName != null) {
+ sc.setParameters("name", iamPolicyName);
}
- if (aclPolicyId != null) {
- sc.setParameters("id", aclPolicyId);
+ if (iamPolicyId != null) {
+ sc.setParameters("id", iamPolicyId);
}
sc.setParameters("path", path + "%");
@@ -504,7 +504,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
+ public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
@@ -538,7 +538,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
+ public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
@@ -570,7 +570,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
- public void attachAclPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
+ public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
@@ -594,7 +594,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> acctIds) {
+ public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> acctIds) {
IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
@@ -619,20 +619,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ public IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
String action, String accessType, Permission perm, Boolean recursive) {
// get the Acl Policy entity
- IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
+ "; failed to add permission to policy.");
}
// add entry in acl_policy_permission table
- IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
+ IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(iamPolicyId, entityType, scope, scopeId, action, perm);
if (permit == null) {
// not there already
- permit = new IAMPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm,
+ permit = new IAMPolicyPermissionVO(iamPolicyId, action, entityType, accessType, scope, scopeId, perm,
recursive);
_policyPermissionDao.persist(permit);
}
@@ -642,16 +642,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
String action) {
// get the Acl Policy entity
- IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
+ "; failed to revoke permission from policy.");
}
// remove entry from acl_entity_permission table
- IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, Permission.Allow);
+ IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(iamPolicyId, entityType, scope, scopeId, action, Permission.Allow);
if (permit != null) {
// not removed yet
_policyPermissionDao.remove(permit.getId());
@@ -661,7 +661,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public void removeAclPermissionForEntity(final String entityType, final Long entityId) {
+ public void removeIAMPermissionForEntity(final String entityType, final Long entityId) {
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
@@ -673,7 +673,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
// remove the policy if there are no other permissions
if ((_policyPermissionDao.listByPolicy(policyId)).isEmpty()) {
- deleteAclPolicy(policyId);
+ deleteIAMPolicy(policyId);
}
}
}
@@ -682,11 +682,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMPolicy resetAclPolicy(long aclPolicyId) {
+ public IAMPolicy resetIAMPolicy(long iamPolicyId) {
// get the Acl Policy entity
- IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
+ "; failed to reset the policy.");
}
@@ -695,7 +695,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ);
sb.done();
SearchCriteria<IAMPolicyPermissionVO> permissionSC = sb.create();
- permissionSC.setParameters("policyId", aclPolicyId);
+ permissionSC.setParameters("policyId", iamPolicyId);
_policyPermissionDao.expunge(permissionSC);
return policy;
@@ -736,7 +736,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public List<Long> getGrantedEntities(long accountId, String action, String scope) {
// Get the static Policies of the Caller
- List<IAMPolicy> policies = listAclPolicies(accountId);
+ List<IAMPolicy> policies = listIAMPolicies(accountId);
// for each policy, find granted permission within the given scope
List<Long> entityIds = new ArrayList<Long>();
for (IAMPolicy policy : policies) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
index 883fd5c..a112a3e 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
@@ -26,11 +26,11 @@ public class IAMAccountPolicyMapDaoImpl extends GenericDaoBase<IAMAccountPolicyM
ListByAccountId.done();
ListByPolicyId = createSearchBuilder();
- ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ ListByPolicyId.and("policyId", ListByPolicyId.entity().getIAMPolicyId(), SearchCriteria.Op.EQ);
ListByPolicyId.done();
findByPolicyAccountId = createSearchBuilder();
- findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getIAMPolicyId(), SearchCriteria.Op.EQ);
findByPolicyAccountId.and("accountId", findByPolicyAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
findByPolicyAccountId.done();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
----------------------------------------------------------------------
diff --git a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
index 8760199..53cfc71 100644
--- a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
+++ b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
@@ -114,19 +114,19 @@ public class IAMServiceUnitTest {
@Test(expected = InvalidParameterValueException.class)
public void createAclGroupTest() {
- IAMGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
+ IAMGroup group = _iamService.createIAMGroup("group1", "my first group", "/root/mydomain");
assertNotNull("Acl group 'group1' failed to create ", group);
IAMGroupVO group2 = new IAMGroupVO("group1", "my second group");
when(_aclGroupDao.findByName(eq("/root/mydomain"), eq("group1"))).thenReturn(group2);
- IAMGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
+ IAMGroup group3 = _iamService.createIAMGroup("group1", "my first group", "/root/mydomain");
}
@Test(expected = InvalidParameterValueException.class)
public void deleteAclGroupInvalidIdTest() {
when(_aclGroupDao.findById(20L)).thenReturn(null);
- _iamService.deleteAclGroup(20L);
+ _iamService.deleteIAMGroup(20L);
}
@Test
@@ -145,19 +145,19 @@ public class IAMServiceUnitTest {
@Test(expected = InvalidParameterValueException.class)
public void createAclPolicyTest() {
- IAMPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain");
+ IAMPolicy policy = _iamService.createIAMPolicy("policy1", "my first policy", null, "/root/mydomain");
assertNotNull("Acl policy 'policy1' failed to create ", policy);
IAMPolicyVO rvo = new IAMPolicyVO("policy2", "second policy");
when(_aclPolicyDao.findByName(eq("policy2"))).thenReturn(rvo);
- _iamService.createAclPolicy("policy2", "second policy", null, "/root/mydomain");
+ _iamService.createIAMPolicy("policy2", "second policy", null, "/root/mydomain");
}
@Test(expected = InvalidParameterValueException.class)
public void deleteAclPolicyInvalidIdTest() {
when(_aclPolicyDao.findById(34L)).thenReturn(null);
- _iamService.deleteAclPolicy(34L);
+ _iamService.deleteIAMPolicy(34L);
}
@Configuration
[05/18] Renaming plugin packages to 'iam' instead if 'acl'
Posted by pr...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
new file mode 100644
index 0000000..996f8d4
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
@@ -0,0 +1,690 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.command.iam.AddAccountToAclGroupCmd;
+import org.apache.cloudstack.api.command.iam.AddAclPermissionToAclPolicyCmd;
+import org.apache.cloudstack.api.command.iam.AttachAclPolicyToAccountCmd;
+import org.apache.cloudstack.api.command.iam.AttachAclPolicyToAclGroupCmd;
+import org.apache.cloudstack.api.command.iam.CreateAclGroupCmd;
+import org.apache.cloudstack.api.command.iam.CreateAclPolicyCmd;
+import org.apache.cloudstack.api.command.iam.DeleteAclGroupCmd;
+import org.apache.cloudstack.api.command.iam.DeleteAclPolicyCmd;
+import org.apache.cloudstack.api.command.iam.ListAclGroupsCmd;
+import org.apache.cloudstack.api.command.iam.ListAclPoliciesCmd;
+import org.apache.cloudstack.api.command.iam.RemoveAccountFromAclGroupCmd;
+import org.apache.cloudstack.api.command.iam.RemoveAclPermissionFromAclPolicyCmd;
+import org.apache.cloudstack.api.command.iam.RemoveAclPolicyFromAccountCmd;
+import org.apache.cloudstack.api.command.iam.RemoveAclPolicyFromAclGroupCmd;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPermissionResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.messagebus.MessageBus;
+import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
+import org.apache.cloudstack.iam.api.AclGroup;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMService;
+
+import com.cloud.api.ApiServerService;
+import com.cloud.domain.Domain;
+import com.cloud.domain.DomainVO;
+import com.cloud.domain.dao.DomainDao;
+import com.cloud.event.ActionEvent;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.template.TemplateManager;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountVO;
+import com.cloud.user.DomainManager;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.Pair;
+import com.cloud.utils.component.Manager;
+import com.cloud.utils.component.ManagerBase;
+import com.cloud.utils.db.DB;
+import com.cloud.utils.db.EntityManager;
+
+@Local(value = {AclApiService.class})
+public class AclApiServiceImpl extends ManagerBase implements AclApiService, Manager {
+
+ public static final Logger s_logger = Logger.getLogger(AclApiServiceImpl.class);
+ private String _name;
+
+ @Inject
+ ApiServerService _apiServer;
+
+ @Inject
+ IAMService _iamSrv;
+
+ @Inject
+ DomainDao _domainDao;
+
+ @Inject
+ AccountDao _accountDao;
+
+ @Inject
+ AccountManager _accountMgr;
+
+ @Inject
+ MessageBus _messageBus;
+
+ @Override
+ public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
+ _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ HashMap<Long, Long> acctGroupMap = (HashMap<Long, Long>) obj;
+ for (Long accountId : acctGroupMap.keySet()) {
+ Long groupId = acctGroupMap.get(accountId);
+ s_logger.debug("MessageBus message: new Account Added: " + accountId + ", adding it to groupId :"
+ + groupId);
+ addAccountToAclGroup(accountId, groupId);
+ // add it to domain group too
+ AccountVO account = _accountDao.findById(accountId);
+ Domain domain = _domainDao.findById(account.getDomainId());
+ if (domain != null) {
+ List<AclGroup> domainGroups = listDomainGroup(domain);
+
+ if (domainGroups != null) {
+ for (AclGroup group : domainGroups) {
+ addAccountToAclGroup(accountId, new Long(group.getId()));
+ }
+ }
+ }
+ }
+ }
+ });
+
+ _messageBus.subscribe(AccountManager.MESSAGE_REMOVE_ACCOUNT_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long accountId = ((Long) obj);
+ if (accountId != null) {
+ s_logger.debug("MessageBus message: Account removed: " + accountId
+ + ", releasing the group associations");
+ removeAccountFromAclGroups(accountId);
+ }
+ }
+ });
+
+ _messageBus.subscribe(DomainManager.MESSAGE_ADD_DOMAIN_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long domainId = ((Long) obj);
+ if (domainId != null) {
+ s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
+ Domain domain = _domainDao.findById(domainId);
+ _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
+ }
+ }
+ });
+
+ _messageBus.subscribe(DomainManager.MESSAGE_REMOVE_DOMAIN_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long domainId = ((Long) obj);
+ if (domainId != null) {
+ s_logger.debug("MessageBus message: Domain removed: " + domainId + ", removing the domain group");
+ Domain domain = _domainDao.findById(domainId);
+ List<AclGroup> groups = listDomainGroup(domain);
+ for (AclGroup group : groups) {
+ _iamSrv.deleteAclGroup(group.getId());
+ }
+ }
+ }
+ });
+
+ _messageBus.subscribe(TemplateManager.MESSAGE_REGISTER_PUBLIC_TEMPLATE_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long templateId = (Long)obj;
+ if (templateId != null) {
+ s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
+ }
+ }
+ });
+
+ _messageBus.subscribe(TemplateManager.MESSAGE_RESET_TEMPLATE_PERMISSION_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long templateId = (Long)obj;
+ if (templateId != null) {
+ s_logger.debug("MessageBus message: reset template permission: " + templateId);
+ resetTemplatePermission(templateId);
+ }
+ }
+ });
+
+ _messageBus.subscribe(EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Pair<IAMEntityType, Long> entity = (Pair<IAMEntityType, Long>)obj;
+ if (entity != null) {
+ String entityType = entity.first().toString();
+ Long entityId = entity.second();
+ s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
+ _iamSrv.removeAclPermissionForEntity(entityType, entityId);
+ }
+ }
+ });
+
+
+ _messageBus.subscribe(EntityManager.MESSAGE_GRANT_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Map<String, Object> permit = (Map<String, Object>)obj;
+ if (permit != null) {
+ String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
+ Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
+ AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
+ String action = (String)permit.get(ApiConstants.ACL_ACTION);
+ List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
+ s_logger.debug("MessageBus message: grant accounts permission to an entity: (" + entityType + "," + entityId + ")");
+ grantEntityPermissioinToAccounts(entityType, entityId, accessType, action, acctIds);
+ }
+ }
+ });
+
+ _messageBus.subscribe(EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Map<String, Object> permit = (Map<String, Object>)obj;
+ if (permit != null) {
+ String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
+ Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
+ AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
+ String action = (String)permit.get(ApiConstants.ACL_ACTION);
+ List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
+ s_logger.debug("MessageBus message: revoke from accounts permission to an entity: (" + entityType + "," + entityId + ")");
+ revokeEntityPermissioinFromAccounts(entityType, entityId, accessType, action, acctIds);
+ }
+ }
+ });
+
+ _messageBus.subscribe(EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Map<String, Object> params = (Map<String, Object>) obj;
+ if (params != null) {
+ addDomainWideResourceAccess(params);
+ }
+ }
+ });
+
+ return super.configure(name, params);
+ }
+
+ private void addDomainWideResourceAccess(Map<String, Object> params) {
+
+ IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);
+ Long entityId = (Long) params.get(ApiConstants.ENTITY_ID);
+ Long domainId = (Long) params.get(ApiConstants.DOMAIN_ID);
+ Boolean isRecursive = (Boolean) params.get(ApiConstants.SUBDOMAIN_ACCESS);
+
+ if (entityType == IAMEntityType.Network) {
+ createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType.toString(),
+ entityId, "listNetworks", AccessType.UseEntry, domainId, isRecursive);
+ } else if (entityType == IAMEntityType.AffinityGroup) {
+ createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide affinityGroup", entityType.toString(),
+ entityId, "listAffinityGroups", AccessType.UseEntry, domainId, isRecursive);
+ }
+
+ }
+
+ private void createPolicyAndAddToDomainGroup(String policyName, String description, String entityType,
+ Long entityId, String action, AccessType accessType, Long domainId, Boolean recursive) {
+
+ Domain domain = _domainDao.findById(domainId);
+ if (domain != null) {
+ AclPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
+ _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
+ entityId, action, accessType.toString(), Permission.Allow, recursive);
+ List<Long> policyList = new ArrayList<Long>();
+ policyList.add(new Long(policy.getId()));
+
+ List<AclGroup> domainGroups = listDomainGroup(domain);
+ if (domainGroups != null) {
+ for (AclGroup group : domainGroups) {
+ _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
+ }
+ }
+ }
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
+ public AclGroup createAclGroup(Account caller, String aclGroupName, String description) {
+ Long domainId = caller.getDomainId();
+ Domain callerDomain = _domainDao.findById(domainId);
+ if (callerDomain == null) {
+ throw new InvalidParameterValueException("Caller does not have a domain");
+ }
+ return _iamSrv.createAclGroup(aclGroupName, description, callerDomain.getPath());
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_DELETE, eventDescription = "Deleting Acl Group")
+ public boolean deleteAclGroup(final Long aclGroupId) {
+ return _iamSrv.deleteAclGroup(aclGroupId);
+ }
+
+ @Override
+ public List<AclGroup> listAclGroups(long accountId) {
+ return _iamSrv.listAclGroups(accountId);
+ }
+
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
+ public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
+ return _iamSrv.addAccountsToGroup(acctIds, groupId);
+ }
+
+
+ private void removeAccountFromAclGroups(long accountId) {
+ List<AclGroup> groups = listAclGroups(accountId);
+ List<Long> accts = new ArrayList<Long>();
+ accts.add(accountId);
+ if (groups != null) {
+ for (AclGroup grp : groups) {
+ removeAccountsFromGroup(accts, grp.getId());
+ }
+ }
+ }
+
+ private void addAccountToAclGroup(long accountId, long groupId) {
+ List<Long> accts = new ArrayList<Long>();
+ accts.add(accountId);
+ addAccountsToGroup(accts, groupId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
+ public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
+ return _iamSrv.removeAccountsFromGroup(acctIds, groupId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_CREATE, eventDescription = "Creating Acl Policy", create = true)
+ public AclPolicy createAclPolicy(Account caller, final String aclPolicyName, final String description, final Long parentPolicyId) {
+ Long domainId = caller.getDomainId();
+ Domain callerDomain = _domainDao.findById(domainId);
+ if (callerDomain == null) {
+ throw new InvalidParameterValueException("Caller does not have a domain");
+ }
+ return _iamSrv.createAclPolicy(aclPolicyName, description, parentPolicyId, callerDomain.getPath());
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_DELETE, eventDescription = "Deleting Acl Policy")
+ public boolean deleteAclPolicy(final long aclPolicyId) {
+ return _iamSrv.deleteAclPolicy(aclPolicyId);
+ }
+
+
+ @Override
+ public List<AclPolicy> listAclPolicies(long accountId) {
+ return _iamSrv.listAclPolicies(accountId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
+ public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
+ return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
+ public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
+ return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
+ }
+
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
+ public void attachAclPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
+ _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
+ public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
+ _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_GRANT, eventDescription = "Granting acl permission to Acl Policy")
+ public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope,
+ Long scopeId, String action, Permission perm, Boolean recursive) {
+ Class<?> cmdClass = _apiServer.getCmdClass(action);
+ AccessType accessType = null;
+ if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
+ accessType = AccessType.UseEntry;
+ }
+ return _iamSrv.addAclPermissionToAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action,
+ accessType.toString(), perm, recursive);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_REVOKE, eventDescription = "Revoking acl permission from Acl Policy")
+ public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
+ return _iamSrv.removeAclPermissionFromAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action);
+ }
+
+ @Override
+ public AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action) {
+ List<AclPolicy> policies = _iamSrv.listAclPolicies(accountId);
+ AclPolicyPermission curPerm = null;
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
+ entityType);
+ if (perms == null || perms.size() == 0)
+ continue;
+ AclPolicyPermission perm = perms.get(0); // just pick one
+ if (curPerm == null) {
+ curPerm = perm;
+ } else if (PermissionScope.valueOf(perm.getScope()).greaterThan(PermissionScope.valueOf(curPerm.getScope()))) {
+ // pick the more relaxed allowed permission
+ curPerm = perm;
+ }
+ }
+
+ return curPerm;
+ }
+
+
+ @Override
+ public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
+ AclPolicyResponse response = new AclPolicyResponse();
+ response.setId(policy.getUuid());
+ response.setName(policy.getName());
+ response.setDescription(policy.getDescription());
+ String domainPath = policy.getPath();
+ if (domainPath != null) {
+ DomainVO domain = _domainDao.findDomainByPath(domainPath);
+ if (domain != null) {
+ response.setDomainId(domain.getUuid());
+ response.setDomainName(domain.getName());
+ }
+ }
+ long accountId = policy.getAccountId();
+ AccountVO owner = _accountDao.findById(accountId);
+ if (owner != null) {
+ response.setAccountName(owner.getAccountName());
+ }
+ // find permissions associated with this policy
+ List<AclPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
+ if (permissions != null && permissions.size() > 0) {
+ for (AclPolicyPermission permission : permissions) {
+ AclPermissionResponse perm = new AclPermissionResponse();
+ perm.setAction(permission.getAction());
+ if (permission.getEntityType() != null) {
+ perm.setEntityType(IAMEntityType.valueOf(permission.getEntityType()));
+ }
+ if (permission.getScope() != null) {
+ perm.setScope(PermissionScope.valueOf(permission.getScope()));
+ }
+ perm.setScopeId(permission.getScopeId());
+ perm.setPermission(permission.getPermission());
+ response.addPermission(perm);
+ }
+ }
+ response.setObjectName("aclpolicy");
+ return response;
+ }
+
+ @Override
+ public AclGroupResponse createAclGroupResponse(AclGroup group) {
+ AclGroupResponse response = new AclGroupResponse();
+ response.setId(group.getUuid());
+ response.setName(group.getName());
+ response.setDescription(group.getDescription());
+ String domainPath = group.getPath();
+ if (domainPath != null) {
+ DomainVO domain = _domainDao.findDomainByPath(domainPath);
+ if (domain != null) {
+ response.setDomainId(domain.getUuid());
+ response.setDomainName(domain.getName());
+ }
+ }
+ long accountId = group.getAccountId();
+ AccountVO owner = _accountDao.findById(accountId);
+ if (owner != null) {
+ response.setAccountName(owner.getAccountName());
+ }
+ // find all the members in this group
+ List<Long> members = _iamSrv.listAccountsByGroup(group.getId());
+ if (members != null && members.size() > 0) {
+ for (Long member : members) {
+ AccountVO mem = _accountDao.findById(member);
+ if (mem != null) {
+ response.addMemberAccount(mem.getAccountName());
+ }
+ }
+ }
+
+ // find all the policies attached to this group
+ List<AclPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
+ if (policies != null && policies.size() > 0) {
+ for (AclPolicy policy : policies) {
+ response.addPolicy(policy.getName());
+ }
+ }
+
+ response.setObjectName("aclgroup");
+ return response;
+
+ }
+
+ public List<AclGroup> listDomainGroup(Domain domain) {
+
+ if (domain != null) {
+ String domainPath = domain.getPath();
+ // search for groups
+ Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
+ domainPath, null, null);
+ return result.first();
+ }
+ return new ArrayList<AclGroup>();
+
+ }
+
+ @Override
+ public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
+ // acl check
+ Account caller = CallContext.current().getCallingAccount();
+
+ Domain domain = null;
+ if (domainId != null) {
+ domain = _domainDao.findById(domainId);
+ if (domain == null) {
+ throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
+ }
+
+ _accountMgr.checkAccess(caller, domain);
+ } else {
+ domain = _domainDao.findById(caller.getDomainId());
+ }
+ String domainPath = domain.getPath();
+ // search for groups
+ Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(aclGroupId, aclGroupName, domainPath, startIndex, pageSize);
+ // generate group response
+ ListResponse<AclGroupResponse> response = new ListResponse<AclGroupResponse>();
+ List<AclGroupResponse> groupResponses = new ArrayList<AclGroupResponse>();
+ for (AclGroup group : result.first()) {
+ AclGroupResponse resp = createAclGroupResponse(group);
+ groupResponses.add(resp);
+ }
+ response.setResponses(groupResponses, result.second());
+ return response;
+ }
+
+ @Override
+ public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
+ Long pageSize) {
+ // acl check
+ Account caller = CallContext.current().getCallingAccount();
+
+ Domain domain = null;
+ if (domainId != null) {
+ domain = _domainDao.findById(domainId);
+ if (domain == null) {
+ throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
+ }
+
+ _accountMgr.checkAccess(caller, domain);
+ } else {
+ domain = _domainDao.findById(caller.getDomainId());
+ }
+ String domainPath = domain.getPath();
+ // search for policies
+ Pair<List<AclPolicy>, Integer> result = _iamSrv.listAclPolicies(aclPolicyId, aclPolicyName, domainPath, startIndex, pageSize);
+ // generate policy response
+ ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
+ List<AclPolicyResponse> policyResponses = new ArrayList<AclPolicyResponse>();
+ for (AclPolicy policy : result.first()) {
+ AclPolicyResponse resp = createAclPolicyResponse(policy);
+ policyResponses.add(resp);
+ }
+ response.setResponses(policyResponses, result.second());
+ return response;
+ }
+
+ @Override
+ public void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
+ // check if there is already a policy with only this permission added to it
+ AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
+ if (policy == null) {
+ // not found, just create a policy with resource grant permission
+ Account caller = CallContext.current().getCallingAccount();
+ String aclPolicyName = "policyGrant" + entityType + entityId;
+ String description = "Policy to grant permission to " + entityType + entityId;
+ policy = createAclPolicy(caller, aclPolicyName, description, null);
+ // add permission to this policy
+ addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
+ }
+ // attach this policy to list of accounts if not attached already
+ Long policyId = policy.getId();
+ for (Long acctId : accountIds) {
+ if (!isPolicyAttachedToAccount(policyId, acctId)) {
+ attachAclPolicyToAccounts(policyId, Collections.singletonList(acctId));
+ }
+ }
+ }
+
+ @Override
+ public void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
+ // there should already a policy with only this permission added to it, this call is mainly used
+ AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
+ if (policy == null) {
+ s_logger.warn("Cannot find a policy associated with this entity permissioin to be revoked, just return");
+ return;
+ }
+ // detach this policy from list of accounts if not detached already
+ Long policyId = policy.getId();
+ for (Long acctId : accountIds) {
+ if (isPolicyAttachedToAccount(policyId, acctId)) {
+ removeAclPolicyFromAccounts(policyId, Collections.singletonList(acctId));
+ }
+ }
+
+ }
+
+ private boolean isPolicyAttachedToAccount(Long policyId, Long accountId) {
+ List<AclPolicy> pList = listAclPolicies(accountId);
+ for (AclPolicy p : pList) {
+ if (p.getId() == policyId.longValue()) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private void resetTemplatePermission(Long templateId){
+ // reset template will change template to private, so we need to remove its permission for domain admin and normal user group
+ _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
+ _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
+ // check if there is a policy with only UseEntry permission for this template added
+ AclPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
+ if ( policy == null ){
+ s_logger.info("No policy found for this template grant: " + templateId + ", no detach to be done");
+ return;
+ }
+ // delete the policy, which should detach it from groups and accounts
+ _iamSrv.deleteAclPolicy(policy.getId());
+
+ }
+
+ @Override
+ public List<Class<?>> getCommands() {
+ List<Class<?>> cmdList = new ArrayList<Class<?>>();
+ cmdList.add(CreateAclPolicyCmd.class);
+ cmdList.add(DeleteAclPolicyCmd.class);
+ cmdList.add(ListAclPoliciesCmd.class);
+ cmdList.add(AddAclPermissionToAclPolicyCmd.class);
+ cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
+ cmdList.add(AttachAclPolicyToAclGroupCmd.class);
+ cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
+ cmdList.add(CreateAclGroupCmd.class);
+ cmdList.add(DeleteAclGroupCmd.class);
+ cmdList.add(ListAclGroupsCmd.class);
+ cmdList.add(AddAccountToAclGroupCmd.class);
+ cmdList.add(RemoveAccountFromAclGroupCmd.class);
+ cmdList.add(AttachAclPolicyToAccountCmd.class);
+ cmdList.add(RemoveAclPolicyFromAccountCmd.class);
+ return cmdList;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
new file mode 100644
index 0000000..448e45f
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
@@ -0,0 +1,273 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.APIChecker;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMService;
+
+import com.cloud.api.ApiServerService;
+import com.cloud.exception.PermissionDeniedException;
+import com.cloud.storage.VMTemplateVO;
+import com.cloud.storage.dao.VMTemplateDao;
+import com.cloud.user.Account;
+import com.cloud.user.AccountService;
+import com.cloud.user.User;
+import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.component.AdapterBase;
+import com.cloud.utils.component.PluggableService;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+//This is the Role Based API access checker that grab's the account's roles
+//based on the set of roles, access is granted if any of the role has access to the api
+@Local(value=APIChecker.class)
+public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
+
+ protected static final Logger s_logger = Logger.getLogger(RoleBasedAPIAccessChecker.class);
+
+ @Inject
+ AccountService _accountService;
+ @Inject
+ ApiServerService _apiServer;
+ @Inject
+ IAMService _iamSrv;
+ @Inject
+ VMTemplateDao _templateDao;
+
+ Set<String> commandsPropertiesOverrides = new HashSet<String>();
+ Map<RoleType, Set<String>> commandsPropertiesRoleBasedApisMap = new HashMap<RoleType, Set<String>>();
+
+ List<PluggableService> _services;
+
+ protected RoleBasedAPIAccessChecker() {
+ super();
+ for (RoleType roleType : RoleType.values()) {
+ commandsPropertiesRoleBasedApisMap.put(roleType, new HashSet<String>());
+ }
+ }
+
+ @Override
+ public boolean checkAccess(User user, String commandName) throws PermissionDeniedException {
+ Account account = _accountService.getAccount(user.getAccountId());
+ if (account == null) {
+ throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId()
+ + "is null");
+ }
+
+ List<AclPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
+
+ boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
+ if (!isAllowed) {
+ throw new PermissionDeniedException("The API does not exist or is blacklisted. api: " + commandName);
+ }
+ return isAllowed;
+ }
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ processMapping(PropertiesUtil.processConfigFile(new String[] { "commands.properties" }));
+ return true;
+ }
+
+ @Override
+ public boolean start() {
+
+ // drop all default policy api permissions - we reload them every time
+ // to include any changes done to the @APICommand or
+ // commands.properties.
+
+ for (RoleType role : RoleType.values()) {
+ Long policyId = getDefaultPolicyId(role);
+ if (policyId != null) {
+ _iamSrv.resetAclPolicy(policyId);
+ }
+ }
+
+ // add the system-domain capability
+
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null,
+ "SystemCapability", null, Permission.Allow, false);
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null,
+ "DomainCapability", null, Permission.Allow, false);
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null,
+ "DomainResourceCapability", null, Permission.Allow, false);
+
+ // add permissions for public templates
+ List<VMTemplateVO> pTmplts = _templateDao.listByPublic();
+ for (VMTemplateVO tmpl : pTmplts){
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
+ }
+
+ for (PluggableService service : _services) {
+ for (Class<?> cmdClass : service.getCommands()) {
+ APICommand command = cmdClass.getAnnotation(APICommand.class);
+ if (!commandsPropertiesOverrides.contains(command.name())) {
+ for (RoleType role : command.authorized()) {
+ addDefaultAclPolicyPermission(command.name(), cmdClass, role);
+ }
+ }
+ }
+ }
+
+ // read commands.properties and load api acl permissions -
+ // commands.properties overrides any @APICommand authorization
+
+ for (String apiName : commandsPropertiesOverrides) {
+ Class<?> cmdClass = _apiServer.getCmdClass(apiName);
+ for (RoleType role : RoleType.values()) {
+ if (commandsPropertiesRoleBasedApisMap.get(role).contains(apiName)) {
+ // insert permission for this role for this api
+ addDefaultAclPolicyPermission(apiName, cmdClass, role);
+ }
+ }
+ }
+
+ return super.start();
+ }
+
+ private Long getDefaultPolicyId(RoleType role) {
+ Long policyId = null;
+ switch (role) {
+ case User:
+ policyId = new Long(Account.ACCOUNT_TYPE_NORMAL + 1);
+ break;
+
+ case Admin:
+ policyId = new Long(Account.ACCOUNT_TYPE_ADMIN + 1);
+ break;
+
+ case DomainAdmin:
+ policyId = new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1);
+ break;
+
+ case ResourceAdmin:
+ policyId = new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1);
+ break;
+ }
+
+ return policyId;
+ }
+
+ private void processMapping(Map<String, String> configMap) {
+ for (Map.Entry<String, String> entry : configMap.entrySet()) {
+ String apiName = entry.getKey();
+ String roleMask = entry.getValue();
+ commandsPropertiesOverrides.add(apiName);
+ try {
+ short cmdPermissions = Short.parseShort(roleMask);
+ for (RoleType roleType : RoleType.values()) {
+ if ((cmdPermissions & roleType.getValue()) != 0)
+ commandsPropertiesRoleBasedApisMap.get(roleType).add(apiName);
+ }
+ } catch (NumberFormatException nfe) {
+ s_logger.info("Malformed key=value pair for entry: " + entry.toString());
+ }
+ }
+ }
+
+ public List<PluggableService> getServices() {
+ return _services;
+ }
+
+ @Inject
+ public void setServices(List<PluggableService> services) {
+ _services = services;
+ }
+
+ private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType role) {
+
+ AccessType accessType = null;
+ IAMEntityType[] entityTypes = null;
+ if (cmdClass != null) {
+ BaseCmd cmdObj;
+ try {
+ cmdObj = (BaseCmd) cmdClass.newInstance();
+ if (cmdObj instanceof BaseListCmd) {
+ accessType = AccessType.UseEntry;
+ } else if (!(cmdObj instanceof BaseAsyncCreateCmd)) {
+ accessType = AccessType.OperateEntry;
+ }
+ } catch (Exception e) {
+ throw new CloudRuntimeException(String.format(
+ "%s is claimed as an API command, but it cannot be instantiated", cmdClass.getName()));
+ }
+
+ APICommand at = cmdClass.getAnnotation(APICommand.class);
+ entityTypes = at.entityType();
+ }
+
+ PermissionScope permissionScope = PermissionScope.ACCOUNT;
+ Long policyId = getDefaultPolicyId(role);
+ switch (role) {
+ case User:
+ permissionScope = PermissionScope.ACCOUNT;
+ break;
+
+ case Admin:
+ permissionScope = PermissionScope.ALL;
+ break;
+
+ case DomainAdmin:
+ permissionScope = PermissionScope.DOMAIN;
+ break;
+
+ case ResourceAdmin:
+ permissionScope = PermissionScope.DOMAIN;
+ break;
+ }
+
+
+ if (entityTypes == null || entityTypes.length == 0) {
+ _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
+ } else {
+ for (IAMEntityType entityType : entityTypes) {
+ _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
+ }
+ }
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
new file mode 100644
index 0000000..5420f84
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -0,0 +1,186 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.ControlledEntity;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker;
+import org.apache.cloudstack.api.InternalIdentity;
+import org.apache.cloudstack.iam.api.AclGroup;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMService;
+
+import com.cloud.acl.DomainChecker;
+import com.cloud.domain.dao.DomainDao;
+import com.cloud.exception.PermissionDeniedException;
+import com.cloud.user.Account;
+import com.cloud.user.AccountService;
+
+public class RoleBasedEntityAccessChecker extends DomainChecker implements SecurityChecker {
+
+ private static final Logger s_logger = Logger.getLogger(RoleBasedEntityAccessChecker.class.getName());
+
+ @Inject
+ AccountService _accountService;
+
+ @Inject DomainDao _domainDao;
+
+ @Inject
+ IAMService _iamSrv;
+
+
+ @Override
+ public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType)
+ throws PermissionDeniedException {
+ return checkAccess(caller, entity, accessType, null);
+ }
+
+ @Override
+ public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType, String action)
+ throws PermissionDeniedException {
+
+ if (entity == null && action != null) {
+ // check if caller can do this action
+ List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
+
+ boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies);
+ if (!isAllowed) {
+ throw new PermissionDeniedException("The action '" + action + "' not allowed for account " + caller);
+ }
+ return true;
+ }
+
+ String entityType = entity.getEntityType().toString();
+
+ if (accessType == null) {
+ accessType = AccessType.UseEntry;
+ }
+
+ // get all Policies of this caller w.r.t the entity
+ List<AclPolicy> policies = getEffectivePolicies(caller, entity);
+ HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();
+
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> permissions = new ArrayList<AclPolicyPermission>();
+
+ if (action != null) {
+ permissions = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action, entityType);
+ if (permissions.isEmpty()) {
+ if (accessType != null) {
+ permissions.addAll(_iamSrv.listPolicyPermissionByAccessAndEntity(policy.getId(),
+ accessType.toString(), entityType));
+ }
+ }
+ } else {
+ if (accessType != null) {
+ permissions.addAll(_iamSrv.listPolicyPermissionByAccessAndEntity(policy.getId(),
+ accessType.toString(), entityType));
+ }
+ }
+ for (AclPolicyPermission permission : permissions) {
+ if (checkPermissionScope(caller, permission.getScope(), permission.getScopeId(), entity)) {
+ if (permission.getEntityType().equals(entityType)) {
+ policyPermissionMap.put(policy, permission.getPermission().isGranted());
+ break;
+ } else if (permission.getEntityType().equals("*")) {
+ policyPermissionMap.put(policy, permission.getPermission().isGranted());
+ }
+ }
+ }
+ if (policyPermissionMap.containsKey(policy) && policyPermissionMap.get(policy)) {
+ return true;
+ }
+ }
+
+ if (!policies.isEmpty()) { // Since we reach this point, none of the
+ // roles granted access
+ if (s_logger.isDebugEnabled()) {
+ s_logger.debug("Account " + caller + " does not have permission to access resource " + entity
+ + " for access type: " + accessType);
+ }
+ throw new PermissionDeniedException(caller + " does not have permission to access resource " + entity);
+ }
+
+ return false;
+ }
+
+ private boolean checkPermissionScope(Account caller, String scope, Long scopeId, ControlledEntity entity) {
+
+ if(scopeId != null && !scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))){
+ //scopeId is set
+ if (scope.equals(PermissionScope.ACCOUNT.name())) {
+ if(scopeId == entity.getAccountId()){
+ return true;
+ }
+ } else if (scope.equals(PermissionScope.DOMAIN.name())) {
+ if (_domainDao.isChildDomain(scopeId, entity.getDomainId())) {
+ return true;
+ }
+ } else if (scope.equals(PermissionScope.RESOURCE.name())) {
+ if (entity instanceof InternalIdentity) {
+ InternalIdentity entityWithId = (InternalIdentity) entity;
+ if(scopeId.equals(entityWithId.getId())){
+ return true;
+ }
+ }
+ }
+ } else if (scopeId == null || scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))) {
+ if (scope.equals(PermissionScope.ACCOUNT.name())) {
+ if(caller.getAccountId() == entity.getAccountId()){
+ return true;
+ }
+ } else if (scope.equals(PermissionScope.DOMAIN.name())) {
+ if (_domainDao.isChildDomain(caller.getDomainId(), entity.getDomainId())) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ private List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
+
+ // Get the static Policies of the Caller
+ List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
+
+ // add any dynamic policies w.r.t the entity
+ if (caller.getId() == entity.getAccountId()) {
+ // The caller owns the entity
+ policies.add(_iamSrv.getResourceOwnerPolicy());
+ }
+
+ List<AclGroup> groups = _iamSrv.listAclGroups(caller.getId());
+ for (AclGroup group : groups) {
+ // for each group find the grand parent groups.
