http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java new file mode 100644 index 0000000..54408a6 --- /dev/null +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDao.java @@ -0,0 +1,28 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package org.apache.cloudstack.iam.server.dao; + +import org.apache.cloudstack.iam.api.IAMGroup; +import org.apache.cloudstack.iam.server.IAMGroupVO; + +import com.cloud.utils.db.GenericDao; + +public interface IAMGroupDao extends GenericDao<IAMGroupVO, Long> { + + IAMGroup findByName(String path, String groupName); + +}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java new file mode 100644 index 0000000..45be0b3 --- /dev/null +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupDaoImpl.java @@ -0,0 +1,59 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package org.apache.cloudstack.iam.server.dao; + +import java.util.Map; + +import javax.naming.ConfigurationException; + +import org.apache.cloudstack.iam.api.IAMGroup; +import org.apache.cloudstack.iam.server.IAMGroupVO; +import org.springframework.stereotype.Component; + + +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; + +@Component +public class IAMGroupDaoImpl extends GenericDaoBase<IAMGroupVO, Long> implements IAMGroupDao { + private SearchBuilder<IAMGroupVO> nameSearch; + + @Override + public boolean configure(String name, Map<String, Object> params) throws ConfigurationException { + super.configure(name, params); + + nameSearch = createSearchBuilder(); + nameSearch.and("name", nameSearch.entity().getName(), SearchCriteria.Op.EQ); + nameSearch.and("path", nameSearch.entity().getPath(), SearchCriteria.Op.EQ); + nameSearch.done(); + + + return true; + } + + @Override + public IAMGroup findByName(String path, String name) { + SearchCriteria<IAMGroupVO> sc = nameSearch.create(); + sc.setParameters("name", name); + if (path != null) { + sc.setParameters("path", path); + } + return findOneBy(sc); + } + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java new file mode 100644 index 0000000..6a2df89 --- /dev/null +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDao.java @@ -0,0 +1,16 @@ +package org.apache.cloudstack.iam.server.dao; + +import java.util.List; + +import org.apache.cloudstack.iam.server.IAMGroupPolicyMapVO; +import com.cloud.utils.db.GenericDao; + +public interface IAMGroupPolicyMapDao extends GenericDao<IAMGroupPolicyMapVO, Long> { + + List<IAMGroupPolicyMapVO> listByGroupId(long groupId); + + List<IAMGroupPolicyMapVO> listByPolicyId(long policyId); + + IAMGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId); + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java new file mode 100644 index 0000000..95b6bac --- /dev/null +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMGroupPolicyMapDaoImpl.java @@ -0,0 +1,61 @@ +package org.apache.cloudstack.iam.server.dao; + +import java.util.List; +import java.util.Map; + +import javax.naming.ConfigurationException; + +import org.apache.cloudstack.iam.server.IAMGroupPolicyMapVO; + +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; + +public class IAMGroupPolicyMapDaoImpl extends GenericDaoBase<IAMGroupPolicyMapVO, Long> implements IAMGroupPolicyMapDao { + + private SearchBuilder<IAMGroupPolicyMapVO> ListByGroupId; + private SearchBuilder<IAMGroupPolicyMapVO> ListByPolicyId; + private SearchBuilder<IAMGroupPolicyMapVO> findByPolicyGroupId; + + @Override + public boolean configure(String name, Map<String, Object> params) throws ConfigurationException { + super.configure(name, params); + + ListByGroupId = createSearchBuilder(); + ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ); + ListByGroupId.done(); + + ListByPolicyId = createSearchBuilder(); + ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ); + ListByPolicyId.done(); + + findByPolicyGroupId = createSearchBuilder(); + findByPolicyGroupId.and("policyId", findByPolicyGroupId.entity().getAclPolicyId(), SearchCriteria.Op.EQ); + findByPolicyGroupId.and("groupId", findByPolicyGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ); + findByPolicyGroupId.done(); + + return