You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2014/03/14 00:54:54 UTC
[01/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Repository: cloudstack
Updated Branches:
refs/heads/master 6c23e201a -> 8ff94601f
Add marvin integration test for list VM.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b78cb228
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b78cb228
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b78cb228
Branch: refs/heads/master
Commit: b78cb2284aae8fa340d0ae719d4a45c67046900e
Parents: 42a7d41
Author: Min Chen <mi...@citrix.com>
Authored: Fri Feb 21 15:33:41 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Fri Feb 21 15:35:48 2014 -0800
----------------------------------------------------------------------
test/integration/smoke/test_vm_iam.py | 713 +++++++++++++++++++++++
tools/marvin/marvin/integration/lib/base.py | 128 ++++
2 files changed, 841 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b78cb228/test/integration/smoke/test_vm_iam.py
----------------------------------------------------------------------
diff --git a/test/integration/smoke/test_vm_iam.py b/test/integration/smoke/test_vm_iam.py
new file mode 100644
index 0000000..062c030
--- /dev/null
+++ b/test/integration/smoke/test_vm_iam.py
@@ -0,0 +1,713 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+""" BVT tests for Virtual Machine IAM effect
+"""
+#Import Local Modules
+import marvin
+from marvin.cloudstackTestCase import *
+from marvin.cloudstackAPI import *
+from marvin.integration.lib.utils import *
+from marvin.integration.lib.base import *
+from marvin.integration.lib.common import *
+from nose.plugins.attrib import attr
+#Import System modules
+import time
+
+_multiprocess_shared_ = True
+class Services:
+ """Test VM Life Cycle Services
+ """
+
+ def __init__(self):
+ self.services = {
+ #data for domains and accounts
+ "domain1": {
+ "name": "Domain1",
+ },
+ "account1A": {
+ "email": "test1A@test.com",
+ "firstname": "test1A",
+ "lastname": "User",
+ "username": "test1A",
+ "password": "password",
+ },
+ "account1B": {
+ "email": "test1B@test.com",
+ "firstname": "test1B",
+ "lastname": "User",
+ "username": "test1B",
+ "password": "password",
+ },
+ "domain2": {
+ "name": "Domain2",
+ },
+ "account2A": {
+ "email": "test2A@test.com",
+ "firstname": "test2A",
+ "lastname": "User",
+ "username": "test2A",
+ "password": "password",
+ },
+ #data reqd for virtual machine creation
+ "virtual_machine1A" : {
+ "name" : "test1Avm",
+ "displayname" : "Test1A VM",
+ },
+ "virtual_machine1B" : {
+ "name" : "test1Bvm",
+ "displayname" : "Test1B VM",
+ },
+ "virtual_machine2A" : {
+ "name" : "test2Avm",
+ "displayname" : "Test2A VM",
+ },
+ #small service offering
+ "service_offering": {
+ "small": {
+ "name": "Small Instance",
+ "displaytext": "Small Instance",
+ "cpunumber": 1,
+ "cpuspeed": 100,
+ "memory": 128,
+ },
+ },
+ "ostype": 'CentOS 5.3 (64-bit)',
+ # iam group and policy information
+ "service_desk_iam_grp" : {
+ "name" : "Service Desk",
+ "description" : "Service Desk IAM Group"
+ },
+ "vm_readonly_iam_policy" : {
+ "name" : "VM Read Only Access",
+ "description" : "VM read only access iam policy"
+ },
+ }
+
+
+
+class TestVMIam(cloudstackTestCase):
+
+ @classmethod
+ def setUpClass(self):
+ self.apiclient = super(TestVMIam, self).getClsTestClient().getApiClient()
+ self.services = Services().services
+
+ # backup default apikey and secretkey
+ self.default_apikey = self.apiclient.connection.apiKey
+ self.default_secretkey = self.apiclient.connection.securityKey
+
+ # Create domains and accounts etc
+ self.domain_1 = Domain.create(
+ self.apiclient,
+ self.services["domain1"]
+ )
+ self.domain_2 = Domain.create(
+ self.apiclient,
+ self.services["domain2"]
+ )
+ # Create two accounts for doamin_1
+ self.account_1A = Account.create(
+ self.apiclient,
+ self.services["account1A"],
+ admin=False,
+ domainid=self.domain_1.id
+ )
+
+ self.account_1B = Account.create(
+ self.apiclient,
+ self.services["account1B"],
+ admin=False,
+ domainid=self.domain_1.id
+ )
+
+ # Create an account for domain_2
+ self.account_2A = Account.create(
+ self.apiclient,
+ self.services["account2A"],
+ admin=False,
+ domainid=self.domain_2.id
+ )
+
+ # Fetch user details to register apiKey for them
+ self.user_1A = User.list(
+ self.apiclient,
+ account=self.account_1A.name,
+ domainid=self.account_1A.domainid
+ )[0]
+
+ user_1A_key = User.registerUserKeys(
+ self.apiclient,
+ self.user_1A.id
+ )
+ self.user_1A_apikey = user_1A_key.apikey
+ self.user_1A_secretkey = user_1A_key.secretkey
+
+
+ self.user_1B = User.list(
+ self.apiclient,
+ account=self.account_1B.name,
+ domainid=self.account_1B.domainid
+ )[0]
+
+ user_1B_key = User.registerUserKeys(
+ self.apiclient,
+ self.user_1B.id
+ )
+
+ self.user_1B_apikey = user_1B_key.apikey
+ self.user_1B_secretkey = user_1B_key.secretkey
+
+
+ self.user_2A = User.list(
+ self.apiclient,
+ account=self.account_2A.name,
+ domainid=self.account_2A.domainid
+ )[0]
+
+ user_2A_key = User.registerUserKeys(
+ self.apiclient,
+ self.user_2A.id
+ )
+ self.user_2A_apikey = user_2A_key.apikey
+ self.user_2A_secretkey = user_2A_key.secretkey
+
+ # create service offering
+ self.service_offering = ServiceOffering.create(
+ self.apiclient,
+ self.services["service_offering"]["small"]
+ )
+
+ self.zone = get_zone(self.apiclient, self.services)
+ self.services['mode'] = self.zone.networktype
+ self.template = get_template(self.apiclient, self.zone.id, self.services["ostype"])
+
+ # deploy 3 VMs for three accounts
+ self.virtual_machine_1A = VirtualMachine.create(
+ self.apiclient,
+ self.services["virtual_machine1A"],
+ accountid=self.account_1A.name,
+ zoneid=self.zone.id,
+ domainid=self.account_1A.domainid,
+ serviceofferingid=self.service_offering.id,
+ templateid=self.template.id
+ )
+
+ self.virtual_machine_1B = VirtualMachine.create(
+ self.apiclient,
+ self.services["virtual_machine1B"],
+ accountid=self.account_1B.name,
+ zoneid=self.zone.id,
+ domainid=self.account_1B.domainid,
+ serviceofferingid=self.service_offering.id,
+ templateid=self.template.id
+ )
+
+ self.virtual_machine_2A = VirtualMachine.create(
+ self.apiclient,
+ self.services["virtual_machine2A"],
+ accountid=self.account_2A.name,
+ zoneid=self.zone.id,
+ domainid=self.account_2A.domainid,
+ serviceofferingid=self.service_offering.id,
+ templateid=self.template.id
+ )
+
+ self.srv_desk_grp = AclGroup.create(
+ self.apiclient,
+ self.services["service_desk_iam_grp"]
+ )
+
+ self.vm_read_policy = AclPolicy.create(
+ self.apiclient,
+ self.services["vm_readonly_iam_policy"]
+ )
+
+ vm_grant_policy_params = {}
+ vm_grant_policy_params['name'] = "policyGrantVirtualMachine" + self.virtual_machine_1A.id
+ vm_grant_policy_params['description'] = "Policy to grant permission to VirtualMachine " + self.virtual_machine_1A.id
+ self.vm_grant_policy = AclPolicy.create(
+ self.apiclient,
+ vm_grant_policy_params
+ )
+
+ self._cleanup = [
+ self.account_1A,
+ self.account_1B,
+ self.domain_1,
+ self.account_2A,
+ self.domain_2,
+ self.service_offering,
+ self.vm_read_policy,
+ self.srv_desk_grp,
+ self.vm_grant_policy
+ ]
+
+ @classmethod
+ def tearDownClass(self):
+ self.apiclient = super(TestVMIAM, self).getClsTestClient().getApiClient()
+ cleanup_resources(self.apiclient, self._cleanup)
+ return
+
+ def setUp(self):
+ self.apiclient = self.testClient.getApiClient()
+ self.dbclient = self.testClient.getDbConnection()
+ self.cleanup = []
+
+ def tearDown(self):
+ # restore back default apikey and secretkey
+ self.apiclient.connection.apiKey = self.default_apikey
+ self.apiclient.connection.secretKey = self.default_secretkey
+ cleanup_resources(self.apiclient, self.cleanup)
+ return
+
+
+ @attr(tags = ["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"])
+ def test_01_list_own_vm(self):
+ # listVM command should return owne's VM
+
+ self.debug("Listing VM for account: %s" % self.account_1A.name)
+
+ self.apiclient.connection.apiKey = self.user_1A_apikey
+ self.apiclient.connection.secretKey = self.user_1A_secretkey
+ list_vm_response = list_virtual_machines(
+ self.apiclient
+ )
+ self.assertEqual(
+ isinstance(list_vm_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_vm_response),
+ 0,
+ "Check VM available in List Virtual Machines"
+ )
+
+ self.assertEqual(
+ list_vm_response[0].name,
+ self.virtual_machine_1A.name,
+ "Virtual Machine names do not match"
+ )
+
+ self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.apiclient.connection.apiKey = self.user_1B_apikey
+ self.apiclient.connection.secretKey = self.user_1B_secretkey
+ list_vm_response = list_virtual_machines(
+ self.apiclient
+ )
+ self.assertEqual(
+ isinstance(list_vm_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_vm_response),
+ 0,
+ "Check VM available in List Virtual Machines"
+ )
+
+ self.assertEqual(
+ list_vm_response[0].name,
+ self.virtual_machine_1B.name,
+ "Virtual Machine names do not match"
+ )
+
+ self.debug("Listing VM for account: %s" % self.account_2A.id)
+
+ self.apiclient.connection.apiKey = self.user_2A_apikey
+ self.apiclient.connection.secretKey = self.user_2A_secretkey
+ list_vm_response = list_virtual_machines(
+ self.apiclient
+ )
+ self.assertEqual(
+ isinstance(list_vm_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_vm_response),
+ 0,
+ "Check VM available in List Virtual Machines"
+ )
+
+ self.assertEqual(
+ list_vm_response[0].name,
+ self.virtual_machine_2A.name,
+ "Virtual Machine names do not match"
+ )
+
+ return
+
+
+ @attr(tags = ["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"])
+ def test_02_grant_domain_vm(self):
+
+ # Validate the following
+ # 1. Grant domain2 VM access to account_1B
+ # 2. listVM command should return account_1B and domain_2 VMs.
+
+ self.debug("Granting Domain %s VM read only access to account: %s" % (self.domain_2.name, self.account_1B.name))
+
+ self.srv_desk_grp.addAccount(self.apiclient, [self.account_1B.id])
+ domain_permission = {}
+ domain_permission['action'] = "listVirtualMachines"
+ domain_permission['entitytype'] = "VirtualMachine"
+ domain_permission['scope'] = "DOMAIN"
+ domain_permission['scopeid'] = self.domain_2.id
+ self.vm_read_policy.addPermission(self.apiclient, domain_permission)
+
+ self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.apiclient.connection.apiKey = self.user_1B_apikey
+ self.apiclient.connection.secretKey = self.user_1B_secretkey
+ list_vm_response = list_virtual_machines(
+ self.apiclient
+ )
+ self.assertEqual(
+ isinstance(list_vm_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_vm_response),
+ 2,
+ "Check VM available in List Virtual Machines"
+ )
+
+ list_vm_names = [list_vm_response[0].name, list_vm_response[1].name]
+
+ self.assertEqual( self.virtual_machine_1B.name in list_vm_names,
+ True,
+ "Accessible Virtual Machine names do not match"
+ )
+
+ self.assertEqual( self.virtual_machine_2A.name in list_vm_names,
+ True,
+ "Accessible Virtual Machine names do not match"
+ )
+
+ return
+
+
+ @attr(tags = ["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"])
+ def test_03_grant_account_vm(self):
+
+ # Validate the following
+ # 1. Grant account_1A VM access to account_1B
+ # 2. listVM command should return account_1A and account_1B VMs.
+
+ self.debug("Granting Account %s VM read only access to account: %s" % (self.account_1A.name, self.account_1B.name))
+
+ account_permission = {}
+ account_permission['action'] = "listVirtualMachines"
+ account_permission['entitytype'] = "VirtualMachine"
+ account_permission['scope'] = "ACCOUNT"
+ account_permission['scopeid'] = self.account_1A.id
+ self.vm_read_policy.addPermission(self.apiclient, account_permission)
+
+ self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.apiclient.connection.apiKey = self.user_1B_apikey
+ self.apiclient.connection.secretKey = self.user_1B_secretkey
+ list_vm_response = list_virtual_machines(
+ self.apiclient
+ )
+ self.assertEqual(
+ isinstance(list_vm_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_vm_response),
+ 3,
+ "Check VM available in List Virtual Machines"
+ )
+
+ list_vm_names = [list_vm_response[0].name, list_vm_response[1].name, list_vm_response[2].name]
+
+ self.assertEqual( self.virtual_machine_1B.name in list_vm_names,
+ True,
+ "Accessible Virtual Machine names do not match"
+ )
+
+ self.assertEqual( self.virtual_machine_1A.name in list_vm_names,
+ True,
+ "Accessible Virtual Machine names do not match"
+ )
+
+ self.assertEqual( self.virtual_machine_2A.name in list_vm_names,
+ True,
+ "Accessible Virtual Machine names do not match"
+ )
+
+ return
+
+
+ @attr(tags = ["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"])
+ def test_04_revoke_account_vm(self):
+
+ # Validate the following
+ # 1. Revoke account_1A VM access from account_1B
+ # 2. listVM command should not return account_1A VMs.
+
+ self.debug("Revoking Account %s VM read only access from account: %s" % (self.account_1A.name, self.account_1B.name))
+
+ account_permission = {}
+ account_permission['action'] = "listVirtualMachines"
+ account_permission['entitytype'] = "VirtualMachine"
+ account_permission['scope'] = "ACCOUNT"
+ account_permission['scopeid'] = self.account_1A.id
+ self.vm_read_policy.removePermission(self.apiclient, account_permission)
+
+ self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.apiclient.connection.apiKey = self.user_1B_apikey
+ self.apiclient.connection.secretKey = self.user_1B_secretkey
+ list_vm_response = list_virtual_machines(
+ self.apiclient
+ )
+ self.assertEqual(
+ isinstance(list_vm_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_vm_response),
+ 2,
+ "Check VM available in List Virtual Machines"
+ )
+
+ list_vm_names = [list_vm_response[0].name, list_vm_response[1].name]
+
+
+ self.assertEqual( self.virtual_machine_1A.name in list_vm_names,
+ False,
+ "Accessible Virtual Machine names do not match"
+ )
+ return
+
+
+ @attr(tags = ["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"])
+ def test_05_revoke_domain_vm(self):
+
+ # Validate the following
+ # 1. Revoke account_1A VM access from account_1B
+ # 2. listVM command should not return account_1A VMs.
+
+ self.debug("Revoking Domain %s VM read only access from account: %s" % (self.domain_1.name, self.account_1B.name))
+
+ domain_permission = {}
+ domain_permission['action'] = "listVirtualMachines"
+ domain_permission['entitytype'] = "VirtualMachine"
+ domain_permission['scope'] = "DOMAIN"
+ domain_permission['scopeid'] = self.domain_2.id
+ self.vm_read_policy.removePermission(self.apiclient, domain_permission)
+
+ self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.apiclient.connection.apiKey = self.user_1B_apikey
+ self.apiclient.connection.secretKey = self.user_1B_secretkey
+ list_vm_response = list_virtual_machines(
+ self.apiclient
+ )
+ self.assertEqual(
+ isinstance(list_vm_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_vm_response),
+ 1,
+ "Check VM available in List Virtual Machines"
+ )
+
+ self.assertEqual(
+ list_vm_response[0].name,
+ self.virtual_machine_2A.name,
+ "Virtual Machine names do not match"
+ )
+
+ return
+
+ @attr(tags = ["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"])
+ def test_06_grant_resource_vm(self):
+
+ # Validate the following
+ # 1. Grant a particular vm access to account_1B
+ # 2. listVM command should return account_1B VMs and granted VM.
+
+ self.debug("Granting VM %s read only access to account: %s" % (self.virtual_machine_1A.name, self.account_1B.name))
+
+ res_permission = {}
+ res_permission['action'] = "listVirtualMachines"
+ res_permission['entitytype'] = "VirtualMachine"
+ res_permission['scope'] = "RESOURCE"
+ res_permission['scopeid'] = self.virtual_machine_1A.id
+ self.vm_read_policy.addPermission(self.apiclient, res_permission)
+
+ self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.apiclient.connection.apiKey = self.user_1B_apikey
+ self.apiclient.connection.secretKey = self.user_1B_secretkey
+ list_vm_response = list_virtual_machines(
+ self.apiclient
+ )
+ self.assertEqual(
+ isinstance(list_vm_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_vm_response),
+ 2,
+ "Check VM available in List Virtual Machines"
+ )
+
+ list_vm_names = [list_vm_response[0].name, list_vm_response[1].name]
+
+ self.assertEqual( self.virtual_machine_1B.name in list_vm_names,
+ True,
+ "Accessible Virtual Machine names do not match"
+ )
+
+ self.assertEqual( self.virtual_machine_1A.name in list_vm_names,
+ True,
+ "Accessible Virtual Machine names do not match"
+ )
+
+ return
+
+ @attr(tags = ["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"])
+ def test_07_revoke_resource_vm(self):
+
+ # Validate the following
+ # 1. Grant a particular vm access to account_1B
+ # 2. listVM command should return account_1B VMs and granted VM.
+
+ self.debug("Revoking VM %s read only access from account: %s" % (self.virtual_machine_1A.name, self.account_1B.name))
+
+ res_permission = {}
+ res_permission['action'] = "listVirtualMachines"
+ res_permission['entitytype'] = "VirtualMachine"
+ res_permission['scope'] = "RESOURCE"
+ res_permission['scopeid'] = self.virtual_machine_1A.id
+ self.vm_read_policy.removePermission(self.apiclient, res_permission)
+
+ self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.apiclient.connection.apiKey = self.user_1B_apikey
+ self.apiclient.connection.secretKey = self.user_1B_secretkey
+ list_vm_response = list_virtual_machines(
+ self.apiclient
+ )
+ self.assertEqual(
+ isinstance(list_vm_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_vm_response),
+ 1,
+ "Check VM available in List Virtual Machines"
+ )
+
+ self.assertEqual(
+ list_vm_response[0].name,
+ self.virtual_machine_2A.name,
+ "Virtual Machine names do not match"
+ )
+
+ return
+
+
+ @attr(tags = ["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"])
+ def test_08_policy_attach_account(self):
+
+ # Validate the following
+ # 1. Grant a particular vm access to account_1B by directly attaching policy to account
+ # 2. listVM command should return account_1B VMs and granted VM.
+
+ self.debug("Granting VM %s read only access to account: %s by attaching policy to account" % (self.virtual_machine_1A.name, self.account_1B.name))
+
+ res_permission = {}
+ res_permission['action'] = "listVirtualMachines"
+ res_permission['entitytype'] = "VirtualMachine"
+ res_permission['scope'] = "RESOURCE"
+ res_permission['scopeid'] = self.virtual_machine_1A.id
+ self.vm_grant_policy.addPermission(self.apiclient, res_permission)
+ self.vm_grant_policy.attachAccount(self.apiclient, [self.account_1B.id])
+
+ self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.apiclient.connection.apiKey = self.user_1B_apikey
+ self.apiclient.connection.secretKey = self.user_1B_secretkey
+ list_vm_response = list_virtual_machines(
+ self.apiclient
+ )
+ self.assertEqual(
+ isinstance(list_vm_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_vm_response),
+ 2,
+ "Check VM available in List Virtual Machines"
+ )
+
+ list_vm_names = [list_vm_response[0].name, list_vm_response[1].name]
+
+ self.assertEqual( self.virtual_machine_1B.name in list_vm_names,
+ True,
+ "Accessible Virtual Machine names do not match"
+ )
+
+ self.assertEqual( self.virtual_machine_1A.name in list_vm_names,
+ True,
+ "Accessible Virtual Machine names do not match"
+ )
+
+ return
+
+ @attr(tags = ["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"])
+ def test_09_policy_detach_account(self):
+
+ # Validate the following
+ # 1. Revoking a particular vm access from account_1B by detaching policy from account
+ # 2. listVM command should return account_1B VMs.
+
+ self.debug("Revoking VM %s read only access from account: %s by attaching policy to account" % (self.virtual_machine_1A.name, self.account_1B.name))
+
+ self.vm_grant_policy.detachAccount(self.apiclient, [self.account_1B.id])
+
+ self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.apiclient.connection.apiKey = self.user_1B_apikey
+ self.apiclient.connection.secretKey = self.user_1B_secretkey
+ list_vm_response = list_virtual_machines(
+ self.apiclient
+ )
+ self.assertEqual(
+ isinstance(list_vm_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_vm_response),
+ 1,
+ "Check VM available in List Virtual Machines"
+ )
+
+ self.assertEqual(
+ list_vm_response[0].name,
+ self.virtual_machine_2A.name,
+ "Virtual Machine names do not match"
+ )
+
+ return
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b78cb228/tools/marvin/marvin/integration/lib/base.py
----------------------------------------------------------------------
diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py
index aa23029..0058834 100755
--- a/tools/marvin/marvin/integration/lib/base.py
+++ b/tools/marvin/marvin/integration/lib/base.py
@@ -3623,3 +3623,131 @@ class Resources:
cmd = updateResourceCount.updateResourceCountCmd()
[setattr(cmd, k, v) for k, v in kwargs.items()]
return(apiclient.updateResourceCount(cmd))
+
+class AclGroup:
+ def __init__(self, items):
+ self.__dict__.update(items)
+
+ @classmethod
+ def create(cls, apiclient, iam_grp, account=None, domainid=None):
+ cmd = createAclGroup.createAclGroupCmd()
+ cmd.name = iam_grp['name']
+ cmd.description = iam_grp['description']
+ if account:
+ cmd.account = account
+ if domainid:
+ cmd.domainid = domainid
+ return AclGroup(apiclient.createAclGroup(cmd).__dict__)
+
+ def update(self, apiclient):
+ pass
+
+ def delete(self, apiclient):
+ cmd = deleteAclGroup.deleteAclGroupCmd()
+ cmd.id = self.id
+ return apiclient.deleteAclGroup(cmd)
+
+ @classmethod
+ def list(cls, apiclient, **kwargs):
+ cmd = listAclGroups.listAclGroupsCmd()
+ [setattr(cmd, k, v) for k, v in kwargs.items()]
+ return apiclient.listAclGroupsCmd(cmd)
+
+ def addAccount(self, apiclient, accts):
+ """Add accounts to acl group"""
+ cmd = addAccountToAclGroup.addAccountToAclGroupCmd()
+ cmd.id = self.id
+ cmd.accounts = [str(acct.id) for acct in accts]
+ apiclient.addAccountToAclGroup(cmd)
+ return
+
+ def removeAccount(self, apiclient, accts):
+ """ Remove accounts from acl group"""
+ cmd = removeAccountFromAclGroup.removeAccountFromAclGroupCmd()
+ cmd.id = self.id
+ cmd.accounts = [str(acct.id) for acct in accts]
+ apiclient.removeAccountFromAclGroup(cmd)
+ return
+
+ def attachPolicy(self, apiclient, policies):
+ """Add policies to acl group"""
+ cmd = attachAclPolicyToAclGroup.attachAclPolicyToAclGroupCmd()
+ cmd.id = self.id
+ cmd.policies = [str(policy.id) for policy in policies]
+ apiclient.attachAclPolicyToAclGroup(cmd)
+ return
+
+ def detachPolicy(self, apiclient, policies):
+ """Remove policies from acl group"""
+ cmd = removeAclPolicyFromAclGroup.removeAclPolicyFromAclGroupCmd()
+ cmd.id = self.id
+ cmd.policies = [str(policy.id) for policy in policies]
+ apiclient.removeAclPolicyFromAclGroup(cmd)
+ return
+
+class AclPolicy:
+ def __init__(self, items):
+ self.__dict__.update(items)
+
+ @classmethod
+ def create(cls, apiclient, iam_policy, account=None, domainid=None):
+ cmd = createAclPolicy.createAclPolicyCmd()
+ cmd.name = iam_policy['name']
+ cmd.description = iam_policy['description']
+ if account:
+ cmd.account = account
+ if domainid:
+ cmd.domainid = domainid
+ return AclGroup(apiclient.createAclPolicy(cmd).__dict__)
+
+ def update(self, apiclient):
+ pass
+
+ def delete(self, apiclient):
+ cmd = deleteAclPolicy.deleteAclPolicyCmd()
+ cmd.id = self.id
+ return apiclient.deleteAclPolicy(cmd)
+
+ @classmethod
+ def list(cls, apiclient, **kwargs):
+ cmd = listAclPolicies.listAclPoliciesCmd()
+ [setattr(cmd, k, v) for k, v in kwargs.items()]
+ return apiclient.listAclPoliciesCmd(cmd)
+
+ def addPermission(self, apiclient, permission):
+ """Add permission to acl policy"""
+ cmd = addAclPermissionToAclPolicy.addAclPermissionToAclPolicyCmd()
+ cmd.id = self.id
+ cmd.action = permission['action']
+ cmd.entitytype = permission['entitytype']
+ cmd.scope = permission['scope']
+ cmd.scopeid = permission['scopeid']
+ apiclient.addAclPermissionToAclPolicy(cmd)
+ return
+
+ def removePermission(self, apiclient, permission):
+ """Remove permission from acl policy"""
+ cmd = removeAclPermissionFromAclPolicy.removeAclPermissionFromAclPolicyCmd()
+ cmd.id = self.id
+ cmd.action = permission['action']
+ cmd.entitytype = permission['entitytype']
+ cmd.scope = permission['scope']
+ cmd.scopeid = permission['scopeid']
+ apiclient.addAclPermissionToAclPolicy(cmd)
+ return
+
+ def attachAccount(self, apiclient, accts):
+ """Attach policy to accounts"""
+ cmd = attachAclPolicyToAccount.attachAclPolicyToAccountCmd()
+ cmd.id = self.id
+ cmd.accounts = [str(acct.id) for acct in accts]
+ apiclient.attachAclPolicyToAccount(cmd)
+ return
+
+ def detachAccount(self, apiclient, accts):
+ """Detach policy from accounts"""
+ cmd = removeAclPolicyFromAccount.removeAclPolicyFromAccountCmd()
+ cmd.id = self.id
+ cmd.accounts = [str(acct.id) for acct in accts]
+ apiclient.removeAclPolicyFromAccount(cmd)
+ return
\ No newline at end of file
[25/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Adding Operate access check at service layer, since we are not checking access on the command parameter here
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a837ac88
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a837ac88
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a837ac88
Branch: refs/heads/master
Commit: a837ac8873d8ad4e8300be747cd9dc02549fc415
Parents: e5d7226
Author: Prachi Damle <pr...@cloud.com>
Authored: Mon Mar 3 13:34:26 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Mon Mar 3 13:35:19 2014 -0800
----------------------------------------------------------------------
.../command/user/securitygroup/RevokeSecurityGroupEgressCmd.java | 3 ---
.../src/com/cloud/network/security/SecurityGroupManagerImpl.java | 3 ++-
2 files changed, 2 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a837ac88/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
index 0f74784..a93bee5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
@@ -19,8 +19,6 @@ package org.apache.cloudstack.api.command.user.securitygroup;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.IAMEntityType;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -47,7 +45,6 @@ public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd {
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
- @ACL(accessType = AccessType.OperateEntry, pointerToEntity = "securityGroupId")
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, required = true, description = "The ID of the egress rule", entityType=SecurityGroupRuleResponse.class)
private Long id;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a837ac88/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
index d5f9405..cf71b25 100755
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
@@ -43,6 +43,7 @@ import javax.naming.ConfigurationException;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd;
import org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupIngressCmd;
import org.apache.cloudstack.api.command.user.securitygroup.CreateSecurityGroupCmd;
@@ -812,7 +813,7 @@ public class SecurityGroupManagerImpl extends ManagerBase implements SecurityGro
// Check permissions
SecurityGroup securityGroup = _securityGroupDao.findById(rule.getSecurityGroupId());
- _accountMgr.checkAccess(caller, null, true, securityGroup);
+ _accountMgr.checkAccess(caller, AccessType.OperateEntry, true, securityGroup);
return Transaction.execute(new TransactionCallback<Boolean>() {
@Override
[42/50] [abbrv] Merge branch 'master' into rbac.
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/api/ApiDispatcher.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/api/ApiDispatcher.java
index 4bc6578,27ff952..95074e2
--- a/server/src/com/cloud/api/ApiDispatcher.java
+++ b/server/src/com/cloud/api/ApiDispatcher.java
@@@ -33,14 -21,10 +21,13 @@@ import java.util.Map
import javax.annotation.PostConstruct;
import javax.inject.Inject;
-import com.cloud.event.EventTypes;
-import com.cloud.utils.ReflectUtil;
-import com.cloud.vm.VirtualMachine;
++import org.apache.log4j.Logger;
++
+import org.apache.cloudstack.acl.ControlledEntity;
+import org.apache.cloudstack.acl.InfrastructureEntity;
- import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
- import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
- import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.BaseAsyncCreateCmd;
import org.apache.cloudstack.api.BaseAsyncCustomIdCmd;
@@@ -50,43 -33,26 +36,33 @@@ import org.apache.cloudstack.api.BaseCu
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.framework.jobs.AsyncJob;
import org.apache.cloudstack.framework.jobs.AsyncJobManager;
--import org.apache.log4j.Logger;
- import com.cloud.exception.InvalidParameterValueException;
+ import com.cloud.api.dispatch.DispatchChain;
+ import com.cloud.api.dispatch.DispatchChainFactory;
+ import com.cloud.api.dispatch.DispatchTask;
++import com.cloud.event.EventTypes;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
- import com.cloud.utils.DateUtil;
+import com.cloud.utils.ReflectUtil;
- import com.cloud.utils.db.EntityManager;
- import com.cloud.utils.exception.CSExceptionErrorCode;
- import com.cloud.utils.exception.CloudRuntimeException;
++import com.cloud.vm.VirtualMachine;
public class ApiDispatcher {
private static final Logger s_logger = Logger.getLogger(ApiDispatcher.class.getName());
Long _createSnapshotQueueSizeLimit;
+
@Inject
- AsyncJobManager _asyncMgr = null;
- @Inject
- AccountManager _accountMgr = null;
+ AsyncJobManager _asyncMgr;
+
+ @Inject
- EntityManager _entityMgr = null;
++ AccountManager _accountMgr;
+
- private static ApiDispatcher s_instance;
+ @Inject()
+ protected DispatchChainFactory dispatchChainFactory;
- public static ApiDispatcher getInstance() {
- return s_instance;
- }
+ protected DispatchChain standardDispatchChain;
+
+ protected DispatchChain asyncCreationDispatchChain;
public ApiDispatcher() {
}
@@@ -100,41 -67,37 +77,54 @@@
_createSnapshotQueueSizeLimit = snapshotLimit;
}
- public void dispatchCreateCmd(BaseAsyncCreateCmd cmd, Map<String, String> params) throws Exception {
- processParameters(cmd, params);
- CallContext.current().setEventDisplayEnabled(cmd.isDisplayResourceEnabled());
- cmd.create();
+ public void dispatchCreateCmd(final BaseAsyncCreateCmd cmd, final Map<String, String> params) throws Exception {
+ asyncCreationDispatchChain.dispatch(new DispatchTask(cmd, params));
+ CallContext.current().setEventDisplayEnabled(cmd.isDisplayResourceEnabled());
}
+ private void doAccessChecks(BaseCmd cmd, Map<Object, AccessType> entitiesToAccess) {
+ Account caller = CallContext.current().getCallingAccount();
+
+ APICommand commandAnnotation = cmd.getClass().getAnnotation(APICommand.class);
+ String apiName = commandAnnotation != null ? commandAnnotation.name() : null;
+
+ if (!entitiesToAccess.isEmpty()) {
+ for (Object entity : entitiesToAccess.keySet()) {
+ if (entity instanceof ControlledEntity) {
+ _accountMgr.checkAccess(caller, entitiesToAccess.get(entity), false, apiName, (ControlledEntity) entity);
+ } else if (entity instanceof InfrastructureEntity) {
+ //FIXME: Move this code in adapter, remove code from Account manager
+ }
+ }
+ }
+ }
+
- public void dispatch(BaseCmd cmd, Map<String, String> params, boolean execute) throws Exception {
- processParameters(cmd, params);
- CallContext ctx = CallContext.current();
+ public void dispatch(final BaseCmd cmd, final Map<String, String> params, final boolean execute) throws Exception {
+ // Let the chain of responsibility dispatch gradually
+ standardDispatchChain.dispatch(new DispatchTask(cmd, params));
+
+ final CallContext ctx = CallContext.current();
ctx.setEventDisplayEnabled(cmd.isDisplayResourceEnabled());
+ // TODO This if shouldn't be here. Use polymorphism and move it to validateSpecificParameters
if (cmd instanceof BaseAsyncCmd) {
- BaseAsyncCmd asyncCmd = (BaseAsyncCmd)cmd;
- String startEventId = params.get("ctxStartEventId");
+ final BaseAsyncCmd asyncCmd = (BaseAsyncCmd)cmd;
+ final String startEventId = params.get(ApiConstants.CTX_START_EVENT_ID);
+ String uuid = params.get(ApiConstants.UUID);
ctx.setStartEventId(Long.valueOf(startEventId));
+ // Fow now use the key from EventTypes.java rather than getInstanceType bcz the later doesn't refer to the interfaces
+ // Add the resource id in the call context, also add some other first class object ids (for now vm) if available.
+ // TODO - this should be done for all the uuids passed in the cmd - so should be moved where uuid to id conversion happens.
+ if(EventTypes.getEntityForEvent(asyncCmd.getEventType()) != null){
+ ctx.putContextParameter(EventTypes.getEntityForEvent(asyncCmd.getEventType()), uuid);
+ }
+ if(params.get(ApiConstants.VIRTUAL_MACHINE_ID) != null){
+ ctx.putContextParameter(ReflectUtil.getEntityName(VirtualMachine.class), params.get(ApiConstants.VIRTUAL_MACHINE_ID));
+ }
+
// Synchronise job on the object if needed
if (asyncCmd.getJob() != null && asyncCmd.getSyncObjId() != null && asyncCmd.getSyncObjType() != null) {
Long queueSizeLimit = null;
@@@ -163,392 -127,6 +154,6 @@@
}
cmd.execute();
-
-- }
-
- @SuppressWarnings({"unchecked", "rawtypes"})
- public static void processParameters(BaseCmd cmd, Map<String, String> params) {
- Map<Object, AccessType> entitiesToAccess = new HashMap<Object, AccessType>();
- Map<String, Object> unpackedParams = cmd.unpackParams(params);
-
- if (cmd instanceof BaseListCmd) {
- Object pageSizeObj = unpackedParams.get(ApiConstants.PAGE_SIZE);
- Long pageSize = null;
- if (pageSizeObj != null) {
- pageSize = Long.valueOf((String)pageSizeObj);
- }
-
- if ((unpackedParams.get(ApiConstants.PAGE) == null) && (pageSize != null && !pageSize.equals(BaseListCmd.s_pageSizeUnlimited))) {
- ServerApiException ex = new ServerApiException(ApiErrorCode.PARAM_ERROR, "\"page\" parameter is required when \"pagesize\" is specified");
- ex.setCSErrorCode(CSExceptionErrorCode.getCSErrCode(ex.getClass().getName()));
- throw ex;
- } else if (pageSize == null && (unpackedParams.get(ApiConstants.PAGE) != null)) {
- throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "\"pagesize\" parameter is required when \"page\" is specified");
- }
- }
-
- List<Field> fields = ReflectUtil.getAllFieldsForClass(cmd.getClass(), BaseCmd.class);
-
- for (Field field : fields) {
- Parameter parameterAnnotation = field.getAnnotation(Parameter.class);
- if ((parameterAnnotation == null) || !parameterAnnotation.expose()) {
- continue;
- }
-
- //TODO: Annotate @Validate on API Cmd classes, FIXME how to process Validate
- RoleType[] allowedRoles = parameterAnnotation.authorized();
- if (allowedRoles.length > 0) {
- boolean permittedParameter = false;
- Account caller = CallContext.current().getCallingAccount();
- for (RoleType allowedRole : allowedRoles) {
- if (allowedRole.getValue() == caller.getType()) {
- permittedParameter = true;
- break;
- }
- }
- if (!permittedParameter) {
- s_logger.debug("Ignoring paremeter " + parameterAnnotation.name() + " as the caller is not authorized to pass it in");
- continue;
- }
- }
-
- Object paramObj = unpackedParams.get(parameterAnnotation.name());
- if (paramObj == null) {
- if (parameterAnnotation.required()) {
- throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Unable to execute API command " +
- cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8) + " due to missing parameter " + parameterAnnotation.name());
- }
- continue;
- }
-
- // marshall the parameter into the correct type and set the field value
- try {
- setFieldValue(field, cmd, paramObj, parameterAnnotation);
- } catch (IllegalArgumentException argEx) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("Unable to execute API command " + cmd.getCommandName() + " due to invalid value " + paramObj + " for parameter " +
- parameterAnnotation.name());
- }
- throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Unable to execute API command " +
- cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8) + " due to invalid value " + paramObj + " for parameter " +
- parameterAnnotation.name());
- } catch (ParseException parseEx) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("Invalid date parameter " + paramObj + " passed to command " + cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8));
- }
- throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Unable to parse date " + paramObj + " for command " +
- cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8) + ", please pass dates in the format mentioned in the api documentation");
- } catch (InvalidParameterValueException invEx) {
- throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Unable to execute API command " +
- cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8) + " due to invalid value. " + invEx.getMessage());
- } catch (CloudRuntimeException cloudEx) {
- s_logger.error("CloudRuntimeException", cloudEx);
- // FIXME: Better error message? This only happens if the API command is not executable, which typically
- //means
- // there was
- // and IllegalAccessException setting one of the parameters.
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Internal error executing API command " +
- cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8));
- }
-
- //check access on the resource this field points to
- try {
- ACL checkAccess = field.getAnnotation(ACL.class);
- CommandType fieldType = parameterAnnotation.type();
-
- if (checkAccess != null) {
- // Verify that caller can perform actions in behalf of vm owner
- //acumulate all Controlled Entities together.
-
- //parse the array of resource types and in case of map check access on key or value or both as specified in @acl
- //implement external dao for classes that need findByName
- //for maps, specify access to be checkd on key or value.
-
- // find the controlled entity DBid by uuid
- if (parameterAnnotation.entityType() != null) {
- Class<?>[] entityList = parameterAnnotation.entityType()[0].getAnnotation(EntityReference.class).value();
-
- for (Class entity : entityList) {
- // Check if the parameter type is a single
- // Id or list of id's/name's
- switch (fieldType) {
- case LIST:
- CommandType listType = parameterAnnotation.collectionType();
- switch (listType) {
- case LONG:
- case UUID:
- List<Long> listParam = (List<Long>)field.get(cmd);
- for (Long entityId : listParam) {
- Object entityObj = s_instance._entityMgr.findById(entity, entityId);
- entitiesToAccess.put(entityObj, checkAccess.accessType());
- }
- break;
- /*
- * case STRING: List<String> listParam =
- * new ArrayList<String>(); listParam =
- * (List)field.get(cmd); for(String
- * entityName: listParam){
- * ControlledEntity entityObj =
- * (ControlledEntity
- * )daoClassInstance(entityId);
- * entitiesToAccess.add(entityObj); }
- * break;
- */
- default:
- break;
- }
- break;
- case LONG:
- case UUID:
- Object entityObj = s_instance._entityMgr.findById(entity, (Long)field.get(cmd));
- entitiesToAccess.put(entityObj, checkAccess.accessType());
- break;
- default:
- break;
- }
-
- if (ControlledEntity.class.isAssignableFrom(entity)) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("ControlledEntity name is:" + entity.getName());
- }
+ }
- if (InfrastructureEntity.class.isAssignableFrom(entity)) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("InfrastructureEntity name is:" + entity.getName());
- }
- }
- }
-
- }
-
- }
-
- } catch (IllegalArgumentException e) {
- s_logger.error("Error initializing command " + cmd.getCommandName() + ", field " + field.getName() + " is not accessible.");
- throw new CloudRuntimeException("Internal error initializing parameters for command " + cmd.getCommandName() + " [field " + field.getName() +
- " is not accessible]");
- } catch (IllegalAccessException e) {
- s_logger.error("Error initializing command " + cmd.getCommandName() + ", field " + field.getName() + " is not accessible.");
- throw new CloudRuntimeException("Internal error initializing parameters for command " + cmd.getCommandName() + " [field " + field.getName() +
- " is not accessible]");
- }
-
- }
-
- //check access on the entities.
- getInstance().doAccessChecks(cmd, entitiesToAccess);
-
- }
-
- private static Long translateUuidToInternalId(String uuid, Parameter annotation) {
- if (uuid.equals("-1")) {
- // FIXME: This is to handle a lot of hardcoded special cases where -1 is sent
- // APITODO: Find and get rid of all hardcoded params in API Cmds and service layer
- return -1L;
- }
- Long internalId = null;
- // If annotation's empty, the cmd existed before 3.x try conversion to long
- boolean isPre3x = annotation.since().isEmpty();
- // Match against Java's UUID regex to check if input is uuid string
- boolean isUuid = uuid.matches("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$");
- // Enforce that it's uuid for newly added apis from version 3.x
- if (!isPre3x && !isUuid)
- return null;
- // Allow both uuid and internal id for pre3x apis
- if (isPre3x && !isUuid) {
- try {
- internalId = Long.parseLong(uuid);
- } catch (NumberFormatException e) {
- internalId = null;
- }
- if (internalId != null)
- return internalId;
- }
- // There may be multiple entities defined on the @EntityReference of a Response.class
- // UUID CommandType would expect only one entityType, so use the first entityType
- Class<?>[] entities = annotation.entityType()[0].getAnnotation(EntityReference.class).value();
- // Go through each entity which is an interface to a VO class and get a VO object
- // Try to getId() for the object using reflection, break on first non-null value
- for (Class<?> entity : entities) {
- // For backward compatibility, we search within removed entities and let service layer deal
- // with removed ones, return empty response or error
- Object objVO = s_instance._entityMgr.findByUuidIncludingRemoved(entity, uuid);
- if (objVO == null) {
- continue;
- }
- // Invoke the getId method, get the internal long ID
- // If that fails hide exceptions as the uuid may not exist
- try {
- internalId = ((InternalIdentity)objVO).getId();
- } catch (IllegalArgumentException e) {
- } catch (NullPointerException e) {
- }
- // Return on first non-null Id for the uuid entity
- if (internalId != null)
- break;
- }
- if (internalId == null) {
- if (s_logger.isDebugEnabled())
- s_logger.debug("Object entity uuid = " + uuid + " does not exist in the database.");
- throw new InvalidParameterValueException("Invalid parameter " + annotation.name() + " value=" + uuid +
- " due to incorrect long value format, or entity does not exist or due to incorrect parameter annotation for the field in api cmd class.");
- }
- return internalId;
- }
-
- @SuppressWarnings({"unchecked", "rawtypes"})
- private static void setFieldValue(Field field, BaseCmd cmdObj, Object paramObj, Parameter annotation) throws IllegalArgumentException, ParseException {
- try {
- field.setAccessible(true);
- CommandType fieldType = annotation.type();
- switch (fieldType) {
- case BOOLEAN:
- field.set(cmdObj, Boolean.valueOf(paramObj.toString()));
- break;
- case DATE:
- // This piece of code is for maintaining backward compatibility
- // and support both the date formats(Bug 9724)
- // Do the date messaging for ListEventsCmd only
- if (cmdObj instanceof ListEventsCmd || cmdObj instanceof DeleteEventsCmd || cmdObj instanceof ArchiveEventsCmd ||
- cmdObj instanceof ArchiveAlertsCmd || cmdObj instanceof DeleteAlertsCmd) {
- boolean isObjInNewDateFormat = isObjInNewDateFormat(paramObj.toString());
- if (isObjInNewDateFormat) {
- DateFormat newFormat = BaseCmd.NEW_INPUT_FORMAT;
- synchronized (newFormat) {
- field.set(cmdObj, newFormat.parse(paramObj.toString()));
- }
- } else {
- DateFormat format = BaseCmd.INPUT_FORMAT;
- synchronized (format) {
- Date date = format.parse(paramObj.toString());
- if (field.getName().equals("startDate")) {
- date = messageDate(date, 0, 0, 0);
- } else if (field.getName().equals("endDate")) {
- date = messageDate(date, 23, 59, 59);
- }
- field.set(cmdObj, date);
- }
- }
- } else {
- DateFormat format = BaseCmd.INPUT_FORMAT;
- synchronized (format) {
- format.setLenient(false);
- field.set(cmdObj, format.parse(paramObj.toString()));
- }
- }
- break;
- case FLOAT:
- // Assuming that the parameters have been checked for required before now,
- // we ignore blank or null values and defer to the command to set a default
- // value for optional parameters ...
- if (paramObj != null && isNotBlank(paramObj.toString())) {
- field.set(cmdObj, Float.valueOf(paramObj.toString()));
- }
- break;
- case INTEGER:
- // Assuming that the parameters have been checked for required before now,
- // we ignore blank or null values and defer to the command to set a default
- // value for optional parameters ...
- if (paramObj != null && isNotBlank(paramObj.toString())) {
- field.set(cmdObj, Integer.valueOf(paramObj.toString()));
- }
- break;
- case LIST:
- List listParam = new ArrayList();
- StringTokenizer st = new StringTokenizer(paramObj.toString(), ",");
- while (st.hasMoreTokens()) {
- String token = st.nextToken();
- CommandType listType = annotation.collectionType();
- switch (listType) {
- case INTEGER:
- listParam.add(Integer.valueOf(token));
- break;
- case UUID:
- if (token.isEmpty())
- break;
- Long internalId = translateUuidToInternalId(token, annotation);
- listParam.add(internalId);
- break;
- case LONG: {
- listParam.add(Long.valueOf(token));
- }
- break;
- case SHORT:
- listParam.add(Short.valueOf(token));
- case STRING:
- listParam.add(token);
- break;
- }
- }
- field.set(cmdObj, listParam);
- break;
- case UUID:
- if (paramObj.toString().isEmpty())
- break;
- Long internalId = translateUuidToInternalId(paramObj.toString(), annotation);
- field.set(cmdObj, internalId);
- break;
- case LONG:
- field.set(cmdObj, Long.valueOf(paramObj.toString()));
- break;
- case SHORT:
- field.set(cmdObj, Short.valueOf(paramObj.toString()));
- break;
- case STRING:
- if ((paramObj != null) && paramObj.toString().length() > annotation.length()) {
- s_logger.error("Value greater than max allowed length " + annotation.length() + " for param: " + field.getName());
- throw new InvalidParameterValueException("Value greater than max allowed length " + annotation.length() + " for param: " + field.getName());
- }
- field.set(cmdObj, paramObj.toString());
- break;
- case TZDATE:
- field.set(cmdObj, DateUtil.parseTZDateString(paramObj.toString()));
- break;
- case MAP:
- default:
- field.set(cmdObj, paramObj);
- break;
- }
- } catch (IllegalAccessException ex) {
- s_logger.error("Error initializing command " + cmdObj.getCommandName() + ", field " + field.getName() + " is not accessible.");
- throw new CloudRuntimeException("Internal error initializing parameters for command " + cmdObj.getCommandName() + " [field " + field.getName() +
- " is not accessible]");
- }
- }
-
- private static boolean isObjInNewDateFormat(String string) {
- Matcher matcher = BaseCmd.newInputDateFormat.matcher(string);
- return matcher.matches();
- }
-
- private static Date messageDate(Date date, int hourOfDay, int minute, int second) {
- Calendar cal = Calendar.getInstance();
- cal.setTime(date);
- cal.set(Calendar.HOUR_OF_DAY, hourOfDay);
- cal.set(Calendar.MINUTE, minute);
- cal.set(Calendar.SECOND, second);
- return cal.getTime();
- }
-
- public static void plugService(Field field, BaseCmd cmd) {
-
- Class<?> fc = field.getType();
- Object instance = null;
-
- if (instance == null) {
- throw new CloudRuntimeException("Unable to plug service " + fc.getSimpleName() + " in command " + cmd.getClass().getSimpleName());
- }
-
- try {
- field.setAccessible(true);
- field.set(cmd, instance);
- } catch (IllegalArgumentException e) {
- s_logger.error("IllegalArgumentException at plugService for command " + cmd.getCommandName() + ", field " + field.getName());
- throw new CloudRuntimeException("Internal error at plugService for command " + cmd.getCommandName() + " [Illegal argumet at field " + field.getName() + "]");
- } catch (IllegalAccessException e) {
- s_logger.error("Error at plugService for command " + cmd.getCommandName() + ", field " + field.getName() + " is not accessible.");
- throw new CloudRuntimeException("Internal error at plugService for command " + cmd.getCommandName() + " [field " + field.getName() + " is not accessible]");
- }
- }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/api/ApiServer.java
index 5ab65f4,3502689..e4486c1
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@@ -53,39 -53,12 +53,40 @@@ import javax.naming.ConfigurationExcept
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import com.cloud.event.EventTypes;
-import com.cloud.utils.ReflectUtil;
-import com.cloud.vm.VirtualMachine;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.http.ConnectionClosedException;
+import org.apache.http.HttpException;
+import org.apache.http.HttpRequest;
+import org.apache.http.HttpResponse;
+import org.apache.http.HttpServerConnection;
+import org.apache.http.HttpStatus;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.utils.URLEncodedUtils;
+import org.apache.http.entity.BasicHttpEntity;
+import org.apache.http.impl.DefaultHttpResponseFactory;
+import org.apache.http.impl.DefaultHttpServerConnection;
+import org.apache.http.impl.NoConnectionReuseStrategy;
+import org.apache.http.impl.SocketHttpServerConnection;
+import org.apache.http.params.BasicHttpParams;
+import org.apache.http.params.CoreConnectionPNames;
+import org.apache.http.params.CoreProtocolPNames;
+import org.apache.http.params.HttpParams;
+import org.apache.http.protocol.BasicHttpContext;
+import org.apache.http.protocol.BasicHttpProcessor;
+import org.apache.http.protocol.HttpContext;
+import org.apache.http.protocol.HttpRequestHandler;
+import org.apache.http.protocol.HttpRequestHandlerRegistry;
+import org.apache.http.protocol.HttpService;
+import org.apache.http.protocol.ResponseConnControl;
+import org.apache.http.protocol.ResponseContent;
+import org.apache.http.protocol.ResponseDate;
+import org.apache.http.protocol.ResponseServer;
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
+
import org.apache.cloudstack.acl.APIChecker;
import org.apache.cloudstack.api.APICommand;
+ import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.BaseAsyncCreateCmd;
@@@ -122,12 -94,44 +123,15 @@@ import org.apache.cloudstack.framework.
import org.apache.cloudstack.framework.jobs.AsyncJobManager;
import org.apache.cloudstack.framework.jobs.impl.AsyncJobVO;
import org.apache.cloudstack.managed.context.ManagedContextRunnable;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.http.ConnectionClosedException;
-import org.apache.http.HttpException;
-import org.apache.http.HttpRequest;
-import org.apache.http.HttpResponse;
-import org.apache.http.HttpServerConnection;
-import org.apache.http.HttpStatus;
-import org.apache.http.NameValuePair;
-import org.apache.http.client.utils.URLEncodedUtils;
-import org.apache.http.entity.BasicHttpEntity;
-import org.apache.http.impl.DefaultHttpResponseFactory;
-import org.apache.http.impl.DefaultHttpServerConnection;
-import org.apache.http.impl.NoConnectionReuseStrategy;
-import org.apache.http.impl.SocketHttpServerConnection;
-import org.apache.http.params.BasicHttpParams;
-import org.apache.http.params.CoreConnectionPNames;
-import org.apache.http.params.CoreProtocolPNames;
-import org.apache.http.params.HttpParams;
-import org.apache.http.protocol.BasicHttpContext;
-import org.apache.http.protocol.BasicHttpProcessor;
-import org.apache.http.protocol.HttpContext;
-import org.apache.http.protocol.HttpRequestHandler;
-import org.apache.http.protocol.HttpRequestHandlerRegistry;
-import org.apache.http.protocol.HttpService;
-import org.apache.http.protocol.ResponseConnControl;
-import org.apache.http.protocol.ResponseContent;
-import org.apache.http.protocol.ResponseDate;
-import org.apache.http.protocol.ResponseServer;
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
+ import com.cloud.api.dispatch.DispatchChainFactory;
+ import com.cloud.api.dispatch.DispatchTask;
import com.cloud.api.response.ApiResponseSerializer;
import com.cloud.configuration.Config;
import com.cloud.domain.Domain;
import com.cloud.domain.DomainVO;
import com.cloud.event.ActionEventUtils;
++import com.cloud.event.EventTypes;
import com.cloud.exception.AccountLimitException;
import com.cloud.exception.CloudAuthenticationException;
import com.cloud.exception.InsufficientCapacityException;
@@@ -144,6 -148,6 +148,7 @@@ import com.cloud.user.UserAccount
import com.cloud.user.UserVO;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.Pair;
++import com.cloud.utils.ReflectUtil;
import com.cloud.utils.StringUtils;
import com.cloud.utils.component.ComponentContext;
import com.cloud.utils.component.ManagerBase;
@@@ -154,6 -158,6 +159,7 @@@ import com.cloud.utils.db.SearchCriteri
import com.cloud.utils.db.TransactionLegacy;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.exception.ExceptionProxyObject;
++import com.cloud.vm.VirtualMachine;
@Component
public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiServerService {
@@@ -234,14 -245,12 +248,15 @@@
if (at == null) {
throw new CloudRuntimeException(String.format("%s is claimed as a API command, but it doesn't have @APICommand annotation", cmdClass.getName()));
}
- final String apiName = at.name();
- if (s_apiNameCmdClassMap.containsKey(apiName)) {
- s_logger.error("API Cmd class " + cmdClass.getName() + " has non-unique apiname" + apiName);
- continue;
++
+ String apiName = at.name();
+ List<Class<?>> apiCmdList = s_apiNameCmdClassMap.get(apiName);
+ if (apiCmdList == null) {
+ apiCmdList = new ArrayList<Class<?>>();
+ s_apiNameCmdClassMap.put(apiName, apiCmdList);
}
- s_apiNameCmdClassMap.put(apiName, cmdClass);
+ apiCmdList.add(cmdClass);
+
}
setEncodeApiResponse(Boolean.valueOf(_configDao.getValue(Config.EncodeApiResponse.key())));
@@@ -392,10 -414,10 +420,10 @@@
StringUtils.cleanString(response));
}
else
- buildAuditTrail(auditTrailSb, command[0], response);
+ buildAuditTrail(auditTrailSb, command[0], response);
} else {
if (!command[0].equalsIgnoreCase("login") && !command[0].equalsIgnoreCase("logout")) {
- String errorString = "Unknown API command: " + command[0];
+ final String errorString = "Unknown API command: " + command[0];
s_logger.warn(errorString);
auditTrailSb.append(" " + errorString);
throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, errorString);
@@@ -423,35 -445,35 +451,35 @@@
s_logger.info("PermissionDenied: " + ex.getMessage());
}
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, ex.getMessage(), ex);
- } catch (AccountLimitException ex) {
+ } catch (final AccountLimitException ex) {
s_logger.info(ex.getMessage());
throw new ServerApiException(ApiErrorCode.ACCOUNT_RESOURCE_LIMIT_ERROR, ex.getMessage(), ex);
- } catch (InsufficientCapacityException ex) {
+ } catch (final InsufficientCapacityException ex) {
s_logger.info(ex.getMessage());
String errorMsg = ex.getMessage();
- if (CallContext.current().getCallingAccount().getType() != Account.ACCOUNT_TYPE_ADMIN) {
+ if (!_accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) {
// hide internal details to non-admin user for security reason
errorMsg = BaseCmd.USER_ERROR_MESSAGE;
}
throw new ServerApiException(ApiErrorCode.INSUFFICIENT_CAPACITY_ERROR, errorMsg, ex);
- } catch (ResourceAllocationException ex) {
+ } catch (final ResourceAllocationException ex) {
s_logger.info(ex.getMessage());
throw new ServerApiException(ApiErrorCode.RESOURCE_ALLOCATION_ERROR, ex.getMessage(), ex);
- } catch (ResourceUnavailableException ex) {
+ } catch (final ResourceUnavailableException ex) {
s_logger.info(ex.getMessage());
String errorMsg = ex.getMessage();
- if (CallContext.current().getCallingAccount().getType() != Account.ACCOUNT_TYPE_ADMIN) {
+ if (!_accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) {
// hide internal details to non-admin user for security reason
errorMsg = BaseCmd.USER_ERROR_MESSAGE;
}
throw new ServerApiException(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, errorMsg, ex);
- } catch (ServerApiException ex) {
+ } catch (final ServerApiException ex) {
s_logger.info(ex.getDescription());
throw ex;
- } catch (Exception ex) {
- s_logger.error("unhandled exception executing api command: " + ((command == null) ? "null" : command[0]), ex);
+ } catch (final Exception ex) {
+ s_logger.error("unhandled exception executing api command: " + ((command == null) ? "null" : command), ex);
String errorMsg = ex.getMessage();
- if (CallContext.current().getCallingAccount().getType() != Account.ACCOUNT_TYPE_ADMIN) {
+ if (!_accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) {
// hide internal details to non-admin user for security reason
errorMsg = BaseCmd.USER_ERROR_MESSAGE;
}
@@@ -553,23 -589,12 +595,12 @@@
// if the command is of the listXXXCommand, we will need to also return the
// the job id and status if possible
// For those listXXXCommand which we have already created DB views, this step is not needed since async job is joined in their db views.
- if (cmdObj instanceof BaseListCmd && !(cmdObj instanceof ListVMsCmd) && !(cmdObj instanceof ListRoutersCmd)
- && !(cmdObj instanceof ListSecurityGroupsCmd)
- && !(cmdObj instanceof ListTagsCmd)
- && !(cmdObj instanceof ListEventsCmd)
- && !(cmdObj instanceof ListVMGroupsCmd)
- && !(cmdObj instanceof ListProjectsCmd)
- && !(cmdObj instanceof ListProjectAccountsCmd)
- && !(cmdObj instanceof ListProjectInvitationsCmd)
- && !(cmdObj instanceof ListHostsCmd)
- && !(cmdObj instanceof ListVolumesCmd)
- && !(cmdObj instanceof ListUsersCmd)
- && !(cmdObj instanceof ListAccountsCmd)
- && !(cmdObj instanceof ListStoragePoolsCmd)
- && !(cmdObj instanceof ListDiskOfferingsCmd)
- && !(cmdObj instanceof ListServiceOfferingsCmd)
- && !(cmdObj instanceof ListZonesCmd)
- ) {
+ if (cmdObj instanceof BaseListCmd && !(cmdObj instanceof ListVMsCmd) && !(cmdObj instanceof ListRoutersCmd) && !(cmdObj instanceof ListSecurityGroupsCmd) &&
+ !(cmdObj instanceof ListTagsCmd) && !(cmdObj instanceof ListEventsCmd) && !(cmdObj instanceof ListVMGroupsCmd) && !(cmdObj instanceof ListProjectsCmd) &&
+ !(cmdObj instanceof ListProjectAccountsCmd) && !(cmdObj instanceof ListProjectInvitationsCmd) && !(cmdObj instanceof ListHostsCmd) &&
+ !(cmdObj instanceof ListVolumesCmd) && !(cmdObj instanceof ListUsersCmd) && !(cmdObj instanceof ListAccountsCmd) &&
+ !(cmdObj instanceof ListStoragePoolsCmd) && !(cmdObj instanceof ListDiskOfferingsCmd) && !(cmdObj instanceof ListServiceOfferingsCmd) &&
- !(cmdObj instanceof ListZonesByCmd)) {
++ !(cmdObj instanceof ListZonesCmd)) {
buildAsyncListResponse((BaseListCmd) cmdObj, caller);
}
@@@ -988,10 -988,10 +1019,10 @@@
.setIntParameter(CoreConnectionPNames.SOCKET_BUFFER_SIZE, 8 * 1024)
.setBooleanParameter(CoreConnectionPNames.STALE_CONNECTION_CHECK, false)
.setBooleanParameter(CoreConnectionPNames.TCP_NODELAY, true)
- .setParameter(CoreProtocolPNames.ORIGIN_SERVER, "HttpComponents/1.1");
+ .setParameter(CoreProtocolPNames.ORIGIN_SERVER, "HttpComponents/1.1");
// Set up the HTTP protocol processor
- BasicHttpProcessor httpproc = new BasicHttpProcessor();
+ final BasicHttpProcessor httpproc = new BasicHttpProcessor();
httpproc.addInterceptor(new ResponseDate());
httpproc.addInterceptor(new ResponseServer());
httpproc.addInterceptor(new ResponseContent());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/api/query/QueryManagerImpl.java
index 96647f8,47d2aec..0554e3a
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@@ -751,50 -728,95 +751,61 @@@ public class QueryManagerImpl extends M
Boolean isRecursive = domainIdRecursiveListProject.second();
ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
+ Filter searchFilter = new Filter(UserVmJoinVO.class, "id", true, cmd.getStartIndex(),
+ cmd.getPageSizeVal());
+
+ List<Long> ids = null;
+ if (cmd.getId() != null) {
+ if (cmd.getIds() != null && !cmd.getIds().isEmpty()) {
+ throw new InvalidParameterValueException("Specify either id or ids but not both parameters");
+ }
+ ids = new ArrayList<Long>();
+ ids.add(cmd.getId());
+ } else {
+ ids = cmd.getIds();
+ }
+
- Criteria c = new Criteria("id", Boolean.TRUE, cmd.getStartIndex(), cmd.getPageSizeVal());
- // Criteria c = new Criteria(null, Boolean.FALSE, cmd.getStartIndex(),
- // cmd.getPageSizeVal()); //version without default sorting
- c.addCriteria(Criteria.KEYWORD, cmd.getKeyword());
- c.addCriteria(Criteria.ID, ids);
- c.addCriteria(Criteria.NAME, cmd.getName());
- c.addCriteria(Criteria.STATE, cmd.getState());
- c.addCriteria(Criteria.DATACENTERID, cmd.getZoneId());
- c.addCriteria(Criteria.GROUPID, cmd.getGroupId());
- c.addCriteria(Criteria.FOR_VIRTUAL_NETWORK, cmd.getForVirtualNetwork());
- c.addCriteria(Criteria.NETWORKID, cmd.getNetworkId());
- c.addCriteria(Criteria.TEMPLATE_ID, cmd.getTemplateId());
- c.addCriteria(Criteria.ISO_ID, cmd.getIsoId());
- c.addCriteria(Criteria.VPC_ID, cmd.getVpcId());
- c.addCriteria(Criteria.AFFINITY_GROUP_ID, cmd.getAffinityGroupId());
- c.addCriteria(Criteria.SERVICE_OFFERING_ID, cmd.getServiceOfferingId());
- c.addCriteria(Criteria.DISPLAY, cmd.getDisplay());
+ // first search distinct vm id by using query criteria and pagination
+ SearchBuilder<UserVmJoinVO> sb = _userVmJoinDao.createSearchBuilder();
+ sb.select(null, Func.DISTINCT, sb.entity().getId()); // select distinct ids
- if (domainId != null) {
- c.addCriteria(Criteria.DOMAINID, domainId);
+ String hypervisor = cmd.getHypervisor();
+ Object name = cmd.getName();
+ Object state = cmd.getState();
+ Object zoneId = cmd.getZoneId();
+ Object keyword = cmd.getKeyword();
+ boolean isAdmin = false;
+ boolean isRootAdmin = false;
+ if (_accountMgr.isAdmin(caller.getType())) {
+ isAdmin = true;
+ }
+ if (_accountMgr.isRootAdmin(caller.getId())) {
+ isRootAdmin = true;
}
- if (HypervisorType.getType(hypervisor) != HypervisorType.None) {
- c.addCriteria(Criteria.HYPERVISOR, hypervisor);
- } else if (hypervisor != null) {
+ Object groupId = cmd.getGroupId();
+ Object networkId = cmd.getNetworkId();
+ if (HypervisorType.getType(hypervisor) == HypervisorType.None && hypervisor != null) {
+ // invalid hypervisor type input
throw new InvalidParameterValueException("Invalid HypervisorType " + hypervisor);
}
-
- // ignore these search requests if it's not an admin
- if (_accountMgr.isAdmin(caller.getType())) {
- c.addCriteria(Criteria.PODID, cmd.getPodId());
- c.addCriteria(Criteria.HOSTID, cmd.getHostId());
- c.addCriteria(Criteria.STORAGE_ID, cmd.getStorageId());
+ Object templateId = cmd.getTemplateId();
+ Object isoId = cmd.getIsoId();
+ Object vpcId = cmd.getVpcId();
+ Object affinityGroupId = cmd.getAffinityGroupId();
+ Object serviceOffId = cmd.getServiceOfferingId();
+ Object pod = null;
+ Object hostId = null;
+ Object storageId = null;
+ if (cmd instanceof ListVMsCmdByAdmin) {
+ ListVMsCmdByAdmin adCmd = (ListVMsCmdByAdmin)cmd;
+ pod = adCmd.getPodId();
+ hostId = adCmd.getHostId();
+ storageId = adCmd.getStorageId();
}
- if (!permittedAccounts.isEmpty()) {
- c.addCriteria(Criteria.ACCOUNTID, permittedAccounts.toArray());
- }
- c.addCriteria(Criteria.ISADMIN, _accountMgr.isAdmin(caller.getType()));
-
- return searchForUserVMsByCriteria(c, caller, domainId, isRecursive, permittedAccounts, listAll, listProjectResourcesCriteria, tags);
- }
-
- private Pair<List<UserVmJoinVO>, Integer> searchForUserVMsByCriteria(Criteria c, Account caller, Long domainId, boolean isRecursive, List<Long> permittedAccounts,
- boolean listAll, ListProjectResourcesCriteria listProjectResourcesCriteria, Map<String, String> tags) {
- Filter searchFilter = new Filter(UserVmJoinVO.class, c.getOrderBy(), c.getAscending(), c.getOffset(), c.getLimit());
- boolean isRootAdmin = _accountMgr.isRootAdmin(caller.getType());
-
- // first search distinct vm id by using query criteria and pagination
- SearchBuilder<UserVmJoinVO> sb = _userVmJoinDao.createSearchBuilder();
- sb.select(null, Func.DISTINCT, sb.entity().getId()); // select distinct
- // ids
- _accountMgr.buildACLViewSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
-
- Object id = c.getCriteria(Criteria.ID);
- Object name = c.getCriteria(Criteria.NAME);
- Object state = c.getCriteria(Criteria.STATE);
- Object notState = c.getCriteria(Criteria.NOTSTATE);
- Object zoneId = c.getCriteria(Criteria.DATACENTERID);
- Object pod = c.getCriteria(Criteria.PODID);
- Object hostId = c.getCriteria(Criteria.HOSTID);
- Object hostName = c.getCriteria(Criteria.HOSTNAME);
- Object keyword = c.getCriteria(Criteria.KEYWORD);
- Object isAdmin = c.getCriteria(Criteria.ISADMIN);
- assert c.getCriteria(Criteria.IPADDRESS) == null : "We don't support search by ip address on VM any more. If you see this assert, it means we have to find a different way to search by the nic table.";
- Object groupId = c.getCriteria(Criteria.GROUPID);
- Object networkId = c.getCriteria(Criteria.NETWORKID);
- Object hypervisor = c.getCriteria(Criteria.HYPERVISOR);
- Object storageId = c.getCriteria(Criteria.STORAGE_ID);
- Object templateId = c.getCriteria(Criteria.TEMPLATE_ID);
- Object isoId = c.getCriteria(Criteria.ISO_ID);
- Object vpcId = c.getCriteria(Criteria.VPC_ID);
- Object affinityGroupId = c.getCriteria(Criteria.AFFINITY_GROUP_ID);
- Object serviceOffId = c.getCriteria(Criteria.SERVICE_OFFERING_ID);
- Object display = c.getCriteria(Criteria.DISPLAY);
-
sb.and("displayName", sb.entity().getDisplayName(), SearchCriteria.Op.LIKE);
- sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
+ sb.and("idIN", sb.entity().getId(), SearchCriteria.Op.IN);
sb.and("name", sb.entity().getName(), SearchCriteria.Op.LIKE);
sb.and("stateEQ", sb.entity().getState(), SearchCriteria.Op.EQ);
sb.and("stateNEQ", sb.entity().getState(), SearchCriteria.Op.NEQ);
@@@ -877,8 -899,11 +888,11 @@@
sc.setParameters("display", display);
}
-- if (id != null) {
- sc.setParameters("id", id);
- List<?> idList = (id instanceof List<?> ? (List<?>)id : null);
++ if (ids != null) {
++ List<?> idList = (ids instanceof List<?> ? (List<?>)ids : null);
+ if (idList != null && !idList.isEmpty()) {
+ sc.setParameters("idIN", idList.toArray());
+ }
}
if (templateId != null) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/api/query/dao/TemplateJoinDaoImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/api/query/dao/TemplateJoinDaoImpl.java
index 92f5110,07b4c91..1cab6e8
--- a/server/src/com/cloud/api/query/dao/TemplateJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/TemplateJoinDaoImpl.java
@@@ -59,9 -57,9 +59,9 @@@ public class TemplateJoinDaoImpl extend
public static final Logger s_logger = Logger.getLogger(TemplateJoinDaoImpl.class);
@Inject
- private ConfigurationDao _configDao;
+ private ConfigurationDao _configDao;
@Inject
- public AccountService _accountService;
+ private AccountService _accountService;
private final SearchBuilder<TemplateJoinVO> tmpltIdPairSearch;
@@@ -98,24 -96,33 +98,23 @@@
_count = "select count(distinct temp_zone_pair) from template_view WHERE ";
}
-
private String getTemplateStatus(TemplateJoinVO template) {
- boolean isAdmin = false;
- Account caller = CallContext.current().getCallingAccount();
- if ((caller == null) || _accountService.isAdmin(caller.getType())) {
- isAdmin = true;
- }
-
- // If the user is an Admin, add the template download status
String templateStatus = null;
- if (isAdmin || caller.getId() == template.getAccountId()) {
- // add download status
- if (template.getDownloadState() != Status.DOWNLOADED) {
- templateStatus = "Processing";
- if (template.getDownloadState() == VMTemplateHostVO.Status.DOWNLOAD_IN_PROGRESS) {
- if (template.getDownloadPercent() == 100) {
- templateStatus = "Installing Template";
- } else {
- templateStatus = template.getDownloadPercent() + "% Downloaded";
- }
+ if (template.getDownloadState() != Status.DOWNLOADED) {
+ templateStatus = "Processing";
+ if (template.getDownloadState() == VMTemplateHostVO.Status.DOWNLOAD_IN_PROGRESS) {
+ if (template.getDownloadPercent() == 100) {
+ templateStatus = "Installing Template";
} else {
- templateStatus = template.getErrorString();
+ templateStatus = template.getDownloadPercent() + "% Downloaded";
}
- } else if (template.getDownloadState() == VMTemplateHostVO.Status.DOWNLOADED) {
- templateStatus = "Download Complete";
} else {
- templateStatus = "Successfully Installed";
+ templateStatus = template.getErrorString();
}
+ } else if (template.getDownloadState() == VMTemplateHostVO.Status.DOWNLOADED) {
+ templateStatus = "Download Complete";
+ } else {
+ templateStatus = "Successfully Installed";
}
return templateStatus;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
index a5dfb16,235902c..779ddb4
--- a/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
@@@ -42,9 -40,10 +42,11 @@@ import org.apache.cloudstack.framework.
import com.cloud.api.ApiDBUtils;
import com.cloud.api.query.vo.ResourceTagJoinVO;
import com.cloud.api.query.vo.UserVmJoinVO;
+ import com.cloud.gpu.GPU;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
+ import com.cloud.service.ServiceOfferingDetailsVO;
import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
import com.cloud.uservm.UserVm;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/api/query/vo/EventJoinVO.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index b739d30,2d4539c..9b9bd13
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@@ -2035,13 -2075,62 +2076,62 @@@ public class ConfigurationManagerImpl e
if ((iopsWriteRate != null) && (iopsWriteRate > 0))
offering.setIopsWriteRate(iopsWriteRate);
- if ((offering = _serviceOfferingDao.persist(offering)) != null) {
+ if (hypervisorSnapshotReserve != null && hypervisorSnapshotReserve < 0) {
+ throw new InvalidParameterValueException("If provided, Hypervisor Snapshot Reserve must be greater than or equal to 0.");
+ }
+
+ offering.setHypervisorSnapshotReserve(hypervisorSnapshotReserve);
+
+ List<ServiceOfferingDetailsVO> detailsVO = null;
- if (details != null) {
+ if (details != null) {
- List<ServiceOfferingDetailsVO> detailsVO = new ArrayList<ServiceOfferingDetailsVO>();
+ // Check if the user has passed the gpu-type before passing the VGPU type
+ if (!details.containsKey(GPU.Keys.pciDevice.toString()) && details.containsKey(GPU.Keys.vgpuType.toString())) {
+ throw new InvalidParameterValueException("Please specify the gpu type");
+ }
+ detailsVO = new ArrayList<ServiceOfferingDetailsVO>();
- for (Entry<String, String> detailEntry : details.entrySet()) {
+ for (Entry<String, String> detailEntry : details.entrySet()) {
+ String value = null;
+ if (detailEntry.getKey().equals(GPU.Keys.pciDevice.toString())) {
+ for (GPU.Type type : GPU.Type.values()) {
+ if (detailEntry.getValue().equals(type.toString())) {
+ value = detailEntry.getValue();
+ }
+ }
+ if (value == null) {
+ throw new InvalidParameterValueException("Please specify valid gpu type");
+ }
+ }
+ if (detailEntry.getKey().equals(GPU.Keys.vgpuType.toString())) {
+ if (details.get(GPU.Keys.pciDevice.toString()).equals(GPU.Type.GPU_Passthrough.toString())) {
+ throw new InvalidParameterValueException("vgpuTypes are supported only with vGPU pciDevice");
+ }
+ if (detailEntry.getValue() == null) {
+ throw new InvalidParameterValueException("With vGPU as pciDevice, vGPUType value cannot be null");
+ }
+ for (GPU.vGPUType entry : GPU.vGPUType.values()) {
+ if (detailEntry.getValue().equals(entry.getType())) {
+ value = entry.getType();
+ }
+ }
+ if (value == null || detailEntry.getValue().equals(GPU.vGPUType.passthrough.getType())) {
+ throw new InvalidParameterValueException("Please specify valid vGPU type");
+ }
+ }
- detailsVO.add(new ServiceOfferingDetailsVO(offering.getId(), detailEntry.getKey(), detailEntry.getValue(), true));
- }
+ detailsVO.add(new ServiceOfferingDetailsVO(offering.getId(), detailEntry.getKey(), detailEntry.getValue(), true));
+ }
+ // If pciDevice type is passed, put the default VGPU type as 'passthrough'
+ if (details.containsKey(GPU.Keys.pciDevice.toString())
+ && !details.containsKey(GPU.Keys.vgpuType.toString())) {
+ detailsVO.add(new ServiceOfferingDetailsVO(offering.getId(),
+ GPU.Keys.vgpuType.toString(), GPU.vGPUType.passthrough.getType(), true));
+ }
+ }
+ if ((offering = _serviceOfferingDao.persist(offering)) != null) {
+ if (detailsVO != null && !detailsVO.isEmpty()) {
+ for (int index = 0; index < detailsVO.size(); index++) {
+ detailsVO.get(index).setResourceId(offering.getId());
+ }
_serviceOfferingDetailsDao.saveDetails(detailsVO);
}
CallContext.current().setEventDetails("Service offering id=" + offering.getId());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
index ee8cc4d,f76e485..74c141e
--- a/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
+++ b/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
@@@ -61,108 -61,112 +61,112 @@@ import com.cloud.agent.api.Command
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupRoutingCommand;
import com.cloud.agent.manager.allocator.HostAllocator;
-import com.cloud.capacity.CapacityManager;
-import com.cloud.capacity.dao.CapacityDao;
-import com.cloud.configuration.Config;
-import com.cloud.dc.ClusterDetailsDao;
-import com.cloud.dc.ClusterDetailsVO;
-import com.cloud.dc.ClusterVO;
-import com.cloud.dc.DataCenter;
-import com.cloud.dc.DataCenterVO;
+import com.cloud.capacity.CapacityManager;
+import com.cloud.capacity.dao.CapacityDao;
+import com.cloud.configuration.Config;
+import com.cloud.dc.ClusterDetailsDao;
+import com.cloud.dc.ClusterDetailsVO;
+import com.cloud.dc.ClusterVO;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.DataCenterVO;
import com.cloud.dc.DedicatedResourceVO;
-import com.cloud.dc.Pod;
-import com.cloud.dc.dao.ClusterDao;
-import com.cloud.dc.dao.DataCenterDao;
+import com.cloud.dc.Pod;
+import com.cloud.dc.dao.ClusterDao;
+import com.cloud.dc.dao.DataCenterDao;
import com.cloud.dc.dao.DedicatedResourceDao;
-import com.cloud.dc.dao.HostPodDao;
-import com.cloud.deploy.DeploymentPlanner.ExcludeList;
-import com.cloud.deploy.DeploymentPlanner.PlannerResourceUsage;
-import com.cloud.deploy.dao.PlannerHostReservationDao;
-import com.cloud.exception.AffinityConflictException;
-import com.cloud.exception.ConnectionException;
-import com.cloud.exception.InsufficientServerCapacityException;
+import com.cloud.dc.dao.HostPodDao;
+import com.cloud.deploy.DeploymentPlanner.ExcludeList;
+import com.cloud.deploy.DeploymentPlanner.PlannerResourceUsage;
+import com.cloud.deploy.dao.PlannerHostReservationDao;
+import com.cloud.exception.AffinityConflictException;
+import com.cloud.exception.ConnectionException;
+import com.cloud.exception.InsufficientServerCapacityException;
+ import com.cloud.gpu.GPU;
-import com.cloud.host.Host;
-import com.cloud.host.HostVO;
-import com.cloud.host.Status;
-import com.cloud.host.dao.HostDao;
-import com.cloud.hypervisor.Hypervisor.HypervisorType;
-import com.cloud.offering.ServiceOffering;
-import com.cloud.org.Cluster;
-import com.cloud.org.Grouping;
+import com.cloud.host.Host;
+import com.cloud.host.HostVO;
+import com.cloud.host.Status;
+import com.cloud.host.dao.HostDao;
+import com.cloud.hypervisor.Hypervisor.HypervisorType;
+import com.cloud.offering.ServiceOffering;
+import com.cloud.org.Cluster;
+import com.cloud.org.Grouping;
+ import com.cloud.resource.ResourceManager;
-import com.cloud.resource.ResourceState;
+import com.cloud.resource.ResourceState;
+ import com.cloud.service.ServiceOfferingDetailsVO;
+ import com.cloud.service.dao.ServiceOfferingDetailsDao;
-import com.cloud.storage.DiskOfferingVO;
-import com.cloud.storage.ScopeType;
+import com.cloud.storage.DiskOfferingVO;
+import com.cloud.storage.ScopeType;
import com.cloud.storage.Storage;
-import com.cloud.storage.StorageManager;
-import com.cloud.storage.StoragePool;
-import com.cloud.storage.StoragePoolHostVO;
-import com.cloud.storage.Volume;
-import com.cloud.storage.VolumeVO;
-import com.cloud.storage.dao.DiskOfferingDao;
-import com.cloud.storage.dao.GuestOSCategoryDao;
-import com.cloud.storage.dao.GuestOSDao;
-import com.cloud.storage.dao.StoragePoolHostDao;
-import com.cloud.storage.dao.VolumeDao;
-import com.cloud.user.AccountManager;
-import com.cloud.utils.DateUtil;
-import com.cloud.utils.NumbersUtil;
-import com.cloud.utils.Pair;
-import com.cloud.utils.component.Manager;
-import com.cloud.utils.component.ManagerBase;
-import com.cloud.utils.db.DB;
-import com.cloud.utils.db.SearchCriteria;
-import com.cloud.utils.db.Transaction;
-import com.cloud.utils.db.TransactionCallback;
-import com.cloud.utils.db.TransactionStatus;
+import com.cloud.storage.StorageManager;
+import com.cloud.storage.StoragePool;
+import com.cloud.storage.StoragePoolHostVO;
+import com.cloud.storage.Volume;
+import com.cloud.storage.VolumeVO;
+import com.cloud.storage.dao.DiskOfferingDao;
+import com.cloud.storage.dao.GuestOSCategoryDao;
+import com.cloud.storage.dao.GuestOSDao;
+import com.cloud.storage.dao.StoragePoolHostDao;
+import com.cloud.storage.dao.VolumeDao;
+import com.cloud.user.AccountManager;
+import com.cloud.utils.DateUtil;
+import com.cloud.utils.NumbersUtil;
+import com.cloud.utils.Pair;
+import com.cloud.utils.component.Manager;
+import com.cloud.utils.component.ManagerBase;
+import com.cloud.utils.db.DB;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.db.TransactionCallback;
+import com.cloud.utils.db.TransactionStatus;
import com.cloud.utils.exception.CloudRuntimeException;
-import com.cloud.utils.fsm.StateListener;
-import com.cloud.vm.DiskProfile;
-import com.cloud.vm.ReservationContext;
-import com.cloud.vm.VMInstanceVO;
-import com.cloud.vm.VirtualMachine;
-import com.cloud.vm.VirtualMachine.Event;
-import com.cloud.vm.VirtualMachine.State;
+import com.cloud.utils.fsm.StateListener;
+import com.cloud.vm.DiskProfile;
+import com.cloud.vm.ReservationContext;
+import com.cloud.vm.VMInstanceVO;
+import com.cloud.vm.VirtualMachine;
+import com.cloud.vm.VirtualMachine.Event;
+import com.cloud.vm.VirtualMachine.State;
import com.cloud.vm.VirtualMachineProfile;
-import com.cloud.vm.dao.UserVmDao;
-import com.cloud.vm.dao.VMInstanceDao;
-
+import com.cloud.vm.dao.UserVmDao;
+import com.cloud.vm.dao.VMInstanceDao;
+
@Local(value = {DeploymentPlanningManager.class})
-public class DeploymentPlanningManagerImpl extends ManagerBase implements DeploymentPlanningManager, Manager, Listener,
- StateListener<State, VirtualMachine.Event, VirtualMachine> {
-
- private static final Logger s_logger = Logger.getLogger(DeploymentPlanningManagerImpl.class);
- @Inject
- AgentManager _agentMgr;
- @Inject
- protected UserVmDao _vmDao;
- @Inject
- protected VMInstanceDao _vmInstanceDao;
- @Inject
- protected AffinityGroupDao _affinityGroupDao;
- @Inject
- protected AffinityGroupVMMapDao _affinityGroupVMMapDao;
- @Inject
- AffinityGroupService _affinityGroupService;
- @Inject
- DataCenterDao _dcDao;
- @Inject
- PlannerHostReservationDao _plannerHostReserveDao;
- private int _vmCapacityReleaseInterval;
- @Inject
- MessageBus _messageBus;
- private Timer _timer = null;
- private long _hostReservationReleasePeriod = 60L * 60L * 1000L; // one hour by default
- @Inject
- protected VMReservationDao _reservationDao;
-
- private static final long INITIAL_RESERVATION_RELEASE_CHECKER_DELAY = 30L * 1000L; // thirty seconds expressed in milliseconds
- protected long _nodeId = -1;
-
- protected List<StoragePoolAllocator> _storagePoolAllocators;
-
- public List<StoragePoolAllocator> getStoragePoolAllocators() {
- return _storagePoolAllocators;
- }
+public class DeploymentPlanningManagerImpl extends ManagerBase implements DeploymentPlanningManager, Manager, Listener,
+ StateListener<State, VirtualMachine.Event, VirtualMachine> {
+
+ private static final Logger s_logger = Logger.getLogger(DeploymentPlanningManagerImpl.class);
+ @Inject
+ AgentManager _agentMgr;
+ @Inject
+ protected UserVmDao _vmDao;
+ @Inject
+ protected VMInstanceDao _vmInstanceDao;
+ @Inject
+ protected AffinityGroupDao _affinityGroupDao;
+ @Inject
+ protected AffinityGroupVMMapDao _affinityGroupVMMapDao;
+ @Inject
+ AffinityGroupService _affinityGroupService;
+ @Inject
+ DataCenterDao _dcDao;
+ @Inject
+ PlannerHostReservationDao _plannerHostReserveDao;
+ private int _vmCapacityReleaseInterval;
+ @Inject
+ MessageBus _messageBus;
+ private Timer _timer = null;
+ private long _hostReservationReleasePeriod = 60L * 60L * 1000L; // one hour by default
+ @Inject
+ protected VMReservationDao _reservationDao;
+
+ private static final long INITIAL_RESERVATION_RELEASE_CHECKER_DELAY = 30L * 1000L; // thirty seconds expressed in milliseconds
+ protected long _nodeId = -1;
+
+ protected List<StoragePoolAllocator> _storagePoolAllocators;
+
+ public List<StoragePoolAllocator> getStoragePoolAllocators() {
+ return _storagePoolAllocators;
+ }
public void setStoragePoolAllocators(List<StoragePoolAllocator> storagePoolAllocators) {
_storagePoolAllocators = storagePoolAllocators;
@@@ -213,12 -217,16 +217,16 @@@
DataStoreManager dataStoreMgr;
@Inject
protected ClusterDetailsDao _clusterDetailsDao;
+ @Inject
+ protected ResourceManager _resourceMgr;
+ @Inject
+ protected ServiceOfferingDetailsDao _serviceOfferingDetailsDao;
+
+ protected List<DeploymentPlanner> _planners;
- protected List<DeploymentPlanner> _planners;
-
- public List<DeploymentPlanner> getPlanners() {
- return _planners;
- }
+ public List<DeploymentPlanner> getPlanners() {
+ return _planners;
+ }
public void setPlanners(List<DeploymentPlanner> planners) {
_planners = planners;
@@@ -318,50 -326,54 +326,54 @@@
DataCenterDeployment lastPlan =
new DataCenterDeployment(host.getDataCenterId(), host.getPodId(), host.getClusterId(), hostIdSpecified, plan.getPoolId(), null,
plan.getReservationContext());
-
+
Pair<Map<Volume, List<StoragePool>>, List<Volume>> result = findSuitablePoolsForVolumes(vmProfile, lastPlan, avoids, HostAllocator.RETURN_UPTO_ALL);
- Map<Volume, List<StoragePool>> suitableVolumeStoragePools = result.first();
- List<Volume> readyAndReusedVolumes = result.second();
-
- // choose the potential pool for this VM for this host
- if (!suitableVolumeStoragePools.isEmpty()) {
- List<Host> suitableHosts = new ArrayList<Host>();
- suitableHosts.add(host);
- Pair<Host, Map<Volume, StoragePool>> potentialResources = findPotentialDeploymentResources(
+ Map<Volume, List<StoragePool>> suitableVolumeStoragePools = result.first();
+ List<Volume> readyAndReusedVolumes = result.second();
+
+ // choose the potential pool for this VM for this host
+ if (!suitableVolumeStoragePools.isEmpty()) {
+ List<Host> suitableHosts = new ArrayList<Host>();
+ suitableHosts.add(host);
+ Pair<Host, Map<Volume, StoragePool>> potentialResources = findPotentialDeploymentResources(
suitableHosts, suitableVolumeStoragePools, avoids,
getPlannerUsage(planner, vmProfile, plan, avoids), readyAndReusedVolumes);
- if (potentialResources != null) {
- Pod pod = _podDao.findById(host.getPodId());
- Cluster cluster = _clusterDao.findById(host.getClusterId());
- Map<Volume, StoragePool> storageVolMap = potentialResources.second();
- // remove the reused vol<->pool from destination, since
- // we don't have to prepare this volume.
- for (Volume vol : readyAndReusedVolumes) {
- storageVolMap.remove(vol);
- }
- DeployDestination dest = new DeployDestination(dc, pod, cluster, host, storageVolMap);
- s_logger.debug("Returning Deployment Destination: " + dest);
- return dest;
- }
- }
- }
- s_logger.debug("Cannnot deploy to specified host, returning.");
- return null;
- }
-
- if (vm.getLastHostId() != null && haVmTag == null) {
- s_logger.debug("This VM has last host_id specified, trying to choose the same host: " + vm.getLastHostId());
-
- HostVO host = _hostDao.findById(vm.getLastHostId());
+ if (potentialResources != null) {
+ Pod pod = _podDao.findById(host.getPodId());
+ Cluster cluster = _clusterDao.findById(host.getClusterId());
+ Map<Volume, StoragePool> storageVolMap = potentialResources.second();
+ // remove the reused vol<->pool from destination, since
+ // we don't have to prepare this volume.
+ for (Volume vol : readyAndReusedVolumes) {
+ storageVolMap.remove(vol);
+ }
+ DeployDestination dest = new DeployDestination(dc, pod, cluster, host, storageVolMap);
+ s_logger.debug("Returning Deployment Destination: " + dest);
+ return dest;
+ }
+ }
+ }
+ s_logger.debug("Cannnot deploy to specified host, returning.");
+ return null;
+ }
+
+ if (vm.getLastHostId() != null && haVmTag == null) {
+ s_logger.debug("This VM has last host_id specified, trying to choose the same host: " + vm.getLastHostId());
+
+ HostVO host = _hostDao.findById(vm.getLastHostId());
+ ServiceOfferingDetailsVO offeringDetails = null;
- if (host == null) {
- s_logger.debug("The last host of this VM cannot be found");
- } else if (avoids.shouldAvoid(host)) {
- s_logger.debug("The last host of this VM is in avoid set");
- } else if (_capacityMgr.checkIfHostReachMaxGuestLimit(host)) {
+ if (host == null) {
+ s_logger.debug("The last host of this VM cannot be found");
+ } else if (avoids.shouldAvoid(host)) {
+ s_logger.debug("The last host of this VM is in avoid set");
+ } else if (_capacityMgr.checkIfHostReachMaxGuestLimit(host)) {
s_logger.debug("The last Host, hostId: " + host.getId() +
" already has max Running VMs(count includes system VMs), skipping this and trying other available hosts");
+ } else if ((offeringDetails = _serviceOfferingDetailsDao.findDetail(offering.getId(), GPU.Keys.vgpuType.toString())) != null
+ && !_resourceMgr.isGPUDeviceAvailable(host.getId(), offeringDetails.getValue())){
+ s_logger.debug("The last host of this VM does not have required GPU devices available");
- } else {
- if (host.getStatus() == Status.Up && host.getResourceState() == ResourceState.Enabled) {
+ } else {
+ if (host.getStatus() == Status.Up && host.getResourceState() == ResourceState.Enabled) {
boolean hostTagsMatch = true;
if(offering.getHostTag() != null){
_hostDao.loadHostTags(host);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/network/IpAddressManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/IpAddressManagerImpl.java
index 5905fd3,15d1458..4b7d4b9
--- a/server/src/com/cloud/network/IpAddressManagerImpl.java
+++ b/server/src/com/cloud/network/IpAddressManagerImpl.java
@@@ -660,115 -660,115 +660,115 @@@ public class IpAddressManagerImpl exten
IPAddressVO addr = Transaction.execute(new TransactionCallbackWithException<IPAddressVO, InsufficientAddressCapacityException>() {
@Override
public IPAddressVO doInTransaction(TransactionStatus status) throws InsufficientAddressCapacityException {
- StringBuilder errorMessage = new StringBuilder("Unable to get ip adress in ");
- boolean fetchFromDedicatedRange = false;
- List<Long> dedicatedVlanDbIds = new ArrayList<Long>();
- List<Long> nonDedicatedVlanDbIds = new ArrayList<Long>();
-
- SearchCriteria<IPAddressVO> sc = null;
- if (podId != null) {
- sc = AssignIpAddressFromPodVlanSearch.create();
- sc.setJoinParameters("podVlanMapSB", "podId", podId);
- errorMessage.append(" pod id=" + podId);
- } else {
- sc = AssignIpAddressSearch.create();
- errorMessage.append(" zone id=" + dcId);
- }
+ StringBuilder errorMessage = new StringBuilder("Unable to get ip adress in ");
+ boolean fetchFromDedicatedRange = false;
+ List<Long> dedicatedVlanDbIds = new ArrayList<Long>();
+ List<Long> nonDedicatedVlanDbIds = new ArrayList<Long>();
+
+ SearchCriteria<IPAddressVO> sc = null;
+ if (podId != null) {
+ sc = AssignIpAddressFromPodVlanSearch.create();
+ sc.setJoinParameters("podVlanMapSB", "podId", podId);
+ errorMessage.append(" pod id=" + podId);
+ } else {
+ sc = AssignIpAddressSearch.create();
+ errorMessage.append(" zone id=" + dcId);
+ }
- // If owner has dedicated Public IP ranges, fetch IP from the dedicated range
- // Otherwise fetch IP from the system pool
- List<AccountVlanMapVO> maps = _accountVlanMapDao.listAccountVlanMapsByAccount(owner.getId());
- for (AccountVlanMapVO map : maps) {
- if (vlanDbIds == null || vlanDbIds.contains(map.getVlanDbId()))
- dedicatedVlanDbIds.add(map.getVlanDbId());
- }
- List<VlanVO> nonDedicatedVlans = _vlanDao.listZoneWideNonDedicatedVlans(dcId);
- for (VlanVO nonDedicatedVlan : nonDedicatedVlans) {
- if (vlanDbIds == null || vlanDbIds.contains(nonDedicatedVlan.getId()))
- nonDedicatedVlanDbIds.add(nonDedicatedVlan.getId());
- }
- if (dedicatedVlanDbIds != null && !dedicatedVlanDbIds.isEmpty()) {
- fetchFromDedicatedRange = true;
- sc.setParameters("vlanId", dedicatedVlanDbIds.toArray());
+ // If owner has dedicated Public IP ranges, fetch IP from the dedicated range
+ // Otherwise fetch IP from the system pool
+ List<AccountVlanMapVO> maps = _accountVlanMapDao.listAccountVlanMapsByAccount(owner.getId());
+ for (AccountVlanMapVO map : maps) {
+ if (vlanDbIds == null || vlanDbIds.contains(map.getVlanDbId()))
+ dedicatedVlanDbIds.add(map.getVlanDbId());
+ }
+ List<VlanVO> nonDedicatedVlans = _vlanDao.listZoneWideNonDedicatedVlans(dcId);
+ for (VlanVO nonDedicatedVlan : nonDedicatedVlans) {
+ if (vlanDbIds == null || vlanDbIds.contains(nonDedicatedVlan.getId()))
+ nonDedicatedVlanDbIds.add(nonDedicatedVlan.getId());
+ }
+ if (dedicatedVlanDbIds != null && !dedicatedVlanDbIds.isEmpty()) {
+ fetchFromDedicatedRange = true;
+ sc.setParameters("vlanId", dedicatedVlanDbIds.toArray());
errorMessage.append(", vlanId id=" + Arrays.toString(dedicatedVlanDbIds.toArray()));
- } else if (nonDedicatedVlanDbIds != null && !nonDedicatedVlanDbIds.isEmpty()) {
- sc.setParameters("vlanId", nonDedicatedVlanDbIds.toArray());
+ } else if (nonDedicatedVlanDbIds != null && !nonDedicatedVlanDbIds.isEmpty()) {
+ sc.setParameters("vlanId", nonDedicatedVlanDbIds.toArray());
- errorMessage.append(", vlanId id=" + nonDedicatedVlanDbIds.toArray());
+ errorMessage.append(", vlanId id=" + Arrays.toString(nonDedicatedVlanDbIds.toArray()));
- } else {
- if (podId != null) {
- InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", Pod.class, podId);
- ex.addProxyObject(ApiDBUtils.findPodById(podId).getUuid());
- throw ex;
- }
- s_logger.warn(errorMessage.toString());
- InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", DataCenter.class, dcId);
- ex.addProxyObject(ApiDBUtils.findZoneById(dcId).getUuid());
- throw ex;
- }
+ } else {
+ if (podId != null) {
+ InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", Pod.class, podId);
+ ex.addProxyObject(ApiDBUtils.findPodById(podId).getUuid());
+ throw ex;
+ }
+ s_logger.warn(errorMessage.toString());
+ InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", DataCenter.class, dcId);
+ ex.addProxyObject(ApiDBUtils.findZoneById(dcId).getUuid());
+ throw ex;
+ }
- sc.setParameters("dc", dcId);
+ sc.setParameters("dc", dcId);
- DataCenter zone = _entityMgr.findById(DataCenter.class, dcId);
+ DataCenter zone = _entityMgr.findById(DataCenter.class, dcId);
- // for direct network take ip addresses only from the vlans belonging to the network
- if (vlanUse == VlanType.DirectAttached) {
- sc.setJoinParameters("vlan", "networkId", guestNetworkId);
- errorMessage.append(", network id=" + guestNetworkId);
- }
- sc.setJoinParameters("vlan", "type", vlanUse);
+ // for direct network take ip addresses only from the vlans belonging to the network
+ if (vlanUse == VlanType.DirectAttached) {
+ sc.setJoinParameters("vlan", "networkId", guestNetworkId);
+ errorMessage.append(", network id=" + guestNetworkId);
+ }
+ sc.setJoinParameters("vlan", "type", vlanUse);
- if (requestedIp != null) {
- sc.addAnd("address", SearchCriteria.Op.EQ, requestedIp);
- errorMessage.append(": requested ip " + requestedIp + " is not available");
- }
+ if (requestedIp != null) {
+ sc.addAnd("address", SearchCriteria.Op.EQ, requestedIp);
+ errorMessage.append(": requested ip " + requestedIp + " is not available");
+ }
- Filter filter = new Filter(IPAddressVO.class, "vlanId", true, 0l, 1l);
+ Filter filter = new Filter(IPAddressVO.class, "vlanId", true, 0l, 1l);
- List<IPAddressVO> addrs = _ipAddressDao.lockRows(sc, filter, true);
+ List<IPAddressVO> addrs = _ipAddressDao.lockRows(sc, filter, true);
- // If all the dedicated IPs of the owner are in use fetch an IP from the system pool
- if (addrs.size() == 0 && fetchFromDedicatedRange) {
- // Verify if account is allowed to acquire IPs from the system
- boolean useSystemIps = UseSystemPublicIps.valueIn(owner.getId());
- if (useSystemIps && nonDedicatedVlanDbIds != null && !nonDedicatedVlanDbIds.isEmpty()) {
- fetchFromDedicatedRange = false;
- sc.setParameters("vlanId", nonDedicatedVlanDbIds.toArray());
+ // If all the dedicated IPs of the owner are in use fetch an IP from the system pool
+ if (addrs.size() == 0 && fetchFromDedicatedRange) {
+ // Verify if account is allowed to acquire IPs from the system
+ boolean useSystemIps = UseSystemPublicIps.valueIn(owner.getId());
+ if (useSystemIps && nonDedicatedVlanDbIds != null && !nonDedicatedVlanDbIds.isEmpty()) {
+ fetchFromDedicatedRange = false;
+ sc.setParameters("vlanId", nonDedicatedVlanDbIds.toArray());
- errorMessage.append(", vlanId id=" + nonDedicatedVlanDbIds.toArray());
+ errorMessage.append(", vlanId id=" + Arrays.toString(nonDedicatedVlanDbIds.toArray()));
- addrs = _ipAddressDao.lockRows(sc, filter, true);
- }
- }
+ addrs = _ipAddressDao.lockRows(sc, filter, true);
+ }
+ }
- if (addrs.size() == 0) {
- if (podId != null) {
- InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", Pod.class, podId);
- // for now, we hardcode the table names, but we should ideally do a lookup for the tablename from the VO object.
- ex.addProxyObject(ApiDBUtils.findPodById(podId).getUuid());
- throw ex;
- }
- s_logger.warn(errorMessage.toString());
- InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", DataCenter.class, dcId);
- ex.addProxyObject(ApiDBUtils.findZoneById(dcId).getUuid());
- throw ex;
- }
+ if (addrs.size() == 0) {
+ if (podId != null) {
+ InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", Pod.class, podId);
+ // for now, we hardcode the table names, but we should ideally do a lookup for the tablename from the VO object.
+ ex.addProxyObject(ApiDBUtils.findPodById(podId).getUuid());
+ throw ex;
+ }
+ s_logger.warn(errorMessage.toString());
+ InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", DataCenter.class, dcId);
+ ex.addProxyObject(ApiDBUtils.findZoneById(dcId).getUuid());
+ throw ex;
+ }
- assert (addrs.size() == 1) : "Return size is incorrect: " + addrs.size();
+ assert (addrs.size() == 1) : "Return size is incorrect: " + addrs.size();
- if (!fetchFromDedicatedRange) {
- // Check that the maximum number of public IPs for the given accountId will not be exceeded
- try {
- _resourceLimitMgr.checkResourceLimit(owner, ResourceType.public_ip);
- } catch (ResourceAllocationException ex) {
- s_logger.warn("Failed to allocate resource of type " + ex.getResourceType() + " for account " + owner);
- throw new AccountLimitException("Maximum number of public IP addresses for account: " + owner.getAccountName() + " has been exceeded.");
- }
- }
+ if (!fetchFromDedicatedRange) {
+ // Check that the maximum number of public IPs for the given accountId will not be exceeded
+ try {
+ _resourceLimitMgr.checkResourceLimit(owner, ResourceType.public_ip);
+ } catch (ResourceAllocationException ex) {
+ s_logger.warn("Failed to allocate resource of type " + ex.getResourceType() + " for account " + owner);
+ throw new AccountLimitException("Maximum number of public IP addresses for account: " + owner.getAccountName() + " has been exceeded.");
+ }
+ }
- IPAddressVO addr = addrs.get(0);
- addr.setSourceNat(sourceNat);
- addr.setAllocatedTime(new Date());
- addr.setAllocatedInDomainId(owner.getDomainId());
- addr.setAllocatedToAccountId(owner.getId());
- addr.setSystem(isSystem);
+ IPAddressVO addr = addrs.get(0);
+ addr.setSourceNat(sourceNat);
+ addr.setAllocatedTime(new Date());
+ addr.setAllocatedInDomainId(owner.getDomainId());
+ addr.setAllocatedToAccountId(owner.getId());
+ addr.setSystem(isSystem);
if (displayIp != null) {
addr.setDisplay(displayIp);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/network/NetworkServiceImpl.java
----------------------------------------------------------------------
[31/50] [abbrv] Merge branch 'master' into rbac.
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/network/as/AutoScaleManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/as/AutoScaleManagerImpl.java
index c8cc5b3,208b4a4..e07e502
--- a/server/src/com/cloud/network/as/AutoScaleManagerImpl.java
+++ b/server/src/com/cloud/network/as/AutoScaleManagerImpl.java
@@@ -447,9 -454,9 +456,10 @@@ public class AutoScaleManagerImpl<Type
String otherDeployParams = cmd.getOtherDeployParams();
Long serviceOffId = cmd.getServiceOfferingId();
Long zoneId = cmd.getZoneId();
+ Boolean display = cmd.getDisplay();
- SearchWrapper<AutoScaleVmProfileVO> searchWrapper = new SearchWrapper<AutoScaleVmProfileVO>(_autoScaleVmProfileDao, AutoScaleVmProfileVO.class, cmd, cmd.getId());
+ SearchWrapper<AutoScaleVmProfileVO> searchWrapper = new SearchWrapper<AutoScaleVmProfileVO>(_autoScaleVmProfileDao, AutoScaleVmProfileVO.class, cmd, cmd.getId(),
+ "listAutoScaleVmProfiles");
SearchBuilder<AutoScaleVmProfileVO> sb = searchWrapper.getSearchBuilder();
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
@@@ -859,9 -870,9 +879,10 @@@
Long loadBalancerId = cmd.getLoadBalancerId();
Long profileId = cmd.getProfileId();
Long zoneId = cmd.getZoneId();
+ Boolean forDisplay = cmd.getDisplay();
- SearchWrapper<AutoScaleVmGroupVO> searchWrapper = new SearchWrapper<AutoScaleVmGroupVO>(_autoScaleVmGroupDao, AutoScaleVmGroupVO.class, cmd, cmd.getId());
+ SearchWrapper<AutoScaleVmGroupVO> searchWrapper = new SearchWrapper<AutoScaleVmGroupVO>(_autoScaleVmGroupDao, AutoScaleVmGroupVO.class, cmd, cmd.getId(),
+ "listAutoScaleVmGroups");
SearchBuilder<AutoScaleVmGroupVO> sb = searchWrapper.getSearchBuilder();
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/firewall/FirewallManagerImpl.java
index b5374e7d,ca474d6..c312d3d
--- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
@@@ -232,19 -233,22 +233,22 @@@ public class FirewallManagerImpl extend
FirewallRuleVO newRule =
new FirewallRuleVO(xId, ipAddrId, portStart, portEnd, protocol.toLowerCase(), networkId, accountIdFinal, domainIdFinal, Purpose.Firewall,
sourceCidrList, icmpCode, icmpType, relatedRuleId, trafficType);
- newRule.setType(type);
+ newRule.setType(type);
+ if (forDisplay != null) {
+ newRule.setDisplay(forDisplay);
+ }
- newRule = _firewallDao.persist(newRule);
+ newRule = _firewallDao.persist(newRule);
- if (type == FirewallRuleType.User)
- detectRulesConflict(newRule);
+ if (type == FirewallRuleType.User)
+ detectRulesConflict(newRule);
- if (!_firewallDao.setStateToAdd(newRule)) {
- throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
- }
- CallContext.current().setEventDetails("Rule Id: " + newRule.getId());
+ if (!_firewallDao.setStateToAdd(newRule)) {
+ throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
+ }
+ CallContext.current().setEventDetails("Rule Id: " + newRule.getId());
- return newRule;
- }
+ return newRule;
+ }
});
}
@@@ -255,11 -259,10 +259,12 @@@
Long networkId = cmd.getNetworkId();
Map<String, String> tags = cmd.getTags();
FirewallRule.TrafficType trafficType = cmd.getTrafficType();
+ Boolean display = cmd.getDisplay();
Account caller = CallContext.current().getCallingAccount();
+ List<Long> permittedDomains = new ArrayList<Long>();
List<Long> permittedAccounts = new ArrayList<Long>();
+ List<Long> permittedResources = new ArrayList<Long>();
if (ipId != null) {
IPAddressVO ipAddressVO = _ipAddressDao.findById(ipId);
@@@ -280,9 -285,10 +285,10 @@@
sb.and("id", sb.entity().getId(), Op.EQ);
sb.and("trafficType", sb.entity().getTrafficType(), Op.EQ);
- sb.and("networkId", sb.entity().getNetworkId(), Op.EQ);
+ sb.and("networkId", sb.entity().getNetworkId(), Op.EQ);
sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ);
sb.and("purpose", sb.entity().getPurpose(), Op.EQ);
+ sb.and("display", sb.entity().isDisplay(), Op.EQ);
if (tags != null && !tags.isEmpty()) {
SearchBuilder<ResourceTagVO> tagSearch = _resourceTagDao.createSearchBuilder();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
index e08b76c,6f0c1e9..9f280ef
--- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
+++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@@@ -1498,8 -1497,9 +1497,9 @@@ public class LoadBalancingRulesManagerI
@DB
@Override
public LoadBalancer createPublicLoadBalancer(final String xId, final String name, final String description, final int srcPort, final int destPort,
- final long sourceIpId, final String protocol, final String algorithm, final boolean openFirewall, final CallContext caller, final String lbProtocol)
+ final long sourceIpId,
+ final String protocol, final String algorithm, final boolean openFirewall, final CallContext caller, final String lbProtocol, final Boolean forDisplay)
- throws NetworkRuleConflictException {
+ throws NetworkRuleConflictException {
if (!NetUtils.isValidPort(destPort)) {
throw new InvalidParameterValueException("privatePort is an invalid value: " + destPort);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/network/rules/RulesManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/rules/RulesManagerImpl.java
index 4a75d40,ad977a2..9a76219
--- a/server/src/com/cloud/network/rules/RulesManagerImpl.java
+++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java
@@@ -201,8 -201,8 +201,8 @@@ public class RulesManagerImpl extends M
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating forwarding rule", create = true)
- public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule, final Long vmId, Ip vmIp, final boolean openFirewall)
+ public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule, final Long vmId, Ip vmIp, final boolean openFirewall, final Boolean forDisplay)
- throws NetworkRuleConflictException {
+ throws NetworkRuleConflictException {
CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
@@@ -775,11 -779,10 +779,12 @@@
Long id = cmd.getId();
Map<String, String> tags = cmd.getTags();
Long networkId = cmd.getNetworkId();
+ Boolean display = cmd.getDisplay();
Account caller = CallContext.current().getCallingAccount();
+ List<Long> permittedDomains = new ArrayList<Long>();
List<Long> permittedAccounts = new ArrayList<Long>();
+ List<Long> permittedResources = new ArrayList<Long>();
if (ipId != null) {
IPAddressVO ipAddressVO = _ipAddressDao.findById(ipId);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/network/vpc/VpcManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/vpc/VpcManagerImpl.java
index 39fb19e,403b95e..08381e2
--- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java
@@@ -658,13 -658,16 +658,16 @@@ public class VpcManagerImpl extends Man
@Override
public VpcVO doInTransaction(TransactionStatus status) {
VpcVO vpc = new VpcVO(zoneId, vpcName, displayText, vpcOwner.getId(), vpcOwner.getDomainId(), vpcOffId, cidr, networkDomain);
+ if (displayVpc != null) {
+ vpc.setDisplay(displayVpc);
+ }
- vpc = _vpcDao.persist(vpc, finalizeServicesAndProvidersForVpc(zoneId, vpcOffId));
- _resourceLimitMgr.incrementResourceCount(vpcOwner.getId(), ResourceType.vpc);
+ vpc = _vpcDao.persist(vpc, finalizeServicesAndProvidersForVpc(zoneId, vpcOffId));
+ _resourceLimitMgr.incrementResourceCount(vpcOwner.getId(), ResourceType.vpc);
- s_logger.debug("Created VPC " + vpc);
+ s_logger.debug("Created VPC " + vpc);
- return vpc;
- }
+ return vpc;
+ }
});
}
@@@ -806,16 -813,14 +813,16 @@@
@Override
public List<? extends Vpc> listVpcs(Long id, String vpcName, String displayText, List<String> supportedServicesStr, String cidr, Long vpcOffId, String state,
String accountName, Long domainId, String keyword, Long startIndex, Long pageSizeVal, Long zoneId, Boolean isRecursive, Boolean listAll, Boolean restartRequired,
- Map<String, String> tags, Long projectId) {
+ Map<String, String> tags, Long projectId, Boolean display) {
Account caller = CallContext.current().getCallingAccount();
+ List<Long> permittedDomains = new ArrayList<Long>();
List<Long> permittedAccounts = new ArrayList<Long>();
+ List<Long> permittedResources = new ArrayList<Long>();
- Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject =
- new Ternary<Long, Boolean, ListProjectResourcesCriteria>(domainId, isRecursive, null);
- _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, listAll, false);
- domainId = domainIdRecursiveListProject.first();
+ Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean,
+ ListProjectResourcesCriteria>(domainId, isRecursive, null);
+ _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedDomains, permittedAccounts, permittedResources, domainIdRecursiveListProject, listAll,
+ false, "listVPCs");
isRecursive = domainIdRecursiveListProject.second();
ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
Filter searchFilter = new Filter(VpcVO.class, "created", false, startIndex, pageSizeVal);
@@@ -871,8 -877,12 +879,12 @@@
sc.setJoinParameters("tagSearch", "value" + String.valueOf(count), tags.get(key));
count++;
}
- }
+ }
+ if (display != null) {
+ sc.setParameters("display", display);
+ }
+
if (id != null) {
sc.addAnd("id", SearchCriteria.Op.EQ, id);
}
@@@ -1401,37 -1411,38 +1413,38 @@@
s_logger.info("found and using existing network for vpc " + vpc + ": " + broadcastUri);
DataCenterVO dc = _dcDao.lockRow(physNetFinal.getDataCenterId(), true);
- //add entry to private_ip_address table
- PrivateIpVO privateIp = _privateIpDao.findByIpAndSourceNetworkId(privateNtwk.getId(), ipAddress);
- if (privateIp != null) {
+ //add entry to private_ip_address table
+ PrivateIpVO privateIp = _privateIpDao.findByIpAndSourceNetworkId(privateNtwk.getId(), ipAddress);
+ if (privateIp != null) {
throw new InvalidParameterValueException("Private ip address " + ipAddress + " already used for private gateway" + " in zone " +
_entityMgr.findById(DataCenter.class, dcId).getName());
- }
+ }
- Long mac = dc.getMacAddress();
- Long nextMac = mac + 1;
- dc.setMacAddress(nextMac);
+ Long mac = dc.getMacAddress();
+ Long nextMac = mac + 1;
+ dc.setMacAddress(nextMac);
- privateIp = new PrivateIpVO(ipAddress, privateNtwk.getId(), nextMac, vpcId, true);
+ s_logger.info("creating private ip adress for vpc (" + ipAddress + ", " + privateNtwk.getId() + ", " + nextMac + ", " + vpcId + ", " + isSourceNat + ")");
+ privateIp = new PrivateIpVO(ipAddress, privateNtwk.getId(), nextMac, vpcId, isSourceNat);
- _privateIpDao.persist(privateIp);
+ _privateIpDao.persist(privateIp);
- _dcDao.update(dc.getId(), dc);
- }
+ _dcDao.update(dc.getId(), dc);
+ }
- long networkAclId = NetworkACL.DEFAULT_DENY;
- if (aclId != null) {
- NetworkACLVO aclVO = _networkAclDao.findById(aclId);
+ long networkAclId = NetworkACL.DEFAULT_DENY;
+ if (aclId != null) {
+ NetworkACLVO aclVO = _networkAclDao.findById(aclId);
if (aclVO == null) {
- throw new InvalidParameterValueException("Invalid network acl id passed ");
- }
- if ((aclVO.getVpcId() != vpcId) && !(aclId == NetworkACL.DEFAULT_DENY || aclId == NetworkACL.DEFAULT_ALLOW)) {
- throw new InvalidParameterValueException("Private gateway and network acl are not in the same vpc");
- }
+ throw new InvalidParameterValueException("Invalid network acl id passed ");
+ }
+ if ((aclVO.getVpcId() != vpcId) && !(aclId == NetworkACL.DEFAULT_DENY || aclId == NetworkACL.DEFAULT_ALLOW)) {
+ throw new InvalidParameterValueException("Private gateway and network acl are not in the same vpc");
+ }
- networkAclId = aclId;
- }
+ networkAclId = aclId;
+ }
- //2) create gateway entry
+ //2) create gateway entry
VpcGatewayVO gatewayVO =
new VpcGatewayVO(ipAddress, VpcGateway.Type.Private, vpcId, privateNtwk.getDataCenterId(), privateNtwk.getId(), broadcastUri, gateway, netmask,
vpc.getAccountId(), vpc.getDomainId(), isSourceNat, networkAclId);
@@@ -2022,14 -2028,15 +2035,15 @@@
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
- IPAddressVO ip = _ipAddressDao.findById(ipId);
- //update ip address with networkId
- ip.setVpcId(vpcId);
+ IPAddressVO ip = _ipAddressDao.findById(ipId);
+ //update ip address with networkId
+ ip.setVpcId(vpcId);
ip.setSourceNat(isSourceNatFinal);
+
- _ipAddressDao.update(ipId, ip);
+ _ipAddressDao.update(ipId, ip);
- //mark ip as allocated
- _ipAddrMgr.markPublicIpAsAllocated(ip);
+ //mark ip as allocated
+ _ipAddrMgr.markPublicIpAsAllocated(ip);
}
});
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java
index a8505a7,0306fad..531adad
--- a/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java
+++ b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java
@@@ -650,9 -649,10 +654,10 @@@ public class RemoteAccessVpnManagerImp
sb.and("id", sb.entity().getId(), Op.EQ);
sb.and("networkId", sb.entity().getNetworkId(), Op.EQ);
sb.and("state", sb.entity().getState(), Op.EQ);
+ sb.and("display", sb.entity().isDisplay(), Op.EQ);
SearchCriteria<RemoteAccessVpnVO> sc = sb.create();
- _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
+ _accountMgr.buildACLSearchCriteria(sc, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria);
sc.setParameters("state", RemoteAccessVpn.State.Running);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
index 03a13c3,66a2b58..fdb5bbf
--- a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
+++ b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
@@@ -632,9 -636,10 +642,10 @@@ public class Site2SiteVpnManagerImpl ex
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
sb.and("vpcId", sb.entity().getVpcId(), SearchCriteria.Op.EQ);
+ sb.and("display", sb.entity().isDisplay(), SearchCriteria.Op.EQ);
SearchCriteria<Site2SiteVpnGatewayVO> sc = sb.create();
- _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
+ _accountMgr.buildACLSearchCriteria(sc, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria);
if (id != null) {
sc.addAnd("id", SearchCriteria.Op.EQ, id);
@@@ -675,9 -682,10 +691,10 @@@
Filter searchFilter = new Filter(Site2SiteVpnConnectionVO.class, "id", false, startIndex, pageSizeVal);
SearchBuilder<Site2SiteVpnConnectionVO> sb = _vpnConnectionDao.createSearchBuilder();
- _accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
+ _accountMgr.buildACLSearchBuilder(sb, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
+ sb.and("display", sb.entity().isDisplay(), SearchCriteria.Op.EQ);
if (vpcId != null) {
SearchBuilder<Site2SiteVpnGatewayVO> gwSearch = _vpnGatewayDao.createSearchBuilder();
@@@ -686,8 -694,11 +703,11 @@@
}
SearchCriteria<Site2SiteVpnConnectionVO> sc = sb.create();
- _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
+ _accountMgr.buildACLSearchCriteria(sc, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria);
+ if (display != null) {
+ sc.setParameters("display", display);
+ }
if (id != null) {
sc.addAnd("id", SearchCriteria.Op.EQ, id);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/resource/ResourceManagerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/server/ManagementServerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/storage/VolumeApiServiceImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/storage/VolumeApiServiceImpl.java
index ad8a4ba,50aa87e..3ef8e13
--- a/server/src/com/cloud/storage/VolumeApiServiceImpl.java
+++ b/server/src/com/cloud/storage/VolumeApiServiceImpl.java
@@@ -563,43 -564,43 +564,43 @@@ public class VolumeApiServiceImpl exten
return Transaction.execute(new TransactionCallback<VolumeVO>() {
@Override
public VolumeVO doInTransaction(TransactionStatus status) {
- VolumeVO volume = new VolumeVO(userSpecifiedName, -1, -1, -1, -1, new Long(-1), null, null, 0, Volume.Type.DATADISK);
- volume.setPoolId(null);
+ VolumeVO volume = new VolumeVO(userSpecifiedName, -1, -1, -1, -1, new Long(-1), null, null, 0, Volume.Type.DATADISK);
+ volume.setPoolId(null);
volume.setUuid(uuid);
- volume.setDataCenterId(zoneId);
- volume.setPodId(null);
- volume.setAccountId(ownerId);
- volume.setDomainId(((caller == null) ? Domain.ROOT_DOMAIN : caller.getDomainId()));
- volume.setDiskOfferingId(diskOfferingId);
- volume.setSize(size);
- volume.setMinIops(minIops);
- volume.setMaxIops(maxIops);
- volume.setInstanceId(null);
- volume.setUpdated(new Date());
- volume.setDomainId((caller == null) ? Domain.ROOT_DOMAIN : caller.getDomainId());
+ volume.setDataCenterId(zoneId);
+ volume.setPodId(null);
+ volume.setAccountId(ownerId);
+ volume.setDomainId(((caller == null) ? Domain.ROOT_DOMAIN : caller.getDomainId()));
+ volume.setDiskOfferingId(diskOfferingId);
+ volume.setSize(size);
+ volume.setMinIops(minIops);
+ volume.setMaxIops(maxIops);
+ volume.setInstanceId(null);
+ volume.setUpdated(new Date());
+ volume.setDomainId((caller == null) ? Domain.ROOT_DOMAIN : caller.getDomainId());
- volume.setDisplayVolume(displayVolumeEnabled);
+ volume.setDisplayVolume(displayVolume);
- if (parentVolume != null) {
- volume.setTemplateId(parentVolume.getTemplateId());
- volume.setFormat(parentVolume.getFormat());
- } else {
- volume.setTemplateId(null);
- }
+ if (parentVolume != null) {
+ volume.setTemplateId(parentVolume.getTemplateId());
+ volume.setFormat(parentVolume.getFormat());
+ } else {
+ volume.setTemplateId(null);
+ }
- volume = _volsDao.persist(volume);
- if (cmd.getSnapshotId() == null) {
- // for volume created from snapshot, create usage event after volume creation
+ volume = _volsDao.persist(volume);
+ if (cmd.getSnapshotId() == null) {
+ // for volume created from snapshot, create usage event after volume creation
UsageEventUtils.publishUsageEvent(EventTypes.EVENT_VOLUME_CREATE, volume.getAccountId(), volume.getDataCenterId(), volume.getId(), volume.getName(),
diskOfferingId, null, size, Volume.class.getName(), volume.getUuid());
- }
+ }
- CallContext.current().setEventDetails("Volume Id: " + volume.getId());
+ CallContext.current().setEventDetails("Volume Id: " + volume.getId());
- // Increment resource count during allocation; if actual creation fails,
- // decrement it
+ // Increment resource count during allocation; if actual creation fails,
+ // decrement it
- _resourceLimitMgr.incrementResourceCount(volume.getAccountId(), ResourceType.volume, displayVolumeEnabled);
- _resourceLimitMgr.incrementResourceCount(volume.getAccountId(), ResourceType.primary_storage, displayVolumeEnabled, new Long(volume.getSize()));
+ _resourceLimitMgr.incrementResourceCount(volume.getAccountId(), ResourceType.volume, displayVolume);
+ _resourceLimitMgr.incrementResourceCount(volume.getAccountId(), ResourceType.primary_storage, displayVolume, new Long(volume.getSize()));
- return volume;
- }
+ return volume;
+ }
});
}
@@@ -2124,30 -2138,34 +2138,34 @@@
public Object[] doInTransaction(TransactionStatus status) {
VmWorkJobVO workJob = null;
- _vmInstanceDao.lockRow(vm.getId(), true);
+ _vmInstanceDao.lockInLockTable(String.valueOf(vm.getId()), Integer.MAX_VALUE);
+ try {
- workJob = new VmWorkJobVO(context.getContextId());
+ workJob = new VmWorkJobVO(context.getContextId());
- workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
- workJob.setCmd(VmWorkAttachVolume.class.getName());
+ workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
+ workJob.setCmd(VmWorkAttachVolume.class.getName());
- workJob.setAccountId(callingAccount.getId());
- workJob.setUserId(callingUser.getId());
- workJob.setStep(VmWorkJobVO.Step.Starting);
- workJob.setVmType(VirtualMachine.Type.Instance);
- workJob.setVmInstanceId(vm.getId());
+ workJob.setAccountId(callingAccount.getId());
+ workJob.setUserId(callingUser.getId());
+ workJob.setStep(VmWorkJobVO.Step.Starting);
+ workJob.setVmType(VirtualMachine.Type.Instance);
+ workJob.setVmInstanceId(vm.getId());
- workJob.setRelated(AsyncJobExecutionContext.getOriginJobContextId());
+ workJob.setRelated(AsyncJobExecutionContext.getOriginJobId());
- // save work context info (there are some duplications)
+ // save work context info (there are some duplications)
- VmWorkAttachVolume workInfo = new VmWorkAttachVolume(callingUser.getId(), callingAccount.getId(), vm.getId(), VolumeApiServiceImpl.VM_WORK_JOB_HANDLER, volumeId,
- deviceId);
+ VmWorkAttachVolume workInfo = new VmWorkAttachVolume(callingUser.getId(), callingAccount.getId(), vm.getId(),
+ VolumeApiServiceImpl.VM_WORK_JOB_HANDLER, volumeId, deviceId);
- workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
+ workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
- _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
+ _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
- AsyncJobVO jobVo = _jobMgr.getAsyncJob(workJob.getId());
- s_logger.debug("New job " + workJob.getId() + ", result field: " + jobVo.getResult());
+ AsyncJobVO jobVo = _jobMgr.getAsyncJob(workJob.getId());
+ s_logger.debug("New job " + workJob.getId() + ", result field: " + jobVo.getResult());
- return new Object[] {workJob, new Long(workJob.getId())};
+ return new Object[] {workJob, new Long(workJob.getId())};
+ } finally {
+ _vmInstanceDao.unlockFromLockTable(String.valueOf(vm.getId()));
+ }
}
});
@@@ -2171,26 -2189,31 +2189,31 @@@
public Object[] doInTransaction(TransactionStatus status) {
VmWorkJobVO workJob = null;
- _vmInstanceDao.lockRow(vm.getId(), true);
+ _vmInstanceDao.lockInLockTable(String.valueOf(vm.getId()), Integer.MAX_VALUE);
+ try {
- workJob = new VmWorkJobVO(context.getContextId());
+ workJob = new VmWorkJobVO(context.getContextId());
- workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
- workJob.setCmd(VmWorkDetachVolume.class.getName());
+ workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
+ workJob.setCmd(VmWorkDetachVolume.class.getName());
- workJob.setAccountId(callingAccount.getId());
- workJob.setUserId(callingUser.getId());
- workJob.setStep(VmWorkJobVO.Step.Starting);
- workJob.setVmType(VirtualMachine.Type.Instance);
- workJob.setVmInstanceId(vm.getId());
+ workJob.setAccountId(callingAccount.getId());
+ workJob.setUserId(callingUser.getId());
+ workJob.setStep(VmWorkJobVO.Step.Starting);
+ workJob.setVmType(VirtualMachine.Type.Instance);
+ workJob.setVmInstanceId(vm.getId());
- workJob.setRelated(AsyncJobExecutionContext.getOriginJobContextId());
+ workJob.setRelated(AsyncJobExecutionContext.getOriginJobId());
- // save work context info (there are some duplications)
+ // save work context info (there are some duplications)
- VmWorkDetachVolume workInfo = new VmWorkDetachVolume(callingUser.getId(), callingAccount.getId(), vm.getId(), VolumeApiServiceImpl.VM_WORK_JOB_HANDLER, volumeId);
+ VmWorkDetachVolume workInfo = new VmWorkDetachVolume(callingUser.getId(), callingAccount.getId(), vm.getId(),
+ VolumeApiServiceImpl.VM_WORK_JOB_HANDLER, volumeId);
- workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
+ workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
- _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
+ _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
- return new Object[] {workJob, new Long(workJob.getId())};
+ return new Object[] {workJob, new Long(workJob.getId())};
+ } finally {
+ _vmInstanceDao.unlockFromLockTable(String.valueOf(vm.getId()));
+ }
}
});
@@@ -2215,27 -2238,32 +2238,32 @@@
public Object[] doInTransaction(TransactionStatus status) {
VmWorkJobVO workJob = null;
- _vmInstanceDao.lockRow(vm.getId(), true);
+ _vmInstanceDao.lockInLockTable(String.valueOf(vm.getId()), Integer.MAX_VALUE);
+
+ try {
- workJob = new VmWorkJobVO(context.getContextId());
+ workJob = new VmWorkJobVO(context.getContextId());
- workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
- workJob.setCmd(VmWorkResizeVolume.class.getName());
+ workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
+ workJob.setCmd(VmWorkResizeVolume.class.getName());
- workJob.setAccountId(callingAccount.getId());
- workJob.setUserId(callingUser.getId());
- workJob.setStep(VmWorkJobVO.Step.Starting);
- workJob.setVmType(VirtualMachine.Type.Instance);
- workJob.setVmInstanceId(vm.getId());
+ workJob.setAccountId(callingAccount.getId());
+ workJob.setUserId(callingUser.getId());
+ workJob.setStep(VmWorkJobVO.Step.Starting);
+ workJob.setVmType(VirtualMachine.Type.Instance);
+ workJob.setVmInstanceId(vm.getId());
- workJob.setRelated(AsyncJobExecutionContext.getOriginJobContextId());
+ workJob.setRelated(AsyncJobExecutionContext.getOriginJobId());
- // save work context info (there are some duplications)
- VmWorkResizeVolume workInfo = new VmWorkResizeVolume(callingUser.getId(), callingAccount.getId(), vm.getId(),
- VolumeApiServiceImpl.VM_WORK_JOB_HANDLER, volumeId, currentSize, newSize, newServiceOfferingId, shrinkOk);
- workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
+ // save work context info (there are some duplications)
+ VmWorkResizeVolume workInfo = new VmWorkResizeVolume(callingUser.getId(), callingAccount.getId(), vm.getId(),
+ VolumeApiServiceImpl.VM_WORK_JOB_HANDLER, volumeId, currentSize, newSize, newServiceOfferingId, shrinkOk);
+ workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
- _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
+ _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
- return new Object[] {workJob, new Long(workJob.getId())};
+ return new Object[] {workJob, new Long(workJob.getId())};
+ } finally {
+ _vmInstanceDao.unlockFromLockTable(String.valueOf(vm.getId()));
+ }
}
});
@@@ -2260,27 -2288,31 +2288,31 @@@
public Object[] doInTransaction(TransactionStatus status) {
VmWorkJobVO workJob = null;
- _vmInstanceDao.lockRow(vm.getId(), true);
+ _vmInstanceDao.lockInLockTable(String.valueOf(vm.getId()), Integer.MAX_VALUE);
+ try {
- workJob = new VmWorkJobVO(context.getContextId());
+ workJob = new VmWorkJobVO(context.getContextId());
- workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
- workJob.setCmd(VmWorkMigrateVolume.class.getName());
+ workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
+ workJob.setCmd(VmWorkMigrateVolume.class.getName());
- workJob.setAccountId(callingAccount.getId());
- workJob.setUserId(callingUser.getId());
- workJob.setStep(VmWorkJobVO.Step.Starting);
- workJob.setVmType(VirtualMachine.Type.Instance);
- workJob.setVmInstanceId(vm.getId());
+ workJob.setAccountId(callingAccount.getId());
+ workJob.setUserId(callingUser.getId());
+ workJob.setStep(VmWorkJobVO.Step.Starting);
+ workJob.setVmType(VirtualMachine.Type.Instance);
+ workJob.setVmInstanceId(vm.getId());
- workJob.setRelated(AsyncJobExecutionContext.getOriginJobContextId());
+ workJob.setRelated(AsyncJobExecutionContext.getOriginJobId());
- // save work context info (there are some duplications)
- VmWorkMigrateVolume workInfo = new VmWorkMigrateVolume(callingUser.getId(), callingAccount.getId(), vm.getId(),
- VolumeApiServiceImpl.VM_WORK_JOB_HANDLER, volumeId, destPoolId, liveMigrate);
- workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
+ // save work context info (there are some duplications)
+ VmWorkMigrateVolume workInfo = new VmWorkMigrateVolume(callingUser.getId(), callingAccount.getId(), vm.getId(),
+ VolumeApiServiceImpl.VM_WORK_JOB_HANDLER, volumeId, destPoolId, liveMigrate);
+ workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
- _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
+ _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
- return new Object[] {workJob, new Long(workJob.getId())};
+ return new Object[] {workJob, new Long(workJob.getId())};
+ } finally {
+ _vmInstanceDao.unlockFromLockTable(String.valueOf(vm.getId()));
+ }
}
});
@@@ -2305,28 -2337,32 +2337,32 @@@
public Object[] doInTransaction(TransactionStatus status) {
VmWorkJobVO workJob = null;
- _vmInstanceDao.lockRow(vm.getId(), true);
+ _vmInstanceDao.lockInLockTable(String.valueOf(vm.getId()), Integer.MAX_VALUE);
+ try {
- workJob = new VmWorkJobVO(context.getContextId());
+ workJob = new VmWorkJobVO(context.getContextId());
- workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
- workJob.setCmd(VmWorkTakeVolumeSnapshot.class.getName());
+ workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
+ workJob.setCmd(VmWorkTakeVolumeSnapshot.class.getName());
- workJob.setAccountId(callingAccount.getId());
- workJob.setUserId(callingUser.getId());
- workJob.setStep(VmWorkJobVO.Step.Starting);
- workJob.setVmType(VirtualMachine.Type.Instance);
- workJob.setVmInstanceId(vm.getId());
+ workJob.setAccountId(callingAccount.getId());
+ workJob.setUserId(callingUser.getId());
+ workJob.setStep(VmWorkJobVO.Step.Starting);
+ workJob.setVmType(VirtualMachine.Type.Instance);
+ workJob.setVmInstanceId(vm.getId());
- workJob.setRelated(AsyncJobExecutionContext.getOriginJobContextId());
+ workJob.setRelated(AsyncJobExecutionContext.getOriginJobId());
- // save work context info (there are some duplications)
- VmWorkTakeVolumeSnapshot workInfo = new VmWorkTakeVolumeSnapshot(
- callingUser.getId(), accountId != null ? accountId : callingAccount.getId(), vm.getId(),
- VolumeApiServiceImpl.VM_WORK_JOB_HANDLER, volumeId, policyId, snapshotId, quiesceVm);
- workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
+ // save work context info (there are some duplications)
+ VmWorkTakeVolumeSnapshot workInfo = new VmWorkTakeVolumeSnapshot(
+ callingUser.getId(), accountId != null ? accountId : callingAccount.getId(), vm.getId(),
+ VolumeApiServiceImpl.VM_WORK_JOB_HANDLER, volumeId, policyId, snapshotId, quiesceVm);
+ workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
- _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
+ _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
- return new Object[] {workJob, new Long(workJob.getId())};
+ return new Object[] {workJob, new Long(workJob.getId())};
+ } finally {
+ _vmInstanceDao.unlockFromLockTable(String.valueOf(vm.getId()));
+ }
}
});
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/template/HypervisorTemplateAdapter.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/template/TemplateManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/template/TemplateManagerImpl.java
index f27fb74,7466670..34123cd
--- a/server/src/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/com/cloud/template/TemplateManagerImpl.java
@@@ -1744,17 -1753,12 +1778,12 @@@ public class TemplateManagerImpl extend
throw ex;
}
- // Don't allow to modify system template
- if (id == Long.valueOf(1)) {
- InvalidParameterValueException ex = new InvalidParameterValueException("Unable to update template/iso of specified id");
- ex.addProxyObject(String.valueOf(id), "templateId");
- throw ex;
- }
+ verifyTemplateId(id);
// do a permission check
- _accountMgr.checkAccess(account, AccessType.ModifyEntry, true, template);
+ _accountMgr.checkAccess(account, AccessType.OperateEntry, true, template);
if (cmd.isRoutingType() != null) {
- if (!_accountService.isRootAdmin(account.getType())) {
+ if (!_accountService.isRootAdmin(account.getId())) {
throw new PermissionDeniedException("Parameter isrouting can only be specified by a Root Admin, permission denied");
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/vm/UserVmManager.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/vm/UserVmManagerImpl.java
index 2957bac,9874dc3..ca734c2
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@@ -34,6 -35,6 +35,9 @@@ import javax.ejb.Local
import javax.inject.Inject;
import javax.naming.ConfigurationException;
++import org.apache.commons.codec.binary.Base64;
++import org.apache.log4j.Logger;
++
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.affinity.AffinityGroupService;
@@@ -79,9 -79,8 +82,6 @@@ import org.apache.cloudstack.framework.
import org.apache.cloudstack.managed.context.ManagedContextRunnable;
import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
- import org.apache.cloudstack.storage.to.TemplateObjectTO;
--import org.apache.commons.codec.binary.Base64;
--import org.apache.log4j.Logger;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.Answer;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/vm/snapshot/VMSnapshotManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/vm/snapshot/VMSnapshotManagerImpl.java
index e9d10b8,9d7a952..37cdf86
--- a/server/src/com/cloud/vm/snapshot/VMSnapshotManagerImpl.java
+++ b/server/src/com/cloud/vm/snapshot/VMSnapshotManagerImpl.java
@@@ -865,27 -863,31 +865,31 @@@ public class VMSnapshotManagerImpl exte
public Object[] doInTransaction(TransactionStatus status) {
VmWorkJobVO workJob = null;
- _vmInstanceDao.lockRow(vm.getId(), true);
+ _vmInstanceDao.lockInLockTable(String.valueOf(vm.getId()), Integer.MAX_VALUE);
+ try {
- workJob = new VmWorkJobVO(context.getContextId());
+ workJob = new VmWorkJobVO(context.getContextId());
- workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
- workJob.setCmd(VmWorkCreateVMSnapshot.class.getName());
+ workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
+ workJob.setCmd(VmWorkCreateVMSnapshot.class.getName());
- workJob.setAccountId(callingAccount.getId());
- workJob.setUserId(callingUser.getId());
- workJob.setStep(VmWorkJobVO.Step.Starting);
- workJob.setVmType(VirtualMachine.Type.Instance);
- workJob.setVmInstanceId(vm.getId());
+ workJob.setAccountId(callingAccount.getId());
+ workJob.setUserId(callingUser.getId());
+ workJob.setStep(VmWorkJobVO.Step.Starting);
+ workJob.setVmType(VirtualMachine.Type.Instance);
+ workJob.setVmInstanceId(vm.getId());
- workJob.setRelated(AsyncJobExecutionContext.getOriginJobContextId());
+ workJob.setRelated(AsyncJobExecutionContext.getOriginJobId());
- // save work context info (there are some duplications)
- VmWorkCreateVMSnapshot workInfo = new VmWorkCreateVMSnapshot(callingUser.getId(), callingAccount.getId(), vm.getId(),
- VMSnapshotManagerImpl.VM_WORK_JOB_HANDLER, vmSnapshotId, quiesceVm);
- workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
+ // save work context info (there are some duplications)
+ VmWorkCreateVMSnapshot workInfo = new VmWorkCreateVMSnapshot(callingUser.getId(), callingAccount.getId(), vm.getId(),
+ VMSnapshotManagerImpl.VM_WORK_JOB_HANDLER, vmSnapshotId, quiesceVm);
+ workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
- _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
+ _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
- return new Object[] {workJob, new Long(workJob.getId())};
+ return new Object[] {workJob, new Long(workJob.getId())};
+ } finally {
+ _vmInstanceDao.unlockFromLockTable(String.valueOf(vm.getId()));
+ }
}
});
@@@ -909,27 -911,31 +913,31 @@@
public Object[] doInTransaction(TransactionStatus status) {
VmWorkJobVO workJob = null;
- _vmInstanceDao.lockRow(vm.getId(), true);
+ _vmInstanceDao.lockInLockTable(String.valueOf(vm.getId()), Integer.MAX_VALUE);
+ try {
- workJob = new VmWorkJobVO(context.getContextId());
+ workJob = new VmWorkJobVO(context.getContextId());
- workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
- workJob.setCmd(VmWorkDeleteVMSnapshot.class.getName());
+ workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
+ workJob.setCmd(VmWorkDeleteVMSnapshot.class.getName());
- workJob.setAccountId(callingAccount.getId());
- workJob.setUserId(callingUser.getId());
- workJob.setStep(VmWorkJobVO.Step.Starting);
- workJob.setVmType(VirtualMachine.Type.Instance);
- workJob.setVmInstanceId(vm.getId());
+ workJob.setAccountId(callingAccount.getId());
+ workJob.setUserId(callingUser.getId());
+ workJob.setStep(VmWorkJobVO.Step.Starting);
+ workJob.setVmType(VirtualMachine.Type.Instance);
+ workJob.setVmInstanceId(vm.getId());
- workJob.setRelated(AsyncJobExecutionContext.getOriginJobContextId());
+ workJob.setRelated(AsyncJobExecutionContext.getOriginJobId());
- // save work context info (there are some duplications)
- VmWorkDeleteVMSnapshot workInfo = new VmWorkDeleteVMSnapshot(callingUser.getId(), callingAccount.getId(), vm.getId(),
- VMSnapshotManagerImpl.VM_WORK_JOB_HANDLER, vmSnapshotId);
- workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
+ // save work context info (there are some duplications)
+ VmWorkDeleteVMSnapshot workInfo = new VmWorkDeleteVMSnapshot(callingUser.getId(), callingAccount.getId(), vm.getId(),
+ VMSnapshotManagerImpl.VM_WORK_JOB_HANDLER, vmSnapshotId);
+ workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
- _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
+ _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
- return new Object[] {workJob, new Long(workJob.getId())};
+ return new Object[] {workJob, new Long(workJob.getId())};
+ } finally {
+ _vmInstanceDao.unlockFromLockTable(String.valueOf(vm.getId()));
+ }
}
});
@@@ -953,27 -959,31 +961,31 @@@
public Object[] doInTransaction(TransactionStatus status) {
VmWorkJobVO workJob = null;
- _vmInstanceDao.lockRow(vm.getId(), true);
+ _vmInstanceDao.lockInLockTable(String.valueOf(vm.getId()), Integer.MAX_VALUE);
+ try {
- workJob = new VmWorkJobVO(context.getContextId());
+ workJob = new VmWorkJobVO(context.getContextId());
- workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
- workJob.setCmd(VmWorkRevertToVMSnapshot.class.getName());
+ workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
+ workJob.setCmd(VmWorkRevertToVMSnapshot.class.getName());
- workJob.setAccountId(callingAccount.getId());
- workJob.setUserId(callingUser.getId());
- workJob.setStep(VmWorkJobVO.Step.Starting);
- workJob.setVmType(VirtualMachine.Type.Instance);
- workJob.setVmInstanceId(vm.getId());
+ workJob.setAccountId(callingAccount.getId());
+ workJob.setUserId(callingUser.getId());
+ workJob.setStep(VmWorkJobVO.Step.Starting);
+ workJob.setVmType(VirtualMachine.Type.Instance);
+ workJob.setVmInstanceId(vm.getId());
- workJob.setRelated(AsyncJobExecutionContext.getOriginJobContextId());
+ workJob.setRelated(AsyncJobExecutionContext.getOriginJobId());
- // save work context info (there are some duplications)
- VmWorkRevertToVMSnapshot workInfo = new VmWorkRevertToVMSnapshot(callingUser.getId(), callingAccount.getId(), vm.getId(),
- VMSnapshotManagerImpl.VM_WORK_JOB_HANDLER, vmSnapshotId);
- workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
+ // save work context info (there are some duplications)
+ VmWorkRevertToVMSnapshot workInfo = new VmWorkRevertToVMSnapshot(callingUser.getId(), callingAccount.getId(), vm.getId(),
+ VMSnapshotManagerImpl.VM_WORK_JOB_HANDLER, vmSnapshotId);
+ workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
- _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
+ _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
- return new Object[] {workJob, new Long(workJob.getId())};
+ return new Object[] {workJob, new Long(workJob.getId())};
+ } finally {
+ _vmInstanceDao.unlockFromLockTable(String.valueOf(vm.getId()));
+ }
}
});
@@@ -997,27 -1007,31 +1009,31 @@@
public Object[] doInTransaction(TransactionStatus status) {
VmWorkJobVO workJob = null;
- _vmInstanceDao.lockRow(vm.getId(), true);
+ _vmInstanceDao.lockInLockTable(String.valueOf(vm.getId()), Integer.MAX_VALUE);
+ try {
- workJob = new VmWorkJobVO(context.getContextId());
+ workJob = new VmWorkJobVO(context.getContextId());
- workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
- workJob.setCmd(VmWorkDeleteAllVMSnapshots.class.getName());
+ workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
+ workJob.setCmd(VmWorkDeleteAllVMSnapshots.class.getName());
- workJob.setAccountId(callingAccount.getId());
- workJob.setUserId(callingUser.getId());
- workJob.setStep(VmWorkJobVO.Step.Starting);
- workJob.setVmType(VirtualMachine.Type.Instance);
- workJob.setVmInstanceId(vm.getId());
+ workJob.setAccountId(callingAccount.getId());
+ workJob.setUserId(callingUser.getId());
+ workJob.setStep(VmWorkJobVO.Step.Starting);
+ workJob.setVmType(VirtualMachine.Type.Instance);
+ workJob.setVmInstanceId(vm.getId());
- workJob.setRelated(AsyncJobExecutionContext.getOriginJobContextId());
+ workJob.setRelated(AsyncJobExecutionContext.getOriginJobId());
- // save work context info (there are some duplications)
- VmWorkDeleteAllVMSnapshots workInfo = new VmWorkDeleteAllVMSnapshots(callingUser.getId(), callingAccount.getId(), vm.getId(),
- VMSnapshotManagerImpl.VM_WORK_JOB_HANDLER, type);
- workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
+ // save work context info (there are some duplications)
+ VmWorkDeleteAllVMSnapshots workInfo = new VmWorkDeleteAllVMSnapshots(callingUser.getId(), callingAccount.getId(), vm.getId(),
+ VMSnapshotManagerImpl.VM_WORK_JOB_HANDLER, type);
+ workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
- _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
+ _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
- return new Object[] {workJob, new Long(workJob.getId())};
+ return new Object[] {workJob, new Long(workJob.getId())};
+ } finally {
+ _vmInstanceDao.unlockFromLockTable(String.valueOf(vm.getId()));
+ }
}
});
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/services/pom.xml
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/setup/db/db/schema-430to440.sql
----------------------------------------------------------------------
diff --cc setup/db/db/schema-430to440.sql
index 917a954,f755a08..52f6c67
--- a/setup/db/db/schema-430to440.sql
+++ b/setup/db/db/schema-430to440.sql
@@@ -122,9 -122,10 +122,10 @@@ CREATE VIEW `cloud`.`volume_view` A
volumes.attached,
volumes.removed,
volumes.pod_id,
- volumes.display_volume,
+ volumes.display_volume,
volumes.format,
- volumes.path,
+ volumes.path,
+ volumes.chain_info,
account.id account_id,
account.uuid account_uuid,
account.account_name account_name,
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/tools/marvin/marvin/integration/lib/base.py
----------------------------------------------------------------------
diff --cc tools/marvin/marvin/integration/lib/base.py
index d281f7b,0a7ad94..4d968d1
--- a/tools/marvin/marvin/integration/lib/base.py
+++ b/tools/marvin/marvin/integration/lib/base.py
@@@ -3623,131 -3630,32 +3630,160 @@@ class Resources
cmd = updateResourceCount.updateResourceCountCmd()
[setattr(cmd, k, v) for k, v in kwargs.items()]
return(apiclient.updateResourceCount(cmd))
-
-
++
+ class NIC:
+ """NIC related API"""
+ def __init__(self, items):
+ self.__dict__.update(items)
+
+ @classmethod
+ def addIp(cls, apiclient, id, ipaddress=None):
+ """Add Ip (secondary) to NIC"""
+ cmd = addIpToNic.addIpToNicCmd()
+ cmd.nicid = id
+ if ipaddress:
+ cmd.ipaddress = ipaddress
+ return(apiclient.addIpToNic(cmd))
+
+ @classmethod
+ def removeIp(cls,apiclient,ipaddressid):
+ """Remove secondary Ip from NIC"""
+ cmd = removeIpFromNic.removeIpFromNicCmd()
+ cmd.id = ipaddressid
+ return(apiclient.addIpToNic(cmd))
+
+ @classmethod
+ def list(cls, apiclient, **kwargs):
+ """List NICs belonging to a virtual machine"""
+
+ cmd = listNics.listNicsCmd()
+ [setattr(cmd, k, v) for k, v in kwargs.items()]
+ return(apiclient.listNics(cmd))
++
+class IAMGroup:
+ def __init__(self, items):
+ self.__dict__.update(items)
+
+ @classmethod
+ def create(cls, apiclient, iam_grp, account=None, domainid=None):
+ cmd = createIAMGroup.createIAMGroupCmd()
+ cmd.name = iam_grp['name']
+ cmd.description = iam_grp['description']
+ if account:
+ cmd.account = account
+ if domainid:
+ cmd.domainid = domainid
+ return IAMGroup(apiclient.createIAMGroup(cmd).__dict__)
+
+ def update(self, apiclient):
+ pass
+
+ def delete(self, apiclient):
+ cmd = deleteIAMGroup.deleteIAMGroupCmd()
+ cmd.id = self.id
+ return apiclient.deleteIAMGroup(cmd)
+
+ @classmethod
+ def list(cls, apiclient, **kwargs):
+ cmd = listIAMGroups.listIAMGroupsCmd()
+ [setattr(cmd, k, v) for k, v in kwargs.items()]
+ return apiclient.listIAMGroupsCmd(cmd)
+
+ def addAccount(self, apiclient, accts):
+ """Add accounts to iam group"""
+ cmd = addAccountToIAMGroup.addAccountToIAMGroupCmd()
+ cmd.id = self.id
+ cmd.accounts = [str(acct.id) for acct in accts]
+ apiclient.addAccountToIAMGroup(cmd)
+ return
+
+ def removeAccount(self, apiclient, accts):
+ """ Remove accounts from iam group"""
+ cmd = removeAccountFromIAMGroup.removeAccountFromIAMGroupCmd()
+ cmd.id = self.id
+ cmd.accounts = [str(acct.id) for acct in accts]
+ apiclient.removeAccountFromIAMGroup(cmd)
+ return
+
+ def attachPolicy(self, apiclient, policies):
+ """Add policies to iam group"""
+ cmd = attachIAMPolicyToIAMGroup.attachIAMPolicyToIAMGroupCmd()
+ cmd.id = self.id
+ cmd.policies = [str(policy.id) for policy in policies]
+ apiclient.attachIAMPolicyToIAMGroup(cmd)
+ return
+
+ def detachPolicy(self, apiclient, policies):
+ """Remove policies from iam group"""
+ cmd = removeIAMPolicyFromIAMGroup.removeIAMPolicyFromIAMGroupCmd()
+ cmd.id = self.id
+ cmd.policies = [str(policy.id) for policy in policies]
+ apiclient.removeIAMPolicyFromIAMGroup(cmd)
+ return
+
+class IAMPolicy:
+ def __init__(self, items):
+ self.__dict__.update(items)
+
+ @classmethod
+ def create(cls, apiclient, iam_policy, account=None, domainid=None):
+ cmd = createIAMPolicy.createIAMPolicyCmd()
+ cmd.name = iam_policy['name']
+ cmd.description = iam_policy['description']
+ if account:
+ cmd.account = account
+ if domainid:
+ cmd.domainid = domainid
+ return IAMPolicy(apiclient.createIAMPolicy(cmd).__dict__)
+
+ def update(self, apiclient):
+ pass
+
+ def delete(self, apiclient):
+ cmd = deleteIAMPolicy.deleteIAMPolicyCmd()
+ cmd.id = self.id
+ return apiclient.deleteIAMPolicy(cmd)
+
+ @classmethod
+ def list(cls, apiclient, **kwargs):
+ cmd = listIAMPolicies.listIAMPoliciesCmd()
+ [setattr(cmd, k, v) for k, v in kwargs.items()]
+ return apiclient.listIAMPoliciesCmd(cmd)
+
+ def addPermission(self, apiclient, permission):
+ """Add permission to iam policy"""
+ cmd = addIAMPermissionToIAMPolicy.addIAMPermissionToIAMPolicyCmd()
+ cmd.id = self.id
+ cmd.action = permission['action']
+ cmd.entitytype = permission['entitytype']
+ cmd.scope = permission['scope']
+ cmd.scopeid = permission['scopeid']
+ apiclient.addIAMPermissionToIAMPolicy(cmd)
+ return
+
+ def removePermission(self, apiclient, permission):
+ """Remove permission from iam policy"""
+ cmd = removeIAMPermissionFromIAMPolicy.removeIAMPermissionFromIAMPolicyCmd()
+ cmd.id = self.id
+ cmd.action = permission['action']
+ cmd.entitytype = permission['entitytype']
+ cmd.scope = permission['scope']
+ cmd.scopeid = permission['scopeid']
+ apiclient.removeIAMPermissionFromIAMPolicy(cmd)
+ return
+
+ def attachAccount(self, apiclient, accts):
+ """Attach iam policy to accounts"""
+ cmd = attachIAMPolicyToAccount.attachIAMPolicyToAccountCmd()
+ cmd.id = self.id
+ cmd.accounts = [str(acct.id) for acct in accts]
+ apiclient.attachIAMPolicyToAccount(cmd)
+ return
+
+ def detachAccount(self, apiclient, accts):
+ """Detach iam policy from accounts"""
+ cmd = removeIAMPolicyFromAccount.removeIAMPolicyFromAccountCmd()
+ cmd.id = self.id
+ cmd.accounts = [str(acct.id) for acct in accts]
+ apiclient.removeIAMPolicyFromAccount(cmd)
- return
++ return
[23/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Pass UUID for scopeId in addIAMPermissionToIAMPolicyCmd and
removeIAMPermissionFromIAMPolicyCmd.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7e4c3b0e
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7e4c3b0e
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7e4c3b0e
Branch: refs/heads/master
Commit: 7e4c3b0e92e32d9c3221fcac4b74efd9a0b7fd29
Parents: ae9be65
Author: Min Chen <mi...@citrix.com>
Authored: Sun Mar 2 15:56:02 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Sun Mar 2 15:56:02 2014 -0800
----------------------------------------------------------------------
.../iam/AddIAMPermissionToIAMPolicyCmd.java | 15 ++-
.../RemoveIAMPermissionFromIAMPolicyCmd.java | 11 +-
.../apache/cloudstack/iam/IAMApiService.java | 3 +
.../cloudstack/iam/IAMApiServiceImpl.java | 110 +++++++++++++++++++
.../cloudstack/iam/test/IAMApiServiceTest.java | 10 +-
5 files changed, 136 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7e4c3b0e/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
index 86afd10..a66390a 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
@@ -21,7 +21,6 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -32,6 +31,7 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
@@ -39,6 +39,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
+import com.cloud.utils.db.EntityManager;
@APICommand(name = "addIAMPermissionToIAMPolicy", description = "Add IAM permission to an iam policy", responseObject = IAMPolicyResponse.class)
@@ -48,6 +49,8 @@ public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
@Inject
public IAMApiService _iamApiSrv;
+ @Inject
+ public EntityManager _entityMgr;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@@ -69,8 +72,8 @@ public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
required = false, description = "iam permission scope")
private String scope;
- @Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
+ @Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.UUID, required = false, description = "The UUID of the permission scope id")
+ private String scopeId;
/////////////////////////////////////////////////////
@@ -96,10 +99,10 @@ public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
}
public Long getScopeId() {
- return scopeId;
+ // here we will convert the passed String UUID to Long ID since internally we store it as entity internal ID.