+ List<AclGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
+ for (AclGroup parentGroup : parentGroups) {
+ policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
+ }
+ }
+
+ return policies;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
new file mode 100644
index 0000000..4cec0d9
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
@@ -0,0 +1,147 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.QuerySelector;
+import org.apache.cloudstack.iam.api.AclGroup;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMService;
+
+import com.cloud.user.Account;
+import com.cloud.utils.component.AdapterBase;
+
+public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySelector {
+
+ private static final Logger s_logger = Logger.getLogger(RoleBasedEntityQuerySelector.class.getName());
+
+ @Inject
+ IAMService _iamService;
+
+ @Override
+ public List<Long> getAuthorizedDomains(Account caller, String action) {
+ long accountId = caller.getAccountId();
+ // Get the static Policies of the Caller
+ List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ // for each policy, find granted permission with Domain scope
+ List<Long> domainIds = new ArrayList<Long>();
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.DOMAIN.toString());
+ if (pp != null) {
+ for (AclPolicyPermission p : pp) {
+ if (p.getScopeId() != null) {
+ if (p.getScopeId().longValue() == -1) {
+ domainIds.add(caller.getDomainId());
+ } else {
+ domainIds.add(p.getScopeId());
+ }
+ }
+ }
+ }
+ }
+ return domainIds;
+ }
+
+ @Override
+ public List<Long> getAuthorizedAccounts(Account caller, String action) {
+ long accountId = caller.getAccountId();
+ // Get the static Policies of the Caller
+ List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ // for each policy, find granted permission with Account scope
+ List<Long> accountIds = new ArrayList<Long>();
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ACCOUNT.toString());
+ if (pp != null) {
+ for (AclPolicyPermission p : pp) {
+ if (p.getScopeId() != null) {
+ if (p.getScopeId().longValue() == -1) {
+ accountIds.add(caller.getId());
+ } else {
+ accountIds.add(p.getScopeId());
+ }
+ }
+ }
+ }
+ }
+ return accountIds;
+ }
+
+ @Override
+ public List<Long> getAuthorizedResources(Account caller, String action) {
+ long accountId = caller.getAccountId();
+ // Get the static Policies of the Caller
+ List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+
+ // add the policies that grant recursive access
+ List<AclGroup> groups = _iamService.listAclGroups(caller.getId());
+ for (AclGroup group : groups) {
+ // for each group find the grand parent groups.
+ List<AclGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
+ for (AclGroup parentGroup : parentGroups) {
+ policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
+ }
+ }
+
+ // for each policy, find granted permission with Resource scope
+ List<Long> entityIds = new ArrayList<Long>();
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.RESOURCE.toString());
+ if (pp != null) {
+ for (AclPolicyPermission p : pp) {
+ if (p.getScopeId() != null) {
+ entityIds.add(p.getScopeId());
+ }
+ }
+ }
+ }
+ return entityIds;
+ }
+
+ @Override
+ public boolean isGrantedAll(Account caller, String action) {
+ long accountId = caller.getAccountId();
+ // Get the static Policies of the Caller
+ List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ // for each policy, find granted permission with ALL scope
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
+ if (pp != null && pp.size() > 0) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public List<String> listAclGroupsByAccount(long accountId) {
+ List<AclGroup> groups = _iamService.listAclGroups(accountId);
+ List<String> groupNames = new ArrayList<String>();
+ for (AclGroup grp : groups) {
+ groupNames.add(grp.getName());
+ }
+ return groupNames;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java b/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
index 02b7331..daf5b64 100644
--- a/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
+++ b/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
@@ -35,13 +35,13 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.support.AnnotationConfigContextLoader;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.acl.api.AclApiServiceImpl;
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.iam.AclApiServiceImpl;
import org.apache.cloudstack.api.command.user.vm.ListVMsCmd;
import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPermissionResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPermissionResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.framework.messagebus.MessageBus;
import org.apache.cloudstack.iam.api.AclGroup;
@@ -273,12 +273,12 @@ public class AclApiServiceTest {
Class clz = ListVMsCmd.class;
when(_apiServer.getCmdClass("listVirtualMachines")).thenReturn(clz);
when(
- _iamSrv.addAclPermissionToAclPolicy(policyId, AclEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
+ _iamSrv.addAclPermissionToAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
- _aclSrv.addAclPermissionToAclPolicy(policyId, AclEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
+ _aclSrv.addAclPermissionToAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
Pair<List<AclPolicy>, Integer> policyList = new Pair<List<AclPolicy>, Integer>(policies, 1);
List<AclPolicyPermission> policyPerms = new ArrayList<AclPolicyPermission>();
- AclPolicyPermission perm = new AclPolicyPermissionVO(policyId, "listVirtualMachines", AclEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
+ AclPolicyPermission perm = new AclPolicyPermissionVO(policyId, "listVirtualMachines", IAMEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
PermissionScope.RESOURCE.toString(),
resId, Permission.Allow, false);
policyPerms.add(perm);
@@ -294,7 +294,7 @@ public class AclApiServiceTest {
//remove permission from policy
policyPerms.remove(perm);
- _aclSrv.removeAclPermissionFromAclPolicy(policyId, AclEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines");
+ _aclSrv.removeAclPermissionFromAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines");
policyResp = _aclSrv.listAclPolicies(null, "policy1", callerDomainId, 0L, 20L);
assertTrue("No. of response items should be one", policyResp.getCount() == 1);
resp = policyResp.getResponses().get(0);
[06/18] Renaming plugin packages to 'iam' instead if 'acl'
Posted by pr...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
new file mode 100644
index 0000000..3bddc35
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
@@ -0,0 +1,175 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclPolicy;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.user.Account;
+
+@APICommand(name = "createAclPolicy", responseObject = AclPolicyResponse.class, description = "Creates an acl policy")
+public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateAclPolicyCmd.class.getName());
+
+ private static final String s_name = "createaclpolicyresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl policy. Must be used with domainId.")
+ private String accountName;
+
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl policy", entityType = DomainResponse.class)
+ private Long domainId;
+
+ @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl policy")
+ private String description;
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl policy")
+ private String name;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACL_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent acl policy.", entityType = AclPolicyResponse.class)
+ private Long parentPolicyId;
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public Long getParentPolicyId() {
+ return parentPolicyId;
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = CallContext.current().getCallingAccount();
+ if ((account == null) || _accountService.isAdmin(account.getType())) {
+ if ((domainId != null) && (accountName != null)) {
+ Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+ if (userAccount != null) {
+ return userAccount.getId();
+ }
+ }
+ }
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
+ // command to SYSTEM so ERROR events
+ // are tracked
+ }
+
+ @Override
+ public void execute() {
+ AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId());
+ if (policy != null) {
+ AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(policy);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy:" + name);
+ }
+ }
+
+ @Override
+ public void create() throws ResourceAllocationException {
+ Account account = CallContext.current().getCallingAccount();
+ AclPolicy result = _aclApiSrv.createAclPolicy(account, name, description, parentPolicyId);
+ if (result != null) {
+ setEntityId(result.getId());
+ setEntityUuid(result.getUuid());
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy entity" + name);
+ }
+
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_POLICY_CREATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "creating Acl policy";
+ }
+
+ @Override
+ public String getCreateEventType() {
+ return EventTypes.EVENT_ACL_POLICY_CREATE;
+ }
+
+ @Override
+ public String getCreateEventDescription() {
+ return "creating acl policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java
new file mode 100644
index 0000000..38f13f4
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+
+import com.cloud.event.EventTypes;
+import com.cloud.user.Account;
+
+@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
+public class DeleteAclGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteAclGroupCmd.class.getName());
+ private static final String s_name = "deleteaclgroupresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = AclGroupResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+ @Override
+ public void execute(){
+ boolean result = _aclApiSrv.deleteAclGroup(id);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_DELETE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Deleting Acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java
new file mode 100644
index 0000000..c9fc9ba
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+
+import com.cloud.event.EventTypes;
+import com.cloud.user.Account;
+
+@APICommand(name = "deleteAclPolicy", description = "Deletes acl policy", responseObject = SuccessResponse.class)
+public class DeleteAclPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName());
+ private static final String s_name = "deleteaclpolicyresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl role.", required = true, entityType = AclPolicyResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+ @Override
+ public void execute(){
+ boolean result = _aclApiSrv.deleteAclPolicy(id);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl policy");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_POLICY_DELETE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Deleting Acl role";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java
new file mode 100644
index 0000000..2e72493
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+
+
+@APICommand(name = "listAclGroups", description = "Lists acl groups", responseObject = AclGroupResponse.class)
+public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListAclGroupsCmd.class.getName());
+
+ private static final String s_name = "listaclgroupsresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl groups by name")
+ private String aclGroupName;
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl group by the id provided", entityType = AclGroupResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+ public String getAclGroupName() {
+ return aclGroupName;
+ }
+
+
+ public Long getId(){
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public void execute(){
+
+ ListResponse<AclGroupResponse> response = _aclApiSrv.listAclGroups(id, aclGroupName, getDomainId(),
+ getStartIndex(), getPageSizeVal());
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java
new file mode 100644
index 0000000..b5b2d8d
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+
+
+@APICommand(name = "listAclPolicies", description = "Lists acl policies", responseObject = AclPolicyResponse.class)
+public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListAclPoliciesCmd.class.getName());
+
+ private static final String s_name = "listaclpoliciesresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl policies by name")
+ private String aclPolicyName;
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl policy by the id provided", entityType = AclPolicyResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+ public String getAclPolicyName() {
+ return aclPolicyName;
+ }
+
+
+ public Long getId(){
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public void execute(){
+
+ ListResponse<AclPolicyResponse> response = _aclApiSrv.listAclPolicies(id, aclPolicyName, getDomainId(),
+ getStartIndex(), getPageSizeVal());
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java
new file mode 100644
index 0000000..a370e0a
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeAccountFromAclGroup", description = "remove accounts from an acl group", responseObject = AclGroupResponse.class)
+public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveAccountFromAclGroupCmd.class.getName());
+ private static final String s_name = "removeaccountfromaclgroupresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
+ required = true, description = "The ID of the acl group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl group Id: " + getId());
+ AclGroup result = _aclApiSrv.removeAccountsFromGroup(accountIdList, id);
+ if (result != null){
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing accounts from acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java
new file mode 100644
index 0000000..9236ef1
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java
@@ -0,0 +1,147 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclPolicy;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeAclPermissionFromAclPolicy", description = "Remove acl permission from an acl policy", responseObject = AclPolicyResponse.class)
+public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName());
+ private static final String s_name = "removeaclpermissionfromaclpolicyresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
+ required = true, description = "The ID of the acl policy")
+ private Long id;
+
+ @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
+ private String action;
+
+ @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
+ private String entityType;
+
+ @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
+ required = false, description = "acl permission scope")
+ private String scope;
+
+ @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
+ private Long scopeId;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getEntityType() {
+ return entityType;
+ }
+
+ public String getScope() {
+ return scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl policy Id: " + getId());
+ AclPolicy result = _aclApiSrv.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
+ if (result != null) {
+ AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from acl policy " + getId());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_POLICY_REVOKE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing permission from acl policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java
new file mode 100644
index 0000000..bf2c493
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java
@@ -0,0 +1,122 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeAclPolicyFromAccount", description = "remove acl policy from accounts", responseObject = SuccessResponse.class)
+public class RemoveAclPolicyFromAccountCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAccountCmd.class.getName());
+ private static final String s_name = "removeaclpolicyfromaccountresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
+ required = true, description = "The ID of the acl group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl policy Id: " + getId());
+ _aclApiSrv.removeAclPolicyFromAccounts(id, accountIdList);
+ SuccessResponse response = new SuccessResponse();
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing acl policy from accounts";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.Account;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java
new file mode 100644
index 0000000..88dfa7b
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeAclPolicyFromAclGroup", description = "remove acl policy from an acl group", responseObject = AclGroupResponse.class)
+public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName());
+ private static final String s_name = "removeaclpolicyfromaclgroupresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
+ required = true, description = "The ID of the acl group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
+ private List<Long> policyIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getRoleIdList() {
+ return policyIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl group Id: " + getId());
+ AclGroup result = _aclApiSrv.removeAclPoliciesFromGroup(policyIdList, id);
+ if (result != null){
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing acl roles from acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclGroupResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclGroupResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclGroupResponse.java
deleted file mode 100644
index 1cc3f6a..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclGroupResponse.java
+++ /dev/null
@@ -1,193 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.acl;
-
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.api.EntityReference;
-import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.serializer.Param;
-
-@SuppressWarnings("unused")
-@EntityReference(value = AclGroup.class)
-public class AclGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
-
- @SerializedName(ApiConstants.ID)
- @Param(description = "the ID of the acl group")
- private String id;
-
- @SerializedName(ApiConstants.NAME)
- @Param(description = "the name of the acl group")
- private String name;
-
- @SerializedName(ApiConstants.DESCRIPTION)
- @Param(description = "the description of the acl group")
- private String description;
-
- @SerializedName(ApiConstants.DOMAIN_ID)
- @Param(description = "the domain ID of the acl group")
- private String domainId;
-
- @SerializedName(ApiConstants.DOMAIN)
- @Param(description = "the domain name of the acl role")
- private String domainName;
-
- @SerializedName(ApiConstants.ACCOUNT)
- @Param(description = "the account owning the policy")
- private String accountName;
-
- @SerializedName(ApiConstants.ACL_MEMBER_ACCOUNTS)
- @Param(description = "account names assigned to this acl group ")
- private Set<String> accountNameList;
-
- @SerializedName(ApiConstants.ACL_POLICIES)
- @Param(description = "acl policies attached to this acl group ")
- private Set<String> policyNameList;
-
- public AclGroupResponse() {
- accountNameList = new LinkedHashSet<String>();
- policyNameList = new LinkedHashSet<String>();
- }
-
- @Override
- public String getObjectId() {
- return getId();
- }
-
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
-
- public void setName(String name) {
- this.name = name;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- @Override
- public void setDomainId(String domainId) {
- this.domainId = domainId;
- }
-
- @Override
- public void setDomainName(String domainName) {
- this.domainName = domainName;
- }
-
- @Override
- public void setAccountName(String accountName) {
- this.accountName = accountName;
-
- }
-
- @Override
- public void setProjectId(String projectId) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void setProjectName(String projectName) {
- // TODO Auto-generated method stub
-
- }
-
- public String getName() {
- return name;
- }
-
- public String getDescription() {
- return description;
- }
-
- public String getDomainId() {
- return domainId;
- }
-
- public String getDomainName() {
- return domainName;
- }
-
- public String getAccountName() {
- return accountName;
- }
-
- public Set<String> getAccountNameList() {
- return accountNameList;
- }
-
- public void setMemberAccounts(Set<String> accts) {
- accountNameList = accts;
- }
-
- public void addMemberAccount(String acct) {
- accountNameList.add(acct);
- }
-
- public void setPolicyList(Set<String> policies) {
- policyNameList = policies;
- }
-
- public void addPolicy(String policy) {
- policyNameList.add(policy);
- }
-
- public Set<String> getPolicyList() {
- return policyNameList;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclGroupResponse other = (AclGroupResponse)obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPermissionResponse.java
deleted file mode 100644
index f44144c..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPermissionResponse.java
+++ /dev/null
@@ -1,125 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.acl;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-
-import com.cloud.serializer.Param;
-
-public class AclPermissionResponse extends BaseResponse {
-
- @SerializedName(ApiConstants.ACL_ACTION)
- @Param(description = "action of this permission")
- private String action;
-
- @SerializedName(ApiConstants.ENTITY_TYPE)
- @Param(description = "the entity type of this permission")
- private AclEntityType entityType;
-
- @SerializedName(ApiConstants.ACL_SCOPE)
- @Param(description = "scope of this permission")
- private PermissionScope scope;
-
- @SerializedName(ApiConstants.ACL_SCOPE_ID)
- @Param(description = "scope id of this permission")
- private Long scopeId;
-
- @SerializedName(ApiConstants.ACL_ALLOW_DENY)
- @Param(description = "allow or deny of this permission")
- private AclPolicyPermission.Permission permission;
-
- public AclEntityType getEntityType() {
- return entityType;
- }
-
- public void setEntityType(AclEntityType entityType) {
- this.entityType = entityType;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public PermissionScope getScope() {
- return scope;
- }
-
- public void setScope(PermissionScope scope) {
- this.scope = scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
- public void setScopeId(Long scopeId) {
- this.scopeId = scopeId;
- }
-
- public AclPolicyPermission.Permission getPermission() {
- return permission;
- }
-
- public void setPermission(AclPolicyPermission.Permission permission) {
- this.permission = permission;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((action == null) ? 0 : action.hashCode());
- result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
- result = prime * result + ((scope == null) ? 0 : scope.hashCode());
- result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclPermissionResponse other = (AclPermissionResponse) obj;
- if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
- return false;
- } else if ((action == null && other.action != null) || !action.equals(other.action)) {
- return false;
- } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
- return false;
- } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
- return false;
- }
- return true;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPolicyResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPolicyResponse.java
deleted file mode 100644
index 76651d8..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPolicyResponse.java
+++ /dev/null
@@ -1,177 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.acl;
-
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.api.EntityReference;
-import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.serializer.Param;
-
-@SuppressWarnings("unused")
-@EntityReference(value = AclPolicy.class)
-public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
-
- @SerializedName(ApiConstants.ID)
- @Param(description = "the ID of the acl policy")
- private String id;
-
- @SerializedName(ApiConstants.NAME)
- @Param(description = "the name of the acl policy")
- private String name;
-
- @SerializedName(ApiConstants.DESCRIPTION)
- @Param(description = "the description of the acl policy")
- private String description;
-
- @SerializedName(ApiConstants.DOMAIN_ID)
- @Param(description = "the domain ID of the acl policy")
- private String domainId;
-
- @SerializedName(ApiConstants.DOMAIN)
- @Param(description = "the domain name of the acl policy")
- private String domainName;
-
- @SerializedName(ApiConstants.ACCOUNT)
- @Param(description = "the account owning the policy")
- private String accountName;
-
- @SerializedName(ApiConstants.ACL_PERMISSIONS)
- @Param(description = "set of permissions for the acl policy")
- private Set<AclPermissionResponse> permissionList;
-
- public AclPolicyResponse() {
- permissionList = new LinkedHashSet<AclPermissionResponse>();
- }
-
- @Override
- public String getObjectId() {
- return getId();
- }
-
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
-
- public void setName(String name) {
- this.name = name;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- @Override
- public void setDomainId(String domainId) {
- this.domainId = domainId;
- }
-
- @Override
- public void setDomainName(String domainName) {
- this.domainName = domainName;
- }
-
- public Set<AclPermissionResponse> getPermissionList() {
- return permissionList;
- }
-
- public void setPermissionList(Set<AclPermissionResponse> perms) {
- permissionList = perms;
- }
-
- public void addPermission(AclPermissionResponse perm) {
- permissionList.add(perm);
- }
-
- @Override
- public void setAccountName(String accountName) {
- this.accountName = accountName;
- }
-
- @Override
- public void setProjectId(String projectId) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void setProjectName(String projectName) {
- // TODO Auto-generated method stub
-
- }
-
- public String getName() {
- return name;
- }
-
- public String getDescription() {
- return description;
- }
-
- public String getDomainId() {
- return domainId;
- }
-
- public String getDomainName() {
- return domainName;
- }
-
- public String getAccountName() {
- return accountName;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclPolicyResponse other = (AclPolicyResponse) obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java
new file mode 100644
index 0000000..8c4adc1
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java
@@ -0,0 +1,193 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+import org.apache.cloudstack.iam.api.AclGroup;
+
+import com.cloud.serializer.Param;
+
+@SuppressWarnings("unused")
+@EntityReference(value = AclGroup.class)
+public class AclGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
+
+ @SerializedName(ApiConstants.ID)
+ @Param(description = "the ID of the acl group")
+ private String id;
+
+ @SerializedName(ApiConstants.NAME)
+ @Param(description = "the name of the acl group")
+ private String name;
+
+ @SerializedName(ApiConstants.DESCRIPTION)
+ @Param(description = "the description of the acl group")
+ private String description;
+
+ @SerializedName(ApiConstants.DOMAIN_ID)
+ @Param(description = "the domain ID of the acl group")
+ private String domainId;
+
+ @SerializedName(ApiConstants.DOMAIN)
+ @Param(description = "the domain name of the acl role")
+ private String domainName;
+
+ @SerializedName(ApiConstants.ACCOUNT)
+ @Param(description = "the account owning the policy")
+ private String accountName;
+
+ @SerializedName(ApiConstants.ACL_MEMBER_ACCOUNTS)
+ @Param(description = "account names assigned to this acl group ")
+ private Set<String> accountNameList;
+
+ @SerializedName(ApiConstants.ACL_POLICIES)
+ @Param(description = "acl policies attached to this acl group ")
+ private Set<String> policyNameList;
+
+ public AclGroupResponse() {
+ accountNameList = new LinkedHashSet<String>();
+ policyNameList = new LinkedHashSet<String>();
+ }
+
+ @Override
+ public String getObjectId() {
+ return getId();
+ }
+
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ @Override
+ public void setDomainId(String domainId) {
+ this.domainId = domainId;
+ }
+
+ @Override
+ public void setDomainName(String domainName) {
+ this.domainName = domainName;
+ }
+
+ @Override
+ public void setAccountName(String accountName) {
+ this.accountName = accountName;
+
+ }
+
+ @Override
+ public void setProjectId(String projectId) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setProjectName(String projectName) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public String getDomainId() {
+ return domainId;
+ }
+
+ public String getDomainName() {
+ return domainName;
+ }
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public Set<String> getAccountNameList() {
+ return accountNameList;
+ }
+
+ public void setMemberAccounts(Set<String> accts) {
+ accountNameList = accts;
+ }
+
+ public void addMemberAccount(String acct) {
+ accountNameList.add(acct);
+ }
+
+ public void setPolicyList(Set<String> policies) {
+ policyNameList = policies;
+ }
+
+ public void addPolicy(String policy) {
+ policyNameList.add(policy);
+ }
+
+ public Set<String> getPolicyList() {
+ return policyNameList;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((id == null) ? 0 : id.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ AclGroupResponse other = (AclGroupResponse)obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ return true;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
new file mode 100644
index 0000000..68b4df9
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
@@ -0,0 +1,125 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+
+import com.cloud.serializer.Param;
+
+public class AclPermissionResponse extends BaseResponse {
+
+ @SerializedName(ApiConstants.ACL_ACTION)
+ @Param(description = "action of this permission")
+ private String action;
+
+ @SerializedName(ApiConstants.ENTITY_TYPE)
+ @Param(description = "the entity type of this permission")
+ private IAMEntityType entityType;
+
+ @SerializedName(ApiConstants.ACL_SCOPE)
+ @Param(description = "scope of this permission")
+ private PermissionScope scope;
+
+ @SerializedName(ApiConstants.ACL_SCOPE_ID)
+ @Param(description = "scope id of this permission")
+ private Long scopeId;
+
+ @SerializedName(ApiConstants.ACL_ALLOW_DENY)
+ @Param(description = "allow or deny of this permission")
+ private AclPolicyPermission.Permission permission;
+
+ public IAMEntityType getEntityType() {
+ return entityType;
+ }
+
+ public void setEntityType(IAMEntityType entityType) {
+ this.entityType = entityType;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public PermissionScope getScope() {
+ return scope;
+ }
+
+ public void setScope(PermissionScope scope) {
+ this.scope = scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+ public void setScopeId(Long scopeId) {
+ this.scopeId = scopeId;
+ }
+
+ public AclPolicyPermission.Permission getPermission() {
+ return permission;
+ }
+
+ public void setPermission(AclPolicyPermission.Permission permission) {
+ this.permission = permission;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((action == null) ? 0 : action.hashCode());
+ result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
+ result = prime * result + ((scope == null) ? 0 : scope.hashCode());
+ result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ AclPermissionResponse other = (AclPermissionResponse) obj;
+ if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
+ return false;
+ } else if ((action == null && other.action != null) || !action.equals(other.action)) {
+ return false;
+ } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
+ return false;
+ } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
+ return false;
+ }
+ return true;
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
new file mode 100644
index 0000000..12d90de
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
@@ -0,0 +1,177 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+import org.apache.cloudstack.iam.api.AclPolicy;
+
+import com.cloud.serializer.Param;
+
+@SuppressWarnings("unused")
+@EntityReference(value = AclPolicy.class)
+public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
+
+ @SerializedName(ApiConstants.ID)
+ @Param(description = "the ID of the acl policy")
+ private String id;
+
+ @SerializedName(ApiConstants.NAME)
+ @Param(description = "the name of the acl policy")
+ private String name;
+
+ @SerializedName(ApiConstants.DESCRIPTION)
+ @Param(description = "the description of the acl policy")
+ private String description;
+
+ @SerializedName(ApiConstants.DOMAIN_ID)
+ @Param(description = "the domain ID of the acl policy")
+ private String domainId;
+
+ @SerializedName(ApiConstants.DOMAIN)
+ @Param(description = "the domain name of the acl policy")
+ private String domainName;
+
+ @SerializedName(ApiConstants.ACCOUNT)
+ @Param(description = "the account owning the policy")
+ private String accountName;
+
+ @SerializedName(ApiConstants.ACL_PERMISSIONS)
+ @Param(description = "set of permissions for the acl policy")
+ private Set<AclPermissionResponse> permissionList;
+
+ public AclPolicyResponse() {
+ permissionList = new LinkedHashSet<AclPermissionResponse>();
+ }
+
+ @Override
+ public String getObjectId() {
+ return getId();
+ }
+
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ @Override
+ public void setDomainId(String domainId) {
+ this.domainId = domainId;
+ }
+
+ @Override
+ public void setDomainName(String domainName) {
+ this.domainName = domainName;
+ }
+
+ public Set<AclPermissionResponse> getPermissionList() {
+ return permissionList;
+ }
+
+ public void setPermissionList(Set<AclPermissionResponse> perms) {
+ permissionList = perms;
+ }
+
+ public void addPermission(AclPermissionResponse perm) {
+ permissionList.add(perm);
+ }
+
+ @Override
+ public void setAccountName(String accountName) {
+ this.accountName = accountName;
+ }
+
+ @Override
+ public void setProjectId(String projectId) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setProjectName(String projectName) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public String getDomainId() {
+ return domainId;
+ }
+
+ public String getDomainName() {
+ return domainName;
+ }
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((id == null) ? 0 : id.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ AclPolicyResponse other = (AclPolicyResponse) obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ return true;
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
new file mode 100644
index 0000000..0cb1e22
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
@@ -0,0 +1,84 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.List;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.iam.api.AclGroup;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+
+import com.cloud.user.Account;
+import com.cloud.utils.component.PluggableService;
+
+public interface AclApiService extends PluggableService {
+
+ /* ACL group related interfaces */
+ AclGroup createAclGroup(Account caller, String aclGroupName, String description);
+
+ boolean deleteAclGroup(Long aclGroupId);
+
+ List<AclGroup> listAclGroups(long accountId);
+
+ AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
+
+ AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
+
+ /* ACL Policy related interfaces */
+ AclPolicy createAclPolicy(Account caller, String aclPolicyName, String description, Long parentPolicyId);
+
+ boolean deleteAclPolicy(long aclPolicyId);
+
+ List<AclPolicy> listAclPolicies(long accountId);
+
+ AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
+
+ AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
+
+ void attachAclPolicyToAccounts(Long policyId, List<Long> accountIds);
+
+ void removeAclPolicyFromAccounts(Long policyId, List<Long> accountIds);
+
+ AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId,
+ String action, Permission perm, Boolean recursive);
+
+ AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
+
+ AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
+
+ /* Utility routine to grant/revoke invidivual resource to list of accounts */
+ void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
+
+ void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
+
+ /* Response Generation */
+ AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
+
+ AclGroupResponse createAclGroupResponse(AclGroup group);
+
+ ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
+ Long domainId, Long startIndex, Long pageSize);
+
+ ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
+ Long domainId, Long startIndex, Long pageSize);
+}
[10/18] iam/plugin: Rename Acl to IAM everywhere
Posted by pr...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index c20989c..02da7c3 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -25,17 +25,17 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMService;
-import org.apache.cloudstack.iam.server.dao.AclAccountPolicyMapDao;
-import org.apache.cloudstack.iam.server.dao.AclGroupAccountMapDao;
-import org.apache.cloudstack.iam.server.dao.AclGroupDao;
-import org.apache.cloudstack.iam.server.dao.AclGroupPolicyMapDao;
-import org.apache.cloudstack.iam.server.dao.AclPolicyDao;
-import org.apache.cloudstack.iam.server.dao.AclPolicyPermissionDao;
+import org.apache.cloudstack.iam.server.dao.IAMAccountPolicyMapDao;
+import org.apache.cloudstack.iam.server.dao.IAMGroupAccountMapDao;
+import org.apache.cloudstack.iam.server.dao.IAMGroupDao;
+import org.apache.cloudstack.iam.server.dao.IAMGroupPolicyMapDao;
+import org.apache.cloudstack.iam.server.dao.IAMPolicyDao;
+import org.apache.cloudstack.iam.server.dao.IAMPolicyPermissionDao;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.utils.Pair;
@@ -62,37 +62,37 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
private String _name;
@Inject
- AclPolicyDao _aclPolicyDao;
+ IAMPolicyDao _aclPolicyDao;
@Inject
- AclGroupDao _aclGroupDao;
+ IAMGroupDao _aclGroupDao;
@Inject
EntityManager _entityMgr;
@Inject
- AclGroupPolicyMapDao _aclGroupPolicyMapDao;
+ IAMGroupPolicyMapDao _aclGroupPolicyMapDao;
@Inject
- AclAccountPolicyMapDao _aclAccountPolicyMapDao;
+ IAMAccountPolicyMapDao _aclAccountPolicyMapDao;
@Inject
- AclGroupAccountMapDao _aclGroupAccountMapDao;
+ IAMGroupAccountMapDao _aclGroupAccountMapDao;
@Inject
- AclPolicyPermissionDao _policyPermissionDao;
+ IAMPolicyPermissionDao _policyPermissionDao;
@DB
@Override
- public AclGroup createAclGroup(String aclGroupName, String description, String path) {
+ public IAMGroup createAclGroup(String aclGroupName, String description, String path) {
// check if the group is already existing
- AclGroup grp = _aclGroupDao.findByName(path, aclGroupName);
+ IAMGroup grp = _aclGroupDao.findByName(path, aclGroupName);
if (grp != null) {
throw new InvalidParameterValueException(
"Unable to create acl group with name " + aclGroupName
+ " already exisits for path " + path);
}
- AclGroupVO rvo = new AclGroupVO(aclGroupName, description);
+ IAMGroupVO rvo = new IAMGroupVO(aclGroupName, description);
rvo.setPath(path);
return _aclGroupDao.persist(rvo);
@@ -102,7 +102,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public boolean deleteAclGroup(final Long aclGroupId) {
// get the Acl Group entity
- final AclGroup grp = _aclGroupDao.findById(aclGroupId);
+ final IAMGroup grp = _aclGroupDao.findById(aclGroupId);
if (grp == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + aclGroupId
+ "; failed to delete acl group.");
@@ -112,17 +112,17 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove this group related entry in acl_group_role_map
- List<AclGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByGroupId(grp.getId());
+ List<IAMGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByGroupId(grp.getId());
if (groupPolicyMap != null) {
- for (AclGroupPolicyMapVO gr : groupPolicyMap) {
+ for (IAMGroupPolicyMapVO gr : groupPolicyMap) {
_aclGroupPolicyMapDao.remove(gr.getId());
}
}
// remove this group related entry in acl_group_account table