true; + } + + @Override + public List<IAMGroupPolicyMapVO> listByGroupId(long groupId) { + SearchCriteria<IAMGroupPolicyMapVO> sc = ListByGroupId.create(); + sc.setParameters("groupId", groupId); + return listBy(sc); + } + + @Override + public List<IAMGroupPolicyMapVO> listByPolicyId(long policyId) { + SearchCriteria<IAMGroupPolicyMapVO> sc = ListByPolicyId.create(); + sc.setParameters("policyId", policyId); + return listBy(sc); + } + + @Override + public IAMGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId) { + SearchCriteria<IAMGroupPolicyMapVO> sc = findByPolicyGroupId.create(); + sc.setParameters("policyId", policyId); + sc.setParameters("groupId", groupId); + return findOneBy(sc); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java new file mode 100644 index 0000000..ace7d85 --- /dev/null +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDao.java @@ -0,0 +1,28 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package org.apache.cloudstack.iam.server.dao; + +import org.apache.cloudstack.iam.api.IAMPolicy; +import org.apache.cloudstack.iam.server.IAMPolicyVO; + +import com.cloud.utils.db.GenericDao; + +public interface IAMPolicyDao extends GenericDao<IAMPolicyVO, Long> { + + IAMPolicy findByName(String policyName); + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java new file mode 100644 index 0000000..293cf6f --- /dev/null +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyDaoImpl.java @@ -0,0 +1,57 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package org.apache.cloudstack.iam.server.dao; + +import java.util.Map; + +import javax.naming.ConfigurationException; + +import org.apache.cloudstack.iam.api.IAMPolicy; +import org.apache.cloudstack.iam.server.IAMPolicyVO; +import org.springframework.stereotype.Component; + +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; + +@Component +public class IAMPolicyDaoImpl extends GenericDaoBase<IAMPolicyVO, Long> implements IAMPolicyDao { + private SearchBuilder<IAMPolicyVO> nameSearch; + + @Override + public boolean configure(String name, Map<String, Object> params) throws ConfigurationException { + super.configure(name, params); + + nameSearch = createSearchBuilder(); + nameSearch.and("name", nameSearch.entity().getName(), SearchCriteria.Op.EQ); + // nameSearch.and("domainId", nameSearch.entity().getDomainId(), + // SearchCriteria.Op.EQ); + nameSearch.done(); + + + return true; + } + + @Override + public IAMPolicy findByName(String name) { + SearchCriteria<IAMPolicyVO> sc = nameSearch.create(); + sc.setParameters("name", name); + + return findOneBy(sc); + } + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java new file mode 100644 index 0000000..cdcb02b --- /dev/null +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDao.java @@ -0,0 +1,39 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package org.apache.cloudstack.iam.server.dao; +import java.util.List; + +import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission; +import org.apache.cloudstack.iam.server.IAMPolicyPermissionVO; + +import com.cloud.utils.db.GenericDao; + +public interface IAMPolicyPermissionDao extends GenericDao<IAMPolicyPermissionVO, Long> { + + List<IAMPolicyPermissionVO> listByPolicy(long policyId); + + IAMPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId, + String action, Permission perm); + + List<IAMPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope); + + List<IAMPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType); + + List<IAMPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType, String entityType); + + List<IAMPolicyPermissionVO> listByEntity(String entityType, Long entityId); +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java new file mode 100644 index 0000000..3f976cf --- /dev/null +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMPolicyPermissionDaoImpl.java @@ -0,0 +1,129 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package org.apache.cloudstack.iam.server.dao; + +import java.util.List; +import java.util.Map; + +import