+ return _iamApiSrv.getPermissionScopeId(scope, entityType, scopeId);
}
-
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@@ -123,7 +126,7 @@ public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
CallContext.current().setEventDetails("IAM policy Id: " + getId());
// Only explicit ALLOW is supported for this release, no explicit deny
IAMPolicy result = _iamApiSrv.addIAMPermissionToIAMPolicy(id, entityType, PermissionScope.valueOf(scope),
- scopeId, action, Permission.Allow, false);
+ getScopeId(), action, Permission.Allow, false);
if (result != null) {
IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(result);
response.setResponseName(getCommandName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7e4c3b0e/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java
index db04ef7..bf065a0 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java
@@ -21,7 +21,6 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -32,6 +31,7 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.iam.api.IAMPolicy;
import com.cloud.event.EventTypes;
@@ -68,8 +68,8 @@ public class RemoveIAMPermissionFromIAMPolicyCmd extends BaseAsyncCmd {
required = false, description = "iam permission scope")
private String scope;
- @Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
+ @Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.STRING, required = false, description = "The ID of the permission scope id")
+ private String scopeId;
/////////////////////////////////////////////////////
@@ -95,7 +95,8 @@ public class RemoveIAMPermissionFromIAMPolicyCmd extends BaseAsyncCmd {
}
public Long getScopeId() {
- return scopeId;
+ // here we will convert the passed String UUID to Long ID since internally we store it as entity internal ID.
+ return _iamApiSrv.getPermissionScopeId(scope, entityType, scopeId);
}
@@ -119,7 +120,7 @@ public class RemoveIAMPermissionFromIAMPolicyCmd extends BaseAsyncCmd {
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("IAM policy Id: " + getId());
- IAMPolicy result = _iamApiSrv.removeIAMPermissionFromIAMPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
+ IAMPolicy result = _iamApiSrv.removeIAMPermissionFromIAMPolicy(id, entityType, PermissionScope.valueOf(scope), getScopeId(), action);
if (result != null) {
IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(result);
response.setResponseName(getCommandName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7e4c3b0e/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
index b9e680a..bb8f03b 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
@@ -81,4 +81,7 @@ public interface IAMApiService extends PluggableService {
ListResponse<IAMPolicyResponse> listIAMPolicies(Long iamPolicyId, String iamPolicyName,
Long domainId, Long startIndex, Long pageSize);
+
+ // Convert passed scope uuid to internal scope long id
+ Long getPermissionScopeId(String scope, String entityType, String scopeId);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7e4c3b0e/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index 393fe0e..945f48e 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -31,8 +31,10 @@ import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.affinity.AffinityGroupVO;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.InternalIdentity;
import org.apache.cloudstack.api.command.iam.AddAccountToIAMGroupCmd;
import org.apache.cloudstack.api.command.iam.AddIAMPermissionToIAMPolicyCmd;
import org.apache.cloudstack.api.command.iam.AttachIAMPolicyToAccountCmd;
@@ -52,6 +54,7 @@ import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMPermissionResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.jobs.impl.AsyncJobVO;
import org.apache.cloudstack.framework.messagebus.MessageBus;
import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
import org.apache.cloudstack.iam.api.IAMGroup;
@@ -59,6 +62,9 @@ import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMService;
+import org.apache.cloudstack.iam.server.IAMGroupVO;
+import org.apache.cloudstack.iam.server.IAMPolicyVO;
+import org.apache.cloudstack.region.gslb.GlobalLoadBalancerRuleVO;
import com.cloud.api.ApiServerService;
import com.cloud.domain.Domain;
@@ -66,18 +72,50 @@ import com.cloud.domain.DomainVO;
import com.cloud.domain.dao.DomainDao;
import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes;
+import com.cloud.event.EventVO;
import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.network.UserIpv6AddressVO;
+import com.cloud.network.VpnUserVO;
+import com.cloud.network.as.AutoScalePolicyVO;
+import com.cloud.network.as.AutoScaleVmGroupVO;
+import com.cloud.network.as.AutoScaleVmProfileVO;
+import com.cloud.network.as.ConditionVO;
+import com.cloud.network.dao.IPAddressVO;
+import com.cloud.network.dao.MonitoringServiceVO;
+import com.cloud.network.dao.NetworkVO;
+import com.cloud.network.dao.RemoteAccessVpnVO;
+import com.cloud.network.dao.Site2SiteCustomerGatewayVO;
+import com.cloud.network.dao.Site2SiteVpnConnectionVO;
+import com.cloud.network.dao.Site2SiteVpnGatewayVO;
+import com.cloud.network.dao.SslCertVO;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.network.rules.PortForwardingRuleVO;
+import com.cloud.network.security.SecurityGroupVO;
+import com.cloud.network.vpc.StaticRouteVO;
+import com.cloud.network.vpc.VpcGatewayVO;
+import com.cloud.network.vpc.VpcVO;
+import com.cloud.projects.ProjectInvitationVO;
+import com.cloud.storage.SnapshotVO;
+import com.cloud.storage.VMTemplateVO;
+import com.cloud.storage.VolumeVO;
+import com.cloud.tags.ResourceTagVO;
import com.cloud.template.TemplateManager;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
import com.cloud.user.AccountVO;
import com.cloud.user.DomainManager;
+import com.cloud.user.SSHKeyPairVO;
import com.cloud.user.dao.AccountDao;
import com.cloud.utils.Pair;
import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.EntityManager;
+import com.cloud.vm.InstanceGroupVO;
+import com.cloud.vm.UserVmVO;
+import com.cloud.vm.dao.NicIpAliasVO;
+import com.cloud.vm.dao.NicSecondaryIpVO;
+import com.cloud.vm.snapshot.VMSnapshotVO;
@Local(value = {IAMApiService.class})
public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Manager {
@@ -103,6 +141,53 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
@Inject
MessageBus _messageBus;
+ @Inject
+ EntityManager _entityMgr;
+
+ private static final Map<IAMEntityType, Class<?>> s_typeMap = new HashMap<IAMEntityType, Class<?>>();
+ static {
+ s_typeMap.put(IAMEntityType.VirtualMachine, UserVmVO.class);
+ s_typeMap.put(IAMEntityType.Volume, VolumeVO.class);
+ s_typeMap.put(IAMEntityType.ResourceTag, ResourceTagVO.class);
+ s_typeMap.put(IAMEntityType.Account, AccountVO.class);
+ s_typeMap.put(IAMEntityType.AffinityGroup, AffinityGroupVO.class);
+ s_typeMap.put(IAMEntityType.AutoScalePolicy, AutoScalePolicyVO.class);
+ s_typeMap.put(IAMEntityType.AutoScaleVmProfile, AutoScaleVmProfileVO.class);
+ s_typeMap.put(IAMEntityType.AutoScaleVmGroup, AutoScaleVmGroupVO.class);
+ s_typeMap.put(IAMEntityType.Condition, ConditionVO.class);
+ s_typeMap.put(IAMEntityType.Vpc, VpcVO.class);
+ s_typeMap.put(IAMEntityType.VpcGateway, VpcGatewayVO.class);
+ s_typeMap.put(IAMEntityType.PrivateGateway, RemoteAccessVpnVO.class);
+ s_typeMap.put(IAMEntityType.VpnUser, VpnUserVO.class);
+ s_typeMap.put(IAMEntityType.VMSnapshot, VMSnapshotVO.class);
+ s_typeMap.put(IAMEntityType.VirtualMachineTemplate, VMTemplateVO.class);
+ s_typeMap.put(IAMEntityType.UserIpv6Address, UserIpv6AddressVO.class);
+ s_typeMap.put(IAMEntityType.StaticRoute, StaticRouteVO.class);
+ s_typeMap.put(IAMEntityType.SSHKeyPair, SSHKeyPairVO.class);
+ s_typeMap.put(IAMEntityType.Snapshot, SnapshotVO.class);
+ s_typeMap.put(IAMEntityType.Site2SiteVpnGateway, Site2SiteVpnGatewayVO.class);
+ s_typeMap.put(IAMEntityType.Site2SiteCustomerGateway, Site2SiteCustomerGatewayVO.class);
+ s_typeMap.put(IAMEntityType.Site2SiteVpnConnection, Site2SiteVpnConnectionVO.class);
+ s_typeMap.put(IAMEntityType.SecurityGroup, SecurityGroupVO.class);
+ s_typeMap.put(IAMEntityType.RemoteAccessVpn, RemoteAccessVpnVO.class);
+ s_typeMap.put(IAMEntityType.PublicIpAddress, IPAddressVO.class);
+ s_typeMap.put(IAMEntityType.ProjectInvitation, ProjectInvitationVO.class);
+ s_typeMap.put(IAMEntityType.NicSecondaryIp, NicSecondaryIpVO.class);
+ s_typeMap.put(IAMEntityType.NicIpAlias, NicIpAliasVO.class);
+ s_typeMap.put(IAMEntityType.Network, NetworkVO.class);
+ s_typeMap.put(IAMEntityType.IpAddress, IPAddressVO.class);
+ s_typeMap.put(IAMEntityType.InstanceGroup, InstanceGroupVO.class);
+ s_typeMap.put(IAMEntityType.GlobalLoadBalancerRule, GlobalLoadBalancerRuleVO.class);
+ s_typeMap.put(IAMEntityType.FirewallRule, FirewallRuleVO.class);
+ s_typeMap.put(IAMEntityType.PortForwardingRule, PortForwardingRuleVO.class);
+ s_typeMap.put(IAMEntityType.Event, EventVO.class);
+ s_typeMap.put(IAMEntityType.AsyncJob, AsyncJobVO.class);
+ s_typeMap.put(IAMEntityType.AclGroup, IAMGroupVO.class);
+ s_typeMap.put(IAMEntityType.AclPolicy, IAMPolicyVO.class);
+ s_typeMap.put(IAMEntityType.MonitorService, MonitoringServiceVO.class);
+ s_typeMap.put(IAMEntityType.SSLCert, SslCertVO.class);
+ }
+
@Override
public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
_messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
@@ -669,6 +754,31 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
}
@Override
+ public Long getPermissionScopeId(String scope, String entityType, String scopeId) {
+ if (scopeId.equals("-1")) {
+ return -1L;
+ }
+ PermissionScope permScope = PermissionScope.valueOf(scope);
+ InternalIdentity entity = null;
+ switch (permScope) {
+ case DOMAIN:
+ entity = _domainDao.findByUuid(scopeId);
+ break;
+ case ACCOUNT:
+ entity = _accountDao.findByUuid(scopeId);
+ break;
+ case RESOURCE:
+ Class<?> clazz = s_typeMap.get(entityType);
+ entity = (InternalIdentity)_entityMgr.findByUuid(clazz, scopeId);
+ }
+
+ if (entity != null) {
+ return entity.getId();
+ }
+ throw new InvalidParameterValueException("Unable to find scopeId " + scopeId + " with scope " + scope + " and type " + entityType);
+ }
+
+ @Override
public List<Class<?>> getCommands() {
List<Class<?>> cmdList = new ArrayList<Class<?>>();
cmdList.add(CreateIAMPolicyCmd.class);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7e4c3b0e/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
index 4b376ce..dc5c168 100644
--- a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
+++ b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
@@ -37,8 +37,6 @@ import org.springframework.test.context.support.AnnotationConfigContextLoader;
import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.iam.IAMApiServiceImpl;
-import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.command.user.vm.ListVMsCmd;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
@@ -46,6 +44,8 @@ import org.apache.cloudstack.api.response.iam.IAMPermissionResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.framework.messagebus.MessageBus;
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.iam.IAMApiServiceImpl;
import org.apache.cloudstack.iam.api.IAMGroup;
import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMPolicyPermission;
@@ -67,6 +67,7 @@ import com.cloud.user.UserVO;
import com.cloud.user.dao.AccountDao;
import com.cloud.utils.Pair;
import com.cloud.utils.component.ComponentContext;
+import com.cloud.utils.db.EntityManager;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(loader = AnnotationConfigContextLoader.class)
@@ -347,6 +348,11 @@ public class IAMApiServiceTest {
}
@Bean
+ public EntityManager entityMgr() {
+ return Mockito.mock(EntityManager.class);
+ }
+
+ @Bean
public ApiServerService apiServerService() {
return Mockito.mock(ApiServerService.class);
}
[36/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Merge branch 'master' into rbac.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/48e08fe6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/48e08fe6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/48e08fe6
Branch: refs/heads/master
Commit: 48e08fe676c40c968bccc417efe393ef254b4478
Parents: 695d689 63e3eea
Author: Min Chen <mi...@citrix.com>
Authored: Thu Mar 6 14:02:20 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Thu Mar 6 14:02:20 2014 -0800
----------------------------------------------------------------------
.../SYSCONFDIR/rc.d/init.d/cloud-agent.in | 8 +-
.../SYSCONFDIR/rc.d/init.d/cloud-agent.in | 8 +-
.../sles/SYSCONFDIR/init.d/cloud-agent.in | 8 +-
.../rhel/SYSCONFDIR/rc.d/init.d/cloud-agent.in | 8 +-
.../sles/SYSCONFDIR/init.d/cloud-agent.in | 8 +-
api/src/com/cloud/event/EventTypes.java | 1 +
api/src/com/cloud/network/IpAddress.java | 2 +
api/src/com/cloud/network/NetworkService.java | 4 +-
api/src/com/cloud/network/RemoteAccessVpn.java | 2 +
.../cloud/network/Site2SiteVpnConnection.java | 2 +
.../com/cloud/network/Site2SiteVpnGateway.java | 5 +-
.../com/cloud/network/as/AutoScaleVmGroup.java | 2 +
.../cloud/network/as/AutoScaleVmProfile.java | 2 +
.../cloud/network/firewall/FirewallService.java | 2 +-
.../network/lb/LoadBalancingRulesService.java | 5 +-
.../com/cloud/network/rules/FirewallRule.java | 2 +
.../com/cloud/network/rules/RulesService.java | 5 +-
api/src/com/cloud/network/vpc/NetworkACL.java | 2 +
.../com/cloud/network/vpc/NetworkACLItem.java | 2 +
.../cloud/network/vpc/NetworkACLService.java | 8 +-
.../cloud/network/vpc/StaticRouteProfile.java | 1 -
api/src/com/cloud/network/vpc/Vpc.java | 1 +
api/src/com/cloud/network/vpc/VpcService.java | 9 +-
.../network/vpn/RemoteAccessVpnService.java | 4 +-
.../cloud/network/vpn/Site2SiteVpnService.java | 4 +-
api/src/com/cloud/serializer/Param.java | 4 +
api/src/com/cloud/server/ManagementService.java | 4 +-
.../cloud/server/ResourceMetaDataService.java | 3 +-
api/src/com/cloud/storage/Storage.java | 3 +-
api/src/com/cloud/storage/Volume.java | 2 +
api/src/com/cloud/storage/VolumeApiService.java | 2 +-
api/src/com/cloud/uservm/UserVm.java | 1 +
api/src/com/cloud/vm/VirtualMachine.java | 5 +-
.../apache/cloudstack/acl/SecurityChecker.java | 1 +
.../org/apache/cloudstack/api/APICommand.java | 6 +-
.../org/apache/cloudstack/api/ApiConstants.java | 2 +
.../org/apache/cloudstack/api/BaseAsyncCmd.java | 6 +-
api/src/org/apache/cloudstack/api/BaseCmd.java | 8 +
.../api/BaseListAccountResourcesCmd.java | 12 +
.../command/admin/account/CreateAccountCmd.java | 4 +-
.../command/admin/account/DeleteAccountCmd.java | 5 +-
.../admin/account/DisableAccountCmd.java | 3 +-
.../command/admin/account/EnableAccountCmd.java | 3 +-
.../command/admin/account/LockAccountCmd.java | 3 +-
.../command/admin/account/UpdateAccountCmd.java | 3 +-
.../command/admin/alert/GenerateAlertCmd.java | 3 +-
.../admin/autoscale/CreateCounterCmd.java | 3 +-
.../admin/autoscale/DeleteCounterCmd.java | 3 +-
.../command/admin/cluster/AddClusterCmd.java | 3 +-
.../command/admin/cluster/DeleteClusterCmd.java | 3 +-
.../command/admin/cluster/ListClustersCmd.java | 3 +-
.../command/admin/cluster/UpdateClusterCmd.java | 3 +-
.../api/command/admin/config/ListCfgsByCmd.java | 3 +-
.../admin/config/ListDeploymentPlannersCmd.java | 3 +-
.../config/ListHypervisorCapabilitiesCmd.java | 4 +-
.../api/command/admin/config/UpdateCfgCmd.java | 3 +-
.../config/UpdateHypervisorCapabilitiesCmd.java | 4 +-
.../command/admin/domain/CreateDomainCmd.java | 3 +-
.../command/admin/domain/DeleteDomainCmd.java | 3 +-
.../admin/domain/ListDomainChildrenCmd.java | 3 +-
.../command/admin/domain/ListDomainsCmd.java | 3 +-
.../command/admin/domain/UpdateDomainCmd.java | 3 +-
.../api/command/admin/host/AddHostCmd.java | 3 +-
.../admin/host/AddSecondaryStorageCmd.java | 3 +-
.../admin/host/CancelMaintenanceCmd.java | 3 +-
.../api/command/admin/host/DeleteHostCmd.java | 3 +-
.../admin/host/FindHostsForMigrationCmd.java | 3 +-
.../api/command/admin/host/ListHostsCmd.java | 3 +-
.../admin/host/PrepareForMaintenanceCmd.java | 3 +-
.../command/admin/host/ReconnectHostCmd.java | 3 +-
.../admin/host/ReleaseHostReservationCmd.java | 3 +-
.../api/command/admin/host/UpdateHostCmd.java | 3 +-
.../admin/host/UpdateHostPasswordCmd.java | 3 +-
...ConfigureInternalLoadBalancerElementCmd.java | 4 +-
.../CreateInternalLoadBalancerElementCmd.java | 4 +-
.../admin/internallb/ListInternalLBVMsCmd.java | 5 +-
.../ListInternalLoadBalancerElementsCmd.java | 4 +-
.../admin/internallb/StartInternalLBVMCmd.java | 5 +-
.../admin/internallb/StopInternalLBVMCmd.java | 5 +-
.../admin/network/AddNetworkDeviceCmd.java | 3 +-
.../network/AddNetworkServiceProviderCmd.java | 4 +-
.../admin/network/CreateNetworkOfferingCmd.java | 3 +-
.../admin/network/CreatePhysicalNetworkCmd.java | 3 +-
.../network/CreateStorageNetworkIpRangeCmd.java | 4 +-
.../network/DedicateGuestVlanRangeCmd.java | 3 +-
.../admin/network/DeleteNetworkDeviceCmd.java | 3 +-
.../admin/network/DeleteNetworkOfferingCmd.java | 3 +-
.../DeleteNetworkServiceProviderCmd.java | 3 +-
.../admin/network/DeletePhysicalNetworkCmd.java | 3 +-
.../network/DeleteStorageNetworkIpRangeCmd.java | 3 +-
.../ListDedicatedGuestVlanRangesCmd.java | 3 +-
.../admin/network/ListNetworkDeviceCmd.java | 3 +-
.../network/ListNetworkIsolationMethodsCmd.java | 4 +-
.../network/ListNetworkServiceProvidersCmd.java | 4 +-
.../admin/network/ListPhysicalNetworksCmd.java | 3 +-
.../network/ListStorageNetworkIpRangeCmd.java | 3 +-
.../ListSupportedNetworkServicesCmd.java | 4 +-
.../ReleaseDedicatedGuestVlanRangeCmd.java | 3 +-
.../admin/network/UpdateNetworkOfferingCmd.java | 3 +-
.../UpdateNetworkServiceProviderCmd.java | 4 +-
.../admin/network/UpdatePhysicalNetworkCmd.java | 3 +-
.../network/UpdateStorageNetworkIpRangeCmd.java | 4 +-
.../admin/offering/CreateDiskOfferingCmd.java | 3 +-
.../offering/CreateServiceOfferingCmd.java | 3 +-
.../admin/offering/DeleteDiskOfferingCmd.java | 3 +-
.../offering/DeleteServiceOfferingCmd.java | 3 +-
.../admin/offering/UpdateDiskOfferingCmd.java | 3 +-
.../offering/UpdateServiceOfferingCmd.java | 3 +-
.../api/command/admin/pod/CreatePodCmd.java | 3 +-
.../api/command/admin/pod/DeletePodCmd.java | 3 +-
.../api/command/admin/pod/ListPodsByCmd.java | 3 +-
.../api/command/admin/pod/UpdatePodCmd.java | 3 +-
.../api/command/admin/region/AddRegionCmd.java | 3 +-
.../admin/region/CreatePortableIpRangeCmd.java | 4 +-
.../admin/region/DeletePortableIpRangeCmd.java | 3 +-
.../admin/region/ListPortableIpRangesCmd.java | 3 +-
.../command/admin/region/RemoveRegionCmd.java | 3 +-
.../command/admin/region/UpdateRegionCmd.java | 3 +-
.../admin/resource/ArchiveAlertsCmd.java | 3 +-
.../admin/resource/CleanVMReservationsCmd.java | 3 +-
.../command/admin/resource/DeleteAlertsCmd.java | 3 +-
.../command/admin/resource/ListAlertsCmd.java | 3 +-
.../command/admin/resource/ListCapacityCmd.java | 3 +-
.../resource/UploadCustomCertificateCmd.java | 3 +-
.../admin/router/ConfigureOvsElementCmd.java | 3 +-
.../ConfigureVirtualRouterElementCmd.java | 3 +-
.../router/CreateVirtualRouterElementCmd.java | 3 +-
.../command/admin/router/DestroyRouterCmd.java | 5 +-
.../admin/router/ListOvsElementsCmd.java | 3 +-
.../command/admin/router/ListRoutersCmd.java | 5 +-
.../router/ListVirtualRouterElementsCmd.java | 3 +-
.../command/admin/router/RebootRouterCmd.java | 7 +-
.../command/admin/router/StartRouterCmd.java | 5 +-
.../api/command/admin/router/StopRouterCmd.java | 5 +-
.../command/admin/router/UpgradeRouterCmd.java | 5 +-
.../admin/router/UpgradeRouterTemplateCmd.java | 3 +-
.../command/admin/storage/AddImageStoreCmd.java | 3 +-
.../api/command/admin/storage/AddS3Cmd.java | 3 +-
.../CancelPrimaryStorageMaintenanceCmd.java | 3 +-
.../storage/CreateSecondaryStagingStoreCmd.java | 3 +-
.../admin/storage/CreateStoragePoolCmd.java | 3 +-
.../admin/storage/DeleteImageStoreCmd.java | 3 +-
.../command/admin/storage/DeletePoolCmd.java | 3 +-
.../storage/DeleteSecondaryStagingStoreCmd.java | 3 +-
.../FindStoragePoolsForMigrationCmd.java | 3 +-
.../admin/storage/ListImageStoresCmd.java | 3 +-
.../api/command/admin/storage/ListS3sCmd.java | 3 +-
.../storage/ListSecondaryStagingStoresCmd.java | 3 +-
.../admin/storage/ListStoragePoolsCmd.java | 3 +-
.../admin/storage/ListStorageProvidersCmd.java | 3 +-
.../PreparePrimaryStorageForMaintenanceCmd.java | 3 +-
.../storage/UpdateCloudToUseObjectStoreCmd.java | 3 +-
.../admin/storage/UpdateStoragePoolCmd.java | 3 +-
.../api/command/admin/swift/AddSwiftCmd.java | 3 +-
.../api/command/admin/swift/ListSwiftsCmd.java | 3 +-
.../admin/systemvm/DestroySystemVmCmd.java | 5 +-
.../admin/systemvm/ListSystemVMsCmd.java | 5 +-
.../admin/systemvm/MigrateSystemVMCmd.java | 5 +-
.../admin/systemvm/RebootSystemVmCmd.java | 5 +-
.../admin/systemvm/ScaleSystemVMCmd.java | 6 +-
.../admin/systemvm/StartSystemVMCmd.java | 5 +-
.../command/admin/systemvm/StopSystemVmCmd.java | 5 +-
.../admin/systemvm/UpgradeSystemVMCmd.java | 6 +-
.../admin/template/PrepareTemplateCmd.java | 3 +-
.../admin/usage/AddTrafficMonitorCmd.java | 3 +-
.../command/admin/usage/AddTrafficTypeCmd.java | 3 +-
.../admin/usage/DeleteTrafficMonitorCmd.java | 3 +-
.../admin/usage/DeleteTrafficTypeCmd.java | 3 +-
.../admin/usage/GenerateUsageRecordsCmd.java | 4 +-
.../command/admin/usage/GetUsageRecordsCmd.java | 3 +-
.../admin/usage/ListTrafficMonitorsCmd.java | 3 +-
.../usage/ListTrafficTypeImplementorsCmd.java | 4 +-
.../admin/usage/ListTrafficTypesCmd.java | 3 +-
.../command/admin/usage/ListUsageTypesCmd.java | 3 +-
.../admin/usage/UpdateTrafficTypeCmd.java | 3 +-
.../api/command/admin/user/CreateUserCmd.java | 3 +-
.../api/command/admin/user/DeleteUserCmd.java | 3 +-
.../api/command/admin/user/DisableUserCmd.java | 3 +-
.../api/command/admin/user/EnableUserCmd.java | 3 +-
.../api/command/admin/user/GetUserCmd.java | 3 +-
.../api/command/admin/user/ListUsersCmd.java | 3 +-
.../api/command/admin/user/LockUserCmd.java | 3 +-
.../api/command/admin/user/RegisterCmd.java | 3 +-
.../api/command/admin/user/UpdateUserCmd.java | 3 +-
.../admin/vlan/CreateVlanIpRangeCmd.java | 3 +-
.../admin/vlan/DedicatePublicIpRangeCmd.java | 3 +-
.../admin/vlan/DeleteVlanIpRangeCmd.java | 3 +-
.../command/admin/vlan/ListVlanIpRangesCmd.java | 3 +-
.../admin/vlan/ReleasePublicIpRangeCmd.java | 3 +-
.../api/command/admin/vm/AssignVMCmd.java | 4 +-
.../api/command/admin/vm/ExpungeVMCmd.java | 5 +-
.../api/command/admin/vm/GetVMUserDataCmd.java | 3 +-
.../api/command/admin/vm/MigrateVMCmd.java | 4 +-
.../vm/MigrateVirtualMachineWithVolumeCmd.java | 4 +-
.../api/command/admin/vm/RecoverVMCmd.java | 3 +-
.../admin/volume/UpdateVolumeCmdByAdmin.java | 3 +-
.../admin/vpc/CreatePrivateGatewayCmd.java | 3 +-
.../command/admin/vpc/CreateVPCOfferingCmd.java | 3 +-
.../admin/vpc/DeletePrivateGatewayCmd.java | 5 +-
.../command/admin/vpc/DeleteVPCOfferingCmd.java | 3 +-
.../command/admin/vpc/ListVPCsCmdByAdmin.java | 8 +-
.../command/admin/vpc/UpdateVPCCmdByAdmin.java | 2 +-
.../command/admin/vpc/UpdateVPCOfferingCmd.java | 3 +-
.../api/command/admin/zone/CreateZoneCmd.java | 3 +-
.../api/command/admin/zone/DeleteZoneCmd.java | 3 +-
.../zone/MarkDefaultZoneForAccountCmd.java | 3 +-
.../api/command/admin/zone/UpdateZoneCmd.java | 3 +-
.../user/account/AddAccountToProjectCmd.java | 3 +-
.../account/DeleteAccountFromProjectCmd.java | 3 +-
.../command/user/account/ListAccountsCmd.java | 3 +-
.../user/account/ListProjectAccountsCmd.java | 3 +-
.../user/address/AssociateIPAddrCmd.java | 13 +-
.../user/address/DisassociateIPAddrCmd.java | 3 +-
.../user/address/ListPublicIpAddressesCmd.java | 15 +-
.../command/user/address/UpdateIPAddrCmd.java | 14 +-
.../affinitygroup/CreateAffinityGroupCmd.java | 5 +-
.../affinitygroup/DeleteAffinityGroupCmd.java | 5 +-
.../ListAffinityGroupTypesCmd.java | 3 +-
.../affinitygroup/ListAffinityGroupsCmd.java | 10 +-
.../affinitygroup/UpdateVMAffinityGroupCmd.java | 10 +-
.../autoscale/CreateAutoScalePolicyCmd.java | 10 +-
.../autoscale/CreateAutoScaleVmGroupCmd.java | 16 +-
.../autoscale/CreateAutoScaleVmProfileCmd.java | 18 +-
.../user/autoscale/CreateConditionCmd.java | 9 +-
.../autoscale/DeleteAutoScalePolicyCmd.java | 5 +-
.../autoscale/DeleteAutoScaleVmGroupCmd.java | 5 +-
.../autoscale/DeleteAutoScaleVmProfileCmd.java | 5 +-
.../user/autoscale/DeleteConditionCmd.java | 5 +-
.../autoscale/DisableAutoScaleVmGroupCmd.java | 5 +-
.../autoscale/EnableAutoScaleVmGroupCmd.java | 5 +-
.../autoscale/ListAutoScalePoliciesCmd.java | 5 +-
.../autoscale/ListAutoScaleVmGroupsCmd.java | 17 +-
.../autoscale/ListAutoScaleVmProfilesCmd.java | 22 +-
.../user/autoscale/ListConditionsCmd.java | 3 +-
.../command/user/autoscale/ListCountersCmd.java | 3 +-
.../autoscale/UpdateAutoScalePolicyCmd.java | 5 +-
.../autoscale/UpdateAutoScaleVmGroupCmd.java | 11 +-
.../autoscale/UpdateAutoScaleVmProfileCmd.java | 11 +-
.../user/config/ListCapabilitiesCmd.java | 3 +-
.../command/user/event/ArchiveEventsCmd.java | 5 +-
.../api/command/user/event/DeleteEventsCmd.java | 5 +-
.../command/user/event/ListEventTypesCmd.java | 3 +-
.../api/command/user/event/ListEventsCmd.java | 5 +-
.../firewall/CreateEgressFirewallRuleCmd.java | 18 +-
.../user/firewall/CreateFirewallRuleCmd.java | 17 +-
.../firewall/CreatePortForwardingRuleCmd.java | 21 +-
.../firewall/DeleteEgressFirewallRuleCmd.java | 5 +-
.../user/firewall/DeleteFirewallRuleCmd.java | 5 +-
.../firewall/DeletePortForwardingRuleCmd.java | 3 +-
.../firewall/ListEgressFirewallRulesCmd.java | 5 +-
.../user/firewall/ListFirewallRulesCmd.java | 17 +-
.../firewall/ListPortForwardingRulesCmd.java | 17 +-
.../firewall/UpdateEgressFirewallRuleCmd.java | 13 +-
.../user/firewall/UpdateFirewallRuleCmd.java | 13 +-
.../firewall/UpdatePortForwardingRuleCmd.java | 13 +-
.../user/guest/ListGuestOsCategoriesCmd.java | 3 +-
.../api/command/user/guest/ListGuestOsCmd.java | 3 +-
.../api/command/user/iso/AttachIsoCmd.java | 3 +-
.../api/command/user/iso/CopyIsoCmd.java | 3 +-
.../api/command/user/iso/DeleteIsoCmd.java | 3 +-
.../api/command/user/iso/DetachIsoCmd.java | 3 +-
.../api/command/user/iso/ExtractIsoCmd.java | 3 +-
.../command/user/iso/ListIsoPermissionsCmd.java | 4 +-
.../api/command/user/iso/ListIsosCmd.java | 3 +-
.../api/command/user/iso/RegisterIsoCmd.java | 3 +-
.../api/command/user/iso/UpdateIsoCmd.java | 3 +-
.../user/iso/UpdateIsoPermissionsCmd.java | 3 +-
.../api/command/user/job/ListAsyncJobsCmd.java | 3 +-
.../user/job/QueryAsyncJobResultCmd.java | 3 +-
.../AssignCertToLoadBalancerCmd.java | 3 +-
.../AssignToLoadBalancerRuleCmd.java | 4 +-
.../CreateApplicationLoadBalancerCmd.java | 15 +-
.../CreateLBHealthCheckPolicyCmd.java | 4 +-
.../CreateLBStickinessPolicyCmd.java | 3 +-
.../loadbalancer/CreateLoadBalancerRuleCmd.java | 16 +-
.../DeleteApplicationLoadBalancerCmd.java | 3 +-
.../DeleteLBHealthCheckPolicyCmd.java | 3 +-
.../DeleteLBStickinessPolicyCmd.java | 3 +-
.../loadbalancer/DeleteLoadBalancerRuleCmd.java | 3 +-
.../user/loadbalancer/DeleteSslCertCmd.java | 3 +-
.../ListApplicationLoadBalancersCmd.java | 18 +-
.../ListLBHealthCheckPoliciesCmd.java | 3 +-
.../ListLBStickinessPoliciesCmd.java | 3 +-
.../ListLoadBalancerRuleInstancesCmd.java | 4 +-
.../loadbalancer/ListLoadBalancerRulesCmd.java | 3 +-
.../user/loadbalancer/ListSslCertsCmd.java | 3 +-
.../RemoveCertFromLoadBalancerCmd.java | 3 +-
.../RemoveFromLoadBalancerRuleCmd.java | 4 +-
.../UpdateApplicationLoadBalancerCmd.java | 13 +-
.../loadbalancer/UpdateLoadBalancerRuleCmd.java | 11 +-
.../user/loadbalancer/UploadSslCertCmd.java | 3 +-
.../user/nat/CreateIpForwardingRuleCmd.java | 8 +-
.../user/nat/DeleteIpForwardingRuleCmd.java | 3 +-
.../command/user/nat/DisableStaticNatCmd.java | 3 +-
.../command/user/nat/EnableStaticNatCmd.java | 3 +-
.../user/nat/ListIpForwardingRulesCmd.java | 3 +-
.../user/network/CreateNetworkACLCmd.java | 16 +-
.../user/network/CreateNetworkACLListCmd.java | 16 +-
.../command/user/network/CreateNetworkCmd.java | 6 +-
.../user/network/DeleteNetworkACLCmd.java | 3 +-
.../user/network/DeleteNetworkACLListCmd.java | 3 +-
.../command/user/network/DeleteNetworkCmd.java | 5 +-
.../user/network/ListNetworkACLListsCmd.java | 17 +-
.../user/network/ListNetworkACLsCmd.java | 18 +-
.../user/network/ListNetworkOfferingsCmd.java | 3 +-
.../command/user/network/ListNetworksCmd.java | 14 +-
.../user/network/ReplaceNetworkACLListCmd.java | 3 +-
.../command/user/network/RestartNetworkCmd.java | 6 +-
.../user/network/UpdateNetworkACLItemCmd.java | 12 +-
.../user/network/UpdateNetworkACLListCmd.java | 13 +-
.../command/user/network/UpdateNetworkCmd.java | 6 +-
.../user/offering/ListDiskOfferingsCmd.java | 3 +-
.../user/offering/ListServiceOfferingsCmd.java | 3 +-
.../user/project/ActivateProjectCmd.java | 3 +-
.../command/user/project/CreateProjectCmd.java | 3 +-
.../command/user/project/DeleteProjectCmd.java | 3 +-
.../project/DeleteProjectInvitationCmd.java | 3 +-
.../user/project/ListProjectInvitationsCmd.java | 4 +-
.../command/user/project/ListProjectsCmd.java | 4 +-
.../command/user/project/SuspendProjectCmd.java | 3 +-
.../command/user/project/UpdateProjectCmd.java | 3 +-
.../project/UpdateProjectInvitationCmd.java | 3 +-
.../api/command/user/region/ListRegionsCmd.java | 3 +-
.../gslb/AssignToGlobalLoadBalancerRuleCmd.java | 4 +-
.../gslb/CreateGlobalLoadBalancerRuleCmd.java | 3 +-
.../gslb/DeleteGlobalLoadBalancerRuleCmd.java | 3 +-
.../ha/gslb/ListGlobalLoadBalancerRuleCmd.java | 3 +-
.../RemoveFromGlobalLoadBalancerRuleCmd.java | 4 +-
.../gslb/UpdateGlobalLoadBalancerRuleCmd.java | 3 +-
.../user/resource/GetCloudIdentifierCmd.java | 3 +-
.../user/resource/ListHypervisorsCmd.java | 3 +-
.../user/resource/ListResourceLimitsCmd.java | 3 +-
.../user/resource/UpdateResourceCountCmd.java | 3 +-
.../user/resource/UpdateResourceLimitCmd.java | 3 +-
.../AuthorizeSecurityGroupEgressCmd.java | 4 +-
.../AuthorizeSecurityGroupIngressCmd.java | 4 +-
.../securitygroup/CreateSecurityGroupCmd.java | 3 +-
.../securitygroup/DeleteSecurityGroupCmd.java | 3 +-
.../securitygroup/ListSecurityGroupsCmd.java | 5 +-
.../RevokeSecurityGroupEgressCmd.java | 4 +-
.../RevokeSecurityGroupIngressCmd.java | 3 +-
.../user/snapshot/CreateSnapshotCmd.java | 3 +-
.../user/snapshot/CreateSnapshotPolicyCmd.java | 3 +-
.../user/snapshot/DeleteSnapshotCmd.java | 3 +-
.../snapshot/DeleteSnapshotPoliciesCmd.java | 3 +-
.../user/snapshot/ListSnapshotPoliciesCmd.java | 3 +-
.../command/user/snapshot/ListSnapshotsCmd.java | 3 +-
.../user/snapshot/RevertSnapshotCmd.java | 3 +-
.../command/user/ssh/CreateSSHKeyPairCmd.java | 5 +-
.../command/user/ssh/DeleteSSHKeyPairCmd.java | 5 +-
.../command/user/ssh/ListSSHKeyPairsCmd.java | 5 +-
.../command/user/ssh/RegisterSSHKeyPairCmd.java | 5 +-
.../api/command/user/tag/CreateTagsCmd.java | 5 +-
.../api/command/user/tag/DeleteTagsCmd.java | 5 +-
.../api/command/user/tag/ListTagsCmd.java | 5 +-
.../command/user/template/CopyTemplateCmd.java | 3 +-
.../user/template/CreateTemplateCmd.java | 5 +-
.../user/template/DeleteTemplateCmd.java | 3 +-
.../user/template/ExtractTemplateCmd.java | 3 +-
.../template/ListTemplatePermissionsCmd.java | 4 +-
.../command/user/template/ListTemplatesCmd.java | 3 +-
.../user/template/RegisterTemplateCmd.java | 3 +-
.../user/template/UpdateTemplateCmd.java | 3 +-
.../template/UpdateTemplatePermissionsCmd.java | 3 +-
.../api/command/user/vm/AddIpToVmNicCmd.java | 3 +-
.../api/command/user/vm/AddNicToVMCmd.java | 3 +-
.../api/command/user/vm/DeployVMCmd.java | 6 +-
.../api/command/user/vm/DestroyVMCmd.java | 4 +-
.../api/command/user/vm/GetVMPasswordCmd.java | 3 +-
.../api/command/user/vm/ListNicsCmd.java | 16 +-
.../api/command/user/vm/ListVMsCmd.java | 22 +-
.../api/command/user/vm/RebootVMCmd.java | 3 +-
.../command/user/vm/RemoveIpFromVmNicCmd.java | 4 +-
.../api/command/user/vm/RemoveNicFromVMCmd.java | 3 +-
.../api/command/user/vm/ResetVMPasswordCmd.java | 3 +-
.../api/command/user/vm/ResetVMSSHKeyCmd.java | 3 +-
.../api/command/user/vm/RestoreVMCmd.java | 4 +-
.../api/command/user/vm/ScaleVMCmd.java | 3 +-
.../api/command/user/vm/StartVMCmd.java | 3 +-
.../api/command/user/vm/StopVMCmd.java | 3 +-
.../user/vm/UpdateDefaultNicForVMCmd.java | 4 +-
.../api/command/user/vm/UpdateVMCmd.java | 24 +-
.../api/command/user/vm/UpgradeVMCmd.java | 3 +-
.../command/user/vmgroup/CreateVMGroupCmd.java | 5 +-
.../command/user/vmgroup/DeleteVMGroupCmd.java | 5 +-
.../command/user/vmgroup/ListVMGroupsCmd.java | 5 +-
.../command/user/vmgroup/UpdateVMGroupCmd.java | 5 +-
.../user/vmsnapshot/CreateVMSnapshotCmd.java | 7 +-
.../user/vmsnapshot/DeleteVMSnapshotCmd.java | 5 +-
.../user/vmsnapshot/ListVMSnapshotCmd.java | 5 +-
.../user/vmsnapshot/RevertToVMSnapshotCmd.java | 3 +-
.../user/volume/AddResourceDetailCmd.java | 16 +-
.../command/user/volume/AttachVolumeCmd.java | 12 +-
.../command/user/volume/CreateVolumeCmd.java | 16 +-
.../command/user/volume/DeleteVolumeCmd.java | 3 +-
.../command/user/volume/DetachVolumeCmd.java | 3 +-
.../command/user/volume/ExtractVolumeCmd.java | 3 +-
.../user/volume/ListResourceDetailsCmd.java | 5 +-
.../api/command/user/volume/ListVolumesCmd.java | 25 +-
.../command/user/volume/MigrateVolumeCmd.java | 4 +-
.../user/volume/RemoveResourceDetailCmd.java | 3 +-
.../command/user/volume/ResizeVolumeCmd.java | 5 +-
.../command/user/volume/UpdateVolumeCmd.java | 17 +-
.../command/user/volume/UploadVolumeCmd.java | 3 +-
.../command/user/vpc/CreateStaticRouteCmd.java | 3 +-
.../api/command/user/vpc/CreateVPCCmd.java | 15 +-
.../command/user/vpc/DeleteStaticRouteCmd.java | 5 +-
.../api/command/user/vpc/DeleteVPCCmd.java | 5 +-
.../user/vpc/ListPrivateGatewaysCmd.java | 5 +-
.../command/user/vpc/ListStaticRoutesCmd.java | 5 +-
.../command/user/vpc/ListVPCOfferingsCmd.java | 3 +-
.../api/command/user/vpc/ListVPCsCmd.java | 25 +-
.../api/command/user/vpc/RestartVPCCmd.java | 5 +-
.../api/command/user/vpc/UpdateVPCCmd.java | 13 +-
.../api/command/user/vpn/AddVpnUserCmd.java | 5 +-
.../user/vpn/CreateRemoteAccessVpnCmd.java | 20 +-
.../user/vpn/CreateVpnConnectionCmd.java | 12 +-
.../user/vpn/CreateVpnCustomerGatewayCmd.java | 5 +-
.../command/user/vpn/CreateVpnGatewayCmd.java | 11 +-
.../user/vpn/DeleteRemoteAccessVpnCmd.java | 3 +-
.../user/vpn/DeleteVpnConnectionCmd.java | 5 +-
.../user/vpn/DeleteVpnCustomerGatewayCmd.java | 5 +-
.../command/user/vpn/DeleteVpnGatewayCmd.java | 5 +-
.../user/vpn/ListRemoteAccessVpnsCmd.java | 17 +-
.../command/user/vpn/ListVpnConnectionsCmd.java | 17 +-
.../user/vpn/ListVpnCustomerGatewaysCmd.java | 5 +-
.../command/user/vpn/ListVpnGatewaysCmd.java | 17 +-
.../api/command/user/vpn/ListVpnUsersCmd.java | 5 +-
.../api/command/user/vpn/RemoveVpnUserCmd.java | 3 +-
.../command/user/vpn/ResetVpnConnectionCmd.java | 5 +-
.../user/vpn/UpdateRemoteAccessVpnCmd.java | 13 +-
.../user/vpn/UpdateVpnConnectionCmd.java | 13 +-
.../user/vpn/UpdateVpnCustomerGatewayCmd.java | 5 +-
.../command/user/vpn/UpdateVpnGatewayCmd.java | 13 +-
.../api/command/user/zone/ListZonesCmd.java | 4 +-
...ApplicationLoadBalancerInstanceResponse.java | 3 +-
.../ApplicationLoadBalancerResponse.java | 12 +-
.../api/response/AutoScaleVmGroupResponse.java | 12 +-
.../response/AutoScaleVmProfileResponse.java | 13 +-
.../api/response/FirewallResponse.java | 12 +-
.../api/response/FirewallRuleResponse.java | 12 +-
.../api/response/IPAddressResponse.java | 12 +-
.../api/response/LoadBalancerResponse.java | 12 +-
.../api/response/NetworkACLItemResponse.java | 12 +-
.../api/response/NetworkACLResponse.java | 12 +-
.../api/response/NetworkResponse.java | 6 +-
.../api/response/RemoteAccessVpnResponse.java | 11 +-
.../api/response/ResourceTagResponse.java | 31 +
.../Site2SiteVpnConnectionResponse.java | 9 +
.../response/Site2SiteVpnGatewayResponse.java | 11 +-
.../cloudstack/api/response/UserVmResponse.java | 3 +-
.../cloudstack/api/response/VolumeResponse.java | 30 +-
.../cloudstack/api/response/VpcResponse.java | 12 +-
.../apache/cloudstack/context/CallContext.java | 28 +-
.../cloudstack/context/CallContextListener.java | 3 +-
.../lb/ApplicationLoadBalancerService.java | 4 +-
awsapi/pom.xml | 5 -
.../classes/resources/messages.properties | 86 +-
.../classes/resources/messages_es.properties | 3 -
.../classes/resources/messages_ja_JP.properties | 122 +-
.../classes/resources/messages_nl_NL.properties | 50 +-
.../classes/resources/messages_pl.properties | 12 +-
.../classes/resources/messages_pt_BR.properties | 11 +-
.../classes/resources/messages_zh_CN.properties | 116 +-
client/pom.xml | 39 +-
client/tomcatconf/catalina.properties.in | 2 +-
.../com/cloud/agent/api/CheckRouterCommand.java | 5 +
.../api/CheckS2SVpnConnectionsCommand.java | 9 +-
.../com/cloud/agent/api/GetDomRVersionCmd.java | 5 +
.../agent/api/SetupGuestNetworkAnswer.java | 26 -
.../cloud/agent/api/routing/GroupAnswer.java | 40 +
.../cloud/agent/api/routing/IpAssocCommand.java | 4 +
.../agent/api/routing/IpAssocVpcCommand.java | 6 +
.../api/routing/NetworkElementCommand.java | 9 +
.../api/routing/SetFirewallRulesCommand.java | 9 +-
.../agent/api/routing/SetNetworkACLCommand.java | 11 +-
.../routing/SetPortForwardingRulesCommand.java | 10 +-
.../SetPortForwardingRulesVpcCommand.java | 4 +-
.../api/routing/SetStaticNatRulesCommand.java | 9 +-
.../agent/api/routing/SetStaticRouteAnswer.java | 13 +-
.../api/routing/SetStaticRouteCommand.java | 13 +-
.../virtualnetwork/VirtualRoutingResource.java | 801 +-
.../VirtualRoutingResourceTest.java | 799 ++
deps/XenServerJava/Makefile | 44 -
deps/XenServerJava/pom.xml | 2 +-
deps/XenServerJava/src/LICENSE.Apache-2.0.txt | 201 +
deps/XenServerJava/src/LICENSE.txt | 26 +
deps/XenServerJava/src/README.txt | 57 +
.../src/com/xensource/xenapi/APIVersion.java | 73 +-
.../src/com/xensource/xenapi/Auth.java | 34 +-
.../src/com/xensource/xenapi/Blob.java | 149 +-
.../src/com/xensource/xenapi/Bond.java | 191 +-
.../src/com/xensource/xenapi/Connection.java | 118 +-
.../src/com/xensource/xenapi/Console.java | 135 +-
.../src/com/xensource/xenapi/Crashdump.java | 113 +-
.../src/com/xensource/xenapi/DRTask.java | 93 +-
.../src/com/xensource/xenapi/DataSource.java | 19 +-
.../src/com/xensource/xenapi/Event.java | 87 +-
.../src/com/xensource/xenapi/GPUGroup.java | 338 +-
.../src/com/xensource/xenapi/Host.java | 1208 +-
.../src/com/xensource/xenapi/HostCpu.java | 182 +-
.../src/com/xensource/xenapi/HostCrashdump.java | 133 +-
.../src/com/xensource/xenapi/HostMetrics.java | 120 +-
.../src/com/xensource/xenapi/HostPatch.java | 195 +-
.../src/com/xensource/xenapi/Marshalling.java | 60 +-
.../src/com/xensource/xenapi/Message.java | 110 +-
.../src/com/xensource/xenapi/Network.java | 275 +-
.../src/com/xensource/xenapi/PBD.java | 183 +-
.../src/com/xensource/xenapi/PCI.java | 133 +-
.../src/com/xensource/xenapi/PGPU.java | 373 +-
.../src/com/xensource/xenapi/PIF.java | 636 +-
.../src/com/xensource/xenapi/PIFMetrics.java | 173 +-
.../src/com/xensource/xenapi/Pool.java | 942 +-
.../src/com/xensource/xenapi/PoolPatch.java | 237 +-
.../src/com/xensource/xenapi/Role.java | 123 +-
.../src/com/xensource/xenapi/SM.java | 199 +-
.../src/com/xensource/xenapi/SR.java | 767 +-
.../src/com/xensource/xenapi/Secret.java | 125 +-
.../src/com/xensource/xenapi/Session.java | 227 +-
.../src/com/xensource/xenapi/Subject.java | 129 +-
.../src/com/xensource/xenapi/Task.java | 235 +-
.../src/com/xensource/xenapi/Tunnel.java | 165 +-
.../src/com/xensource/xenapi/Types.java | 10869 +++++++++--------
.../src/com/xensource/xenapi/User.java | 135 +-
.../src/com/xensource/xenapi/VBD.java | 421 +-
.../src/com/xensource/xenapi/VBDMetrics.java | 109 +-
.../src/com/xensource/xenapi/VDI.java | 853 +-
.../src/com/xensource/xenapi/VGPU.java | 225 +-
.../src/com/xensource/xenapi/VGPUType.java | 461 +
.../src/com/xensource/xenapi/VIF.java | 409 +-
.../src/com/xensource/xenapi/VIFMetrics.java | 109 +-
.../src/com/xensource/xenapi/VLAN.java | 135 +-
.../src/com/xensource/xenapi/VM.java | 2182 ++--
.../src/com/xensource/xenapi/VMAppliance.java | 241 +-
.../com/xensource/xenapi/VMGuestMetrics.java | 157 +-
.../src/com/xensource/xenapi/VMMetrics.java | 165 +-
.../src/com/xensource/xenapi/VMPP.java | 437 +-
.../src/com/xensource/xenapi/VTPM.java | 85 +-
.../src/com/xensource/xenapi/XenAPIObject.java | 44 +-
developer/pom.xml | 23 +-
.../src/com/cloud/vm/VirtualMachineManager.java | 7 +-
.../service/NetworkOrchestrationService.java | 2 +-
.../api/storage/type/VolumeTypeBase.java | 39 +-
.../api/storage/type/VolumeTypeHelper.java | 25 +-
.../api/storage/type/VolumeTypeHelperTest.java | 101 +
.../com/cloud/ha/HighAvailabilityManager.java | 3 +
.../src/com/cloud/network/IpAddressManager.java | 2 +-
.../src/com/cloud/network/addr/PublicIp.java | 5 +
.../network/lb/LoadBalancingRulesManager.java | 2 +-
.../cloud/network/rules/StaticNatRuleImpl.java | 8 +-
.../cloud/network/vpc/NetworkACLManager.java | 9 +-
.../src/com/cloud/template/TemplateManager.java | 10 +
.../com/cloud/agent/manager/AgentAttache.java | 40 +-
.../cloud/agent/manager/AgentManagerImpl.java | 65 +-
.../agent/manager/ClusteredAgentAttache.java | 18 +-
.../agent/manager/ConnectedAgentAttache.java | 33 +-
.../cloud/agent/manager/DirectAgentAttache.java | 2 +-
.../com/cloud/vm/VirtualMachineManagerImpl.java | 1229 +-
.../vm/VirtualMachinePowerStateSyncImpl.java | 31 +
.../src/com/cloud/vm/VmWorkJobDispatcher.java | 12 +-
.../src/com/cloud/vm/VmWorkMigrateAway.java | 36 +
.../com/cloud/vm/VmWorkStorageMigration.java | 12 +-
.../engine/orchestration/CloudOrchestrator.java | 16 +-
.../orchestration/NetworkOrchestrator.java | 67 +-
.../orchestration/VolumeOrchestrator.java | 17 +-
.../service/api/ProvisioningServiceImpl.java | 34 +-
.../manager/ConnectedAgentAttacheTest.java | 82 +
.../cloud/vm/VirtualMachineManagerImplTest.java | 71 +-
.../orchestration/NetworkOrchestratorTest.java | 164 +
engine/pom.xml | 13 +
.../src/com/cloud/dc/DataCenterDetailVO.java | 5 +-
.../src/com/cloud/dc/dao/DataCenterDaoImpl.java | 2 +-
.../cloud/dc/dao/DataCenterDetailsDaoImpl.java | 4 +-
engine/schema/src/com/cloud/event/EventVO.java | 11 +
.../com/cloud/network/as/AutoScalePolicyVO.java | 6 +-
.../cloud/network/as/AutoScaleVmGroupVO.java | 12 +
.../cloud/network/as/AutoScaleVmProfileVO.java | 12 +
.../src/com/cloud/network/as/ConditionVO.java | 5 +-
.../network/dao/FirewallRulesCidrsDaoImpl.java | 1 -
.../com/cloud/network/dao/IPAddressDaoImpl.java | 1 +
.../src/com/cloud/network/dao/IPAddressVO.java | 12 +
.../cloud/network/dao/MonitoringServiceVO.java | 1 -
.../com/cloud/network/dao/NetworkDetailVO.java | 5 +-
.../network/dao/NetworkDetailsDaoImpl.java | 4 +-
.../src/com/cloud/network/dao/NetworkVO.java | 2 +-
.../cloud/network/dao/RemoteAccessVpnVO.java | 12 +
.../network/dao/Site2SiteVpnConnectionVO.java | 12 +
.../network/dao/Site2SiteVpnGatewayVO.java | 12 +
.../com/cloud/network/rules/FirewallRuleVO.java | 29 +-
.../com/cloud/network/vpc/NetworkACLItemVO.java | 12 +
.../src/com/cloud/network/vpc/NetworkACLVO.java | 12 +
.../src/com/cloud/network/vpc/VpcGatewayVO.java | 10 +-
.../schema/src/com/cloud/network/vpc/VpcVO.java | 13 +
.../cloud/service/ServiceOfferingDetailsVO.java | 5 +-
.../service/dao/ServiceOfferingDaoImpl.java | 2 +-
.../dao/ServiceOfferingDetailsDaoImpl.java | 4 +-
.../com/cloud/storage/VMTemplateDetailVO.java | 5 +-
.../src/com/cloud/storage/VMTemplateVO.java | 1 -
.../src/com/cloud/storage/VolumeDetailVO.java | 5 +-
.../schema/src/com/cloud/storage/VolumeVO.java | 11 +-
.../storage/dao/SnapshotDetailsDaoImpl.java | 4 +-
.../cloud/storage/dao/SnapshotDetailsVO.java | 9 +-
.../storage/dao/StoragePoolDetailsDaoImpl.java | 4 +-
.../cloud/storage/dao/VMTemplateDaoImpl.java | 11 +-
.../storage/dao/VMTemplateDetailsDaoImpl.java | 4 +-
.../src/com/cloud/storage/dao/VolumeDao.java | 8 +
.../com/cloud/storage/dao/VolumeDaoImpl.java | 20 +
.../cloud/storage/dao/VolumeDetailsDaoImpl.java | 4 +-
.../com/cloud/upgrade/dao/Upgrade430to440.java | 2 +-
.../schema/src/com/cloud/user/SSHKeyPairVO.java | 1 -
engine/schema/src/com/cloud/vm/NicDetailVO.java | 5 +-
.../schema/src/com/cloud/vm/UserVmDetailVO.java | 5 +-
.../schema/src/com/cloud/vm/VMInstanceVO.java | 7 +-
.../schema/src/com/cloud/vm/dao/NicDaoImpl.java | 1 -
.../src/com/cloud/vm/dao/NicDetailsDaoImpl.java | 4 +-
.../src/com/cloud/vm/dao/NicIpAliasVO.java | 1 -
.../src/com/cloud/vm/dao/NicSecondaryIpVO.java | 4 -
.../schema/src/com/cloud/vm/dao/UserVmDao.java | 3 +-
.../src/com/cloud/vm/dao/UserVmDaoImpl.java | 7 +-
.../com/cloud/vm/dao/UserVmDetailsDaoImpl.java | 4 +-
.../cloud/vm/snapshot/VMSnapshotDetailsVO.java | 9 +-
.../snapshot/dao/VMSnapshotDetailsDaoImpl.java | 4 +-
.../cloudstack/affinity/AffinityGroupVO.java | 2 +-
.../engine/cloud/entity/api/db/VMEntityVO.java | 1 -
.../AutoScaleVmGroupDetailVO.java | 5 +-
.../AutoScaleVmProfileDetailVO.java | 5 +-
.../resourcedetail/DiskOfferingDetailVO.java | 3 +-
.../resourcedetail/FirewallRuleDetailVO.java | 5 +-
.../resourcedetail/NetworkACLItemDetailVO.java | 5 +-
.../resourcedetail/NetworkACLListDetailVO.java | 5 +-
.../resourcedetail/RemoteAccessVpnDetailVO.java | 5 +-
.../resourcedetail/ResourceDetailsDao.java | 2 +-
.../Site2SiteCustomerGatewayDetailVO.java | 5 +-
.../Site2SiteVpnConnectionDetailVO.java | 5 +-
.../Site2SiteVpnGatewayDetailVO.java | 5 +-
.../cloudstack/resourcedetail/UserDetailVO.java | 2 +-
.../resourcedetail/UserIpAddressDetailVO.java | 5 +-
.../cloudstack/resourcedetail/VpcDetailVO.java | 5 +-
.../resourcedetail/VpcGatewayDetailVO.java | 5 +-
.../dao/AutoScaleVmGroupDetailsDaoImpl.java | 4 +-
.../dao/AutoScaleVmProfileDetailsDaoImpl.java | 4 +-
.../dao/DiskOfferingDetailsDaoImpl.java | 4 +-
.../dao/FirewallRuleDetailsDaoImpl.java | 4 +-
.../dao/NetworkACLItemDetailsDaoImpl.java | 4 +-
.../dao/NetworkACLListDetailsDaoImpl.java | 4 +-
.../dao/RemoteAccessVpnDetailsDaoImpl.java | 4 +-
.../Site2SiteCustomerGatewayDetailsDaoImpl.java | 4 +-
.../Site2SiteVpnConnectionDetailsDaoImpl.java | 4 +-
.../dao/Site2SiteVpnGatewayDetailsDaoImpl.java | 4 +-
.../resourcedetail/dao/UserDetailsDaoImpl.java | 2 +-
.../dao/UserIpAddressDetailsDaoImpl.java | 4 +-
.../resourcedetail/dao/VpcDetailsDaoImpl.java | 4 +-
.../dao/VpcGatewayDetailsDaoImpl.java | 4 +-
.../storage/datastore/db/ImageStoreVO.java | 3 -
.../datastore/db/PrimaryDataStoreDaoImpl.java | 4 +-
.../datastore/db/PrimaryDataStoreDetailVO.java | 5 +-
.../datastore/db/StoragePoolDetailVO.java | 5 +-
.../storage/datastore/db/StoragePoolVO.java | 3 -
.../storage/image/store/TemplateObject.java | 1 -
engine/storage/integration-test/pom.xml | 5 -
.../vm/snapshot/dao/VmSnapshotDaoTest.java | 2 +-
.../storage/allocator/StorageAllocatorTest.java | 4 +-
.../storage/image/TemplateEntityImpl.java | 4 +-
.../image/datastore/ImageStoreHelper.java | 26 +
.../storage/snapshot/SnapshotEntityImpl.java | 1 -
.../datastore/PrimaryDataStoreHelper.java | 28 +
.../db/PrimaryDataStoreDetailsDaoImpl.java | 4 +-
.../cloudstack/storage/volume/VolumeObject.java | 5 +
.../storage/volume/VolumeServiceImpl.java | 1 +
framework/db/pom.xml | 5 -
.../db/src/com/cloud/dao/EntityManagerImpl.java | 1 +
framework/db/src/com/cloud/utils/db/Filter.java | 2 +-
.../src/com/cloud/utils/db/GenericDaoBase.java | 59 +-
.../db/src/com/cloud/utils/db/GroupBy.java | 31 +-
.../db/src/com/cloud/utils/db/SearchBase.java | 87 +-
.../src/com/cloud/utils/db/StaticStrategy.java | 131 -
.../db/test/com/cloud/utils/db/GroupByTest.java | 81 +
.../jobs/AsyncJobExecutionContext.java | 21 +-
.../framework/jobs/dao/SyncQueueItemDao.java | 1 +
.../jobs/dao/SyncQueueItemDaoImpl.java | 35 +-
.../jobs/impl/AsyncJobManagerImpl.java | 54 +-
.../framework/jobs/impl/AsyncJobMonitor.java | 30 +-
.../framework/jobs/impl/AsyncJobVO.java | 2 +-
.../jobs/impl/SyncQueueManagerImpl.java | 21 +-
.../managed/context/ManagedContextRunnable.java | 2 +-
framework/pom.xml | 13 +
packaging/centos63/cloud-agent.rc | 8 +-
packaging/centos63/cloud-ipallocator.rc | 8 +-
packaging/centos63/package.sh | 170 +-
.../api/command/user/discovery/ListApisCmd.java | 4 +-
.../admin/ratelimit/ResetApiLimitCmd.java | 3 +-
.../command/user/ratelimit/GetApiLimitCmd.java | 3 +-
plugins/database/mysql-ha/pom.xml | 28 +
.../src/com/cloud/utils/db/StaticStrategy.java | 131 +
.../api/commands/DedicateClusterCmd.java | 3 +-
.../api/commands/DedicateHostCmd.java | 3 +-
.../cloudstack/api/commands/DedicatePodCmd.java | 3 +-
.../api/commands/DedicateZoneCmd.java | 3 +-
.../api/commands/ListDedicatedClustersCmd.java | 3 +-
.../api/commands/ListDedicatedHostsCmd.java | 3 +-
.../api/commands/ListDedicatedPodsCmd.java | 3 +-
.../api/commands/ListDedicatedZonesCmd.java | 3 +-
.../commands/ReleaseDedicatedClusterCmd.java | 3 +-
.../api/commands/ReleaseDedicatedHostCmd.java | 3 +-
.../api/commands/ReleaseDedicatedPodCmd.java | 3 +-
.../api/commands/ReleaseDedicatedZoneCmd.java | 3 +-
.../dedicated/DedicatedResourceManagerImpl.java | 38 +-
.../mom/inmemory/InMemoryEventBus.java | 53 +-
.../mom/inmemory/InMemoryEventBusTest.java | 162 +
.../api/commands/netapp/AssociateLunCmd.java | 3 +-
.../cloud/api/commands/netapp/CreateLunCmd.java | 3 +-
.../commands/netapp/CreateVolumeOnFilerCmd.java | 3 +-
.../commands/netapp/CreateVolumePoolCmd.java | 3 +-
.../commands/netapp/DeleteVolumePoolCmd.java | 3 +-
.../api/commands/netapp/DestroyLunCmd.java | 3 +-
.../netapp/DestroyVolumeOnFilerCmd.java | 3 +-
.../api/commands/netapp/DissociateLunCmd.java | 3 +-
.../cloud/api/commands/netapp/ListLunsCmd.java | 3 +-
.../api/commands/netapp/ListVolumePoolsCmd.java | 3 +-
.../commands/netapp/ListVolumesOnFilerCmd.java | 3 +-
.../commands/netapp/ModifyVolumePoolCmd.java | 3 +-
.../cloudstack/api/AddBaremetalDhcpCmd.java | 3 +-
.../cloudstack/api/AddBaremetalHostCmd.java | 3 +-
.../api/AddBaremetalKickStartPxeCmd.java | 3 +-
.../api/AddBaremetalPxePingServerCmd.java | 3 +-
.../cloudstack/api/ListBaremetalDhcpCmd.java | 3 +-
.../api/ListBaremetalPxeServersCmd.java | 3 +-
.../HypervResource/CloudStackTypes.cs | 17 +-
.../HypervResource/HypervResourceController.cs | 86 +-
.../HypervResource/IWmiCallsV2.cs | 1 +
.../ServerResource/HypervResource/WmiCallsV2.cs | 25 +
.../resource/HypervDirectConnectResource.java | 51 +-
.../kvm/resource/KVMGuestOsMapper.java | 2 +
.../hypervisor/kvm/resource/KVMHABase.java | 13 +-
.../kvm/resource/LibvirtComputingResource.java | 190 +-
.../kvm/resource/LibvirtDomainXMLParser.java | 12 +-
.../kvm/resource/LibvirtStoragePoolDef.java | 29 +-
.../resource/LibvirtStoragePoolXMLParser.java | 20 +-
.../hypervisor/kvm/resource/LibvirtVMDef.java | 18 +-
.../kvm/storage/KVMStorageProcessor.java | 27 +-
.../kvm/storage/LibvirtStorageAdaptor.java | 60 +-
.../apache/cloudstack/utils/qemu/QemuImg.java | 6 +-
.../cloudstack/utils/qemu/QemuImgFile.java | 1 -
.../resource/LibvirtComputingResourceTest.java | 7 +
.../cloud/agent/manager/MockNetworkManager.java | 3 +-
.../agent/manager/MockNetworkManagerImpl.java | 9 +-
.../agent/manager/SimulatorManagerImpl.java | 6 +-
.../api/commands/ConfigureSimulatorCmd.java | 3 +-
.../driver/SimulatorImageStoreDriverImpl.java | 6 +
.../apache/cloudstack/api/AddUcsManagerCmd.java | 3 +-
.../api/AssociateUcsProfileToBladeCmd.java | 3 +-
.../cloudstack/api/DeleteUcsManagerCmd.java | 3 +-
.../apache/cloudstack/api/ListUcsBladeCmd.java | 3 +-
.../cloudstack/api/ListUcsManagerCmd.java | 3 +-
.../cloudstack/api/ListUcsProfileCmd.java | 3 +-
.../api/commands/DeleteCiscoNexusVSMCmd.java | 3 +-
.../api/commands/DisableCiscoNexusVSMCmd.java | 3 +-
.../api/commands/EnableCiscoNexusVSMCmd.java | 3 +-
.../api/commands/ListCiscoNexusVSMsCmd.java | 3 +-
.../com/cloud/hypervisor/guru/VMwareGuru.java | 25 +-
.../vmware/VmwareServerDiscoverer.java | 6 -
.../vmware/manager/VmwareManagerImpl.java | 6 +-
.../vmware/resource/VmwareResource.java | 176 +-
.../resource/VmwareStorageProcessor.java | 72 +-
.../api/command/admin/zone/AddVmwareDcCmd.java | 3 +-
.../command/admin/zone/ListVmwareDcsCmd.java | 3 +-
.../command/admin/zone/RemoveVmwareDcCmd.java | 3 +-
.../motion/VmwareStorageMotionStrategy.java | 36 +-
.../xen/src/com/cloud/ha/XenServerFencer.java | 1 -
.../xen/discoverer/XcpServerDiscoverer.java | 35 +-
.../hypervisor/xen/resource/CitrixHelper.java | 339 +
.../xen/resource/CitrixResourceBase.java | 67 +-
.../xen/resource/Xenserver625Resource.java | 15 +-
.../xenserver/XenServerResourceNewBase.java | 27 +-
.../test/com/cloud/ha/XenServerFencerTest.java | 39 +
.../xen/resource/CitrixResourceBaseTest.java | 16 +
.../api/commands/AddBigSwitchVnsDeviceCmd.java | 3 +-
.../commands/DeleteBigSwitchVnsDeviceCmd.java | 3 +-
.../commands/ListBigSwitchVnsDevicesCmd.java | 3 +-
.../commands/AddCiscoAsa1000vResourceCmd.java | 3 +-
.../api/commands/AddCiscoVnmcResourceCmd.java | 3 +-
.../DeleteCiscoAsa1000vResourceCmd.java | 3 +-
.../commands/DeleteCiscoVnmcResourceCmd.java | 3 +-
.../commands/ListCiscoAsa1000vResourcesCmd.java | 3 +-
.../api/commands/ListCiscoVnmcResourcesCmd.java | 3 +-
.../cloud/network/element/CiscoVnmcElement.java | 5 +-
.../network/cisco/CiscoVnmcConnectionTest.java | 209 +-
.../lb/ElasticLoadBalancerManagerImpl.java | 486 +-
.../network/lb/LoadBalanceRuleHandler.java | 467 +
.../lb/ElasticLoadBalancerManagerImplTest.java | 101 +
.../network/lb/LoadBalanceRuleHandlerTest.java | 215 +
.../commands/AddExternalLoadBalancerCmd.java | 3 +-
.../api/commands/AddF5LoadBalancerCmd.java | 3 +-
.../commands/ConfigureF5LoadBalancerCmd.java | 3 +-
.../commands/DeleteExternalLoadBalancerCmd.java | 3 +-
.../api/commands/DeleteF5LoadBalancerCmd.java | 3 +-
.../commands/ListExternalLoadBalancersCmd.java | 3 +-
.../commands/ListF5LoadBalancerNetworksCmd.java | 3 +-
.../api/commands/ListF5LoadBalancersCmd.java | 3 +-
.../lb/InternalLoadBalancerVMManagerImpl.java | 18 +-
...ring-contrail-system-context-inheritable.xml | 41 +
.../api/command/CreateServiceInstanceCmd.java | 4 +-
.../management/ContrailManagerImpl.java | 68 +-
.../network/contrail/management/EventUtils.java | 56 +-
.../contrail/management/ServiceManagerImpl.java | 16 +-
.../network/contrail/model/ModelObject.java | 10 +-
.../contrail/model/ServiceInstanceModel.java | 21 +-
.../contrail/model/VirtualMachineModel.java | 78 +-
.../contrail/model/VirtualNetworkModel.java | 171 +-
.../contrail/model/VirtualMachineModelTest.java | 9 +-
.../contrail/model/VirtualNetworkModelTest.java | 143 +-
.../test/resources/log4j.properties | 2 +-
.../api/commands/AddExternalFirewallCmd.java | 3 +-
.../cloud/api/commands/AddSrxFirewallCmd.java | 3 +-
.../api/commands/ConfigureSrxFirewallCmd.java | 3 +-
.../api/commands/DeleteExternalFirewallCmd.java | 3 +-
.../api/commands/DeleteSrxFirewallCmd.java | 3 +-
.../api/commands/ListExternalFirewallsCmd.java | 3 +-
.../commands/ListSrxFirewallNetworksCmd.java | 3 +-
.../cloud/api/commands/ListSrxFirewallsCmd.java | 3 +-
.../commands/AddNetscalerLoadBalancerCmd.java | 3 +-
.../ConfigureNetscalerLoadBalancerCmd.java | 3 +-
.../DeleteNetscalerLoadBalancerCmd.java | 3 +-
.../ListNetscalerLoadBalancerNetworksCmd.java | 3 +-
.../commands/ListNetscalerLoadBalancersCmd.java | 3 +-
.../api/commands/AddNiciraNvpDeviceCmd.java | 3 +-
.../api/commands/DeleteNiciraNvpDeviceCmd.java | 3 +-
.../ListNiciraNvpDeviceNetworksCmd.java | 3 +-
.../api/commands/ListNiciraNvpDevicesCmd.java | 3 +-
.../network/nicira/AccessConfiguration.java | 90 +-
.../src/com/cloud/network/nicira/Acl.java | 1 -
.../cloud/network/nicira/BaseNiciraEntity.java | 85 +
.../network/nicira/BaseNiciraNamedEntity.java | 44 +
.../com/cloud/network/nicira/LogicalRouter.java | 71 +
.../network/nicira/LogicalRouterConfig.java | 65 -
.../cloud/network/nicira/LogicalRouterPort.java | 41 +-
.../com/cloud/network/nicira/LogicalSwitch.java | 68 +-
.../cloud/network/nicira/LogicalSwitchPort.java | 50 +-
.../com/cloud/network/nicira/NiciraNvpApi.java | 750 +-
.../nicira/RoutingTableRoutingConfig.java | 30 +
...SingleDefaultRouteImplicitRoutingConfig.java | 40 +
.../SingleDefaultRouteImplictRoutingConfig.java | 40 -
.../com/cloud/network/nicira/VifAttachment.java | 35 +-
.../network/resource/NiciraNvpResource.java | 20 +-
.../network/element/NiciraNvpElementTest.java | 42 +-
.../guru/NiciraNvpGuestNetworkGuruTest.java | 154 +-
.../com/cloud/network/nicira/NatRuleTest.java | 12 +-
.../cloud/network/nicira/NiciraNvpApiIT.java | 200 +-
.../cloud/network/nicira/NiciraNvpApiTest.java | 367 +-
.../com/cloud/network/nicira/NiciraTagTest.java | 8 +-
.../network/resource/NiciraNvpResourceTest.java | 258 +-
.../commands/AddOpenDaylightControllerCmd.java | 3 +-
.../DeleteOpenDaylightControllerCmd.java | 3 +-
.../ListOpenDaylightControllersCmd.java | 3 +-
.../com/cloud/network/element/OvsElement.java | 283 +-
.../cloud/network/guru/OvsGuestNetworkGuru.java | 4 -
.../com/cloud/network/ovs/OvsTunnelManager.java | 4 +-
.../cloud/network/ovs/OvsTunnelManagerImpl.java | 148 +-
.../api/commands/AddPaloAltoFirewallCmd.java | 3 +-
.../commands/ConfigurePaloAltoFirewallCmd.java | 3 +-
.../api/commands/DeletePaloAltoFirewallCmd.java | 3 +-
.../ListPaloAltoFirewallNetworksCmd.java | 3 +-
.../api/commands/ListPaloAltoFirewallsCmd.java | 3 +-
.../cloudstack/api/commands/AddSspCmd.java | 3 +-
.../cloudstack/api/commands/DeleteSspCmd.java | 3 +-
plugins/pom.xml | 24 +
...CloudStackPrimaryDataStoreLifeCycleImpl.java | 30 +-
.../CloudStackPrimaryDataStoreProviderImpl.java | 9 +-
.../cloudstack/api/command/LDAPConfigCmd.java | 4 +-
.../cloudstack/api/command/LDAPRemoveCmd.java | 3 +-
.../api/command/LdapAddConfigurationCmd.java | 3 +-
.../api/command/LdapCreateAccountCmd.java | 3 +-
.../api/command/LdapDeleteConfigurationCmd.java | 3 +-
.../api/command/LdapImportUsersCmd.java | 3 +-
.../api/command/LdapListConfigurationCmd.java | 3 +-
.../api/command/LdapListUsersCmd.java | 3 +-
.../api/command/LdapUserSearchCmd.java | 3 +-
pom.xml | 39 +-
.../SYSCONFDIR/rc.d/init.d/cloud-ipallocator.in | 8 +-
.../SYSCONFDIR/rc.d/init.d/cloud-ipallocator.in | 8 +-
.../SYSCONFDIR/init.d/cloud-ipallocator.in | 8 +-
.../SYSCONFDIR/rc.d/init.d/cloud-ipallocator.in | 8 +-
.../sles/SYSCONFDIR/init.d/cloud-ipallocator.in | 8 +-
.../SYSCONFDIR/init.d/cloud-ipallocator.in | 8 +-
scripts/vm/systemvm/injectkeys.sh | 2 +-
.../com/cloud/api/ApiAsyncJobDispatcher.java | 14 +-
server/src/com/cloud/api/ApiDispatcher.java | 3 +-
server/src/com/cloud/api/ApiGsonHelper.java | 4 +-
.../com/cloud/api/ApiResponseGsonHelper.java | 39 +-
server/src/com/cloud/api/ApiResponseHelper.java | 18 +-
server/src/com/cloud/api/ApiServer.java | 22 +-
.../cloud/api/ResponseObjectTypeAdapter.java | 7 +-
.../com/cloud/api/query/QueryManagerImpl.java | 39 +-
.../api/query/dao/ImageStoreJoinDaoImpl.java | 4 +-
.../cloud/api/query/dao/VolumeJoinDaoImpl.java | 3 +-
.../cloud/api/query/vo/AffinityGroupJoinVO.java | 2 +-
.../src/com/cloud/api/query/vo/EventJoinVO.java | 7 +
.../com/cloud/api/query/vo/VolumeJoinVO.java | 8 +
.../api/response/ApiResponseSerializer.java | 24 +
.../api/response/SecurityGroupResultObject.java | 2 +-
server/src/com/cloud/configuration/Config.java | 6 +
.../configuration/ConfigurationManagerImpl.java | 11 +-
.../consoleproxy/ConsoleProxyManagerImpl.java | 7 +-
.../com/cloud/event/ActionEventInterceptor.java | 19 +-
.../src/com/cloud/event/ActionEventUtils.java | 34 +-
.../cloud/ha/HighAvailabilityManagerImpl.java | 48 +-
.../metadata/ResourceMetaDataManagerImpl.java | 8 +-
.../com/cloud/network/IpAddressManagerImpl.java | 37 +-
.../src/com/cloud/network/NetworkModelImpl.java | 2 +-
.../com/cloud/network/NetworkServiceImpl.java | 48 +-
.../cloud/network/as/AutoScaleManagerImpl.java | 30 +
.../network/firewall/FirewallManagerImpl.java | 34 +-
.../cloud/network/guru/ControlNetworkGuru.java | 4 +-
.../cloud/network/guru/GuestNetworkGuru.java | 4 +-
.../lb/LoadBalancingRulesManagerImpl.java | 19 +-
.../router/VirtualNetworkApplianceManager.java | 4 +
.../VirtualNetworkApplianceManagerImpl.java | 137 +-
.../VpcVirtualNetworkApplianceManagerImpl.java | 33 +-
.../cloud/network/rules/RulesManagerImpl.java | 19 +-
.../network/vpc/NetworkACLManagerImpl.java | 20 +-
.../network/vpc/NetworkACLServiceImpl.java | 31 +-
.../com/cloud/network/vpc/VpcManagerImpl.java | 26 +-
.../network/vpn/RemoteAccessVpnManagerImpl.java | 12 +-
.../network/vpn/Site2SiteVpnManagerImpl.java | 33 +-
.../com/cloud/resource/ResourceManagerImpl.java | 3 +-
server/src/com/cloud/server/Criteria.java | 2 +
.../com/cloud/server/ManagementServerImpl.java | 14 +-
.../com/cloud/storage/VolumeApiServiceImpl.java | 108 +-
.../storage/snapshot/SnapshotSchedulerImpl.java | 10 +-
.../template/HypervisorTemplateAdapter.java | 25 +-
.../com/cloud/template/TemplateManagerImpl.java | 50 +-
server/src/com/cloud/user/DomainManager.java | 1 -
server/src/com/cloud/vm/UserVmManager.java | 2 +-
server/src/com/cloud/vm/UserVmManagerImpl.java | 267 +-
.../vm/snapshot/VMSnapshotManagerImpl.java | 34 +-
.../lb/ApplicationLoadBalancerManagerImpl.java | 24 +-
.../metadata/ResourceMetaDataManagerTest.java | 2 +-
.../cloud/network/MockFirewallManagerImpl.java | 2 +-
.../cloud/template/TemplateManagerImplTest.java | 37 +
.../com/cloud/vpc/MockNetworkManagerImpl.java | 9 +-
.../cloud/vpc/MockSite2SiteVpnManagerImpl.java | 4 +-
.../com/cloud/vpc/NetworkACLManagerTest.java | 4 +-
.../com/cloud/vpc/NetworkACLServiceTest.java | 16 +-
.../network/lb/ApplicationLoadBalancerTest.java | 14 +-
services/console-proxy-rdp/rdpconsole/pom.xml | 2 +-
.../rdpconsole/src/main/java/common/Client.java | 92 +-
.../src/main/java/streamer/ByteBuffer.java | 122 +-
.../src/test/java/common/ClientTest.java | 43 +
.../src/test/java/rdpclient/MockServerTest.java | 5 +
.../src/test/java/streamer/ByteBufferTest.java | 152 +
.../consoleproxy/ConsoleProxyRdpClient.java | 12 +-
.../consoleproxy/ConsoleProxyVncClient.java | 89 +-
.../consoleproxy/ConsoleProxyRdpClientTest.java | 62 +
services/pom.xml | 16 +
.../PremiumSecondaryStorageManagerImpl.java | 28 +-
.../SecondaryStorageManagerImpl.java | 12 +-
setup/db/db/schema-421to430.sql | 3 +
setup/db/db/schema-430to440.sql | 127 +-
setup/db/templates.sql | 5 +
.../rc.d/init.d/cloud-console-proxy.in | 8 +-
.../rc.d/init.d/cloud-console-proxy.in | 8 +-
.../rc.d/init.d/cloud-console-proxy.in | 8 +-
.../SYSCONFDIR/init.d/cloud-console-proxy.in | 8 +-
.../patches/debian/config/etc/dnsmasq.conf.tmpl | 4 +-
.../patches/debian/config/opt/cloud/bin/ilb.sh | 12 +-
.../debian/config/opt/cloud/bin/loadbalancer.sh | 7 +-
.../config/opt/cloud/bin/monitor_service.sh | 27 +-
.../debian/config/opt/cloud/bin/vpc_acl.sh | 19 +-
.../debian/config/opt/cloud/bin/vpc_guestnw.sh | 44 +-
.../config/opt/cloud/bin/vpc_loadbalancer.sh | 13 +-
.../patches/debian/config/root/reconfigLB.sh | 7 +-
.../component/test_multiple_ips_per_nic.py | 853 ++
.../component/test_persistent_networks.py | 2045 +++-
test/integration/component/test_portable_ip.py | 132 +-
test/integration/smoke/test_vm_life_cycle.py | 84 +-
test/selenium/browser/__init__.py | 16 +
test/selenium/browser/firefox.py | 56 +
test/selenium/common/Global_Locators.py | 230 +
test/selenium/common/__init__.py | 18 +
test/selenium/common/shared.py | 151 +
test/selenium/cspages/__init__.py | 18 +
test/selenium/cspages/dashboard/__init__.py | 18 +
.../selenium/cspages/dashboard/dashboardpage.py | 73 +
test/selenium/cspages/login/__init__.py | 18 +
test/selenium/cspages/login/loginpage.py | 106 +
test/selenium/cstests/__init__.py | 17 +
.../cstests/regressiontests/__init__.py | 17 +
test/selenium/cstests/smoketests/__init__.py | 17 +
.../cstests/smoketests/global_settings_test.py | 69 +
.../cstests/smoketests/login_logout_test.py | 190 +
.../cstests/smoketests/navigation_test.py | 79 +
test/selenium/cstests/smoketests/smokecfg.py | 40 +
tools/appliance/build.sh | 52 +-
.../systemvm64template/definition.rb | 6 +-
.../definitions/systemvmtemplate/definition.rb | 6 +-
.../devcloud-kvm-advanced-fusion.cfg | 139 +
tools/devcloud-kvm/devcloud-kvm-advanced.cfg | 4 +-
tools/devcloud-kvm/pom.xml | 2 +-
tools/devcloud/pom.xml | 2 +-
tools/marvin/marvin/codes.py | 4 +
tools/marvin/marvin/config/config.cfg | 235 +-
tools/marvin/marvin/integration/lib/base.py | 40 +-
tools/marvin/marvin/integration/lib/common.py | 107 +-
ui/css/cloudstack3.css | 231 +-
ui/css/cloudstack3.ja.css | 66 -
ui/css/cloudstack3.ja_JP.css | 76 +
ui/dictionary.jsp | 89 +-
ui/images/icons.png | Bin 50052 -> 61164 bytes
ui/images/infrastructure-icons.png | Bin 62059 -> 66823 bytes
ui/images/sprites.png | Bin 207810 -> 212515 bytes
ui/index.jsp | 20 +-
ui/lib/jquery.validate.js | 34 +-
ui/scripts/accounts.js | 2 +-
ui/scripts/autoscaler.js | 26 +-
ui/scripts/cloudStack.js | 8 +-
ui/scripts/configuration.js | 10 +-
ui/scripts/domains.js | 2 +-
ui/scripts/installWizard.js | 4 +-
ui/scripts/instanceWizard.js | 78 +-
ui/scripts/instances.js | 71 +-
ui/scripts/network.js | 145 +-
ui/scripts/regions.js | 78 +-
ui/scripts/sharedFunctions.js | 14 +-
ui/scripts/system.js | 234 +-
ui/scripts/templates.js | 91 +-
ui/scripts/ui-custom/accountsWizard.js | 33 +-
ui/scripts/ui-custom/instanceWizard.js | 34 +
ui/scripts/ui/dialog.js | 14 +
ui/scripts/ui/widgets/listView.js | 29 +-
ui/scripts/zoneWizard.js | 68 +-
usage/pom.xml | 5 -
utils/conf/db.properties | 6 +-
utils/conf/log4j-vmops.xml | 34 +-
utils/pom.xml | 70 +-
utils/src/com/cloud/maint/Version.java | 3 +
utils/src/com/cloud/utils/ActionDelegate.java | 7 +-
.../com/cloud/utils/CloudResourceBundle.java | 7 +-
utils/src/com/cloud/utils/DateUtil.java | 7 +-
utils/src/com/cloud/utils/EnumUtils.java | 7 +-
utils/src/com/cloud/utils/ExecutionResult.java | 2 +
utils/src/com/cloud/utils/FileUtil.java | 7 +-
utils/src/com/cloud/utils/IteratorUtil.java | 7 +-
utils/src/com/cloud/utils/Journal.java | 7 +-
utils/src/com/cloud/utils/LogUtils.java | 7 +-
utils/src/com/cloud/utils/MethodCapturer.java | 7 +-
utils/src/com/cloud/utils/NumbersUtil.java | 7 +-
utils/src/com/cloud/utils/Pair.java | 7 +-
.../src/com/cloud/utils/PasswordGenerator.java | 7 +-
utils/src/com/cloud/utils/Predicate.java | 7 +-
utils/src/com/cloud/utils/ProcessUtil.java | 7 +-
utils/src/com/cloud/utils/Profiler.java | 7 +-
utils/src/com/cloud/utils/PropertiesUtil.java | 7 +-
utils/src/com/cloud/utils/ReflectUtil.java | 7 +-
utils/src/com/cloud/utils/S3Utils.java | 37 +-
utils/src/com/cloud/utils/SerialVersionUID.java | 7 +-
utils/src/com/cloud/utils/StringUtils.java | 15 +-
utils/src/com/cloud/utils/SwiftUtil.java | 41 +-
utils/src/com/cloud/utils/Ternary.java | 7 +-
utils/src/com/cloud/utils/UriUtils.java | 52 +-
.../cloud/utils/UsernamePasswordValidator.java | 7 +-
utils/src/com/cloud/utils/UuidUtils.java | 13 +-
.../cloud/utils/backoff/BackoffAlgorithm.java | 7 +-
.../utils/backoff/impl/ConstantTimeBackoff.java | 7 +-
.../backoff/impl/ConstantTimeBackoffMBean.java | 7 +-
.../utils/cisco/n1kv/vsm/NetconfHelper.java | 7 +-
.../cloud/utils/cisco/n1kv/vsm/PolicyMap.java | 7 +-
.../cloud/utils/cisco/n1kv/vsm/PortProfile.java | 7 +-
.../cloud/utils/cisco/n1kv/vsm/VsmCommand.java | 7 +-
.../utils/cisco/n1kv/vsm/VsmOkResponse.java | 7 +-
.../cisco/n1kv/vsm/VsmPolicyMapResponse.java | 7 +-
.../cisco/n1kv/vsm/VsmPortProfileResponse.java | 7 +-
.../cloud/utils/cisco/n1kv/vsm/VsmResponse.java | 7 +-
.../src/com/cloud/utils/component/Adapter.java | 7 +-
.../com/cloud/utils/component/AdapterBase.java | 7 +-
.../com/cloud/utils/component/AdapterList.java | 7 +-
.../cloud/utils/component/ComponentContext.java | 6 +-
.../ComponentInstantiationPostProcessor.java | 7 +-
.../utils/component/ComponentLifecycle.java | 7 +-
.../utils/component/ComponentLifecycleBase.java | 7 +-
.../component/ComponentMethodInterceptable.java | 7 +-
.../component/ComponentMethodInterceptor.java | 7 +-
.../utils/component/ComponentNamingPolicy.java | 7 +-
.../src/com/cloud/utils/component/Manager.java | 7 +-
.../com/cloud/utils/component/ManagerBase.java | 7 +-
utils/src/com/cloud/utils/component/Named.java | 37 +-
.../cloud/utils/component/PluggableService.java | 7 +-
.../src/com/cloud/utils/component/Registry.java | 37 +-
.../utils/component/SystemIntegrityChecker.java | 7 +-
.../utils/concurrency/NamedThreadFactory.java | 7 +-
.../com/cloud/utils/concurrency/Scheduler.java | 7 +-
.../utils/concurrency/SynchronizationEvent.java | 7 +-
.../com/cloud/utils/concurrency/TestClock.java | 7 +-
.../com/cloud/utils/crypt/DBEncryptionUtil.java | 9 +-
.../utils/crypt/EncryptionSecretKeyChecker.java | 7 +-
.../utils/crypt/EncryptionSecretKeySender.java | 7 +-
utils/src/com/cloud/utils/crypt/RSAHelper.java | 7 +-
utils/src/com/cloud/utils/db/DbProperties.java | 37 +-
utils/src/com/cloud/utils/db/EntityManager.java | 5 +
utils/src/com/cloud/utils/db/UUIDManager.java | 3 +
.../com/cloud/utils/encoding/URLEncoder.java | 33 +-
utils/src/com/cloud/utils/events/EventArgs.java | 7 +-
.../com/cloud/utils/events/SubscriptionMgr.java | 7 +-
.../utils/exception/CSExceptionErrorCode.java | 6 +-
.../utils/exception/CloudRuntimeException.java | 7 +-
.../com/cloud/utils/exception/ErrorContext.java | 3 +
.../utils/exception/ExceptionProxyObject.java | 7 +-
.../cloud/utils/exception/ExceptionUtil.java | 7 +-
.../utils/exception/ExecutionException.java | 7 +-
.../HypervisorVersionChangedException.java | 7 +-
utils/src/com/cloud/utils/fsm/ChangeEvent.java | 37 +-
utils/src/com/cloud/utils/fsm/FiniteState.java | 7 +-
utils/src/com/cloud/utils/fsm/FiniteState2.java | 37 +-
.../com/cloud/utils/fsm/FiniteStateObject.java | 7 +-
.../cloud/utils/fsm/NoTransitionException.java | 7 +-
utils/src/com/cloud/utils/fsm/State.java | 37 +-
utils/src/com/cloud/utils/fsm/StateDao.java | 7 +-
.../src/com/cloud/utils/fsm/StateListener.java | 7 +-
utils/src/com/cloud/utils/fsm/StateMachine.java | 7 +-
.../src/com/cloud/utils/fsm/StateMachine2.java | 7 +-
utils/src/com/cloud/utils/fsm/StateObject.java | 7 +-
.../cloud/utils/log/CglibThrowableRenderer.java | 7 +-
utils/src/com/cloud/utils/mgmt/JmxUtil.java | 7 +-
.../com/cloud/utils/mgmt/ManagementBean.java | 7 +-
.../utils/mgmt/PropertyMapDynamicBean.java | 7 +-
utils/src/com/cloud/utils/net/Ip.java | 7 +-
utils/src/com/cloud/utils/net/Ip4Address.java | 7 +-
utils/src/com/cloud/utils/net/MacAddress.java | 7 +-
utils/src/com/cloud/utils/net/NetUtils.java | 22 +-
utils/src/com/cloud/utils/net/NfsUtils.java | 7 +-
utils/src/com/cloud/utils/net/UrlUtil.java | 7 +-
.../src/com/cloud/utils/nio/HandlerFactory.java | 7 +-
utils/src/com/cloud/utils/nio/Link.java | 7 +-
utils/src/com/cloud/utils/nio/NioClient.java | 7 +-
.../src/com/cloud/utils/nio/NioConnection.java | 7 +-
utils/src/com/cloud/utils/nio/NioServer.java | 7 +-
utils/src/com/cloud/utils/nio/Task.java | 7 +-
.../com/cloud/utils/nio/TrustAllManager.java | 7 +-
.../BasicEncodedRESTValidationStrategy.java | 66 +
.../utils/rest/CloudstackRESTException.java | 39 +
.../cloud/utils/rest/RESTServiceConnector.java | 377 +
.../utils/rest/RESTValidationStrategy.java | 165 +
.../cloud/utils/script/OutputInterpreter.java | 7 +-
utils/src/com/cloud/utils/script/Script.java | 7 +-
utils/src/com/cloud/utils/script/Script2.java | 7 +-
.../cloud/utils/security/CertificateHelper.java | 7 +-
utils/src/com/cloud/utils/ssh/SSHCmdHelper.java | 7 +-
.../src/com/cloud/utils/ssh/SSHKeysHelper.java | 7 +-
utils/src/com/cloud/utils/ssh/SshException.java | 7 +-
utils/src/com/cloud/utils/ssh/SshHelper.java | 2 +
.../storage/encoding/DecodedDataObject.java | 47 +-
.../storage/encoding/DecodedDataStore.java | 51 +-
.../cloud/utils/storage/encoding/Decoder.java | 37 +-
.../utils/storage/encoding/EncodingType.java | 37 +-
.../com/cloud/utils/time/InaccurateClock.java | 7 +-
.../cloud/utils/time/InaccurateClockMBean.java | 7 +-
.../com/cloud/utils/xmlobject/XmlObject.java | 3 +
.../cloud/utils/xmlobject/XmlObjectParser.java | 3 +
.../utils/identity/ManagementServerNode.java | 3 +
.../ssl/EasySSLProtocolSocketFactory.java | 53 +-
.../contrib/ssl/EasyX509TrustManager.java | 43 +-
utils/test/com/cloud/utils/DummyImpl.java | 7 +-
utils/test/com/cloud/utils/DummyInterface.java | 7 +-
.../test/com/cloud/utils/DummyPremiumImpl.java | 7 +-
utils/test/com/cloud/utils/NumbersUtilTest.java | 10 +-
.../com/cloud/utils/PasswordGeneratorTest.java | 7 +-
utils/test/com/cloud/utils/ProcessUtilTest.java | 33 +-
.../com/cloud/utils/PropertiesUtilsTest.java | 3 +
utils/test/com/cloud/utils/ReflectUtilTest.java | 9 +-
utils/test/com/cloud/utils/ScriptTest.java | 7 +-
utils/test/com/cloud/utils/StringUtilsTest.java | 18 +-
utils/test/com/cloud/utils/TernaryTest.java | 6 +-
utils/test/com/cloud/utils/TestProfiler.java | 7 +-
utils/test/com/cloud/utils/UriUtilsTest.java | 60 +
utils/test/com/cloud/utils/UuidUtilsTest.java | 42 +
.../backoff/impl/ConstantTimeBackoffTest.java | 7 +-
.../com/cloud/utils/crypto/RSAHelperTest.java | 3 +
.../cloud/utils/encoding/UrlEncoderTest.java | 37 +-
.../utils/exception/ExceptionUtilTest.java | 37 +-
utils/test/com/cloud/utils/net/IpTest.java | 7 +-
.../test/com/cloud/utils/net/NetUtilsTest.java | 234 +-
.../utils/rest/RESTServiceConnectorTest.java | 395 +
.../com/cloud/utils/ssh/SSHKeysHelperTest.java | 3 +
.../utils/testcase/Log4jEnabledTestCase.java | 7 +-
.../test/com/cloud/utils/testcase/NioTest.java | 7 +-
.../cloud/utils/xmlobject/TestXmlObject.java | 3 +
.../cloud/utils/xmlobject/TestXmlObject2.java | 3 +
.../com/cloud/utils/QualifierTestContext.xml | 30 +-
.../utils/db/transactionContextBuilderTest.xml | 30 +-
utils/test/resources/log4j.xml | 30 +-
utils/test/resources/testContext.xml | 34 +-
.../cloud/hypervisor/vmware/mo/ClusterMO.java | 12 +-
.../com/cloud/hypervisor/vmware/mo/HostMO.java | 16 +
.../hypervisor/vmware/mo/VirtualMachineMO.java | 88 +-
.../vmware/util/VmwareGuestOsMapper.java | 1 +
1194 files changed, 33829 insertions(+), 19413 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/com/cloud/event/EventTypes.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/com/cloud/network/vpc/StaticRouteProfile.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/com/cloud/storage/VolumeApiService.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/acl/SecurityChecker.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/APICommand.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/APICommand.java
index 690dd9a,6211afc..9b4dfaf
--- a/api/src/org/apache/cloudstack/api/APICommand.java
+++ b/api/src/org/apache/cloudstack/api/APICommand.java
@@@ -22,9 -22,8 +22,9 @@@ import java.lang.annotation.Retention
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
+ import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
- import org.apache.cloudstack.acl.IAMEntityType;
@Retention(RetentionPolicy.RUNTIME)
@Target({TYPE})
@@@ -41,8 -40,10 +41,12 @@@ public @interface APICommand
String since() default "";
+ ResponseView responseView() default ResponseView.Full;
+
+ boolean requestHasSensitiveInfo() default true;
+
+ boolean responseHasSensitiveInfo() default true;
+
RoleType[] authorized() default {};
IAMEntityType[] entityType() default {};
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/BaseCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.java
index a2399cf,1a319d8..0c46d50
--- a/api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.java
@@@ -36,7 -34,8 +36,9 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.user.Account;
import com.cloud.user.UserAccount;
- @APICommand(name = "createAccount", description = "Creates an account", responseObject = AccountResponse.class, entityType = { IAMEntityType.Account })
-@APICommand(name = "createAccount", description = "Creates an account", responseObject = AccountResponse.class,
++
++@APICommand(name = "createAccount", description = "Creates an account", responseObject = AccountResponse.class, entityType = {IAMEntityType.Account},
+ requestHasSensitiveInfo = true, responseHasSensitiveInfo = true)
public class CreateAccountCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateAccountCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/account/DeleteAccountCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/account/DeleteAccountCmd.java
index f1547a4,9a7417a..8cc87c2
--- a/api/src/org/apache/cloudstack/api/command/admin/account/DeleteAccountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/account/DeleteAccountCmd.java
@@@ -39,7 -36,8 +39,8 @@@ import com.cloud.event.EventTypes
import com.cloud.user.Account;
import com.cloud.user.User;
- @APICommand(name = "deleteAccount", description = "Deletes a account, and all users associated with this account", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Account })
-@APICommand(name = "deleteAccount", description = "Deletes a account, and all users associated with this account", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteAccount", description = "Deletes a account, and all users associated with this account", responseObject = SuccessResponse.class, entityType = {IAMEntityType.Account},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteAccountCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAccountCmd.class.getName());
private static final String s_name = "deleteaccountresponse";
@@@ -104,7 -102,7 +105,7 @@@
boolean result = _regionService.deleteUserAccount(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete user account and all corresponding users");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/account/DisableAccountCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/account/DisableAccountCmd.java
index 028481c,642b748..1e81009
--- a/api/src/org/apache/cloudstack/api/command/admin/account/DisableAccountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/account/DisableAccountCmd.java
@@@ -41,7 -37,8 +41,8 @@@ import com.cloud.exception.ConcurrentOp
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
- @APICommand(name = "disableAccount", description = "Disables an account", responseObject = AccountResponse.class, entityType = { IAMEntityType.Account })
-@APICommand(name = "disableAccount", description = "Disables an account", responseObject = AccountResponse.class,
++@APICommand(name = "disableAccount", description = "Disables an account", responseObject = AccountResponse.class, entityType = {IAMEntityType.Account},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class DisableAccountCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DisableAccountCmd.class.getName());
private static final String s_name = "disableaccountresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/account/EnableAccountCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/account/EnableAccountCmd.java
index 9e38d3a,97913f5..1bfd71c
--- a/api/src/org/apache/cloudstack/api/command/admin/account/EnableAccountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/account/EnableAccountCmd.java
@@@ -36,7 -32,8 +36,8 @@@ import org.apache.cloudstack.region.Reg
import com.cloud.user.Account;
- @APICommand(name = "enableAccount", description = "Enables an account", responseObject = AccountResponse.class, entityType = { IAMEntityType.Account })
-@APICommand(name = "enableAccount", description = "Enables an account", responseObject = AccountResponse.class,
++@APICommand(name = "enableAccount", description = "Enables an account", responseObject = AccountResponse.class, entityType = {IAMEntityType.Account},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class EnableAccountCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(EnableAccountCmd.class.getName());
private static final String s_name = "enableaccountresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java
index ddc1628,1fd3d7e..780dac1
--- a/api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java
@@@ -28,7 -27,8 +28,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.user.Account;
- @APICommand(name = "lockAccount", description = "Locks an account", responseObject = AccountResponse.class, entityType = { IAMEntityType.Account })
-@APICommand(name = "lockAccount", description = "Locks an account", responseObject = AccountResponse.class,
++@APICommand(name = "lockAccount", description = "Locks an account", responseObject = AccountResponse.class, entityType = {IAMEntityType.Account},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class LockAccountCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(LockAccountCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/account/UpdateAccountCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/account/UpdateAccountCmd.java
index d423848,61b1b31..8d9fe26
--- a/api/src/org/apache/cloudstack/api/command/admin/account/UpdateAccountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/account/UpdateAccountCmd.java
@@@ -39,7 -35,8 +39,8 @@@ import org.apache.cloudstack.region.Reg
import com.cloud.user.Account;
- @APICommand(name = "updateAccount", description = "Updates account information for the authenticated user", responseObject = AccountResponse.class, entityType = { IAMEntityType.Account })
-@APICommand(name = "updateAccount", description = "Updates account information for the authenticated user", responseObject = AccountResponse.class,
++@APICommand(name = "updateAccount", description = "Updates account information for the authenticated user", responseObject = AccountResponse.class, entityType = {IAMEntityType.Account},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class UpdateAccountCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(UpdateAccountCmd.class.getName());
private static final String s_name = "updateaccountresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/internallb/ListInternalLBVMsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/internallb/ListInternalLBVMsCmd.java
index 1cec188,43b18ee..e6ea519
--- a/api/src/org/apache/cloudstack/api/command/admin/internallb/ListInternalLBVMsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/internallb/ListInternalLBVMsCmd.java
@@@ -35,7 -34,8 +35,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.router.VirtualRouter.Role;
- @APICommand(name = "listInternalLoadBalancerVMs", description = "List internal LB VMs.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "listInternalLoadBalancerVMs", description = "List internal LB VMs.", responseObject = DomainRouterResponse.class,
++@APICommand(name = "listInternalLoadBalancerVMs", description = "List internal LB VMs.", responseObject = DomainRouterResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListInternalLBVMsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListInternalLBVMsCmd.class.getName());
@@@ -134,6 -134,6 +135,6 @@@
public void execute() {
ListResponse<DomainRouterResponse> response = _queryService.searchForInternalLbVms(this);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/internallb/StartInternalLBVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/internallb/StartInternalLBVMCmd.java
index b747c30,a5b2bf7..54d7621
--- a/api/src/org/apache/cloudstack/api/command/admin/internallb/StartInternalLBVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/internallb/StartInternalLBVMCmd.java
@@@ -39,7 -36,8 +39,8 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.network.router.VirtualRouter;
import com.cloud.network.router.VirtualRouter.Role;
- @APICommand(name = "startInternalLoadBalancerVM", responseObject = DomainRouterResponse.class, description = "Starts an existing internal lb vm.", entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "startInternalLoadBalancerVM", responseObject = DomainRouterResponse.class, description = "Starts an existing internal lb vm.",
++@APICommand(name = "startInternalLoadBalancerVM", responseObject = DomainRouterResponse.class, description = "Starts an existing internal lb vm.", entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class StartInternalLBVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StartInternalLBVMCmd.class.getName());
private static final String s_name = "startinternallbvmresponse";
@@@ -116,7 -114,7 +117,7 @@@
if (result != null) {
DomainRouterResponse routerResponse = _responseGenerator.createDomainRouterResponse(result);
routerResponse.setResponseName(getCommandName());
-- this.setResponseObject(routerResponse);
++ setResponseObject(routerResponse);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to start internal lb vm");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/internallb/StopInternalLBVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/internallb/StopInternalLBVMCmd.java
index f8a8b7b,88d864b..aa946be
--- a/api/src/org/apache/cloudstack/api/command/admin/internallb/StopInternalLBVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/internallb/StopInternalLBVMCmd.java
@@@ -38,7 -35,8 +38,8 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.network.router.VirtualRouter;
import com.cloud.network.router.VirtualRouter.Role;
- @APICommand(name = "stopInternalLoadBalancerVM", description = "Stops an Internal LB vm.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "stopInternalLoadBalancerVM", description = "Stops an Internal LB vm.", responseObject = DomainRouterResponse.class,
++@APICommand(name = "stopInternalLoadBalancerVM", description = "Stops an Internal LB vm.", responseObject = DomainRouterResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class StopInternalLBVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StopInternalLBVMCmd.class.getName());
private static final String s_name = "stopinternallbvmresponse";
@@@ -118,7 -116,7 +119,7 @@@
if (result != null) {
DomainRouterResponse response = _responseGenerator.createDomainRouterResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to stop internal lb vm");
}
[20/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Fix some issues in renaming iam api, also fix marvin library.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9f47466f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9f47466f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9f47466f
Branch: refs/heads/master
Commit: 9f47466fea88891961d2af416e5701650172fc2a
Parents: 45a96e4
Author: Min Chen <mi...@citrix.com>
Authored: Wed Feb 26 17:30:34 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Wed Feb 26 17:30:34 2014 -0800
----------------------------------------------------------------------
client/tomcatconf/commands.properties.in | 30 ++++----
.../api/command/iam/DeleteIAMGroupCmd.java | 4 +-
test/integration/smoke/test_vm_iam.py | 6 +-
tools/apidoc/gen_toc.py | 2 +-
tools/marvin/marvin/integration/lib/base.py | 76 ++++++++++----------
5 files changed, 59 insertions(+), 59 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9f47466f/client/tomcatconf/commands.properties.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in
index e993a5b..a91592e 100644
--- a/client/tomcatconf/commands.properties.in
+++ b/client/tomcatconf/commands.properties.in
@@ -719,21 +719,21 @@ listLdapUsers=3
ldapCreateAccount=3
importLdapUsers=3
-### Acl commands
-createAclPolicy=1
-deleteAclPolicy=1
-listAclPolicies=1
-addAclPermissionToAclPolicy=1
-removeAclPermissionFromAclPolicy=1
-createAclGroup=1
-deleteAclGroup=1
-listAclGroups=1
-addAccountToAclGroup=1
-removeAccountFromAclGroup=1
-attachAclPolicyToAclGroup=1
-removeAclPolicyFromAclGroup=1
-attachAclPolicyToAccount=1
-removeAclPolicyFromAccount=1
+### IAM commands
+createIAMPolicy=1
+deleteIAMPolicy=1
+listIAMPolicies=1
+addIAMPermissionToIAMPolicy=1
+removeIAMPermissionFromIAMPolicy=1
+createIAMGroup=1
+deleteIAMGroup=1
+listIAMGroups=1
+addAccountToIAMGroup=1
+removeAccountFromIAMGroup=1
+attachIAMPolicyToIAMGroup=1
+removeIAMPolicyFromIAMGroup=1
+attachIAMPolicyToAccount=1
+removeIAMPolicyFromAccount=1
#### juniper-contrail commands
createServiceInstance=1
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9f47466f/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java
index f5d40fc..60b1e24 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java
@@ -20,7 +20,6 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -31,11 +30,12 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.SuccessResponse;
import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.iam.IAMApiService;
import com.cloud.event.EventTypes;
import com.cloud.user.Account;
-@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
+@APICommand(name = "deleteIAMGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
public class DeleteIAMGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteIAMGroupCmd.class.getName());
private static final String s_name = "deleteaclgroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9f47466f/test/integration/smoke/test_vm_iam.py
----------------------------------------------------------------------
diff --git a/test/integration/smoke/test_vm_iam.py b/test/integration/smoke/test_vm_iam.py
index 062c030..48bc884 100644
--- a/test/integration/smoke/test_vm_iam.py
+++ b/test/integration/smoke/test_vm_iam.py
@@ -226,12 +226,12 @@ class TestVMIam(cloudstackTestCase):
templateid=self.template.id
)
- self.srv_desk_grp = AclGroup.create(
+ self.srv_desk_grp = IAMGroup.create(
self.apiclient,
self.services["service_desk_iam_grp"]
)
- self.vm_read_policy = AclPolicy.create(
+ self.vm_read_policy = IAMPolicy.create(
self.apiclient,
self.services["vm_readonly_iam_policy"]
)
@@ -239,7 +239,7 @@ class TestVMIam(cloudstackTestCase):
vm_grant_policy_params = {}
vm_grant_policy_params['name'] = "policyGrantVirtualMachine" + self.virtual_machine_1A.id
vm_grant_policy_params['description'] = "Policy to grant permission to VirtualMachine " + self.virtual_machine_1A.id
- self.vm_grant_policy = AclPolicy.create(
+ self.vm_grant_policy = IAMPolicy.create(
self.apiclient,
vm_grant_policy_params
)
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9f47466f/tools/apidoc/gen_toc.py
----------------------------------------------------------------------
diff --git a/tools/apidoc/gen_toc.py b/tools/apidoc/gen_toc.py
index ef30a79..827d6bf 100644
--- a/tools/apidoc/gen_toc.py
+++ b/tools/apidoc/gen_toc.py
@@ -160,7 +160,7 @@ known_categories = {
'Ucs' : 'UCS',
'CacheStores' : 'Cache Stores',
'CacheStore' : 'Cache Store',
- 'Acl' : 'Acl',
+ 'IAM' : 'IAM',
'OvsElement' : 'Ovs Element',
'StratosphereSsp' : ' Stratosphere SSP'
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9f47466f/tools/marvin/marvin/integration/lib/base.py
----------------------------------------------------------------------
diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py
index 0058834..c508323 100755
--- a/tools/marvin/marvin/integration/lib/base.py
+++ b/tools/marvin/marvin/integration/lib/base.py
@@ -3624,130 +3624,130 @@ class Resources:
[setattr(cmd, k, v) for k, v in kwargs.items()]
return(apiclient.updateResourceCount(cmd))
-class AclGroup:
+class IAMGroup:
def __init__(self, items):
self.__dict__.update(items)
@classmethod
def create(cls, apiclient, iam_grp, account=None, domainid=None):
- cmd = createAclGroup.createAclGroupCmd()
+ cmd = createIAMGroup.createIAMGroupCmd()
cmd.name = iam_grp['name']
cmd.description = iam_grp['description']
if account:
cmd.account = account
if domainid:
cmd.domainid = domainid
- return AclGroup(apiclient.createAclGroup(cmd).__dict__)
+ return IAMGroup(apiclient.createIAMGroup(cmd).__dict__)
def update(self, apiclient):
pass
def delete(self, apiclient):
- cmd = deleteAclGroup.deleteAclGroupCmd()
+ cmd = deleteIAMGroup.deleteIAMGroupCmd()
cmd.id = self.id
- return apiclient.deleteAclGroup(cmd)
+ return apiclient.deleteIAMGroup(cmd)
@classmethod
def list(cls, apiclient, **kwargs):
- cmd = listAclGroups.listAclGroupsCmd()
+ cmd = listIAMGroups.listIAMGroupsCmd()
[setattr(cmd, k, v) for k, v in kwargs.items()]
- return apiclient.listAclGroupsCmd(cmd)
+ return apiclient.listIAMGroupsCmd(cmd)
def addAccount(self, apiclient, accts):
- """Add accounts to acl group"""
- cmd = addAccountToAclGroup.addAccountToAclGroupCmd()
+ """Add accounts to iam group"""
+ cmd = addAccountToIAMGroup.addAccountToIAMGroupCmd()
cmd.id = self.id
cmd.accounts = [str(acct.id) for acct in accts]
- apiclient.addAccountToAclGroup(cmd)
+ apiclient.addAccountToIAMGroup(cmd)
return
def removeAccount(self, apiclient, accts):
- """ Remove accounts from acl group"""
- cmd = removeAccountFromAclGroup.removeAccountFromAclGroupCmd()
+ """ Remove accounts from iam group"""
+ cmd = removeAccountFromIAMGroup.removeAccountFromIAMGroupCmd()
cmd.id = self.id
cmd.accounts = [str(acct.id) for acct in accts]
- apiclient.removeAccountFromAclGroup(cmd)
+ apiclient.removeAccountFromIAMGroup(cmd)
return
def attachPolicy(self, apiclient, policies):
- """Add policies to acl group"""
- cmd = attachAclPolicyToAclGroup.attachAclPolicyToAclGroupCmd()
+ """Add policies to iam group"""
+ cmd = attachIAMPolicyToIAMGroup.attachIAMPolicyToIAMGroupCmd()
cmd.id = self.id
cmd.policies = [str(policy.id) for policy in policies]
- apiclient.attachAclPolicyToAclGroup(cmd)
+ apiclient.attachIAMPolicyToIAMGroup(cmd)
return
def detachPolicy(self, apiclient, policies):
- """Remove policies from acl group"""
- cmd = removeAclPolicyFromAclGroup.removeAclPolicyFromAclGroupCmd()
+ """Remove policies from iam group"""
+ cmd = removeIAMPolicyFromIAMGroup.removeIAMPolicyFromIAMGroupCmd()
cmd.id = self.id
cmd.policies = [str(policy.id) for policy in policies]
- apiclient.removeAclPolicyFromAclGroup(cmd)
+ apiclient.removeIAMPolicyFromIAMGroup(cmd)
return
-class AclPolicy:
+class IAMPolicy:
def __init__(self, items):
self.__dict__.update(items)
@classmethod
def create(cls, apiclient, iam_policy, account=None, domainid=None):
- cmd = createAclPolicy.createAclPolicyCmd()
+ cmd = createIAMPolicy.createIAMPolicyCmd()
cmd.name = iam_policy['name']
cmd.description = iam_policy['description']
if account:
cmd.account = account
if domainid:
cmd.domainid = domainid
- return AclGroup(apiclient.createAclPolicy(cmd).__dict__)
+ return AclGroup(apiclient.createIAMPolicy(cmd).__dict__)
def update(self, apiclient):
pass
def delete(self, apiclient):
- cmd = deleteAclPolicy.deleteAclPolicyCmd()
+ cmd = deleteIAMPolicy.deleteIAMPolicyCmd()
cmd.id = self.id
- return apiclient.deleteAclPolicy(cmd)
+ return apiclient.deleteIAMPolicy(cmd)
@classmethod
def list(cls, apiclient, **kwargs):
- cmd = listAclPolicies.listAclPoliciesCmd()
+ cmd = listIAMPolicies.listIAMPoliciesCmd()
[setattr(cmd, k, v) for k, v in kwargs.items()]
- return apiclient.listAclPoliciesCmd(cmd)
+ return apiclient.listIAMPoliciesCmd(cmd)
def addPermission(self, apiclient, permission):
- """Add permission to acl policy"""
- cmd = addAclPermissionToAclPolicy.addAclPermissionToAclPolicyCmd()
+ """Add permission to iam policy"""
+ cmd = addIAMPermissionToIAMPolicy.addIAMPermissionToIAMPolicyCmd()
cmd.id = self.id
cmd.action = permission['action']
cmd.entitytype = permission['entitytype']
cmd.scope = permission['scope']
cmd.scopeid = permission['scopeid']
- apiclient.addAclPermissionToAclPolicy(cmd)
+ apiclient.addIAMPermissionToIAMPolicy(cmd)
return
def removePermission(self, apiclient, permission):
- """Remove permission from acl policy"""
- cmd = removeAclPermissionFromAclPolicy.removeAclPermissionFromAclPolicyCmd()
+ """Remove permission from iam policy"""
+ cmd = removeIAMPermissionFromIAMPolicy.removeIAMPermissionFromIAMPolicyCmd()
cmd.id = self.id
cmd.action = permission['action']
cmd.entitytype = permission['entitytype']
cmd.scope = permission['scope']
cmd.scopeid = permission['scopeid']
- apiclient.addAclPermissionToAclPolicy(cmd)
+ apiclient.addIAMPermissionToIAMPolicy(cmd)
return
def attachAccount(self, apiclient, accts):
- """Attach policy to accounts"""
- cmd = attachAclPolicyToAccount.attachAclPolicyToAccountCmd()
+ """Attach iam policy to accounts"""
+ cmd = attachIAMPolicyToAccount.attachIAMPolicyToAccountCmd()
cmd.id = self.id
cmd.accounts = [str(acct.id) for acct in accts]
- apiclient.attachAclPolicyToAccount(cmd)
+ apiclient.attachIAMPolicyToAccount(cmd)
return
def detachAccount(self, apiclient, accts):
- """Detach policy from accounts"""
- cmd = removeAclPolicyFromAccount.removeAclPolicyFromAccountCmd()
+ """Detach iam policy from accounts"""
+ cmd = removeIAMPolicyFromAccount.removeIAMPolicyFromAccountCmd()
cmd.id = self.id
cmd.accounts = [str(acct.id) for acct in accts]
- apiclient.removeAclPolicyFromAccount(cmd)
+ apiclient.removeIAMPolicyFromAccount(cmd)
return
\ No newline at end of file
[35/50] [abbrv] Merge branch 'master' into rbac.