- List<AclGroupAccountMapVO> groupAcctMap = _aclGroupAccountMapDao.listByGroupId(grp.getId());
+ List<IAMGroupAccountMapVO> groupAcctMap = _aclGroupAccountMapDao.listByGroupId(grp.getId());
if (groupAcctMap != null) {
- for (AclGroupAccountMapVO grpAcct : groupAcctMap) {
+ for (IAMGroupAccountMapVO grpAcct : groupAcctMap) {
_aclGroupAccountMapDao.remove(grpAcct.getId());
}
}
@@ -137,9 +137,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclGroup> listAclGroups(long accountId) {
+ public List<IAMGroup> listAclGroups(long accountId) {
- GenericSearchBuilder<AclGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class);
+ GenericSearchBuilder<IAMGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class);
groupSB.selectFields(groupSB.entity().getAclGroupId());
groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ);
SearchCriteria<Long> groupSc = groupSB.create();
@@ -147,9 +147,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
List<Long> groupIds = _aclGroupAccountMapDao.customSearch(groupSc, null);
- SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
+ SearchBuilder<IAMGroupVO> sb = _aclGroupDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
- SearchCriteria<AclGroupVO> sc = sb.create();
+ SearchCriteria<IAMGroupVO> sc = sb.create();
sc.setParameters("ids", groupIds.toArray(new Object[groupIds.size()]));
@SuppressWarnings("rawtypes")
List groups = _aclGroupDao.search(sc, null);
@@ -158,9 +158,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
+ public IAMGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
// get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
+ IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId
+ "; failed to add accounts to acl group.");
@@ -172,10 +172,10 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
// add entries in acl_group_account_map table
for (Long acctId : acctIds) {
// check account permissions
- AclGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
+ IAMGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
if (grMap == null) {
// not there already
- grMap = new AclGroupAccountMapVO(groupId, acctId);
+ grMap = new IAMGroupAccountMapVO(groupId, acctId);
_aclGroupAccountMapDao.persist(grMap);
}
}
@@ -186,9 +186,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
+ public IAMGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
// get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
+ IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId
+ "; failed to remove accounts from acl group.");
@@ -199,7 +199,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove entries from acl_group_account_map table
for (Long acctId : acctIds) {
- AclGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
+ IAMGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
if (grMap != null) {
// not removed yet
_aclGroupAccountMapDao.remove(grMap.getId());
@@ -212,35 +212,35 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public List<Long> listAccountsByGroup(long groupId) {
- List<AclGroupAccountMapVO> grpAcctMap = _aclGroupAccountMapDao.listByGroupId(groupId);
+ List<IAMGroupAccountMapVO> grpAcctMap = _aclGroupAccountMapDao.listByGroupId(groupId);
if (grpAcctMap == null || grpAcctMap.size() == 0) {
return new ArrayList<Long>();
}
List<Long> accts = new ArrayList<Long>();
- for (AclGroupAccountMapVO grpAcct : grpAcctMap) {
+ for (IAMGroupAccountMapVO grpAcct : grpAcctMap) {
accts.add(grpAcct.getAccountId());
}
return accts;
}
@Override
- public Pair<List<AclGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) {
+ public Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) {
if (aclGroupId != null) {
- AclGroup group = _aclGroupDao.findById(aclGroupId);
+ IAMGroup group = _aclGroupDao.findById(aclGroupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId);
}
}
- Filter searchFilter = new Filter(AclGroupVO.class, "id", true, startIndex, pageSize);
+ Filter searchFilter = new Filter(IAMGroupVO.class, "id", true, startIndex, pageSize);
- SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
+ SearchBuilder<IAMGroupVO> sb = _aclGroupDao.createSearchBuilder();
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
- SearchCriteria<AclGroupVO> sc = sb.create();
+ SearchCriteria<IAMGroupVO> sc = sb.create();
if (aclGroupName != null) {
sc.setParameters("name", aclGroupName);
@@ -252,13 +252,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sc.setParameters("path", path + "%");
- Pair<List<AclGroupVO>, Integer> groups = _aclGroupDao.searchAndCount(sc, searchFilter);
- return new Pair<List<AclGroup>, Integer>(new ArrayList<AclGroup>(groups.first()), groups.second());
+ Pair<List<IAMGroupVO>, Integer> groups = _aclGroupDao.searchAndCount(sc, searchFilter);
+ return new Pair<List<IAMGroup>, Integer>(new ArrayList<IAMGroup>(groups.first()), groups.second());
}
@Override
- public List<AclGroup> listParentAclGroups(long groupId) {
- AclGroup group = _aclGroupDao.findById(groupId);
+ public List<IAMGroup> listParentAclGroups(long groupId) {
+ IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + groupId);
}
@@ -277,45 +277,45 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
if (pathList.isEmpty()) {
- return new ArrayList<AclGroup>();
+ return new ArrayList<IAMGroup>();
}
- SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
+ SearchBuilder<IAMGroupVO> sb = _aclGroupDao.createSearchBuilder();
sb.and("paths", sb.entity().getPath(), SearchCriteria.Op.IN);
- SearchCriteria<AclGroupVO> sc = sb.create();
+ SearchCriteria<IAMGroupVO> sc = sb.create();
sc.setParameters("paths", pathList.toArray());
- List<AclGroupVO> groups = _aclGroupDao.search(sc, null);
+ List<IAMGroupVO> groups = _aclGroupDao.search(sc, null);
- return new ArrayList<AclGroup>(groups);
+ return new ArrayList<IAMGroup>(groups);
}
@DB
@Override
- public AclPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) {
+ public IAMPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) {
// check if the policy is already existing
- AclPolicy ro = _aclPolicyDao.findByName(aclPolicyName);
+ IAMPolicy ro = _aclPolicyDao.findByName(aclPolicyName);
if (ro != null) {
throw new InvalidParameterValueException(
"Unable to create acl policy with name " + aclPolicyName
+ " already exisits");
}
- AclPolicy role = Transaction.execute(new TransactionCallback<AclPolicy>() {
+ IAMPolicy role = Transaction.execute(new TransactionCallback<IAMPolicy>() {
@Override
- public AclPolicy doInTransaction(TransactionStatus status) {
- AclPolicyVO rvo = new AclPolicyVO(aclPolicyName, description);
+ public IAMPolicy doInTransaction(TransactionStatus status) {
+ IAMPolicyVO rvo = new IAMPolicyVO(aclPolicyName, description);
rvo.setPath(path);
- AclPolicy role = _aclPolicyDao.persist(rvo);
+ IAMPolicy role = _aclPolicyDao.persist(rvo);
if (parentPolicyId != null) {
// copy parent role permissions
- List<AclPolicyPermissionVO> perms = _policyPermissionDao.listByPolicy(parentPolicyId);
+ List<IAMPolicyPermissionVO> perms = _policyPermissionDao.listByPolicy(parentPolicyId);
if (perms != null) {
- for (AclPolicyPermissionVO perm : perms) {
+ for (IAMPolicyPermissionVO perm : perms) {
perm.setAclPolicyId(role.getId());
_policyPermissionDao.persist(perm);
}
@@ -333,7 +333,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public boolean deleteAclPolicy(final long aclPolicyId) {
// get the Acl Policy entity
- final AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ final IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ "; failed to delete acl policy.");
@@ -343,25 +343,25 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove this role related entry in acl_group_role_map
- List<AclGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByPolicyId(policy.getId());
+ List<IAMGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByPolicyId(policy.getId());
if (groupPolicyMap != null) {
- for (AclGroupPolicyMapVO gr : groupPolicyMap) {
+ for (IAMGroupPolicyMapVO gr : groupPolicyMap) {
_aclGroupPolicyMapDao.remove(gr.getId());
}
}
// remove this policy related entry in acl_account_policy_map table
- List<AclAccountPolicyMapVO> policyAcctMap = _aclAccountPolicyMapDao.listByPolicyId(policy.getId());
+ List<IAMAccountPolicyMapVO> policyAcctMap = _aclAccountPolicyMapDao.listByPolicyId(policy.getId());
if (policyAcctMap != null) {
- for (AclAccountPolicyMapVO policyAcct : policyAcctMap) {
+ for (IAMAccountPolicyMapVO policyAcct : policyAcctMap) {
_aclAccountPolicyMapDao.remove(policyAcct.getId());
}
}
// remove this policy related entry in acl_policy_permission table
- List<AclPolicyPermissionVO> policyPermMap = _policyPermissionDao.listByPolicy(policy.getId());
+ List<IAMPolicyPermissionVO> policyPermMap = _policyPermissionDao.listByPolicy(policy.getId());
if (policyPermMap != null) {
- for (AclPolicyPermissionVO policyPerm : policyPermMap) {
+ for (IAMPolicyPermissionVO policyPerm : policyPermMap) {
_policyPermissionDao.remove(policyPerm.getId());
}
}
@@ -377,13 +377,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclPolicy> listAclPolicies(long accountId) {
+ public List<IAMPolicy> listAclPolicies(long accountId) {
// static policies of the account
- SearchBuilder<AclGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
+ SearchBuilder<IAMGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ);
- GenericSearchBuilder<AclGroupPolicyMapVO, Long> policySB = _aclGroupPolicyMapDao.createSearchBuilder(Long.class);
+ GenericSearchBuilder<IAMGroupPolicyMapVO, Long> policySB = _aclGroupPolicyMapDao.createSearchBuilder(Long.class);
policySB.selectFields(policySB.entity().getAclPolicyId());
policySB.join("accountgroupjoin", groupSB, groupSB.entity().getAclGroupId(), policySB.entity().getAclGroupId(),
JoinType.INNER);
@@ -393,16 +393,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
List<Long> policyIds = _aclGroupPolicyMapDao.customSearch(policySc, null);
// add policies directly attached to the account
- List<AclAccountPolicyMapVO> acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId);
- for (AclAccountPolicyMapVO p : acctPolicies) {
+ List<IAMAccountPolicyMapVO> acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId);
+ for (IAMAccountPolicyMapVO p : acctPolicies) {
policyIds.add(p.getAclPolicyId());
}
if (policyIds.size() == 0) {
- return new ArrayList<AclPolicy>();
+ return new ArrayList<IAMPolicy>();
}
- SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
- SearchCriteria<AclPolicyVO> sc = sb.create();
+ SearchCriteria<IAMPolicyVO> sc = sb.create();
sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
@SuppressWarnings("rawtypes")
List policies = _aclPolicyDao.customSearch(sc, null);
@@ -413,20 +413,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclPolicy> listAclPoliciesByGroup(long groupId) {
- List<AclGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
+ public List<IAMPolicy> listAclPoliciesByGroup(long groupId) {
+ List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
- return new ArrayList<AclPolicy>();
+ return new ArrayList<IAMPolicy>();
}
List<Long> policyIds = new ArrayList<Long>();
- for (AclGroupPolicyMapVO pg : policyGrpMap) {
+ for (IAMGroupPolicyMapVO pg : policyGrpMap) {
policyIds.add(pg.getAclPolicyId());
}
- SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
- SearchCriteria<AclPolicyVO> sc = sb.create();
+ SearchCriteria<IAMPolicyVO> sc = sb.create();
sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
@SuppressWarnings("rawtypes")
List policies = _aclPolicyDao.customSearch(sc, null);
@@ -436,26 +436,26 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclPolicy> listRecursiveAclPoliciesByGroup(long groupId) {
- List<AclGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
+ public List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId) {
+ List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
- return new ArrayList<AclPolicy>();
+ return new ArrayList<IAMPolicy>();
}
List<Long> policyIds = new ArrayList<Long>();
- for (AclGroupPolicyMapVO pg : policyGrpMap) {
+ for (IAMGroupPolicyMapVO pg : policyGrpMap) {
policyIds.add(pg.getAclPolicyId());
}
- SearchBuilder<AclPolicyPermissionVO> permSb = _policyPermissionDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyPermissionVO> permSb = _policyPermissionDao.createSearchBuilder();
permSb.and("isRecursive", permSb.entity().isRecursive(), Op.EQ);
- SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
sb.join("recursivePerm", permSb, sb.entity().getId(), permSb.entity().getAclPolicyId(),
JoinBuilder.JoinType.INNER);
- SearchCriteria<AclPolicyVO> sc = sb.create();
+ SearchCriteria<IAMPolicyVO> sc = sb.create();
sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
sc.setJoinParameters("recursivePerm", "isRecursive", true);
@@ -468,23 +468,23 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public Pair<List<AclPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
+ public Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
if (aclPolicyId != null) {
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId);
}
}
- Filter searchFilter = new Filter(AclPolicyVO.class, "id", true, startIndex, pageSize);
+ Filter searchFilter = new Filter(IAMPolicyVO.class, "id", true, startIndex, pageSize);
- SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
- SearchCriteria<AclPolicyVO> sc = sb.create();
+ SearchCriteria<IAMPolicyVO> sc = sb.create();
if (aclPolicyName != null) {
sc.setParameters("name", aclPolicyName);
@@ -496,17 +496,17 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sc.setParameters("path", path + "%");
- Pair<List<AclPolicyVO>, Integer> policies = _aclPolicyDao.searchAndCount(sc, searchFilter);
+ Pair<List<IAMPolicyVO>, Integer> policies = _aclPolicyDao.searchAndCount(sc, searchFilter);
@SuppressWarnings("rawtypes")
List policyList = policies.first();
- return new Pair<List<AclPolicy>, Integer>(policyList, policies.second());
+ return new Pair<List<IAMPolicy>, Integer>(policyList, policies.second());
}
@DB
@Override
- public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
+ public IAMGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
+ IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId
+ "; failed to add roles to acl group.");
@@ -517,16 +517,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_policy_map table
for (Long policyId : policyIds) {
- AclPolicy policy = _aclPolicyDao.findById(policyId);
+ IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
+ "; failed to add policies to acl group.");
}
- AclGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
+ IAMGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
if (grMap == null) {
// not there already
- grMap = new AclGroupPolicyMapVO(groupId, policyId);
+ grMap = new IAMGroupPolicyMapVO(groupId, policyId);
_aclGroupPolicyMapDao.persist(grMap);
}
}
@@ -538,9 +538,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
+ public IAMGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
+ IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId
+ "; failed to remove roles from acl group.");
@@ -551,13 +551,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_role_map table
for (Long policyId : policyIds) {
- AclPolicy policy = _aclPolicyDao.findById(policyId);
+ IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
+ "; failed to add policies to acl group.");
}
- AclGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
+ IAMGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
if (grMap != null) {
// not removed yet
_aclGroupPolicyMapDao.remove(grMap.getId());
@@ -571,7 +571,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void attachAclPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
- AclPolicy policy = _aclPolicyDao.findById(policyId);
+ IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
+ "; failed to add policy to account.");
@@ -582,10 +582,10 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_policy_map table
for (Long acctId : acctIds) {
- AclAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
+ IAMAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
if (acctMap == null) {
// not there already
- acctMap = new AclAccountPolicyMapVO(acctId, policyId);
+ acctMap = new IAMAccountPolicyMapVO(acctId, policyId);
_aclAccountPolicyMapDao.persist(acctMap);
}
}
@@ -595,7 +595,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> acctIds) {
- AclPolicy policy = _aclPolicyDao.findById(policyId);
+ IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
+ "; failed to add policy to account.");
@@ -606,10 +606,10 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_policy_map table
for (Long acctId : acctIds) {
- AclAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
+ IAMAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
if (acctMap == null) {
// not there already
- acctMap = new AclAccountPolicyMapVO(acctId, policyId);
+ acctMap = new IAMAccountPolicyMapVO(acctId, policyId);
_aclAccountPolicyMapDao.remove(acctMap.getId());
}
}
@@ -619,20 +619,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ public IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action, String accessType, Permission perm, Boolean recursive) {
// get the Acl Policy entity
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ "; failed to add permission to policy.");
}
// add entry in acl_policy_permission table
- AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
+ IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
if (permit == null) {
// not there already
- permit = new AclPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm,
+ permit = new IAMPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm,
recursive);
_policyPermissionDao.persist(permit);
}
@@ -642,16 +642,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ public IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action) {
// get the Acl Policy entity
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ "; failed to revoke permission from policy.");
}
// remove entry from acl_entity_permission table
- AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, Permission.Allow);
+ IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, Permission.Allow);
if (permit != null) {
// not removed yet
_policyPermissionDao.remove(permit.getId());
@@ -666,8 +666,8 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove entry from acl_entity_permission table
- List<AclPolicyPermissionVO> permitList = _policyPermissionDao.listByEntity(entityType, entityId);
- for (AclPolicyPermissionVO permit : permitList) {
+ List<IAMPolicyPermissionVO> permitList = _policyPermissionDao.listByEntity(entityType, entityId);
+ for (IAMPolicyPermissionVO permit : permitList) {
long policyId = permit.getAclPolicyId();
_policyPermissionDao.remove(permit.getId());
@@ -682,19 +682,19 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public AclPolicy resetAclPolicy(long aclPolicyId) {
+ public IAMPolicy resetAclPolicy(long aclPolicyId) {
// get the Acl Policy entity
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ "; failed to reset the policy.");
}
- SearchBuilder<AclPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
sb.and("policyId", sb.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ);
sb.done();
- SearchCriteria<AclPolicyPermissionVO> permissionSC = sb.create();
+ SearchCriteria<IAMPolicyPermissionVO> permissionSC = sb.create();
permissionSC.setParameters("policyId", aclPolicyId);
_policyPermissionDao.expunge(permissionSC);
@@ -702,7 +702,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public boolean isActionAllowedForPolicies(String action, List<AclPolicy> policies) {
+ public boolean isActionAllowedForPolicies(String action, List<IAMPolicy> policies) {
boolean allowed = false;
@@ -711,19 +711,19 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
List<Long> policyIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
+ for (IAMPolicy policy : policies) {
policyIds.add(policy.getId());
}
- SearchBuilder<AclPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
sb.and("action", sb.entity().getAction(), Op.EQ);
sb.and("policyId", sb.entity().getAclPolicyId(), Op.IN);
- SearchCriteria<AclPolicyPermissionVO> sc = sb.create();
+ SearchCriteria<IAMPolicyPermissionVO> sc = sb.create();
sc.setParameters("policyId", policyIds.toArray(new Object[policyIds.size()]));
sc.setParameters("action", action);
- List<AclPolicyPermissionVO> permissions = _policyPermissionDao.customSearch(sc, null);
+ List<IAMPolicyPermissionVO> permissions = _policyPermissionDao.customSearch(sc, null);
if (permissions != null && !permissions.isEmpty()) {
allowed = true;
@@ -736,14 +736,14 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public List<Long> getGrantedEntities(long accountId, String action, String scope) {
// Get the static Policies of the Caller
- List<AclPolicy> policies = listAclPolicies(accountId);
+ List<IAMPolicy> policies = listAclPolicies(accountId);
// for each policy, find granted permission within the given scope
List<Long> entityIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action,
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action,
scope);
if (pp != null) {
- for (AclPolicyPermissionVO p : pp) {
+ for (IAMPolicyPermissionVO p : pp) {
if (p.getScopeId() != null) {
entityIds.add(p.getScopeId());
}
@@ -755,7 +755,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
@SuppressWarnings("unchecked")
- public List<AclPolicyPermission> listPolicyPermissions(long policyId) {
+ public List<IAMPolicyPermission> listPolicyPermissions(long policyId) {
@SuppressWarnings("rawtypes")
List pp = _policyPermissionDao.listByPolicy(policyId);
return pp;
@@ -763,7 +763,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope) {
+ public List<IAMPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope) {
@SuppressWarnings("rawtypes")
List pp = _policyPermissionDao.listGrantedByActionAndScope(policyId, action, scope);
return pp;
@@ -771,7 +771,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclPolicyPermission> listPolicyPermissionByActionAndEntity(long policyId, String action,
+ public List<IAMPolicyPermission> listPolicyPermissionByActionAndEntity(long policyId, String action,
String entityType) {
@SuppressWarnings("rawtypes")
List pp = _policyPermissionDao.listByPolicyActionAndEntity(policyId, action, entityType);
@@ -780,7 +780,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
+ public List<IAMPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
String entityType) {
@SuppressWarnings("rawtypes")
List pp = _policyPermissionDao.listByPolicyAccessAndEntity(policyId, accessType, entityType);
@@ -788,19 +788,19 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public AclPolicy getResourceOwnerPolicy() {
+ public IAMPolicy getResourceOwnerPolicy() {
return _aclPolicyDao.findByName("RESOURCE_OWNER");
}
// search for policy with only one resource grant permission
@Override
- public AclPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action) {
- List<AclPolicyVO> policyList = _aclPolicyDao.listAll();
- for (AclPolicyVO policy : policyList){
- List<AclPolicyPermission> pp = listPolicyPermissions(policy.getId());
+ public IAMPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action) {
+ List<IAMPolicyVO> policyList = _aclPolicyDao.listAll();
+ for (IAMPolicyVO policy : policyList){
+ List<IAMPolicyPermission> pp = listPolicyPermissions(policy.getId());
if ( pp != null && pp.size() == 1){
// resource grant policy should only have one ACL permission assigned
- AclPolicyPermission permit = pp.get(0);
+ IAMPolicyPermission permit = pp.get(0);
if ( permit.getEntityType().equals(entityType) && permit.getScope().equals(PermissionScope.RESOURCE.toString()) && permit.getScopeId().longValue() == entityId.longValue()){
if (accessType != null && permit.getAccessType().equals(accessType)){
return policy;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDao.java
deleted file mode 100644
index 83b8147..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDao.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-
-import org.apache.cloudstack.iam.server.AclAccountPolicyMapVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclAccountPolicyMapDao extends GenericDao<AclAccountPolicyMapVO, Long> {
-
- List<AclAccountPolicyMapVO> listByAccountId(long acctId);
-
- List<AclAccountPolicyMapVO> listByPolicyId(long policyId);
-
- AclAccountPolicyMapVO findByAccountAndPolicy(long acctId, long policyId);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDaoImpl.java
deleted file mode 100644
index 51091a6..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDaoImpl.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.iam.server.AclAccountPolicyMapVO;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-public class AclAccountPolicyMapDaoImpl extends GenericDaoBase<AclAccountPolicyMapVO, Long> implements AclAccountPolicyMapDao {
-
- private SearchBuilder<AclAccountPolicyMapVO> ListByAccountId;
- private SearchBuilder<AclAccountPolicyMapVO> ListByPolicyId;
- private SearchBuilder<AclAccountPolicyMapVO> findByPolicyAccountId;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- ListByAccountId = createSearchBuilder();
- ListByAccountId.and("accountId", ListByAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
- ListByAccountId.done();
-
- ListByPolicyId = createSearchBuilder();
- ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- ListByPolicyId.done();
-
- findByPolicyAccountId = createSearchBuilder();
- findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- findByPolicyAccountId.and("accountId", findByPolicyAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
- findByPolicyAccountId.done();
-
- return true;
- }
-
- @Override
- public List<AclAccountPolicyMapVO> listByAccountId(long acctId) {
- SearchCriteria<AclAccountPolicyMapVO> sc = ListByAccountId.create();
- sc.setParameters("accountId", acctId);
- return listBy(sc);
- }
-
- @Override
- public List<AclAccountPolicyMapVO> listByPolicyId(long policyId) {
- SearchCriteria<AclAccountPolicyMapVO> sc = ListByPolicyId.create();
- sc.setParameters("policyId", policyId);
- return listBy(sc);
- }
-
- @Override
- public AclAccountPolicyMapVO findByAccountAndPolicy(long acctId, long policyId) {
- SearchCriteria<AclAccountPolicyMapVO> sc = findByPolicyAccountId.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("accountId", acctId);
- return findOneBy(sc);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDao.java
deleted file mode 100644
index 58f69c3..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDao.java
+++ /dev/null
@@ -1,40 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-
-import org.apache.cloudstack.iam.server.AclGroupAccountMapVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclGroupAccountMapDao extends GenericDao<AclGroupAccountMapVO, Long> {
-
- List<AclGroupAccountMapVO> listByGroupId(long groupId);
-
- List<AclGroupAccountMapVO> listByAccountId(long accountId);
-
- AclGroupAccountMapVO findAccountInAdminGroup(long accountId);
-
- AclGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId);
-
- void removeAccountFromGroups(long accountId);
-
- AclGroupAccountMapVO findAccountInDomainAdminGroup(long accountId);
-
- AclGroupAccountMapVO findAccountInUserGroup(long accountId);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDaoImpl.java
deleted file mode 100644
index 32ce64a..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDaoImpl.java
+++ /dev/null
@@ -1,119 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.iam.server.AclGroupAccountMapVO;
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMapVO, Long> implements AclGroupAccountMapDao {
- private SearchBuilder<AclGroupAccountMapVO> ListByGroupId;
- private SearchBuilder<AclGroupAccountMapVO> ListByAccountId;
- private SearchBuilder<AclGroupAccountMapVO> _findByAccountAndGroupId;
-
- public static final Logger s_logger = Logger.getLogger(AclGroupAccountMapDaoImpl.class.getName());
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- ListByGroupId = createSearchBuilder();
- ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
- ListByGroupId.done();
-
- ListByAccountId = createSearchBuilder();
- ListByAccountId.and("accountId", ListByAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
- ListByAccountId.done();
-
- _findByAccountAndGroupId = createSearchBuilder();
- _findByAccountAndGroupId
- .and("groupId", _findByAccountAndGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
- _findByAccountAndGroupId.and("accountId", _findByAccountAndGroupId.entity().getAccountId(),
- SearchCriteria.Op.EQ);
- _findByAccountAndGroupId.done();
-
- return true;
- }
-
- @Override
- public List<AclGroupAccountMapVO> listByGroupId(long groupId) {
- SearchCriteria<AclGroupAccountMapVO> sc = ListByGroupId.create();
- sc.setParameters("groupId", groupId);
- return listBy(sc);
- }
-
- @Override
- public List<AclGroupAccountMapVO> listByAccountId(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = ListByAccountId.create();
- sc.setParameters("accountId", accountId);
- return listBy(sc);
- }
-
- @Override
- public AclGroupAccountMapVO findAccountInAdminGroup(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
- sc.setParameters("accountId", accountId);
- sc.setParameters("groupId", 2);
- return findOneBy(sc);
- }
-
- @Override
- public AclGroupAccountMapVO findAccountInDomainAdminGroup(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
- sc.setParameters("accountId", accountId);
- sc.setParameters("groupId", 3);
- return findOneBy(sc);
- }
-
- @Override
- public AclGroupAccountMapVO findAccountInUserGroup(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
- sc.setParameters("accountId", accountId);
- sc.setParameters("groupId", 1);
- return findOneBy(sc);
- }
-
- @Override
- public AclGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId) {
- SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
- sc.setParameters("accountId", acctId);
- sc.setParameters("groupId", groupId);
- return findOneBy(sc);
- }
-
- @Override
- public void removeAccountFromGroups(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = ListByAccountId.create();
- sc.setParameters("accountId", accountId);
-
- int rowsRemoved = remove(sc);
- if (rowsRemoved > 0) {
- s_logger.debug("Removed account id=" + accountId + " from " + rowsRemoved + " groups");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDao.java
deleted file mode 100644
index aa62a0b..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDao.java
+++ /dev/null
@@ -1,28 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.server.AclGroupVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclGroupDao extends GenericDao<AclGroupVO, Long> {
-
- AclGroup findByName(String path, String groupName);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDaoImpl.java
deleted file mode 100644
index e091574..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDaoImpl.java
+++ /dev/null
@@ -1,59 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.server.AclGroupVO;
-import org.springframework.stereotype.Component;
-
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-public class AclGroupDaoImpl extends GenericDaoBase<AclGroupVO, Long> implements AclGroupDao {
- private SearchBuilder<AclGroupVO> nameSearch;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- nameSearch = createSearchBuilder();
- nameSearch.and("name", nameSearch.entity().getName(), SearchCriteria.Op.EQ);
- nameSearch.and("path", nameSearch.entity().getPath(), SearchCriteria.Op.EQ);
- nameSearch.done();
-
-
- return true;
- }
-
- @Override
- public AclGroup findByName(String path, String name) {
- SearchCriteria<AclGroupVO> sc = nameSearch.create();
- sc.setParameters("name", name);
- if (path != null) {
- sc.setParameters("path", path);
- }
- return findOneBy(sc);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDao.java
deleted file mode 100644
index a016fc5..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDao.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-
-import org.apache.cloudstack.iam.server.AclGroupPolicyMapVO;
-import com.cloud.utils.db.GenericDao;
-
-public interface AclGroupPolicyMapDao extends GenericDao<AclGroupPolicyMapVO, Long> {
-
- List<AclGroupPolicyMapVO> listByGroupId(long groupId);
-
- List<AclGroupPolicyMapVO> listByPolicyId(long policyId);
-
- AclGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDaoImpl.java
deleted file mode 100644
index 3ce2b8a..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDaoImpl.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.iam.server.AclGroupPolicyMapVO;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-public class AclGroupPolicyMapDaoImpl extends GenericDaoBase<AclGroupPolicyMapVO, Long> implements AclGroupPolicyMapDao {
-
- private SearchBuilder<AclGroupPolicyMapVO> ListByGroupId;
- private SearchBuilder<AclGroupPolicyMapVO> ListByPolicyId;
- private SearchBuilder<AclGroupPolicyMapVO> findByPolicyGroupId;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- ListByGroupId = createSearchBuilder();
- ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
- ListByGroupId.done();
-
- ListByPolicyId = createSearchBuilder();
- ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- ListByPolicyId.done();
-
- findByPolicyGroupId = createSearchBuilder();
- findByPolicyGroupId.and("policyId", findByPolicyGroupId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- findByPolicyGroupId.and("groupId", findByPolicyGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
- findByPolicyGroupId.done();
-
- return true;
- }
-
- @Override
- public List<AclGroupPolicyMapVO> listByGroupId(long groupId) {
- SearchCriteria<AclGroupPolicyMapVO> sc = ListByGroupId.create();
- sc.setParameters("groupId", groupId);
- return listBy(sc);
- }
-
- @Override
- public List<AclGroupPolicyMapVO> listByPolicyId(long policyId) {
- SearchCriteria<AclGroupPolicyMapVO> sc = ListByPolicyId.create();
- sc.setParameters("policyId", policyId);
- return listBy(sc);
- }
-
- @Override
- public AclGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId) {
- SearchCriteria<AclGroupPolicyMapVO> sc = findByPolicyGroupId.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("groupId", groupId);
- return findOneBy(sc);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDao.java
deleted file mode 100644
index a61c5de..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDao.java
+++ /dev/null
@@ -1,28 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.server.AclPolicyVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclPolicyDao extends GenericDao<AclPolicyVO, Long> {
-
- AclPolicy findByName(String policyName);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDaoImpl.java
deleted file mode 100644
index a1a81e6..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDaoImpl.java
+++ /dev/null
@@ -1,57 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.server.AclPolicyVO;
-import org.springframework.stereotype.Component;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-public class AclPolicyDaoImpl extends GenericDaoBase<AclPolicyVO, Long> implements AclPolicyDao {
- private SearchBuilder<AclPolicyVO> nameSearch;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- nameSearch = createSearchBuilder();
- nameSearch.and("name", nameSearch.entity().getName(), SearchCriteria.Op.EQ);
- // nameSearch.and("domainId", nameSearch.entity().getDomainId(),
- // SearchCriteria.Op.EQ);
- nameSearch.done();
-
-
- return true;
- }
-
- @Override
- public AclPolicy findByName(String name) {
- SearchCriteria<AclPolicyVO> sc = nameSearch.create();
- sc.setParameters("name", name);
-
- return findOneBy(sc);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
deleted file mode 100644
index 2a49243..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
+++ /dev/null
@@ -1,39 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-import java.util.List;
-
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.server.AclPolicyPermissionVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclPolicyPermissionDao extends GenericDao<AclPolicyPermissionVO, Long> {
-
- List<AclPolicyPermissionVO> listByPolicy(long policyId);
-
- AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId,
- String action, Permission perm);
-
- List<AclPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope);
-
- List<AclPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType);
-
- List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType, String entityType);
-
- List<AclPolicyPermissionVO> listByEntity(String entityType, Long entityId);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
deleted file mode 100644
index 054c8f1..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
+++ /dev/null
@@ -1,129 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.server.AclPolicyPermissionVO;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissionVO, Long> implements
- AclPolicyPermissionDao {
-
- private SearchBuilder<AclPolicyPermissionVO> policyIdSearch;
- private SearchBuilder<AclPolicyPermissionVO> fullSearch;
- private SearchBuilder<AclPolicyPermissionVO> actionScopeSearch;
- private SearchBuilder<AclPolicyPermissionVO> entitySearch;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- policyIdSearch = createSearchBuilder();
- policyIdSearch.and("policyId", policyIdSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- policyIdSearch.done();
-
- fullSearch = createSearchBuilder();
- fullSearch.and("policyId", fullSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- fullSearch.and("entityType", fullSearch.entity().getEntityType(), SearchCriteria.Op.EQ);
- fullSearch.and("scope", fullSearch.entity().getScope(), SearchCriteria.Op.EQ);
- fullSearch.and("scopeId", fullSearch.entity().getScopeId(), SearchCriteria.Op.EQ);
- fullSearch.and("action", fullSearch.entity().getAction(), SearchCriteria.Op.EQ);
- fullSearch.and("permission", fullSearch.entity().getPermission(), SearchCriteria.Op.EQ);
- fullSearch.and("accessType", fullSearch.entity().getAccessType(), SearchCriteria.Op.EQ);
- fullSearch.done();
-
- actionScopeSearch = createSearchBuilder();
- actionScopeSearch.and("policyId", actionScopeSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- actionScopeSearch.and("scope", actionScopeSearch.entity().getScope(), SearchCriteria.Op.EQ);
- actionScopeSearch.and("action", actionScopeSearch.entity().getAction(), SearchCriteria.Op.EQ);
- actionScopeSearch.and("permission", actionScopeSearch.entity().getPermission(), SearchCriteria.Op.EQ);
- actionScopeSearch.done();
-
- entitySearch = createSearchBuilder();
- entitySearch.and("entityType", entitySearch.entity().getEntityType(), SearchCriteria.Op.EQ);
- entitySearch.and("scopeId", entitySearch.entity().getScopeId(), SearchCriteria.Op.EQ);
- entitySearch.done();
-
- return true;
- }
-
- @Override
- public List<AclPolicyPermissionVO> listByPolicy(long policyId) {
- SearchCriteria<AclPolicyPermissionVO> sc = policyIdSearch.create();
- sc.setParameters("policyId", policyId);
- return listBy(sc);
- }
-
- @Override
- public AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId,
- String action, Permission perm) {
- SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("entityType", entityType);
- sc.setParameters("scope", scope);
- sc.setParameters("scopeId", scopeId);
- sc.setParameters("action", action);
- sc.setParameters("permission", perm);
- return findOneBy(sc);
- }
-
- @Override
- public List<AclPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope) {
- SearchCriteria<AclPolicyPermissionVO> sc = actionScopeSearch.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("action", action);
- sc.setParameters("scope", scope);
- sc.setParameters("permission", Permission.Allow);
- return listBy(sc);
- }
-
- @Override
- public List<AclPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType) {
- SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("entityType", entityType);
- sc.setParameters("action", action);
- return listBy(sc);
- }
-
- @Override
- public List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType,
- String entityType) {
- SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("entityType", entityType);
- sc.setParameters("accessType", accessType);
- return listBy(sc);
- }
-
- @Override
- public List<AclPolicyPermissionVO> listByEntity(String entityType, Long entityId) {
- SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
- sc.setParameters("entityType", entityType);
- sc.setParameters("scopeId", entityId);
- return listBy(sc);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java
new file mode 100644
index 0000000..4caf659
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java
@@ -0,0 +1,17 @@
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+
+import org.apache.cloudstack.iam.server.IAMAccountPolicyMapVO;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface IAMAccountPolicyMapDao extends GenericDao<IAMAccountPolicyMapVO, Long> {
+
+ List<IAMAccountPolicyMapVO> listByAccountId(long acctId);
+
+ List<IAMAccountPolicyMapVO> listByPolicyId(long policyId);
+
+ IAMAccountPolicyMapVO findByAccountAndPolicy(long acctId, long policyId);
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
new file mode 100644
index 0000000..883fd5c
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
@@ -0,0 +1,61 @@
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.iam.server.IAMAccountPolicyMapVO;
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+public class IAMAccountPolicyMapDaoImpl extends GenericDaoBase<IAMAccountPolicyMapVO, Long> implements IAMAccountPolicyMapDao {
+
+ private SearchBuilder<IAMAccountPolicyMapVO> ListByAccountId;
+ private SearchBuilder<IAMAccountPolicyMapVO> ListByPolicyId;
+ private SearchBuilder<IAMAccountPolicyMapVO> findByPolicyAccountId;
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ ListByAccountId = createSearchBuilder();
+ ListByAccountId.and("accountId", ListByAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
+ ListByAccountId.done();
+
+ ListByPolicyId = createSearchBuilder();
+ ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ ListByPolicyId.done();
+
+ findByPolicyAccountId = createSearchBuilder();
+ findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ findByPolicyAccountId.and("accountId", findByPolicyAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
+ findByPolicyAccountId.done();
+
+ return true;
+ }
+
+ @Override
+ public List<IAMAccountPolicyMapVO> listByAccountId(long acctId) {
+ SearchCriteria<IAMAccountPolicyMapVO> sc = ListByAccountId.create();
+ sc.setParameters("accountId", acctId);
+ return listBy(sc);
+ }
+
+ @Override
+ public List<IAMAccountPolicyMapVO> listByPolicyId(long policyId) {
+ SearchCriteria<IAMAccountPolicyMapVO> sc = ListByPolicyId.create();
+ sc.setParameters("policyId", policyId);
+ return listBy(sc);
+ }
+
+ @Override
+ public IAMAccountPolicyMapVO findByAccountAndPolicy(long acctId, long policyId) {
+ SearchCriteria<IAMAccountPolicyMapVO> sc = findByPolicyAccountId.create();
+ sc.setParameters("policyId", policyId);
+ sc.setParameters("accountId", acctId);
+ return findOneBy(sc);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDao.java
new file mode 100644
index 0000000..a94dbaa
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDao.java
@@ -0,0 +1,40 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+
+import org.apache.cloudstack.iam.server.IAMGroupAccountMapVO;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface IAMGroupAccountMapDao extends GenericDao<IAMGroupAccountMapVO, Long> {
+
+ List<IAMGroupAccountMapVO> listByGroupId(long groupId);
+
+ List<IAMGroupAccountMapVO> listByAccountId(long accountId);
+
+ IAMGroupAccountMapVO findAccountInAdminGroup(long accountId);
+
+ IAMGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId);
+
+ void removeAccountFromGroups(long accountId);
+
+ IAMGroupAccountMapVO findAccountInDomainAdminGroup(long accountId);
+
+ IAMGroupAccountMapVO findAccountInUserGroup(long accountId);
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDaoImpl.java
new file mode 100644
index 0000000..4bb5d1a
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDaoImpl.java
@@ -0,0 +1,119 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.iam.server.IAMGroupAccountMapVO;
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
+
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+@Component
+public class IAMGroupAccountMapDaoImpl extends GenericDaoBase<IAMGroupAccountMapVO, Long> implements IAMGroupAccountMapDao {
+ private SearchBuilder<IAMGroupAccountMapVO> ListByGroupId;
+ private SearchBuilder<IAMGroupAccountMapVO> ListByAccountId;
+ private SearchBuilder<IAMGroupAccountMapVO> _findByAccountAndGroupId;
+
+ public static final Logger s_logger = Logger.getLogger(IAMGroupAccountMapDaoImpl.class.getName());
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ ListByGroupId = createSearchBuilder();
+ ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
+ ListByGroupId.done();
+
+ ListByAccountId = createSearchBuilder();
+ ListByAccountId.and("accountId", ListByAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
+ ListByAccountId.done();
+
+ _findByAccountAndGroupId = createSearchBuilder();
+ _findByAccountAndGroupId
+ .and("groupId", _findByAccountAndGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
+ _findByAccountAndGroupId.and("accountId", _findByAccountAndGroupId.entity().getAccountId(),
+ SearchCriteria.Op.EQ);
+ _findByAccountAndGroupId.done();
+
+ return true;
+ }
+
+ @Override
+ public List<IAMGroupAccountMapVO> listByGroupId(long groupId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = ListByGroupId.create();
+ sc.setParameters("groupId", groupId);
+ return listBy(sc);
+ }
+
+ @Override
+ public List<IAMGroupAccountMapVO> listByAccountId(long accountId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = ListByAccountId.create();
+ sc.setParameters("accountId", accountId);
+ return listBy(sc);
+ }
+
+ @Override
+ public IAMGroupAccountMapVO findAccountInAdminGroup(long accountId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
+ sc.setParameters("accountId", accountId);
+ sc.setParameters("groupId", 2);
+ return findOneBy(sc);
+ }
+
+ @Override
+ public IAMGroupAccountMapVO findAccountInDomainAdminGroup(long accountId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
+ sc.setParameters("accountId", accountId);
+ sc.setParameters("groupId", 3);
+ return findOneBy(sc);
+ }
+
+ @Override
+ public IAMGroupAccountMapVO findAccountInUserGroup(long accountId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
+ sc.setParameters("accountId", accountId);
+ sc.setParameters("groupId", 1);
+ return findOneBy(sc);
+ }
+
+ @Override
+ public IAMGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
+ sc.setParameters("accountId", acctId);
+ sc.setParameters("groupId", groupId);
+ return findOneBy(sc);
+ }
+
+ @Override
+ public void removeAccountFromGroups(long accountId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = ListByAccountId.create();
+ sc.setParameters("accountId", accountId);
+
+ int rowsRemoved = remove(sc);
+ if (rowsRemoved > 0) {
+ s_logger.debug("Removed account id=" + accountId + " from " + rowsRemoved + " groups");
+ }
+ }
+}
[02/18] Renaming AclEntityType --> IAMEntityType
Posted by pr...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
index 965e12c..6a448ba 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.exception.ConcurrentOperationException;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class StopVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StopVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java
index 98c675b..6d32c96 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java
@@ -21,7 +21,7 @@ import java.util.EnumSet;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -41,7 +41,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "updateDefaultNicForVirtualMachine", description = "Changes the default NIC on a VM", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "updateDefaultNicForVirtualMachine", description = "Changes the default NIC on a VM", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class UpdateDefaultNicForVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateDefaultNicForVMCmd.class);
private static final String s_name = "updatedefaultnicforvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
index 28d7c0ea..4d74574 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.uservm.UserVm;
@APICommand(name = "updateVirtualMachine", description="Updates properties of a virtual machine. The VM has to be stopped and restarted for the " +
"new properties to take effect. UpdateVirtualMachine does not first check whether the VM is stopped. " +
- "Therefore, stop the VM manually before issuing this call.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+ "Therefore, stop the VM manually before issuing this call.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class UpdateVMCmd extends BaseCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVMCmd.class.getName());
private static final String s_name = "updatevirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
index 4ed7c43..ec06070 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
@@ -23,7 +23,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -45,7 +45,7 @@ import com.cloud.uservm.UserVm;
@APICommand(name = "changeServiceForVirtualMachine", responseObject=UserVmResponse.class, description="Changes the service offering for a virtual machine. " +
"The virtual machine must be in a \"Stopped\" state for " +
- "this command to take effect.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+ "this command to take effect.", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class UpgradeVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeVMCmd.class.getName());
private static final String s_name = "changeserviceforvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
index 07dd3d9..a8cca68 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vmgroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.vm.InstanceGroup;
-@APICommand(name = "createInstanceGroup", description = "Creates a vm group", responseObject = InstanceGroupResponse.class, entityType = { AclEntityType.InstanceGroup })
+@APICommand(name = "createInstanceGroup", description = "Creates a vm group", responseObject = InstanceGroupResponse.class, entityType = { IAMEntityType.InstanceGroup })
public class CreateVMGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateVMGroupCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java
index 08ea4b0..5b4ff8c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vmgroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.api.response.SuccessResponse;
import com.cloud.user.Account;
import com.cloud.vm.InstanceGroup;
-@APICommand(name = "deleteInstanceGroup", description = "Deletes a vm group", responseObject = SuccessResponse.class, entityType = { AclEntityType.InstanceGroup })
+@APICommand(name = "deleteInstanceGroup", description = "Deletes a vm group", responseObject = SuccessResponse.class, entityType = { IAMEntityType.InstanceGroup })
public class DeleteVMGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVMGroupCmd.class.getName());
private static final String s_name = "deleteinstancegroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java
index 5e5e3c6..99aeaf8 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vmgroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -26,7 +26,7 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.InstanceGroupResponse;
import org.apache.cloudstack.api.response.ListResponse;
-@APICommand(name = "listInstanceGroups", description = "Lists vm groups", responseObject = InstanceGroupResponse.class, entityType = { AclEntityType.InstanceGroup })
+@APICommand(name = "listInstanceGroups", description = "Lists vm groups", responseObject = InstanceGroupResponse.class, entityType = { IAMEntityType.InstanceGroup })
public class ListVMGroupsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVMGroupsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java
index 179b536..d2f3b46 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vmgroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.response.InstanceGroupResponse;
import com.cloud.user.Account;
import com.cloud.vm.InstanceGroup;
-@APICommand(name = "updateInstanceGroup", description = "Updates a vm group", responseObject = InstanceGroupResponse.class, entityType = { AclEntityType.InstanceGroup })
+@APICommand(name = "updateInstanceGroup", description = "Updates a vm group", responseObject = InstanceGroupResponse.class, entityType = { IAMEntityType.InstanceGroup })
public class UpdateVMGroupCmd extends BaseCmd {
private static final String s_name = "updateinstancegroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
index d8db778..8f0a8c8 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.vmsnapshot;
import java.util.logging.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.uservm.UserVm;
import com.cloud.vm.snapshot.VMSnapshot;
-@APICommand(name = "createVMSnapshot", description = "Creates snapshot for a vm.", responseObject = VMSnapshotResponse.class, since = "4.2.0", entityType = { AclEntityType.VMSnapshot })
+@APICommand(name = "createVMSnapshot", description = "Creates snapshot for a vm.", responseObject = VMSnapshotResponse.class, since = "4.2.0", entityType = { IAMEntityType.VMSnapshot })
public class CreateVMSnapshotCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateVMSnapshotCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
index c5b6f2a..063ff77 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.vmsnapshot;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.vm.snapshot.VMSnapshot;
-@APICommand(name = "deleteVMSnapshot", description = "Deletes a vmsnapshot.", responseObject = SuccessResponse.class, since = "4.2.0", entityType = { AclEntityType.VMSnapshot })
+@APICommand(name = "deleteVMSnapshot", description = "Deletes a vmsnapshot.", responseObject = SuccessResponse.class, since = "4.2.0", entityType = { IAMEntityType.VMSnapshot })
public class DeleteVMSnapshotCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVMSnapshotCmd.class.getName());
private static final String s_name = "deletevmsnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
index 527f32a..7faed63 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
@@ -20,7 +20,7 @@ package org.apache.cloudstack.api.command.user.vmsnapshot;
import java.util.ArrayList;
import java.util.List;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@ -31,7 +31,7 @@ import org.apache.cloudstack.api.response.VMSnapshotResponse;
import com.cloud.vm.snapshot.VMSnapshot;
-@APICommand(name = "listVMSnapshot", description = "List virtual machine snapshot by conditions", responseObject = VMSnapshotResponse.class, since = "4.2.0", entityType = { AclEntityType.VMSnapshot })
+@APICommand(name = "listVMSnapshot", description = "List virtual machine snapshot by conditions", responseObject = VMSnapshotResponse.class, since = "4.2.0", entityType = { IAMEntityType.VMSnapshot })
public class ListVMSnapshotCmd extends BaseListTaggedResourcesCmd {
private static final String s_name = "listvmsnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
index b69173a..9fdf2bc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
@@ -17,7 +17,7 @@
package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "attachVolume", description = "Attaches a disk volume to a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "attachVolume", description = "Attaches a disk volume to a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class AttachVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AttachVolumeCmd.class.getName());
private static final String s_name = "attachvolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
index a15971c..5939ca6 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -42,7 +42,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.storage.Snapshot;
import com.cloud.storage.Volume;
-@APICommand(name = "createVolume", responseObject = VolumeResponse.class, description = "Creates a disk volume from a disk offering. This disk volume must still be attached to a virtual machine to make use of it.", responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "createVolume", responseObject = VolumeResponse.class, description = "Creates a disk volume from a disk offering. This disk volume must still be attached to a virtual machine to make use of it.", responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class CreateVolumeCmd extends BaseAsyncCreateCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(CreateVolumeCmd.class.getName());
private static final String s_name = "createvolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
index a786d22..bb17bd9 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
@@ -17,7 +17,7 @@
package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -34,7 +34,7 @@ import com.cloud.exception.ConcurrentOperationException;
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "deleteVolume", description = "Deletes a detached disk volume.", responseObject = SuccessResponse.class, entityType = { AclEntityType.Volume })
+@APICommand(name = "deleteVolume", description = "Deletes a detached disk volume.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Volume })
public class DeleteVolumeCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVolumeCmd.class.getName());
private static final String s_name = "deletevolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
index ad1ac8d..c7419fc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
@@ -17,7 +17,7 @@
package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.storage.Volume;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "detachVolume", description = "Detaches a disk volume from a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "detachVolume", description = "Detaches a disk volume from a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class DetachVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DetachVolumeCmd.class.getName());
private static final String s_name = "detachvolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
index 750f84d..fef35dc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -39,7 +39,7 @@ import com.cloud.storage.Upload;
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "extractVolume", description = "Extracts volume", responseObject = ExtractResponse.class, entityType = { AclEntityType.Volume })
+@APICommand(name = "extractVolume", description = "Extracts volume", responseObject = ExtractResponse.class, entityType = { IAMEntityType.Volume })
public class ExtractVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ExtractVolumeCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java
index 4b43acd..24425cb 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java
@@ -17,7 +17,7 @@
package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -36,7 +36,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
-@APICommand(name = "listVolumes", description = "Lists all volumes.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "listVolumes", description = "Lists all volumes.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class ListVolumesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVolumesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
index bb4cf76..bbd754a 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
@@ -16,7 +16,7 @@
// under the License.
package org.apache.cloudstack.api.command.user.volume;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "migrateVolume", description = "Migrate volume", responseObject = VolumeResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "migrateVolume", description = "Migrate volume", responseObject = VolumeResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class MigrateVolumeCmd extends BaseAsyncCmd {
private static final String s_name = "migratevolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
index ebcda16..0e7d27d 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
@@ -16,7 +16,7 @@
// under the License.
package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -39,7 +39,7 @@ import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "resizeVolume", description = "Resizes a volume", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "resizeVolume", description = "Resizes a volume", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class ResizeVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ResizeVolumeCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
index 3fa24cf..d5b23ab 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.storage.Volume;
-@APICommand(name = "updateVolume", description = "Updates the volume.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "updateVolume", description = "Updates the volume.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class UpdateVolumeCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVolumeCmd.class.getName());
private static final String s_name = "updatevolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
index 5fdd932..608bde5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -40,7 +40,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.storage.Volume;
-@APICommand(name = "uploadVolume", description = "Uploads a data disk.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "uploadVolume", description = "Uploads a data disk.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class UploadVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UploadVolumeCmd.class.getName());
private static final String s_name = "uploadvolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java
index f724afe..0bbe8cb 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -40,7 +40,7 @@ import com.cloud.network.vpc.StaticRoute;
import com.cloud.network.vpc.Vpc;
import com.cloud.network.vpc.VpcGateway;
-@APICommand(name = "createStaticRoute", description = "Creates a static route", responseObject = StaticRouteResponse.class, entityType = { AclEntityType.StaticRoute })
+@APICommand(name = "createStaticRoute", description = "Creates a static route", responseObject = StaticRouteResponse.class, entityType = { IAMEntityType.StaticRoute })
public class CreateStaticRouteCmd extends BaseAsyncCreateCmd {
private static final String s_name = "createstaticrouteresponse";
public static final Logger s_logger = Logger.getLogger(CreateStaticRouteCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
index 682c8d2..42eeb62 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -40,7 +40,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.Vpc;
-@APICommand(name = "createVPC", description = "Creates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Vpc })
+@APICommand(name = "createVPC", description = "Creates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Vpc })
public class CreateVPCCmd extends BaseAsyncCreateCmd{
public static final Logger s_logger = Logger.getLogger(CreateVPCCmd.class.getName());
private static final String s_name = "createvpcresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java
index 7434d1e..b59ba93 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -38,7 +38,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.StaticRoute;
-@APICommand(name = "deleteStaticRoute", description = "Deletes a static route", responseObject = SuccessResponse.class, entityType = { AclEntityType.StaticRoute })
+@APICommand(name = "deleteStaticRoute", description = "Deletes a static route", responseObject = SuccessResponse.class, entityType = { IAMEntityType.StaticRoute })
public class DeleteStaticRouteCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteStaticRouteCmd.class.getName());
private static final String s_name = "deletestaticrouteresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java
index d6a1248..ab4a447 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
-@APICommand(name = "deleteVPC", description = "Deletes a VPC", responseObject = SuccessResponse.class, entityType = { AclEntityType.Vpc })
+@APICommand(name = "deleteVPC", description = "Deletes a VPC", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Vpc })
public class DeleteVPCCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVPCCmd.class.getName());
private static final String s_name = "deletevpcresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java
index 0d263fd..03f51f5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.api.response.VpcResponse;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.utils.Pair;
-@APICommand(name = "listPrivateGateways", description = "List private gateways", responseObject = PrivateGatewayResponse.class, entityType = { AclEntityType.VpcGateway })
+@APICommand(name = "listPrivateGateways", description = "List private gateways", responseObject = PrivateGatewayResponse.class, entityType = { IAMEntityType.VpcGateway })
public class ListPrivateGatewaysCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListPrivateGatewaysCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java
index c45cd7f..215ae9f 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import java.util.ArrayList;
import java.util.List;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.response.VpcResponse;
import com.cloud.network.vpc.StaticRoute;
import com.cloud.utils.Pair;
-@APICommand(name = "listStaticRoutes", description = "Lists all static routes", responseObject = StaticRouteResponse.class, entityType = { AclEntityType.StaticRoute })
+@APICommand(name = "listStaticRoutes", description = "Lists all static routes", responseObject = StaticRouteResponse.class, entityType = { IAMEntityType.StaticRoute })
public class ListStaticRoutesCmd extends BaseListTaggedResourcesCmd {
private static final String s_name = "liststaticroutesresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
index e0f29ab..bbd07d6 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@ -35,7 +35,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.network.vpc.Vpc;
-@APICommand(name = "listVPCs", description = "Lists VPCs", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Vpc })
+@APICommand(name = "listVPCs", description = "Lists VPCs", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Vpc })
public class ListVPCsCmd extends BaseListTaggedResourcesCmd{
public static final Logger s_logger = Logger.getLogger(ListVPCsCmd.class.getName());
private static final String s_name = "listvpcsresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java
index cd01e92..cb395ee 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
-@APICommand(name = "restartVPC", description = "Restarts a VPC", responseObject = VpcResponse.class, entityType = { AclEntityType.Vpc })
+@APICommand(name = "restartVPC", description = "Restarts a VPC", responseObject = VpcResponse.class, entityType = { IAMEntityType.Vpc })
public class RestartVPCCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RestartVPCCmd.class.getName());
private static final String Name = "restartvpcresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
index 16829a2..a081b9f 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
-@APICommand(name = "updateVPC", description = "Updates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Vpc })
+@APICommand(name = "updateVPC", description = "Updates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Vpc })
public class UpdateVPCCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVPCCmd.class.getName());
private static final String Name = "updatevpcresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
index 3b48585..48ee1fd 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.VpnUser;
import com.cloud.user.Account;
-@APICommand(name = "addVpnUser", description = "Adds vpn users", responseObject = VpnUsersResponse.class, entityType = { AclEntityType.VpnUser })
+@APICommand(name = "addVpnUser", description = "Adds vpn users", responseObject = VpnUsersResponse.class, entityType = { IAMEntityType.VpnUser })
public class AddVpnUserCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(AddVpnUserCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java
index aebec14..b350f3b 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -37,7 +37,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.IpAddress;
import com.cloud.network.RemoteAccessVpn;
-@APICommand(name = "createRemoteAccessVpn", description = "Creates a l2tp/ipsec remote access vpn", responseObject = RemoteAccessVpnResponse.class, entityType = { AclEntityType.RemoteAccessVpn })
+@APICommand(name = "createRemoteAccessVpn", description = "Creates a l2tp/ipsec remote access vpn", responseObject = RemoteAccessVpnResponse.class, entityType = { IAMEntityType.RemoteAccessVpn })
public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateRemoteAccessVpnCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java
index e948328..e28e4ab 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -37,7 +37,7 @@ import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.network.vpc.Vpc;
-@APICommand(name = "createVpnConnection", description = "Create site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { AclEntityType.Site2SiteVpnConnection })
+@APICommand(name = "createVpnConnection", description = "Create site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection })
public class CreateVpnConnectionCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateVpnConnectionCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
index f21767e..3cc6e17 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteCustomerGateway;
-@APICommand(name = "createVpnCustomerGateway", description = "Creates site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { AclEntityType.Site2SiteCustomerGateway })
+@APICommand(name = "createVpnCustomerGateway", description = "Creates site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { IAMEntityType.Site2SiteCustomerGateway })
public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(CreateVpnCustomerGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java
index d8d67d6..19be21b 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.network.vpc.Vpc;
-@APICommand(name = "createVpnGateway", description = "Creates site to site vpn local gateway", responseObject = Site2SiteVpnGatewayResponse.class, entityType = { AclEntityType.Site2SiteVpnGateway })
+@APICommand(name = "createVpnGateway", description = "Creates site to site vpn local gateway", responseObject = Site2SiteVpnGatewayResponse.class, entityType = { IAMEntityType.Site2SiteVpnGateway })
public class CreateVpnGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(CreateVpnGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java
index 6c7a3b3..d3eacf5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCmd;
@@ -33,7 +33,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.RemoteAccessVpn;
-@APICommand(name = "deleteRemoteAccessVpn", description = "Destroys a l2tp/ipsec remote access vpn", responseObject = SuccessResponse.class, entityType = { AclEntityType.RemoteAccessVpn })
+@APICommand(name = "deleteRemoteAccessVpn", description = "Destroys a l2tp/ipsec remote access vpn", responseObject = SuccessResponse.class, entityType = { IAMEntityType.RemoteAccessVpn })
public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteRemoteAccessVpnCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java
index 09f0d31..6fe8820 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -33,7 +33,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.user.Account;
-@APICommand(name = "deleteVpnConnection", description = "Delete site to site vpn connection", responseObject = SuccessResponse.class, entityType = { AclEntityType.Site2SiteVpnConnection })
+@APICommand(name = "deleteVpnConnection", description = "Delete site to site vpn connection", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection })
public class DeleteVpnConnectionCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVpnConnectionCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java
index 927aa53..e24f231 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -34,7 +34,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteCustomerGateway;
import com.cloud.user.Account;
-@APICommand(name = "deleteVpnCustomerGateway", description = "Delete site to site vpn customer gateway", responseObject = SuccessResponse.class, entityType = { AclEntityType.Site2SiteCustomerGateway })
+@APICommand(name = "deleteVpnCustomerGateway", description = "Delete site to site vpn customer gateway", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Site2SiteCustomerGateway })
public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVpnCustomerGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java
index 9259f48..6f28037 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.user.Account;
-@APICommand(name = "deleteVpnGateway", description = "Delete site to site vpn gateway", responseObject = SuccessResponse.class, entityType = { AclEntityType.Site2SiteVpnGateway })
+@APICommand(name = "deleteVpnGateway", description = "Delete site to site vpn gateway", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Site2SiteVpnGateway })
public class DeleteVpnGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVpnGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java
index f1aba1f..fde143c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -34,7 +34,7 @@ import org.apache.cloudstack.api.response.RemoteAccessVpnResponse;
import com.cloud.network.RemoteAccessVpn;
import com.cloud.utils.Pair;
-@APICommand(name = "listRemoteAccessVpns", description = "Lists remote access vpns", responseObject = RemoteAccessVpnResponse.class, entityType = { AclEntityType.RemoteAccessVpn })
+@APICommand(name = "listRemoteAccessVpns", description = "Lists remote access vpns", responseObject = RemoteAccessVpnResponse.class, entityType = { IAMEntityType.RemoteAccessVpn })
public class ListRemoteAccessVpnsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListRemoteAccessVpnsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java
index 7779fa0..ed93741 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.api.response.VpcResponse;
import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.utils.Pair;
-@APICommand(name = "listVpnConnections", description = "Lists site to site vpn connection gateways", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { AclEntityType.Site2SiteVpnConnection })
+@APICommand(name = "listVpnConnections", description = "Lists site to site vpn connection gateways", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection })
public class ListVpnConnectionsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVpnConnectionsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java
index 90070a4..2304964 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.response.Site2SiteCustomerGatewayResponse;
import com.cloud.network.Site2SiteCustomerGateway;
import com.cloud.utils.Pair;
-@APICommand(name = "listVpnCustomerGateways", description = "Lists site to site vpn customer gateways", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { AclEntityType.Site2SiteCustomerGateway })
+@APICommand(name = "listVpnCustomerGateways", description = "Lists site to site vpn customer gateways", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { IAMEntityType.Site2SiteCustomerGateway })
public class ListVpnCustomerGatewaysCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVpnCustomerGatewaysCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java
index bc435a9..7f8a33f 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.api.response.VpcResponse;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.utils.Pair;
-@APICommand(name = "listVpnGateways", description = "Lists site 2 site vpn gateways", responseObject = Site2SiteVpnGatewayResponse.class, entityType = { AclEntityType.Site2SiteVpnGateway })
+@APICommand(name = "listVpnGateways", description = "Lists site 2 site vpn gateways", responseObject = Site2SiteVpnGatewayResponse.class, entityType = { IAMEntityType.Site2SiteVpnGateway })
public class ListVpnGatewaysCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVpnGatewaysCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java
index 4eff609..6efdaa1 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.response.VpnUsersResponse;
import com.cloud.network.VpnUser;
import com.cloud.utils.Pair;
-@APICommand(name = "listVpnUsers", description = "Lists vpn users", responseObject = VpnUsersResponse.class, entityType = { AclEntityType.VpnUser })
+@APICommand(name = "listVpnUsers", description = "Lists vpn users", responseObject = VpnUsersResponse.class, entityType = { IAMEntityType.VpnUser })
public class ListVpnUsersCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVpnUsersCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
index c9f5219..d39c1a4 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.user.Account;
-@APICommand(name = "removeVpnUser", description = "Removes vpn user", responseObject = SuccessResponse.class, entityType = { AclEntityType.VpnUser })
+@APICommand(name = "removeVpnUser", description = "Removes vpn user", responseObject = SuccessResponse.class, entityType = { IAMEntityType.VpnUser })
public class RemoveVpnUserCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveVpnUserCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
index 746b003..025cc86 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -34,7 +34,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.user.Account;
-@APICommand(name = "resetVpnConnection", description = "Reset site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { AclEntityType.Site2SiteVpnConnection })
+@APICommand(name = "resetVpnConnection", description = "Reset site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection })
public class ResetVpnConnectionCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ResetVpnConnectionCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
index 8e63946..f88fa30 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteCustomerGateway;
-@APICommand(name = "updateVpnCustomerGateway", description = "Update site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { AclEntityType.Site2SiteCustomerGateway })
+@APICommand(name = "updateVpnCustomerGateway", description = "Update site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { IAMEntityType.Site2SiteCustomerGateway })
public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVpnCustomerGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/components-api/src/com/cloud/network/addr/PublicIp.java
----------------------------------------------------------------------
diff --git a/engine/components-api/src/com/cloud/network/addr/PublicIp.java b/engine/components-api/src/com/cloud/network/addr/PublicIp.java
index 9e70cfe..eee7516 100644
--- a/engine/components-api/src/com/cloud/network/addr/PublicIp.java
+++ b/engine/components-api/src/com/cloud/network/addr/PublicIp.java
@@ -18,7 +18,7 @@ package com.cloud.network.addr;
import java.util.Date;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.dc.VlanVO;
import com.cloud.network.PublicIpAddress;
@@ -235,7 +235,7 @@ public class PublicIp implements PublicIpAddress {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.PublicIpAddress;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.PublicIpAddress;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
----------------------------------------------------------------------
diff --git a/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java b/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
index c7b7fec..aac2f3f 100644
--- a/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
+++ b/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
@@ -18,7 +18,7 @@ package com.cloud.network.rules;
import java.util.List;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
public class StaticNatRuleImpl implements StaticNatRule {
long id;