javax.naming.ConfigurationException; + +import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission; +import org.apache.cloudstack.iam.server.IAMPolicyPermissionVO; + +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; + +public class IAMPolicyPermissionDaoImpl extends GenericDaoBase<IAMPolicyPermissionVO, Long> implements + IAMPolicyPermissionDao { + + private SearchBuilder<IAMPolicyPermissionVO> policyIdSearch; + private SearchBuilder<IAMPolicyPermissionVO> fullSearch; + private SearchBuilder<IAMPolicyPermissionVO> actionScopeSearch; + private SearchBuilder<IAMPolicyPermissionVO> entitySearch; + + @Override + public boolean configure(String name, Map<String, Object> params) throws ConfigurationException { + super.configure(name, params); + + policyIdSearch = createSearchBuilder(); + policyIdSearch.and("policyId", policyIdSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ); + policyIdSearch.done(); + + fullSearch = createSearchBuilder(); + fullSearch.and("policyId", fullSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ); + fullSearch.and("entityType", fullSearch.entity().getEntityType(), SearchCriteria.Op.EQ); + fullSearch.and("scope", fullSearch.entity().getScope(), SearchCriteria.Op.EQ); + fullSearch.and("scopeId", fullSearch.entity().getScopeId(), SearchCriteria.Op.EQ); + fullSearch.and("action", fullSearch.entity().getAction(), SearchCriteria.Op.EQ); + fullSearch.and("permission", fullSearch.entity().getPermission(), SearchCriteria.Op.EQ); + fullSearch.and("accessType", fullSearch.entity().getAccessType(), SearchCriteria.Op.EQ); + fullSearch.done(); + + actionScopeSearch = createSearchBuilder(); + actionScopeSearch.and("policyId", actionScopeSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ); + actionScopeSearch.and("scope", actionScopeSearch.entity().getScope(), SearchCriteria.Op.EQ); + actionScopeSearch.and("action", actionScopeSearch.entity().getAction(), SearchCriteria.Op.EQ); + actionScopeSearch.and("permission", actionScopeSearch.entity().getPermission(), SearchCriteria.Op.EQ); + actionScopeSearch.done(); + + entitySearch = createSearchBuilder(); + entitySearch.and("entityType", entitySearch.entity().getEntityType(), SearchCriteria.Op.EQ); + entitySearch.and("scopeId", entitySearch.entity().getScopeId(), SearchCriteria.Op.EQ); + entitySearch.done(); + + return true; + } + + @Override + public List<IAMPolicyPermissionVO> listByPolicy(long policyId) { + SearchCriteria<IAMPolicyPermissionVO> sc = policyIdSearch.create(); + sc.setParameters("policyId", policyId); + return listBy(sc); + } + + @Override + public IAMPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, String scope, Long scopeId, + String action, Permission perm) { + SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create(); + sc.setParameters("policyId", policyId); + sc.setParameters("entityType", entityType); + sc.setParameters("scope", scope); + sc.setParameters("scopeId", scopeId); + sc.setParameters("action", action); + sc.setParameters("permission", perm); + return findOneBy(sc); + } + + @Override + public List<IAMPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, String scope) { + SearchCriteria<IAMPolicyPermissionVO> sc = actionScopeSearch.create(); + sc.setParameters("policyId", policyId); + sc.setParameters("action", action); + sc.setParameters("scope", scope); + sc.setParameters("permission", Permission.Allow); + return listBy(sc); + } + + @Override + public List<IAMPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType) { + SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create(); + sc.setParameters("policyId", policyId); + sc.setParameters("entityType", entityType); + sc.setParameters("action", action); + return listBy(sc); + } + + @Override + public List<IAMPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType, + String entityType) { + SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create(); + sc.setParameters("policyId", policyId); + sc.setParameters("entityType", entityType); + sc.setParameters("accessType", accessType); + return listBy(sc); + } + + @Override + public