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java
index 462219e,8b13c51..26440d4
--- a/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java
@@@ -35,7 -34,8 +35,8 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.network.router.VirtualRouter;
import com.cloud.user.Account;
- @APICommand(name = "destroyRouter", description = "Destroys a router.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "destroyRouter", description = "Destroys a router.", responseObject = DomainRouterResponse.class,
++@APICommand(name = "destroyRouter", description = "Destroys a router.", responseObject = DomainRouterResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DestroyRouterCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DestroyRouterCmd.class.getName());
private static final String s_name = "destroyrouterresponse";
@@@ -103,7 -103,7 +104,7 @@@
if (result != null) {
DomainRouterResponse response = _responseGenerator.createDomainRouterResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to destroy router");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java
index c0e54c8,3a5efa2..d55a5f3
--- a/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java
@@@ -36,7 -35,8 +36,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.router.VirtualRouter.Role;
- @APICommand(name = "listRouters", description = "List routers.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "listRouters", description = "List routers.", responseObject = DomainRouterResponse.class,
++@APICommand(name = "listRouters", description = "List routers.", responseObject = DomainRouterResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListRoutersCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListRoutersCmd.class.getName());
@@@ -149,6 -149,6 +150,6 @@@
public void execute() {
ListResponse<DomainRouterResponse> response = _queryService.searchForRouters(this);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java
index f4200c5,155e3ee..3a89388
--- a/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java
@@@ -36,7 -35,8 +36,8 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.network.router.VirtualRouter;
import com.cloud.user.Account;
- @APICommand(name = "rebootRouter", description = "Starts a router.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "rebootRouter", description = "Starts a router.", responseObject = DomainRouterResponse.class,
++@APICommand(name = "rebootRouter", description = "Starts a router.", responseObject = DomainRouterResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class RebootRouterCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RebootRouterCmd.class.getName());
private static final String s_name = "rebootrouterresponse";
@@@ -98,11 -98,11 +99,11 @@@
@Override
public void execute() throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
CallContext.current().setEventDetails("Router Id: " + getId());
-- VirtualRouter result = _routerService.rebootRouter(this.getId(), true);
++ VirtualRouter result = _routerService.rebootRouter(getId(), true);
if (result != null) {
DomainRouterResponse response = _responseGenerator.createDomainRouterResponse(result);
response.setResponseName("router");
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to reboot router");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java
index 0c553be,ffafb5d..f83466b
--- a/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java
@@@ -38,7 -37,8 +38,8 @@@ import com.cloud.network.router.Virtual
import com.cloud.network.router.VirtualRouter.Role;
import com.cloud.user.Account;
- @APICommand(name = "startRouter", responseObject = DomainRouterResponse.class, description = "Starts a router.", entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "startRouter", responseObject = DomainRouterResponse.class, description = "Starts a router.",
++@APICommand(name = "startRouter", responseObject = DomainRouterResponse.class, description = "Starts a router.", entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class StartRouterCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StartRouterCmd.class.getName());
private static final String s_name = "startrouterresponse";
@@@ -114,7 -114,7 +115,7 @@@
if (result != null) {
DomainRouterResponse routerResponse = _responseGenerator.createDomainRouterResponse(result);
routerResponse.setResponseName(getCommandName());
-- this.setResponseObject(routerResponse);
++ setResponseObject(routerResponse);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to start router");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java
index 9472e4a,d41cf88..e2d4200
--- a/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java
@@@ -37,7 -36,8 +37,8 @@@ import com.cloud.network.router.Virtual
import com.cloud.network.router.VirtualRouter.Role;
import com.cloud.user.Account;
- @APICommand(name = "stopRouter", description = "Stops a router.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "stopRouter", description = "Stops a router.", responseObject = DomainRouterResponse.class,
++@APICommand(name = "stopRouter", description = "Stops a router.", responseObject = DomainRouterResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class StopRouterCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StopRouterCmd.class.getName());
private static final String s_name = "stoprouterresponse";
@@@ -117,7 -117,7 +118,7 @@@
if (result != null) {
DomainRouterResponse response = _responseGenerator.createDomainRouterResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to stop router");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java
index e414fc9,de195d9..0b67db9
--- a/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java
@@@ -31,7 -30,8 +31,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.router.VirtualRouter;
import com.cloud.user.Account;
- @APICommand(name = "changeServiceForRouter", description = "Upgrades domain router to a new service offering", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "changeServiceForRouter", description = "Upgrades domain router to a new service offering", responseObject = DomainRouterResponse.class,
++@APICommand(name = "changeServiceForRouter", description = "Upgrades domain router to a new service offering", responseObject = DomainRouterResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpgradeRouterCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeRouterCmd.class.getName());
private static final String s_name = "changeserviceforrouterresponse";
@@@ -87,7 -87,7 +88,7 @@@
if (router != null) {
DomainRouterResponse routerResponse = _responseGenerator.createDomainRouterResponse(router);
routerResponse.setResponseName(getCommandName());
-- this.setResponseObject(routerResponse);
++ setResponseObject(routerResponse);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to upgrade router");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java
index 24687ec,2b25a0f..bc977a4
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java
@@@ -35,7 -32,8 +35,8 @@@ import com.cloud.event.EventTypes
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
- @APICommand(name = "destroySystemVm", responseObject = SystemVmResponse.class, description = "Destroyes a system virtual machine.", entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "destroySystemVm", responseObject = SystemVmResponse.class, description = "Destroyes a system virtual machine.",
++@APICommand(name = "destroySystemVm", responseObject = SystemVmResponse.class, description = "Destroyes a system virtual machine.", entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DestroySystemVmCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DestroySystemVmCmd.class.getName());
@@@ -104,7 -101,7 +105,7 @@@
if (instance != null) {
SystemVmResponse response = _responseGenerator.createSystemVmResponse(instance);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Fail to destroy system vm");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java
index 6add394,e5feec2..bfecd18
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java
@@@ -37,7 -36,8 +37,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.utils.Pair;
import com.cloud.vm.VirtualMachine;
- @APICommand(name = "listSystemVms", description = "List system virtual machines.", responseObject = SystemVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "listSystemVms", description = "List system virtual machines.", responseObject = SystemVmResponse.class,
++@APICommand(name = "listSystemVms", description = "List system virtual machines.", responseObject = SystemVmResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListSystemVMsCmd extends BaseListCmd {
public static final Logger s_logger = Logger.getLogger(ListSystemVMsCmd.class.getName());
@@@ -140,6 -140,6 +141,6 @@@
response.setResponses(vmResponses, systemVMs.second());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java
index 44a5586,0da7a53..994635a
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java
@@@ -41,7 -38,8 +41,8 @@@ import com.cloud.host.Host
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
- @APICommand(name = "migrateSystemVm", description = "Attempts Migration of a system virtual machine to the host specified.", responseObject = SystemVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "migrateSystemVm", description = "Attempts Migration of a system virtual machine to the host specified.", responseObject = SystemVmResponse.class,
++@APICommand(name = "migrateSystemVm", description = "Attempts Migration of a system virtual machine to the host specified.", responseObject = SystemVmResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class MigrateSystemVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(MigrateSystemVMCmd.class.getName());
@@@ -122,7 -119,7 +123,7 @@@
// return the generic system VM instance response
SystemVmResponse response = _responseGenerator.createSystemVmResponse(migratedVm);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to migrate the system vm");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java
index 68c941c,6663d64..0031d60
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java
@@@ -35,7 -32,8 +35,8 @@@ import com.cloud.event.EventTypes
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
- @APICommand(name = "rebootSystemVm", description = "Reboots a system VM.", responseObject = SystemVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "rebootSystemVm", description = "Reboots a system VM.", responseObject = SystemVmResponse.class,
++@APICommand(name = "rebootSystemVm", description = "Reboots a system VM.", responseObject = SystemVmResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class RebootSystemVmCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RebootSystemVmCmd.class.getName());
@@@ -111,7 -109,7 +112,7 @@@
if (result != null) {
SystemVmResponse response = _responseGenerator.createSystemVmResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Fail to reboot system vm");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java
index c220e2a,3df6497..f50b2c4
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java
@@@ -21,9 -21,6 +21,11 @@@ import java.util.HashMap
import java.util.Iterator;
import java.util.Map;
++import org.apache.log4j.Logger;
++
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@@ -34,7 -31,7 +36,6 @@@ import org.apache.cloudstack.api.comman
import org.apache.cloudstack.api.response.ServiceOfferingResponse;
import org.apache.cloudstack.api.response.SystemVmResponse;
import org.apache.cloudstack.context.CallContext;
--import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.exception.ConcurrentOperationException;
@@@ -47,7 -44,8 +48,8 @@@ import com.cloud.user.Account
import com.cloud.vm.VirtualMachine;
@APICommand(name = "scaleSystemVm", responseObject = SystemVmResponse.class, description = "Scale the service offering for a system vm (console proxy or secondary storage). "
- + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.", entityType = { IAMEntityType.VirtualMachine })
- + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.",
++ + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.", entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ScaleSystemVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeVMCmd.class.getName());
private static final String s_name = "changeserviceforsystemvmresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java
index ce6a47f,925c9cf..6aecc91
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java
@@@ -35,7 -32,8 +35,8 @@@ import com.cloud.event.EventTypes
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
- @APICommand(name = "startSystemVm", responseObject = SystemVmResponse.class, description = "Starts a system virtual machine.", entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "startSystemVm", responseObject = SystemVmResponse.class, description = "Starts a system virtual machine.",
++@APICommand(name = "startSystemVm", responseObject = SystemVmResponse.class, description = "Starts a system virtual machine.", entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class StartSystemVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StartSystemVMCmd.class.getName());
@@@ -115,7 -113,7 +116,7 @@@
if (instance != null) {
SystemVmResponse response = _responseGenerator.createSystemVmResponse(instance);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Fail to start system vm");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java
index d5e5f00,ef58156..9a049c2
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java
@@@ -37,7 -34,8 +37,8 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
- @APICommand(name = "stopSystemVm", description = "Stops a system VM.", responseObject = SystemVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "stopSystemVm", description = "Stops a system VM.", responseObject = SystemVmResponse.class,
++@APICommand(name = "stopSystemVm", description = "Stops a system VM.", responseObject = SystemVmResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class StopSystemVmCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StopSystemVmCmd.class.getName());
@@@ -121,7 -118,7 +122,7 @@@
if (result != null) {
SystemVmResponse response = _responseGenerator.createSystemVmResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Fail to stop system vm");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java
index c12d6b0,7aff825..033709a
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java
@@@ -21,9 -21,6 +21,11 @@@ import java.util.HashMap
import java.util.Iterator;
import java.util.Map;
++import org.apache.log4j.Logger;
++
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@@ -34,15 -31,16 +36,15 @@@ import org.apache.cloudstack.api.comman
import org.apache.cloudstack.api.response.ServiceOfferingResponse;
import org.apache.cloudstack.api.response.SystemVmResponse;
import org.apache.cloudstack.context.CallContext;
--import org.apache.log4j.Logger;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.offering.ServiceOffering;
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
- @APICommand(name = "changeServiceForSystemVm", responseObject = SystemVmResponse.class, description = "Changes the service offering for a system vm (console proxy or secondary storage). "
- + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.",
+@APICommand(name = "changeServiceForSystemVm", responseObject = SystemVmResponse.class, description = "Changes the service offering for a system vm (console proxy or secondary storage). "
- + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.", entityType = { IAMEntityType.VirtualMachine })
++ + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.", entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpgradeSystemVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeVMCmd.class.getName());
private static final String s_name = "changeserviceforsystemvmresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java
index af214e0,d227232..ce43243
--- a/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java
@@@ -35,7 -31,8 +35,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.template.VirtualMachineTemplate;
import com.cloud.user.Account;
- @APICommand(name = "prepareTemplate", responseObject = TemplateResponse.class, description = "load template into primary storage", entityType = { IAMEntityType.VirtualMachineTemplate })
-@APICommand(name = "prepareTemplate", responseObject = TemplateResponse.class, description = "load template into primary storage",
++@APICommand(name = "prepareTemplate", responseObject = TemplateResponse.class, description = "load template into primary storage", entityType = {IAMEntityType.VirtualMachineTemplate},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class PrepareTemplateCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(PrepareTemplateCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/user/CreateUserCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
index 71ababd,f435f72..dd84ec2
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
@@@ -39,8 -37,10 +39,10 @@@ import com.cloud.uservm.UserVm
@APICommand(name = "assignVirtualMachine",
description = "Change ownership of a VM from one account to another. This API is available for Basic zones with security groups and Advanced zones with guest networks. A root administrator can reassign a VM from any account to any other account in any domain. A domain administrator can reassign a VM to any account in the same domain.",
responseObject = UserVmResponse.class,
- since = "3.0.0", entityType = { IAMEntityType.VirtualMachine })
- since = "3.0.0",
++ since = "3.0.0", entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = true)
-public class AssignVMCmd extends BaseCmd {
+public class AssignVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(AssignVMCmd.class.getName());
private static final String s_name = "assignvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java
index 2fb6a1e,983d25d..623ddb6
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java
@@@ -40,7 -37,8 +40,8 @@@ import com.cloud.user.Account
import com.cloud.uservm.UserVm;
import com.cloud.utils.exception.CloudRuntimeException;
- @APICommand(name = "expungeVirtualMachine", description = "Expunge a virtual machine. Once expunged, it cannot be recoverd.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "expungeVirtualMachine", description = "Expunge a virtual machine. Once expunged, it cannot be recoverd.", responseObject = SuccessResponse.class,
++@APICommand(name = "expungeVirtualMachine", description = "Expunge a virtual machine. Once expunged, it cannot be recoverd.", responseObject = SuccessResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ExpungeVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ExpungeVMCmd.class.getName());
@@@ -109,7 -106,7 +110,7 @@@
if (result != null) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to expunge vm");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java
index b3615fc,611f698..fe84468
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java
@@@ -45,7 -43,9 +45,9 @@@ import com.cloud.vm.VirtualMachine
@APICommand(name = "migrateVirtualMachine",
description = "Attempts Migration of a VM to a different host or Root volume of the vm to a different storage pool",
- responseObject = UserVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
- responseObject = UserVmResponse.class,
++ responseObject = UserVmResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = true)
public class MigrateVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(MigrateVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java
index 4920250,7b10239..b5d1ae9
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java
@@@ -47,7 -45,9 +47,9 @@@ import com.cloud.vm.VirtualMachine
@APICommand(name = "migrateVirtualMachineWithVolume",
description = "Attempts Migration of a VM with its volumes to a different host",
- responseObject = UserVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
- responseObject = UserVmResponse.class,
++ responseObject = UserVmResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = true)
public class MigrateVirtualMachineWithVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(MigrateVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java
index c7917b6,05d7a98..e7fbbdb
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java
@@@ -32,7 -30,8 +32,8 @@@ import com.cloud.exception.ResourceAllo
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
- @APICommand(name = "recoverVirtualMachine", description = "Recovers a virtual machine.", responseObject = UserVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "recoverVirtualMachine", description = "Recovers a virtual machine.", responseObject = UserVmResponse.class,
++@APICommand(name = "recoverVirtualMachine", description = "Recovers a virtual machine.", responseObject = UserVmResponse.class, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class RecoverVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(RecoverVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/volume/UpdateVolumeCmdByAdmin.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/volume/UpdateVolumeCmdByAdmin.java
index 7e2acc5,0000000..16b2d5d
mode 100644,000000..100644
--- a/api/src/org/apache/cloudstack/api/command/admin/volume/UpdateVolumeCmdByAdmin.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/volume/UpdateVolumeCmdByAdmin.java
@@@ -1,44 -1,0 +1,45 @@@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.volume;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.user.volume.UpdateVolumeCmd;
+import org.apache.cloudstack.api.response.VolumeResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.storage.Volume;
+
+@APICommand(name = "updateVolume", description = "Updates the volume.", responseObject = VolumeResponse.class, responseView = ResponseView.Full)
+public class UpdateVolumeCmdByAdmin extends UpdateVolumeCmd {
+
+ @Override
+ public void execute(){
+ CallContext.current().setEventDetails("Volume Id: "+getId());
- Volume result = _volumeService.updateVolume(getId(), getPath(), getState(), getStorageId(), getDisplayVolume(), getCustomId(), getEntityOwnerId());
++ Volume result = _volumeService.updateVolume(getId(), getPath(), getState(), getStorageId(), getDisplayVolume(),
++ getCustomId(), getEntityOwnerId(), getChainInfo());
+ if (result != null) {
+ VolumeResponse response = _responseGenerator.createVolumeResponse(ResponseView.Full, result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update volume");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java
index 33c9c55,e13ed5b..ff88ada
--- a/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java
@@@ -43,7 -42,8 +43,8 @@@ import com.cloud.network.vpc.PrivateGat
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
- @APICommand(name = "createPrivateGateway", description = "Creates a private gateway", responseObject = PrivateGatewayResponse.class, entityType = { IAMEntityType.PrivateGateway })
-@APICommand(name = "createPrivateGateway", description = "Creates a private gateway", responseObject = PrivateGatewayResponse.class,
++@APICommand(name = "createPrivateGateway", description = "Creates a private gateway", responseObject = PrivateGatewayResponse.class, entityType = {IAMEntityType.PrivateGateway},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreatePrivateGatewayCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreatePrivateGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java
index 27e71cf,833044f..dcce58e
--- a/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java
@@@ -37,7 -36,8 +37,8 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.network.vpc.VpcGateway;
import com.cloud.user.Account;
- @APICommand(name = "deletePrivateGateway", description = "Deletes a Private gateway", responseObject = SuccessResponse.class, entityType = { IAMEntityType.PrivateGateway })
-@APICommand(name = "deletePrivateGateway", description = "Deletes a Private gateway", responseObject = SuccessResponse.class,
++@APICommand(name = "deletePrivateGateway", description = "Deletes a Private gateway", responseObject = SuccessResponse.class, entityType = {IAMEntityType.PrivateGateway},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeletePrivateGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeletePrivateGatewayCmd.class.getName());
private static final String s_name = "deleteprivategatewayresponse";
@@@ -86,7 -86,7 +87,7 @@@
boolean result = _vpcService.deleteVpcPrivateGateway(id);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete private gateway");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/vpc/ListVPCsCmdByAdmin.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/vpc/ListVPCsCmdByAdmin.java
index 8ba954c,0000000..3a95e44
mode 100644,000000..100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vpc/ListVPCsCmdByAdmin.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vpc/ListVPCsCmdByAdmin.java
@@@ -1,55 -1,0 +1,55 @@@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.vpc;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
+import org.apache.cloudstack.api.command.user.vpc.ListVPCsCmd;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.VpcResponse;
+
+import com.cloud.network.vpc.Vpc;
+
+
+@APICommand(name = "listVPCs", description = "Lists VPCs", responseObject = VpcResponse.class, responseView = ResponseView.Full)
+public class ListVPCsCmdByAdmin extends ListVPCsCmd {
+ public static final Logger s_logger = Logger.getLogger(ListVPCsCmdByAdmin.class.getName());
+
+ @Override
+ public void execute() {
- List<? extends Vpc> vpcs = _vpcService.listVpcs(getId(), getVpcName(), getDisplayText(),
- getSupportedServices(), getCidr(), getVpcOffId(), getState(), getAccountName(), getDomainId(),
- getKeyword(), getStartIndex(), getPageSizeVal(), getZoneId(), isRecursive(),
- listAll(), getRestartRequired(), getTags(), getProjectId());
++ List<? extends Vpc> vpcs =
++ _vpcService.listVpcs(getId(), getVpcName(), getDisplayText(), getSupportedServices(), getCidr(), getVpcOffId(), getState(), getAccountName(), getDomainId(),
++ getKeyword(), getStartIndex(), getPageSizeVal(), getZoneId(), isRecursive(), listAll(), getRestartRequired(), getTags(),
++ getProjectId(), getDisplay());
+ ListResponse<VpcResponse> response = new ListResponse<VpcResponse>();
+ List<VpcResponse> offeringResponses = new ArrayList<VpcResponse>();
+ for (Vpc vpc : vpcs) {
+ VpcResponse offeringResponse = _responseGenerator.createVpcResponse(ResponseView.Full, vpc);
+ offeringResponses.add(offeringResponse);
+ }
+
+ response.setResponses(offeringResponses);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/vpc/UpdateVPCCmdByAdmin.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/admin/vpc/UpdateVPCCmdByAdmin.java
index 372bb75,0000000..b94cdcf
mode 100644,000000..100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vpc/UpdateVPCCmdByAdmin.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vpc/UpdateVPCCmdByAdmin.java
@@@ -1,47 -1,0 +1,47 @@@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.vpc;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.user.vpc.UpdateVPCCmd;
+import org.apache.cloudstack.api.response.VpcResponse;
+
+import com.cloud.network.vpc.Vpc;
+
+@APICommand(name = "updateVPC", description = "Updates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Full)
+public class UpdateVPCCmdByAdmin extends UpdateVPCCmd {
+ public static final Logger s_logger = Logger.getLogger(UpdateVPCCmdByAdmin.class.getName());
+
+ @Override
+ public void execute(){
- Vpc result = _vpcService.updateVpc(getId(), getVpcName(), getDisplayText(), getCustomId());
++ Vpc result = _vpcService.updateVpc(getId(), getVpcName(), getDisplayText(), getCustomId(), getDisplayVpc());
+ if (result != null) {
+ VpcResponse response = _responseGenerator.createVpcResponse(ResponseView.Full, result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update VPC");
+ }
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/zone/CreateZoneCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/zone/MarkDefaultZoneForAccountCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/admin/zone/UpdateZoneCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java
index 492dd57,f3632c0..65331e4
--- a/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java
@@@ -27,7 -25,8 +27,8 @@@ import org.apache.cloudstack.api.Respon
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.ListResponse;
- @APICommand(name = "listAccounts", description = "Lists accounts and provides detailed account information for listed accounts", responseObject = AccountResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Account })
-@APICommand(name = "listAccounts", description = "Lists accounts and provides detailed account information for listed accounts",
- responseObject = AccountResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
++@APICommand(name = "listAccounts", description = "Lists accounts and provides detailed account information for listed accounts", responseObject = AccountResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.Account},
++ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class ListAccountsCmd extends BaseListDomainResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAccountsCmd.class.getName());
private static final String s_name = "listaccountsresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/address/AssociateIPAddrCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/address/AssociateIPAddrCmd.java
index 1214011,aca9bfc..3f0d246
--- a/api/src/org/apache/cloudstack/api/command/user/address/AssociateIPAddrCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/address/AssociateIPAddrCmd.java
@@@ -18,8 -18,7 +18,9 @@@ package org.apache.cloudstack.api.comma
import java.util.List;
+import org.apache.log4j.Logger;
+
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@@ -56,7 -55,8 +57,8 @@@ import com.cloud.offering.NetworkOfferi
import com.cloud.projects.Project;
import com.cloud.user.Account;
- @APICommand(name = "associateIpAddress", description = "Acquires and associates a public IP to an account.", responseObject = IPAddressResponse.class, responseView = ResponseView.Restricted)
-@APICommand(name = "associateIpAddress", description = "Acquires and associates a public IP to an account.", responseObject = IPAddressResponse.class,
++@APICommand(name = "associateIpAddress", description = "Acquires and associates a public IP to an account.", responseObject = IPAddressResponse.class, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class AssociateIPAddrCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(AssociateIPAddrCmd.class.getName());
private static final String s_name = "associateipaddressresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/address/ListPublicIpAddressesCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/address/ListPublicIpAddressesCmd.java
index b9ac91b,109dcd0..3218713
--- a/api/src/org/apache/cloudstack/api/command/user/address/ListPublicIpAddressesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/address/ListPublicIpAddressesCmd.java
@@@ -19,8 -19,7 +19,9 @@@ package org.apache.cloudstack.api.comma
import java.util.ArrayList;
import java.util.List;
+import org.apache.log4j.Logger;
+
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@@ -38,7 -37,8 +39,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.IpAddress;
import com.cloud.utils.Pair;
- @APICommand(name = "listPublicIpAddresses", description = "Lists all public ip addresses", responseObject = IPAddressResponse.class, responseView = ResponseView.Restricted)
-@APICommand(name = "listPublicIpAddresses", description = "Lists all public ip addresses", responseObject = IPAddressResponse.class,
++@APICommand(name = "listPublicIpAddresses", description = "Lists all public ip addresses", responseObject = IPAddressResponse.class, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListPublicIpAddressesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListPublicIpAddressesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/address/UpdateIPAddrCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/address/UpdateIPAddrCmd.java
index ea55dc4,c2de3a1..cc736d0
--- a/api/src/org/apache/cloudstack/api/command/user/address/UpdateIPAddrCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/address/UpdateIPAddrCmd.java
@@@ -16,8 -16,7 +16,9 @@@
// under the License.
package org.apache.cloudstack.api.command.user.address;
+import org.apache.log4j.Logger;
+
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCustomIdCmd;
@@@ -116,8 -124,8 +126,8 @@@ public class UpdateIPAddrCmd extends Ba
public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException,
NetworkRuleConflictException {
- IpAddress result = _networkService.updateIP(getId(), getCustomId());
- IpAddress result = _networkService.updateIP(getId(), this.getCustomId(), getDisplayIp());
- IPAddressResponse ipResponse = _responseGenerator.createIPAddressResponse(result);
++ IpAddress result = _networkService.updateIP(getId(), getCustomId(), getDisplayIp());
+ IPAddressResponse ipResponse = _responseGenerator.createIPAddressResponse(ResponseView.Restricted, result);
ipResponse.setResponseName(getCommandName());
setResponseObject(ipResponse);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
index cf00787,41d5823..50573e9
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
@@@ -35,7 -34,8 +35,8 @@@ import com.cloud.event.EventTypes
import com.cloud.exception.ResourceAllocationException;
import com.cloud.user.Account;
- @APICommand(name = "createAffinityGroup", responseObject = AffinityGroupResponse.class, description = "Creates an affinity/anti-affinity group", entityType = { IAMEntityType.AffinityGroup })
-@APICommand(name = "createAffinityGroup", responseObject = AffinityGroupResponse.class, description = "Creates an affinity/anti-affinity group",
++@APICommand(name = "createAffinityGroup", responseObject = AffinityGroupResponse.class, description = "Creates an affinity/anti-affinity group", entityType = {IAMEntityType.AffinityGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateAffinityGroupCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAffinityGroupCmd.class.getName());
@@@ -126,7 -126,7 +127,7 @@@
if (group != null) {
AffinityGroupResponse response = _responseGenerator.createAffinityGroupResponse(group);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create affinity group:" + affinityGroupName);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
index 2722889,d4d1f2a..eb9145c
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
@@@ -37,7 -34,8 +37,8 @@@ import com.cloud.event.EventTypes
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.user.Account;
- @APICommand(name = "deleteAffinityGroup", description = "Deletes affinity group", responseObject = SuccessResponse.class, entityType = { IAMEntityType.AffinityGroup })
-@APICommand(name = "deleteAffinityGroup", description = "Deletes affinity group", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteAffinityGroup", description = "Deletes affinity group", responseObject = SuccessResponse.class, entityType = {IAMEntityType.AffinityGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteAffinityGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAffinityGroupCmd.class.getName());
private static final String s_name = "deleteaffinitygroupresponse";
@@@ -132,7 -129,7 +133,7 @@@
boolean result = _affinityGroupService.deleteAffinityGroup(id, accountName, domainId, name);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete affinity group");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java
index 5e209dc,9dbf727..e469eab
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java
@@@ -17,7 -17,6 +17,8 @@@
package org.apache.cloudstack.api.command.user.affinitygroup;
import org.apache.log4j.Logger;
++
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@@ -27,7 -26,8 +28,8 @@@ import org.apache.cloudstack.api.Parame
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
- @APICommand(name = "listAffinityGroups", description = "Lists affinity groups", responseObject = AffinityGroupResponse.class, entityType = { IAMEntityType.AffinityGroup })
-@APICommand(name = "listAffinityGroups", description = "Lists affinity groups", responseObject = AffinityGroupResponse.class,
++@APICommand(name = "listAffinityGroups", description = "Lists affinity groups", responseObject = AffinityGroupResponse.class, entityType = {IAMEntityType.AffinityGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListAffinityGroupsCmd extends BaseListAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAffinityGroupsCmd.class.getName());
@@@ -80,10 -80,10 +82,10 @@@
public void execute() {
ListResponse<AffinityGroupResponse> response = _queryService.listAffinityGroups(id, affinityGroupName,
-- affinityGroupType, virtualMachineId, this.getAccountName(), this.getDomainId(), this.isRecursive(),
-- this.listAll(), this.getStartIndex(), this.getPageSizeVal(), this.getKeyword());
++ affinityGroupType, virtualMachineId, getAccountName(), getDomainId(), isRecursive(),
++ listAll(), getStartIndex(), getPageSizeVal(), getKeyword());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java
index 75f01c1,0c3f296..4bfcddb
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java
@@@ -45,8 -42,12 +45,14 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
- @APICommand(name = "updateVMAffinityGroup", description = "Updates the affinity/anti-affinity group associations of a virtual machine. The VM has to be stopped and restarted for the "
- + "new properties to take effect.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
+ @APICommand(name = "updateVMAffinityGroup",
+ description = "Updates the affinity/anti-affinity group associations of a virtual machine. The VM has to be stopped and restarted for the "
+ + "new properties to take effect.",
+ responseObject = UserVmResponse.class,
++ responseView = ResponseView.Restricted,
++ entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = true)
public class UpdateVMAffinityGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVMAffinityGroupCmd.class.getName());
private static final String s_name = "updatevirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java
index e722a6e,04130b5..8b5708d
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java
@@@ -40,7 -39,9 +40,9 @@@ import com.cloud.user.Account
@APICommand(name = "createAutoScalePolicy",
description = "Creates an autoscale policy for a provision or deprovision action, the action is taken when the all the conditions evaluates to true for the specified duration. The policy is in effect once it is attached to a autscale vm group.",
- responseObject = AutoScalePolicyResponse.class, entityType = { IAMEntityType.AutoScalePolicy })
- responseObject = AutoScalePolicyResponse.class,
++ responseObject = AutoScalePolicyResponse.class, entityType = {IAMEntityType.AutoScalePolicy},
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = false)
public class CreateAutoScalePolicyCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAutoScalePolicyCmd.class.getName());
@@@ -164,15 -165,15 +166,15 @@@
AutoScalePolicy result = _entityMgr.findById(AutoScalePolicy.class, getEntityId());
AutoScalePolicyResponse response = _responseGenerator.createAutoScalePolicyResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
@Override
public void create() throws ResourceAllocationException {
AutoScalePolicy result = _autoScaleService.createAutoScalePolicy(this);
if (result != null) {
-- this.setEntityId(result.getId());
-- this.setEntityUuid(result.getUuid());
++ setEntityId(result.getId());
++ setEntityUuid(result.getUuid());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create AutoScale Policy");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java
index 65bbafa,c519219..43a7f18
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java
@@@ -18,9 -18,7 +18,10 @@@ package org.apache.cloudstack.api.comma
import java.util.List;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@@ -41,7 -40,9 +42,9 @@@ import com.cloud.network.rules.LoadBala
@APICommand(name = "createAutoScaleVmGroup",
description = "Creates and automatically starts a virtual machine based on a service offering, disk offering, and template.",
- responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
- responseObject = AutoScaleVmGroupResponse.class,
++ responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup },
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = false)
public class CreateAutoScaleVmGroupCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAutoScaleVmGroupCmd.class.getName());
@@@ -183,8 -191,8 +193,8 @@@
public void create() throws ResourceAllocationException {
AutoScaleVmGroup result = _autoScaleService.createAutoScaleVmGroup(this);
if (result != null) {
-- this.setEntityId(result.getId());
-- this.setEntityUuid(result.getUuid());
++ setEntityId(result.getId());
++ setEntityUuid(result.getUuid());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create Autoscale Vm Group");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java
index 617b335,570e018..5d78593
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java
@@@ -19,9 -19,7 +19,10 @@@ package org.apache.cloudstack.api.comma
import java.util.HashMap;
import java.util.Map;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@@ -45,7 -44,9 +46,9 @@@ import com.cloud.user.User
@APICommand(name = "createAutoScaleVmProfile",
description = "Creates a profile that contains information about the virtual machine which will be provisioned automatically by autoscale feature.",
- responseObject = AutoScaleVmProfileResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile })
- responseObject = AutoScaleVmProfileResponse.class,
++ responseObject = AutoScaleVmProfileResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile },
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = false)
@SuppressWarnings("rawtypes")
public class CreateAutoScaleVmProfileCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAutoScaleVmProfileCmd.class.getName());
@@@ -236,7 -244,7 +246,7 @@@
AutoScaleVmProfile result = _entityMgr.findById(AutoScaleVmProfile.class, getEntityId());
AutoScaleVmProfileResponse response = _responseGenerator.createAutoScaleVmProfileResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
@Override
@@@ -244,8 -252,8 +254,8 @@@
AutoScaleVmProfile result = _autoScaleService.createAutoScaleVmProfile(this);
if (result != null) {
-- this.setEntityId(result.getId());
-- this.setEntityUuid(result.getUuid());
++ setEntityId(result.getId());
++ setEntityUuid(result.getUuid());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create Autoscale Vm Profile");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
index f99aecc,356b836..a3358b2
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
@@@ -36,7 -35,8 +36,8 @@@ import com.cloud.event.EventTypes
import com.cloud.exception.ResourceAllocationException;
import com.cloud.network.as.Condition;
- @APICommand(name = "createCondition", description = "Creates a condition", responseObject = ConditionResponse.class, entityType = { IAMEntityType.Condition })
-@APICommand(name = "createCondition", description = "Creates a condition", responseObject = ConditionResponse.class,
++@APICommand(name = "createCondition", description = "Creates a condition", responseObject = ConditionResponse.class, entityType = {IAMEntityType.Condition},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateConditionCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateConditionCmd.class.getName());
private static final String s_name = "conditionresponse";
@@@ -70,8 -70,8 +71,8 @@@
condition = _autoScaleService.createCondition(this);
if (condition != null) {
-- this.setEntityId(condition.getId());
-- this.setEntityUuid(condition.getUuid());
++ setEntityId(condition.getId());
++ setEntityUuid(condition.getUuid());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create condition.");
}
@@@ -82,7 -82,7 +83,7 @@@
Condition condition = _entityMgr.findById(Condition.class, getEntityId());
ConditionResponse response = _responseGenerator.createConditionResponse(condition);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
// /////////////////////////////////////////////////
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java
index 7d5741e,903ac59..779ee0a
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java
@@@ -36,7 -33,8 +36,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.as.AutoScalePolicy;
import com.cloud.user.Account;
- @APICommand(name = "deleteAutoScalePolicy", description = "Deletes a autoscale policy.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.AutoScalePolicy })
-@APICommand(name = "deleteAutoScalePolicy", description = "Deletes a autoscale policy.", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteAutoScalePolicy", description = "Deletes a autoscale policy.", responseObject = SuccessResponse.class, entityType = {IAMEntityType.AutoScalePolicy},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteAutoScalePolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAutoScalePolicyCmd.class.getName());
private static final String s_name = "deleteautoscalepolicyresponse";
@@@ -97,7 -94,7 +98,7 @@@
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
s_logger.warn("Failed to delete autoscale policy " + getId());
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete AutoScale Policy");
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java
index c8d32bd,44f2cd8..5a43abe
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java
@@@ -36,7 -33,8 +36,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.as.AutoScaleVmGroup;
import com.cloud.user.Account;
- @APICommand(name = "deleteAutoScaleVmGroup", description = "Deletes a autoscale vm group.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
-@APICommand(name = "deleteAutoScaleVmGroup", description = "Deletes a autoscale vm group.", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteAutoScaleVmGroup", description = "Deletes a autoscale vm group.", responseObject = SuccessResponse.class, entityType = {IAMEntityType.AutoScaleVmGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteAutoScaleVmGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAutoScaleVmGroupCmd.class.getName());
private static final String s_name = "deleteautoscalevmgroupresponse";
@@@ -97,7 -94,7 +98,7 @@@
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
s_logger.warn("Failed to delete autoscale vm group " + getId());
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete autoscale vm group");
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java
index 79e0a17,d2dccc1..2391a93
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java
@@@ -36,7 -33,8 +36,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.as.AutoScaleVmProfile;
import com.cloud.user.Account;
- @APICommand(name = "deleteAutoScaleVmProfile", description = "Deletes a autoscale vm profile.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile })
-@APICommand(name = "deleteAutoScaleVmProfile", description = "Deletes a autoscale vm profile.", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteAutoScaleVmProfile", description = "Deletes a autoscale vm profile.", responseObject = SuccessResponse.class, entityType = {IAMEntityType.AutoScaleVmProfile},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteAutoScaleVmProfileCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAutoScaleVmProfileCmd.class.getName());
private static final String s_name = "deleteautoscalevmprofileresponse";
@@@ -96,7 -93,7 +97,7 @@@
boolean result = _autoScaleService.deleteAutoScaleVmProfile(id);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
s_logger.warn("Failed to delete autoscale vm profile " + getId());
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete autoscale vm profile");
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java
index 9d12149,a029f15..9a7d2d7
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java
@@@ -37,7 -34,8 +37,8 @@@ import com.cloud.exception.ResourceInUs
import com.cloud.network.as.Condition;
import com.cloud.user.Account;
- @APICommand(name = "deleteCondition", description = "Removes a condition", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Condition })
-@APICommand(name = "deleteCondition", description = "Removes a condition", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteCondition", description = "Removes a condition", responseObject = SuccessResponse.class, entityType = {IAMEntityType.Condition},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteConditionCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteConditionCmd.class.getName());
private static final String s_name = "deleteconditionresponse";
@@@ -65,7 -62,7 +66,7 @@@
}
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
s_logger.warn("Failed to delete condition " + getId());
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete condition.");
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java
index a6e736a,dccb016..6575d27
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java
@@@ -35,7 -32,8 +35,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.as.AutoScaleVmGroup;
import com.cloud.user.Account;
- @APICommand(name = "disableAutoScaleVmGroup", description = "Disables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
-@APICommand(name = "disableAutoScaleVmGroup", description = "Disables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class,
++@APICommand(name = "disableAutoScaleVmGroup", description = "Disables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class, entityType = {IAMEntityType.AutoScaleVmGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DisableAutoScaleVmGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DisableAutoScaleVmGroupCmd.class.getName());
private static final String s_name = "disableautoscalevmGroupresponse";
@@@ -62,7 -59,7 +63,7 @@@
if (result != null) {
AutoScaleVmGroupResponse response = _responseGenerator.createAutoScaleVmGroupResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to disable AutoScale Vm Group");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java
index 49a6cee,d9326d0..6b9f2c3
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java
@@@ -35,7 -32,8 +35,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.as.AutoScaleVmGroup;
import com.cloud.user.Account;
- @APICommand(name = "enableAutoScaleVmGroup", description = "Enables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
-@APICommand(name = "enableAutoScaleVmGroup", description = "Enables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class,
++@APICommand(name = "enableAutoScaleVmGroup", description = "Enables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class, entityType = {IAMEntityType.AutoScaleVmGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class EnableAutoScaleVmGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(EnableAutoScaleVmGroupCmd.class.getName());
private static final String s_name = "enableautoscalevmGroupresponse";
@@@ -62,7 -59,7 +63,7 @@@
if (result != null) {
AutoScaleVmGroupResponse response = _responseGenerator.createAutoScaleVmGroupResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to enable AutoScale Vm Group");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java
index c6eb40c,615ed47..43c4c72
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java
@@@ -33,7 -32,8 +33,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.as.AutoScalePolicy;
- @APICommand(name = "listAutoScalePolicies", description = "Lists autoscale policies.", responseObject = AutoScalePolicyResponse.class, entityType = { IAMEntityType.AutoScalePolicy })
-@APICommand(name = "listAutoScalePolicies", description = "Lists autoscale policies.", responseObject = AutoScalePolicyResponse.class,
++@APICommand(name = "listAutoScalePolicies", description = "Lists autoscale policies.", responseObject = AutoScalePolicyResponse.class, entityType = {IAMEntityType.AutoScalePolicy},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListAutoScalePoliciesCmd extends BaseListAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAutoScalePoliciesCmd.class.getName());
@@@ -100,7 -100,7 +101,7 @@@
}
response.setResponses(responses);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java
index 5e35e63,a5d3cdb..2e88c27
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java
@@@ -19,9 -19,7 +19,10 @@@ package org.apache.cloudstack.api.comma
import java.util.ArrayList;
import java.util.List;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@@ -36,7 -35,8 +37,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.as.AutoScaleVmGroup;
- @APICommand(name = "listAutoScaleVmGroups", description = "Lists autoscale vm groups.", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
-@APICommand(name = "listAutoScaleVmGroups", description = "Lists autoscale vm groups.", responseObject = AutoScaleVmGroupResponse.class,
++@APICommand(name = "listAutoScaleVmGroups", description = "Lists autoscale vm groups.", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListAutoScaleVmGroupsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAutoScaleVmGroupsCmd.class.getName());
@@@ -111,6 -122,6 +124,6 @@@
}
response.setResponses(responses);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
[41/50] [abbrv] Merge branch 'master' into rbac.
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/network/as/AutoScaleManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/as/AutoScaleManagerImpl.java
index e07e502,2fa3821..755fc54
--- a/server/src/com/cloud/network/as/AutoScaleManagerImpl.java
+++ b/server/src/com/cloud/network/as/AutoScaleManagerImpl.java
@@@ -59,8 -54,11 +59,9 @@@ import org.apache.cloudstack.config.Api
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
-import org.apache.log4j.Logger;
-
import com.cloud.api.ApiDBUtils;
- import com.cloud.api.ApiDispatcher;
+ import com.cloud.api.dispatch.DispatchChainFactory;
+ import com.cloud.api.dispatch.DispatchTask;
import com.cloud.configuration.ConfigurationManager;
import com.cloud.dc.DataCenter;
import com.cloud.dc.DataCenter.NetworkType;
@@@ -126,9 -124,14 +127,11 @@@ import com.cloud.vm.UserVmService
@Local(value = {AutoScaleService.class, AutoScaleManager.class})
public class AutoScaleManagerImpl<Type> extends ManagerBase implements AutoScaleManager, AutoScaleService {
private static final Logger s_logger = Logger.getLogger(AutoScaleManagerImpl.class);
- private final ScheduledExecutorService _executor = Executors.newScheduledThreadPool(1);
+ private ScheduledExecutorService _executor = Executors.newScheduledThreadPool(1);
- @Inject()
+ @Inject
+ protected DispatchChainFactory dispatchChainFactory = null;
+ @Inject
EntityManager _entityMgr;
@Inject
AccountDao _accountDao;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/network/vpc/VpcManagerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/resource/ResourceManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/resource/ResourceManagerImpl.java
index 689a0d7,2625885..f9a59ba
--- a/server/src/com/cloud/resource/ResourceManagerImpl.java
+++ b/server/src/com/cloud/resource/ResourceManagerImpl.java
@@@ -821,70 -836,73 +836,73 @@@ public class ResourceManagerImpl extend
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
- _dcDao.releasePrivateIpAddress(host.getPrivateIpAddress(), host.getDataCenterId(), null);
- _agentMgr.disconnectWithoutInvestigation(hostId, Status.Event.Remove);
+ _dcDao.releasePrivateIpAddress(host.getPrivateIpAddress(), host.getDataCenterId(), null);
+ _agentMgr.disconnectWithoutInvestigation(hostId, Status.Event.Remove);
- // delete host details
- _hostDetailsDao.deleteDetails(hostId);
+ // delete host details
+ _hostDetailsDao.deleteDetails(hostId);
+ // if host is GPU enabled, delete GPU entries
+ _hostGpuGroupsDao.deleteGpuEntries(hostId);
+
- host.setGuid(null);
- Long clusterId = host.getClusterId();
- host.setClusterId(null);
- _hostDao.update(host.getId(), host);
+ host.setGuid(null);
+ Long clusterId = host.getClusterId();
+ host.setClusterId(null);
+ _hostDao.update(host.getId(), host);
- _hostDao.remove(hostId);
- if (clusterId != null) {
- List<HostVO> hosts = listAllHostsInCluster(clusterId);
- if (hosts.size() == 0) {
- ClusterVO cluster = _clusterDao.findById(clusterId);
- cluster.setGuid(null);
- _clusterDao.update(clusterId, cluster);
- }
- }
-
- try {
- resourceStateTransitTo(host, ResourceState.Event.DeleteHost, _nodeId);
- } catch (NoTransitionException e) {
- s_logger.debug("Cannot transmit host " + host.getId() + "to Enabled state", e);
- }
+ _hostDao.remove(hostId);
+ if (clusterId != null) {
+ List<HostVO> hosts = listAllHostsInCluster(clusterId);
+ if (hosts.size() == 0) {
+ ClusterVO cluster = _clusterDao.findById(clusterId);
+ cluster.setGuid(null);
+ _clusterDao.update(clusterId, cluster);
+ }
+ }
- // Delete the associated entries in host ref table
- _storagePoolHostDao.deletePrimaryRecordsForHost(hostId);
+ try {
+ resourceStateTransitTo(host, ResourceState.Event.DeleteHost, _nodeId);
+ } catch (NoTransitionException e) {
+ s_logger.debug("Cannot transmit host " + host.getId() + "to Enabled state", e);
+ }
- // Make sure any VMs that were marked as being on this host are cleaned up
- List<VMInstanceVO> vms = _vmDao.listByHostId(hostId);
- for (VMInstanceVO vm : vms) {
- // this is how VirtualMachineManagerImpl does it when it syncs VM states
- vm.setState(State.Stopped);
- vm.setHostId(null);
- _vmDao.persist(vm);
- }
+ // Delete the associated entries in host ref table
+ _storagePoolHostDao.deletePrimaryRecordsForHost(hostId);
- // For pool ids you got, delete local storage host entries in pool table
- // where
- for (StoragePoolHostVO pool : pools) {
- Long poolId = pool.getPoolId();
- StoragePoolVO storagePool = _storagePoolDao.findById(poolId);
- if (storagePool.isLocal() && isForceDeleteStorage) {
- storagePool.setUuid(null);
- storagePool.setClusterId(null);
- _storagePoolDao.update(poolId, storagePool);
- _storagePoolDao.remove(poolId);
- s_logger.debug("Local storage id=" + poolId + " is removed as a part of host removal id=" + hostId);
- }
- }
-
- // delete the op_host_capacity entry
- Object[] capacityTypes = {Capacity.CAPACITY_TYPE_CPU, Capacity.CAPACITY_TYPE_MEMORY};
- SearchCriteria<CapacityVO> hostCapacitySC = _capacityDao.createSearchCriteria();
- hostCapacitySC.addAnd("hostOrPoolId", SearchCriteria.Op.EQ, hostId);
- hostCapacitySC.addAnd("capacityType", SearchCriteria.Op.IN, capacityTypes);
- _capacityDao.remove(hostCapacitySC);
- // remove from dedicated resources
- DedicatedResourceVO dr = _dedicatedDao.findByHostId(hostId);
- if (dr != null) {
- _dedicatedDao.remove(dr.getId());
- }
+ // Make sure any VMs that were marked as being on this host are cleaned up
+ List<VMInstanceVO> vms = _vmDao.listByHostId(hostId);
+ for (VMInstanceVO vm : vms) {
+ // this is how VirtualMachineManagerImpl does it when it syncs VM states
+ vm.setState(State.Stopped);
+ vm.setHostId(null);
+ _vmDao.persist(vm);
+ }
+
+ // For pool ids you got, delete local storage host entries in pool table
+ // where
+ for (StoragePoolHostVO pool : pools) {
+ Long poolId = pool.getPoolId();
+ StoragePoolVO storagePool = _storagePoolDao.findById(poolId);
+ if (storagePool.isLocal() && isForceDeleteStorage) {
+ storagePool.setUuid(null);
+ storagePool.setClusterId(null);
+ _storagePoolDao.update(poolId, storagePool);
+ _storagePoolDao.remove(poolId);
+ s_logger.debug("Local storage id=" + poolId + " is removed as a part of host removal id=" + hostId);
+ }
+ }
+
+ // delete the op_host_capacity entry
+ Object[] capacityTypes = {Capacity.CAPACITY_TYPE_CPU, Capacity.CAPACITY_TYPE_MEMORY};
+ SearchCriteria<CapacityVO> hostCapacitySC = _capacityDao.createSearchCriteria();
+ hostCapacitySC.addAnd("hostOrPoolId", SearchCriteria.Op.EQ, hostId);
+ hostCapacitySC.addAnd("capacityType", SearchCriteria.Op.IN, capacityTypes);
+ _capacityDao.remove(hostCapacitySC);
+ // remove from dedicated resources
+ DedicatedResourceVO dr = _dedicatedDao.findByHostId(hostId);
+ if (dr != null) {
+ _dedicatedDao.remove(dr.getId());
+ }
}
});
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/server/ManagementServerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/storage/VolumeApiServiceImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/user/AccountManagerImpl.java
index d5e4afc,c48e9b5..04d3e23
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@@ -2433,51 -2323,55 +2433,97 @@@ public class AccountManagerImpl extend
}
@Override
- public UserAccount getUserByApiKey(String apiKey) {
- return _userAccountDao.getUserByApiKey(apiKey);
+ public void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledEntity> sc, SearchCriteria<? extends ControlledEntity> aclSc, boolean isRecursive,
+ List<Long> permittedDomains,
+ List<Long> permittedAccounts, List<Long> permittedResources, ListProjectResourcesCriteria listProjectResourcesCriteria) {
+
+ if (listProjectResourcesCriteria != null) {
+ // add criteria for project or not
+ if (listProjectResourcesCriteria == ListProjectResourcesCriteria.SkipProjectResources) {
+ sc.addAnd("accountType", SearchCriteria.Op.NEQ, Account.ACCOUNT_TYPE_PROJECT);
+ } else if (listProjectResourcesCriteria == ListProjectResourcesCriteria.ListProjectResourcesOnly) {
+ sc.addAnd("accountType", SearchCriteria.Op.EQ, Account.ACCOUNT_TYPE_PROJECT);
+ }
+ }
+
+ if (permittedDomains.isEmpty() && permittedAccounts.isEmpty() && permittedResources.isEmpty())
+ // can access everything
+ return;
+
+ // Note that this may have limitations on number of permitted domains, accounts, or resource ids are allowed due to sql package size limitation
+ if (!permittedDomains.isEmpty()) {
+ if (isRecursive) {
+ for (int i = 0; i < permittedDomains.size(); i++) {
+ Domain domain = _domainDao.findById(permittedDomains.get(i));
+ aclSc.addOr("domainPath", SearchCriteria.Op.LIKE, domain.getPath() + "%");
+ }
+ } else {
+ aclSc.addOr("domainId", SearchCriteria.Op.IN, permittedDomains.toArray());
+ }
+ }
+ if (!permittedAccounts.isEmpty()) {
+ aclSc.addOr("accountId", SearchCriteria.Op.IN, permittedAccounts.toArray());
+ }
+ if (!permittedResources.isEmpty()) {
+ aclSc.addOr("id", SearchCriteria.Op.IN, permittedResources.toArray());
+ }
+
+ sc.addAnd("accountId", SearchCriteria.Op.SC, aclSc);
+ }
+
+ @Override
+ public List<String> listAclGroupsByAccount(Long accountId) {
+ if (_querySelectors == null || _querySelectors.size() == 0)
+ return new ArrayList<String>();
+
+ QuerySelector qs = _querySelectors.get(0);
+ return qs.listAclGroupsByAccount(accountId);
}
+ @Override
+ public Long finalyzeAccountId(final String accountName, final Long domainId, final Long projectId, final boolean enabledOnly) {
+ if (accountName != null) {
+ if (domainId == null) {
+ throw new InvalidParameterValueException("Account must be specified with domainId parameter");
+ }
+
+ final Domain domain = _domainMgr.getDomain(domainId);
+ if (domain == null) {
+ throw new InvalidParameterValueException("Unable to find domain by id");
+ }
+
+ final Account account = getActiveAccountByName(accountName, domainId);
+ if (account != null && account.getType() != Account.ACCOUNT_TYPE_PROJECT) {
+ if (!enabledOnly || account.getState() == Account.State.enabled) {
+ return account.getId();
+ } else {
+ throw new PermissionDeniedException("Can't add resources to the account id=" + account.getId() + " in state=" + account.getState() +
+ " as it's no longer active");
+ }
+ } else {
+ // idList is not used anywhere, so removed it now
+ // List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
+ // idList.add(new IdentityProxy("domain", domainId, "domainId"));
+ throw new InvalidParameterValueException("Unable to find account by name " + accountName + " in domain with specified id");
+ }
+ }
+
+ if (projectId != null) {
+ final Project project = _projectMgr.getProject(projectId);
+ if (project != null) {
+ if (!enabledOnly || project.getState() == Project.State.Active) {
+ return project.getProjectAccountId();
+ } else {
+ final PermissionDeniedException ex =
+ new PermissionDeniedException("Can't add resources to the project with specified projectId in state=" + project.getState() +
+ " as it's no longer active");
+ ex.addProxyObject(project.getUuid(), "projectId");
+ throw ex;
+ }
+ } else {
+ throw new InvalidParameterValueException("Unable to find project by id");
+ }
+ }
+ return null;
+ }
-
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/test/com/cloud/user/MockAccountManagerImpl.java
----------------------------------------------------------------------
diff --cc server/test/com/cloud/user/MockAccountManagerImpl.java
index fa786bf,5a44800..b411b18
--- a/server/test/com/cloud/user/MockAccountManagerImpl.java
+++ b/server/test/com/cloud/user/MockAccountManagerImpl.java
@@@ -345,10 -322,9 +345,15 @@@ public class MockAccountManagerImpl ext
}
@Override
+ public void checkAccess(Account account, AccessType accessType, boolean sameOwner, String apiName,
+ ControlledEntity... entities) throws PermissionDeniedException {
+ // TODO Auto-generated method stub
++ }
+
++ @Override
+ public Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly) {
+ // TODO Auto-generated method stub
+ return null;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/setup/db/db/schema-430to440.sql
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/tools/marvin/marvin/integration/lib/base.py
----------------------------------------------------------------------
[43/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Merge branch 'master' into rbac.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/99bdc8d8
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/99bdc8d8
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/99bdc8d8
Branch: refs/heads/master
Commit: 99bdc8d8752a37f629bd86b842312e420b87b0af
Parents: f2d4b4d 5779292
Author: Min Chen <mi...@citrix.com>
Authored: Thu Mar 13 11:05:03 2014 -0700
Committer: Min Chen <mi...@citrix.com>
Committed: Thu Mar 13 11:05:03 2014 -0700
----------------------------------------------------------------------
agent/conf/agent.properties | 11 +
.../SYSCONFDIR/rc.d/init.d/cloud-agent.in | 2 +-
.../SYSCONFDIR/rc.d/init.d/cloud-agent.in | 2 +-
.../sles/SYSCONFDIR/init.d/cloud-agent.in | 2 +-
.../rhel/SYSCONFDIR/rc.d/init.d/cloud-agent.in | 2 +-
.../sles/SYSCONFDIR/init.d/cloud-agent.in | 2 +-
.../cloud/agent/api/HostVmStateReportEntry.java | 10 +-
api/src/com/cloud/agent/api/to/GPUDeviceTO.java | 56 ++
.../cloud/agent/api/to/VirtualMachineTO.java | 9 +
api/src/com/cloud/event/EventTypes.java | 42 +-
api/src/com/cloud/gpu/GPU.java | 49 ++
.../VpcVirtualNetworkApplianceService.java | 8 +-
.../element/AggregatedCommandExecutor.java | 28 +
.../com/cloud/offering/DiskOfferingInfo.java | 65 ++
api/src/com/cloud/server/ManagementService.java | 77 ++-
api/src/com/cloud/storage/GuestOS.java | 6 +
.../com/cloud/storage/GuestOSHypervisor.java | 10 +
api/src/com/cloud/storage/VolumeApiService.java | 2 +
api/src/com/cloud/user/AccountService.java | 2 +
api/src/com/cloud/vm/UserVmService.java | 6 +
.../cloudstack/api/ApiCommandJobType.java | 6 +-
.../org/apache/cloudstack/api/ApiConstants.java | 22 +-
.../org/apache/cloudstack/api/BaseAsyncCmd.java | 36 -
.../apache/cloudstack/api/BaseAsyncVMCmd.java | 30 +
.../cloudstack/api/BaseAsyncVolumeCmd.java | 30 +
api/src/org/apache/cloudstack/api/BaseCmd.java | 239 +++----
.../org/apache/cloudstack/api/BaseListCmd.java | 30 +-
.../org/apache/cloudstack/api/Parameter.java | 2 -
.../cloudstack/api/ResponseGenerator.java | 4 +
.../api/command/admin/guest/AddGuestOsCmd.java | 136 ++++
.../admin/guest/AddGuestOsMappingCmd.java | 146 ++++
.../admin/guest/ListGuestOsMappingCmd.java | 101 +++
.../command/admin/guest/RemoveGuestOsCmd.java | 98 +++
.../admin/guest/RemoveGuestOsMappingCmd.java | 98 +++
.../command/admin/guest/UpdateGuestOsCmd.java | 104 +++
.../admin/guest/UpdateGuestOsMappingCmd.java | 102 +++
.../admin/offering/CreateDiskOfferingCmd.java | 6 +-
.../offering/CreateServiceOfferingCmd.java | 54 +-
.../api/command/admin/user/CreateUserCmd.java | 3 +-
.../affinitygroup/DeleteAffinityGroupCmd.java | 1 +
.../user/autoscale/CreateConditionCmd.java | 2 +-
.../api/command/user/iso/ListIsosCmd.java | 3 +-
.../api/command/user/iso/RegisterIsoCmd.java | 5 +-
.../command/user/network/CreateNetworkCmd.java | 2 +-
.../gslb/CreateGlobalLoadBalancerRuleCmd.java | 5 +-
.../user/resource/ListResourceLimitsCmd.java | 5 +-
.../user/resource/UpdateResourceCountCmd.java | 5 +-
.../user/resource/UpdateResourceLimitCmd.java | 7 +-
.../AuthorizeSecurityGroupEgressCmd.java | 2 +-
.../AuthorizeSecurityGroupIngressCmd.java | 2 +-
.../securitygroup/DeleteSecurityGroupCmd.java | 2 +-
.../command/user/ssh/CreateSSHKeyPairCmd.java | 2 +-
.../command/user/ssh/DeleteSSHKeyPairCmd.java | 1 +
.../command/user/ssh/RegisterSSHKeyPairCmd.java | 2 +-
.../command/user/template/ListTemplatesCmd.java | 3 +-
.../user/template/RegisterTemplateCmd.java | 5 +-
.../api/command/user/vm/DeployVMCmd.java | 62 +-
.../api/command/user/vm/DestroyVMCmd.java | 4 +-
.../api/command/user/vm/ListVMsCmd.java | 8 +
.../api/command/user/vm/RebootVMCmd.java | 4 +-
.../api/command/user/vm/ResetVMPasswordCmd.java | 4 +-
.../api/command/user/vm/ResetVMSSHKeyCmd.java | 4 +-
.../api/command/user/vm/RestoreVMCmd.java | 10 +-
.../api/command/user/vm/ScaleVMCmd.java | 4 +-
.../api/command/user/vm/StartVMCmd.java | 4 +-
.../api/command/user/vm/StopVMCmd.java | 4 +-
.../api/command/user/vm/UpgradeVMCmd.java | 5 +
.../command/user/vmgroup/CreateVMGroupCmd.java | 2 +-
.../command/user/volume/AttachVolumeCmd.java | 15 +-
.../command/user/volume/CreateVolumeCmd.java | 14 +-
.../command/user/volume/DeleteVolumeCmd.java | 5 +
.../command/user/volume/DetachVolumeCmd.java | 6 +-
.../command/user/volume/ExtractVolumeCmd.java | 4 +-
.../command/user/volume/MigrateVolumeCmd.java | 10 +-
.../command/user/volume/ResizeVolumeCmd.java | 10 +-
.../command/user/volume/UpdateVolumeCmd.java | 5 +
.../command/user/volume/UploadVolumeCmd.java | 2 +-
.../api/command/user/vpc/CreateVPCCmd.java | 2 +-
.../api/command/user/vpn/AddVpnUserCmd.java | 2 +-
.../user/vpn/CreateVpnCustomerGatewayCmd.java | 2 +-
.../api/command/user/vpn/RemoveVpnUserCmd.java | 2 +-
.../command/user/vpn/ResetVpnConnectionCmd.java | 2 +-
.../user/vpn/UpdateVpnCustomerGatewayCmd.java | 2 +-
.../api/response/DiskOfferingResponse.java | 12 +
.../cloudstack/api/response/GpuResponse.java | 46 ++
.../api/response/GuestOsMappingResponse.java | 102 +++
.../cloudstack/api/response/HostResponse.java | 8 +
.../api/response/ServiceOfferingResponse.java | 48 ++
.../cloudstack/api/response/UserVmResponse.java | 10 +
.../cloudstack/api/response/VgpuResponse.java | 52 ++
.../org/apache/cloudstack/api/BaseCmdTest.java | 69 ++
.../classes/resources/messages.properties | 209 ++++++
.../classes/resources/messages_ja_JP.properties | 272 +++++++-
.../classes/resources/messages_zh_CN.properties | 572 +++++++++++-----
client/tomcatconf/commands.properties.in | 9 +
.../com/cloud/agent/api/ClusterSyncAnswer.java | 10 +-
.../agent/api/ClusterVMMetaDataSyncAnswer.java | 52 ++
.../agent/api/ClusterVMMetaDataSyncCommand.java | 47 ++
.../com/cloud/agent/api/GetGPUStatsAnswer.java | 36 +
.../com/cloud/agent/api/GetGPUStatsCommand.java | 47 ++
.../cloud/agent/api/StartupRoutingCommand.java | 17 +-
core/src/com/cloud/agent/api/StopCommand.java | 9 +
.../api/routing/AggregationControlCommand.java | 44 ++
.../virtualnetwork/VirtualRoutingResource.java | 210 ++++--
core/src/com/cloud/info/ConsoleProxyInfo.java | 19 +-
.../storage/to/PrimaryDataStoreTO.java | 18 +
.../VirtualRoutingResourceTest.java | 467 ++++++++++---
.../src/com/cloud/vm/VirtualMachineManager.java | 4 +-
.../service/VolumeOrchestrationService.java | 2 +-
.../api/storage/DataMotionService.java | 2 +
.../api/storage/DataMotionStrategy.java | 2 +
.../api/storage/PrimaryDataStoreInfo.java | 18 +
.../subsystem/api/storage/VolumeService.java | 6 +-
.../src/com/cloud/resource/ResourceManager.java | 41 ++
.../cloud/agent/manager/DirectAgentAttache.java | 2 -
.../com/cloud/vm/VirtualMachineManagerImpl.java | 123 ++--
.../engine/orchestration/CloudOrchestrator.java | 40 +-
.../orchestration/NetworkOrchestrator.java | 33 +-
.../orchestration/VolumeOrchestrator.java | 29 +-
.../spring-engine-schema-core-daos-context.xml | 2 +
engine/schema/src/com/cloud/event/EventVO.java | 12 +-
.../src/com/cloud/gpu/HostGpuGroupsVO.java | 70 ++
.../schema/src/com/cloud/gpu/VGPUTypesVO.java | 82 +++
.../src/com/cloud/gpu/dao/HostGpuGroupsDao.java | 60 ++
.../com/cloud/gpu/dao/HostGpuGroupsDaoImpl.java | 94 +++
.../src/com/cloud/gpu/dao/VGPUTypesDao.java | 48 ++
.../src/com/cloud/gpu/dao/VGPUTypesDaoImpl.java | 95 +++
engine/schema/src/com/cloud/host/HostVO.java | 13 +
.../src/com/cloud/host/dao/HostDaoImpl.java | 18 +
.../com/cloud/network/vpc/NetworkACLItemVO.java | 14 +-
.../cloud/service/ServiceOfferingDetailsVO.java | 4 +
.../com/cloud/storage/GuestOSHypervisorVO.java | 62 +-
.../schema/src/com/cloud/storage/GuestOSVO.java | 25 +-
.../cloud/storage/dao/GuestOSHypervisorDao.java | 3 +
.../storage/dao/GuestOSHypervisorDaoImpl.java | 27 +
.../cloud/upgrade/dao/DatabaseAccessObject.java | 99 +++
.../com/cloud/upgrade/dao/DbUpgradeUtils.java | 76 +--
.../datastore/db/SnapshotDataStoreVO.java | 11 +-
.../datastore/db/TemplateDataStoreVO.java | 11 +-
.../storage/datastore/db/VolumeDataStoreVO.java | 11 +-
.../upgrade/dao/DatabaseAccessObjectTest.java | 463 +++++++++++++
.../cloud/upgrade/dao/DbUpgradeUtilsTest.java | 162 +++++
.../motion/AncientDataMotionStrategy.java | 25 +-
.../storage/motion/DataMotionServiceImpl.java | 9 +-
.../storage/image/TemplateServiceImpl.java | 13 +-
.../storage/image/store/TemplateObject.java | 15 +
.../storage/test/MockStorageMotionStrategy.java | 5 +
.../storage/datastore/PrimaryDataStoreImpl.java | 20 +-
.../datastore/provider/DefaultHostListener.java | 2 +-
.../storage/volume/VolumeServiceImpl.java | 156 ++++-
packaging/centos63/cloud-agent.rc | 2 +-
packaging/centos63/cloud-ipallocator.rc | 2 +-
.../networkservice/BareMetalResourceBase.java | 3 +-
.../hypervisor/hyperv/guru/HypervGuru.java | 9 +-
.../resource/HypervDirectConnectResource.java | 218 +++++-
.../kvm/resource/LibvirtComputingResource.java | 110 ++-
.../cloud/ovm/hypervisor/OvmResourceBase.java | 2 +-
.../cloud/resource/AgentRoutingResource.java | 2 +-
.../motion/SimulatorDataMotionStrategy.java | 5 +
.../vmware/resource/VmwareResource.java | 2 +-
.../network/element/CiscoNexusVSMElement.java | 5 +-
.../motion/VmwareStorageMotionStrategy.java | 5 +
.../src/com/cloud/hypervisor/XenServerGuru.java | 33 +-
.../xen/resource/CitrixResourceBase.java | 256 +++++--
.../xen/resource/XenServer610Resource.java | 8 -
.../xen/resource/XenServerPoolVms.java | 41 +-
.../xen/resource/XenServerStorageProcessor.java | 126 +++-
.../xenserver/XenServerResourceNewBase.java | 20 +-
.../motion/XenServerStorageMotionStrategy.java | 5 +
.../api/command/CreateServiceInstanceCmd.java | 2 +-
.../contrail/management/MockAccountManager.java | 5 +
.../driver/CloudStackImageStoreDriverImpl.java | 12 +-
.../apache/cloudstack/ldap/LdapUserManager.java | 8 +-
.../cloudstack/ldap/LdapUserManagerSpec.groovy | 263 ++++----
.../SYSCONFDIR/rc.d/init.d/cloud-ipallocator.in | 2 +-
.../SYSCONFDIR/rc.d/init.d/cloud-ipallocator.in | 2 +-
.../SYSCONFDIR/init.d/cloud-ipallocator.in | 2 +-
.../SYSCONFDIR/rc.d/init.d/cloud-ipallocator.in | 2 +-
.../sles/SYSCONFDIR/init.d/cloud-ipallocator.in | 2 +-
.../SYSCONFDIR/init.d/cloud-ipallocator.in | 2 +-
.../vm/hypervisor/xenserver/createipAlias.sh | 25 -
.../vm/hypervisor/xenserver/deleteipAlias.sh | 24 -
scripts/vm/hypervisor/xenserver/vmops | 16 -
scripts/vm/hypervisor/xenserver/xcposs/patch | 12 -
scripts/vm/hypervisor/xenserver/xcpserver/patch | 9 -
.../vm/hypervisor/xenserver/xenserver56/patch | 7 -
.../hypervisor/xenserver/xenserver56fp1/patch | 7 -
.../vm/hypervisor/xenserver/xenserver60/patch | 7 -
.../vm/hypervisor/xenserver/xenserver62/patch | 7 -
.../core/spring-server-core-misc-context.xml | 12 +
.../allocator/impl/FirstFitAllocator.java | 17 +-
server/src/com/cloud/api/ApiDBUtils.java | 30 +
server/src/com/cloud/api/ApiDispatcher.java | 481 ++------------
server/src/com/cloud/api/ApiResponseHelper.java | 26 +-
server/src/com/cloud/api/ApiServer.java | 413 ++++++------
server/src/com/cloud/api/ApiServlet.java | 133 ++--
.../api/dispatch/CommandCreationWorker.java | 56 ++
.../com/cloud/api/dispatch/DispatchChain.java | 40 ++
.../api/dispatch/DispatchChainFactory.java | 72 ++
.../com/cloud/api/dispatch/DispatchTask.java | 58 ++
.../com/cloud/api/dispatch/DispatchWorker.java | 30 +
.../dispatch/ParamGenericValidationWorker.java | 103 +++
.../cloud/api/dispatch/ParamProcessWorker.java | 428 ++++++++++++
.../cloud/api/dispatch/ParamUnpackWorker.java | 114 ++++
.../dispatch/SpecificCmdValidationWorker.java | 34 +
.../com/cloud/api/query/QueryManagerImpl.java | 22 +-
.../api/query/dao/DiskOfferingJoinDaoImpl.java | 1 +
.../cloud/api/query/dao/HostJoinDaoImpl.java | 25 +
.../query/dao/ServiceOfferingJoinDaoImpl.java | 4 +
.../api/query/dao/TemplateJoinDaoImpl.java | 3 +-
.../cloud/api/query/dao/UserVmJoinDaoImpl.java | 6 +
.../cloud/api/query/vo/DiskOfferingJoinVO.java | 7 +-
.../src/com/cloud/api/query/vo/EventJoinVO.java | 8 +-
.../api/query/vo/ServiceOfferingJoinVO.java | 28 +
server/src/com/cloud/configuration/Config.java | 4 +-
.../configuration/ConfigurationManagerImpl.java | 104 ++-
.../consoleproxy/ConsoleProxyManagerImpl.java | 11 +-
.../deploy/DeploymentPlanningManagerImpl.java | 12 +
.../src/com/cloud/event/ActionEventUtils.java | 18 +-
.../cloud/hypervisor/HypervisorGuruBase.java | 15 +
.../com/cloud/network/IpAddressManagerImpl.java | 4 +-
.../src/com/cloud/network/NetworkModelImpl.java | 14 +-
.../com/cloud/network/NetworkServiceImpl.java | 5 +-
.../cloud/network/NetworkUsageManagerImpl.java | 4 +
.../cloud/network/as/AutoScaleManagerImpl.java | 7 +-
.../network/element/VirtualRouterElement.java | 71 +-
.../element/VpcVirtualRouterElement.java | 14 +-
.../router/VirtualNetworkApplianceManager.java | 16 +-
.../VirtualNetworkApplianceManagerImpl.java | 129 ++--
.../VpcVirtualNetworkApplianceManagerImpl.java | 76 ++-
.../com/cloud/network/vpc/VpcManagerImpl.java | 5 +-
.../com/cloud/resource/ResourceManagerImpl.java | 97 ++-
.../src/com/cloud/server/ManagementServer.java | 3 +
.../com/cloud/server/ManagementServerImpl.java | 257 ++++++-
server/src/com/cloud/server/StatsCollector.java | 21 +
.../com/cloud/storage/VolumeApiServiceImpl.java | 17 +
.../storage/snapshot/SnapshotSchedulerImpl.java | 105 +--
.../src/com/cloud/user/AccountManagerImpl.java | 46 ++
server/src/com/cloud/vm/UserVmManagerImpl.java | 21 +-
.../test/com/cloud/api/ApiDispatcherTest.java | 106 ---
.../api/dispatch/CommandCreationWorkerTest.java | 48 ++
.../api/dispatch/DispatchChainFactoryTest.java | 55 ++
.../ParamGenericValidationWorkerTest.java | 195 ++++++
.../api/dispatch/ParamProcessWorkerTest.java | 107 +++
.../SpecificCmdValidationWorkerTest.java | 48 ++
.../cloud/network/vpc/VpcManagerImplTest.java | 66 ++
.../cloud/resource/MockResourceManagerImpl.java | 31 +
.../com/cloud/user/MockAccountManagerImpl.java | 5 +
.../vm/DeploymentPlanningManagerImplTest.java | 12 +
.../MockVpcVirtualNetworkApplianceManager.java | 39 +-
server/test/resources/createNetworkOffering.xml | 4 +-
.../SecondaryStorageManagerImpl.java | 7 +
setup/db/db/schema-421to430.sql | 4 +
setup/db/db/schema-430to440.sql | 37 +-
systemvm/conf/consoleproxy.properties | 2 +-
.../rc.d/init.d/cloud-console-proxy.in | 2 +-
.../rc.d/init.d/cloud-console-proxy.in | 2 +-
.../rc.d/init.d/cloud-console-proxy.in | 2 +-
.../SYSCONFDIR/init.d/cloud-console-proxy.in | 2 +-
.../debian/config/etc/init.d/cloud-early-config | 18 +-
.../debian/config/opt/cloud/bin/vr_cfg.sh | 96 +++
.../component/test_cpu_domain_limits.py | 11 +-
test/integration/component/test_cpu_limits.py | 15 +-
.../component/test_cpu_project_limits.py | 7 +-
.../component/test_dynamic_compute_offering.py | 409 ++++++++++++
.../integration/component/test_memory_limits.py | 15 +-
.../component/test_mm_domain_limits.py | 7 +-
.../component/test_mm_project_limits.py | 7 +-
test/integration/component/test_routers.py | 28 +-
.../component/test_vpc_vm_life_cycle.py | 108 +--
.../smoke/test_deploy_vgpu_enabled_vm.py | 227 +++++++
test/integration/smoke/test_deploy_vm.py | 52 +-
tools/marvin/marvin/codes.py | 1 +
tools/marvin/marvin/configGenerator.py | 5 +-
tools/marvin/marvin/integration/lib/base.py | 32 +-
tools/marvin/marvin/integration/lib/common.py | 39 +-
tools/marvin/marvin/integration/lib/utils.py | 3 +-
.../marvin/sandbox/advanced/advanced_env.py | 23 +-
.../marvin/sandbox/advancedsg/advancedsg_env.py | 18 +-
tools/marvin/marvin/sandbox/basic/basic_env.py | 16 +-
.../sandbox/demo/simulator/simulator_setup.py | 16 +-
tools/ngui/static/js/app/accounts/accounts.js | 16 +-
tools/ngui/static/js/app/storage/storage.js | 2 +-
ui/css/cloudstack3.css | 42 +-
ui/dictionary.jsp | 220 +++++-
ui/images/sprites.png | Bin 212515 -> 211543 bytes
ui/index.jsp | 11 +
.../vnmcNetworkProvider/vnmcNetworkProvider.js | 50 +-
ui/scripts/configuration.js | 350 ++++++++--
ui/scripts/installWizard.js | 6 +-
ui/scripts/instanceWizard.js | 16 +-
ui/scripts/instances.js | 24 +-
ui/scripts/network.js | 62 +-
ui/scripts/sharedFunctions.js | 28 +-
ui/scripts/storage.js | 6 +-
ui/scripts/system.js | 662 ++++++++++---------
ui/scripts/templates.js | 6 +-
ui/scripts/ui-custom/instanceWizard.js | 8 +
ui/scripts/ui-custom/zoneChart.js | 16 +-
ui/scripts/ui/core.js | 2 +-
ui/scripts/ui/dialog.js | 2 +-
ui/scripts/ui/widgets/multiEdit.js | 2 +-
ui/scripts/ui/widgets/tagger.js | 4 +-
ui/scripts/vpc.js | 16 +-
ui/scripts/zoneWizard.js | 12 +-
utils/src/com/cloud/utils/ReflectUtil.java | 13 +
306 files changed, 11294 insertions(+), 2990 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/com/cloud/storage/VolumeApiService.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/com/cloud/user/AccountService.java
----------------------------------------------------------------------
diff --cc api/src/com/cloud/user/AccountService.java
index 37f6105,de0b470..85c71ca
--- a/api/src/com/cloud/user/AccountService.java
+++ b/api/src/com/cloud/user/AccountService.java
@@@ -108,9 -103,6 +108,11 @@@ public interface AccountService
void checkAccess(Account account, AccessType accessType, boolean sameOwner, ControlledEntity... entities) throws PermissionDeniedException;
- Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly);
+ void checkAccess(Account account, AccessType accessType, boolean sameOwner, String apiName,
+ ControlledEntity... entities) throws PermissionDeniedException;
+ //TO be implemented, to check accessibility for an entity owned by domain
+ void checkAccess(Account account, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException;
++
++ Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/ApiConstants.java
index 62191fc,089affb..239b8cd
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@@ -568,8 -583,12 +583,13 @@@ public class ApiConstants
public static final String PASSIVE = "passive";
public static final String VERSION = "version";
public static final String START = "start";
+ public static final String GPUGROUP = "gpugroup";
+ public static final String GPUGROUPNAME = "gpugroupname";
+ public static final String VGPU = "vgpu";
+ public static final String VGPUTYPE = "vgputype";
+ public static final String REMAININGCAPACITY = "remainingcapacity";
+
public enum HostDetails {
all, capacity, events, stats, min;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/BaseCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/BaseCmd.java
index 7c720c9,937ccc2..f6f21ae
--- a/api/src/org/apache/cloudstack/api/BaseCmd.java
+++ b/api/src/org/apache/cloudstack/api/BaseCmd.java
@@@ -26,22 -29,21 +29,22 @@@ import java.util.regex.Pattern
import javax.inject.Inject;
++import org.apache.log4j.Logger;
++
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.affinity.AffinityGroupService;
import org.apache.cloudstack.alert.AlertService;
+ import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.network.element.InternalLoadBalancerElementService;
import org.apache.cloudstack.network.lb.ApplicationLoadBalancerService;
import org.apache.cloudstack.network.lb.InternalLoadBalancerVMService;
import org.apache.cloudstack.query.QueryService;
import org.apache.cloudstack.usage.UsageService;
--import org.apache.log4j.Logger;
import com.cloud.configuration.ConfigurationService;
- import com.cloud.domain.Domain;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
- import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.NetworkRuleConflictException;
- import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.NetworkModel;
@@@ -264,92 -279,68 +280,68 @@@ public abstract class BaseCmd
return formattedString;
}
- // FIXME: move this to a utils method so that maps can be unpacked and integer/long values can be appropriately cast
- @SuppressWarnings({"unchecked", "rawtypes"})
- public Map<String, Object> unpackParams(Map<String, String> params) {
- Map<String, Object> lowercaseParams = new HashMap<String, Object>();
- for (String key : params.keySet()) {
- int arrayStartIndex = key.indexOf('[');
- int arrayStartLastIndex = key.lastIndexOf('[');
- if (arrayStartIndex != arrayStartLastIndex) {
- throw new ServerApiException(ApiErrorCode.MALFORMED_PARAMETER_ERROR, "Unable to decode parameter " + key +
- "; if specifying an object array, please use parameter[index].field=XXX, e.g. userGroupList[0].group=httpGroup");
- }
-
- if (arrayStartIndex > 0) {
- int arrayEndIndex = key.indexOf(']');
- int arrayEndLastIndex = key.lastIndexOf(']');
- if ((arrayEndIndex < arrayStartIndex) || (arrayEndIndex != arrayEndLastIndex)) {
- // malformed parameter
- throw new ServerApiException(ApiErrorCode.MALFORMED_PARAMETER_ERROR, "Unable to decode parameter " + key +
- "; if specifying an object array, please use parameter[index].field=XXX, e.g. userGroupList[0].group=httpGroup");
- }
+ protected List<Field> getAllFieldsForClass(final Class<?> clazz) {
+ List<Field> filteredFields = fieldsForCmdClass.get(clazz);
- // Now that we have an array object, check for a field name in the case of a complex object
- int fieldIndex = key.indexOf('.');
- String fieldName = null;
- if (fieldIndex < arrayEndIndex) {
- throw new ServerApiException(ApiErrorCode.MALFORMED_PARAMETER_ERROR, "Unable to decode parameter " + key +
- "; if specifying an object array, please use parameter[index].field=XXX, e.g. userGroupList[0].group=httpGroup");
- } else {
- fieldName = key.substring(fieldIndex + 1);
- }
+ // If list of fields was not cached yet
+ if (filteredFields == null) {
+ final List<Field> allFields = ReflectUtil.getAllFieldsForClass(this.getClass(), BaseCmd.class);
+ filteredFields = new ArrayList<Field>();
- // parse the parameter name as the text before the first '[' character
- String paramName = key.substring(0, arrayStartIndex);
- paramName = paramName.toLowerCase();
-
- Map<Integer, Map> mapArray = null;
- Map<String, Object> mapValue = null;
- String indexStr = key.substring(arrayStartIndex + 1, arrayEndIndex);
- int index = 0;
- boolean parsedIndex = false;
- try {
- if (indexStr != null) {
- index = Integer.parseInt(indexStr);
- parsedIndex = true;
+ for (final Field field : allFields) {
+ final Parameter parameterAnnotation = field.getAnnotation(Parameter.class);
+ if ((parameterAnnotation != null) && parameterAnnotation.expose()) {
+ filteredFields.add(field);
+ }
- } catch (NumberFormatException nfe) {
- s_logger.warn("Invalid parameter " + key + " received, unable to parse object array, returning an error.");
}
- }
- if (!parsedIndex) {
- throw new ServerApiException(ApiErrorCode.MALFORMED_PARAMETER_ERROR, "Unable to decode parameter " + key +
- "; if specifying an object array, please use parameter[index].field=XXX, e.g. userGroupList[0].group=httpGroup");
+ // Cache the prepared list for future use
+ fieldsForCmdClass.put(clazz, filteredFields);
- }
++ }
+ return filteredFields;
- }
+ }
- Object value = lowercaseParams.get(paramName);
- if (value == null) {
- // for now, assume object array with sub fields
- mapArray = new HashMap<Integer, Map>();
- mapValue = new HashMap<String, Object>();
- mapArray.put(Integer.valueOf(index), mapValue);
- } else if (value instanceof Map) {
- mapArray = (HashMap)value;
- mapValue = mapArray.get(Integer.valueOf(index));
- if (mapValue == null) {
- mapValue = new HashMap<String, Object>();
- mapArray.put(Integer.valueOf(index), mapValue);
+ /**
+ * This method doesn't return all the @{link Parameter}, but only the ones exposed
+ * and allowed for current @{link RoleType}. This method will get the fields for a given
+ * Cmd class only once and never again, so in case of a dynamic update the result would
+ * be obsolete (this might be a plugin update. It is agreed upon that we will not do
+ * upgrades dynamically but in case we come back on that decision we need to revisit this)
+ *
+ * @return
+ */
+ public List<Field> getParamFields() {
+ final List<Field> allFields = getAllFieldsForClass(this.getClass());
+ final List<Field> validFields = new ArrayList<Field>();
+ final Account caller = CallContext.current().getCallingAccount();
+
+ for (final Field field : allFields) {
+ final Parameter parameterAnnotation = field.getAnnotation(Parameter.class);
+
+ //TODO: Annotate @Validate on API Cmd classes, FIXME how to process Validate
+ final RoleType[] allowedRoles = parameterAnnotation.authorized();
+ boolean roleIsAllowed = true;
+ if (allowedRoles.length > 0) {
+ roleIsAllowed = false;
+ for (final RoleType allowedRole : allowedRoles) {
+ if (allowedRole.getValue() == caller.getType()) {
+ roleIsAllowed = true;
+ break;
}
}
+ }
- // we are ready to store the value for a particular field into the map for this object
- mapValue.put(fieldName, params.get(key));
-
- lowercaseParams.put(paramName, mapArray);
+ if (roleIsAllowed) {
+ validFields.add(field);
} else {
- lowercaseParams.put(key.toLowerCase(), params.get(key));
+ s_logger.debug("Ignoring paremeter " + parameterAnnotation.name() + " as the caller is not authorized to pass it in");
}
}
- return lowercaseParams;
- }
- protected long getInstanceIdFromJobSuccessResult(String result) {
- s_logger.debug("getInstanceIdFromJobSuccessResult not overridden in subclass " + this.getClass().getName());
- return 0;
+ return validFields;
}
- public void setFullUrlParams(Map<String, String> map) {
+ public void setFullUrlParams(final Map<String, String> map) {
fullUrlParams = map;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/ResponseGenerator.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
index eb9145c,6a6dd25..378a826
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
@@@ -16,12 -16,7 +16,13 @@@
// under the License.
package org.apache.cloudstack.api.command.user.affinitygroup;
++
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/iso/ListIsosCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/iso/RegisterIsoCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
index 19b29bd,92105c1..d0a5234
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
@@@ -16,9 -16,6 +16,10 @@@
// under the License.
package org.apache.cloudstack.api.command.user.ssh;
++
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseCmd;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
index b8ac561,e9a5213..4c3a415
--- a/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
@@@ -18,18 -18,14 +18,18 @@@ package org.apache.cloudstack.api.comma
import java.util.List;
+ import org.apache.cloudstack.api.BaseAsyncVMCmd;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
- import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.UserVmResponse;
import org.apache.cloudstack.context.CallContext;
@@@ -40,10 -36,12 +40,10 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "destroyVirtualMachine",
- description = "Destroys a virtual machine. Once destroyed, only the administrator can recover it.",
- responseObject = UserVmResponse.class,
+@APICommand(name = "destroyVirtualMachine", description = "Destroys a virtual machine. Once destroyed, only the administrator can recover it.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
requestHasSensitiveInfo = false,
responseHasSensitiveInfo = true)
- public class DestroyVMCmd extends BaseAsyncCmd {
+ public class DestroyVMCmd extends BaseAsyncVMCmd {
public static final Logger s_logger = Logger.getLogger(DestroyVMCmd.class.getName());
private static final String s_name = "destroyvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
index 8f04430,c547d62..0f04114
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
@@@ -16,18 -16,14 +16,18 @@@
// under the License.
package org.apache.cloudstack.api.command.user.vm;
+ import org.apache.cloudstack.api.BaseAsyncVMCmd;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
- import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.UserVmResponse;
import org.apache.cloudstack.context.CallContext;
@@@ -38,9 -34,9 +38,9 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "rebootVirtualMachine", description = "Reboots a virtual machine.", responseObject = UserVmResponse.class,
+@APICommand(name = "rebootVirtualMachine", description = "Reboots a virtual machine.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
- public class RebootVMCmd extends BaseAsyncCmd {
+ public class RebootVMCmd extends BaseAsyncVMCmd {
public static final Logger s_logger = Logger.getLogger(RebootVMCmd.class.getName());
private static final String s_name = "rebootvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
index 2fd508b,461ce7f..615ef69
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
@@@ -16,18 -16,14 +16,18 @@@
// under the License.
package org.apache.cloudstack.api.command.user.vm;
+ import org.apache.cloudstack.api.BaseAsyncVMCmd;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
- import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.UserVmResponse;
import org.apache.cloudstack.context.CallContext;
@@@ -38,11 -34,10 +38,11 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "resetPasswordForVirtualMachine", responseObject = UserVmResponse.class, description = "Resets the password for virtual machine. "
- + "The virtual machine must be in a \"Stopped\" state and the template must already " + "support this feature for this command to take effect. [async]",
+@APICommand(name = "resetPasswordForVirtualMachine", responseObject=UserVmResponse.class, description="Resets the password for virtual machine. " +
+ "The virtual machine must be in a \"Stopped\" state and the template must already " +
+ "support this feature for this command to take effect. [async]", responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
- public class ResetVMPasswordCmd extends BaseAsyncCmd {
+ public class ResetVMPasswordCmd extends BaseAsyncVMCmd {
public static final Logger s_logger = Logger.getLogger(ResetVMPasswordCmd.class.getName());
private static final String s_name = "resetpasswordforvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
index 288eed7,b7ab357..7d43853
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
@@@ -17,18 -17,14 +17,18 @@@
package org.apache.cloudstack.api.command.user.vm;
+ import org.apache.cloudstack.api.BaseAsyncVMCmd;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
- import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.DomainResponse;
import org.apache.cloudstack.api.response.ProjectResponse;
@@@ -41,10 -37,10 +41,10 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "resetSSHKeyForVirtualMachine", responseObject = UserVmResponse.class, description = "Resets the SSH Key for virtual machine. "
- + "The virtual machine must be in a \"Stopped\" state. [async]",
+@APICommand(name = "resetSSHKeyForVirtualMachine", responseObject = UserVmResponse.class, description = "Resets the SSH Key for virtual machine. " +
+ "The virtual machine must be in a \"Stopped\" state. [async]", responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
- public class ResetVMSSHKeyCmd extends BaseAsyncCmd {
+ public class ResetVMSSHKeyCmd extends BaseAsyncVMCmd {
public static final Logger s_logger = Logger.getLogger(ResetVMSSHKeyCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
index 9befc67,81c40ec..0d5ef70
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
@@@ -16,17 -16,13 +16,17 @@@
// under the License.
package org.apache.cloudstack.api.command.user.vm;
+ import org.apache.cloudstack.api.BaseAsyncVMCmd;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
- import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.TemplateResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
@@@ -40,10 -36,13 +40,10 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "restoreVirtualMachine",
- description = "Restore a VM to original template/ISO or new template/ISO",
- responseObject = UserVmResponse.class,
- since = "3.0.0",
+@APICommand(name = "restoreVirtualMachine", description = "Restore a VM to original template/ISO or new template/ISO", responseObject = UserVmResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
requestHasSensitiveInfo = false,
responseHasSensitiveInfo = true)
- public class RestoreVMCmd extends BaseAsyncCmd {
+ public class RestoreVMCmd extends BaseAsyncVMCmd {
public static final Logger s_logger = Logger.getLogger(RestoreVMCmd.class);
private static final String s_name = "restorevmresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
index cd658cb,07672c0..d668ad4
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
@@@ -30,10 -26,9 +30,10 @@@ import org.apache.cloudstack.api.ACL
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
- import org.apache.cloudstack.api.BaseAsyncCmd;
+ import org.apache.cloudstack.api.BaseAsyncVMCmd;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.ServiceOfferingResponse;
import org.apache.cloudstack.api.response.SuccessResponse;
@@@ -47,10 -43,9 +47,10 @@@ import com.cloud.exception.VirtualMachi
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class,
+
+@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
- public class ScaleVMCmd extends BaseAsyncCmd {
+ public class ScaleVMCmd extends BaseAsyncVMCmd {
public static final Logger s_logger = Logger.getLogger(ScaleVMCmd.class.getName());
private static final String s_name = "scalevirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
index 2e4187d,553b753..4e91c7b
--- a/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
@@@ -16,18 -16,14 +16,18 @@@
// under the License.
package org.apache.cloudstack.api.command.user.vm;
+ import org.apache.cloudstack.api.BaseAsyncVMCmd;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
- import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.HostResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
@@@ -44,9 -40,9 +44,9 @@@ import com.cloud.user.Account
import com.cloud.uservm.UserVm;
import com.cloud.utils.exception.ExecutionException;
-@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.",
+@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
- public class StartVMCmd extends BaseAsyncCmd {
+ public class StartVMCmd extends BaseAsyncVMCmd {
public static final Logger s_logger = Logger.getLogger(StartVMCmd.class.getName());
private static final String s_name = "startvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
index fe94964,e9fa97b..6db5d18
--- a/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
@@@ -16,18 -16,15 +16,18 @@@
// under the License.
package org.apache.cloudstack.api.command.user.vm;
+ import org.apache.cloudstack.api.BaseAsyncVMCmd;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
- import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.UserVmResponse;
import org.apache.cloudstack.context.CallContext;
@@@ -37,9 -34,9 +37,9 @@@ import com.cloud.exception.ConcurrentOp
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.",
+@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
- public class StopVMCmd extends BaseAsyncCmd {
+ public class StopVMCmd extends BaseAsyncVMCmd {
public static final Logger s_logger = Logger.getLogger(StopVMCmd.class.getName());
private static final String s_name = "stopvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
index 553e2e9,7939edf..f9d9081
--- a/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
@@@ -15,18 -15,15 +15,19 @@@
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.user.volume;
+
-import org.apache.cloudstack.api.BaseAsyncVolumeCmd;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
- import org.apache.cloudstack.api.BaseAsyncCmd;
++import org.apache.cloudstack.api.BaseAsyncVolumeCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.UserVmResponse;
import org.apache.cloudstack.api.response.VolumeResponse;
@@@ -36,9 -33,9 +37,9 @@@ import com.cloud.event.EventTypes
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "attachVolume", description = "Attaches a disk volume to a virtual machine.", responseObject = VolumeResponse.class,
+@APICommand(name = "attachVolume", description = "Attaches a disk volume to a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
- public class AttachVolumeCmd extends BaseAsyncCmd {
+ public class AttachVolumeCmd extends BaseAsyncVolumeCmd {
public static final Logger s_logger = Logger.getLogger(AttachVolumeCmd.class.getName());
private static final String s_name = "attachvolumeresponse";
@@@ -67,6 -66,6 +68,7 @@@
return deviceId;
}
++ @Override
public Long getId() {
return id;
}
@@@ -109,17 -108,8 +111,8 @@@
}
@Override
- public boolean isDisplayResourceEnabled(){
- Volume volume = _responseGenerator.findVolumeById(getId());
- if (volume == null) {
- return true; // bad id given, parent this command to true so ERROR events are tracked
- }
- return volume.isDisplayVolume();
- }
-
- @Override
public String getEventDescription() {
- return "attaching volume: " + getId() + " to vm: " + getVirtualMachineId();
+ return "attaching volume: " + getId() + " to vm: " + getVirtualMachineId();
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
index ad06bc2,31d75d8..9b83f61
--- a/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
@@@ -221,10 -221,9 +222,9 @@@ public class CreateVolumeCmd extends Ba
@Override
public void execute() {
CallContext.current().setEventDetails("Volume Id: " + getEntityId() + ((getSnapshotId() == null) ? "" : " from snapshot: " + getSnapshotId()));
- CallContext.current().setEventDisplayEnabled(getDisplayVolume());
Volume volume = _volumeService.createVolume(this);
if (volume != null) {
- VolumeResponse response = _responseGenerator.createVolumeResponse(volume);
+ VolumeResponse response = _responseGenerator.createVolumeResponse(ResponseView.Restricted, volume);
//FIXME - have to be moved to ApiResponseHelper
if (getSnapshotId() != null) {
Snapshot snap = _entityMgr.findById(Snapshot.class, getSnapshotId());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
index 546a9d5,eff7a35..6ca96b0
--- a/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
@@@ -81,12 -77,17 +81,17 @@@ public class DeleteVolumeCmd extends Ba
}
@Override
+ public boolean isDisplayResourceEnabled(){
+ return _volumeService.isDisplayResourceEnabled(getId());
+ }
+
+ @Override
public void execute() throws ConcurrentOperationException {
CallContext.current().setEventDetails("Volume Id: " + getId());
- boolean result = this._volumeService.deleteVolume(id, CallContext.current().getCallingAccount());
+ boolean result = _volumeService.deleteVolume(id, CallContext.current().getCallingAccount());
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
- this.setResponseObject(response);
+ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete volume");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
index 1a874e1,b45ad0b..bfd0322
--- a/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
@@@ -15,18 -15,15 +15,19 @@@
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.user.volume;
+
-import org.apache.cloudstack.api.BaseAsyncVolumeCmd;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
- import org.apache.cloudstack.api.BaseAsyncCmd;
++import org.apache.cloudstack.api.BaseAsyncVolumeCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.UserVmResponse;
import org.apache.cloudstack.api.response.VolumeResponse;
@@@ -37,9 -34,9 +38,9 @@@ import com.cloud.storage.Volume
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "detachVolume", description = "Detaches a disk volume from a virtual machine.", responseObject = VolumeResponse.class,
+@APICommand(name = "detachVolume", description = "Detaches a disk volume from a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.Volume},
requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
- public class DetachVolumeCmd extends BaseAsyncCmd {
+ public class DetachVolumeCmd extends BaseAsyncVolumeCmd {
public static final Logger s_logger = Logger.getLogger(DetachVolumeCmd.class.getName());
private static final String s_name = "detachvolumeresponse";
@@@ -65,6 -60,6 +66,7 @@@
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
++ @Override
public Long getId() {
return id;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
index b9883cc,7f5cd0d..cc7f56c
--- a/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
@@@ -16,11 -16,9 +16,12 @@@
// under the License.
package org.apache.cloudstack.api.command.user.volume;
+ import org.apache.cloudstack.api.BaseAsyncVolumeCmd;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@@ -39,9 -36,9 +39,9 @@@ import com.cloud.storage.Upload
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "extractVolume", description = "Extracts volume", responseObject = ExtractResponse.class,
+@APICommand(name = "extractVolume", description = "Extracts volume", responseObject = ExtractResponse.class, entityType = {IAMEntityType.Volume},
requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
- public class ExtractVolumeCmd extends BaseAsyncCmd {
+ public class ExtractVolumeCmd extends BaseAsyncVolumeCmd {
public static final Logger s_logger = Logger.getLogger(ExtractVolumeCmd.class.getName());
private static final String s_name = "extractvolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
index 820d73d,126f1f3..d80595a
--- a/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
@@@ -20,9 -19,8 +20,9 @@@ import org.apache.cloudstack.acl.IAMEnt
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
- import org.apache.cloudstack.api.BaseAsyncCmd;
+ import org.apache.cloudstack.api.BaseAsyncVolumeCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.StoragePoolResponse;
import org.apache.cloudstack.api.response.VolumeResponse;
@@@ -31,12 -29,12 +31,12 @@@ import com.cloud.event.EventTypes
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "migrateVolume", description = "Migrate volume", responseObject = VolumeResponse.class, since = "3.0.0",
+@APICommand(name = "migrateVolume", description = "Migrate volume", responseObject = VolumeResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = {IAMEntityType.Volume},
requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
- public class MigrateVolumeCmd extends BaseAsyncCmd {
+ public class MigrateVolumeCmd extends BaseAsyncVolumeCmd {
private static final String s_name = "migratevolumeresponse";
- /////////////////////////////////////////////////////
+ /////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
index 2f34c75,d51cdc5..d5cd62b
--- a/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
@@@ -24,9 -20,8 +24,9 @@@ import org.apache.cloudstack.api.APICom
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
- import org.apache.cloudstack.api.BaseAsyncCmd;
+ import org.apache.cloudstack.api.BaseAsyncVolumeCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.VolumeResponse;
@@@ -40,10 -36,9 +40,10 @@@ import com.cloud.projects.Project
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "resizeVolume", description = "Resizes a volume", responseObject = VolumeResponse.class,
+
+@APICommand(name = "resizeVolume", description = "Resizes a volume", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.Volume},
requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
- public class ResizeVolumeCmd extends BaseAsyncCmd {
+ public class ResizeVolumeCmd extends BaseAsyncVolumeCmd {
public static final Logger s_logger = Logger.getLogger(ResizeVolumeCmd.class.getName());
private static final String s_name = "resizevolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/client/tomcatconf/commands.properties.in
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
----------------------------------------------------------------------
diff --cc engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
index 6e55bd2,e36dc62..6aa1e36
--- a/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
+++ b/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
@@@ -16,41 -16,6 +16,43 @@@
// under the License.
package org.apache.cloudstack.engine.orchestration;
++
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
- import org.apache.cloudstack.acl.IAMEntityType;
++import org.apache.log4j.Logger;
++
+import org.apache.cloudstack.acl.ControlledEntity.ACLType;
++import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
+import org.apache.cloudstack.framework.config.ConfigDepot;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.framework.config.Configurable;
+import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.messagebus.MessageBus;
+import org.apache.cloudstack.framework.messagebus.PublishScope;
+import org.apache.cloudstack.managed.context.ManagedContextRunnable;
+import org.apache.cloudstack.region.PortableIpDao;
- import org.apache.log4j.Logger;
+
import com.cloud.agent.AgentManager;
import com.cloud.agent.Listener;
import com.cloud.agent.api.AgentControlAnswer;
@@@ -1082,16 -1067,42 +1085,42 @@@ public class NetworkOrchestrator extend
}
}
+ for (NetworkElement element : networkElements) {
+ if ((element instanceof AggregatedCommandExecutor) && (providersToImplement.contains(element.getProvider()))) {
+ ((AggregatedCommandExecutor)element).prepareAggregatedExecution(network, dest);
+ }
+ }
+
+ try {
- // reapply all the firewall/staticNat/lb rules
- s_logger.debug("Reprogramming network " + network + " as a part of network implement");
- if (!reprogramNetworkRules(network.getId(), CallContext.current().getCallingAccount(), network)) {
- s_logger.warn("Failed to re-program the network as a part of network " + network + " implement");
- // see DataCenterVO.java
- ResourceUnavailableException ex = new ResourceUnavailableException("Unable to apply network rules as a part of network " + network + " implement", DataCenter.class,
- network.getDataCenterId());
- ex.addProxyObject(_entityMgr.findById(DataCenter.class, network.getDataCenterId()).getUuid());
- throw ex;
- }
+ // reapply all the firewall/staticNat/lb rules
+ s_logger.debug("Reprogramming network " + network + " as a part of network implement");
+ if (!reprogramNetworkRules(network.getId(), CallContext.current().getCallingAccount(), network)) {
+ s_logger.warn("Failed to re-program the network as a part of network " + network + " implement");
+ // see DataCenterVO.java
+ ResourceUnavailableException ex = new ResourceUnavailableException("Unable to apply network rules as a part of network " + network + " implement", DataCenter.class,
+ network.getDataCenterId());
+ ex.addProxyObject(_entityMgr.findById(DataCenter.class, network.getDataCenterId()).getUuid());
+ throw ex;
+ }
+ for (NetworkElement element : networkElements) {
+ if ((element instanceof AggregatedCommandExecutor) && (providersToImplement.contains(element.getProvider()))) {
+ if (!((AggregatedCommandExecutor)element).completeAggregatedExecution(network, dest)) {
+ s_logger.warn("Failed to re-program the network as a part of network " + network + " implement due to aggregated commands execution failure!");
+ // see DataCenterVO.java
+ ResourceUnavailableException ex = new ResourceUnavailableException("Unable to apply network rules as a part of network " + network + " implement", DataCenter.class,
+ network.getDataCenterId());
+ ex.addProxyObject(_entityMgr.findById(DataCenter.class, network.getDataCenterId()).getUuid());
+ throw ex;
+ }
+ }
+ }
+ } finally {
+ for (NetworkElement element : networkElements) {
+ if ((element instanceof AggregatedCommandExecutor) && (providersToImplement.contains(element.getProvider()))) {
+ ((AggregatedCommandExecutor)element).cleanupAggregatedExecution(network, dest);
+ }
+ }
+ }
}
// This method re-programs the rules/ips for existing network
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/engine/schema/src/com/cloud/event/EventVO.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
----------------------------------------------------------------------
diff --cc plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
index 6e2d70d,fb08dc6..c0b9ee5
--- a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
+++ b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
@@@ -370,10 -347,9 +370,15 @@@ public class MockAccountManager extend
}
@Override
+ public void checkAccess(Account account, AccessType accessType, boolean sameOwner, String apiName,
+ ControlledEntity... entities) throws PermissionDeniedException {
+ // TODO Auto-generated method stub
++ }
+
++ @Override
+ public Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly) {
+ // TODO Auto-generated method stub
+ return null;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/99bdc8d8/server/src/com/cloud/api/ApiDBUtils.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/api/ApiDBUtils.java
index 859ca01,539eb70..432eb94
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@@@ -727,6 -743,9 +743,8 @@@ public class ApiDBUtils
s_networkACLDao = networkACLDao;
s_accountService = accountService;
s_resourceDetailsService = resourceDetailsService;
+ s_hostGpuGroupsDao = hostGpuGroupsDao;
+ s_vgpuTypesDao = vgpuTypesDao;
-
}
// ///////////////////////////////////////////////////////////
[33/50] [abbrv] Merge branch 'master' into rbac.
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java
index 1bb7cc8,61e9428..63eb12b
--- a/api/src/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java
@@@ -42,7 -41,8 +42,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.exception.ResourceAllocationException;
import com.cloud.template.VirtualMachineTemplate;
- @APICommand(name = "registerTemplate", description = "Registers an existing template into the CloudStack cloud. ", responseObject = TemplateResponse.class, responseView = ResponseView.Restricted)
-@APICommand(name = "registerTemplate", description = "Registers an existing template into the CloudStack cloud. ", responseObject = TemplateResponse.class,
++@APICommand(name = "registerTemplate", description = "Registers an existing template into the CloudStack cloud. ", responseObject = TemplateResponse.class, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class RegisterTemplateCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(RegisterTemplateCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplateCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplateCmd.java
index f7a2ac2,bad3a2f..81da7ee
--- a/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplateCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplateCmd.java
@@@ -28,7 -27,8 +28,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.template.VirtualMachineTemplate;
import com.cloud.user.Account;
- @APICommand(name = "updateTemplate", description = "Updates attributes of a template.", responseObject = TemplateResponse.class, responseView = ResponseView.Restricted)
-@APICommand(name = "updateTemplate", description = "Updates attributes of a template.", responseObject = TemplateResponse.class,
++@APICommand(name = "updateTemplate", description = "Updates attributes of a template.", responseObject = TemplateResponse.class, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpdateTemplateCmd extends BaseUpdateTemplateOrIsoCmd {
public static final Logger s_logger = Logger.getLogger(UpdateTemplateCmd.class.getName());
private static final String s_name = "updatetemplateresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
index b2aee46,4c94e57..d5d0c58
--- a/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
@@@ -28,7 -27,8 +28,8 @@@ import com.cloud.user.Account
@APICommand(name = "updateTemplatePermissions", responseObject = SuccessResponse.class, description = "Updates a template visibility permissions. "
+ "A public template is visible to all accounts within the same domain. " + "A private template is visible only to the owner of the template. "
- + "A priviledged template is a private template with account permissions added. " + "Only accounts specified under the template permissions are visible to them.", entityType = {IAMEntityType.VirtualMachineTemplate})
- + "A priviledged template is a private template with account permissions added. " + "Only accounts specified under the template permissions are visible to them.",
++ + "A priviledged template is a private template with account permissions added. " + "Only accounts specified under the template permissions are visible to them.", entityType = {IAMEntityType.VirtualMachineTemplate},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpdateTemplatePermissionsCmd extends BaseUpdateTemplateOrIsoPermissionsCmd {
@Override
protected String getResponseName() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java
index 7857594,46a2010..a1bbe2a
--- a/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java
@@@ -40,7 -36,8 +40,8 @@@ import com.cloud.event.EventTypes
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
- @APICommand(name = "addNicToVirtualMachine", description = "Adds VM to specified network by creating a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "addNicToVirtualMachine", description = "Adds VM to specified network by creating a NIC", responseObject = UserVmResponse.class,
++@APICommand(name = "addNicToVirtualMachine", description = "Adds VM to specified network by creating a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class AddNicToVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AddNicToVMCmd.class);
private static final String s_name = "addnictovirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
index 4be416a,c6f4e19..7d55974
--- a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
@@@ -24,9 -24,7 +24,10 @@@ import java.util.LinkedHashMap
import java.util.List;
import java.util.Map;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.ACL;
@@@ -68,7 -66,8 +69,8 @@@ import com.cloud.template.VirtualMachin
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
- @APICommand(name = "deployVirtualMachine", description = "Creates and automatically starts a virtual machine based on a service offering, disk offering, and template.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "deployVirtualMachine", description = "Creates and automatically starts a virtual machine based on a service offering, disk offering, and template.", responseObject = UserVmResponse.class,
++@APICommand(name = "deployVirtualMachine", description = "Creates and automatically starts a virtual machine based on a service offering, disk offering, and template.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class DeployVMCmd extends BaseAsyncCreateCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(DeployVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
index c34e427,9bfd611..b8ac561
--- a/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
@@@ -40,7 -36,11 +40,9 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
- @APICommand(name = "destroyVirtualMachine", description = "Destroys a virtual machine. Once destroyed, only the administrator can recover it.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "destroyVirtualMachine",
- description = "Destroys a virtual machine. Once destroyed, only the administrator can recover it.",
- responseObject = UserVmResponse.class,
++@APICommand(name = "destroyVirtualMachine", description = "Destroys a virtual machine. Once destroyed, only the administrator can recover it.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = true)
public class DestroyVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DestroyVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java
index 50fa761,6c63213..ebee189
--- a/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java
@@@ -33,7 -30,8 +33,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
- @APICommand(name = "getVMPassword", responseObject = GetVMPasswordResponse.class, description = "Returns an encrypted password for the VM", entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "getVMPassword", responseObject = GetVMPasswordResponse.class, description = "Returns an encrypted password for the VM",
++@APICommand(name = "getVMPassword", responseObject = GetVMPasswordResponse.class, description = "Returns an encrypted password for the VM", entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class GetVMPasswordCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(GetVMPasswordCmd.class.getName());
private static final String s_name = "getvmpasswordresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
index e6111fb,1a564f6..d1e5c09
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
@@@ -20,9 -20,7 +20,10 @@@ import java.util.ArrayList
import java.util.EnumSet;
import java.util.List;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@@ -45,8 -43,9 +47,9 @@@ import org.apache.cloudstack.api.respon
import com.cloud.exception.InvalidParameterValueException;
-@APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class,
+
- @APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
++@APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class ListVMsCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVMsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
index 9904415,c54d62f..8f04430
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
@@@ -38,7 -34,8 +38,8 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
- @APICommand(name = "rebootVirtualMachine", description = "Reboots a virtual machine.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "rebootVirtualMachine", description = "Reboots a virtual machine.", responseObject = UserVmResponse.class,
++@APICommand(name = "rebootVirtualMachine", description = "Reboots a virtual machine.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class RebootVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RebootVMCmd.class.getName());
private static final String s_name = "rebootvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java
index b81b8a9,c83bcda..75eafa9
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java
@@@ -37,7 -37,8 +37,9 @@@ import com.cloud.network.Network
import com.cloud.user.Account;
import com.cloud.vm.NicSecondaryIp;
- @APICommand(name = "removeIpFromNic", description = "Assigns secondary IP to NIC.", responseObject = SuccessResponse.class)
++
+ @APICommand(name = "removeIpFromNic", description = "Removes secondary IP from the NIC.", responseObject = SuccessResponse.class,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class RemoveIpFromVmNicCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveIpFromVmNicCmd.class.getName());
private static final String s_name = "removeipfromnicresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java
index 904f266,eb4f454..44dfcf6
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java
@@@ -40,7 -36,8 +40,8 @@@ import com.cloud.event.EventTypes
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
- @APICommand(name = "removeNicFromVirtualMachine", description = "Removes VM from specified network by deleting a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "removeNicFromVirtualMachine", description = "Removes VM from specified network by deleting a NIC", responseObject = UserVmResponse.class,
++@APICommand(name = "removeNicFromVirtualMachine", description = "Removes VM from specified network by deleting a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class RemoveNicFromVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveNicFromVMCmd.class);
private static final String s_name = "removenicfromvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
index a6f132a,e8d5f73..2fd508b
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
@@@ -38,9 -34,9 +38,10 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "resetPasswordForVirtualMachine", responseObject = UserVmResponse.class, description = "Resets the password for virtual machine. "
- + "The virtual machine must be in a \"Stopped\" state and the template must already " + "support this feature for this command to take effect. [async]",
+@APICommand(name = "resetPasswordForVirtualMachine", responseObject=UserVmResponse.class, description="Resets the password for virtual machine. " +
+ "The virtual machine must be in a \"Stopped\" state and the template must already " +
- "support this feature for this command to take effect. [async]", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
++ "support this feature for this command to take effect. [async]", responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class ResetVMPasswordCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ResetVMPasswordCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
index bdbd553,318d3c8..288eed7
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
@@@ -41,8 -37,9 +41,9 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "resetSSHKeyForVirtualMachine", responseObject = UserVmResponse.class, description = "Resets the SSH Key for virtual machine. "
- + "The virtual machine must be in a \"Stopped\" state. [async]",
+@APICommand(name = "resetSSHKeyForVirtualMachine", responseObject = UserVmResponse.class, description = "Resets the SSH Key for virtual machine. " +
- "The virtual machine must be in a \"Stopped\" state. [async]", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
++ "The virtual machine must be in a \"Stopped\" state. [async]", responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class ResetVMSSHKeyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ResetVMSSHKeyCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
index 7844028,7c35680..9befc67
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
@@@ -40,7 -36,12 +40,9 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
- @APICommand(name = "restoreVirtualMachine", description = "Restore a VM to original template/ISO or new template/ISO", responseObject = UserVmResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "restoreVirtualMachine",
- description = "Restore a VM to original template/ISO or new template/ISO",
- responseObject = UserVmResponse.class,
- since = "3.0.0",
++@APICommand(name = "restoreVirtualMachine", description = "Restore a VM to original template/ISO or new template/ISO", responseObject = UserVmResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = true)
public class RestoreVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RestoreVMCmd.class);
private static final String s_name = "restorevmresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
index acc4578,fe752cb..cd658cb
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
@@@ -47,8 -43,8 +47,9 @@@ import com.cloud.exception.VirtualMachi
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class,
+
- @APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
++@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ScaleVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ScaleVMCmd.class.getName());
private static final String s_name = "scalevirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
index 8237c0f,a59dc6e..2e4187d
--- a/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
@@@ -44,7 -40,8 +44,8 @@@ import com.cloud.user.Account
import com.cloud.uservm.UserVm;
import com.cloud.utils.exception.ExecutionException;
- @APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.",
++@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class StartVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StartVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
index 6a448ba,b547357..fe94964
--- a/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
@@@ -37,7 -34,8 +37,8 @@@ import com.cloud.exception.ConcurrentOp
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
- @APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.",
++@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class StopVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StopVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java
index 6d32c96,26af16e..c70f7e5
--- a/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java
@@@ -40,8 -36,8 +40,8 @@@ import com.cloud.event.EventTypes
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-
- @APICommand(name = "updateDefaultNicForVirtualMachine", description = "Changes the default NIC on a VM", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "updateDefaultNicForVirtualMachine", description = "Changes the default NIC on a VM", responseObject = UserVmResponse.class,
++@APICommand(name = "updateDefaultNicForVirtualMachine", description = "Changes the default NIC on a VM", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class UpdateDefaultNicForVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateDefaultNicForVMCmd.class);
private static final String s_name = "updatedefaultnicforvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
index 4d74574,eb3b955..fac82aa
--- a/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
@@@ -16,11 -16,7 +16,12 @@@
// under the License.
package org.apache.cloudstack.api.command.user.vm;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@@ -37,10 -33,10 +38,10 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-
-@APICommand(name = "updateVirtualMachine", description = "Updates properties of a virtual machine. The VM has to be stopped and restarted for the "
- + "new properties to take effect. UpdateVirtualMachine does not first check whether the VM is stopped. "
- + "Therefore, stop the VM manually before issuing this call.", responseObject = UserVmResponse.class,
+@APICommand(name = "updateVirtualMachine", description="Updates properties of a virtual machine. The VM has to be stopped and restarted for the " +
+ "new properties to take effect. UpdateVirtualMachine does not first check whether the VM is stopped. " +
- "Therefore, stop the VM manually before issuing this call.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
++ "Therefore, stop the VM manually before issuing this call.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class UpdateVMCmd extends BaseCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVMCmd.class.getName());
private static final String s_name = "updatevirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
index ec06070,46cce80..7282eba
--- a/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
@@@ -43,9 -38,9 +43,10 @@@ import com.cloud.offering.ServiceOfferi
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "changeServiceForVirtualMachine", responseObject = UserVmResponse.class, description = "Changes the service offering for a virtual machine. "
- + "The virtual machine must be in a \"Stopped\" state for " + "this command to take effect.",
+@APICommand(name = "changeServiceForVirtualMachine", responseObject=UserVmResponse.class, description="Changes the service offering for a virtual machine. " +
+ "The virtual machine must be in a \"Stopped\" state for " +
- "this command to take effect.", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
++ "this command to take effect.", responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class UpgradeVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeVMCmd.class.getName());
private static final String s_name = "changeserviceforvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
index a8cca68,4676def..30b3ac8
--- a/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
@@@ -32,7 -31,8 +32,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.vm.InstanceGroup;
- @APICommand(name = "createInstanceGroup", description = "Creates a vm group", responseObject = InstanceGroupResponse.class, entityType = { IAMEntityType.InstanceGroup })
-@APICommand(name = "createInstanceGroup", description = "Creates a vm group", responseObject = InstanceGroupResponse.class,
++@APICommand(name = "createInstanceGroup", description = "Creates a vm group", responseObject = InstanceGroupResponse.class, entityType = {IAMEntityType.InstanceGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateVMGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateVMGroupCmd.class.getName());
@@@ -104,7 -104,7 +105,7 @@@
if (result != null) {
InstanceGroupResponse response = _responseGenerator.createInstanceGroupResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create vm instance group");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java
index 5b4ff8c,f88f45e..0bc5236
--- a/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java
@@@ -33,7 -30,8 +33,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.user.Account;
import com.cloud.vm.InstanceGroup;
- @APICommand(name = "deleteInstanceGroup", description = "Deletes a vm group", responseObject = SuccessResponse.class, entityType = { IAMEntityType.InstanceGroup })
-@APICommand(name = "deleteInstanceGroup", description = "Deletes a vm group", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteInstanceGroup", description = "Deletes a vm group", responseObject = SuccessResponse.class, entityType = {IAMEntityType.InstanceGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteVMGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVMGroupCmd.class.getName());
private static final String s_name = "deleteinstancegroupresponse";
@@@ -78,7 -75,7 +79,7 @@@
boolean result = _userVmService.deleteVmGroup(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete vm group");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java
index 99aeaf8,6d58260..e9844dd
--- a/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java
@@@ -26,7 -25,8 +26,8 @@@ import org.apache.cloudstack.api.Parame
import org.apache.cloudstack.api.response.InstanceGroupResponse;
import org.apache.cloudstack.api.response.ListResponse;
- @APICommand(name = "listInstanceGroups", description = "Lists vm groups", responseObject = InstanceGroupResponse.class, entityType = { IAMEntityType.InstanceGroup })
-@APICommand(name = "listInstanceGroups", description = "Lists vm groups", responseObject = InstanceGroupResponse.class,
++@APICommand(name = "listInstanceGroups", description = "Lists vm groups", responseObject = InstanceGroupResponse.class, entityType = {IAMEntityType.InstanceGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListVMGroupsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVMGroupsCmd.class.getName());
@@@ -67,6 -67,6 +68,6 @@@
public void execute() {
ListResponse<InstanceGroupResponse> response = _queryService.searchForVmGroups(this);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java
index d2f3b46,cc738cd..e06ec52
--- a/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java
@@@ -32,7 -29,8 +32,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.user.Account;
import com.cloud.vm.InstanceGroup;
- @APICommand(name = "updateInstanceGroup", description = "Updates a vm group", responseObject = InstanceGroupResponse.class, entityType = { IAMEntityType.InstanceGroup })
-@APICommand(name = "updateInstanceGroup", description = "Updates a vm group", responseObject = InstanceGroupResponse.class,
++@APICommand(name = "updateInstanceGroup", description = "Updates a vm group", responseObject = InstanceGroupResponse.class, entityType = {IAMEntityType.InstanceGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpdateVMGroupCmd extends BaseCmd {
private static final String s_name = "updateinstancegroupresponse";
@@@ -85,7 -83,7 +86,7 @@@
if (result != null) {
InstanceGroupResponse response = _responseGenerator.createInstanceGroupResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update vm instance group");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
index 8f0a8c8,be78528..fae0e61
--- a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
@@@ -37,7 -34,8 +37,8 @@@ import com.cloud.exception.ResourceAllo
import com.cloud.uservm.UserVm;
import com.cloud.vm.snapshot.VMSnapshot;
- @APICommand(name = "createVMSnapshot", description = "Creates snapshot for a vm.", responseObject = VMSnapshotResponse.class, since = "4.2.0", entityType = { IAMEntityType.VMSnapshot })
-@APICommand(name = "createVMSnapshot", description = "Creates snapshot for a vm.", responseObject = VMSnapshotResponse.class, since = "4.2.0",
++@APICommand(name = "createVMSnapshot", description = "Creates snapshot for a vm.", responseObject = VMSnapshotResponse.class, since = "4.2.0", entityType = {IAMEntityType.VMSnapshot},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateVMSnapshotCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateVMSnapshotCmd.class.getName());
@@@ -91,7 -88,7 +92,7 @@@
public void create() throws ResourceAllocationException {
VMSnapshot vmsnapshot = _vmSnapshotService.allocVMSnapshot(getVmId(), getDisplayName(), getDescription(), snapshotMemory());
if (vmsnapshot != null) {
-- this.setEntityId(vmsnapshot.getId());
++ setEntityId(vmsnapshot.getId());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create vm snapshot");
}
@@@ -114,7 -111,7 +115,7 @@@
if (result != null) {
VMSnapshotResponse response = _responseGenerator.createVMSnapshotResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create vm snapshot due to an internal error creating snapshot for vm " + getVmId());
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
index 063ff77,bee8546..af076cf
--- a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
@@@ -36,7 -33,8 +36,8 @@@ import com.cloud.event.EventTypes
import com.cloud.user.Account;
import com.cloud.vm.snapshot.VMSnapshot;
- @APICommand(name = "deleteVMSnapshot", description = "Deletes a vmsnapshot.", responseObject = SuccessResponse.class, since = "4.2.0", entityType = { IAMEntityType.VMSnapshot })
-@APICommand(name = "deleteVMSnapshot", description = "Deletes a vmsnapshot.", responseObject = SuccessResponse.class, since = "4.2.0",
++@APICommand(name = "deleteVMSnapshot", description = "Deletes a vmsnapshot.", responseObject = SuccessResponse.class, since = "4.2.0", entityType = {IAMEntityType.VMSnapshot},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteVMSnapshotCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVMSnapshotCmd.class.getName());
private static final String s_name = "deletevmsnapshotresponse";
@@@ -73,7 -70,7 +74,7 @@@
boolean result = _vmSnapshotService.deleteVMSnapshot(getId());
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete vm snapshot");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
index 7faed63,adebb6e..3167d09
--- a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
@@@ -31,7 -30,8 +31,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.vm.snapshot.VMSnapshot;
- @APICommand(name = "listVMSnapshot", description = "List virtual machine snapshot by conditions", responseObject = VMSnapshotResponse.class, since = "4.2.0", entityType = { IAMEntityType.VMSnapshot })
-@APICommand(name = "listVMSnapshot", description = "List virtual machine snapshot by conditions", responseObject = VMSnapshotResponse.class, since = "4.2.0",
++@APICommand(name = "listVMSnapshot", description = "List virtual machine snapshot by conditions", responseObject = VMSnapshotResponse.class, since = "4.2.0", entityType = {IAMEntityType.VMSnapshot},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListVMSnapshotCmd extends BaseListTaggedResourcesCmd {
private static final String s_name = "listvmsnapshotresponse";
@@@ -76,7 -76,7 +77,7 @@@
}
response.setResponses(snapshotResponses);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/RevertToVMSnapshotCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vmsnapshot/RevertToVMSnapshotCmd.java
index 84916ce,91661f6..0ca5009
--- a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/RevertToVMSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/RevertToVMSnapshotCmd.java
@@@ -40,7 -37,8 +40,8 @@@ import com.cloud.user.Account
import com.cloud.uservm.UserVm;
import com.cloud.vm.snapshot.VMSnapshot;
- @APICommand(name = "revertToVMSnapshot", description = "Revert VM from a vmsnapshot.", responseObject = UserVmResponse.class, since = "4.2.0", responseView = ResponseView.Restricted)
-@APICommand(name = "revertToVMSnapshot", description = "Revert VM from a vmsnapshot.", responseObject = UserVmResponse.class, since = "4.2.0",
++@APICommand(name = "revertToVMSnapshot", description = "Revert VM from a vmsnapshot.", responseObject = UserVmResponse.class, since = "4.2.0", responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class RevertToVMSnapshotCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RevertToVMSnapshotCmd.class.getName());
private static final String s_name = "reverttovmsnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
index 9fdf2bc,78e1a69..553e2e9
--- a/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
@@@ -36,7 -33,8 +36,8 @@@ import com.cloud.event.EventTypes
import com.cloud.storage.Volume;
import com.cloud.user.Account;
- @APICommand(name = "attachVolume", description = "Attaches a disk volume to a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
-@APICommand(name = "attachVolume", description = "Attaches a disk volume to a virtual machine.", responseObject = VolumeResponse.class,
++@APICommand(name = "attachVolume", description = "Attaches a disk volume to a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.VirtualMachine},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class AttachVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AttachVolumeCmd.class.getName());
private static final String s_name = "attachvolumeresponse";
@@@ -108,8 -108,17 +109,17 @@@
}
@Override
+ public boolean isDisplayResourceEnabled(){
+ Volume volume = _responseGenerator.findVolumeById(getId());
+ if (volume == null) {
+ return true; // bad id given, parent this command to true so ERROR events are tracked
+ }
+ return volume.isDisplayVolume();
+ }
+
+ @Override
public String getEventDescription() {
- return "attaching volume: " + getId() + " to vm: " + getVirtualMachineId();
+ return "attaching volume: " + getId() + " to vm: " + getVirtualMachineId();
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
index 5939ca6,555711b..ad06bc2
--- a/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
@@@ -16,9 -16,7 +16,10 @@@
// under the License.
package org.apache.cloudstack.api.command.user.volume;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@@ -42,7 -40,10 +43,8 @@@ import com.cloud.exception.ResourceAllo
import com.cloud.storage.Snapshot;
import com.cloud.storage.Volume;
- @APICommand(name = "createVolume", responseObject = VolumeResponse.class, description = "Creates a disk volume from a disk offering. This disk volume must still be attached to a virtual machine to make use of it.", responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
-@APICommand(name = "createVolume",
- responseObject = VolumeResponse.class,
- description = "Creates a disk volume from a disk offering. This disk volume must still be attached to a virtual machine to make use of it.",
++@APICommand(name = "createVolume", responseObject = VolumeResponse.class, description = "Creates a disk volume from a disk offering. This disk volume must still be attached to a virtual machine to make use of it.", responseView = ResponseView.Restricted, entityType = {IAMEntityType.Volume},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateVolumeCmd extends BaseAsyncCreateCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(CreateVolumeCmd.class.getName());
private static final String s_name = "createvolumeresponse";
@@@ -191,8 -196,13 +197,13 @@@
}
@Override
+ public boolean isDisplayResourceEnabled(){
+ return getDisplayVolume();
+ }
+
+ @Override
public String getEventDescription() {
- return "creating volume: " + getVolumeName() + ((getSnapshotId() == null) ? "" : " from snapshot: " + getSnapshotId());
+ return "creating volume: " + getVolumeName() + ((getSnapshotId() == null) ? "" : " from snapshot: " + getSnapshotId());
}
@Override
@@@ -210,9 -220,10 +221,10 @@@
@Override
public void execute() {
CallContext.current().setEventDetails("Volume Id: " + getEntityId() + ((getSnapshotId() == null) ? "" : " from snapshot: " + getSnapshotId()));
+ CallContext.current().setEventDisplayEnabled(getDisplayVolume());
Volume volume = _volumeService.createVolume(this);
if (volume != null) {
- VolumeResponse response = _responseGenerator.createVolumeResponse(volume);
+ VolumeResponse response = _responseGenerator.createVolumeResponse(ResponseView.Restricted, volume);
//FIXME - have to be moved to ApiResponseHelper
if (getSnapshotId() != null) {
Snapshot snap = _entityMgr.findById(Snapshot.class, getSnapshotId());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
index bb17bd9,2c66dea..546a9d5
--- a/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
@@@ -34,7 -32,8 +34,8 @@@ import com.cloud.exception.ConcurrentOp
import com.cloud.storage.Volume;
import com.cloud.user.Account;
- @APICommand(name = "deleteVolume", description = "Deletes a detached disk volume.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Volume })
-@APICommand(name = "deleteVolume", description = "Deletes a detached disk volume.", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteVolume", description = "Deletes a detached disk volume.", responseObject = SuccessResponse.class, entityType = {IAMEntityType.Volume},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteVolumeCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVolumeCmd.class.getName());
private static final String s_name = "deletevolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
index c7419fc,2b87ff8..1a874e1
--- a/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
@@@ -37,7 -34,8 +37,8 @@@ import com.cloud.storage.Volume
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
- @APICommand(name = "detachVolume", description = "Detaches a disk volume from a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
-@APICommand(name = "detachVolume", description = "Detaches a disk volume from a virtual machine.", responseObject = VolumeResponse.class,
++@APICommand(name = "detachVolume", description = "Detaches a disk volume from a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.Volume},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DetachVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DetachVolumeCmd.class.getName());
private static final String s_name = "detachvolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
index fef35dc,da466fd..b9883cc
--- a/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
@@@ -39,7 -36,8 +39,8 @@@ import com.cloud.storage.Upload
import com.cloud.storage.Volume;
import com.cloud.user.Account;
- @APICommand(name = "extractVolume", description = "Extracts volume", responseObject = ExtractResponse.class, entityType = { IAMEntityType.Volume })
-@APICommand(name = "extractVolume", description = "Extracts volume", responseObject = ExtractResponse.class,
++@APICommand(name = "extractVolume", description = "Extracts volume", responseObject = ExtractResponse.class, entityType = {IAMEntityType.Volume},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ExtractVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ExtractVolumeCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java
index 24425cb,04c68fe..b4ac4ae
--- a/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java
@@@ -15,16 -15,14 +15,18 @@@
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.user.volume;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
+ import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.HostResponse;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.PodResponse;
@@@ -32,11 -30,10 +34,9 @@@ import org.apache.cloudstack.api.respon
import org.apache.cloudstack.api.response.UserVmResponse;
import org.apache.cloudstack.api.response.VolumeResponse;
import org.apache.cloudstack.api.response.ZoneResponse;
-import org.apache.log4j.Logger;
-
-
-
- @APICommand(name = "listVolumes", description = "Lists all volumes.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
-@APICommand(name = "listVolumes", description = "Lists all volumes.", responseObject = VolumeResponse.class,
++@APICommand(name = "listVolumes", description = "Lists all volumes.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListVolumesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVolumesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
index bbd754a,47bf26f..820d73d
--- a/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
@@@ -31,8 -29,8 +31,8 @@@ import com.cloud.event.EventTypes
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-
- @APICommand(name = "migrateVolume", description = "Migrate volume", responseObject = VolumeResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
-@APICommand(name = "migrateVolume", description = "Migrate volume", responseObject = VolumeResponse.class, since = "3.0.0",
++@APICommand(name = "migrateVolume", description = "Migrate volume", responseObject = VolumeResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = {IAMEntityType.Volume},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class MigrateVolumeCmd extends BaseAsyncCmd {
private static final String s_name = "migratevolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
index 0e7d27d,a95c95b..2f34c75
--- a/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
@@@ -15,10 -15,7 +15,11 @@@
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.user.volume;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@@ -30,6 -26,8 +31,7 @@@ import org.apache.cloudstack.api.Server
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.VolumeResponse;
import org.apache.cloudstack.context.CallContext;
-import org.apache.log4j.Logger;
+
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.PermissionDeniedException;
@@@ -38,8 -36,8 +40,9 @@@ import com.cloud.projects.Project
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "resizeVolume", description = "Resizes a volume", responseObject = VolumeResponse.class,
+
- @APICommand(name = "resizeVolume", description = "Resizes a volume", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
++@APICommand(name = "resizeVolume", description = "Resizes a volume", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.Volume},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ResizeVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ResizeVolumeCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
index d5b23ab,2d2b215..d9fa82e
--- a/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
@@@ -16,11 -16,7 +16,12 @@@
// under the License.
package org.apache.cloudstack.api.command.user.volume;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@@ -37,7 -33,8 +38,8 @@@ import com.cloud.event.EventTypes
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.storage.Volume;
- @APICommand(name = "updateVolume", description = "Updates the volume.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
-@APICommand(name = "updateVolume", description = "Updates the volume.", responseObject = VolumeResponse.class,
++@APICommand(name = "updateVolume", description = "Updates the volume.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpdateVolumeCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVolumeCmd.class.getName());
private static final String s_name = "updatevolumeresponse";
@@@ -145,9 -147,10 +153,10 @@@
@Override
public void execute() {
CallContext.current().setEventDetails("Volume Id: " + getId());
- Volume result = _volumeService.updateVolume(getId(), getPath(), getState(), getStorageId(), getDisplayVolume(), getCustomId(), getEntityOwnerId());
+ Volume result = _volumeService.updateVolume(getId(), getPath(), getState(), getStorageId(), getDisplayVolume(),
+ getCustomId(), getEntityOwnerId(), getChainInfo());
if (result != null) {
- VolumeResponse response = _responseGenerator.createVolumeResponse(result);
+ VolumeResponse response = _responseGenerator.createVolumeResponse(ResponseView.Restricted, result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
index 608bde5,2d97ec9..949e6df
--- a/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
@@@ -40,7 -38,8 +40,8 @@@ import com.cloud.exception.ResourceAllo
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.storage.Volume;
- @APICommand(name = "uploadVolume", description = "Uploads a data disk.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
-@APICommand(name = "uploadVolume", description = "Uploads a data disk.", responseObject = VolumeResponse.class,
++@APICommand(name = "uploadVolume", description = "Uploads a data disk.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.Volume},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UploadVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UploadVolumeCmd.class.getName());
private static final String s_name = "uploadvolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java
index 0bbe8cb,7df5e37..f2c9e2c
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java
@@@ -40,7 -39,8 +40,8 @@@ import com.cloud.network.vpc.StaticRout
import com.cloud.network.vpc.Vpc;
import com.cloud.network.vpc.VpcGateway;
- @APICommand(name = "createStaticRoute", description = "Creates a static route", responseObject = StaticRouteResponse.class, entityType = { IAMEntityType.StaticRoute })
-@APICommand(name = "createStaticRoute", description = "Creates a static route", responseObject = StaticRouteResponse.class,
++@APICommand(name = "createStaticRoute", description = "Creates a static route", responseObject = StaticRouteResponse.class, entityType = {IAMEntityType.StaticRoute},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateStaticRouteCmd extends BaseAsyncCreateCmd {
private static final String s_name = "createstaticrouteresponse";
public static final Logger s_logger = Logger.getLogger(CreateStaticRouteCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
index 42eeb62,62fa29f..5cd1f6e
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
@@@ -16,9 -16,7 +16,10 @@@
// under the License.
package org.apache.cloudstack.api.command.user.vpc;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@@ -40,8 -38,9 +41,9 @@@ import com.cloud.exception.ResourceAllo
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.Vpc;
- @APICommand(name = "createVPC", description = "Creates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Vpc })
- public class CreateVPCCmd extends BaseAsyncCreateCmd{
-@APICommand(name = "createVPC", description = "Creates a VPC", responseObject = VpcResponse.class,
++@APICommand(name = "createVPC", description = "Creates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.Vpc},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+ public class CreateVPCCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateVPCCmd.class.getName());
private static final String s_name = "createvpcresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java
index b59ba93,dfa4910..0017753
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java
@@@ -38,7 -35,8 +38,8 @@@ import com.cloud.exception.InvalidParam
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.StaticRoute;
- @APICommand(name = "deleteStaticRoute", description = "Deletes a static route", responseObject = SuccessResponse.class, entityType = { IAMEntityType.StaticRoute })
-@APICommand(name = "deleteStaticRoute", description = "Deletes a static route", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteStaticRoute", description = "Deletes a static route", responseObject = SuccessResponse.class, entityType = {IAMEntityType.StaticRoute},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteStaticRouteCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteStaticRouteCmd.class.getName());
private static final String s_name = "deletestaticrouteresponse";
@@@ -100,7 -98,7 +101,7 @@@
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete static route");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java
index ab4a447,94ad9e4..5928aab
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java
@@@ -36,7 -33,8 +36,8 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
- @APICommand(name = "deleteVPC", description = "Deletes a VPC", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Vpc })
-@APICommand(name = "deleteVPC", description = "Deletes a VPC", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteVPC", description = "Deletes a VPC", responseObject = SuccessResponse.class, entityType = {IAMEntityType.Vpc},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteVPCCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVPCCmd.class.getName());
private static final String s_name = "deletevpcresponse";
@@@ -76,7 -74,7 +77,7 @@@
boolean result = _vpcService.deleteVpc(getId());
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete VPC");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java
index 03f51f5,ff2d0bc..160355a
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java
@@@ -33,7 -32,8 +33,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.utils.Pair;
- @APICommand(name = "listPrivateGateways", description = "List private gateways", responseObject = PrivateGatewayResponse.class, entityType = { IAMEntityType.VpcGateway })
-@APICommand(name = "listPrivateGateways", description = "List private gateways", responseObject = PrivateGatewayResponse.class,
++@APICommand(name = "listPrivateGateways", description = "List private gateways", responseObject = PrivateGatewayResponse.class, entityType = {IAMEntityType.VpcGateway},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListPrivateGatewaysCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListPrivateGatewaysCmd.class.getName());
@@@ -101,6 -101,6 +102,6 @@@
response.setResponses(projectResponses, gateways.second());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java
index 215ae9f,83865ca..b2cdf87
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java
@@@ -32,7 -31,8 +32,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.vpc.StaticRoute;
import com.cloud.utils.Pair;
- @APICommand(name = "listStaticRoutes", description = "Lists all static routes", responseObject = StaticRouteResponse.class, entityType = { IAMEntityType.StaticRoute })
-@APICommand(name = "listStaticRoutes", description = "Lists all static routes", responseObject = StaticRouteResponse.class,
++@APICommand(name = "listStaticRoutes", description = "Lists all static routes", responseObject = StaticRouteResponse.class, entityType = {IAMEntityType.StaticRoute},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListStaticRoutesCmd extends BaseListTaggedResourcesCmd {
private static final String s_name = "liststaticroutesresponse";
@@@ -80,7 -80,7 +81,7 @@@
}
response.setResponses(routeResponses, result.second());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
index bbd07d6,69a8693..fa60f6f
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
@@@ -19,9 -19,7 +19,10 @@@ package org.apache.cloudstack.api.comma
import java.util.ArrayList;
import java.util.List;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@@ -34,9 -31,10 +35,10 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.vpc.Vpc;
-@APICommand(name = "listVPCs", description = "Lists VPCs", responseObject = VpcResponse.class,
+
- @APICommand(name = "listVPCs", description = "Lists VPCs", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Vpc })
- public class ListVPCsCmd extends BaseListTaggedResourcesCmd{
++@APICommand(name = "listVPCs", description = "Lists VPCs", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Vpc },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+ public class ListVPCsCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVPCsCmd.class.getName());
private static final String s_name = "listvpcsresponse";
@@@ -117,10 -126,10 +130,10 @@@
@Override
public void execute() {
- List<? extends Vpc> vpcs = _vpcService.listVpcs(getId(), getVpcName(), getDisplayText(),
- getSupportedServices(), getCidr(), getVpcOffId(), getState(), getAccountName(), getDomainId(),
- getKeyword(), getStartIndex(), getPageSizeVal(), getZoneId(), isRecursive(),
- listAll(), getRestartRequired(), getTags(), getProjectId());
+ List<? extends Vpc> vpcs =
+ _vpcService.listVpcs(getId(), getVpcName(), getDisplayText(), getSupportedServices(), getCidr(), getVpcOffId(), getState(), getAccountName(), getDomainId(),
- this.getKeyword(), this.getStartIndex(), this.getPageSizeVal(), getZoneId(), this.isRecursive(), this.listAll(), getRestartRequired(), getTags(),
++ getKeyword(), getStartIndex(), getPageSizeVal(), getZoneId(), isRecursive(), listAll(), getRestartRequired(), getTags(),
+ getProjectId(), getDisplay());
ListResponse<VpcResponse> response = new ListResponse<VpcResponse>();
List<VpcResponse> offeringResponses = new ArrayList<VpcResponse>();
for (Vpc vpc : vpcs) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java
index cb395ee,f68760b..d1d805a
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java
@@@ -37,7 -34,8 +37,8 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
- @APICommand(name = "restartVPC", description = "Restarts a VPC", responseObject = VpcResponse.class, entityType = { IAMEntityType.Vpc })
-@APICommand(name = "restartVPC", description = "Restarts a VPC", responseObject = VpcResponse.class,
++@APICommand(name = "restartVPC", description = "Restarts a VPC", responseObject = VpcResponse.class, entityType = {IAMEntityType.Vpc},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class RestartVPCCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RestartVPCCmd.class.getName());
private static final String Name = "restartvpcresponse";
@@@ -81,7 -79,7 +82,7 @@@
boolean result = _vpcService.restartVpc(getId());
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to restart VPC");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
index a081b9f,f0b9814..7624423
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
@@@ -16,11 -16,7 +16,12 @@@
// under the License.
package org.apache.cloudstack.api.command.user.vpc;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@@ -35,7 -31,8 +36,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
- @APICommand(name = "updateVPC", description = "Updates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Vpc })
-@APICommand(name = "updateVPC", description = "Updates a VPC", responseObject = VpcResponse.class,
++@APICommand(name = "updateVPC", description = "Updates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Vpc },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpdateVPCCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVPCCmd.class.getName());
private static final String Name = "updatevpcresponse";
@@@ -89,11 -93,11 +98,11 @@@
@Override
public void execute() {
- Vpc result = _vpcService.updateVpc(getId(), getVpcName(), getDisplayText(), getCustomId());
- Vpc result = _vpcService.updateVpc(getId(), getVpcName(), getDisplayText(), this.getCustomId(), getDisplayVpc());
++ Vpc result = _vpcService.updateVpc(getId(), getVpcName(), getDisplayText(), getCustomId(), getDisplayVpc());
if (result != null) {
- VpcResponse response = _responseGenerator.createVpcResponse(result);
+ VpcResponse response = _responseGenerator.createVpcResponse(ResponseView.Restricted, result);
response.setResponseName(getCommandName());
- this.setResponseObject(response);
+ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update VPC");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
index 48ee1fd,45d8703..d057629
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
@@@ -35,7 -34,8 +35,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.VpnUser;
import com.cloud.user.Account;
- @APICommand(name = "addVpnUser", description = "Adds vpn users", responseObject = VpnUsersResponse.class, entityType = { IAMEntityType.VpnUser })
-@APICommand(name = "addVpnUser", description = "Adds vpn users", responseObject = VpnUsersResponse.class,
++@APICommand(name = "addVpnUser", description = "Adds vpn users", responseObject = VpnUsersResponse.class, entityType = {IAMEntityType.VpnUser},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class AddVpnUserCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(AddVpnUserCmd.class.getName());
@@@ -136,7 -136,7 +137,7 @@@
vpnResponse.setResponseName(getCommandName());
vpnResponse.setObjectName("vpnuser");
-- this.setResponseObject(vpnResponse);
++ setResponseObject(vpnResponse);
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java
index b350f3b,7f56353..4df2134
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java
@@@ -16,9 -16,7 +16,10 @@@
// under the License.
package org.apache.cloudstack.api.command.user.vpn;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@@ -37,7 -36,8 +38,8 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.network.IpAddress;
import com.cloud.network.RemoteAccessVpn;
- @APICommand(name = "createRemoteAccessVpn", description = "Creates a l2tp/ipsec remote access vpn", responseObject = RemoteAccessVpnResponse.class, entityType = { IAMEntityType.RemoteAccessVpn })
-@APICommand(name = "createRemoteAccessVpn", description = "Creates a l2tp/ipsec remote access vpn", responseObject = RemoteAccessVpnResponse.class,
++@APICommand(name = "createRemoteAccessVpn", description = "Creates a l2tp/ipsec remote access vpn", responseObject = RemoteAccessVpnResponse.class, entityType = { IAMEntityType.RemoteAccessVpn },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateRemoteAccessVpnCmd.class.getName());
@@@ -140,13 -144,13 +146,13 @@@
@Override
public void create() {
try {
- RemoteAccessVpn vpn = _ravService.createRemoteAccessVpn(publicIpId, ipRange, getOpenFirewall());
+ RemoteAccessVpn vpn = _ravService.createRemoteAccessVpn(publicIpId, ipRange, getOpenFirewall(), getDisplay());
if (vpn != null) {
-- this.setEntityId(vpn.getServerAddressId());
++ setEntityId(vpn.getServerAddressId());
// find uuid for server ip address
IpAddress ipAddr = _entityMgr.findById(IpAddress.class, vpn.getServerAddressId());
if (ipAddr != null) {
-- this.setEntityUuid(ipAddr.getUuid());
++ setEntityUuid(ipAddr.getUuid());
}
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create remote access vpn");
@@@ -165,7 -169,7 +171,7 @@@
if (result != null) {
RemoteAccessVpnResponse response = _responseGenerator.createRemoteAccessVpnResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create remote access vpn");
}
[12/50] [abbrv] iam/plugin: Rename Acl to IAM everywhere
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicyPermission.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicyPermission.java b/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicyPermission.java
deleted file mode 100644
index f0352bc..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicyPermission.java
+++ /dev/null
@@ -1,53 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.api;
-
-
-public interface AclPolicyPermission {
-
- String getAction();
-
- long getAclPolicyId();
-
- String getEntityType();
-
- String getAccessType();
-
- String getScope();
-
- Long getScopeId();
-
- Permission getPermission();
-
- public enum Permission {
- Allow(true), Deny(false);
-
- boolean result;
-
- Permission(boolean result) {
- this.result = result;
- }
-
- public boolean isGranted() {
- return result;
- }
- }
-
- long getId();
-
- public static final long PERMISSION_SCOPE_ID_CURRENT_CALLER = -1;
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/IAMGroup.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMGroup.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMGroup.java
new file mode 100644
index 0000000..868d0a0
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMGroup.java
@@ -0,0 +1,37 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.api;
+
+import org.apache.cloudstack.api.Identity;
+import org.apache.cloudstack.api.InternalIdentity;
+
+public interface IAMGroup extends InternalIdentity, Identity {
+
+ String getName();
+
+ String getDescription();
+
+ @Override
+ long getId();
+
+ @Override
+ String getUuid();
+
+ String getPath();
+
+ long getAccountId();
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicy.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicy.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicy.java
new file mode 100644
index 0000000..e6daeb1
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicy.java
@@ -0,0 +1,41 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.api;
+
+import org.apache.cloudstack.api.Identity;
+import org.apache.cloudstack.api.InternalIdentity;
+
+public interface IAMPolicy extends InternalIdentity, Identity {
+
+ String getName();
+
+ String getDescription();
+
+ public enum PolicyType {
+ Static, Dynamic
+ }
+
+ @Override
+ long getId();
+
+ @Override
+ String getUuid();
+
+ String getPath();
+
+ long getAccountId();
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicyPermission.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicyPermission.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicyPermission.java
new file mode 100644
index 0000000..b91086f
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMPolicyPermission.java
@@ -0,0 +1,53 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.api;
+
+
+public interface IAMPolicyPermission {
+
+ String getAction();
+
+ long getAclPolicyId();
+
+ String getEntityType();
+
+ String getAccessType();
+
+ String getScope();
+
+ Long getScopeId();
+
+ Permission getPermission();
+
+ public enum Permission {
+ Allow(true), Deny(false);
+
+ boolean result;
+
+ Permission(boolean result) {
+ this.result = result;
+ }
+
+ public boolean isGranted() {
+ return result;
+ }
+ }
+
+ long getId();
+
+ public static final long PERMISSION_SCOPE_ID_CURRENT_CALLER = -1;
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
index 3957b62..6eb61fa 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
@@ -18,75 +18,75 @@ package org.apache.cloudstack.iam.api;
import java.util.List;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import com.cloud.utils.Pair;
public interface IAMService {
/* ACL group related interfaces */
- AclGroup createAclGroup(String aclGroupName, String description, String path);
+ IAMGroup createAclGroup(String aclGroupName, String description, String path);
boolean deleteAclGroup(Long aclGroupId);
- List<AclGroup> listAclGroups(long accountId);
+ List<IAMGroup> listAclGroups(long accountId);
- AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
+ IAMGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
- AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
+ IAMGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
List<Long> listAccountsByGroup(long groupId);
- Pair<List<AclGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
+ Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
/* ACL Policy related interfaces */
- AclPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path);
+ IAMPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path);
boolean deleteAclPolicy(long aclPolicyId);
- List<AclPolicy> listAclPolicies(long accountId);
+ List<IAMPolicy> listAclPolicies(long accountId);
- List<AclPolicy> listAclPoliciesByGroup(long groupId);
+ List<IAMPolicy> listAclPoliciesByGroup(long groupId);
- Pair<List<AclPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize);
+ Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize);
- AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
+ IAMGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
- AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
+ IAMGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
void attachAclPolicyToAccounts(Long policyId, List<Long> acctIds);
void removeAclPolicyFromAccounts(Long policyId, List<Long> acctIds);
- AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action, String accessType, Permission perm, Boolean recursive);
- AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action);
void removeAclPermissionForEntity(final String entityType, final Long entityId);
- AclPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action);
+ IAMPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action);
- AclPolicy getResourceOwnerPolicy();
+ IAMPolicy getResourceOwnerPolicy();
- List<AclPolicyPermission> listPolicyPermissions(long policyId);
+ List<IAMPolicyPermission> listPolicyPermissions(long policyId);
- List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope);
+ List<IAMPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope);
- List<AclPolicyPermission> listPolicyPermissionByActionAndEntity(long policyId, String action, String entityType);
+ List<IAMPolicyPermission> listPolicyPermissionByActionAndEntity(long policyId, String action, String entityType);
- boolean isActionAllowedForPolicies(String action, List<AclPolicy> policies);
+ boolean isActionAllowedForPolicies(String action, List<IAMPolicy> policies);
List<Long> getGrantedEntities(long accountId, String action, String scope);
- AclPolicy resetAclPolicy(long aclPolicyId);
+ IAMPolicy resetAclPolicy(long aclPolicyId);
- List<AclPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
+ List<IAMPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
String entityType);
- List<AclGroup> listParentAclGroups(long groupId);
+ List<IAMGroup> listParentAclGroups(long groupId);
- List<AclPolicy> listRecursiveAclPoliciesByGroup(long groupId);
+ List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/AclAccountPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclAccountPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclAccountPolicyMapVO.java
deleted file mode 100644
index b491e6e..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclAccountPolicyMapVO.java
+++ /dev/null
@@ -1,77 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_account_policy_map"))
-public class AclAccountPolicyMapVO {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private Long id;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = "policy_id")
- private long aclPolicyId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclAccountPolicyMapVO() {
- }
-
- public AclAccountPolicyMapVO(long accountId, long aclPolicyId) {
- this.accountId = accountId;
- this.aclPolicyId = aclPolicyId;
- }
-
- public long getId() {
- return id;
- }
-
- public long getAccountId() {
- return accountId;
- }
-
- public long getAclPolicyId() {
- return aclPolicyId;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupAccountMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupAccountMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupAccountMapVO.java
deleted file mode 100644
index d39317a..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupAccountMapVO.java
+++ /dev/null
@@ -1,78 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_group_account_map"))
-public class AclGroupAccountMapVO {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private Long id;
-
- @Column(name = "group_id")
- private long aclGroupId;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclGroupAccountMapVO() {
- }
-
- public AclGroupAccountMapVO(long aclGroupId, long accountId) {
- this.aclGroupId = aclGroupId;
- this.accountId = accountId;
- }
-
- public long getId() {
- return id;
- }
-
- public long getAclGroupId() {
- return aclGroupId;
- }
-
-
- public long getAccountId() {
- return accountId;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupPolicyMapVO.java
deleted file mode 100644
index 0dfef09..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupPolicyMapVO.java
+++ /dev/null
@@ -1,79 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_group_policy_map"))
-public class AclGroupPolicyMapVO {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private Long id;
-
- @Column(name = "group_id")
- private long aclGroupId;
-
- @Column(name = "policy_id")
- private long aclPolicyId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclGroupPolicyMapVO() {
- }
-
- public AclGroupPolicyMapVO(long aclGroupId, long aclPolicyId) {
- this.aclGroupId = aclGroupId;
- this.aclPolicyId = aclPolicyId;
- }
-
- public long getId() {
- return id;
- }
-
- public long getAclGroupId() {
- return aclGroupId;
- }
-
-
- public long getAclPolicyId() {
- return aclPolicyId;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java
deleted file mode 100644
index bdb85e8..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java
+++ /dev/null
@@ -1,122 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server;
-
-import java.util.Date;
-import java.util.UUID;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_group"))
-public class AclGroupVO implements AclGroup {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "name")
- private String name;
-
- @Column(name = "description")
- private String description;
-
- @Column(name = "uuid")
- private String uuid;
-
- @Column(name = "path")
- private String path;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclGroupVO() {
- uuid = UUID.randomUUID().toString();
- }
-
- public AclGroupVO(String name, String description) {
- this.name = name;
- this.description = description;
- uuid = UUID.randomUUID().toString();
- path = "/";
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public String getDescription() {
- return description;
- }
-
- @Override
- public String getPath() {
- return path;
- }
-
- public void setPath(String path) {
- this.path = path;
- }
-
- @Override
- public long getAccountId() {
- return accountId;
- }
-
- public void setAccountId(long acctId) {
- accountId = acctId;
- }
-
- @Override
- public String getUuid() {
- return uuid;
- }
-
- public void setUuid(String uuid) {
- this.uuid = uuid;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java
deleted file mode 100644
index 5d2a36b9..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java
+++ /dev/null
@@ -1,181 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.EnumType;
-import javax.persistence.Enumerated;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_policy_permission"))
-public class AclPolicyPermissionVO implements AclPolicyPermission {
-
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "policy_id")
- private long aclPolicyId;
-
- @Column(name = "action")
- private String action;
-
- @Column(name = "resource_type")
- private String entityType;
-
- @Column(name = "access_type")
- private String accessType;
-
- @Column(name = "scope")
- private String scope;
-
- @Column(name = "scope_id")
- private Long scopeId;
-
- @Column(name = "permission")
- @Enumerated(value = EnumType.STRING)
- private Permission permission;
-
- @Column(name = "recursive")
- private Boolean recursive;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclPolicyPermissionVO() {
-
- }
-
- public AclPolicyPermissionVO(long aclPolicyId, String action, String entityType, String accessType, String scope,
- Long scopeId, Permission permission, Boolean recursive) {
- this.aclPolicyId = aclPolicyId;
- this.action = action;
- this.entityType = entityType;
- this.accessType = accessType;
- this.scope = scope;
- this.scopeId = scopeId;
- this.permission = permission;
- this.recursive = recursive;
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- @Override
- public long getAclPolicyId() {
- return aclPolicyId;
- }
-
-
- public void setAclPolicyId(long aclPolicyId) {
- this.aclPolicyId = aclPolicyId;
- }
-
- @Override
- public String getEntityType() {
- return entityType;
- }
-
- @Override
- public String getAccessType() {
- return accessType;
- }
-
-
- public void setEntityType(String entityType) {
- this.entityType = entityType;
- }
-
- public void setAccessType(String accessType) {
- this.accessType = accessType;
- }
-
- @Override
- public String getScope() {
- return scope;
- }
-
- public void setScope(String scope) {
- this.scope = scope;
- }
-
-
- @Override
- public String getAction() {
- return action;
- }
-
- @Override
- public Long getScopeId() {
- // TODO
- // handle special -1 scopeId, current caller domain, account
- /*
- * if ( scopeId < 0 ){ Account caller =
- * CallContext.current().getCallingAccount(); if ( scope ==
- * PermissionScope.DOMAIN){ return caller.getDomainId(); } else if
- * (scope == PermissionScope.ACCOUNT) { return caller.getAccountId(); }
- * }
- */
- return scopeId;
- }
-
- @Override
- public Permission getPermission() {
- return permission;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public void setScopeId(Long scopeId) {
- this.scopeId = scopeId;
- }
-
- public void setPermission(Permission permission) {
- this.permission = permission;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-
- public Boolean isRecursive() {
- return recursive;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java
deleted file mode 100644
index 16fbf80..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java
+++ /dev/null
@@ -1,138 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server;
-
-import java.util.Date;
-import java.util.UUID;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.EnumType;
-import javax.persistence.Enumerated;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_policy"))
-public class AclPolicyVO implements AclPolicy {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "name")
- private String name;
-
- @Column(name = "description")
- private String description;
-
- @Column(name = "uuid")
- private String uuid;
-
- @Column(name = "path")
- private String path;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- @Column(name = "policy_type")
- @Enumerated(value = EnumType.STRING)
- private AclPolicy.PolicyType policyType;
-
- public AclPolicyVO() {
- uuid = UUID.randomUUID().toString();
- }
-
- public AclPolicyVO(String name, String description) {
- this.name = name;
- this.description = description;
- uuid = UUID.randomUUID().toString();
- policyType = AclPolicy.PolicyType.Static;
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public String getDescription() {
- return description;
- }
-
-
- @Override
- public String getUuid() {
- return uuid;
- }
-
- public void setUuid(String uuid) {
- this.uuid = uuid;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-
- @Override
- public String getPath() {
- return path;
- }
-
- public void setPath(String path) {
- this.path = path;
- }
-
- @Override
- public long getAccountId() {
- return accountId;
- }
-
- public void setAccountId(long accountId) {
- this.accountId = accountId;
- }
-
- public AclPolicy.PolicyType getPolicyType() {
- return policyType;
- }
-
- public void setPolicyType(AclPolicy.PolicyType policyType) {
- this.policyType = policyType;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
new file mode 100644
index 0000000..8f3ac7d
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
@@ -0,0 +1,77 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server;
+
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import com.cloud.utils.db.GenericDao;
+
+@Entity
+@Table(name = ("iam_account_policy_map"))
+public class IAMAccountPolicyMapVO {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private Long id;
+
+ @Column(name = "account_id")
+ private long accountId;
+
+ @Column(name = "policy_id")
+ private long aclPolicyId;
+
+ @Column(name = GenericDao.REMOVED_COLUMN)
+ private Date removed;
+
+ @Column(name = GenericDao.CREATED_COLUMN)
+ private Date created;
+
+ public IAMAccountPolicyMapVO() {
+ }
+
+ public IAMAccountPolicyMapVO(long accountId, long aclPolicyId) {
+ this.accountId = accountId;
+ this.aclPolicyId = aclPolicyId;
+ }
+
+ public long getId() {
+ return id;
+ }
+
+ public long getAccountId() {
+ return accountId;
+ }
+
+ public long getAclPolicyId() {
+ return aclPolicyId;
+ }
+
+ public Date getRemoved() {
+ return removed;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupAccountMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupAccountMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupAccountMapVO.java
new file mode 100644
index 0000000..dac7d35
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupAccountMapVO.java
@@ -0,0 +1,78 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server;
+
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import com.cloud.utils.db.GenericDao;
+
+@Entity
+@Table(name = ("iam_group_account_map"))
+public class IAMGroupAccountMapVO {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private Long id;
+
+ @Column(name = "group_id")
+ private long aclGroupId;
+
+ @Column(name = "account_id")
+ private long accountId;
+
+ @Column(name = GenericDao.REMOVED_COLUMN)
+ private Date removed;
+
+ @Column(name = GenericDao.CREATED_COLUMN)
+ private Date created;
+
+ public IAMGroupAccountMapVO() {
+ }
+
+ public IAMGroupAccountMapVO(long aclGroupId, long accountId) {
+ this.aclGroupId = aclGroupId;
+ this.accountId = accountId;
+ }
+
+ public long getId() {
+ return id;
+ }
+
+ public long getAclGroupId() {
+ return aclGroupId;
+ }
+
+
+ public long getAccountId() {
+ return accountId;
+ }
+
+ public Date getRemoved() {
+ return removed;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupPolicyMapVO.java
new file mode 100644
index 0000000..946d1f7
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupPolicyMapVO.java
@@ -0,0 +1,79 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server;
+
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+
+import com.cloud.utils.db.GenericDao;
+
+@Entity
+@Table(name = ("iam_group_policy_map"))
+public class IAMGroupPolicyMapVO {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private Long id;
+
+ @Column(name = "group_id")
+ private long aclGroupId;
+
+ @Column(name = "policy_id")
+ private long aclPolicyId;
+
+ @Column(name = GenericDao.REMOVED_COLUMN)
+ private Date removed;
+
+ @Column(name = GenericDao.CREATED_COLUMN)
+ private Date created;
+
+ public IAMGroupPolicyMapVO() {
+ }
+
+ public IAMGroupPolicyMapVO(long aclGroupId, long aclPolicyId) {
+ this.aclGroupId = aclGroupId;
+ this.aclPolicyId = aclPolicyId;
+ }
+
+ public long getId() {
+ return id;
+ }
+
+ public long getAclGroupId() {
+ return aclGroupId;
+ }
+
+
+ public long getAclPolicyId() {
+ return aclPolicyId;
+ }
+
+ public Date getRemoved() {
+ return removed;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupVO.java
new file mode 100644
index 0000000..80edb89
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMGroupVO.java
@@ -0,0 +1,122 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server;
+
+import java.util.Date;
+import java.util.UUID;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.utils.db.GenericDao;
+
+@Entity
+@Table(name = ("iam_group"))
+public class IAMGroupVO implements IAMGroup {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private long id;
+
+ @Column(name = "name")
+ private String name;
+
+ @Column(name = "description")
+ private String description;
+
+ @Column(name = "uuid")
+ private String uuid;
+
+ @Column(name = "path")
+ private String path;
+
+ @Column(name = "account_id")
+ private long accountId;
+
+ @Column(name = GenericDao.REMOVED_COLUMN)
+ private Date removed;
+
+ @Column(name = GenericDao.CREATED_COLUMN)
+ private Date created;
+
+ public IAMGroupVO() {
+ uuid = UUID.randomUUID().toString();
+ }
+
+ public IAMGroupVO(String name, String description) {
+ this.name = name;
+ this.description = description;
+ uuid = UUID.randomUUID().toString();
+ path = "/";
+ }
+
+ @Override
+ public long getId() {
+ return id;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public String getDescription() {
+ return description;
+ }
+
+ @Override
+ public String getPath() {
+ return path;
+ }
+
+ public void setPath(String path) {
+ this.path = path;
+ }
+
+ @Override
+ public long getAccountId() {
+ return accountId;
+ }
+
+ public void setAccountId(long acctId) {
+ accountId = acctId;
+ }
+
+ @Override
+ public String getUuid() {
+ return uuid;
+ }
+
+ public void setUuid(String uuid) {
+ this.uuid = uuid;
+ }
+
+ public Date getRemoved() {
+ return removed;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyPermissionVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyPermissionVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyPermissionVO.java
new file mode 100644
index 0000000..13d6b81
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyPermissionVO.java
@@ -0,0 +1,181 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server;
+
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import com.cloud.utils.db.GenericDao;
+
+@Entity
+@Table(name = ("iam_policy_permission"))
+public class IAMPolicyPermissionVO implements IAMPolicyPermission {
+
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private long id;
+
+ @Column(name = "policy_id")
+ private long aclPolicyId;
+
+ @Column(name = "action")
+ private String action;
+
+ @Column(name = "resource_type")
+ private String entityType;
+
+ @Column(name = "access_type")
+ private String accessType;
+
+ @Column(name = "scope")
+ private String scope;
+
+ @Column(name = "scope_id")
+ private Long scopeId;
+
+ @Column(name = "permission")
+ @Enumerated(value = EnumType.STRING)
+ private Permission permission;
+
+ @Column(name = "recursive")
+ private Boolean recursive;
+
+ @Column(name = GenericDao.REMOVED_COLUMN)
+ private Date removed;
+
+ @Column(name = GenericDao.CREATED_COLUMN)
+ private Date created;
+
+ public IAMPolicyPermissionVO() {
+
+ }
+
+ public IAMPolicyPermissionVO(long aclPolicyId, String action, String entityType, String accessType, String scope,
+ Long scopeId, Permission permission, Boolean recursive) {
+ this.aclPolicyId = aclPolicyId;
+ this.action = action;
+ this.entityType = entityType;
+ this.accessType = accessType;
+ this.scope = scope;
+ this.scopeId = scopeId;
+ this.permission = permission;
+ this.recursive = recursive;
+ }
+
+ @Override
+ public long getId() {
+ return id;
+ }
+
+ @Override
+ public long getAclPolicyId() {
+ return aclPolicyId;
+ }
+
+
+ public void setAclPolicyId(long aclPolicyId) {
+ this.aclPolicyId = aclPolicyId;
+ }
+
+ @Override
+ public String getEntityType() {
+ return entityType;
+ }
+
+ @Override
+ public String getAccessType() {
+ return accessType;
+ }
+
+
+ public void setEntityType(String entityType) {
+ this.entityType = entityType;
+ }
+
+ public void setAccessType(String accessType) {
+ this.accessType = accessType;
+ }
+
+ @Override
+ public String getScope() {
+ return scope;
+ }
+
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
+
+
+ @Override
+ public String getAction() {
+ return action;
+ }
+
+ @Override
+ public Long getScopeId() {
+ // TODO
+ // handle special -1 scopeId, current caller domain, account
+ /*
+ * if ( scopeId < 0 ){ Account caller =
+ * CallContext.current().getCallingAccount(); if ( scope ==
+ * PermissionScope.DOMAIN){ return caller.getDomainId(); } else if
+ * (scope == PermissionScope.ACCOUNT) { return caller.getAccountId(); }
+ * }
+ */
+ return scopeId;
+ }
+
+ @Override
+ public Permission getPermission() {
+ return permission;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public void setScopeId(Long scopeId) {
+ this.scopeId = scopeId;
+ }
+
+ public void setPermission(Permission permission) {
+ this.permission = permission;
+ }
+
+ public Date getRemoved() {
+ return removed;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+
+ public Boolean isRecursive() {
+ return recursive;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyVO.java
new file mode 100644
index 0000000..25ebd01
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMPolicyVO.java
@@ -0,0 +1,138 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server;
+
+import java.util.Date;
+import java.util.UUID;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.apache.cloudstack.iam.api.IAMPolicy;
+
+import com.cloud.utils.db.GenericDao;
+
+@Entity
+@Table(name = ("iam_policy"))
+public class IAMPolicyVO implements IAMPolicy {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private long id;
+
+ @Column(name = "name")
+ private String name;
+
+ @Column(name = "description")
+ private String description;
+
+ @Column(name = "uuid")
+ private String uuid;
+
+ @Column(name = "path")
+ private String path;
+
+ @Column(name = "account_id")
+ private long accountId;
+
+ @Column(name = GenericDao.REMOVED_COLUMN)
+ private Date removed;
+
+ @Column(name = GenericDao.CREATED_COLUMN)
+ private Date created;
+
+ @Column(name = "policy_type")
+ @Enumerated(value = EnumType.STRING)
+ private IAMPolicy.PolicyType policyType;
+
+ public IAMPolicyVO() {
+ uuid = UUID.randomUUID().toString();
+ }
+
+ public IAMPolicyVO(String name, String description) {
+ this.name = name;
+ this.description = description;
+ uuid = UUID.randomUUID().toString();
+ policyType = IAMPolicy.PolicyType.Static;
+ }
+
+ @Override
+ public long getId() {
+ return id;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public String getDescription() {
+ return description;
+ }
+
+
+ @Override
+ public String getUuid() {
+ return uuid;
+ }
+
+ public void setUuid(String uuid) {
+ this.uuid = uuid;
+ }
+
+ public Date getRemoved() {
+ return removed;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+
+ @Override
+ public String getPath() {
+ return path;
+ }
+
+ public void setPath(String path) {
+ this.path = path;
+ }
+
+ @Override
+ public long getAccountId() {
+ return accountId;
+ }
+
+ public void setAccountId(long accountId) {
+ this.accountId = accountId;
+ }
+
+ public IAMPolicy.PolicyType getPolicyType() {
+ return policyType;
+ }
+
+ public void setPolicyType(IAMPolicy.PolicyType policyType) {
+ this.policyType = policyType;
+ }
+
+}
[47/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Merge branch 'master' into rbac
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/84a528fa
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/84a528fa
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/84a528fa
Branch: refs/heads/master
Commit: 84a528fad6979ed6745ad9eb9806d6b9a9fdb0f4
Parents: fa80c63 90c485e
Author: Min Chen <mi...@citrix.com>
Authored: Thu Mar 13 14:52:37 2014 -0700
Committer: Min Chen <mi...@citrix.com>
Committed: Thu Mar 13 14:52:37 2014 -0700
----------------------------------------------------------------------
api/src/com/cloud/domain/Domain.java | 3 -
.../org/apache/cloudstack/api/ApiConstants.java | 2 +-
.../org/apache/cloudstack/api/BaseListCmd.java | 2 +-
.../api/command/user/vm/DeployVMCmd.java | 7 +
.../api/command/user/vm/StartVMCmd.java | 11 +-
.../src/com/cloud/vm/VirtualMachineManager.java | 2 +-
.../cloud/entity/api/VirtualMachineEntity.java | 3 +-
.../cloud/deploy/DeploymentPlanningManager.java | 4 +-
.../com/cloud/vm/VirtualMachineManagerImpl.java | 20 +-
.../src/com/cloud/vm/VmWorkStart.java | 12 +-
.../cloud/entity/api/VMEntityManager.java | 3 +-
.../cloud/entity/api/VMEntityManagerImpl.java | 19 +-
.../entity/api/VirtualMachineEntityImpl.java | 4 +-
.../security/dao/VmRulesetLogDaoImpl.java | 2 +-
.../src/com/cloud/projects/ProjectVO.java | 5 +
.../cloud/entity/api/db/VMReservationVO.java | 11 +
.../jobs/impl/JobSerializerHelper.java | 5 +-
.../mom/rabbitmq/RabbitMQEventBus.java | 18 +-
.../lb/InternalLoadBalancerVMManagerImpl.java | 2 +-
.../allocator/impl/FirstFitAllocator.java | 29 +--
.../dispatch/ParamGenericValidationWorker.java | 3 +
.../src/com/cloud/dc/DedicatedResourceVO.java | 7 +
.../deploy/DeploymentPlanningManagerImpl.java | 31 ++-
.../src/com/cloud/deploy/FirstFitPlanner.java | 3 +-
.../com/cloud/network/IpAddressManagerImpl.java | 4 +-
.../cloud/network/as/AutoScaleManagerImpl.java | 4 +-
.../com/cloud/server/ManagementServerImpl.java | 217 +------------------
server/src/com/cloud/vm/UserVmManager.java | 2 +-
server/src/com/cloud/vm/UserVmManagerImpl.java | 35 ++-
.../ParamGenericValidationWorkerTest.java | 24 ++
setup/db/db/schema-430to440.sql | 2 +
31 files changed, 175 insertions(+), 321 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/84a528fa/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/84a528fa/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/84a528fa/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
index 4e91c7b,f55aa59..13b7442
--- a/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
@@@ -16,18 -16,13 +16,19 @@@
// under the License.
package org.apache.cloudstack.api.command.user.vm;
- import org.apache.cloudstack.api.BaseAsyncVMCmd;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
+ import org.apache.cloudstack.api.BaseAsyncVMCmd;
import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.HostResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
@@@ -70,6 -68,6 +74,7 @@@ public class StartVMCmd extends BaseAsy
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
++ @Override
public Long getId() {
return id;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/84a528fa/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
index c1f336c,5312e15..9cbbb10
--- a/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
+++ b/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
@@@ -1,57 -1,56 +1,56 @@@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.deploy;
-
-import java.util.ArrayList;
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.deploy;
+
+import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Comparator;
-import java.util.HashMap;
+import java.util.Comparator;
+import java.util.HashMap;
import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
+import java.util.List;
+import java.util.Map;
import java.util.Set;
-import java.util.Timer;
-import java.util.TreeSet;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.affinity.AffinityGroupProcessor;
-import org.apache.cloudstack.affinity.AffinityGroupService;
+import java.util.Timer;
+import java.util.TreeSet;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
- import org.apache.log4j.Logger;
-
+import org.apache.cloudstack.affinity.AffinityGroupProcessor;
+import org.apache.cloudstack.affinity.AffinityGroupService;
import org.apache.cloudstack.affinity.AffinityGroupVMMapVO;
-import org.apache.cloudstack.affinity.AffinityGroupVO;
-import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
-import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao;
-import org.apache.cloudstack.engine.cloud.entity.api.db.VMReservationVO;
-import org.apache.cloudstack.engine.cloud.entity.api.db.dao.VMReservationDao;
-import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
-import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager;
-import org.apache.cloudstack.engine.subsystem.api.storage.StoragePoolAllocator;
-import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
-import org.apache.cloudstack.framework.messagebus.MessageBus;
-import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
-import org.apache.cloudstack.managed.context.ManagedContextTimerTask;
-import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
-import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
-import org.apache.cloudstack.utils.identity.ManagementServerNode;
+import org.apache.cloudstack.affinity.AffinityGroupVO;
+import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
+import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao;
+import org.apache.cloudstack.engine.cloud.entity.api.db.VMReservationVO;
+import org.apache.cloudstack.engine.cloud.entity.api.db.dao.VMReservationDao;
+import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
+import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager;
+import org.apache.cloudstack.engine.subsystem.api.storage.StoragePoolAllocator;
+import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.messagebus.MessageBus;
+import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
+import org.apache.cloudstack.managed.context.ManagedContextTimerTask;
+import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
+import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
+import org.apache.cloudstack.utils.identity.ManagementServerNode;
+ import org.apache.log4j.Logger;
-
+
import com.cloud.agent.AgentManager;
import com.cloud.agent.Listener;
import com.cloud.agent.api.AgentControlAnswer;
@@@ -230,99 -229,94 +229,94 @@@ public class DeploymentPlanningManagerI
public void setPlanners(List<DeploymentPlanner> planners) {
_planners = planners;
- }
+ }
+
+ protected List<AffinityGroupProcessor> _affinityProcessors;
- protected List<AffinityGroupProcessor> _affinityProcessors;
+ public List<AffinityGroupProcessor> getAffinityGroupProcessors() {
+ return _affinityProcessors;
+ }
- public List<AffinityGroupProcessor> getAffinityGroupProcessors() {
- return _affinityProcessors;
- }
-
- public void setAffinityGroupProcessors(List<AffinityGroupProcessor> affinityProcessors) {
+ public void setAffinityGroupProcessors(List<AffinityGroupProcessor> affinityProcessors) {
_affinityProcessors = affinityProcessors;
- }
-
- @Override
+ }
+
+ @Override
public DeployDestination planDeployment(VirtualMachineProfile vmProfile, DeploymentPlan plan, ExcludeList avoids, DeploymentPlanner planner)
throws InsufficientServerCapacityException, AffinityConflictException {
-
- // call affinitygroup chain
- VirtualMachine vm = vmProfile.getVirtualMachine();
- long vmGroupCount = _affinityGroupVMMapDao.countAffinityGroupsForVm(vm.getId());
+
+ // call affinitygroup chain
+ VirtualMachine vm = vmProfile.getVirtualMachine();
+ long vmGroupCount = _affinityGroupVMMapDao.countAffinityGroupsForVm(vm.getId());
DataCenter dc = _dcDao.findById(vm.getDataCenterId());
-
- if (vmGroupCount > 0) {
- for (AffinityGroupProcessor processor : _affinityProcessors) {
- processor.process(vmProfile, plan, avoids);
- }
+
+ if (vmGroupCount > 0) {
+ for (AffinityGroupProcessor processor : _affinityProcessors) {
+ processor.process(vmProfile, plan, avoids);
+ }
+ }
+
+ if (vm.getType() == VirtualMachine.Type.User) {
+ checkForNonDedicatedResources(vmProfile, dc, avoids);
}
-
- if (vm.getType() == VirtualMachine.Type.User) {
- checkForNonDedicatedResources(vmProfile, dc, avoids);
- }
- if (s_logger.isDebugEnabled()) {
+ if (s_logger.isDebugEnabled()) {
s_logger.debug("Deploy avoids pods: " + avoids.getPodsToAvoid() + ", clusters: " + avoids.getClustersToAvoid() + ", hosts: " + avoids.getHostsToAvoid());
- }
-
- // call planners
+ }
+
+ // call planners
//DataCenter dc = _dcDao.findById(vm.getDataCenterId());
- // check if datacenter is in avoid set
- if (avoids.shouldAvoid(dc)) {
- if (s_logger.isDebugEnabled()) {
+ // check if datacenter is in avoid set
+ if (avoids.shouldAvoid(dc)) {
+ if (s_logger.isDebugEnabled()) {
s_logger.debug("DataCenter id = '" + dc.getId() + "' provided is in avoid set, DeploymentPlanner cannot allocate the VM, returning.");
- }
- return null;
- }
-
- ServiceOffering offering = vmProfile.getServiceOffering();
+ }
+ return null;
+ }
+
+ ServiceOffering offering = vmProfile.getServiceOffering();
if(planner == null){
- String plannerName = offering.getDeploymentPlanner();
- if (plannerName == null) {
- if (vm.getHypervisorType() == HypervisorType.BareMetal) {
- plannerName = "BareMetalPlanner";
- } else {
- plannerName = _configDao.getValue(Config.VmDeploymentPlanner.key());
- }
- }
+ String plannerName = offering.getDeploymentPlanner();
+ if (plannerName == null) {
+ if (vm.getHypervisorType() == HypervisorType.BareMetal) {
+ plannerName = "BareMetalPlanner";
+ } else {
+ plannerName = _configDao.getValue(Config.VmDeploymentPlanner.key());
+ }
+ }
- for (DeploymentPlanner plannerInList : _planners) {
- if (plannerName.equals(plannerInList.getName())) {
- planner = plannerInList;
- break;
- }
- }
+ planner = getDeploymentPlannerByName(plannerName);
}
-
- int cpu_requested = offering.getCpu() * offering.getSpeed();
- long ram_requested = offering.getRamSize() * 1024L * 1024L;
-
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("DeploymentPlanner allocation algorithm: " + planner);
-
+
+ int cpu_requested = offering.getCpu() * offering.getSpeed();
+ long ram_requested = offering.getRamSize() * 1024L * 1024L;
+
+ if (s_logger.isDebugEnabled()) {
+ s_logger.debug("DeploymentPlanner allocation algorithm: " + planner);
+
s_logger.debug("Trying to allocate a host and storage pools from dc:" + plan.getDataCenterId() + ", pod:" + plan.getPodId() + ",cluster:" +
plan.getClusterId() + ", requested cpu: " + cpu_requested + ", requested ram: " + ram_requested);
-
+
s_logger.debug("Is ROOT volume READY (pool already allocated)?: " + (plan.getPoolId() != null ? "Yes" : "No"));
- }
-
+ }
+
String haVmTag = (String)vmProfile.getParameter(VirtualMachineProfile.Param.HaTag);
-
- if (plan.getHostId() != null && haVmTag == null) {
- Long hostIdSpecified = plan.getHostId();
- if (s_logger.isDebugEnabled()) {
+
+ if (plan.getHostId() != null && haVmTag == null) {
+ Long hostIdSpecified = plan.getHostId();
+ if (s_logger.isDebugEnabled()) {
s_logger.debug("DeploymentPlan has host_id specified, choosing this host and making no checks on this host: " + hostIdSpecified);
- }
- HostVO host = _hostDao.findById(hostIdSpecified);
- if (host == null) {
- s_logger.debug("The specified host cannot be found");
- } else if (avoids.shouldAvoid(host)) {
- s_logger.debug("The specified host is in avoid set");
- } else {
- if (s_logger.isDebugEnabled()) {
+ }
+ HostVO host = _hostDao.findById(hostIdSpecified);
+ if (host == null) {
+ s_logger.debug("The specified host cannot be found");
+ } else if (avoids.shouldAvoid(host)) {
+ s_logger.debug("The specified host is in avoid set");
+ } else {
+ if (s_logger.isDebugEnabled()) {
s_logger.debug("Looking for suitable pools for this host under zone: " + host.getDataCenterId() + ", pod: " + host.getPodId() + ", cluster: " +
host.getClusterId());
- }
-
- // search for storage under the zone, pod, cluster of the host.