@@ -145,8 +145,8 @@ public class StaticNatRuleImpl implements StaticNatRule {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.FirewallRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.FirewallRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
----------------------------------------------------------------------
diff --git a/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java b/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
index 1227210..0005983 100755
--- a/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
+++ b/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
@@ -36,7 +36,7 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.context.CallContext;
@@ -672,7 +672,7 @@ public class NetworkOrchestrator extends ManagerBase implements NetworkOrchestra
_networksDao.addDomainToNetwork(id, domainId, subdomainAccess == null ? true : subdomainAccess);
//send event for storing the domain wide resource access
Map<String, Object> params = new HashMap<String, Object>();
- params.put(ApiConstants.ENTITY_TYPE, AclEntityType.Network);
+ params.put(ApiConstants.ENTITY_TYPE, IAMEntityType.Network);
params.put(ApiConstants.ENTITY_ID, id);
params.put(ApiConstants.DOMAIN_ID, domainId);
params.put(ApiConstants.SUBDOMAIN_ACCESS, subdomainAccess == null ? true : subdomainAccess);
@@ -2203,7 +2203,7 @@ public class NetworkOrchestrator extends ManagerBase implements NetworkOrchestra
_networkAccountDao.remove(networkAccount.getId());
// remove its related ACL permission
- Pair<AclEntityType, Long> networkMsg = new Pair<AclEntityType, Long>(AclEntityType.Network, networkFinal.getId());
+ Pair<IAMEntityType, Long> networkMsg = new Pair<IAMEntityType, Long>(IAMEntityType.Network, networkFinal.getId());
_messageBus.publish(_name, EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, PublishScope.LOCAL, networkMsg);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/event/EventVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/event/EventVO.java b/engine/schema/src/com/cloud/event/EventVO.java
index fb4feb9..a21c643 100644
--- a/engine/schema/src/com/cloud/event/EventVO.java
+++ b/engine/schema/src/com/cloud/event/EventVO.java
@@ -29,7 +29,7 @@ import javax.persistence.Id;
import javax.persistence.Table;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -212,7 +212,7 @@ public class EventVO implements Event {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Event;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Event;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/UserIpv6AddressVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/UserIpv6AddressVO.java b/engine/schema/src/com/cloud/network/UserIpv6AddressVO.java
index 2d6e860..9314993 100644
--- a/engine/schema/src/com/cloud/network/UserIpv6AddressVO.java
+++ b/engine/schema/src/com/cloud/network/UserIpv6AddressVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -188,7 +188,7 @@ public class UserIpv6AddressVO implements UserIpv6Address {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.UserIpv6Address;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.UserIpv6Address;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/VpnUserVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/VpnUserVO.java b/engine/schema/src/com/cloud/network/VpnUserVO.java
index a150898..695aac0 100644
--- a/engine/schema/src/com/cloud/network/VpnUserVO.java
+++ b/engine/schema/src/com/cloud/network/VpnUserVO.java
@@ -27,7 +27,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.Encrypt;
@@ -129,7 +129,7 @@ public class VpnUserVO implements VpnUser {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VpnUser;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VpnUser;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/as/AutoScalePolicyVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/as/AutoScalePolicyVO.java b/engine/schema/src/com/cloud/network/as/AutoScalePolicyVO.java
index 1da0129..2af8679 100644
--- a/engine/schema/src/com/cloud/network/as/AutoScalePolicyVO.java
+++ b/engine/schema/src/com/cloud/network/as/AutoScalePolicyVO.java
@@ -30,7 +30,7 @@ import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.utils.db.GenericDao;
@@ -150,8 +150,8 @@ public class AutoScalePolicyVO implements AutoScalePolicy, InternalIdentity {
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.AutoScalePolicy;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.AutoScalePolicy;
}
public void setLastQuiteTime(Date lastQuiteTime) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/as/AutoScaleVmGroupVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/as/AutoScaleVmGroupVO.java b/engine/schema/src/com/cloud/network/as/AutoScaleVmGroupVO.java
index 1c12ce6..7a5da08 100644
--- a/engine/schema/src/com/cloud/network/as/AutoScaleVmGroupVO.java
+++ b/engine/schema/src/com/cloud/network/as/AutoScaleVmGroupVO.java
@@ -30,7 +30,7 @@ import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.utils.db.GenericDao;
@@ -215,7 +215,7 @@ public class AutoScaleVmGroupVO implements AutoScaleVmGroup, InternalIdentity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.AutoScaleVmGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.AutoScaleVmGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/as/AutoScaleVmProfileVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/as/AutoScaleVmProfileVO.java b/engine/schema/src/com/cloud/network/as/AutoScaleVmProfileVO.java
index e718a2b..6640e70 100644
--- a/engine/schema/src/com/cloud/network/as/AutoScaleVmProfileVO.java
+++ b/engine/schema/src/com/cloud/network/as/AutoScaleVmProfileVO.java
@@ -33,7 +33,7 @@ import javax.persistence.Inheritance;
import javax.persistence.InheritanceType;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.api.InternalIdentity;
@@ -223,8 +223,8 @@ public class AutoScaleVmProfileVO implements AutoScaleVmProfile, Identity, Inter
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.AutoScaleVmProfile;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.AutoScaleVmProfile;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/as/ConditionVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/as/ConditionVO.java b/engine/schema/src/com/cloud/network/as/ConditionVO.java
index 292a90a..36d59e2 100644
--- a/engine/schema/src/com/cloud/network/as/ConditionVO.java
+++ b/engine/schema/src/com/cloud/network/as/ConditionVO.java
@@ -29,7 +29,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.api.InternalIdentity;
@@ -130,7 +130,7 @@ public class ConditionVO implements Condition, Identity, InternalIdentity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Condition;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Condition;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/IPAddressVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/IPAddressVO.java b/engine/schema/src/com/cloud/network/dao/IPAddressVO.java
index 76a2ba9..d3fca87 100644
--- a/engine/schema/src/com/cloud/network/dao/IPAddressVO.java
+++ b/engine/schema/src/com/cloud/network/dao/IPAddressVO.java
@@ -31,7 +31,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.IpAddress;
import com.cloud.utils.net.Ip;
@@ -338,7 +338,7 @@ public class IPAddressVO implements IpAddress {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.IpAddress;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.IpAddress;
}
}
[11/18] iam/plugin: Rename Acl to IAM everywhere
Posted by pr...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicyPermission.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicyPermission.java b/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicyPermission.java
deleted file mode 100644
index f0352bc..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicyPermission.java
+++ /dev/null
@@ -1,53 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.api;
-
-
-public interface AclPolicyPermission {
-
- String getAction();
-
- long getAclPolicyId();
-
- String getEntityType();
-
- String getAccessType();
-
- String getScope();
-
- Long getScopeId();
-
- Permission getPermission();
-
- public enum Permission {
- Allow(true), Deny(false);
-
- boolean result;
-
- Permission(boolean result) {
- this.result = result;
- }
-
- public boolean isGranted() {
- return result;
- }
- }
-
- long getId();
-
- public static final long PERMISSION_SCOPE_ID_CURRENT_CALLER = -1;
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/IAMGroup.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMGroup.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMGroup.java
new file mode 100644
index 0000000..868d0a0
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMGroup.java
@@ -0,0 +1,37 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.api;
+
+import org.apache.cloudstack.api.Identity;
+import org.apache.cloudstack.api.InternalIdentity;
+
+public interface IAMGroup extends InternalIdentity, Identity {
+
+ String getName();
+
+ String getDescription();
+
+ @Override
+ long getId();
+
+ @Override
+ String getUuid();
+
+ String getPath();
+
+ long getAccountId();
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicy.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicy.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicy.java
new file mode 100644
index 0000000..e6daeb1
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicy.java
@@ -0,0 +1,41 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.api;
+
+import org.apache.cloudstack.api.Identity;
+import org.apache.cloudstack.api.InternalIdentity;
+
+public interface IAMPolicy extends InternalIdentity, Identity {
+
+ String getName();
+
+ String getDescription();
+
+ public enum PolicyType {
+ Static, Dynamic
+ }
+
+ @Override
+ long getId();
+
+ @Override
+ String getUuid();
+
+ String getPath();
+
+ long getAccountId();
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicyPermission.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicyPermission.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicyPermission.java
new file mode 100644
index 0000000..b91086f
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicyPermission.java
@@ -0,0 +1,53 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.api;
+
+
+public interface IAMPolicyPermission {
+
+ String getAction();
+
+ long getAclPolicyId();
+
+ String getEntityType();
+
+ String getAccessType();
+
+ String getScope();
+
+ Long getScopeId();
+
+ Permission getPermission();
+
+ public enum Permission {
+ Allow(true), Deny(false);
+
+ boolean result;
+
+ Permission(boolean result) {
+ this.result = result;
+ }
+
+ public boolean isGranted() {
+ return result;
+ }
+ }
+
+ long getId();
+
+ public static final long PERMISSION_SCOPE_ID_CURRENT_CALLER = -1;
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
index 3957b62..6eb61fa 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
@@ -18,75 +18,75 @@ package org.apache.cloudstack.iam.api;
import java.util.List;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import com.cloud.utils.Pair;
public interface IAMService {
/* ACL group related interfaces */
- AclGroup createAclGroup(String aclGroupName, String description, String path);
+ IAMGroup createAclGroup(String aclGroupName, String description, String path);
boolean deleteAclGroup(Long aclGroupId);
- List<AclGroup> listAclGroups(long accountId);
+ List<IAMGroup> listAclGroups(long accountId);
- AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
+ IAMGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
- AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
+ IAMGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
List<Long> listAccountsByGroup(long groupId);
- Pair<List<AclGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
+ Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
/* ACL Policy related interfaces */
- AclPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path);
+ IAMPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path);
boolean deleteAclPolicy(long aclPolicyId);
- List<AclPolicy> listAclPolicies(long accountId);
+ List<IAMPolicy> listAclPolicies(long accountId);
- List<AclPolicy> listAclPoliciesByGroup(long groupId);
+ List<IAMPolicy> listAclPoliciesByGroup(long groupId);
- Pair<List<AclPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize);
+ Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize);
- AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
+ IAMGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
- AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
+ IAMGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
void attachAclPolicyToAccounts(Long policyId, List<Long> acctIds);
void removeAclPolicyFromAccounts(Long policyId, List<Long> acctIds);
- AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action, String accessType, Permission perm, Boolean recursive);
- AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action);
void removeAclPermissionForEntity(final String entityType, final Long entityId);
- AclPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action);
+ IAMPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action);
- AclPolicy getResourceOwnerPolicy();
+ IAMPolicy getResourceOwnerPolicy();
- List<AclPolicyPermission> listPolicyPermissions(long policyId);
+ List<IAMPolicyPermission> listPolicyPermissions(long policyId);
- List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope);
+ List<IAMPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope);
- List<AclPolicyPermission> listPolicyPermissionByActionAndEntity(long policyId, String action, String entityType);
+ List<IAMPolicyPermission> listPolicyPermissionByActionAndEntity(long policyId, String action, String entityType);
- boolean isActionAllowedForPolicies(String action, List<AclPolicy> policies);
+ boolean isActionAllowedForPolicies(String action, List<IAMPolicy> policies);
List<Long> getGrantedEntities(long accountId, String action, String scope);
- AclPolicy resetAclPolicy(long aclPolicyId);
+ IAMPolicy resetAclPolicy(long aclPolicyId);
- List<AclPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
+ List<IAMPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
String entityType);
- List<AclGroup> listParentAclGroups(long groupId);
+ List<IAMGroup> listParentAclGroups(long groupId);
- List<AclPolicy> listRecursiveAclPoliciesByGroup(long groupId);
+ List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/AclAccountPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclAccountPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclAccountPolicyMapVO.java
deleted file mode 100644
index b491e6e..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclAccountPolicyMapVO.java
+++ /dev/null
@@ -1,77 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_account_policy_map"))
-public class AclAccountPolicyMapVO {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private Long id;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = "policy_id")
- private long aclPolicyId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclAccountPolicyMapVO() {
- }
-
- public AclAccountPolicyMapVO(long accountId, long aclPolicyId) {
- this.accountId = accountId;
- this.aclPolicyId = aclPolicyId;
- }
-
- public long getId() {
- return id;
- }
-
- public long getAccountId() {
- return accountId;
- }
-
- public long getAclPolicyId() {
- return aclPolicyId;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupAccountMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupAccountMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupAccountMapVO.java
deleted file mode 100644
index d39317a..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupAccountMapVO.java
+++ /dev/null
@@ -1,78 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_group_account_map"))
-public class AclGroupAccountMapVO {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private Long id;
-
- @Column(name = "group_id")
- private long aclGroupId;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclGroupAccountMapVO() {
- }
-
- public AclGroupAccountMapVO(long aclGroupId, long accountId) {
- this.aclGroupId = aclGroupId;
- this.accountId = accountId;
- }
-
- public long getId() {
- return id;
- }
-
- public long getAclGroupId() {
- return aclGroupId;
- }
-
-
- public long getAccountId() {
- return accountId;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupPolicyMapVO.java
deleted file mode 100644
index 0dfef09..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupPolicyMapVO.java
+++ /dev/null
@@ -1,79 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_group_policy_map"))
-public class AclGroupPolicyMapVO {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private Long id;
-
- @Column(name = "group_id")
- private long aclGroupId;
-
- @Column(name = "policy_id")
- private long aclPolicyId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclGroupPolicyMapVO() {
- }
-
- public AclGroupPolicyMapVO(long aclGroupId, long aclPolicyId) {
- this.aclGroupId = aclGroupId;
- this.aclPolicyId = aclPolicyId;
- }
-
- public long getId() {
- return id;
- }
-
- public long getAclGroupId() {
- return aclGroupId;
- }
-
-
- public long getAclPolicyId() {
- return aclPolicyId;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java
deleted file mode 100644
index bdb85e8..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java
+++ /dev/null
@@ -1,122 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server;
-
-import java.util.Date;
-import java.util.UUID;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_group"))
-public class AclGroupVO implements AclGroup {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "name")
- private String name;
-
- @Column(name = "description")
- private String description;
-
- @Column(name = "uuid")
- private String uuid;
-
- @Column(name = "path")
- private String path;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclGroupVO() {
- uuid = UUID.randomUUID().toString();
- }
-
- public AclGroupVO(String name, String description) {
- this.name = name;
- this.description = description;
- uuid = UUID.randomUUID().toString();
- path = "/";
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public String getDescription() {
- return description;
- }
-
- @Override
- public String getPath() {
- return path;
- }
-
- public void setPath(String path) {
- this.path = path;
- }
-
- @Override
- public long getAccountId() {
- return accountId;
- }
-
- public void setAccountId(long acctId) {
- accountId = acctId;
- }
-
- @Override
- public String getUuid() {
- return uuid;
- }
-
- public void setUuid(String uuid) {
- this.uuid = uuid;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java
deleted file mode 100644
index 5d2a36b9..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java
+++ /dev/null
@@ -1,181 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.EnumType;
-import javax.persistence.Enumerated;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_policy_permission"))
-public class AclPolicyPermissionVO implements AclPolicyPermission {
-
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "policy_id")
- private long aclPolicyId;
-
- @Column(name = "action")
- private String action;
-
- @Column(name = "resource_type")
- private String entityType;
-
- @Column(name = "access_type")
- private String accessType;
-
- @Column(name = "scope")
- private String scope;
-
- @Column(name = "scope_id")
- private Long scopeId;
-
- @Column(name = "permission")
- @Enumerated(value = EnumType.STRING)
- private Permission permission;
-
- @Column(name = "recursive")
- private Boolean recursive;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclPolicyPermissionVO() {
-
- }
-
- public AclPolicyPermissionVO(long aclPolicyId, String action, String entityType, String accessType, String scope,
- Long scopeId, Permission permission, Boolean recursive) {
- this.aclPolicyId = aclPolicyId;
- this.action = action;
- this.entityType = entityType;
- this.accessType = accessType;
- this.scope = scope;
- this.scopeId = scopeId;
- this.permission = permission;
- this.recursive = recursive;
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- @Override
- public long getAclPolicyId() {
- return aclPolicyId;
- }
-
-
- public void setAclPolicyId(long aclPolicyId) {
- this.aclPolicyId = aclPolicyId;
- }
-
- @Override
- public String getEntityType() {
- return entityType;
- }
-
- @Override
- public String getAccessType() {
- return accessType;
- }
-
-
- public void setEntityType(String entityType) {
- this.entityType = entityType;
- }
-
- public void setAccessType(String accessType) {
- this.accessType = accessType;
- }
-
- @Override
- public String getScope() {
- return scope;
- }
-
- public void setScope(String scope) {
- this.scope = scope;
- }
-
-
- @Override
- public String getAction() {
- return action;
- }
-
- @Override
- public Long getScopeId() {
- // TODO
- // handle special -1 scopeId, current caller domain, account
- /*
- * if ( scopeId < 0 ){ Account caller =
- * CallContext.current().getCallingAccount(); if ( scope ==
- * PermissionScope.DOMAIN){ return caller.getDomainId(); } else if
- * (scope == PermissionScope.ACCOUNT) { return caller.getAccountId(); }
- * }
- */
- return scopeId;
- }
-
- @Override
- public Permission getPermission() {
- return permission;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public void setScopeId(Long scopeId) {
- this.scopeId = scopeId;
- }
-
- public void setPermission(Permission permission) {
- this.permission = permission;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-
- public Boolean isRecursive() {
- return recursive;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java
deleted file mode 100644
index 16fbf80..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java
+++ /dev/null
@@ -1,138 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server;
-
-import java.util.Date;
-import java.util.UUID;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.EnumType;
-import javax.persistence.Enumerated;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_policy"))
-public class AclPolicyVO implements AclPolicy {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "name")
- private String name;
-
- @Column(name = "description")
- private String description;
-
- @Column(name = "uuid")
- private String uuid;
-
- @Column(name = "path")
- private String path;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- @Column(name = "policy_type")
- @Enumerated(value = EnumType.STRING)
- private AclPolicy.PolicyType policyType;
-
- public AclPolicyVO() {
- uuid = UUID.randomUUID().toString();
- }
-
- public AclPolicyVO(String name, String description) {
- this.name = name;
- this.description = description;
- uuid = UUID.randomUUID().toString();
- policyType = AclPolicy.PolicyType.Static;
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public String getDescription() {
- return description;
- }
-
-
- @Override
- public String getUuid() {
- return uuid;
- }
-
- public void setUuid(String uuid) {
- this.uuid = uuid;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-
- @Override
- public String getPath() {
- return path;
- }
-
- public void setPath(String path) {
- this.path = path;
- }
-
- @Override
- public long getAccountId() {
- return accountId;
- }
-
- public void setAccountId(long accountId) {
- this.accountId = accountId;
- }
-
- public AclPolicy.PolicyType getPolicyType() {
- return policyType;
- }
-
- public void setPolicyType(AclPolicy.PolicyType policyType) {
- this.policyType = policyType;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
new file mode 100644
index 0000000..8f3ac7d
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
@@ -0,0 +1,77 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server;
+
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import com.cloud.utils.db.GenericDao;
+
+@Entity
+@Table(name = ("iam_account_policy_map"))
+public class IAMAccountPolicyMapVO {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private Long id;
+
+ @Column(name = "account_id")
+ private long accountId;
+
+ @Column(name = "policy_id")
+ private long aclPolicyId;
+
+ @Column(name = GenericDao.REMOVED_COLUMN)
+ private Date removed;
+
+ @Column(name = GenericDao.CREATED_COLUMN)
+ private Date created;
+
+ public IAMAccountPolicyMapVO() {
+ }
+
+ public IAMAccountPolicyMapVO(long accountId, long aclPolicyId) {
+ this.accountId = accountId;
+ this.aclPolicyId = aclPolicyId;
+ }
+
+ public long getId() {
+ return id;
+ }
+
+ public long getAccountId() {
+ return accountId;
+ }
+
+ public long getAclPolicyId() {
+ return aclPolicyId;
+ }
+
+ public Date getRemoved() {
+ return removed;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupAccountMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupAccountMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupAccountMapVO.java
new file mode 100644
index 0000000..dac7d35
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupAccountMapVO.java
@@ -0,0 +1,78 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server;
+
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import com.cloud.utils.db.GenericDao;
+
+@Entity
+@Table(name = ("iam_group_account_map"))
+public class IAMGroupAccountMapVO {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private Long id;
+
+ @Column(name = "group_id")
+ private long aclGroupId;
+
+ @Column(name = "account_id")
+ private long accountId;
+
+ @Column(name = GenericDao.REMOVED_COLUMN)
+ private Date removed;
+
+ @Column(name = GenericDao.CREATED_COLUMN)
+ private Date created;
+
+ public IAMGroupAccountMapVO() {
+ }
+
+ public IAMGroupAccountMapVO(long aclGroupId, long accountId) {
+ this.aclGroupId = aclGroupId;
+ this.accountId = accountId;
+ }
+
+ public long getId() {
+ return id;
+ }
+
+ public long getAclGroupId() {
+ return aclGroupId;
+ }
+
+
+ public long getAccountId() {
+ return accountId;
+ }
+
+ public Date getRemoved() {
+ return removed;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupPolicyMapVO.java
new file mode 100644
index 0000000..946d1f7
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupPolicyMapVO.java
@@ -0,0 +1,79 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server;
+
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+
+import com.cloud.utils.db.GenericDao;
+
+@Entity
+@Table(name = ("iam_group_policy_map"))
+public class IAMGroupPolicyMapVO {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private Long id;
+
+ @Column(name = "group_id")
+ private long aclGroupId;
+
+ @Column(name = "policy_id")
+ private long aclPolicyId;
+
+ @Column(name = GenericDao.REMOVED_COLUMN)
+ private Date removed;
+
+ @Column(name = GenericDao.CREATED_COLUMN)
+ private Date created;
+
+ public IAMGroupPolicyMapVO() {
+ }
+
+ public IAMGroupPolicyMapVO(long aclGroupId, long aclPolicyId) {
+ this.aclGroupId = aclGroupId;
+ this.aclPolicyId = aclPolicyId;
+ }
+
+ public long getId() {
+ return id;
+ }
+
+ public long getAclGroupId() {
+ return aclGroupId;
+ }
+
+
+ public long getAclPolicyId() {
+ return aclPolicyId;
+ }
+
+ public Date getRemoved() {
+ return removed;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupVO.java
new file mode 100644
index 0000000..80edb89
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupVO.java
@@ -0,0 +1,122 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server;
+
+import java.util.Date;
+import java.util.UUID;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.utils.db.GenericDao;
+
+@Entity
+@Table(name = ("iam_group"))
+public class IAMGroupVO implements IAMGroup {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private long id;
+
+ @Column(name = "name")
+ private String name;
+
+ @Column(name = "description")
+ private String description;
+
+ @Column(name = "uuid")
+ private String uuid;
+
+ @Column(name = "path")
+ private String path;
+
+ @Column(name = "account_id")
+ private long accountId;
+
+ @Column(name = GenericDao.REMOVED_COLUMN)
+ private Date removed;
+
+ @Column(name = GenericDao.CREATED_COLUMN)
+ private Date created;
+
+ public IAMGroupVO() {
+ uuid = UUID.randomUUID().toString();
+ }
+
+ public IAMGroupVO(String name, String description) {
+ this.name = name;
+ this.description = description;
+ uuid = UUID.randomUUID().toString();
+ path = "/";
+ }
+
+ @Override
+ public long getId() {
+ return id;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public String getDescription() {
+ return description;
+ }
+
+ @Override
+ public String getPath() {
+ return path;
+ }
+
+ public void setPath(String path) {
+ this.path = path;
+ }
+
+ @Override
+ public long getAccountId() {
+ return accountId;
+ }
+
+ public void setAccountId(long acctId) {
+ accountId = acctId;
+ }
+
+ @Override
+ public String getUuid() {
+ return uuid;
+ }
+
+ public void setUuid(String uuid) {
+ this.uuid = uuid;
+ }
+
+ public Date getRemoved() {
+ return removed;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyPermissionVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyPermissionVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyPermissionVO.java
new file mode 100644
index 0000000..13d6b81
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyPermissionVO.java
@@ -0,0 +1,181 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server;
+
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import com.cloud.utils.db.GenericDao;
+
+@Entity
+@Table(name = ("iam_policy_permission"))
+public class IAMPolicyPermissionVO implements IAMPolicyPermission {
+
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private long id;
+
+ @Column(name = "policy_id")
+ private long aclPolicyId;
+
+ @Column(name = "action")
+ private String action;
+
+ @Column(name = "resource_type")
+ private String entityType;
+
+ @Column(name = "access_type")
+ private String accessType;
+
+ @Column(name = "scope")
+ private String scope;
+
+ @Column(name = "scope_id")
+ private Long scopeId;
+
+ @Column(name = "permission")
+ @Enumerated(value = EnumType.STRING)
+ private Permission permission;
+
+ @Column(name = "recursive")
+ private Boolean recursive;
+
+ @Column(name = GenericDao.REMOVED_COLUMN)
+ private Date removed;
+
+ @Column(name = GenericDao.CREATED_COLUMN)
+ private Date created;
+
+ public IAMPolicyPermissionVO() {
+
+ }
+
+ public IAMPolicyPermissionVO(long aclPolicyId, String action, String entityType, String accessType, String scope,
+ Long scopeId, Permission permission, Boolean recursive) {
+ this.aclPolicyId = aclPolicyId;
+ this.action = action;
+ this.entityType = entityType;
+ this.accessType = accessType;
+ this.scope = scope;
+ this.scopeId = scopeId;
+ this.permission = permission;
+ this.recursive = recursive;
+ }
+
+ @Override
+ public long getId() {
+ return id;
+ }
+
+ @Override
+ public long getAclPolicyId() {
+ return aclPolicyId;
+ }
+
+
+ public void setAclPolicyId(long aclPolicyId) {
+ this.aclPolicyId = aclPolicyId;
+ }
+
+ @Override
+ public String getEntityType() {
+ return entityType;
+ }
+
+ @Override
+ public String getAccessType() {
+ return accessType;
+ }
+
+
+ public void setEntityType(String entityType) {
+ this.entityType = entityType;
+ }
+
+ public void setAccessType(String accessType) {
+ this.accessType = accessType;
+ }
+
+ @Override
+ public String getScope() {
+ return scope;
+ }
+
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
+
+
+ @Override
+ public String getAction() {
+ return action;
+ }
+
+ @Override
+ public Long getScopeId() {
+ // TODO
+ // handle special -1 scopeId, current caller domain, account
+ /*
+ * if ( scopeId < 0 ){ Account caller =
+ * CallContext.current().getCallingAccount(); if ( scope ==
+ * PermissionScope.DOMAIN){ return caller.getDomainId(); } else if
+ * (scope == PermissionScope.ACCOUNT) { return caller.getAccountId(); }
+ * }
+ */
+ return scopeId;
+ }
+
+ @Override
+ public Permission getPermission() {
+ return permission;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public void setScopeId(Long scopeId) {
+ this.scopeId = scopeId;
+ }
+
+ public void setPermission(Permission permission) {
+ this.permission = permission;
+ }
+
+ public Date getRemoved() {
+ return removed;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+
+ public Boolean isRecursive() {
+ return recursive;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyVO.java
new file mode 100644
index 0000000..25ebd01
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyVO.java
@@ -0,0 +1,138 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server;
+
+import java.util.Date;
+import java.util.UUID;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.apache.cloudstack.iam.api.IAMPolicy;
+
+import com.cloud.utils.db.GenericDao;
+
+@Entity
+@Table(name = ("iam_policy"))
+public class IAMPolicyVO implements IAMPolicy {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private long id;
+
+ @Column(name = "name")
+ private String name;
+
+ @Column(name = "description")
+ private String description;
+
+ @Column(name = "uuid")
+ private String uuid;
+
+ @Column(name = "path")
+ private String path;
+
+ @Column(name = "account_id")
+ private long accountId;
+
+ @Column(name = GenericDao.REMOVED_COLUMN)
+ private Date removed;
+
+ @Column(name = GenericDao.CREATED_COLUMN)
+ private Date created;
+
+ @Column(name = "policy_type")
+ @Enumerated(value = EnumType.STRING)
+ private IAMPolicy.PolicyType policyType;
+
+ public IAMPolicyVO() {
+ uuid = UUID.randomUUID().toString();
+ }
+
+ public IAMPolicyVO(String name, String description) {
+ this.name = name;
+ this.description = description;
+ uuid = UUID.randomUUID().toString();
+ policyType = IAMPolicy.PolicyType.Static;
+ }
+
+ @Override
+ public long getId() {
+ return id;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public String getDescription() {
+ return description;
+ }
+
+
+ @Override
+ public String getUuid() {
+ return uuid;
+ }
+
+ public void setUuid(String uuid) {
+ this.uuid = uuid;
+ }
+
+ public Date getRemoved() {
+ return removed;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+
+ @Override
+ public String getPath() {
+ return path;
+ }
+
+ public void setPath(String path) {
+ this.path = path;
+ }
+
+ @Override
+ public long getAccountId() {
+ return accountId;
+ }
+
+ public void setAccountId(long accountId) {
+ this.accountId = accountId;
+ }
+
+ public IAMPolicy.PolicyType getPolicyType() {
+ return policyType;
+ }
+
+ public void setPolicyType(IAMPolicy.PolicyType policyType) {
+ this.policyType = policyType;
+ }
+
+}
[08/18] git commit: updated refs/heads/rbac to 45a96e4
Posted by pr...@apache.org.
Renaming plugin packages to 'iam' instead if 'acl'
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b2ba6c05
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b2ba6c05
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b2ba6c05
Branch: refs/heads/rbac
Commit: b2ba6c05b4b9d1d1b15f704e454a710e3ed5a325
Parents: f41604f
Author: Prachi Damle <pr...@cloud.com>
Authored: Wed Feb 19 17:08:58 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 16:43:20 2014 -0800
----------------------------------------------------------------------
.../acl/RoleBasedAPIAccessChecker.java | 269 --------
.../acl/RoleBasedEntityAccessChecker.java | 183 -----
.../acl/RoleBasedEntityQuerySelector.java | 145 ----
.../cloudstack/acl/api/AclApiService.java | 84 ---
.../cloudstack/acl/api/AclApiServiceImpl.java | 690 -------------------
.../command/acl/AddAccountToAclGroupCmd.java | 127 ----
.../acl/AddAclPermissionToAclPolicyCmd.java | 151 ----
.../acl/AttachAclPolicyToAccountCmd.java | 122 ----
.../acl/AttachAclPolicyToAclGroupCmd.java | 127 ----
.../api/command/acl/CreateAclGroupCmd.java | 168 -----
.../api/command/acl/CreateAclPolicyCmd.java | 175 -----
.../api/command/acl/DeleteAclGroupCmd.java | 102 ---
.../api/command/acl/DeleteAclPolicyCmd.java | 102 ---
.../api/command/acl/ListAclGroupsCmd.java | 88 ---
.../api/command/acl/ListAclPoliciesCmd.java | 88 ---
.../acl/RemoveAccountFromAclGroupCmd.java | 127 ----
.../RemoveAclPermissionFromAclPolicyCmd.java | 147 ----
.../acl/RemoveAclPolicyFromAccountCmd.java | 122 ----
.../acl/RemoveAclPolicyFromAclGroupCmd.java | 127 ----
.../command/iam/AddAccountToAclGroupCmd.java | 127 ++++
.../iam/AddAclPermissionToAclPolicyCmd.java | 151 ++++
.../iam/AttachAclPolicyToAccountCmd.java | 122 ++++
.../iam/AttachAclPolicyToAclGroupCmd.java | 127 ++++
.../api/command/iam/CreateAclGroupCmd.java | 168 +++++
.../api/command/iam/CreateAclPolicyCmd.java | 175 +++++
.../api/command/iam/DeleteAclGroupCmd.java | 102 +++
.../api/command/iam/DeleteAclPolicyCmd.java | 102 +++
.../api/command/iam/ListAclGroupsCmd.java | 88 +++
.../api/command/iam/ListAclPoliciesCmd.java | 88 +++
.../iam/RemoveAccountFromAclGroupCmd.java | 127 ++++
.../RemoveAclPermissionFromAclPolicyCmd.java | 147 ++++
.../iam/RemoveAclPolicyFromAccountCmd.java | 122 ++++
.../iam/RemoveAclPolicyFromAclGroupCmd.java | 127 ++++
.../api/response/acl/AclGroupResponse.java | 193 ------
.../api/response/acl/AclPermissionResponse.java | 125 ----
.../api/response/acl/AclPolicyResponse.java | 177 -----
.../api/response/iam/AclGroupResponse.java | 193 ++++++
.../api/response/iam/AclPermissionResponse.java | 125 ++++
.../api/response/iam/AclPolicyResponse.java | 177 +++++
.../apache/cloudstack/iam/AclApiService.java | 84 +++
.../cloudstack/iam/AclApiServiceImpl.java | 690 +++++++++++++++++++
.../iam/RoleBasedAPIAccessChecker.java | 273 ++++++++
.../iam/RoleBasedEntityAccessChecker.java | 186 +++++
.../iam/RoleBasedEntityQuerySelector.java | 147 ++++
.../cloudstack/acl/AclApiServiceTest.java | 18 +-
45 files changed, 3657 insertions(+), 3648 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
deleted file mode 100644
index 01e3d75..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
+++ /dev/null
@@ -1,269 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.BaseListCmd;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.api.IAMService;
-
-import com.cloud.api.ApiServerService;
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.storage.VMTemplateVO;
-import com.cloud.storage.dao.VMTemplateDao;
-import com.cloud.user.Account;
-import com.cloud.user.AccountService;
-import com.cloud.user.User;
-import com.cloud.utils.PropertiesUtil;
-import com.cloud.utils.component.AdapterBase;
-import com.cloud.utils.component.PluggableService;
-import com.cloud.utils.exception.CloudRuntimeException;
-
-//This is the Role Based API access checker that grab's the account's roles
-//based on the set of roles, access is granted if any of the role has access to the api
-@Local(value=APIChecker.class)
-public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
-
- protected static final Logger s_logger = Logger.getLogger(RoleBasedAPIAccessChecker.class);
-
- @Inject
- AccountService _accountService;
- @Inject
- ApiServerService _apiServer;
- @Inject
- IAMService _iamSrv;
- @Inject
- VMTemplateDao _templateDao;
-
- Set<String> commandsPropertiesOverrides = new HashSet<String>();
- Map<RoleType, Set<String>> commandsPropertiesRoleBasedApisMap = new HashMap<RoleType, Set<String>>();
-
- List<PluggableService> _services;
-
- protected RoleBasedAPIAccessChecker() {
- super();
- for (RoleType roleType : RoleType.values()) {
- commandsPropertiesRoleBasedApisMap.put(roleType, new HashSet<String>());
- }
- }
-
- @Override
- public boolean checkAccess(User user, String commandName) throws PermissionDeniedException {
- Account account = _accountService.getAccount(user.getAccountId());
- if (account == null) {
- throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId()
- + "is null");
- }
-
- List<AclPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
-
- boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
- if (!isAllowed) {
- throw new PermissionDeniedException("The API does not exist or is blacklisted. api: " + commandName);
- }
- return isAllowed;
- }
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- processMapping(PropertiesUtil.processConfigFile(new String[] { "commands.properties" }));
- return true;
- }
-
- @Override
- public boolean start() {
-
- // drop all default policy api permissions - we reload them every time
- // to include any changes done to the @APICommand or
- // commands.properties.