List<IAMPolicyPermissionVO> listByEntity(String entityType, Long entityId) { + SearchCriteria<IAMPolicyPermissionVO> sc = fullSearch.create(); + sc.setParameters("entityType", entityType); + sc.setParameters("scopeId", entityId); + return listBy(sc); + } + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java ---------------------------------------------------------------------- diff --git a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java index 01eab61..8760199 100644 --- a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java +++ b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java @@ -45,18 +45,18 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.support.AnnotationConfigContextLoader; -import org.apache.cloudstack.iam.api.AclGroup; -import org.apache.cloudstack.iam.api.AclPolicy; +import org.apache.cloudstack.iam.api.IAMGroup; +import org.apache.cloudstack.iam.api.IAMPolicy; import org.apache.cloudstack.iam.api.IAMService; -import org.apache.cloudstack.iam.server.AclGroupVO; -import org.apache.cloudstack.iam.server.AclPolicyVO; +import org.apache.cloudstack.iam.server.IAMGroupVO; +import org.apache.cloudstack.iam.server.IAMPolicyVO; import org.apache.cloudstack.iam.server.IAMServiceImpl; -import org.apache.cloudstack.iam.server.dao.AclAccountPolicyMapDao; -import org.apache.cloudstack.iam.server.dao.AclGroupAccountMapDao; -import org.apache.cloudstack.iam.server.dao.AclGroupDao; -import org.apache.cloudstack.iam.server.dao.AclGroupPolicyMapDao; -import org.apache.cloudstack.iam.server.dao.AclPolicyDao; -import org.apache.cloudstack.iam.server.dao.AclPolicyPermissionDao; +import org.apache.cloudstack.iam.server.dao.IAMAccountPolicyMapDao; +import org.apache.cloudstack.iam.server.dao.IAMGroupAccountMapDao; +import org.apache.cloudstack.iam.server.dao.IAMGroupDao; +import org.apache.cloudstack.iam.server.dao.IAMGroupPolicyMapDao; +import org.apache.cloudstack.iam.server.dao.IAMPolicyDao; +import org.apache.cloudstack.iam.server.dao.IAMPolicyPermissionDao; import org.apache.cloudstack.test.utils.SpringUtils; import com.cloud.exception.InvalidParameterValueException; @@ -72,22 +72,22 @@ public class IAMServiceUnitTest { IAMService _iamService; @Inject - AclPolicyDao _aclPolicyDao; + IAMPolicyDao _aclPolicyDao; @Inject - AclGroupDao _aclGroupDao; + IAMGroupDao _aclGroupDao; @Inject EntityManager _entityMgr; @Inject - AclGroupPolicyMapDao _aclGroupPolicyMapDao; + IAMGroupPolicyMapDao _aclGroupPolicyMapDao; @Inject - AclGroupAccountMapDao _aclGroupAccountMapDao; + IAMGroupAccountMapDao _aclGroupAccountMapDao; @Inject - AclPolicyPermissionDao _policyPermissionDao; + IAMPolicyPermissionDao _policyPermissionDao; @BeforeClass public static void setUpClass() throws ConfigurationException { @@ -96,15 +96,15 @@ public class IAMServiceUnitTest { @Before public void setUp() { ComponentContext.initComponentsLifeCycle(); - AclGroupVO group = new AclGroupVO("group1", "my first group"); - Mockito.when(_aclGroupDao.persist(Mockito.any(AclGroupVO.class))).thenReturn(group); - List<AclGroupVO> groups = new ArrayList<AclGroupVO>(); + IAMGroupVO group = new IAMGroupVO("group1", "my first group"); + Mockito.when(_aclGroupDao.persist(Mockito.any(IAMGroupVO.class))).thenReturn(group); + List<IAMGroupVO> groups = new ArrayList<IAMGroupVO>(); groups.add(group); when(_aclGroupDao.search(Mockito.any(SearchCriteria.class), Mockito.any(com.cloud.utils.db.Filter.class))) .thenReturn(groups); - AclPolicyVO policy = new AclPolicyVO("policy1", "my first policy"); - Mockito.when(_aclPolicyDao.persist(Mockito.any(AclPolicyVO.class))).thenReturn(policy); + IAMPolicyVO policy = new IAMPolicyVO("policy1", "my first policy"); + Mockito.when(_aclPolicyDao.persist(Mockito.any(IAMPolicyVO.class))).thenReturn(policy); } @@ -114,13 +114,13 @@ public class IAMServiceUnitTest { @Test(expected = InvalidParameterValueException.class) public void createAclGroupTest() { - AclGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain"); + IAMGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain"); assertNotNull("Acl group 'group1' failed to