+ }
+
+ // search for storage under the zone, pod, cluster of the host.
DataCenterDeployment lastPlan =
new DataCenterDeployment(host.getDataCenterId(), host.getPodId(), host.getClusterId(), hostIdSpecified, plan.getPoolId(), null,
plan.getReservationContext());
@@@ -440,100 -434,114 +434,114 @@@
} else {
s_logger.debug("The last host of this VM is not UP or is not enabled, host status is: " + host.getStatus().name() + ", host resource state is: " +
host.getResourceState());
- }
- }
- s_logger.debug("Cannot choose the last host to deploy this VM ");
- }
-
- DeployDestination dest = null;
- List<Long> clusterList = null;
-
- if (planner != null && planner.canHandle(vmProfile, plan, avoids)) {
- while (true) {
- if (planner instanceof DeploymentClusterPlanner) {
-
+ }
+ }
+ s_logger.debug("Cannot choose the last host to deploy this VM ");
+ }
+
+ DeployDestination dest = null;
+ List<Long> clusterList = null;
+
+ if (planner != null && planner.canHandle(vmProfile, plan, avoids)) {
+ while (true) {
-
+ if (planner instanceof DeploymentClusterPlanner) {
+
ExcludeList plannerAvoidInput =
new ExcludeList(avoids.getDataCentersToAvoid(), avoids.getPodsToAvoid(), avoids.getClustersToAvoid(), avoids.getHostsToAvoid(),
- avoids.getPoolsToAvoid());
-
+ avoids.getPoolsToAvoid());
+
clusterList = ((DeploymentClusterPlanner)planner).orderClusters(vmProfile, plan, avoids);
-
- if (clusterList != null && !clusterList.isEmpty()) {
- // planner refactoring. call allocators to list hosts
+
+ if (clusterList != null && !clusterList.isEmpty()) {
+ // planner refactoring. call allocators to list hosts
ExcludeList plannerAvoidOutput =
new ExcludeList(avoids.getDataCentersToAvoid(), avoids.getPodsToAvoid(), avoids.getClustersToAvoid(), avoids.getHostsToAvoid(),
- avoids.getPoolsToAvoid());
-
- resetAvoidSet(plannerAvoidOutput, plannerAvoidInput);
-
+ avoids.getPoolsToAvoid());
+
+ resetAvoidSet(plannerAvoidOutput, plannerAvoidInput);
+
dest =
checkClustersforDestination(clusterList, vmProfile, plan, avoids, dc, getPlannerUsage(planner, vmProfile, plan, avoids), plannerAvoidOutput);
- if (dest != null) {
- return dest;
- }
- // reset the avoid input to the planners
- resetAvoidSet(avoids, plannerAvoidOutput);
-
- } else {
- return null;
- }
- } else {
- dest = planner.plan(vmProfile, plan, avoids);
- if (dest != null) {
- long hostId = dest.getHost().getId();
- avoids.addHost(dest.getHost().getId());
-
- if (checkIfHostFitsPlannerUsage(hostId, DeploymentPlanner.PlannerResourceUsage.Shared)) {
- // found destination
- return dest;
- } else {
- // find another host - seems some concurrent
- // deployment picked it up for dedicated access
- continue;
- }
- } else {
- return null;
- }
- }
- }
- }
-
- return dest;
- }
-
+ if (dest != null) {
+ return dest;
+ }
+ // reset the avoid input to the planners
+ resetAvoidSet(avoids, plannerAvoidOutput);
+
+ } else {
+ return null;
+ }
+ } else {
+ dest = planner.plan(vmProfile, plan, avoids);
+ if (dest != null) {
+ long hostId = dest.getHost().getId();
+ avoids.addHost(dest.getHost().getId());
+
+ if (checkIfHostFitsPlannerUsage(hostId, DeploymentPlanner.PlannerResourceUsage.Shared)) {
+ // found destination
+ return dest;
+ } else {
+ // find another host - seems some concurrent
+ // deployment picked it up for dedicated access
+ continue;
+ }
+ } else {
+ return null;
+ }
+ }
+ }
+ }
+
+ return dest;
+ }
+
+ @Override
+ public DeploymentPlanner getDeploymentPlannerByName(String plannerName) {
+ if (plannerName != null) {
+ for (DeploymentPlanner plannerInList : _planners) {
+ if (plannerName != null) {
+ }
+ if (plannerName.equalsIgnoreCase(plannerInList.getName())) {
+ return plannerInList;
+ }
+ }
+ }
+
+ return null;
+ }
+
private void checkForNonDedicatedResources(VirtualMachineProfile vmProfile, DataCenter dc, ExcludeList avoids) {
- boolean isExplicit = false;
- VirtualMachine vm = vmProfile.getVirtualMachine();
-
- // check if zone is dedicated. if yes check if vm owner has acess to it.
- DedicatedResourceVO dedicatedZone = _dedicatedDao.findByZoneId(dc.getId());
- if (dedicatedZone != null && !_accountMgr.isRootAdmin(vmProfile.getOwner().getType())) {
- long accountDomainId = vmProfile.getOwner().getDomainId();
- long accountId = vmProfile.getOwner().getAccountId();
-
- // If a zone is dedicated to an account then all hosts in this zone
- // will be explicitly dedicated to
- // that account. So there won't be any shared hosts in the zone, the
- // only way to deploy vms from that
- // account will be to use explicit dedication affinity group.
- if (dedicatedZone.getAccountId() != null) {
- if (dedicatedZone.getAccountId().equals(accountId)) {
- return;
- } else {
+ boolean isExplicit = false;
+ VirtualMachine vm = vmProfile.getVirtualMachine();
+
+ // check if zone is dedicated. if yes check if vm owner has acess to it.
+ DedicatedResourceVO dedicatedZone = _dedicatedDao.findByZoneId(dc.getId());
+ if (dedicatedZone != null && !_accountMgr.isRootAdmin(vmProfile.getOwner().getId())) {
+ long accountDomainId = vmProfile.getOwner().getDomainId();
+ long accountId = vmProfile.getOwner().getAccountId();
+
+ // If a zone is dedicated to an account then all hosts in this zone
+ // will be explicitly dedicated to
+ // that account. So there won't be any shared hosts in the zone, the
+ // only way to deploy vms from that
+ // account will be to use explicit dedication affinity group.
+ if (dedicatedZone.getAccountId() != null) {
+ if (dedicatedZone.getAccountId().equals(accountId)) {
+ return;
+ } else {
throw new CloudRuntimeException("Failed to deploy VM, Zone " + dc.getName() + " not available for the user account " + vmProfile.getOwner());
- }
- }
-
- // if zone is dedicated to a domain. Check owner's access to the
- // domain level dedication group
+ }
+ }
+
+ // if zone is dedicated to a domain. Check owner's access to the
+ // domain level dedication group
if (!_affinityGroupService.isAffinityGroupAvailableInDomain(dedicatedZone.getAffinityGroupId(), accountDomainId)) {
throw new CloudRuntimeException("Failed to deploy VM, Zone " + dc.getName() + " not available for the user domain " + vmProfile.getOwner());
- }
-
- }
-
- // check affinity group of type Explicit dedication exists. If No put
+ }
+
+ }
+
+ // check affinity group of type Explicit dedication exists. If No put
// dedicated pod/cluster/host in avoid list
List<AffinityGroupVMMapVO> vmGroupMappings = _affinityGroupVMMapDao.findByVmIdType(vm.getId(), "ExplicitDedication");
@@@ -1302,111 -1310,114 +1310,114 @@@
avoid.getPoolsToAvoid().addAll(poolsToAvoidOutput);
}
- if (suitableVolumeStoragePools.isEmpty()) {
- s_logger.debug("No suitable pools found");
- }
-
- return new Pair<Map<Volume, List<StoragePool>>, List<Volume>>(suitableVolumeStoragePools, readyAndReusedVolumes);
- }
-
- private boolean isEnabledForAllocation(long zoneId, Long podId, Long clusterId) {
- // Check if the zone exists in the system
- DataCenterVO zone = _dcDao.findById(zoneId);
- if (zone != null && Grouping.AllocationState.Disabled == zone.getAllocationState()) {
- s_logger.info("Zone is currently disabled, cannot allocate to this zone: " + zoneId);
- return false;
- }
-
- Pod pod = _podDao.findById(podId);
- if (pod != null && Grouping.AllocationState.Disabled == pod.getAllocationState()) {
- s_logger.info("Pod is currently disabled, cannot allocate to this pod: " + podId);
- return false;
- }
-
- Cluster cluster = _clusterDao.findById(clusterId);
- if (cluster != null && Grouping.AllocationState.Disabled == cluster.getAllocationState()) {
- s_logger.info("Cluster is currently disabled, cannot allocate to this cluster: " + clusterId);
- return false;
- }
-
- return true;
- }
-
- private boolean isRootAdmin(ReservationContext reservationContext) {
- if (reservationContext != null) {
- if (reservationContext.getAccount() != null) {
- return _accountMgr.isRootAdmin(reservationContext.getAccount().getType());
- } else {
- return false;
- }
- }
- return false;
- }
-
- @DB
- @Override
+ if (suitableVolumeStoragePools.isEmpty()) {
+ s_logger.debug("No suitable pools found");
+ }
+
+ return new Pair<Map<Volume, List<StoragePool>>, List<Volume>>(suitableVolumeStoragePools, readyAndReusedVolumes);
+ }
+
+ private boolean isEnabledForAllocation(long zoneId, Long podId, Long clusterId) {
+ // Check if the zone exists in the system
+ DataCenterVO zone = _dcDao.findById(zoneId);
+ if (zone != null && Grouping.AllocationState.Disabled == zone.getAllocationState()) {
+ s_logger.info("Zone is currently disabled, cannot allocate to this zone: " + zoneId);
+ return false;
+ }
+
+ Pod pod = _podDao.findById(podId);
+ if (pod != null && Grouping.AllocationState.Disabled == pod.getAllocationState()) {
+ s_logger.info("Pod is currently disabled, cannot allocate to this pod: " + podId);
+ return false;
+ }
+
+ Cluster cluster = _clusterDao.findById(clusterId);
+ if (cluster != null && Grouping.AllocationState.Disabled == cluster.getAllocationState()) {
+ s_logger.info("Cluster is currently disabled, cannot allocate to this cluster: " + clusterId);
+ return false;
+ }
+
+ return true;
+ }
+
+ private boolean isRootAdmin(ReservationContext reservationContext) {
+ if (reservationContext != null) {
+ if (reservationContext.getAccount() != null) {
+ return _accountMgr.isRootAdmin(reservationContext.getAccount().getId());
+ } else {
+ return false;
+ }
+ }
+ return false;
+ }
+
+ @DB
+ @Override
- public String finalizeReservation(final DeployDestination plannedDestination, final VirtualMachineProfile vmProfile, DeploymentPlan plan, ExcludeList avoids)
+ public String finalizeReservation(final DeployDestination plannedDestination, final VirtualMachineProfile vmProfile, DeploymentPlan plan, ExcludeList avoids, final DeploymentPlanner planner)
- throws InsufficientServerCapacityException, AffinityConflictException {
-
- final VirtualMachine vm = vmProfile.getVirtualMachine();
- final long vmGroupCount = _affinityGroupVMMapDao.countAffinityGroupsForVm(vm.getId());
-
- return Transaction.execute(new TransactionCallback<String>() {
- @Override
- public String doInTransaction(TransactionStatus status) {
- boolean saveReservation = true;
-
- if (vmGroupCount > 0) {
- List<Long> groupIds = _affinityGroupVMMapDao.listAffinityGroupIdsByVmId(vm.getId());
- SearchCriteria<AffinityGroupVO> criteria = _affinityGroupDao.createSearchCriteria();
- criteria.addAnd("id", SearchCriteria.Op.IN, groupIds.toArray(new Object[groupIds.size()]));
- List<AffinityGroupVO> groups = _affinityGroupDao.lockRows(criteria, null, true);
-
- for (AffinityGroupProcessor processor : _affinityProcessors) {
- if (!processor.check(vmProfile, plannedDestination)) {
- saveReservation = false;
- break;
- }
- }
- }
-
- if (saveReservation) {
+ throws InsufficientServerCapacityException, AffinityConflictException {
+
+ final VirtualMachine vm = vmProfile.getVirtualMachine();
+ final long vmGroupCount = _affinityGroupVMMapDao.countAffinityGroupsForVm(vm.getId());
+
+ return Transaction.execute(new TransactionCallback<String>() {
+ @Override
+ public String doInTransaction(TransactionStatus status) {
+ boolean saveReservation = true;
+
+ if (vmGroupCount > 0) {
+ List<Long> groupIds = _affinityGroupVMMapDao.listAffinityGroupIdsByVmId(vm.getId());
+ SearchCriteria<AffinityGroupVO> criteria = _affinityGroupDao.createSearchCriteria();
+ criteria.addAnd("id", SearchCriteria.Op.IN, groupIds.toArray(new Object[groupIds.size()]));
+ List<AffinityGroupVO> groups = _affinityGroupDao.lockRows(criteria, null, true);
+
+ for (AffinityGroupProcessor processor : _affinityProcessors) {
+ if (!processor.check(vmProfile, plannedDestination)) {
+ saveReservation = false;
+ break;
+ }
+ }
+ }
+
+ if (saveReservation) {
VMReservationVO vmReservation =
new VMReservationVO(vm.getId(), plannedDestination.getDataCenter().getId(), plannedDestination.getPod().getId(), plannedDestination.getCluster()
.getId(), plannedDestination.getHost().getId());
+ if (planner != null) {
+ vmReservation.setDeploymentPlanner(planner.getName());
+ }
- Map<Long, Long> volumeReservationMap = new HashMap<Long, Long>();
-
- if (vm.getHypervisorType() != HypervisorType.BareMetal) {
- for (Volume vo : plannedDestination.getStorageForDisks().keySet()) {
- volumeReservationMap.put(vo.getId(), plannedDestination.getStorageForDisks().get(vo).getId());
- }
- vmReservation.setVolumeReservation(volumeReservationMap);
- }
- _reservationDao.persist(vmReservation);
- return vmReservation.getUuid();
- }
-
- return null;
- }
- });
- }
-
- @Override
+ Map<Long, Long> volumeReservationMap = new HashMap<Long, Long>();
+
+ if (vm.getHypervisorType() != HypervisorType.BareMetal) {
+ for (Volume vo : plannedDestination.getStorageForDisks().keySet()) {
+ volumeReservationMap.put(vo.getId(), plannedDestination.getStorageForDisks().get(vo).getId());
+ }
+ vmReservation.setVolumeReservation(volumeReservationMap);
+ }
+ _reservationDao.persist(vmReservation);
+ return vmReservation.getUuid();
+ }
+
+ return null;
+ }
+ });
+ }
+
+ @Override
public boolean preStateTransitionEvent(State oldState, Event event, State newState, VirtualMachine vo, boolean status, Object opaque) {
- return true;
- }
-
- @Override
+ return true;
+ }
+
+ @Override
public boolean postStateTransitionEvent(State oldState, Event event, State newState, VirtualMachine vo, boolean status, Object opaque) {
- if (!status) {
- return false;
- }
- if ((oldState == State.Starting) && (newState != State.Starting)) {
- // cleanup all VM reservation entries
- SearchCriteria<VMReservationVO> sc = _reservationDao.createSearchCriteria();
- sc.addAnd("vmId", SearchCriteria.Op.EQ, vo.getId());
- _reservationDao.expunge(sc);
- }
- return true;
- }
-}
+ if (!status) {
+ return false;
+ }
+ if ((oldState == State.Starting) && (newState != State.Starting)) {
+ // cleanup all VM reservation entries
+ SearchCriteria<VMReservationVO> sc = _reservationDao.createSearchCriteria();
+ sc.addAnd("vmId", SearchCriteria.Op.EQ, vo.getId());
+ _reservationDao.expunge(sc);
+ }
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/84a528fa/server/src/com/cloud/deploy/FirstFitPlanner.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/84a528fa/server/src/com/cloud/network/IpAddressManagerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/84a528fa/server/src/com/cloud/network/as/AutoScaleManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/as/AutoScaleManagerImpl.java
index 755fc54,61b7f4b..99189fe
--- a/server/src/com/cloud/network/as/AutoScaleManagerImpl.java
+++ b/server/src/com/cloud/network/as/AutoScaleManagerImpl.java
@@@ -1375,18 -1366,18 +1375,18 @@@ public class AutoScaleManagerImpl<Type
return sdf.format(current);
}
- private boolean startNewVM(final long vmId) {
+ private boolean startNewVM(long vmId) {
try {
CallContext.current().setEventDetails("Vm Id: " + vmId);
- _userVmManager.startVirtualMachine(vmId, null, null);
- } catch (ResourceUnavailableException ex) {
+ _userVmManager.startVirtualMachine(vmId, null, null, null);
+ } catch (final ResourceUnavailableException ex) {
s_logger.warn("Exception: ", ex);
throw new ServerApiException(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, ex.getMessage());
- } catch (final ConcurrentOperationException ex) {
+ } catch (ConcurrentOperationException ex) {
s_logger.warn("Exception: ", ex);
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, ex.getMessage());
- } catch (final InsufficientCapacityException ex) {
- final StringBuilder message = new StringBuilder(ex.getMessage());
+ } catch (InsufficientCapacityException ex) {
+ StringBuilder message = new StringBuilder(ex.getMessage());
if (ex instanceof InsufficientServerCapacityException) {
if (((InsufficientServerCapacityException)ex).isAffinityApplied()) {
message.append(", Please check the affinity groups provided, there may not be sufficient capacity to follow them");
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/84a528fa/server/src/com/cloud/server/ManagementServerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/server/ManagementServerImpl.java
index 09823d7,2b63ae9..073cf47
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@@ -40,11 -40,7 +40,10 @@@ import javax.crypto.spec.SecretKeySpec
import javax.inject.Inject;
import javax.naming.ConfigurationException;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.log4j.Logger;
+
import org.apache.cloudstack.acl.ControlledEntity;
- import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.affinity.AffinityGroupProcessor;
import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao;
import org.apache.cloudstack.api.ApiConstants;
@@@ -735,10 -723,7 +726,9 @@@ public class ManagementServerImpl exten
@Inject
private UserVmManager _userVmMgr;
@Inject
+ private AccountService _accountService;
+ @Inject
private ServiceOfferingDao _offeringDao;
-
@Inject
private DeploymentPlanningManager _dpMgr;
@@@ -1708,210 -1692,108 +1697,6 @@@
return new Pair<List<? extends Configuration>, Integer>(result.first(), result.second());
}
-- /* TODO: this method should go away. Keep here just in case that our latest refactoring using template_store_ref missed anything
-- * in handling Swift or S3.
-- private Set<Pair<Long, Long>> listTemplates(Long templateId, String name, String keyword, TemplateFilter templateFilter, boolean isIso,
-- Boolean bootable, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean showDomr, boolean onlyReady,
-- List<Account> permittedAccounts, Account caller, ListProjectResourcesCriteria listProjectResourcesCriteria, Map<String, String> tags, String zoneType) {
--
-- VMTemplateVO template = null;
-- if (templateId != null) {
-- template = _templateDao.findById(templateId);
-- if (template == null) {
-- throw new InvalidParameterValueException("Please specify a valid template ID.");
-- }// If ISO requested then it should be ISO.
-- if (isIso && template.getFormat() != ImageFormat.ISO) {
-- s_logger.error("Template Id " + templateId + " is not an ISO");
-- InvalidParameterValueException ex = new InvalidParameterValueException("Specified Template Id is not an ISO");
-- ex.addProxyObject(template.getUuid(), "templateId");
-- throw ex;
-- }// If ISO not requested then it shouldn't be an ISO.
-- if (!isIso && template.getFormat() == ImageFormat.ISO) {
-- s_logger.error("Incorrect format of the template id " + templateId);
-- InvalidParameterValueException ex = new InvalidParameterValueException("Incorrect format " + template.getFormat()
-- + " of the specified template id");
-- ex.addProxyObject(template.getUuid(), "templateId");
-- throw ex;
-- }
-- }
--
-- DomainVO domain = null;
-- if (!permittedAccounts.isEmpty()) {
-- domain = _domainDao.findById(permittedAccounts.get(0).getDomainId());
-- } else {
-- domain = _domainDao.findById(DomainVO.ROOT_DOMAIN);
-- }
--
-- List<HypervisorType> hypers = null;
-- if (!isIso) {
-- hypers = _resourceMgr.listAvailHypervisorInZone(null, null);
-- }
-- Set<Pair<Long, Long>> templateZonePairSet = new HashSet<Pair<Long, Long>>();
-- if (_swiftMgr.isSwiftEnabled()) {
-- if (template == null) {
-- templateZonePairSet = _templateDao.searchSwiftTemplates(name, keyword, templateFilter, isIso, hypers, bootable, domain, pageSize,
-- startIndex, zoneId, hyperType, onlyReady, showDomr, permittedAccounts, caller, tags);
-- Set<Pair<Long, Long>> templateZonePairSet2 = new HashSet<Pair<Long, Long>>();
-- templateZonePairSet2 = _templateDao.searchTemplates(name, keyword, templateFilter, isIso, hypers, bootable, domain, pageSize,
-- startIndex, zoneId, hyperType, onlyReady, showDomr, permittedAccounts, caller, listProjectResourcesCriteria, tags, zoneType);
--
-- for (Pair<Long, Long> tmpltPair : templateZonePairSet2) {
-- if (!templateZonePairSet.contains(new Pair<Long, Long>(tmpltPair.first(), -1L))) {
-- templateZonePairSet.add(tmpltPair);
-- }
-- }
--
-- } else {
-- // if template is not public, perform permission check here
-- if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
-- Account owner = _accountMgr.getAccount(template.getAccountId());
-- _accountMgr.checkAccess(caller, null, true, owner);
-- }
-- templateZonePairSet.add(new Pair<Long, Long>(template.getId(), zoneId));
-- }
-- } else if (_s3Mgr.isS3Enabled()) {
-- if (template == null) {
-- templateZonePairSet = _templateDao.searchSwiftTemplates(name, keyword, templateFilter, isIso,
-- hypers, bootable, domain, pageSize, startIndex, zoneId, hyperType, onlyReady, showDomr,
-- permittedAccounts, caller, tags);
-- Set<Pair<Long, Long>> templateZonePairSet2 = new HashSet<Pair<Long, Long>>();
-- templateZonePairSet2 = _templateDao.searchTemplates(name, keyword, templateFilter, isIso, hypers,
-- bootable, domain, pageSize, startIndex, zoneId, hyperType, onlyReady, showDomr,
-- permittedAccounts, caller, listProjectResourcesCriteria, tags, zoneType);
--
-- for (Pair<Long, Long> tmpltPair : templateZonePairSet2) {
-- if (!templateZonePairSet.contains(new Pair<Long, Long>(tmpltPair.first(), -1L))) {
-- templateZonePairSet.add(tmpltPair);
-- }
-- }
-- } else {
-- // if template is not public, perform permission check here
-- if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
-- Account owner = _accountMgr.getAccount(template.getAccountId());
-- _accountMgr.checkAccess(caller, null, true, owner);
-- }
-- templateZonePairSet.add(new Pair<Long, Long>(template.getId(), zoneId));
-- }
-- } else {
-- if (template == null) {
-- templateZonePairSet = _templateDao.searchTemplates(name, keyword, templateFilter, isIso, hypers, bootable, domain, pageSize,
-- startIndex, zoneId, hyperType, onlyReady, showDomr, permittedAccounts, caller, listProjectResourcesCriteria, tags, zoneType);
-- } else {
-- // if template is not public, perform permission check here
-- if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
-- Account owner = _accountMgr.getAccount(template.getAccountId());
-- _accountMgr.checkAccess(caller, null, true, owner);
-- }
-- templateZonePairSet.add(new Pair<Long, Long>(template.getId(), zoneId));
-- }
-- }
--
-- return templateZonePairSet;
-- }
-- */
--
- private VMTemplateVO updateTemplateOrIso(BaseUpdateTemplateOrIsoCmd cmd) {
- Long id = cmd.getId();
- String name = cmd.getTemplateName();
- String displayText = cmd.getDisplayText();
- String format = cmd.getFormat();
- Long guestOSId = cmd.getOsTypeId();
- Boolean passwordEnabled = cmd.isPasswordEnabled();
- Boolean bootable = cmd.isBootable();
- Integer sortKey = cmd.getSortKey();
- Boolean isDynamicallyScalable = cmd.isDynamicallyScalable();
- Boolean isRoutingTemplate = cmd.isRoutingType();
- Account account = CallContext.current().getCallingAccount();
-
- // verify that template exists
- VMTemplateVO template = _templateDao.findById(id);
- if (template == null || template.getRemoved() != null) {
- InvalidParameterValueException ex = new InvalidParameterValueException("unable to find template/iso with specified id");
- ex.addProxyObject(id.toString(), "templateId");
- throw ex;
- }
-
- // Don't allow to modify system template
- if (id.equals(Long.valueOf(1))) {
- InvalidParameterValueException ex = new InvalidParameterValueException("Unable to update template/iso of specified id");
- ex.addProxyObject(template.getUuid(), "templateId");
- throw ex;
- }
-
- // do a permission check
- _accountMgr.checkAccess(account, AccessType.OperateEntry, true, template);
-
- if(cmd.isRoutingType() != null){
- if (!_accountService.isRootAdmin(account.getId())) {
- throw new PermissionDeniedException("Parameter isrouting can only be specified by a Root Admin, permission denied");
- }
- }
- boolean updateNeeded = !(name == null && displayText == null && format == null && guestOSId == null && passwordEnabled == null && bootable == null && sortKey == null
- && isDynamicallyScalable == null && isRoutingTemplate == null);
- if (!updateNeeded) {
- return template;
- }
-
- template = _templateDao.createForUpdate(id);
-
- if (name != null) {
- template.setName(name);
- }
-
- if (displayText != null) {
- template.setDisplayText(displayText);
- }
-
- if (sortKey != null) {
- template.setSortKey(sortKey);
- }
-
- ImageFormat imageFormat = null;
- if (format != null) {
- try {
- imageFormat = ImageFormat.valueOf(format.toUpperCase());
- } catch (IllegalArgumentException e) {
- throw new InvalidParameterValueException("Image format: " + format + " is incorrect. Supported formats are " + EnumUtils.listValues(ImageFormat.values()));
- }
-
- template.setFormat(imageFormat);
- }
-
- if (guestOSId != null) {
- GuestOSVO guestOS = _guestOSDao.findById(guestOSId);
-
- if (guestOS == null) {
- throw new InvalidParameterValueException("Please specify a valid guest OS ID.");
- } else {
- template.setGuestOSId(guestOSId);
- }
- }
-
- if (passwordEnabled != null) {
- template.setEnablePassword(passwordEnabled);
- }
-
- if (bootable != null) {
- template.setBootable(bootable);
- }
-
- if (isDynamicallyScalable != null) {
- template.setDynamicallyScalable(isDynamicallyScalable);
- }
-
- if (isRoutingTemplate != null) {
- if (isRoutingTemplate) {
- template.setTemplateType(TemplateType.ROUTING);
- } else {
- template.setTemplateType(TemplateType.USER);
- }
- }
-
- _templateDao.update(id, template);
-
- return _templateDao.findById(id);
- }
-
@Override
public Pair<List<? extends IpAddress>, Integer> searchForIPAddresses(ListPublicIpAddressesCmd cmd) {
Object keyword = cmd.getKeyword();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/84a528fa/server/src/com/cloud/vm/UserVmManager.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/vm/UserVmManager.java
index 0e48414,11b110f..afe1002
--- a/server/src/com/cloud/vm/UserVmManager.java
+++ b/server/src/com/cloud/vm/UserVmManager.java
@@@ -88,7 -92,23 +88,7 @@@ public interface UserVmManager extends
boolean expunge(UserVmVO vm, long callerUserId, Account caller);
- Pair<UserVmVO, Map<VirtualMachineProfile.Param, Object>> startVirtualMachine(long vmId, Long hostId, Map<VirtualMachineProfile.Param, Object> additionalParams)
- /**
- * Obtains a list of virtual machines by the specified search criteria.
- * Can search by: "userId", "name", "state", "dataCenterId", "podId", "hostId"
- * @param c
- * @param caller TODO
- * @param domainId TODO
- * @param isRecursive TODO
- * @param permittedAccounts TODO
- * @param listAll TODO
- * @param listProjectResourcesCriteria TODO
- * @param tags TODO
- * @return List of UserVMs + count
- */
- Pair<List<UserVmJoinVO>, Integer> searchForUserVMs(Criteria c, Account caller, Long domainId, boolean isRecursive, List<Long> permittedAccounts, boolean listAll,
- ListProjectResourcesCriteria listProjectResourcesCriteria, Map<String, String> tags);
-
+ Pair<UserVmVO, Map<VirtualMachineProfile.Param, Object>> startVirtualMachine(long vmId, Long hostId, Map<VirtualMachineProfile.Param, Object> additionalParams, String deploymentPlannerToUse)
throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException;
boolean upgradeVirtualMachine(Long id, Long serviceOfferingId, Map<String, String> customParameters) throws ResourceUnavailableException,
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/84a528fa/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/84a528fa/setup/db/db/schema-430to440.sql
----------------------------------------------------------------------
[03/50] [abbrv] Renaming AclEntityType --> IAMEntityType
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
index 965e12c..6a448ba 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.exception.ConcurrentOperationException;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class StopVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StopVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java
index 98c675b..6d32c96 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/UpdateDefaultNicForVMCmd.java
@@ -21,7 +21,7 @@ import java.util.EnumSet;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -41,7 +41,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "updateDefaultNicForVirtualMachine", description = "Changes the default NIC on a VM", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "updateDefaultNicForVirtualMachine", description = "Changes the default NIC on a VM", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class UpdateDefaultNicForVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateDefaultNicForVMCmd.class);
private static final String s_name = "updatedefaultnicforvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
index 28d7c0ea..4d74574 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.uservm.UserVm;
@APICommand(name = "updateVirtualMachine", description="Updates properties of a virtual machine. The VM has to be stopped and restarted for the " +
"new properties to take effect. UpdateVirtualMachine does not first check whether the VM is stopped. " +
- "Therefore, stop the VM manually before issuing this call.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+ "Therefore, stop the VM manually before issuing this call.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class UpdateVMCmd extends BaseCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVMCmd.class.getName());
private static final String s_name = "updatevirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
index 4ed7c43..ec06070 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
@@ -23,7 +23,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -45,7 +45,7 @@ import com.cloud.uservm.UserVm;
@APICommand(name = "changeServiceForVirtualMachine", responseObject=UserVmResponse.class, description="Changes the service offering for a virtual machine. " +
"The virtual machine must be in a \"Stopped\" state for " +
- "this command to take effect.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+ "this command to take effect.", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class UpgradeVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeVMCmd.class.getName());
private static final String s_name = "changeserviceforvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
index 07dd3d9..a8cca68 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmgroup/CreateVMGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vmgroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.vm.InstanceGroup;
-@APICommand(name = "createInstanceGroup", description = "Creates a vm group", responseObject = InstanceGroupResponse.class, entityType = { AclEntityType.InstanceGroup })
+@APICommand(name = "createInstanceGroup", description = "Creates a vm group", responseObject = InstanceGroupResponse.class, entityType = { IAMEntityType.InstanceGroup })
public class CreateVMGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateVMGroupCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java
index 08ea4b0..5b4ff8c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmgroup/DeleteVMGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vmgroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.api.response.SuccessResponse;
import com.cloud.user.Account;
import com.cloud.vm.InstanceGroup;
-@APICommand(name = "deleteInstanceGroup", description = "Deletes a vm group", responseObject = SuccessResponse.class, entityType = { AclEntityType.InstanceGroup })
+@APICommand(name = "deleteInstanceGroup", description = "Deletes a vm group", responseObject = SuccessResponse.class, entityType = { IAMEntityType.InstanceGroup })
public class DeleteVMGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVMGroupCmd.class.getName());
private static final String s_name = "deleteinstancegroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java
index 5e5e3c6..99aeaf8 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmgroup/ListVMGroupsCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vmgroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -26,7 +26,7 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.InstanceGroupResponse;
import org.apache.cloudstack.api.response.ListResponse;
-@APICommand(name = "listInstanceGroups", description = "Lists vm groups", responseObject = InstanceGroupResponse.class, entityType = { AclEntityType.InstanceGroup })
+@APICommand(name = "listInstanceGroups", description = "Lists vm groups", responseObject = InstanceGroupResponse.class, entityType = { IAMEntityType.InstanceGroup })
public class ListVMGroupsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVMGroupsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java
index 179b536..d2f3b46 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmgroup/UpdateVMGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vmgroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.response.InstanceGroupResponse;
import com.cloud.user.Account;
import com.cloud.vm.InstanceGroup;
-@APICommand(name = "updateInstanceGroup", description = "Updates a vm group", responseObject = InstanceGroupResponse.class, entityType = { AclEntityType.InstanceGroup })
+@APICommand(name = "updateInstanceGroup", description = "Updates a vm group", responseObject = InstanceGroupResponse.class, entityType = { IAMEntityType.InstanceGroup })
public class UpdateVMGroupCmd extends BaseCmd {
private static final String s_name = "updateinstancegroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
index d8db778..8f0a8c8 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.vmsnapshot;
import java.util.logging.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.uservm.UserVm;
import com.cloud.vm.snapshot.VMSnapshot;
-@APICommand(name = "createVMSnapshot", description = "Creates snapshot for a vm.", responseObject = VMSnapshotResponse.class, since = "4.2.0", entityType = { AclEntityType.VMSnapshot })
+@APICommand(name = "createVMSnapshot", description = "Creates snapshot for a vm.", responseObject = VMSnapshotResponse.class, since = "4.2.0", entityType = { IAMEntityType.VMSnapshot })
public class CreateVMSnapshotCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateVMSnapshotCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
index c5b6f2a..063ff77 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.vmsnapshot;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.vm.snapshot.VMSnapshot;
-@APICommand(name = "deleteVMSnapshot", description = "Deletes a vmsnapshot.", responseObject = SuccessResponse.class, since = "4.2.0", entityType = { AclEntityType.VMSnapshot })
+@APICommand(name = "deleteVMSnapshot", description = "Deletes a vmsnapshot.", responseObject = SuccessResponse.class, since = "4.2.0", entityType = { IAMEntityType.VMSnapshot })
public class DeleteVMSnapshotCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVMSnapshotCmd.class.getName());
private static final String s_name = "deletevmsnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
index 527f32a..7faed63 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
@@ -20,7 +20,7 @@ package org.apache.cloudstack.api.command.user.vmsnapshot;
import java.util.ArrayList;
import java.util.List;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@ -31,7 +31,7 @@ import org.apache.cloudstack.api.response.VMSnapshotResponse;
import com.cloud.vm.snapshot.VMSnapshot;
-@APICommand(name = "listVMSnapshot", description = "List virtual machine snapshot by conditions", responseObject = VMSnapshotResponse.class, since = "4.2.0", entityType = { AclEntityType.VMSnapshot })
+@APICommand(name = "listVMSnapshot", description = "List virtual machine snapshot by conditions", responseObject = VMSnapshotResponse.class, since = "4.2.0", entityType = { IAMEntityType.VMSnapshot })
public class ListVMSnapshotCmd extends BaseListTaggedResourcesCmd {
private static final String s_name = "listvmsnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
index b69173a..9fdf2bc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/AttachVolumeCmd.java
@@ -17,7 +17,7 @@
package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "attachVolume", description = "Attaches a disk volume to a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "attachVolume", description = "Attaches a disk volume to a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class AttachVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AttachVolumeCmd.class.getName());
private static final String s_name = "attachvolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
index a15971c..5939ca6 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/CreateVolumeCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -42,7 +42,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.storage.Snapshot;
import com.cloud.storage.Volume;
-@APICommand(name = "createVolume", responseObject = VolumeResponse.class, description = "Creates a disk volume from a disk offering. This disk volume must still be attached to a virtual machine to make use of it.", responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "createVolume", responseObject = VolumeResponse.class, description = "Creates a disk volume from a disk offering. This disk volume must still be attached to a virtual machine to make use of it.", responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class CreateVolumeCmd extends BaseAsyncCreateCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(CreateVolumeCmd.class.getName());
private static final String s_name = "createvolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
index a786d22..bb17bd9 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/DeleteVolumeCmd.java
@@ -17,7 +17,7 @@
package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -34,7 +34,7 @@ import com.cloud.exception.ConcurrentOperationException;
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "deleteVolume", description = "Deletes a detached disk volume.", responseObject = SuccessResponse.class, entityType = { AclEntityType.Volume })
+@APICommand(name = "deleteVolume", description = "Deletes a detached disk volume.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Volume })
public class DeleteVolumeCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVolumeCmd.class.getName());
private static final String s_name = "deletevolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
index ad1ac8d..c7419fc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/DetachVolumeCmd.java
@@ -17,7 +17,7 @@
package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.storage.Volume;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "detachVolume", description = "Detaches a disk volume from a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "detachVolume", description = "Detaches a disk volume from a virtual machine.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class DetachVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DetachVolumeCmd.class.getName());
private static final String s_name = "detachvolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
index 750f84d..fef35dc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/ExtractVolumeCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -39,7 +39,7 @@ import com.cloud.storage.Upload;
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "extractVolume", description = "Extracts volume", responseObject = ExtractResponse.class, entityType = { AclEntityType.Volume })
+@APICommand(name = "extractVolume", description = "Extracts volume", responseObject = ExtractResponse.class, entityType = { IAMEntityType.Volume })
public class ExtractVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ExtractVolumeCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java
index 4b43acd..24425cb 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/ListVolumesCmd.java
@@ -17,7 +17,7 @@
package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -36,7 +36,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
-@APICommand(name = "listVolumes", description = "Lists all volumes.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "listVolumes", description = "Lists all volumes.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class ListVolumesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVolumesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
index bb4cf76..bbd754a 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/MigrateVolumeCmd.java
@@ -16,7 +16,7 @@
// under the License.
package org.apache.cloudstack.api.command.user.volume;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "migrateVolume", description = "Migrate volume", responseObject = VolumeResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "migrateVolume", description = "Migrate volume", responseObject = VolumeResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class MigrateVolumeCmd extends BaseAsyncCmd {
private static final String s_name = "migratevolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
index ebcda16..0e7d27d 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/ResizeVolumeCmd.java
@@ -16,7 +16,7 @@
// under the License.
package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -39,7 +39,7 @@ import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "resizeVolume", description = "Resizes a volume", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "resizeVolume", description = "Resizes a volume", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class ResizeVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ResizeVolumeCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
index 3fa24cf..d5b23ab 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/UpdateVolumeCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.storage.Volume;
-@APICommand(name = "updateVolume", description = "Updates the volume.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "updateVolume", description = "Updates the volume.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class UpdateVolumeCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVolumeCmd.class.getName());
private static final String s_name = "updatevolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
index 5fdd932..608bde5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/volume/UploadVolumeCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.volume;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -40,7 +40,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.storage.Volume;
-@APICommand(name = "uploadVolume", description = "Uploads a data disk.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Volume })
+@APICommand(name = "uploadVolume", description = "Uploads a data disk.", responseObject = VolumeResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Volume })
public class UploadVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UploadVolumeCmd.class.getName());
private static final String s_name = "uploadvolumeresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java
index f724afe..0bbe8cb 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/CreateStaticRouteCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -40,7 +40,7 @@ import com.cloud.network.vpc.StaticRoute;
import com.cloud.network.vpc.Vpc;
import com.cloud.network.vpc.VpcGateway;
-@APICommand(name = "createStaticRoute", description = "Creates a static route", responseObject = StaticRouteResponse.class, entityType = { AclEntityType.StaticRoute })
+@APICommand(name = "createStaticRoute", description = "Creates a static route", responseObject = StaticRouteResponse.class, entityType = { IAMEntityType.StaticRoute })
public class CreateStaticRouteCmd extends BaseAsyncCreateCmd {
private static final String s_name = "createstaticrouteresponse";
public static final Logger s_logger = Logger.getLogger(CreateStaticRouteCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
index 682c8d2..42eeb62 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -40,7 +40,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.Vpc;
-@APICommand(name = "createVPC", description = "Creates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Vpc })
+@APICommand(name = "createVPC", description = "Creates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Vpc })
public class CreateVPCCmd extends BaseAsyncCreateCmd{
public static final Logger s_logger = Logger.getLogger(CreateVPCCmd.class.getName());
private static final String s_name = "createvpcresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java
index 7434d1e..b59ba93 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteStaticRouteCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -38,7 +38,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.StaticRoute;
-@APICommand(name = "deleteStaticRoute", description = "Deletes a static route", responseObject = SuccessResponse.class, entityType = { AclEntityType.StaticRoute })
+@APICommand(name = "deleteStaticRoute", description = "Deletes a static route", responseObject = SuccessResponse.class, entityType = { IAMEntityType.StaticRoute })
public class DeleteStaticRouteCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteStaticRouteCmd.class.getName());
private static final String s_name = "deletestaticrouteresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java
index d6a1248..ab4a447 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/DeleteVPCCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
-@APICommand(name = "deleteVPC", description = "Deletes a VPC", responseObject = SuccessResponse.class, entityType = { AclEntityType.Vpc })
+@APICommand(name = "deleteVPC", description = "Deletes a VPC", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Vpc })
public class DeleteVPCCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVPCCmd.class.getName());
private static final String s_name = "deletevpcresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java
index 0d263fd..03f51f5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/ListPrivateGatewaysCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.api.response.VpcResponse;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.utils.Pair;
-@APICommand(name = "listPrivateGateways", description = "List private gateways", responseObject = PrivateGatewayResponse.class, entityType = { AclEntityType.VpcGateway })
+@APICommand(name = "listPrivateGateways", description = "List private gateways", responseObject = PrivateGatewayResponse.class, entityType = { IAMEntityType.VpcGateway })
public class ListPrivateGatewaysCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListPrivateGatewaysCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java
index c45cd7f..215ae9f 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/ListStaticRoutesCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import java.util.ArrayList;
import java.util.List;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.response.VpcResponse;
import com.cloud.network.vpc.StaticRoute;
import com.cloud.utils.Pair;
-@APICommand(name = "listStaticRoutes", description = "Lists all static routes", responseObject = StaticRouteResponse.class, entityType = { AclEntityType.StaticRoute })
+@APICommand(name = "listStaticRoutes", description = "Lists all static routes", responseObject = StaticRouteResponse.class, entityType = { IAMEntityType.StaticRoute })
public class ListStaticRoutesCmd extends BaseListTaggedResourcesCmd {
private static final String s_name = "liststaticroutesresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
index e0f29ab..bbd07d6 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@ -35,7 +35,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.network.vpc.Vpc;
-@APICommand(name = "listVPCs", description = "Lists VPCs", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Vpc })
+@APICommand(name = "listVPCs", description = "Lists VPCs", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Vpc })
public class ListVPCsCmd extends BaseListTaggedResourcesCmd{
public static final Logger s_logger = Logger.getLogger(ListVPCsCmd.class.getName());
private static final String s_name = "listvpcsresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java
index cd01e92..cb395ee 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/RestartVPCCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
-@APICommand(name = "restartVPC", description = "Restarts a VPC", responseObject = VpcResponse.class, entityType = { AclEntityType.Vpc })
+@APICommand(name = "restartVPC", description = "Restarts a VPC", responseObject = VpcResponse.class, entityType = { IAMEntityType.Vpc })
public class RestartVPCCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RestartVPCCmd.class.getName());
private static final String Name = "restartvpcresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
index 16829a2..a081b9f 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
-@APICommand(name = "updateVPC", description = "Updates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Vpc })
+@APICommand(name = "updateVPC", description = "Updates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Vpc })
public class UpdateVPCCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVPCCmd.class.getName());
private static final String Name = "updatevpcresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
index 3b48585..48ee1fd 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/AddVpnUserCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.VpnUser;
import com.cloud.user.Account;
-@APICommand(name = "addVpnUser", description = "Adds vpn users", responseObject = VpnUsersResponse.class, entityType = { AclEntityType.VpnUser })
+@APICommand(name = "addVpnUser", description = "Adds vpn users", responseObject = VpnUsersResponse.class, entityType = { IAMEntityType.VpnUser })
public class AddVpnUserCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(AddVpnUserCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java
index aebec14..b350f3b 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateRemoteAccessVpnCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -37,7 +37,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.IpAddress;
import com.cloud.network.RemoteAccessVpn;
-@APICommand(name = "createRemoteAccessVpn", description = "Creates a l2tp/ipsec remote access vpn", responseObject = RemoteAccessVpnResponse.class, entityType = { AclEntityType.RemoteAccessVpn })
+@APICommand(name = "createRemoteAccessVpn", description = "Creates a l2tp/ipsec remote access vpn", responseObject = RemoteAccessVpnResponse.class, entityType = { IAMEntityType.RemoteAccessVpn })
public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateRemoteAccessVpnCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java
index e948328..e28e4ab 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -37,7 +37,7 @@ import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.network.vpc.Vpc;
-@APICommand(name = "createVpnConnection", description = "Create site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { AclEntityType.Site2SiteVpnConnection })
+@APICommand(name = "createVpnConnection", description = "Create site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection })
public class CreateVpnConnectionCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateVpnConnectionCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
index f21767e..3cc6e17 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteCustomerGateway;
-@APICommand(name = "createVpnCustomerGateway", description = "Creates site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { AclEntityType.Site2SiteCustomerGateway })
+@APICommand(name = "createVpnCustomerGateway", description = "Creates site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { IAMEntityType.Site2SiteCustomerGateway })
public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(CreateVpnCustomerGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java
index d8d67d6..19be21b 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.network.vpc.Vpc;
-@APICommand(name = "createVpnGateway", description = "Creates site to site vpn local gateway", responseObject = Site2SiteVpnGatewayResponse.class, entityType = { AclEntityType.Site2SiteVpnGateway })
+@APICommand(name = "createVpnGateway", description = "Creates site to site vpn local gateway", responseObject = Site2SiteVpnGatewayResponse.class, entityType = { IAMEntityType.Site2SiteVpnGateway })
public class CreateVpnGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(CreateVpnGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java
index 6c7a3b3..d3eacf5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCmd;
@@ -33,7 +33,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.RemoteAccessVpn;
-@APICommand(name = "deleteRemoteAccessVpn", description = "Destroys a l2tp/ipsec remote access vpn", responseObject = SuccessResponse.class, entityType = { AclEntityType.RemoteAccessVpn })
+@APICommand(name = "deleteRemoteAccessVpn", description = "Destroys a l2tp/ipsec remote access vpn", responseObject = SuccessResponse.class, entityType = { IAMEntityType.RemoteAccessVpn })
public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteRemoteAccessVpnCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java
index 09f0d31..6fe8820 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -33,7 +33,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.user.Account;
-@APICommand(name = "deleteVpnConnection", description = "Delete site to site vpn connection", responseObject = SuccessResponse.class, entityType = { AclEntityType.Site2SiteVpnConnection })
+@APICommand(name = "deleteVpnConnection", description = "Delete site to site vpn connection", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection })
public class DeleteVpnConnectionCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVpnConnectionCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java
index 927aa53..e24f231 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -34,7 +34,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteCustomerGateway;
import com.cloud.user.Account;
-@APICommand(name = "deleteVpnCustomerGateway", description = "Delete site to site vpn customer gateway", responseObject = SuccessResponse.class, entityType = { AclEntityType.Site2SiteCustomerGateway })
+@APICommand(name = "deleteVpnCustomerGateway", description = "Delete site to site vpn customer gateway", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Site2SiteCustomerGateway })
public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVpnCustomerGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java
index 9259f48..6f28037 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.user.Account;
-@APICommand(name = "deleteVpnGateway", description = "Delete site to site vpn gateway", responseObject = SuccessResponse.class, entityType = { AclEntityType.Site2SiteVpnGateway })
+@APICommand(name = "deleteVpnGateway", description = "Delete site to site vpn gateway", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Site2SiteVpnGateway })
public class DeleteVpnGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVpnGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java
index f1aba1f..fde143c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -34,7 +34,7 @@ import org.apache.cloudstack.api.response.RemoteAccessVpnResponse;
import com.cloud.network.RemoteAccessVpn;
import com.cloud.utils.Pair;
-@APICommand(name = "listRemoteAccessVpns", description = "Lists remote access vpns", responseObject = RemoteAccessVpnResponse.class, entityType = { AclEntityType.RemoteAccessVpn })
+@APICommand(name = "listRemoteAccessVpns", description = "Lists remote access vpns", responseObject = RemoteAccessVpnResponse.class, entityType = { IAMEntityType.RemoteAccessVpn })
public class ListRemoteAccessVpnsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListRemoteAccessVpnsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java
index 7779fa0..ed93741 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.api.response.VpcResponse;
import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.utils.Pair;
-@APICommand(name = "listVpnConnections", description = "Lists site to site vpn connection gateways", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { AclEntityType.Site2SiteVpnConnection })
+@APICommand(name = "listVpnConnections", description = "Lists site to site vpn connection gateways", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection })
public class ListVpnConnectionsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVpnConnectionsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java
index 90070a4..2304964 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.response.Site2SiteCustomerGatewayResponse;
import com.cloud.network.Site2SiteCustomerGateway;
import com.cloud.utils.Pair;
-@APICommand(name = "listVpnCustomerGateways", description = "Lists site to site vpn customer gateways", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { AclEntityType.Site2SiteCustomerGateway })
+@APICommand(name = "listVpnCustomerGateways", description = "Lists site to site vpn customer gateways", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { IAMEntityType.Site2SiteCustomerGateway })
public class ListVpnCustomerGatewaysCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVpnCustomerGatewaysCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java
index bc435a9..7f8a33f 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.api.response.VpcResponse;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.utils.Pair;
-@APICommand(name = "listVpnGateways", description = "Lists site 2 site vpn gateways", responseObject = Site2SiteVpnGatewayResponse.class, entityType = { AclEntityType.Site2SiteVpnGateway })
+@APICommand(name = "listVpnGateways", description = "Lists site 2 site vpn gateways", responseObject = Site2SiteVpnGatewayResponse.class, entityType = { IAMEntityType.Site2SiteVpnGateway })
public class ListVpnGatewaysCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVpnGatewaysCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java
index 4eff609..6efdaa1 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.response.VpnUsersResponse;
import com.cloud.network.VpnUser;
import com.cloud.utils.Pair;
-@APICommand(name = "listVpnUsers", description = "Lists vpn users", responseObject = VpnUsersResponse.class, entityType = { AclEntityType.VpnUser })
+@APICommand(name = "listVpnUsers", description = "Lists vpn users", responseObject = VpnUsersResponse.class, entityType = { IAMEntityType.VpnUser })
public class ListVpnUsersCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVpnUsersCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
index c9f5219..d39c1a4 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.user.Account;
-@APICommand(name = "removeVpnUser", description = "Removes vpn user", responseObject = SuccessResponse.class, entityType = { AclEntityType.VpnUser })
+@APICommand(name = "removeVpnUser", description = "Removes vpn user", responseObject = SuccessResponse.class, entityType = { IAMEntityType.VpnUser })
public class RemoveVpnUserCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveVpnUserCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
index 746b003..025cc86 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -34,7 +34,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.user.Account;
-@APICommand(name = "resetVpnConnection", description = "Reset site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { AclEntityType.Site2SiteVpnConnection })
+@APICommand(name = "resetVpnConnection", description = "Reset site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection })
public class ResetVpnConnectionCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ResetVpnConnectionCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
index 8e63946..f88fa30 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vpn;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteCustomerGateway;
-@APICommand(name = "updateVpnCustomerGateway", description = "Update site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { AclEntityType.Site2SiteCustomerGateway })
+@APICommand(name = "updateVpnCustomerGateway", description = "Update site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { IAMEntityType.Site2SiteCustomerGateway })
public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVpnCustomerGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/components-api/src/com/cloud/network/addr/PublicIp.java
----------------------------------------------------------------------
diff --git a/engine/components-api/src/com/cloud/network/addr/PublicIp.java b/engine/components-api/src/com/cloud/network/addr/PublicIp.java
index 9e70cfe..eee7516 100644
--- a/engine/components-api/src/com/cloud/network/addr/PublicIp.java
+++ b/engine/components-api/src/com/cloud/network/addr/PublicIp.java
@@ -18,7 +18,7 @@ package com.cloud.network.addr;
import java.util.Date;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.dc.VlanVO;
import com.cloud.network.PublicIpAddress;
@@ -235,7 +235,7 @@ public class PublicIp implements PublicIpAddress {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.PublicIpAddress;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.PublicIpAddress;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
----------------------------------------------------------------------
diff --git a/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java b/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
index c7b7fec..aac2f3f 100644
--- a/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
+++ b/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java
@@ -18,7 +18,7 @@ package com.cloud.network.rules;
import java.util.List;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
public class StaticNatRuleImpl implements StaticNatRule {
long id;
@@ -145,8 +145,8 @@ public class StaticNatRuleImpl implements StaticNatRule {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.FirewallRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.FirewallRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
----------------------------------------------------------------------
diff --git a/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java b/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
index 1227210..0005983 100755
--- a/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
+++ b/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
@@ -36,7 +36,7 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.context.CallContext;
@@ -672,7 +672,7 @@ public class NetworkOrchestrator extends ManagerBase implements NetworkOrchestra
_networksDao.addDomainToNetwork(id, domainId, subdomainAccess == null ? true : subdomainAccess);
//send event for storing the domain wide resource access
Map<String, Object> params = new HashMap<String, Object>();
- params.put(ApiConstants.ENTITY_TYPE, AclEntityType.Network);
+ params.put(ApiConstants.ENTITY_TYPE, IAMEntityType.Network);
params.put(ApiConstants.ENTITY_ID, id);
params.put(ApiConstants.DOMAIN_ID, domainId);
params.put(ApiConstants.SUBDOMAIN_ACCESS, subdomainAccess == null ? true : subdomainAccess);
@@ -2203,7 +2203,7 @@ public class NetworkOrchestrator extends ManagerBase implements NetworkOrchestra
_networkAccountDao.remove(networkAccount.getId());
// remove its related ACL permission
- Pair<AclEntityType, Long> networkMsg = new Pair<AclEntityType, Long>(AclEntityType.Network, networkFinal.getId());
+ Pair<IAMEntityType, Long> networkMsg = new Pair<IAMEntityType, Long>(IAMEntityType.Network, networkFinal.getId());
_messageBus.publish(_name, EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, PublishScope.LOCAL, networkMsg);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/event/EventVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/event/EventVO.java b/engine/schema/src/com/cloud/event/EventVO.java
index fb4feb9..a21c643 100644
--- a/engine/schema/src/com/cloud/event/EventVO.java
+++ b/engine/schema/src/com/cloud/event/EventVO.java
@@ -29,7 +29,7 @@ import javax.persistence.Id;
import javax.persistence.Table;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -212,7 +212,7 @@ public class EventVO implements Event {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Event;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Event;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/UserIpv6AddressVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/UserIpv6AddressVO.java b/engine/schema/src/com/cloud/network/UserIpv6AddressVO.java
index 2d6e860..9314993 100644
--- a/engine/schema/src/com/cloud/network/UserIpv6AddressVO.java
+++ b/engine/schema/src/com/cloud/network/UserIpv6AddressVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -188,7 +188,7 @@ public class UserIpv6AddressVO implements UserIpv6Address {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.UserIpv6Address;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.UserIpv6Address;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/VpnUserVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/VpnUserVO.java b/engine/schema/src/com/cloud/network/VpnUserVO.java
index a150898..695aac0 100644
--- a/engine/schema/src/com/cloud/network/VpnUserVO.java
+++ b/engine/schema/src/com/cloud/network/VpnUserVO.java
@@ -27,7 +27,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.Encrypt;
@@ -129,7 +129,7 @@ public class VpnUserVO implements VpnUser {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VpnUser;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VpnUser;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/as/AutoScalePolicyVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/as/AutoScalePolicyVO.java b/engine/schema/src/com/cloud/network/as/AutoScalePolicyVO.java
index 1da0129..2af8679 100644
--- a/engine/schema/src/com/cloud/network/as/AutoScalePolicyVO.java
+++ b/engine/schema/src/com/cloud/network/as/AutoScalePolicyVO.java
@@ -30,7 +30,7 @@ import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.utils.db.GenericDao;
@@ -150,8 +150,8 @@ public class AutoScalePolicyVO implements AutoScalePolicy, InternalIdentity {
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.AutoScalePolicy;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.AutoScalePolicy;
}
public void setLastQuiteTime(Date lastQuiteTime) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/as/AutoScaleVmGroupVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/as/AutoScaleVmGroupVO.java b/engine/schema/src/com/cloud/network/as/AutoScaleVmGroupVO.java
index 1c12ce6..7a5da08 100644
--- a/engine/schema/src/com/cloud/network/as/AutoScaleVmGroupVO.java
+++ b/engine/schema/src/com/cloud/network/as/AutoScaleVmGroupVO.java
@@ -30,7 +30,7 @@ import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.utils.db.GenericDao;
@@ -215,7 +215,7 @@ public class AutoScaleVmGroupVO implements AutoScaleVmGroup, InternalIdentity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.AutoScaleVmGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.AutoScaleVmGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/as/AutoScaleVmProfileVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/as/AutoScaleVmProfileVO.java b/engine/schema/src/com/cloud/network/as/AutoScaleVmProfileVO.java
index e718a2b..6640e70 100644
--- a/engine/schema/src/com/cloud/network/as/AutoScaleVmProfileVO.java
+++ b/engine/schema/src/com/cloud/network/as/AutoScaleVmProfileVO.java
@@ -33,7 +33,7 @@ import javax.persistence.Inheritance;
import javax.persistence.InheritanceType;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.api.InternalIdentity;
@@ -223,8 +223,8 @@ public class AutoScaleVmProfileVO implements AutoScaleVmProfile, Identity, Inter
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.AutoScaleVmProfile;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.AutoScaleVmProfile;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/as/ConditionVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/as/ConditionVO.java b/engine/schema/src/com/cloud/network/as/ConditionVO.java
index 292a90a..36d59e2 100644
--- a/engine/schema/src/com/cloud/network/as/ConditionVO.java
+++ b/engine/schema/src/com/cloud/network/as/ConditionVO.java
@@ -29,7 +29,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.api.InternalIdentity;
@@ -130,7 +130,7 @@ public class ConditionVO implements Condition, Identity, InternalIdentity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Condition;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Condition;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/IPAddressVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/IPAddressVO.java b/engine/schema/src/com/cloud/network/dao/IPAddressVO.java
index 76a2ba9..d3fca87 100644
--- a/engine/schema/src/com/cloud/network/dao/IPAddressVO.java
+++ b/engine/schema/src/com/cloud/network/dao/IPAddressVO.java
@@ -31,7 +31,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.IpAddress;
import com.cloud.utils.net.Ip;
@@ -338,7 +338,7 @@ public class IPAddressVO implements IpAddress {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.IpAddress;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.IpAddress;
}
}
[30/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Adding annotations for more admin APIs
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/695d689d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/695d689d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/695d689d
Branch: refs/heads/master
Commit: 695d689de5e3caeaf047dcfc39dffb71daae9a82
Parents: 690c5d4
Author: Prachi Damle <pr...@cloud.com>
Authored: Tue Mar 4 18:14:05 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Mar 4 18:14:05 2014 -0800
----------------------------------------------------------------------
.../api/command/admin/account/CreateAccountCmd.java | 3 ++-
.../api/command/admin/account/DeleteAccountCmd.java | 7 +++++--
.../command/admin/account/DisableAccountCmd.java | 6 +++++-
.../api/command/admin/account/EnableAccountCmd.java | 6 +++++-
.../api/command/admin/account/LockAccountCmd.java | 3 ++-
.../api/command/admin/account/UpdateAccountCmd.java | 7 +++++--
.../admin/internallb/ListInternalLBVMsCmd.java | 3 ++-
.../admin/internallb/StartInternalLBVMCmd.java | 7 +++++--
.../admin/internallb/StopInternalLBVMCmd.java | 7 +++++--
server/src/com/cloud/user/AccountManagerImpl.java | 16 ++++++++--------
10 files changed, 44 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/695d689d/api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.java b/api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.java
index 6a76644..a2399cf 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.java
@@ -21,6 +21,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -35,7 +36,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.user.Account;
import com.cloud.user.UserAccount;
-@APICommand(name = "createAccount", description = "Creates an account", responseObject = AccountResponse.class)
+@APICommand(name = "createAccount", description = "Creates an account", responseObject = AccountResponse.class, entityType = { IAMEntityType.Account })
public class CreateAccountCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateAccountCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/695d689d/api/src/org/apache/cloudstack/api/command/admin/account/DeleteAccountCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/account/DeleteAccountCmd.java b/api/src/org/apache/cloudstack/api/command/admin/account/DeleteAccountCmd.java
index 7c1b206..f1547a4 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/account/DeleteAccountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/account/DeleteAccountCmd.java
@@ -20,6 +20,9 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -36,7 +39,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.user.User;
-@APICommand(name = "deleteAccount", description = "Deletes a account, and all users associated with this account", responseObject = SuccessResponse.class)
+@APICommand(name = "deleteAccount", description = "Deletes a account, and all users associated with this account", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Account })
public class DeleteAccountCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAccountCmd.class.getName());
private static final String s_name = "deleteaccountresponse";
@@ -44,7 +47,7 @@ public class DeleteAccountCmd extends BaseAsyncCmd {
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
-
+ @ACL(accessType = AccessType.OperateEntry)
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AccountResponse.class, required = true, description = "Account id")
private Long id;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/695d689d/api/src/org/apache/cloudstack/api/command/admin/account/DisableAccountCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/account/DisableAccountCmd.java b/api/src/org/apache/cloudstack/api/command/admin/account/DisableAccountCmd.java
index bc6bfa5..028481c 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/account/DisableAccountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/account/DisableAccountCmd.java
@@ -20,6 +20,9 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -38,7 +41,7 @@ import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
-@APICommand(name = "disableAccount", description = "Disables an account", responseObject = AccountResponse.class)
+@APICommand(name = "disableAccount", description = "Disables an account", responseObject = AccountResponse.class, entityType = { IAMEntityType.Account })
public class DisableAccountCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DisableAccountCmd.class.getName());
private static final String s_name = "disableaccountresponse";
@@ -46,6 +49,7 @@ public class DisableAccountCmd extends BaseAsyncCmd {
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
+ @ACL(accessType = AccessType.OperateEntry)
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AccountResponse.class, description = "Account id")
private Long id;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/695d689d/api/src/org/apache/cloudstack/api/command/admin/account/EnableAccountCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/account/EnableAccountCmd.java b/api/src/org/apache/cloudstack/api/command/admin/account/EnableAccountCmd.java
index 8f97d23..9e38d3a 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/account/EnableAccountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/account/EnableAccountCmd.java
@@ -20,6 +20,9 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -33,7 +36,7 @@ import org.apache.cloudstack.region.RegionService;
import com.cloud.user.Account;
-@APICommand(name = "enableAccount", description = "Enables an account", responseObject = AccountResponse.class)
+@APICommand(name = "enableAccount", description = "Enables an account", responseObject = AccountResponse.class, entityType = { IAMEntityType.Account })
public class EnableAccountCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(EnableAccountCmd.class.getName());
private static final String s_name = "enableaccountresponse";
@@ -41,6 +44,7 @@ public class EnableAccountCmd extends BaseCmd {
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
+ @ACL(accessType = AccessType.OperateEntry)
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AccountResponse.class, description = "Account id")
private Long id;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/695d689d/api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java b/api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java
index 93ec1be..ddc1628 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java
@@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.admin.account;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseCmd;
@@ -27,7 +28,7 @@ import org.apache.cloudstack.api.response.DomainResponse;
import com.cloud.user.Account;
-@APICommand(name = "lockAccount", description = "Locks an account", responseObject = AccountResponse.class)
+@APICommand(name = "lockAccount", description = "Locks an account", responseObject = AccountResponse.class, entityType = { IAMEntityType.Account })
public class LockAccountCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(LockAccountCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/695d689d/api/src/org/apache/cloudstack/api/command/admin/account/UpdateAccountCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/account/UpdateAccountCmd.java b/api/src/org/apache/cloudstack/api/command/admin/account/UpdateAccountCmd.java
index f5038d5..d423848 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/account/UpdateAccountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/account/UpdateAccountCmd.java
@@ -23,6 +23,9 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -36,7 +39,7 @@ import org.apache.cloudstack.region.RegionService;
import com.cloud.user.Account;
-@APICommand(name = "updateAccount", description = "Updates account information for the authenticated user", responseObject = AccountResponse.class)
+@APICommand(name = "updateAccount", description = "Updates account information for the authenticated user", responseObject = AccountResponse.class, entityType = { IAMEntityType.Account })
public class UpdateAccountCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(UpdateAccountCmd.class.getName());
private static final String s_name = "updateaccountresponse";
@@ -44,7 +47,7 @@ public class UpdateAccountCmd extends BaseCmd {
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
-
+ @ACL(accessType = AccessType.OperateEntry)
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AccountResponse.class, description = "Account id")
private Long id;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/695d689d/api/src/org/apache/cloudstack/api/command/admin/internallb/ListInternalLBVMsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/internallb/ListInternalLBVMsCmd.java b/api/src/org/apache/cloudstack/api/command/admin/internallb/ListInternalLBVMsCmd.java
index 0e01be1..1cec188 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/internallb/ListInternalLBVMsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/internallb/ListInternalLBVMsCmd.java
@@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.admin.internallb;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -34,7 +35,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.network.router.VirtualRouter.Role;
-@APICommand(name = "listInternalLoadBalancerVMs", description = "List internal LB VMs.", responseObject = DomainRouterResponse.class)
+@APICommand(name = "listInternalLoadBalancerVMs", description = "List internal LB VMs.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class ListInternalLBVMsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListInternalLBVMsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/695d689d/api/src/org/apache/cloudstack/api/command/admin/internallb/StartInternalLBVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/internallb/StartInternalLBVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/internallb/StartInternalLBVMCmd.java
index 56dcb4f..b747c30 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/internallb/StartInternalLBVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/internallb/StartInternalLBVMCmd.java
@@ -18,6 +18,9 @@ package org.apache.cloudstack.api.command.admin.internallb;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -36,7 +39,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.router.VirtualRouter;
import com.cloud.network.router.VirtualRouter.Role;
-@APICommand(name = "startInternalLoadBalancerVM", responseObject = DomainRouterResponse.class, description = "Starts an existing internal lb vm.")
+@APICommand(name = "startInternalLoadBalancerVM", responseObject = DomainRouterResponse.class, description = "Starts an existing internal lb vm.", entityType = { IAMEntityType.VirtualMachine })
public class StartInternalLBVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StartInternalLBVMCmd.class.getName());
private static final String s_name = "startinternallbvmresponse";
@@ -44,7 +47,7 @@ public class StartInternalLBVMCmd extends BaseAsyncCmd {
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
-
+ @ACL(accessType = AccessType.OperateEntry)
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = DomainRouterResponse.class, required = true, description = "the ID of the internal lb vm")
private Long id;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/695d689d/api/src/org/apache/cloudstack/api/command/admin/internallb/StopInternalLBVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/internallb/StopInternalLBVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/internallb/StopInternalLBVMCmd.java
index 9da4db0..f8a8b7b 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/internallb/StopInternalLBVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/internallb/StopInternalLBVMCmd.java
@@ -18,6 +18,9 @@ package org.apache.cloudstack.api.command.admin.internallb;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -35,7 +38,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.router.VirtualRouter;
import com.cloud.network.router.VirtualRouter.Role;
-@APICommand(name = "stopInternalLoadBalancerVM", description = "Stops an Internal LB vm.", responseObject = DomainRouterResponse.class)
+@APICommand(name = "stopInternalLoadBalancerVM", description = "Stops an Internal LB vm.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class StopInternalLBVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StopInternalLBVMCmd.class.getName());
private static final String s_name = "stopinternallbvmresponse";
@@ -43,7 +46,7 @@ public class StopInternalLBVMCmd extends BaseAsyncCmd {
// ///////////////////////////////////////////////////
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
-
+ @ACL(accessType = AccessType.OperateEntry)
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = DomainRouterResponse.class, required = true, description = "the ID of the internal lb vm")
private Long id;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/695d689d/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 8f4d3ab..d5e4afc 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -1106,7 +1106,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
throw new PermissionDeniedException("user id : " + id + " is system account, update is not allowed");
}
- checkAccess(CallContext.current().getCallingAccount(), null, true, account);
+ checkAccess(CallContext.current().getCallingAccount(), AccessType.OperateEntry, true, account);
if (firstName != null) {
if (firstName.isEmpty()) {
@@ -1220,7 +1220,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
throw new InvalidParameterValueException("User id : " + userId + " is a system user, disabling is not allowed");
}
- checkAccess(caller, null, true, account);
+ checkAccess(caller, AccessType.OperateEntry, true, account);
boolean success = doSetUserStatus(userId, State.disabled);
if (success) {
@@ -1258,7 +1258,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
throw new InvalidParameterValueException("User id : " + userId + " is a system user, enabling is not allowed");
}
- checkAccess(caller, null, true, account);
+ checkAccess(caller, AccessType.OperateEntry, true, account);
boolean success = Transaction.execute(new TransactionCallback<Boolean>() {
@Override
@@ -1307,7 +1307,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
throw new PermissionDeniedException("user id : " + userId + " is a system user, locking is not allowed");
}
- checkAccess(caller, null, true, account);
+ checkAccess(caller, AccessType.OperateEntry, true, account);
// make sure the account is enabled too
// if the user is either locked already or disabled already, don't change state...only lock currently enabled
@@ -1416,7 +1416,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
// Check if user performing the action is allowed to modify this account
Account caller = CallContext.current().getCallingAccount();
- checkAccess(caller, null, true, account);
+ checkAccess(caller, AccessType.OperateEntry, true, account);
boolean success = enableAccount(account.getId());
if (success) {
@@ -1450,7 +1450,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
throw new PermissionDeniedException("Account id : " + accountId + " is a system account, lock is not allowed");
}
- checkAccess(caller, null, true, account);
+ checkAccess(caller, AccessType.OperateEntry, true, account);
if (lockAccount(account.getId())) {
CallContext.current().putContextParameter(Account.class, account.getUuid());
@@ -1480,7 +1480,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
throw new PermissionDeniedException("Account id : " + accountId + " is a system account, disable is not allowed");
}
- checkAccess(caller, null, true, account);
+ checkAccess(caller, AccessType.OperateEntry, true, account);
if (disableAccount(account.getId())) {
CallContext.current().putContextParameter(Account.class, account.getUuid());
@@ -1599,7 +1599,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
throw new InvalidParameterValueException("The user is default and can't be removed");
}
- checkAccess(CallContext.current().getCallingAccount(), null, true, account);
+ checkAccess(CallContext.current().getCallingAccount(), AccessType.OperateEntry, true, account);
CallContext.current().putContextParameter(User.class, user.getUuid());
return _userDao.remove(id);
}
[50/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Merge branch 'rbac' to master
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8ff94601
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8ff94601
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8ff94601
Branch: refs/heads/master
Commit: 8ff94601f1b7dc3c6c92b083d343e392325e860e
Parents: 6c23e20 d3fd66e
Author: Min Chen <mi...@citrix.com>
Authored: Thu Mar 13 16:42:22 2014 -0700
Committer: Min Chen <mi...@citrix.com>
Committed: Thu Mar 13 16:42:22 2014 -0700
----------------------------------------------------------------------
.../cloud/network/vpc/StaticRouteProfile.java | 2 +-
api/src/com/cloud/storage/VolumeApiService.java | 4 +-
api/src/com/cloud/user/Account.java | 4 +-
api/src/com/cloud/user/AccountService.java | 14 +-
.../com/cloud/user/ResourceLimitService.java | 2 +-
api/src/org/apache/cloudstack/acl/Role.java | 34 -
api/src/org/apache/cloudstack/acl/RoleType.java | 2 +-
.../apache/cloudstack/acl/SecurityChecker.java | 13 +-
api/src/org/apache/cloudstack/api/ACL.java | 4 +-
.../org/apache/cloudstack/api/APICommand.java | 3 +
.../org/apache/cloudstack/api/ApiConstants.java | 3 +-
api/src/org/apache/cloudstack/api/BaseCmd.java | 9 +-
.../BaseListTemplateOrIsoPermissionsCmd.java | 21 +-
.../cloudstack/api/ResponseGenerator.java | 44 +-
.../apache/cloudstack/api/ResponseObject.java | 5 +
.../command/admin/account/CreateAccountCmd.java | 9 +-
.../command/admin/account/DeleteAccountCmd.java | 9 +-
.../admin/account/DisableAccountCmd.java | 15 +-
.../command/admin/account/EnableAccountCmd.java | 13 +-
.../admin/account/ListAccountsCmdByAdmin.java | 26 +
.../command/admin/account/LockAccountCmd.java | 3 +-
.../command/admin/account/UpdateAccountCmd.java | 14 +-
.../address/AssociateIPAddrCmdByAdmin.java | 65 +
.../ListPublicIpAddressesCmdByAdmin.java | 53 +
.../UpdateVMAffinityGroupCmdByAdmin.java | 63 +
.../admin/internallb/ListInternalLBVMsCmd.java | 5 +-
.../admin/internallb/StartInternalLBVMCmd.java | 9 +-
.../admin/internallb/StopInternalLBVMCmd.java | 9 +-
.../command/admin/iso/AttachIsoCmdByAdmin.java | 53 +
.../command/admin/iso/DetachIsoCmdByAdmin.java | 47 +
.../admin/iso/ListIsoPermissionsCmdByAdmin.java | 31 +
.../command/admin/iso/ListIsosCmdByAdmin.java | 26 +
.../admin/iso/RegisterIsoCmdByAdmin.java | 53 +
.../command/admin/iso/UpdateIsoCmdByAdmin.java | 45 +
...ListLoadBalancerRuleInstancesCmdByAdmin.java | 57 +
.../admin/network/CreateNetworkCmdByAdmin.java | 66 +
.../admin/network/ListNetworksCmdByAdmin.java | 50 +
.../admin/network/UpdateNetworkCmdByAdmin.java | 63 +
.../command/admin/router/DestroyRouterCmd.java | 5 +-
.../command/admin/router/ListRoutersCmd.java | 5 +-
.../command/admin/router/RebootRouterCmd.java | 7 +-
.../command/admin/router/StartRouterCmd.java | 5 +-
.../api/command/admin/router/StopRouterCmd.java | 5 +-
.../command/admin/router/UpgradeRouterCmd.java | 5 +-
.../admin/systemvm/DestroySystemVmCmd.java | 8 +-
.../admin/systemvm/ListSystemVMsCmd.java | 5 +-
.../admin/systemvm/MigrateSystemVMCmd.java | 8 +-
.../admin/systemvm/RebootSystemVmCmd.java | 9 +-
.../admin/systemvm/ScaleSystemVMCmd.java | 9 +-
.../admin/systemvm/StartSystemVMCmd.java | 9 +-
.../command/admin/systemvm/StopSystemVmCmd.java | 8 +-
.../admin/systemvm/UpgradeSystemVMCmd.java | 11 +-
.../admin/template/CopyTemplateCmdByAdmin.java | 63 +
.../template/CreateTemplateCmdByAdmin.java | 62 +
.../ListTemplatePermissionsCmdByAdmin.java | 32 +
.../admin/template/ListTemplatesCmdByAdmin.java | 28 +
.../admin/template/PrepareTemplateCmd.java | 11 +-
.../template/RegisterTemplateCmdByAdmin.java | 57 +
.../template/UpdateTemplateCmdByAdmin.java | 47 +
.../command/admin/vm/AddNicToVMCmdByAdmin.java | 55 +
.../api/command/admin/vm/AssignVMCmd.java | 8 +-
.../command/admin/vm/DeployVMCmdByAdmin.java | 79 +
.../command/admin/vm/DestroyVMCmdByAdmin.java | 57 +
.../api/command/admin/vm/ExpungeVMCmd.java | 8 +-
.../api/command/admin/vm/ListVMsCmdByAdmin.java | 69 +
.../api/command/admin/vm/MigrateVMCmd.java | 8 +-
.../vm/MigrateVirtualMachineWithVolumeCmd.java | 10 +-
.../command/admin/vm/RebootVMCmdByAdmin.java | 51 +
.../api/command/admin/vm/RecoverVMCmd.java | 10 +-
.../admin/vm/RemoveNicFromVMCmdByAdmin.java | 55 +
.../admin/vm/ResetVMPasswordCmdByAdmin.java | 54 +
.../admin/vm/ResetVMSSHKeyCmdByAdmin.java | 57 +
.../command/admin/vm/RestoreVMCmdByAdmin.java | 54 +
.../api/command/admin/vm/ScaleVMCmdByAdmin.java | 69 +
.../api/command/admin/vm/StartVMCmdByAdmin.java | 80 +
.../api/command/admin/vm/StopVMCmdByAdmin.java | 53 +
.../vm/UpdateDefaultNicForVMCmdByAdmin.java | 56 +
.../command/admin/vm/UpdateVMCmdByAdmin.java | 53 +
.../command/admin/vm/UpgradeVMCmdByAdmin.java | 59 +
.../RevertToVMSnapshotCmdByAdmin.java | 57 +
.../admin/volume/AttachVolumeCmdByAdmin.java | 47 +
.../admin/volume/CreateVolumeCmdByAdmin.java | 61 +
.../admin/volume/DetachVolumeCmdByAdmin.java | 48 +
.../admin/volume/ListVolumesCmdByAdmin.java | 63 +
.../admin/volume/MigrateVolumeCmdByAdmin.java | 47 +
.../admin/volume/ResizeVolumeCmdByAdmin.java | 47 +
.../admin/volume/UpdateVolumeCmdByAdmin.java | 45 +
.../admin/volume/UploadVolumeCmdByAdmin.java | 57 +
.../admin/vpc/CreatePrivateGatewayCmd.java | 3 +-
.../command/admin/vpc/CreateVPCCmdByAdmin.java | 64 +
.../admin/vpc/DeletePrivateGatewayCmd.java | 5 +-
.../command/admin/vpc/ListVPCsCmdByAdmin.java | 55 +
.../command/admin/vpc/UpdateVPCCmdByAdmin.java | 47 +
.../api/command/admin/zone/CreateZoneCmd.java | 7 +-
.../command/admin/zone/ListZonesCmdByAdmin.java | 26 +
.../zone/MarkDefaultZoneForAccountCmd.java | 10 +-
.../api/command/admin/zone/UpdateZoneCmd.java | 5 +-
.../command/user/account/ListAccountsCmd.java | 8 +-
.../user/address/AssociateIPAddrCmd.java | 10 +-
.../user/address/ListPublicIpAddressesCmd.java | 10 +-
.../command/user/address/UpdateIPAddrCmd.java | 12 +-
.../affinitygroup/CreateAffinityGroupCmd.java | 8 +-
.../affinitygroup/DeleteAffinityGroupCmd.java | 12 +-
.../affinitygroup/ListAffinityGroupsCmd.java | 10 +-
.../affinitygroup/UpdateVMAffinityGroupCmd.java | 13 +-
.../autoscale/CreateAutoScalePolicyCmd.java | 9 +-
.../autoscale/CreateAutoScaleVmGroupCmd.java | 10 +-
.../autoscale/CreateAutoScaleVmProfileCmd.java | 12 +-
.../user/autoscale/CreateConditionCmd.java | 12 +-
.../autoscale/DeleteAutoScalePolicyCmd.java | 8 +-
.../autoscale/DeleteAutoScaleVmGroupCmd.java | 8 +-
.../autoscale/DeleteAutoScaleVmProfileCmd.java | 8 +-
.../user/autoscale/DeleteConditionCmd.java | 8 +-
.../autoscale/DisableAutoScaleVmGroupCmd.java | 8 +-
.../autoscale/EnableAutoScaleVmGroupCmd.java | 8 +-
.../autoscale/ListAutoScalePoliciesCmd.java | 5 +-
.../autoscale/ListAutoScaleVmGroupsCmd.java | 8 +-
.../autoscale/ListAutoScaleVmProfilesCmd.java | 8 +-
.../autoscale/UpdateAutoScalePolicyCmd.java | 8 +-
.../autoscale/UpdateAutoScaleVmGroupCmd.java | 15 +-
.../autoscale/UpdateAutoScaleVmProfileCmd.java | 15 +-
.../command/user/event/ArchiveEventsCmd.java | 5 +-
.../api/command/user/event/DeleteEventsCmd.java | 5 +-
.../api/command/user/event/ListEventsCmd.java | 5 +-
.../firewall/CreateEgressFirewallRuleCmd.java | 18 +-
.../user/firewall/CreateFirewallRuleCmd.java | 6 +-
.../firewall/CreatePortForwardingRuleCmd.java | 20 +-
.../firewall/DeleteEgressFirewallRuleCmd.java | 8 +-
.../user/firewall/DeleteFirewallRuleCmd.java | 9 +-
.../firewall/DeletePortForwardingRuleCmd.java | 6 +-
.../firewall/ListEgressFirewallRulesCmd.java | 8 +-
.../user/firewall/ListFirewallRulesCmd.java | 8 +-
.../firewall/ListPortForwardingRulesCmd.java | 8 +-
.../firewall/UpdatePortForwardingRuleCmd.java | 14 +-
.../api/command/user/iso/AttachIsoCmd.java | 23 +-
.../api/command/user/iso/DetachIsoCmd.java | 18 +-
.../command/user/iso/ListIsoPermissionsCmd.java | 10 +-
.../api/command/user/iso/ListIsosCmd.java | 8 +-
.../api/command/user/iso/RegisterIsoCmd.java | 20 +-
.../api/command/user/iso/UpdateIsoCmd.java | 7 +-
.../ListLoadBalancerRuleInstancesCmd.java | 13 +-
.../command/user/network/CreateNetworkCmd.java | 13 +-
.../command/user/network/DeleteNetworkCmd.java | 9 +-
.../command/user/network/ListNetworksCmd.java | 11 +-
.../command/user/network/RestartNetworkCmd.java | 9 +-
.../command/user/network/UpdateNetworkCmd.java | 31 +-
.../AuthorizeSecurityGroupEgressCmd.java | 24 +-
.../AuthorizeSecurityGroupIngressCmd.java | 23 +-
.../securitygroup/CreateSecurityGroupCmd.java | 8 +-
.../securitygroup/DeleteSecurityGroupCmd.java | 16 +-
.../securitygroup/ListSecurityGroupsCmd.java | 5 +-
.../RevokeSecurityGroupEgressCmd.java | 11 +-
.../RevokeSecurityGroupIngressCmd.java | 10 +-
.../user/snapshot/CreateSnapshotCmd.java | 17 +-
.../user/snapshot/DeleteSnapshotCmd.java | 13 +-
.../command/user/snapshot/ListSnapshotsCmd.java | 5 +-
.../user/snapshot/RevertSnapshotCmd.java | 14 +-
.../command/user/ssh/CreateSSHKeyPairCmd.java | 8 +-
.../command/user/ssh/DeleteSSHKeyPairCmd.java | 9 +-
.../command/user/ssh/ListSSHKeyPairsCmd.java | 5 +-
.../command/user/ssh/RegisterSSHKeyPairCmd.java | 8 +-
.../api/command/user/tag/CreateTagsCmd.java | 5 +-
.../api/command/user/tag/DeleteTagsCmd.java | 5 +-
.../api/command/user/tag/ListTagsCmd.java | 5 +-
.../command/user/template/CopyTemplateCmd.java | 9 +-
.../user/template/CreateTemplateCmd.java | 40 +-
.../template/ListTemplatePermissionsCmd.java | 11 +-
.../command/user/template/ListTemplatesCmd.java | 9 +-
.../user/template/RegisterTemplateCmd.java | 16 +-
.../user/template/UpdateTemplateCmd.java | 9 +-
.../template/UpdateTemplatePermissionsCmd.java | 3 +-
.../api/command/user/vm/AddNicToVMCmd.java | 21 +-
.../api/command/user/vm/DeployVMCmd.java | 37 +-
.../api/command/user/vm/DestroyVMCmd.java | 18 +-
.../api/command/user/vm/GetVMPasswordCmd.java | 11 +-
.../api/command/user/vm/ListVMsCmd.java | 28 +-
.../api/command/user/vm/RebootVMCmd.java | 20 +-
.../command/user/vm/RemoveIpFromVmNicCmd.java | 14 +-
.../api/command/user/vm/RemoveNicFromVMCmd.java | 21 +-
.../api/command/user/vm/ResetVMPasswordCmd.java | 27 +-
.../api/command/user/vm/ResetVMSSHKeyCmd.java | 14 +-
.../api/command/user/vm/RestoreVMCmd.java | 21 +-
.../api/command/user/vm/ScaleVMCmd.java | 27 +-
.../api/command/user/vm/StartVMCmd.java | 19 +-
.../api/command/user/vm/StopVMCmd.java | 14 +-
.../user/vm/UpdateDefaultNicForVMCmd.java | 20 +-
.../api/command/user/vm/UpdateVMCmd.java | 25 +-
.../api/command/user/vm/UpgradeVMCmd.java | 26 +-
.../command/user/vmgroup/CreateVMGroupCmd.java | 8 +-
.../command/user/vmgroup/DeleteVMGroupCmd.java | 8 +-
.../command/user/vmgroup/ListVMGroupsCmd.java | 5 +-
.../command/user/vmgroup/UpdateVMGroupCmd.java | 9 +-
.../user/vmsnapshot/CreateVMSnapshotCmd.java | 10 +-
.../user/vmsnapshot/DeleteVMSnapshotCmd.java | 8 +-
.../user/vmsnapshot/ListVMSnapshotCmd.java | 5 +-
.../user/vmsnapshot/RevertToVMSnapshotCmd.java | 13 +-
.../command/user/volume/AttachVolumeCmd.java | 23 +-
.../command/user/volume/CreateVolumeCmd.java | 21 +-
.../command/user/volume/DeleteVolumeCmd.java | 14 +-
.../command/user/volume/DetachVolumeCmd.java | 21 +-
.../command/user/volume/ExtractVolumeCmd.java | 13 +-
.../api/command/user/volume/ListVolumesCmd.java | 9 +-
.../command/user/volume/MigrateVolumeCmd.java | 20 +-
.../command/user/volume/ResizeVolumeCmd.java | 20 +-
.../command/user/volume/UpdateVolumeCmd.java | 18 +-
.../command/user/volume/UploadVolumeCmd.java | 29 +-
.../command/user/vpc/CreateStaticRouteCmd.java | 3 +-
.../api/command/user/vpc/CreateVPCCmd.java | 23 +-
.../command/user/vpc/DeleteStaticRouteCmd.java | 9 +-
.../api/command/user/vpc/DeleteVPCCmd.java | 9 +-
.../user/vpc/ListPrivateGatewaysCmd.java | 5 +-
.../command/user/vpc/ListStaticRoutesCmd.java | 5 +-
.../api/command/user/vpc/ListVPCsCmd.java | 14 +-
.../api/command/user/vpc/RestartVPCCmd.java | 9 +-
.../api/command/user/vpc/UpdateVPCCmd.java | 21 +-
.../api/command/user/vpn/AddVpnUserCmd.java | 8 +-
.../user/vpn/CreateRemoteAccessVpnCmd.java | 12 +-
.../user/vpn/CreateVpnConnectionCmd.java | 7 +-
.../user/vpn/CreateVpnCustomerGatewayCmd.java | 8 +-
.../command/user/vpn/CreateVpnGatewayCmd.java | 6 +-
.../user/vpn/DeleteRemoteAccessVpnCmd.java | 4 +-
.../user/vpn/DeleteVpnConnectionCmd.java | 5 +-
.../user/vpn/DeleteVpnCustomerGatewayCmd.java | 8 +-
.../command/user/vpn/DeleteVpnGatewayCmd.java | 5 +-
.../user/vpn/ListRemoteAccessVpnsCmd.java | 8 +-
.../command/user/vpn/ListVpnConnectionsCmd.java | 8 +-
.../user/vpn/ListVpnCustomerGatewaysCmd.java | 5 +-
.../command/user/vpn/ListVpnGatewaysCmd.java | 8 +-
.../api/command/user/vpn/ListVpnUsersCmd.java | 5 +-
.../api/command/user/vpn/RemoveVpnUserCmd.java | 6 +-
.../command/user/vpn/ResetVpnConnectionCmd.java | 8 +-
.../user/vpn/UpdateVpnCustomerGatewayCmd.java | 8 +-
.../api/command/user/zone/ListZonesByCmd.java | 133 --
.../api/command/user/zone/ListZonesCmd.java | 134 ++
.../api/response/AccountResponse.java | 9 +
.../apache/cloudstack/query/QueryService.java | 18 +-
.../api/command/test/ScaleVMCmdTest.java | 4 +-
client/pom.xml | 16 +-
client/tomcatconf/applicationContext.xml.in | 951 ++++++++
client/tomcatconf/commands.properties.in | 16 +
client/tomcatconf/componentContext.xml.in | 317 +++
client/tomcatconf/nonossComponentContext.xml.in | 422 ++++
.../tomcatconf/simulatorComponentContext.xml.in | 286 +++
...g-core-lifecycle-api-context-inheritable.xml | 5 +
.../core/spring-core-registry-core-context.xml | 9 +-
.../src/com/cloud/network/addr/PublicIp.java | 4 +-
.../orchestration/NetworkOrchestrator.java | 168 +-
engine/schema/src/com/cloud/event/EventVO.java | 1 -
.../cloud/network/as/AutoScaleVmGroupVO.java | 1 -
.../cloud/network/dao/RemoteAccessVpnVO.java | 2 +-
.../network/dao/Site2SiteCustomerGatewayVO.java | 1 +
.../network/dao/Site2SiteVpnConnectionVO.java | 1 +
.../network/dao/Site2SiteVpnGatewayVO.java | 1 +
.../com/cloud/network/rules/FirewallRuleVO.java | 2 +-
.../schema/src/com/cloud/network/vpc/VpcVO.java | 1 +
.../schema/src/com/cloud/storage/VolumeVO.java | 1 +
.../src/com/cloud/tags/ResourceTagVO.java | 1 +
.../com/cloud/upgrade/dao/Upgrade430to440.java | 52 +-
engine/schema/src/com/cloud/user/AccountVO.java | 1 -
.../schema/src/com/cloud/vm/VMInstanceVO.java | 16 +-
.../src/com/cloud/vm/dao/NicIpAliasVO.java | 10 +-
.../storage/snapshot/SnapshotObject.java | 2 +-
.../db/src/com/cloud/utils/db/SearchBase.java | 12 +-
.../ratelimit/ApiRateLimitServiceImpl.java | 4 +-
.../cloudstack/ratelimit/ApiRateLimitTest.java | 10 +-
.../commands/ListF5LoadBalancerNetworksCmd.java | 9 +-
.../contrail/management/MockAccountManager.java | 63 +-
.../commands/ListSrxFirewallNetworksCmd.java | 9 +-
.../ListNetscalerLoadBalancerNetworksCmd.java | 9 +-
.../ListNiciraNvpDeviceNetworksCmd.java | 5 +-
.../ListPaloAltoFirewallNetworksCmd.java | 5 +-
.../api/command/LdapCreateAccountCmd.java | 20 +-
.../spring-server-core-managers-context.xml | 3 +-
.../cloud/acl/AffinityGroupAccessChecker.java | 6 +-
server/src/com/cloud/acl/DomainChecker.java | 41 +-
server/src/com/cloud/api/ApiDBUtils.java | 49 +-
server/src/com/cloud/api/ApiDispatcher.java | 37 +-
server/src/com/cloud/api/ApiResponseHelper.java | 96 +-
server/src/com/cloud/api/ApiServer.java | 129 +-
.../com/cloud/api/query/QueryManagerImpl.java | 653 +++---
.../com/cloud/api/query/ViewResponseHelper.java | 53 +-
.../com/cloud/api/query/dao/AccountJoinDao.java | 3 +-
.../cloud/api/query/dao/AccountJoinDaoImpl.java | 100 +-
.../cloud/api/query/dao/DataCenterJoinDao.java | 3 +-
.../api/query/dao/DataCenterJoinDaoImpl.java | 11 +-
.../api/query/dao/DomainRouterJoinDaoImpl.java | 10 +-
.../cloud/api/query/dao/TemplateJoinDao.java | 11 +-
.../api/query/dao/TemplateJoinDaoImpl.java | 52 +-
.../com/cloud/api/query/dao/UserVmJoinDao.java | 5 +-
.../cloud/api/query/dao/UserVmJoinDaoImpl.java | 21 +-
.../com/cloud/api/query/dao/VolumeJoinDao.java | 5 +-
.../cloud/api/query/dao/VolumeJoinDaoImpl.java | 18 +-
.../com/cloud/api/query/vo/AsyncJobJoinVO.java | 34 +-
.../cloud/api/query/vo/DomainRouterJoinVO.java | 1 -
.../src/com/cloud/api/query/vo/EventJoinVO.java | 1 -
.../cloud/api/query/vo/InstanceGroupJoinVO.java | 1 -
.../api/query/vo/ProjectInvitationJoinVO.java | 1 -
.../cloud/api/query/vo/ResourceTagJoinVO.java | 1 -
.../cloud/api/query/vo/SecurityGroupJoinVO.java | 1 -
.../com/cloud/api/query/vo/TemplateJoinVO.java | 5 +-
.../com/cloud/api/query/vo/UserVmJoinVO.java | 1 -
.../com/cloud/api/query/vo/VolumeJoinVO.java | 2 +-
.../api/response/ApiResponseSerializer.java | 10 +-
.../configuration/ConfigurationManagerImpl.java | 544 ++---
.../deploy/DeploymentPlanningManagerImpl.java | 2204 +++++++++---------
.../src/com/cloud/deploy/FirstFitPlanner.java | 10 +-
.../com/cloud/network/IpAddressManagerImpl.java | 670 +++---
.../com/cloud/network/NetworkServiceImpl.java | 482 ++--
.../cloud/network/as/AutoScaleManagerImpl.java | 485 ++--
.../network/firewall/FirewallManagerImpl.java | 174 +-
.../lb/LoadBalancingRulesManagerImpl.java | 29 +-
.../cloud/network/rules/RulesManagerImpl.java | 47 +-
.../security/SecurityGroupManagerImpl.java | 3 +-
.../network/vpc/NetworkACLServiceImpl.java | 34 +-
.../com/cloud/network/vpc/VpcManagerImpl.java | 419 ++--
.../network/vpn/RemoteAccessVpnManagerImpl.java | 43 +-
.../network/vpn/Site2SiteVpnManagerImpl.java | 49 +-
.../com/cloud/projects/ProjectManagerImpl.java | 228 +-
.../com/cloud/resource/ResourceManagerImpl.java | 250 +-
.../resourcelimit/ResourceLimitManagerImpl.java | 243 +-
.../com/cloud/server/ManagementServerImpl.java | 219 +-
.../com/cloud/servlet/ConsoleProxyServlet.java | 57 +-
.../com/cloud/storage/StorageManagerImpl.java | 47 +-
.../com/cloud/storage/VolumeApiServiceImpl.java | 280 +--
.../storage/snapshot/SnapshotManagerImpl.java | 42 +-
.../cloud/tags/TaggedResourceManagerImpl.java | 14 +-
.../template/HypervisorTemplateAdapter.java | 26 +-
.../com/cloud/template/TemplateAdapterBase.java | 15 +-
.../com/cloud/template/TemplateManagerImpl.java | 99 +-
.../src/com/cloud/usage/UsageServiceImpl.java | 9 +-
server/src/com/cloud/user/AccountManager.java | 53 +-
.../src/com/cloud/user/AccountManagerImpl.java | 526 +++--
.../src/com/cloud/user/DomainManagerImpl.java | 52 +-
.../com/cloud/uuididentity/UUIDManagerImpl.java | 2 +-
server/src/com/cloud/vm/UserVmManager.java | 24 +-
server/src/com/cloud/vm/UserVmManagerImpl.java | 439 ++--
.../vm/snapshot/VMSnapshotManagerImpl.java | 138 +-
.../affinity/AffinityGroupServiceImpl.java | 998 ++++----
.../lb/ApplicationLoadBalancerManagerImpl.java | 18 +-
.../cloudstack/network/lb/CertServiceImpl.java | 21 +-
.../GlobalLoadBalancingRulesServiceImpl.java | 12 +-
.../com/cloud/user/MockAccountManagerImpl.java | 88 +-
server/test/com/cloud/vm/UserVmManagerTest.java | 35 +-
.../cloud/vpc/MockResourceLimitManagerImpl.java | 2 +-
.../affinity/AffinityApiUnitTest.java | 6 +
.../iam/AddIAMPermissionToIAMPolicyCmd.java | 3 -
.../api/response/iam/IAMPermissionResponse.java | 8 +-
.../cloudstack/iam/IAMApiServiceImpl.java | 22 +-
.../iam/RoleBasedEntityAccessChecker.java | 13 +-
services/pom.xml | 2 +-
setup/db/db/schema-430to440.sql | 113 +-
test/integration/smoke/test_vm_iam.py | 717 ++++++
tools/apidoc/gen_toc.py | 15 +-
tools/marvin/marvin/integration/lib/base.py | 130 +-
354 files changed, 12593 insertions(+), 6294 deletions(-)
----------------------------------------------------------------------
[21/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Renaming acl to iam in the upgrade code
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bf479e75
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bf479e75
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bf479e75
Branch: refs/heads/master
Commit: bf479e75ca608c84631fe5e37e61df18b6ad7ac0
Parents: 9f47466
Author: Prachi Damle <pr...@cloud.com>
Authored: Wed Feb 26 17:55:48 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Wed Feb 26 17:56:38 2014 -0800
----------------------------------------------------------------------
.../src/com/cloud/upgrade/dao/Upgrade430to440.java | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bf479e75/engine/schema/src/com/cloud/upgrade/dao/Upgrade430to440.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade430to440.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade430to440.java
index dc89a15..dcf810e 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade430to440.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade430to440.java
@@ -59,20 +59,20 @@ public class Upgrade430to440 implements DbUpgrade {
@Override
public void performDataMigration(Connection conn) {
- populateACLGroupAccountMap(conn);
+ populateIAMGroupAccountMap(conn);
secondaryIpsAccountAndDomainIdsUpdate(conn);
}
- // populate acl_group_account_map table for existing accounts
- private void populateACLGroupAccountMap(Connection conn) {
+ // populate iam_group_account_map table for existing accounts
+ private void populateIAMGroupAccountMap(Connection conn) {
PreparedStatement acctInsert = null;
PreparedStatement acctQuery = null;
ResultSet rs = null;
- s_logger.debug("Populating acl_group_account_map table for existing accounts...");
+ s_logger.debug("Populating iam_group_account_map table for existing accounts...");
try {
acctInsert = conn
- .prepareStatement("INSERT INTO `cloud`.`acl_group_account_map` (group_id, account_id, created) values(?, ?, Now())");
+ .prepareStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())");
acctQuery = conn
.prepareStatement("select id, type from `cloud`.`account` where removed is null");
rs = acctQuery.executeQuery();
@@ -81,13 +81,13 @@ public class Upgrade430to440 implements DbUpgrade {
Long acct_id = rs.getLong("id");
short type = rs.getShort("type");
- // insert entry in acl_group_account_map table
+ // insert entry in iam_group_account_map table
acctInsert.setLong(1, type + 1);
acctInsert.setLong(2, acct_id);
acctInsert.executeUpdate();
}
} catch (SQLException e) {
- String msg = "Unable to populate acl_group_account_map for existing accounts." + e.getMessage();
+ String msg = "Unable to populate iam_group_account_map for existing accounts." + e.getMessage();
s_logger.error(msg);
throw new CloudRuntimeException(msg, e);
} finally {
@@ -105,7 +105,7 @@ public class Upgrade430to440 implements DbUpgrade {
} catch (SQLException e) {
}
}
- s_logger.debug("Completed populate acl_group_account_map for existing accounts.");
+ s_logger.debug("Completed populate iam_group_account_map for existing accounts.");
}
[14/50] [abbrv] iam/plugin: Rename Acl to IAM everywhere
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
deleted file mode 100644
index 68b4df9..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
+++ /dev/null
@@ -1,125 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.iam;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.acl.IAMEntityType;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-
-import com.cloud.serializer.Param;
-
-public class AclPermissionResponse extends BaseResponse {
-
- @SerializedName(ApiConstants.ACL_ACTION)
- @Param(description = "action of this permission")
- private String action;
-
- @SerializedName(ApiConstants.ENTITY_TYPE)
- @Param(description = "the entity type of this permission")
- private IAMEntityType entityType;
-
- @SerializedName(ApiConstants.ACL_SCOPE)
- @Param(description = "scope of this permission")
- private PermissionScope scope;
-
- @SerializedName(ApiConstants.ACL_SCOPE_ID)
- @Param(description = "scope id of this permission")
- private Long scopeId;
-
- @SerializedName(ApiConstants.ACL_ALLOW_DENY)
- @Param(description = "allow or deny of this permission")
- private AclPolicyPermission.Permission permission;
-
- public IAMEntityType getEntityType() {
- return entityType;
- }
-
- public void setEntityType(IAMEntityType entityType) {
- this.entityType = entityType;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public PermissionScope getScope() {
- return scope;
- }
-
- public void setScope(PermissionScope scope) {
- this.scope = scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
- public void setScopeId(Long scopeId) {
- this.scopeId = scopeId;
- }
-
- public AclPolicyPermission.Permission getPermission() {
- return permission;
- }
-
- public void setPermission(AclPolicyPermission.Permission permission) {
- this.permission = permission;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((action == null) ? 0 : action.hashCode());
- result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
- result = prime * result + ((scope == null) ? 0 : scope.hashCode());
- result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclPermissionResponse other = (AclPermissionResponse) obj;
- if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
- return false;
- } else if ((action == null && other.action != null) || !action.equals(other.action)) {
- return false;
- } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
- return false;
- } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
- return false;
- }
- return true;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
deleted file mode 100644
index 12d90de..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
+++ /dev/null
@@ -1,177 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.iam;
-
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.api.EntityReference;
-import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.serializer.Param;
-
-@SuppressWarnings("unused")
-@EntityReference(value = AclPolicy.class)
-public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
-
- @SerializedName(ApiConstants.ID)
- @Param(description = "the ID of the acl policy")
- private String id;
-
- @SerializedName(ApiConstants.NAME)
- @Param(description = "the name of the acl policy")
- private String name;
-
- @SerializedName(ApiConstants.DESCRIPTION)
- @Param(description = "the description of the acl policy")
- private String description;
-
- @SerializedName(ApiConstants.DOMAIN_ID)
- @Param(description = "the domain ID of the acl policy")
- private String domainId;
-
- @SerializedName(ApiConstants.DOMAIN)
- @Param(description = "the domain name of the acl policy")
- private String domainName;
-
- @SerializedName(ApiConstants.ACCOUNT)
- @Param(description = "the account owning the policy")
- private String accountName;
-
- @SerializedName(ApiConstants.ACL_PERMISSIONS)
- @Param(description = "set of permissions for the acl policy")
- private Set<AclPermissionResponse> permissionList;
-
- public AclPolicyResponse() {
- permissionList = new LinkedHashSet<AclPermissionResponse>();
- }
-
- @Override
- public String getObjectId() {
- return getId();
- }
-
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
-
- public void setName(String name) {
- this.name = name;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- @Override
- public void setDomainId(String domainId) {
- this.domainId = domainId;
- }
-
- @Override
- public void setDomainName(String domainName) {
- this.domainName = domainName;
- }
-
- public Set<AclPermissionResponse> getPermissionList() {
- return permissionList;
- }
-
- public void setPermissionList(Set<AclPermissionResponse> perms) {
- permissionList = perms;
- }
-
- public void addPermission(AclPermissionResponse perm) {
- permissionList.add(perm);
- }
-
- @Override
- public void setAccountName(String accountName) {
- this.accountName = accountName;
- }
-
- @Override
- public void setProjectId(String projectId) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void setProjectName(String projectName) {
- // TODO Auto-generated method stub
-
- }
-
- public String getName() {
- return name;
- }
-
- public String getDescription() {
- return description;
- }
-
- public String getDomainId() {
- return domainId;
- }
-
- public String getDomainName() {
- return domainName;
- }
-
- public String getAccountName() {
- return accountName;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclPolicyResponse other = (AclPolicyResponse) obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java
new file mode 100644
index 0000000..af28d53
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java
@@ -0,0 +1,193 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.serializer.Param;
+
+@SuppressWarnings("unused")
+@EntityReference(value = IAMGroup.class)
+public class IAMGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
+
+ @SerializedName(ApiConstants.ID)
+ @Param(description = "the ID of the iam group")
+ private String id;
+
+ @SerializedName(ApiConstants.NAME)
+ @Param(description = "the name of the iam group")
+ private String name;
+
+ @SerializedName(ApiConstants.DESCRIPTION)
+ @Param(description = "the description of the iam group")
+ private String description;
+
+ @SerializedName(ApiConstants.DOMAIN_ID)
+ @Param(description = "the domain ID of the iam group")
+ private String domainId;
+
+ @SerializedName(ApiConstants.DOMAIN)
+ @Param(description = "the domain name of the iam role")
+ private String domainName;
+
+ @SerializedName(ApiConstants.ACCOUNT)
+ @Param(description = "the account owning the policy")
+ private String accountName;
+
+ @SerializedName(ApiConstants.IAM_MEMBER_ACCOUNTS)
+ @Param(description = "account names assigned to this iam group ")
+ private Set<String> accountNameList;
+
+ @SerializedName(ApiConstants.IAM_POLICIES)
+ @Param(description = "iam policies attached to this iam group ")
+ private Set<String> policyNameList;
+
+ public IAMGroupResponse() {
+ accountNameList = new LinkedHashSet<String>();
+ policyNameList = new LinkedHashSet<String>();
+ }
+
+ @Override
+ public String getObjectId() {
+ return getId();
+ }
+
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ @Override
+ public void setDomainId(String domainId) {
+ this.domainId = domainId;
+ }
+
+ @Override
+ public void setDomainName(String domainName) {
+ this.domainName = domainName;
+ }
+
+ @Override
+ public void setAccountName(String accountName) {
+ this.accountName = accountName;
+
+ }
+
+ @Override
+ public void setProjectId(String projectId) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setProjectName(String projectName) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public String getDomainId() {
+ return domainId;
+ }
+
+ public String getDomainName() {
+ return domainName;
+ }
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public Set<String> getAccountNameList() {
+ return accountNameList;
+ }
+
+ public void setMemberAccounts(Set<String> accts) {
+ accountNameList = accts;
+ }
+
+ public void addMemberAccount(String acct) {
+ accountNameList.add(acct);
+ }
+
+ public void setPolicyList(Set<String> policies) {
+ policyNameList = policies;
+ }
+
+ public void addPolicy(String policy) {
+ policyNameList.add(policy);
+ }
+
+ public Set<String> getPolicyList() {
+ return policyNameList;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((id == null) ? 0 : id.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ IAMGroupResponse other = (IAMGroupResponse)obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ return true;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
new file mode 100644
index 0000000..b7af4da
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
@@ -0,0 +1,125 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+
+import com.cloud.serializer.Param;
+
+public class IAMPermissionResponse extends BaseResponse {
+
+ @SerializedName(ApiConstants.IAM_ACTION)
+ @Param(description = "action of this permission")
+ private String action;
+
+ @SerializedName(ApiConstants.ENTITY_TYPE)
+ @Param(description = "the entity type of this permission")
+ private IAMEntityType entityType;
+
+ @SerializedName(ApiConstants.IAM_SCOPE)
+ @Param(description = "scope of this permission")
+ private PermissionScope scope;
+
+ @SerializedName(ApiConstants.IAM_SCOPE_ID)
+ @Param(description = "scope id of this permission")
+ private Long scopeId;
+
+ @SerializedName(ApiConstants.IAM_ALLOW_DENY)
+ @Param(description = "allow or deny of this permission")
+ private IAMPolicyPermission.Permission permission;
+
+ public IAMEntityType getEntityType() {
+ return entityType;
+ }
+
+ public void setEntityType(IAMEntityType entityType) {
+ this.entityType = entityType;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public PermissionScope getScope() {
+ return scope;
+ }
+
+ public void setScope(PermissionScope scope) {
+ this.scope = scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+ public void setScopeId(Long scopeId) {
+ this.scopeId = scopeId;
+ }
+
+ public IAMPolicyPermission.Permission getPermission() {
+ return permission;
+ }
+
+ public void setPermission(IAMPolicyPermission.Permission permission) {
+ this.permission = permission;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((action == null) ? 0 : action.hashCode());
+ result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
+ result = prime * result + ((scope == null) ? 0 : scope.hashCode());
+ result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ IAMPermissionResponse other = (IAMPermissionResponse) obj;
+ if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
+ return false;
+ } else if ((action == null && other.action != null) || !action.equals(other.action)) {
+ return false;
+ } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
+ return false;
+ } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
+ return false;
+ }
+ return true;
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java
new file mode 100644
index 0000000..dc29369
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java
@@ -0,0 +1,177 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+
+import com.cloud.serializer.Param;
+
+@SuppressWarnings("unused")
+@EntityReference(value = IAMPolicy.class)
+public class IAMPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
+
+ @SerializedName(ApiConstants.ID)
+ @Param(description = "the ID of the iam policy")
+ private String id;
+
+ @SerializedName(ApiConstants.NAME)
+ @Param(description = "the name of the iam policy")
+ private String name;
+
+ @SerializedName(ApiConstants.DESCRIPTION)
+ @Param(description = "the description of the iam policy")
+ private String description;
+
+ @SerializedName(ApiConstants.DOMAIN_ID)
+ @Param(description = "the domain ID of the iam policy")
+ private String domainId;
+
+ @SerializedName(ApiConstants.DOMAIN)
+ @Param(description = "the domain name of the iam policy")
+ private String domainName;
+
+ @SerializedName(ApiConstants.ACCOUNT)
+ @Param(description = "the account owning the policy")
+ private String accountName;
+
+ @SerializedName(ApiConstants.IAM_PERMISSIONS)
+ @Param(description = "set of permissions for the iam policy")
+ private Set<IAMPermissionResponse> permissionList;
+
+ public IAMPolicyResponse() {
+ permissionList = new LinkedHashSet<IAMPermissionResponse>();
+ }
+
+ @Override
+ public String getObjectId() {
+ return getId();
+ }
+
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ @Override
+ public void setDomainId(String domainId) {
+ this.domainId = domainId;
+ }
+
+ @Override
+ public void setDomainName(String domainName) {
+ this.domainName = domainName;
+ }
+
+ public Set<IAMPermissionResponse> getPermissionList() {
+ return permissionList;
+ }
+
+ public void setPermissionList(Set<IAMPermissionResponse> perms) {
+ permissionList = perms;
+ }
+
+ public void addPermission(IAMPermissionResponse perm) {
+ permissionList.add(perm);
+ }
+
+ @Override
+ public void setAccountName(String accountName) {
+ this.accountName = accountName;
+ }
+
+ @Override
+ public void setProjectId(String projectId) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setProjectName(String projectName) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public String getDomainId() {
+ return domainId;
+ }
+
+ public String getDomainName() {
+ return domainName;
+ }
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((id == null) ? 0 : id.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ IAMPolicyResponse other = (IAMPolicyResponse) obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ return true;
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
deleted file mode 100644
index 0cb1e22..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
+++ /dev/null
@@ -1,84 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-
-import com.cloud.user.Account;
-import com.cloud.utils.component.PluggableService;
-
-public interface AclApiService extends PluggableService {
-
- /* ACL group related interfaces */
- AclGroup createAclGroup(Account caller, String aclGroupName, String description);
-
- boolean deleteAclGroup(Long aclGroupId);
-
- List<AclGroup> listAclGroups(long accountId);
-
- AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
-
- AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
-
- /* ACL Policy related interfaces */
- AclPolicy createAclPolicy(Account caller, String aclPolicyName, String description, Long parentPolicyId);
-
- boolean deleteAclPolicy(long aclPolicyId);
-
- List<AclPolicy> listAclPolicies(long accountId);
-
- AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
-
- AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
-
- void attachAclPolicyToAccounts(Long policyId, List<Long> accountIds);
-
- void removeAclPolicyFromAccounts(Long policyId, List<Long> accountIds);
-
- AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId,
- String action, Permission perm, Boolean recursive);
-
- AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
-
- AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
-
- /* Utility routine to grant/revoke invidivual resource to list of accounts */
- void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
-
- void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
-
- /* Response Generation */
- AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
-
- AclGroupResponse createAclGroupResponse(AclGroup group);
-
- ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
- Long domainId, Long startIndex, Long pageSize);
-
- ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
- Long domainId, Long startIndex, Long pageSize);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
deleted file mode 100644
index 996f8d4..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
+++ /dev/null
@@ -1,690 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.IAMEntityType;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListCmd;
-import org.apache.cloudstack.api.command.iam.AddAccountToAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.AddAclPermissionToAclPolicyCmd;
-import org.apache.cloudstack.api.command.iam.AttachAclPolicyToAccountCmd;
-import org.apache.cloudstack.api.command.iam.AttachAclPolicyToAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.CreateAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.CreateAclPolicyCmd;
-import org.apache.cloudstack.api.command.iam.DeleteAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.DeleteAclPolicyCmd;
-import org.apache.cloudstack.api.command.iam.ListAclGroupsCmd;
-import org.apache.cloudstack.api.command.iam.ListAclPoliciesCmd;
-import org.apache.cloudstack.api.command.iam.RemoveAccountFromAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.RemoveAclPermissionFromAclPolicyCmd;
-import org.apache.cloudstack.api.command.iam.RemoveAclPolicyFromAccountCmd;
-import org.apache.cloudstack.api.command.iam.RemoveAclPolicyFromAclGroupCmd;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPermissionResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.framework.messagebus.MessageBus;
-import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.api.IAMService;
-
-import com.cloud.api.ApiServerService;
-import com.cloud.domain.Domain;
-import com.cloud.domain.DomainVO;
-import com.cloud.domain.dao.DomainDao;
-import com.cloud.event.ActionEvent;
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.template.TemplateManager;
-import com.cloud.user.Account;
-import com.cloud.user.AccountManager;
-import com.cloud.user.AccountVO;
-import com.cloud.user.DomainManager;
-import com.cloud.user.dao.AccountDao;
-import com.cloud.utils.Pair;
-import com.cloud.utils.component.Manager;
-import com.cloud.utils.component.ManagerBase;
-import com.cloud.utils.db.DB;
-import com.cloud.utils.db.EntityManager;
-
-@Local(value = {AclApiService.class})
-public class AclApiServiceImpl extends ManagerBase implements AclApiService, Manager {
-
- public static final Logger s_logger = Logger.getLogger(AclApiServiceImpl.class);
- private String _name;
-
- @Inject
- ApiServerService _apiServer;
-
- @Inject
- IAMService _iamSrv;
-
- @Inject
- DomainDao _domainDao;
-
- @Inject
- AccountDao _accountDao;
-
- @Inject
- AccountManager _accountMgr;
-
- @Inject
- MessageBus _messageBus;
-
- @Override
- public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
- _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- HashMap<Long, Long> acctGroupMap = (HashMap<Long, Long>) obj;
- for (Long accountId : acctGroupMap.keySet()) {
- Long groupId = acctGroupMap.get(accountId);
- s_logger.debug("MessageBus message: new Account Added: " + accountId + ", adding it to groupId :"
- + groupId);
- addAccountToAclGroup(accountId, groupId);
- // add it to domain group too
- AccountVO account = _accountDao.findById(accountId);
- Domain domain = _domainDao.findById(account.getDomainId());
- if (domain != null) {
- List<AclGroup> domainGroups = listDomainGroup(domain);
-
- if (domainGroups != null) {
- for (AclGroup group : domainGroups) {
- addAccountToAclGroup(accountId, new Long(group.getId()));
- }
- }
- }
- }
- }
- });
-
- _messageBus.subscribe(AccountManager.MESSAGE_REMOVE_ACCOUNT_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long accountId = ((Long) obj);
- if (accountId != null) {
- s_logger.debug("MessageBus message: Account removed: " + accountId
- + ", releasing the group associations");
- removeAccountFromAclGroups(accountId);
- }
- }
- });
-
- _messageBus.subscribe(DomainManager.MESSAGE_ADD_DOMAIN_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long domainId = ((Long) obj);
- if (domainId != null) {
- s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
- Domain domain = _domainDao.findById(domainId);
- _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
- }
- }
- });
-
- _messageBus.subscribe(DomainManager.MESSAGE_REMOVE_DOMAIN_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long domainId = ((Long) obj);
- if (domainId != null) {
- s_logger.debug("MessageBus message: Domain removed: " + domainId + ", removing the domain group");
- Domain domain = _domainDao.findById(domainId);
- List<AclGroup> groups = listDomainGroup(domain);
- for (AclGroup group : groups) {
- _iamSrv.deleteAclGroup(group.getId());
- }
- }
- }
- });
-
- _messageBus.subscribe(TemplateManager.MESSAGE_REGISTER_PUBLIC_TEMPLATE_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long templateId = (Long)obj;
- if (templateId != null) {
- s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- }
- }
- });
-
- _messageBus.subscribe(TemplateManager.MESSAGE_RESET_TEMPLATE_PERMISSION_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long templateId = (Long)obj;
- if (templateId != null) {
- s_logger.debug("MessageBus message: reset template permission: " + templateId);
- resetTemplatePermission(templateId);
- }
- }
- });
-
- _messageBus.subscribe(EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Pair<IAMEntityType, Long> entity = (Pair<IAMEntityType, Long>)obj;
- if (entity != null) {
- String entityType = entity.first().toString();
- Long entityId = entity.second();
- s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
- _iamSrv.removeAclPermissionForEntity(entityType, entityId);
- }
- }
- });
-
-
- _messageBus.subscribe(EntityManager.MESSAGE_GRANT_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Map<String, Object> permit = (Map<String, Object>)obj;
- if (permit != null) {
- String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
- Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
- AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
- String action = (String)permit.get(ApiConstants.ACL_ACTION);
- List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
- s_logger.debug("MessageBus message: grant accounts permission to an entity: (" + entityType + "," + entityId + ")");
- grantEntityPermissioinToAccounts(entityType, entityId, accessType, action, acctIds);
- }
- }
- });
-
- _messageBus.subscribe(EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Map<String, Object> permit = (Map<String, Object>)obj;
- if (permit != null) {
- String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
- Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
- AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
- String action = (String)permit.get(ApiConstants.ACL_ACTION);
- List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
- s_logger.debug("MessageBus message: revoke from accounts permission to an entity: (" + entityType + "," + entityId + ")");
- revokeEntityPermissioinFromAccounts(entityType, entityId, accessType, action, acctIds);
- }
- }
- });
-
- _messageBus.subscribe(EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Map<String, Object> params = (Map<String, Object>) obj;
- if (params != null) {
- addDomainWideResourceAccess(params);
- }
- }
- });
-
- return super.configure(name, params);
- }
-
- private void addDomainWideResourceAccess(Map<String, Object> params) {
-
- IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);
- Long entityId = (Long) params.get(ApiConstants.ENTITY_ID);
- Long domainId = (Long) params.get(ApiConstants.DOMAIN_ID);
- Boolean isRecursive = (Boolean) params.get(ApiConstants.SUBDOMAIN_ACCESS);
-
- if (entityType == IAMEntityType.Network) {
- createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType.toString(),
- entityId, "listNetworks", AccessType.UseEntry, domainId, isRecursive);
- } else if (entityType == IAMEntityType.AffinityGroup) {
- createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide affinityGroup", entityType.toString(),
- entityId, "listAffinityGroups", AccessType.UseEntry, domainId, isRecursive);
- }
-
- }
-
- private void createPolicyAndAddToDomainGroup(String policyName, String description, String entityType,
- Long entityId, String action, AccessType accessType, Long domainId, Boolean recursive) {
-
- Domain domain = _domainDao.findById(domainId);
- if (domain != null) {
- AclPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
- _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
- entityId, action, accessType.toString(), Permission.Allow, recursive);
- List<Long> policyList = new ArrayList<Long>();
- policyList.add(new Long(policy.getId()));
-
- List<AclGroup> domainGroups = listDomainGroup(domain);
- if (domainGroups != null) {
- for (AclGroup group : domainGroups) {
- _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
- }
- }
- }
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
- public AclGroup createAclGroup(Account caller, String aclGroupName, String description) {
- Long domainId = caller.getDomainId();
- Domain callerDomain = _domainDao.findById(domainId);
- if (callerDomain == null) {
- throw new InvalidParameterValueException("Caller does not have a domain");
- }
- return _iamSrv.createAclGroup(aclGroupName, description, callerDomain.getPath());
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_DELETE, eventDescription = "Deleting Acl Group")
- public boolean deleteAclGroup(final Long aclGroupId) {
- return _iamSrv.deleteAclGroup(aclGroupId);
- }
-
- @Override
- public List<AclGroup> listAclGroups(long accountId) {
- return _iamSrv.listAclGroups(accountId);
- }
-
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
- public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
- return _iamSrv.addAccountsToGroup(acctIds, groupId);
- }
-
-
- private void removeAccountFromAclGroups(long accountId) {
- List<AclGroup> groups = listAclGroups(accountId);
- List<Long> accts = new ArrayList<Long>();
- accts.add(accountId);
- if (groups != null) {
- for (AclGroup grp : groups) {
- removeAccountsFromGroup(accts, grp.getId());
- }
- }
- }
-
- private void addAccountToAclGroup(long accountId, long groupId) {
- List<Long> accts = new ArrayList<Long>();
- accts.add(accountId);
- addAccountsToGroup(accts, groupId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
- public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
- return _iamSrv.removeAccountsFromGroup(acctIds, groupId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_CREATE, eventDescription = "Creating Acl Policy", create = true)
- public AclPolicy createAclPolicy(Account caller, final String aclPolicyName, final String description, final Long parentPolicyId) {
- Long domainId = caller.getDomainId();
- Domain callerDomain = _domainDao.findById(domainId);
- if (callerDomain == null) {
- throw new InvalidParameterValueException("Caller does not have a domain");
- }
- return _iamSrv.createAclPolicy(aclPolicyName, description, parentPolicyId, callerDomain.getPath());
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_DELETE, eventDescription = "Deleting Acl Policy")
- public boolean deleteAclPolicy(final long aclPolicyId) {
- return _iamSrv.deleteAclPolicy(aclPolicyId);
- }
-
-
- @Override
- public List<AclPolicy> listAclPolicies(long accountId) {
- return _iamSrv.listAclPolicies(accountId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
- public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
- public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
- }
-
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
- public void attachAclPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
- public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_GRANT, eventDescription = "Granting acl permission to Acl Policy")
- public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope,
- Long scopeId, String action, Permission perm, Boolean recursive) {
- Class<?> cmdClass = _apiServer.getCmdClass(action);
- AccessType accessType = null;
- if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
- accessType = AccessType.UseEntry;
- }
- return _iamSrv.addAclPermissionToAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action,
- accessType.toString(), perm, recursive);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_REVOKE, eventDescription = "Revoking acl permission from Acl Policy")
- public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
- return _iamSrv.removeAclPermissionFromAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action);
- }
-
- @Override
- public AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action) {
- List<AclPolicy> policies = _iamSrv.listAclPolicies(accountId);
- AclPolicyPermission curPerm = null;
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
- entityType);
- if (perms == null || perms.size() == 0)
- continue;
- AclPolicyPermission perm = perms.get(0); // just pick one
- if (curPerm == null) {
- curPerm = perm;
- } else if (PermissionScope.valueOf(perm.getScope()).greaterThan(PermissionScope.valueOf(curPerm.getScope()))) {
- // pick the more relaxed allowed permission
- curPerm = perm;
- }
- }
-
- return curPerm;
- }
-
-
- @Override
- public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
- AclPolicyResponse response = new AclPolicyResponse();
- response.setId(policy.getUuid());
- response.setName(policy.getName());
- response.setDescription(policy.getDescription());
- String domainPath = policy.getPath();
- if (domainPath != null) {
- DomainVO domain = _domainDao.findDomainByPath(domainPath);
- if (domain != null) {
- response.setDomainId(domain.getUuid());
- response.setDomainName(domain.getName());
- }
- }
- long accountId = policy.getAccountId();
- AccountVO owner = _accountDao.findById(accountId);
- if (owner != null) {
- response.setAccountName(owner.getAccountName());
- }
- // find permissions associated with this policy
- List<AclPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
- if (permissions != null && permissions.size() > 0) {
- for (AclPolicyPermission permission : permissions) {
- AclPermissionResponse perm = new AclPermissionResponse();
- perm.setAction(permission.getAction());
- if (permission.getEntityType() != null) {
- perm.setEntityType(IAMEntityType.valueOf(permission.getEntityType()));
- }
- if (permission.getScope() != null) {
- perm.setScope(PermissionScope.valueOf(permission.getScope()));
- }
- perm.setScopeId(permission.getScopeId());
- perm.setPermission(permission.getPermission());
- response.addPermission(perm);
- }
- }
- response.setObjectName("aclpolicy");
- return response;
- }
-
- @Override
- public AclGroupResponse createAclGroupResponse(AclGroup group) {
- AclGroupResponse response = new AclGroupResponse();
- response.setId(group.getUuid());
- response.setName(group.getName());
- response.setDescription(group.getDescription());
- String domainPath = group.getPath();
- if (domainPath != null) {
- DomainVO domain = _domainDao.findDomainByPath(domainPath);
- if (domain != null) {
- response.setDomainId(domain.getUuid());
- response.setDomainName(domain.getName());
- }
- }
- long accountId = group.getAccountId();
- AccountVO owner = _accountDao.findById(accountId);
- if (owner != null) {
- response.setAccountName(owner.getAccountName());
- }
- // find all the members in this group
- List<Long> members = _iamSrv.listAccountsByGroup(group.getId());
- if (members != null && members.size() > 0) {
- for (Long member : members) {
- AccountVO mem = _accountDao.findById(member);
- if (mem != null) {
- response.addMemberAccount(mem.getAccountName());
- }
- }
- }
-
- // find all the policies attached to this group
- List<AclPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
- if (policies != null && policies.size() > 0) {
- for (AclPolicy policy : policies) {
- response.addPolicy(policy.getName());
- }
- }
-
- response.setObjectName("aclgroup");
- return response;
-
- }
-
- public List<AclGroup> listDomainGroup(Domain domain) {
-
- if (domain != null) {
- String domainPath = domain.getPath();
- // search for groups
- Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
- domainPath, null, null);
- return result.first();
- }
- return new ArrayList<AclGroup>();
-
- }
-
- @Override
- public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
- // acl check
- Account caller = CallContext.current().getCallingAccount();
-
- Domain domain = null;
- if (domainId != null) {
- domain = _domainDao.findById(domainId);
- if (domain == null) {
- throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
- }
-
- _accountMgr.checkAccess(caller, domain);
- } else {
- domain = _domainDao.findById(caller.getDomainId());
- }
- String domainPath = domain.getPath();
- // search for groups
- Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(aclGroupId, aclGroupName, domainPath, startIndex, pageSize);
- // generate group response
- ListResponse<AclGroupResponse> response = new ListResponse<AclGroupResponse>();
- List<AclGroupResponse> groupResponses = new ArrayList<AclGroupResponse>();
- for (AclGroup group : result.first()) {
- AclGroupResponse resp = createAclGroupResponse(group);
- groupResponses.add(resp);
- }
- response.setResponses(groupResponses, result.second());
- return response;
- }
-
- @Override
- public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
- Long pageSize) {
- // acl check
- Account caller = CallContext.current().getCallingAccount();
-
- Domain domain = null;
- if (domainId != null) {
- domain = _domainDao.findById(domainId);
- if (domain == null) {
- throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
- }
-
- _accountMgr.checkAccess(caller, domain);
- } else {
- domain = _domainDao.findById(caller.getDomainId());
- }
- String domainPath = domain.getPath();
- // search for policies
- Pair<List<AclPolicy>, Integer> result = _iamSrv.listAclPolicies(aclPolicyId, aclPolicyName, domainPath, startIndex, pageSize);
- // generate policy response
- ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
- List<AclPolicyResponse> policyResponses = new ArrayList<AclPolicyResponse>();
- for (AclPolicy policy : result.first()) {
- AclPolicyResponse resp = createAclPolicyResponse(policy);
- policyResponses.add(resp);
- }
- response.setResponses(policyResponses, result.second());
- return response;
- }
-
- @Override
- public void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
- // check if there is already a policy with only this permission added to it
- AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
- if (policy == null) {
- // not found, just create a policy with resource grant permission
- Account caller = CallContext.current().getCallingAccount();
- String aclPolicyName = "policyGrant" + entityType + entityId;
- String description = "Policy to grant permission to " + entityType + entityId;
- policy = createAclPolicy(caller, aclPolicyName, description, null);
- // add permission to this policy
- addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
- }
- // attach this policy to list of accounts if not attached already
- Long policyId = policy.getId();
- for (Long acctId : accountIds) {
- if (!isPolicyAttachedToAccount(policyId, acctId)) {
- attachAclPolicyToAccounts(policyId, Collections.singletonList(acctId));
- }
- }
- }
-
- @Override
- public void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
- // there should already a policy with only this permission added to it, this call is mainly used
- AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
- if (policy == null) {
- s_logger.warn("Cannot find a policy associated with this entity permissioin to be revoked, just return");
- return;
- }
- // detach this policy from list of accounts if not detached already
- Long policyId = policy.getId();
- for (Long acctId : accountIds) {
- if (isPolicyAttachedToAccount(policyId, acctId)) {
- removeAclPolicyFromAccounts(policyId, Collections.singletonList(acctId));
- }
- }
-
- }
-
- private boolean isPolicyAttachedToAccount(Long policyId, Long accountId) {
- List<AclPolicy> pList = listAclPolicies(accountId);
- for (AclPolicy p : pList) {
- if (p.getId() == policyId.longValue()) {
- return true;
- }
- }
- return false;
- }
-
- private void resetTemplatePermission(Long templateId){
- // reset template will change template to private, so we need to remove its permission for domain admin and normal user group
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
- // check if there is a policy with only UseEntry permission for this template added
- AclPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
- if ( policy == null ){
- s_logger.info("No policy found for this template grant: " + templateId + ", no detach to be done");
- return;
- }
- // delete the policy, which should detach it from groups and accounts
- _iamSrv.deleteAclPolicy(policy.getId());
-
- }
-
- @Override
- public List<Class<?>> getCommands() {
- List<Class<?>> cmdList = new ArrayList<Class<?>>();
- cmdList.add(CreateAclPolicyCmd.class);
- cmdList.add(DeleteAclPolicyCmd.class);
- cmdList.add(ListAclPoliciesCmd.class);
- cmdList.add(AddAclPermissionToAclPolicyCmd.class);
- cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
- cmdList.add(AttachAclPolicyToAclGroupCmd.class);
- cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
- cmdList.add(CreateAclGroupCmd.class);
- cmdList.add(DeleteAclGroupCmd.class);
- cmdList.add(ListAclGroupsCmd.class);
- cmdList.add(AddAccountToAclGroupCmd.class);
- cmdList.add(RemoveAccountFromAclGroupCmd.class);
- cmdList.add(AttachAclPolicyToAccountCmd.class);
- cmdList.add(RemoveAclPolicyFromAccountCmd.class);
- return cmdList;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
new file mode 100644
index 0000000..b9e680a
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
@@ -0,0 +1,84 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.List;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+
+import com.cloud.user.Account;
+import com.cloud.utils.component.PluggableService;
+
+public interface IAMApiService extends PluggableService {
+
+ /* ACL group related interfaces */
+ IAMGroup createIAMGroup(Account caller, String iamGroupName, String description);
+
+ boolean deleteIAMGroup(Long iamGroupId);
+
+ List<IAMGroup> listIAMGroups(long accountId);
+
+ IAMGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
+
+ IAMGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
+
+ /* IAM Policy related interfaces */
+ IAMPolicy createIAMPolicy(Account caller, String iamPolicyName, String description, Long parentPolicyId);
+
+ boolean deleteIAMPolicy(long iamPolicyId);
+
+ List<IAMPolicy> listIAMPolicies(long accountId);
+
+ IAMGroup attachIAMPoliciesToGroup(List<Long> policyIds, Long groupId);
+
+ IAMGroup removeIAMPoliciesFromGroup(List<Long> policyIds, Long groupId);
+
+ void attachIAMPolicyToAccounts(Long policyId, List<Long> accountIds);
+
+ void removeIAMPolicyFromAccounts(Long policyId, List<Long> accountIds);
+
+ IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId,
+ String action, Permission perm, Boolean recursive);
+
+ IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
+
+ IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action);
+
+ /* Utility routine to grant/revoke invidivual resource to list of accounts */
+ void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
+
+ void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
+
+ /* Response Generation */
+ IAMPolicyResponse createIAMPolicyResponse(IAMPolicy policy);
+
+ IAMGroupResponse createIAMGroupResponse(IAMGroup group);
+
+ ListResponse<IAMGroupResponse> listIAMGroups(Long iamGroupId, String iamGroupName,
+ Long domainId, Long startIndex, Long pageSize);
+
+ ListResponse<IAMPolicyResponse> listIAMPolicies(Long iamPolicyId, String iamPolicyName,
+ Long domainId, Long startIndex, Long pageSize);
+}
[08/50] [abbrv] Renaming plugin packages to 'iam' instead if 'acl'
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAclGroupCmd.java
deleted file mode 100644
index 294642b..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "attachAclPolicyToAclGroup", description = "attach acl policy to an acl group", responseObject = AclGroupResponse.class)
-public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName());
- private static final String s_name = "attachaclpolicytoaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> policyIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getPolicyIdList() {
- return policyIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.attachAclPoliciesToGroup(policyIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding acl roles to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclGroupCmd.java
deleted file mode 100644
index 2364f0f..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclGroupCmd.java
+++ /dev/null
@@ -1,168 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
-
-@APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group")
-public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclGroupCmd.class.getName());
-
- private static final String s_name = "createaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl group. Must be used with domainId.")