-
- for (RoleType role : RoleType.values()) {
- Long policyId = getDefaultPolicyId(role);
- if (policyId != null) {
- _iamSrv.resetAclPolicy(policyId);
- }
- }
-
- // add the system-domain capability
-
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null,
- "SystemCapability", null, Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null,
- "DomainCapability", null, Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null,
- "DomainResourceCapability", null, Permission.Allow, false);
-
- // add permissions for public templates
- List<VMTemplateVO> pTmplts = _templateDao.listByPublic();
- for (VMTemplateVO tmpl : pTmplts){
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), AclEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), AclEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- }
-
- for (PluggableService service : _services) {
- for (Class<?> cmdClass : service.getCommands()) {
- APICommand command = cmdClass.getAnnotation(APICommand.class);
- if (!commandsPropertiesOverrides.contains(command.name())) {
- for (RoleType role : command.authorized()) {
- addDefaultAclPolicyPermission(command.name(), cmdClass, role);
- }
- }
- }
- }
-
- // read commands.properties and load api acl permissions -
- // commands.properties overrides any @APICommand authorization
-
- for (String apiName : commandsPropertiesOverrides) {
- Class<?> cmdClass = _apiServer.getCmdClass(apiName);
- for (RoleType role : RoleType.values()) {
- if (commandsPropertiesRoleBasedApisMap.get(role).contains(apiName)) {
- // insert permission for this role for this api
- addDefaultAclPolicyPermission(apiName, cmdClass, role);
- }
- }
- }
-
- return super.start();
- }
-
- private Long getDefaultPolicyId(RoleType role) {
- Long policyId = null;
- switch (role) {
- case User:
- policyId = new Long(Account.ACCOUNT_TYPE_NORMAL + 1);
- break;
-
- case Admin:
- policyId = new Long(Account.ACCOUNT_TYPE_ADMIN + 1);
- break;
-
- case DomainAdmin:
- policyId = new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1);
- break;
-
- case ResourceAdmin:
- policyId = new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1);
- break;
- }
-
- return policyId;
- }
-
- private void processMapping(Map<String, String> configMap) {
- for (Map.Entry<String, String> entry : configMap.entrySet()) {
- String apiName = entry.getKey();
- String roleMask = entry.getValue();
- commandsPropertiesOverrides.add(apiName);
- try {
- short cmdPermissions = Short.parseShort(roleMask);
- for (RoleType roleType : RoleType.values()) {
- if ((cmdPermissions & roleType.getValue()) != 0)
- commandsPropertiesRoleBasedApisMap.get(roleType).add(apiName);
- }
- } catch (NumberFormatException nfe) {
- s_logger.info("Malformed key=value pair for entry: " + entry.toString());
- }
- }
- }
-
- public List<PluggableService> getServices() {
- return _services;
- }
-
- @Inject
- public void setServices(List<PluggableService> services) {
- _services = services;
- }
-
- private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType role) {
-
- AccessType accessType = null;
- AclEntityType[] entityTypes = null;
- if (cmdClass != null) {
- BaseCmd cmdObj;
- try {
- cmdObj = (BaseCmd) cmdClass.newInstance();
- if (cmdObj instanceof BaseListCmd) {
- accessType = AccessType.UseEntry;
- } else if (!(cmdObj instanceof BaseAsyncCreateCmd)) {
- accessType = AccessType.OperateEntry;
- }
- } catch (Exception e) {
- throw new CloudRuntimeException(String.format(
- "%s is claimed as an API command, but it cannot be instantiated", cmdClass.getName()));
- }
-
- APICommand at = cmdClass.getAnnotation(APICommand.class);
- entityTypes = at.entityType();
- }
-
- PermissionScope permissionScope = PermissionScope.ACCOUNT;
- Long policyId = getDefaultPolicyId(role);
- switch (role) {
- case User:
- permissionScope = PermissionScope.ACCOUNT;
- break;
-
- case Admin:
- permissionScope = PermissionScope.ALL;
- break;
-
- case DomainAdmin:
- permissionScope = PermissionScope.DOMAIN;
- break;
-
- case ResourceAdmin:
- permissionScope = PermissionScope.DOMAIN;
- break;
- }
-
-
- if (entityTypes == null || entityTypes.length == 0) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
- apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
- } else {
- for (AclEntityType entityType : entityTypes) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
- apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
- }
- }
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
deleted file mode 100644
index 65249a6..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
+++ /dev/null
@@ -1,183 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.InternalIdentity;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.IAMService;
-
-import com.cloud.acl.DomainChecker;
-import com.cloud.domain.dao.DomainDao;
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.user.Account;
-import com.cloud.user.AccountService;
-
-public class RoleBasedEntityAccessChecker extends DomainChecker implements SecurityChecker {
-
- private static final Logger s_logger = Logger.getLogger(RoleBasedEntityAccessChecker.class.getName());
-
- @Inject
- AccountService _accountService;
-
- @Inject DomainDao _domainDao;
-
- @Inject
- IAMService _iamSrv;
-
-
- @Override
- public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType)
- throws PermissionDeniedException {
- return checkAccess(caller, entity, accessType, null);
- }
-
- @Override
- public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType, String action)
- throws PermissionDeniedException {
-
- if (entity == null && action != null) {
- // check if caller can do this action
- List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
-
- boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies);
- if (!isAllowed) {
- throw new PermissionDeniedException("The action '" + action + "' not allowed for account " + caller);
- }
- return true;
- }
-
- String entityType = entity.getEntityType().toString();
-
- if (accessType == null) {
- accessType = AccessType.UseEntry;
- }
-
- // get all Policies of this caller w.r.t the entity
- List<AclPolicy> policies = getEffectivePolicies(caller, entity);
- HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();
-
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> permissions = new ArrayList<AclPolicyPermission>();
-
- if (action != null) {
- permissions = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action, entityType);
- if (permissions.isEmpty()) {
- if (accessType != null) {
- permissions.addAll(_iamSrv.listPolicyPermissionByAccessAndEntity(policy.getId(),
- accessType.toString(), entityType));
- }
- }
- } else {
- if (accessType != null) {
- permissions.addAll(_iamSrv.listPolicyPermissionByAccessAndEntity(policy.getId(),
- accessType.toString(), entityType));
- }
- }
- for (AclPolicyPermission permission : permissions) {
- if (checkPermissionScope(caller, permission.getScope(), permission.getScopeId(), entity)) {
- if (permission.getEntityType().equals(entityType)) {
- policyPermissionMap.put(policy, permission.getPermission().isGranted());
- break;
- } else if (permission.getEntityType().equals("*")) {
- policyPermissionMap.put(policy, permission.getPermission().isGranted());
- }
- }
- }
- if (policyPermissionMap.containsKey(policy) && policyPermissionMap.get(policy)) {
- return true;
- }
- }
-
- if (!policies.isEmpty()) { // Since we reach this point, none of the
- // roles granted access
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("Account " + caller + " does not have permission to access resource " + entity
- + " for access type: " + accessType);
- }
- throw new PermissionDeniedException(caller + " does not have permission to access resource " + entity);
- }
-
- return false;
- }
-
- private boolean checkPermissionScope(Account caller, String scope, Long scopeId, ControlledEntity entity) {
-
- if(scopeId != null && !scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))){
- //scopeId is set
- if (scope.equals(PermissionScope.ACCOUNT.name())) {
- if(scopeId == entity.getAccountId()){
- return true;
- }
- } else if (scope.equals(PermissionScope.DOMAIN.name())) {
- if (_domainDao.isChildDomain(scopeId, entity.getDomainId())) {
- return true;
- }
- } else if (scope.equals(PermissionScope.RESOURCE.name())) {
- if (entity instanceof InternalIdentity) {
- InternalIdentity entityWithId = (InternalIdentity) entity;
- if(scopeId.equals(entityWithId.getId())){
- return true;
- }
- }
- }
- } else if (scopeId == null || scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))) {
- if (scope.equals(PermissionScope.ACCOUNT.name())) {
- if(caller.getAccountId() == entity.getAccountId()){
- return true;
- }
- } else if (scope.equals(PermissionScope.DOMAIN.name())) {
- if (_domainDao.isChildDomain(caller.getDomainId(), entity.getDomainId())) {
- return true;
- }
- }
- }
- return false;
- }
-
- private List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
-
- // Get the static Policies of the Caller
- List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
-
- // add any dynamic policies w.r.t the entity
- if (caller.getId() == entity.getAccountId()) {
- // The caller owns the entity
- policies.add(_iamSrv.getResourceOwnerPolicy());
- }
-
- List<AclGroup> groups = _iamSrv.listAclGroups(caller.getId());
- for (AclGroup group : groups) {
- // for each group find the grand parent groups.
- List<AclGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
- for (AclGroup parentGroup : parentGroups) {
- policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
- }
- }
-
- return policies;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
deleted file mode 100644
index 7b8715f..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
+++ /dev/null
@@ -1,145 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.IAMService;
-
-import com.cloud.user.Account;
-import com.cloud.utils.component.AdapterBase;
-
-public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySelector {
-
- private static final Logger s_logger = Logger.getLogger(RoleBasedEntityQuerySelector.class.getName());
-
- @Inject
- IAMService _iamService;
-
- @Override
- public List<Long> getAuthorizedDomains(Account caller, String action) {
- long accountId = caller.getAccountId();
- // Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
- // for each policy, find granted permission with Domain scope
- List<Long> domainIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.DOMAIN.toString());
- if (pp != null) {
- for (AclPolicyPermission p : pp) {
- if (p.getScopeId() != null) {
- if (p.getScopeId().longValue() == -1) {
- domainIds.add(caller.getDomainId());
- } else {
- domainIds.add(p.getScopeId());
- }
- }
- }
- }
- }
- return domainIds;
- }
-
- @Override
- public List<Long> getAuthorizedAccounts(Account caller, String action) {
- long accountId = caller.getAccountId();
- // Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
- // for each policy, find granted permission with Account scope
- List<Long> accountIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ACCOUNT.toString());
- if (pp != null) {
- for (AclPolicyPermission p : pp) {
- if (p.getScopeId() != null) {
- if (p.getScopeId().longValue() == -1) {
- accountIds.add(caller.getId());
- } else {
- accountIds.add(p.getScopeId());
- }
- }
- }
- }
- }
- return accountIds;
- }
-
- @Override
- public List<Long> getAuthorizedResources(Account caller, String action) {
- long accountId = caller.getAccountId();
- // Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
-
- // add the policies that grant recursive access
- List<AclGroup> groups = _iamService.listAclGroups(caller.getId());
- for (AclGroup group : groups) {
- // for each group find the grand parent groups.
- List<AclGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
- for (AclGroup parentGroup : parentGroups) {
- policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
- }
- }
-
- // for each policy, find granted permission with Resource scope
- List<Long> entityIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.RESOURCE.toString());
- if (pp != null) {
- for (AclPolicyPermission p : pp) {
- if (p.getScopeId() != null) {
- entityIds.add(p.getScopeId());
- }
- }
- }
- }
- return entityIds;
- }
-
- @Override
- public boolean isGrantedAll(Account caller, String action) {
- long accountId = caller.getAccountId();
- // Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
- // for each policy, find granted permission with ALL scope
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
- if (pp != null && pp.size() > 0) {
- return true;
- }
- }
- return false;
- }
-
- @Override
- public List<String> listAclGroupsByAccount(long accountId) {
- List<AclGroup> groups = _iamService.listAclGroups(accountId);
- List<String> groupNames = new ArrayList<String>();
- for (AclGroup grp : groups) {
- groupNames.add(grp.getName());
- }
- return groupNames;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
deleted file mode 100644
index 18064d8..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
+++ /dev/null
@@ -1,84 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.api;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-
-import com.cloud.user.Account;
-import com.cloud.utils.component.PluggableService;
-
-public interface AclApiService extends PluggableService {
-
- /* ACL group related interfaces */
- AclGroup createAclGroup(Account caller, String aclGroupName, String description);
-
- boolean deleteAclGroup(Long aclGroupId);
-
- List<AclGroup> listAclGroups(long accountId);
-
- AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
-
- AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
-
- /* ACL Policy related interfaces */
- AclPolicy createAclPolicy(Account caller, String aclPolicyName, String description, Long parentPolicyId);
-
- boolean deleteAclPolicy(long aclPolicyId);
-
- List<AclPolicy> listAclPolicies(long accountId);
-
- AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
-
- AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
-
- void attachAclPolicyToAccounts(Long policyId, List<Long> accountIds);
-
- void removeAclPolicyFromAccounts(Long policyId, List<Long> accountIds);
-
- AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId,
- String action, Permission perm, Boolean recursive);
-
- AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
-
- AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
-
- /* Utility routine to grant/revoke invidivual resource to list of accounts */
- void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
-
- void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
-
- /* Response Generation */
- AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
-
- AclGroupResponse createAclGroupResponse(AclGroup group);
-
- ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
- Long domainId, Long startIndex, Long pageSize);
-
- ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
- Long domainId, Long startIndex, Long pageSize);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
deleted file mode 100644
index a8fd2c5..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ /dev/null
@@ -1,690 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.api;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListCmd;
-import org.apache.cloudstack.api.command.acl.AddAccountToAclGroupCmd;
-import org.apache.cloudstack.api.command.acl.AddAclPermissionToAclPolicyCmd;
-import org.apache.cloudstack.api.command.acl.AttachAclPolicyToAccountCmd;
-import org.apache.cloudstack.api.command.acl.AttachAclPolicyToAclGroupCmd;
-import org.apache.cloudstack.api.command.acl.CreateAclGroupCmd;
-import org.apache.cloudstack.api.command.acl.CreateAclPolicyCmd;
-import org.apache.cloudstack.api.command.acl.DeleteAclGroupCmd;
-import org.apache.cloudstack.api.command.acl.DeleteAclPolicyCmd;
-import org.apache.cloudstack.api.command.acl.ListAclGroupsCmd;
-import org.apache.cloudstack.api.command.acl.ListAclPoliciesCmd;
-import org.apache.cloudstack.api.command.acl.RemoveAccountFromAclGroupCmd;
-import org.apache.cloudstack.api.command.acl.RemoveAclPermissionFromAclPolicyCmd;
-import org.apache.cloudstack.api.command.acl.RemoveAclPolicyFromAccountCmd;
-import org.apache.cloudstack.api.command.acl.RemoveAclPolicyFromAclGroupCmd;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPermissionResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.framework.messagebus.MessageBus;
-import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.api.IAMService;
-
-import com.cloud.api.ApiServerService;
-import com.cloud.domain.Domain;
-import com.cloud.domain.DomainVO;
-import com.cloud.domain.dao.DomainDao;
-import com.cloud.event.ActionEvent;
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.template.TemplateManager;
-import com.cloud.user.Account;
-import com.cloud.user.AccountManager;
-import com.cloud.user.AccountVO;
-import com.cloud.user.DomainManager;
-import com.cloud.user.dao.AccountDao;
-import com.cloud.utils.Pair;
-import com.cloud.utils.component.Manager;
-import com.cloud.utils.component.ManagerBase;
-import com.cloud.utils.db.DB;
-import com.cloud.utils.db.EntityManager;
-
-@Local(value = {AclApiService.class})
-public class AclApiServiceImpl extends ManagerBase implements AclApiService, Manager {
-
- public static final Logger s_logger = Logger.getLogger(AclApiServiceImpl.class);
- private String _name;
-
- @Inject
- ApiServerService _apiServer;
-
- @Inject
- IAMService _iamSrv;
-
- @Inject
- DomainDao _domainDao;
-
- @Inject
- AccountDao _accountDao;
-
- @Inject
- AccountManager _accountMgr;
-
- @Inject
- MessageBus _messageBus;
-
- @Override
- public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
- _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- HashMap<Long, Long> acctGroupMap = (HashMap<Long, Long>) obj;
- for (Long accountId : acctGroupMap.keySet()) {
- Long groupId = acctGroupMap.get(accountId);
- s_logger.debug("MessageBus message: new Account Added: " + accountId + ", adding it to groupId :"
- + groupId);
- addAccountToAclGroup(accountId, groupId);
- // add it to domain group too
- AccountVO account = _accountDao.findById(accountId);
- Domain domain = _domainDao.findById(account.getDomainId());
- if (domain != null) {
- List<AclGroup> domainGroups = listDomainGroup(domain);
-
- if (domainGroups != null) {
- for (AclGroup group : domainGroups) {
- addAccountToAclGroup(accountId, new Long(group.getId()));
- }
- }
- }
- }
- }
- });
-
- _messageBus.subscribe(AccountManager.MESSAGE_REMOVE_ACCOUNT_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long accountId = ((Long) obj);
- if (accountId != null) {
- s_logger.debug("MessageBus message: Account removed: " + accountId
- + ", releasing the group associations");
- removeAccountFromAclGroups(accountId);
- }
- }
- });
-
- _messageBus.subscribe(DomainManager.MESSAGE_ADD_DOMAIN_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long domainId = ((Long) obj);
- if (domainId != null) {
- s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
- Domain domain = _domainDao.findById(domainId);
- _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
- }
- }
- });
-
- _messageBus.subscribe(DomainManager.MESSAGE_REMOVE_DOMAIN_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long domainId = ((Long) obj);
- if (domainId != null) {
- s_logger.debug("MessageBus message: Domain removed: " + domainId + ", removing the domain group");
- Domain domain = _domainDao.findById(domainId);
- List<AclGroup> groups = listDomainGroup(domain);
- for (AclGroup group : groups) {
- _iamSrv.deleteAclGroup(group.getId());
- }
- }
- }
- });
-
- _messageBus.subscribe(TemplateManager.MESSAGE_REGISTER_PUBLIC_TEMPLATE_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long templateId = (Long)obj;
- if (templateId != null) {
- s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), AclEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), AclEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- }
- }
- });
-
- _messageBus.subscribe(TemplateManager.MESSAGE_RESET_TEMPLATE_PERMISSION_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long templateId = (Long)obj;
- if (templateId != null) {
- s_logger.debug("MessageBus message: reset template permission: " + templateId);
- resetTemplatePermission(templateId);
- }
- }
- });
-
- _messageBus.subscribe(EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Pair<AclEntityType, Long> entity = (Pair<AclEntityType, Long>)obj;
- if (entity != null) {
- String entityType = entity.first().toString();
- Long entityId = entity.second();
- s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
- _iamSrv.removeAclPermissionForEntity(entityType, entityId);
- }
- }
- });
-
-
- _messageBus.subscribe(EntityManager.MESSAGE_GRANT_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Map<String, Object> permit = (Map<String, Object>)obj;
- if (permit != null) {
- String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
- Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
- AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
- String action = (String)permit.get(ApiConstants.ACL_ACTION);
- List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
- s_logger.debug("MessageBus message: grant accounts permission to an entity: (" + entityType + "," + entityId + ")");
- grantEntityPermissioinToAccounts(entityType, entityId, accessType, action, acctIds);
- }
- }
- });
-
- _messageBus.subscribe(EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Map<String, Object> permit = (Map<String, Object>)obj;
- if (permit != null) {
- String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
- Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
- AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
- String action = (String)permit.get(ApiConstants.ACL_ACTION);
- List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
- s_logger.debug("MessageBus message: revoke from accounts permission to an entity: (" + entityType + "," + entityId + ")");
- revokeEntityPermissioinFromAccounts(entityType, entityId, accessType, action, acctIds);
- }
- }
- });
-
- _messageBus.subscribe(EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Map<String, Object> params = (Map<String, Object>) obj;
- if (params != null) {
- addDomainWideResourceAccess(params);
- }
- }
- });
-
- return super.configure(name, params);
- }
-
- private void addDomainWideResourceAccess(Map<String, Object> params) {
-
- AclEntityType entityType = (AclEntityType)params.get(ApiConstants.ENTITY_TYPE);
- Long entityId = (Long) params.get(ApiConstants.ENTITY_ID);
- Long domainId = (Long) params.get(ApiConstants.DOMAIN_ID);
- Boolean isRecursive = (Boolean) params.get(ApiConstants.SUBDOMAIN_ACCESS);
-
- if (entityType == AclEntityType.Network) {
- createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType.toString(),
- entityId, "listNetworks", AccessType.UseEntry, domainId, isRecursive);
- } else if (entityType == AclEntityType.AffinityGroup) {
- createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide affinityGroup", entityType.toString(),
- entityId, "listAffinityGroups", AccessType.UseEntry, domainId, isRecursive);
- }
-
- }
-
- private void createPolicyAndAddToDomainGroup(String policyName, String description, String entityType,
- Long entityId, String action, AccessType accessType, Long domainId, Boolean recursive) {
-
- Domain domain = _domainDao.findById(domainId);
- if (domain != null) {
- AclPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
- _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
- entityId, action, accessType.toString(), Permission.Allow, recursive);
- List<Long> policyList = new ArrayList<Long>();
- policyList.add(new Long(policy.getId()));
-
- List<AclGroup> domainGroups = listDomainGroup(domain);
- if (domainGroups != null) {
- for (AclGroup group : domainGroups) {
- _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
- }
- }
- }
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
- public AclGroup createAclGroup(Account caller, String aclGroupName, String description) {
- Long domainId = caller.getDomainId();
- Domain callerDomain = _domainDao.findById(domainId);
- if (callerDomain == null) {
- throw new InvalidParameterValueException("Caller does not have a domain");
- }
- return _iamSrv.createAclGroup(aclGroupName, description, callerDomain.getPath());
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_DELETE, eventDescription = "Deleting Acl Group")
- public boolean deleteAclGroup(final Long aclGroupId) {
- return _iamSrv.deleteAclGroup(aclGroupId);
- }
-
- @Override
- public List<AclGroup> listAclGroups(long accountId) {
- return _iamSrv.listAclGroups(accountId);
- }
-
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
- public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
- return _iamSrv.addAccountsToGroup(acctIds, groupId);
- }
-
-
- private void removeAccountFromAclGroups(long accountId) {
- List<AclGroup> groups = listAclGroups(accountId);
- List<Long> accts = new ArrayList<Long>();
- accts.add(accountId);
- if (groups != null) {
- for (AclGroup grp : groups) {
- removeAccountsFromGroup(accts, grp.getId());
- }
- }
- }
-
- private void addAccountToAclGroup(long accountId, long groupId) {
- List<Long> accts = new ArrayList<Long>();
- accts.add(accountId);
- addAccountsToGroup(accts, groupId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
- public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
- return _iamSrv.removeAccountsFromGroup(acctIds, groupId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_CREATE, eventDescription = "Creating Acl Policy", create = true)
- public AclPolicy createAclPolicy(Account caller, final String aclPolicyName, final String description, final Long parentPolicyId) {
- Long domainId = caller.getDomainId();
- Domain callerDomain = _domainDao.findById(domainId);
- if (callerDomain == null) {
- throw new InvalidParameterValueException("Caller does not have a domain");
- }
- return _iamSrv.createAclPolicy(aclPolicyName, description, parentPolicyId, callerDomain.getPath());
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_DELETE, eventDescription = "Deleting Acl Policy")
- public boolean deleteAclPolicy(final long aclPolicyId) {
- return _iamSrv.deleteAclPolicy(aclPolicyId);
- }
-
-
- @Override
- public List<AclPolicy> listAclPolicies(long accountId) {
- return _iamSrv.listAclPolicies(accountId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
- public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
- public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
- }
-
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
- public void attachAclPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
- public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_GRANT, eventDescription = "Granting acl permission to Acl Policy")
- public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope,
- Long scopeId, String action, Permission perm, Boolean recursive) {
- Class<?> cmdClass = _apiServer.getCmdClass(action);
- AccessType accessType = null;
- if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
- accessType = AccessType.UseEntry;
- }
- return _iamSrv.addAclPermissionToAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action,
- accessType.toString(), perm, recursive);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_REVOKE, eventDescription = "Revoking acl permission from Acl Policy")
- public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
- return _iamSrv.removeAclPermissionFromAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action);
- }
-
- @Override
- public AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action) {
- List<AclPolicy> policies = _iamSrv.listAclPolicies(accountId);
- AclPolicyPermission curPerm = null;
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
- entityType);
- if (perms == null || perms.size() == 0)
- continue;
- AclPolicyPermission perm = perms.get(0); // just pick one
- if (curPerm == null) {
- curPerm = perm;
- } else if (PermissionScope.valueOf(perm.getScope()).greaterThan(PermissionScope.valueOf(curPerm.getScope()))) {
- // pick the more relaxed allowed permission
- curPerm = perm;
- }
- }
-
- return curPerm;
- }
-
-
- @Override
- public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
- AclPolicyResponse response = new AclPolicyResponse();
- response.setId(policy.getUuid());
- response.setName(policy.getName());
- response.setDescription(policy.getDescription());
- String domainPath = policy.getPath();
- if (domainPath != null) {
- DomainVO domain = _domainDao.findDomainByPath(domainPath);
- if (domain != null) {
- response.setDomainId(domain.getUuid());
- response.setDomainName(domain.getName());
- }
- }
- long accountId = policy.getAccountId();
- AccountVO owner = _accountDao.findById(accountId);
- if (owner != null) {
- response.setAccountName(owner.getAccountName());
- }
- // find permissions associated with this policy
- List<AclPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
- if (permissions != null && permissions.size() > 0) {
- for (AclPolicyPermission permission : permissions) {
- AclPermissionResponse perm = new AclPermissionResponse();
- perm.setAction(permission.getAction());
- if (permission.getEntityType() != null) {
- perm.setEntityType(AclEntityType.valueOf(permission.getEntityType()));
- }
- if (permission.getScope() != null) {
- perm.setScope(PermissionScope.valueOf(permission.getScope()));
- }
- perm.setScopeId(permission.getScopeId());
- perm.setPermission(permission.getPermission());
- response.addPermission(perm);
- }
- }
- response.setObjectName("aclpolicy");
- return response;
- }
-
- @Override
- public AclGroupResponse createAclGroupResponse(AclGroup group) {
- AclGroupResponse response = new AclGroupResponse();
- response.setId(group.getUuid());
- response.setName(group.getName());
- response.setDescription(group.getDescription());
- String domainPath = group.getPath();
- if (domainPath != null) {
- DomainVO domain = _domainDao.findDomainByPath(domainPath);
- if (domain != null) {
- response.setDomainId(domain.getUuid());
- response.setDomainName(domain.getName());
- }
- }
- long accountId = group.getAccountId();
- AccountVO owner = _accountDao.findById(accountId);
- if (owner != null) {
- response.setAccountName(owner.getAccountName());
- }
- // find all the members in this group
- List<Long> members = _iamSrv.listAccountsByGroup(group.getId());
- if (members != null && members.size() > 0) {
- for (Long member : members) {
- AccountVO mem = _accountDao.findById(member);
- if (mem != null) {
- response.addMemberAccount(mem.getAccountName());
- }
- }
- }
-
- // find all the policies attached to this group
- List<AclPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
- if (policies != null && policies.size() > 0) {
- for (AclPolicy policy : policies) {
- response.addPolicy(policy.getName());
- }
- }
-
- response.setObjectName("aclgroup");
- return response;
-
- }
-
- public List<AclGroup> listDomainGroup(Domain domain) {
-
- if (domain != null) {
- String domainPath = domain.getPath();
- // search for groups
- Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
- domainPath, null, null);
- return result.first();
- }
- return new ArrayList<AclGroup>();
-
- }
-
- @Override
- public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
- // acl check
- Account caller = CallContext.current().getCallingAccount();
-
- Domain domain = null;
- if (domainId != null) {
- domain = _domainDao.findById(domainId);
- if (domain == null) {
- throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
- }
-
- _accountMgr.checkAccess(caller, domain);
- } else {
- domain = _domainDao.findById(caller.getDomainId());
- }
- String domainPath = domain.getPath();
- // search for groups
- Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(aclGroupId, aclGroupName, domainPath, startIndex, pageSize);
- // generate group response
- ListResponse<AclGroupResponse> response = new ListResponse<AclGroupResponse>();
- List<AclGroupResponse> groupResponses = new ArrayList<AclGroupResponse>();
- for (AclGroup group : result.first()) {
- AclGroupResponse resp = createAclGroupResponse(group);
- groupResponses.add(resp);
- }
- response.setResponses(groupResponses, result.second());
- return response;
- }
-
- @Override
- public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
- Long pageSize) {
- // acl check
- Account caller = CallContext.current().getCallingAccount();
-
- Domain domain = null;
- if (domainId != null) {
- domain = _domainDao.findById(domainId);
- if (domain == null) {
- throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
- }
-
- _accountMgr.checkAccess(caller, domain);
- } else {
- domain = _domainDao.findById(caller.getDomainId());
- }
- String domainPath = domain.getPath();
- // search for policies
- Pair<List<AclPolicy>, Integer> result = _iamSrv.listAclPolicies(aclPolicyId, aclPolicyName, domainPath, startIndex, pageSize);
- // generate policy response
- ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
- List<AclPolicyResponse> policyResponses = new ArrayList<AclPolicyResponse>();
- for (AclPolicy policy : result.first()) {
- AclPolicyResponse resp = createAclPolicyResponse(policy);
- policyResponses.add(resp);
- }
- response.setResponses(policyResponses, result.second());
- return response;
- }
-
- @Override
- public void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
- // check if there is already a policy with only this permission added to it
- AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
- if (policy == null) {
- // not found, just create a policy with resource grant permission
- Account caller = CallContext.current().getCallingAccount();
- String aclPolicyName = "policyGrant" + entityType + entityId;
- String description = "Policy to grant permission to " + entityType + entityId;
- policy = createAclPolicy(caller, aclPolicyName, description, null);
- // add permission to this policy
- addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
- }
- // attach this policy to list of accounts if not attached already
- Long policyId = policy.getId();
- for (Long acctId : accountIds) {
- if (!isPolicyAttachedToAccount(policyId, acctId)) {
- attachAclPolicyToAccounts(policyId, Collections.singletonList(acctId));
- }
- }
- }
-
- @Override
- public void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
- // there should already a policy with only this permission added to it, this call is mainly used
- AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
- if (policy == null) {
- s_logger.warn("Cannot find a policy associated with this entity permissioin to be revoked, just return");
- return;
- }
- // detach this policy from list of accounts if not detached already
- Long policyId = policy.getId();
- for (Long acctId : accountIds) {
- if (isPolicyAttachedToAccount(policyId, acctId)) {
- removeAclPolicyFromAccounts(policyId, Collections.singletonList(acctId));
- }
- }
-
- }
-
- private boolean isPolicyAttachedToAccount(Long policyId, Long accountId) {
- List<AclPolicy> pList = listAclPolicies(accountId);
- for (AclPolicy p : pList) {
- if (p.getId() == policyId.longValue()) {
- return true;
- }
- }
- return false;
- }
-
- private void resetTemplatePermission(Long templateId){
- // reset template will change template to private, so we need to remove its permission for domain admin and normal user group
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), AclEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), AclEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
- // check if there is a policy with only UseEntry permission for this template added
- AclPolicy policy = _iamSrv.getResourceGrantPolicy(AclEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
- if ( policy == null ){
- s_logger.info("No policy found for this template grant: " + templateId + ", no detach to be done");
- return;
- }
- // delete the policy, which should detach it from groups and accounts
- _iamSrv.deleteAclPolicy(policy.getId());
-
- }
-
- @Override
- public List<Class<?>> getCommands() {
- List<Class<?>> cmdList = new ArrayList<Class<?>>();
- cmdList.add(CreateAclPolicyCmd.class);
- cmdList.add(DeleteAclPolicyCmd.class);
- cmdList.add(ListAclPoliciesCmd.class);
- cmdList.add(AddAclPermissionToAclPolicyCmd.class);
- cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
- cmdList.add(AttachAclPolicyToAclGroupCmd.class);
- cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
- cmdList.add(CreateAclGroupCmd.class);
- cmdList.add(DeleteAclGroupCmd.class);
- cmdList.add(ListAclGroupsCmd.class);
- cmdList.add(AddAccountToAclGroupCmd.class);
- cmdList.add(RemoveAccountFromAclGroupCmd.class);
- cmdList.add(AttachAclPolicyToAccountCmd.class);
- cmdList.add(RemoveAclPolicyFromAccountCmd.class);
- return cmdList;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAccountToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAccountToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAccountToAclGroupCmd.java
deleted file mode 100644
index f951e5d..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAccountToAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAccountToAclGroup", description = "add account to an acl group", responseObject = AclGroupResponse.class)
-public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName());
- private static final String s_name = "addaccounttoaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.addAccountsToGroup(accountIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding accounts to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAclPermissionToAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAclPermissionToAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAclPermissionToAclPolicyCmd.java
deleted file mode 100644
index 9b047fd..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAclPermissionToAclPolicyCmd.java
+++ /dev/null
@@ -1,151 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAclPermissionToAclPolicy", description = "Add Acl permission to an acl policy", responseObject = AclPolicyResponse.class)
-public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName());
- private static final String s_name = "addaclpermissiontoaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
- private String action;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
- required = false, description = "acl permission scope")
- private String scope;
-
- @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public String getAction() {
- return action;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public String getScope() {
- return scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- // Only explicit ALLOW is supported for this release, no explicit deny
- AclPolicy result = _aclApiSrv.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope),
- scopeId, action, Permission.Allow, false);
- if (result != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl policy " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_GRANT;
- }
-
- @Override
- public String getEventDescription() {
- return "granting permission to acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAccountCmd.java
deleted file mode 100644
index 2b0b0a9..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAccountCmd.java
+++ /dev/null
@@ -1,122 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "attachAclPolicyToAccount", description = "attach acl policy to accounts", responseObject = SuccessResponse.class)
-public class AttachAclPolicyToAccountCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAccountCmd.class.getName());
- private static final String s_name = "attachaclpolicytoaccountresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that the policy will attach to.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- _aclApiSrv.attachAclPolicyToAccounts(id, accountIdList);
- SuccessResponse response = new SuccessResponse();
- response.setResponseName(getCommandName());
- setResponseObject(response);
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding acl policy to accounts";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.Account;
- }
-
-}
[17/18] git commit: updated refs/heads/rbac to 45a96e4
Posted by pr...@apache.org.