create ", group); - AclGroupVO group2 = new AclGroupVO("group1", "my second group"); + IAMGroupVO group2 = new IAMGroupVO("group1", "my second group"); when(_aclGroupDao.findByName(eq("/root/mydomain"), eq("group1"))).thenReturn(group2); - AclGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain"); + IAMGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain"); } @Test(expected = InvalidParameterValueException.class) @@ -132,7 +132,7 @@ public class IAMServiceUnitTest { @Test public void accountGroupMaptest() { // create group - AclGroupVO group = new AclGroupVO("group1", "my first group"); + IAMGroupVO group = new IAMGroupVO("group1", "my first group"); // add account to group List<Long> accountIds = new ArrayList<Long>(); @@ -145,10 +145,10 @@ public class IAMServiceUnitTest { @Test(expected = InvalidParameterValueException.class) public void createAclPolicyTest() { - AclPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain"); + IAMPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain"); assertNotNull("Acl policy 'policy1' failed to create ", policy); - AclPolicyVO rvo = new AclPolicyVO("policy2", "second policy"); + IAMPolicyVO rvo = new IAMPolicyVO("policy2", "second policy"); when(_aclPolicyDao.findByName(eq("policy2"))).thenReturn(rvo); _iamService.createAclPolicy("policy2", "second policy", null, "/root/mydomain"); @@ -165,13 +165,13 @@ public class IAMServiceUnitTest { public static class TestConfiguration extends SpringUtils.CloudStackTestConfiguration { @Bean - public AclPolicyDao aclPolicyDao() { - return Mockito.mock(AclPolicyDao.class); + public IAMPolicyDao aclPolicyDao() { + return Mockito.mock(IAMPolicyDao.class); } @Bean - public AclGroupDao aclGroupDao() { - return Mockito.mock(AclGroupDao.class); + public IAMGroupDao aclGroupDao() { + return Mockito.mock(IAMGroupDao.class); } @Bean @@ -180,23 +180,23 @@ public class IAMServiceUnitTest { } @Bean - public AclGroupPolicyMapDao aclGroupPolicyMapDao() { - return Mockito.mock(AclGroupPolicyMapDao.class); + public IAMGroupPolicyMapDao aclGroupPolicyMapDao() { + return Mockito.mock(IAMGroupPolicyMapDao.class); } @Bean - public AclGroupAccountMapDao aclGroupAccountMapDao() { - return Mockito.mock(AclGroupAccountMapDao.class); + public IAMGroupAccountMapDao aclGroupAccountMapDao() { + return Mockito.mock(IAMGroupAccountMapDao.class); } @Bean - public AclAccountPolicyMapDao aclAccountPolicyMapDao() { - return Mockito.mock(AclAccountPolicyMapDao.class); + public IAMAccountPolicyMapDao aclAccountPolicyMapDao() { + return Mockito.mock(IAMAccountPolicyMapDao.class); } @Bean - public AclPolicyPermissionDao aclPolicyPermissionDao() { - return Mockito.mock(AclPolicyPermissionDao.class); + public IAMPolicyPermissionDao aclPolicyPermissionDao() { + return Mockito.mock(IAMPolicyPermissionDao.class); } public static class Library implements TypeFilter { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/setup/db/db/schema-430to440.sql ---------------------------------------------------------------------- diff --git a/setup/db/db/schema-430to440.sql b/setup/db/db/schema-430to440.sql index 4ce7ba9..917a954 100644 --- a/setup/db/db/schema-430to440.sql +++ b/setup/db/db/schema-430to440.sql @@ -447,7 +447,7 @@ CREATE VIEW `cloud`.`user_vm_view` AS `cloud`.`user_vm_details` `custom_ram_size` ON (((`custom_ram_size`.`vm_id` = `cloud`.`vm_instance`.`id`) and (`custom_ram_size`.`name` = 'memory'))); -- ACL DB schema -CREATE TABLE `cloud`.`acl_group` ( +CREATE TABLE `cloud`.`iam_group` ( `id` bigint unsigned NOT NULL UNIQUE auto_increment, `name` varchar(255) NOT NULL, `description` varchar(255) default NULL, @@ -458,23 +458,23 @@ CREATE TABLE `cloud`.`acl_group` ( `removed` datetime COMMENT 'date the group was removed', `created` datetime COMMENT 'date the group was created', PRIMARY KEY (`id`), - INDEX `i_acl_group__removed`(`removed`), - CONSTRAINT `uc_acl_group__uuid` UNIQUE (`uuid`) + INDEX `i_iam_group__removed`(`removed`), + CONSTRAINT `uc_iam_group__uuid` UNIQUE (`uuid`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8; -CREATE TABLE `cloud`.