- private String accountName;
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl group", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl group")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
- private String name;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = CallContext.current().getCallingAccount();
- if ((account == null) || _accountService.isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
- // command to SYSTEM so ERROR events
- // are tracked
- }
-
- @Override
- public void execute() {
- AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId());
- if (grp != null) {
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(grp);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- Account account = CallContext.current().getCallingAccount();
- AclGroup result = _aclApiSrv.createAclGroup(account, name, description);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl group";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_GROUP_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclPolicyCmd.java
deleted file mode 100644
index 9cc282a..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/CreateAclPolicyCmd.java
+++ /dev/null
@@ -1,175 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
-
-@APICommand(name = "createAclPolicy", responseObject = AclPolicyResponse.class, description = "Creates an acl policy")
-public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclPolicyCmd.class.getName());
-
- private static final String s_name = "createaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl policy. Must be used with domainId.")
- private String accountName;
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl policy", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl policy")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl policy")
- private String name;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent acl policy.", entityType = AclPolicyResponse.class)
- private Long parentPolicyId;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
- public Long getParentPolicyId() {
- return parentPolicyId;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = CallContext.current().getCallingAccount();
- if ((account == null) || _accountService.isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
- // command to SYSTEM so ERROR events
- // are tracked
- }
-
- @Override
- public void execute() {
- AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId());
- if (policy != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(policy);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- Account account = CallContext.current().getCallingAccount();
- AclPolicy result = _aclApiSrv.createAclPolicy(account, name, description, parentPolicyId);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl policy";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_POLICY_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclGroupCmd.java
deleted file mode 100644
index 447342e..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclGroupCmd.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-
-import com.cloud.event.EventTypes;
-import com.cloud.user.Account;
-
-@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
-public class DeleteAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteAclGroupCmd.class.getName());
- private static final String s_name = "deleteaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = AclGroupResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM;
- }
-
- @Override
- public void execute(){
- boolean result = _aclApiSrv.deleteAclGroup(id);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return "Deleting Acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclPolicyCmd.java
deleted file mode 100644
index 7977ad0..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/DeleteAclPolicyCmd.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-
-import com.cloud.event.EventTypes;
-import com.cloud.user.Account;
-
-@APICommand(name = "deleteAclPolicy", description = "Deletes acl policy", responseObject = SuccessResponse.class)
-public class DeleteAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName());
- private static final String s_name = "deleteaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl role.", required = true, entityType = AclPolicyResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM;
- }
-
- @Override
- public void execute(){
- boolean result = _aclApiSrv.deleteAclPolicy(id);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl policy");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return "Deleting Acl role";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclGroupsCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclGroupsCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclGroupsCmd.java
deleted file mode 100644
index d626a4c..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclGroupsCmd.java
+++ /dev/null
@@ -1,88 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-
-
-@APICommand(name = "listAclGroups", description = "Lists acl groups", responseObject = AclGroupResponse.class)
-public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListAclGroupsCmd.class.getName());
-
- private static final String s_name = "listaclgroupsresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl groups by name")
- private String aclGroupName;
-
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl group by the id provided", entityType = AclGroupResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
- public String getAclGroupName() {
- return aclGroupName;
- }
-
-
- public Long getId(){
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
-
- ListResponse<AclGroupResponse> response = _aclApiSrv.listAclGroups(id, aclGroupName, getDomainId(),
- getStartIndex(), getPageSizeVal());
- response.setResponseName(getCommandName());
- setResponseObject(response);
-
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclPoliciesCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclPoliciesCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclPoliciesCmd.java
deleted file mode 100644
index d4866dd..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/ListAclPoliciesCmd.java
+++ /dev/null
@@ -1,88 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-
-
-@APICommand(name = "listAclPolicies", description = "Lists acl policies", responseObject = AclPolicyResponse.class)
-public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListAclPoliciesCmd.class.getName());
-
- private static final String s_name = "listaclpoliciesresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl policies by name")
- private String aclPolicyName;
-
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl policy by the id provided", entityType = AclPolicyResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
- public String getAclPolicyName() {
- return aclPolicyName;
- }
-
-
- public Long getId(){
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
-
- ListResponse<AclPolicyResponse> response = _aclApiSrv.listAclPolicies(id, aclPolicyName, getDomainId(),
- getStartIndex(), getPageSizeVal());
- response.setResponseName(getCommandName());
- setResponseObject(response);
-
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAccountFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAccountFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAccountFromAclGroupCmd.java
deleted file mode 100644
index ab03f84..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAccountFromAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAccountFromAclGroup", description = "remove accounts from an acl group", responseObject = AclGroupResponse.class)
-public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAccountFromAclGroupCmd.class.getName());
- private static final String s_name = "removeaccountfromaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.removeAccountsFromGroup(accountIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing accounts from acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPermissionFromAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPermissionFromAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPermissionFromAclPolicyCmd.java
deleted file mode 100644
index f9e54b0..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPermissionFromAclPolicyCmd.java
+++ /dev/null
@@ -1,147 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPermissionFromAclPolicy", description = "Remove acl permission from an acl policy", responseObject = AclPolicyResponse.class)
-public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName());
- private static final String s_name = "removeaclpermissionfromaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
- private String action;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
- required = false, description = "acl permission scope")
- private String scope;
-
- @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public String getAction() {
- return action;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public String getScope() {
- return scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- AclPolicy result = _aclApiSrv.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
- if (result != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from acl policy " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_REVOKE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing permission from acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAccountCmd.java
deleted file mode 100644
index fb63282..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAccountCmd.java
+++ /dev/null
@@ -1,122 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPolicyFromAccount", description = "remove acl policy from accounts", responseObject = SuccessResponse.class)
-public class RemoveAclPolicyFromAccountCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAccountCmd.class.getName());
- private static final String s_name = "removeaclpolicyfromaccountresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- _aclApiSrv.removeAclPolicyFromAccounts(id, accountIdList);
- SuccessResponse response = new SuccessResponse();
- response.setResponseName(getCommandName());
- setResponseObject(response);
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing acl policy from accounts";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.Account;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAclGroupCmd.java
deleted file mode 100644
index ecf709d..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/RemoveAclPolicyFromAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPolicyFromAclGroup", description = "remove acl policy from an acl group", responseObject = AclGroupResponse.class)
-public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName());
- private static final String s_name = "removeaclpolicyfromaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> policyIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getRoleIdList() {
- return policyIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.removeAclPoliciesFromGroup(policyIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing acl roles from acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
new file mode 100644
index 0000000..b63f635
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "addAccountToAclGroup", description = "add account to an acl group", responseObject = AclGroupResponse.class)
+public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName());
+ private static final String s_name = "addaccounttoaclgroupresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
+ required = true, description = "The ID of the acl group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl group Id: " + getId());
+ AclGroup result = _aclApiSrv.addAccountsToGroup(accountIdList, id);
+ if (result != null){
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding accounts to acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
new file mode 100644
index 0000000..e0ecb50
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
@@ -0,0 +1,151 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "addAclPermissionToAclPolicy", description = "Add Acl permission to an acl policy", responseObject = AclPolicyResponse.class)
+public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName());
+ private static final String s_name = "addaclpermissiontoaclpolicyresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
+ required = true, description = "The ID of the acl policy")
+ private Long id;
+
+ @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
+ private String action;
+
+ @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
+ private String entityType;
+
+ @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
+ required = false, description = "acl permission scope")
+ private String scope;
+
+ @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
+ private Long scopeId;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getEntityType() {
+ return entityType;
+ }
+
+ public String getScope() {
+ return scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl policy Id: " + getId());
+ // Only explicit ALLOW is supported for this release, no explicit deny
+ AclPolicy result = _aclApiSrv.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope),
+ scopeId, action, Permission.Allow, false);
+ if (result != null) {
+ AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl policy " + getId());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_POLICY_GRANT;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "granting permission to acl policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
new file mode 100644
index 0000000..c16f8bd
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
@@ -0,0 +1,122 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "attachAclPolicyToAccount", description = "attach acl policy to accounts", responseObject = SuccessResponse.class)
+public class AttachAclPolicyToAccountCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAccountCmd.class.getName());
+ private static final String s_name = "attachaclpolicytoaccountresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
+ required = true, description = "The ID of the acl policy")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that the policy will attach to.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl policy Id: " + getId());
+ _aclApiSrv.attachAclPolicyToAccounts(id, accountIdList);
+ SuccessResponse response = new SuccessResponse();
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding acl policy to accounts";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.Account;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
new file mode 100644
index 0000000..cd2a3d5
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "attachAclPolicyToAclGroup", description = "attach acl policy to an acl group", responseObject = AclGroupResponse.class)
+public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName());
+ private static final String s_name = "attachaclpolicytoaclgroupresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
+ required = true, description = "The ID of the acl group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
+ private List<Long> policyIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getPolicyIdList() {
+ return policyIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl group Id: " + getId());
+ AclGroup result = _aclApiSrv.attachAclPoliciesToGroup(policyIdList, id);
+ if (result != null){
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding acl roles to acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
new file mode 100644
index 0000000..3805c9f
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
@@ -0,0 +1,168 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.user.Account;
+
+@APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group")
+public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateAclGroupCmd.class.getName());
+
+ private static final String s_name = "createaclgroupresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl group. Must be used with domainId.")
+ private String accountName;
+
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl group", entityType = DomainResponse.class)
+ private Long domainId;
+
+ @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl group")
+ private String description;
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
+ private String name;
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = CallContext.current().getCallingAccount();
+ if ((account == null) || _accountService.isAdmin(account.getType())) {
+ if ((domainId != null) && (accountName != null)) {
+ Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+ if (userAccount != null) {
+ return userAccount.getId();
+ }
+ }
+ }
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
+ // command to SYSTEM so ERROR events
+ // are tracked
+ }
+
+ @Override
+ public void execute() {
+ AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId());
+ if (grp != null) {
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(grp);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group:" + name);
+ }
+ }
+
+ @Override
+ public void create() throws ResourceAllocationException {
+ Account account = CallContext.current().getCallingAccount();
+ AclGroup result = _aclApiSrv.createAclGroup(account, name, description);
+ if (result != null) {
+ setEntityId(result.getId());
+ setEntityUuid(result.getUuid());
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group entity" + name);
+ }
+
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_CREATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "creating Acl group";
+ }
+
+ @Override
+ public String getCreateEventType() {
+ return EventTypes.EVENT_ACL_GROUP_CREATE;
+ }
+
+ @Override
+ public String getCreateEventDescription() {
+ return "creating acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+
+}
[28/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Fix bugs found from marvin test.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/056d21e1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/056d21e1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/056d21e1
Branch: refs/heads/master
Commit: 056d21e14bb2e69aa231e8941a43b0b628b3443c
Parents: 91882e2
Author: Min Chen <mi...@citrix.com>
Authored: Tue Mar 4 11:16:45 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Tue Mar 4 11:16:45 2014 -0800
----------------------------------------------------------------------
.../api/command/iam/RemoveIAMPolicyFromAccountCmd.java | 3 ++-
.../src/org/apache/cloudstack/iam/server/IAMServiceImpl.java | 5 ++---
2 files changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/056d21e1/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
index 9158027..48c2a73 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
@@ -29,6 +29,7 @@ import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.SuccessResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
@@ -59,7 +60,7 @@ public class RemoveIAMPolicyFromAccountCmd extends BaseAsyncCmd {
private Long id;
@ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = IAMPolicyResponse.class, description = "comma separated list of iam policy id that are going to be applied to the iam group.")
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of iam policy id that are going to be applied to the iam group.")
private List<Long> accountIdList;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/056d21e1/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index 4f03142..097d84f 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -607,9 +607,8 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
// add entries in acl_group_policy_map table
for (Long acctId : acctIds) {
IAMAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
- if (acctMap == null) {
- // not there already
- acctMap = new IAMAccountPolicyMapVO(acctId, policyId);
+ if (acctMap != null) {
+ // exists
_aclAccountPolicyMapDao.remove(acctMap.getId());
}
}
[45/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
fix build for the juniper-contrail plugin
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1f6263de
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1f6263de
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1f6263de
Branch: refs/heads/master
Commit: 1f6263dead08e208efacdb382ac57bbf143c4607
Parents: d9696b2
Author: Prachi Damle <pr...@cloud.com>
Authored: Thu Mar 13 13:50:36 2014 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Thu Mar 13 13:50:36 2014 -0700
----------------------------------------------------------------------
.../network/contrail/management/MockAccountManager.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1f6263de/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
index c0b9ee5..957f708 100644
--- a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
+++ b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
@@ -177,13 +177,13 @@ public class MockAccountManager extends ManagerBase implements AccountManager {
}
@Override
- public boolean isRootAdmin(long accountId) {
+ public boolean isRootAdmin(Long accountId) {
// TODO Auto-generated method stub
return false;
}
@Override
- public boolean isDomainAdmin(long accountId) {
+ public boolean isDomainAdmin(Long accountId) {
// TODO Auto-generated method stub
return false;
}
[38/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
A production/QA Setup does not populate the admin and SYSTEM accounts during database setup. So IAM plugin needs to insert the necessary group <-> account map in the DB during startup
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1c85af31
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1c85af31
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1c85af31
Branch: refs/heads/master
Commit: 1c85af319340b28152a75606da577ec8e6eb51ca
Parents: 748c090
Author: Prachi Damle <pr...@cloud.com>
Authored: Mon Mar 10 17:27:32 2014 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Mon Mar 10 17:30:00 2014 -0700
----------------------------------------------------------------------
.../cloudstack/iam/IAMApiServiceImpl.java | 95 ++++++++++++++++++++
1 file changed, 95 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1c85af31/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index 97519f2..47b7697 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -16,6 +16,9 @@
// under the License.
package org.apache.cloudstack.iam;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -111,6 +114,11 @@ import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.EntityManager;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.db.TransactionCallbackNoReturn;
+import com.cloud.utils.db.TransactionLegacy;
+import com.cloud.utils.db.TransactionStatus;
+import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.vm.InstanceGroupVO;
import com.cloud.vm.VMInstanceVO;
import com.cloud.vm.dao.NicIpAliasVO;
@@ -190,6 +198,11 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
@Override
public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
+
+ // populate group <-> account association if not present for CS admin
+ // and system accounts
+ populateIAMGroupAdminAccountMap();
+
_messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
@@ -338,6 +351,88 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
return super.configure(name, params);
}
+ private void populateIAMGroupAdminAccountMap() {
+
+ Transaction.execute(new TransactionCallbackNoReturn() {
+ @Override
+ public void doInTransactionWithoutResult(TransactionStatus status) {
+ TransactionLegacy txn = TransactionLegacy.currentTxn();
+
+ String searchQuery = "Select id from `cloud`.`iam_group_account_map` where account_id = ? and removed is null";
+ ResultSet rs = null;
+ PreparedStatement acctQuery = null;
+ PreparedStatement acctInsert = null;
+ // find if the system account is present in the map
+ try {
+ acctQuery = txn.prepareAutoCloseStatement(searchQuery);
+ acctQuery.setLong(1, Account.ACCOUNT_ID_SYSTEM);
+
+ rs = acctQuery.executeQuery();
+ if (!rs.next()) {
+ acctInsert = txn
+ .prepareAutoCloseStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())");
+ // insert entry in iam_group_account_map table
+ acctInsert.setLong(1, Account.ACCOUNT_TYPE_ADMIN + 1);
+ acctInsert.setLong(2, Account.ACCOUNT_ID_SYSTEM);
+ acctInsert.executeUpdate();
+ }
+ } catch (SQLException ex) {
+ String msg = "Unable to populate iam_group_account_map for SYSTEM account." + ex.getMessage();
+ s_logger.error(msg);
+ throw new CloudRuntimeException(msg, ex);
+ } finally {
+ try {
+ if (acctInsert != null) {
+ acctInsert.close();
+ }
+ if (rs != null) {
+ rs.close();
+ }
+ if (acctQuery != null) {
+ acctQuery.close();
+ }
+ } catch (SQLException e) {
+ }
+ }
+
+ // find if the admin account is present in the map
+ try {
+ acctQuery = txn.prepareAutoCloseStatement(searchQuery);
+ acctQuery.setLong(1, Account.ACCOUNT_ID_SYSTEM + 1);
+
+ rs = acctQuery.executeQuery();
+ if (!rs.next()) {
+ acctInsert = txn
+ .prepareAutoCloseStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())");
+ // insert entry in iam_group_account_map table
+ acctInsert.setLong(1, Account.ACCOUNT_TYPE_ADMIN + 1);
+ acctInsert.setLong(2, Account.ACCOUNT_ID_SYSTEM + 1);
+ acctInsert.executeUpdate();
+ }
+ } catch (SQLException ex) {
+ String msg = "Unable to populate iam_group_account_map for Admin account." + ex.getMessage();
+ s_logger.error(msg);
+ throw new CloudRuntimeException(msg, ex);
+ } finally {
+ try {
+ if (acctInsert != null) {
+ acctInsert.close();
+ }
+ if (rs != null) {
+ rs.close();
+ }
+ if (acctQuery != null) {
+ acctQuery.close();
+ }
+ } catch (SQLException e) {
+ }
+ }
+
+ }
+ });
+
+ }
+
private void addDomainWideResourceAccess(Map<String, Object> params) {
IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);
[40/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Use IAMService to populate group-account association for system/admin
account to solve unit test failure.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f2d4b4d6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f2d4b4d6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f2d4b4d6
Branch: refs/heads/master
Commit: f2d4b4d60e46a9c847947c758e490365f2008ee8
Parents: b554d4a
Author: Min Chen <mi...@citrix.com>
Authored: Tue Mar 11 16:31:03 2014 -0700
Committer: Min Chen <mi...@citrix.com>
Committed: Tue Mar 11 16:31:03 2014 -0700
----------------------------------------------------------------------
.../cloudstack/iam/IAMApiServiceImpl.java | 102 +++----------------
1 file changed, 13 insertions(+), 89 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f2d4b4d6/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index 9e941f2..69f669c 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -16,9 +16,6 @@
// under the License.
package org.apache.cloudstack.iam;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -114,11 +111,6 @@ import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.EntityManager;
-import com.cloud.utils.db.Transaction;
-import com.cloud.utils.db.TransactionCallbackNoReturn;
-import com.cloud.utils.db.TransactionLegacy;
-import com.cloud.utils.db.TransactionStatus;
-import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.vm.InstanceGroupVO;
import com.cloud.vm.VMInstanceVO;
import com.cloud.vm.dao.NicIpAliasVO;
@@ -199,10 +191,6 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
@Override
public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
- // populate group <-> account association if not present for CS admin
- // and system accounts
- populateIAMGroupAdminAccountMap();
-
_messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
@@ -351,86 +339,22 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
return super.configure(name, params);
}
- private void populateIAMGroupAdminAccountMap() {
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- TransactionLegacy txn = TransactionLegacy.currentTxn();
-
- String searchQuery = "Select id from `cloud`.`iam_group_account_map` where account_id = ? and removed is null";
- ResultSet rs = null;
- PreparedStatement acctQuery = null;
- PreparedStatement acctInsert = null;
- // find if the system account is present in the map
- try {
- acctQuery = txn.prepareAutoCloseStatement(searchQuery);
- acctQuery.setLong(1, Account.ACCOUNT_ID_SYSTEM);
-
- rs = acctQuery.executeQuery();
- if (!rs.next()) {
- acctInsert = txn
- .prepareAutoCloseStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())");
- // insert entry in iam_group_account_map table
- acctInsert.setLong(1, Account.ACCOUNT_TYPE_ADMIN + 1);
- acctInsert.setLong(2, Account.ACCOUNT_ID_SYSTEM);
- acctInsert.executeUpdate();
- }
- } catch (SQLException ex) {
- String msg = "Unable to populate iam_group_account_map for SYSTEM account." + ex.getMessage();
- s_logger.error(msg);
- throw new CloudRuntimeException(msg, ex);
- } finally {
- try {
- if (acctInsert != null) {
- acctInsert.close();
- }
- if (rs != null) {
- rs.close();
- }
- if (acctQuery != null) {
- acctQuery.close();
- }
- } catch (SQLException e) {
- }
- }
+ @Override
+ public boolean start() {
+ s_logger.info("Populating IAM group and account association for default accounts...");
- // find if the admin account is present in the map
- try {
- acctQuery = txn.prepareAutoCloseStatement(searchQuery);
- acctQuery.setLong(1, Account.ACCOUNT_ID_SYSTEM + 1);
-
- rs = acctQuery.executeQuery();
- if (!rs.next()) {
- acctInsert = txn
- .prepareAutoCloseStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())");
- // insert entry in iam_group_account_map table
- acctInsert.setLong(1, Account.ACCOUNT_TYPE_ADMIN + 1);
- acctInsert.setLong(2, Account.ACCOUNT_ID_SYSTEM + 1);
- acctInsert.executeUpdate();
- }
- } catch (SQLException ex) {
- String msg = "Unable to populate iam_group_account_map for Admin account." + ex.getMessage();
- s_logger.error(msg);
- throw new CloudRuntimeException(msg, ex);
- } finally {
- try {
- if (acctInsert != null) {
- acctInsert.close();
- }
- if (rs != null) {
- rs.close();
- }
- if (acctQuery != null) {
- acctQuery.close();
- }
- } catch (SQLException e) {
- }
- }
+ // populate group <-> account association if not present for CS admin
+ // and system accounts
+ populateIAMGroupAdminAccountMap();
- }
- });
+ return true;
+ }
+ private void populateIAMGroupAdminAccountMap() {
+ List<Long> sysAccts = new ArrayList<Long>();
+ sysAccts.add(Account.ACCOUNT_ID_SYSTEM);
+ sysAccts.add(Account.ACCOUNT_ID_SYSTEM + 1);
+ _iamSrv.addAccountsToGroup(sysAccts, new Long(Account.ACCOUNT_TYPE_ADMIN + 1));
}
private void addDomainWideResourceAccess(Map<String, Object> params) {
[29/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
First time test_vm_iam.py is completely passed.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/690c5d4d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/690c5d4d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/690c5d4d
Branch: refs/heads/master
Commit: 690c5d4d2a00046e2da2e2d9526b20674239835f
Parents: 056d21e
Author: Min Chen <mi...@citrix.com>
Authored: Tue Mar 4 11:17:20 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Tue Mar 4 11:17:20 2014 -0800
----------------------------------------------------------------------
test/integration/smoke/test_vm_iam.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/690c5d4d/test/integration/smoke/test_vm_iam.py
----------------------------------------------------------------------
diff --git a/test/integration/smoke/test_vm_iam.py b/test/integration/smoke/test_vm_iam.py
index 11dffe2..29e587b 100644
--- a/test/integration/smoke/test_vm_iam.py
+++ b/test/integration/smoke/test_vm_iam.py
@@ -262,7 +262,7 @@ class TestVMIam(cloudstackTestCase):
@classmethod
def tearDownClass(self):
- self.apiclient = super(TestVMIAM, self).getClsTestClient().getApiClient()
+ self.apiclient = super(TestVMIam, self).getClsTestClient().getApiClient()
cleanup_resources(self.apiclient, self._cleanup)
return
[49/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Fix VM deploy failure bug introduced by commit
39e5b768e8fcae9622e01b2ca72a49675eb6d3fb.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d3fd66e9
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d3fd66e9
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d3fd66e9
Branch: refs/heads/master
Commit: d3fd66e9f555616530e483d1eacf2525556bf14e
Parents: 36c0a4e
Author: Min Chen <mi...@citrix.com>
Authored: Thu Mar 13 16:37:26 2014 -0700
Committer: Min Chen <mi...@citrix.com>
Committed: Thu Mar 13 16:37:26 2014 -0700
----------------------------------------------------------------------
api/src/org/apache/cloudstack/api/ApiConstants.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d3fd66e9/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index 3a90afc..239b8cd 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -59,7 +59,7 @@ public class ApiConstants {
public static final String CTX_ACCOUNT_ID = "ctxaccountid";
public static final String CTX_USER_ID = "ctxuserid";
public static final String CTXSTARTEVENTID = "ctxstarteventid";
- public static final String CTX_START_EVENT_ID = "ctxstarteventid";
+ public static final String CTX_START_EVENT_ID = "ctxStartEventId";
public static final String CUSTOMIZED = "customized";
public static final String CUSTOMIZED_IOPS = "customizediops";
public static final String CUSTOM_ID = "customid";
[19/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
renaming Acl to IAM in module.properties for the plugin
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/45a96e4e
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/45a96e4e
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/45a96e4e
Branch: refs/heads/master
Commit: 45a96e4e4cb8978fbbb64c2da3cfe493789900b8
Parents: 57b687e
Author: Prachi Damle <pr...@cloud.com>
Authored: Tue Feb 25 17:02:41 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 17:02:41 2014 -0800
----------------------------------------------------------------------
.../module.properties | 18 ----------
.../spring-iam-access-checkers-context.xml | 35 --------------------
.../iam-access-checkers/module.properties | 18 ++++++++++
.../spring-iam-access-checkers-context.xml | 35 ++++++++++++++++++++
4 files changed, 53 insertions(+), 53 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/45a96e4e/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties
deleted file mode 100644
index 206e1b0..0000000
--- a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties
+++ /dev/null
@@ -1,18 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-name=acl-role-based-access-checkers
-parent=api
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/45a96e4e/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
deleted file mode 100644
index fb0ddf3..0000000
--- a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-3.0.xsd"
- >
-
- <bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.iam.RoleBasedAPIAccessChecker" />
- <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.iam.RoleBasedEntityAccessChecker" />
- <bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.iam.RoleBasedEntityQuerySelector" />
- <bean id="AclApiServiceImpl" class="org.apache.cloudstack.iam.AclApiServiceImpl" />
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/45a96e4e/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/module.properties
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/module.properties b/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/module.properties
new file mode 100644
index 0000000..c87480d
--- /dev/null
+++ b/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/module.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+name=iam-access-checkers
+parent=api
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/45a96e4e/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/spring-iam-access-checkers-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/spring-iam-access-checkers-context.xml b/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/spring-iam-access-checkers-context.xml
new file mode 100644
index 0000000..983bf08
--- /dev/null
+++ b/services/iam/plugin/resources/META-INF/cloudstack/iam-access-checkers/spring-iam-access-checkers-context.xml
@@ -0,0 +1,35 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+ >
+
+ <bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.iam.RoleBasedAPIAccessChecker" />
+ <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.iam.RoleBasedEntityAccessChecker" />
+ <bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.iam.RoleBasedEntityQuerySelector" />
+ <bean id="IAMApiServiceImpl" class="org.apache.cloudstack.iam.IAMApiServiceImpl" />
+
+</beans>
[11/50] [abbrv] iam/plugin: Rename Acl to IAM everywhere
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index c20989c..02da7c3 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -25,17 +25,17 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMService;
-import org.apache.cloudstack.iam.server.dao.AclAccountPolicyMapDao;
-import org.apache.cloudstack.iam.server.dao.AclGroupAccountMapDao;
-import org.apache.cloudstack.iam.server.dao.AclGroupDao;
-import org.apache.cloudstack.iam.server.dao.AclGroupPolicyMapDao;
-import org.apache.cloudstack.iam.server.dao.AclPolicyDao;
-import org.apache.cloudstack.iam.server.dao.AclPolicyPermissionDao;
+import org.apache.cloudstack.iam.server.dao.IAMAccountPolicyMapDao;
+import org.apache.cloudstack.iam.server.dao.IAMGroupAccountMapDao;
+import org.apache.cloudstack.iam.server.dao.IAMGroupDao;
+import org.apache.cloudstack.iam.server.dao.IAMGroupPolicyMapDao;
+import org.apache.cloudstack.iam.server.dao.IAMPolicyDao;
+import org.apache.cloudstack.iam.server.dao.IAMPolicyPermissionDao;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.utils.Pair;
@@ -62,37 +62,37 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
private String _name;
@Inject
- AclPolicyDao _aclPolicyDao;
+ IAMPolicyDao _aclPolicyDao;
@Inject
- AclGroupDao _aclGroupDao;
+ IAMGroupDao _aclGroupDao;
@Inject
EntityManager _entityMgr;
@Inject
- AclGroupPolicyMapDao _aclGroupPolicyMapDao;
+ IAMGroupPolicyMapDao _aclGroupPolicyMapDao;
@Inject
- AclAccountPolicyMapDao _aclAccountPolicyMapDao;
+ IAMAccountPolicyMapDao _aclAccountPolicyMapDao;
@Inject
- AclGroupAccountMapDao _aclGroupAccountMapDao;
+ IAMGroupAccountMapDao _aclGroupAccountMapDao;
@Inject
- AclPolicyPermissionDao _policyPermissionDao;
+ IAMPolicyPermissionDao _policyPermissionDao;
@DB
@Override
- public AclGroup createAclGroup(String aclGroupName, String description, String path) {
+ public IAMGroup createAclGroup(String aclGroupName, String description, String path) {
// check if the group is already existing
- AclGroup grp = _aclGroupDao.findByName(path, aclGroupName);
+ IAMGroup grp = _aclGroupDao.findByName(path, aclGroupName);
if (grp != null) {
throw new InvalidParameterValueException(
"Unable to create acl group with name " + aclGroupName
+ " already exisits for path " + path);
}
- AclGroupVO rvo = new AclGroupVO(aclGroupName, description);
+ IAMGroupVO rvo = new IAMGroupVO(aclGroupName, description);
rvo.setPath(path);
return _aclGroupDao.persist(rvo);
@@ -102,7 +102,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public boolean deleteAclGroup(final Long aclGroupId) {
// get the Acl Group entity
- final AclGroup grp = _aclGroupDao.findById(aclGroupId);
+ final IAMGroup grp = _aclGroupDao.findById(aclGroupId);
if (grp == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + aclGroupId
+ "; failed to delete acl group.");
@@ -112,17 +112,17 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove this group related entry in acl_group_role_map
- List<AclGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByGroupId(grp.getId());
+ List<IAMGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByGroupId(grp.getId());
if (groupPolicyMap != null) {
- for (AclGroupPolicyMapVO gr : groupPolicyMap) {
+ for (IAMGroupPolicyMapVO gr : groupPolicyMap) {
_aclGroupPolicyMapDao.remove(gr.getId());
}
}
// remove this group related entry in acl_group_account table
- List<AclGroupAccountMapVO> groupAcctMap = _aclGroupAccountMapDao.listByGroupId(grp.getId());
+ List<IAMGroupAccountMapVO> groupAcctMap = _aclGroupAccountMapDao.listByGroupId(grp.getId());
if (groupAcctMap != null) {
- for (AclGroupAccountMapVO grpAcct : groupAcctMap) {
+ for (IAMGroupAccountMapVO grpAcct : groupAcctMap) {
_aclGroupAccountMapDao.remove(grpAcct.getId());
}
}
@@ -137,9 +137,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclGroup> listAclGroups(long accountId) {
+ public List<IAMGroup> listAclGroups(long accountId) {
- GenericSearchBuilder<AclGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class);
+ GenericSearchBuilder<IAMGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class);
groupSB.selectFields(groupSB.entity().getAclGroupId());
groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ);
SearchCriteria<Long> groupSc = groupSB.create();
@@ -147,9 +147,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
List<Long> groupIds = _aclGroupAccountMapDao.customSearch(groupSc, null);
- SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
+ SearchBuilder<IAMGroupVO> sb = _aclGroupDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
- SearchCriteria<AclGroupVO> sc = sb.create();
+ SearchCriteria<IAMGroupVO> sc = sb.create();
sc.setParameters("ids", groupIds.toArray(new Object[groupIds.size()]));
@SuppressWarnings("rawtypes")
List groups = _aclGroupDao.search(sc, null);
@@ -158,9 +158,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
+ public IAMGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
// get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
+ IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId
+ "; failed to add accounts to acl group.");
@@ -172,10 +172,10 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
// add entries in acl_group_account_map table
for (Long acctId : acctIds) {
// check account permissions
- AclGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
+ IAMGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
if (grMap == null) {
// not there already
- grMap = new AclGroupAccountMapVO(groupId, acctId);
+ grMap = new IAMGroupAccountMapVO(groupId, acctId);
_aclGroupAccountMapDao.persist(grMap);
}
}
@@ -186,9 +186,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
+ public IAMGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
// get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
+ IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId
+ "; failed to remove accounts from acl group.");
@@ -199,7 +199,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove entries from acl_group_account_map table
for (Long acctId : acctIds) {
- AclGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
+ IAMGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
if (grMap != null) {
// not removed yet
_aclGroupAccountMapDao.remove(grMap.getId());
@@ -212,35 +212,35 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public List<Long> listAccountsByGroup(long groupId) {
- List<AclGroupAccountMapVO> grpAcctMap = _aclGroupAccountMapDao.listByGroupId(groupId);
+ List<IAMGroupAccountMapVO> grpAcctMap = _aclGroupAccountMapDao.listByGroupId(groupId);
if (grpAcctMap == null || grpAcctMap.size() == 0) {
return new ArrayList<Long>();
}
List<Long> accts = new ArrayList<Long>();
- for (AclGroupAccountMapVO grpAcct : grpAcctMap) {
+ for (IAMGroupAccountMapVO grpAcct : grpAcctMap) {
accts.add(grpAcct.getAccountId());
}
return accts;
}
@Override
- public Pair<List<AclGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) {
+ public Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) {
if (aclGroupId != null) {
- AclGroup group = _aclGroupDao.findById(aclGroupId);
+ IAMGroup group = _aclGroupDao.findById(aclGroupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId);
}
}
- Filter searchFilter = new Filter(AclGroupVO.class, "id", true, startIndex, pageSize);
+ Filter searchFilter = new Filter(IAMGroupVO.class, "id", true, startIndex, pageSize);
- SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
+ SearchBuilder<IAMGroupVO> sb = _aclGroupDao.createSearchBuilder();
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
- SearchCriteria<AclGroupVO> sc = sb.create();
+ SearchCriteria<IAMGroupVO> sc = sb.create();
if (aclGroupName != null) {
sc.setParameters("name", aclGroupName);
@@ -252,13 +252,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sc.setParameters("path", path + "%");
- Pair<List<AclGroupVO>, Integer> groups = _aclGroupDao.searchAndCount(sc, searchFilter);
- return new Pair<List<AclGroup>, Integer>(new ArrayList<AclGroup>(groups.first()), groups.second());
+ Pair<List<IAMGroupVO>, Integer> groups = _aclGroupDao.searchAndCount(sc, searchFilter);
+ return new Pair<List<IAMGroup>, Integer>(new ArrayList<IAMGroup>(groups.first()), groups.second());
}
@Override
- public List<AclGroup> listParentAclGroups(long groupId) {
- AclGroup group = _aclGroupDao.findById(groupId);
+ public List<IAMGroup> listParentAclGroups(long groupId) {
+ IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + groupId);
}
@@ -277,45 +277,45 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
if (pathList.isEmpty()) {
- return new ArrayList<AclGroup>();
+ return new ArrayList<IAMGroup>();
}
- SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
+ SearchBuilder<IAMGroupVO> sb = _aclGroupDao.createSearchBuilder();
sb.and("paths", sb.entity().getPath(), SearchCriteria.Op.IN);
- SearchCriteria<AclGroupVO> sc = sb.create();
+ SearchCriteria<IAMGroupVO> sc = sb.create();
sc.setParameters("paths", pathList.toArray());
- List<AclGroupVO> groups = _aclGroupDao.search(sc, null);
+ List<IAMGroupVO> groups = _aclGroupDao.search(sc, null);
- return new ArrayList<AclGroup>(groups);
+ return new ArrayList<IAMGroup>(groups);
}
@DB
@Override
- public AclPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) {
+ public IAMPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) {
// check if the policy is already existing
- AclPolicy ro = _aclPolicyDao.findByName(aclPolicyName);
+ IAMPolicy ro = _aclPolicyDao.findByName(aclPolicyName);
if (ro != null) {
throw new InvalidParameterValueException(
"Unable to create acl policy with name " + aclPolicyName
+ " already exisits");
}
- AclPolicy role = Transaction.execute(new TransactionCallback<AclPolicy>() {
+ IAMPolicy role = Transaction.execute(new TransactionCallback<IAMPolicy>() {
@Override
- public AclPolicy doInTransaction(TransactionStatus status) {
- AclPolicyVO rvo = new AclPolicyVO(aclPolicyName, description);
+ public IAMPolicy doInTransaction(TransactionStatus status) {
+ IAMPolicyVO rvo = new IAMPolicyVO(aclPolicyName, description);
rvo.setPath(path);
- AclPolicy role = _aclPolicyDao.persist(rvo);
+ IAMPolicy role = _aclPolicyDao.persist(rvo);
if (parentPolicyId != null) {
// copy parent role permissions
- List<AclPolicyPermissionVO> perms = _policyPermissionDao.listByPolicy(parentPolicyId);
+ List<IAMPolicyPermissionVO> perms = _policyPermissionDao.listByPolicy(parentPolicyId);
if (perms != null) {
- for (AclPolicyPermissionVO perm : perms) {
+ for (IAMPolicyPermissionVO perm : perms) {
perm.setAclPolicyId(role.getId());
_policyPermissionDao.persist(perm);
}
@@ -333,7 +333,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public boolean deleteAclPolicy(final long aclPolicyId) {
// get the Acl Policy entity
- final AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ final IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ "; failed to delete acl policy.");
@@ -343,25 +343,25 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove this role related entry in acl_group_role_map
- List<AclGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByPolicyId(policy.getId());
+ List<IAMGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByPolicyId(policy.getId());
if (groupPolicyMap != null) {
- for (AclGroupPolicyMapVO gr : groupPolicyMap) {
+ for (IAMGroupPolicyMapVO gr : groupPolicyMap) {
_aclGroupPolicyMapDao.remove(gr.getId());
}
}
// remove this policy related entry in acl_account_policy_map table
- List<AclAccountPolicyMapVO> policyAcctMap = _aclAccountPolicyMapDao.listByPolicyId(policy.getId());
+ List<IAMAccountPolicyMapVO> policyAcctMap = _aclAccountPolicyMapDao.listByPolicyId(policy.getId());
if (policyAcctMap != null) {
- for (AclAccountPolicyMapVO policyAcct : policyAcctMap) {
+ for (IAMAccountPolicyMapVO policyAcct : policyAcctMap) {
_aclAccountPolicyMapDao.remove(policyAcct.getId());
}
}
// remove this policy related entry in acl_policy_permission table
- List<AclPolicyPermissionVO> policyPermMap = _policyPermissionDao.listByPolicy(policy.getId());
+ List<IAMPolicyPermissionVO> policyPermMap = _policyPermissionDao.listByPolicy(policy.getId());
if (policyPermMap != null) {
- for (AclPolicyPermissionVO policyPerm : policyPermMap) {
+ for (IAMPolicyPermissionVO policyPerm : policyPermMap) {
_policyPermissionDao.remove(policyPerm.getId());
}
}
@@ -377,13 +377,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclPolicy> listAclPolicies(long accountId) {
+ public List<IAMPolicy> listAclPolicies(long accountId) {
// static policies of the account
- SearchBuilder<AclGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
+ SearchBuilder<IAMGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ);
- GenericSearchBuilder<AclGroupPolicyMapVO, Long> policySB = _aclGroupPolicyMapDao.createSearchBuilder(Long.class);
+ GenericSearchBuilder<IAMGroupPolicyMapVO, Long> policySB = _aclGroupPolicyMapDao.createSearchBuilder(Long.class);
policySB.selectFields(policySB.entity().getAclPolicyId());
policySB.join("accountgroupjoin", groupSB, groupSB.entity().getAclGroupId(), policySB.entity().getAclGroupId(),
JoinType.INNER);
@@ -393,16 +393,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
List<Long> policyIds = _aclGroupPolicyMapDao.customSearch(policySc, null);
// add policies directly attached to the account
- List<AclAccountPolicyMapVO> acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId);
- for (AclAccountPolicyMapVO p : acctPolicies) {
+ List<IAMAccountPolicyMapVO> acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId);
+ for (IAMAccountPolicyMapVO p : acctPolicies) {
policyIds.add(p.getAclPolicyId());
}
if (policyIds.size() == 0) {
- return new ArrayList<AclPolicy>();
+ return new ArrayList<IAMPolicy>();
}
- SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
- SearchCriteria<AclPolicyVO> sc = sb.create();
+ SearchCriteria<IAMPolicyVO> sc = sb.create();
sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
@SuppressWarnings("rawtypes")
List policies = _aclPolicyDao.customSearch(sc, null);
@@ -413,20 +413,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclPolicy> listAclPoliciesByGroup(long groupId) {
- List<AclGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
+ public List<IAMPolicy> listAclPoliciesByGroup(long groupId) {
+ List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
- return new ArrayList<AclPolicy>();
+ return new ArrayList<IAMPolicy>();
}
List<Long> policyIds = new ArrayList<Long>();
- for (AclGroupPolicyMapVO pg : policyGrpMap) {
+ for (IAMGroupPolicyMapVO pg : policyGrpMap) {
policyIds.add(pg.getAclPolicyId());
}
- SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
- SearchCriteria<AclPolicyVO> sc = sb.create();
+ SearchCriteria<IAMPolicyVO> sc = sb.create();
sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
@SuppressWarnings("rawtypes")
List policies = _aclPolicyDao.customSearch(sc, null);
@@ -436,26 +436,26 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclPolicy> listRecursiveAclPoliciesByGroup(long groupId) {
- List<AclGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
+ public List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId) {
+ List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
- return new ArrayList<AclPolicy>();
+ return new ArrayList<IAMPolicy>();
}
List<Long> policyIds = new ArrayList<Long>();
- for (AclGroupPolicyMapVO pg : policyGrpMap) {
+ for (IAMGroupPolicyMapVO pg : policyGrpMap) {
policyIds.add(pg.getAclPolicyId());
}
- SearchBuilder<AclPolicyPermissionVO> permSb = _policyPermissionDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyPermissionVO> permSb = _policyPermissionDao.createSearchBuilder();
permSb.and("isRecursive", permSb.entity().isRecursive(), Op.EQ);
- SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
sb.join("recursivePerm", permSb, sb.entity().getId(), permSb.entity().getAclPolicyId(),
JoinBuilder.JoinType.INNER);
- SearchCriteria<AclPolicyVO> sc = sb.create();
+ SearchCriteria<IAMPolicyVO> sc = sb.create();
sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
sc.setJoinParameters("recursivePerm", "isRecursive", true);
@@ -468,23 +468,23 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public Pair<List<AclPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
+ public Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
if (aclPolicyId != null) {
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId);
}
}
- Filter searchFilter = new Filter(AclPolicyVO.class, "id", true, startIndex, pageSize);
+ Filter searchFilter = new Filter(IAMPolicyVO.class, "id", true, startIndex, pageSize);
- SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
- SearchCriteria<AclPolicyVO> sc = sb.create();
+ SearchCriteria<IAMPolicyVO> sc = sb.create();
if (aclPolicyName != null) {
sc.setParameters("name", aclPolicyName);
@@ -496,17 +496,17 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sc.setParameters("path", path + "%");
- Pair<List<AclPolicyVO>, Integer> policies = _aclPolicyDao.searchAndCount(sc, searchFilter);
+ Pair<List<IAMPolicyVO>, Integer> policies = _aclPolicyDao.searchAndCount(sc, searchFilter);
@SuppressWarnings("rawtypes")
List policyList = policies.first();
- return new Pair<List<AclPolicy>, Integer>(policyList, policies.second());
+ return new Pair<List<IAMPolicy>, Integer>(policyList, policies.second());
}
@DB
@Override
- public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
+ public IAMGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
+ IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId
+ "; failed to add roles to acl group.");
@@ -517,16 +517,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_policy_map table
for (Long policyId : policyIds) {
- AclPolicy policy = _aclPolicyDao.findById(policyId);
+ IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
+ "; failed to add policies to acl group.");
}
- AclGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
+ IAMGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
if (grMap == null) {
// not there already
- grMap = new AclGroupPolicyMapVO(groupId, policyId);
+ grMap = new IAMGroupPolicyMapVO(groupId, policyId);
_aclGroupPolicyMapDao.persist(grMap);
}
}
@@ -538,9 +538,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
+ public IAMGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
+ IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId
+ "; failed to remove roles from acl group.");
@@ -551,13 +551,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_role_map table
for (Long policyId : policyIds) {
- AclPolicy policy = _aclPolicyDao.findById(policyId);
+ IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
+ "; failed to add policies to acl group.");
}
- AclGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
+ IAMGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
if (grMap != null) {
// not removed yet
_aclGroupPolicyMapDao.remove(grMap.getId());
@@ -571,7 +571,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void attachAclPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
- AclPolicy policy = _aclPolicyDao.findById(policyId);
+ IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
+ "; failed to add policy to account.");
@@ -582,10 +582,10 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_policy_map table
for (Long acctId : acctIds) {
- AclAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
+ IAMAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
if (acctMap == null) {
// not there already
- acctMap = new AclAccountPolicyMapVO(acctId, policyId);
+ acctMap = new IAMAccountPolicyMapVO(acctId, policyId);
_aclAccountPolicyMapDao.persist(acctMap);
}
}
@@ -595,7 +595,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> acctIds) {
- AclPolicy policy = _aclPolicyDao.findById(policyId);
+ IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
+ "; failed to add policy to account.");
@@ -606,10 +606,10 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_policy_map table
for (Long acctId : acctIds) {
- AclAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
+ IAMAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
if (acctMap == null) {
// not there already
- acctMap = new AclAccountPolicyMapVO(acctId, policyId);
+ acctMap = new IAMAccountPolicyMapVO(acctId, policyId);
_aclAccountPolicyMapDao.remove(acctMap.getId());
}
}
@@ -619,20 +619,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ public IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action, String accessType, Permission perm, Boolean recursive) {
// get the Acl Policy entity
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ "; failed to add permission to policy.");
}
// add entry in acl_policy_permission table
- AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
+ IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
if (permit == null) {
// not there already
- permit = new AclPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm,
+ permit = new IAMPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm,
recursive);
_policyPermissionDao.persist(permit);
}
@@ -642,16 +642,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ public IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action) {
// get the Acl Policy entity
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ "; failed to revoke permission from policy.");
}
// remove entry from acl_entity_permission table
- AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, Permission.Allow);
+ IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, Permission.Allow);
if (permit != null) {
// not removed yet
_policyPermissionDao.remove(permit.getId());
@@ -666,8 +666,8 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove entry from acl_entity_permission table
- List<AclPolicyPermissionVO> permitList = _policyPermissionDao.listByEntity(entityType, entityId);
- for (AclPolicyPermissionVO permit : permitList) {
+ List<IAMPolicyPermissionVO> permitList = _policyPermissionDao.listByEntity(entityType, entityId);
+ for (IAMPolicyPermissionVO permit : permitList) {
long policyId = permit.getAclPolicyId();
_policyPermissionDao.remove(permit.getId());
@@ -682,19 +682,19 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public AclPolicy resetAclPolicy(long aclPolicyId) {
+ public IAMPolicy resetAclPolicy(long aclPolicyId) {
// get the Acl Policy entity
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ "; failed to reset the policy.");
}
- SearchBuilder<AclPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
sb.and("policyId", sb.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ);
sb.done();
- SearchCriteria<AclPolicyPermissionVO> permissionSC = sb.create();
+ SearchCriteria<IAMPolicyPermissionVO> permissionSC = sb.create();
permissionSC.setParameters("policyId", aclPolicyId);
_policyPermissionDao.expunge(permissionSC);
@@ -702,7 +702,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public boolean isActionAllowedForPolicies(String action, List<AclPolicy> policies) {
+ public boolean isActionAllowedForPolicies(String action, List<IAMPolicy> policies) {
boolean allowed = false;
@@ -711,19 +711,19 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
List<Long> policyIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
+ for (IAMPolicy policy : policies) {
policyIds.add(policy.getId());
}
- SearchBuilder<AclPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
+ SearchBuilder<IAMPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
sb.and("action", sb.entity().getAction(), Op.EQ);
sb.and("policyId", sb.entity().getAclPolicyId(), Op.IN);
- SearchCriteria<AclPolicyPermissionVO> sc = sb.create();
+ SearchCriteria<IAMPolicyPermissionVO> sc = sb.create();
sc.setParameters("policyId", policyIds.toArray(new Object[policyIds.size()]));
sc.setParameters("action", action);
- List<AclPolicyPermissionVO> permissions = _policyPermissionDao.customSearch(sc, null);
+ List<IAMPolicyPermissionVO> permissions = _policyPermissionDao.customSearch(sc, null);
if (permissions != null && !permissions.isEmpty()) {
allowed = true;
@@ -736,14 +736,14 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public List<Long> getGrantedEntities(long accountId, String action, String scope) {
// Get the static Policies of the Caller
- List<AclPolicy> policies = listAclPolicies(accountId);
+ List<IAMPolicy> policies = listAclPolicies(accountId);
// for each policy, find granted permission within the given scope
List<Long> entityIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action,
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action,
scope);
if (pp != null) {
- for (AclPolicyPermissionVO p : pp) {
+ for (IAMPolicyPermissionVO p : pp) {
if (p.getScopeId() != null) {
entityIds.add(p.getScopeId());
}
@@ -755,7 +755,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
@SuppressWarnings("unchecked")
- public List<AclPolicyPermission> listPolicyPermissions(long policyId) {
+ public List<IAMPolicyPermission> listPolicyPermissions(long policyId) {
@SuppressWarnings("rawtypes")
List pp = _policyPermissionDao.listByPolicy(policyId);
return pp;
@@ -763,7 +763,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope) {
+ public List<IAMPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope) {
@SuppressWarnings("rawtypes")
List pp = _policyPermissionDao.listGrantedByActionAndScope(policyId, action, scope);
return pp;
@@ -771,7 +771,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclPolicyPermission> listPolicyPermissionByActionAndEntity(long policyId, String action,
+ public List<IAMPolicyPermission> listPolicyPermissionByActionAndEntity(long policyId, String action,
String entityType) {
@SuppressWarnings("rawtypes")
List pp = _policyPermissionDao.listByPolicyActionAndEntity(policyId, action, entityType);
@@ -780,7 +780,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<AclPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
+ public List<IAMPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
String entityType) {
@SuppressWarnings("rawtypes")
List pp = _policyPermissionDao.listByPolicyAccessAndEntity(policyId, accessType, entityType);
@@ -788,19 +788,19 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public AclPolicy getResourceOwnerPolicy() {
+ public IAMPolicy getResourceOwnerPolicy() {
return _aclPolicyDao.findByName("RESOURCE_OWNER");
}
// search for policy with only one resource grant permission
@Override
- public AclPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action) {
- List<AclPolicyVO> policyList = _aclPolicyDao.listAll();
- for (AclPolicyVO policy : policyList){
- List<AclPolicyPermission> pp = listPolicyPermissions(policy.getId());
+ public IAMPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action) {
+ List<IAMPolicyVO> policyList = _aclPolicyDao.listAll();
+ for (IAMPolicyVO policy : policyList){
+ List<IAMPolicyPermission> pp = listPolicyPermissions(policy.getId());
if ( pp != null && pp.size() == 1){
// resource grant policy should only have one ACL permission assigned
- AclPolicyPermission permit = pp.get(0);
+ IAMPolicyPermission permit = pp.get(0);
if ( permit.getEntityType().equals(entityType) && permit.getScope().equals(PermissionScope.RESOURCE.toString()) && permit.getScopeId().longValue() == entityId.longValue()){
if (accessType != null && permit.getAccessType().equals(accessType)){
return policy;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDao.java
deleted file mode 100644
index 83b8147..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDao.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-
-import org.apache.cloudstack.iam.server.AclAccountPolicyMapVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclAccountPolicyMapDao extends GenericDao<AclAccountPolicyMapVO, Long> {
-
- List<AclAccountPolicyMapVO> listByAccountId(long acctId);
-
- List<AclAccountPolicyMapVO> listByPolicyId(long policyId);
-
- AclAccountPolicyMapVO findByAccountAndPolicy(long acctId, long policyId);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDaoImpl.java
deleted file mode 100644
index 51091a6..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclAccountPolicyMapDaoImpl.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.iam.server.AclAccountPolicyMapVO;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-public class AclAccountPolicyMapDaoImpl extends GenericDaoBase<AclAccountPolicyMapVO, Long> implements AclAccountPolicyMapDao {
-
- private SearchBuilder<AclAccountPolicyMapVO> ListByAccountId;
- private SearchBuilder<AclAccountPolicyMapVO> ListByPolicyId;
- private SearchBuilder<AclAccountPolicyMapVO> findByPolicyAccountId;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- ListByAccountId = createSearchBuilder();
- ListByAccountId.and("accountId", ListByAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
- ListByAccountId.done();
-
- ListByPolicyId = createSearchBuilder();
- ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- ListByPolicyId.done();
-
- findByPolicyAccountId = createSearchBuilder();
- findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- findByPolicyAccountId.and("accountId", findByPolicyAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
- findByPolicyAccountId.done();
-
- return true;
- }
-
- @Override
- public List<AclAccountPolicyMapVO> listByAccountId(long acctId) {
- SearchCriteria<AclAccountPolicyMapVO> sc = ListByAccountId.create();
- sc.setParameters("accountId", acctId);
- return listBy(sc);
- }
-
- @Override
- public List<AclAccountPolicyMapVO> listByPolicyId(long policyId) {
- SearchCriteria<AclAccountPolicyMapVO> sc = ListByPolicyId.create();
- sc.setParameters("policyId", policyId);
- return listBy(sc);
- }
-
- @Override
- public AclAccountPolicyMapVO findByAccountAndPolicy(long acctId, long policyId) {
- SearchCriteria<AclAccountPolicyMapVO> sc = findByPolicyAccountId.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("accountId", acctId);
- return findOneBy(sc);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDao.java
deleted file mode 100644
index 58f69c3..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDao.java
+++ /dev/null
@@ -1,40 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-
-import org.apache.cloudstack.iam.server.AclGroupAccountMapVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclGroupAccountMapDao extends GenericDao<AclGroupAccountMapVO, Long> {
-
- List<AclGroupAccountMapVO> listByGroupId(long groupId);
-
- List<AclGroupAccountMapVO> listByAccountId(long accountId);
-
- AclGroupAccountMapVO findAccountInAdminGroup(long accountId);
-
- AclGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId);
-
- void removeAccountFromGroups(long accountId);
-
- AclGroupAccountMapVO findAccountInDomainAdminGroup(long accountId);
-
- AclGroupAccountMapVO findAccountInUserGroup(long accountId);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDaoImpl.java
deleted file mode 100644
index 32ce64a..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupAccountMapDaoImpl.java
+++ /dev/null
@@ -1,119 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.iam.server.AclGroupAccountMapVO;
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMapVO, Long> implements AclGroupAccountMapDao {
- private SearchBuilder<AclGroupAccountMapVO> ListByGroupId;
- private SearchBuilder<AclGroupAccountMapVO> ListByAccountId;
- private SearchBuilder<AclGroupAccountMapVO> _findByAccountAndGroupId;
-
- public static final Logger s_logger = Logger.getLogger(AclGroupAccountMapDaoImpl.class.getName());
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- ListByGroupId = createSearchBuilder();
- ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
- ListByGroupId.done();
-
- ListByAccountId = createSearchBuilder();
- ListByAccountId.and("accountId", ListByAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
- ListByAccountId.done();
-
- _findByAccountAndGroupId = createSearchBuilder();
- _findByAccountAndGroupId
- .and("groupId", _findByAccountAndGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
- _findByAccountAndGroupId.and("accountId", _findByAccountAndGroupId.entity().getAccountId(),
- SearchCriteria.Op.EQ);
- _findByAccountAndGroupId.done();
-
- return true;
- }
-
- @Override
- public List<AclGroupAccountMapVO> listByGroupId(long groupId) {
- SearchCriteria<AclGroupAccountMapVO> sc = ListByGroupId.create();
- sc.setParameters("groupId", groupId);
- return listBy(sc);
- }
-
- @Override
- public List<AclGroupAccountMapVO> listByAccountId(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = ListByAccountId.create();
- sc.setParameters("accountId", accountId);
- return listBy(sc);
- }
-
- @Override
- public AclGroupAccountMapVO findAccountInAdminGroup(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
- sc.setParameters("accountId", accountId);
- sc.setParameters("groupId", 2);
- return findOneBy(sc);
- }
-
- @Override
- public AclGroupAccountMapVO findAccountInDomainAdminGroup(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
- sc.setParameters("accountId", accountId);
- sc.setParameters("groupId", 3);
- return findOneBy(sc);
- }
-
- @Override
- public AclGroupAccountMapVO findAccountInUserGroup(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
- sc.setParameters("accountId", accountId);
- sc.setParameters("groupId", 1);
- return findOneBy(sc);
- }
-
- @Override
- public AclGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId) {
- SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
- sc.setParameters("accountId", acctId);
- sc.setParameters("groupId", groupId);
- return findOneBy(sc);
- }
-
- @Override
- public void removeAccountFromGroups(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = ListByAccountId.create();
- sc.setParameters("accountId", accountId);
-
- int rowsRemoved = remove(sc);
- if (rowsRemoved > 0) {
- s_logger.debug("Removed account id=" + accountId + " from " + rowsRemoved + " groups");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDao.java
deleted file mode 100644
index aa62a0b..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDao.java
+++ /dev/null
@@ -1,28 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.server.AclGroupVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclGroupDao extends GenericDao<AclGroupVO, Long> {
-
- AclGroup findByName(String path, String groupName);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDaoImpl.java
deleted file mode 100644
index e091574..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupDaoImpl.java
+++ /dev/null
@@ -1,59 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.server.AclGroupVO;
-import org.springframework.stereotype.Component;
-
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-public class AclGroupDaoImpl extends GenericDaoBase<AclGroupVO, Long> implements AclGroupDao {
- private SearchBuilder<AclGroupVO> nameSearch;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- nameSearch = createSearchBuilder();
- nameSearch.and("name", nameSearch.entity().getName(), SearchCriteria.Op.EQ);
- nameSearch.and("path", nameSearch.entity().getPath(), SearchCriteria.Op.EQ);
- nameSearch.done();
-
-
- return true;
- }
-
- @Override
- public AclGroup findByName(String path, String name) {
- SearchCriteria<AclGroupVO> sc = nameSearch.create();
- sc.setParameters("name", name);
- if (path != null) {
- sc.setParameters("path", path);
- }
- return findOneBy(sc);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDao.java
deleted file mode 100644
index a016fc5..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDao.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-
-import org.apache.cloudstack.iam.server.AclGroupPolicyMapVO;
-import com.cloud.utils.db.GenericDao;
-
-public interface AclGroupPolicyMapDao extends GenericDao<AclGroupPolicyMapVO, Long> {
-
- List<AclGroupPolicyMapVO> listByGroupId(long groupId);
-
- List<AclGroupPolicyMapVO> listByPolicyId(long policyId);
-
- AclGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDaoImpl.java
deleted file mode 100644
index 3ce2b8a..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclGroupPolicyMapDaoImpl.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.iam.server.AclGroupPolicyMapVO;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-public class AclGroupPolicyMapDaoImpl extends GenericDaoBase<AclGroupPolicyMapVO, Long> implements AclGroupPolicyMapDao {
-
- private SearchBuilder<AclGroupPolicyMapVO> ListByGroupId;
- private SearchBuilder<AclGroupPolicyMapVO> ListByPolicyId;
- private SearchBuilder<AclGroupPolicyMapVO> findByPolicyGroupId;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- ListByGroupId = createSearchBuilder();
- ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
- ListByGroupId.done();
-
- ListByPolicyId = createSearchBuilder();
- ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- ListByPolicyId.done();
-
- findByPolicyGroupId = createSearchBuilder();
- findByPolicyGroupId.and("policyId", findByPolicyGroupId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- findByPolicyGroupId.and("groupId", findByPolicyGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
- findByPolicyGroupId.done();
-
- return true;
- }
-
- @Override
- public List<AclGroupPolicyMapVO> listByGroupId(long groupId) {
- SearchCriteria<AclGroupPolicyMapVO> sc = ListByGroupId.create();
- sc.setParameters("groupId", groupId);
- return listBy(sc);
- }
-
- @Override
- public List<AclGroupPolicyMapVO> listByPolicyId(long policyId) {
- SearchCriteria<AclGroupPolicyMapVO> sc = ListByPolicyId.create();
- sc.setParameters("policyId", policyId);
- return listBy(sc);
- }
-
- @Override
- public AclGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId) {
- SearchCriteria<AclGroupPolicyMapVO> sc = findByPolicyGroupId.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("groupId", groupId);
- return findOneBy(sc);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDao.java
deleted file mode 100644
index a61c5de..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDao.java
+++ /dev/null
@@ -1,28 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.server.AclPolicyVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclPolicyDao extends GenericDao<AclPolicyVO, Long> {
-
- AclPolicy findByName(String policyName);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDaoImpl.java
deleted file mode 100644
index a1a81e6..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyDaoImpl.java
+++ /dev/null
@@ -1,57 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.server.AclPolicyVO;
-import org.springframework.stereotype.Component;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-public class AclPolicyDaoImpl extends GenericDaoBase<AclPolicyVO, Long> implements AclPolicyDao {
- private SearchBuilder<AclPolicyVO> nameSearch;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- nameSearch = createSearchBuilder();
- nameSearch.and("name", nameSearch.entity().getName(), SearchCriteria.Op.EQ);
- // nameSearch.and("domainId", nameSearch.entity().getDomainId(),
- // SearchCriteria.Op.EQ);
- nameSearch.done();
-
-
- return true;
- }
-
- @Override
- public AclPolicy findByName(String name) {
- SearchCriteria<AclPolicyVO> sc = nameSearch.create();
- sc.setParameters("name", name);
-
- return findOneBy(sc);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
deleted file mode 100644
index 2a49243..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
+++ /dev/null
@@ -1,39 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-import java.util.List;
-
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.server.AclPolicyPermissionVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclPolicyPermissionDao extends GenericDao<AclPolicyPermissionVO, Long> {
-
- List<AclPolicyPermissionVO> listByPolicy(long policyId);
-
- AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId,
- String action, Permission perm);
-
- List<AclPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope);
-
- List<AclPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType);
-
- List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType, String entityType);
-
- List<AclPolicyPermissionVO> listByEntity(String entityType, Long entityId);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
deleted file mode 100644
index 054c8f1..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
+++ /dev/null
@@ -1,129 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.server.dao;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.server.AclPolicyPermissionVO;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissionVO, Long> implements
- AclPolicyPermissionDao {
-
- private SearchBuilder<AclPolicyPermissionVO> policyIdSearch;
- private SearchBuilder<AclPolicyPermissionVO> fullSearch;
- private SearchBuilder<AclPolicyPermissionVO> actionScopeSearch;
- private SearchBuilder<AclPolicyPermissionVO> entitySearch;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- policyIdSearch = createSearchBuilder();
- policyIdSearch.and("policyId", policyIdSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- policyIdSearch.done();
-
- fullSearch = createSearchBuilder();
- fullSearch.and("policyId", fullSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- fullSearch.and("entityType", fullSearch.entity().getEntityType(), SearchCriteria.Op.EQ);
- fullSearch.and("scope", fullSearch.entity().getScope(), SearchCriteria.Op.EQ);
- fullSearch.and("scopeId", fullSearch.entity().getScopeId(), SearchCriteria.Op.EQ);
- fullSearch.and("action", fullSearch.entity().getAction(), SearchCriteria.Op.EQ);
- fullSearch.and("permission", fullSearch.entity().getPermission(), SearchCriteria.Op.EQ);
- fullSearch.and("accessType", fullSearch.entity().getAccessType(), SearchCriteria.Op.EQ);
- fullSearch.done();
-
- actionScopeSearch = createSearchBuilder();
- actionScopeSearch.and("policyId", actionScopeSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- actionScopeSearch.and("scope", actionScopeSearch.entity().getScope(), SearchCriteria.Op.EQ);
- actionScopeSearch.and("action", actionScopeSearch.entity().getAction(), SearchCriteria.Op.EQ);
- actionScopeSearch.and("permission", actionScopeSearch.entity().getPermission(), SearchCriteria.Op.EQ);
- actionScopeSearch.done();
-
- entitySearch = createSearchBuilder();
- entitySearch.and("entityType", entitySearch.entity().getEntityType(), SearchCriteria.Op.EQ);
- entitySearch.and("scopeId", entitySearch.entity().getScopeId(), SearchCriteria.Op.EQ);
- entitySearch.done();
-
- return true;
- }
-
- @Override
- public List<AclPolicyPermissionVO> listByPolicy(long policyId) {
- SearchCriteria<AclPolicyPermissionVO> sc = policyIdSearch.create();
- sc.setParameters("policyId", policyId);
- return listBy(sc);
- }
-
- @Override
- public AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId,
- String action, Permission perm) {
- SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("entityType", entityType);
- sc.setParameters("scope", scope);
- sc.setParameters("scopeId", scopeId);
- sc.setParameters("action", action);
- sc.setParameters("permission", perm);
- return findOneBy(sc);
- }
-
- @Override
- public List<AclPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope) {
- SearchCriteria<AclPolicyPermissionVO> sc = actionScopeSearch.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("action", action);
- sc.setParameters("scope", scope);
- sc.setParameters("permission", Permission.Allow);
- return listBy(sc);
- }
-
- @Override
- public List<AclPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType) {
- SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("entityType", entityType);
- sc.setParameters("action", action);
- return listBy(sc);
- }
-
- @Override
- public List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType,
- String entityType) {
- SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("entityType", entityType);
- sc.setParameters("accessType", accessType);
- return listBy(sc);
- }
-
- @Override
- public List<AclPolicyPermissionVO> listByEntity(String entityType, Long entityId) {
- SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
- sc.setParameters("entityType", entityType);
- sc.setParameters("scopeId", entityId);
- return listBy(sc);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java
new file mode 100644
index 0000000..4caf659
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java
@@ -0,0 +1,17 @@
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+
+import org.apache.cloudstack.iam.server.IAMAccountPolicyMapVO;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface IAMAccountPolicyMapDao extends GenericDao<IAMAccountPolicyMapVO, Long> {
+
+ List<IAMAccountPolicyMapVO> listByAccountId(long acctId);
+
+ List<IAMAccountPolicyMapVO> listByPolicyId(long policyId);
+
+ IAMAccountPolicyMapVO findByAccountAndPolicy(long acctId, long policyId);
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
new file mode 100644
index 0000000..883fd5c
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
@@ -0,0 +1,61 @@
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.iam.server.IAMAccountPolicyMapVO;
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+public class IAMAccountPolicyMapDaoImpl extends GenericDaoBase<IAMAccountPolicyMapVO, Long> implements IAMAccountPolicyMapDao {
+
+ private SearchBuilder<IAMAccountPolicyMapVO> ListByAccountId;
+ private SearchBuilder<IAMAccountPolicyMapVO> ListByPolicyId;
+ private SearchBuilder<IAMAccountPolicyMapVO> findByPolicyAccountId;
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ ListByAccountId = createSearchBuilder();
+ ListByAccountId.and("accountId", ListByAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
+ ListByAccountId.done();
+
+ ListByPolicyId = createSearchBuilder();
+ ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ ListByPolicyId.done();
+
+ findByPolicyAccountId = createSearchBuilder();
+ findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ findByPolicyAccountId.and("accountId", findByPolicyAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
+ findByPolicyAccountId.done();
+
+ return true;
+ }
+
+ @Override
+ public List<IAMAccountPolicyMapVO> listByAccountId(long acctId) {
+ SearchCriteria<IAMAccountPolicyMapVO> sc = ListByAccountId.create();
+ sc.setParameters("accountId", acctId);
+ return listBy(sc);
+ }
+
+ @Override
+ public List<IAMAccountPolicyMapVO> listByPolicyId(long policyId) {
+ SearchCriteria<IAMAccountPolicyMapVO> sc = ListByPolicyId.create();
+ sc.setParameters("policyId", policyId);
+ return listBy(sc);
+ }
+
+ @Override
+ public IAMAccountPolicyMapVO findByAccountAndPolicy(long acctId, long policyId) {
+ SearchCriteria<IAMAccountPolicyMapVO> sc = findByPolicyAccountId.create();
+ sc.setParameters("policyId", policyId);
+ sc.setParameters("accountId", acctId);
+ return findOneBy(sc);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDao.java
new file mode 100644
index 0000000..a94dbaa
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDao.java
@@ -0,0 +1,40 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+
+import org.apache.cloudstack.iam.server.IAMGroupAccountMapVO;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface IAMGroupAccountMapDao extends GenericDao<IAMGroupAccountMapVO, Long> {
+
+ List<IAMGroupAccountMapVO> listByGroupId(long groupId);
+
+ List<IAMGroupAccountMapVO> listByAccountId(long accountId);
+
+ IAMGroupAccountMapVO findAccountInAdminGroup(long accountId);
+
+ IAMGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId);
+
+ void removeAccountFromGroups(long accountId);
+
+ IAMGroupAccountMapVO findAccountInDomainAdminGroup(long accountId);
+
+ IAMGroupAccountMapVO findAccountInUserGroup(long accountId);
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDaoImpl.java
new file mode 100644
index 0000000..4bb5d1a
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupAccountMapDaoImpl.java
@@ -0,0 +1,119 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.iam.server.IAMGroupAccountMapVO;
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
+
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+@Component
+public class IAMGroupAccountMapDaoImpl extends GenericDaoBase<IAMGroupAccountMapVO, Long> implements IAMGroupAccountMapDao {
+ private SearchBuilder<IAMGroupAccountMapVO> ListByGroupId;
+ private SearchBuilder<IAMGroupAccountMapVO> ListByAccountId;
+ private SearchBuilder<IAMGroupAccountMapVO> _findByAccountAndGroupId;
+
+ public static final Logger s_logger = Logger.getLogger(IAMGroupAccountMapDaoImpl.class.getName());
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ ListByGroupId = createSearchBuilder();
+ ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
+ ListByGroupId.done();
+
+ ListByAccountId = createSearchBuilder();
+ ListByAccountId.and("accountId", ListByAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
+ ListByAccountId.done();
+
+ _findByAccountAndGroupId = createSearchBuilder();
+ _findByAccountAndGroupId
+ .and("groupId", _findByAccountAndGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
+ _findByAccountAndGroupId.and("accountId", _findByAccountAndGroupId.entity().getAccountId(),
+ SearchCriteria.Op.EQ);
+ _findByAccountAndGroupId.done();
+
+ return true;
+ }
+
+ @Override
+ public List<IAMGroupAccountMapVO> listByGroupId(long groupId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = ListByGroupId.create();
+ sc.setParameters("groupId", groupId);
+ return listBy(sc);
+ }
+
+ @Override
+ public List<IAMGroupAccountMapVO> listByAccountId(long accountId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = ListByAccountId.create();
+ sc.setParameters("accountId", accountId);
+ return listBy(sc);
+ }
+
+ @Override
+ public IAMGroupAccountMapVO findAccountInAdminGroup(long accountId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
+ sc.setParameters("accountId", accountId);
+ sc.setParameters("groupId", 2);
+ return findOneBy(sc);
+ }
+
+ @Override
+ public IAMGroupAccountMapVO findAccountInDomainAdminGroup(long accountId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
+ sc.setParameters("accountId", accountId);
+ sc.setParameters("groupId", 3);
+ return findOneBy(sc);
+ }
+
+ @Override
+ public IAMGroupAccountMapVO findAccountInUserGroup(long accountId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
+ sc.setParameters("accountId", accountId);
+ sc.setParameters("groupId", 1);
+ return findOneBy(sc);
+ }
+
+ @Override
+ public IAMGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
+ sc.setParameters("accountId", acctId);
+ sc.setParameters("groupId", groupId);
+ return findOneBy(sc);
+ }
+
+ @Override
+ public void removeAccountFromGroups(long accountId) {
+ SearchCriteria<IAMGroupAccountMapVO> sc = ListByAccountId.create();
+ sc.setParameters("accountId", accountId);
+
+ int rowsRemoved = remove(sc);
+ if (rowsRemoved > 0) {
+ s_logger.debug("Removed account id=" + accountId + " from " + rowsRemoved + " groups");
+ }
+ }
+}
[18/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Renaming all beans in the xml files to use IAM insteda of Acl
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/57b687e8
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/57b687e8
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/57b687e8
Branch: refs/heads/master
Commit: 57b687e8b61b769229efbdaed3ae047cf697fc81
Parents: 6309887
Author: Prachi Damle <pr...@cloud.com>
Authored: Tue Feb 25 16:58:42 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 16:58:42 2014 -0800
----------------------------------------------------------------------
.../cloudstack/core/spring-iam-server-context.xml | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57b687e8/services/iam/server/resources/META-INF/cloudstack/core/spring-iam-server-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/server/resources/META-INF/cloudstack/core/spring-iam-server-context.xml b/services/iam/server/resources/META-INF/cloudstack/core/spring-iam-server-context.xml
index 82faa70..c9f383f 100644
--- a/services/iam/server/resources/META-INF/cloudstack/core/spring-iam-server-context.xml
+++ b/services/iam/server/resources/META-INF/cloudstack/core/spring-iam-server-context.xml
@@ -27,12 +27,12 @@
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
>
- <bean id="AclGroupDaoImpl" class="org.apache.cloudstack.iam.server.dao.AclGroupDaoImpl" />
- <bean id="AclPolicyDaoImpl" class="org.apache.cloudstack.iam.server.dao.AclPolicyDaoImpl" />
- <bean id="AclGroupAccountMapDaoImpl" class="org.apache.cloudstack.iam.server.dao.AclGroupAccountMapDaoImpl" />
- <bean id="AclGroupPolicyMapDaoImpl" class="org.apache.cloudstack.iam.server.dao.AclGroupPolicyMapDaoImpl" />
- <bean id="AclPolicyPermissionDaoImpl" class="org.apache.cloudstack.iam.server.dao.AclPolicyPermissionDaoImpl" />
- <bean id="AclAccountPolicyMapDaoImpl" class="org.apache.cloudstack.iam.server.dao.AclAccountPolicyMapDaoImpl" />
+ <bean id="IAMGroupDaoImpl" class="org.apache.cloudstack.iam.server.dao.IAMGroupDaoImpl" />
+ <bean id="IAMPolicyDaoImpl" class="org.apache.cloudstack.iam.server.dao.IAMPolicyDaoImpl" />
+ <bean id="IAMGroupAccountMapDaoImpl" class="org.apache.cloudstack.iam.server.dao.IAMGroupAccountMapDaoImpl" />
+ <bean id="IAMGroupPolicyMapDaoImpl" class="org.apache.cloudstack.iam.server.dao.IAMGroupPolicyMapDaoImpl" />
+ <bean id="IAMPolicyPermissionDaoImpl" class="org.apache.cloudstack.iam.server.dao.IAMPolicyPermissionDaoImpl" />
+ <bean id="IAMAccountPolicyMapDaoImpl" class="org.apache.cloudstack.iam.server.dao.IAMAccountPolicyMapDaoImpl" />
<bean id="IAMServiceImpl" class="org.apache.cloudstack.iam.server.IAMServiceImpl" />
[34/50] [abbrv] Merge branch 'master' into rbac.
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java
index 8a4a522,782ccae..94f0eee
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java
@@@ -18,7 -18,8 +18,11 @@@ package org.apache.cloudstack.api.comma
import java.util.ArrayList;
import java.util.List;
+
++import org.apache.log4j.Logger;
++
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@@ -28,11 -29,12 +32,11 @@@ import org.apache.cloudstack.api.respon
import org.apache.cloudstack.api.response.ServiceOfferingResponse;
import org.apache.cloudstack.api.response.TemplateResponse;
import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.network.as.AutoScaleVmProfile;
- @APICommand(name = "listAutoScaleVmProfiles", description = "Lists autoscale vm profiles.", responseObject = AutoScaleVmProfileResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile })
-@APICommand(name = "listAutoScaleVmProfiles", description = "Lists autoscale vm profiles.", responseObject = AutoScaleVmProfileResponse.class,
++@APICommand(name = "listAutoScaleVmProfiles", description = "Lists autoscale vm profiles.", responseObject = AutoScaleVmProfileResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListAutoScaleVmProfilesCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAutoScaleVmProfilesCmd.class.getName());
@@@ -104,7 -118,7 +120,7 @@@
}
response.setResponses(responses);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java
index 26f06bd,d0be35d..8cd7211
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java
@@@ -39,7 -36,8 +39,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.as.AutoScalePolicy;
import com.cloud.user.Account;
- @APICommand(name = "updateAutoScalePolicy", description = "Updates an existing autoscale policy.", responseObject = AutoScalePolicyResponse.class, entityType = { IAMEntityType.AutoScalePolicy })
-@APICommand(name = "updateAutoScalePolicy", description = "Updates an existing autoscale policy.", responseObject = AutoScalePolicyResponse.class,
++@APICommand(name = "updateAutoScalePolicy", description = "Updates an existing autoscale policy.", responseObject = AutoScalePolicyResponse.class, entityType = {IAMEntityType.AutoScalePolicy},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpdateAutoScalePolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateAutoScalePolicyCmd.class.getName());
@@@ -79,7 -76,7 +80,7 @@@
if (result != null) {
AutoScalePolicyResponse response = _responseGenerator.createAutoScalePolicyResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update autoscale policy");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java
index 1dbdf34,c350b10..60ea51e
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java
@@@ -19,11 -19,7 +19,12 @@@ package org.apache.cloudstack.api.comma
import java.util.List;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@@ -39,7 -36,8 +40,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.as.AutoScaleVmGroup;
import com.cloud.user.Account;
- @APICommand(name = "updateAutoScaleVmGroup", description = "Updates an existing autoscale vm group.", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
-@APICommand(name = "updateAutoScaleVmGroup", description = "Updates an existing autoscale vm group.", responseObject = AutoScaleVmGroupResponse.class,
++@APICommand(name = "updateAutoScaleVmGroup", description = "Updates an existing autoscale vm group.", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpdateAutoScaleVmGroupCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateAutoScaleVmGroupCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java
index 87b936d,31f7329..54e34da
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java
@@@ -19,11 -19,7 +19,12 @@@ package org.apache.cloudstack.api.comma
import java.util.Map;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@@ -40,7 -37,8 +41,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.as.AutoScaleVmProfile;
import com.cloud.user.Account;
- @APICommand(name = "updateAutoScaleVmProfile", description = "Updates an existing autoscale vm profile.", responseObject = AutoScaleVmProfileResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile })
-@APICommand(name = "updateAutoScaleVmProfile", description = "Updates an existing autoscale vm profile.", responseObject = AutoScaleVmProfileResponse.class,
++@APICommand(name = "updateAutoScaleVmProfile", description = "Updates an existing autoscale vm profile.", responseObject = AutoScaleVmProfileResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpdateAutoScaleVmProfileCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateAutoScaleVmProfileCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java
index 22eae05,5b0b94a..8ff2c3e
--- a/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java
@@@ -35,7 -34,8 +35,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.user.Account;
- @APICommand(name = "archiveEvents", description = "Archive one or more events.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Event })
-@APICommand(name = "archiveEvents", description = "Archive one or more events.", responseObject = SuccessResponse.class,
++@APICommand(name = "archiveEvents", description = "Archive one or more events.", responseObject = SuccessResponse.class, entityType = {IAMEntityType.Event},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ArchiveEventsCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(ArchiveEventsCmd.class.getName());
@@@ -112,7 -112,7 +113,7 @@@
boolean result = _mgr.archiveEvents(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Unable to archive Events, one or more parameters has invalid values");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java
index ca802a4,ccb6127..10c1c0c
--- a/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java
@@@ -35,7 -34,8 +35,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.user.Account;
- @APICommand(name = "deleteEvents", description = "Delete one or more events.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Event })
-@APICommand(name = "deleteEvents", description = "Delete one or more events.", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteEvents", description = "Delete one or more events.", responseObject = SuccessResponse.class, entityType = {IAMEntityType.Event},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteEventsCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteEventsCmd.class.getName());
@@@ -112,7 -112,7 +113,7 @@@
boolean result = _mgr.deleteEvents(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Unable to delete Events, one or more parameters has invalid values");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
index 620bd86,b3525c3..b420cf1
--- a/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
@@@ -28,7 -27,8 +28,8 @@@ import org.apache.cloudstack.api.Parame
import org.apache.cloudstack.api.response.EventResponse;
import org.apache.cloudstack.api.response.ListResponse;
- @APICommand(name = "listEvents", description = "A command to list events.", responseObject = EventResponse.class, entityType = { IAMEntityType.Event })
-@APICommand(name = "listEvents", description = "A command to list events.", responseObject = EventResponse.class,
++@APICommand(name = "listEvents", description = "A command to list events.", responseObject = EventResponse.class, entityType = {IAMEntityType.Event},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListEventsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListEventsCmd.class.getName());
@@@ -109,6 -109,6 +110,6 @@@
ListResponse<EventResponse> response = _queryService.searchForEvents(this);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
index 20029bc,d15ea4b..8ef1b89
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
@@@ -44,7 -45,8 +45,8 @@@ import com.cloud.network.rules.Firewall
import com.cloud.user.Account;
import com.cloud.utils.net.NetUtils;
- @APICommand(name = "createEgressFirewallRule", description = "Creates a egress firewall rule for a given network ", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule })
-@APICommand(name = "createEgressFirewallRule", description = "Creates a egress firewall rule for a given network ", responseObject = FirewallResponse.class,
++@APICommand(name = "createEgressFirewallRule", description = "Creates a egress firewall rule for a given network ", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements FirewallRule {
public static final Logger s_logger = Logger.getLogger(CreateEgressFirewallRuleCmd.class.getName());
@@@ -271,8 -276,8 +276,8 @@@
@Override
public String getEventDescription() {
- Network network = _networkService.getNetwork(networkId);
+ Network network = _networkService.getNetwork(networkId);
- return ("Creating firewall rule for network: " + network + " for protocol:" + this.getProtocol());
+ return ("Creating firewall rule for network: " + network + " for protocol:" + getProtocol());
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
index e2fd492,76c6e74..21e680a
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
@@@ -43,7 -44,8 +44,8 @@@ import com.cloud.network.rules.Firewall
import com.cloud.user.Account;
import com.cloud.utils.net.NetUtils;
- @APICommand(name = "createFirewallRule", description = "Creates a firewall rule for a given ip address", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule })
-@APICommand(name = "createFirewallRule", description = "Creates a firewall rule for a given ip address", responseObject = FirewallResponse.class,
++@APICommand(name = "createFirewallRule", description = "Creates a firewall rule for a given ip address", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements FirewallRule {
public static final Logger s_logger = Logger.getLogger(CreateFirewallRuleCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
index a072d90,53945a6..7328374
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
@@@ -43,8 -44,10 +44,10 @@@ import com.cloud.network.IpAddress
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.user.Account;
import com.cloud.utils.net.Ip;
+ import com.cloud.utils.net.NetUtils;
- @APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class, entityType = { IAMEntityType.PortForwardingRule })
-@APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class,
++@APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class, entityType = { IAMEntityType.PortForwardingRule },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule {
public static final Logger s_logger = Logger.getLogger(CreatePortForwardingRuleCmd.class.getName());
@@@ -115,9 -118,12 +118,12 @@@
@Parameter(name = ApiConstants.VM_GUEST_IP,
type = CommandType.STRING,
required = false,
- description = "VM guest nic Secondary ip address for the port forwarding rule")
+ description = "VM guest nic Secondary ip address for the port forwarding rule")
private String vmSecondaryIp;
+ @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
+ private Boolean display;
+
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
index 7048826,5ce2245..ebed335
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
@@@ -39,7 -36,8 +39,8 @@@ import com.cloud.exception.InvalidParam
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.rules.FirewallRule;
- @APICommand(name = "deleteEgressFirewallRule", description = "Deletes an ggress firewall rule", responseObject = SuccessResponse.class, entityType = { IAMEntityType.FirewallRule })
-@APICommand(name = "deleteEgressFirewallRule", description = "Deletes an ggress firewall rule", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteEgressFirewallRule", description = "Deletes an ggress firewall rule", responseObject = SuccessResponse.class, entityType = {IAMEntityType.FirewallRule},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteEgressFirewallRuleCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteEgressFirewallRuleCmd.class.getName());
private static final String s_name = "deleteegressfirewallruleresponse";
@@@ -102,7 -99,7 +103,7 @@@
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete egress firewall rule");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
index 59612e9,7b10299..3f61e64
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
@@@ -38,7 -35,8 +38,8 @@@ import com.cloud.exception.InvalidParam
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.rules.FirewallRule;
- @APICommand(name = "deleteFirewallRule", description = "Deletes a firewall rule", responseObject = SuccessResponse.class, entityType = { IAMEntityType.FirewallRule })
-@APICommand(name = "deleteFirewallRule", description = "Deletes a firewall rule", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteFirewallRule", description = "Deletes a firewall rule", responseObject = SuccessResponse.class, entityType = {IAMEntityType.FirewallRule},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteFirewallRuleCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteFirewallRuleCmd.class.getName());
private static final String s_name = "deletefirewallruleresponse";
@@@ -100,7 -98,7 +101,7 @@@
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete firewall rule");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java
index 1457a32,1e6e592..551885d
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java
@@@ -37,7 -34,8 +37,8 @@@ import com.cloud.event.EventTypes
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.rules.PortForwardingRule;
- @APICommand(name = "deletePortForwardingRule", description = "Deletes a port forwarding rule", responseObject = SuccessResponse.class, entityType = { IAMEntityType.PortForwardingRule })
-@APICommand(name = "deletePortForwardingRule", description = "Deletes a port forwarding rule", responseObject = SuccessResponse.class,
++@APICommand(name = "deletePortForwardingRule", description = "Deletes a port forwarding rule", responseObject = SuccessResponse.class, entityType = {IAMEntityType.PortForwardingRule},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeletePortForwardingRuleCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeletePortForwardingRuleCmd.class.getName());
private static final String s_name = "deleteportforwardingruleresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java
index 8307a9e,9585256..ece2201
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java
@@@ -34,7 -32,8 +34,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.rules.FirewallRule;
import com.cloud.utils.Pair;
- @APICommand(name = "listEgressFirewallRules", description = "Lists all egress firewall rules for network id.", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule })
-@APICommand(name = "listEgressFirewallRules", description = "Lists all egress firewall rules for network id.", responseObject = FirewallResponse.class,
++@APICommand(name = "listEgressFirewallRules", description = "Lists all egress firewall rules for network id.", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListEgressFirewallRulesCmd extends ListFirewallRulesCmd {
public static final Logger s_logger = Logger.getLogger(ListEgressFirewallRulesCmd.class.getName());
private static final String s_name = "listegressfirewallrulesresponse";
@@@ -92,6 -91,6 +93,6 @@@
}
response.setResponses(fwResponses, result.second());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java
index e1e83cd,01fc436..870f81d
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java
@@@ -19,9 -19,7 +19,10 @@@ package org.apache.cloudstack.api.comma
import java.util.ArrayList;
import java.util.List;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@@ -35,7 -34,8 +36,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.rules.FirewallRule;
import com.cloud.utils.Pair;
- @APICommand(name = "listFirewallRules", description = "Lists all firewall rules for an IP address.", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule })
-@APICommand(name = "listFirewallRules", description = "Lists all firewall rules for an IP address.", responseObject = FirewallResponse.class,
++@APICommand(name = "listFirewallRules", description = "Lists all firewall rules for an IP address.", responseObject = FirewallResponse.class, entityType = {IAMEntityType.FirewallRule},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListFirewallRulesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListFirewallRulesCmd.class.getName());
private static final String s_name = "listfirewallrulesresponse";
@@@ -101,6 -112,6 +114,6 @@@
}
response.setResponses(fwResponses, result.second());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java
index 11f6592,63b6ea7..681da33
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java
@@@ -19,9 -19,7 +19,10 @@@ package org.apache.cloudstack.api.comma
import java.util.ArrayList;
import java.util.List;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@@ -34,7 -33,8 +35,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.utils.Pair;
- @APICommand(name = "listPortForwardingRules", description = "Lists all port forwarding rules for an IP address.", responseObject = FirewallRuleResponse.class, entityType = { IAMEntityType.PortForwardingRule })
-@APICommand(name = "listPortForwardingRules", description = "Lists all port forwarding rules for an IP address.", responseObject = FirewallRuleResponse.class,
++@APICommand(name = "listPortForwardingRules", description = "Lists all port forwarding rules for an IP address.", responseObject = FirewallRuleResponse.class, entityType = {IAMEntityType.PortForwardingRule},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListPortForwardingRulesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListPortForwardingRulesCmd.class.getName());
@@@ -98,6 -109,6 +111,6 @@@
}
response.setResponses(fwResponses, result.second());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
index fec9ba2,b47247d..55b378a
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
@@@ -16,9 -16,7 +16,10 @@@
// under the License.
package org.apache.cloudstack.api.command.user.firewall;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCmd;
@@@ -37,7 -36,8 +38,8 @@@ import com.cloud.user.Account
@APICommand(name = "updatePortForwardingRule",
responseObject = FirewallRuleResponse.class,
- description = "Updates a port forwarding rule. Only the private port and the virtual machine can be updated.", entityType = {IAMEntityType.PortForwardingRule})
- description = "Updates a port forwarding rule",
- requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
++ description = "Updates a port forwarding rule. Only the private port and the virtual machine can be updated.", entityType = {IAMEntityType.PortForwardingRule},
++ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdatePortForwardingRuleCmd.class.getName());
private static final String s_name = "updateportforwardingruleresponse";
@@@ -141,7 -148,7 +150,7 @@@
@Override
public void execute() {
- PortForwardingRule rule = _rulesService.updatePortForwardingRule(id, getCustomId());
- PortForwardingRule rule = _rulesService.updatePortForwardingRule(id, this.getCustomId(), getDisplay());
++ PortForwardingRule rule = _rulesService.updatePortForwardingRule(id, getCustomId(), getDisplay());
FirewallRuleResponse fwResponse = new FirewallRuleResponse();
if (rule != null) {
fwResponse = _responseGenerator.createPortForwardingRuleResponse(rule);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/iso/AttachIsoCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/iso/AttachIsoCmd.java
index d5e53a1,c7bd5b1..1b8087b
--- a/api/src/org/apache/cloudstack/api/command/user/iso/AttachIsoCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/iso/AttachIsoCmd.java
@@@ -34,7 -33,8 +34,8 @@@ import com.cloud.event.EventTypes
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.uservm.UserVm;
- @APICommand(name = "attachIso", description = "Attaches an ISO to a virtual machine.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted)
-@APICommand(name = "attachIso", description = "Attaches an ISO to a virtual machine.", responseObject = UserVmResponse.class,
++@APICommand(name = "attachIso", description = "Attaches an ISO to a virtual machine.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class AttachIsoCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AttachIsoCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/iso/DetachIsoCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/iso/DetachIsoCmd.java
index 1376c10,d398009..97db2f3
--- a/api/src/org/apache/cloudstack/api/command/user/iso/DetachIsoCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/iso/DetachIsoCmd.java
@@@ -32,7 -31,8 +32,8 @@@ import com.cloud.event.EventTypes
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.uservm.UserVm;
- @APICommand(name = "detachIso", description = "Detaches any ISO file (if any) currently attached to a virtual machine.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted)
-@APICommand(name = "detachIso", description = "Detaches any ISO file (if any) currently attached to a virtual machine.", responseObject = UserVmResponse.class,
++@APICommand(name = "detachIso", description = "Detaches any ISO file (if any) currently attached to a virtual machine.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class DetachIsoCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DetachIsoCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/iso/ListIsoPermissionsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/iso/ListIsoPermissionsCmd.java
index 2f2c216,a54adfc..f8863d1
--- a/api/src/org/apache/cloudstack/api/command/user/iso/ListIsoPermissionsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/iso/ListIsoPermissionsCmd.java
@@@ -26,7 -25,11 +26,9 @@@ import org.apache.cloudstack.api.respon
import com.cloud.storage.Storage.ImageFormat;
import com.cloud.template.VirtualMachineTemplate;
- @APICommand(name = "listIsoPermissions", description = "List iso visibility and all accounts that have permissions to view this iso.", responseObject = TemplatePermissionsResponse.class, responseView = ResponseView.Restricted)
-@APICommand(name = "listIsoPermissions",
- description = "List iso visibility and all accounts that have permissions to view this iso.",
- responseObject = TemplatePermissionsResponse.class,
++@APICommand(name = "listIsoPermissions", description = "List iso visibility and all accounts that have permissions to view this iso.", responseObject = TemplatePermissionsResponse.class, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = false)
public class ListIsoPermissionsCmd extends BaseListTemplateOrIsoPermissionsCmd {
protected String getResponseName() {
return "listisopermissionsresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/iso/ListIsosCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/iso/ListIsosCmd.java
index af674eb,8c3e218..5f5c61f
--- a/api/src/org/apache/cloudstack/api/command/user/iso/ListIsosCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/iso/ListIsosCmd.java
@@@ -32,7 -31,8 +32,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.template.VirtualMachineTemplate.TemplateFilter;
import com.cloud.user.Account;
- @APICommand(name = "listIsos", description = "Lists all available ISO files.", responseObject = TemplateResponse.class, responseView = ResponseView.Restricted)
-@APICommand(name = "listIsos", description = "Lists all available ISO files.", responseObject = TemplateResponse.class,
++@APICommand(name = "listIsos", description = "Lists all available ISO files.", responseObject = TemplateResponse.class, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListIsosCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListIsosCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/iso/RegisterIsoCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/iso/RegisterIsoCmd.java
index b78eeb6,af18057..fa1a29e
--- a/api/src/org/apache/cloudstack/api/command/user/iso/RegisterIsoCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/iso/RegisterIsoCmd.java
@@@ -38,7 -37,8 +38,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.exception.ResourceAllocationException;
import com.cloud.template.VirtualMachineTemplate;
- @APICommand(name = "registerIso", responseObject = TemplateResponse.class, description = "Registers an existing ISO into the CloudStack Cloud.", responseView = ResponseView.Restricted)
-@APICommand(name = "registerIso", responseObject = TemplateResponse.class, description = "Registers an existing ISO into the CloudStack Cloud.",
++@APICommand(name = "registerIso", responseObject = TemplateResponse.class, description = "Registers an existing ISO into the CloudStack Cloud.", responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class RegisterIsoCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(RegisterIsoCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/iso/UpdateIsoCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/iso/UpdateIsoCmd.java
index b77a913,5f24e6a..b569d65
--- a/api/src/org/apache/cloudstack/api/command/user/iso/UpdateIsoCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/iso/UpdateIsoCmd.java
@@@ -28,7 -27,8 +28,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.template.VirtualMachineTemplate;
import com.cloud.user.Account;
- @APICommand(name = "updateIso", description = "Updates an ISO file.", responseObject = TemplateResponse.class, responseView = ResponseView.Restricted)
-@APICommand(name = "updateIso", description = "Updates an ISO file.", responseObject = TemplateResponse.class,
++@APICommand(name = "updateIso", description = "Updates an ISO file.", responseObject = TemplateResponse.class, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpdateIsoCmd extends BaseUpdateTemplateOrIsoCmd {
public static final Logger s_logger = Logger.getLogger(UpdateIsoCmd.class.getName());
private static final String s_name = "updateisoresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/loadbalancer/ListLoadBalancerRuleInstancesCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/loadbalancer/ListLoadBalancerRuleInstancesCmd.java
index ec9801b,4412d51..2d458a7
--- a/api/src/org/apache/cloudstack/api/command/user/loadbalancer/ListLoadBalancerRuleInstancesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/loadbalancer/ListLoadBalancerRuleInstancesCmd.java
@@@ -33,7 -32,11 +33,9 @@@ import org.apache.cloudstack.api.respon
import com.cloud.uservm.UserVm;
import com.cloud.utils.Pair;
- @APICommand(name = "listLoadBalancerRuleInstances", description = "List all virtual machine instances that are assigned to a load balancer rule.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted)
-@APICommand(name = "listLoadBalancerRuleInstances",
- description = "List all virtual machine instances that are assigned to a load balancer rule.",
- responseObject = UserVmResponse.class,
++@APICommand(name = "listLoadBalancerRuleInstances", description = "List all virtual machine instances that are assigned to a load balancer rule.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = true)
public class ListLoadBalancerRuleInstancesCmd extends BaseListCmd {
public static final Logger s_logger = Logger.getLogger(ListLoadBalancerRuleInstancesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
index db3d2cb,2f9220f..172b4c6
--- a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
@@@ -16,9 -16,7 +16,10 @@@
// under the License.
package org.apache.cloudstack.api.command.user.network;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@@ -44,7 -42,8 +45,8 @@@ import com.cloud.network.Network
import com.cloud.network.Network.GuestType;
import com.cloud.offering.NetworkOffering;
- @APICommand(name = "createNetwork", description = "Creates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Network })
-@APICommand(name = "createNetwork", description = "Creates a network", responseObject = NetworkResponse.class,
++@APICommand(name = "createNetwork", description = "Creates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.Network},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateNetworkCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateNetworkCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
index 4f6e9b6,224eec0..50bc94a
--- a/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
@@@ -36,7 -33,8 +36,8 @@@ import com.cloud.event.EventTypes
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.Network;
- @APICommand(name = "deleteNetwork", description = "Deletes a network", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Network })
-@APICommand(name = "deleteNetwork", description = "Deletes a network", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteNetwork", description = "Deletes a network", responseObject = SuccessResponse.class, entityType = {IAMEntityType.Network},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteNetworkCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteNetworkOfferingCmd.class.getName());
private static final String s_name = "deletenetworkresponse";
@@@ -79,7 -77,7 +80,7 @@@
boolean result = _networkService.deleteNetwork(id, isForced());
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete network");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java
index c64031e,2e54a07..455d8dc
--- a/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java
@@@ -19,9 -19,7 +19,10 @@@ package org.apache.cloudstack.api.comma
import java.util.ArrayList;
import java.util.List;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@@ -36,7 -34,8 +37,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.Network;
import com.cloud.utils.Pair;
- @APICommand(name = "listNetworks", description = "Lists all available networks.", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Network })
-@APICommand(name = "listNetworks", description = "Lists all available networks.", responseObject = NetworkResponse.class,
++@APICommand(name = "listNetworks", description = "Lists all available networks.", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Network },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListNetworksCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListNetworksCmd.class.getName());
private static final String Name = "listnetworksresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java
index ce0df8c,db7b721..6baafda
--- a/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java
@@@ -41,7 -38,9 +41,9 @@@ import com.cloud.network.Network
@APICommand(name = "restartNetwork",
description = "Restarts the network; includes 1) restarting network elements - virtual routers, dhcp servers 2) reapplying all public ips 3) reapplying loadBalancing/portForwarding rules",
- responseObject = IPAddressResponse.class, entityType = { IAMEntityType.Network })
- responseObject = IPAddressResponse.class,
++ responseObject = IPAddressResponse.class, entityType = {IAMEntityType.Network},
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = false)
public class RestartNetworkCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RestartNetworkCmd.class.getName());
private static final String s_name = "restartnetworkresponse";
@@@ -94,7 -93,7 +96,7 @@@
boolean result = _networkService.restartNetwork(this, getCleanup());
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to restart network");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
index 2d7643c,d6eae94..aea7448
--- a/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
@@@ -16,11 -16,7 +16,12 @@@
// under the License.
package org.apache.cloudstack.api.command.user.network;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@@ -42,7 -38,8 +43,8 @@@ import com.cloud.offering.NetworkOfferi
import com.cloud.user.Account;
import com.cloud.user.User;
- @APICommand(name = "updateNetwork", description = "Updates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Network })
-@APICommand(name = "updateNetwork", description = "Updates a network", responseObject = NetworkResponse.class,
++@APICommand(name = "updateNetwork", description = "Updates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = {IAMEntityType.Network},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpdateNetworkCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateNetworkCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/resource/UpdateResourceCountCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
index 0650362,748f60c..4eca10f
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
@@@ -45,7 -42,12 +45,9 @@@ import com.cloud.exception.InvalidParam
import com.cloud.network.security.SecurityRule;
import com.cloud.utils.StringUtils;
- @APICommand(name = "authorizeSecurityGroupEgress", responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular egress rule for this security group", since = "3.0.0", entityType = { IAMEntityType.SecurityGroup })
-@APICommand(name = "authorizeSecurityGroupEgress",
- responseObject = SecurityGroupRuleResponse.class,
- description = "Authorizes a particular egress rule for this security group",
- since = "3.0.0",
++@APICommand(name = "authorizeSecurityGroupEgress", responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular egress rule for this security group", since = "3.0.0", entityType = {IAMEntityType.SecurityGroup},
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = false)
@SuppressWarnings("rawtypes")
public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
index 13de69c,d93a57c..41cea41
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
@@@ -45,7 -42,11 +45,9 @@@ import com.cloud.exception.InvalidParam
import com.cloud.network.security.SecurityRule;
import com.cloud.utils.StringUtils;
- @APICommand(name = "authorizeSecurityGroupIngress", responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular ingress rule for this security group", entityType = { IAMEntityType.SecurityGroup })
-@APICommand(name = "authorizeSecurityGroupIngress",
- responseObject = SecurityGroupRuleResponse.class,
- description = "Authorizes a particular ingress rule for this security group",
++@APICommand(name = "authorizeSecurityGroupIngress", responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular ingress rule for this security group", entityType = {IAMEntityType.SecurityGroup},
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = false)
@SuppressWarnings("rawtypes")
public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
index 824db25,9e1bae3..1f7f872
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
@@@ -33,7 -32,8 +33,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.network.security.SecurityGroup;
import com.cloud.user.Account;
- @APICommand(name = "createSecurityGroup", responseObject = SecurityGroupResponse.class, description = "Creates a security group", entityType = { IAMEntityType.SecurityGroup })
-@APICommand(name = "createSecurityGroup", responseObject = SecurityGroupResponse.class, description = "Creates a security group",
++@APICommand(name = "createSecurityGroup", responseObject = SecurityGroupResponse.class, description = "Creates a security group", entityType = {IAMEntityType.SecurityGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateSecurityGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateSecurityGroupCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
index 03634ad,2b23ac0..8e08254
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
@@@ -36,7 -33,8 +36,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceInUseException;
- @APICommand(name = "deleteSecurityGroup", description = "Deletes security group", responseObject = SuccessResponse.class, entityType = { IAMEntityType.SecurityGroup })
-@APICommand(name = "deleteSecurityGroup", description = "Deletes security group", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteSecurityGroup", description = "Deletes security group", responseObject = SuccessResponse.class, entityType = {IAMEntityType.SecurityGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteSecurityGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteSecurityGroupCmd.class.getName());
private static final String s_name = "deletesecuritygroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java
index 23a8ad0,aa0c01b..02be63d
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java
@@@ -28,7 -27,8 +28,8 @@@ import org.apache.cloudstack.api.respon
import org.apache.cloudstack.api.response.SecurityGroupResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
- @APICommand(name = "listSecurityGroups", description = "Lists security groups", responseObject = SecurityGroupResponse.class, entityType = { IAMEntityType.SecurityGroup })
-@APICommand(name = "listSecurityGroups", description = "Lists security groups", responseObject = SecurityGroupResponse.class,
++@APICommand(name = "listSecurityGroups", description = "Lists security groups", responseObject = SecurityGroupResponse.class, entityType = {IAMEntityType.SecurityGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListSecurityGroupsCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListSecurityGroupsCmd.class.getName());
@@@ -78,7 -78,7 +79,7 @@@
public void execute() {
ListResponse<SecurityGroupResponse> response = _queryService.searchForSecurityGroups(this);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
index a93bee5,db341a3..d1ffc1e
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
@@@ -34,8 -33,12 +34,10 @@@ import com.cloud.network.security.Secur
import com.cloud.network.security.SecurityRule;
import com.cloud.user.Account;
-@APICommand(name = "revokeSecurityGroupEgress",
- responseObject = SuccessResponse.class,
- description = "Deletes a particular egress rule from this security group",
- since = "3.0.0",
+
- @APICommand(name = "revokeSecurityGroupEgress", responseObject = SuccessResponse.class, description = "Deletes a particular egress rule from this security group", since = "3.0.0", entityType = { IAMEntityType.SecurityGroup })
++@APICommand(name = "revokeSecurityGroupEgress", responseObject = SuccessResponse.class, description = "Deletes a particular egress rule from this security group", since = "3.0.0", entityType = {IAMEntityType.SecurityGroup},
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = false)
public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupEgressCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java
index 3a39ced,708277c..8543e0e
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java
@@@ -36,7 -33,8 +36,8 @@@ import com.cloud.network.security.Secur
import com.cloud.network.security.SecurityRule;
import com.cloud.user.Account;
- @APICommand(name = "revokeSecurityGroupIngress", responseObject = SuccessResponse.class, description = "Deletes a particular ingress rule from this security group", entityType = { IAMEntityType.SecurityGroup })
-@APICommand(name = "revokeSecurityGroupIngress", responseObject = SuccessResponse.class, description = "Deletes a particular ingress rule from this security group",
++@APICommand(name = "revokeSecurityGroupIngress", responseObject = SuccessResponse.class, description = "Deletes a particular ingress rule from this security group", entityType = {IAMEntityType.SecurityGroup},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class RevokeSecurityGroupIngressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupIngressCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java
index 9097586,b764a41..2020518
--- a/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java
@@@ -42,7 -41,8 +42,8 @@@ import com.cloud.storage.Snapshot
import com.cloud.storage.Volume;
import com.cloud.user.Account;
- @APICommand(name = "createSnapshot", description = "Creates an instant snapshot of a volume.", responseObject = SnapshotResponse.class, entityType = { IAMEntityType.Snapshot })
-@APICommand(name = "createSnapshot", description = "Creates an instant snapshot of a volume.", responseObject = SnapshotResponse.class,
++@APICommand(name = "createSnapshot", description = "Creates an instant snapshot of a volume.", responseObject = SnapshotResponse.class, entityType = {IAMEntityType.Snapshot},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateSnapshotCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateSnapshotCmd.class.getName());
private static final String s_name = "createsnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java
index 3771300,deeeb78..7d57c21
--- a/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java
@@@ -36,7 -33,8 +36,8 @@@ import com.cloud.event.EventTypes
import com.cloud.storage.Snapshot;
import com.cloud.user.Account;
- @APICommand(name = "deleteSnapshot", description = "Deletes a snapshot of a disk volume.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Snapshot })
-@APICommand(name = "deleteSnapshot", description = "Deletes a snapshot of a disk volume.", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteSnapshot", description = "Deletes a snapshot of a disk volume.", responseObject = SuccessResponse.class, entityType = {IAMEntityType.Snapshot},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteSnapshotCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteSnapshotCmd.class.getName());
private static final String s_name = "deletesnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java
index b44e11f,320ed63..ed26e7f
--- a/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java
@@@ -35,7 -34,8 +35,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.storage.Snapshot;
import com.cloud.utils.Pair;
- @APICommand(name = "listSnapshots", description = "Lists all available snapshots for the account.", responseObject = SnapshotResponse.class, entityType = { IAMEntityType.Snapshot })
-@APICommand(name = "listSnapshots", description = "Lists all available snapshots for the account.", responseObject = SnapshotResponse.class,
++@APICommand(name = "listSnapshots", description = "Lists all available snapshots for the account.", responseObject = SnapshotResponse.class, entityType = {IAMEntityType.Snapshot},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListSnapshotsCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListSnapshotsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java
index 0b91084,5608215..ab83812
--- a/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java
@@@ -37,13 -34,11 +37,14 @@@ import com.cloud.event.EventTypes
import com.cloud.storage.Snapshot;
import com.cloud.user.Account;
- @APICommand(name = "revertSnapshot", description = "revert a volume snapshot.", responseObject = SnapshotResponse.class, entityType = { IAMEntityType.Snapshot })
-@APICommand(name = "revertSnapshot", description = "revert a volume snapshot.", responseObject = SnapshotResponse.class,
++@APICommand(name = "revertSnapshot", description = "revert a volume snapshot.", responseObject = SnapshotResponse.class, entityType = {IAMEntityType.Snapshot},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class RevertSnapshotCmd extends BaseAsyncCmd {
private static final String s_name = "revertsnapshotresponse";
- @Parameter(name = ApiConstants.ID, type = BaseCmd.CommandType.UUID, entityType = SnapshotResponse.class, required = true, description = "The ID of the snapshot")
+
+ @ACL(accessType = AccessType.OperateEntry)
+ @Parameter(name= ApiConstants.ID, type= BaseCmd.CommandType.UUID, entityType = SnapshotResponse.class,
+ required=true, description="The ID of the snapshot")
private Long id;
public Long getId() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
index a56fe80,3da6dc1..05eddbe
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
@@@ -30,7 -29,8 +30,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.user.SSHKeyPair;
- @APICommand(name = "createSSHKeyPair", description = "Create a new keypair and returns the private key", responseObject = CreateSSHKeyPairResponse.class, entityType = { IAMEntityType.SSHKeyPair })
-@APICommand(name = "createSSHKeyPair", description = "Create a new keypair and returns the private key", responseObject = CreateSSHKeyPairResponse.class,
++@APICommand(name = "createSSHKeyPair", description = "Create a new keypair and returns the private key", responseObject = CreateSSHKeyPairResponse.class, entityType = {IAMEntityType.SSHKeyPair},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
public class CreateSSHKeyPairCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateSSHKeyPairCmd.class.getName());
private static final String s_name = "createsshkeypairresponse";
@@@ -94,7 -94,7 +95,7 @@@
CreateSSHKeyPairResponse response = new CreateSSHKeyPairResponse(r.getName(), r.getFingerprint(), r.getPrivateKey());
response.setResponseName(getCommandName());
response.setObjectName("keypair");
-- this.setResponseObject(response);
++ setResponseObject(response);
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
index 7e45ae5,cddf199..19b29bd
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
@@@ -30,7 -29,8 +30,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.user.Account;
- @APICommand(name = "deleteSSHKeyPair", description = "Deletes a keypair by name", responseObject = SuccessResponse.class, entityType = { IAMEntityType.SSHKeyPair })
-@APICommand(name = "deleteSSHKeyPair", description = "Deletes a keypair by name", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteSSHKeyPair", description = "Deletes a keypair by name", responseObject = SuccessResponse.class, entityType = {IAMEntityType.SSHKeyPair},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteSSHKeyPairCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateSSHKeyPairCmd.class.getName());
private static final String s_name = "deletesshkeypairresponse";
@@@ -80,7 -80,7 +81,7 @@@
boolean result = _mgr.deleteSSHKeyPair(this);
SuccessResponse response = new SuccessResponse(getCommandName());
response.setSuccess(result);
-- this.setResponseObject(response);
++ setResponseObject(response);
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
index 2551865,98f5937..f02bf9f
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
@@@ -32,7 -31,8 +32,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.user.SSHKeyPair;
import com.cloud.utils.Pair;
- @APICommand(name = "listSSHKeyPairs", description = "List registered keypairs", responseObject = SSHKeyPairResponse.class, entityType = { IAMEntityType.SSHKeyPair })
-@APICommand(name = "listSSHKeyPairs", description = "List registered keypairs", responseObject = SSHKeyPairResponse.class,
++@APICommand(name = "listSSHKeyPairs", description = "List registered keypairs", responseObject = SSHKeyPairResponse.class, entityType = {IAMEntityType.SSHKeyPair},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListSSHKeyPairsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListSSHKeyPairsCmd.class.getName());
private static final String s_name = "listsshkeypairsresponse";
@@@ -76,7 -76,7 +77,7 @@@
ListResponse<SSHKeyPairResponse> response = new ListResponse<SSHKeyPairResponse>();
response.setResponses(responses, resultList.second());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
index 07fc2f5,5b330f3..5fd0492
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
@@@ -30,7 -29,8 +30,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.user.SSHKeyPair;
- @APICommand(name = "registerSSHKeyPair", description = "Register a public key in a keypair under a certain name", responseObject = SSHKeyPairResponse.class, entityType = { IAMEntityType.SSHKeyPair })
-@APICommand(name = "registerSSHKeyPair", description = "Register a public key in a keypair under a certain name", responseObject = SSHKeyPairResponse.class,
++@APICommand(name = "registerSSHKeyPair", description = "Register a public key in a keypair under a certain name", responseObject = SSHKeyPairResponse.class, entityType = {IAMEntityType.SSHKeyPair},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class RegisterSSHKeyPairCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(RegisterSSHKeyPairCmd.class.getName());
private static final String s_name = "registersshkeypairresponse";
@@@ -102,7 -102,7 +103,7 @@@
SSHKeyPairResponse response = new SSHKeyPairResponse(result.getName(), result.getFingerprint());
response.setResponseName(getCommandName());
response.setObjectName("keypair");
-- this.setResponseObject(response);
++ setResponseObject(response);
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java
index 4dc8ad1,4fcc9cb..eab114f
--- a/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java
@@@ -38,7 -37,8 +38,8 @@@ import com.cloud.event.EventTypes
import com.cloud.server.ResourceTag;
import com.cloud.server.ResourceTag.ResourceObjectType;
- @APICommand(name = "createTags", description = "Creates resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0", entityType = { IAMEntityType.ResourceTag })
-@APICommand(name = "createTags", description = "Creates resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0",
++@APICommand(name = "createTags", description = "Creates resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0", entityType = {IAMEntityType.ResourceTag},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateTagsCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(CreateTagsCmd.class.getName());
@@@ -118,7 -118,7 +119,7 @@@
if (tags != null && !tags.isEmpty()) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create tags");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java
index 8aeea34,da6249f..39b6630
--- a/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java
@@@ -37,7 -36,8 +37,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.event.EventTypes;
import com.cloud.server.ResourceTag.ResourceObjectType;
- @APICommand(name = "deleteTags", description = "Deleting resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0", entityType = { IAMEntityType.ResourceTag })
-@APICommand(name = "deleteTags", description = "Deleting resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0",
++@APICommand(name = "deleteTags", description = "Deleting resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0", entityType = {IAMEntityType.ResourceTag},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteTagsCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteTagsCmd.class.getName());
@@@ -109,7 -109,7 +110,7 @@@
if (success) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete tags");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java
index dc025d7,9ff3a74..b224910
--- a/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java
@@@ -25,7 -24,8 +25,8 @@@ import org.apache.cloudstack.api.Parame
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.ResourceTagResponse;
- @APICommand(name = "listTags", description = "List resource tag(s)", responseObject = ResourceTagResponse.class, since = "4.0.0", entityType = { IAMEntityType.ResourceTag })
-@APICommand(name = "listTags", description = "List resource tag(s)", responseObject = ResourceTagResponse.class, since = "4.0.0",
++@APICommand(name = "listTags", description = "List resource tag(s)", responseObject = ResourceTagResponse.class, since = "4.0.0", entityType = {IAMEntityType.ResourceTag},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListTagsCmd extends BaseListProjectAndAccountResourcesCmd {
private static final String s_name = "listtagsresponse";
@@@ -53,7 -53,7 +54,7 @@@
ListResponse<ResourceTagResponse> response = _queryService.listTags(this);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
public String getResourceType() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/template/CopyTemplateCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/template/CopyTemplateCmd.java
index 4127c27,feceed5..fdbdafd
--- a/api/src/org/apache/cloudstack/api/command/user/template/CopyTemplateCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/CopyTemplateCmd.java
@@@ -38,7 -37,8 +38,8 @@@ import com.cloud.exception.StorageUnava
import com.cloud.template.VirtualMachineTemplate;
import com.cloud.user.Account;
- @APICommand(name = "copyTemplate", description = "Copies a template from one zone to another.", responseObject = TemplateResponse.class, responseView = ResponseView.Restricted)
-@APICommand(name = "copyTemplate", description = "Copies a template from one zone to another.", responseObject = TemplateResponse.class,
++@APICommand(name = "copyTemplate", description = "Copies a template from one zone to another.", responseObject = TemplateResponse.class, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CopyTemplateCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(CopyTemplateCmd.class.getName());
private static final String s_name = "copytemplateresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java
index d203fd4,62d9ff6..10b150d
--- a/api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java
@@@ -47,9 -46,11 +47,10 @@@ import com.cloud.storage.Volume
import com.cloud.template.VirtualMachineTemplate;
import com.cloud.user.Account;
-@APICommand(name = "createTemplate", responseObject = TemplateResponse.class, description = "Creates a template of a virtual machine. "
- + "The virtual machine must be in a STOPPED state. "
- + "A template created from this command is automatically designated as a private template visible to the account that created it.",
+@APICommand(name = "createTemplate", responseObject = TemplateResponse.class, description = "Creates a template of a virtual machine. " + "The virtual machine must be in a STOPPED state. "
- + "A template created from this command is automatically designated as a private template visible to the account that created it.", responseView = ResponseView.Restricted)
- public class CreateTemplateCmd extends BaseAsyncCreateCmd {
++ + "A template created from this command is automatically designated as a private template visible to the account that created it.", responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+ public class CreateTemplateCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateTemplateCmd.class.getName());
private static final String s_name = "createtemplateresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatePermissionsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/template/ListTemplatePermissionsCmd.java
index 76204bc,3576704..48f8fff
--- a/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatePermissionsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatePermissionsCmd.java
@@@ -26,7 -25,11 +26,9 @@@ import org.apache.cloudstack.api.respon
import com.cloud.storage.Storage.ImageFormat;
import com.cloud.template.VirtualMachineTemplate;
- @APICommand(name = "listTemplatePermissions", description = "List template visibility and all accounts that have permissions to view this template.", responseObject = TemplatePermissionsResponse.class, responseView = ResponseView.Restricted)
-@APICommand(name = "listTemplatePermissions",
- description = "List template visibility and all accounts that have permissions to view this template.",
- responseObject = TemplatePermissionsResponse.class,
++@APICommand(name = "listTemplatePermissions", description = "List template visibility and all accounts that have permissions to view this template.", responseObject = TemplatePermissionsResponse.class, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = false)
public class ListTemplatePermissionsCmd extends BaseListTemplateOrIsoPermissionsCmd {
protected String getResponseName() {
return "listtemplatepermissionsresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
index 9ef1e10,9e95cf6..c7a2285
--- a/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
@@@ -33,7 -31,8 +33,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.template.VirtualMachineTemplate.TemplateFilter;
import com.cloud.user.Account;
- @APICommand(name = "listTemplates", description = "List all public, private, and privileged templates.", responseObject = TemplateResponse.class, entityType = {IAMEntityType.VirtualMachineTemplate}, responseView = ResponseView.Restricted)
-@APICommand(name = "listTemplates", description = "List all public, private, and privileged templates.", responseObject = TemplateResponse.class,
++@APICommand(name = "listTemplates", description = "List all public, private, and privileged templates.", responseObject = TemplateResponse.class, entityType = {IAMEntityType.VirtualMachineTemplate}, responseView = ResponseView.Restricted,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListTemplatesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListTemplatesCmd.class.getName());
[46/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Removing the copy task that is not needed any more.
We do not need to copy commands.properties to utils anymore since the IAM permissions are no longer loaded during Upgrade
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/fa80c63c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/fa80c63c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/fa80c63c
Branch: refs/heads/master
Commit: fa80c63c339aceba11064ca649d44516b9a421af
Parents: 1f6263d
Author: Prachi Damle <pr...@cloud.com>
Authored: Thu Mar 13 14:14:12 2014 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Thu Mar 13 14:14:12 2014 -0700
----------------------------------------------------------------------
client/pom.xml | 6 ------
1 file changed, 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/fa80c63c/client/pom.xml
----------------------------------------------------------------------
diff --git a/client/pom.xml b/client/pom.xml
index eadd6e9..74c459e 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -510,12 +510,6 @@
<exclude name="*.in"/>
</fileset>
</copy>
- <copy overwrite="true" todir="${basedir}/../utils/conf/">
- <fileset dir="${basedir}/tomcatconf">
- <include name="commands.properties.in" />
- </fileset>
- <globmapper from="*.in" to="*" />
- </copy>
</target>
</configuration>
</execution>
[06/50] [abbrv] Renaming plugin packages to 'iam' instead if 'acl'
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
new file mode 100644
index 0000000..996f8d4
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
@@ -0,0 +1,690 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.command.iam.AddAccountToAclGroupCmd;
+import org.apache.cloudstack.api.command.iam.AddAclPermissionToAclPolicyCmd;
+import org.apache.cloudstack.api.command.iam.AttachAclPolicyToAccountCmd;
+import org.apache.cloudstack.api.command.iam.AttachAclPolicyToAclGroupCmd;
+import org.apache.cloudstack.api.command.iam.CreateAclGroupCmd;
+import org.apache.cloudstack.api.command.iam.CreateAclPolicyCmd;
+import org.apache.cloudstack.api.command.iam.DeleteAclGroupCmd;
+import org.apache.cloudstack.api.command.iam.DeleteAclPolicyCmd;
+import org.apache.cloudstack.api.command.iam.ListAclGroupsCmd;
+import org.apache.cloudstack.api.command.iam.ListAclPoliciesCmd;
+import org.apache.cloudstack.api.command.iam.RemoveAccountFromAclGroupCmd;
+import org.apache.cloudstack.api.command.iam.RemoveAclPermissionFromAclPolicyCmd;
+import org.apache.cloudstack.api.command.iam.RemoveAclPolicyFromAccountCmd;
+import org.apache.cloudstack.api.command.iam.RemoveAclPolicyFromAclGroupCmd;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPermissionResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.messagebus.MessageBus;
+import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
+import org.apache.cloudstack.iam.api.AclGroup;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMService;
+
+import com.cloud.api.ApiServerService;
+import com.cloud.domain.Domain;
+import com.cloud.domain.DomainVO;
+import com.cloud.domain.dao.DomainDao;
+import com.cloud.event.ActionEvent;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.template.TemplateManager;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountVO;
+import com.cloud.user.DomainManager;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.Pair;
+import com.cloud.utils.component.Manager;
+import com.cloud.utils.component.ManagerBase;
+import com.cloud.utils.db.DB;
+import com.cloud.utils.db.EntityManager;
+
+@Local(value = {AclApiService.class})
+public class AclApiServiceImpl extends ManagerBase implements AclApiService, Manager {
+
+ public static final Logger s_logger = Logger.getLogger(AclApiServiceImpl.class);
+ private String _name;
+
+ @Inject
+ ApiServerService _apiServer;
+
+ @Inject
+ IAMService _iamSrv;
+
+ @Inject
+ DomainDao _domainDao;
+
+ @Inject
+ AccountDao _accountDao;
+
+ @Inject
+ AccountManager _accountMgr;
+
+ @Inject
+ MessageBus _messageBus;
+
+ @Override
+ public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
+ _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ HashMap<Long, Long> acctGroupMap = (HashMap<Long, Long>) obj;
+ for (Long accountId : acctGroupMap.keySet()) {
+ Long groupId = acctGroupMap.get(accountId);
+ s_logger.debug("MessageBus message: new Account Added: " + accountId + ", adding it to groupId :"
+ + groupId);
+ addAccountToAclGroup(accountId, groupId);
+ // add it to domain group too
+ AccountVO account = _accountDao.findById(accountId);
+ Domain domain = _domainDao.findById(account.getDomainId());
+ if (domain != null) {
+ List<AclGroup> domainGroups = listDomainGroup(domain);
+
+ if (domainGroups != null) {
+ for (AclGroup group : domainGroups) {
+ addAccountToAclGroup(accountId, new Long(group.getId()));
+ }
+ }
+ }
+ }
+ }
+ });
+
+ _messageBus.subscribe(AccountManager.MESSAGE_REMOVE_ACCOUNT_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long accountId = ((Long) obj);
+ if (accountId != null) {
+ s_logger.debug("MessageBus message: Account removed: " + accountId
+ + ", releasing the group associations");
+ removeAccountFromAclGroups(accountId);
+ }
+ }
+ });
+
+ _messageBus.subscribe(DomainManager.MESSAGE_ADD_DOMAIN_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long domainId = ((Long) obj);
+ if (domainId != null) {
+ s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
+ Domain domain = _domainDao.findById(domainId);
+ _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
+ }
+ }
+ });
+
+ _messageBus.subscribe(DomainManager.MESSAGE_REMOVE_DOMAIN_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long domainId = ((Long) obj);
+ if (domainId != null) {
+ s_logger.debug("MessageBus message: Domain removed: " + domainId + ", removing the domain group");
+ Domain domain = _domainDao.findById(domainId);
+ List<AclGroup> groups = listDomainGroup(domain);
+ for (AclGroup group : groups) {
+ _iamSrv.deleteAclGroup(group.getId());
+ }
+ }
+ }
+ });
+
+ _messageBus.subscribe(TemplateManager.MESSAGE_REGISTER_PUBLIC_TEMPLATE_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long templateId = (Long)obj;
+ if (templateId != null) {
+ s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
+ }
+ }
+ });
+
+ _messageBus.subscribe(TemplateManager.MESSAGE_RESET_TEMPLATE_PERMISSION_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long templateId = (Long)obj;
+ if (templateId != null) {
+ s_logger.debug("MessageBus message: reset template permission: " + templateId);
+ resetTemplatePermission(templateId);
+ }
+ }
+ });
+
+ _messageBus.subscribe(EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Pair<IAMEntityType, Long> entity = (Pair<IAMEntityType, Long>)obj;
+ if (entity != null) {
+ String entityType = entity.first().toString();
+ Long entityId = entity.second();
+ s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
+ _iamSrv.removeAclPermissionForEntity(entityType, entityId);
+ }
+ }
+ });
+
+
+ _messageBus.subscribe(EntityManager.MESSAGE_GRANT_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Map<String, Object> permit = (Map<String, Object>)obj;
+ if (permit != null) {
+ String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
+ Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
+ AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
+ String action = (String)permit.get(ApiConstants.ACL_ACTION);
+ List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
+ s_logger.debug("MessageBus message: grant accounts permission to an entity: (" + entityType + "," + entityId + ")");
+ grantEntityPermissioinToAccounts(entityType, entityId, accessType, action, acctIds);
+ }
+ }
+ });
+
+ _messageBus.subscribe(EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Map<String, Object> permit = (Map<String, Object>)obj;
+ if (permit != null) {
+ String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
+ Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
+ AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
+ String action = (String)permit.get(ApiConstants.ACL_ACTION);
+ List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
+ s_logger.debug("MessageBus message: revoke from accounts permission to an entity: (" + entityType + "," + entityId + ")");
+ revokeEntityPermissioinFromAccounts(entityType, entityId, accessType, action, acctIds);
+ }
+ }
+ });
+
+ _messageBus.subscribe(EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Map<String, Object> params = (Map<String, Object>) obj;
+ if (params != null) {
+ addDomainWideResourceAccess(params);
+ }
+ }
+ });
+
+ return super.configure(name, params);
+ }
+
+ private void addDomainWideResourceAccess(Map<String, Object> params) {
+
+ IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);
+ Long entityId = (Long) params.get(ApiConstants.ENTITY_ID);
+ Long domainId = (Long) params.get(ApiConstants.DOMAIN_ID);
+ Boolean isRecursive = (Boolean) params.get(ApiConstants.SUBDOMAIN_ACCESS);
+
+ if (entityType == IAMEntityType.Network) {
+ createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType.toString(),
+ entityId, "listNetworks", AccessType.UseEntry, domainId, isRecursive);
+ } else if (entityType == IAMEntityType.AffinityGroup) {
+ createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide affinityGroup", entityType.toString(),
+ entityId, "listAffinityGroups", AccessType.UseEntry, domainId, isRecursive);
+ }
+
+ }
+
+ private void createPolicyAndAddToDomainGroup(String policyName, String description, String entityType,
+ Long entityId, String action, AccessType accessType, Long domainId, Boolean recursive) {
+
+ Domain domain = _domainDao.findById(domainId);
+ if (domain != null) {
+ AclPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
+ _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
+ entityId, action, accessType.toString(), Permission.Allow, recursive);
+ List<Long> policyList = new ArrayList<Long>();
+ policyList.add(new Long(policy.getId()));
+
+ List<AclGroup> domainGroups = listDomainGroup(domain);
+ if (domainGroups != null) {
+ for (AclGroup group : domainGroups) {
+ _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
+ }
+ }
+ }
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
+ public AclGroup createAclGroup(Account caller, String aclGroupName, String description) {
+ Long domainId = caller.getDomainId();
+ Domain callerDomain = _domainDao.findById(domainId);
+ if (callerDomain == null) {
+ throw new InvalidParameterValueException("Caller does not have a domain");
+ }
+ return _iamSrv.createAclGroup(aclGroupName, description, callerDomain.getPath());
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_DELETE, eventDescription = "Deleting Acl Group")
+ public boolean deleteAclGroup(final Long aclGroupId) {
+ return _iamSrv.deleteAclGroup(aclGroupId);
+ }
+
+ @Override
+ public List<AclGroup> listAclGroups(long accountId) {
+ return _iamSrv.listAclGroups(accountId);
+ }
+
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
+ public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
+ return _iamSrv.addAccountsToGroup(acctIds, groupId);
+ }
+
+
+ private void removeAccountFromAclGroups(long accountId) {
+ List<AclGroup> groups = listAclGroups(accountId);
+ List<Long> accts = new ArrayList<Long>();
+ accts.add(accountId);
+ if (groups != null) {
+ for (AclGroup grp : groups) {
+ removeAccountsFromGroup(accts, grp.getId());
+ }
+ }
+ }
+
+ private void addAccountToAclGroup(long accountId, long groupId) {
+ List<Long> accts = new ArrayList<Long>();
+ accts.add(accountId);
+ addAccountsToGroup(accts, groupId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
+ public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
+ return _iamSrv.removeAccountsFromGroup(acctIds, groupId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_CREATE, eventDescription = "Creating Acl Policy", create = true)
+ public AclPolicy createAclPolicy(Account caller, final String aclPolicyName, final String description, final Long parentPolicyId) {
+ Long domainId = caller.getDomainId();
+ Domain callerDomain = _domainDao.findById(domainId);
+ if (callerDomain == null) {
+ throw new InvalidParameterValueException("Caller does not have a domain");
+ }
+ return _iamSrv.createAclPolicy(aclPolicyName, description, parentPolicyId, callerDomain.getPath());
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_DELETE, eventDescription = "Deleting Acl Policy")
+ public boolean deleteAclPolicy(final long aclPolicyId) {
+ return _iamSrv.deleteAclPolicy(aclPolicyId);
+ }
+
+
+ @Override
+ public List<AclPolicy> listAclPolicies(long accountId) {
+ return _iamSrv.listAclPolicies(accountId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
+ public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
+ return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
+ public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
+ return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
+ }
+
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
+ public void attachAclPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
+ _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
+ public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
+ _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_GRANT, eventDescription = "Granting acl permission to Acl Policy")
+ public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope,
+ Long scopeId, String action, Permission perm, Boolean recursive) {
+ Class<?> cmdClass = _apiServer.getCmdClass(action);
+ AccessType accessType = null;
+ if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
+ accessType = AccessType.UseEntry;
+ }
+ return _iamSrv.addAclPermissionToAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action,
+ accessType.toString(), perm, recursive);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_REVOKE, eventDescription = "Revoking acl permission from Acl Policy")
+ public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
+ return _iamSrv.removeAclPermissionFromAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action);
+ }
+
+ @Override
+ public AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action) {
+ List<AclPolicy> policies = _iamSrv.listAclPolicies(accountId);
+ AclPolicyPermission curPerm = null;
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
+ entityType);
+ if (perms == null || perms.size() == 0)
+ continue;
+ AclPolicyPermission perm = perms.get(0); // just pick one
+ if (curPerm == null) {
+ curPerm = perm;
+ } else if (PermissionScope.valueOf(perm.getScope()).greaterThan(PermissionScope.valueOf(curPerm.getScope()))) {
+ // pick the more relaxed allowed permission
+ curPerm = perm;
+ }
+ }
+
+ return curPerm;
+ }
+
+
+ @Override
+ public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
+ AclPolicyResponse response = new AclPolicyResponse();
+ response.setId(policy.getUuid());
+ response.setName(policy.getName());
+ response.setDescription(policy.getDescription());
+ String domainPath = policy.getPath();
+ if (domainPath != null) {
+ DomainVO domain = _domainDao.findDomainByPath(domainPath);
+ if (domain != null) {
+ response.setDomainId(domain.getUuid());
+ response.setDomainName(domain.getName());
+ }
+ }
+ long accountId = policy.getAccountId();
+ AccountVO owner = _accountDao.findById(accountId);
+ if (owner != null) {
+ response.setAccountName(owner.getAccountName());
+ }
+ // find permissions associated with this policy
+ List<AclPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
+ if (permissions != null && permissions.size() > 0) {
+ for (AclPolicyPermission permission : permissions) {
+ AclPermissionResponse perm = new AclPermissionResponse();
+ perm.setAction(permission.getAction());
+ if (permission.getEntityType() != null) {
+ perm.setEntityType(IAMEntityType.valueOf(permission.getEntityType()));
+ }
+ if (permission.getScope() != null) {
+ perm.setScope(PermissionScope.valueOf(permission.getScope()));
+ }
+ perm.setScopeId(permission.getScopeId());
+ perm.setPermission(permission.getPermission());
+ response.addPermission(perm);
+ }
+ }
+ response.setObjectName("aclpolicy");
+ return response;
+ }
+
+ @Override
+ public AclGroupResponse createAclGroupResponse(AclGroup group) {
+ AclGroupResponse response = new AclGroupResponse();
+ response.setId(group.getUuid());
+ response.setName(group.getName());
+ response.setDescription(group.getDescription());
+ String domainPath = group.getPath();
+ if (domainPath != null) {
+ DomainVO domain = _domainDao.findDomainByPath(domainPath);
+ if (domain != null) {
+ response.setDomainId(domain.getUuid());
+ response.setDomainName(domain.getName());
+ }
+ }
+ long accountId = group.getAccountId();
+ AccountVO owner = _accountDao.findById(accountId);
+ if (owner != null) {
+ response.setAccountName(owner.getAccountName());
+ }
+ // find all the members in this group
+ List<Long> members = _iamSrv.listAccountsByGroup(group.getId());
+ if (members != null && members.size() > 0) {
+ for (Long member : members) {
+ AccountVO mem = _accountDao.findById(member);
+ if (mem != null) {
+ response.addMemberAccount(mem.getAccountName());
+ }
+ }
+ }
+
+ // find all the policies attached to this group
+ List<AclPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
+ if (policies != null && policies.size() > 0) {
+ for (AclPolicy policy : policies) {
+ response.addPolicy(policy.getName());
+ }
+ }
+
+ response.setObjectName("aclgroup");
+ return response;
+
+ }
+
+ public List<AclGroup> listDomainGroup(Domain domain) {
+
+ if (domain != null) {
+ String domainPath = domain.getPath();
+ // search for groups
+ Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
+ domainPath, null, null);
+ return result.first();
+ }
+ return new ArrayList<AclGroup>();
+
+ }
+
+ @Override
+ public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
+ // acl check
+ Account caller = CallContext.current().getCallingAccount();
+
+ Domain domain = null;
+ if (domainId != null) {
+ domain = _domainDao.findById(domainId);
+ if (domain == null) {
+ throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
+ }
+
+ _accountMgr.checkAccess(caller, domain);
+ } else {
+ domain = _domainDao.findById(caller.getDomainId());
+ }
+ String domainPath = domain.getPath();
+ // search for groups
+ Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(aclGroupId, aclGroupName, domainPath, startIndex, pageSize);
+ // generate group response
+ ListResponse<AclGroupResponse> response = new ListResponse<AclGroupResponse>();
+ List<AclGroupResponse> groupResponses = new ArrayList<AclGroupResponse>();
+ for (AclGroup group : result.first()) {
+ AclGroupResponse resp = createAclGroupResponse(group);
+ groupResponses.add(resp);
+ }
+ response.setResponses(groupResponses, result.second());
+ return response;
+ }
+
+ @Override
+ public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
+ Long pageSize) {
+ // acl check
+ Account caller = CallContext.current().getCallingAccount();
+
+ Domain domain = null;
+ if (domainId != null) {
+ domain = _domainDao.findById(domainId);
+ if (domain == null) {
+ throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
+ }
+
+ _accountMgr.checkAccess(caller, domain);
+ } else {
+ domain = _domainDao.findById(caller.getDomainId());
+ }
+ String domainPath = domain.getPath();
+ // search for policies
+ Pair<List<AclPolicy>, Integer> result = _iamSrv.listAclPolicies(aclPolicyId, aclPolicyName, domainPath, startIndex, pageSize);
+ // generate policy response
+ ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
+ List<AclPolicyResponse> policyResponses = new ArrayList<AclPolicyResponse>();
+ for (AclPolicy policy : result.first()) {
+ AclPolicyResponse resp = createAclPolicyResponse(policy);
+ policyResponses.add(resp);
+ }
+ response.setResponses(policyResponses, result.second());
+ return response;
+ }
+
+ @Override
+ public void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
+ // check if there is already a policy with only this permission added to it
+ AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
+ if (policy == null) {
+ // not found, just create a policy with resource grant permission
+ Account caller = CallContext.current().getCallingAccount();
+ String aclPolicyName = "policyGrant" + entityType + entityId;
+ String description = "Policy to grant permission to " + entityType + entityId;
+ policy = createAclPolicy(caller, aclPolicyName, description, null);
+ // add permission to this policy
+ addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
+ }
+ // attach this policy to list of accounts if not attached already
+ Long policyId = policy.getId();
+ for (Long acctId : accountIds) {
+ if (!isPolicyAttachedToAccount(policyId, acctId)) {
+ attachAclPolicyToAccounts(policyId, Collections.singletonList(acctId));
+ }
+ }
+ }
+
+ @Override
+ public void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
+ // there should already a policy with only this permission added to it, this call is mainly used
+ AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
+ if (policy == null) {
+ s_logger.warn("Cannot find a policy associated with this entity permissioin to be revoked, just return");
+ return;
+ }
+ // detach this policy from list of accounts if not detached already
+ Long policyId = policy.getId();
+ for (Long acctId : accountIds) {
+ if (isPolicyAttachedToAccount(policyId, acctId)) {
+ removeAclPolicyFromAccounts(policyId, Collections.singletonList(acctId));
+ }
+ }
+
+ }
+
+ private boolean isPolicyAttachedToAccount(Long policyId, Long accountId) {
+ List<AclPolicy> pList = listAclPolicies(accountId);
+ for (AclPolicy p : pList) {
+ if (p.getId() == policyId.longValue()) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private void resetTemplatePermission(Long templateId){
+ // reset template will change template to private, so we need to remove its permission for domain admin and normal user group
+ _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
+ _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
+ // check if there is a policy with only UseEntry permission for this template added
+ AclPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
+ if ( policy == null ){
+ s_logger.info("No policy found for this template grant: " + templateId + ", no detach to be done");
+ return;
+ }
+ // delete the policy, which should detach it from groups and accounts
+ _iamSrv.deleteAclPolicy(policy.getId());
+
+ }
+
+ @Override
+ public List<Class<?>> getCommands() {
+ List<Class<?>> cmdList = new ArrayList<Class<?>>();
+ cmdList.add(CreateAclPolicyCmd.class);
+ cmdList.add(DeleteAclPolicyCmd.class);
+ cmdList.add(ListAclPoliciesCmd.class);
+ cmdList.add(AddAclPermissionToAclPolicyCmd.class);
+ cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
+ cmdList.add(AttachAclPolicyToAclGroupCmd.class);
+ cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
+ cmdList.add(CreateAclGroupCmd.class);
+ cmdList.add(DeleteAclGroupCmd.class);
+ cmdList.add(ListAclGroupsCmd.class);
+ cmdList.add(AddAccountToAclGroupCmd.class);
+ cmdList.add(RemoveAccountFromAclGroupCmd.class);
+ cmdList.add(AttachAclPolicyToAccountCmd.class);
+ cmdList.add(RemoveAclPolicyFromAccountCmd.class);
+ return cmdList;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
new file mode 100644
index 0000000..448e45f
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
@@ -0,0 +1,273 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.APIChecker;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMService;
+
+import com.cloud.api.ApiServerService;
+import com.cloud.exception.PermissionDeniedException;
+import com.cloud.storage.VMTemplateVO;
+import com.cloud.storage.dao.VMTemplateDao;
+import com.cloud.user.Account;
+import com.cloud.user.AccountService;
+import com.cloud.user.User;
+import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.component.AdapterBase;
+import com.cloud.utils.component.PluggableService;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+//This is the Role Based API access checker that grab's the account's roles
+//based on the set of roles, access is granted if any of the role has access to the api
+@Local(value=APIChecker.class)
+public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
+
+ protected static final Logger s_logger = Logger.getLogger(RoleBasedAPIAccessChecker.class);
+
+ @Inject
+ AccountService _accountService;
+ @Inject
+ ApiServerService _apiServer;
+ @Inject
+ IAMService _iamSrv;
+ @Inject
+ VMTemplateDao _templateDao;
+
+ Set<String> commandsPropertiesOverrides = new HashSet<String>();
+ Map<RoleType, Set<String>> commandsPropertiesRoleBasedApisMap = new HashMap<RoleType, Set<String>>();
+
+ List<PluggableService> _services;
+
+ protected RoleBasedAPIAccessChecker() {
+ super();
+ for (RoleType roleType : RoleType.values()) {
+ commandsPropertiesRoleBasedApisMap.put(roleType, new HashSet<String>());
+ }
+ }
+
+ @Override
+ public boolean checkAccess(User user, String commandName) throws PermissionDeniedException {
+ Account account = _accountService.getAccount(user.getAccountId());
+ if (account == null) {
+ throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId()
+ + "is null");
+ }
+
+ List<AclPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
+
+ boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
+ if (!isAllowed) {
+ throw new PermissionDeniedException("The API does not exist or is blacklisted. api: " + commandName);
+ }
+ return isAllowed;
+ }
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ processMapping(PropertiesUtil.processConfigFile(new String[] { "commands.properties" }));
+ return true;
+ }
+
+ @Override
+ public boolean start() {
+
+ // drop all default policy api permissions - we reload them every time
+ // to include any changes done to the @APICommand or
+ // commands.properties.