Renaming all beans in the xml files to use IAM insteda of Acl
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/57b687e8
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/57b687e8
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/57b687e8
Branch: refs/heads/rbac
Commit: 57b687e8b61b769229efbdaed3ae047cf697fc81
Parents: 6309887
Author: Prachi Damle <pr...@cloud.com>
Authored: Tue Feb 25 16:58:42 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 16:58:42 2014 -0800
----------------------------------------------------------------------
.../cloudstack/core/spring-iam-server-context.xml | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57b687e8/services/iam/server/resources/META-INF/cloudstack/core/spring-iam-server-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/server/resources/META-INF/cloudstack/core/spring-iam-server-context.xml b/services/iam/server/resources/META-INF/cloudstack/core/spring-iam-server-context.xml
index 82faa70..c9f383f 100644
--- a/services/iam/server/resources/META-INF/cloudstack/core/spring-iam-server-context.xml
+++ b/services/iam/server/resources/META-INF/cloudstack/core/spring-iam-server-context.xml
@@ -27,12 +27,12 @@
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
>
- <bean id="AclGroupDaoImpl" class="org.apache.cloudstack.iam.server.dao.AclGroupDaoImpl" />
- <bean id="AclPolicyDaoImpl" class="org.apache.cloudstack.iam.server.dao.AclPolicyDaoImpl" />
- <bean id="AclGroupAccountMapDaoImpl" class="org.apache.cloudstack.iam.server.dao.AclGroupAccountMapDaoImpl" />
- <bean id="AclGroupPolicyMapDaoImpl" class="org.apache.cloudstack.iam.server.dao.AclGroupPolicyMapDaoImpl" />
- <bean id="AclPolicyPermissionDaoImpl" class="org.apache.cloudstack.iam.server.dao.AclPolicyPermissionDaoImpl" />
- <bean id="AclAccountPolicyMapDaoImpl" class="org.apache.cloudstack.iam.server.dao.AclAccountPolicyMapDaoImpl" />
+ <bean id="IAMGroupDaoImpl" class="org.apache.cloudstack.iam.server.dao.IAMGroupDaoImpl" />
+ <bean id="IAMPolicyDaoImpl" class="org.apache.cloudstack.iam.server.dao.IAMPolicyDaoImpl" />
+ <bean id="IAMGroupAccountMapDaoImpl" class="org.apache.cloudstack.iam.server.dao.IAMGroupAccountMapDaoImpl" />
+ <bean id="IAMGroupPolicyMapDaoImpl" class="org.apache.cloudstack.iam.server.dao.IAMGroupPolicyMapDaoImpl" />
+ <bean id="IAMPolicyPermissionDaoImpl" class="org.apache.cloudstack.iam.server.dao.IAMPolicyPermissionDaoImpl" />
+ <bean id="IAMAccountPolicyMapDaoImpl" class="org.apache.cloudstack.iam.server.dao.IAMAccountPolicyMapDaoImpl" />
<bean id="IAMServiceImpl" class="org.apache.cloudstack.iam.server.IAMServiceImpl" />
[18/18] git commit: updated refs/heads/rbac to 45a96e4
Posted by pr...@apache.org.
renaming Acl to IAM in module.properties for the plugin
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/45a96e4e
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/45a96e4e
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/45a96e4e
Branch: refs/heads/rbac
Commit: 45a96e4e4cb8978fbbb64c2da3cfe493789900b8
Parents: 57b687e
Author: Prachi Damle <pr...@cloud.com>
Authored: Tue Feb 25 17:02:41 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 17:02:41 2014 -0800
----------------------------------------------------------------------
.../module.properties | 18 ----------
.../spring-iam-access-checkers-context.xml | 35 --------------------
.../iam-access-checkers/module.properties | 18 ++++++++++
.../spring-iam-access-checkers-context.xml | 35 ++++++++++++++++++++
4 files changed, 53 insertions(+), 53 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/45a96e4e/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties
deleted file mode 100644
index 206e1b0..0000000
--- a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties
+++ /dev/null
@@ -1,18 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-name=acl-role-based-access-checkers
-parent=api
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/45a96e4e/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
deleted file mode 100644
index fb0ddf3..0000000
--- a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-3.0.xsd"
- >
-
- <bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.iam.RoleBasedAPIAccessChecker" />
- <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.iam.RoleBasedEntityAccessChecker" />
- <bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.iam.RoleBasedEntityQuerySelector" />
- <bean id="AclApiServiceImpl" class="org.apache.cloudstack.iam.AclApiServiceImpl" />
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/45a96e4e/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/module.properties
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/module.properties b/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/module.properties
new file mode 100644
index 0000000..c87480d
--- /dev/null
+++ b/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/module.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+name=iam-access-checkers
+parent=api
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/45a96e4e/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/spring-iam-access-checkers-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/spring-iam-access-checkers-context.xml b/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/spring-iam-access-checkers-context.xml
new file mode 100644
index 0000000..983bf08
--- /dev/null
+++ b/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/spring-iam-access-checkers-context.xml
@@ -0,0 +1,35 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+ >
+
+ <bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.iam.RoleBasedAPIAccessChecker" />
+ <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.iam.RoleBasedEntityAccessChecker" />
+ <bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.iam.RoleBasedEntityQuerySelector" />
+ <bean id="IAMApiServiceImpl" class="org.apache.cloudstack.iam.IAMApiServiceImpl" />
+
+</beans>
[13/18] iam/plugin: Rename Acl to IAM everywhere
Posted by pr...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
deleted file mode 100644
index 68b4df9..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
+++ /dev/null
@@ -1,125 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.iam;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.acl.IAMEntityType;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-
-import com.cloud.serializer.Param;
-
-public class AclPermissionResponse extends BaseResponse {
-
- @SerializedName(ApiConstants.ACL_ACTION)
- @Param(description = "action of this permission")
- private String action;
-
- @SerializedName(ApiConstants.ENTITY_TYPE)
- @Param(description = "the entity type of this permission")
- private IAMEntityType entityType;
-
- @SerializedName(ApiConstants.ACL_SCOPE)
- @Param(description = "scope of this permission")
- private PermissionScope scope;
-
- @SerializedName(ApiConstants.ACL_SCOPE_ID)
- @Param(description = "scope id of this permission")
- private Long scopeId;
-
- @SerializedName(ApiConstants.ACL_ALLOW_DENY)
- @Param(description = "allow or deny of this permission")
- private AclPolicyPermission.Permission permission;
-
- public IAMEntityType getEntityType() {
- return entityType;
- }
-
- public void setEntityType(IAMEntityType entityType) {
- this.entityType = entityType;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public PermissionScope getScope() {
- return scope;
- }
-
- public void setScope(PermissionScope scope) {
- this.scope = scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
- public void setScopeId(Long scopeId) {
- this.scopeId = scopeId;
- }
-
- public AclPolicyPermission.Permission getPermission() {
- return permission;
- }
-
- public void setPermission(AclPolicyPermission.Permission permission) {
- this.permission = permission;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((action == null) ? 0 : action.hashCode());
- result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
- result = prime * result + ((scope == null) ? 0 : scope.hashCode());
- result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclPermissionResponse other = (AclPermissionResponse) obj;
- if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
- return false;
- } else if ((action == null && other.action != null) || !action.equals(other.action)) {
- return false;
- } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
- return false;
- } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
- return false;
- }
- return true;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
deleted file mode 100644
index 12d90de..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
+++ /dev/null
@@ -1,177 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.iam;
-
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.api.EntityReference;
-import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.serializer.Param;
-
-@SuppressWarnings("unused")
-@EntityReference(value = AclPolicy.class)
-public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
-
- @SerializedName(ApiConstants.ID)
- @Param(description = "the ID of the acl policy")
- private String id;
-
- @SerializedName(ApiConstants.NAME)
- @Param(description = "the name of the acl policy")
- private String name;
-
- @SerializedName(ApiConstants.DESCRIPTION)
- @Param(description = "the description of the acl policy")
- private String description;
-
- @SerializedName(ApiConstants.DOMAIN_ID)
- @Param(description = "the domain ID of the acl policy")
- private String domainId;
-
- @SerializedName(ApiConstants.DOMAIN)
- @Param(description = "the domain name of the acl policy")
- private String domainName;
-
- @SerializedName(ApiConstants.ACCOUNT)
- @Param(description = "the account owning the policy")
- private String accountName;
-
- @SerializedName(ApiConstants.ACL_PERMISSIONS)
- @Param(description = "set of permissions for the acl policy")
- private Set<AclPermissionResponse> permissionList;
-
- public AclPolicyResponse() {
- permissionList = new LinkedHashSet<AclPermissionResponse>();
- }
-
- @Override
- public String getObjectId() {
- return getId();
- }
-
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
-
- public void setName(String name) {
- this.name = name;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- @Override
- public void setDomainId(String domainId) {
- this.domainId = domainId;
- }
-
- @Override
- public void setDomainName(String domainName) {
- this.domainName = domainName;
- }
-
- public Set<AclPermissionResponse> getPermissionList() {
- return permissionList;
- }
-
- public void setPermissionList(Set<AclPermissionResponse> perms) {
- permissionList = perms;
- }
-
- public void addPermission(AclPermissionResponse perm) {
- permissionList.add(perm);
- }
-
- @Override
- public void setAccountName(String accountName) {
- this.accountName = accountName;
- }
-
- @Override
- public void setProjectId(String projectId) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void setProjectName(String projectName) {
- // TODO Auto-generated method stub
-
- }
-
- public String getName() {
- return name;
- }
-
- public String getDescription() {
- return description;
- }
-
- public String getDomainId() {
- return domainId;
- }
-
- public String getDomainName() {
- return domainName;
- }
-
- public String getAccountName() {
- return accountName;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclPolicyResponse other = (AclPolicyResponse) obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java
new file mode 100644
index 0000000..af28d53
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java
@@ -0,0 +1,193 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.serializer.Param;
+
+@SuppressWarnings("unused")
+@EntityReference(value = IAMGroup.class)
+public class IAMGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
+
+ @SerializedName(ApiConstants.ID)
+ @Param(description = "the ID of the iam group")
+ private String id;
+
+ @SerializedName(ApiConstants.NAME)
+ @Param(description = "the name of the iam group")
+ private String name;
+
+ @SerializedName(ApiConstants.DESCRIPTION)
+ @Param(description = "the description of the iam group")
+ private String description;
+
+ @SerializedName(ApiConstants.DOMAIN_ID)
+ @Param(description = "the domain ID of the iam group")
+ private String domainId;
+
+ @SerializedName(ApiConstants.DOMAIN)
+ @Param(description = "the domain name of the iam role")
+ private String domainName;
+
+ @SerializedName(ApiConstants.ACCOUNT)
+ @Param(description = "the account owning the policy")
+ private String accountName;
+
+ @SerializedName(ApiConstants.IAM_MEMBER_ACCOUNTS)
+ @Param(description = "account names assigned to this iam group ")
+ private Set<String> accountNameList;
+
+ @SerializedName(ApiConstants.IAM_POLICIES)
+ @Param(description = "iam policies attached to this iam group ")
+ private Set<String> policyNameList;
+
+ public IAMGroupResponse() {
+ accountNameList = new LinkedHashSet<String>();
+ policyNameList = new LinkedHashSet<String>();
+ }
+
+ @Override
+ public String getObjectId() {
+ return getId();
+ }
+
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ @Override
+ public void setDomainId(String domainId) {
+ this.domainId = domainId;
+ }
+
+ @Override
+ public void setDomainName(String domainName) {
+ this.domainName = domainName;
+ }
+
+ @Override
+ public void setAccountName(String accountName) {
+ this.accountName = accountName;
+
+ }
+
+ @Override
+ public void setProjectId(String projectId) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setProjectName(String projectName) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public String getDomainId() {
+ return domainId;
+ }
+
+ public String getDomainName() {
+ return domainName;
+ }
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public Set<String> getAccountNameList() {
+ return accountNameList;
+ }
+
+ public void setMemberAccounts(Set<String> accts) {
+ accountNameList = accts;
+ }
+
+ public void addMemberAccount(String acct) {
+ accountNameList.add(acct);
+ }
+
+ public void setPolicyList(Set<String> policies) {
+ policyNameList = policies;
+ }
+
+ public void addPolicy(String policy) {
+ policyNameList.add(policy);
+ }
+
+ public Set<String> getPolicyList() {
+ return policyNameList;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((id == null) ? 0 : id.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ IAMGroupResponse other = (IAMGroupResponse)obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ return true;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
new file mode 100644
index 0000000..b7af4da
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
@@ -0,0 +1,125 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+
+import com.cloud.serializer.Param;
+
+public class IAMPermissionResponse extends BaseResponse {
+
+ @SerializedName(ApiConstants.IAM_ACTION)
+ @Param(description = "action of this permission")
+ private String action;
+
+ @SerializedName(ApiConstants.ENTITY_TYPE)
+ @Param(description = "the entity type of this permission")
+ private IAMEntityType entityType;
+
+ @SerializedName(ApiConstants.IAM_SCOPE)
+ @Param(description = "scope of this permission")
+ private PermissionScope scope;
+
+ @SerializedName(ApiConstants.IAM_SCOPE_ID)
+ @Param(description = "scope id of this permission")
+ private Long scopeId;
+
+ @SerializedName(ApiConstants.IAM_ALLOW_DENY)
+ @Param(description = "allow or deny of this permission")
+ private IAMPolicyPermission.Permission permission;
+
+ public IAMEntityType getEntityType() {
+ return entityType;
+ }
+
+ public void setEntityType(IAMEntityType entityType) {
+ this.entityType = entityType;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public PermissionScope getScope() {
+ return scope;
+ }
+
+ public void setScope(PermissionScope scope) {
+ this.scope = scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+ public void setScopeId(Long scopeId) {
+ this.scopeId = scopeId;
+ }
+
+ public IAMPolicyPermission.Permission getPermission() {
+ return permission;
+ }
+
+ public void setPermission(IAMPolicyPermission.Permission permission) {
+ this.permission = permission;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((action == null) ? 0 : action.hashCode());
+ result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
+ result = prime * result + ((scope == null) ? 0 : scope.hashCode());
+ result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ IAMPermissionResponse other = (IAMPermissionResponse) obj;
+ if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
+ return false;
+ } else if ((action == null && other.action != null) || !action.equals(other.action)) {
+ return false;
+ } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
+ return false;
+ } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
+ return false;
+ }
+ return true;
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java
new file mode 100644
index 0000000..dc29369
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java
@@ -0,0 +1,177 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+
+import com.cloud.serializer.Param;
+
+@SuppressWarnings("unused")
+@EntityReference(value = IAMPolicy.class)
+public class IAMPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
+
+ @SerializedName(ApiConstants.ID)
+ @Param(description = "the ID of the iam policy")
+ private String id;
+
+ @SerializedName(ApiConstants.NAME)
+ @Param(description = "the name of the iam policy")
+ private String name;
+
+ @SerializedName(ApiConstants.DESCRIPTION)
+ @Param(description = "the description of the iam policy")
+ private String description;
+
+ @SerializedName(ApiConstants.DOMAIN_ID)
+ @Param(description = "the domain ID of the iam policy")
+ private String domainId;
+
+ @SerializedName(ApiConstants.DOMAIN)
+ @Param(description = "the domain name of the iam policy")
+ private String domainName;
+
+ @SerializedName(ApiConstants.ACCOUNT)
+ @Param(description = "the account owning the policy")
+ private String accountName;
+
+ @SerializedName(ApiConstants.IAM_PERMISSIONS)
+ @Param(description = "set of permissions for the iam policy")
+ private Set<IAMPermissionResponse> permissionList;
+
+ public IAMPolicyResponse() {
+ permissionList = new LinkedHashSet<IAMPermissionResponse>();
+ }
+
+ @Override
+ public String getObjectId() {
+ return getId();
+ }
+
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ @Override
+ public void setDomainId(String domainId) {
+ this.domainId = domainId;
+ }
+
+ @Override
+ public void setDomainName(String domainName) {
+ this.domainName = domainName;
+ }
+
+ public Set<IAMPermissionResponse> getPermissionList() {
+ return permissionList;
+ }
+
+ public void setPermissionList(Set<IAMPermissionResponse> perms) {
+ permissionList = perms;
+ }
+
+ public void addPermission(IAMPermissionResponse perm) {
+ permissionList.add(perm);
+ }
+
+ @Override
+ public void setAccountName(String accountName) {
+ this.accountName = accountName;
+ }
+
+ @Override
+ public void setProjectId(String projectId) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setProjectName(String projectName) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public String getDomainId() {
+ return domainId;
+ }
+
+ public String getDomainName() {
+ return domainName;
+ }
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((id == null) ? 0 : id.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ IAMPolicyResponse other = (IAMPolicyResponse) obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ return true;
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
deleted file mode 100644
index 0cb1e22..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
+++ /dev/null
@@ -1,84 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-
-import com.cloud.user.Account;
-import com.cloud.utils.component.PluggableService;
-
-public interface AclApiService extends PluggableService {
-
- /* ACL group related interfaces */
- AclGroup createAclGroup(Account caller, String aclGroupName, String description);
-
- boolean deleteAclGroup(Long aclGroupId);
-
- List<AclGroup> listAclGroups(long accountId);
-
- AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
-
- AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
-
- /* ACL Policy related interfaces */
- AclPolicy createAclPolicy(Account caller, String aclPolicyName, String description, Long parentPolicyId);
-
- boolean deleteAclPolicy(long aclPolicyId);
-
- List<AclPolicy> listAclPolicies(long accountId);
-
- AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
-
- AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
-
- void attachAclPolicyToAccounts(Long policyId, List<Long> accountIds);
-
- void removeAclPolicyFromAccounts(Long policyId, List<Long> accountIds);
-
- AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId,
- String action, Permission perm, Boolean recursive);
-
- AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
-
- AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
-
- /* Utility routine to grant/revoke invidivual resource to list of accounts */
- void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
-
- void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
-
- /* Response Generation */
- AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
-
- AclGroupResponse createAclGroupResponse(AclGroup group);
-
- ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
- Long domainId, Long startIndex, Long pageSize);
-
- ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
- Long domainId, Long startIndex, Long pageSize);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
deleted file mode 100644
index 996f8d4..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
+++ /dev/null
@@ -1,690 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.IAMEntityType;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListCmd;
-import org.apache.cloudstack.api.command.iam.AddAccountToAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.AddAclPermissionToAclPolicyCmd;
-import org.apache.cloudstack.api.command.iam.AttachAclPolicyToAccountCmd;
-import org.apache.cloudstack.api.command.iam.AttachAclPolicyToAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.CreateAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.CreateAclPolicyCmd;
-import org.apache.cloudstack.api.command.iam.DeleteAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.DeleteAclPolicyCmd;
-import org.apache.cloudstack.api.command.iam.ListAclGroupsCmd;
-import org.apache.cloudstack.api.command.iam.ListAclPoliciesCmd;
-import org.apache.cloudstack.api.command.iam.RemoveAccountFromAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.RemoveAclPermissionFromAclPolicyCmd;
-import org.apache.cloudstack.api.command.iam.RemoveAclPolicyFromAccountCmd;
-import org.apache.cloudstack.api.command.iam.RemoveAclPolicyFromAclGroupCmd;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPermissionResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.framework.messagebus.MessageBus;
-import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.api.IAMService;
-
-import com.cloud.api.ApiServerService;
-import com.cloud.domain.Domain;
-import com.cloud.domain.DomainVO;
-import com.cloud.domain.dao.DomainDao;
-import com.cloud.event.ActionEvent;
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.template.TemplateManager;
-import com.cloud.user.Account;
-import com.cloud.user.AccountManager;
-import com.cloud.user.AccountVO;
-import com.cloud.user.DomainManager;
-import com.cloud.user.dao.AccountDao;
-import com.cloud.utils.Pair;
-import com.cloud.utils.component.Manager;
-import com.cloud.utils.component.ManagerBase;
-import com.cloud.utils.db.DB;
-import com.cloud.utils.db.EntityManager;
-
-@Local(value = {AclApiService.class})
-public class AclApiServiceImpl extends ManagerBase implements AclApiService, Manager {
-
- public static final Logger s_logger = Logger.getLogger(AclApiServiceImpl.class);
- private String _name;
-
- @Inject
- ApiServerService _apiServer;
-
- @Inject
- IAMService _iamSrv;
-
- @Inject
- DomainDao _domainDao;
-
- @Inject
- AccountDao _accountDao;
-
- @Inject
- AccountManager _accountMgr;
-
- @Inject
- MessageBus _messageBus;
-
- @Override
- public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
- _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- HashMap<Long, Long> acctGroupMap = (HashMap<Long, Long>) obj;
- for (Long accountId : acctGroupMap.keySet()) {
- Long groupId = acctGroupMap.get(accountId);
- s_logger.debug("MessageBus message: new Account Added: " + accountId + ", adding it to groupId :"
- + groupId);
- addAccountToAclGroup(accountId, groupId);
- // add it to domain group too
- AccountVO account = _accountDao.findById(accountId);
- Domain domain = _domainDao.findById(account.getDomainId());
- if (domain != null) {
- List<AclGroup> domainGroups = listDomainGroup(domain);
-
- if (domainGroups != null) {
- for (AclGroup group : domainGroups) {
- addAccountToAclGroup(accountId, new Long(group.getId()));
- }
- }
- }
- }
- }
- });
-
- _messageBus.subscribe(AccountManager.MESSAGE_REMOVE_ACCOUNT_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long accountId = ((Long) obj);
- if (accountId != null) {
- s_logger.debug("MessageBus message: Account removed: " + accountId
- + ", releasing the group associations");
- removeAccountFromAclGroups(accountId);
- }
- }
- });
-
- _messageBus.subscribe(DomainManager.MESSAGE_ADD_DOMAIN_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long domainId = ((Long) obj);
- if (domainId != null) {
- s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
- Domain domain = _domainDao.findById(domainId);
- _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
- }
- }
- });
-
- _messageBus.subscribe(DomainManager.MESSAGE_REMOVE_DOMAIN_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long domainId = ((Long) obj);
- if (domainId != null) {
- s_logger.debug("MessageBus message: Domain removed: " + domainId + ", removing the domain group");
- Domain domain = _domainDao.findById(domainId);
- List<AclGroup> groups = listDomainGroup(domain);
- for (AclGroup group : groups) {
- _iamSrv.deleteAclGroup(group.getId());
- }
- }
- }
- });
-
- _messageBus.subscribe(TemplateManager.MESSAGE_REGISTER_PUBLIC_TEMPLATE_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long templateId = (Long)obj;
- if (templateId != null) {
- s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- }
- }
- });
-
- _messageBus.subscribe(TemplateManager.MESSAGE_RESET_TEMPLATE_PERMISSION_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long templateId = (Long)obj;
- if (templateId != null) {
- s_logger.debug("MessageBus message: reset template permission: " + templateId);
- resetTemplatePermission(templateId);
- }
- }
- });
-
- _messageBus.subscribe(EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Pair<IAMEntityType, Long> entity = (Pair<IAMEntityType, Long>)obj;
- if (entity != null) {
- String entityType = entity.first().toString();
- Long entityId = entity.second();
- s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
- _iamSrv.removeAclPermissionForEntity(entityType, entityId);
- }
- }
- });
-
-
- _messageBus.subscribe(EntityManager.MESSAGE_GRANT_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Map<String, Object> permit = (Map<String, Object>)obj;
- if (permit != null) {
- String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
- Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
- AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
- String action = (String)permit.get(ApiConstants.ACL_ACTION);
- List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
- s_logger.debug("MessageBus message: grant accounts permission to an entity: (" + entityType + "," + entityId + ")");
- grantEntityPermissioinToAccounts(entityType, entityId, accessType, action, acctIds);
- }
- }
- });
-
- _messageBus.subscribe(EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Map<String, Object> permit = (Map<String, Object>)obj;
- if (permit != null) {
- String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
- Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
- AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
- String action = (String)permit.get(ApiConstants.ACL_ACTION);
- List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
- s_logger.debug("MessageBus message: revoke from accounts permission to an entity: (" + entityType + "," + entityId + ")");
- revokeEntityPermissioinFromAccounts(entityType, entityId, accessType, action, acctIds);
- }
- }
- });
-
- _messageBus.subscribe(EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Map<String, Object> params = (Map<String, Object>) obj;
- if (params != null) {
- addDomainWideResourceAccess(params);
- }
- }
- });
-
- return super.configure(name, params);
- }
-
- private void addDomainWideResourceAccess(Map<String, Object> params) {
-
- IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);
- Long entityId = (Long) params.get(ApiConstants.ENTITY_ID);
- Long domainId = (Long) params.get(ApiConstants.DOMAIN_ID);
- Boolean isRecursive = (Boolean) params.get(ApiConstants.SUBDOMAIN_ACCESS);
-
- if (entityType == IAMEntityType.Network) {
- createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType.toString(),
- entityId, "listNetworks", AccessType.UseEntry, domainId, isRecursive);
- } else if (entityType == IAMEntityType.AffinityGroup) {
- createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide affinityGroup", entityType.toString(),
- entityId, "listAffinityGroups", AccessType.UseEntry, domainId, isRecursive);
- }
-
- }
-
- private void createPolicyAndAddToDomainGroup(String policyName, String description, String entityType,
- Long entityId, String action, AccessType accessType, Long domainId, Boolean recursive) {
-
- Domain domain = _domainDao.findById(domainId);
- if (domain != null) {
- AclPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
- _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
- entityId, action, accessType.toString(), Permission.Allow, recursive);
- List<Long> policyList = new ArrayList<Long>();
- policyList.add(new Long(policy.getId()));
-
- List<AclGroup> domainGroups = listDomainGroup(domain);
- if (domainGroups != null) {
- for (AclGroup group : domainGroups) {
- _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
- }
- }
- }
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
- public AclGroup createAclGroup(Account caller, String aclGroupName, String description) {
- Long domainId = caller.getDomainId();
- Domain callerDomain = _domainDao.findById(domainId);
- if (callerDomain == null) {
- throw new InvalidParameterValueException("Caller does not have a domain");
- }
- return _iamSrv.createAclGroup(aclGroupName, description, callerDomain.getPath());
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_DELETE, eventDescription = "Deleting Acl Group")
- public boolean deleteAclGroup(final Long aclGroupId) {
- return _iamSrv.deleteAclGroup(aclGroupId);
- }
-
- @Override
- public List<AclGroup> listAclGroups(long accountId) {
- return _iamSrv.listAclGroups(accountId);
- }
-
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
- public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
- return _iamSrv.addAccountsToGroup(acctIds, groupId);
- }
-
-
- private void removeAccountFromAclGroups(long accountId) {
- List<AclGroup> groups = listAclGroups(accountId);
- List<Long> accts = new ArrayList<Long>();
- accts.add(accountId);
- if (groups != null) {
- for (AclGroup grp : groups) {
- removeAccountsFromGroup(accts, grp.getId());
- }
- }
- }
-
- private void addAccountToAclGroup(long accountId, long groupId) {
- List<Long> accts = new ArrayList<Long>();
- accts.add(accountId);
- addAccountsToGroup(accts, groupId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
- public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
- return _iamSrv.removeAccountsFromGroup(acctIds, groupId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_CREATE, eventDescription = "Creating Acl Policy", create = true)
- public AclPolicy createAclPolicy(Account caller, final String aclPolicyName, final String description, final Long parentPolicyId) {
- Long domainId = caller.getDomainId();
- Domain callerDomain = _domainDao.findById(domainId);
- if (callerDomain == null) {
- throw new InvalidParameterValueException("Caller does not have a domain");
- }
- return _iamSrv.createAclPolicy(aclPolicyName, description, parentPolicyId, callerDomain.getPath());
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_DELETE, eventDescription = "Deleting Acl Policy")
- public boolean deleteAclPolicy(final long aclPolicyId) {
- return _iamSrv.deleteAclPolicy(aclPolicyId);
- }
-
-
- @Override
- public List<AclPolicy> listAclPolicies(long accountId) {
- return _iamSrv.listAclPolicies(accountId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
- public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
- public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
- }
-
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
- public void attachAclPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
- public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_GRANT, eventDescription = "Granting acl permission to Acl Policy")
- public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope,
- Long scopeId, String action, Permission perm, Boolean recursive) {
- Class<?> cmdClass = _apiServer.getCmdClass(action);
- AccessType accessType = null;
- if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
- accessType = AccessType.UseEntry;
- }
- return _iamSrv.addAclPermissionToAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action,
- accessType.toString(), perm, recursive);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_REVOKE, eventDescription = "Revoking acl permission from Acl Policy")
- public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
- return _iamSrv.removeAclPermissionFromAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action);
- }
-
- @Override
- public AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action) {
- List<AclPolicy> policies = _iamSrv.listAclPolicies(accountId);
- AclPolicyPermission curPerm = null;
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
- entityType);
- if (perms == null || perms.size() == 0)
- continue;
- AclPolicyPermission perm = perms.get(0); // just pick one
- if (curPerm == null) {
- curPerm = perm;
- } else if (PermissionScope.valueOf(perm.getScope()).greaterThan(PermissionScope.valueOf(curPerm.getScope()))) {
- // pick the more relaxed allowed permission
- curPerm = perm;
- }
- }
-
- return curPerm;
- }
-
-
- @Override
- public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
- AclPolicyResponse response = new AclPolicyResponse();
- response.setId(policy.getUuid());
- response.setName(policy.getName());
- response.setDescription(policy.getDescription());
- String domainPath = policy.getPath();
- if (domainPath != null) {
- DomainVO domain = _domainDao.findDomainByPath(domainPath);
- if (domain != null) {
- response.setDomainId(domain.getUuid());
- response.setDomainName(domain.getName());
- }
- }
- long accountId = policy.getAccountId();
- AccountVO owner = _accountDao.findById(accountId);
- if (owner != null) {
- response.setAccountName(owner.getAccountName());
- }
- // find permissions associated with this policy
- List<AclPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
- if (permissions != null && permissions.size() > 0) {
- for (AclPolicyPermission permission : permissions) {
- AclPermissionResponse perm = new AclPermissionResponse();
- perm.setAction(permission.getAction());
- if (permission.getEntityType() != null) {
- perm.setEntityType(IAMEntityType.valueOf(permission.getEntityType()));
- }
- if (permission.getScope() != null) {
- perm.setScope(PermissionScope.valueOf(permission.getScope()));
- }
- perm.setScopeId(permission.getScopeId());
- perm.setPermission(permission.getPermission());
- response.addPermission(perm);
- }
- }
- response.setObjectName("aclpolicy");
- return response;
- }
-
- @Override
- public AclGroupResponse createAclGroupResponse(AclGroup group) {
- AclGroupResponse response = new AclGroupResponse();
- response.setId(group.getUuid());
- response.setName(group.getName());
- response.setDescription(group.getDescription());
- String domainPath = group.getPath();
- if (domainPath != null) {
- DomainVO domain = _domainDao.findDomainByPath(domainPath);
- if (domain != null) {
- response.setDomainId(domain.getUuid());
- response.setDomainName(domain.getName());
- }
- }
- long accountId = group.getAccountId();
- AccountVO owner = _accountDao.findById(accountId);
- if (owner != null) {
- response.setAccountName(owner.getAccountName());
- }
- // find all the members in this group
- List<Long> members = _iamSrv.listAccountsByGroup(group.getId());
- if (members != null && members.size() > 0) {
- for (Long member : members) {
- AccountVO mem = _accountDao.findById(member);
- if (mem != null) {
- response.addMemberAccount(mem.getAccountName());
- }
- }
- }
-
- // find all the policies attached to this group
- List<AclPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
- if (policies != null && policies.size() > 0) {
- for (AclPolicy policy : policies) {
- response.addPolicy(policy.getName());
- }
- }
-
- response.setObjectName("aclgroup");
- return response;
-
- }
-
- public List<AclGroup> listDomainGroup(Domain domain) {
-
- if (domain != null) {
- String domainPath = domain.getPath();
- // search for groups
- Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
- domainPath, null, null);
- return result.first();
- }
- return new ArrayList<AclGroup>();
-
- }
-
- @Override
- public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
- // acl check
- Account caller = CallContext.current().getCallingAccount();
-
- Domain domain = null;
- if (domainId != null) {
- domain = _domainDao.findById(domainId);
- if (domain == null) {
- throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
- }
-
- _accountMgr.checkAccess(caller, domain);
- } else {
- domain = _domainDao.findById(caller.getDomainId());
- }
- String domainPath = domain.getPath();
- // search for groups
- Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(aclGroupId, aclGroupName, domainPath, startIndex, pageSize);
- // generate group response
- ListResponse<AclGroupResponse> response = new ListResponse<AclGroupResponse>();
- List<AclGroupResponse> groupResponses = new ArrayList<AclGroupResponse>();
- for (AclGroup group : result.first()) {
- AclGroupResponse resp = createAclGroupResponse(group);
- groupResponses.add(resp);
- }
- response.setResponses(groupResponses, result.second());
- return response;
- }
-
- @Override
- public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
- Long pageSize) {
- // acl check
- Account caller = CallContext.current().getCallingAccount();
-
- Domain domain = null;
- if (domainId != null) {
- domain = _domainDao.findById(domainId);
- if (domain == null) {
- throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
- }
-
- _accountMgr.checkAccess(caller, domain);
- } else {
- domain = _domainDao.findById(caller.getDomainId());
- }
- String domainPath = domain.getPath();
- // search for policies
- Pair<List<AclPolicy>, Integer> result = _iamSrv.listAclPolicies(aclPolicyId, aclPolicyName, domainPath, startIndex, pageSize);
- // generate policy response
- ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
- List<AclPolicyResponse> policyResponses = new ArrayList<AclPolicyResponse>();
- for (AclPolicy policy : result.first()) {
- AclPolicyResponse resp = createAclPolicyResponse(policy);
- policyResponses.add(resp);
- }
- response.setResponses(policyResponses, result.second());
- return response;
- }
-
- @Override
- public void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
- // check if there is already a policy with only this permission added to it
- AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
- if (policy == null) {
- // not found, just create a policy with resource grant permission
- Account caller = CallContext.current().getCallingAccount();
- String aclPolicyName = "policyGrant" + entityType + entityId;
- String description = "Policy to grant permission to " + entityType + entityId;
- policy = createAclPolicy(caller, aclPolicyName, description, null);
- // add permission to this policy
- addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
- }
- // attach this policy to list of accounts if not attached already
- Long policyId = policy.getId();
- for (Long acctId : accountIds) {
- if (!isPolicyAttachedToAccount(policyId, acctId)) {
- attachAclPolicyToAccounts(policyId, Collections.singletonList(acctId));
- }
- }
- }
-
- @Override
- public void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
- // there should already a policy with only this permission added to it, this call is mainly used
- AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
- if (policy == null) {
- s_logger.warn("Cannot find a policy associated with this entity permissioin to be revoked, just return");
- return;
- }
- // detach this policy from list of accounts if not detached already
- Long policyId = policy.getId();
- for (Long acctId : accountIds) {
- if (isPolicyAttachedToAccount(policyId, acctId)) {
- removeAclPolicyFromAccounts(policyId, Collections.singletonList(acctId));
- }
- }
-
- }
-
- private boolean isPolicyAttachedToAccount(Long policyId, Long accountId) {
- List<AclPolicy> pList = listAclPolicies(accountId);
- for (AclPolicy p : pList) {
- if (p.getId() == policyId.longValue()) {
- return true;
- }
- }
- return false;
- }
-
- private void resetTemplatePermission(Long templateId){
- // reset template will change template to private, so we need to remove its permission for domain admin and normal user group
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
- // check if there is a policy with only UseEntry permission for this template added
- AclPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
- if ( policy == null ){
- s_logger.info("No policy found for this template grant: " + templateId + ", no detach to be done");
- return;
- }
- // delete the policy, which should detach it from groups and accounts
- _iamSrv.deleteAclPolicy(policy.getId());
-
- }
-
- @Override
- public List<Class<?>> getCommands() {
- List<Class<?>> cmdList = new ArrayList<Class<?>>();
- cmdList.add(CreateAclPolicyCmd.class);
- cmdList.add(DeleteAclPolicyCmd.class);
- cmdList.add(ListAclPoliciesCmd.class);
- cmdList.add(AddAclPermissionToAclPolicyCmd.class);
- cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
- cmdList.add(AttachAclPolicyToAclGroupCmd.class);
- cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
- cmdList.add(CreateAclGroupCmd.class);
- cmdList.add(DeleteAclGroupCmd.class);
- cmdList.add(ListAclGroupsCmd.class);
- cmdList.add(AddAccountToAclGroupCmd.class);
- cmdList.add(RemoveAccountFromAclGroupCmd.class);
- cmdList.add(AttachAclPolicyToAccountCmd.class);
- cmdList.add(RemoveAclPolicyFromAccountCmd.class);
- return cmdList;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
new file mode 100644
index 0000000..b9e680a
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
@@ -0,0 +1,84 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.List;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+
+import com.cloud.user.Account;
+import com.cloud.utils.component.PluggableService;
+
+public interface IAMApiService extends PluggableService {
+
+ /* ACL group related interfaces */
+ IAMGroup createIAMGroup(Account caller, String iamGroupName, String description);
+
+ boolean deleteIAMGroup(Long iamGroupId);
+
+ List<IAMGroup> listIAMGroups(long accountId);
+
+ IAMGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
+
+ IAMGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
+
+ /* IAM Policy related interfaces */
+ IAMPolicy createIAMPolicy(Account caller, String iamPolicyName, String description, Long parentPolicyId);
+
+ boolean deleteIAMPolicy(long iamPolicyId);
+
+ List<IAMPolicy> listIAMPolicies(long accountId);
+
+ IAMGroup attachIAMPoliciesToGroup(List<Long> policyIds, Long groupId);
+
+ IAMGroup removeIAMPoliciesFromGroup(List<Long> policyIds, Long groupId);
+
+ void attachIAMPolicyToAccounts(Long policyId, List<Long> accountIds);
+
+ void removeIAMPolicyFromAccounts(Long policyId, List<Long> accountIds);
+
+ IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId,
+ String action, Permission perm, Boolean recursive);
+
+ IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
+
+ IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action);
+
+ /* Utility routine to grant/revoke invidivual resource to list of accounts */
+ void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
+
+ void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
+
+ /* Response Generation */
+ IAMPolicyResponse createIAMPolicyResponse(IAMPolicy policy);
+
+ IAMGroupResponse createIAMGroupResponse(IAMGroup group);
+
+ ListResponse<IAMGroupResponse> listIAMGroups(Long iamGroupId, String iamGroupName,
+ Long domainId, Long startIndex, Long pageSize);
+
+ ListResponse<IAMPolicyResponse> listIAMPolicies(Long iamPolicyId, String iamPolicyName,
+ Long domainId, Long startIndex, Long pageSize);
+}
[15/18] git commit: updated refs/heads/rbac to 45a96e4
Posted by pr...@apache.org.