`acl_group_account_map` ( +CREATE TABLE `cloud`.`iam_group_account_map` ( `id` bigint unsigned NOT NULL auto_increment, `group_id` bigint unsigned NOT NULL, `account_id` bigint unsigned NOT NULL, `removed` datetime COMMENT 'date the account was removed from the group', `created` datetime COMMENT 'date the account was assigned to the group', PRIMARY KEY (`id`), - CONSTRAINT `fk_acl_group_vm_map__group_id` FOREIGN KEY(`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE, - CONSTRAINT `fk_acl_group_vm_map__account_id` FOREIGN KEY(`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE + CONSTRAINT `fk_iam_group_vm_map__group_id` FOREIGN KEY(`group_id`) REFERENCES `iam_group` (`id`) ON DELETE CASCADE, + CONSTRAINT `fk_iam_group_vm_map__account_id` FOREIGN KEY(`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `cloud`.`acl_policy` ( +CREATE TABLE `cloud`.`iam_policy` ( `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, `name` varchar(255) NOT NULL, `description` varchar(255) DEFAULT NULL, @@ -486,37 +486,37 @@ CREATE TABLE `cloud`.`acl_policy` ( `policy_type` varchar(64) DEFAULT 'Static' COMMENT 'Static or Dynamic', PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), - UNIQUE KEY `uc_acl_policy__uuid` (`uuid`), - KEY `i_acl_policy__removed` (`removed`) + UNIQUE KEY `uc_iam_policy__uuid` (`uuid`), + KEY `i_iam_policy__removed` (`removed`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8; -CREATE TABLE `cloud`.`acl_group_policy_map` ( +CREATE TABLE `cloud`.`iam_group_policy_map` ( `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, `group_id` bigint(20) unsigned NOT NULL, `policy_id` bigint(20) unsigned NOT NULL, `removed` datetime DEFAULT NULL COMMENT 'date the policy was revoked from the group', `created` datetime DEFAULT NULL COMMENT 'date the policy was attached to the group', PRIMARY KEY (`id`), - KEY `fk_acl_group_policy_map__group_id` (`group_id`), - KEY `fk_acl_group_policy_map__policy_id` (`policy_id`), - CONSTRAINT `fk_acl_group_policy_map__group_id` FOREIGN KEY (`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE, - CONSTRAINT `fk_acl_group_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE + KEY `fk_iam_group_policy_map__group_id` (`group_id`), + KEY `fk_iam_group_policy_map__policy_id` (`policy_id`), + CONSTRAINT `fk_iam_group_policy_map__group_id` FOREIGN KEY (`group_id`) REFERENCES `iam_group` (`id`) ON DELETE CASCADE, + CONSTRAINT `fk_iam_group_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_policy` (`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `cloud`.`acl_account_policy_map` ( +CREATE TABLE `cloud`.`iam_account_policy_map` ( `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, `account_id` bigint(20) unsigned NOT NULL, `policy_id` bigint(20) unsigned NOT NULL, `removed` datetime DEFAULT NULL COMMENT 'date the policy was revoked from the account', `created` datetime DEFAULT NULL COMMENT 'date the policy was attached to the account', PRIMARY KEY (`id`), - KEY `fk_acl_account_policy_map__account_id` (`account_id`), - KEY `fk_acl_account_policy_map__policy_id` (`policy_id`), - CONSTRAINT `fk_acl_account_policy_map__account_id` FOREIGN KEY (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE, - CONSTRAINT `fk_acl_account_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE + KEY `fk_iam_account_policy_map__account_id` (`account_id`), + KEY `fk_iam_account_policy_map__policy_id` (`policy_id`), + CONSTRAINT `fk_iam_account_policy_map__account_id` FOREIGN KEY (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE, + CONSTRAINT `fk_iam_account_policy_map__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_policy` (`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `cloud`.`acl_policy_permission` ( +CREATE TABLE `cloud`.`iam_policy_permission` ( `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, `policy_id` bigint(20) unsigned NOT NULL, `action` varchar(100) NOT NULL, @@ -530,30 +530,30 @@ CREATE TABLE `cloud`.