+
+ for (RoleType role : RoleType.values()) {
+ Long policyId = getDefaultPolicyId(role);
+ if (policyId != null) {
+ _iamSrv.resetAclPolicy(policyId);
+ }
+ }
+
+ // add the system-domain capability
+
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null,
+ "SystemCapability", null, Permission.Allow, false);
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null,
+ "DomainCapability", null, Permission.Allow, false);
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null,
+ "DomainResourceCapability", null, Permission.Allow, false);
+
+ // add permissions for public templates
+ List<VMTemplateVO> pTmplts = _templateDao.listByPublic();
+ for (VMTemplateVO tmpl : pTmplts){
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
+ }
+
+ for (PluggableService service : _services) {
+ for (Class<?> cmdClass : service.getCommands()) {
+ APICommand command = cmdClass.getAnnotation(APICommand.class);
+ if (!commandsPropertiesOverrides.contains(command.name())) {
+ for (RoleType role : command.authorized()) {
+ addDefaultAclPolicyPermission(command.name(), cmdClass, role);
+ }
+ }
+ }
+ }
+
+ // read commands.properties and load api acl permissions -
+ // commands.properties overrides any @APICommand authorization
+
+ for (String apiName : commandsPropertiesOverrides) {
+ Class<?> cmdClass = _apiServer.getCmdClass(apiName);
+ for (RoleType role : RoleType.values()) {
+ if (commandsPropertiesRoleBasedApisMap.get(role).contains(apiName)) {
+ // insert permission for this role for this api
+ addDefaultAclPolicyPermission(apiName, cmdClass, role);
+ }
+ }
+ }
+
+ return super.start();
+ }
+
+ private Long getDefaultPolicyId(RoleType role) {
+ Long policyId = null;
+ switch (role) {
+ case User:
+ policyId = new Long(Account.ACCOUNT_TYPE_NORMAL + 1);
+ break;
+
+ case Admin:
+ policyId = new Long(Account.ACCOUNT_TYPE_ADMIN + 1);
+ break;
+
+ case DomainAdmin:
+ policyId = new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1);
+ break;
+
+ case ResourceAdmin:
+ policyId = new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1);
+ break;
+ }
+
+ return policyId;
+ }
+
+ private void processMapping(Map<String, String> configMap) {
+ for (Map.Entry<String, String> entry : configMap.entrySet()) {
+ String apiName = entry.getKey();
+ String roleMask = entry.getValue();
+ commandsPropertiesOverrides.add(apiName);
+ try {
+ short cmdPermissions = Short.parseShort(roleMask);
+ for (RoleType roleType : RoleType.values()) {
+ if ((cmdPermissions & roleType.getValue()) != 0)
+ commandsPropertiesRoleBasedApisMap.get(roleType).add(apiName);
+ }
+ } catch (NumberFormatException nfe) {
+ s_logger.info("Malformed key=value pair for entry: " + entry.toString());
+ }
+ }
+ }
+
+ public List<PluggableService> getServices() {
+ return _services;
+ }
+
+ @Inject
+ public void setServices(List<PluggableService> services) {
+ _services = services;
+ }
+
+ private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType role) {
+
+ AccessType accessType = null;
+ IAMEntityType[] entityTypes = null;
+ if (cmdClass != null) {
+ BaseCmd cmdObj;
+ try {
+ cmdObj = (BaseCmd) cmdClass.newInstance();
+ if (cmdObj instanceof BaseListCmd) {
+ accessType = AccessType.UseEntry;
+ } else if (!(cmdObj instanceof BaseAsyncCreateCmd)) {
+ accessType = AccessType.OperateEntry;
+ }
+ } catch (Exception e) {
+ throw new CloudRuntimeException(String.format(
+ "%s is claimed as an API command, but it cannot be instantiated", cmdClass.getName()));
+ }
+
+ APICommand at = cmdClass.getAnnotation(APICommand.class);
+ entityTypes = at.entityType();
+ }
+
+ PermissionScope permissionScope = PermissionScope.ACCOUNT;
+ Long policyId = getDefaultPolicyId(role);
+ switch (role) {
+ case User:
+ permissionScope = PermissionScope.ACCOUNT;
+ break;
+
+ case Admin:
+ permissionScope = PermissionScope.ALL;
+ break;
+
+ case DomainAdmin:
+ permissionScope = PermissionScope.DOMAIN;
+ break;
+
+ case ResourceAdmin:
+ permissionScope = PermissionScope.DOMAIN;
+ break;
+ }
+
+
+ if (entityTypes == null || entityTypes.length == 0) {
+ _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
+ } else {
+ for (IAMEntityType entityType : entityTypes) {
+ _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
+ }
+ }
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
new file mode 100644
index 0000000..5420f84
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -0,0 +1,186 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.ControlledEntity;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker;
+import org.apache.cloudstack.api.InternalIdentity;
+import org.apache.cloudstack.iam.api.AclGroup;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMService;
+
+import com.cloud.acl.DomainChecker;
+import com.cloud.domain.dao.DomainDao;
+import com.cloud.exception.PermissionDeniedException;
+import com.cloud.user.Account;
+import com.cloud.user.AccountService;
+
+public class RoleBasedEntityAccessChecker extends DomainChecker implements SecurityChecker {
+
+ private static final Logger s_logger = Logger.getLogger(RoleBasedEntityAccessChecker.class.getName());
+
+ @Inject
+ AccountService _accountService;
+
+ @Inject DomainDao _domainDao;
+
+ @Inject
+ IAMService _iamSrv;
+
+
+ @Override
+ public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType)
+ throws PermissionDeniedException {
+ return checkAccess(caller, entity, accessType, null);
+ }
+
+ @Override
+ public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType, String action)
+ throws PermissionDeniedException {
+
+ if (entity == null && action != null) {
+ // check if caller can do this action
+ List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
+
+ boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies);
+ if (!isAllowed) {
+ throw new PermissionDeniedException("The action '" + action + "' not allowed for account " + caller);
+ }
+ return true;
+ }
+
+ String entityType = entity.getEntityType().toString();
+
+ if (accessType == null) {
+ accessType = AccessType.UseEntry;
+ }
+
+ // get all Policies of this caller w.r.t the entity
+ List<AclPolicy> policies = getEffectivePolicies(caller, entity);
+ HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();
+
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> permissions = new ArrayList<AclPolicyPermission>();
+
+ if (action != null) {
+ permissions = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action, entityType);
+ if (permissions.isEmpty()) {
+ if (accessType != null) {
+ permissions.addAll(_iamSrv.listPolicyPermissionByAccessAndEntity(policy.getId(),
+ accessType.toString(), entityType));
+ }
+ }
+ } else {
+ if (accessType != null) {
+ permissions.addAll(_iamSrv.listPolicyPermissionByAccessAndEntity(policy.getId(),
+ accessType.toString(), entityType));
+ }
+ }
+ for (AclPolicyPermission permission : permissions) {
+ if (checkPermissionScope(caller, permission.getScope(), permission.getScopeId(), entity)) {
+ if (permission.getEntityType().equals(entityType)) {
+ policyPermissionMap.put(policy, permission.getPermission().isGranted());
+ break;
+ } else if (permission.getEntityType().equals("*")) {
+ policyPermissionMap.put(policy, permission.getPermission().isGranted());
+ }
+ }
+ }
+ if (policyPermissionMap.containsKey(policy) && policyPermissionMap.get(policy)) {
+ return true;
+ }
+ }
+
+ if (!policies.isEmpty()) { // Since we reach this point, none of the
+ // roles granted access
+ if (s_logger.isDebugEnabled()) {
+ s_logger.debug("Account " + caller + " does not have permission to access resource " + entity
+ + " for access type: " + accessType);
+ }
+ throw new PermissionDeniedException(caller + " does not have permission to access resource " + entity);
+ }
+
+ return false;
+ }
+
+ private boolean checkPermissionScope(Account caller, String scope, Long scopeId, ControlledEntity entity) {
+
+ if(scopeId != null && !scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))){
+ //scopeId is set
+ if (scope.equals(PermissionScope.ACCOUNT.name())) {
+ if(scopeId == entity.getAccountId()){
+ return true;
+ }
+ } else if (scope.equals(PermissionScope.DOMAIN.name())) {
+ if (_domainDao.isChildDomain(scopeId, entity.getDomainId())) {
+ return true;
+ }
+ } else if (scope.equals(PermissionScope.RESOURCE.name())) {
+ if (entity instanceof InternalIdentity) {
+ InternalIdentity entityWithId = (InternalIdentity) entity;
+ if(scopeId.equals(entityWithId.getId())){
+ return true;
+ }
+ }
+ }
+ } else if (scopeId == null || scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))) {
+ if (scope.equals(PermissionScope.ACCOUNT.name())) {
+ if(caller.getAccountId() == entity.getAccountId()){
+ return true;
+ }
+ } else if (scope.equals(PermissionScope.DOMAIN.name())) {
+ if (_domainDao.isChildDomain(caller.getDomainId(), entity.getDomainId())) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ private List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
+
+ // Get the static Policies of the Caller
+ List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
+
+ // add any dynamic policies w.r.t the entity
+ if (caller.getId() == entity.getAccountId()) {
+ // The caller owns the entity
+ policies.add(_iamSrv.getResourceOwnerPolicy());
+ }
+
+ List<AclGroup> groups = _iamSrv.listAclGroups(caller.getId());
+ for (AclGroup group : groups) {
+ // for each group find the grand parent groups.
+ List<AclGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
+ for (AclGroup parentGroup : parentGroups) {
+ policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
+ }
+ }
+
+ return policies;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
new file mode 100644
index 0000000..4cec0d9
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
@@ -0,0 +1,147 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.QuerySelector;
+import org.apache.cloudstack.iam.api.AclGroup;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMService;
+
+import com.cloud.user.Account;
+import com.cloud.utils.component.AdapterBase;
+
+public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySelector {
+
+ private static final Logger s_logger = Logger.getLogger(RoleBasedEntityQuerySelector.class.getName());
+
+ @Inject
+ IAMService _iamService;
+
+ @Override
+ public List<Long> getAuthorizedDomains(Account caller, String action) {
+ long accountId = caller.getAccountId();
+ // Get the static Policies of the Caller
+ List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ // for each policy, find granted permission with Domain scope
+ List<Long> domainIds = new ArrayList<Long>();
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.DOMAIN.toString());
+ if (pp != null) {
+ for (AclPolicyPermission p : pp) {
+ if (p.getScopeId() != null) {
+ if (p.getScopeId().longValue() == -1) {
+ domainIds.add(caller.getDomainId());
+ } else {
+ domainIds.add(p.getScopeId());
+ }
+ }
+ }
+ }
+ }
+ return domainIds;
+ }
+
+ @Override
+ public List<Long> getAuthorizedAccounts(Account caller, String action) {
+ long accountId = caller.getAccountId();
+ // Get the static Policies of the Caller
+ List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ // for each policy, find granted permission with Account scope
+ List<Long> accountIds = new ArrayList<Long>();
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ACCOUNT.toString());
+ if (pp != null) {
+ for (AclPolicyPermission p : pp) {
+ if (p.getScopeId() != null) {
+ if (p.getScopeId().longValue() == -1) {
+ accountIds.add(caller.getId());
+ } else {
+ accountIds.add(p.getScopeId());
+ }
+ }
+ }
+ }
+ }
+ return accountIds;
+ }
+
+ @Override
+ public List<Long> getAuthorizedResources(Account caller, String action) {
+ long accountId = caller.getAccountId();
+ // Get the static Policies of the Caller
+ List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+
+ // add the policies that grant recursive access
+ List<AclGroup> groups = _iamService.listAclGroups(caller.getId());
+ for (AclGroup group : groups) {
+ // for each group find the grand parent groups.
+ List<AclGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
+ for (AclGroup parentGroup : parentGroups) {
+ policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
+ }
+ }
+
+ // for each policy, find granted permission with Resource scope
+ List<Long> entityIds = new ArrayList<Long>();
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.RESOURCE.toString());
+ if (pp != null) {
+ for (AclPolicyPermission p : pp) {
+ if (p.getScopeId() != null) {
+ entityIds.add(p.getScopeId());
+ }
+ }
+ }
+ }
+ return entityIds;
+ }
+
+ @Override
+ public boolean isGrantedAll(Account caller, String action) {
+ long accountId = caller.getAccountId();
+ // Get the static Policies of the Caller
+ List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ // for each policy, find granted permission with ALL scope
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
+ if (pp != null && pp.size() > 0) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public List<String> listAclGroupsByAccount(long accountId) {
+ List<AclGroup> groups = _iamService.listAclGroups(accountId);
+ List<String> groupNames = new ArrayList<String>();
+ for (AclGroup grp : groups) {
+ groupNames.add(grp.getName());
+ }
+ return groupNames;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java b/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
index 02b7331..daf5b64 100644
--- a/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
+++ b/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
@@ -35,13 +35,13 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.support.AnnotationConfigContextLoader;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.acl.api.AclApiServiceImpl;
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.iam.AclApiServiceImpl;
import org.apache.cloudstack.api.command.user.vm.ListVMsCmd;
import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPermissionResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPermissionResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.framework.messagebus.MessageBus;
import org.apache.cloudstack.iam.api.AclGroup;
@@ -273,12 +273,12 @@ public class AclApiServiceTest {
Class clz = ListVMsCmd.class;
when(_apiServer.getCmdClass("listVirtualMachines")).thenReturn(clz);
when(
- _iamSrv.addAclPermissionToAclPolicy(policyId, AclEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
+ _iamSrv.addAclPermissionToAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
- _aclSrv.addAclPermissionToAclPolicy(policyId, AclEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
+ _aclSrv.addAclPermissionToAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
Pair<List<AclPolicy>, Integer> policyList = new Pair<List<AclPolicy>, Integer>(policies, 1);
List<AclPolicyPermission> policyPerms = new ArrayList<AclPolicyPermission>();
- AclPolicyPermission perm = new AclPolicyPermissionVO(policyId, "listVirtualMachines", AclEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
+ AclPolicyPermission perm = new AclPolicyPermissionVO(policyId, "listVirtualMachines", IAMEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
PermissionScope.RESOURCE.toString(),
resId, Permission.Allow, false);
policyPerms.add(perm);
@@ -294,7 +294,7 @@ public class AclApiServiceTest {
//remove permission from policy
policyPerms.remove(perm);
- _aclSrv.removeAclPermissionFromAclPolicy(policyId, AclEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines");
+ _aclSrv.removeAclPermissionFromAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines");
policyResp = _aclSrv.listAclPolicies(null, "policy1", callerDomainId, 0L, 20L);
assertTrue("No. of response items should be one", policyResp.getCount() == 1);
resp = policyResp.getResponses().get(0);
[22/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Fix IAM VM marvin test.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ae9be657
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ae9be657
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ae9be657
Branch: refs/heads/master
Commit: ae9be657e4674cf18cf05a1f63c50bcae675a99e
Parents: bf479e7
Author: Min Chen <mi...@citrix.com>
Authored: Fri Feb 28 17:33:10 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Fri Feb 28 17:33:10 2014 -0800
----------------------------------------------------------------------
test/integration/smoke/test_vm_iam.py | 52 ++++++++++++------------
tools/marvin/marvin/integration/lib/base.py | 2 +-
2 files changed, 27 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae9be657/test/integration/smoke/test_vm_iam.py
----------------------------------------------------------------------
diff --git a/test/integration/smoke/test_vm_iam.py b/test/integration/smoke/test_vm_iam.py
index 48bc884..89e1c1c 100644
--- a/test/integration/smoke/test_vm_iam.py
+++ b/test/integration/smoke/test_vm_iam.py
@@ -85,7 +85,7 @@ class Services:
"memory": 128,
},
},
- "ostype": 'CentOS 5.3 (64-bit)',
+ "ostype": 'CentOS 5.6 (64-bit)',
# iam group and policy information
"service_desk_iam_grp" : {
"name" : "Service Desk",
@@ -106,7 +106,7 @@ class TestVMIam(cloudstackTestCase):
self.apiclient = super(TestVMIam, self).getClsTestClient().getApiClient()
self.services = Services().services
- # backup default apikey and secretkey
+ # backup default apikey and secretkey
self.default_apikey = self.apiclient.connection.apiKey
self.default_secretkey = self.apiclient.connection.securityKey
@@ -230,7 +230,7 @@ class TestVMIam(cloudstackTestCase):
self.apiclient,
self.services["service_desk_iam_grp"]
)
-
+
self.vm_read_policy = IAMPolicy.create(
self.apiclient,
self.services["vm_readonly_iam_policy"]
@@ -255,7 +255,7 @@ class TestVMIam(cloudstackTestCase):
self.srv_desk_grp,
self.vm_grant_policy
]
-
+
@classmethod
def tearDownClass(self):
self.apiclient = super(TestVMIAM, self).getClsTestClient().getApiClient()
@@ -270,7 +270,7 @@ class TestVMIam(cloudstackTestCase):
def tearDown(self):
# restore back default apikey and secretkey
self.apiclient.connection.apiKey = self.default_apikey
- self.apiclient.connection.secretKey = self.default_secretkey
+ self.apiclient.connection.securityKey = self.default_secretkey
cleanup_resources(self.apiclient, self.cleanup)
return
@@ -282,7 +282,7 @@ class TestVMIam(cloudstackTestCase):
self.debug("Listing VM for account: %s" % self.account_1A.name)
self.apiclient.connection.apiKey = self.user_1A_apikey
- self.apiclient.connection.secretKey = self.user_1A_secretkey
+ self.apiclient.connection.securityKey = self.user_1A_secretkey
list_vm_response = list_virtual_machines(
self.apiclient
)
@@ -303,9 +303,9 @@ class TestVMIam(cloudstackTestCase):
"Virtual Machine names do not match"
)
- self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.debug("Listing VM for account: %s" % self.account_1B.name)
self.apiclient.connection.apiKey = self.user_1B_apikey
- self.apiclient.connection.secretKey = self.user_1B_secretkey
+ self.apiclient.connection.securityKey = self.user_1B_secretkey
list_vm_response = list_virtual_machines(
self.apiclient
)
@@ -326,10 +326,10 @@ class TestVMIam(cloudstackTestCase):
"Virtual Machine names do not match"
)
- self.debug("Listing VM for account: %s" % self.account_2A.id)
+ self.debug("Listing VM for account: %s" % self.account_2A.name)
self.apiclient.connection.apiKey = self.user_2A_apikey
- self.apiclient.connection.secretKey = self.user_2A_secretkey
+ self.apiclient.connection.securityKey = self.user_2A_secretkey
list_vm_response = list_virtual_machines(
self.apiclient
)
@@ -362,7 +362,7 @@ class TestVMIam(cloudstackTestCase):
self.debug("Granting Domain %s VM read only access to account: %s" % (self.domain_2.name, self.account_1B.name))
- self.srv_desk_grp.addAccount(self.apiclient, [self.account_1B.id])
+ self.srv_desk_grp.addAccount(self.apiclient, [self.account_1B])
domain_permission = {}
domain_permission['action'] = "listVirtualMachines"
domain_permission['entitytype'] = "VirtualMachine"
@@ -370,9 +370,9 @@ class TestVMIam(cloudstackTestCase):
domain_permission['scopeid'] = self.domain_2.id
self.vm_read_policy.addPermission(self.apiclient, domain_permission)
- self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.debug("Listing VM for account: %s" % self.account_1B.name)
self.apiclient.connection.apiKey = self.user_1B_apikey
- self.apiclient.connection.secretKey = self.user_1B_secretkey
+ self.apiclient.connection.securityKey = self.user_1B_secretkey
list_vm_response = list_virtual_machines(
self.apiclient
)
@@ -418,9 +418,9 @@ class TestVMIam(cloudstackTestCase):
account_permission['scopeid'] = self.account_1A.id
self.vm_read_policy.addPermission(self.apiclient, account_permission)
- self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.debug("Listing VM for account: %s" % self.account_1B.name)
self.apiclient.connection.apiKey = self.user_1B_apikey
- self.apiclient.connection.secretKey = self.user_1B_secretkey
+ self.apiclient.connection.securityKey = self.user_1B_secretkey
list_vm_response = list_virtual_machines(
self.apiclient
)
@@ -471,9 +471,9 @@ class TestVMIam(cloudstackTestCase):
account_permission['scopeid'] = self.account_1A.id
self.vm_read_policy.removePermission(self.apiclient, account_permission)
- self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.debug("Listing VM for account: %s" % self.account_1B.name)
self.apiclient.connection.apiKey = self.user_1B_apikey
- self.apiclient.connection.secretKey = self.user_1B_secretkey
+ self.apiclient.connection.securityKey = self.user_1B_secretkey
list_vm_response = list_virtual_machines(
self.apiclient
)
@@ -514,9 +514,9 @@ class TestVMIam(cloudstackTestCase):
domain_permission['scopeid'] = self.domain_2.id
self.vm_read_policy.removePermission(self.apiclient, domain_permission)
- self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.debug("Listing VM for account: %s" % self.account_1B.name)
self.apiclient.connection.apiKey = self.user_1B_apikey
- self.apiclient.connection.secretKey = self.user_1B_secretkey
+ self.apiclient.connection.securityKey = self.user_1B_secretkey
list_vm_response = list_virtual_machines(
self.apiclient
)
@@ -555,9 +555,9 @@ class TestVMIam(cloudstackTestCase):
res_permission['scopeid'] = self.virtual_machine_1A.id
self.vm_read_policy.addPermission(self.apiclient, res_permission)
- self.debug("Listing VM for account: %s" % self.account_1B.id)
+ self.debug("Listing VM for account: %s" % self.account_1B.name)
self.apiclient.connection.apiKey = self.user_1B_apikey
- self.apiclient.connection.secretKey = self.user_1B_secretkey
+ self.apiclient.connection.securityKey = self.user_1B_secretkey
list_vm_response = list_virtual_machines(
self.apiclient
)
@@ -604,7 +604,7 @@ class TestVMIam(cloudstackTestCase):
self.debug("Listing VM for account: %s" % self.account_1B.id)
self.apiclient.connection.apiKey = self.user_1B_apikey
- self.apiclient.connection.secretKey = self.user_1B_secretkey
+ self.apiclient.connection.securityKey = self.user_1B_secretkey
list_vm_response = list_virtual_machines(
self.apiclient
)
@@ -643,11 +643,11 @@ class TestVMIam(cloudstackTestCase):
res_permission['scope'] = "RESOURCE"
res_permission['scopeid'] = self.virtual_machine_1A.id
self.vm_grant_policy.addPermission(self.apiclient, res_permission)
- self.vm_grant_policy.attachAccount(self.apiclient, [self.account_1B.id])
+ self.vm_grant_policy.attachAccount(self.apiclient, [self.account_1B])
self.debug("Listing VM for account: %s" % self.account_1B.id)
self.apiclient.connection.apiKey = self.user_1B_apikey
- self.apiclient.connection.secretKey = self.user_1B_secretkey
+ self.apiclient.connection.securityKey = self.user_1B_secretkey
list_vm_response = list_virtual_machines(
self.apiclient
)
@@ -685,11 +685,11 @@ class TestVMIam(cloudstackTestCase):
self.debug("Revoking VM %s read only access from account: %s by attaching policy to account" % (self.virtual_machine_1A.name, self.account_1B.name))
- self.vm_grant_policy.detachAccount(self.apiclient, [self.account_1B.id])
+ self.vm_grant_policy.detachAccount(self.apiclient, [self.account_1B])
self.debug("Listing VM for account: %s" % self.account_1B.id)
self.apiclient.connection.apiKey = self.user_1B_apikey
- self.apiclient.connection.secretKey = self.user_1B_secretkey
+ self.apiclient.connection.securityKey = self.user_1B_secretkey
list_vm_response = list_virtual_machines(
self.apiclient
)
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae9be657/tools/marvin/marvin/integration/lib/base.py
----------------------------------------------------------------------
diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py
index c508323..15f59ca 100755
--- a/tools/marvin/marvin/integration/lib/base.py
+++ b/tools/marvin/marvin/integration/lib/base.py
@@ -3698,7 +3698,7 @@ class IAMPolicy:
cmd.account = account
if domainid:
cmd.domainid = domainid
- return AclGroup(apiclient.createIAMPolicy(cmd).__dict__)
+ return IAMPolicy(apiclient.createIAMPolicy(cmd).__dict__)
def update(self, apiclient):
pass
[07/50] [abbrv] Renaming plugin packages to 'iam' instead if 'acl'
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
new file mode 100644
index 0000000..3bddc35
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
@@ -0,0 +1,175 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclPolicy;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.user.Account;
+
+@APICommand(name = "createAclPolicy", responseObject = AclPolicyResponse.class, description = "Creates an acl policy")
+public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateAclPolicyCmd.class.getName());
+
+ private static final String s_name = "createaclpolicyresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl policy. Must be used with domainId.")
+ private String accountName;
+
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl policy", entityType = DomainResponse.class)
+ private Long domainId;
+
+ @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl policy")
+ private String description;
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl policy")
+ private String name;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACL_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent acl policy.", entityType = AclPolicyResponse.class)
+ private Long parentPolicyId;
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public Long getParentPolicyId() {
+ return parentPolicyId;
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = CallContext.current().getCallingAccount();
+ if ((account == null) || _accountService.isAdmin(account.getType())) {
+ if ((domainId != null) && (accountName != null)) {
+ Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+ if (userAccount != null) {
+ return userAccount.getId();
+ }
+ }
+ }
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
+ // command to SYSTEM so ERROR events
+ // are tracked
+ }
+
+ @Override
+ public void execute() {
+ AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId());
+ if (policy != null) {
+ AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(policy);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy:" + name);
+ }
+ }
+
+ @Override
+ public void create() throws ResourceAllocationException {
+ Account account = CallContext.current().getCallingAccount();
+ AclPolicy result = _aclApiSrv.createAclPolicy(account, name, description, parentPolicyId);
+ if (result != null) {
+ setEntityId(result.getId());
+ setEntityUuid(result.getUuid());
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy entity" + name);
+ }
+
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_POLICY_CREATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "creating Acl policy";
+ }
+
+ @Override
+ public String getCreateEventType() {
+ return EventTypes.EVENT_ACL_POLICY_CREATE;
+ }
+
+ @Override
+ public String getCreateEventDescription() {
+ return "creating acl policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java
new file mode 100644
index 0000000..38f13f4
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+
+import com.cloud.event.EventTypes;
+import com.cloud.user.Account;
+
+@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
+public class DeleteAclGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteAclGroupCmd.class.getName());
+ private static final String s_name = "deleteaclgroupresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = AclGroupResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+ @Override
+ public void execute(){
+ boolean result = _aclApiSrv.deleteAclGroup(id);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_DELETE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Deleting Acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java
new file mode 100644
index 0000000..c9fc9ba
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+
+import com.cloud.event.EventTypes;
+import com.cloud.user.Account;
+
+@APICommand(name = "deleteAclPolicy", description = "Deletes acl policy", responseObject = SuccessResponse.class)
+public class DeleteAclPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName());
+ private static final String s_name = "deleteaclpolicyresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl role.", required = true, entityType = AclPolicyResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+ @Override
+ public void execute(){
+ boolean result = _aclApiSrv.deleteAclPolicy(id);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl policy");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_POLICY_DELETE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Deleting Acl role";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java
new file mode 100644
index 0000000..2e72493
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+
+
+@APICommand(name = "listAclGroups", description = "Lists acl groups", responseObject = AclGroupResponse.class)
+public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListAclGroupsCmd.class.getName());
+
+ private static final String s_name = "listaclgroupsresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl groups by name")
+ private String aclGroupName;
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl group by the id provided", entityType = AclGroupResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+ public String getAclGroupName() {
+ return aclGroupName;
+ }
+
+
+ public Long getId(){
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public void execute(){
+
+ ListResponse<AclGroupResponse> response = _aclApiSrv.listAclGroups(id, aclGroupName, getDomainId(),
+ getStartIndex(), getPageSizeVal());
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java
new file mode 100644
index 0000000..b5b2d8d
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+
+
+@APICommand(name = "listAclPolicies", description = "Lists acl policies", responseObject = AclPolicyResponse.class)
+public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListAclPoliciesCmd.class.getName());
+
+ private static final String s_name = "listaclpoliciesresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl policies by name")
+ private String aclPolicyName;
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl policy by the id provided", entityType = AclPolicyResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+ public String getAclPolicyName() {
+ return aclPolicyName;
+ }
+
+
+ public Long getId(){
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public void execute(){
+
+ ListResponse<AclPolicyResponse> response = _aclApiSrv.listAclPolicies(id, aclPolicyName, getDomainId(),
+ getStartIndex(), getPageSizeVal());
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java
new file mode 100644
index 0000000..a370e0a
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeAccountFromAclGroup", description = "remove accounts from an acl group", responseObject = AclGroupResponse.class)
+public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveAccountFromAclGroupCmd.class.getName());
+ private static final String s_name = "removeaccountfromaclgroupresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
+ required = true, description = "The ID of the acl group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl group Id: " + getId());
+ AclGroup result = _aclApiSrv.removeAccountsFromGroup(accountIdList, id);
+ if (result != null){
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing accounts from acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java
new file mode 100644
index 0000000..9236ef1
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java
@@ -0,0 +1,147 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclPolicy;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeAclPermissionFromAclPolicy", description = "Remove acl permission from an acl policy", responseObject = AclPolicyResponse.class)
+public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName());
+ private static final String s_name = "removeaclpermissionfromaclpolicyresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
+ required = true, description = "The ID of the acl policy")
+ private Long id;
+
+ @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
+ private String action;
+
+ @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
+ private String entityType;
+
+ @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
+ required = false, description = "acl permission scope")
+ private String scope;
+
+ @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
+ private Long scopeId;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getEntityType() {
+ return entityType;
+ }
+
+ public String getScope() {
+ return scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl policy Id: " + getId());
+ AclPolicy result = _aclApiSrv.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
+ if (result != null) {
+ AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from acl policy " + getId());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_POLICY_REVOKE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing permission from acl policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java
new file mode 100644
index 0000000..bf2c493
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java
@@ -0,0 +1,122 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeAclPolicyFromAccount", description = "remove acl policy from accounts", responseObject = SuccessResponse.class)
+public class RemoveAclPolicyFromAccountCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAccountCmd.class.getName());
+ private static final String s_name = "removeaclpolicyfromaccountresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
+ required = true, description = "The ID of the acl group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl policy Id: " + getId());
+ _aclApiSrv.removeAclPolicyFromAccounts(id, accountIdList);
+ SuccessResponse response = new SuccessResponse();
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing acl policy from accounts";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.Account;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java
new file mode 100644
index 0000000..88dfa7b
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeAclPolicyFromAclGroup", description = "remove acl policy from an acl group", responseObject = AclGroupResponse.class)
+public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName());
+ private static final String s_name = "removeaclpolicyfromaclgroupresponse";
+
+ @Inject
+ public AclApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
+ required = true, description = "The ID of the acl group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
+ private List<Long> policyIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getRoleIdList() {
+ return policyIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl group Id: " + getId());
+ AclGroup result = _aclApiSrv.removeAclPoliciesFromGroup(policyIdList, id);
+ if (result != null){
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing acl roles from acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclGroupResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclGroupResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclGroupResponse.java
deleted file mode 100644
index 1cc3f6a..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclGroupResponse.java
+++ /dev/null
@@ -1,193 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.acl;
-
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.api.EntityReference;
-import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.serializer.Param;
-
-@SuppressWarnings("unused")
-@EntityReference(value = AclGroup.class)
-public class AclGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
-
- @SerializedName(ApiConstants.ID)
- @Param(description = "the ID of the acl group")
- private String id;
-
- @SerializedName(ApiConstants.NAME)
- @Param(description = "the name of the acl group")
- private String name;
-
- @SerializedName(ApiConstants.DESCRIPTION)
- @Param(description = "the description of the acl group")
- private String description;
-
- @SerializedName(ApiConstants.DOMAIN_ID)
- @Param(description = "the domain ID of the acl group")
- private String domainId;
-
- @SerializedName(ApiConstants.DOMAIN)
- @Param(description = "the domain name of the acl role")
- private String domainName;
-
- @SerializedName(ApiConstants.ACCOUNT)
- @Param(description = "the account owning the policy")
- private String accountName;
-
- @SerializedName(ApiConstants.ACL_MEMBER_ACCOUNTS)
- @Param(description = "account names assigned to this acl group ")
- private Set<String> accountNameList;
-
- @SerializedName(ApiConstants.ACL_POLICIES)
- @Param(description = "acl policies attached to this acl group ")
- private Set<String> policyNameList;
-
- public AclGroupResponse() {
- accountNameList = new LinkedHashSet<String>();
- policyNameList = new LinkedHashSet<String>();
- }
-
- @Override
- public String getObjectId() {
- return getId();
- }
-
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
-
- public void setName(String name) {
- this.name = name;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- @Override
- public void setDomainId(String domainId) {
- this.domainId = domainId;
- }
-
- @Override
- public void setDomainName(String domainName) {
- this.domainName = domainName;
- }
-
- @Override
- public void setAccountName(String accountName) {
- this.accountName = accountName;
-
- }
-
- @Override
- public void setProjectId(String projectId) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void setProjectName(String projectName) {
- // TODO Auto-generated method stub
-
- }
-
- public String getName() {
- return name;
- }
-
- public String getDescription() {
- return description;
- }
-
- public String getDomainId() {
- return domainId;
- }
-
- public String getDomainName() {
- return domainName;
- }
-
- public String getAccountName() {
- return accountName;
- }
-
- public Set<String> getAccountNameList() {
- return accountNameList;
- }
-
- public void setMemberAccounts(Set<String> accts) {
- accountNameList = accts;
- }
-
- public void addMemberAccount(String acct) {
- accountNameList.add(acct);
- }
-
- public void setPolicyList(Set<String> policies) {
- policyNameList = policies;
- }
-
- public void addPolicy(String policy) {
- policyNameList.add(policy);
- }
-
- public Set<String> getPolicyList() {
- return policyNameList;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclGroupResponse other = (AclGroupResponse)obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPermissionResponse.java
deleted file mode 100644
index f44144c..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPermissionResponse.java
+++ /dev/null
@@ -1,125 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.acl;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-
-import com.cloud.serializer.Param;
-
-public class AclPermissionResponse extends BaseResponse {
-
- @SerializedName(ApiConstants.ACL_ACTION)
- @Param(description = "action of this permission")
- private String action;
-
- @SerializedName(ApiConstants.ENTITY_TYPE)
- @Param(description = "the entity type of this permission")
- private AclEntityType entityType;
-
- @SerializedName(ApiConstants.ACL_SCOPE)
- @Param(description = "scope of this permission")
- private PermissionScope scope;
-
- @SerializedName(ApiConstants.ACL_SCOPE_ID)
- @Param(description = "scope id of this permission")
- private Long scopeId;
-
- @SerializedName(ApiConstants.ACL_ALLOW_DENY)
- @Param(description = "allow or deny of this permission")
- private AclPolicyPermission.Permission permission;
-
- public AclEntityType getEntityType() {
- return entityType;
- }
-
- public void setEntityType(AclEntityType entityType) {
- this.entityType = entityType;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public PermissionScope getScope() {
- return scope;
- }
-
- public void setScope(PermissionScope scope) {
- this.scope = scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
- public void setScopeId(Long scopeId) {
- this.scopeId = scopeId;
- }
-
- public AclPolicyPermission.Permission getPermission() {
- return permission;
- }
-
- public void setPermission(AclPolicyPermission.Permission permission) {
- this.permission = permission;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((action == null) ? 0 : action.hashCode());
- result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
- result = prime * result + ((scope == null) ? 0 : scope.hashCode());
- result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclPermissionResponse other = (AclPermissionResponse) obj;
- if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
- return false;
- } else if ((action == null && other.action != null) || !action.equals(other.action)) {
- return false;
- } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
- return false;
- } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
- return false;
- }
- return true;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPolicyResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPolicyResponse.java
deleted file mode 100644
index 76651d8..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/acl/AclPolicyResponse.java
+++ /dev/null
@@ -1,177 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.acl;
-
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.api.EntityReference;
-import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.serializer.Param;
-
-@SuppressWarnings("unused")
-@EntityReference(value = AclPolicy.class)
-public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
-
- @SerializedName(ApiConstants.ID)
- @Param(description = "the ID of the acl policy")
- private String id;
-
- @SerializedName(ApiConstants.NAME)
- @Param(description = "the name of the acl policy")
- private String name;
-
- @SerializedName(ApiConstants.DESCRIPTION)
- @Param(description = "the description of the acl policy")
- private String description;
-
- @SerializedName(ApiConstants.DOMAIN_ID)
- @Param(description = "the domain ID of the acl policy")
- private String domainId;
-
- @SerializedName(ApiConstants.DOMAIN)
- @Param(description = "the domain name of the acl policy")
- private String domainName;
-
- @SerializedName(ApiConstants.ACCOUNT)
- @Param(description = "the account owning the policy")
- private String accountName;
-
- @SerializedName(ApiConstants.ACL_PERMISSIONS)
- @Param(description = "set of permissions for the acl policy")
- private Set<AclPermissionResponse> permissionList;
-
- public AclPolicyResponse() {
- permissionList = new LinkedHashSet<AclPermissionResponse>();
- }
-
- @Override
- public String getObjectId() {
- return getId();
- }
-
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
-
- public void setName(String name) {
- this.name = name;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- @Override
- public void setDomainId(String domainId) {
- this.domainId = domainId;
- }
-
- @Override
- public void setDomainName(String domainName) {
- this.domainName = domainName;
- }
-
- public Set<AclPermissionResponse> getPermissionList() {
- return permissionList;
- }
-
- public void setPermissionList(Set<AclPermissionResponse> perms) {
- permissionList = perms;
- }
-
- public void addPermission(AclPermissionResponse perm) {
- permissionList.add(perm);
- }
-
- @Override
- public void setAccountName(String accountName) {
- this.accountName = accountName;
- }
-
- @Override
- public void setProjectId(String projectId) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void setProjectName(String projectName) {
- // TODO Auto-generated method stub
-
- }
-
- public String getName() {
- return name;
- }
-
- public String getDescription() {
- return description;
- }
-
- public String getDomainId() {
- return domainId;
- }
-
- public String getDomainName() {
- return domainName;
- }
-
- public String getAccountName() {
- return accountName;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclPolicyResponse other = (AclPolicyResponse) obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java
new file mode 100644
index 0000000..8c4adc1
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java
@@ -0,0 +1,193 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+import org.apache.cloudstack.iam.api.AclGroup;
+
+import com.cloud.serializer.Param;
+
+@SuppressWarnings("unused")
+@EntityReference(value = AclGroup.class)
+public class AclGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
+
+ @SerializedName(ApiConstants.ID)
+ @Param(description = "the ID of the acl group")
+ private String id;
+
+ @SerializedName(ApiConstants.NAME)
+ @Param(description = "the name of the acl group")
+ private String name;
+
+ @SerializedName(ApiConstants.DESCRIPTION)
+ @Param(description = "the description of the acl group")
+ private String description;
+
+ @SerializedName(ApiConstants.DOMAIN_ID)
+ @Param(description = "the domain ID of the acl group")
+ private String domainId;
+
+ @SerializedName(ApiConstants.DOMAIN)
+ @Param(description = "the domain name of the acl role")
+ private String domainName;
+
+ @SerializedName(ApiConstants.ACCOUNT)
+ @Param(description = "the account owning the policy")
+ private String accountName;
+
+ @SerializedName(ApiConstants.ACL_MEMBER_ACCOUNTS)
+ @Param(description = "account names assigned to this acl group ")
+ private Set<String> accountNameList;
+
+ @SerializedName(ApiConstants.ACL_POLICIES)
+ @Param(description = "acl policies attached to this acl group ")
+ private Set<String> policyNameList;
+
+ public AclGroupResponse() {
+ accountNameList = new LinkedHashSet<String>();
+ policyNameList = new LinkedHashSet<String>();
+ }
+
+ @Override
+ public String getObjectId() {
+ return getId();
+ }
+
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ @Override
+ public void setDomainId(String domainId) {
+ this.domainId = domainId;
+ }
+
+ @Override
+ public void setDomainName(String domainName) {
+ this.domainName = domainName;
+ }
+
+ @Override
+ public void setAccountName(String accountName) {
+ this.accountName = accountName;
+
+ }
+
+ @Override
+ public void setProjectId(String projectId) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setProjectName(String projectName) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public String getDomainId() {
+ return domainId;
+ }
+
+ public String getDomainName() {
+ return domainName;
+ }
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public Set<String> getAccountNameList() {
+ return accountNameList;
+ }
+
+ public void setMemberAccounts(Set<String> accts) {
+ accountNameList = accts;
+ }
+
+ public void addMemberAccount(String acct) {
+ accountNameList.add(acct);
+ }
+
+ public void setPolicyList(Set<String> policies) {
+ policyNameList = policies;
+ }
+
+ public void addPolicy(String policy) {
+ policyNameList.add(policy);
+ }
+
+ public Set<String> getPolicyList() {
+ return policyNameList;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((id == null) ? 0 : id.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ AclGroupResponse other = (AclGroupResponse)obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ return true;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
new file mode 100644
index 0000000..68b4df9
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
@@ -0,0 +1,125 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+
+import com.cloud.serializer.Param;
+
+public class AclPermissionResponse extends BaseResponse {
+
+ @SerializedName(ApiConstants.ACL_ACTION)
+ @Param(description = "action of this permission")
+ private String action;
+
+ @SerializedName(ApiConstants.ENTITY_TYPE)
+ @Param(description = "the entity type of this permission")
+ private IAMEntityType entityType;
+
+ @SerializedName(ApiConstants.ACL_SCOPE)
+ @Param(description = "scope of this permission")
+ private PermissionScope scope;
+
+ @SerializedName(ApiConstants.ACL_SCOPE_ID)
+ @Param(description = "scope id of this permission")
+ private Long scopeId;
+
+ @SerializedName(ApiConstants.ACL_ALLOW_DENY)
+ @Param(description = "allow or deny of this permission")
+ private AclPolicyPermission.Permission permission;
+
+ public IAMEntityType getEntityType() {
+ return entityType;
+ }
+
+ public void setEntityType(IAMEntityType entityType) {
+ this.entityType = entityType;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public PermissionScope getScope() {
+ return scope;
+ }
+
+ public void setScope(PermissionScope scope) {
+ this.scope = scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+ public void setScopeId(Long scopeId) {
+ this.scopeId = scopeId;
+ }
+
+ public AclPolicyPermission.Permission getPermission() {
+ return permission;
+ }
+
+ public void setPermission(AclPolicyPermission.Permission permission) {
+ this.permission = permission;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((action == null) ? 0 : action.hashCode());
+ result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
+ result = prime * result + ((scope == null) ? 0 : scope.hashCode());
+ result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ AclPermissionResponse other = (AclPermissionResponse) obj;
+ if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
+ return false;
+ } else if ((action == null && other.action != null) || !action.equals(other.action)) {
+ return false;
+ } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
+ return false;
+ } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
+ return false;
+ }
+ return true;
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
new file mode 100644
index 0000000..12d90de
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
@@ -0,0 +1,177 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+import org.apache.cloudstack.iam.api.AclPolicy;
+
+import com.cloud.serializer.Param;
+
+@SuppressWarnings("unused")
+@EntityReference(value = AclPolicy.class)
+public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
+
+ @SerializedName(ApiConstants.ID)
+ @Param(description = "the ID of the acl policy")
+ private String id;
+
+ @SerializedName(ApiConstants.NAME)
+ @Param(description = "the name of the acl policy")
+ private String name;
+
+ @SerializedName(ApiConstants.DESCRIPTION)
+ @Param(description = "the description of the acl policy")
+ private String description;
+
+ @SerializedName(ApiConstants.DOMAIN_ID)
+ @Param(description = "the domain ID of the acl policy")
+ private String domainId;
+
+ @SerializedName(ApiConstants.DOMAIN)
+ @Param(description = "the domain name of the acl policy")
+ private String domainName;
+
+ @SerializedName(ApiConstants.ACCOUNT)
+ @Param(description = "the account owning the policy")
+ private String accountName;
+
+ @SerializedName(ApiConstants.ACL_PERMISSIONS)
+ @Param(description = "set of permissions for the acl policy")
+ private Set<AclPermissionResponse> permissionList;
+
+ public AclPolicyResponse() {
+ permissionList = new LinkedHashSet<AclPermissionResponse>();
+ }
+
+ @Override
+ public String getObjectId() {
+ return getId();
+ }
+
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ @Override
+ public void setDomainId(String domainId) {
+ this.domainId = domainId;
+ }
+
+ @Override
+ public void setDomainName(String domainName) {
+ this.domainName = domainName;
+ }
+
+ public Set<AclPermissionResponse> getPermissionList() {
+ return permissionList;
+ }
+
+ public void setPermissionList(Set<AclPermissionResponse> perms) {
+ permissionList = perms;
+ }
+
+ public void addPermission(AclPermissionResponse perm) {
+ permissionList.add(perm);
+ }
+
+ @Override
+ public void setAccountName(String accountName) {
+ this.accountName = accountName;
+ }
+
+ @Override
+ public void setProjectId(String projectId) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setProjectName(String projectName) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public String getDomainId() {
+ return domainId;
+ }
+
+ public String getDomainName() {
+ return domainName;
+ }
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((id == null) ? 0 : id.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ AclPolicyResponse other = (AclPolicyResponse) obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ return true;
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
new file mode 100644
index 0000000..0cb1e22
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
@@ -0,0 +1,84 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.List;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.iam.api.AclGroup;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+
+import com.cloud.user.Account;
+import com.cloud.utils.component.PluggableService;
+
+public interface AclApiService extends PluggableService {
+
+ /* ACL group related interfaces */
+ AclGroup createAclGroup(Account caller, String aclGroupName, String description);
+
+ boolean deleteAclGroup(Long aclGroupId);
+
+ List<AclGroup> listAclGroups(long accountId);
+
+ AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
+
+ AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
+
+ /* ACL Policy related interfaces */
+ AclPolicy createAclPolicy(Account caller, String aclPolicyName, String description, Long parentPolicyId);
+
+ boolean deleteAclPolicy(long aclPolicyId);
+
+ List<AclPolicy> listAclPolicies(long accountId);
+
+ AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
+
+ AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
+
+ void attachAclPolicyToAccounts(Long policyId, List<Long> accountIds);
+
+ void removeAclPolicyFromAccounts(Long policyId, List<Long> accountIds);
+
+ AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId,
+ String action, Permission perm, Boolean recursive);
+
+ AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
+
+ AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
+
+ /* Utility routine to grant/revoke invidivual resource to list of accounts */
+ void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
+
+ void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
+
+ /* Response Generation */
+ AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
+
+ AclGroupResponse createAclGroupResponse(AclGroup group);
+
+ ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
+ Long domainId, Long startIndex, Long pageSize);
+
+ ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
+ Long domainId, Long startIndex, Long pageSize);
+}
[24/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Rename IAMEntityType.AclGroup and AclPolicy.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/e5d72265
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/e5d72265
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/e5d72265
Branch: refs/heads/master
Commit: e5d722654abea1ac97d7ad3a710e86939a4e074e
Parents: 7e4c3b0
Author: Min Chen <mi...@citrix.com>
Authored: Sun Mar 2 16:06:29 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Sun Mar 2 16:06:29 2014 -0800
----------------------------------------------------------------------
api/src/org/apache/cloudstack/acl/IAMEntityType.java | 4 ++--
.../plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e5d72265/api/src/org/apache/cloudstack/acl/IAMEntityType.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/IAMEntityType.java b/api/src/org/apache/cloudstack/acl/IAMEntityType.java
index 0a44253..9299ae9 100644
--- a/api/src/org/apache/cloudstack/acl/IAMEntityType.java
+++ b/api/src/org/apache/cloudstack/acl/IAMEntityType.java
@@ -38,8 +38,8 @@ public enum IAMEntityType {
PortForwardingRule,
Event,
AsyncJob,
- AclPolicy,
- AclGroup,
+ IAMPolicy,
+ IAMGroup,
MonitorService,
SSLCert
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e5d72265/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index 945f48e..42c1adc 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -182,8 +182,8 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
s_typeMap.put(IAMEntityType.PortForwardingRule, PortForwardingRuleVO.class);
s_typeMap.put(IAMEntityType.Event, EventVO.class);
s_typeMap.put(IAMEntityType.AsyncJob, AsyncJobVO.class);
- s_typeMap.put(IAMEntityType.AclGroup, IAMGroupVO.class);
- s_typeMap.put(IAMEntityType.AclPolicy, IAMPolicyVO.class);
+ s_typeMap.put(IAMEntityType.IAMGroup, IAMGroupVO.class);
+ s_typeMap.put(IAMEntityType.IAMPolicy, IAMPolicyVO.class);
s_typeMap.put(IAMEntityType.MonitorService, MonitoringServiceVO.class);
s_typeMap.put(IAMEntityType.SSLCert, SslCertVO.class);
}
[15/50] [abbrv] iam/plugin: Rename Acl to IAM everywhere
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMPolicyCmd.java
new file mode 100644
index 0000000..be863de
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMPolicyCmd.java
@@ -0,0 +1,175 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.user.Account;
+
+@APICommand(name = "createIAMPolicy", responseObject = IAMPolicyResponse.class, description = "Creates an iam policy")
+public class CreateIAMPolicyCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIAMPolicyCmd.class.getName());
+
+ private static final String s_name = "createiampolicyresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the iam policy. Must be used with domainId.")
+ private String accountName;
+
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the iam policy", entityType = DomainResponse.class)
+ private Long domainId;
+
+ @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the iam policy")
+ private String description;
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the iam policy")
+ private String name;
+
+ @ACL
+ @Parameter(name = ApiConstants.IAM_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent iam policy.", entityType = IAMPolicyResponse.class)
+ private Long parentPolicyId;
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public Long getParentPolicyId() {
+ return parentPolicyId;
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = CallContext.current().getCallingAccount();
+ if ((account == null) || _accountService.isAdmin(account.getType())) {
+ if ((domainId != null) && (accountName != null)) {
+ Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+ if (userAccount != null) {
+ return userAccount.getId();
+ }
+ }
+ }
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
+ // command to SYSTEM so ERROR events
+ // are tracked
+ }
+
+ @Override
+ public void execute() {
+ IAMPolicy policy = _entityMgr.findById(IAMPolicy.class, getEntityId());
+ if (policy != null) {
+ IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(policy);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam policy:" + name);
+ }
+ }
+
+ @Override
+ public void create() throws ResourceAllocationException {
+ Account account = CallContext.current().getCallingAccount();
+ IAMPolicy result = _iamApiSrv.createIAMPolicy(account, name, description, parentPolicyId);
+ if (result != null) {
+ setEntityId(result.getId());
+ setEntityUuid(result.getUuid());
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam policy entity" + name);
+ }
+
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_POLICY_CREATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "creating IAM policy";
+ }
+
+ @Override
+ public String getCreateEventType() {
+ return EventTypes.EVENT_IAM_POLICY_CREATE;
+ }
+
+ @Override
+ public String getCreateEventDescription() {
+ return "creating IAM policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java
deleted file mode 100644
index 38f13f4..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-
-import com.cloud.event.EventTypes;
-import com.cloud.user.Account;
-
-@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
-public class DeleteAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteAclGroupCmd.class.getName());
- private static final String s_name = "deleteaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = AclGroupResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM;
- }
-
- @Override
- public void execute(){
- boolean result = _aclApiSrv.deleteAclGroup(id);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return "Deleting Acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java
deleted file mode 100644
index c9fc9ba..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-
-import com.cloud.event.EventTypes;
-import com.cloud.user.Account;
-
-@APICommand(name = "deleteAclPolicy", description = "Deletes acl policy", responseObject = SuccessResponse.class)
-public class DeleteAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName());
- private static final String s_name = "deleteaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl role.", required = true, entityType = AclPolicyResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM;
- }
-
- @Override
- public void execute(){
- boolean result = _aclApiSrv.deleteAclPolicy(id);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl policy");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return "Deleting Acl role";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java
new file mode 100644
index 0000000..f5d40fc
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMGroupCmd.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+
+import com.cloud.event.EventTypes;
+import com.cloud.user.Account;
+
+@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
+public class DeleteIAMGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteIAMGroupCmd.class.getName());
+ private static final String s_name = "deleteaclgroupresponse";
+
+ @Inject
+ public IAMApiService _aclApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = IAMGroupResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+ @Override
+ public void execute(){
+ boolean result = _aclApiSrv.deleteIAMGroup(id);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_DELETE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Deleting Acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMPolicyCmd.java
new file mode 100644
index 0000000..037f4cd
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteIAMPolicyCmd.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+
+import com.cloud.event.EventTypes;
+import com.cloud.user.Account;
+
+@APICommand(name = "deleteIAMPolicy", description = "Deletes iam policy", responseObject = SuccessResponse.class)
+public class DeleteIAMPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteIAMPolicyCmd.class.getName());
+ private static final String s_name = "deleteiampolicyresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the iam policy.", required = true, entityType = IAMPolicyResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+ @Override
+ public void execute(){
+ boolean result = _iamApiSrv.deleteIAMPolicy(id);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete iam policy");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_POLICY_DELETE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Deleting IAM policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMPolicy;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java
deleted file mode 100644
index 2e72493..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java
+++ /dev/null
@@ -1,88 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-
-
-@APICommand(name = "listAclGroups", description = "Lists acl groups", responseObject = AclGroupResponse.class)
-public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListAclGroupsCmd.class.getName());
-
- private static final String s_name = "listaclgroupsresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl groups by name")
- private String aclGroupName;
-
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl group by the id provided", entityType = AclGroupResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
- public String getAclGroupName() {
- return aclGroupName;
- }
-
-
- public Long getId(){
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
-
- ListResponse<AclGroupResponse> response = _aclApiSrv.listAclGroups(id, aclGroupName, getDomainId(),
- getStartIndex(), getPageSizeVal());
- response.setResponseName(getCommandName());
- setResponseObject(response);
-
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java
deleted file mode 100644
index b5b2d8d..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java
+++ /dev/null
@@ -1,88 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-
-
-@APICommand(name = "listAclPolicies", description = "Lists acl policies", responseObject = AclPolicyResponse.class)
-public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListAclPoliciesCmd.class.getName());
-
- private static final String s_name = "listaclpoliciesresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl policies by name")
- private String aclPolicyName;
-
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl policy by the id provided", entityType = AclPolicyResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
- public String getAclPolicyName() {
- return aclPolicyName;
- }
-
-
- public Long getId(){
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
-
- ListResponse<AclPolicyResponse> response = _aclApiSrv.listAclPolicies(id, aclPolicyName, getDomainId(),
- getStartIndex(), getPageSizeVal());
- response.setResponseName(getCommandName());
- setResponseObject(response);
-
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMGroupsCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMGroupsCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMGroupsCmd.java
new file mode 100644
index 0000000..ece87fa
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMGroupsCmd.java
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+
+
+@APICommand(name = "listIAMGroups", description = "Lists iam groups", responseObject = IAMGroupResponse.class)
+public class ListIAMGroupsCmd extends BaseListDomainResourcesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListIAMGroupsCmd.class.getName());
+
+ private static final String s_name = "listiamgroupsresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists iam groups by name")
+ private String iamGroupName;
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the iam group by the id provided", entityType = IAMGroupResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+ public String getIAMGroupName() {
+ return iamGroupName;
+ }
+
+
+ public Long getId(){
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public void execute(){
+
+ ListResponse<IAMGroupResponse> response = _iamApiSrv.listIAMGroups(id, iamGroupName, getDomainId(),
+ getStartIndex(), getPageSizeVal());
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMPoliciesCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMPoliciesCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMPoliciesCmd.java
new file mode 100644
index 0000000..096cc3b
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListIAMPoliciesCmd.java
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+
+
+@APICommand(name = "listIAMPolicies", description = "Lists IAM policies", responseObject = IAMPolicyResponse.class)
+public class ListIAMPoliciesCmd extends BaseListDomainResourcesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListIAMPoliciesCmd.class.getName());
+
+ private static final String s_name = "listiampoliciesresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists iam policies by name")
+ private String iamPolicyName;
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the iam policy by the id provided", entityType = IAMPolicyResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+ public String getIAMPolicyName() {
+ return iamPolicyName;
+ }
+
+
+ public Long getId(){
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public void execute(){
+
+ ListResponse<IAMPolicyResponse> response = _iamApiSrv.listIAMPolicies(id, iamPolicyName, getDomainId(),
+ getStartIndex(), getPageSizeVal());
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMPolicy;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java
deleted file mode 100644
index a370e0a..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAccountFromAclGroup", description = "remove accounts from an acl group", responseObject = AclGroupResponse.class)
-public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAccountFromAclGroupCmd.class.getName());
- private static final String s_name = "removeaccountfromaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.removeAccountsFromGroup(accountIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing accounts from acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromIAMGroupCmd.java
new file mode 100644
index 0000000..5ff5039
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromIAMGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeAccountFromIAMGroup", description = "remove accounts from an iam group", responseObject = IAMGroupResponse.class)
+public class RemoveAccountFromIAMGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveAccountFromIAMGroupCmd.class.getName());
+ private static final String s_name = "removeaccountfromiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ required = true, description = "The ID of the iam group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the iam group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM group Id: " + getId());
+ IAMGroup result = _iamApiSrv.removeAccountsFromGroup(accountIdList, id);
+ if (result != null){
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from iam group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing accounts from iam group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java
deleted file mode 100644
index 9236ef1..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java
+++ /dev/null
@@ -1,147 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPermissionFromAclPolicy", description = "Remove acl permission from an acl policy", responseObject = AclPolicyResponse.class)
-public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName());
- private static final String s_name = "removeaclpermissionfromaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
- private String action;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
- required = false, description = "acl permission scope")
- private String scope;
-
- @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public String getAction() {
- return action;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public String getScope() {
- return scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- AclPolicy result = _aclApiSrv.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
- if (result != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from acl policy " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_REVOKE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing permission from acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java
deleted file mode 100644
index bf2c493..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java
+++ /dev/null
@@ -1,122 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPolicyFromAccount", description = "remove acl policy from accounts", responseObject = SuccessResponse.class)
-public class RemoveAclPolicyFromAccountCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAccountCmd.class.getName());
- private static final String s_name = "removeaclpolicyfromaccountresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- _aclApiSrv.removeAclPolicyFromAccounts(id, accountIdList);
- SuccessResponse response = new SuccessResponse();
- response.setResponseName(getCommandName());
- setResponseObject(response);
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing acl policy from accounts";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.Account;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java
deleted file mode 100644
index 88dfa7b..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclPolicyFromAclGroup", description = "remove acl policy from an acl group", responseObject = AclGroupResponse.class)
-public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName());
- private static final String s_name = "removeaclpolicyfromaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> policyIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getRoleIdList() {
- return policyIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.removeAclPoliciesFromGroup(policyIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing acl roles from acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java
new file mode 100644
index 0000000..db04ef7
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPermissionFromIAMPolicyCmd.java
@@ -0,0 +1,147 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeIAMPermissionFromIAMPolicy", description = "Remove iam permission from an iam policy", responseObject = IAMPolicyResponse.class)
+public class RemoveIAMPermissionFromIAMPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveIAMPermissionFromIAMPolicyCmd.class.getName());
+ private static final String s_name = "removeiampermissionfromiampolicyresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMPolicyResponse.class,
+ required = true, description = "The ID of the iam policy")
+ private Long id;
+
+ @Parameter(name = ApiConstants.IAM_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
+ private String action;
+
+ @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
+ private String entityType;
+
+ @Parameter(name = ApiConstants.IAM_SCOPE, type = CommandType.STRING,
+ required = false, description = "iam permission scope")
+ private String scope;
+
+ @Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
+ private Long scopeId;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getEntityType() {
+ return entityType;
+ }
+
+ public String getScope() {
+ return scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM policy Id: " + getId());
+ IAMPolicy result = _iamApiSrv.removeIAMPermissionFromIAMPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
+ if (result != null) {
+ IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from iam policy " + getId());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_POLICY_REVOKE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing permission from iam policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
new file mode 100644
index 0000000..b665e84
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
@@ -0,0 +1,122 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeIAMPolicyFromAccount", description = "remove iam policy from accounts", responseObject = SuccessResponse.class)
+public class RemoveIAMPolicyFromAccountCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveIAMPolicyFromAccountCmd.class.getName());
+ private static final String s_name = "removeiampolicyfromaccountresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ required = true, description = "The ID of the iam group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = IAMPolicyResponse.class, description = "comma separated list of iam policy id that are going to be applied to the iam group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM policy Id: " + getId());
+ _iamApiSrv.removeIAMPolicyFromAccounts(id, accountIdList);
+ SuccessResponse response = new SuccessResponse();
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing iam policy from accounts";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.Account;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromIAMGroupCmd.java
new file mode 100644
index 0000000..a99143d
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromIAMGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeIAMPolicyFromIAMGroup", description = "remove iam policy from an iam group", responseObject = IAMGroupResponse.class)
+public class RemoveIAMPolicyFromIAMGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveIAMPolicyFromIAMGroupCmd.class.getName());
+ private static final String s_name = "removeiampolicyfromiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ required = true, description = "The ID of the iam group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.IAM_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = IAMPolicyResponse.class, description = "comma separated list of iam policy id that are going to be applied to the iam group.")
+ private List<Long> policyIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getRoleIdList() {
+ return policyIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM group Id: " + getId());
+ IAMGroup result = _iamApiSrv.removeIAMPoliciesFromGroup(policyIdList, id);
+ if (result != null){
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to iam group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing IAM roles from IAM group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java
deleted file mode 100644
index 8c4adc1..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java
+++ /dev/null
@@ -1,193 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.iam;
-
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.api.EntityReference;
-import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.serializer.Param;
-
-@SuppressWarnings("unused")
-@EntityReference(value = AclGroup.class)
-public class AclGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
-
- @SerializedName(ApiConstants.ID)
- @Param(description = "the ID of the acl group")
- private String id;
-
- @SerializedName(ApiConstants.NAME)
- @Param(description = "the name of the acl group")
- private String name;
-
- @SerializedName(ApiConstants.DESCRIPTION)
- @Param(description = "the description of the acl group")
- private String description;
-
- @SerializedName(ApiConstants.DOMAIN_ID)
- @Param(description = "the domain ID of the acl group")
- private String domainId;
-
- @SerializedName(ApiConstants.DOMAIN)
- @Param(description = "the domain name of the acl role")
- private String domainName;
-
- @SerializedName(ApiConstants.ACCOUNT)
- @Param(description = "the account owning the policy")
- private String accountName;
-
- @SerializedName(ApiConstants.ACL_MEMBER_ACCOUNTS)
- @Param(description = "account names assigned to this acl group ")
- private Set<String> accountNameList;
-
- @SerializedName(ApiConstants.ACL_POLICIES)
- @Param(description = "acl policies attached to this acl group ")
- private Set<String> policyNameList;
-
- public AclGroupResponse() {
- accountNameList = new LinkedHashSet<String>();
- policyNameList = new LinkedHashSet<String>();
- }
-
- @Override
- public String getObjectId() {
- return getId();
- }
-
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
-
- public void setName(String name) {
- this.name = name;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- @Override
- public void setDomainId(String domainId) {
- this.domainId = domainId;
- }
-
- @Override
- public void setDomainName(String domainName) {
- this.domainName = domainName;
- }
-
- @Override
- public void setAccountName(String accountName) {
- this.accountName = accountName;
-
- }
-
- @Override
- public void setProjectId(String projectId) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void setProjectName(String projectName) {
- // TODO Auto-generated method stub
-
- }
-
- public String getName() {
- return name;
- }
-
- public String getDescription() {
- return description;
- }
-
- public String getDomainId() {
- return domainId;
- }
-
- public String getDomainName() {
- return domainName;
- }
-
- public String getAccountName() {
- return accountName;
- }
-
- public Set<String> getAccountNameList() {
- return accountNameList;
- }
-
- public void setMemberAccounts(Set<String> accts) {
- accountNameList = accts;
- }
-
- public void addMemberAccount(String acct) {
- accountNameList.add(acct);
- }
-
- public void setPolicyList(Set<String> policies) {
- policyNameList = policies;
- }
-
- public void addPolicy(String policy) {
- policyNameList.add(policy);
- }
-
- public Set<String> getPolicyList() {
- return policyNameList;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclGroupResponse other = (AclGroupResponse)obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
-
-}
[27/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Bug fix identified by marvin test.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/61b47850
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/61b47850
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/61b47850
Branch: refs/heads/master
Commit: 61b47850f2839c9eb1381584c578dd48ac85d115
Parents: a837ac8
Author: Min Chen <mi...@citrix.com>
Authored: Mon Mar 3 17:24:46 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Mon Mar 3 17:26:16 2014 -0800
----------------------------------------------------------------------
.../api/command/iam/AddIAMPermissionToIAMPolicyCmd.java | 2 +-
.../api/command/iam/RemoveIAMPolicyFromAccountCmd.java | 5 ++---
.../src/org/apache/cloudstack/iam/IAMApiServiceImpl.java | 6 +++---
.../apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java | 2 +-
.../src/org/apache/cloudstack/iam/server/IAMServiceImpl.java | 2 +-
.../cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java | 4 ++--
6 files changed, 10 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/61b47850/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
index a66390a..e991537 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
@@ -72,7 +72,7 @@ public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
required = false, description = "iam permission scope")
private String scope;
- @Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.UUID, required = false, description = "The UUID of the permission scope id")
+ @Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.STRING, required = false, description = "The UUID of the permission scope id")
private String scopeId;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/61b47850/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
index b665e84..9158027 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveIAMPolicyFromAccountCmd.java
@@ -22,7 +22,6 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.iam.IAMApiService;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -31,9 +30,9 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.IAMApiService;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@@ -55,7 +54,7 @@ public class RemoveIAMPolicyFromAccountCmd extends BaseAsyncCmd {
@ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMPolicyResponse.class,
required = true, description = "The ID of the iam group")
private Long id;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/61b47850/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index 42c1adc..97519f2 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -112,7 +112,7 @@ import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.EntityManager;
import com.cloud.vm.InstanceGroupVO;
-import com.cloud.vm.UserVmVO;
+import com.cloud.vm.VMInstanceVO;
import com.cloud.vm.dao.NicIpAliasVO;
import com.cloud.vm.dao.NicSecondaryIpVO;
import com.cloud.vm.snapshot.VMSnapshotVO;
@@ -146,7 +146,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
private static final Map<IAMEntityType, Class<?>> s_typeMap = new HashMap<IAMEntityType, Class<?>>();
static {
- s_typeMap.put(IAMEntityType.VirtualMachine, UserVmVO.class);
+ s_typeMap.put(IAMEntityType.VirtualMachine, VMInstanceVO.class);
s_typeMap.put(IAMEntityType.Volume, VolumeVO.class);
s_typeMap.put(IAMEntityType.ResourceTag, ResourceTagVO.class);
s_typeMap.put(IAMEntityType.Account, AccountVO.class);
@@ -768,7 +768,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
entity = _accountDao.findByUuid(scopeId);
break;
case RESOURCE:
- Class<?> clazz = s_typeMap.get(entityType);
+ Class<?> clazz = s_typeMap.get(IAMEntityType.valueOf(entityType));
entity = (InternalIdentity)_entityMgr.findByUuid(clazz, scopeId);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/61b47850/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
index a537655..18f085a 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
@@ -63,7 +63,7 @@ public class IAMAccountPolicyMapVO {
return accountId;
}
- public long getIAMPolicyId() {
+ public long getIamPolicyId() {
return iamPolicyId;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/61b47850/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index 11af27e..4f03142 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -395,7 +395,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
// add policies directly attached to the account
List<IAMAccountPolicyMapVO> acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId);
for (IAMAccountPolicyMapVO p : acctPolicies) {
- policyIds.add(p.getIAMPolicyId());
+ policyIds.add(p.getIamPolicyId());
}
if (policyIds.size() == 0) {
return new ArrayList<IAMPolicy>();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/61b47850/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
index a112a3e..3ecca3b 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
@@ -26,11 +26,11 @@ public class IAMAccountPolicyMapDaoImpl extends GenericDaoBase<IAMAccountPolicyM
ListByAccountId.done();
ListByPolicyId = createSearchBuilder();
- ListByPolicyId.and("policyId", ListByPolicyId.entity().getIAMPolicyId(), SearchCriteria.Op.EQ);
+ ListByPolicyId.and("policyId", ListByPolicyId.entity().getIamPolicyId(), SearchCriteria.Op.EQ);
ListByPolicyId.done();
findByPolicyAccountId = createSearchBuilder();
- findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getIAMPolicyId(), SearchCriteria.Op.EQ);
+ findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getIamPolicyId(), SearchCriteria.Op.EQ);
findByPolicyAccountId.and("accountId", findByPolicyAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
findByPolicyAccountId.done();
[04/50] [abbrv] Renaming AclEntityType --> IAMEntityType
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java
index 7c205f3..1dbdf34 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmGroupCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -39,7 +39,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScaleVmGroup;
import com.cloud.user.Account;
-@APICommand(name = "updateAutoScaleVmGroup", description = "Updates an existing autoscale vm group.", responseObject = AutoScaleVmGroupResponse.class, entityType = { AclEntityType.AutoScaleVmGroup })
+@APICommand(name = "updateAutoScaleVmGroup", description = "Updates an existing autoscale vm group.", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
public class UpdateAutoScaleVmGroupCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateAutoScaleVmGroupCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java
index 959b829..87b936d 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScaleVmProfileCmd.java
@@ -21,7 +21,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScaleVmProfile;
import com.cloud.user.Account;
-@APICommand(name = "updateAutoScaleVmProfile", description = "Updates an existing autoscale vm profile.", responseObject = AutoScaleVmProfileResponse.class, entityType = { AclEntityType.AutoScaleVmProfile })
+@APICommand(name = "updateAutoScaleVmProfile", description = "Updates an existing autoscale vm profile.", responseObject = AutoScaleVmProfileResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile })
public class UpdateAutoScaleVmProfileCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateAutoScaleVmProfileCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java b/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java
index 506ca92..22eae05 100644
--- a/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/event/ArchiveEventsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -35,7 +35,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.user.Account;
-@APICommand(name = "archiveEvents", description = "Archive one or more events.", responseObject = SuccessResponse.class, entityType = { AclEntityType.Event })
+@APICommand(name = "archiveEvents", description = "Archive one or more events.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Event })
public class ArchiveEventsCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(ArchiveEventsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java b/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java
index e511ab9..ca802a4 100644
--- a/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/event/DeleteEventsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -35,7 +35,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.user.Account;
-@APICommand(name = "deleteEvents", description = "Delete one or more events.", responseObject = SuccessResponse.class, entityType = { AclEntityType.Event })
+@APICommand(name = "deleteEvents", description = "Delete one or more events.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Event })
public class DeleteEventsCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteEventsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java b/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
index d72c4fa..620bd86 100644
--- a/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
@@ -20,7 +20,7 @@ import java.util.Date;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -28,7 +28,7 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.EventResponse;
import org.apache.cloudstack.api.response.ListResponse;
-@APICommand(name = "listEvents", description = "A command to list events.", responseObject = EventResponse.class, entityType = { AclEntityType.Event })
+@APICommand(name = "listEvents", description = "A command to list events.", responseObject = EventResponse.class, entityType = { IAMEntityType.Event })
public class ListEventsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListEventsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
index 0a7b0ab..20029bc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java
@@ -22,7 +22,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -44,7 +44,7 @@ import com.cloud.network.rules.FirewallRule;
import com.cloud.user.Account;
import com.cloud.utils.net.NetUtils;
-@APICommand(name = "createEgressFirewallRule", description = "Creates a egress firewall rule for a given network ", responseObject = FirewallResponse.class, entityType = { AclEntityType.FirewallRule })
+@APICommand(name = "createEgressFirewallRule", description = "Creates a egress firewall rule for a given network ", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule })
public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements FirewallRule {
public static final Logger s_logger = Logger.getLogger(CreateEgressFirewallRuleCmd.class.getName());
@@ -343,8 +343,8 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.FirewallRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.FirewallRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
index a5137a3..e2fd492 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -43,7 +43,7 @@ import com.cloud.network.rules.FirewallRule;
import com.cloud.user.Account;
import com.cloud.utils.net.NetUtils;
-@APICommand(name = "createFirewallRule", description = "Creates a firewall rule for a given ip address", responseObject = FirewallResponse.class, entityType = { AclEntityType.FirewallRule })
+@APICommand(name = "createFirewallRule", description = "Creates a firewall rule for a given ip address", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule })
public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements FirewallRule {
public static final Logger s_logger = Logger.getLogger(CreateFirewallRuleCmd.class.getName());
@@ -335,8 +335,8 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.FirewallRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.FirewallRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
index deb618e..a072d90 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -44,7 +44,7 @@ import com.cloud.network.rules.PortForwardingRule;
import com.cloud.user.Account;
import com.cloud.utils.net.Ip;
-@APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class, entityType = { AclEntityType.PortForwardingRule })
+@APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class, entityType = { IAMEntityType.PortForwardingRule })
public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule {
public static final Logger s_logger = Logger.getLogger(CreatePortForwardingRuleCmd.class.getName());
@@ -417,8 +417,8 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.FirewallRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.FirewallRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
index 82c33be..7048826 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteEgressFirewallRuleCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -39,7 +39,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.rules.FirewallRule;
-@APICommand(name = "deleteEgressFirewallRule", description = "Deletes an ggress firewall rule", responseObject = SuccessResponse.class, entityType = { AclEntityType.FirewallRule })
+@APICommand(name = "deleteEgressFirewallRule", description = "Deletes an ggress firewall rule", responseObject = SuccessResponse.class, entityType = { IAMEntityType.FirewallRule })
public class DeleteEgressFirewallRuleCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteEgressFirewallRuleCmd.class.getName());
private static final String s_name = "deleteegressfirewallruleresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
index 704c913..59612e9 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeleteFirewallRuleCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -38,7 +38,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.rules.FirewallRule;
-@APICommand(name = "deleteFirewallRule", description = "Deletes a firewall rule", responseObject = SuccessResponse.class, entityType = { AclEntityType.FirewallRule })
+@APICommand(name = "deleteFirewallRule", description = "Deletes a firewall rule", responseObject = SuccessResponse.class, entityType = { IAMEntityType.FirewallRule })
public class DeleteFirewallRuleCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteFirewallRuleCmd.class.getName());
private static final String s_name = "deletefirewallruleresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java
index eb88201..1457a32 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/DeletePortForwardingRuleCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.rules.PortForwardingRule;
-@APICommand(name = "deletePortForwardingRule", description = "Deletes a port forwarding rule", responseObject = SuccessResponse.class, entityType = { AclEntityType.PortForwardingRule })
+@APICommand(name = "deletePortForwardingRule", description = "Deletes a port forwarding rule", responseObject = SuccessResponse.class, entityType = { IAMEntityType.PortForwardingRule })
public class DeletePortForwardingRuleCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeletePortForwardingRuleCmd.class.getName());
private static final String s_name = "deleteportforwardingruleresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java
index 6b2a78c..8307a9e 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/ListEgressFirewallRulesCmd.java
@@ -22,7 +22,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.Parameter;
@@ -34,7 +34,7 @@ import org.apache.cloudstack.api.response.NetworkResponse;
import com.cloud.network.rules.FirewallRule;
import com.cloud.utils.Pair;
-@APICommand(name = "listEgressFirewallRules", description = "Lists all egress firewall rules for network id.", responseObject = FirewallResponse.class, entityType = { AclEntityType.FirewallRule })
+@APICommand(name = "listEgressFirewallRules", description = "Lists all egress firewall rules for network id.", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule })
public class ListEgressFirewallRulesCmd extends ListFirewallRulesCmd {
public static final Logger s_logger = Logger.getLogger(ListEgressFirewallRulesCmd.class.getName());
private static final String s_name = "listegressfirewallrulesresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java
index ec60b00..e1e83cd 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@ -35,7 +35,7 @@ import org.apache.cloudstack.api.response.NetworkResponse;
import com.cloud.network.rules.FirewallRule;
import com.cloud.utils.Pair;
-@APICommand(name = "listFirewallRules", description = "Lists all firewall rules for an IP address.", responseObject = FirewallResponse.class, entityType = { AclEntityType.FirewallRule })
+@APICommand(name = "listFirewallRules", description = "Lists all firewall rules for an IP address.", responseObject = FirewallResponse.class, entityType = { IAMEntityType.FirewallRule })
public class ListFirewallRulesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListFirewallRulesCmd.class.getName());
private static final String s_name = "listfirewallrulesresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java
index c0c1f3f..11f6592 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/ListPortForwardingRulesCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@ -34,7 +34,7 @@ import org.apache.cloudstack.api.response.NetworkResponse;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.utils.Pair;
-@APICommand(name = "listPortForwardingRules", description = "Lists all port forwarding rules for an IP address.", responseObject = FirewallRuleResponse.class, entityType = { AclEntityType.PortForwardingRule })
+@APICommand(name = "listPortForwardingRules", description = "Lists all port forwarding rules for an IP address.", responseObject = FirewallRuleResponse.class, entityType = { IAMEntityType.PortForwardingRule })
public class ListPortForwardingRulesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListPortForwardingRulesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
index 79d3ce6..fec9ba2 100644
--- a/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/firewall/UpdatePortForwardingRuleCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.firewall;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseAsyncCmd;
@@ -37,7 +37,7 @@ import com.cloud.user.Account;
@APICommand(name = "updatePortForwardingRule",
responseObject = FirewallRuleResponse.class,
- description = "Updates a port forwarding rule. Only the private port and the virtual machine can be updated.", entityType = {AclEntityType.PortForwardingRule})
+ description = "Updates a port forwarding rule. Only the private port and the virtual machine can be updated.", entityType = {IAMEntityType.PortForwardingRule})
public class UpdatePortForwardingRuleCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdatePortForwardingRuleCmd.class.getName());
private static final String s_name = "updateportforwardingruleresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java b/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
index 201bd38..b500c11 100644
--- a/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -319,8 +319,8 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.FirewallRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.FirewallRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
index b867507..db3d2cb 100644
--- a/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.network;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -44,7 +44,7 @@ import com.cloud.network.Network;
import com.cloud.network.Network.GuestType;
import com.cloud.offering.NetworkOffering;
-@APICommand(name = "createNetwork", description = "Creates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Network })
+@APICommand(name = "createNetwork", description = "Creates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Network })
public class CreateNetworkCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateNetworkCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
index 201bba6..4f6e9b6 100644
--- a/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.network;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.Network;
-@APICommand(name = "deleteNetwork", description = "Deletes a network", responseObject = SuccessResponse.class, entityType = { AclEntityType.Network })
+@APICommand(name = "deleteNetwork", description = "Deletes a network", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Network })
public class DeleteNetworkCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteNetworkOfferingCmd.class.getName());
private static final String s_name = "deletenetworkresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java
index e2490eb..c64031e 100644
--- a/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/ListNetworksCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
@@ -36,7 +36,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.network.Network;
import com.cloud.utils.Pair;
-@APICommand(name = "listNetworks", description = "Lists all available networks.", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Network })
+@APICommand(name = "listNetworks", description = "Lists all available networks.", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Network })
public class ListNetworksCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListNetworksCmd.class.getName());
private static final String Name = "listnetworksresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java
index 2573489..ce0df8c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.network;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -41,7 +41,7 @@ import com.cloud.network.Network;
@APICommand(name = "restartNetwork",
description = "Restarts the network; includes 1) restarting network elements - virtual routers, dhcp servers 2) reapplying all public ips 3) reapplying loadBalancing/portForwarding rules",
- responseObject = IPAddressResponse.class, entityType = { AclEntityType.Network })
+ responseObject = IPAddressResponse.class, entityType = { IAMEntityType.Network })
public class RestartNetworkCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RestartNetworkCmd.class.getName());
private static final String s_name = "restartnetworkresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java b/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
index 215a1da..2d7643c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.network;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -42,7 +42,7 @@ import com.cloud.offering.NetworkOffering;
import com.cloud.user.Account;
import com.cloud.user.User;
-@APICommand(name = "updateNetwork", description = "Updates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Network })
+@APICommand(name = "updateNetwork", description = "Updates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Network })
public class UpdateNetworkCmd extends BaseAsyncCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(UpdateNetworkCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
index 4272e27..0650362 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupEgressCmd.java
@@ -24,7 +24,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -45,7 +45,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.security.SecurityRule;
import com.cloud.utils.StringUtils;
-@APICommand(name = "authorizeSecurityGroupEgress", responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular egress rule for this security group", since = "3.0.0", entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "authorizeSecurityGroupEgress", responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular egress rule for this security group", since = "3.0.0", entityType = { IAMEntityType.SecurityGroup })
@SuppressWarnings("rawtypes")
public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
index 0653f60..13de69c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
@@ -24,7 +24,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -45,7 +45,7 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.security.SecurityRule;
import com.cloud.utils.StringUtils;
-@APICommand(name = "authorizeSecurityGroupIngress", responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular ingress rule for this security group", entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "authorizeSecurityGroupIngress", responseObject = SecurityGroupRuleResponse.class, description = "Authorizes a particular ingress rule for this security group", entityType = { IAMEntityType.SecurityGroup })
@SuppressWarnings("rawtypes")
public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
index 4fb2033..824db25 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.securitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.network.security.SecurityGroup;
import com.cloud.user.Account;
-@APICommand(name = "createSecurityGroup", responseObject = SecurityGroupResponse.class, description = "Creates a security group", entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "createSecurityGroup", responseObject = SecurityGroupResponse.class, description = "Creates a security group", entityType = { IAMEntityType.SecurityGroup })
public class CreateSecurityGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateSecurityGroupCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
index ca26a97..03634ad 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/DeleteSecurityGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.securitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceInUseException;
-@APICommand(name = "deleteSecurityGroup", description = "Deletes security group", responseObject = SuccessResponse.class, entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "deleteSecurityGroup", description = "Deletes security group", responseObject = SuccessResponse.class, entityType = { IAMEntityType.SecurityGroup })
public class DeleteSecurityGroupCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(DeleteSecurityGroupCmd.class.getName());
private static final String s_name = "deletesecuritygroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java
index bb66d7d..23a8ad0 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/ListSecurityGroupsCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.securitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -28,7 +28,7 @@ import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.SecurityGroupResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
-@APICommand(name = "listSecurityGroups", description = "Lists security groups", responseObject = SecurityGroupResponse.class, entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "listSecurityGroups", description = "Lists security groups", responseObject = SecurityGroupResponse.class, entityType = { IAMEntityType.SecurityGroup })
public class ListSecurityGroupsCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListSecurityGroupsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
index 8ce2881..0f74784 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.securitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.network.security.SecurityRule;
import com.cloud.user.Account;
-@APICommand(name = "revokeSecurityGroupEgress", responseObject = SuccessResponse.class, description = "Deletes a particular egress rule from this security group", since = "3.0.0", entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "revokeSecurityGroupEgress", responseObject = SuccessResponse.class, description = "Deletes a particular egress rule from this security group", since = "3.0.0", entityType = { IAMEntityType.SecurityGroup })
public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupEgressCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java
index 3342910..3a39ced 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupIngressCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.securitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.network.security.SecurityGroup;
import com.cloud.network.security.SecurityRule;
import com.cloud.user.Account;
-@APICommand(name = "revokeSecurityGroupIngress", responseObject = SuccessResponse.class, description = "Deletes a particular ingress rule from this security group", entityType = { AclEntityType.SecurityGroup })
+@APICommand(name = "revokeSecurityGroupIngress", responseObject = SuccessResponse.class, description = "Deletes a particular ingress rule from this security group", entityType = { IAMEntityType.SecurityGroup })
public class RevokeSecurityGroupIngressCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupIngressCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java
index 34dc175..9097586 100644
--- a/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/snapshot/CreateSnapshotCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.snapshot;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -42,7 +42,7 @@ import com.cloud.storage.Snapshot;
import com.cloud.storage.Volume;
import com.cloud.user.Account;
-@APICommand(name = "createSnapshot", description = "Creates an instant snapshot of a volume.", responseObject = SnapshotResponse.class, entityType = { AclEntityType.Snapshot })
+@APICommand(name = "createSnapshot", description = "Creates an instant snapshot of a volume.", responseObject = SnapshotResponse.class, entityType = { IAMEntityType.Snapshot })
public class CreateSnapshotCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateSnapshotCmd.class.getName());
private static final String s_name = "createsnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java
index 95037cc..3771300 100644
--- a/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/snapshot/DeleteSnapshotCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.snapshot;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.storage.Snapshot;
import com.cloud.user.Account;
-@APICommand(name = "deleteSnapshot", description = "Deletes a snapshot of a disk volume.", responseObject = SuccessResponse.class, entityType = { AclEntityType.Snapshot })
+@APICommand(name = "deleteSnapshot", description = "Deletes a snapshot of a disk volume.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Snapshot })
public class DeleteSnapshotCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteSnapshotCmd.class.getName());
private static final String s_name = "deletesnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java b/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java
index 887ebb3..b44e11f 100644
--- a/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -35,7 +35,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.storage.Snapshot;
import com.cloud.utils.Pair;
-@APICommand(name = "listSnapshots", description = "Lists all available snapshots for the account.", responseObject = SnapshotResponse.class, entityType = { AclEntityType.Snapshot })
+@APICommand(name = "listSnapshots", description = "Lists all available snapshots for the account.", responseObject = SnapshotResponse.class, entityType = { IAMEntityType.Snapshot })
public class ListSnapshotsCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListSnapshotsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java
index f156a75..0b91084 100644
--- a/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/snapshot/RevertSnapshotCmd.java
@@ -18,7 +18,7 @@
*/
package org.apache.cloudstack.api.command.user.snapshot;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.event.EventTypes;
import com.cloud.storage.Snapshot;
import com.cloud.user.Account;
-@APICommand(name = "revertSnapshot", description = "revert a volume snapshot.", responseObject = SnapshotResponse.class, entityType = { AclEntityType.Snapshot })
+@APICommand(name = "revertSnapshot", description = "revert a volume snapshot.", responseObject = SnapshotResponse.class, entityType = { IAMEntityType.Snapshot })
public class RevertSnapshotCmd extends BaseAsyncCmd {
private static final String s_name = "revertsnapshotresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java b/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
index 0038067..a56fe80 100644
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/CreateSSHKeyPairCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.ssh;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseCmd;
@@ -30,7 +30,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.user.SSHKeyPair;
-@APICommand(name = "createSSHKeyPair", description = "Create a new keypair and returns the private key", responseObject = CreateSSHKeyPairResponse.class, entityType = { AclEntityType.SSHKeyPair })
+@APICommand(name = "createSSHKeyPair", description = "Create a new keypair and returns the private key", responseObject = CreateSSHKeyPairResponse.class, entityType = { IAMEntityType.SSHKeyPair })
public class CreateSSHKeyPairCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateSSHKeyPairCmd.class.getName());
private static final String s_name = "createsshkeypairresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java b/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
index e764670..7e45ae5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.ssh;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseCmd;
@@ -30,7 +30,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.user.Account;
-@APICommand(name = "deleteSSHKeyPair", description = "Deletes a keypair by name", responseObject = SuccessResponse.class, entityType = { AclEntityType.SSHKeyPair })
+@APICommand(name = "deleteSSHKeyPair", description = "Deletes a keypair by name", responseObject = SuccessResponse.class, entityType = { IAMEntityType.SSHKeyPair })
public class DeleteSSHKeyPairCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(CreateSSHKeyPairCmd.class.getName());
private static final String s_name = "deletesshkeypairresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java b/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
index c7cc145..2551865 100644
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.response.SSHKeyPairResponse;
import com.cloud.user.SSHKeyPair;
import com.cloud.utils.Pair;
-@APICommand(name = "listSSHKeyPairs", description = "List registered keypairs", responseObject = SSHKeyPairResponse.class, entityType = { AclEntityType.SSHKeyPair })
+@APICommand(name = "listSSHKeyPairs", description = "List registered keypairs", responseObject = SSHKeyPairResponse.class, entityType = { IAMEntityType.SSHKeyPair })
public class ListSSHKeyPairsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListSSHKeyPairsCmd.class.getName());
private static final String s_name = "listsshkeypairsresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java b/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
index 7e96f11..07fc2f5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/RegisterSSHKeyPairCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.ssh;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseCmd;
@@ -30,7 +30,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.user.SSHKeyPair;
-@APICommand(name = "registerSSHKeyPair", description = "Register a public key in a keypair under a certain name", responseObject = SSHKeyPairResponse.class, entityType = { AclEntityType.SSHKeyPair })
+@APICommand(name = "registerSSHKeyPair", description = "Register a public key in a keypair under a certain name", responseObject = SSHKeyPairResponse.class, entityType = { IAMEntityType.SSHKeyPair })
public class RegisterSSHKeyPairCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(RegisterSSHKeyPairCmd.class.getName());
private static final String s_name = "registersshkeypairresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java b/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java
index eb096e5..4dc8ad1 100644
--- a/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/tag/CreateTagsCmd.java
@@ -25,7 +25,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -38,7 +38,7 @@ import com.cloud.event.EventTypes;
import com.cloud.server.ResourceTag;
import com.cloud.server.ResourceTag.ResourceObjectType;
-@APICommand(name = "createTags", description = "Creates resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0", entityType = { AclEntityType.ResourceTag })
+@APICommand(name = "createTags", description = "Creates resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0", entityType = { IAMEntityType.ResourceTag })
public class CreateTagsCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(CreateTagsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java b/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java
index 8c340cf..8aeea34 100644
--- a/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/tag/DeleteTagsCmd.java
@@ -25,7 +25,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -37,7 +37,7 @@ import org.apache.cloudstack.api.response.SuccessResponse;
import com.cloud.event.EventTypes;
import com.cloud.server.ResourceTag.ResourceObjectType;
-@APICommand(name = "deleteTags", description = "Deleting resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0", entityType = { AclEntityType.ResourceTag })
+@APICommand(name = "deleteTags", description = "Deleting resource tag(s)", responseObject = SuccessResponse.class, since = "4.0.0", entityType = { IAMEntityType.ResourceTag })
public class DeleteTagsCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteTagsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java b/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java
index 535d1f0..dc025d7 100644
--- a/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/tag/ListTagsCmd.java
@@ -17,7 +17,7 @@
package org.apache.cloudstack.api.command.user.tag;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -25,7 +25,7 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.ResourceTagResponse;
-@APICommand(name = "listTags", description = "List resource tag(s)", responseObject = ResourceTagResponse.class, since = "4.0.0", entityType = { AclEntityType.ResourceTag })
+@APICommand(name = "listTags", description = "List resource tag(s)", responseObject = ResourceTagResponse.class, since = "4.0.0", entityType = { IAMEntityType.ResourceTag })
public class ListTagsCmd extends BaseListProjectAndAccountResourcesCmd {
private static final String s_name = "listtagsresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java b/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
index 88a640e..9ef1e10 100644
--- a/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.template;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.template.VirtualMachineTemplate.TemplateFilter;
import com.cloud.user.Account;
-@APICommand(name = "listTemplates", description = "List all public, private, and privileged templates.", responseObject = TemplateResponse.class, entityType = {AclEntityType.VirtualMachineTemplate}, responseView = ResponseView.Restricted)
+@APICommand(name = "listTemplates", description = "List all public, private, and privileged templates.", responseObject = TemplateResponse.class, entityType = {IAMEntityType.VirtualMachineTemplate}, responseView = ResponseView.Restricted)
public class ListTemplatesCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListTemplatesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java b/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
index 6b5c835..b2aee46 100644
--- a/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.template;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.BaseUpdateTemplateOrIsoPermissionsCmd;
import org.apache.cloudstack.api.response.SuccessResponse;
@@ -28,7 +28,7 @@ import com.cloud.user.Account;
@APICommand(name = "updateTemplatePermissions", responseObject = SuccessResponse.class, description = "Updates a template visibility permissions. "
+ "A public template is visible to all accounts within the same domain. " + "A private template is visible only to the owner of the template. "
- + "A priviledged template is a private template with account permissions added. " + "Only accounts specified under the template permissions are visible to them.", entityType = {AclEntityType.VirtualMachineTemplate})
+ + "A priviledged template is a private template with account permissions added. " + "Only accounts specified under the template permissions are visible to them.", entityType = {IAMEntityType.VirtualMachineTemplate})
public class UpdateTemplatePermissionsCmd extends BaseUpdateTemplateOrIsoPermissionsCmd {
@Override
protected String getResponseName() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java
index 5185aa5..7857594 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/AddNicToVMCmd.java
@@ -21,7 +21,7 @@ import java.util.EnumSet;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "addNicToVirtualMachine", description = "Adds VM to specified network by creating a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "addNicToVirtualMachine", description = "Adds VM to specified network by creating a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class AddNicToVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AddNicToVMCmd.class);
private static final String s_name = "addnictovirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
index e89f27d..4be416a 100755
--- a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
@@ -26,7 +26,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.ACL;
@@ -68,7 +68,7 @@ import com.cloud.template.VirtualMachineTemplate;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "deployVirtualMachine", description = "Creates and automatically starts a virtual machine based on a service offering, disk offering, and template.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "deployVirtualMachine", description = "Creates and automatically starts a virtual machine based on a service offering, disk offering, and template.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class DeployVMCmd extends BaseAsyncCreateCustomIdCmd {
public static final Logger s_logger = Logger.getLogger(DeployVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
index f54b223..c34e427 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/DestroyVMCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "destroyVirtualMachine", description = "Destroys a virtual machine. Once destroyed, only the administrator can recover it.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "destroyVirtualMachine", description = "Destroys a virtual machine. Once destroyed, only the administrator can recover it.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class DestroyVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DestroyVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java
index 13570fd..50fa761 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/GetVMPasswordCmd.java
@@ -20,7 +20,7 @@ import java.security.InvalidParameterException;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.api.response.UserVmResponse;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "getVMPassword", responseObject = GetVMPasswordResponse.class, description = "Returns an encrypted password for the VM", entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "getVMPassword", responseObject = GetVMPasswordResponse.class, description = "Returns an encrypted password for the VM", entityType = { IAMEntityType.VirtualMachine })
public class GetVMPasswordCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(GetVMPasswordCmd.class.getName());
private static final String s_name = "getvmpasswordresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
index 3e2f43f..e6111fb 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
@@ -22,7 +22,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -46,7 +46,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.exception.InvalidParameterValueException;
-@APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class ListVMsCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVMsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
index 6771448..9904415 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RebootVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -38,7 +38,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "rebootVirtualMachine", description = "Reboots a virtual machine.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "rebootVirtualMachine", description = "Reboots a virtual machine.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class RebootVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RebootVMCmd.class.getName());
private static final String s_name = "rebootvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java
index e04f8da..904f266 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RemoveNicFromVMCmd.java
@@ -21,7 +21,7 @@ import java.util.EnumSet;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "removeNicFromVirtualMachine", description = "Removes VM from specified network by deleting a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "removeNicFromVirtualMachine", description = "Removes VM from specified network by deleting a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class RemoveNicFromVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveNicFromVMCmd.class);
private static final String s_name = "removenicfromvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
index 3a1b5db..a6f132a 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMPasswordCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.uservm.UserVm;
@APICommand(name = "resetPasswordForVirtualMachine", responseObject=UserVmResponse.class, description="Resets the password for virtual machine. " +
"The virtual machine must be in a \"Stopped\" state and the template must already " +
- "support this feature for this command to take effect. [async]", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+ "support this feature for this command to take effect. [async]", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class ResetVMPasswordCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ResetVMPasswordCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
index 20bd6b7..bdbd553 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ResetVMSSHKeyCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -42,7 +42,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
@APICommand(name = "resetSSHKeyForVirtualMachine", responseObject = UserVmResponse.class, description = "Resets the SSH Key for virtual machine. " +
- "The virtual machine must be in a \"Stopped\" state. [async]", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+ "The virtual machine must be in a \"Stopped\" state. [async]", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class ResetVMSSHKeyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ResetVMSSHKeyCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
index 1102c26..7844028 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RestoreVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "restoreVirtualMachine", description = "Restore a VM to original template/ISO or new template/ISO", responseObject = UserVmResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "restoreVirtualMachine", description = "Restore a VM to original template/ISO or new template/ISO", responseObject = UserVmResponse.class, since = "3.0.0", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class RestoreVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RestoreVMCmd.class);
private static final String s_name = "restorevmresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
index b3159ff..acc4578 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
@@ -24,7 +24,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -48,7 +48,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class ScaleVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ScaleVMCmd.class.getName());
private static final String s_name = "scalevirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
index 8fac9e1..8237c0f 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -44,7 +44,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
import com.cloud.utils.exception.ExecutionException;
-@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class StartVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StartVMCmd.class.getName());
[26/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
List VM marvin test fix.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/91882e26
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/91882e26
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/91882e26
Branch: refs/heads/master
Commit: 91882e26bffc15a2f6ea630492acd4c8f5e58dd4
Parents: 61b4785
Author: Min Chen <mi...@citrix.com>
Authored: Mon Mar 3 17:25:22 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Mon Mar 3 17:26:16 2014 -0800
----------------------------------------------------------------------
test/integration/smoke/test_vm_iam.py | 46 +++++++++++++-----------
tools/marvin/marvin/integration/lib/base.py | 2 +-
2 files changed, 26 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/91882e26/test/integration/smoke/test_vm_iam.py
----------------------------------------------------------------------
diff --git a/test/integration/smoke/test_vm_iam.py b/test/integration/smoke/test_vm_iam.py
index 89e1c1c..11dffe2 100644
--- a/test/integration/smoke/test_vm_iam.py
+++ b/test/integration/smoke/test_vm_iam.py
@@ -106,7 +106,7 @@ class TestVMIam(cloudstackTestCase):
self.apiclient = super(TestVMIam, self).getClsTestClient().getApiClient()
self.services = Services().services
- # backup default apikey and secretkey
+ # backup default apikey and secretkey
self.default_apikey = self.apiclient.connection.apiKey
self.default_secretkey = self.apiclient.connection.securityKey
@@ -236,6 +236,10 @@ class TestVMIam(cloudstackTestCase):
self.services["vm_readonly_iam_policy"]
)
+ self.srv_desk_grp.attachPolicy(
+ self.apiclient, [self.vm_read_policy]
+ )
+
vm_grant_policy_params = {}
vm_grant_policy_params['name'] = "policyGrantVirtualMachine" + self.virtual_machine_1A.id
vm_grant_policy_params['description'] = "Policy to grant permission to VirtualMachine " + self.virtual_machine_1A.id
@@ -255,7 +259,7 @@ class TestVMIam(cloudstackTestCase):
self.srv_desk_grp,
self.vm_grant_policy
]
-
+
@classmethod
def tearDownClass(self):
self.apiclient = super(TestVMIAM, self).getClsTestClient().getApiClient()
@@ -275,6 +279,7 @@ class TestVMIam(cloudstackTestCase):
return
+
@attr(tags = ["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"])
def test_01_list_own_vm(self):
# listVM command should return owne's VM
@@ -291,9 +296,9 @@ class TestVMIam(cloudstackTestCase):
True,
"Check list response returns a valid list"
)
- self.assertNotEqual(
+ self.assertEqual(
len(list_vm_response),
- 0,
+ 1,
"Check VM available in List Virtual Machines"
)
@@ -314,9 +319,9 @@ class TestVMIam(cloudstackTestCase):
True,
"Check list response returns a valid list"
)
- self.assertNotEqual(
+ self.assertEqual(
len(list_vm_response),
- 0,
+ 1,
"Check VM available in List Virtual Machines"
)
@@ -338,9 +343,9 @@ class TestVMIam(cloudstackTestCase):
True,
"Check list response returns a valid list"
)
- self.assertNotEqual(
+ self.assertEqual(
len(list_vm_response),
- 0,
+ 1,
"Check VM available in List Virtual Machines"
)
@@ -351,7 +356,6 @@ class TestVMIam(cloudstackTestCase):
)
return
-
@attr(tags = ["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"])
def test_02_grant_domain_vm(self):
@@ -381,7 +385,7 @@ class TestVMIam(cloudstackTestCase):
True,
"Check list response returns a valid list"
)
- self.assertNotEqual(
+ self.assertEqual(
len(list_vm_response),
2,
"Check VM available in List Virtual Machines"
@@ -429,7 +433,7 @@ class TestVMIam(cloudstackTestCase):
True,
"Check list response returns a valid list"
)
- self.assertNotEqual(
+ self.assertEqual(
len(list_vm_response),
3,
"Check VM available in List Virtual Machines"
@@ -482,7 +486,7 @@ class TestVMIam(cloudstackTestCase):
True,
"Check list response returns a valid list"
)
- self.assertNotEqual(
+ self.assertEqual(
len(list_vm_response),
2,
"Check VM available in List Virtual Machines"
@@ -525,7 +529,7 @@ class TestVMIam(cloudstackTestCase):
True,
"Check list response returns a valid list"
)
- self.assertNotEqual(
+ self.assertEqual(
len(list_vm_response),
1,
"Check VM available in List Virtual Machines"
@@ -533,7 +537,7 @@ class TestVMIam(cloudstackTestCase):
self.assertEqual(
list_vm_response[0].name,
- self.virtual_machine_2A.name,
+ self.virtual_machine_1B.name,
"Virtual Machine names do not match"
)
@@ -566,7 +570,7 @@ class TestVMIam(cloudstackTestCase):
True,
"Check list response returns a valid list"
)
- self.assertNotEqual(
+ self.assertEqual(
len(list_vm_response),
2,
"Check VM available in List Virtual Machines"
@@ -613,7 +617,7 @@ class TestVMIam(cloudstackTestCase):
True,
"Check list response returns a valid list"
)
- self.assertNotEqual(
+ self.assertEqual(
len(list_vm_response),
1,
"Check VM available in List Virtual Machines"
@@ -621,7 +625,7 @@ class TestVMIam(cloudstackTestCase):
self.assertEqual(
list_vm_response[0].name,
- self.virtual_machine_2A.name,
+ self.virtual_machine_1B.name,
"Virtual Machine names do not match"
)
@@ -656,7 +660,7 @@ class TestVMIam(cloudstackTestCase):
True,
"Check list response returns a valid list"
)
- self.assertNotEqual(
+ self.assertEqual(
len(list_vm_response),
2,
"Check VM available in List Virtual Machines"
@@ -683,7 +687,7 @@ class TestVMIam(cloudstackTestCase):
# 1. Revoking a particular vm access from account_1B by detaching policy from account
# 2. listVM command should return account_1B VMs.
- self.debug("Revoking VM %s read only access from account: %s by attaching policy to account" % (self.virtual_machine_1A.name, self.account_1B.name))
+ self.debug("Revoking VM %s read only access from account: %s by detaching policy from account" % (self.virtual_machine_1A.name, self.account_1B.name))
self.vm_grant_policy.detachAccount(self.apiclient, [self.account_1B])
@@ -698,7 +702,7 @@ class TestVMIam(cloudstackTestCase):
True,
"Check list response returns a valid list"
)
- self.assertNotEqual(
+ self.assertEqual(
len(list_vm_response),
1,
"Check VM available in List Virtual Machines"
@@ -706,7 +710,7 @@ class TestVMIam(cloudstackTestCase):
self.assertEqual(
list_vm_response[0].name,
- self.virtual_machine_2A.name,
+ self.virtual_machine_1B.name,
"Virtual Machine names do not match"
)
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/91882e26/tools/marvin/marvin/integration/lib/base.py
----------------------------------------------------------------------
diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py
index 15f59ca..d281f7b 100755
--- a/tools/marvin/marvin/integration/lib/base.py
+++ b/tools/marvin/marvin/integration/lib/base.py
@@ -3733,7 +3733,7 @@ class IAMPolicy:
cmd.entitytype = permission['entitytype']
cmd.scope = permission['scope']
cmd.scopeid = permission['scopeid']
- apiclient.addIAMPermissionToIAMPolicy(cmd)
+ apiclient.removeIAMPermissionFromIAMPolicy(cmd)
return
def attachAccount(self, apiclient, accts):
[37/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Fix unapproved licens issue.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/748c090b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/748c090b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/748c090b
Branch: refs/heads/master
Commit: 748c090b2988bc4c4f8b2f647c31ac1d655cc784
Parents: 48e08fe
Author: Min Chen <mi...@citrix.com>
Authored: Wed Mar 5 14:28:06 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Mon Mar 10 11:27:10 2014 -0700
----------------------------------------------------------------------
.../org/apache/cloudstack/acl/IAMEntityType.java | 16 ++++++++++++++++
.../org/apache/cloudstack/acl/PermissionScope.java | 16 ++++++++++++++++
.../cloudstack/iam/test/IAMApiServiceTest.java | 16 ++++++++++++++++
.../iam/server/dao/IAMAccountPolicyMapDao.java | 16 ++++++++++++++++
.../iam/server/dao/IAMAccountPolicyMapDaoImpl.java | 16 ++++++++++++++++
.../iam/server/dao/IAMGroupPolicyMapDao.java | 17 +++++++++++++++++
.../iam/server/dao/IAMGroupPolicyMapDaoImpl.java | 16 ++++++++++++++++
7 files changed, 113 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/748c090b/api/src/org/apache/cloudstack/acl/IAMEntityType.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/IAMEntityType.java b/api/src/org/apache/cloudstack/acl/IAMEntityType.java
index 9299ae9..c1703ea 100644
--- a/api/src/org/apache/cloudstack/acl/IAMEntityType.java
+++ b/api/src/org/apache/cloudstack/acl/IAMEntityType.java
@@ -1,3 +1,19 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
package org.apache.cloudstack.acl;
public enum IAMEntityType {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/748c090b/api/src/org/apache/cloudstack/acl/PermissionScope.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/PermissionScope.java b/api/src/org/apache/cloudstack/acl/PermissionScope.java
index 03dbc10..6647440 100644
--- a/api/src/org/apache/cloudstack/acl/PermissionScope.java
+++ b/api/src/org/apache/cloudstack/acl/PermissionScope.java
@@ -1,3 +1,19 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
package org.apache.cloudstack.acl;
public enum PermissionScope {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/748c090b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
index dc5c168..b825ab2 100644
--- a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
+++ b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
@@ -1,3 +1,19 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
package org.apache.cloudstack.iam.test;
import static org.junit.Assert.assertEquals;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/748c090b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java
index 4caf659..0162589 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDao.java
@@ -1,3 +1,19 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
package org.apache.cloudstack.iam.server.dao;
import java.util.List;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/748c090b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
index 3ecca3b..d74e86f 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
@@ -1,3 +1,19 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
package org.apache.cloudstack.iam.server.dao;
import java.util.List;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/748c090b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java
index 6a2df89..3f5f232 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java
@@ -1,8 +1,25 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
package org.apache.cloudstack.iam.server.dao;
import java.util.List;
import org.apache.cloudstack.iam.server.IAMGroupPolicyMapVO;
+
import com.cloud.utils.db.GenericDao;
public interface IAMGroupPolicyMapDao extends GenericDao<IAMGroupPolicyMapVO, Long> {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/748c090b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java
index 95b6bac..ac42f04 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java
@@ -1,3 +1,19 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
package org.apache.cloudstack.iam.server.dao;
import java.util.List;
[32/50] [abbrv] Merge branch 'master' into rbac.
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java
index e28e4ab,96adf5f..d405c17
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnConnectionCmd.java
@@@ -16,9 -16,7 +16,10 @@@
// under the License.
package org.apache.cloudstack.api.command.user.vpn;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@@ -37,7 -36,8 +38,9 @@@ import com.cloud.network.Site2SiteVpnCo
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.network.vpc.Vpc;
- @APICommand(name = "createVpnConnection", description = "Create site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection })
-@APICommand(name = "createVpnConnection", description = "Create site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class,
++
++@APICommand(name = "createVpnConnection", description = "Create site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateVpnConnectionCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateVpnConnectionCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
index 3cc6e17,1894835..b8de6e0
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnCustomerGatewayCmd.java
@@@ -32,7 -31,8 +32,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteCustomerGateway;
- @APICommand(name = "createVpnCustomerGateway", description = "Creates site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { IAMEntityType.Site2SiteCustomerGateway })
-@APICommand(name = "createVpnCustomerGateway", description = "Creates site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class,
++@APICommand(name = "createVpnCustomerGateway", description = "Creates site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = {IAMEntityType.Site2SiteCustomerGateway},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(CreateVpnCustomerGatewayCmd.class.getName());
@@@ -166,7 -166,7 +167,7 @@@
if (result != null) {
Site2SiteCustomerGatewayResponse response = _responseGenerator.createSite2SiteCustomerGatewayResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create customer VPN gateway");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java
index 19be21b,03fa9c4..12abfb6
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/CreateVpnGatewayCmd.java
@@@ -16,9 -16,7 +16,10 @@@
// under the License.
package org.apache.cloudstack.api.command.user.vpn;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@@ -32,7 -31,8 +33,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.network.vpc.Vpc;
- @APICommand(name = "createVpnGateway", description = "Creates site to site vpn local gateway", responseObject = Site2SiteVpnGatewayResponse.class, entityType = { IAMEntityType.Site2SiteVpnGateway })
-@APICommand(name = "createVpnGateway", description = "Creates site to site vpn local gateway", responseObject = Site2SiteVpnGatewayResponse.class,
++@APICommand(name = "createVpnGateway", description = "Creates site to site vpn local gateway", responseObject = Site2SiteVpnGatewayResponse.class, entityType = { IAMEntityType.Site2SiteVpnGateway },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class CreateVpnGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(CreateVpnGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java
index d3eacf5,c9464e0..7d0c5aa
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteRemoteAccessVpnCmd.java
@@@ -33,7 -32,8 +33,8 @@@ import com.cloud.exception.InvalidParam
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.RemoteAccessVpn;
- @APICommand(name = "deleteRemoteAccessVpn", description = "Destroys a l2tp/ipsec remote access vpn", responseObject = SuccessResponse.class, entityType = { IAMEntityType.RemoteAccessVpn })
-@APICommand(name = "deleteRemoteAccessVpn", description = "Destroys a l2tp/ipsec remote access vpn", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteRemoteAccessVpn", description = "Destroys a l2tp/ipsec remote access vpn", responseObject = SuccessResponse.class, entityType = {IAMEntityType.RemoteAccessVpn},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteRemoteAccessVpnCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java
index 6fe8820,7014ed7..6034bcb
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnConnectionCmd.java
@@@ -33,7 -32,8 +33,8 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.user.Account;
- @APICommand(name = "deleteVpnConnection", description = "Delete site to site vpn connection", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection })
-@APICommand(name = "deleteVpnConnection", description = "Delete site to site vpn connection", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteVpnConnection", description = "Delete site to site vpn connection", responseObject = SuccessResponse.class, entityType = {IAMEntityType.Site2SiteVpnConnection},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteVpnConnectionCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVpnConnectionCmd.class.getName());
@@@ -87,7 -87,7 +88,7 @@@
boolean result = _s2sVpnService.deleteVpnConnection(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete site to site VPN connection");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java
index e24f231,4ba5b43..3faf5fd
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java
@@@ -34,7 -31,8 +34,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.Site2SiteCustomerGateway;
import com.cloud.user.Account;
- @APICommand(name = "deleteVpnCustomerGateway", description = "Delete site to site vpn customer gateway", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Site2SiteCustomerGateway })
-@APICommand(name = "deleteVpnCustomerGateway", description = "Delete site to site vpn customer gateway", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteVpnCustomerGateway", description = "Delete site to site vpn customer gateway", responseObject = SuccessResponse.class, entityType = {IAMEntityType.Site2SiteCustomerGateway},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVpnCustomerGatewayCmd.class.getName());
@@@ -92,7 -89,7 +93,7 @@@
boolean result = _s2sVpnService.deleteCustomerGateway(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete customer VPN gateway");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java
index 6f28037,41b78d9..66fd55b
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnGatewayCmd.java
@@@ -32,7 -31,8 +32,8 @@@ import com.cloud.event.EventTypes
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.user.Account;
- @APICommand(name = "deleteVpnGateway", description = "Delete site to site vpn gateway", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Site2SiteVpnGateway })
-@APICommand(name = "deleteVpnGateway", description = "Delete site to site vpn gateway", responseObject = SuccessResponse.class,
++@APICommand(name = "deleteVpnGateway", description = "Delete site to site vpn gateway", responseObject = SuccessResponse.class, entityType = {IAMEntityType.Site2SiteVpnGateway},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class DeleteVpnGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteVpnGatewayCmd.class.getName());
@@@ -86,7 -86,7 +87,7 @@@
result = _s2sVpnService.deleteVpnGateway(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete customer VPN gateway");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java
index fde143c,bcf00d9..61a3a29
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListRemoteAccessVpnsCmd.java
@@@ -19,9 -19,7 +19,10 @@@ package org.apache.cloudstack.api.comma
import java.util.ArrayList;
import java.util.List;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@@ -34,7 -33,8 +35,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.RemoteAccessVpn;
import com.cloud.utils.Pair;
- @APICommand(name = "listRemoteAccessVpns", description = "Lists remote access vpns", responseObject = RemoteAccessVpnResponse.class, entityType = { IAMEntityType.RemoteAccessVpn })
-@APICommand(name = "listRemoteAccessVpns", description = "Lists remote access vpns", responseObject = RemoteAccessVpnResponse.class,
++@APICommand(name = "listRemoteAccessVpns", description = "Lists remote access vpns", responseObject = RemoteAccessVpnResponse.class, entityType = { IAMEntityType.RemoteAccessVpn },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListRemoteAccessVpnsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListRemoteAccessVpnsCmd.class.getName());
@@@ -97,6 -108,6 +110,6 @@@
}
response.setResponses(vpnResponses, vpns.second());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java
index ed93741,1da2166..f8e81c2
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnConnectionsCmd.java
@@@ -19,9 -19,7 +19,10 @@@ package org.apache.cloudstack.api.comma
import java.util.ArrayList;
import java.util.List;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@@ -33,7 -32,8 +34,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.utils.Pair;
- @APICommand(name = "listVpnConnections", description = "Lists site to site vpn connection gateways", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection })
-@APICommand(name = "listVpnConnections", description = "Lists site to site vpn connection gateways", responseObject = Site2SiteVpnConnectionResponse.class,
++@APICommand(name = "listVpnConnections", description = "Lists site to site vpn connection gateways", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListVpnConnectionsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVpnConnectionsCmd.class.getName());
@@@ -85,6 -96,6 +98,6 @@@
response.setResponses(connResponses, conns.second());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java
index 2304964,e5bc1dc..fed96a7
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnCustomerGatewaysCmd.java
@@@ -32,7 -31,8 +32,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.Site2SiteCustomerGateway;
import com.cloud.utils.Pair;
- @APICommand(name = "listVpnCustomerGateways", description = "Lists site to site vpn customer gateways", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { IAMEntityType.Site2SiteCustomerGateway })
-@APICommand(name = "listVpnCustomerGateways", description = "Lists site to site vpn customer gateways", responseObject = Site2SiteCustomerGatewayResponse.class,
++@APICommand(name = "listVpnCustomerGateways", description = "Lists site to site vpn customer gateways", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = {IAMEntityType.Site2SiteCustomerGateway},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListVpnCustomerGatewaysCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVpnCustomerGatewaysCmd.class.getName());
@@@ -78,6 -78,6 +79,6 @@@
response.setResponses(gwResponses, gws.second());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java
index 7f8a33f,359360b..1770225
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnGatewaysCmd.java
@@@ -19,9 -19,7 +19,10 @@@ package org.apache.cloudstack.api.comma
import java.util.ArrayList;
import java.util.List;
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@@ -33,7 -32,8 +34,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.utils.Pair;
- @APICommand(name = "listVpnGateways", description = "Lists site 2 site vpn gateways", responseObject = Site2SiteVpnGatewayResponse.class, entityType = { IAMEntityType.Site2SiteVpnGateway })
-@APICommand(name = "listVpnGateways", description = "Lists site 2 site vpn gateways", responseObject = Site2SiteVpnGatewayResponse.class,
++@APICommand(name = "listVpnGateways", description = "Lists site 2 site vpn gateways", responseObject = Site2SiteVpnGatewayResponse.class, entityType = { IAMEntityType.Site2SiteVpnGateway },
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListVpnGatewaysCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVpnGatewaysCmd.class.getName());
@@@ -86,6 -97,6 +99,6 @@@
response.setResponses(gwResponses, gws.second());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java
index 6efdaa1,16b7ced..1d8ea85
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ListVpnUsersCmd.java
@@@ -32,7 -31,8 +32,8 @@@ import org.apache.cloudstack.api.respon
import com.cloud.network.VpnUser;
import com.cloud.utils.Pair;
- @APICommand(name = "listVpnUsers", description = "Lists vpn users", responseObject = VpnUsersResponse.class, entityType = { IAMEntityType.VpnUser })
-@APICommand(name = "listVpnUsers", description = "Lists vpn users", responseObject = VpnUsersResponse.class,
++@APICommand(name = "listVpnUsers", description = "Lists vpn users", responseObject = VpnUsersResponse.class, entityType = {IAMEntityType.VpnUser},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ListVpnUsersCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVpnUsersCmd.class.getName());
@@@ -80,6 -80,6 +81,6 @@@
response.setResponses(vpnResponses, vpnUsers.second());
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
index d39c1a4,d49a208..ed39c90
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
@@@ -33,7 -32,8 +33,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.event.EventTypes;
import com.cloud.user.Account;
- @APICommand(name = "removeVpnUser", description = "Removes vpn user", responseObject = SuccessResponse.class, entityType = { IAMEntityType.VpnUser })
-@APICommand(name = "removeVpnUser", description = "Removes vpn user", responseObject = SuccessResponse.class,
++@APICommand(name = "removeVpnUser", description = "Removes vpn user", responseObject = SuccessResponse.class, entityType = {IAMEntityType.VpnUser},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class RemoveVpnUserCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveVpnUserCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
index 025cc86,8c3f1d6..dcd60a4
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/ResetVpnConnectionCmd.java
@@@ -34,7 -33,8 +34,8 @@@ import com.cloud.exception.ResourceUnav
import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.user.Account;
- @APICommand(name = "resetVpnConnection", description = "Reset site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class, entityType = { IAMEntityType.Site2SiteVpnConnection })
-@APICommand(name = "resetVpnConnection", description = "Reset site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class,
++@APICommand(name = "resetVpnConnection", description = "Reset site to site vpn connection", responseObject = Site2SiteVpnConnectionResponse.class, entityType = {IAMEntityType.Site2SiteVpnConnection},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class ResetVpnConnectionCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ResetVpnConnectionCmd.class.getName());
@@@ -106,7 -106,7 +107,7 @@@
if (result != null) {
Site2SiteVpnConnectionResponse response = _responseGenerator.createSite2SiteVpnConnectionResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to reset site to site VPN connection");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
index f88fa30,e0cafed..8425964
--- a/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vpn/UpdateVpnCustomerGatewayCmd.java
@@@ -32,7 -31,8 +32,8 @@@ import org.apache.cloudstack.context.Ca
import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteCustomerGateway;
- @APICommand(name = "updateVpnCustomerGateway", description = "Update site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = { IAMEntityType.Site2SiteCustomerGateway })
-@APICommand(name = "updateVpnCustomerGateway", description = "Update site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class,
++@APICommand(name = "updateVpnCustomerGateway", description = "Update site to site vpn customer gateway", responseObject = Site2SiteCustomerGatewayResponse.class, entityType = {IAMEntityType.Site2SiteCustomerGateway},
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVpnCustomerGatewayCmd.class.getName());
@@@ -169,7 -169,7 +170,7 @@@
if (result != null) {
Site2SiteCustomerGatewayResponse response = _responseGenerator.createSite2SiteCustomerGatewayResponse(result);
response.setResponseName(getCommandName());
-- this.setResponseObject(response);
++ setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update customer VPN gateway");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/api/src/org/apache/cloudstack/api/command/user/zone/ListZonesCmd.java
----------------------------------------------------------------------
diff --cc api/src/org/apache/cloudstack/api/command/user/zone/ListZonesCmd.java
index 1b2969d,0000000..34a5440
mode 100644,000000..100644
--- a/api/src/org/apache/cloudstack/api/command/user/zone/ListZonesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/zone/ListZonesCmd.java
@@@ -1,132 -1,0 +1,134 @@@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.zone;
+
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject.ResponseView;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.ZoneResponse;
+
+import com.cloud.exception.InvalidParameterValueException;
+
- @APICommand(name = "listZones", description = "Lists zones", responseObject = ZoneResponse.class, responseView = ResponseView.Restricted)
++@APICommand(name = "listZones", description = "Lists zones", responseObject = ZoneResponse.class, responseView = ResponseView.Restricted,
++ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class ListZonesCmd extends BaseListCmd {
+ public static final Logger s_logger = Logger.getLogger(ListZonesCmd.class.getName());
++
+ private static final String s_name = "listzonesresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = ZoneResponse.class, description = "the ID of the zone")
+ private Long id;
+
+ @Parameter(name = ApiConstants.AVAILABLE,
+ type = CommandType.BOOLEAN,
+ description = "true if you want to retrieve all available Zones. False if you only want to return the Zones"
+ + " from which you have at least one VM. Default is false.")
+ private Boolean available;
+
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, entityType = DomainResponse.class, description = "the ID of the domain associated with the zone")
+ private Long domainId;
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "the name of the zone")
+ private String name;
+
+ @Parameter(name = ApiConstants.NETWORK_TYPE, type = CommandType.STRING, description = "the network type of the zone that the virtual machine belongs to")
+ private String networkType;
+
+ @Parameter(name = ApiConstants.SHOW_CAPACITIES, type = CommandType.BOOLEAN, description = "flag to display the capacity of the zones")
+ private Boolean showCapacities;
+
+ @Parameter(name = ApiConstants.TAGS, type = CommandType.MAP, description = "List zones by resource tags (key/value pairs)", since = "4.3")
+ private Map tags;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ public Boolean isAvailable() {
+ return available;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getNetworkType() {
+ return networkType;
+ }
+
+ public Boolean getShowCapacities() {
+ return showCapacities;
+ }
+
+ public Map<String, String> getTags() {
+ Map<String, String> tagsMap = null;
+ if (tags != null && !tags.isEmpty()) {
+ tagsMap = new HashMap<String, String>();
+ Collection<?> servicesCollection = tags.values();
+ Iterator<?> iter = servicesCollection.iterator();
+ while (iter.hasNext()) {
+ HashMap<String, String> services = (HashMap<String, String>)iter.next();
+ String key = services.get("key");
+ String value = services.get("value");
+ if (value == null) {
+ throw new InvalidParameterValueException("No value is passed in for key " + key);
+ }
+ tagsMap.put(key, value);
+ }
+ }
+ return tagsMap;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public void execute() {
+
+ ListResponse<ZoneResponse> response = _queryService.listDataCenters(this);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/client/pom.xml
----------------------------------------------------------------------
diff --cc client/pom.xml
index cf2dab3,af724b1..eadd6e9
--- a/client/pom.xml
+++ b/client/pom.xml
@@@ -220,23 -220,8 +220,18 @@@
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloud-mom-inmemory</artifactId>
<version>${project.version}</version>
- </dependency>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloud-plugin-iam</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloud-iam</artifactId>
+ <version>${project.version}</version>
+ </dependency>
<dependency>
- <groupId>mysql</groupId>
- <artifactId>mysql-connector-java</artifactId>
- <scope>runtime</scope>
- </dependency>
- <dependency>
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloud-framework-ipc</artifactId>
<version>${project.version}</version>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/components-api/src/com/cloud/network/addr/PublicIp.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
----------------------------------------------------------------------
diff --cc engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
index 0005983,7853c3b..6e55bd2
--- a/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
+++ b/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
@@@ -706,60 -692,75 +706,75 @@@ public class NetworkOrchestrator extend
@Override
public void doInTransactionWithoutResult(TransactionStatus status) throws InsufficientCapacityException {
int deviceId = 0;
+ int size = 0;
+ for (Network ntwk : networks.keySet()) {
+ List<? extends NicProfile> profiles = networks.get(ntwk);
+ if (profiles != null && !profiles.isEmpty()) {
+ size = size + profiles.size();
+ } else {
+ size = size + 1;
+ }
+ }
- boolean[] deviceIds = new boolean[networks.size()];
+ boolean[] deviceIds = new boolean[size];
Arrays.fill(deviceIds, false);
- List<NicProfile> nics = new ArrayList<NicProfile>(networks.size());
+ List<NicProfile> nics = new ArrayList<NicProfile>(size);
NicProfile defaultNic = null;
- for (Map.Entry<? extends Network, ? extends NicProfile> network : networks.entrySet()) {
+ for (Map.Entry<? extends Network, List<? extends NicProfile>> network : networks.entrySet()) {
Network config = network.getKey();
- NicProfile requested = network.getValue();
+ List<? extends NicProfile> requestedProfiles = network.getValue();
+ if (requestedProfiles == null) {
+ requestedProfiles = new ArrayList<NicProfile>();
+ }
+ if (requestedProfiles.isEmpty()) {
+ requestedProfiles.add(null);
+ }
+ for (NicProfile requested : requestedProfiles) {
- Boolean isDefaultNic = false;
- if (vm != null && (requested != null && requested.isDefaultNic())) {
- isDefaultNic = true;
- }
+ Boolean isDefaultNic = false;
+ if (vm != null && (requested != null && requested.isDefaultNic())) {
+ isDefaultNic = true;
+ }
- while (deviceIds[deviceId] && deviceId < deviceIds.length) {
- deviceId++;
- }
+ while (deviceIds[deviceId] && deviceId < deviceIds.length) {
+ deviceId++;
+ }
- Pair<NicProfile, Integer> vmNicPair = allocateNic(requested, config, isDefaultNic, deviceId, vm);
+ Pair<NicProfile, Integer> vmNicPair = allocateNic(requested, config, isDefaultNic, deviceId, vm);
- NicProfile vmNic = vmNicPair.first();
- if (vmNic == null) {
- continue;
- }
+ NicProfile vmNic = vmNicPair.first();
+ if (vmNic == null) {
+ continue;
+ }
- deviceId = vmNicPair.second();
+ deviceId = vmNicPair.second();
- int devId = vmNic.getDeviceId();
- if (devId > deviceIds.length) {
- throw new IllegalArgumentException("Device id for nic is too large: " + vmNic);
- }
- if (deviceIds[devId]) {
- throw new IllegalArgumentException("Conflicting device id for two different nics: " + vmNic);
- }
+ int devId = vmNic.getDeviceId();
+ if (devId > deviceIds.length) {
+ throw new IllegalArgumentException("Device id for nic is too large: " + vmNic);
+ }
+ if (deviceIds[devId]) {
+ throw new IllegalArgumentException("Conflicting device id for two different nics: " + vmNic);
+ }
- deviceIds[devId] = true;
+ deviceIds[devId] = true;
- if (vmNic.isDefaultNic()) {
- if (defaultNic != null) {
- throw new IllegalArgumentException("You cannot specify two nics as default nics: nic 1 = " + defaultNic + "; nic 2 = " + vmNic);
- }
- defaultNic = vmNic;
+ if (vmNic.isDefaultNic()) {
+ if (defaultNic != null) {
+ throw new IllegalArgumentException("You cannot specify two nics as default nics: nic 1 = " + defaultNic + "; nic 2 = " + vmNic);
}
-
- nics.add(vmNic);
- vm.addNic(vmNic);
+ defaultNic = vmNic;
}
+
+ nics.add(vmNic);
+ vm.addNic(vmNic);
-
+ }
-
- if (nics.size() != networks.size()) {
- s_logger.warn("Number of nics " + nics.size() + " doesn't match number of requested networks " + networks.size());
- throw new CloudRuntimeException("Number of nics " + nics.size() + " doesn't match number of requested networks " + networks.size());
+ }
+ if (nics.size() != size) {
+ s_logger.warn("Number of nics " + nics.size() + " doesn't match number of requested nics " + size);
+ throw new CloudRuntimeException("Number of nics " + nics.size() + " doesn't match number of requested networks " + size);
}
if (nics.size() == 1) {
@@@ -1552,16 -1548,19 +1562,19 @@@
}
}
+ if (vm.getType() == Type.User
+ && _networkModel.areServicesSupportedInNetwork(network.getId(), Service.Dhcp)
+ && network.getTrafficType() == TrafficType.Guest
+ && network.getGuestType() == GuestType.Shared
+ && isLastNicInSubnet(nic)) {
- // remove the dhcpservice ip if this is the last nic in subnet.
- DhcpServiceProvider dhcpServiceProvider = getDhcpServiceProvider(network);
- if (dhcpServiceProvider != null
+ // remove the dhcpservice ip if this is the last nic in subnet.