iam/plugin: Rename Acl to IAM everywhere
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/187f9cd0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/187f9cd0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/187f9cd0
Branch: refs/heads/rbac
Commit: 187f9cd0a2c5e0c1709605a1909a742e8dbba839
Parents: b2ba6c0
Author: Prachi Damle <pr...@cloud.com>
Authored: Mon Feb 24 16:59:27 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 16:43:23 2014 -0800
----------------------------------------------------------------------
api/src/com/cloud/event/EventTypes.java | 22 +-
.../cloudstack/api/ApiCommandJobType.java | 4 +-
.../org/apache/cloudstack/api/ApiConstants.java | 26 +-
.../api/response/AccountResponse.java | 2 +-
.../com/cloud/template/TemplateManagerImpl.java | 4 +-
...g-acl-role-based-access-checkers-context.xml | 35 -
.../spring-iam-access-checkers-context.xml | 35 +
.../command/iam/AddAccountToAclGroupCmd.java | 127 ----
.../command/iam/AddAccountToIAMGroupCmd.java | 127 ++++
.../iam/AddAclPermissionToAclPolicyCmd.java | 151 ----
.../iam/AddIAMPermissionToIAMPolicyCmd.java | 152 ++++
.../iam/AttachAclPolicyToAccountCmd.java | 122 ----
.../iam/AttachAclPolicyToAclGroupCmd.java | 127 ----
.../iam/AttachIAMPolicyToAccountCmd.java | 122 ++++
.../iam/AttachIAMPolicyToIAMGroupCmd.java | 127 ++++
.../api/command/iam/CreateAclGroupCmd.java | 168 -----
.../api/command/iam/CreateAclPolicyCmd.java | 175 -----
.../api/command/iam/CreateIAMGroupCmd.java | 168 +++++
.../api/command/iam/CreateIAMPolicyCmd.java | 175 +++++
.../api/command/iam/DeleteAclGroupCmd.java | 102 ---
.../api/command/iam/DeleteAclPolicyCmd.java | 102 ---
.../api/command/iam/DeleteIAMGroupCmd.java | 102 +++
.../api/command/iam/DeleteIAMPolicyCmd.java | 102 +++
.../api/command/iam/ListAclGroupsCmd.java | 88 ---
.../api/command/iam/ListAclPoliciesCmd.java | 88 ---
.../api/command/iam/ListIAMGroupsCmd.java | 88 +++
.../api/command/iam/ListIAMPoliciesCmd.java | 88 +++
.../iam/RemoveAccountFromAclGroupCmd.java | 127 ----
.../iam/RemoveAccountFromIAMGroupCmd.java | 127 ++++
.../RemoveAclPermissionFromAclPolicyCmd.java | 147 ----
.../iam/RemoveAclPolicyFromAccountCmd.java | 122 ----
.../iam/RemoveAclPolicyFromAclGroupCmd.java | 127 ----
.../RemoveIAMPermissionFromIAMPolicyCmd.java | 147 ++++
.../iam/RemoveIAMPolicyFromAccountCmd.java | 122 ++++
.../iam/RemoveIAMPolicyFromIAMGroupCmd.java | 127 ++++
.../api/response/iam/AclGroupResponse.java | 193 ------
.../api/response/iam/AclPermissionResponse.java | 125 ----
.../api/response/iam/AclPolicyResponse.java | 177 -----
.../api/response/iam/IAMGroupResponse.java | 193 ++++++
.../api/response/iam/IAMPermissionResponse.java | 125 ++++
.../api/response/iam/IAMPolicyResponse.java | 177 +++++
.../apache/cloudstack/iam/AclApiService.java | 84 ---
.../cloudstack/iam/AclApiServiceImpl.java | 690 -------------------
.../apache/cloudstack/iam/IAMApiService.java | 84 +++
.../cloudstack/iam/IAMApiServiceImpl.java | 690 +++++++++++++++++++
.../iam/RoleBasedAPIAccessChecker.java | 12 +-
.../iam/RoleBasedEntityAccessChecker.java | 34 +-
.../iam/RoleBasedEntityQuerySelector.java | 48 +-
.../cloudstack/acl/AclApiServiceTest.java | 357 ----------
.../cloudstack/iam/test/IAMApiServiceTest.java | 363 ++++++++++
.../org/apache/cloudstack/iam/api/AclGroup.java | 37 -
.../apache/cloudstack/iam/api/AclPolicy.java | 41 --
.../cloudstack/iam/api/AclPolicyPermission.java | 53 --
.../org/apache/cloudstack/iam/api/IAMGroup.java | 37 +
.../apache/cloudstack/iam/api/IAMPolicy.java | 41 ++
.../cloudstack/iam/api/IAMPolicyPermission.java | 53 ++
.../apache/cloudstack/iam/api/IAMService.java | 48 +-
.../iam/server/AclAccountPolicyMapVO.java | 77 ---
.../iam/server/AclGroupAccountMapVO.java | 78 ---
.../iam/server/AclGroupPolicyMapVO.java | 79 ---
.../cloudstack/iam/server/AclGroupVO.java | 122 ----
.../iam/server/AclPolicyPermissionVO.java | 181 -----
.../cloudstack/iam/server/AclPolicyVO.java | 138 ----
.../iam/server/IAMAccountPolicyMapVO.java | 77 +++
.../iam/server/IAMGroupAccountMapVO.java | 78 +++
.../iam/server/IAMGroupPolicyMapVO.java | 79 +++
.../cloudstack/iam/server/IAMGroupVO.java | 122 ++++
.../iam/server/IAMPolicyPermissionVO.java | 181 +++++
.../cloudstack/iam/server/IAMPolicyVO.java | 138 ++++
.../cloudstack/iam/server/IAMServiceImpl.java | 282 ++++----
.../iam/server/dao/AclAccountPolicyMapDao.java | 17 -
.../server/dao/AclAccountPolicyMapDaoImpl.java | 61 --
.../iam/server/dao/AclGroupAccountMapDao.java | 40 --
.../server/dao/AclGroupAccountMapDaoImpl.java | 119 ----
.../cloudstack/iam/server/dao/AclGroupDao.java | 28 -
.../iam/server/dao/AclGroupDaoImpl.java | 59 --
.../iam/server/dao/AclGroupPolicyMapDao.java | 16 -
.../server/dao/AclGroupPolicyMapDaoImpl.java | 61 --
.../cloudstack/iam/server/dao/AclPolicyDao.java | 28 -
.../iam/server/dao/AclPolicyDaoImpl.java | 57 --
.../iam/server/dao/AclPolicyPermissionDao.java | 39 --
.../server/dao/AclPolicyPermissionDaoImpl.java | 129 ----
.../iam/server/dao/IAMAccountPolicyMapDao.java | 17 +
.../server/dao/IAMAccountPolicyMapDaoImpl.java | 61 ++
.../iam/server/dao/IAMGroupAccountMapDao.java | 40 ++
.../server/dao/IAMGroupAccountMapDaoImpl.java | 119 ++++
.../cloudstack/iam/server/dao/IAMGroupDao.java | 28 +
.../iam/server/dao/IAMGroupDaoImpl.java | 59 ++
.../iam/server/dao/IAMGroupPolicyMapDao.java | 16 +
.../server/dao/IAMGroupPolicyMapDaoImpl.java | 61 ++
.../cloudstack/iam/server/dao/IAMPolicyDao.java | 28 +
.../iam/server/dao/IAMPolicyDaoImpl.java | 57 ++
.../iam/server/dao/IAMPolicyPermissionDao.java | 39 ++
.../server/dao/IAMPolicyPermissionDaoImpl.java | 129 ++++
.../cloudstack/iam/IAMServiceUnitTest.java | 76 +-
setup/db/db/schema-430to440.sql | 76 +-
96 files changed, 5218 insertions(+), 5211 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/api/src/com/cloud/event/EventTypes.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java
index ea49624..d0ade89 100755
--- a/api/src/com/cloud/event/EventTypes.java
+++ b/api/src/com/cloud/event/EventTypes.java
@@ -455,17 +455,17 @@ public class EventTypes {
public static final String EVENT_UCS_ASSOCIATED_PROFILE = "UCS.ASSOCIATEPROFILE";
- public static final String EVENT_ACL_POLICY_CREATE = "ACLPOLICY.CREATE";
- public static final String EVENT_ACL_POLICY_DELETE = "ACLPOLICY.DELETE";
- public static final String EVENT_ACL_POLICY_GRANT = "ACLPOLICY.GRANT";
- public static final String EVENT_ACL_POLICY_REVOKE = "ACLPOLICY.REVOKE";
-
- public static final String EVENT_ACL_GROUP_UPDATE = "ACLGROUP.UPDATE";
- public static final String EVENT_ACL_GROUP_CREATE = "ACLGROUP.CREATE";
- public static final String EVENT_ACL_GROUP_DELETE = "ACLGROUP.DELETE";
- public static final String EVENT_ACL_GROUP_GRANT = "ACLGROUP.GRANT";
- public static final String EVENT_ACL_GROUP_REVOKE = "ACLGROUP.REVOKE";
- public static final String EVENT_ACL_ACCOUNT_POLICY_UPDATE = "ACLACCOUNTPOLICY.UPDATE";
+ public static final String EVENT_IAM_POLICY_CREATE = "IAMPOLICY.CREATE";
+ public static final String EVENT_IAM_POLICY_DELETE = "IAMPOLICY.DELETE";
+ public static final String EVENT_IAM_POLICY_GRANT = "IAMPOLICY.GRANT";
+ public static final String EVENT_IAM_POLICY_REVOKE = "IAMPOLICY.REVOKE";
+
+ public static final String EVENT_IAM_GROUP_UPDATE = "IAMGROUP.UPDATE";
+ public static final String EVENT_IAM_GROUP_CREATE = "IAMGROUP.CREATE";
+ public static final String EVENT_IAM_GROUP_DELETE = "IAMGROUP.DELETE";
+ public static final String EVENT_IAM_GROUP_GRANT = "IAMGROUP.GRANT";
+ public static final String EVENT_IAM_GROUP_REVOKE = "IAMGROUP.REVOKE";
+ public static final String EVENT_IAM_ACCOUNT_POLICY_UPDATE = "IAMACCOUNTPOLICY.UPDATE";
// Object store migration
public static final String EVENT_MIGRATE_PREPARE_SECONDARY_STORAGE = "MIGRATE.PREPARE.SS";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiCommandJobType.java b/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
index 0e79e66..f27f001 100644
--- a/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
+++ b/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
@@ -50,6 +50,6 @@ public enum ApiCommandJobType {
AffinityGroup,
InternalLbVm,
DedicatedGuestVlanRange,
- AclPolicy,
- AclGroup
+ IAMPolicy,
+ IAMGroup
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index 3535872..b34f106 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -543,19 +543,19 @@ public class ApiConstants {
public static final String ROUTING = "isrouting";
public static final String MAX_CONNECTIONS = "maxconnections";
public static final String SERVICE_STATE = "servicestate";
- public static final String ACL_ACCOUNT_IDS = "accountids";
- public static final String ACL_MEMBER_ACCOUNTS = "memberaccounts";
- public static final String ACL_PARENT_POLICY_ID = "parentpolicyid";
- public static final String ACL_PARENT_POLICY_NAME = "parentpolicyname";
- public static final String ACL_POLICY_IDS = "policyids";
- public static final String ACL_POLICIES = "policies";
- public static final String ACL_APIS = "apis";
- public static final String ACL_GROUPS = "groups";
- public static final String ACL_PERMISSIONS = "permission";
- public static final String ACL_ACTION = "action";
- public static final String ACL_SCOPE = "scope";
- public static final String ACL_SCOPE_ID = "scopeid";
- public static final String ACL_ALLOW_DENY = "permission";
+ public static final String IAM_ACCOUNT_IDS = "accountids";
+ public static final String IAM_MEMBER_ACCOUNTS = "memberaccounts";
+ public static final String IAM_PARENT_POLICY_ID = "parentpolicyid";
+ public static final String IAM_PARENT_POLICY_NAME = "parentpolicyname";
+ public static final String IAM_POLICY_IDS = "policyids";
+ public static final String IAM_POLICIES = "policies";
+ public static final String IAM_APIS = "apis";
+ public static final String IAM_GROUPS = "groups";
+ public static final String IAM_PERMISSIONS = "permission";
+ public static final String IAM_ACTION = "action";
+ public static final String IAM_SCOPE = "scope";
+ public static final String IAM_SCOPE_ID = "scopeid";
+ public static final String IAM_ALLOW_DENY = "permission";
public static final String ENTITY_TYPE = "entitytype";
public static final String ENTITY_ID = "entityid";
public static final String ACCESS_TYPE = "accesstype";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/api/src/org/apache/cloudstack/api/response/AccountResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/AccountResponse.java b/api/src/org/apache/cloudstack/api/response/AccountResponse.java
index 7d36785..991b162 100644
--- a/api/src/org/apache/cloudstack/api/response/AccountResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/AccountResponse.java
@@ -239,7 +239,7 @@ public class AccountResponse extends BaseResponse implements ResourceLimitAndCou
@Param(description = "true if account is default, false otherwise", since = "4.2.0")
private Boolean isDefault;
- @SerializedName(ApiConstants.ACL_GROUPS)
+ @SerializedName(ApiConstants.IAM_GROUPS)
@Param(description = "the list of acl groups that account belongs to")
private List<String> groups;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/server/src/com/cloud/template/TemplateManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/TemplateManagerImpl.java b/server/src/com/cloud/template/TemplateManagerImpl.java
index a8aa785..f27fb74 100755
--- a/server/src/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/com/cloud/template/TemplateManagerImpl.java
@@ -1273,7 +1273,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
permit.put(ApiConstants.ENTITY_TYPE, IAMEntityType.VirtualMachineTemplate.toString());
permit.put(ApiConstants.ENTITY_ID, id);
permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry);
- permit.put(ApiConstants.ACL_ACTION, "listTemplates");
+ permit.put(ApiConstants.IAM_ACTION, "listTemplates");
permit.put(ApiConstants.ACCOUNTS, accountIds);
_messageBus.publish(_name, EntityManager.MESSAGE_GRANT_ENTITY_EVENT, PublishScope.LOCAL, permit);
} else if ("remove".equalsIgnoreCase(operation)) {
@@ -1290,7 +1290,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
permit.put(ApiConstants.ENTITY_TYPE, IAMEntityType.VirtualMachineTemplate.toString());
permit.put(ApiConstants.ENTITY_ID, id);
permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry);
- permit.put(ApiConstants.ACL_ACTION, "listTemplates");
+ permit.put(ApiConstants.IAM_ACTION, "listTemplates");
permit.put(ApiConstants.ACCOUNTS, accountIds);
_messageBus.publish(_name, EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, PublishScope.LOCAL, permit);
} else if ("reset".equalsIgnoreCase(operation)) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
deleted file mode 100644
index 5cc2dbd..0000000
--- a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-3.0.xsd"
- >
-
- <bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.acl.RoleBasedAPIAccessChecker" />
- <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.acl.RoleBasedEntityAccessChecker" />
- <bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.acl.RoleBasedEntityQuerySelector" />
- <bean id="AclApiServiceImpl" class="org.apache.cloudstack.acl.api.AclApiServiceImpl" />
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
new file mode 100644
index 0000000..fb0ddf3
--- /dev/null
+++ b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
@@ -0,0 +1,35 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+ >
+
+ <bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.iam.RoleBasedAPIAccessChecker" />
+ <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.iam.RoleBasedEntityAccessChecker" />
+ <bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.iam.RoleBasedEntityQuerySelector" />
+ <bean id="AclApiServiceImpl" class="org.apache.cloudstack.iam.AclApiServiceImpl" />
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
deleted file mode 100644
index b63f635..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAccountToAclGroup", description = "add account to an acl group", responseObject = AclGroupResponse.class)
-public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName());
- private static final String s_name = "addaccounttoaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.addAccountsToGroup(accountIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding accounts to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java
new file mode 100644
index 0000000..bea3fc9
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "addAccountToIAMGroup", description = "add account to an iam group", responseObject = IAMGroupResponse.class)
+public class AddAccountToIAMGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AddAccountToIAMGroupCmd.class.getName());
+ private static final String s_name = "addaccounttoiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ required = true, description = "The ID of the iam group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the iam group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM group Id: " + getId());
+ IAMGroup result = _iamApiSrv.addAccountsToGroup(accountIdList, id);
+ if (result != null){
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to iam group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding accounts to iam group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
deleted file mode 100644
index e0ecb50..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
+++ /dev/null
@@ -1,151 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAclPermissionToAclPolicy", description = "Add Acl permission to an acl policy", responseObject = AclPolicyResponse.class)
-public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName());
- private static final String s_name = "addaclpermissiontoaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
- private String action;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
- required = false, description = "acl permission scope")
- private String scope;
-
- @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public String getAction() {
- return action;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public String getScope() {
- return scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- // Only explicit ALLOW is supported for this release, no explicit deny
- AclPolicy result = _aclApiSrv.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope),
- scopeId, action, Permission.Allow, false);
- if (result != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl policy " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_GRANT;
- }
-
- @Override
- public String getEventDescription() {
- return "granting permission to acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
new file mode 100644
index 0000000..86afd10
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
@@ -0,0 +1,152 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "addIAMPermissionToIAMPolicy", description = "Add IAM permission to an iam policy", responseObject = IAMPolicyResponse.class)
+public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AddIAMPermissionToIAMPolicyCmd.class.getName());
+ private static final String s_name = "addiampermissiontoiampolicyresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMPolicyResponse.class,
+ required = true, description = "The ID of the iam policy")
+ private Long id;
+
+ @Parameter(name = ApiConstants.IAM_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
+ private String action;
+
+ @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
+ private String entityType;
+
+ @Parameter(name = ApiConstants.IAM_SCOPE, type = CommandType.STRING,
+ required = false, description = "iam permission scope")
+ private String scope;
+
+ @Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
+ private Long scopeId;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getEntityType() {
+ return entityType;
+ }
+
+ public String getScope() {
+ return scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM policy Id: " + getId());
+ // Only explicit ALLOW is supported for this release, no explicit deny
+ IAMPolicy result = _iamApiSrv.addIAMPermissionToIAMPolicy(id, entityType, PermissionScope.valueOf(scope),
+ scopeId, action, Permission.Allow, false);
+ if (result != null) {
+ IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to iam policy "
+ + getId());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_POLICY_GRANT;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "granting permission to iam policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
deleted file mode 100644
index c16f8bd..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
+++ /dev/null
@@ -1,122 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "attachAclPolicyToAccount", description = "attach acl policy to accounts", responseObject = SuccessResponse.class)
-public class AttachAclPolicyToAccountCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAccountCmd.class.getName());
- private static final String s_name = "attachaclpolicytoaccountresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that the policy will attach to.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- _aclApiSrv.attachAclPolicyToAccounts(id, accountIdList);
- SuccessResponse response = new SuccessResponse();
- response.setResponseName(getCommandName());
- setResponseObject(response);
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding acl policy to accounts";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.Account;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
deleted file mode 100644
index cd2a3d5..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "attachAclPolicyToAclGroup", description = "attach acl policy to an acl group", responseObject = AclGroupResponse.class)
-public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName());
- private static final String s_name = "attachaclpolicytoaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> policyIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getPolicyIdList() {
- return policyIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.attachAclPoliciesToGroup(policyIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding acl roles to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java
new file mode 100644
index 0000000..fc174cf
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java
@@ -0,0 +1,122 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "attachIAMPolicyToAccount", description = "attach iam policy to accounts", responseObject = SuccessResponse.class)
+public class AttachIAMPolicyToAccountCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AttachIAMPolicyToAccountCmd.class.getName());
+ private static final String s_name = "attachiampolicytoaccountresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMPolicyResponse.class,
+ required = true, description = "The ID of the iam policy")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that the policy will attach to.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM policy Id: " + getId());
+ _iamApiSrv.attachIAMPolicyToAccounts(id, accountIdList);
+ SuccessResponse response = new SuccessResponse();
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding IAM policy to accounts";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.Account;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java
new file mode 100644
index 0000000..1705c4a
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "attachIAMPolicyToIAMGroup", description = "attach iam policy to an iam group", responseObject = IAMGroupResponse.class)
+public class AttachIAMPolicyToIAMGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AttachIAMPolicyToIAMGroupCmd.class.getName());
+ private static final String s_name = "attachiampolicytoiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ required = true, description = "The ID of the iam group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.IAM_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = IAMPolicyResponse.class, description = "comma separated list of iam policy id that are going to be applied to the iam group.")
+ private List<Long> policyIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getPolicyIdList() {
+ return policyIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM group Id: " + getId());
+ IAMGroup result = _iamApiSrv.attachIAMPoliciesToGroup(policyIdList, id);
+ if (result != null){
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to iam group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding iam roles to iam group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
deleted file mode 100644
index 3805c9f..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
+++ /dev/null
@@ -1,168 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
-
-@APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group")
-public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclGroupCmd.class.getName());
-
- private static final String s_name = "createaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl group. Must be used with domainId.")
- private String accountName;
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl group", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl group")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
- private String name;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = CallContext.current().getCallingAccount();
- if ((account == null) || _accountService.isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
- // command to SYSTEM so ERROR events
- // are tracked
- }
-
- @Override
- public void execute() {
- AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId());
- if (grp != null) {
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(grp);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- Account account = CallContext.current().getCallingAccount();
- AclGroup result = _aclApiSrv.createAclGroup(account, name, description);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl group";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_GROUP_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
deleted file mode 100644
index 3bddc35..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
+++ /dev/null
@@ -1,175 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
-
-@APICommand(name = "createAclPolicy", responseObject = AclPolicyResponse.class, description = "Creates an acl policy")
-public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclPolicyCmd.class.getName());
-
- private static final String s_name = "createaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl policy. Must be used with domainId.")
- private String accountName;
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl policy", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl policy")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl policy")
- private String name;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent acl policy.", entityType = AclPolicyResponse.class)
- private Long parentPolicyId;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
- public Long getParentPolicyId() {
- return parentPolicyId;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = CallContext.current().getCallingAccount();
- if ((account == null) || _accountService.isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
- // command to SYSTEM so ERROR events
- // are tracked
- }
-
- @Override
- public void execute() {
- AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId());
- if (policy != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(policy);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- Account account = CallContext.current().getCallingAccount();
- AclPolicy result = _aclApiSrv.createAclPolicy(account, name, description, parentPolicyId);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl policy";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_POLICY_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java
new file mode 100644
index 0000000..d0b9bc6
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java
@@ -0,0 +1,168 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.user.Account;
+
+@APICommand(name = "createIAMGroup", responseObject = IAMGroupResponse.class, description = "Creates an IAM group")
+public class CreateIAMGroupCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIAMGroupCmd.class.getName());
+
+ private static final String s_name = "createiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the iam group. Must be used with domainId.")
+ private String accountName;
+
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the iam group", entityType = DomainResponse.class)
+ private Long domainId;
+
+ @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the iam group")
+ private String description;
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the iam group")
+ private String name;
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = CallContext.current().getCallingAccount();
+ if ((account == null) || _accountService.isAdmin(account.getType())) {
+ if ((domainId != null) && (accountName != null)) {
+ Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+ if (userAccount != null) {
+ return userAccount.getId();
+ }
+ }
+ }
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
+ // command to SYSTEM so ERROR events
+ // are tracked
+ }
+
+ @Override
+ public void execute() {
+ IAMGroup grp = _entityMgr.findById(IAMGroup.class, getEntityId());
+ if (grp != null) {
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(grp);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam group:" + name);
+ }
+ }
+
+ @Override
+ public void create() throws ResourceAllocationException {
+ Account account = CallContext.current().getCallingAccount();
+ IAMGroup result = _iamApiSrv.createIAMGroup(account, name, description);
+ if (result != null) {
+ setEntityId(result.getId());
+ setEntityUuid(result.getUuid());
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam group entity" + name);
+ }
+
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_CREATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "creating IAM group";
+ }
+
+ @Override
+ public String getCreateEventType() {
+ return EventTypes.EVENT_IAM_GROUP_CREATE;
+ }
+
+ @Override
+ public String getCreateEventDescription() {
+ return "creating IAM group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}