`acl_policy_permission` ( `created` datetime DEFAULT NULL COMMENT 'date the permission was granted', PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), - KEY `fk_acl_policy_permission__policy_id` (`policy_id`), - CONSTRAINT `fk_acl_policy_permission__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `acl_policy` (`id`) ON DELETE CASCADE + KEY `fk_iam_policy_permission__policy_id` (`policy_id`), + CONSTRAINT `fk_iam_policy_permission__policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_policy` (`id`) ON DELETE CASCADE ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8; -INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (1, 'NORMAL', 'Domain user role', UUID(), '/', 1, Now(), 'Static'); -INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (2, 'ADMIN', 'Root admin role', UUID(), '/', 1, Now(), 'Static'); -INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin role', UUID(), '/', 1, Now(), 'Static'); -INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin role', UUID(), '/', 1, Now(), 'Static'); -INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin role', UUID(), '/', 1, Now(), 'Static'); -INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (6, 'RESOURCE_OWNER', 'Resource owner role', UUID(), '/', 1, Now(), 'Dynamic'); +INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (1, 'NORMAL', 'Domain user role', UUID(), '/', 1, Now(), 'Static'); +INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (2, 'ADMIN', 'Root admin role', UUID(), '/', 1, Now(), 'Static'); +INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin role', UUID(), '/', 1, Now(), 'Static'); +INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin role', UUID(), '/', 1, Now(), 'Static'); +INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin role', UUID(), '/', 1, Now(), 'Static'); +INSERT IGNORE INTO `cloud`.`iam_policy` (id, name, description, uuid, path, account_id, created, policy_type) VALUES (6, 'RESOURCE_OWNER', 'Resource owner role', UUID(), '/', 1, Now(), 'Dynamic'); -INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (1, 'NORMAL', 'Domain user group', UUID(), '/', 1, Now()); -INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (2, 'ADMIN', 'Root admin group', UUID(), '/', 1, Now()); -INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin group', UUID(), '/', 1, Now()); -INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin group', UUID(), '/', 1, Now()); -INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, path, account_id, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin group', UUID(), '/', 1, Now()); +INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (1, 'NORMAL', 'Domain user group', UUID(), '/', 1, Now()); +INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (2, 'ADMIN', 'Root admin group', UUID(), '/', 1, Now()); +INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin group', UUID(), '/', 1, Now()); +INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin group', UUID(), '/', 1, Now()); +INSERT IGNORE INTO `cloud`.`iam_group` (id, name, description, uuid, path, account_id, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin group', UUID(), '/', 1, Now()); -INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(1, 1, Now()); -INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(2, 2, Now()); -INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(3, 3, Now()); -INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(4, 4, Now()); -INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(5, 5, Now()); +INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(1, 1, Now()); +INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(2, 2, Now()); +INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(3, 3, Now()); +INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(4, 4, Now()); +INSERT INTO `cloud`.`iam_group_policy_map` (group_id, policy_id, created) values(5, 5, Now()); INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('NetworkManager', 'DEFAULT', 'management-server', 'vm.network.nic.max.secondary.ipaddresses', NULL, 'Specify the number of secondary ip addresses per nic per vm', '256') ON DUPLICATE KEY UPDATE category='NetworkManager';