+ DhcpServiceProvider dhcpServiceProvider = getDhcpServiceProvider(network);
+ if (dhcpServiceProvider != null
- && vm.getType() == Type.User
- && isDhcpAccrossMultipleSubnetsSupported(dhcpServiceProvider)
- && isLastNicInSubnet(nic)
- && network.getTrafficType() == TrafficType.Guest
- && network.getGuestType() == GuestType.Shared) {
+ && isDhcpAccrossMultipleSubnetsSupported(dhcpServiceProvider)) {
- removeDhcpServiceInSubnet(nic);
- }
+ removeDhcpServiceInSubnet(nic);
+ }
+ }
+
NetworkGuru guru = AdapterBase.getAdapterByName(networkGurus, network.getGuruName());
guru.deallocate(network, profile, vm);
_nicDao.remove(nic.getId());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/schema/src/com/cloud/event/EventVO.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/schema/src/com/cloud/network/as/AutoScaleVmGroupVO.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/schema/src/com/cloud/network/dao/RemoteAccessVpnVO.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/schema/src/com/cloud/network/dao/Site2SiteVpnConnectionVO.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/schema/src/com/cloud/network/dao/Site2SiteVpnGatewayVO.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
----------------------------------------------------------------------
diff --cc engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
index 7d0ca79,0acc24a..5e22dd4
--- a/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
+++ b/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
@@@ -271,6 -274,15 +274,16 @@@ public class FirewallRuleVO implements
return trafficType;
}
++
+ public void setDisplay(boolean display) {
+ this.display = display;
+ }
+
+ @Override
+ public boolean isDisplay() {
+ return display;
+ }
+
@Override
public IAMEntityType getEntityType() {
return IAMEntityType.FirewallRule;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/schema/src/com/cloud/network/vpc/VpcVO.java
----------------------------------------------------------------------
diff --cc engine/schema/src/com/cloud/network/vpc/VpcVO.java
index edd984a,d1cfd7c..39bea77
--- a/engine/schema/src/com/cloud/network/vpc/VpcVO.java
+++ b/engine/schema/src/com/cloud/network/vpc/VpcVO.java
@@@ -185,6 -188,15 +188,16 @@@ public class VpcVO implements Vpc
this.uuid = uuid;
}
++
+ public void setDisplay(boolean display) {
+ this.display = display;
+ }
+
+ @Override
+ public boolean isDisplay() {
+ return display;
+ }
+
@Override
public IAMEntityType getEntityType() {
return IAMEntityType.Vpc;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/schema/src/com/cloud/storage/VMTemplateVO.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/schema/src/com/cloud/storage/VolumeVO.java
----------------------------------------------------------------------
diff --cc engine/schema/src/com/cloud/storage/VolumeVO.java
index af80af8,82f47d4..af99a16
--- a/engine/schema/src/com/cloud/storage/VolumeVO.java
+++ b/engine/schema/src/com/cloud/storage/VolumeVO.java
@@@ -601,6 -597,10 +597,11 @@@ public class VolumeVO implements Volum
@Override
public Integer getHypervisorSnapshotReserve() {
return hypervisorSnapshotReserve;
+
}
+
+ @Override
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Volume;
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/schema/src/com/cloud/upgrade/dao/Upgrade430to440.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/schema/src/com/cloud/vm/VMInstanceVO.java
----------------------------------------------------------------------
diff --cc engine/schema/src/com/cloud/vm/VMInstanceVO.java
index a09c34f,437db54..ddeebfe
--- a/engine/schema/src/com/cloud/vm/VMInstanceVO.java
+++ b/engine/schema/src/com/cloud/vm/VMInstanceVO.java
@@@ -537,5 -536,9 +541,4 @@@ public class VMInstanceVO implements Vi
public void setPowerHostId(Long hostId) {
powerHostId = hostId;
}
--
- @Override
- public IAMEntityType getEntityType() {
- return IAMEntityType.VirtualMachine;
- }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/engine/schema/src/com/cloud/vm/dao/NicIpAliasVO.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/framework/db/src/com/cloud/utils/db/SearchBase.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/plugins/network-elements/f5/src/com/cloud/api/commands/ListF5LoadBalancerNetworksCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/plugins/network-elements/juniper-srx/src/com/cloud/api/commands/ListSrxFirewallNetworksCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/plugins/network-elements/netscaler/src/com/cloud/api/commands/ListNetscalerLoadBalancerNetworksCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/plugins/network-elements/nicira-nvp/src/com/cloud/api/commands/ListNiciraNvpDeviceNetworksCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/plugins/network-elements/palo-alto/src/com/cloud/api/commands/ListPaloAltoFirewallNetworksCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/api/ApiDispatcher.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/api/ApiServer.java
index 158a897,05fe6e8..5ab65f4
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@@ -379,7 -382,13 +386,13 @@@ public class ApiServer extends ManagerB
// This is where the command is either serialized, or directly dispatched
response = queueCommand(cmdObj, paramMap);
+ if (annotation.responseHasSensitiveInfo())
+ {
+ buildAuditTrail(auditTrailSb, command[0],
+ StringUtils.cleanString(response));
+ }
+ else
- buildAuditTrail(auditTrailSb, command[0], response);
+ buildAuditTrail(auditTrailSb, command[0], response);
} else {
if (!command[0].equalsIgnoreCase("login") && !command[0].equalsIgnoreCase("logout")) {
String errorString = "Unknown API command: " + command[0];
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/api/query/QueryManagerImpl.java
index e46e0f4,66794c0..564bf4e
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@@ -514,10 -508,15 +515,15 @@@ public class QueryManagerImpl extends M
sb.and("archived", sb.entity().getArchived(), SearchCriteria.Op.EQ);
SearchCriteria<EventJoinVO> sc = sb.create();
+ SearchCriteria<EventJoinVO> aclSc = _eventJoinDao.createSearchCriteria();
+ // building ACL search criteria
+ _accountMgr.buildACLViewSearchCriteria(sc, aclSc, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria);
+ // For end users display only enabled events
+ if(!_accountMgr.isRootAdmin(caller.getType())){
+ sc.setParameters("displayEvent", true);
+ }
+
- // building ACL condition
- _accountMgr.buildACLViewSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
-
if (id != null) {
sc.setParameters("id", id);
}
@@@ -736,54 -719,90 +742,56 @@@
boolean listAll = cmd.listAll();
Long id = cmd.getId();
Map<String, String> tags = cmd.getTags();
+ Boolean display = cmd.getDisplay();
-
- Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject =
- new Ternary<Long, Boolean, ListProjectResourcesCriteria>(cmd.getDomainId(), cmd.isRecursive(), null);
- _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, listAll, false);
- Long domainId = domainIdRecursiveListProject.first();
+ Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, ListProjectResourcesCriteria>(
+ cmd.getDomainId(), cmd.isRecursive(), null);
+ _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedDomains, permittedAccounts, permittedResources,
+ domainIdRecursiveListProject, listAll, false, "listVirtualMachines");
+ //Long domainId = domainIdRecursiveListProject.first();
Boolean isRecursive = domainIdRecursiveListProject.second();
ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
- Criteria c = new Criteria("id", Boolean.TRUE, cmd.getStartIndex(), cmd.getPageSizeVal());
- // Criteria c = new Criteria(null, Boolean.FALSE, cmd.getStartIndex(),
- // cmd.getPageSizeVal()); //version without default sorting
- c.addCriteria(Criteria.KEYWORD, cmd.getKeyword());
- c.addCriteria(Criteria.ID, cmd.getId());
- c.addCriteria(Criteria.NAME, cmd.getName());
- c.addCriteria(Criteria.STATE, cmd.getState());
- c.addCriteria(Criteria.DATACENTERID, cmd.getZoneId());
- c.addCriteria(Criteria.GROUPID, cmd.getGroupId());
- c.addCriteria(Criteria.FOR_VIRTUAL_NETWORK, cmd.getForVirtualNetwork());
- c.addCriteria(Criteria.NETWORKID, cmd.getNetworkId());
- c.addCriteria(Criteria.TEMPLATE_ID, cmd.getTemplateId());
- c.addCriteria(Criteria.ISO_ID, cmd.getIsoId());
- c.addCriteria(Criteria.VPC_ID, cmd.getVpcId());
- c.addCriteria(Criteria.AFFINITY_GROUP_ID, cmd.getAffinityGroupId());
- c.addCriteria(Criteria.SERVICE_OFFERING_ID, cmd.getServiceOfferingId());
- c.addCriteria(Criteria.DISPLAY, cmd.getDisplay());
-
- if (domainId != null) {
- c.addCriteria(Criteria.DOMAINID, domainId);
- }
+ Filter searchFilter = new Filter(UserVmJoinVO.class, "id", true, cmd.getStartIndex(),
+ cmd.getPageSizeVal());
- if (HypervisorType.getType(hypervisor) != HypervisorType.None) {
- c.addCriteria(Criteria.HYPERVISOR, hypervisor);
- } else if (hypervisor != null) {
- throw new InvalidParameterValueException("Invalid HypervisorType " + hypervisor);
- }
+ // first search distinct vm id by using query criteria and pagination
+ SearchBuilder<UserVmJoinVO> sb = _userVmJoinDao.createSearchBuilder();
+ sb.select(null, Func.DISTINCT, sb.entity().getId()); // select distinct ids
- // ignore these search requests if it's not an admin
+ String hypervisor = cmd.getHypervisor();
+ Object name = cmd.getName();
+ Object state = cmd.getState();
+ Object zoneId = cmd.getZoneId();
+ Object keyword = cmd.getKeyword();
+ boolean isAdmin = false;
+ boolean isRootAdmin = false;
if (_accountMgr.isAdmin(caller.getType())) {
- c.addCriteria(Criteria.PODID, cmd.getPodId());
- c.addCriteria(Criteria.HOSTID, cmd.getHostId());
- c.addCriteria(Criteria.STORAGE_ID, cmd.getStorageId());
+ isAdmin = true;
}
-
- if (!permittedAccounts.isEmpty()) {
- c.addCriteria(Criteria.ACCOUNTID, permittedAccounts.toArray());
+ if (_accountMgr.isRootAdmin(caller.getId())) {
+ isRootAdmin = true;
}
- c.addCriteria(Criteria.ISADMIN, _accountMgr.isAdmin(caller.getType()));
- return searchForUserVMsByCriteria(c, caller, domainId, isRecursive, permittedAccounts, listAll, listProjectResourcesCriteria, tags);
- }
-
- private Pair<List<UserVmJoinVO>, Integer> searchForUserVMsByCriteria(Criteria c, Account caller, Long domainId, boolean isRecursive, List<Long> permittedAccounts,
- boolean listAll, ListProjectResourcesCriteria listProjectResourcesCriteria, Map<String, String> tags) {
- Filter searchFilter = new Filter(UserVmJoinVO.class, c.getOrderBy(), c.getAscending(), c.getOffset(), c.getLimit());
- boolean isRootAdmin = _accountMgr.isRootAdmin(caller.getType());
-
- // first search distinct vm id by using query criteria and pagination
- SearchBuilder<UserVmJoinVO> sb = _userVmJoinDao.createSearchBuilder();
- sb.select(null, Func.DISTINCT, sb.entity().getId()); // select distinct
- // ids
- _accountMgr.buildACLViewSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
-
- Object id = c.getCriteria(Criteria.ID);
- Object name = c.getCriteria(Criteria.NAME);
- Object state = c.getCriteria(Criteria.STATE);
- Object notState = c.getCriteria(Criteria.NOTSTATE);
- Object zoneId = c.getCriteria(Criteria.DATACENTERID);
- Object pod = c.getCriteria(Criteria.PODID);
- Object hostId = c.getCriteria(Criteria.HOSTID);
- Object hostName = c.getCriteria(Criteria.HOSTNAME);
- Object keyword = c.getCriteria(Criteria.KEYWORD);
- Object isAdmin = c.getCriteria(Criteria.ISADMIN);
- assert c.getCriteria(Criteria.IPADDRESS) == null : "We don't support search by ip address on VM any more. If you see this assert, it means we have to find a different way to search by the nic table.";
- Object groupId = c.getCriteria(Criteria.GROUPID);
- Object networkId = c.getCriteria(Criteria.NETWORKID);
- Object hypervisor = c.getCriteria(Criteria.HYPERVISOR);
- Object storageId = c.getCriteria(Criteria.STORAGE_ID);
- Object templateId = c.getCriteria(Criteria.TEMPLATE_ID);
- Object isoId = c.getCriteria(Criteria.ISO_ID);
- Object vpcId = c.getCriteria(Criteria.VPC_ID);
- Object affinityGroupId = c.getCriteria(Criteria.AFFINITY_GROUP_ID);
- Object serviceOffId = c.getCriteria(Criteria.SERVICE_OFFERING_ID);
- Object display = c.getCriteria(Criteria.DISPLAY);
+ Object groupId = cmd.getGroupId();
+ Object networkId = cmd.getNetworkId();
+ if (HypervisorType.getType(hypervisor) == HypervisorType.None && hypervisor != null) {
+ // invalid hypervisor type input
+ throw new InvalidParameterValueException("Invalid HypervisorType " + hypervisor);
+ }
+ Object templateId = cmd.getTemplateId();
+ Object isoId = cmd.getIsoId();
+ Object vpcId = cmd.getVpcId();
+ Object affinityGroupId = cmd.getAffinityGroupId();
++ Object serviceOffId = cmd.getServiceOfferingId();
+ Object pod = null;
+ Object hostId = null;
+ Object storageId = null;
+ if (cmd instanceof ListVMsCmdByAdmin) {
+ ListVMsCmdByAdmin adCmd = (ListVMsCmdByAdmin)cmd;
+ pod = adCmd.getPodId();
+ hostId = adCmd.getHostId();
+ storageId = adCmd.getStorageId();
+ }
sb.and("displayName", sb.entity().getDisplayName(), SearchCriteria.Op.LIKE);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
@@@ -1624,16 -1636,21 +1646,18 @@@
String keyword = cmd.getKeyword();
String type = cmd.getType();
Map<String, String> tags = cmd.getTags();
- boolean isRootAdmin = _accountMgr.isRootAdmin(caller.getType());
Long storageId = cmd.getStorageId();
+ Long diskOffId = cmd.getDiskOfferingId();
+ Boolean display = cmd.getDisplay();
Long zoneId = cmd.getZoneId();
- Long podId = null;
- if (_accountMgr.isAdmin(caller.getType())) {
- podId = cmd.getPodId();
- }
+ Long podId = cmd.getPodId();
- Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject =
- new Ternary<Long, Boolean, ListProjectResourcesCriteria>(cmd.getDomainId(), cmd.isRecursive(), null);
- _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, cmd.listAll(), false);
- Long domainId = domainIdRecursiveListProject.first();
+ Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, ListProjectResourcesCriteria>(
+ cmd.getDomainId(), cmd.isRecursive(), null);
+ _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedDomains, permittedAccounts, permittedResources,
+ domainIdRecursiveListProject, cmd.listAll(), false, "listVolumes");
+// Long domainId = domainIdRecursiveListProject.first();
Boolean isRecursive = domainIdRecursiveListProject.second();
ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
Filter searchFilter = new Filter(VolumeJoinVO.class, "created", false, cmd.getStartIndex(), cmd.getPageSizeVal());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/api/query/dao/VolumeJoinDaoImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/api/query/vo/EventJoinVO.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/api/query/vo/VolumeJoinVO.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/api/query/vo/VolumeJoinVO.java
index 9685d02,ce26c1f..289b0b8
--- a/server/src/com/cloud/api/query/vo/VolumeJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/VolumeJoinVO.java
@@@ -569,6 -572,10 +572,11 @@@ public class VolumeJoinVO extends BaseV
return path;
}
++
+ public String getChainInfo() {
+ return chainInfo;
+ }
+
@Override
public IAMEntityType getEntityType() {
return IAMEntityType.Volume;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/api/response/ApiResponseSerializer.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/api/response/ApiResponseSerializer.java
index c254520,e9633a7..482834a
--- a/server/src/com/cloud/api/response/ApiResponseSerializer.java
+++ b/server/src/com/cloud/api/response/ApiResponseSerializer.java
@@@ -26,11 -26,7 +26,12 @@@ import java.util.List
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import org.apache.log4j.Logger;
+
+import com.google.gson.Gson;
+import com.google.gson.annotations.SerializedName;
+
+ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.ResponseObject;
@@@ -39,6 -35,8 +40,7 @@@ import org.apache.cloudstack.api.respon
import org.apache.cloudstack.api.response.ExceptionResponse;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.SuccessResponse;
+ import org.apache.cloudstack.context.CallContext;
-import org.apache.log4j.Logger;
import com.cloud.api.ApiDBUtils;
import com.cloud.api.ApiResponseGsonHelper;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/network/IpAddressManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/IpAddressManagerImpl.java
index dbec06f,8903d1d..5905fd3
--- a/server/src/com/cloud/network/IpAddressManagerImpl.java
+++ b/server/src/com/cloud/network/IpAddressManagerImpl.java
@@@ -638,14 -643,14 +643,14 @@@ public class IpAddressManagerImpl exten
@Override
public PublicIp assignPublicIpAddress(long dcId, Long podId, Account owner, VlanType type, Long networkId, String requestedIp, boolean isSystem)
- throws InsufficientAddressCapacityException {
+ throws InsufficientAddressCapacityException {
- return fetchNewPublicIp(dcId, podId, null, owner, type, networkId, false, true, requestedIp, isSystem, null);
+ return fetchNewPublicIp(dcId, podId, null, owner, type, networkId, false, true, requestedIp, isSystem, null, null);
}
@Override
public PublicIp assignPublicIpAddressFromVlans(long dcId, Long podId, Account owner, VlanType type, List<Long> vlanDbIds, Long networkId, String requestedIp, boolean isSystem)
- throws InsufficientAddressCapacityException {
+ throws InsufficientAddressCapacityException {
- return fetchNewPublicIp(dcId, podId, vlanDbIds, owner, type, networkId, false, true, requestedIp, isSystem, null);
+ return fetchNewPublicIp(dcId, podId, vlanDbIds, owner, type, networkId, false, true, requestedIp, isSystem, null, null);
}
@DB
@@@ -654,129 -660,132 +660,132 @@@
IPAddressVO addr = Transaction.execute(new TransactionCallbackWithException<IPAddressVO, InsufficientAddressCapacityException>() {
@Override
public IPAddressVO doInTransaction(TransactionStatus status) throws InsufficientAddressCapacityException {
- StringBuilder errorMessage = new StringBuilder("Unable to get ip adress in ");
- boolean fetchFromDedicatedRange = false;
- List<Long> dedicatedVlanDbIds = new ArrayList<Long>();
- List<Long> nonDedicatedVlanDbIds = new ArrayList<Long>();
-
- SearchCriteria<IPAddressVO> sc = null;
- if (podId != null) {
- sc = AssignIpAddressFromPodVlanSearch.create();
- sc.setJoinParameters("podVlanMapSB", "podId", podId);
- errorMessage.append(" pod id=" + podId);
- } else {
- sc = AssignIpAddressSearch.create();
- errorMessage.append(" zone id=" + dcId);
- }
+ StringBuilder errorMessage = new StringBuilder("Unable to get ip adress in ");
+ boolean fetchFromDedicatedRange = false;
+ List<Long> dedicatedVlanDbIds = new ArrayList<Long>();
+ List<Long> nonDedicatedVlanDbIds = new ArrayList<Long>();
+
+ SearchCriteria<IPAddressVO> sc = null;
+ if (podId != null) {
+ sc = AssignIpAddressFromPodVlanSearch.create();
+ sc.setJoinParameters("podVlanMapSB", "podId", podId);
+ errorMessage.append(" pod id=" + podId);
+ } else {
+ sc = AssignIpAddressSearch.create();
+ errorMessage.append(" zone id=" + dcId);
+ }
- // If owner has dedicated Public IP ranges, fetch IP from the dedicated range
- // Otherwise fetch IP from the system pool
- List<AccountVlanMapVO> maps = _accountVlanMapDao.listAccountVlanMapsByAccount(owner.getId());
- for (AccountVlanMapVO map : maps) {
- if (vlanDbIds == null || vlanDbIds.contains(map.getVlanDbId()))
- dedicatedVlanDbIds.add(map.getVlanDbId());
- }
- List<VlanVO> nonDedicatedVlans = _vlanDao.listZoneWideNonDedicatedVlans(dcId);
- for (VlanVO nonDedicatedVlan : nonDedicatedVlans) {
- if (vlanDbIds == null || vlanDbIds.contains(nonDedicatedVlan.getId()))
- nonDedicatedVlanDbIds.add(nonDedicatedVlan.getId());
- }
- if (dedicatedVlanDbIds != null && !dedicatedVlanDbIds.isEmpty()) {
- fetchFromDedicatedRange = true;
- sc.setParameters("vlanId", dedicatedVlanDbIds.toArray());
+ // If owner has dedicated Public IP ranges, fetch IP from the dedicated range
+ // Otherwise fetch IP from the system pool
+ List<AccountVlanMapVO> maps = _accountVlanMapDao.listAccountVlanMapsByAccount(owner.getId());
+ for (AccountVlanMapVO map : maps) {
+ if (vlanDbIds == null || vlanDbIds.contains(map.getVlanDbId()))
+ dedicatedVlanDbIds.add(map.getVlanDbId());
+ }
+ List<VlanVO> nonDedicatedVlans = _vlanDao.listZoneWideNonDedicatedVlans(dcId);
+ for (VlanVO nonDedicatedVlan : nonDedicatedVlans) {
+ if (vlanDbIds == null || vlanDbIds.contains(nonDedicatedVlan.getId()))
+ nonDedicatedVlanDbIds.add(nonDedicatedVlan.getId());
+ }
+ if (dedicatedVlanDbIds != null && !dedicatedVlanDbIds.isEmpty()) {
+ fetchFromDedicatedRange = true;
+ sc.setParameters("vlanId", dedicatedVlanDbIds.toArray());
- errorMessage.append(", vlanId id=" + dedicatedVlanDbIds.toArray());
+ errorMessage.append(", vlanId id=" + Arrays.toString(dedicatedVlanDbIds.toArray()));
- } else if (nonDedicatedVlanDbIds != null && !nonDedicatedVlanDbIds.isEmpty()) {
- sc.setParameters("vlanId", nonDedicatedVlanDbIds.toArray());
+ } else if (nonDedicatedVlanDbIds != null && !nonDedicatedVlanDbIds.isEmpty()) {
+ sc.setParameters("vlanId", nonDedicatedVlanDbIds.toArray());
errorMessage.append(", vlanId id=" + nonDedicatedVlanDbIds.toArray());
- } else {
- if (podId != null) {
- InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", Pod.class, podId);
- ex.addProxyObject(ApiDBUtils.findPodById(podId).getUuid());
- throw ex;
- }
- s_logger.warn(errorMessage.toString());
- InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", DataCenter.class, dcId);
- ex.addProxyObject(ApiDBUtils.findZoneById(dcId).getUuid());
- throw ex;
- }
+ } else {
+ if (podId != null) {
+ InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", Pod.class, podId);
+ ex.addProxyObject(ApiDBUtils.findPodById(podId).getUuid());
+ throw ex;
+ }
+ s_logger.warn(errorMessage.toString());
+ InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", DataCenter.class, dcId);
+ ex.addProxyObject(ApiDBUtils.findZoneById(dcId).getUuid());
+ throw ex;
+ }
- sc.setParameters("dc", dcId);
+ sc.setParameters("dc", dcId);
- DataCenter zone = _entityMgr.findById(DataCenter.class, dcId);
+ DataCenter zone = _entityMgr.findById(DataCenter.class, dcId);
- // for direct network take ip addresses only from the vlans belonging to the network
- if (vlanUse == VlanType.DirectAttached) {
- sc.setJoinParameters("vlan", "networkId", guestNetworkId);
- errorMessage.append(", network id=" + guestNetworkId);
- }
- sc.setJoinParameters("vlan", "type", vlanUse);
+ // for direct network take ip addresses only from the vlans belonging to the network
+ if (vlanUse == VlanType.DirectAttached) {
+ sc.setJoinParameters("vlan", "networkId", guestNetworkId);
+ errorMessage.append(", network id=" + guestNetworkId);
+ }
+ sc.setJoinParameters("vlan", "type", vlanUse);
- if (requestedIp != null) {
- sc.addAnd("address", SearchCriteria.Op.EQ, requestedIp);
- errorMessage.append(": requested ip " + requestedIp + " is not available");
- }
+ if (requestedIp != null) {
+ sc.addAnd("address", SearchCriteria.Op.EQ, requestedIp);
+ errorMessage.append(": requested ip " + requestedIp + " is not available");
+ }
- Filter filter = new Filter(IPAddressVO.class, "vlanId", true, 0l, 1l);
+ Filter filter = new Filter(IPAddressVO.class, "vlanId", true, 0l, 1l);
- List<IPAddressVO> addrs = _ipAddressDao.lockRows(sc, filter, true);
+ List<IPAddressVO> addrs = _ipAddressDao.lockRows(sc, filter, true);
- // If all the dedicated IPs of the owner are in use fetch an IP from the system pool
- if (addrs.size() == 0 && fetchFromDedicatedRange) {
- // Verify if account is allowed to acquire IPs from the system
- boolean useSystemIps = UseSystemPublicIps.valueIn(owner.getId());
- if (useSystemIps && nonDedicatedVlanDbIds != null && !nonDedicatedVlanDbIds.isEmpty()) {
- fetchFromDedicatedRange = false;
- sc.setParameters("vlanId", nonDedicatedVlanDbIds.toArray());
+ // If all the dedicated IPs of the owner are in use fetch an IP from the system pool
+ if (addrs.size() == 0 && fetchFromDedicatedRange) {
+ // Verify if account is allowed to acquire IPs from the system
+ boolean useSystemIps = UseSystemPublicIps.valueIn(owner.getId());
+ if (useSystemIps && nonDedicatedVlanDbIds != null && !nonDedicatedVlanDbIds.isEmpty()) {
+ fetchFromDedicatedRange = false;
+ sc.setParameters("vlanId", nonDedicatedVlanDbIds.toArray());
errorMessage.append(", vlanId id=" + nonDedicatedVlanDbIds.toArray());
- addrs = _ipAddressDao.lockRows(sc, filter, true);
- }
- }
+ addrs = _ipAddressDao.lockRows(sc, filter, true);
+ }
+ }
- if (addrs.size() == 0) {
- if (podId != null) {
- InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", Pod.class, podId);
- // for now, we hardcode the table names, but we should ideally do a lookup for the tablename from the VO object.
- ex.addProxyObject(ApiDBUtils.findPodById(podId).getUuid());
- throw ex;
- }
- s_logger.warn(errorMessage.toString());
- InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", DataCenter.class, dcId);
- ex.addProxyObject(ApiDBUtils.findZoneById(dcId).getUuid());
- throw ex;
- }
+ if (addrs.size() == 0) {
+ if (podId != null) {
+ InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", Pod.class, podId);
+ // for now, we hardcode the table names, but we should ideally do a lookup for the tablename from the VO object.
+ ex.addProxyObject(ApiDBUtils.findPodById(podId).getUuid());
+ throw ex;
+ }
+ s_logger.warn(errorMessage.toString());
+ InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", DataCenter.class, dcId);
+ ex.addProxyObject(ApiDBUtils.findZoneById(dcId).getUuid());
+ throw ex;
+ }
- assert (addrs.size() == 1) : "Return size is incorrect: " + addrs.size();
+ assert (addrs.size() == 1) : "Return size is incorrect: " + addrs.size();
- if (!fetchFromDedicatedRange) {
- // Check that the maximum number of public IPs for the given accountId will not be exceeded
- try {
- _resourceLimitMgr.checkResourceLimit(owner, ResourceType.public_ip);
- } catch (ResourceAllocationException ex) {
- s_logger.warn("Failed to allocate resource of type " + ex.getResourceType() + " for account " + owner);
- throw new AccountLimitException("Maximum number of public IP addresses for account: " + owner.getAccountName() + " has been exceeded.");
- }
- }
+ if (!fetchFromDedicatedRange) {
+ // Check that the maximum number of public IPs for the given accountId will not be exceeded
+ try {
+ _resourceLimitMgr.checkResourceLimit(owner, ResourceType.public_ip);
+ } catch (ResourceAllocationException ex) {
+ s_logger.warn("Failed to allocate resource of type " + ex.getResourceType() + " for account " + owner);
+ throw new AccountLimitException("Maximum number of public IP addresses for account: " + owner.getAccountName() + " has been exceeded.");
+ }
+ }
- IPAddressVO addr = addrs.get(0);
- addr.setSourceNat(sourceNat);
- addr.setAllocatedTime(new Date());
- addr.setAllocatedInDomainId(owner.getDomainId());
- addr.setAllocatedToAccountId(owner.getId());
- addr.setSystem(isSystem);
+ IPAddressVO addr = addrs.get(0);
+ addr.setSourceNat(sourceNat);
+ addr.setAllocatedTime(new Date());
+ addr.setAllocatedInDomainId(owner.getDomainId());
+ addr.setAllocatedToAccountId(owner.getId());
+ addr.setSystem(isSystem);
+ if (displayIp != null) {
+ addr.setDisplay(displayIp);
+ }
- if (assign) {
- markPublicIpAsAllocated(addr);
- } else {
- addr.setState(IpAddress.State.Allocating);
- }
- addr.setState(assign ? IpAddress.State.Allocated : IpAddress.State.Allocating);
+ if (assign) {
+ markPublicIpAsAllocated(addr);
+ } else {
+ addr.setState(IpAddress.State.Allocating);
+ }
+ addr.setState(assign ? IpAddress.State.Allocated : IpAddress.State.Allocating);
- if (vlanUse != VlanType.DirectAttached) {
- addr.setAssociatedWithNetworkId(guestNetworkId);
- addr.setVpcId(vpcId);
- }
+ if (vlanUse != VlanType.DirectAttached) {
+ addr.setAssociatedWithNetworkId(guestNetworkId);
+ addr.setVpcId(vpcId);
+ }
- _ipAddressDao.update(addr.getId(), addr);
+ _ipAddressDao.update(addr.getId(), addr);
return addr;
}
@@@ -861,21 -870,29 +870,29 @@@
public PublicIp doInTransaction(TransactionStatus status) throws InsufficientAddressCapacityException {
Account owner = _accountDao.acquireInLockTable(ownerId);
- if (owner == null) {
- // this ownerId comes from owner or type Account. See the class "AccountVO" and the annotations in that class
- // to get the table name and field name that is queried to fill this ownerid.
- ConcurrentOperationException ex = new ConcurrentOperationException("Unable to lock account");
- throw ex;
- }
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("lock account " + ownerId + " is acquired");
- }
+ if (owner == null) {
+ // this ownerId comes from owner or type Account. See the class "AccountVO" and the annotations in that class
+ // to get the table name and field name that is queried to fill this ownerid.
+ ConcurrentOperationException ex = new ConcurrentOperationException("Unable to lock account");
+ throw ex;
+ }
+ if (s_logger.isDebugEnabled()) {
+ s_logger.debug("lock account " + ownerId + " is acquired");
+ }
+ boolean displayIp = true;
+ if (guestNtwkId != null) {
+ Network ntwk = _networksDao.findById(guestNtwkId);
+ displayIp = ntwk.getDisplayNetwork();
+ } else if (vpcId != null) {
+ VpcVO vpc = _vpcDao.findById(vpcId);
+ displayIp = vpc.isDisplay();
+ }
- PublicIp ip = fetchNewPublicIp(dcId, null, null, owner, VlanType.VirtualNetwork, guestNtwkId, isSourceNat, false, null, false, vpcId);
+ PublicIp ip = fetchNewPublicIp(dcId, null, null, owner, VlanType.VirtualNetwork, guestNtwkId, isSourceNat, false, null, false, vpcId, displayIp);
- IPAddressVO publicIp = ip.ip();
+ IPAddressVO publicIp = ip.ip();
- markPublicIpAsAllocated(publicIp);
- _ipAddressDao.update(publicIp.getId(), publicIp);
+ markPublicIpAsAllocated(publicIp);
+ _ipAddressDao.update(publicIp.getId(), publicIp);
return ip;
}
@@@ -973,8 -990,9 +990,9 @@@
@DB
@Override
- public IpAddress allocateIp(final Account ipOwner, final boolean isSystem, Account caller, long callerUserId, final DataCenter zone) throws ConcurrentOperationException,
+ public IpAddress allocateIp(final Account ipOwner, final boolean isSystem, Account caller, long callerUserId, final DataCenter zone, final Boolean displayIp)
+ throws ConcurrentOperationException,
- ResourceAllocationException, InsufficientAddressCapacityException {
+ ResourceAllocationException, InsufficientAddressCapacityException {
final VlanType vlanType = VlanType.VirtualNetwork;
final boolean assign = false;
@@@ -1006,18 -1024,18 +1024,18 @@@
ip = Transaction.execute(new TransactionCallbackWithException<PublicIp, InsufficientAddressCapacityException>() {
@Override
public PublicIp doInTransaction(TransactionStatus status) throws InsufficientAddressCapacityException {
- PublicIp ip = fetchNewPublicIp(zone.getId(), null, null, ipOwner, vlanType, null, false, assign, null, isSystem, null);
+ PublicIp ip = fetchNewPublicIp(zone.getId(), null, null, ipOwner, vlanType, null, false, assign, null, isSystem, null, displayIp);
- if (ip == null) {
+ if (ip == null) {
InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Unable to find available public IP addresses", DataCenter.class, zone
.getId());
- ex.addProxyObject(ApiDBUtils.findZoneById(zone.getId()).getUuid());
- throw ex;
- }
- CallContext.current().setEventDetails("Ip Id: " + ip.getId());
- Ip ipAddress = ip.getAddress();
+ ex.addProxyObject(ApiDBUtils.findZoneById(zone.getId()).getUuid());
+ throw ex;
+ }
+ CallContext.current().setEventDetails("Ip Id: " + ip.getId());
+ Ip ipAddress = ip.getAddress();
- s_logger.debug("Got " + ipAddress + " to assign for account " + ipOwner.getId() + " in zone " + zone.getId());
+ s_logger.debug("Got " + ipAddress + " to assign for account " + ipOwner.getId() + " in zone " + zone.getId());
return ip;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/48e08fe6/server/src/com/cloud/network/NetworkServiceImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/NetworkServiceImpl.java
index 41cc2ed,ebeb31a..828e6bb
--- a/server/src/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/com/cloud/network/NetworkServiceImpl.java
@@@ -3601,17 -3593,19 +3598,19 @@@ public class NetworkServiceImpl extend
// For public traffic, get isolation method of physical network and update the public network accordingly
// each broadcast type will individually need to be qualified for support of public traffic
+ if (TrafficType.Public.equals(trafficType)){
- List<String> isolationMethods = network.getIsolationMethods();
- if ((isolationMethods.size() == 1 && isolationMethods.get(0).toLowerCase().equals("vxlan"))
- || (isolationMethod != null && isolationMethods.contains(isolationMethod) && isolationMethod.toLowerCase().equals("vxlan"))) {
- // find row in networks table that is defined as 'Public', created when zone was deployed
- NetworkVO publicNetwork = _networksDao.listByZoneAndTrafficType(network.getDataCenterId(),TrafficType.Public).get(0);
- if (publicNetwork != null) {
- s_logger.debug("setting public network " + publicNetwork + " to broadcast type vxlan");
- publicNetwork.setBroadcastDomainType(BroadcastDomainType.Vxlan);
- _networksDao.persist(publicNetwork);
- }
+ List<String> isolationMethods = network.getIsolationMethods();
+ if ((isolationMethods.size() == 1 && isolationMethods.get(0).toLowerCase().equals("vxlan"))
+ || (isolationMethod != null && isolationMethods.contains(isolationMethod) && isolationMethod.toLowerCase().equals("vxlan"))) {
+ // find row in networks table that is defined as 'Public', created when zone was deployed
+ NetworkVO publicNetwork = _networksDao.listByZoneAndTrafficType(network.getDataCenterId(),TrafficType.Public).get(0);
+ if (publicNetwork != null) {
+ s_logger.debug("setting public network " + publicNetwork + " to broadcast type vxlan");
+ publicNetwork.setBroadcastDomainType(BroadcastDomainType.Vxlan);
+ _networksDao.persist(publicNetwork);
}
}
++ }
return pNetworktrafficType;
} catch (Exception ex) {
@@@ -4018,14 -4012,14 +4017,14 @@@
Long nicId = cmd.getNicId();
long vmId = cmd.getVmId();
Long networkId = cmd.getNetworkId();
-
- UserVmVO userVm = _userVmDao.findById(vmId);
+ UserVmVO userVm = _userVmDao.findById(vmId);
- if (userVm == null) {
+ if (userVm == null || (!userVm.isDisplayVm() && caller.getType() == Account.ACCOUNT_TYPE_NORMAL)) {
- InvalidParameterValueException ex = new InvalidParameterValueException("Virtual mahine id does not exist");
+ InvalidParameterValueException ex = new InvalidParameterValueException("Virtual mahine id does not exist");
ex.addProxyObject(Long.valueOf(vmId).toString(), "vmId");
- throw ex;
- }
+ throw ex;
+ }
+
_accountMgr.checkAccess(caller, null, true, userVm);
return _networkMgr.listVmNics(vmId, nicId, networkId);
}
[05/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Renaming AclEntityType --> IAMEntityType
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f41604fc
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f41604fc
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f41604fc
Branch: refs/heads/master
Commit: f41604fc6c2bc866fd3332ab38a4b743a0ed6cfe
Parents: b78cb22
Author: Prachi Damle <pr...@cloud.com>
Authored: Wed Feb 19 16:36:53 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 16:43:17 2014 -0800
----------------------------------------------------------------------
api/src/com/cloud/network/NetworkProfile.java | 6 +--
.../cloud/network/vpc/StaticRouteProfile.java | 6 +--
.../apache/cloudstack/acl/AclEntityType.java | 45 --------------------
.../apache/cloudstack/acl/ControlledEntity.java | 2 +-
.../apache/cloudstack/acl/IAMEntityType.java | 45 ++++++++++++++++++++
.../org/apache/cloudstack/api/APICommand.java | 4 +-
.../command/admin/router/DestroyRouterCmd.java | 4 +-
.../command/admin/router/ListRoutersCmd.java | 4 +-
.../command/admin/router/RebootRouterCmd.java | 4 +-
.../command/admin/router/StartRouterCmd.java | 4 +-
.../api/command/admin/router/StopRouterCmd.java | 4 +-
.../command/admin/router/UpgradeRouterCmd.java | 4 +-
.../admin/systemvm/DestroySystemVmCmd.java | 4 +-
.../admin/systemvm/ListSystemVMsCmd.java | 4 +-
.../admin/systemvm/MigrateSystemVMCmd.java | 4 +-
.../admin/systemvm/RebootSystemVmCmd.java | 4 +-
.../admin/systemvm/ScaleSystemVMCmd.java | 4 +-
.../admin/systemvm/StartSystemVMCmd.java | 4 +-
.../command/admin/systemvm/StopSystemVmCmd.java | 4 +-
.../admin/systemvm/UpgradeSystemVMCmd.java | 4 +-
.../admin/template/ListTemplatesCmdByAdmin.java | 4 +-
.../admin/template/PrepareTemplateCmd.java | 4 +-
.../api/command/admin/vm/AssignVMCmd.java | 4 +-
.../api/command/admin/vm/ExpungeVMCmd.java | 4 +-
.../api/command/admin/vm/MigrateVMCmd.java | 4 +-
.../vm/MigrateVirtualMachineWithVolumeCmd.java | 4 +-
.../api/command/admin/vm/RecoverVMCmd.java | 4 +-
.../admin/vpc/CreatePrivateGatewayCmd.java | 4 +-
.../admin/vpc/DeletePrivateGatewayCmd.java | 4 +-
.../command/user/account/ListAccountsCmd.java | 4 +-
.../affinitygroup/CreateAffinityGroupCmd.java | 4 +-
.../affinitygroup/DeleteAffinityGroupCmd.java | 4 +-
.../affinitygroup/ListAffinityGroupsCmd.java | 4 +-
.../affinitygroup/UpdateVMAffinityGroupCmd.java | 4 +-
.../autoscale/CreateAutoScalePolicyCmd.java | 4 +-
.../autoscale/CreateAutoScaleVmGroupCmd.java | 4 +-
.../autoscale/CreateAutoScaleVmProfileCmd.java | 4 +-
.../user/autoscale/CreateConditionCmd.java | 4 +-
.../autoscale/DeleteAutoScalePolicyCmd.java | 4 +-
.../autoscale/DeleteAutoScaleVmGroupCmd.java | 4 +-
.../autoscale/DeleteAutoScaleVmProfileCmd.java | 4 +-
.../user/autoscale/DeleteConditionCmd.java | 4 +-
.../autoscale/DisableAutoScaleVmGroupCmd.java | 4 +-
.../autoscale/EnableAutoScaleVmGroupCmd.java | 4 +-
.../autoscale/ListAutoScalePoliciesCmd.java | 4 +-
.../autoscale/ListAutoScaleVmGroupsCmd.java | 4 +-
.../autoscale/ListAutoScaleVmProfilesCmd.java | 4 +-
.../autoscale/UpdateAutoScalePolicyCmd.java | 4 +-
.../autoscale/UpdateAutoScaleVmGroupCmd.java | 4 +-
.../autoscale/UpdateAutoScaleVmProfileCmd.java | 4 +-
.../command/user/event/ArchiveEventsCmd.java | 4 +-
.../api/command/user/event/DeleteEventsCmd.java | 4 +-
.../api/command/user/event/ListEventsCmd.java | 4 +-
.../firewall/CreateEgressFirewallRuleCmd.java | 8 ++--
.../user/firewall/CreateFirewallRuleCmd.java | 8 ++--
.../firewall/CreatePortForwardingRuleCmd.java | 8 ++--
.../firewall/DeleteEgressFirewallRuleCmd.java | 4 +-
.../user/firewall/DeleteFirewallRuleCmd.java | 4 +-
.../firewall/DeletePortForwardingRuleCmd.java | 4 +-
.../firewall/ListEgressFirewallRulesCmd.java | 4 +-
.../user/firewall/ListFirewallRulesCmd.java | 4 +-
.../firewall/ListPortForwardingRulesCmd.java | 4 +-
.../firewall/UpdatePortForwardingRuleCmd.java | 4 +-
.../user/nat/CreateIpForwardingRuleCmd.java | 6 +--
.../command/user/network/CreateNetworkCmd.java | 4 +-
.../command/user/network/DeleteNetworkCmd.java | 4 +-
.../command/user/network/ListNetworksCmd.java | 4 +-
.../command/user/network/RestartNetworkCmd.java | 4 +-
.../command/user/network/UpdateNetworkCmd.java | 4 +-
.../AuthorizeSecurityGroupEgressCmd.java | 4 +-
.../AuthorizeSecurityGroupIngressCmd.java | 4 +-
.../securitygroup/CreateSecurityGroupCmd.java | 4 +-
.../securitygroup/DeleteSecurityGroupCmd.java | 4 +-
.../securitygroup/ListSecurityGroupsCmd.java | 4 +-
.../RevokeSecurityGroupEgressCmd.java | 4 +-
.../RevokeSecurityGroupIngressCmd.java | 4 +-
.../user/snapshot/CreateSnapshotCmd.java | 4 +-
.../user/snapshot/DeleteSnapshotCmd.java | 4 +-
.../command/user/snapshot/ListSnapshotsCmd.java | 4 +-
.../user/snapshot/RevertSnapshotCmd.java | 4 +-
.../command/user/ssh/CreateSSHKeyPairCmd.java | 4 +-
.../command/user/ssh/DeleteSSHKeyPairCmd.java | 4 +-
.../command/user/ssh/ListSSHKeyPairsCmd.java | 4 +-
.../command/user/ssh/RegisterSSHKeyPairCmd.java | 4 +-
.../api/command/user/tag/CreateTagsCmd.java | 4 +-
.../api/command/user/tag/DeleteTagsCmd.java | 4 +-
.../api/command/user/tag/ListTagsCmd.java | 4 +-
.../command/user/template/ListTemplatesCmd.java | 4 +-
.../template/UpdateTemplatePermissionsCmd.java | 4 +-
.../api/command/user/vm/AddNicToVMCmd.java | 4 +-
.../api/command/user/vm/DeployVMCmd.java | 4 +-
.../api/command/user/vm/DestroyVMCmd.java | 4 +-
.../api/command/user/vm/GetVMPasswordCmd.java | 4 +-
.../api/command/user/vm/ListVMsCmd.java | 4 +-
.../api/command/user/vm/RebootVMCmd.java | 4 +-
.../api/command/user/vm/RemoveNicFromVMCmd.java | 4 +-
.../api/command/user/vm/ResetVMPasswordCmd.java | 4 +-
.../api/command/user/vm/ResetVMSSHKeyCmd.java | 4 +-
.../api/command/user/vm/RestoreVMCmd.java | 4 +-
.../api/command/user/vm/ScaleVMCmd.java | 4 +-
.../api/command/user/vm/StartVMCmd.java | 4 +-
.../api/command/user/vm/StopVMCmd.java | 4 +-
.../user/vm/UpdateDefaultNicForVMCmd.java | 4 +-
.../api/command/user/vm/UpdateVMCmd.java | 4 +-
.../api/command/user/vm/UpgradeVMCmd.java | 4 +-
.../command/user/vmgroup/CreateVMGroupCmd.java | 4 +-
.../command/user/vmgroup/DeleteVMGroupCmd.java | 4 +-
.../command/user/vmgroup/ListVMGroupsCmd.java | 4 +-
.../command/user/vmgroup/UpdateVMGroupCmd.java | 4 +-
.../user/vmsnapshot/CreateVMSnapshotCmd.java | 4 +-
.../user/vmsnapshot/DeleteVMSnapshotCmd.java | 4 +-
.../user/vmsnapshot/ListVMSnapshotCmd.java | 4 +-
.../command/user/volume/AttachVolumeCmd.java | 4 +-
.../command/user/volume/CreateVolumeCmd.java | 4 +-
.../command/user/volume/DeleteVolumeCmd.java | 4 +-
.../command/user/volume/DetachVolumeCmd.java | 4 +-
.../command/user/volume/ExtractVolumeCmd.java | 4 +-
.../api/command/user/volume/ListVolumesCmd.java | 4 +-
.../command/user/volume/MigrateVolumeCmd.java | 4 +-
.../command/user/volume/ResizeVolumeCmd.java | 4 +-
.../command/user/volume/UpdateVolumeCmd.java | 4 +-
.../command/user/volume/UploadVolumeCmd.java | 4 +-
.../command/user/vpc/CreateStaticRouteCmd.java | 4 +-
.../api/command/user/vpc/CreateVPCCmd.java | 4 +-
.../command/user/vpc/DeleteStaticRouteCmd.java | 4 +-
.../api/command/user/vpc/DeleteVPCCmd.java | 4 +-
.../user/vpc/ListPrivateGatewaysCmd.java | 4 +-
.../command/user/vpc/ListStaticRoutesCmd.java | 4 +-
.../api/command/user/vpc/ListVPCsCmd.java | 4 +-
.../api/command/user/vpc/RestartVPCCmd.java | 4 +-
.../api/command/user/vpc/UpdateVPCCmd.java | 4 +-
.../api/command/user/vpn/AddVpnUserCmd.java | 4 +-
.../user/vpn/CreateRemoteAccessVpnCmd.java | 4 +-
.../user/vpn/CreateVpnConnectionCmd.java | 4 +-
.../user/vpn/CreateVpnCustomerGatewayCmd.java | 4 +-
.../command/user/vpn/CreateVpnGatewayCmd.java | 4 +-
.../user/vpn/DeleteRemoteAccessVpnCmd.java | 4 +-
.../user/vpn/DeleteVpnConnectionCmd.java | 4 +-
.../user/vpn/DeleteVpnCustomerGatewayCmd.java | 4 +-
.../command/user/vpn/DeleteVpnGatewayCmd.java | 4 +-
.../user/vpn/ListRemoteAccessVpnsCmd.java | 4 +-
.../command/user/vpn/ListVpnConnectionsCmd.java | 4 +-
.../user/vpn/ListVpnCustomerGatewaysCmd.java | 4 +-
.../command/user/vpn/ListVpnGatewaysCmd.java | 4 +-
.../api/command/user/vpn/ListVpnUsersCmd.java | 4 +-
.../api/command/user/vpn/RemoveVpnUserCmd.java | 4 +-
.../command/user/vpn/ResetVpnConnectionCmd.java | 4 +-
.../user/vpn/UpdateVpnCustomerGatewayCmd.java | 4 +-
.../src/com/cloud/network/addr/PublicIp.java | 6 +--
.../cloud/network/rules/StaticNatRuleImpl.java | 6 +--
.../orchestration/NetworkOrchestrator.java | 6 +--
engine/schema/src/com/cloud/event/EventVO.java | 6 +--
.../com/cloud/network/UserIpv6AddressVO.java | 6 +--
.../schema/src/com/cloud/network/VpnUserVO.java | 6 +--
.../com/cloud/network/as/AutoScalePolicyVO.java | 6 +--
.../cloud/network/as/AutoScaleVmGroupVO.java | 6 +--
.../cloud/network/as/AutoScaleVmProfileVO.java | 6 +--
.../src/com/cloud/network/as/ConditionVO.java | 6 +--
.../src/com/cloud/network/dao/IPAddressVO.java | 6 +--
.../cloud/network/dao/MonitoringServiceVO.java | 6 +--
.../src/com/cloud/network/dao/NetworkVO.java | 6 +--
.../cloud/network/dao/RemoteAccessVpnVO.java | 6 +--
.../network/dao/Site2SiteCustomerGatewayVO.java | 6 +--
.../network/dao/Site2SiteVpnConnectionVO.java | 6 +--
.../network/dao/Site2SiteVpnGatewayVO.java | 6 +--
.../src/com/cloud/network/dao/SslCertVO.java | 6 +--
.../com/cloud/network/rules/FirewallRuleVO.java | 6 +--
.../cloud/network/security/SecurityGroupVO.java | 6 +--
.../com/cloud/network/vpc/StaticRouteVO.java | 6 +--
.../src/com/cloud/network/vpc/VpcGatewayVO.java | 6 +--
.../schema/src/com/cloud/network/vpc/VpcVO.java | 6 +--
.../com/cloud/projects/ProjectInvitationVO.java | 6 +--
.../src/com/cloud/storage/SnapshotVO.java | 6 +--
.../src/com/cloud/storage/VMTemplateVO.java | 6 +--
.../schema/src/com/cloud/storage/VolumeVO.java | 6 +--
.../src/com/cloud/tags/ResourceTagVO.java | 6 +--
engine/schema/src/com/cloud/user/AccountVO.java | 6 +--
.../schema/src/com/cloud/user/SSHKeyPairVO.java | 6 +--
.../src/com/cloud/vm/InstanceGroupVO.java | 6 +--
.../schema/src/com/cloud/vm/VMInstanceVO.java | 6 +--
.../src/com/cloud/vm/dao/NicIpAliasVO.java | 6 +--
.../src/com/cloud/vm/dao/NicSecondaryIpVO.java | 6 +--
.../src/com/cloud/vm/snapshot/VMSnapshotVO.java | 6 +--
.../cloudstack/affinity/AffinityGroupVO.java | 6 +--
.../engine/cloud/entity/api/db/VMEntityVO.java | 6 +--
.../region/gslb/GlobalLoadBalancerRuleVO.java | 6 +--
.../storage/image/store/TemplateObject.java | 6 +--
.../storage/snapshot/SnapshotObject.java | 6 +--
.../storage/image/TemplateEntityImpl.java | 4 +-
.../storage/snapshot/SnapshotEntityImpl.java | 6 +--
.../cloudstack/storage/volume/VolumeObject.java | 6 +--
.../cloud/api/query/vo/AffinityGroupJoinVO.java | 6 +--
.../com/cloud/api/query/vo/AsyncJobJoinVO.java | 6 +--
.../cloud/api/query/vo/DomainRouterJoinVO.java | 6 +--
.../src/com/cloud/api/query/vo/EventJoinVO.java | 6 +--
.../cloud/api/query/vo/InstanceGroupJoinVO.java | 6 +--
.../api/query/vo/ProjectInvitationJoinVO.java | 6 +--
.../cloud/api/query/vo/ResourceTagJoinVO.java | 6 +--
.../cloud/api/query/vo/SecurityGroupJoinVO.java | 6 +--
.../com/cloud/api/query/vo/TemplateJoinVO.java | 6 +--
.../com/cloud/api/query/vo/UserVmJoinVO.java | 6 +--
.../com/cloud/api/query/vo/VolumeJoinVO.java | 6 +--
.../api/response/SecurityGroupResultObject.java | 6 +--
.../network/vpc/PrivateGatewayProfile.java | 6 +--
.../template/HypervisorTemplateAdapter.java | 4 +-
.../com/cloud/template/TemplateManagerImpl.java | 6 +--
.../affinity/AffinityGroupServiceImpl.java | 6 +--
207 files changed, 520 insertions(+), 520 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/com/cloud/network/NetworkProfile.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/NetworkProfile.java b/api/src/com/cloud/network/NetworkProfile.java
index c77b765..3f57694 100644
--- a/api/src/com/cloud/network/NetworkProfile.java
+++ b/api/src/com/cloud/network/NetworkProfile.java
@@ -18,7 +18,7 @@ package com.cloud.network;
import java.net.URI;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.Networks.BroadcastDomainType;
import com.cloud.network.Networks.Mode;
@@ -279,7 +279,7 @@ public class NetworkProfile implements Network {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Network;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Network;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/com/cloud/network/vpc/StaticRouteProfile.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/vpc/StaticRouteProfile.java b/api/src/com/cloud/network/vpc/StaticRouteProfile.java
index e4942a0..941b5b2 100644
--- a/api/src/com/cloud/network/vpc/StaticRouteProfile.java
+++ b/api/src/com/cloud/network/vpc/StaticRouteProfile.java
@@ -16,7 +16,7 @@
// under the License.
package com.cloud.network.vpc;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
public class StaticRouteProfile implements StaticRoute {
private long id;
@@ -104,8 +104,8 @@ public class StaticRouteProfile implements StaticRoute {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.StaticRoute;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.StaticRoute;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/acl/AclEntityType.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclEntityType.java b/api/src/org/apache/cloudstack/acl/AclEntityType.java
deleted file mode 100644
index 0e1fe5b..0000000
--- a/api/src/org/apache/cloudstack/acl/AclEntityType.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package org.apache.cloudstack.acl;
-
-public enum AclEntityType {
- // currently supported entity, to be added one by one after we support acl on the entity
- VirtualMachine,
- Volume,
- ResourceTag,
- Account,
- AffinityGroup,
- AutoScalePolicy,
- AutoScaleVmGroup,
- AutoScaleVmProfile,
- Condition,
- Vpc,
- VpcGateway,
- PrivateGateway,
- VpnUser,
- VMSnapshot,
- VirtualMachineTemplate,
- UserIpv6Address,
- StaticRoute,
- SSHKeyPair,
- Snapshot,
- Site2SiteVpnGateway,
- Site2SiteVpnConnection,
- Site2SiteCustomerGateway,
- SecurityGroup,
- RemoteAccessVpn,
- PublicIpAddress,
- ProjectInvitation,
- NicSecondaryIp,
- NicIpAlias,
- Network,
- IpAddress,
- InstanceGroup,
- GlobalLoadBalancerRule,
- FirewallRule,
- PortForwardingRule,
- Event,
- AsyncJob,
- AclPolicy,
- AclGroup,
- MonitorService,
- SSLCert
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/acl/ControlledEntity.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/ControlledEntity.java b/api/src/org/apache/cloudstack/acl/ControlledEntity.java
index 29a857f..2572705 100644
--- a/api/src/org/apache/cloudstack/acl/ControlledEntity.java
+++ b/api/src/org/apache/cloudstack/acl/ControlledEntity.java
@@ -29,5 +29,5 @@ public interface ControlledEntity extends OwnedBy, PartOf {
Account, Domain
}
- AclEntityType getEntityType();
+ IAMEntityType getEntityType();
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/acl/IAMEntityType.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/IAMEntityType.java b/api/src/org/apache/cloudstack/acl/IAMEntityType.java
new file mode 100644
index 0000000..0a44253
--- /dev/null
+++ b/api/src/org/apache/cloudstack/acl/IAMEntityType.java
@@ -0,0 +1,45 @@
+package org.apache.cloudstack.acl;
+
+public enum IAMEntityType {
+ // currently supported entity, to be added one by one after we support acl on the entity
+ VirtualMachine,
+ Volume,
+ ResourceTag,
+ Account,
+ AffinityGroup,
+ AutoScalePolicy,
+ AutoScaleVmGroup,
+ AutoScaleVmProfile,
+ Condition,
+ Vpc,
+ VpcGateway,
+ PrivateGateway,
+ VpnUser,
+ VMSnapshot,
+ VirtualMachineTemplate,
+ UserIpv6Address,
+ StaticRoute,
+ SSHKeyPair,
+ Snapshot,
+ Site2SiteVpnGateway,
+ Site2SiteVpnConnection,
+ Site2SiteCustomerGateway,
+ SecurityGroup,
+ RemoteAccessVpn,
+ PublicIpAddress,
+ ProjectInvitation,
+ NicSecondaryIp,
+ NicIpAlias,
+ Network,
+ IpAddress,
+ InstanceGroup,
+ GlobalLoadBalancerRule,
+ FirewallRule,
+ PortForwardingRule,
+ Event,
+ AsyncJob,
+ AclPolicy,
+ AclGroup,
+ MonitorService,
+ SSLCert
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/APICommand.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/APICommand.java b/api/src/org/apache/cloudstack/api/APICommand.java
index ce795b1..690dd9a 100644
--- a/api/src/org/apache/cloudstack/api/APICommand.java
+++ b/api/src/org/apache/cloudstack/api/APICommand.java
@@ -24,7 +24,7 @@ import java.lang.annotation.Target;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
@Retention(RetentionPolicy.RUNTIME)
@Target({TYPE})
@@ -45,5 +45,5 @@ public @interface APICommand {
RoleType[] authorized() default {};
- AclEntityType[] entityType() default {};
+ IAMEntityType[] entityType() default {};
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java b/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java
index e464c41..462219e 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/DestroyRouterCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.router;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -35,7 +35,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.router.VirtualRouter;
import com.cloud.user.Account;
-@APICommand(name = "destroyRouter", description = "Destroys a router.", responseObject = DomainRouterResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "destroyRouter", description = "Destroys a router.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class DestroyRouterCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DestroyRouterCmd.class.getName());
private static final String s_name = "destroyrouterresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java b/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java
index abca5e5..c0e54c8 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/ListRoutersCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.router;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -36,7 +36,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.network.router.VirtualRouter.Role;
-@APICommand(name = "listRouters", description = "List routers.", responseObject = DomainRouterResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "listRouters", description = "List routers.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class ListRoutersCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListRoutersCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java b/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java
index 47a692c..f4200c5 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/RebootRouterCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.router;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -36,7 +36,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.router.VirtualRouter;
import com.cloud.user.Account;
-@APICommand(name = "rebootRouter", description = "Starts a router.", responseObject = DomainRouterResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "rebootRouter", description = "Starts a router.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class RebootRouterCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RebootRouterCmd.class.getName());
private static final String s_name = "rebootrouterresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java b/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java
index 5e5f335..0c553be 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/StartRouterCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.router;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -38,7 +38,7 @@ import com.cloud.network.router.VirtualRouter;
import com.cloud.network.router.VirtualRouter.Role;
import com.cloud.user.Account;
-@APICommand(name = "startRouter", responseObject = DomainRouterResponse.class, description = "Starts a router.", entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "startRouter", responseObject = DomainRouterResponse.class, description = "Starts a router.", entityType = { IAMEntityType.VirtualMachine })
public class StartRouterCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StartRouterCmd.class.getName());
private static final String s_name = "startrouterresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java b/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java
index cc5f7a8..9472e4a 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/StopRouterCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.router;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -37,7 +37,7 @@ import com.cloud.network.router.VirtualRouter;
import com.cloud.network.router.VirtualRouter.Role;
import com.cloud.user.Account;
-@APICommand(name = "stopRouter", description = "Stops a router.", responseObject = DomainRouterResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "stopRouter", description = "Stops a router.", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class StopRouterCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StopRouterCmd.class.getName());
private static final String s_name = "stoprouterresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java b/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java
index dc76129..e414fc9 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/router/UpgradeRouterCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.router;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -31,7 +31,7 @@ import org.apache.cloudstack.api.response.ServiceOfferingResponse;
import com.cloud.network.router.VirtualRouter;
import com.cloud.user.Account;
-@APICommand(name = "changeServiceForRouter", description = "Upgrades domain router to a new service offering", responseObject = DomainRouterResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "changeServiceForRouter", description = "Upgrades domain router to a new service offering", responseObject = DomainRouterResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class UpgradeRouterCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeRouterCmd.class.getName());
private static final String s_name = "changeserviceforrouterresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java
index 62f73aa..24687ec 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/DestroySystemVmCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.systemvm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
-@APICommand(name = "destroySystemVm", responseObject = SystemVmResponse.class, description = "Destroyes a system virtual machine.", entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "destroySystemVm", responseObject = SystemVmResponse.class, description = "Destroyes a system virtual machine.", entityType = { IAMEntityType.VirtualMachine })
public class DestroySystemVmCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DestroySystemVmCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java
index 41fd0ad..6add394 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/ListSystemVMsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -37,7 +37,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.utils.Pair;
import com.cloud.vm.VirtualMachine;
-@APICommand(name = "listSystemVms", description = "List system virtual machines.", responseObject = SystemVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "listSystemVms", description = "List system virtual machines.", responseObject = SystemVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class ListSystemVMsCmd extends BaseListCmd {
public static final Logger s_logger = Logger.getLogger(ListSystemVMsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java
index f01d885..44a5586 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/MigrateSystemVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.systemvm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -41,7 +41,7 @@ import com.cloud.host.Host;
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
-@APICommand(name = "migrateSystemVm", description = "Attempts Migration of a system virtual machine to the host specified.", responseObject = SystemVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "migrateSystemVm", description = "Attempts Migration of a system virtual machine to the host specified.", responseObject = SystemVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class MigrateSystemVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(MigrateSystemVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java
index 628e6ce..68c941c 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/RebootSystemVmCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.systemvm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
-@APICommand(name = "rebootSystemVm", description = "Reboots a system VM.", responseObject = SystemVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "rebootSystemVm", description = "Reboots a system VM.", responseObject = SystemVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class RebootSystemVmCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RebootSystemVmCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java
index 2c9bc57..c220e2a 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/ScaleSystemVMCmd.java
@@ -21,7 +21,7 @@ import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -47,7 +47,7 @@ import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
@APICommand(name = "scaleSystemVm", responseObject = SystemVmResponse.class, description = "Scale the service offering for a system vm (console proxy or secondary storage). "
- + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.", entityType = { AclEntityType.VirtualMachine })
+ + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.", entityType = { IAMEntityType.VirtualMachine })
public class ScaleSystemVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeVMCmd.class.getName());
private static final String s_name = "changeserviceforsystemvmresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java
index 65f6614..ce6a47f 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/StartSystemVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.systemvm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
-@APICommand(name = "startSystemVm", responseObject = SystemVmResponse.class, description = "Starts a system virtual machine.", entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "startSystemVm", responseObject = SystemVmResponse.class, description = "Starts a system virtual machine.", entityType = { IAMEntityType.VirtualMachine })
public class StartSystemVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StartSystemVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java
index dfaaeca..d5e5f00 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/StopSystemVmCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.systemvm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
-@APICommand(name = "stopSystemVm", description = "Stops a system VM.", responseObject = SystemVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "stopSystemVm", description = "Stops a system VM.", responseObject = SystemVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class StopSystemVmCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StopSystemVmCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java
index fc30197..c12d6b0 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/systemvm/UpgradeSystemVMCmd.java
@@ -21,7 +21,7 @@ import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -42,7 +42,7 @@ import com.cloud.user.Account;
import com.cloud.vm.VirtualMachine;
@APICommand(name = "changeServiceForSystemVm", responseObject = SystemVmResponse.class, description = "Changes the service offering for a system vm (console proxy or secondary storage). "
- + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.", entityType = { AclEntityType.VirtualMachine })
+ + "The system vm must be in a \"Stopped\" state for " + "this command to take effect.", entityType = { IAMEntityType.VirtualMachine })
public class UpgradeSystemVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeVMCmd.class.getName());
private static final String s_name = "changeserviceforsystemvmresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/template/ListTemplatesCmdByAdmin.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/template/ListTemplatesCmdByAdmin.java b/api/src/org/apache/cloudstack/api/command/admin/template/ListTemplatesCmdByAdmin.java
index ae90840..b2e9ef5 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/template/ListTemplatesCmdByAdmin.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/template/ListTemplatesCmdByAdmin.java
@@ -16,13 +16,13 @@
// under the License.
package org.apache.cloudstack.api.command.admin.template;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.command.user.template.ListTemplatesCmd;
import org.apache.cloudstack.api.response.TemplateResponse;
-@APICommand(name = "listTemplates", description = "List all public, private, and privileged templates.", responseObject = TemplateResponse.class, entityType = {AclEntityType.VirtualMachineTemplate}, responseView = ResponseView.Full)
+@APICommand(name = "listTemplates", description = "List all public, private, and privileged templates.", responseObject = TemplateResponse.class, entityType = {IAMEntityType.VirtualMachineTemplate}, responseView = ResponseView.Full)
public class ListTemplatesCmdByAdmin extends ListTemplatesCmd {
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java b/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java
index 170d379..af214e0 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/template/PrepareTemplateCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.template.VirtualMachineTemplate;
import com.cloud.user.Account;
-@APICommand(name = "prepareTemplate", responseObject = TemplateResponse.class, description = "load template into primary storage", entityType = { AclEntityType.VirtualMachineTemplate })
+@APICommand(name = "prepareTemplate", responseObject = TemplateResponse.class, description = "load template into primary storage", entityType = { IAMEntityType.VirtualMachineTemplate })
public class PrepareTemplateCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(PrepareTemplateCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
index c6e15d0..71ababd 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -39,7 +39,7 @@ import com.cloud.uservm.UserVm;
@APICommand(name = "assignVirtualMachine",
description = "Change ownership of a VM from one account to another. This API is available for Basic zones with security groups and Advanced zones with guest networks. A root administrator can reassign a VM from any account to any other account in any domain. A domain administrator can reassign a VM to any account in the same domain.",
responseObject = UserVmResponse.class,
- since = "3.0.0", entityType = { AclEntityType.VirtualMachine })
+ since = "3.0.0", entityType = { IAMEntityType.VirtualMachine })
public class AssignVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(AssignVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java
index fcc9ec2f7..2fb6a1e 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/ExpungeVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -40,7 +40,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
import com.cloud.utils.exception.CloudRuntimeException;
-@APICommand(name = "expungeVirtualMachine", description = "Expunge a virtual machine. Once expunged, it cannot be recoverd.", responseObject = SuccessResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "expungeVirtualMachine", description = "Expunge a virtual machine. Once expunged, it cannot be recoverd.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class ExpungeVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ExpungeVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java
index e2ef31f..b3615fc 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -45,7 +45,7 @@ import com.cloud.vm.VirtualMachine;
@APICommand(name = "migrateVirtualMachine",
description = "Attempts Migration of a VM to a different host or Root volume of the vm to a different storage pool",
- responseObject = UserVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+ responseObject = UserVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class MigrateVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(MigrateVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java
index 33355e8..4920250 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/MigrateVirtualMachineWithVolumeCmd.java
@@ -23,7 +23,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -47,7 +47,7 @@ import com.cloud.vm.VirtualMachine;
@APICommand(name = "migrateVirtualMachineWithVolume",
description = "Attempts Migration of a VM with its volumes to a different host",
- responseObject = UserVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+ responseObject = UserVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class MigrateVirtualMachineWithVolumeCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(MigrateVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java
index ea103a1..c7917b6 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/RecoverVMCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.vm;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -32,7 +32,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "recoverVirtualMachine", description = "Recovers a virtual machine.", responseObject = UserVmResponse.class, entityType = { AclEntityType.VirtualMachine })
+@APICommand(name = "recoverVirtualMachine", description = "Recovers a virtual machine.", responseObject = UserVmResponse.class, entityType = { IAMEntityType.VirtualMachine })
public class RecoverVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(RecoverVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java
index 1070662..33c9c55 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vpc/CreatePrivateGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -43,7 +43,7 @@ import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
-@APICommand(name = "createPrivateGateway", description = "Creates a private gateway", responseObject = PrivateGatewayResponse.class, entityType = { AclEntityType.PrivateGateway })
+@APICommand(name = "createPrivateGateway", description = "Creates a private gateway", responseObject = PrivateGatewayResponse.class, entityType = { IAMEntityType.PrivateGateway })
public class CreatePrivateGatewayCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreatePrivateGatewayCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java
index 7c2c471..27e71cf 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vpc/DeletePrivateGatewayCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.admin.vpc;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -37,7 +37,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.VpcGateway;
import com.cloud.user.Account;
-@APICommand(name = "deletePrivateGateway", description = "Deletes a Private gateway", responseObject = SuccessResponse.class, entityType = { AclEntityType.PrivateGateway })
+@APICommand(name = "deletePrivateGateway", description = "Deletes a Private gateway", responseObject = SuccessResponse.class, entityType = { IAMEntityType.PrivateGateway })
public class DeletePrivateGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeletePrivateGatewayCmd.class.getName());
private static final String s_name = "deleteprivategatewayresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java b/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java
index b1a8d3e..492dd57 100644
--- a/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/account/ListAccountsCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.account;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
@@ -27,7 +27,7 @@ import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.ListResponse;
-@APICommand(name = "listAccounts", description = "Lists accounts and provides detailed account information for listed accounts", responseObject = AccountResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.Account })
+@APICommand(name = "listAccounts", description = "Lists accounts and provides detailed account information for listed accounts", responseObject = AccountResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.Account })
public class ListAccountsCmd extends BaseListDomainResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAccountsCmd.class.getName());
private static final String s_name = "listaccountsresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
index a79e9fd..cf00787 100644
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.affinitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.user.Account;
-@APICommand(name = "createAffinityGroup", responseObject = AffinityGroupResponse.class, description = "Creates an affinity/anti-affinity group", entityType = { AclEntityType.AffinityGroup })
+@APICommand(name = "createAffinityGroup", responseObject = AffinityGroupResponse.class, description = "Creates an affinity/anti-affinity group", entityType = { IAMEntityType.AffinityGroup })
public class CreateAffinityGroupCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAffinityGroupCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
index d467db3..2722889 100644
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.affinitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.ACL;
@@ -37,7 +37,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.user.Account;
-@APICommand(name = "deleteAffinityGroup", description = "Deletes affinity group", responseObject = SuccessResponse.class, entityType = { AclEntityType.AffinityGroup })
+@APICommand(name = "deleteAffinityGroup", description = "Deletes affinity group", responseObject = SuccessResponse.class, entityType = { IAMEntityType.AffinityGroup })
public class DeleteAffinityGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAffinityGroupCmd.class.getName());
private static final String s_name = "deleteaffinitygroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java
index 262ecc7..5e209dc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java
@@ -17,7 +17,7 @@
package org.apache.cloudstack.api.command.user.affinitygroup;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -27,7 +27,7 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
-@APICommand(name = "listAffinityGroups", description = "Lists affinity groups", responseObject = AffinityGroupResponse.class, entityType = { AclEntityType.AffinityGroup })
+@APICommand(name = "listAffinityGroups", description = "Lists affinity groups", responseObject = AffinityGroupResponse.class, entityType = { IAMEntityType.AffinityGroup })
public class ListAffinityGroupsCmd extends BaseListAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAffinityGroupsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java
index 222e791..75f01c1 100644
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/UpdateVMAffinityGroupCmd.java
@@ -22,7 +22,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.ACL;
@@ -46,7 +46,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
@APICommand(name = "updateVMAffinityGroup", description = "Updates the affinity/anti-affinity group associations of a virtual machine. The VM has to be stopped and restarted for the "
- + "new properties to take effect.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
+ + "new properties to take effect.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, entityType = { IAMEntityType.VirtualMachine })
public class UpdateVMAffinityGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateVMAffinityGroupCmd.class.getName());
private static final String s_name = "updatevirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java
index c88d77d..e722a6e 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScalePolicyCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -40,7 +40,7 @@ import com.cloud.user.Account;
@APICommand(name = "createAutoScalePolicy",
description = "Creates an autoscale policy for a provision or deprovision action, the action is taken when the all the conditions evaluates to true for the specified duration. The policy is in effect once it is attached to a autscale vm group.",
- responseObject = AutoScalePolicyResponse.class, entityType = { AclEntityType.AutoScalePolicy })
+ responseObject = AutoScalePolicyResponse.class, entityType = { IAMEntityType.AutoScalePolicy })
public class CreateAutoScalePolicyCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAutoScalePolicyCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java
index 4c6f9fb..65bbafa 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmGroupCmd.java
@@ -20,7 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -41,7 +41,7 @@ import com.cloud.network.rules.LoadBalancer;
@APICommand(name = "createAutoScaleVmGroup",
description = "Creates and automatically starts a virtual machine based on a service offering, disk offering, and template.",
- responseObject = AutoScaleVmGroupResponse.class, entityType = { AclEntityType.AutoScaleVmGroup })
+ responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
public class CreateAutoScaleVmGroupCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAutoScaleVmGroupCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java
index afedf90..617b335 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateAutoScaleVmProfileCmd.java
@@ -21,7 +21,7 @@ import java.util.Map;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -45,7 +45,7 @@ import com.cloud.user.User;
@APICommand(name = "createAutoScaleVmProfile",
description = "Creates a profile that contains information about the virtual machine which will be provisioned automatically by autoscale feature.",
- responseObject = AutoScaleVmProfileResponse.class, entityType = { AclEntityType.AutoScaleVmProfile })
+ responseObject = AutoScaleVmProfileResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile })
@SuppressWarnings("rawtypes")
public class CreateAutoScaleVmProfileCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAutoScaleVmProfileCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
index 1138acb..f99aecc 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/CreateConditionCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.network.as.Condition;
-@APICommand(name = "createCondition", description = "Creates a condition", responseObject = ConditionResponse.class, entityType = { AclEntityType.Condition })
+@APICommand(name = "createCondition", description = "Creates a condition", responseObject = ConditionResponse.class, entityType = { IAMEntityType.Condition })
public class CreateConditionCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateConditionCmd.class.getName());
private static final String s_name = "conditionresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java
index 212896f..7d5741e 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScalePolicyCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScalePolicy;
import com.cloud.user.Account;
-@APICommand(name = "deleteAutoScalePolicy", description = "Deletes a autoscale policy.", responseObject = SuccessResponse.class, entityType = { AclEntityType.AutoScalePolicy })
+@APICommand(name = "deleteAutoScalePolicy", description = "Deletes a autoscale policy.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.AutoScalePolicy })
public class DeleteAutoScalePolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAutoScalePolicyCmd.class.getName());
private static final String s_name = "deleteautoscalepolicyresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java
index ea287dc..c8d32bd 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmGroupCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScaleVmGroup;
import com.cloud.user.Account;
-@APICommand(name = "deleteAutoScaleVmGroup", description = "Deletes a autoscale vm group.", responseObject = SuccessResponse.class, entityType = { AclEntityType.AutoScaleVmGroup })
+@APICommand(name = "deleteAutoScaleVmGroup", description = "Deletes a autoscale vm group.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
public class DeleteAutoScaleVmGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAutoScaleVmGroupCmd.class.getName());
private static final String s_name = "deleteautoscalevmgroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java
index 31ee281..79e0a17 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteAutoScaleVmProfileCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -36,7 +36,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScaleVmProfile;
import com.cloud.user.Account;
-@APICommand(name = "deleteAutoScaleVmProfile", description = "Deletes a autoscale vm profile.", responseObject = SuccessResponse.class, entityType = { AclEntityType.AutoScaleVmProfile })
+@APICommand(name = "deleteAutoScaleVmProfile", description = "Deletes a autoscale vm profile.", responseObject = SuccessResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile })
public class DeleteAutoScaleVmProfileCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAutoScaleVmProfileCmd.class.getName());
private static final String s_name = "deleteautoscalevmprofileresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java
index 977a260..9d12149 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DeleteConditionCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -37,7 +37,7 @@ import com.cloud.exception.ResourceInUseException;
import com.cloud.network.as.Condition;
import com.cloud.user.Account;
-@APICommand(name = "deleteCondition", description = "Removes a condition", responseObject = SuccessResponse.class, entityType = { AclEntityType.Condition })
+@APICommand(name = "deleteCondition", description = "Removes a condition", responseObject = SuccessResponse.class, entityType = { IAMEntityType.Condition })
public class DeleteConditionCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteConditionCmd.class.getName());
private static final String s_name = "deleteconditionresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java
index 1698d82..a6e736a 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/DisableAutoScaleVmGroupCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScaleVmGroup;
import com.cloud.user.Account;
-@APICommand(name = "disableAutoScaleVmGroup", description = "Disables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class, entityType = { AclEntityType.AutoScaleVmGroup })
+@APICommand(name = "disableAutoScaleVmGroup", description = "Disables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
public class DisableAutoScaleVmGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DisableAutoScaleVmGroupCmd.class.getName());
private static final String s_name = "disableautoscalevmGroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java
index 290d293..49a6cee 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/EnableAutoScaleVmGroupCmd.java
@@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -35,7 +35,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScaleVmGroup;
import com.cloud.user.Account;
-@APICommand(name = "enableAutoScaleVmGroup", description = "Enables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class, entityType = { AclEntityType.AutoScaleVmGroup })
+@APICommand(name = "enableAutoScaleVmGroup", description = "Enables an AutoScale Vm Group", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
public class EnableAutoScaleVmGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(EnableAutoScaleVmGroupCmd.class.getName());
private static final String s_name = "enableautoscalevmGroupresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java
index a60dff3..c6eb40c 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScalePoliciesCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListAccountResourcesCmd;
@@ -33,7 +33,7 @@ import org.apache.cloudstack.api.response.ListResponse;
import com.cloud.network.as.AutoScalePolicy;
-@APICommand(name = "listAutoScalePolicies", description = "Lists autoscale policies.", responseObject = AutoScalePolicyResponse.class, entityType = { AclEntityType.AutoScalePolicy })
+@APICommand(name = "listAutoScalePolicies", description = "Lists autoscale policies.", responseObject = AutoScalePolicyResponse.class, entityType = { IAMEntityType.AutoScalePolicy })
public class ListAutoScalePoliciesCmd extends BaseListAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAutoScalePoliciesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java
index 8e76842..5e35e63 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmGroupsCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -36,7 +36,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.as.AutoScaleVmGroup;
-@APICommand(name = "listAutoScaleVmGroups", description = "Lists autoscale vm groups.", responseObject = AutoScaleVmGroupResponse.class, entityType = { AclEntityType.AutoScaleVmGroup })
+@APICommand(name = "listAutoScaleVmGroups", description = "Lists autoscale vm groups.", responseObject = AutoScaleVmGroupResponse.class, entityType = { IAMEntityType.AutoScaleVmGroup })
public class ListAutoScaleVmGroupsCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAutoScaleVmGroupsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java
index 1affd75..8a4a522 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/ListAutoScaleVmProfilesCmd.java
@@ -18,7 +18,7 @@ package org.apache.cloudstack.api.command.user.autoscale;
import java.util.ArrayList;
import java.util.List;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
@@ -32,7 +32,7 @@ import org.apache.log4j.Logger;
import com.cloud.network.as.AutoScaleVmProfile;
-@APICommand(name = "listAutoScaleVmProfiles", description = "Lists autoscale vm profiles.", responseObject = AutoScaleVmProfileResponse.class, entityType = { AclEntityType.AutoScaleVmProfile })
+@APICommand(name = "listAutoScaleVmProfiles", description = "Lists autoscale vm profiles.", responseObject = AutoScaleVmProfileResponse.class, entityType = { IAMEntityType.AutoScaleVmProfile })
public class ListAutoScaleVmProfilesCmd extends BaseListProjectAndAccountResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAutoScaleVmProfilesCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java
index ba0d086..26f06bd 100644
--- a/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/autoscale/UpdateAutoScalePolicyCmd.java
@@ -21,7 +21,7 @@ import java.util.List;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
@@ -39,7 +39,7 @@ import com.cloud.event.EventTypes;
import com.cloud.network.as.AutoScalePolicy;
import com.cloud.user.Account;
-@APICommand(name = "updateAutoScalePolicy", description = "Updates an existing autoscale policy.", responseObject = AutoScalePolicyResponse.class, entityType = { AclEntityType.AutoScalePolicy })
+@APICommand(name = "updateAutoScalePolicy", description = "Updates an existing autoscale policy.", responseObject = AutoScalePolicyResponse.class, entityType = { IAMEntityType.AutoScalePolicy })
public class UpdateAutoScalePolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateAutoScalePolicyCmd.class.getName());
[02/50] [abbrv] Renaming AclEntityType --> IAMEntityType
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/MonitoringServiceVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/MonitoringServiceVO.java b/engine/schema/src/com/cloud/network/dao/MonitoringServiceVO.java
index 21e4f03..f1db7f4 100644
--- a/engine/schema/src/com/cloud/network/dao/MonitoringServiceVO.java
+++ b/engine/schema/src/com/cloud/network/dao/MonitoringServiceVO.java
@@ -25,7 +25,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.MonitoringService;
@@ -120,8 +120,8 @@ public class MonitoringServiceVO implements MonitoringService {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.MonitorService;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.MonitorService;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/NetworkVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/NetworkVO.java b/engine/schema/src/com/cloud/network/dao/NetworkVO.java
index cc5535a..c97a522 100644
--- a/engine/schema/src/com/cloud/network/dao/NetworkVO.java
+++ b/engine/schema/src/com/cloud/network/dao/NetworkVO.java
@@ -29,7 +29,7 @@ import javax.persistence.Table;
import javax.persistence.TableGenerator;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
import com.cloud.network.Network;
@@ -586,7 +586,7 @@ public class NetworkVO implements Network {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Network;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Network;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/RemoteAccessVpnVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/RemoteAccessVpnVO.java b/engine/schema/src/com/cloud/network/dao/RemoteAccessVpnVO.java
index f546bb7..c882d5d 100644
--- a/engine/schema/src/com/cloud/network/dao/RemoteAccessVpnVO.java
+++ b/engine/schema/src/com/cloud/network/dao/RemoteAccessVpnVO.java
@@ -25,7 +25,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.RemoteAccessVpn;
@@ -156,7 +156,7 @@ public class RemoteAccessVpnVO implements RemoteAccessVpn {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.RemoteAccessVpn;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.RemoteAccessVpn;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java b/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
index ab04eea..6de4d42 100644
--- a/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
+++ b/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
@@ -26,7 +26,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.Site2SiteCustomerGateway;
import com.cloud.utils.db.Encrypt;
@@ -211,7 +211,7 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Site2SiteCustomerGateway;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Site2SiteCustomerGateway;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/Site2SiteVpnConnectionVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/Site2SiteVpnConnectionVO.java b/engine/schema/src/com/cloud/network/dao/Site2SiteVpnConnectionVO.java
index b092a4a..19309c3 100644
--- a/engine/schema/src/com/cloud/network/dao/Site2SiteVpnConnectionVO.java
+++ b/engine/schema/src/com/cloud/network/dao/Site2SiteVpnConnectionVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.network.Site2SiteVpnConnection;
@@ -163,7 +163,7 @@ public class Site2SiteVpnConnectionVO implements Site2SiteVpnConnection, Interna
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Site2SiteVpnConnection;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Site2SiteVpnConnection;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/Site2SiteVpnGatewayVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/Site2SiteVpnGatewayVO.java b/engine/schema/src/com/cloud/network/dao/Site2SiteVpnGatewayVO.java
index c3ad360..842912e 100644
--- a/engine/schema/src/com/cloud/network/dao/Site2SiteVpnGatewayVO.java
+++ b/engine/schema/src/com/cloud/network/dao/Site2SiteVpnGatewayVO.java
@@ -26,7 +26,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.utils.db.GenericDao;
@@ -121,7 +121,7 @@ public class Site2SiteVpnGatewayVO implements Site2SiteVpnGateway {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Site2SiteVpnGateway;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Site2SiteVpnGateway;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/dao/SslCertVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/SslCertVO.java b/engine/schema/src/com/cloud/network/dao/SslCertVO.java
index 52123a1..6ef7afd 100644
--- a/engine/schema/src/com/cloud/network/dao/SslCertVO.java
+++ b/engine/schema/src/com/cloud/network/dao/SslCertVO.java
@@ -23,7 +23,7 @@ import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.lb.SslCert;
import com.cloud.utils.db.Encrypt;
@@ -124,8 +124,8 @@ public class SslCertVO implements SslCert {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.SSLCert;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.SSLCert;
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java b/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
index 553812f..7d0ca79 100644
--- a/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
+++ b/engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java
@@ -34,7 +34,7 @@ import javax.persistence.InheritanceType;
import javax.persistence.Table;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
import com.cloud.utils.net.NetUtils;
@@ -272,7 +272,7 @@ public class FirewallRuleVO implements FirewallRule {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.FirewallRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.FirewallRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java b/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java
index d2e0bde..26859f7 100644
--- a/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java
+++ b/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java
@@ -25,7 +25,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
@Entity
@Table(name = ("security_group"))
@@ -97,7 +97,7 @@ public class SecurityGroupVO implements SecurityGroup {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.SecurityGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.SecurityGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/vpc/StaticRouteVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/vpc/StaticRouteVO.java b/engine/schema/src/com/cloud/network/vpc/StaticRouteVO.java
index b0e1123..a9ba051 100644
--- a/engine/schema/src/com/cloud/network/vpc/StaticRouteVO.java
+++ b/engine/schema/src/com/cloud/network/vpc/StaticRouteVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -139,7 +139,7 @@ public class StaticRouteVO implements StaticRoute {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.StaticRoute;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.StaticRoute;
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/vpc/VpcGatewayVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/vpc/VpcGatewayVO.java b/engine/schema/src/com/cloud/network/vpc/VpcGatewayVO.java
index f0a0e9c..723ec3b 100644
--- a/engine/schema/src/com/cloud/network/vpc/VpcGatewayVO.java
+++ b/engine/schema/src/com/cloud/network/vpc/VpcGatewayVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -219,7 +219,7 @@ public class VpcGatewayVO implements VpcGateway {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VpcGateway;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VpcGateway;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/network/vpc/VpcVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/vpc/VpcVO.java b/engine/schema/src/com/cloud/network/vpc/VpcVO.java
index dc4f80e..edd984a 100644
--- a/engine/schema/src/com/cloud/network/vpc/VpcVO.java
+++ b/engine/schema/src/com/cloud/network/vpc/VpcVO.java
@@ -26,7 +26,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -186,7 +186,7 @@ public class VpcVO implements Vpc {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Vpc;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Vpc;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/projects/ProjectInvitationVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/projects/ProjectInvitationVO.java b/engine/schema/src/com/cloud/projects/ProjectInvitationVO.java
index faa33d1..885c148 100644
--- a/engine/schema/src/com/cloud/projects/ProjectInvitationVO.java
+++ b/engine/schema/src/com/cloud/projects/ProjectInvitationVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -149,7 +149,7 @@ public class ProjectInvitationVO implements ProjectInvitation {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.ProjectInvitation;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.ProjectInvitation;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/storage/SnapshotVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/storage/SnapshotVO.java b/engine/schema/src/com/cloud/storage/SnapshotVO.java
index 3925708..4c8ceb7 100644
--- a/engine/schema/src/com/cloud/storage/SnapshotVO.java
+++ b/engine/schema/src/com/cloud/storage/SnapshotVO.java
@@ -30,7 +30,7 @@ import javax.persistence.Table;
import com.google.gson.annotations.Expose;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.utils.db.GenericDao;
@@ -239,7 +239,7 @@ public class SnapshotVO implements Snapshot {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Snapshot;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Snapshot;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/storage/VMTemplateVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/storage/VMTemplateVO.java b/engine/schema/src/com/cloud/storage/VMTemplateVO.java
index 1e19937..6501730 100755
--- a/engine/schema/src/com/cloud/storage/VMTemplateVO.java
+++ b/engine/schema/src/com/cloud/storage/VMTemplateVO.java
@@ -31,7 +31,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.storage.Storage.ImageFormat;
@@ -635,8 +635,8 @@ public class VMTemplateVO implements VirtualMachineTemplate {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachineTemplate;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachineTemplate;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/storage/VolumeVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/storage/VolumeVO.java b/engine/schema/src/com/cloud/storage/VolumeVO.java
index 69c9fa5..af80af8 100755
--- a/engine/schema/src/com/cloud/storage/VolumeVO.java
+++ b/engine/schema/src/com/cloud/storage/VolumeVO.java
@@ -32,7 +32,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.storage.Storage.StoragePoolType;
import com.cloud.utils.NumbersUtil;
@@ -590,8 +590,8 @@ public class VolumeVO implements Volume {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Volume;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Volume;
}
public void setHypervisorSnapshotReserve(Integer hypervisorSnapshotReserve) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/tags/ResourceTagVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/tags/ResourceTagVO.java b/engine/schema/src/com/cloud/tags/ResourceTagVO.java
index add8f50..6b743ff 100644
--- a/engine/schema/src/com/cloud/tags/ResourceTagVO.java
+++ b/engine/schema/src/com/cloud/tags/ResourceTagVO.java
@@ -27,7 +27,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.server.ResourceTag;
@@ -166,7 +166,7 @@ public class ResourceTagVO implements ResourceTag {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.ResourceTag;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.ResourceTag;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/user/AccountVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/user/AccountVO.java b/engine/schema/src/com/cloud/user/AccountVO.java
index 3a29ecd..674cdb9 100644
--- a/engine/schema/src/com/cloud/user/AccountVO.java
+++ b/engine/schema/src/com/cloud/user/AccountVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -190,7 +190,7 @@ public class AccountVO implements Account {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Account;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Account;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/user/SSHKeyPairVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/user/SSHKeyPairVO.java b/engine/schema/src/com/cloud/user/SSHKeyPairVO.java
index d30060c..1f64911 100644
--- a/engine/schema/src/com/cloud/user/SSHKeyPairVO.java
+++ b/engine/schema/src/com/cloud/user/SSHKeyPairVO.java
@@ -24,7 +24,7 @@ import javax.persistence.Id;
import javax.persistence.Table;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
@Entity
@Table(name = "ssh_keypairs")
@@ -117,8 +117,8 @@ public class SSHKeyPairVO implements SSHKeyPair {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.SSHKeyPair;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.SSHKeyPair;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/vm/InstanceGroupVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/InstanceGroupVO.java b/engine/schema/src/com/cloud/vm/InstanceGroupVO.java
index 9a5a7ba..9b463d3 100644
--- a/engine/schema/src/com/cloud/vm/InstanceGroupVO.java
+++ b/engine/schema/src/com/cloud/vm/InstanceGroupVO.java
@@ -28,7 +28,7 @@ import javax.persistence.PrimaryKeyJoinColumn;
import javax.persistence.SecondaryTable;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -120,7 +120,7 @@ public class InstanceGroupVO implements InstanceGroup {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.InstanceGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.InstanceGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/vm/VMInstanceVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/VMInstanceVO.java b/engine/schema/src/com/cloud/vm/VMInstanceVO.java
index 9e771c7..a09c34f 100644
--- a/engine/schema/src/com/cloud/vm/VMInstanceVO.java
+++ b/engine/schema/src/com/cloud/vm/VMInstanceVO.java
@@ -36,7 +36,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.utils.db.Encrypt;
@@ -502,8 +502,8 @@ public class VMInstanceVO implements VirtualMachine, FiniteStateObject<State, Vi
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachine;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachine;
}
public VirtualMachine.PowerState getPowerState() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/vm/dao/NicIpAliasVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/dao/NicIpAliasVO.java b/engine/schema/src/com/cloud/vm/dao/NicIpAliasVO.java
index 91cd5a8..9517b7f 100644
--- a/engine/schema/src/com/cloud/vm/dao/NicIpAliasVO.java
+++ b/engine/schema/src/com/cloud/vm/dao/NicIpAliasVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
import com.cloud.utils.net.NetUtils;
@@ -235,8 +235,8 @@ public class NicIpAliasVO implements NicIpAlias {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.NicIpAlias;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.NicIpAlias;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/vm/dao/NicSecondaryIpVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/dao/NicSecondaryIpVO.java b/engine/schema/src/com/cloud/vm/dao/NicSecondaryIpVO.java
index 3510642..584f189 100644
--- a/engine/schema/src/com/cloud/vm/dao/NicSecondaryIpVO.java
+++ b/engine/schema/src/com/cloud/vm/dao/NicSecondaryIpVO.java
@@ -26,7 +26,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
import com.cloud.vm.NicSecondaryIp;
@@ -132,7 +132,7 @@ public class NicSecondaryIpVO implements NicSecondaryIp {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.NicSecondaryIp;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.NicSecondaryIp;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/com/cloud/vm/snapshot/VMSnapshotVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/snapshot/VMSnapshotVO.java b/engine/schema/src/com/cloud/vm/snapshot/VMSnapshotVO.java
index 5254e38..042b276 100644
--- a/engine/schema/src/com/cloud/vm/snapshot/VMSnapshotVO.java
+++ b/engine/schema/src/com/cloud/vm/snapshot/VMSnapshotVO.java
@@ -33,7 +33,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.subsystem.api.storage.VMSnapshotOptions;
import com.cloud.utils.db.GenericDao;
@@ -246,7 +246,7 @@ public class VMSnapshotVO implements VMSnapshot {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VMSnapshot;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VMSnapshot;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/org/apache/cloudstack/affinity/AffinityGroupVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/affinity/AffinityGroupVO.java b/engine/schema/src/org/apache/cloudstack/affinity/AffinityGroupVO.java
index 7630a01..ec267ee 100644
--- a/engine/schema/src/org/apache/cloudstack/affinity/AffinityGroupVO.java
+++ b/engine/schema/src/org/apache/cloudstack/affinity/AffinityGroupVO.java
@@ -27,7 +27,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
@Entity
@@ -126,8 +126,8 @@ public class AffinityGroupVO implements AffinityGroup {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.AffinityGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.AffinityGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/org/apache/cloudstack/engine/cloud/entity/api/db/VMEntityVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/engine/cloud/entity/api/db/VMEntityVO.java b/engine/schema/src/org/apache/cloudstack/engine/cloud/entity/api/db/VMEntityVO.java
index 16d98d5..4a4fd47 100644
--- a/engine/schema/src/org/apache/cloudstack/engine/cloud/entity/api/db/VMEntityVO.java
+++ b/engine/schema/src/org/apache/cloudstack/engine/cloud/entity/api/db/VMEntityVO.java
@@ -37,7 +37,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.utils.db.Encrypt;
@@ -538,8 +538,8 @@ public class VMEntityVO implements VirtualMachine, FiniteStateObject<State, Virt
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachine;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachine;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/schema/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancerRuleVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancerRuleVO.java b/engine/schema/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancerRuleVO.java
index 326fb31..a37fec2 100644
--- a/engine/schema/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancerRuleVO.java
+++ b/engine/schema/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancerRuleVO.java
@@ -28,7 +28,7 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.region.ha.GlobalLoadBalancerRule;
@@ -191,7 +191,7 @@ public class GlobalLoadBalancerRuleVO implements GlobalLoadBalancerRule {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.GlobalLoadBalancerRule;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.GlobalLoadBalancerRule;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/storage/image/src/org/apache/cloudstack/storage/image/store/TemplateObject.java
----------------------------------------------------------------------
diff --git a/engine/storage/image/src/org/apache/cloudstack/storage/image/store/TemplateObject.java b/engine/storage/image/src/org/apache/cloudstack/storage/image/store/TemplateObject.java
index f7d068e..2b77ac9 100644
--- a/engine/storage/image/src/org/apache/cloudstack/storage/image/store/TemplateObject.java
+++ b/engine/storage/image/src/org/apache/cloudstack/storage/image/store/TemplateObject.java
@@ -25,7 +25,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.subsystem.api.storage.DataObjectInStore;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.ObjectInDataStoreStateMachine;
@@ -438,8 +438,8 @@ public class TemplateObject implements TemplateInfo {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachineTemplate;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachineTemplate;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/storage/snapshot/src/org/apache/cloudstack/storage/snapshot/SnapshotObject.java
----------------------------------------------------------------------
diff --git a/engine/storage/snapshot/src/org/apache/cloudstack/storage/snapshot/SnapshotObject.java b/engine/storage/snapshot/src/org/apache/cloudstack/storage/snapshot/SnapshotObject.java
index b5573dd..a8f1a56 100644
--- a/engine/storage/snapshot/src/org/apache/cloudstack/storage/snapshot/SnapshotObject.java
+++ b/engine/storage/snapshot/src/org/apache/cloudstack/storage/snapshot/SnapshotObject.java
@@ -24,7 +24,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.subsystem.api.storage.DataObjectInStore;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.ObjectInDataStoreStateMachine;
@@ -383,7 +383,7 @@ public class SnapshotObject implements SnapshotInfo {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Snapshot;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Snapshot;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/storage/src/org/apache/cloudstack/storage/image/TemplateEntityImpl.java
----------------------------------------------------------------------
diff --git a/engine/storage/src/org/apache/cloudstack/storage/image/TemplateEntityImpl.java b/engine/storage/src/org/apache/cloudstack/storage/image/TemplateEntityImpl.java
index 4ddf053..da7677c 100644
--- a/engine/storage/src/org/apache/cloudstack/storage/image/TemplateEntityImpl.java
+++ b/engine/storage/src/org/apache/cloudstack/storage/image/TemplateEntityImpl.java
@@ -23,7 +23,7 @@ import java.util.Date;
import java.util.List;
import java.util.Map;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.cloud.entity.api.TemplateEntity;
import org.apache.cloudstack.engine.subsystem.api.storage.TemplateInfo;
import org.apache.cloudstack.storage.image.datastore.ImageStoreInfo;
@@ -287,7 +287,7 @@ public class TemplateEntityImpl implements TemplateEntity {
}
@Override
- public AclEntityType getEntityType() {
+ public IAMEntityType getEntityType() {
// TODO Auto-generated method stub
return null;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/storage/src/org/apache/cloudstack/storage/snapshot/SnapshotEntityImpl.java
----------------------------------------------------------------------
diff --git a/engine/storage/src/org/apache/cloudstack/storage/snapshot/SnapshotEntityImpl.java b/engine/storage/src/org/apache/cloudstack/storage/snapshot/SnapshotEntityImpl.java
index 05ee9f6..103c0db 100644
--- a/engine/storage/src/org/apache/cloudstack/storage/snapshot/SnapshotEntityImpl.java
+++ b/engine/storage/src/org/apache/cloudstack/storage/snapshot/SnapshotEntityImpl.java
@@ -21,7 +21,7 @@ import java.util.Date;
import java.util.List;
import java.util.Map;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.cloud.entity.api.SnapshotEntity;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
@@ -185,8 +185,8 @@ public class SnapshotEntityImpl implements SnapshotEntity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Snapshot;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Snapshot;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeObject.java
----------------------------------------------------------------------
diff --git a/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeObject.java b/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeObject.java
index eb08b3d..dc05278 100644
--- a/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeObject.java
+++ b/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeObject.java
@@ -22,7 +22,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.subsystem.api.storage.DataObjectInStore;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.ObjectInDataStoreStateMachine;
@@ -665,7 +665,7 @@ public class VolumeObject implements VolumeInfo {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Volume;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Volume;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/AffinityGroupJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/AffinityGroupJoinVO.java b/server/src/com/cloud/api/query/vo/AffinityGroupJoinVO.java
index d556c5c..8a213e2 100644
--- a/server/src/com/cloud/api/query/vo/AffinityGroupJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/AffinityGroupJoinVO.java
@@ -23,7 +23,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
import com.cloud.vm.VirtualMachine;
@@ -194,8 +194,8 @@ public class AffinityGroupJoinVO extends BaseViewVO implements ControlledViewEnt
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.AffinityGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.AffinityGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/AsyncJobJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/AsyncJobJoinVO.java b/server/src/com/cloud/api/query/vo/AsyncJobJoinVO.java
index d657bd4..7889b76 100644
--- a/server/src/com/cloud/api/query/vo/AsyncJobJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/AsyncJobJoinVO.java
@@ -25,7 +25,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.ApiCommandJobType;
import com.cloud.utils.db.GenericDao;
@@ -203,8 +203,8 @@ public class AsyncJobJoinVO extends BaseViewVO implements ControlledViewEntity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.AsyncJob;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.AsyncJob;
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/DomainRouterJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/DomainRouterJoinVO.java b/server/src/com/cloud/api/query/vo/DomainRouterJoinVO.java
index 4889b3d..ac32859 100644
--- a/server/src/com/cloud/api/query/vo/DomainRouterJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/DomainRouterJoinVO.java
@@ -26,7 +26,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.Network.GuestType;
import com.cloud.network.Networks.TrafficType;
@@ -514,7 +514,7 @@ public class DomainRouterJoinVO extends BaseViewVO implements ControlledViewEnti
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachine;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachine;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/EventJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/EventJoinVO.java b/server/src/com/cloud/api/query/vo/EventJoinVO.java
index 7312d64..757f0a7 100644
--- a/server/src/com/cloud/api/query/vo/EventJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/EventJoinVO.java
@@ -25,7 +25,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.event.Event.State;
import com.cloud.utils.db.GenericDao;
@@ -220,7 +220,7 @@ public class EventJoinVO extends BaseViewVO implements ControlledViewEntity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Event;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Event;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/InstanceGroupJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/InstanceGroupJoinVO.java b/server/src/com/cloud/api/query/vo/InstanceGroupJoinVO.java
index a05cc6e..98d1a52 100644
--- a/server/src/com/cloud/api/query/vo/InstanceGroupJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/InstanceGroupJoinVO.java
@@ -23,7 +23,7 @@ import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.utils.db.GenericDao;
@@ -160,7 +160,7 @@ public class InstanceGroupJoinVO extends BaseViewVO implements ControlledViewEnt
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.InstanceGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.InstanceGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java b/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java
index 6eed676..ba619a9 100644
--- a/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java
@@ -25,7 +25,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.projects.ProjectInvitation.State;
import com.cloud.utils.db.GenericDao;
@@ -164,7 +164,7 @@ public class ProjectInvitationJoinVO extends BaseViewVO implements ControlledVie
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.ProjectInvitation;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.ProjectInvitation;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/ResourceTagJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/ResourceTagJoinVO.java b/server/src/com/cloud/api/query/vo/ResourceTagJoinVO.java
index b395e34..e1b8b81 100644
--- a/server/src/com/cloud/api/query/vo/ResourceTagJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/ResourceTagJoinVO.java
@@ -23,7 +23,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.server.ResourceTag.ResourceObjectType;
@@ -182,7 +182,7 @@ public class ResourceTagJoinVO extends BaseViewVO implements ControlledViewEntit
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.ResourceTag;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.ResourceTag;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/SecurityGroupJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/SecurityGroupJoinVO.java b/server/src/com/cloud/api/query/vo/SecurityGroupJoinVO.java
index d613ac6..3c9e3bf 100644
--- a/server/src/com/cloud/api/query/vo/SecurityGroupJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/SecurityGroupJoinVO.java
@@ -23,7 +23,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.network.security.SecurityRule.SecurityRuleType;
import com.cloud.server.ResourceTag.ResourceObjectType;
@@ -306,7 +306,7 @@ public class SecurityGroupJoinVO extends BaseViewVO implements ControlledViewEnt
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.SecurityGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.SecurityGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/TemplateJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/TemplateJoinVO.java b/server/src/com/cloud/api/query/vo/TemplateJoinVO.java
index e395b18..de0da2f 100644
--- a/server/src/com/cloud/api/query/vo/TemplateJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/TemplateJoinVO.java
@@ -27,7 +27,7 @@ import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.engine.subsystem.api.storage.ObjectInDataStoreStateMachine;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
@@ -544,7 +544,7 @@ public class TemplateJoinVO extends BaseViewVO implements ControlledViewEntity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachineTemplate;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachineTemplate;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/UserVmJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/UserVmJoinVO.java b/server/src/com/cloud/api/query/vo/UserVmJoinVO.java
index 4201ba5..fcee393 100644
--- a/server/src/com/cloud/api/query/vo/UserVmJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/UserVmJoinVO.java
@@ -28,7 +28,7 @@ import javax.persistence.Id;
import javax.persistence.Table;
import javax.persistence.Transient;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.network.Network.GuestType;
@@ -913,7 +913,7 @@ public class UserVmJoinVO extends BaseViewVO implements ControlledViewEntity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VirtualMachine;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VirtualMachine;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/query/vo/VolumeJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/VolumeJoinVO.java b/server/src/com/cloud/api/query/vo/VolumeJoinVO.java
index 405a959..9685d02 100644
--- a/server/src/com/cloud/api/query/vo/VolumeJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/VolumeJoinVO.java
@@ -27,7 +27,7 @@ import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.server.ResourceTag.ResourceObjectType;
@@ -570,7 +570,7 @@ public class VolumeJoinVO extends BaseViewVO implements ControlledViewEntity {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.Volume;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.Volume;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/api/response/SecurityGroupResultObject.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/response/SecurityGroupResultObject.java b/server/src/com/cloud/api/response/SecurityGroupResultObject.java
index e618da5..98ed415 100644
--- a/server/src/com/cloud/api/response/SecurityGroupResultObject.java
+++ b/server/src/com/cloud/api/response/SecurityGroupResultObject.java
@@ -21,7 +21,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.api.InternalIdentity;
@@ -212,7 +212,7 @@ public class SecurityGroupResultObject implements ControlledEntity, InternalIden
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.SecurityGroup;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.SecurityGroup;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/network/vpc/PrivateGatewayProfile.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/PrivateGatewayProfile.java b/server/src/com/cloud/network/vpc/PrivateGatewayProfile.java
index 9ca5482..b912e22 100644
--- a/server/src/com/cloud/network/vpc/PrivateGatewayProfile.java
+++ b/server/src/com/cloud/network/vpc/PrivateGatewayProfile.java
@@ -16,7 +16,7 @@
// under the License.
package com.cloud.network.vpc;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
public class PrivateGatewayProfile implements PrivateGateway {
VpcGateway vpcGateway;
@@ -113,7 +113,7 @@ public class PrivateGatewayProfile implements PrivateGateway {
}
@Override
- public AclEntityType getEntityType() {
- return AclEntityType.VpcGateway;
+ public IAMEntityType getEntityType() {
+ return IAMEntityType.VpcGateway;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/template/HypervisorTemplateAdapter.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/HypervisorTemplateAdapter.java b/server/src/com/cloud/template/HypervisorTemplateAdapter.java
index 3615c7a..d6a1ab5 100755
--- a/server/src/com/cloud/template/HypervisorTemplateAdapter.java
+++ b/server/src/com/cloud/template/HypervisorTemplateAdapter.java
@@ -27,7 +27,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.api.command.user.iso.DeleteIsoCmd;
import org.apache.cloudstack.api.command.user.iso.RegisterIsoCmd;
import org.apache.cloudstack.api.command.user.template.DeleteTemplateCmd;
@@ -406,7 +406,7 @@ public class HypervisorTemplateAdapter extends TemplateAdapterBase {
}
// remove its related ACL permission
- Pair<AclEntityType, Long> tmplt = new Pair<AclEntityType, Long>(AclEntityType.VirtualMachineTemplate, template.getId());
+ Pair<IAMEntityType, Long> tmplt = new Pair<IAMEntityType, Long>(IAMEntityType.VirtualMachineTemplate, template.getId());
_messageBus.publish(_name, EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, PublishScope.LOCAL, tmplt);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/com/cloud/template/TemplateManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/TemplateManagerImpl.java b/server/src/com/cloud/template/TemplateManagerImpl.java
index 6b72139..a8aa785 100755
--- a/server/src/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/com/cloud/template/TemplateManagerImpl.java
@@ -33,7 +33,7 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTemplateOrIsoPermissionsCmd;
@@ -1270,7 +1270,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
// add ACL permission in IAM
Map<String, Object> permit = new HashMap<String, Object>();
- permit.put(ApiConstants.ENTITY_TYPE, AclEntityType.VirtualMachineTemplate.toString());
+ permit.put(ApiConstants.ENTITY_TYPE, IAMEntityType.VirtualMachineTemplate.toString());
permit.put(ApiConstants.ENTITY_ID, id);
permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry);
permit.put(ApiConstants.ACL_ACTION, "listTemplates");
@@ -1287,7 +1287,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
_launchPermissionDao.removePermissions(id, accountIds);
// remove ACL permission in IAM
Map<String, Object> permit = new HashMap<String, Object>();
- permit.put(ApiConstants.ENTITY_TYPE, AclEntityType.VirtualMachineTemplate.toString());
+ permit.put(ApiConstants.ENTITY_TYPE, IAMEntityType.VirtualMachineTemplate.toString());
permit.put(ApiConstants.ENTITY_ID, id);
permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry);
permit.put(ApiConstants.ACL_ACTION, "listTemplates");
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f41604fc/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
index 559d5ac..f375fde 100644
--- a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
+++ b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
@@ -28,7 +28,7 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@@ -218,7 +218,7 @@ public class AffinityGroupServiceImpl extends ManagerBase implements AffinityGro
_affinityGroupDomainMapDao.persist(domainMap);
//send event for storing the domain wide resource access
Map<String, Object> params = new HashMap<String, Object>();
- params.put(ApiConstants.ENTITY_TYPE, AclEntityType.AffinityGroup);
+ params.put(ApiConstants.ENTITY_TYPE, IAMEntityType.AffinityGroup);
params.put(ApiConstants.ENTITY_ID, group.getId());
params.put(ApiConstants.DOMAIN_ID, domainId);
params.put(ApiConstants.SUBDOMAIN_ACCESS, subDomainAccess);
@@ -300,7 +300,7 @@ public class AffinityGroupServiceImpl extends ManagerBase implements AffinityGro
_affinityGroupDomainMapDao.remove(groupDomain.getId());
}
// remove its related ACL permission
- Pair<AclEntityType, Long> params = new Pair<AclEntityType, Long>(AclEntityType.AffinityGroup, affinityGroupIdFinal);
+ Pair<IAMEntityType, Long> params = new Pair<IAMEntityType, Long>(IAMEntityType.AffinityGroup, affinityGroupIdFinal);
_messageBus.publish(_name, EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, PublishScope.LOCAL, params);
}
}
[48/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Removed the AccessType.UseNetwork - replaced all referrences by AccessType.UseEntry
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/36c0a4e2
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/36c0a4e2
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/36c0a4e2
Branch: refs/heads/master
Commit: 36c0a4e2c33f59649ff52e3be7a4f181f8defeae
Parents: 84a528f
Author: Prachi Damle <pr...@cloud.com>
Authored: Thu Mar 13 15:32:38 2014 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Thu Mar 13 15:32:38 2014 -0700
----------------------------------------------------------------------
api/src/org/apache/cloudstack/acl/SecurityChecker.java | 1 -
.../apache/cloudstack/api/command/user/vm/DeployVMCmd.java | 2 +-
server/src/com/cloud/acl/DomainChecker.java | 2 +-
server/src/com/cloud/network/IpAddressManagerImpl.java | 8 +++++---
server/src/com/cloud/network/NetworkServiceImpl.java | 4 ++--
server/src/com/cloud/user/AccountManagerImpl.java | 3 ++-
server/src/com/cloud/vm/UserVmManagerImpl.java | 6 +++---
.../network/lb/ApplicationLoadBalancerManagerImpl.java | 2 +-
8 files changed, 15 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/api/src/org/apache/cloudstack/acl/SecurityChecker.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/SecurityChecker.java b/api/src/org/apache/cloudstack/acl/SecurityChecker.java
index 2889bc8..614f604 100644
--- a/api/src/org/apache/cloudstack/acl/SecurityChecker.java
+++ b/api/src/org/apache/cloudstack/acl/SecurityChecker.java
@@ -32,7 +32,6 @@ public interface SecurityChecker extends Adapter {
public enum AccessType {
ModifyProject,
- UseNetwork,
OperateEntry,
UseEntry
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
index 69e079f..0235fcc 100755
--- a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
@@ -105,7 +105,7 @@ public class DeployVMCmd extends BaseAsyncCreateCustomIdCmd {
private Long domainId;
//Network information
- @ACL(accessType = AccessType.UseNetwork)
+ @ACL(accessType = AccessType.UseEntry)
@Parameter(name = ApiConstants.NETWORK_IDS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = NetworkResponse.class, description = "list of network ids used by virtual machine. Can't be specified with ipToNetworkList parameter")
private List<Long> networkIds;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/server/src/com/cloud/acl/DomainChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/DomainChecker.java b/server/src/com/cloud/acl/DomainChecker.java
index 3df71a7..cb6921d 100755
--- a/server/src/com/cloud/acl/DomainChecker.java
+++ b/server/src/com/cloud/acl/DomainChecker.java
@@ -134,7 +134,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
}
return true;
- } else if (entity instanceof Network && accessType != null && accessType == AccessType.UseNetwork) {
+ } else if (entity instanceof Network && accessType != null && accessType == AccessType.UseEntry) {
_networkMgr.checkNetworkPermissions(caller, (Network)entity);
} else if (entity instanceof AffinityGroup) {
return false;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/server/src/com/cloud/network/IpAddressManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/IpAddressManagerImpl.java b/server/src/com/cloud/network/IpAddressManagerImpl.java
index 5225e3d..9b1f9bd 100644
--- a/server/src/com/cloud/network/IpAddressManagerImpl.java
+++ b/server/src/com/cloud/network/IpAddressManagerImpl.java
@@ -1164,7 +1164,8 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage
if (zone.getNetworkType() == NetworkType.Advanced) {
if (network.getGuestType() == Network.GuestType.Shared) {
if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId())) {
- _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.UseEntry, false,
+ network);
} else {
throw new InvalidParameterValueException("IP can be associated with guest network of 'shared' type only if "
+ "network services Source Nat, Static Nat, Port Forwarding, Load balancing, firewall are enabled in the network");
@@ -1186,7 +1187,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage
Network network = _networksDao.findById(networkId);
if (network != null) {
- _accountMgr.checkAccess(owner, AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(owner, AccessType.UseEntry, false, network);
} else {
s_logger.debug("Unable to find ip address by id: " + ipId);
return null;
@@ -1318,7 +1319,8 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage
if (zone.getNetworkType() == NetworkType.Advanced) {
if (network.getGuestType() == Network.GuestType.Shared) {
assert (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId()));
- _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.UseEntry, false,
+ network);
}
} else {
_accountMgr.checkAccess(caller, null, true, ipToAssoc);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/server/src/com/cloud/network/NetworkServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java
index 9185d84..9238a1e 100755
--- a/server/src/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/com/cloud/network/NetworkServiceImpl.java
@@ -535,7 +535,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
// if shared network in the advanced zone, then check the caller against the network for 'AccessType.UseNetwork'
if (zone.getNetworkType() == NetworkType.Advanced) {
if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId())) {
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Associate IP address called by the user " + callerUserId + " account " + ipOwner.getId());
}
@@ -578,7 +578,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
// if shared network in the advanced zone, then check the caller against the network for 'AccessType.UseNetwork'
if (zone.getNetworkType() == NetworkType.Advanced) {
if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId())) {
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Associate IP address called by the user " + callerUserId + " account " + ipOwner.getId());
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 1b68b0c..f0d129a 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -91,6 +91,7 @@ import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.IpAddress;
import com.cloud.network.IpAddressManager;
+import com.cloud.network.Network;
import com.cloud.network.VpnUserVO;
import com.cloud.network.as.AutoScaleManager;
import com.cloud.network.dao.AccountGuestVlanMapDao;
@@ -490,7 +491,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
domainId = account != null ? account.getDomainId() : -1;
}
if (entity.getAccountId() != -1 && domainId != -1 && !(entity instanceof VirtualMachineTemplate) &&
- !(accessType != null && accessType == AccessType.UseNetwork) && !(entity instanceof AffinityGroup)) {
+ !(entity instanceof Network && accessType != null && accessType == AccessType.UseEntry) && !(entity instanceof AffinityGroup)) {
List<ControlledEntity> toBeChecked = domains.get(entity.getDomainId());
// for templates, we don't have to do cross domains check
if (toBeChecked == null) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index e7c0c8d..0e4fb5e 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -987,7 +987,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
}
// Perform account permission check on network
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
//ensure network belongs in zone
if (network.getDataCenterId() != vmInstance.getDataCenterId()) {
@@ -1061,7 +1061,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
}
// Perform account permission check on network
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
boolean nicremoved = false;
@@ -2336,7 +2336,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
// Perform account permission check
if (network.getAclType() == ACLType.Account) {
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
}
networkList.add(network);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java b/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java
index 1f3e0d2..73bf0d2 100644
--- a/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java
+++ b/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java
@@ -114,7 +114,7 @@ public class ApplicationLoadBalancerManagerImpl extends ManagerBase implements A
}
Account caller = CallContext.current().getCallingAccount();
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, guestNtwk);
+ _accountMgr.checkAccess(caller, AccessType.UseEntry, false, guestNtwk);
Network sourceIpNtwk = _networkModel.getNetwork(sourceIpNetworkId);
if (sourceIpNtwk == null) {
[13/50] [abbrv] iam/plugin: Rename Acl to IAM everywhere
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
new file mode 100644
index 0000000..de57a41
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -0,0 +1,690 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.command.iam.AddAccountToIAMGroupCmd;
+import org.apache.cloudstack.api.command.iam.AddIAMPermissionToIAMPolicyCmd;
+import org.apache.cloudstack.api.command.iam.AttachIAMPolicyToAccountCmd;
+import org.apache.cloudstack.api.command.iam.AttachIAMPolicyToIAMGroupCmd;
+import org.apache.cloudstack.api.command.iam.CreateIAMGroupCmd;
+import org.apache.cloudstack.api.command.iam.CreateIAMPolicyCmd;
+import org.apache.cloudstack.api.command.iam.DeleteIAMGroupCmd;
+import org.apache.cloudstack.api.command.iam.DeleteIAMPolicyCmd;
+import org.apache.cloudstack.api.command.iam.ListIAMGroupsCmd;
+import org.apache.cloudstack.api.command.iam.ListIAMPoliciesCmd;
+import org.apache.cloudstack.api.command.iam.RemoveAccountFromIAMGroupCmd;
+import org.apache.cloudstack.api.command.iam.RemoveIAMPermissionFromIAMPolicyCmd;
+import org.apache.cloudstack.api.command.iam.RemoveIAMPolicyFromAccountCmd;
+import org.apache.cloudstack.api.command.iam.RemoveIAMPolicyFromIAMGroupCmd;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPermissionResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.messagebus.MessageBus;
+import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMService;
+
+import com.cloud.api.ApiServerService;
+import com.cloud.domain.Domain;
+import com.cloud.domain.DomainVO;
+import com.cloud.domain.dao.DomainDao;
+import com.cloud.event.ActionEvent;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.template.TemplateManager;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountVO;
+import com.cloud.user.DomainManager;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.Pair;
+import com.cloud.utils.component.Manager;
+import com.cloud.utils.component.ManagerBase;
+import com.cloud.utils.db.DB;
+import com.cloud.utils.db.EntityManager;
+
+@Local(value = {IAMApiService.class})
+public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Manager {
+
+ public static final Logger s_logger = Logger.getLogger(IAMApiServiceImpl.class);
+ private String _name;
+
+ @Inject
+ ApiServerService _apiServer;
+
+ @Inject
+ IAMService _iamSrv;
+
+ @Inject
+ DomainDao _domainDao;
+
+ @Inject
+ AccountDao _accountDao;
+
+ @Inject
+ AccountManager _accountMgr;
+
+ @Inject
+ MessageBus _messageBus;
+
+ @Override
+ public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
+ _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ HashMap<Long, Long> acctGroupMap = (HashMap<Long, Long>) obj;
+ for (Long accountId : acctGroupMap.keySet()) {
+ Long groupId = acctGroupMap.get(accountId);
+ s_logger.debug("MessageBus message: new Account Added: " + accountId + ", adding it to groupId :"
+ + groupId);
+ addAccountToIAMGroup(accountId, groupId);
+ // add it to domain group too
+ AccountVO account = _accountDao.findById(accountId);
+ Domain domain = _domainDao.findById(account.getDomainId());
+ if (domain != null) {
+ List<IAMGroup> domainGroups = listDomainGroup(domain);
+
+ if (domainGroups != null) {
+ for (IAMGroup group : domainGroups) {
+ addAccountToIAMGroup(accountId, new Long(group.getId()));
+ }
+ }
+ }
+ }
+ }
+ });
+
+ _messageBus.subscribe(AccountManager.MESSAGE_REMOVE_ACCOUNT_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long accountId = ((Long) obj);
+ if (accountId != null) {
+ s_logger.debug("MessageBus message: Account removed: " + accountId
+ + ", releasing the group associations");
+ removeAccountFromIAMGroups(accountId);
+ }
+ }
+ });
+
+ _messageBus.subscribe(DomainManager.MESSAGE_ADD_DOMAIN_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long domainId = ((Long) obj);
+ if (domainId != null) {
+ s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
+ Domain domain = _domainDao.findById(domainId);
+ _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
+ }
+ }
+ });
+
+ _messageBus.subscribe(DomainManager.MESSAGE_REMOVE_DOMAIN_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long domainId = ((Long) obj);
+ if (domainId != null) {
+ s_logger.debug("MessageBus message: Domain removed: " + domainId + ", removing the domain group");
+ Domain domain = _domainDao.findById(domainId);
+ List<IAMGroup> groups = listDomainGroup(domain);
+ for (IAMGroup group : groups) {
+ _iamSrv.deleteAclGroup(group.getId());
+ }
+ }
+ }
+ });
+
+ _messageBus.subscribe(TemplateManager.MESSAGE_REGISTER_PUBLIC_TEMPLATE_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long templateId = (Long)obj;
+ if (templateId != null) {
+ s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
+ _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
+ }
+ }
+ });
+
+ _messageBus.subscribe(TemplateManager.MESSAGE_RESET_TEMPLATE_PERMISSION_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Long templateId = (Long)obj;
+ if (templateId != null) {
+ s_logger.debug("MessageBus message: reset template permission: " + templateId);
+ resetTemplatePermission(templateId);
+ }
+ }
+ });
+
+ _messageBus.subscribe(EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Pair<IAMEntityType, Long> entity = (Pair<IAMEntityType, Long>)obj;
+ if (entity != null) {
+ String entityType = entity.first().toString();
+ Long entityId = entity.second();
+ s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
+ _iamSrv.removeAclPermissionForEntity(entityType, entityId);
+ }
+ }
+ });
+
+
+ _messageBus.subscribe(EntityManager.MESSAGE_GRANT_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Map<String, Object> permit = (Map<String, Object>)obj;
+ if (permit != null) {
+ String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
+ Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
+ AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
+ String action = (String)permit.get(ApiConstants.IAM_ACTION);
+ List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
+ s_logger.debug("MessageBus message: grant accounts permission to an entity: (" + entityType + "," + entityId + ")");
+ grantEntityPermissioinToAccounts(entityType, entityId, accessType, action, acctIds);
+ }
+ }
+ });
+
+ _messageBus.subscribe(EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Map<String, Object> permit = (Map<String, Object>)obj;
+ if (permit != null) {
+ String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
+ Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
+ AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
+ String action = (String)permit.get(ApiConstants.IAM_ACTION);
+ List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
+ s_logger.debug("MessageBus message: revoke from accounts permission to an entity: (" + entityType + "," + entityId + ")");
+ revokeEntityPermissioinFromAccounts(entityType, entityId, accessType, action, acctIds);
+ }
+ }
+ });
+
+ _messageBus.subscribe(EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Map<String, Object> params = (Map<String, Object>) obj;
+ if (params != null) {
+ addDomainWideResourceAccess(params);
+ }
+ }
+ });
+
+ return super.configure(name, params);
+ }
+
+ private void addDomainWideResourceAccess(Map<String, Object> params) {
+
+ IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);
+ Long entityId = (Long) params.get(ApiConstants.ENTITY_ID);
+ Long domainId = (Long) params.get(ApiConstants.DOMAIN_ID);
+ Boolean isRecursive = (Boolean) params.get(ApiConstants.SUBDOMAIN_ACCESS);
+
+ if (entityType == IAMEntityType.Network) {
+ createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType.toString(),
+ entityId, "listNetworks", AccessType.UseEntry, domainId, isRecursive);
+ } else if (entityType == IAMEntityType.AffinityGroup) {
+ createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide affinityGroup", entityType.toString(),
+ entityId, "listAffinityGroups", AccessType.UseEntry, domainId, isRecursive);
+ }
+
+ }
+
+ private void createPolicyAndAddToDomainGroup(String policyName, String description, String entityType,
+ Long entityId, String action, AccessType accessType, Long domainId, Boolean recursive) {
+
+ Domain domain = _domainDao.findById(domainId);
+ if (domain != null) {
+ IAMPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
+ _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
+ entityId, action, accessType.toString(), Permission.Allow, recursive);
+ List<Long> policyList = new ArrayList<Long>();
+ policyList.add(new Long(policy.getId()));
+
+ List<IAMGroup> domainGroups = listDomainGroup(domain);
+ if (domainGroups != null) {
+ for (IAMGroup group : domainGroups) {
+ _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
+ }
+ }
+ }
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
+ public IAMGroup createIAMGroup(Account caller, String iamGroupName, String description) {
+ Long domainId = caller.getDomainId();
+ Domain callerDomain = _domainDao.findById(domainId);
+ if (callerDomain == null) {
+ throw new InvalidParameterValueException("Caller does not have a domain");
+ }
+ return _iamSrv.createAclGroup(iamGroupName, description, callerDomain.getPath());
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_DELETE, eventDescription = "Deleting Acl Group")
+ public boolean deleteIAMGroup(final Long iamGroupId) {
+ return _iamSrv.deleteAclGroup(iamGroupId);
+ }
+
+ @Override
+ public List<IAMGroup> listIAMGroups(long accountId) {
+ return _iamSrv.listAclGroups(accountId);
+ }
+
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
+ public IAMGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
+ return _iamSrv.addAccountsToGroup(acctIds, groupId);
+ }
+
+
+ private void removeAccountFromIAMGroups(long accountId) {
+ List<IAMGroup> groups = listIAMGroups(accountId);
+ List<Long> accts = new ArrayList<Long>();
+ accts.add(accountId);
+ if (groups != null) {
+ for (IAMGroup grp : groups) {
+ removeAccountsFromGroup(accts, grp.getId());
+ }
+ }
+ }
+
+ private void addAccountToIAMGroup(long accountId, long groupId) {
+ List<Long> accts = new ArrayList<Long>();
+ accts.add(accountId);
+ addAccountsToGroup(accts, groupId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
+ public IAMGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
+ return _iamSrv.removeAccountsFromGroup(acctIds, groupId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_CREATE, eventDescription = "Creating IAM Policy", create = true)
+ public IAMPolicy createIAMPolicy(Account caller, final String iamPolicyName, final String description, final Long parentPolicyId) {
+ Long domainId = caller.getDomainId();
+ Domain callerDomain = _domainDao.findById(domainId);
+ if (callerDomain == null) {
+ throw new InvalidParameterValueException("Caller does not have a domain");
+ }
+ return _iamSrv.createAclPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath());
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_DELETE, eventDescription = "Deleting IAM Policy")
+ public boolean deleteIAMPolicy(final long iamPolicyId) {
+ return _iamSrv.deleteAclPolicy(iamPolicyId);
+ }
+
+
+ @Override
+ public List<IAMPolicy> listIAMPolicies(long accountId) {
+ return _iamSrv.listAclPolicies(accountId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
+ public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
+ return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
+ public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
+ return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
+ }
+
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
+ public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
+ _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
+ public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
+ _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_GRANT, eventDescription = "Granting acl permission to IAM Policy")
+ public IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope,
+ Long scopeId, String action, Permission perm, Boolean recursive) {
+ Class<?> cmdClass = _apiServer.getCmdClass(action);
+ AccessType accessType = null;
+ if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
+ accessType = AccessType.UseEntry;
+ }
+ return _iamSrv.addAclPermissionToAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
+ accessType.toString(), perm, recursive);
+ }
+
+ @DB
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_REVOKE, eventDescription = "Revoking acl permission from IAM Policy")
+ public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
+ return _iamSrv.removeAclPermissionFromAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action);
+ }
+
+ @Override
+ public IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action) {
+ List<IAMPolicy> policies = _iamSrv.listAclPolicies(accountId);
+ IAMPolicyPermission curPerm = null;
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
+ entityType);
+ if (perms == null || perms.size() == 0)
+ continue;
+ IAMPolicyPermission perm = perms.get(0); // just pick one
+ if (curPerm == null) {
+ curPerm = perm;
+ } else if (PermissionScope.valueOf(perm.getScope()).greaterThan(PermissionScope.valueOf(curPerm.getScope()))) {
+ // pick the more relaxed allowed permission
+ curPerm = perm;
+ }
+ }
+
+ return curPerm;
+ }
+
+
+ @Override
+ public IAMPolicyResponse createIAMPolicyResponse(IAMPolicy policy) {
+ IAMPolicyResponse response = new IAMPolicyResponse();
+ response.setId(policy.getUuid());
+ response.setName(policy.getName());
+ response.setDescription(policy.getDescription());
+ String domainPath = policy.getPath();
+ if (domainPath != null) {
+ DomainVO domain = _domainDao.findDomainByPath(domainPath);
+ if (domain != null) {
+ response.setDomainId(domain.getUuid());
+ response.setDomainName(domain.getName());
+ }
+ }
+ long accountId = policy.getAccountId();
+ AccountVO owner = _accountDao.findById(accountId);
+ if (owner != null) {
+ response.setAccountName(owner.getAccountName());
+ }
+ // find permissions associated with this policy
+ List<IAMPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
+ if (permissions != null && permissions.size() > 0) {
+ for (IAMPolicyPermission permission : permissions) {
+ IAMPermissionResponse perm = new IAMPermissionResponse();
+ perm.setAction(permission.getAction());
+ if (permission.getEntityType() != null) {
+ perm.setEntityType(IAMEntityType.valueOf(permission.getEntityType()));
+ }
+ if (permission.getScope() != null) {
+ perm.setScope(PermissionScope.valueOf(permission.getScope()));
+ }
+ perm.setScopeId(permission.getScopeId());
+ perm.setPermission(permission.getPermission());
+ response.addPermission(perm);
+ }
+ }
+ response.setObjectName("aclpolicy");
+ return response;
+ }
+
+ @Override
+ public IAMGroupResponse createIAMGroupResponse(IAMGroup group) {
+ IAMGroupResponse response = new IAMGroupResponse();
+ response.setId(group.getUuid());
+ response.setName(group.getName());
+ response.setDescription(group.getDescription());
+ String domainPath = group.getPath();
+ if (domainPath != null) {
+ DomainVO domain = _domainDao.findDomainByPath(domainPath);
+ if (domain != null) {
+ response.setDomainId(domain.getUuid());
+ response.setDomainName(domain.getName());
+ }
+ }
+ long accountId = group.getAccountId();
+ AccountVO owner = _accountDao.findById(accountId);
+ if (owner != null) {
+ response.setAccountName(owner.getAccountName());
+ }
+ // find all the members in this group
+ List<Long> members = _iamSrv.listAccountsByGroup(group.getId());
+ if (members != null && members.size() > 0) {
+ for (Long member : members) {
+ AccountVO mem = _accountDao.findById(member);
+ if (mem != null) {
+ response.addMemberAccount(mem.getAccountName());
+ }
+ }
+ }
+
+ // find all the policies attached to this group
+ List<IAMPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
+ if (policies != null && policies.size() > 0) {
+ for (IAMPolicy policy : policies) {
+ response.addPolicy(policy.getName());
+ }
+ }
+
+ response.setObjectName("aclgroup");
+ return response;
+
+ }
+
+ public List<IAMGroup> listDomainGroup(Domain domain) {
+
+ if (domain != null) {
+ String domainPath = domain.getPath();
+ // search for groups
+ Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
+ domainPath, null, null);
+ return result.first();
+ }
+ return new ArrayList<IAMGroup>();
+
+ }
+
+ @Override
+ public ListResponse<IAMGroupResponse> listIAMGroups(Long iamGroupId, String iamGroupName, Long domainId, Long startIndex, Long pageSize) {
+ // acl check
+ Account caller = CallContext.current().getCallingAccount();
+
+ Domain domain = null;
+ if (domainId != null) {
+ domain = _domainDao.findById(domainId);
+ if (domain == null) {
+ throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
+ }
+
+ _accountMgr.checkAccess(caller, domain);
+ } else {
+ domain = _domainDao.findById(caller.getDomainId());
+ }
+ String domainPath = domain.getPath();
+ // search for groups
+ Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize);
+ // generate group response
+ ListResponse<IAMGroupResponse> response = new ListResponse<IAMGroupResponse>();
+ List<IAMGroupResponse> groupResponses = new ArrayList<IAMGroupResponse>();
+ for (IAMGroup group : result.first()) {
+ IAMGroupResponse resp = createIAMGroupResponse(group);
+ groupResponses.add(resp);
+ }
+ response.setResponses(groupResponses, result.second());
+ return response;
+ }
+
+ @Override
+ public ListResponse<IAMPolicyResponse> listIAMPolicies(Long iamPolicyId, String iamPolicyName, Long domainId, Long startIndex,
+ Long pageSize) {
+ // acl check
+ Account caller = CallContext.current().getCallingAccount();
+
+ Domain domain = null;
+ if (domainId != null) {
+ domain = _domainDao.findById(domainId);
+ if (domain == null) {
+ throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
+ }
+
+ _accountMgr.checkAccess(caller, domain);
+ } else {
+ domain = _domainDao.findById(caller.getDomainId());
+ }
+ String domainPath = domain.getPath();
+ // search for policies
+ Pair<List<IAMPolicy>, Integer> result = _iamSrv.listAclPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize);
+ // generate policy response
+ ListResponse<IAMPolicyResponse> response = new ListResponse<IAMPolicyResponse>();
+ List<IAMPolicyResponse> policyResponses = new ArrayList<IAMPolicyResponse>();
+ for (IAMPolicy policy : result.first()) {
+ IAMPolicyResponse resp = createIAMPolicyResponse(policy);
+ policyResponses.add(resp);
+ }
+ response.setResponses(policyResponses, result.second());
+ return response;
+ }
+
+ @Override
+ public void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
+ // check if there is already a policy with only this permission added to it
+ IAMPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
+ if (policy == null) {
+ // not found, just create a policy with resource grant permission
+ Account caller = CallContext.current().getCallingAccount();
+ String aclPolicyName = "policyGrant" + entityType + entityId;
+ String description = "Policy to grant permission to " + entityType + entityId;
+ policy = createIAMPolicy(caller, aclPolicyName, description, null);
+ // add permission to this policy
+ addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
+ }
+ // attach this policy to list of accounts if not attached already
+ Long policyId = policy.getId();
+ for (Long acctId : accountIds) {
+ if (!isPolicyAttachedToAccount(policyId, acctId)) {
+ attachIAMPolicyToAccounts(policyId, Collections.singletonList(acctId));
+ }
+ }
+ }
+
+ @Override
+ public void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
+ // there should already a policy with only this permission added to it, this call is mainly used
+ IAMPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
+ if (policy == null) {
+ s_logger.warn("Cannot find a policy associated with this entity permissioin to be revoked, just return");
+ return;
+ }
+ // detach this policy from list of accounts if not detached already
+ Long policyId = policy.getId();
+ for (Long acctId : accountIds) {
+ if (isPolicyAttachedToAccount(policyId, acctId)) {
+ removeIAMPolicyFromAccounts(policyId, Collections.singletonList(acctId));
+ }
+ }
+
+ }
+
+ private boolean isPolicyAttachedToAccount(Long policyId, Long accountId) {
+ List<IAMPolicy> pList = listIAMPolicies(accountId);
+ for (IAMPolicy p : pList) {
+ if (p.getId() == policyId.longValue()) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private void resetTemplatePermission(Long templateId){
+ // reset template will change template to private, so we need to remove its permission for domain admin and normal user group
+ _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
+ _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
+ // check if there is a policy with only UseEntry permission for this template added
+ IAMPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
+ if ( policy == null ){
+ s_logger.info("No policy found for this template grant: " + templateId + ", no detach to be done");
+ return;
+ }
+ // delete the policy, which should detach it from groups and accounts
+ _iamSrv.deleteAclPolicy(policy.getId());
+
+ }
+
+ @Override
+ public List<Class<?>> getCommands() {
+ List<Class<?>> cmdList = new ArrayList<Class<?>>();
+ cmdList.add(CreateIAMPolicyCmd.class);
+ cmdList.add(DeleteIAMPolicyCmd.class);
+ cmdList.add(ListIAMPoliciesCmd.class);
+ cmdList.add(AddIAMPermissionToIAMPolicyCmd.class);
+ cmdList.add(RemoveIAMPermissionFromIAMPolicyCmd.class);
+ cmdList.add(AttachIAMPolicyToIAMGroupCmd.class);
+ cmdList.add(RemoveIAMPolicyFromIAMGroupCmd.class);
+ cmdList.add(CreateIAMGroupCmd.class);
+ cmdList.add(DeleteIAMGroupCmd.class);
+ cmdList.add(ListIAMGroupsCmd.class);
+ cmdList.add(AddAccountToIAMGroupCmd.class);
+ cmdList.add(RemoveAccountFromIAMGroupCmd.class);
+ cmdList.add(AttachIAMPolicyToAccountCmd.class);
+ cmdList.add(RemoveIAMPolicyFromAccountCmd.class);
+ return cmdList;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
index 448e45f..48e6ede 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
@@ -37,9 +37,9 @@ import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.BaseAsyncCreateCmd;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.BaseListCmd;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.api.ApiServerService;
@@ -90,7 +90,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
+ "is null");
}
- List<AclPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
+ List<IAMPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
if (!isAllowed) {
@@ -259,11 +259,11 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
if (entityTypes == null || entityTypes.length == 0) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
} else {
for (IAMEntityType entityType : entityTypes) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 5420f84..13f6914 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -28,9 +28,9 @@ import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker;
import org.apache.cloudstack.api.InternalIdentity;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.acl.DomainChecker;
@@ -64,7 +64,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
if (entity == null && action != null) {
// check if caller can do this action
- List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
+ List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies);
if (!isAllowed) {
@@ -80,11 +80,11 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
}
// get all Policies of this caller w.r.t the entity
- List<AclPolicy> policies = getEffectivePolicies(caller, entity);
- HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();
+ List<IAMPolicy> policies = getEffectivePolicies(caller, entity);
+ HashMap<IAMPolicy, Boolean> policyPermissionMap = new HashMap<IAMPolicy, Boolean>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> permissions = new ArrayList<AclPolicyPermission>();
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermission> permissions = new ArrayList<IAMPolicyPermission>();
if (action != null) {
permissions = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action, entityType);
@@ -100,7 +100,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
accessType.toString(), entityType));
}
}
- for (AclPolicyPermission permission : permissions) {
+ for (IAMPolicyPermission permission : permissions) {
if (checkPermissionScope(caller, permission.getScope(), permission.getScopeId(), entity)) {
if (permission.getEntityType().equals(entityType)) {
policyPermissionMap.put(policy, permission.getPermission().isGranted());
@@ -129,7 +129,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
private boolean checkPermissionScope(Account caller, String scope, Long scopeId, ControlledEntity entity) {
- if(scopeId != null && !scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))){
+ if(scopeId != null && !scopeId.equals(new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))){
//scopeId is set
if (scope.equals(PermissionScope.ACCOUNT.name())) {
if(scopeId == entity.getAccountId()){
@@ -147,7 +147,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
}
}
}
- } else if (scopeId == null || scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))) {
+ } else if (scopeId == null || scopeId.equals(new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))) {
if (scope.equals(PermissionScope.ACCOUNT.name())) {
if(caller.getAccountId() == entity.getAccountId()){
return true;
@@ -161,10 +161,10 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
return false;
}
- private List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
+ private List<IAMPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
// Get the static Policies of the Caller
- List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
+ List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
// add any dynamic policies w.r.t the entity
if (caller.getId() == entity.getAccountId()) {
@@ -172,11 +172,11 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
policies.add(_iamSrv.getResourceOwnerPolicy());
}
- List<AclGroup> groups = _iamSrv.listAclGroups(caller.getId());
- for (AclGroup group : groups) {
+ List<IAMGroup> groups = _iamSrv.listAclGroups(caller.getId());
+ for (IAMGroup group : groups) {
// for each group find the grand parent groups.
- List<AclGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
- for (AclGroup parentGroup : parentGroups) {
+ List<IAMGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
+ for (IAMGroup parentGroup : parentGroups) {
policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
index 4cec0d9..596ac7e 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
@@ -25,9 +25,9 @@ import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.QuerySelector;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.user.Account;
@@ -44,13 +44,13 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedDomains(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
// for each policy, find granted permission with Domain scope
List<Long> domainIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.DOMAIN.toString());
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.DOMAIN.toString());
if (pp != null) {
- for (AclPolicyPermission p : pp) {
+ for (IAMPolicyPermission p : pp) {
if (p.getScopeId() != null) {
if (p.getScopeId().longValue() == -1) {
domainIds.add(caller.getDomainId());
@@ -68,13 +68,13 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedAccounts(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
// for each policy, find granted permission with Account scope
List<Long> accountIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ACCOUNT.toString());
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ACCOUNT.toString());
if (pp != null) {
- for (AclPolicyPermission p : pp) {
+ for (IAMPolicyPermission p : pp) {
if (p.getScopeId() != null) {
if (p.getScopeId().longValue() == -1) {
accountIds.add(caller.getId());
@@ -92,24 +92,24 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedResources(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
// add the policies that grant recursive access
- List<AclGroup> groups = _iamService.listAclGroups(caller.getId());
- for (AclGroup group : groups) {
+ List<IAMGroup> groups = _iamService.listAclGroups(caller.getId());
+ for (IAMGroup group : groups) {
// for each group find the grand parent groups.
- List<AclGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
- for (AclGroup parentGroup : parentGroups) {
+ List<IAMGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
+ for (IAMGroup parentGroup : parentGroups) {
policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
}
}
// for each policy, find granted permission with Resource scope
List<Long> entityIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.RESOURCE.toString());
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.RESOURCE.toString());
if (pp != null) {
- for (AclPolicyPermission p : pp) {
+ for (IAMPolicyPermission p : pp) {
if (p.getScopeId() != null) {
entityIds.add(p.getScopeId());
}
@@ -123,10 +123,10 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public boolean isGrantedAll(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
// for each policy, find granted permission with ALL scope
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
+ for (IAMPolicy policy : policies) {
+ List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
if (pp != null && pp.size() > 0) {
return true;
}
@@ -136,9 +136,9 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
@Override
public List<String> listAclGroupsByAccount(long accountId) {
- List<AclGroup> groups = _iamService.listAclGroups(accountId);
+ List<IAMGroup> groups = _iamService.listAclGroups(accountId);
List<String> groupNames = new ArrayList<String>();
- for (AclGroup grp : groups) {
+ for (IAMGroup grp : groups) {
groupNames.add(grp.getName());
}
return groupNames;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java b/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
deleted file mode 100644
index daf5b64..0000000
--- a/services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java
+++ /dev/null
@@ -1,357 +0,0 @@
-package org.apache.cloudstack.acl;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-import static org.mockito.Mockito.doNothing;
-import static org.mockito.Mockito.when;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-import java.util.UUID;
-
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mockito;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.ComponentScan.Filter;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.FilterType;
-import org.springframework.core.type.classreading.MetadataReader;
-import org.springframework.core.type.classreading.MetadataReaderFactory;
-import org.springframework.core.type.filter.TypeFilter;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.support.AnnotationConfigContextLoader;
-
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.iam.AclApiServiceImpl;
-import org.apache.cloudstack.api.command.user.vm.ListVMsCmd;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPermissionResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.framework.messagebus.MessageBus;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.api.IAMService;
-import org.apache.cloudstack.iam.server.AclGroupVO;
-import org.apache.cloudstack.iam.server.AclPolicyPermissionVO;
-import org.apache.cloudstack.iam.server.AclPolicyVO;
-import org.apache.cloudstack.test.utils.SpringUtils;
-
-import com.cloud.api.ApiServerService;
-import com.cloud.domain.DomainVO;
-import com.cloud.domain.dao.DomainDao;
-import com.cloud.network.dao.NetworkDomainDao;
-import com.cloud.user.Account;
-import com.cloud.user.AccountManager;
-import com.cloud.user.AccountVO;
-import com.cloud.user.UserVO;
-import com.cloud.user.dao.AccountDao;
-import com.cloud.utils.Pair;
-import com.cloud.utils.component.ComponentContext;
-
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration(loader = AnnotationConfigContextLoader.class)
-public class AclApiServiceTest {
-
- @Inject
- IAMService _iamSrv;
-
- @Inject
- DomainDao _domainDao;
-
- @Inject
- AclApiService _aclSrv;
-
- @Inject
- AccountManager _accountMgr;
-
- @Inject
- AccountDao _accountDao;
-
- @Inject
- ApiServerService _apiServer;
-
- private static Account caller;
- private static Long callerId;
- private static String callerAccountName = "tester";
- private static Long callerDomainId = 3L;
- private static String callerDomainPath = "/root/testdomain";
- private static DomainVO callerDomain;
-
- @BeforeClass
- public static void setUpClass() throws ConfigurationException {
- }
-
- @Before
- public void setUp() {
- ComponentContext.initComponentsLifeCycle();
- caller = new AccountVO(callerAccountName, callerDomainId, null, Account.ACCOUNT_TYPE_ADMIN, UUID.randomUUID().toString());
- callerId = caller.getId();
- callerDomain = new DomainVO();
- callerDomain.setPath(callerDomainPath);
- UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
- CallContext.register(user, caller);
-
- when(_domainDao.findById(callerDomainId)).thenReturn(callerDomain);
- doNothing().when(_accountMgr).checkAccess(caller, callerDomain);
- }
-
- @Test
- public void createAclGroupTest() {
- AclGroup group = new AclGroupVO("group1", "tester group1");
- List<AclGroup> groups = new ArrayList<AclGroup>();
- groups.add(group);
- Pair<List<AclGroup>, Integer> grpList = new Pair<List<AclGroup>, Integer>(groups, 1);
- when(_iamSrv.createAclGroup("group1", "tester group1", callerDomainPath)).thenReturn(group);
- when(_iamSrv.listAclGroups(null, null, callerDomainPath, 0L, 20L)).thenReturn(grpList);
-
- AclGroup createdGrp = _aclSrv.createAclGroup(caller, "group1", "tester group1");
- assertNotNull("Acl group 'group1' failed to create ", createdGrp);
- ListResponse<AclGroupResponse> grpResp = _aclSrv.listAclGroups(null, null, callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", grpResp.getCount() == 1);
- AclGroupResponse resp = grpResp.getResponses().get(0);
- assertEquals("Error in created group name", "group1", resp.getName());
- }
-
- @Test
- public void deleteAclGroupTest() {
- when(_iamSrv.deleteAclGroup(1L)).thenReturn(true);
- assertTrue("failed to delete acl group 1", _aclSrv.deleteAclGroup(1L));
- }
-
- @Test
- public void listAclGroupTest() {
- AclGroup group = new AclGroupVO("group1", "tester group1");
- List<AclGroup> groups = new ArrayList<AclGroup>();
- groups.add(group);
- when(_iamSrv.listAclGroups(callerId)).thenReturn(groups);
- List<AclGroup> grps = _aclSrv.listAclGroups(callerId);
- assertTrue(grps != null && grps.size() == 1);
- AclGroup grp = grps.get(0);
- assertEquals("Error to retrieve group", "group1", grp.getName());
- }
-
- @Test
- public void addRemoveAccountToGroupTest() {
- AclGroup group = new AclGroupVO("group1", "tester group1");
- List<AclGroup> groups = new ArrayList<AclGroup>();
- groups.add(group);
- Long groupId = group.getId();
- List<Long> acctIds = new ArrayList<Long>();
- AccountVO acct1 = new AccountVO(100L);
- acct1.setAccountName("account1");
- AccountVO acct2 = new AccountVO(200L);
- acct2.setAccountName("account2");
- acctIds.add(acct1.getId());
- acctIds.add(acct2.getId());
- when(_accountDao.findById(acct1.getId())).thenReturn(acct1);
- when(_accountDao.findById(acct2.getId())).thenReturn(acct2);
- when(_iamSrv.addAccountsToGroup(acctIds, groupId)).thenReturn(group);
- when(_iamSrv.listAccountsByGroup(groupId)).thenReturn(acctIds);
- Pair<List<AclGroup>, Integer> grpList = new Pair<List<AclGroup>, Integer>(groups, 1);
- when(_iamSrv.listAclGroups(null, "group1", callerDomainPath, 0L, 20L)).thenReturn(grpList);
- _aclSrv.addAccountsToGroup(acctIds, groupId);
- ListResponse<AclGroupResponse> grpResp = _aclSrv.listAclGroups(null, "group1", callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", grpResp.getCount() == 1);
- AclGroupResponse resp = grpResp.getResponses().get(0);
- Set<String> acctNames = resp.getAccountNameList();
- assertEquals("There should be 2 accounts in the group", 2, acctNames.size());
- assertTrue("account1 should be assigned to the group", acctNames.contains("account1"));
- assertTrue("account2 should be assigned to the group", acctNames.contains("account2"));
- // remove "account2" from group1
- acctIds.remove(1);
- List<Long> rmAccts = new ArrayList<Long>();
- rmAccts.add(acct2.getId());
- when(_iamSrv.removeAccountsFromGroup(rmAccts, groupId)).thenReturn(group);
- _aclSrv.removeAccountsFromGroup(acctIds, groupId);
- grpResp = _aclSrv.listAclGroups(null, "group1", callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", grpResp.getCount() == 1);
- resp = grpResp.getResponses().get(0);
- acctNames = resp.getAccountNameList();
- assertEquals("There should be 1 accounts in the group", 1, acctNames.size());
- assertFalse("account2 should not belong to the group anymore", acctNames.contains("account2"));
- }
-
- @Test
- public void createAclPolicyTest() {
- AclPolicy policy = new AclPolicyVO("policy1", "tester policy1");
- List<AclPolicy> policies = new ArrayList<AclPolicy>();
- policies.add(policy);
- Pair<List<AclPolicy>, Integer> policyList = new Pair<List<AclPolicy>, Integer>(policies, 1);
- when(_iamSrv.createAclPolicy("policy1", "tester policy1", null, callerDomainPath)).thenReturn(policy);
- when(_iamSrv.listAclPolicies(null, null, callerDomainPath, 0L, 20L)).thenReturn(policyList);
-
- AclPolicy createdPolicy = _aclSrv.createAclPolicy(caller, "policy1", "tester policy1", null);
- assertNotNull("Acl policy 'policy1' failed to create ", createdPolicy);
- ListResponse<AclPolicyResponse> policyResp = _aclSrv.listAclPolicies(null, null, callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", policyResp.getCount() == 1);
- AclPolicyResponse resp = policyResp.getResponses().get(0);
- assertEquals("Error in created group name", "policy1", resp.getName());
- }
-
- @Test
- public void deleteAclPolicyTest() {
- when(_iamSrv.deleteAclPolicy(1L)).thenReturn(true);
- assertTrue("failed to delete acl policy 1", _aclSrv.deleteAclPolicy(1L));
- }
-
- @Test
- public void listAclPolicyTest() {
- AclPolicy policy = new AclPolicyVO("policy1", "tester policy1");
- List<AclPolicy> policies = new ArrayList<AclPolicy>();
- policies.add(policy);
- when(_iamSrv.listAclPolicies(callerId)).thenReturn(policies);
- List<AclPolicy> polys = _aclSrv.listAclPolicies(callerId);
- assertTrue(polys != null && polys.size() == 1);
- AclPolicy p = polys.get(0);
- assertEquals("Error to retrieve group", "policy1", p.getName());
- }
-
- @Test
- public void addRemovePolicyToGroupTest() {
- AclGroup group = new AclGroupVO("group1", "tester group1");
- List<AclGroup> groups = new ArrayList<AclGroup>();
- groups.add(group);
- Long groupId = group.getId();
- List<Long> policyIds = new ArrayList<Long>();
- policyIds.add(100L);
- policyIds.add(200L);
- AclPolicy policy1 = new AclPolicyVO("policy1", "my first policy");
- AclPolicy policy2 = new AclPolicyVO("policy2", "my second policy");
- List<AclPolicy> policies = new ArrayList<AclPolicy>();
- policies.add(policy1);
- policies.add(policy2);
- when(_iamSrv.attachAclPoliciesToGroup(policyIds, groupId)).thenReturn(group);
- when(_iamSrv.listAclPoliciesByGroup(groupId)).thenReturn(policies);
- Pair<List<AclGroup>, Integer> grpList = new Pair<List<AclGroup>, Integer>(groups, 1);
- when(_iamSrv.listAclGroups(null, "group1", callerDomainPath, 0L, 20L)).thenReturn(grpList);
- _aclSrv.attachAclPoliciesToGroup(policyIds, groupId);
- ListResponse<AclGroupResponse> grpResp = _aclSrv.listAclGroups(null, "group1", callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", grpResp.getCount() == 1);
- AclGroupResponse resp = grpResp.getResponses().get(0);
- Set<String> policyNames = resp.getPolicyList();
- assertEquals("There should be 2 policies in the group", 2, policyNames.size());
- assertTrue("policy1 should be assigned to the group", policyNames.contains("policy1"));
- assertTrue("policy2 should be assigned to the group", policyNames.contains("policy2"));
- // remove "policy2" from group1
- policyIds.remove(1);
- policies.remove(policy2);
- when(_iamSrv.removeAclPoliciesFromGroup(policyIds, groupId)).thenReturn(group);
- _aclSrv.removeAclPoliciesFromGroup(policyIds, groupId);
- grpResp = _aclSrv.listAclGroups(null, "group1", callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", grpResp.getCount() == 1);
- resp = grpResp.getResponses().get(0);
- policyNames = resp.getPolicyList();
- assertEquals("There should be 1 policy attached to the group", 1, policyNames.size());
- assertFalse("policy2 should not belong to the group anymore", policyNames.contains("policy2"));
- }
-
- @Test
- public void addRemovePermissionToPolicyTest() {
- AclPolicy policy = new AclPolicyVO("policy1", "tester policy1");
- List<AclPolicy> policies = new ArrayList<AclPolicy>();
- policies.add(policy);
- Long policyId = policy.getId();
- Long resId = 200L;
- Class clz = ListVMsCmd.class;
- when(_apiServer.getCmdClass("listVirtualMachines")).thenReturn(clz);
- when(
- _iamSrv.addAclPermissionToAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
- AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
- _aclSrv.addAclPermissionToAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
- Pair<List<AclPolicy>, Integer> policyList = new Pair<List<AclPolicy>, Integer>(policies, 1);
- List<AclPolicyPermission> policyPerms = new ArrayList<AclPolicyPermission>();
- AclPolicyPermission perm = new AclPolicyPermissionVO(policyId, "listVirtualMachines", IAMEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
- PermissionScope.RESOURCE.toString(),
- resId, Permission.Allow, false);
- policyPerms.add(perm);
- when(_iamSrv.listAclPolicies(null, "policy1", callerDomainPath, 0L, 20L)).thenReturn(policyList);
- when(_iamSrv.listPolicyPermissions(policyId)).thenReturn(policyPerms);
- ListResponse<AclPolicyResponse> policyResp = _aclSrv.listAclPolicies(null, "policy1", callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", policyResp.getCount() == 1);
- AclPolicyResponse resp = policyResp.getResponses().get(0);
- Set<AclPermissionResponse> permList = resp.getPermissionList();
- assertTrue("Permission list should not be empty", permList != null && permList.size() > 0);
- AclPermissionResponse permResp = permList.iterator().next();
- assertEquals("There should be one permission for listVirtualMachines", "listVirtualMachines", permResp.getAction());
-
- //remove permission from policy
- policyPerms.remove(perm);
- _aclSrv.removeAclPermissionFromAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines");
- policyResp = _aclSrv.listAclPolicies(null, "policy1", callerDomainId, 0L, 20L);
- assertTrue("No. of response items should be one", policyResp.getCount() == 1);
- resp = policyResp.getResponses().get(0);
- permList = resp.getPermissionList();
- assertTrue("Permission list should be empty", permList != null && permList.size() == 0);
- }
-
- @After
- public void tearDown() {
- }
-
- @Configuration
- @ComponentScan(basePackageClasses = {AclApiServiceImpl.class}, includeFilters = {@Filter(value = TestConfiguration.Library.class, type = FilterType.CUSTOM)}, useDefaultFilters = false)
- public static class TestConfiguration extends SpringUtils.CloudStackTestConfiguration {
-
- @Bean
- public DomainDao domainDao() {
- return Mockito.mock(DomainDao.class);
- }
-
- @Bean
- public IAMService iamService() {
- return Mockito.mock(IAMService.class);
- }
-
- @Bean
- public AccountDao accountDao() {
- return Mockito.mock(AccountDao.class);
- }
-
- @Bean
- public NetworkDomainDao networkDomainDao() {
- return Mockito.mock(NetworkDomainDao.class);
- }
-
- @Bean
- public AccountManager accountManager() {
- return Mockito.mock(AccountManager.class);
- }
-
- @Bean
- public MessageBus messageBus() {
- return Mockito.mock(MessageBus.class);
- }
-
- @Bean
- public ApiServerService apiServerService() {
- return Mockito.mock(ApiServerService.class);
- }
-
- public static class Library implements TypeFilter {
-
- @Override
- public boolean match(MetadataReader mdr, MetadataReaderFactory arg1) throws IOException {
- ComponentScan cs = TestConfiguration.class.getAnnotation(ComponentScan.class);
- return SpringUtils.includedInBasePackageClasses(mdr.getClassMetadata().getClassName(), cs);
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
new file mode 100644
index 0000000..4b376ce
--- /dev/null
+++ b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
@@ -0,0 +1,363 @@
+package org.apache.cloudstack.iam.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.doNothing;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import java.util.UUID;
+
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mockito;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.ComponentScan.Filter;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.FilterType;
+import org.springframework.core.type.classreading.MetadataReader;
+import org.springframework.core.type.classreading.MetadataReaderFactory;
+import org.springframework.core.type.filter.TypeFilter;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.support.AnnotationConfigContextLoader;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.iam.IAMApiServiceImpl;
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.command.user.vm.ListVMsCmd;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPermissionResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.messagebus.MessageBus;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMService;
+import org.apache.cloudstack.iam.server.IAMGroupVO;
+import org.apache.cloudstack.iam.server.IAMPolicyPermissionVO;
+import org.apache.cloudstack.iam.server.IAMPolicyVO;
+import org.apache.cloudstack.test.utils.SpringUtils;
+
+import com.cloud.api.ApiServerService;
+import com.cloud.domain.DomainVO;
+import com.cloud.domain.dao.DomainDao;
+import com.cloud.network.dao.NetworkDomainDao;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountVO;
+import com.cloud.user.UserVO;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.Pair;
+import com.cloud.utils.component.ComponentContext;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(loader = AnnotationConfigContextLoader.class)
+public class IAMApiServiceTest {
+
+ @Inject
+ IAMService _iamSrv;
+
+ @Inject
+ DomainDao _domainDao;
+
+ @Inject
+ IAMApiService _aclSrv;
+
+ @Inject
+ AccountManager _accountMgr;
+
+ @Inject
+ AccountDao _accountDao;
+
+ @Inject
+ ApiServerService _apiServer;
+
+ private static Account caller;
+ private static Long callerId;
+ private static String callerAccountName = "tester";
+ private static Long callerDomainId = 3L;
+ private static String callerDomainPath = "/root/testdomain";
+ private static DomainVO callerDomain;
+
+ @BeforeClass
+ public static void setUpClass() throws ConfigurationException {
+ }
+
+ @Before
+ public void setUp() {
+ ComponentContext.initComponentsLifeCycle();
+ caller = new AccountVO(callerAccountName, callerDomainId, null, Account.ACCOUNT_TYPE_ADMIN, UUID.randomUUID().toString());
+ callerId = caller.getId();
+ callerDomain = new DomainVO();
+ callerDomain.setPath(callerDomainPath);
+ UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+ CallContext.register(user, caller);
+
+ when(_domainDao.findById(callerDomainId)).thenReturn(callerDomain);
+ doNothing().when(_accountMgr).checkAccess(caller, callerDomain);
+ }
+
+ @Test
+ public void createIAMGroupTest() {
+ IAMGroup group = new IAMGroupVO("group1", "tester group1");
+ List<IAMGroup> groups = new ArrayList<IAMGroup>();
+ groups.add(group);
+ Pair<List<IAMGroup>, Integer> grpList = new Pair<List<IAMGroup>, Integer>(groups, 1);
+ when(_iamSrv.createIAMGroup("group1", "tester group1", callerDomainPath)).thenReturn(group);
+ when(_iamSrv.listIAMGroups(null, null, callerDomainPath, 0L, 20L)).thenReturn(grpList);
+
+ IAMGroup createdGrp = _aclSrv.createIAMGroup(caller, "group1", "tester group1");
+ assertNotNull("IAM group 'group1' failed to create ", createdGrp);
+ ListResponse<IAMGroupResponse> grpResp = _aclSrv.listIAMGroups(null, null, callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", grpResp.getCount() == 1);
+ IAMGroupResponse resp = grpResp.getResponses().get(0);
+ assertEquals("Error in created group name", "group1", resp.getName());
+ }
+
+ @Test
+ public void deleteIAMGroupTest() {
+ when(_iamSrv.deleteIAMGroup(1L)).thenReturn(true);
+ assertTrue("failed to delete acl group 1", _aclSrv.deleteIAMGroup(1L));
+ }
+
+ @Test
+ public void listIAMGroupTest() {
+ IAMGroup group = new IAMGroupVO("group1", "tester group1");
+ List<IAMGroup> groups = new ArrayList<IAMGroup>();
+ groups.add(group);
+ when(_iamSrv.listIAMGroups(callerId)).thenReturn(groups);
+ List<IAMGroup> grps = _aclSrv.listIAMGroups(callerId);
+ assertTrue(grps != null && grps.size() == 1);
+ IAMGroup grp = grps.get(0);
+ assertEquals("Error to retrieve group", "group1", grp.getName());
+ }
+
+ @Test
+ public void addRemoveAccountToGroupTest() {
+ IAMGroup group = new IAMGroupVO("group1", "tester group1");
+ List<IAMGroup> groups = new ArrayList<IAMGroup>();
+ groups.add(group);
+ Long groupId = group.getId();
+ List<Long> acctIds = new ArrayList<Long>();
+ AccountVO acct1 = new AccountVO(100L);
+ acct1.setAccountName("account1");
+ AccountVO acct2 = new AccountVO(200L);
+ acct2.setAccountName("account2");
+ acctIds.add(acct1.getId());
+ acctIds.add(acct2.getId());
+ when(_accountDao.findById(acct1.getId())).thenReturn(acct1);
+ when(_accountDao.findById(acct2.getId())).thenReturn(acct2);
+ when(_iamSrv.addAccountsToGroup(acctIds, groupId)).thenReturn(group);
+ when(_iamSrv.listAccountsByGroup(groupId)).thenReturn(acctIds);
+ Pair<List<IAMGroup>, Integer> grpList = new Pair<List<IAMGroup>, Integer>(groups, 1);
+ when(_iamSrv.listIAMGroups(null, "group1", callerDomainPath, 0L, 20L)).thenReturn(grpList);
+ _aclSrv.addAccountsToGroup(acctIds, groupId);
+ ListResponse<IAMGroupResponse> grpResp = _aclSrv.listIAMGroups(null, "group1", callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", grpResp.getCount() == 1);
+ IAMGroupResponse resp = grpResp.getResponses().get(0);
+ Set<String> acctNames = resp.getAccountNameList();
+ assertEquals("There should be 2 accounts in the group", 2, acctNames.size());
+ assertTrue("account1 should be assigned to the group", acctNames.contains("account1"));
+ assertTrue("account2 should be assigned to the group", acctNames.contains("account2"));
+ // remove "account2" from group1
+ acctIds.remove(1);
+ List<Long> rmAccts = new ArrayList<Long>();
+ rmAccts.add(acct2.getId());
+ when(_iamSrv.removeAccountsFromGroup(rmAccts, groupId)).thenReturn(group);
+ _aclSrv.removeAccountsFromGroup(acctIds, groupId);
+ grpResp = _aclSrv.listIAMGroups(null, "group1", callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", grpResp.getCount() == 1);
+ resp = grpResp.getResponses().get(0);
+ acctNames = resp.getAccountNameList();
+ assertEquals("There should be 1 accounts in the group", 1, acctNames.size());
+ assertFalse("account2 should not belong to the group anymore", acctNames.contains("account2"));
+ }
+
+ @Test
+ public void createIAMPolicyTest() {
+ IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
+ List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
+ policies.add(policy);
+ Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>, Integer>(policies, 1);
+ when(_iamSrv.createIAMPolicy("policy1", "tester policy1", null, callerDomainPath)).thenReturn(policy);
+ when(_iamSrv.listIAMPolicies(null, null, callerDomainPath, 0L, 20L)).thenReturn(policyList);
+
+ IAMPolicy createdPolicy = _aclSrv.createIAMPolicy(caller, "policy1", "tester policy1", null);
+ assertNotNull("IAM policy 'policy1' failed to create ", createdPolicy);
+ ListResponse<IAMPolicyResponse> policyResp = _aclSrv.listIAMPolicies(null, null, callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", policyResp.getCount() == 1);
+ IAMPolicyResponse resp = policyResp.getResponses().get(0);
+ assertEquals("Error in created group name", "policy1", resp.getName());
+ }
+
+ @Test
+ public void deleteIAMPolicyTest() {
+ when(_iamSrv.deleteIAMPolicy(1L)).thenReturn(true);
+ assertTrue("failed to delete acl policy 1", _aclSrv.deleteIAMPolicy(1L));
+ }
+
+ @Test
+ public void listIAMPolicyTest() {
+ IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
+ List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
+ policies.add(policy);
+ when(_iamSrv.listIAMPolicies(callerId)).thenReturn(policies);
+ List<IAMPolicy> polys = _aclSrv.listIAMPolicies(callerId);
+ assertTrue(polys != null && polys.size() == 1);
+ IAMPolicy p = polys.get(0);
+ assertEquals("Error to retrieve group", "policy1", p.getName());
+ }
+
+ @Test
+ public void addRemovePolicyToGroupTest() {
+ IAMGroup group = new IAMGroupVO("group1", "tester group1");
+ List<IAMGroup> groups = new ArrayList<IAMGroup>();
+ groups.add(group);
+ Long groupId = group.getId();
+ List<Long> policyIds = new ArrayList<Long>();
+ policyIds.add(100L);
+ policyIds.add(200L);
+ IAMPolicy policy1 = new IAMPolicyVO("policy1", "my first policy");
+ IAMPolicy policy2 = new IAMPolicyVO("policy2", "my second policy");
+ List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
+ policies.add(policy1);
+ policies.add(policy2);
+ when(_iamSrv.attachIAMPoliciesToGroup(policyIds, groupId)).thenReturn(group);
+ when(_iamSrv.listIAMPoliciesByGroup(groupId)).thenReturn(policies);
+ Pair<List<IAMGroup>, Integer> grpList = new Pair<List<IAMGroup>, Integer>(groups, 1);
+ when(_iamSrv.listIAMGroups(null, "group1", callerDomainPath, 0L, 20L)).thenReturn(grpList);
+ _aclSrv.attachIAMPoliciesToGroup(policyIds, groupId);
+ ListResponse<IAMGroupResponse> grpResp = _aclSrv.listIAMGroups(null, "group1", callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", grpResp.getCount() == 1);
+ IAMGroupResponse resp = grpResp.getResponses().get(0);
+ Set<String> policyNames = resp.getPolicyList();
+ assertEquals("There should be 2 policies in the group", 2, policyNames.size());
+ assertTrue("policy1 should be assigned to the group", policyNames.contains("policy1"));
+ assertTrue("policy2 should be assigned to the group", policyNames.contains("policy2"));
+ // remove "policy2" from group1
+ policyIds.remove(1);
+ policies.remove(policy2);
+ when(_iamSrv.removeIAMPoliciesFromGroup(policyIds, groupId)).thenReturn(group);
+ _aclSrv.removeIAMPoliciesFromGroup(policyIds, groupId);
+ grpResp = _aclSrv.listIAMGroups(null, "group1", callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", grpResp.getCount() == 1);
+ resp = grpResp.getResponses().get(0);
+ policyNames = resp.getPolicyList();
+ assertEquals("There should be 1 policy attached to the group", 1, policyNames.size());
+ assertFalse("policy2 should not belong to the group anymore", policyNames.contains("policy2"));
+ }
+
+ @Test
+ public void addRemovePermissionToPolicyTest() {
+ IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
+ List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
+ policies.add(policy);
+ Long policyId = policy.getId();
+ Long resId = 200L;
+ Class clz = ListVMsCmd.class;
+ when(_apiServer.getCmdClass("listVirtualMachines")).thenReturn(clz);
+ when(
+ _iamSrv.addIAMPermissionToIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
+ PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
+ AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
+ _aclSrv.addIAMPermissionToIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
+ PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
+ Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>, Integer>(policies, 1);
+ List<IAMPolicyPermission> policyPerms = new ArrayList<IAMPolicyPermission>();
+ IAMPolicyPermission perm = new IAMPolicyPermissionVO(policyId, "listVirtualMachines",
+ IAMEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
+ PermissionScope.RESOURCE.toString(),
+ resId, Permission.Allow, false);
+ policyPerms.add(perm);
+ when(_iamSrv.listIAMPolicies(null, "policy1", callerDomainPath, 0L, 20L)).thenReturn(policyList);
+ when(_iamSrv.listPolicyPermissions(policyId)).thenReturn(policyPerms);
+ ListResponse<IAMPolicyResponse> policyResp = _aclSrv.listIAMPolicies(null, "policy1", callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", policyResp.getCount() == 1);
+ IAMPolicyResponse resp = policyResp.getResponses().get(0);
+ Set<IAMPermissionResponse> permList = resp.getPermissionList();
+ assertTrue("Permission list should not be empty", permList != null && permList.size() > 0);
+ IAMPermissionResponse permResp = permList.iterator().next();
+ assertEquals("There should be one permission for listVirtualMachines", "listVirtualMachines", permResp.getAction());
+
+ //remove permission from policy
+ policyPerms.remove(perm);
+ _aclSrv.removeIAMPermissionFromIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
+ PermissionScope.RESOURCE, resId, "listVirtualMachines");
+ policyResp = _aclSrv.listIAMPolicies(null, "policy1", callerDomainId, 0L, 20L);
+ assertTrue("No. of response items should be one", policyResp.getCount() == 1);
+ resp = policyResp.getResponses().get(0);
+ permList = resp.getPermissionList();
+ assertTrue("Permission list should be empty", permList != null && permList.size() == 0);
+ }
+
+ @After
+ public void tearDown() {
+ }
+
+ @Configuration
+ @ComponentScan(basePackageClasses = {IAMApiServiceImpl.class}, includeFilters = {@Filter(value = TestConfiguration.Library.class, type = FilterType.CUSTOM)}, useDefaultFilters = false)
+ public static class TestConfiguration extends SpringUtils.CloudStackTestConfiguration {
+
+ @Bean
+ public DomainDao domainDao() {
+ return Mockito.mock(DomainDao.class);
+ }
+
+ @Bean
+ public IAMService iamService() {
+ return Mockito.mock(IAMService.class);
+ }
+
+ @Bean
+ public AccountDao accountDao() {
+ return Mockito.mock(AccountDao.class);
+ }
+
+ @Bean
+ public NetworkDomainDao networkDomainDao() {
+ return Mockito.mock(NetworkDomainDao.class);
+ }
+
+ @Bean
+ public AccountManager accountManager() {
+ return Mockito.mock(AccountManager.class);
+ }
+
+ @Bean
+ public MessageBus messageBus() {
+ return Mockito.mock(MessageBus.class);
+ }
+
+ @Bean
+ public ApiServerService apiServerService() {
+ return Mockito.mock(ApiServerService.class);
+ }
+
+ public static class Library implements TypeFilter {
+
+ @Override
+ public boolean match(MetadataReader mdr, MetadataReaderFactory arg1) throws IOException {
+ ComponentScan cs = TestConfiguration.class.getAnnotation(ComponentScan.class);
+ return SpringUtils.includedInBasePackageClasses(mdr.getClassMetadata().getClassName(), cs);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java b/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java
deleted file mode 100644
index 2bdddf7..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java
+++ /dev/null
@@ -1,37 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.api;
-
-import org.apache.cloudstack.api.Identity;
-import org.apache.cloudstack.api.InternalIdentity;
-
-public interface AclGroup extends InternalIdentity, Identity {
-
- String getName();
-
- String getDescription();
-
- @Override
- long getId();
-
- @Override
- String getUuid();
-
- String getPath();
-
- long getAccountId();
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java b/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java
deleted file mode 100644
index 302bbf3..0000000
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java
+++ /dev/null
@@ -1,41 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam.api;
-
-import org.apache.cloudstack.api.Identity;
-import org.apache.cloudstack.api.InternalIdentity;
-
-public interface AclPolicy extends InternalIdentity, Identity {
-
- String getName();
-
- String getDescription();
-
- public enum PolicyType {
- Static, Dynamic
- }
-
- @Override
- long getId();
-
- @Override
- String getUuid();
-
- String getPath();
-
- long getAccountId();
-}
[17/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
iam/server changes: Rename Acl to IAM
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/63098878
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/63098878
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/63098878
Branch: refs/heads/master
Commit: 6309887800c74b4049558a85ba18f5a14749b72b
Parents: 187f9cd
Author: Prachi Damle <pr...@cloud.com>
Authored: Tue Feb 25 16:41:53 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 16:43:25 2014 -0800
----------------------------------------------------------------------
.../cloudstack/iam/IAMApiServiceImpl.java | 56 ++++-----
.../iam/RoleBasedAPIAccessChecker.java | 18 +--
.../iam/RoleBasedEntityAccessChecker.java | 10 +-
.../iam/RoleBasedEntityQuerySelector.java | 16 +--
.../apache/cloudstack/iam/api/IAMService.java | 42 +++----
.../iam/server/IAMAccountPolicyMapVO.java | 10 +-
.../cloudstack/iam/server/IAMServiceImpl.java | 116 +++++++++----------
.../server/dao/IAMAccountPolicyMapDaoImpl.java | 4 +-
.../cloudstack/iam/IAMServiceUnitTest.java | 12 +-
9 files changed, 142 insertions(+), 142 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index de57a41..393fe0e 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -149,7 +149,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (domainId != null) {
s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
Domain domain = _domainDao.findById(domainId);
- _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
+ _iamSrv.createIAMGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
}
}
});
@@ -163,7 +163,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
Domain domain = _domainDao.findById(domainId);
List<IAMGroup> groups = listDomainGroup(domain);
for (IAMGroup group : groups) {
- _iamSrv.deleteAclGroup(group.getId());
+ _iamSrv.deleteIAMGroup(group.getId());
}
}
}
@@ -175,9 +175,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
Long templateId = (Long)obj;
if (templateId != null) {
s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
}
}
@@ -202,7 +202,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
String entityType = entity.first().toString();
Long entityId = entity.second();
s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
- _iamSrv.removeAclPermissionForEntity(entityType, entityId);
+ _iamSrv.removeIAMPermissionForEntity(entityType, entityId);
}
}
});
@@ -275,8 +275,8 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
Domain domain = _domainDao.findById(domainId);
if (domain != null) {
- IAMPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
- _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
+ IAMPolicy policy = _iamSrv.createIAMPolicy(policyName, description, null, domain.getPath());
+ _iamSrv.addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
entityId, action, accessType.toString(), Permission.Allow, recursive);
List<Long> policyList = new ArrayList<Long>();
policyList.add(new Long(policy.getId()));
@@ -284,7 +284,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
List<IAMGroup> domainGroups = listDomainGroup(domain);
if (domainGroups != null) {
for (IAMGroup group : domainGroups) {
- _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
+ _iamSrv.attachIAMPoliciesToGroup(policyList, group.getId());
}
}
}
@@ -299,19 +299,19 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (callerDomain == null) {
throw new InvalidParameterValueException("Caller does not have a domain");
}
- return _iamSrv.createAclGroup(iamGroupName, description, callerDomain.getPath());
+ return _iamSrv.createIAMGroup(iamGroupName, description, callerDomain.getPath());
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_DELETE, eventDescription = "Deleting Acl Group")
public boolean deleteIAMGroup(final Long iamGroupId) {
- return _iamSrv.deleteAclGroup(iamGroupId);
+ return _iamSrv.deleteIAMGroup(iamGroupId);
}
@Override
public List<IAMGroup> listIAMGroups(long accountId) {
- return _iamSrv.listAclGroups(accountId);
+ return _iamSrv.listIAMGroups(accountId);
}
@@ -356,34 +356,34 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (callerDomain == null) {
throw new InvalidParameterValueException("Caller does not have a domain");
}
- return _iamSrv.createAclPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath());
+ return _iamSrv.createIAMPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath());
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_DELETE, eventDescription = "Deleting IAM Policy")
public boolean deleteIAMPolicy(final long iamPolicyId) {
- return _iamSrv.deleteAclPolicy(iamPolicyId);
+ return _iamSrv.deleteIAMPolicy(iamPolicyId);
}
@Override
public List<IAMPolicy> listIAMPolicies(long accountId) {
- return _iamSrv.listAclPolicies(accountId);
+ return _iamSrv.listIAMPolicies(accountId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
+ return _iamSrv.attachIAMPoliciesToGroup(policyIds, groupId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
+ return _iamSrv.removeIAMPoliciesFromGroup(policyIds, groupId);
}
@@ -391,14 +391,14 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
+ _iamSrv.attachIAMPolicyToAccounts(policyId, accountIds);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
+ _iamSrv.removeIAMPolicyFromAccounts(policyId, accountIds);
}
@DB
@@ -411,7 +411,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
accessType = AccessType.UseEntry;
}
- return _iamSrv.addAclPermissionToAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
+ return _iamSrv.addIAMPermissionToIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
accessType.toString(), perm, recursive);
}
@@ -419,12 +419,12 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_REVOKE, eventDescription = "Revoking acl permission from IAM Policy")
public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
- return _iamSrv.removeAclPermissionFromAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action);
+ return _iamSrv.removeIAMPermissionFromIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action);
}
@Override
public IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action) {
- List<IAMPolicy> policies = _iamSrv.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamSrv.listIAMPolicies(accountId);
IAMPolicyPermission curPerm = null;
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
@@ -515,7 +515,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
}
// find all the policies attached to this group
- List<IAMPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
+ List<IAMPolicy> policies = _iamSrv.listIAMPoliciesByGroup(group.getId());
if (policies != null && policies.size() > 0) {
for (IAMPolicy policy : policies) {
response.addPolicy(policy.getName());
@@ -532,7 +532,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (domain != null) {
String domainPath = domain.getPath();
// search for groups
- Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
+ Pair<List<IAMGroup>, Integer> result = _iamSrv.listIAMGroups(null, "DomainGrp-" + domain.getUuid(),
domainPath, null, null);
return result.first();
}
@@ -558,7 +558,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
}
String domainPath = domain.getPath();
// search for groups
- Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize);
+ Pair<List<IAMGroup>, Integer> result = _iamSrv.listIAMGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize);
// generate group response
ListResponse<IAMGroupResponse> response = new ListResponse<IAMGroupResponse>();
List<IAMGroupResponse> groupResponses = new ArrayList<IAMGroupResponse>();
@@ -589,7 +589,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
}
String domainPath = domain.getPath();
// search for policies
- Pair<List<IAMPolicy>, Integer> result = _iamSrv.listAclPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize);
+ Pair<List<IAMPolicy>, Integer> result = _iamSrv.listIAMPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize);
// generate policy response
ListResponse<IAMPolicyResponse> response = new ListResponse<IAMPolicyResponse>();
List<IAMPolicyResponse> policyResponses = new ArrayList<IAMPolicyResponse>();
@@ -653,9 +653,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
private void resetTemplatePermission(Long templateId){
// reset template will change template to private, so we need to remove its permission for domain admin and normal user group
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
// check if there is a policy with only UseEntry permission for this template added
IAMPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
@@ -664,7 +664,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
return;
}
// delete the policy, which should detach it from groups and accounts
- _iamSrv.deleteAclPolicy(policy.getId());
+ _iamSrv.deleteIAMPolicy(policy.getId());
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
index 48e6ede..fb75db3 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
@@ -90,7 +90,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
+ "is null");
}
- List<IAMPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
+ List<IAMPolicy> policies = _iamSrv.listIAMPolicies(account.getAccountId());
boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
if (!isAllowed) {
@@ -117,25 +117,25 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
for (RoleType role : RoleType.values()) {
Long policyId = getDefaultPolicyId(role);
if (policyId != null) {
- _iamSrv.resetAclPolicy(policyId);
+ _iamSrv.resetIAMPolicy(policyId);
}
}
// add the system-domain capability
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null,
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null,
"SystemCapability", null, Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null,
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null,
"DomainCapability", null, Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null,
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null,
"DomainResourceCapability", null, Permission.Allow, false);
// add permissions for public templates
List<VMTemplateVO> pTmplts = _templateDao.listByPublic();
for (VMTemplateVO tmpl : pTmplts){
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+ _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
}
@@ -259,11 +259,11 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
if (entityTypes == null || entityTypes.length == 0) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
} else {
for (IAMEntityType entityType : entityTypes) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+ _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 13f6914..d0d9d88 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -64,7 +64,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
if (entity == null && action != null) {
// check if caller can do this action
- List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
+ List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getAccountId());
boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies);
if (!isAllowed) {
@@ -164,7 +164,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
private List<IAMPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
+ List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getId());
// add any dynamic policies w.r.t the entity
if (caller.getId() == entity.getAccountId()) {
@@ -172,12 +172,12 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
policies.add(_iamSrv.getResourceOwnerPolicy());
}
- List<IAMGroup> groups = _iamSrv.listAclGroups(caller.getId());
+ List<IAMGroup> groups = _iamSrv.listIAMGroups(caller.getId());
for (IAMGroup group : groups) {
// for each group find the grand parent groups.
- List<IAMGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
+ List<IAMGroup> parentGroups = _iamSrv.listParentIAMGroups(group.getId());
for (IAMGroup parentGroup : parentGroups) {
- policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
+ policies.addAll(_iamSrv.listRecursiveIAMPoliciesByGroup(parentGroup.getId()));
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
index 596ac7e..23c57a1 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
@@ -44,7 +44,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedDomains(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// for each policy, find granted permission with Domain scope
List<Long> domainIds = new ArrayList<Long>();
for (IAMPolicy policy : policies) {
@@ -68,7 +68,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedAccounts(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// for each policy, find granted permission with Account scope
List<Long> accountIds = new ArrayList<Long>();
for (IAMPolicy policy : policies) {
@@ -92,15 +92,15 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public List<Long> getAuthorizedResources(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// add the policies that grant recursive access
- List<IAMGroup> groups = _iamService.listAclGroups(caller.getId());
+ List<IAMGroup> groups = _iamService.listIAMGroups(caller.getId());
for (IAMGroup group : groups) {
// for each group find the grand parent groups.
- List<IAMGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
+ List<IAMGroup> parentGroups = _iamService.listParentIAMGroups(group.getId());
for (IAMGroup parentGroup : parentGroups) {
- policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
+ policies.addAll(_iamService.listRecursiveIAMPoliciesByGroup(parentGroup.getId()));
}
}
@@ -123,7 +123,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
public boolean isGrantedAll(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
- List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+ List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// for each policy, find granted permission with ALL scope
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
@@ -136,7 +136,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
@Override
public List<String> listAclGroupsByAccount(long accountId) {
- List<IAMGroup> groups = _iamService.listAclGroups(accountId);
+ List<IAMGroup> groups = _iamService.listIAMGroups(accountId);
List<String> groupNames = new ArrayList<String>();
for (IAMGroup grp : groups) {
groupNames.add(grp.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
index 6eb61fa..74a0885 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
@@ -24,12 +24,12 @@ import com.cloud.utils.Pair;
public interface IAMService {
- /* ACL group related interfaces */
- IAMGroup createAclGroup(String aclGroupName, String description, String path);
+ /* IAM group related interfaces */
+ IAMGroup createIAMGroup(String iamGroupName, String description, String path);
- boolean deleteAclGroup(Long aclGroupId);
+ boolean deleteIAMGroup(Long iamGroupId);
- List<IAMGroup> listAclGroups(long accountId);
+ List<IAMGroup> listIAMGroups(long accountId);
IAMGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
@@ -37,34 +37,34 @@ public interface IAMService {
List<Long> listAccountsByGroup(long groupId);
- Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
+ Pair<List<IAMGroup>, Integer> listIAMGroups(Long iamGroupId, String iamGroupName, String path, Long startIndex, Long pageSize);
- /* ACL Policy related interfaces */
- IAMPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path);
+ /* IAM Policy related interfaces */
+ IAMPolicy createIAMPolicy(String iamPolicyName, String description, Long parentPolicyId, String path);
- boolean deleteAclPolicy(long aclPolicyId);
+ boolean deleteIAMPolicy(long iamPolicyId);
- List<IAMPolicy> listAclPolicies(long accountId);
+ List<IAMPolicy> listIAMPolicies(long accountId);
- List<IAMPolicy> listAclPoliciesByGroup(long groupId);
+ List<IAMPolicy> listIAMPoliciesByGroup(long groupId);
- Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize);
+ Pair<List<IAMPolicy>, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize);
- IAMGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
+ IAMGroup attachIAMPoliciesToGroup(List<Long> policyIds, Long groupId);
- IAMGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
+ IAMGroup removeIAMPoliciesFromGroup(List<Long> policyIds, Long groupId);
- void attachAclPolicyToAccounts(Long policyId, List<Long> acctIds);
+ void attachIAMPolicyToAccounts(Long policyId, List<Long> acctIds);
- void removeAclPolicyFromAccounts(Long policyId, List<Long> acctIds);
+ void removeIAMPolicyFromAccounts(Long policyId, List<Long> acctIds);
- IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
String action, String accessType, Permission perm, Boolean recursive);
- IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
String action);
- void removeAclPermissionForEntity(final String entityType, final Long entityId);
+ void removeIAMPermissionForEntity(final String entityType, final Long entityId);
IAMPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action);
@@ -80,13 +80,13 @@ public interface IAMService {
List<Long> getGrantedEntities(long accountId, String action, String scope);
- IAMPolicy resetAclPolicy(long aclPolicyId);
+ IAMPolicy resetIAMPolicy(long iamPolicyId);
List<IAMPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
String entityType);
- List<IAMGroup> listParentAclGroups(long groupId);
+ List<IAMGroup> listParentIAMGroups(long groupId);
- List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId);
+ List<IAMPolicy> listRecursiveIAMPoliciesByGroup(long groupId);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
index 8f3ac7d..a537655 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
@@ -39,7 +39,7 @@ public class IAMAccountPolicyMapVO {
private long accountId;
@Column(name = "policy_id")
- private long aclPolicyId;
+ private long iamPolicyId;
@Column(name = GenericDao.REMOVED_COLUMN)
private Date removed;
@@ -50,9 +50,9 @@ public class IAMAccountPolicyMapVO {
public IAMAccountPolicyMapVO() {
}
- public IAMAccountPolicyMapVO(long accountId, long aclPolicyId) {
+ public IAMAccountPolicyMapVO(long accountId, long iamPolicyId) {
this.accountId = accountId;
- this.aclPolicyId = aclPolicyId;
+ this.iamPolicyId = iamPolicyId;
}
public long getId() {
@@ -63,8 +63,8 @@ public class IAMAccountPolicyMapVO {
return accountId;
}
- public long getAclPolicyId() {
- return aclPolicyId;
+ public long getIAMPolicyId() {
+ return iamPolicyId;
}
public Date getRemoved() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index 02da7c3..11af27e 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -84,15 +84,15 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMGroup createAclGroup(String aclGroupName, String description, String path) {
+ public IAMGroup createIAMGroup(String iamGroupName, String description, String path) {
// check if the group is already existing
- IAMGroup grp = _aclGroupDao.findByName(path, aclGroupName);
+ IAMGroup grp = _aclGroupDao.findByName(path, iamGroupName);
if (grp != null) {
throw new InvalidParameterValueException(
- "Unable to create acl group with name " + aclGroupName
+ "Unable to create acl group with name " + iamGroupName
+ " already exisits for path " + path);
}
- IAMGroupVO rvo = new IAMGroupVO(aclGroupName, description);
+ IAMGroupVO rvo = new IAMGroupVO(iamGroupName, description);
rvo.setPath(path);
return _aclGroupDao.persist(rvo);
@@ -100,11 +100,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public boolean deleteAclGroup(final Long aclGroupId) {
+ public boolean deleteIAMGroup(final Long iamGroupId) {
// get the Acl Group entity
- final IAMGroup grp = _aclGroupDao.findById(aclGroupId);
+ final IAMGroup grp = _aclGroupDao.findById(iamGroupId);
if (grp == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + aclGroupId
+ throw new InvalidParameterValueException("Unable to find acl group: " + iamGroupId
+ "; failed to delete acl group.");
}
@@ -128,7 +128,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
// remove this group from acl_group table
- _aclGroupDao.remove(aclGroupId);
+ _aclGroupDao.remove(iamGroupId);
}
});
@@ -137,7 +137,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<IAMGroup> listAclGroups(long accountId) {
+ public List<IAMGroup> listIAMGroups(long accountId) {
GenericSearchBuilder<IAMGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class);
groupSB.selectFields(groupSB.entity().getAclGroupId());
@@ -225,11 +225,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) {
- if (aclGroupId != null) {
- IAMGroup group = _aclGroupDao.findById(aclGroupId);
+ public Pair<List<IAMGroup>, Integer> listIAMGroups(Long iamGroupId, String iamGroupName, String path, Long startIndex, Long pageSize) {
+ if (iamGroupId != null) {
+ IAMGroup group = _aclGroupDao.findById(iamGroupId);
if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId);
+ throw new InvalidParameterValueException("Unable to find acl group by id " + iamGroupId);
}
}
@@ -242,12 +242,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
SearchCriteria<IAMGroupVO> sc = sb.create();
- if (aclGroupName != null) {
- sc.setParameters("name", aclGroupName);
+ if (iamGroupName != null) {
+ sc.setParameters("name", iamGroupName);
}
- if (aclGroupId != null) {
- sc.setParameters("id", aclGroupId);
+ if (iamGroupId != null) {
+ sc.setParameters("id", iamGroupId);
}
sc.setParameters("path", path + "%");
@@ -257,7 +257,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public List<IAMGroup> listParentAclGroups(long groupId) {
+ public List<IAMGroup> listParentIAMGroups(long groupId) {
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + groupId);
@@ -294,20 +294,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) {
+ public IAMPolicy createIAMPolicy(final String iamPolicyName, final String description, final Long parentPolicyId, final String path) {
// check if the policy is already existing
- IAMPolicy ro = _aclPolicyDao.findByName(aclPolicyName);
+ IAMPolicy ro = _aclPolicyDao.findByName(iamPolicyName);
if (ro != null) {
throw new InvalidParameterValueException(
- "Unable to create acl policy with name " + aclPolicyName
+ "Unable to create acl policy with name " + iamPolicyName
+ " already exisits");
}
IAMPolicy role = Transaction.execute(new TransactionCallback<IAMPolicy>() {
@Override
public IAMPolicy doInTransaction(TransactionStatus status) {
- IAMPolicyVO rvo = new IAMPolicyVO(aclPolicyName, description);
+ IAMPolicyVO rvo = new IAMPolicyVO(iamPolicyName, description);
rvo.setPath(path);
IAMPolicy role = _aclPolicyDao.persist(rvo);
@@ -331,11 +331,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public boolean deleteAclPolicy(final long aclPolicyId) {
+ public boolean deleteIAMPolicy(final long iamPolicyId) {
// get the Acl Policy entity
- final IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ final IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
+ "; failed to delete acl policy.");
}
@@ -367,7 +367,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
// remove this role from acl_role table
- _aclPolicyDao.remove(aclPolicyId);
+ _aclPolicyDao.remove(iamPolicyId);
}
});
@@ -377,7 +377,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<IAMPolicy> listAclPolicies(long accountId) {
+ public List<IAMPolicy> listIAMPolicies(long accountId) {
// static policies of the account
SearchBuilder<IAMGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
@@ -395,7 +395,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
// add policies directly attached to the account
List<IAMAccountPolicyMapVO> acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId);
for (IAMAccountPolicyMapVO p : acctPolicies) {
- policyIds.add(p.getAclPolicyId());
+ policyIds.add(p.getIAMPolicyId());
}
if (policyIds.size() == 0) {
return new ArrayList<IAMPolicy>();
@@ -413,7 +413,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<IAMPolicy> listAclPoliciesByGroup(long groupId) {
+ public List<IAMPolicy> listIAMPoliciesByGroup(long groupId) {
List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
return new ArrayList<IAMPolicy>();
@@ -436,7 +436,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId) {
+ public List<IAMPolicy> listRecursiveIAMPoliciesByGroup(long groupId) {
List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
if (policyGrpMap == null || policyGrpMap.size() == 0) {
return new ArrayList<IAMPolicy>();
@@ -468,12 +468,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@SuppressWarnings("unchecked")
@Override
- public Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
+ public Pair<List<IAMPolicy>, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize) {
- if (aclPolicyId != null) {
- IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ if (iamPolicyId != null) {
+ IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId);
+ throw new InvalidParameterValueException("Unable to find acl policy by id " + iamPolicyId);
}
}
@@ -486,12 +486,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
SearchCriteria<IAMPolicyVO> sc = sb.create();
- if (aclPolicyName != null) {
- sc.setParameters("name", aclPolicyName);
+ if (iamPolicyName != null) {
+ sc.setParameters("name", iamPolicyName);
}
- if (aclPolicyId != null) {
- sc.setParameters("id", aclPolicyId);
+ if (iamPolicyId != null) {
+ sc.setParameters("id", iamPolicyId);
}
sc.setParameters("path", path + "%");
@@ -504,7 +504,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
+ public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
@@ -538,7 +538,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
+ public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
@@ -570,7 +570,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
- public void attachAclPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
+ public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
@@ -594,7 +594,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
- public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> acctIds) {
+ public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> acctIds) {
IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
@@ -619,20 +619,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ public IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
String action, String accessType, Permission perm, Boolean recursive) {
// get the Acl Policy entity
- IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
+ "; failed to add permission to policy.");
}
// add entry in acl_policy_permission table
- IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
+ IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(iamPolicyId, entityType, scope, scopeId, action, perm);
if (permit == null) {
// not there already
- permit = new IAMPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm,
+ permit = new IAMPolicyPermissionVO(iamPolicyId, action, entityType, accessType, scope, scopeId, perm,
recursive);
_policyPermissionDao.persist(permit);
}
@@ -642,16 +642,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+ public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
String action) {
// get the Acl Policy entity
- IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
+ "; failed to revoke permission from policy.");
}
// remove entry from acl_entity_permission table
- IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, Permission.Allow);
+ IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(iamPolicyId, entityType, scope, scopeId, action, Permission.Allow);
if (permit != null) {
// not removed yet
_policyPermissionDao.remove(permit.getId());
@@ -661,7 +661,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public void removeAclPermissionForEntity(final String entityType, final Long entityId) {
+ public void removeIAMPermissionForEntity(final String entityType, final Long entityId) {
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
@@ -673,7 +673,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
// remove the policy if there are no other permissions
if ((_policyPermissionDao.listByPolicy(policyId)).isEmpty()) {
- deleteAclPolicy(policyId);
+ deleteIAMPolicy(policyId);
}
}
}
@@ -682,11 +682,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@DB
@Override
- public IAMPolicy resetAclPolicy(long aclPolicyId) {
+ public IAMPolicy resetIAMPolicy(long iamPolicyId) {
// get the Acl Policy entity
- IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+ throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
+ "; failed to reset the policy.");
}
@@ -695,7 +695,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ);
sb.done();
SearchCriteria<IAMPolicyPermissionVO> permissionSC = sb.create();
- permissionSC.setParameters("policyId", aclPolicyId);
+ permissionSC.setParameters("policyId", iamPolicyId);
_policyPermissionDao.expunge(permissionSC);
return policy;
@@ -736,7 +736,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
@Override
public List<Long> getGrantedEntities(long accountId, String action, String scope) {
// Get the static Policies of the Caller
- List<IAMPolicy> policies = listAclPolicies(accountId);
+ List<IAMPolicy> policies = listIAMPolicies(accountId);
// for each policy, find granted permission within the given scope
List<Long> entityIds = new ArrayList<Long>();
for (IAMPolicy policy : policies) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
index 883fd5c..a112a3e 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
@@ -26,11 +26,11 @@ public class IAMAccountPolicyMapDaoImpl extends GenericDaoBase<IAMAccountPolicyM
ListByAccountId.done();
ListByPolicyId = createSearchBuilder();
- ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ ListByPolicyId.and("policyId", ListByPolicyId.entity().getIAMPolicyId(), SearchCriteria.Op.EQ);
ListByPolicyId.done();
findByPolicyAccountId = createSearchBuilder();
- findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getIAMPolicyId(), SearchCriteria.Op.EQ);
findByPolicyAccountId.and("accountId", findByPolicyAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
findByPolicyAccountId.done();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
----------------------------------------------------------------------
diff --git a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
index 8760199..53cfc71 100644
--- a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
+++ b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
@@ -114,19 +114,19 @@ public class IAMServiceUnitTest {
@Test(expected = InvalidParameterValueException.class)
public void createAclGroupTest() {
- IAMGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
+ IAMGroup group = _iamService.createIAMGroup("group1", "my first group", "/root/mydomain");
assertNotNull("Acl group 'group1' failed to create ", group);
IAMGroupVO group2 = new IAMGroupVO("group1", "my second group");
when(_aclGroupDao.findByName(eq("/root/mydomain"), eq("group1"))).thenReturn(group2);
- IAMGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
+ IAMGroup group3 = _iamService.createIAMGroup("group1", "my first group", "/root/mydomain");
}
@Test(expected = InvalidParameterValueException.class)
public void deleteAclGroupInvalidIdTest() {
when(_aclGroupDao.findById(20L)).thenReturn(null);
- _iamService.deleteAclGroup(20L);
+ _iamService.deleteIAMGroup(20L);
}
@Test
@@ -145,19 +145,19 @@ public class IAMServiceUnitTest {
@Test(expected = InvalidParameterValueException.class)
public void createAclPolicyTest() {
- IAMPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain");
+ IAMPolicy policy = _iamService.createIAMPolicy("policy1", "my first policy", null, "/root/mydomain");
assertNotNull("Acl policy 'policy1' failed to create ", policy);
IAMPolicyVO rvo = new IAMPolicyVO("policy2", "second policy");
when(_aclPolicyDao.findByName(eq("policy2"))).thenReturn(rvo);
- _iamService.createAclPolicy("policy2", "second policy", null, "/root/mydomain");
+ _iamService.createIAMPolicy("policy2", "second policy", null, "/root/mydomain");
}
@Test(expected = InvalidParameterValueException.class)
public void deleteAclPolicyInvalidIdTest() {
when(_aclPolicyDao.findById(34L)).thenReturn(null);
- _iamService.deleteAclPolicy(34L);
+ _iamService.deleteIAMPolicy(34L);
}
@Configuration
[44/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
After merge, fix isRootAdmin() calls to use accountId instead of type
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d9696b26
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d9696b26
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d9696b26
Branch: refs/heads/master
Commit: d9696b26e101af6596b60bc3d22b01acf9e88677
Parents: 99bdc8d
Author: Prachi Damle <pr...@cloud.com>
Authored: Thu Mar 13 13:27:04 2014 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Thu Mar 13 13:28:40 2014 -0700
----------------------------------------------------------------------
api/src/com/cloud/user/AccountService.java | 4 +-
.../com/cloud/api/query/QueryManagerImpl.java | 2 +-
.../deploy/DeploymentPlanningManagerImpl.java | 2 +-
.../com/cloud/network/NetworkServiceImpl.java | 2 +-
.../com/cloud/storage/VolumeApiServiceImpl.java | 2 +-
.../src/com/cloud/user/AccountManagerImpl.java | 45 +++++++++++---------
.../com/cloud/uuididentity/UUIDManagerImpl.java | 2 +-
.../com/cloud/user/MockAccountManagerImpl.java | 5 ++-
.../iam/RoleBasedEntityAccessChecker.java | 3 ++
9 files changed, 37 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/api/src/com/cloud/user/AccountService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/user/AccountService.java b/api/src/com/cloud/user/AccountService.java
index 85c71ca..7e37b38 100755
--- a/api/src/com/cloud/user/AccountService.java
+++ b/api/src/com/cloud/user/AccountService.java
@@ -88,9 +88,9 @@ public interface AccountService {
User getUserIncludingRemoved(long userId);
- boolean isRootAdmin(long accountId);
+ boolean isRootAdmin(Long accountId);
- boolean isDomainAdmin(long accountId);
+ boolean isDomainAdmin(Long accountId);
boolean isNormalUser(long accountId);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index 0554e3a..b932d42 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -520,7 +520,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
_accountMgr.buildACLViewSearchCriteria(sc, aclSc, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria);
// For end users display only enabled events
- if(!_accountMgr.isRootAdmin(caller.getType())){
+ if (!_accountMgr.isRootAdmin(caller.getId())) {
sc.setParameters("displayEvent", true);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java b/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
index 74c141e..c1f336c 100644
--- a/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
+++ b/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
@@ -508,7 +508,7 @@ public class DeploymentPlanningManagerImpl extends ManagerBase implements Deploy
// check if zone is dedicated. if yes check if vm owner has acess to it.
DedicatedResourceVO dedicatedZone = _dedicatedDao.findByZoneId(dc.getId());
- if (dedicatedZone != null && !_accountMgr.isRootAdmin(vmProfile.getOwner().getType())) {
+ if (dedicatedZone != null && !_accountMgr.isRootAdmin(vmProfile.getOwner().getId())) {
long accountDomainId = vmProfile.getOwner().getDomainId();
long accountId = vmProfile.getOwner().getAccountId();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/src/com/cloud/network/NetworkServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java
index be95a36..9185d84 100755
--- a/server/src/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/com/cloud/network/NetworkServiceImpl.java
@@ -1805,7 +1805,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
// Perform permission check
_accountMgr.checkAccess(caller, null, true, network);
- if (forced && !_accountMgr.isRootAdmin(caller.getType())) {
+ if (forced && !_accountMgr.isRootAdmin(caller.getId())) {
throw new InvalidParameterValueException("Delete network with 'forced' option can only be called by root admins");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/src/com/cloud/storage/VolumeApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/VolumeApiServiceImpl.java b/server/src/com/cloud/storage/VolumeApiServiceImpl.java
index 5ce07f0..30b5479 100644
--- a/server/src/com/cloud/storage/VolumeApiServiceImpl.java
+++ b/server/src/com/cloud/storage/VolumeApiServiceImpl.java
@@ -386,7 +386,7 @@ public class VolumeApiServiceImpl extends ManagerBase implements VolumeApiServic
if (displayVolume == null) {
displayVolume = true;
} else {
- if (!_accountMgr.isRootAdmin(caller.getType())) {
+ if (!_accountMgr.isRootAdmin(caller.getId())) {
throw new PermissionDeniedException("Cannot update parameter displayvolume, only admin permitted ");
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 04d3e23..1b68b0c 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -366,37 +366,40 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
}
@Override
- public boolean isRootAdmin(long accountId) {
- AccountVO acct = _accountDao.findById(accountId);
- for (SecurityChecker checker : _securityCheckers) {
- try {
- if (checker.checkAccess(acct, null, null, "SystemCapability")) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("Root Access granted to " + acct + " by " + checker.getName());
+ public boolean isRootAdmin(Long accountId) {
+ if (accountId != null) {
+ AccountVO acct = _accountDao.findById(accountId);
+ for (SecurityChecker checker : _securityCheckers) {
+ try {
+ if (checker.checkAccess(acct, null, null, "SystemCapability")) {
+ if (s_logger.isDebugEnabled()) {
+ s_logger.debug("Root Access granted to " + acct + " by " + checker.getName());
+ }
+ return true;
}
- return true;
+ } catch (PermissionDeniedException ex) {
+ return false;
}
- } catch (PermissionDeniedException ex) {
- return false;
}
}
-
return false;
}
@Override
- public boolean isDomainAdmin(long accountId) {
- AccountVO acct = _accountDao.findById(accountId);
- for (SecurityChecker checker : _securityCheckers) {
- try {
- if (checker.checkAccess(acct, null, null, "DomainCapability")) {
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("Root Access granted to " + acct + " by " + checker.getName());
+ public boolean isDomainAdmin(Long accountId) {
+ if (accountId != null) {
+ AccountVO acct = _accountDao.findById(accountId);
+ for (SecurityChecker checker : _securityCheckers) {
+ try {
+ if (checker.checkAccess(acct, null, null, "DomainCapability")) {
+ if (s_logger.isDebugEnabled()) {
+ s_logger.debug("Root Access granted to " + acct + " by " + checker.getName());
+ }
+ return true;
}
- return true;
+ } catch (PermissionDeniedException ex) {
+ return false;
}
- } catch (PermissionDeniedException ex) {
- return false;
}
}
return false;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/src/com/cloud/uuididentity/UUIDManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/uuididentity/UUIDManagerImpl.java b/server/src/com/cloud/uuididentity/UUIDManagerImpl.java
index c514746..a1d1452 100644
--- a/server/src/com/cloud/uuididentity/UUIDManagerImpl.java
+++ b/server/src/com/cloud/uuididentity/UUIDManagerImpl.java
@@ -50,7 +50,7 @@ public class UUIDManagerImpl implements UUIDManager {
Account caller = CallContext.current().getCallingAccount();
// Only admin and system allowed to do this
- if (!(caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller.getType()))) {
+ if (!(caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller.getId()))) {
throw new PermissionDeniedException("Please check your permissions, you are not allowed to create/update custom id");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/test/com/cloud/user/MockAccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java
index b411b18..f373cba 100644
--- a/server/test/com/cloud/user/MockAccountManagerImpl.java
+++ b/server/test/com/cloud/user/MockAccountManagerImpl.java
@@ -162,7 +162,7 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco
}
@Override
- public boolean isRootAdmin(long accountId) {
+ public boolean isRootAdmin(Long accountId) {
// TODO Auto-generated method stub
return false;
}
@@ -298,7 +298,7 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco
}
@Override
- public boolean isDomainAdmin(long accountId) {
+ public boolean isDomainAdmin(Long accountId) {
// TODO Auto-generated method stub
return false;
}
@@ -356,4 +356,5 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco
return null;
}
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 02bb702..3fe854a 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -63,6 +63,9 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType, String action)
throws PermissionDeniedException {
+ if (caller == null) {
+ throw new InvalidParameterValueException("Caller cannot be passed as NULL to IAM!");
+ }
if (entity == null && action != null) {
// check if caller can do this action
List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getAccountId());
[39/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Fix issues found through FindBugs.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b554d4ac
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b554d4ac
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b554d4ac
Branch: refs/heads/master
Commit: b554d4ac1fa58e4c6ae0b7256bffddab1f539510
Parents: 1c85af3
Author: Min Chen <mi...@citrix.com>
Authored: Tue Mar 11 11:49:48 2014 -0700
Committer: Min Chen <mi...@citrix.com>
Committed: Tue Mar 11 11:49:48 2014 -0700
----------------------------------------------------------------------
server/src/com/cloud/api/query/QueryManagerImpl.java | 9 ++++++---
.../api/command/iam/AddIAMPermissionToIAMPolicyCmd.java | 3 ---
.../api/response/iam/IAMPermissionResponse.java | 8 ++++----
.../src/org/apache/cloudstack/iam/IAMApiServiceImpl.java | 3 ++-
.../cloudstack/iam/RoleBasedEntityAccessChecker.java | 10 +++++++++-
5 files changed, 21 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b554d4ac/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index 564bf4e..96647f8 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -3314,17 +3314,20 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
if (resourceIdStr != null) {
resourceId = _taggedResourceMgr.getResourceId(resourceIdStr, resourceType);
}
+ if (resourceId == null) {
+ throw new InvalidParameterValueException("Cannot find resource with resourceId " + resourceIdStr + " and of resource type " + resourceType);
+ }
List<? extends ResourceDetail> detailList = new ArrayList<ResourceDetail>();
ResourceDetail requestedDetail = null;
- if (key == null) {
+ if (key == null) {
detailList = _resourceMetaDataMgr.getDetailsList(resourceId, resourceType, forDisplay);
- } else {
+ } else {
requestedDetail = _resourceMetaDataMgr.getDetail(resourceId, resourceType, key);
if (forDisplay != null && requestedDetail.isDisplay() != forDisplay) {
requestedDetail = null;
}
- }
+ }
List<ResourceDetailResponse> responseList = new ArrayList<ResourceDetailResponse>();
if (requestedDetail != null) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b554d4ac/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
index e991537..d37cc3c 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
@@ -39,7 +39,6 @@ import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
-import com.cloud.utils.db.EntityManager;
@APICommand(name = "addIAMPermissionToIAMPolicy", description = "Add IAM permission to an iam policy", responseObject = IAMPolicyResponse.class)
@@ -49,8 +48,6 @@ public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
@Inject
public IAMApiService _iamApiSrv;
- @Inject
- public EntityManager _entityMgr;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b554d4ac/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
index b7af4da..5def248 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
@@ -108,13 +108,13 @@ public class IAMPermissionResponse extends BaseResponse {
if (getClass() != obj.getClass())
return false;
IAMPermissionResponse other = (IAMPermissionResponse) obj;
- if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
+ if ((entityType == null && other.entityType != null) || (entityType != null && !entityType.equals(other.entityType))) {
return false;
- } else if ((action == null && other.action != null) || !action.equals(other.action)) {
+ } else if ((action == null && other.action != null) || (action != null && !action.equals(other.action))) {
return false;
- } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
+ } else if ((scope == null && other.scope != null) || (scope != null && !scope.equals(other.scope))) {
return false;
- } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
+ } else if ((scopeId == null && other.scopeId != null) || (scopeId != null && !scopeId.equals(other.scopeId))) {
return false;
}
return true;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b554d4ac/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index 47b7697..9e941f2 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -591,8 +591,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
accessType = AccessType.UseEntry;
}
+ String accessTypeStr = (accessType != null) ? accessType.toString() : null;
return _iamSrv.addIAMPermissionToIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
- accessType.toString(), perm, recursive);
+ accessTypeStr, perm, recursive);
}
@DB
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b554d4ac/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index d0d9d88..02bb702 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -35,6 +35,7 @@ import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.acl.DomainChecker;
import com.cloud.domain.dao.DomainDao;
+import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.user.Account;
import com.cloud.user.AccountService;
@@ -73,7 +74,14 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
return true;
}
- String entityType = entity.getEntityType().toString();
+ if (entity == null) {
+ throw new InvalidParameterValueException("Entity and action cannot be both NULL in checkAccess!");
+ }
+
+ String entityType = null;
+ if (entity.getEntityType() != null) {
+ entityType = entity.getEntityType().toString();
+ }
if (accessType == null) {
accessType = AccessType.UseEntry;
[16/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
iam/plugin: Rename Acl to IAM everywhere
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/187f9cd0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/187f9cd0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/187f9cd0
Branch: refs/heads/master
Commit: 187f9cd0a2c5e0c1709605a1909a742e8dbba839
Parents: b2ba6c0
Author: Prachi Damle <pr...@cloud.com>
Authored: Mon Feb 24 16:59:27 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 16:43:23 2014 -0800
----------------------------------------------------------------------
api/src/com/cloud/event/EventTypes.java | 22 +-
.../cloudstack/api/ApiCommandJobType.java | 4 +-
.../org/apache/cloudstack/api/ApiConstants.java | 26 +-
.../api/response/AccountResponse.java | 2 +-
.../com/cloud/template/TemplateManagerImpl.java | 4 +-
...g-acl-role-based-access-checkers-context.xml | 35 -
.../spring-iam-access-checkers-context.xml | 35 +
.../command/iam/AddAccountToAclGroupCmd.java | 127 ----
.../command/iam/AddAccountToIAMGroupCmd.java | 127 ++++
.../iam/AddAclPermissionToAclPolicyCmd.java | 151 ----
.../iam/AddIAMPermissionToIAMPolicyCmd.java | 152 ++++
.../iam/AttachAclPolicyToAccountCmd.java | 122 ----
.../iam/AttachAclPolicyToAclGroupCmd.java | 127 ----
.../iam/AttachIAMPolicyToAccountCmd.java | 122 ++++
.../iam/AttachIAMPolicyToIAMGroupCmd.java | 127 ++++
.../api/command/iam/CreateAclGroupCmd.java | 168 -----
.../api/command/iam/CreateAclPolicyCmd.java | 175 -----
.../api/command/iam/CreateIAMGroupCmd.java | 168 +++++
.../api/command/iam/CreateIAMPolicyCmd.java | 175 +++++
.../api/command/iam/DeleteAclGroupCmd.java | 102 ---
.../api/command/iam/DeleteAclPolicyCmd.java | 102 ---
.../api/command/iam/DeleteIAMGroupCmd.java | 102 +++
.../api/command/iam/DeleteIAMPolicyCmd.java | 102 +++
.../api/command/iam/ListAclGroupsCmd.java | 88 ---
.../api/command/iam/ListAclPoliciesCmd.java | 88 ---
.../api/command/iam/ListIAMGroupsCmd.java | 88 +++
.../api/command/iam/ListIAMPoliciesCmd.java | 88 +++
.../iam/RemoveAccountFromAclGroupCmd.java | 127 ----
.../iam/RemoveAccountFromIAMGroupCmd.java | 127 ++++
.../RemoveAclPermissionFromAclPolicyCmd.java | 147 ----
.../iam/RemoveAclPolicyFromAccountCmd.java | 122 ----
.../iam/RemoveAclPolicyFromAclGroupCmd.java | 127 ----
.../RemoveIAMPermissionFromIAMPolicyCmd.java | 147 ++++
.../iam/RemoveIAMPolicyFromAccountCmd.java | 122 ++++
.../iam/RemoveIAMPolicyFromIAMGroupCmd.java | 127 ++++
.../api/response/iam/AclGroupResponse.java | 193 ------
.../api/response/iam/AclPermissionResponse.java | 125 ----
.../api/response/iam/AclPolicyResponse.java | 177 -----
.../api/response/iam/IAMGroupResponse.java | 193 ++++++
.../api/response/iam/IAMPermissionResponse.java | 125 ++++
.../api/response/iam/IAMPolicyResponse.java | 177 +++++
.../apache/cloudstack/iam/AclApiService.java | 84 ---
.../cloudstack/iam/AclApiServiceImpl.java | 690 -------------------
.../apache/cloudstack/iam/IAMApiService.java | 84 +++
.../cloudstack/iam/IAMApiServiceImpl.java | 690 +++++++++++++++++++
.../iam/RoleBasedAPIAccessChecker.java | 12 +-
.../iam/RoleBasedEntityAccessChecker.java | 34 +-
.../iam/RoleBasedEntityQuerySelector.java | 48 +-
.../cloudstack/acl/AclApiServiceTest.java | 357 ----------
.../cloudstack/iam/test/IAMApiServiceTest.java | 363 ++++++++++
.../org/apache/cloudstack/iam/api/AclGroup.java | 37 -
.../apache/cloudstack/iam/api/AclPolicy.java | 41 --
.../cloudstack/iam/api/AclPolicyPermission.java | 53 --
.../org/apache/cloudstack/iam/api/IAMGroup.java | 37 +
.../apache/cloudstack/iam/api/IAMPolicy.java | 41 ++
.../cloudstack/iam/api/IAMPolicyPermission.java | 53 ++
.../apache/cloudstack/iam/api/IAMService.java | 48 +-
.../iam/server/AclAccountPolicyMapVO.java | 77 ---
.../iam/server/AclGroupAccountMapVO.java | 78 ---
.../iam/server/AclGroupPolicyMapVO.java | 79 ---
.../cloudstack/iam/server/AclGroupVO.java | 122 ----
.../iam/server/AclPolicyPermissionVO.java | 181 -----
.../cloudstack/iam/server/AclPolicyVO.java | 138 ----
.../iam/server/IAMAccountPolicyMapVO.java | 77 +++
.../iam/server/IAMGroupAccountMapVO.java | 78 +++
.../iam/server/IAMGroupPolicyMapVO.java | 79 +++
.../cloudstack/iam/server/IAMGroupVO.java | 122 ++++
.../iam/server/IAMPolicyPermissionVO.java | 181 +++++
.../cloudstack/iam/server/IAMPolicyVO.java | 138 ++++
.../cloudstack/iam/server/IAMServiceImpl.java | 282 ++++----
.../iam/server/dao/AclAccountPolicyMapDao.java | 17 -
.../server/dao/AclAccountPolicyMapDaoImpl.java | 61 --
.../iam/server/dao/AclGroupAccountMapDao.java | 40 --
.../server/dao/AclGroupAccountMapDaoImpl.java | 119 ----
.../cloudstack/iam/server/dao/AclGroupDao.java | 28 -
.../iam/server/dao/AclGroupDaoImpl.java | 59 --
.../iam/server/dao/AclGroupPolicyMapDao.java | 16 -
.../server/dao/AclGroupPolicyMapDaoImpl.java | 61 --
.../cloudstack/iam/server/dao/AclPolicyDao.java | 28 -
.../iam/server/dao/AclPolicyDaoImpl.java | 57 --
.../iam/server/dao/AclPolicyPermissionDao.java | 39 --
.../server/dao/AclPolicyPermissionDaoImpl.java | 129 ----
.../iam/server/dao/IAMAccountPolicyMapDao.java | 17 +
.../server/dao/IAMAccountPolicyMapDaoImpl.java | 61 ++
.../iam/server/dao/IAMGroupAccountMapDao.java | 40 ++
.../server/dao/IAMGroupAccountMapDaoImpl.java | 119 ++++
.../cloudstack/iam/server/dao/IAMGroupDao.java | 28 +
.../iam/server/dao/IAMGroupDaoImpl.java | 59 ++
.../iam/server/dao/IAMGroupPolicyMapDao.java | 16 +
.../server/dao/IAMGroupPolicyMapDaoImpl.java | 61 ++
.../cloudstack/iam/server/dao/IAMPolicyDao.java | 28 +
.../iam/server/dao/IAMPolicyDaoImpl.java | 57 ++
.../iam/server/dao/IAMPolicyPermissionDao.java | 39 ++
.../server/dao/IAMPolicyPermissionDaoImpl.java | 129 ++++
.../cloudstack/iam/IAMServiceUnitTest.java | 76 +-
setup/db/db/schema-430to440.sql | 76 +-
96 files changed, 5218 insertions(+), 5211 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/api/src/com/cloud/event/EventTypes.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java
index ea49624..d0ade89 100755
--- a/api/src/com/cloud/event/EventTypes.java
+++ b/api/src/com/cloud/event/EventTypes.java
@@ -455,17 +455,17 @@ public class EventTypes {
public static final String EVENT_UCS_ASSOCIATED_PROFILE = "UCS.ASSOCIATEPROFILE";
- public static final String EVENT_ACL_POLICY_CREATE = "ACLPOLICY.CREATE";
- public static final String EVENT_ACL_POLICY_DELETE = "ACLPOLICY.DELETE";
- public static final String EVENT_ACL_POLICY_GRANT = "ACLPOLICY.GRANT";
- public static final String EVENT_ACL_POLICY_REVOKE = "ACLPOLICY.REVOKE";
-
- public static final String EVENT_ACL_GROUP_UPDATE = "ACLGROUP.UPDATE";
- public static final String EVENT_ACL_GROUP_CREATE = "ACLGROUP.CREATE";
- public static final String EVENT_ACL_GROUP_DELETE = "ACLGROUP.DELETE";
- public static final String EVENT_ACL_GROUP_GRANT = "ACLGROUP.GRANT";
- public static final String EVENT_ACL_GROUP_REVOKE = "ACLGROUP.REVOKE";
- public static final String EVENT_ACL_ACCOUNT_POLICY_UPDATE = "ACLACCOUNTPOLICY.UPDATE";
+ public static final String EVENT_IAM_POLICY_CREATE = "IAMPOLICY.CREATE";
+ public static final String EVENT_IAM_POLICY_DELETE = "IAMPOLICY.DELETE";
+ public static final String EVENT_IAM_POLICY_GRANT = "IAMPOLICY.GRANT";
+ public static final String EVENT_IAM_POLICY_REVOKE = "IAMPOLICY.REVOKE";
+
+ public static final String EVENT_IAM_GROUP_UPDATE = "IAMGROUP.UPDATE";
+ public static final String EVENT_IAM_GROUP_CREATE = "IAMGROUP.CREATE";
+ public static final String EVENT_IAM_GROUP_DELETE = "IAMGROUP.DELETE";
+ public static final String EVENT_IAM_GROUP_GRANT = "IAMGROUP.GRANT";
+ public static final String EVENT_IAM_GROUP_REVOKE = "IAMGROUP.REVOKE";
+ public static final String EVENT_IAM_ACCOUNT_POLICY_UPDATE = "IAMACCOUNTPOLICY.UPDATE";
// Object store migration
public static final String EVENT_MIGRATE_PREPARE_SECONDARY_STORAGE = "MIGRATE.PREPARE.SS";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiCommandJobType.java b/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
index 0e79e66..f27f001 100644
--- a/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
+++ b/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
@@ -50,6 +50,6 @@ public enum ApiCommandJobType {
AffinityGroup,
InternalLbVm,
DedicatedGuestVlanRange,
- AclPolicy,
- AclGroup
+ IAMPolicy,
+ IAMGroup
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index 3535872..b34f106 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -543,19 +543,19 @@ public class ApiConstants {
public static final String ROUTING = "isrouting";
public static final String MAX_CONNECTIONS = "maxconnections";
public static final String SERVICE_STATE = "servicestate";
- public static final String ACL_ACCOUNT_IDS = "accountids";
- public static final String ACL_MEMBER_ACCOUNTS = "memberaccounts";
- public static final String ACL_PARENT_POLICY_ID = "parentpolicyid";
- public static final String ACL_PARENT_POLICY_NAME = "parentpolicyname";
- public static final String ACL_POLICY_IDS = "policyids";
- public static final String ACL_POLICIES = "policies";
- public static final String ACL_APIS = "apis";
- public static final String ACL_GROUPS = "groups";
- public static final String ACL_PERMISSIONS = "permission";
- public static final String ACL_ACTION = "action";
- public static final String ACL_SCOPE = "scope";
- public static final String ACL_SCOPE_ID = "scopeid";
- public static final String ACL_ALLOW_DENY = "permission";
+ public static final String IAM_ACCOUNT_IDS = "accountids";
+ public static final String IAM_MEMBER_ACCOUNTS = "memberaccounts";
+ public static final String IAM_PARENT_POLICY_ID = "parentpolicyid";
+ public static final String IAM_PARENT_POLICY_NAME = "parentpolicyname";
+ public static final String IAM_POLICY_IDS = "policyids";
+ public static final String IAM_POLICIES = "policies";
+ public static final String IAM_APIS = "apis";
+ public static final String IAM_GROUPS = "groups";
+ public static final String IAM_PERMISSIONS = "permission";
+ public static final String IAM_ACTION = "action";
+ public static final String IAM_SCOPE = "scope";
+ public static final String IAM_SCOPE_ID = "scopeid";
+ public static final String IAM_ALLOW_DENY = "permission";
public static final String ENTITY_TYPE = "entitytype";
public static final String ENTITY_ID = "entityid";
public static final String ACCESS_TYPE = "accesstype";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/api/src/org/apache/cloudstack/api/response/AccountResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/AccountResponse.java b/api/src/org/apache/cloudstack/api/response/AccountResponse.java
index 7d36785..991b162 100644
--- a/api/src/org/apache/cloudstack/api/response/AccountResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/AccountResponse.java
@@ -239,7 +239,7 @@ public class AccountResponse extends BaseResponse implements ResourceLimitAndCou
@Param(description = "true if account is default, false otherwise", since = "4.2.0")
private Boolean isDefault;
- @SerializedName(ApiConstants.ACL_GROUPS)
+ @SerializedName(ApiConstants.IAM_GROUPS)
@Param(description = "the list of acl groups that account belongs to")
private List<String> groups;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/server/src/com/cloud/template/TemplateManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/TemplateManagerImpl.java b/server/src/com/cloud/template/TemplateManagerImpl.java
index a8aa785..f27fb74 100755
--- a/server/src/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/com/cloud/template/TemplateManagerImpl.java
@@ -1273,7 +1273,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
permit.put(ApiConstants.ENTITY_TYPE, IAMEntityType.VirtualMachineTemplate.toString());
permit.put(ApiConstants.ENTITY_ID, id);
permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry);
- permit.put(ApiConstants.ACL_ACTION, "listTemplates");
+ permit.put(ApiConstants.IAM_ACTION, "listTemplates");
permit.put(ApiConstants.ACCOUNTS, accountIds);
_messageBus.publish(_name, EntityManager.MESSAGE_GRANT_ENTITY_EVENT, PublishScope.LOCAL, permit);
} else if ("remove".equalsIgnoreCase(operation)) {
@@ -1290,7 +1290,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
permit.put(ApiConstants.ENTITY_TYPE, IAMEntityType.VirtualMachineTemplate.toString());
permit.put(ApiConstants.ENTITY_ID, id);
permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry);
- permit.put(ApiConstants.ACL_ACTION, "listTemplates");
+ permit.put(ApiConstants.IAM_ACTION, "listTemplates");
permit.put(ApiConstants.ACCOUNTS, accountIds);
_messageBus.publish(_name, EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, PublishScope.LOCAL, permit);
} else if ("reset".equalsIgnoreCase(operation)) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
deleted file mode 100644
index 5cc2dbd..0000000
--- a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-3.0.xsd"
- >
-
- <bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.acl.RoleBasedAPIAccessChecker" />
- <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.acl.RoleBasedEntityAccessChecker" />
- <bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.acl.RoleBasedEntityQuerySelector" />
- <bean id="AclApiServiceImpl" class="org.apache.cloudstack.acl.api.AclApiServiceImpl" />
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
----------------------------------------------------------------------
diff --git a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
new file mode 100644
index 0000000..fb0ddf3
--- /dev/null
+++ b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-iam-access-checkers-context.xml
@@ -0,0 +1,35 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+ >
+
+ <bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.iam.RoleBasedAPIAccessChecker" />
+ <bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.iam.RoleBasedEntityAccessChecker" />
+ <bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.iam.RoleBasedEntityQuerySelector" />
+ <bean id="AclApiServiceImpl" class="org.apache.cloudstack.iam.AclApiServiceImpl" />
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
deleted file mode 100644
index b63f635..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAccountToAclGroup", description = "add account to an acl group", responseObject = AclGroupResponse.class)
-public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName());
- private static final String s_name = "addaccounttoaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.addAccountsToGroup(accountIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding accounts to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java
new file mode 100644
index 0000000..bea3fc9
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToIAMGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "addAccountToIAMGroup", description = "add account to an iam group", responseObject = IAMGroupResponse.class)
+public class AddAccountToIAMGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AddAccountToIAMGroupCmd.class.getName());
+ private static final String s_name = "addaccounttoiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ required = true, description = "The ID of the iam group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the iam group.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM group Id: " + getId());
+ IAMGroup result = _iamApiSrv.addAccountsToGroup(accountIdList, id);
+ if (result != null){
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to iam group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding accounts to iam group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
deleted file mode 100644
index e0ecb50..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java
+++ /dev/null
@@ -1,151 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAclPermissionToAclPolicy", description = "Add Acl permission to an acl policy", responseObject = AclPolicyResponse.class)
-public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName());
- private static final String s_name = "addaclpermissiontoaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
- private String action;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
- required = false, description = "acl permission scope")
- private String scope;
-
- @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public String getAction() {
- return action;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public String getScope() {
- return scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- // Only explicit ALLOW is supported for this release, no explicit deny
- AclPolicy result = _aclApiSrv.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope),
- scopeId, action, Permission.Allow, false);
- if (result != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl policy " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_GRANT;
- }
-
- @Override
- public String getEventDescription() {
- return "granting permission to acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
new file mode 100644
index 0000000..86afd10
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
@@ -0,0 +1,152 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "addIAMPermissionToIAMPolicy", description = "Add IAM permission to an iam policy", responseObject = IAMPolicyResponse.class)
+public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AddIAMPermissionToIAMPolicyCmd.class.getName());
+ private static final String s_name = "addiampermissiontoiampolicyresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMPolicyResponse.class,
+ required = true, description = "The ID of the iam policy")
+ private Long id;
+
+ @Parameter(name = ApiConstants.IAM_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
+ private String action;
+
+ @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
+ private String entityType;
+
+ @Parameter(name = ApiConstants.IAM_SCOPE, type = CommandType.STRING,
+ required = false, description = "iam permission scope")
+ private String scope;
+
+ @Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
+ private Long scopeId;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getEntityType() {
+ return entityType;
+ }
+
+ public String getScope() {
+ return scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM policy Id: " + getId());
+ // Only explicit ALLOW is supported for this release, no explicit deny
+ IAMPolicy result = _iamApiSrv.addIAMPermissionToIAMPolicy(id, entityType, PermissionScope.valueOf(scope),
+ scopeId, action, Permission.Allow, false);
+ if (result != null) {
+ IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to iam policy "
+ + getId());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_POLICY_GRANT;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "granting permission to iam policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
deleted file mode 100644
index c16f8bd..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java
+++ /dev/null
@@ -1,122 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "attachAclPolicyToAccount", description = "attach acl policy to accounts", responseObject = SuccessResponse.class)
-public class AttachAclPolicyToAccountCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAccountCmd.class.getName());
- private static final String s_name = "attachaclpolicytoaccountresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that the policy will attach to.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- _aclApiSrv.attachAclPolicyToAccounts(id, accountIdList);
- SuccessResponse response = new SuccessResponse();
- response.setResponseName(getCommandName());
- setResponseObject(response);
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding acl policy to accounts";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.Account;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
deleted file mode 100644
index cd2a3d5..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "attachAclPolicyToAclGroup", description = "attach acl policy to an acl group", responseObject = AclGroupResponse.class)
-public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName());
- private static final String s_name = "attachaclpolicytoaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
- private List<Long> policyIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getPolicyIdList() {
- return policyIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.attachAclPoliciesToGroup(policyIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding acl roles to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java
new file mode 100644
index 0000000..fc174cf
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToAccountCmd.java
@@ -0,0 +1,122 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "attachIAMPolicyToAccount", description = "attach iam policy to accounts", responseObject = SuccessResponse.class)
+public class AttachIAMPolicyToAccountCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AttachIAMPolicyToAccountCmd.class.getName());
+ private static final String s_name = "attachiampolicytoaccountresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMPolicyResponse.class,
+ required = true, description = "The ID of the iam policy")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that the policy will attach to.")
+ private List<Long> accountIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getAccountIdList() {
+ return accountIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM policy Id: " + getId());
+ _iamApiSrv.attachIAMPolicyToAccounts(id, accountIdList);
+ SuccessResponse response = new SuccessResponse();
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding IAM policy to accounts";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.Account;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java
new file mode 100644
index 0000000..1705c4a
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachIAMPolicyToIAMGroupCmd.java
@@ -0,0 +1,127 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "attachIAMPolicyToIAMGroup", description = "attach iam policy to an iam group", responseObject = IAMGroupResponse.class)
+public class AttachIAMPolicyToIAMGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AttachIAMPolicyToIAMGroupCmd.class.getName());
+ private static final String s_name = "attachiampolicytoiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = IAMGroupResponse.class,
+ required = true, description = "The ID of the iam group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.IAM_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = IAMPolicyResponse.class, description = "comma separated list of iam policy id that are going to be applied to the iam group.")
+ private List<Long> policyIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getPolicyIdList() {
+ return policyIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("IAM group Id: " + getId());
+ IAMGroup result = _iamApiSrv.attachIAMPoliciesToGroup(policyIdList, id);
+ if (result != null){
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to iam group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding iam roles to iam group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
deleted file mode 100644
index 3805c9f..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java
+++ /dev/null
@@ -1,168 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
-
-@APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group")
-public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclGroupCmd.class.getName());
-
- private static final String s_name = "createaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl group. Must be used with domainId.")
- private String accountName;
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl group", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl group")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
- private String name;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = CallContext.current().getCallingAccount();
- if ((account == null) || _accountService.isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
- // command to SYSTEM so ERROR events
- // are tracked
- }
-
- @Override
- public void execute() {
- AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId());
- if (grp != null) {
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(grp);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- Account account = CallContext.current().getCallingAccount();
- AclGroup result = _aclApiSrv.createAclGroup(account, name, description);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl group";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_GROUP_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
deleted file mode 100644
index 3bddc35..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java
+++ /dev/null
@@ -1,175 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.iam;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
-
-@APICommand(name = "createAclPolicy", responseObject = AclPolicyResponse.class, description = "Creates an acl policy")
-public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclPolicyCmd.class.getName());
-
- private static final String s_name = "createaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl policy. Must be used with domainId.")
- private String accountName;
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl policy", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl policy")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl policy")
- private String name;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent acl policy.", entityType = AclPolicyResponse.class)
- private Long parentPolicyId;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
- public String getAccountName() {
- return accountName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
- public Long getParentPolicyId() {
- return parentPolicyId;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- Account account = CallContext.current().getCallingAccount();
- if ((account == null) || _accountService.isAdmin(account.getType())) {
- if ((domainId != null) && (accountName != null)) {
- Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
- if (userAccount != null) {
- return userAccount.getId();
- }
- }
- }
-
- if (account != null) {
- return account.getId();
- }
-
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
- // command to SYSTEM so ERROR events
- // are tracked
- }
-
- @Override
- public void execute() {
- AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId());
- if (policy != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(policy);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- Account account = CallContext.current().getCallingAccount();
- AclPolicy result = _aclApiSrv.createAclPolicy(account, name, description, parentPolicyId);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl policy";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_POLICY_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java
new file mode 100644
index 0000000..d0b9bc6
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateIAMGroupCmd.java
@@ -0,0 +1,168 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.iam;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.iam.IAMApiService;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.user.Account;
+
+@APICommand(name = "createIAMGroup", responseObject = IAMGroupResponse.class, description = "Creates an IAM group")
+public class CreateIAMGroupCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIAMGroupCmd.class.getName());
+
+ private static final String s_name = "createiamgroupresponse";
+
+ @Inject
+ public IAMApiService _iamApiSrv;
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the iam group. Must be used with domainId.")
+ private String accountName;
+
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the iam group", entityType = DomainResponse.class)
+ private Long domainId;
+
+ @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the iam group")
+ private String description;
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the iam group")
+ private String name;
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = CallContext.current().getCallingAccount();
+ if ((account == null) || _accountService.isAdmin(account.getType())) {
+ if ((domainId != null) && (accountName != null)) {
+ Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+ if (userAccount != null) {
+ return userAccount.getId();
+ }
+ }
+ }
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
+ // command to SYSTEM so ERROR events
+ // are tracked
+ }
+
+ @Override
+ public void execute() {
+ IAMGroup grp = _entityMgr.findById(IAMGroup.class, getEntityId());
+ if (grp != null) {
+ IAMGroupResponse response = _iamApiSrv.createIAMGroupResponse(grp);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam group:" + name);
+ }
+ }
+
+ @Override
+ public void create() throws ResourceAllocationException {
+ Account account = CallContext.current().getCallingAccount();
+ IAMGroup result = _iamApiSrv.createIAMGroup(account, name, description);
+ if (result != null) {
+ setEntityId(result.getId());
+ setEntityUuid(result.getUuid());
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create iam group entity" + name);
+ }
+
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IAM_GROUP_CREATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "creating IAM group";
+ }
+
+ @Override
+ public String getCreateEventType() {
+ return EventTypes.EVENT_IAM_GROUP_CREATE;
+ }
+
+ @Override
+ public String getCreateEventDescription() {
+ return "creating IAM group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.IAMGroup;
+ }
+
+}
[09/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Posted by mc...@apache.org.
Renaming plugin packages to 'iam' instead if 'acl'
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b2ba6c05
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b2ba6c05
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b2ba6c05
Branch: refs/heads/master
Commit: b2ba6c05b4b9d1d1b15f704e454a710e3ed5a325
Parents: f41604f
Author: Prachi Damle <pr...@cloud.com>
Authored: Wed Feb 19 17:08:58 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Feb 25 16:43:20 2014 -0800
----------------------------------------------------------------------
.../acl/RoleBasedAPIAccessChecker.java | 269 --------
.../acl/RoleBasedEntityAccessChecker.java | 183 -----
.../acl/RoleBasedEntityQuerySelector.java | 145 ----
.../cloudstack/acl/api/AclApiService.java | 84 ---
.../cloudstack/acl/api/AclApiServiceImpl.java | 690 -------------------
.../command/acl/AddAccountToAclGroupCmd.java | 127 ----
.../acl/AddAclPermissionToAclPolicyCmd.java | 151 ----
.../acl/AttachAclPolicyToAccountCmd.java | 122 ----
.../acl/AttachAclPolicyToAclGroupCmd.java | 127 ----
.../api/command/acl/CreateAclGroupCmd.java | 168 -----
.../api/command/acl/CreateAclPolicyCmd.java | 175 -----
.../api/command/acl/DeleteAclGroupCmd.java | 102 ---
.../api/command/acl/DeleteAclPolicyCmd.java | 102 ---
.../api/command/acl/ListAclGroupsCmd.java | 88 ---
.../api/command/acl/ListAclPoliciesCmd.java | 88 ---
.../acl/RemoveAccountFromAclGroupCmd.java | 127 ----
.../RemoveAclPermissionFromAclPolicyCmd.java | 147 ----
.../acl/RemoveAclPolicyFromAccountCmd.java | 122 ----
.../acl/RemoveAclPolicyFromAclGroupCmd.java | 127 ----
.../command/iam/AddAccountToAclGroupCmd.java | 127 ++++
.../iam/AddAclPermissionToAclPolicyCmd.java | 151 ++++
.../iam/AttachAclPolicyToAccountCmd.java | 122 ++++
.../iam/AttachAclPolicyToAclGroupCmd.java | 127 ++++
.../api/command/iam/CreateAclGroupCmd.java | 168 +++++
.../api/command/iam/CreateAclPolicyCmd.java | 175 +++++
.../api/command/iam/DeleteAclGroupCmd.java | 102 +++
.../api/command/iam/DeleteAclPolicyCmd.java | 102 +++
.../api/command/iam/ListAclGroupsCmd.java | 88 +++
.../api/command/iam/ListAclPoliciesCmd.java | 88 +++
.../iam/RemoveAccountFromAclGroupCmd.java | 127 ++++
.../RemoveAclPermissionFromAclPolicyCmd.java | 147 ++++
.../iam/RemoveAclPolicyFromAccountCmd.java | 122 ++++
.../iam/RemoveAclPolicyFromAclGroupCmd.java | 127 ++++
.../api/response/acl/AclGroupResponse.java | 193 ------
.../api/response/acl/AclPermissionResponse.java | 125 ----
.../api/response/acl/AclPolicyResponse.java | 177 -----
.../api/response/iam/AclGroupResponse.java | 193 ++++++
.../api/response/iam/AclPermissionResponse.java | 125 ++++
.../api/response/iam/AclPolicyResponse.java | 177 +++++
.../apache/cloudstack/iam/AclApiService.java | 84 +++
.../cloudstack/iam/AclApiServiceImpl.java | 690 +++++++++++++++++++
.../iam/RoleBasedAPIAccessChecker.java | 273 ++++++++
.../iam/RoleBasedEntityAccessChecker.java | 186 +++++
.../iam/RoleBasedEntityQuerySelector.java | 147 ++++
.../cloudstack/acl/AclApiServiceTest.java | 18 +-
45 files changed, 3657 insertions(+), 3648 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
deleted file mode 100644
index 01e3d75..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
+++ /dev/null
@@ -1,269 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.BaseListCmd;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.api.IAMService;
-
-import com.cloud.api.ApiServerService;
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.storage.VMTemplateVO;
-import com.cloud.storage.dao.VMTemplateDao;
-import com.cloud.user.Account;
-import com.cloud.user.AccountService;
-import com.cloud.user.User;
-import com.cloud.utils.PropertiesUtil;
-import com.cloud.utils.component.AdapterBase;
-import com.cloud.utils.component.PluggableService;
-import com.cloud.utils.exception.CloudRuntimeException;
-
-//This is the Role Based API access checker that grab's the account's roles
-//based on the set of roles, access is granted if any of the role has access to the api
-@Local(value=APIChecker.class)
-public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
-
- protected static final Logger s_logger = Logger.getLogger(RoleBasedAPIAccessChecker.class);
-
- @Inject
- AccountService _accountService;
- @Inject
- ApiServerService _apiServer;
- @Inject
- IAMService _iamSrv;
- @Inject
- VMTemplateDao _templateDao;
-
- Set<String> commandsPropertiesOverrides = new HashSet<String>();
- Map<RoleType, Set<String>> commandsPropertiesRoleBasedApisMap = new HashMap<RoleType, Set<String>>();
-
- List<PluggableService> _services;
-
- protected RoleBasedAPIAccessChecker() {
- super();
- for (RoleType roleType : RoleType.values()) {
- commandsPropertiesRoleBasedApisMap.put(roleType, new HashSet<String>());
- }
- }
-
- @Override
- public boolean checkAccess(User user, String commandName) throws PermissionDeniedException {
- Account account = _accountService.getAccount(user.getAccountId());
- if (account == null) {
- throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId()
- + "is null");
- }
-
- List<AclPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
-
- boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
- if (!isAllowed) {
- throw new PermissionDeniedException("The API does not exist or is blacklisted. api: " + commandName);
- }
- return isAllowed;
- }
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- processMapping(PropertiesUtil.processConfigFile(new String[] { "commands.properties" }));
- return true;
- }
-
- @Override
- public boolean start() {
-
- // drop all default policy api permissions - we reload them every time
- // to include any changes done to the @APICommand or
- // commands.properties.
-
- for (RoleType role : RoleType.values()) {
- Long policyId = getDefaultPolicyId(role);
- if (policyId != null) {
- _iamSrv.resetAclPolicy(policyId);
- }
- }
-
- // add the system-domain capability
-
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null,
- "SystemCapability", null, Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null,
- "DomainCapability", null, Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null,
- "DomainResourceCapability", null, Permission.Allow, false);
-
- // add permissions for public templates
- List<VMTemplateVO> pTmplts = _templateDao.listByPublic();
- for (VMTemplateVO tmpl : pTmplts){
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), AclEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), AclEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- }
-
- for (PluggableService service : _services) {
- for (Class<?> cmdClass : service.getCommands()) {
- APICommand command = cmdClass.getAnnotation(APICommand.class);
- if (!commandsPropertiesOverrides.contains(command.name())) {
- for (RoleType role : command.authorized()) {
- addDefaultAclPolicyPermission(command.name(), cmdClass, role);
- }
- }
- }
- }
-
- // read commands.properties and load api acl permissions -
- // commands.properties overrides any @APICommand authorization
-
- for (String apiName : commandsPropertiesOverrides) {
- Class<?> cmdClass = _apiServer.getCmdClass(apiName);
- for (RoleType role : RoleType.values()) {
- if (commandsPropertiesRoleBasedApisMap.get(role).contains(apiName)) {
- // insert permission for this role for this api
- addDefaultAclPolicyPermission(apiName, cmdClass, role);
- }
- }
- }
-
- return super.start();
- }
-
- private Long getDefaultPolicyId(RoleType role) {
- Long policyId = null;
- switch (role) {
- case User:
- policyId = new Long(Account.ACCOUNT_TYPE_NORMAL + 1);
- break;
-
- case Admin:
- policyId = new Long(Account.ACCOUNT_TYPE_ADMIN + 1);
- break;
-
- case DomainAdmin:
- policyId = new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1);
- break;
-
- case ResourceAdmin:
- policyId = new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1);
- break;
- }
-
- return policyId;
- }
-
- private void processMapping(Map<String, String> configMap) {
- for (Map.Entry<String, String> entry : configMap.entrySet()) {
- String apiName = entry.getKey();
- String roleMask = entry.getValue();
- commandsPropertiesOverrides.add(apiName);
- try {
- short cmdPermissions = Short.parseShort(roleMask);
- for (RoleType roleType : RoleType.values()) {
- if ((cmdPermissions & roleType.getValue()) != 0)
- commandsPropertiesRoleBasedApisMap.get(roleType).add(apiName);
- }
- } catch (NumberFormatException nfe) {
- s_logger.info("Malformed key=value pair for entry: " + entry.toString());
- }
- }
- }
-
- public List<PluggableService> getServices() {
- return _services;
- }
-
- @Inject
- public void setServices(List<PluggableService> services) {
- _services = services;
- }
-
- private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType role) {
-
- AccessType accessType = null;
- AclEntityType[] entityTypes = null;
- if (cmdClass != null) {
- BaseCmd cmdObj;
- try {
- cmdObj = (BaseCmd) cmdClass.newInstance();
- if (cmdObj instanceof BaseListCmd) {
- accessType = AccessType.UseEntry;
- } else if (!(cmdObj instanceof BaseAsyncCreateCmd)) {
- accessType = AccessType.OperateEntry;
- }
- } catch (Exception e) {
- throw new CloudRuntimeException(String.format(
- "%s is claimed as an API command, but it cannot be instantiated", cmdClass.getName()));
- }
-
- APICommand at = cmdClass.getAnnotation(APICommand.class);
- entityTypes = at.entityType();
- }
-
- PermissionScope permissionScope = PermissionScope.ACCOUNT;
- Long policyId = getDefaultPolicyId(role);
- switch (role) {
- case User:
- permissionScope = PermissionScope.ACCOUNT;
- break;
-
- case Admin:
- permissionScope = PermissionScope.ALL;
- break;
-
- case DomainAdmin:
- permissionScope = PermissionScope.DOMAIN;
- break;
-
- case ResourceAdmin:
- permissionScope = PermissionScope.DOMAIN;
- break;
- }
-
-
- if (entityTypes == null || entityTypes.length == 0) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
- apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
- } else {
- for (AclEntityType entityType : entityTypes) {
- _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
- apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
- }
- }
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
deleted file mode 100644
index 65249a6..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
+++ /dev/null
@@ -1,183 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.InternalIdentity;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.IAMService;
-
-import com.cloud.acl.DomainChecker;
-import com.cloud.domain.dao.DomainDao;
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.user.Account;
-import com.cloud.user.AccountService;
-
-public class RoleBasedEntityAccessChecker extends DomainChecker implements SecurityChecker {
-
- private static final Logger s_logger = Logger.getLogger(RoleBasedEntityAccessChecker.class.getName());
-
- @Inject
- AccountService _accountService;
-
- @Inject DomainDao _domainDao;
-
- @Inject
- IAMService _iamSrv;
-
-
- @Override
- public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType)
- throws PermissionDeniedException {
- return checkAccess(caller, entity, accessType, null);
- }
-
- @Override
- public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType, String action)
- throws PermissionDeniedException {
-
- if (entity == null && action != null) {
- // check if caller can do this action
- List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
-
- boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies);
- if (!isAllowed) {
- throw new PermissionDeniedException("The action '" + action + "' not allowed for account " + caller);
- }
- return true;
- }
-
- String entityType = entity.getEntityType().toString();
-
- if (accessType == null) {
- accessType = AccessType.UseEntry;
- }
-
- // get all Policies of this caller w.r.t the entity
- List<AclPolicy> policies = getEffectivePolicies(caller, entity);
- HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();
-
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> permissions = new ArrayList<AclPolicyPermission>();
-
- if (action != null) {
- permissions = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action, entityType);
- if (permissions.isEmpty()) {
- if (accessType != null) {
- permissions.addAll(_iamSrv.listPolicyPermissionByAccessAndEntity(policy.getId(),
- accessType.toString(), entityType));
- }
- }
- } else {
- if (accessType != null) {
- permissions.addAll(_iamSrv.listPolicyPermissionByAccessAndEntity(policy.getId(),
- accessType.toString(), entityType));
- }
- }
- for (AclPolicyPermission permission : permissions) {
- if (checkPermissionScope(caller, permission.getScope(), permission.getScopeId(), entity)) {
- if (permission.getEntityType().equals(entityType)) {
- policyPermissionMap.put(policy, permission.getPermission().isGranted());
- break;
- } else if (permission.getEntityType().equals("*")) {
- policyPermissionMap.put(policy, permission.getPermission().isGranted());
- }
- }
- }
- if (policyPermissionMap.containsKey(policy) && policyPermissionMap.get(policy)) {
- return true;
- }
- }
-
- if (!policies.isEmpty()) { // Since we reach this point, none of the
- // roles granted access
- if (s_logger.isDebugEnabled()) {
- s_logger.debug("Account " + caller + " does not have permission to access resource " + entity
- + " for access type: " + accessType);
- }
- throw new PermissionDeniedException(caller + " does not have permission to access resource " + entity);
- }
-
- return false;
- }
-
- private boolean checkPermissionScope(Account caller, String scope, Long scopeId, ControlledEntity entity) {
-
- if(scopeId != null && !scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))){
- //scopeId is set
- if (scope.equals(PermissionScope.ACCOUNT.name())) {
- if(scopeId == entity.getAccountId()){
- return true;
- }
- } else if (scope.equals(PermissionScope.DOMAIN.name())) {
- if (_domainDao.isChildDomain(scopeId, entity.getDomainId())) {
- return true;
- }
- } else if (scope.equals(PermissionScope.RESOURCE.name())) {
- if (entity instanceof InternalIdentity) {
- InternalIdentity entityWithId = (InternalIdentity) entity;
- if(scopeId.equals(entityWithId.getId())){
- return true;
- }
- }
- }
- } else if (scopeId == null || scopeId.equals(new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER))) {
- if (scope.equals(PermissionScope.ACCOUNT.name())) {
- if(caller.getAccountId() == entity.getAccountId()){
- return true;
- }
- } else if (scope.equals(PermissionScope.DOMAIN.name())) {
- if (_domainDao.isChildDomain(caller.getDomainId(), entity.getDomainId())) {
- return true;
- }
- }
- }
- return false;
- }
-
- private List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
-
- // Get the static Policies of the Caller
- List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
-
- // add any dynamic policies w.r.t the entity
- if (caller.getId() == entity.getAccountId()) {
- // The caller owns the entity
- policies.add(_iamSrv.getResourceOwnerPolicy());
- }
-
- List<AclGroup> groups = _iamSrv.listAclGroups(caller.getId());
- for (AclGroup group : groups) {
- // for each group find the grand parent groups.
- List<AclGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
- for (AclGroup parentGroup : parentGroups) {
- policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
- }
- }
-
- return policies;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
deleted file mode 100644
index 7b8715f..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
+++ /dev/null
@@ -1,145 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.IAMService;
-
-import com.cloud.user.Account;
-import com.cloud.utils.component.AdapterBase;
-
-public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySelector {
-
- private static final Logger s_logger = Logger.getLogger(RoleBasedEntityQuerySelector.class.getName());
-
- @Inject
- IAMService _iamService;
-
- @Override
- public List<Long> getAuthorizedDomains(Account caller, String action) {
- long accountId = caller.getAccountId();
- // Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
- // for each policy, find granted permission with Domain scope
- List<Long> domainIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.DOMAIN.toString());
- if (pp != null) {
- for (AclPolicyPermission p : pp) {
- if (p.getScopeId() != null) {
- if (p.getScopeId().longValue() == -1) {
- domainIds.add(caller.getDomainId());
- } else {
- domainIds.add(p.getScopeId());
- }
- }
- }
- }
- }
- return domainIds;
- }
-
- @Override
- public List<Long> getAuthorizedAccounts(Account caller, String action) {
- long accountId = caller.getAccountId();
- // Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
- // for each policy, find granted permission with Account scope
- List<Long> accountIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ACCOUNT.toString());
- if (pp != null) {
- for (AclPolicyPermission p : pp) {
- if (p.getScopeId() != null) {
- if (p.getScopeId().longValue() == -1) {
- accountIds.add(caller.getId());
- } else {
- accountIds.add(p.getScopeId());
- }
- }
- }
- }
- }
- return accountIds;
- }
-
- @Override
- public List<Long> getAuthorizedResources(Account caller, String action) {
- long accountId = caller.getAccountId();
- // Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
-
- // add the policies that grant recursive access
- List<AclGroup> groups = _iamService.listAclGroups(caller.getId());
- for (AclGroup group : groups) {
- // for each group find the grand parent groups.
- List<AclGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
- for (AclGroup parentGroup : parentGroups) {
- policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
- }
- }
-
- // for each policy, find granted permission with Resource scope
- List<Long> entityIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.RESOURCE.toString());
- if (pp != null) {
- for (AclPolicyPermission p : pp) {
- if (p.getScopeId() != null) {
- entityIds.add(p.getScopeId());
- }
- }
- }
- }
- return entityIds;
- }
-
- @Override
- public boolean isGrantedAll(Account caller, String action) {
- long accountId = caller.getAccountId();
- // Get the static Policies of the Caller
- List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
- // for each policy, find granted permission with ALL scope
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
- if (pp != null && pp.size() > 0) {
- return true;
- }
- }
- return false;
- }
-
- @Override
- public List<String> listAclGroupsByAccount(long accountId) {
- List<AclGroup> groups = _iamService.listAclGroups(accountId);
- List<String> groupNames = new ArrayList<String>();
- for (AclGroup grp : groups) {
- groupNames.add(grp.getName());
- }
- return groupNames;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
deleted file mode 100644
index 18064d8..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
+++ /dev/null
@@ -1,84 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.api;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-
-import com.cloud.user.Account;
-import com.cloud.utils.component.PluggableService;
-
-public interface AclApiService extends PluggableService {
-
- /* ACL group related interfaces */
- AclGroup createAclGroup(Account caller, String aclGroupName, String description);
-
- boolean deleteAclGroup(Long aclGroupId);
-
- List<AclGroup> listAclGroups(long accountId);
-
- AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
-
- AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
-
- /* ACL Policy related interfaces */
- AclPolicy createAclPolicy(Account caller, String aclPolicyName, String description, Long parentPolicyId);
-
- boolean deleteAclPolicy(long aclPolicyId);
-
- List<AclPolicy> listAclPolicies(long accountId);
-
- AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
-
- AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
-
- void attachAclPolicyToAccounts(Long policyId, List<Long> accountIds);
-
- void removeAclPolicyFromAccounts(Long policyId, List<Long> accountIds);
-
- AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId,
- String action, Permission perm, Boolean recursive);
-
- AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
-
- AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
-
- /* Utility routine to grant/revoke invidivual resource to list of accounts */
- void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
-
- void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
-
- /* Response Generation */
- AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
-
- AclGroupResponse createAclGroupResponse(AclGroup group);
-
- ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
- Long domainId, Long startIndex, Long pageSize);
-
- ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
- Long domainId, Long startIndex, Long pageSize);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
deleted file mode 100644
index a8fd2c5..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ /dev/null
@@ -1,690 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.api;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListCmd;
-import org.apache.cloudstack.api.command.acl.AddAccountToAclGroupCmd;
-import org.apache.cloudstack.api.command.acl.AddAclPermissionToAclPolicyCmd;
-import org.apache.cloudstack.api.command.acl.AttachAclPolicyToAccountCmd;
-import org.apache.cloudstack.api.command.acl.AttachAclPolicyToAclGroupCmd;
-import org.apache.cloudstack.api.command.acl.CreateAclGroupCmd;
-import org.apache.cloudstack.api.command.acl.CreateAclPolicyCmd;
-import org.apache.cloudstack.api.command.acl.DeleteAclGroupCmd;
-import org.apache.cloudstack.api.command.acl.DeleteAclPolicyCmd;
-import org.apache.cloudstack.api.command.acl.ListAclGroupsCmd;
-import org.apache.cloudstack.api.command.acl.ListAclPoliciesCmd;
-import org.apache.cloudstack.api.command.acl.RemoveAccountFromAclGroupCmd;
-import org.apache.cloudstack.api.command.acl.RemoveAclPermissionFromAclPolicyCmd;
-import org.apache.cloudstack.api.command.acl.RemoveAclPolicyFromAccountCmd;
-import org.apache.cloudstack.api.command.acl.RemoveAclPolicyFromAclGroupCmd;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPermissionResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.framework.messagebus.MessageBus;
-import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.api.IAMService;
-
-import com.cloud.api.ApiServerService;
-import com.cloud.domain.Domain;
-import com.cloud.domain.DomainVO;
-import com.cloud.domain.dao.DomainDao;
-import com.cloud.event.ActionEvent;
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.template.TemplateManager;
-import com.cloud.user.Account;
-import com.cloud.user.AccountManager;
-import com.cloud.user.AccountVO;
-import com.cloud.user.DomainManager;
-import com.cloud.user.dao.AccountDao;
-import com.cloud.utils.Pair;
-import com.cloud.utils.component.Manager;
-import com.cloud.utils.component.ManagerBase;
-import com.cloud.utils.db.DB;
-import com.cloud.utils.db.EntityManager;
-
-@Local(value = {AclApiService.class})
-public class AclApiServiceImpl extends ManagerBase implements AclApiService, Manager {
-
- public static final Logger s_logger = Logger.getLogger(AclApiServiceImpl.class);
- private String _name;
-
- @Inject
- ApiServerService _apiServer;
-
- @Inject
- IAMService _iamSrv;
-
- @Inject
- DomainDao _domainDao;
-
- @Inject
- AccountDao _accountDao;
-
- @Inject
- AccountManager _accountMgr;
-
- @Inject
- MessageBus _messageBus;
-
- @Override
- public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
- _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- HashMap<Long, Long> acctGroupMap = (HashMap<Long, Long>) obj;
- for (Long accountId : acctGroupMap.keySet()) {
- Long groupId = acctGroupMap.get(accountId);
- s_logger.debug("MessageBus message: new Account Added: " + accountId + ", adding it to groupId :"
- + groupId);
- addAccountToAclGroup(accountId, groupId);
- // add it to domain group too
- AccountVO account = _accountDao.findById(accountId);
- Domain domain = _domainDao.findById(account.getDomainId());
- if (domain != null) {
- List<AclGroup> domainGroups = listDomainGroup(domain);
-
- if (domainGroups != null) {
- for (AclGroup group : domainGroups) {
- addAccountToAclGroup(accountId, new Long(group.getId()));
- }
- }
- }
- }
- }
- });
-
- _messageBus.subscribe(AccountManager.MESSAGE_REMOVE_ACCOUNT_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long accountId = ((Long) obj);
- if (accountId != null) {
- s_logger.debug("MessageBus message: Account removed: " + accountId
- + ", releasing the group associations");
- removeAccountFromAclGroups(accountId);
- }
- }
- });
-
- _messageBus.subscribe(DomainManager.MESSAGE_ADD_DOMAIN_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long domainId = ((Long) obj);
- if (domainId != null) {
- s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
- Domain domain = _domainDao.findById(domainId);
- _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
- }
- }
- });
-
- _messageBus.subscribe(DomainManager.MESSAGE_REMOVE_DOMAIN_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long domainId = ((Long) obj);
- if (domainId != null) {
- s_logger.debug("MessageBus message: Domain removed: " + domainId + ", removing the domain group");
- Domain domain = _domainDao.findById(domainId);
- List<AclGroup> groups = listDomainGroup(domain);
- for (AclGroup group : groups) {
- _iamSrv.deleteAclGroup(group.getId());
- }
- }
- }
- });
-
- _messageBus.subscribe(TemplateManager.MESSAGE_REGISTER_PUBLIC_TEMPLATE_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long templateId = (Long)obj;
- if (templateId != null) {
- s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), AclEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), AclEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
- }
- }
- });
-
- _messageBus.subscribe(TemplateManager.MESSAGE_RESET_TEMPLATE_PERMISSION_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Long templateId = (Long)obj;
- if (templateId != null) {
- s_logger.debug("MessageBus message: reset template permission: " + templateId);
- resetTemplatePermission(templateId);
- }
- }
- });
-
- _messageBus.subscribe(EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Pair<AclEntityType, Long> entity = (Pair<AclEntityType, Long>)obj;
- if (entity != null) {
- String entityType = entity.first().toString();
- Long entityId = entity.second();
- s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
- _iamSrv.removeAclPermissionForEntity(entityType, entityId);
- }
- }
- });
-
-
- _messageBus.subscribe(EntityManager.MESSAGE_GRANT_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Map<String, Object> permit = (Map<String, Object>)obj;
- if (permit != null) {
- String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
- Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
- AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
- String action = (String)permit.get(ApiConstants.ACL_ACTION);
- List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
- s_logger.debug("MessageBus message: grant accounts permission to an entity: (" + entityType + "," + entityId + ")");
- grantEntityPermissioinToAccounts(entityType, entityId, accessType, action, acctIds);
- }
- }
- });
-
- _messageBus.subscribe(EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Map<String, Object> permit = (Map<String, Object>)obj;
- if (permit != null) {
- String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
- Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
- AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
- String action = (String)permit.get(ApiConstants.ACL_ACTION);
- List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
- s_logger.debug("MessageBus message: revoke from accounts permission to an entity: (" + entityType + "," + entityId + ")");
- revokeEntityPermissioinFromAccounts(entityType, entityId, accessType, action, acctIds);
- }
- }
- });
-
- _messageBus.subscribe(EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, new MessageSubscriber() {
- @Override
- public void onPublishMessage(String senderAddress, String subject, Object obj) {
- Map<String, Object> params = (Map<String, Object>) obj;
- if (params != null) {
- addDomainWideResourceAccess(params);
- }
- }
- });
-
- return super.configure(name, params);
- }
-
- private void addDomainWideResourceAccess(Map<String, Object> params) {
-
- AclEntityType entityType = (AclEntityType)params.get(ApiConstants.ENTITY_TYPE);
- Long entityId = (Long) params.get(ApiConstants.ENTITY_ID);
- Long domainId = (Long) params.get(ApiConstants.DOMAIN_ID);
- Boolean isRecursive = (Boolean) params.get(ApiConstants.SUBDOMAIN_ACCESS);
-
- if (entityType == AclEntityType.Network) {
- createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType.toString(),
- entityId, "listNetworks", AccessType.UseEntry, domainId, isRecursive);
- } else if (entityType == AclEntityType.AffinityGroup) {
- createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide affinityGroup", entityType.toString(),
- entityId, "listAffinityGroups", AccessType.UseEntry, domainId, isRecursive);
- }
-
- }
-
- private void createPolicyAndAddToDomainGroup(String policyName, String description, String entityType,
- Long entityId, String action, AccessType accessType, Long domainId, Boolean recursive) {
-
- Domain domain = _domainDao.findById(domainId);
- if (domain != null) {
- AclPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
- _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
- entityId, action, accessType.toString(), Permission.Allow, recursive);
- List<Long> policyList = new ArrayList<Long>();
- policyList.add(new Long(policy.getId()));
-
- List<AclGroup> domainGroups = listDomainGroup(domain);
- if (domainGroups != null) {
- for (AclGroup group : domainGroups) {
- _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
- }
- }
- }
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
- public AclGroup createAclGroup(Account caller, String aclGroupName, String description) {
- Long domainId = caller.getDomainId();
- Domain callerDomain = _domainDao.findById(domainId);
- if (callerDomain == null) {
- throw new InvalidParameterValueException("Caller does not have a domain");
- }
- return _iamSrv.createAclGroup(aclGroupName, description, callerDomain.getPath());
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_DELETE, eventDescription = "Deleting Acl Group")
- public boolean deleteAclGroup(final Long aclGroupId) {
- return _iamSrv.deleteAclGroup(aclGroupId);
- }
-
- @Override
- public List<AclGroup> listAclGroups(long accountId) {
- return _iamSrv.listAclGroups(accountId);
- }
-
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
- public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
- return _iamSrv.addAccountsToGroup(acctIds, groupId);
- }
-
-
- private void removeAccountFromAclGroups(long accountId) {
- List<AclGroup> groups = listAclGroups(accountId);
- List<Long> accts = new ArrayList<Long>();
- accts.add(accountId);
- if (groups != null) {
- for (AclGroup grp : groups) {
- removeAccountsFromGroup(accts, grp.getId());
- }
- }
- }
-
- private void addAccountToAclGroup(long accountId, long groupId) {
- List<Long> accts = new ArrayList<Long>();
- accts.add(accountId);
- addAccountsToGroup(accts, groupId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
- public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
- return _iamSrv.removeAccountsFromGroup(acctIds, groupId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_CREATE, eventDescription = "Creating Acl Policy", create = true)
- public AclPolicy createAclPolicy(Account caller, final String aclPolicyName, final String description, final Long parentPolicyId) {
- Long domainId = caller.getDomainId();
- Domain callerDomain = _domainDao.findById(domainId);
- if (callerDomain == null) {
- throw new InvalidParameterValueException("Caller does not have a domain");
- }
- return _iamSrv.createAclPolicy(aclPolicyName, description, parentPolicyId, callerDomain.getPath());
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_DELETE, eventDescription = "Deleting Acl Policy")
- public boolean deleteAclPolicy(final long aclPolicyId) {
- return _iamSrv.deleteAclPolicy(aclPolicyId);
- }
-
-
- @Override
- public List<AclPolicy> listAclPolicies(long accountId) {
- return _iamSrv.listAclPolicies(accountId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
- public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
- public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
- return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
- }
-
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
- public void attachAclPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
- public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
- _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_GRANT, eventDescription = "Granting acl permission to Acl Policy")
- public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope,
- Long scopeId, String action, Permission perm, Boolean recursive) {
- Class<?> cmdClass = _apiServer.getCmdClass(action);
- AccessType accessType = null;
- if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
- accessType = AccessType.UseEntry;
- }
- return _iamSrv.addAclPermissionToAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action,
- accessType.toString(), perm, recursive);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_REVOKE, eventDescription = "Revoking acl permission from Acl Policy")
- public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
- return _iamSrv.removeAclPermissionFromAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action);
- }
-
- @Override
- public AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action) {
- List<AclPolicy> policies = _iamSrv.listAclPolicies(accountId);
- AclPolicyPermission curPerm = null;
- for (AclPolicy policy : policies) {
- List<AclPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
- entityType);
- if (perms == null || perms.size() == 0)
- continue;
- AclPolicyPermission perm = perms.get(0); // just pick one
- if (curPerm == null) {
- curPerm = perm;
- } else if (PermissionScope.valueOf(perm.getScope()).greaterThan(PermissionScope.valueOf(curPerm.getScope()))) {
- // pick the more relaxed allowed permission
- curPerm = perm;
- }
- }
-
- return curPerm;
- }
-
-
- @Override
- public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
- AclPolicyResponse response = new AclPolicyResponse();
- response.setId(policy.getUuid());
- response.setName(policy.getName());
- response.setDescription(policy.getDescription());
- String domainPath = policy.getPath();
- if (domainPath != null) {
- DomainVO domain = _domainDao.findDomainByPath(domainPath);
- if (domain != null) {
- response.setDomainId(domain.getUuid());
- response.setDomainName(domain.getName());
- }
- }
- long accountId = policy.getAccountId();
- AccountVO owner = _accountDao.findById(accountId);
- if (owner != null) {
- response.setAccountName(owner.getAccountName());
- }
- // find permissions associated with this policy
- List<AclPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
- if (permissions != null && permissions.size() > 0) {
- for (AclPolicyPermission permission : permissions) {
- AclPermissionResponse perm = new AclPermissionResponse();
- perm.setAction(permission.getAction());
- if (permission.getEntityType() != null) {
- perm.setEntityType(AclEntityType.valueOf(permission.getEntityType()));
- }
- if (permission.getScope() != null) {
- perm.setScope(PermissionScope.valueOf(permission.getScope()));
- }
- perm.setScopeId(permission.getScopeId());
- perm.setPermission(permission.getPermission());
- response.addPermission(perm);
- }
- }
- response.setObjectName("aclpolicy");
- return response;
- }
-
- @Override
- public AclGroupResponse createAclGroupResponse(AclGroup group) {
- AclGroupResponse response = new AclGroupResponse();
- response.setId(group.getUuid());
- response.setName(group.getName());
- response.setDescription(group.getDescription());
- String domainPath = group.getPath();
- if (domainPath != null) {
- DomainVO domain = _domainDao.findDomainByPath(domainPath);
- if (domain != null) {
- response.setDomainId(domain.getUuid());
- response.setDomainName(domain.getName());
- }
- }
- long accountId = group.getAccountId();
- AccountVO owner = _accountDao.findById(accountId);
- if (owner != null) {
- response.setAccountName(owner.getAccountName());
- }
- // find all the members in this group
- List<Long> members = _iamSrv.listAccountsByGroup(group.getId());
- if (members != null && members.size() > 0) {
- for (Long member : members) {
- AccountVO mem = _accountDao.findById(member);
- if (mem != null) {
- response.addMemberAccount(mem.getAccountName());
- }
- }
- }
-
- // find all the policies attached to this group
- List<AclPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
- if (policies != null && policies.size() > 0) {
- for (AclPolicy policy : policies) {
- response.addPolicy(policy.getName());
- }
- }
-
- response.setObjectName("aclgroup");
- return response;
-
- }
-
- public List<AclGroup> listDomainGroup(Domain domain) {
-
- if (domain != null) {
- String domainPath = domain.getPath();
- // search for groups
- Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
- domainPath, null, null);
- return result.first();
- }
- return new ArrayList<AclGroup>();
-
- }
-
- @Override
- public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
- // acl check
- Account caller = CallContext.current().getCallingAccount();
-
- Domain domain = null;
- if (domainId != null) {
- domain = _domainDao.findById(domainId);
- if (domain == null) {
- throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
- }
-
- _accountMgr.checkAccess(caller, domain);
- } else {
- domain = _domainDao.findById(caller.getDomainId());
- }
- String domainPath = domain.getPath();
- // search for groups
- Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(aclGroupId, aclGroupName, domainPath, startIndex, pageSize);
- // generate group response
- ListResponse<AclGroupResponse> response = new ListResponse<AclGroupResponse>();
- List<AclGroupResponse> groupResponses = new ArrayList<AclGroupResponse>();
- for (AclGroup group : result.first()) {
- AclGroupResponse resp = createAclGroupResponse(group);
- groupResponses.add(resp);
- }
- response.setResponses(groupResponses, result.second());
- return response;
- }
-
- @Override
- public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
- Long pageSize) {
- // acl check
- Account caller = CallContext.current().getCallingAccount();
-
- Domain domain = null;
- if (domainId != null) {
- domain = _domainDao.findById(domainId);
- if (domain == null) {
- throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
- }
-
- _accountMgr.checkAccess(caller, domain);
- } else {
- domain = _domainDao.findById(caller.getDomainId());
- }
- String domainPath = domain.getPath();
- // search for policies
- Pair<List<AclPolicy>, Integer> result = _iamSrv.listAclPolicies(aclPolicyId, aclPolicyName, domainPath, startIndex, pageSize);
- // generate policy response
- ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
- List<AclPolicyResponse> policyResponses = new ArrayList<AclPolicyResponse>();
- for (AclPolicy policy : result.first()) {
- AclPolicyResponse resp = createAclPolicyResponse(policy);
- policyResponses.add(resp);
- }
- response.setResponses(policyResponses, result.second());
- return response;
- }
-
- @Override
- public void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
- // check if there is already a policy with only this permission added to it
- AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
- if (policy == null) {
- // not found, just create a policy with resource grant permission
- Account caller = CallContext.current().getCallingAccount();
- String aclPolicyName = "policyGrant" + entityType + entityId;
- String description = "Policy to grant permission to " + entityType + entityId;
- policy = createAclPolicy(caller, aclPolicyName, description, null);
- // add permission to this policy
- addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
- }
- // attach this policy to list of accounts if not attached already
- Long policyId = policy.getId();
- for (Long acctId : accountIds) {
- if (!isPolicyAttachedToAccount(policyId, acctId)) {
- attachAclPolicyToAccounts(policyId, Collections.singletonList(acctId));
- }
- }
- }
-
- @Override
- public void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
- // there should already a policy with only this permission added to it, this call is mainly used
- AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
- if (policy == null) {
- s_logger.warn("Cannot find a policy associated with this entity permissioin to be revoked, just return");
- return;
- }
- // detach this policy from list of accounts if not detached already
- Long policyId = policy.getId();
- for (Long acctId : accountIds) {
- if (isPolicyAttachedToAccount(policyId, acctId)) {
- removeAclPolicyFromAccounts(policyId, Collections.singletonList(acctId));
- }
- }
-
- }
-
- private boolean isPolicyAttachedToAccount(Long policyId, Long accountId) {
- List<AclPolicy> pList = listAclPolicies(accountId);
- for (AclPolicy p : pList) {
- if (p.getId() == policyId.longValue()) {
- return true;
- }
- }
- return false;
- }
-
- private void resetTemplatePermission(Long templateId){
- // reset template will change template to private, so we need to remove its permission for domain admin and normal user group
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), AclEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
- _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), AclEntityType.VirtualMachineTemplate.toString(),
- PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
- // check if there is a policy with only UseEntry permission for this template added
- AclPolicy policy = _iamSrv.getResourceGrantPolicy(AclEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
- if ( policy == null ){
- s_logger.info("No policy found for this template grant: " + templateId + ", no detach to be done");
- return;
- }
- // delete the policy, which should detach it from groups and accounts
- _iamSrv.deleteAclPolicy(policy.getId());
-
- }
-
- @Override
- public List<Class<?>> getCommands() {
- List<Class<?>> cmdList = new ArrayList<Class<?>>();
- cmdList.add(CreateAclPolicyCmd.class);
- cmdList.add(DeleteAclPolicyCmd.class);
- cmdList.add(ListAclPoliciesCmd.class);
- cmdList.add(AddAclPermissionToAclPolicyCmd.class);
- cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
- cmdList.add(AttachAclPolicyToAclGroupCmd.class);
- cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
- cmdList.add(CreateAclGroupCmd.class);
- cmdList.add(DeleteAclGroupCmd.class);
- cmdList.add(ListAclGroupsCmd.class);
- cmdList.add(AddAccountToAclGroupCmd.class);
- cmdList.add(RemoveAccountFromAclGroupCmd.class);
- cmdList.add(AttachAclPolicyToAccountCmd.class);
- cmdList.add(RemoveAclPolicyFromAccountCmd.class);
- return cmdList;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAccountToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAccountToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAccountToAclGroupCmd.java
deleted file mode 100644
index f951e5d..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAccountToAclGroupCmd.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclGroup;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAccountToAclGroup", description = "add account to an acl group", responseObject = AclGroupResponse.class)
-public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName());
- private static final String s_name = "addaccounttoaclgroupresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclApiSrv.addAccountsToGroup(accountIdList, id);
- if (result != null){
- AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding accounts to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAclPermissionToAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAclPermissionToAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAclPermissionToAclPolicyCmd.java
deleted file mode 100644
index 9b047fd..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AddAclPermissionToAclPolicyCmd.java
+++ /dev/null
@@ -1,151 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAclPermissionToAclPolicy", description = "Add Acl permission to an acl policy", responseObject = AclPolicyResponse.class)
-public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName());
- private static final String s_name = "addaclpermissiontoaclpolicyresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
- private String action;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
- required = false, description = "acl permission scope")
- private String scope;
-
- @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
- private Long scopeId;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public String getAction() {
- return action;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public String getScope() {
- return scope;
- }
-
- public Long getScopeId() {
- return scopeId;
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- // Only explicit ALLOW is supported for this release, no explicit deny
- AclPolicy result = _aclApiSrv.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope),
- scopeId, action, Permission.Allow, false);
- if (result != null) {
- AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl policy " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_POLICY_GRANT;
- }
-
- @Override
- public String getEventDescription() {
- return "granting permission to acl policy";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2ba6c05/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAccountCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAccountCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAccountCmd.java
deleted file mode 100644
index 2b0b0a9..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/acl/AttachAclPolicyToAccountCmd.java
+++ /dev/null
@@ -1,122 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.acl;
-
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "attachAclPolicyToAccount", description = "attach acl policy to accounts", responseObject = SuccessResponse.class)
-public class AttachAclPolicyToAccountCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAccountCmd.class.getName());
- private static final String s_name = "attachaclpolicytoaccountresponse";
-
- @Inject
- public AclApiService _aclApiSrv;
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
- required = true, description = "The ID of the acl policy")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that the policy will attach to.")
- private List<Long> accountIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getAccountIdList() {
- return accountIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl policy Id: " + getId());
- _aclApiSrv.attachAclPolicyToAccounts(id, accountIdList);
- SuccessResponse response = new SuccessResponse();
- response.setResponseName(getCommandName());
- setResponseObject(response);
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding acl policy to accounts";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.Account;
- }
-
-}
[10/50] [abbrv] iam/plugin: Rename Acl to IAM everywhere
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java
new file mode 100644
index 0000000..54408a6
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java
@@ -0,0 +1,28 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.server.IAMGroupVO;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface IAMGroupDao extends GenericDao<IAMGroupVO, Long> {
+
+ IAMGroup findByName(String path, String groupName);
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java
new file mode 100644
index 0000000..45be0b3
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java
@@ -0,0 +1,59 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.server.IAMGroupVO;
+import org.springframework.stereotype.Component;
+
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+@Component
+public class IAMGroupDaoImpl extends GenericDaoBase<IAMGroupVO, Long> implements IAMGroupDao {
+ private SearchBuilder<IAMGroupVO> nameSearch;
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ nameSearch = createSearchBuilder();
+ nameSearch.and("name", nameSearch.entity().getName(), SearchCriteria.Op.EQ);
+ nameSearch.and("path", nameSearch.entity().getPath(), SearchCriteria.Op.EQ);
+ nameSearch.done();
+
+
+ return true;
+ }
+
+ @Override
+ public IAMGroup findByName(String path, String name) {
+ SearchCriteria<IAMGroupVO> sc = nameSearch.create();
+ sc.setParameters("name", name);
+ if (path != null) {
+ sc.setParameters("path", path);
+ }
+ return findOneBy(sc);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java
new file mode 100644
index 0000000..6a2df89
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java
@@ -0,0 +1,16 @@
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+
+import org.apache.cloudstack.iam.server.IAMGroupPolicyMapVO;
+import com.cloud.utils.db.GenericDao;
+
+public interface IAMGroupPolicyMapDao extends GenericDao<IAMGroupPolicyMapVO, Long> {
+
+ List<IAMGroupPolicyMapVO> listByGroupId(long groupId);
+
+ List<IAMGroupPolicyMapVO> listByPolicyId(long policyId);
+
+ IAMGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId);
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java
new file mode 100644
index 0000000..95b6bac
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java
@@ -0,0 +1,61 @@
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.iam.server.IAMGroupPolicyMapVO;
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+public class IAMGroupPolicyMapDaoImpl extends GenericDaoBase<IAMGroupPolicyMapVO, Long> implements IAMGroupPolicyMapDao {
+
+ private SearchBuilder<IAMGroupPolicyMapVO> ListByGroupId;
+ private SearchBuilder<IAMGroupPolicyMapVO> ListByPolicyId;
+ private SearchBuilder<IAMGroupPolicyMapVO> findByPolicyGroupId;
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ ListByGroupId = createSearchBuilder();
+ ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
+ ListByGroupId.done();
+
+ ListByPolicyId = createSearchBuilder();
+ ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ ListByPolicyId.done();
+
+ findByPolicyGroupId = createSearchBuilder();
+ findByPolicyGroupId.and("policyId", findByPolicyGroupId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ findByPolicyGroupId.and("groupId", findByPolicyGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
+ findByPolicyGroupId.done();
+
+ return true;
+ }
+
+ @Override
+ public List<IAMGroupPolicyMapVO> listByGroupId(long groupId) {
+ SearchCriteria<IAMGroupPolicyMapVO> sc = ListByGroupId.create();
+ sc.setParameters("groupId", groupId);
+ return listBy(sc);
+ }
+
+ @Override
+ public List<IAMGroupPolicyMapVO> listByPolicyId(long policyId) {
+ SearchCriteria<IAMGroupPolicyMapVO> sc = ListByPolicyId.create();
+ sc.setParameters("policyId", policyId);
+ return listBy(sc);
+ }
+
+ @Override
+ public IAMGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId) {
+ SearchCriteria<IAMGroupPolicyMapVO> sc = findByPolicyGroupId.create();
+ sc.setParameters("policyId", policyId);
+ sc.setParameters("groupId", groupId);
+ return findOneBy(sc);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java
new file mode 100644
index 0000000..ace7d85
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java
@@ -0,0 +1,28 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.server.IAMPolicyVO;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface IAMPolicyDao extends GenericDao<IAMPolicyVO, Long> {
+
+ IAMPolicy findByName(String policyName);
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java
new file mode 100644
index 0000000..293cf6f
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java
@@ -0,0 +1,57 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.server.IAMPolicyVO;
+import org.springframework.stereotype.Component;
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+@Component
+public class IAMPolicyDaoImpl extends GenericDaoBase<IAMPolicyVO, Long> implements IAMPolicyDao {
+ private SearchBuilder<IAMPolicyVO> nameSearch;
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ nameSearch = createSearchBuilder();
+ nameSearch.and("name", nameSearch.entity().getName(), SearchCriteria.Op.EQ);
+ // nameSearch.and("domainId", nameSearch.entity().getDomainId(),
+ // SearchCriteria.Op.EQ);
+ nameSearch.done();
+
+
+ return true;
+ }
+
+ @Override
+ public IAMPolicy findByName(String name) {
+ SearchCriteria<IAMPolicyVO> sc = nameSearch.create();
+ sc.setParameters("name", name);
+
+ return findOneBy(sc);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java
new file mode 100644
index 0000000..cdcb02b
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java
@@ -0,0 +1,39 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+import java.util.List;
+
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+import org.apache.cloudstack.iam.server.IAMPolicyPermissionVO;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface IAMPolicyPermissionDao extends GenericDao<IAMPolicyPermissionVO, Long> {
+
+ List<IAMPolicyPermissionVO> listByPolicy(long policyId);
+
+ IAMPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId,
+ String action, Permission perm);
+
+ List<IAMPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope);
+
+ List<IAMPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType);
+
+ List<IAMPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType, String entityType);
+
+ List<IAMPolicyPermissionVO> listByEntity(String entityType, Long entityId);
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java
new file mode 100644
index 0000000..3f976cf
--- /dev/null
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java
@@ -0,0 +1,129 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam.server.dao;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+import org.apache.cloudstack.iam.server.IAMPolicyPermissionVO;
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+public class IAMPolicyPermissionDaoImpl extends GenericDaoBase<IAMPolicyPermissionVO, Long> implements
+ IAMPolicyPermissionDao {
+
+ private SearchBuilder<IAMPolicyPermissionVO> policyIdSearch;
+ private SearchBuilder<IAMPolicyPermissionVO> fullSearch;
+ private SearchBuilder<IAMPolicyPermissionVO> actionScopeSearch;
+ private SearchBuilder<IAMPolicyPermissionVO> entitySearch;
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ super.configure(name, params);
+
+ policyIdSearch = createSearchBuilder();
+ policyIdSearch.and("policyId", policyIdSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ policyIdSearch.done();
+
+ fullSearch = createSearchBuilder();
+ fullSearch.and("policyId", fullSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ fullSearch.and("entityType", fullSearch.entity().getEntityType(), SearchCriteria.Op.EQ);
+ fullSearch.and("scope", fullSearch.entity().getScope(), SearchCriteria.Op.EQ);
+ fullSearch.and("scopeId", fullSearch.entity().getScopeId(), SearchCriteria.Op.EQ);
+ fullSearch.and("action", fullSearch.entity().getAction(), SearchCriteria.Op.EQ);
+ fullSearch.and("permission", fullSearch.entity().getPermission(), SearchCriteria.Op.EQ);
+ fullSearch.and("accessType", fullSearch.entity().getAccessType(), SearchCriteria.Op.EQ);
+ fullSearch.done();
+
+ actionScopeSearch = createSearchBuilder();
+ actionScopeSearch.and("policyId", actionScopeSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+ actionScopeSearch.and("scope", actionScopeSearch.entity().getScope(), SearchCriteria.Op.EQ);
+ actionScopeSearch.and("action", actionScopeSearch.entity().getAction(), SearchCriteria.Op.EQ);
+ actionScopeSearch.and("permission", actionScopeSearch.entity().getPermission(), SearchCriteria.Op.EQ);
+ actionScopeSearch.done();
+
+ entitySearch = createSearchBuilder();
+ entitySearch.and("entityType", entitySearch.entity().getEntityType(), SearchCriteria.Op.EQ);
+ entitySearch.and("scopeId", entitySearch.entity().getScopeId(), SearchCriteria.Op.EQ);
+ entitySearch.done();
+
+ return true;
+ }
+
+ @Override
+ public List<IAMPolicyPermissionVO> listByPolicy(long policyId) {
+ SearchCriteria<IAMPolicyPermissionVO> sc = policyIdSearch.create();
+ sc.setParameters("policyId", policyId);
+ return listBy(sc);
+ }
+
+ @Override
+ public IAMPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId,
+ String action, Permission perm) {
+ SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create();
+ sc.setParameters("policyId", policyId);
+ sc.setParameters("entityType", entityType);
+ sc.setParameters("scope", scope);
+ sc.setParameters("scopeId", scopeId);
+ sc.setParameters("action", action);
+ sc.setParameters("permission", perm);
+ return findOneBy(sc);
+ }
+
+ @Override
+ public List<IAMPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope) {
+ SearchCriteria<IAMPolicyPermissionVO> sc = actionScopeSearch.create();
+ sc.setParameters("policyId", policyId);
+ sc.setParameters("action", action);
+ sc.setParameters("scope", scope);
+ sc.setParameters("permission", Permission.Allow);
+ return listBy(sc);
+ }
+
+ @Override
+ public List<IAMPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType) {
+ SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create();
+ sc.setParameters("policyId", policyId);
+ sc.setParameters("entityType", entityType);
+ sc.setParameters("action", action);
+ return listBy(sc);
+ }
+
+ @Override
+ public List<IAMPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType,
+ String entityType) {
+ SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create();
+ sc.setParameters("policyId", policyId);
+ sc.setParameters("entityType", entityType);
+ sc.setParameters("accessType", accessType);
+ return listBy(sc);
+ }
+
+ @Override
+ public List<IAMPolicyPermissionVO> listByEntity(String entityType, Long entityId) {
+ SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create();
+ sc.setParameters("entityType", entityType);
+ sc.setParameters("scopeId", entityId);
+ return listBy(sc);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
----------------------------------------------------------------------
diff --git a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
index 01eab61..8760199 100644
--- a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
+++ b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
@@ -45,18 +45,18 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.support.AnnotationConfigContextLoader;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
import org.apache.cloudstack.iam.api.IAMService;
-import org.apache.cloudstack.iam.server.AclGroupVO;
-import org.apache.cloudstack.iam.server.AclPolicyVO;
+import org.apache.cloudstack.iam.server.IAMGroupVO;
+import org.apache.cloudstack.iam.server.IAMPolicyVO;
import org.apache.cloudstack.iam.server.IAMServiceImpl;
-import org.apache.cloudstack.iam.server.dao.AclAccountPolicyMapDao;
-import org.apache.cloudstack.iam.server.dao.AclGroupAccountMapDao;
-import org.apache.cloudstack.iam.server.dao.AclGroupDao;
-import org.apache.cloudstack.iam.server.dao.AclGroupPolicyMapDao;
-import org.apache.cloudstack.iam.server.dao.AclPolicyDao;
-import org.apache.cloudstack.iam.server.dao.AclPolicyPermissionDao;
+import org.apache.cloudstack.iam.server.dao.IAMAccountPolicyMapDao;
+import org.apache.cloudstack.iam.server.dao.IAMGroupAccountMapDao;
+import org.apache.cloudstack.iam.server.dao.IAMGroupDao;
+import org.apache.cloudstack.iam.server.dao.IAMGroupPolicyMapDao;
+import org.apache.cloudstack.iam.server.dao.IAMPolicyDao;
+import org.apache.cloudstack.iam.server.dao.IAMPolicyPermissionDao;
import org.apache.cloudstack.test.utils.SpringUtils;
import com.cloud.exception.InvalidParameterValueException;
@@ -72,22 +72,22 @@ public class IAMServiceUnitTest {
IAMService _iamService;
@Inject
- AclPolicyDao _aclPolicyDao;
+ IAMPolicyDao _aclPolicyDao;
@Inject
- AclGroupDao _aclGroupDao;
+ IAMGroupDao _aclGroupDao;
@Inject
EntityManager _entityMgr;
@Inject
- AclGroupPolicyMapDao _aclGroupPolicyMapDao;
+ IAMGroupPolicyMapDao _aclGroupPolicyMapDao;
@Inject
- AclGroupAccountMapDao _aclGroupAccountMapDao;
+ IAMGroupAccountMapDao _aclGroupAccountMapDao;
@Inject
- AclPolicyPermissionDao _policyPermissionDao;
+ IAMPolicyPermissionDao _policyPermissionDao;
@BeforeClass
public static void setUpClass() throws ConfigurationException {
@@ -96,15 +96,15 @@ public class IAMServiceUnitTest {
@Before
public void setUp() {
ComponentContext.initComponentsLifeCycle();
- AclGroupVO group = new AclGroupVO("group1", "my first group");
- Mockito.when(_aclGroupDao.persist(Mockito.any(AclGroupVO.class))).thenReturn(group);
- List<AclGroupVO> groups = new ArrayList<AclGroupVO>();
+ IAMGroupVO group = new IAMGroupVO("group1", "my first group");
+ Mockito.when(_aclGroupDao.persist(Mockito.any(IAMGroupVO.class))).thenReturn(group);
+ List<IAMGroupVO> groups = new ArrayList<IAMGroupVO>();
groups.add(group);
when(_aclGroupDao.search(Mockito.any(SearchCriteria.class), Mockito.any(com.cloud.utils.db.Filter.class)))
.thenReturn(groups);
- AclPolicyVO policy = new AclPolicyVO("policy1", "my first policy");
- Mockito.when(_aclPolicyDao.persist(Mockito.any(AclPolicyVO.class))).thenReturn(policy);
+ IAMPolicyVO policy = new IAMPolicyVO("policy1", "my first policy");
+ Mockito.when(_aclPolicyDao.persist(Mockito.any(IAMPolicyVO.class))).thenReturn(policy);
}
@@ -114,13 +114,13 @@ public class IAMServiceUnitTest {
@Test(expected = InvalidParameterValueException.class)
public void createAclGroupTest() {
- AclGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
+ IAMGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
assertNotNull("Acl group 'group1' failed to create ", group);
- AclGroupVO group2 = new AclGroupVO("group1", "my second group");
+ IAMGroupVO group2 = new IAMGroupVO("group1", "my second group");
when(_aclGroupDao.findByName(eq("/root/mydomain"), eq("group1"))).thenReturn(group2);
- AclGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
+ IAMGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
}
@Test(expected = InvalidParameterValueException.class)
@@ -132,7 +132,7 @@ public class IAMServiceUnitTest {
@Test
public void accountGroupMaptest() {
// create group
- AclGroupVO group = new AclGroupVO("group1", "my first group");
+ IAMGroupVO group = new IAMGroupVO("group1", "my first group");
// add account to group
List<Long> accountIds = new ArrayList<Long>();
@@ -145,10 +145,10 @@ public class IAMServiceUnitTest {
@Test(expected = InvalidParameterValueException.class)
public void createAclPolicyTest() {
- AclPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain");
+ IAMPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain");
assertNotNull("Acl policy 'policy1' failed to create ", policy);
- AclPolicyVO rvo = new AclPolicyVO("policy2", "second policy");
+ IAMPolicyVO rvo = new IAMPolicyVO("policy2", "second policy");
when(_aclPolicyDao.findByName(eq("policy2"))).thenReturn(rvo);
_iamService.createAclPolicy("policy2", "second policy", null, "/root/mydomain");
@@ -165,13 +165,13 @@ public class IAMServiceUnitTest {
public static class TestConfiguration extends SpringUtils.CloudStackTestConfiguration {
@Bean
- public AclPolicyDao aclPolicyDao() {
- return Mockito.mock(AclPolicyDao.class);
+ public IAMPolicyDao aclPolicyDao() {
+ return Mockito.mock(IAMPolicyDao.class);
}
@Bean
- public AclGroupDao aclGroupDao() {
- return Mockito.mock(AclGroupDao.class);
+ public IAMGroupDao aclGroupDao() {
+ return Mockito.mock(IAMGroupDao.class);
}
@Bean
@@ -180,23 +180,23 @@ public class IAMServiceUnitTest {
}
@Bean
- public AclGroupPolicyMapDao aclGroupPolicyMapDao() {
- return Mockito.mock(AclGroupPolicyMapDao.class);
+ public IAMGroupPolicyMapDao aclGroupPolicyMapDao() {
+ return Mockito.mock(IAMGroupPolicyMapDao.class);
}
@Bean
- public AclGroupAccountMapDao aclGroupAccountMapDao() {
- return Mockito.mock(AclGroupAccountMapDao.class);
+ public IAMGroupAccountMapDao aclGroupAccountMapDao() {
+ return Mockito.mock(IAMGroupAccountMapDao.class);
}
@Bean
- public AclAccountPolicyMapDao aclAccountPolicyMapDao() {
- return Mockito.mock(AclAccountPolicyMapDao.class);
+ public IAMAccountPolicyMapDao aclAccountPolicyMapDao() {
+ return Mockito.mock(IAMAccountPolicyMapDao.class);
}
@Bean
- public AclPolicyPermissionDao aclPolicyPermissionDao() {
- return Mockito.mock(AclPolicyPermissionDao.class);
+ public IAMPolicyPermissionDao aclPolicyPermissionDao() {
+ return Mockito.mock(IAMPolicyPermissionDao.class);
}
public static class Library implements TypeFilter {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/setup/db/db/schema-430to440.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-430to440.sql b/setup/db/db/schema-430to440.sql
index 4ce7ba9..917a954 100644
--- a/setup/db/db/schema-430to440.sql
+++ b/setup/db/db/schema-430to440.sql
@@ -447,7 +447,7 @@ CREATE VIEW `cloud`.`user_vm_view` AS
`cloud`.`user_vm_details` `custom_ram_size` ON (((`custom_ram_size`.`vm_id` = `cloud`.`vm_instance`.`id`) and (`custom_ram_size`.`name` = 'memory')));
-- ACL DB schema
-CREATE TABLE `cloud`.`acl_group` (
+CREATE TABLE `cloud`.`iam_group` (
`id` bigint unsigned NOT NULL UNIQUE auto_increment,
`name` varchar(255) NOT NULL,
`description` varchar(255) default NULL,
@@ -458,23 +458,23 @@ CREATE TABLE `cloud`.`acl_group` (
`removed` datetime COMMENT 'date the group was removed',
`created` datetime COMMENT 'date the group was created',
PRIMARY KEY (`id`),
- INDEX `i_acl_group__removed`(`removed`),
- CONSTRAINT `uc_acl_group__uuid` UNIQUE (`uuid`)
+ INDEX `i_iam_group__removed`(`removed`),
+ CONSTRAINT `uc_iam_group__uuid` UNIQUE (`uuid`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`acl_group_account_map` (
+CREATE TABLE `cloud`.`iam_group_account_map` (
`id` bigint unsigned NOT NULL auto_increment,
`group_id` bigint unsigned NOT NULL,
`account_id` bigint unsigned NOT NULL,
`removed` datetime COMMENT 'date the account was removed from the group',
`created` datetime COMMENT 'date the account was assigned to the group',
PRIMARY KEY (`id`),
- CONSTRAINT `fk_acl_group_vm_map__group_id` FOREIGN KEY(`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE,
- CONSTRAINT `fk_acl_group_vm_map__account_id` FOREIGN KEY(`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE
+ CONSTRAINT `fk_iam_group_vm_map__group_id` FOREIGN KEY(`group_id`) REFERENCES `iam_group` (`id`) ON DELETE CASCADE,
+ CONSTRAINT `fk_iam_group_vm_map__account_id` FOREIGN KEY(`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`acl_policy` (
+CREATE TABLE `cloud`.`iam_policy` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(255) NOT NULL,
`description` varchar(255) DEFAULT NULL,
@@ -486,37 +486,37 @@ CREATE TABLE `cloud`.`acl_policy` (
`policy_type` varchar(64) DEFAULT 'Static' COMMENT 'Static or Dynamic',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`),
- UNIQUE KEY `uc_acl_policy__uuid` (`uuid`),
- KEY `i_acl_policy__removed` (`removed`)
+ UNIQUE KEY `uc_iam_policy__uuid` (`uuid`),
+ KEY `i_iam_policy__removed` (`removed`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`acl_group_policy_map` (
+CREATE TABLE `cloud`.`iam_group_policy_map` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`group_id` bigint(20) unsigned NOT NULL,
`policy_id` bigint(20) unsigned NOT NULL,
`removed` datetime DEFAULT NULL COMMENT 'date the policy was revoked from the group',
`created` datetime DEFAULT NULL COMMENT 'date the policy was attached to the group',
PRIMARY KEY (`id`),
- KEY `fk_acl_group_policy_map__group_id` (`group_id`),
- KEY `fk_acl_group_policy_map__policy_id` (`policy_id`),
- CONSTRAINT `fk_acl_group_policy_map__group_id` FOREIGN KEY (`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE,
- CONSTRAINT `fk_acl_group_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE
+ KEY `fk_iam_group_policy_map__group_id` (`group_id`),
+ KEY `fk_iam_group_policy_map__policy_id` (`policy_id`),
+ CONSTRAINT `fk_iam_group_policy_map__group_id` FOREIGN KEY (`group_id`) REFERENCES `iam_group` (`id`) ON DELETE CASCADE,
+ CONSTRAINT `fk_iam_group_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_policy` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`acl_account_policy_map` (
+CREATE TABLE `cloud`.`iam_account_policy_map` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`account_id` bigint(20) unsigned NOT NULL,
`policy_id` bigint(20) unsigned NOT NULL,
`removed` datetime DEFAULT NULL COMMENT 'date the policy was revoked from the account',
`created` datetime DEFAULT NULL COMMENT 'date the policy was attached to the account',
PRIMARY KEY (`id`),
- KEY `fk_acl_account_policy_map__account_id` (`account_id`),
- KEY `fk_acl_account_policy_map__policy_id` (`policy_id`),
- CONSTRAINT `fk_acl_account_policy_map__account_id` FOREIGN KEY (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE,
- CONSTRAINT `fk_acl_account_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE
+ KEY `fk_iam_account_policy_map__account_id` (`account_id`),
+ KEY `fk_iam_account_policy_map__policy_id` (`policy_id`),
+ CONSTRAINT `fk_iam_account_policy_map__account_id` FOREIGN KEY (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE,
+ CONSTRAINT `fk_iam_account_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_policy` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`acl_policy_permission` (
+CREATE TABLE `cloud`.`iam_policy_permission` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`policy_id` bigint(20) unsigned NOT NULL,
`action` varchar(100) NOT NULL,
@@ -530,30 +530,30 @@ CREATE TABLE `cloud`.`acl_policy_permission` (
`created` datetime DEFAULT NULL COMMENT 'date the permission was granted',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`),
- KEY `fk_acl_policy_permission__policy_id` (`policy_id`),
- CONSTRAINT `fk_acl_policy_permission__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE
+ KEY `fk_iam_policy_permission__policy_id` (`policy_id`),
+ CONSTRAINT `fk_iam_policy_permission__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_policy` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (1, 'NORMAL', 'Domain user role', UUID(), '/', 1, Now(), 'Static');
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (2, 'ADMIN', 'Root admin role', UUID(), '/', 1, Now(), 'Static');
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin role', UUID(), '/', 1, Now(), 'Static');
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin role', UUID(), '/', 1, Now(), 'Static');
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin role', UUID(), '/', 1, Now(), 'Static');
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (6, 'RESOURCE_OWNER', 'Resource owner role', UUID(), '/', 1, Now(), 'Dynamic');
+INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (1, 'NORMAL', 'Domain user role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (2, 'ADMIN', 'Root admin role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin role', UUID(), '/', 1, Now(), 'Static');
+INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (6, 'RESOURCE_OWNER', 'Resource owner role', UUID(), '/', 1, Now(), 'Dynamic');
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (1, 'NORMAL', 'Domain user group', UUID(), '/', 1, Now());
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (2, 'ADMIN', 'Root admin group', UUID(), '/', 1, Now());
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin group', UUID(), '/', 1, Now());
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin group', UUID(), '/', 1, Now());
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (1, 'NORMAL', 'Domain user group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (2, 'ADMIN', 'Root admin group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin group', UUID(), '/', 1, Now());
+INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin group', UUID(), '/', 1, Now());
-INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(1, 1, Now());
-INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(2, 2, Now());
-INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(3, 3, Now());
-INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(4, 4, Now());
-INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(5, 5, Now());
+INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(1, 1, Now());
+INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(2, 2, Now());
+INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(3, 3, Now());
+INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(4, 4, Now());
+INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(5, 5, Now());
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('NetworkManager', 'DEFAULT', 'management-server', 'vm.network.nic.max.secondary.ipaddresses', NULL, 'Specify the number of secondary ip addresses per nic per vm', '256') ON DUPLICATE KEY UPDATE category='NetworkManager';