iam/server changes: Rename Acl to IAM
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/63098878 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/63098878 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/63098878 Branch: refs/heads/master Commit: 6309887800c74b4049558a85ba18f5a14749b72b Parents: 187f9cd Author: Prachi Damle <[email protected]> Authored: Tue Feb 25 16:41:53 2014 -0800 Committer: Prachi Damle <[email protected]> Committed: Tue Feb 25 16:43:25 2014 -0800 ---------------------------------------------------------------------- .../cloudstack/iam/IAMApiServiceImpl.java | 56 ++++----- .../iam/RoleBasedAPIAccessChecker.java | 18 +-- .../iam/RoleBasedEntityAccessChecker.java | 10 +- .../iam/RoleBasedEntityQuerySelector.java | 16 +-- .../apache/cloudstack/iam/api/IAMService.java | 42 +++---- .../iam/server/IAMAccountPolicyMapVO.java | 10 +- .../cloudstack/iam/server/IAMServiceImpl.java | 116 +++++++++---------- .../server/dao/IAMAccountPolicyMapDaoImpl.java | 4 +- .../cloudstack/iam/IAMServiceUnitTest.java | 12 +- 9 files changed, 142 insertions(+), 142 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java index de57a41..393fe0e 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java @@ -149,7 +149,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man if (domainId != null) { s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group"); Domain domain = _domainDao.findById(domainId); - _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath()); + _iamSrv.createIAMGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath()); } } }); @@ -163,7 +163,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man Domain domain = _domainDao.findById(domainId); List<IAMGroup> groups = listDomainGroup(domain); for (IAMGroup group : groups) { - _iamSrv.deleteAclGroup(group.getId()); + _iamSrv.deleteIAMGroup(group.getId()); } } } @@ -175,9 +175,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man Long templateId = (Long)obj; if (templateId != null) { s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies"); - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(), + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(), PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false); - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(), + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(), PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false); } } @@ -202,7 +202,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man String entityType = entity.first().toString(); Long entityId = entity.second(); s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission"); - _iamSrv.removeAclPermissionForEntity(entityType, entityId); + _iamSrv.removeIAMPermissionForEntity(entityType, entityId); } } }); @@ -275,8 +275,8 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man Domain domain = _domainDao.findById(domainId); if (domain != null) { - IAMPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath()); - _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(), + IAMPolicy policy = _iamSrv.createIAMPolicy(policyName, description, null, domain.getPath()); + _iamSrv.addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(), entityId, action, accessType.toString(), Permission.Allow, recursive); List<Long> policyList = new ArrayList<Long>(); policyList.add(new Long(policy.getId())); @@ -284,7 +284,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man List<IAMGroup> domainGroups = listDomainGroup(domain); if (domainGroups != null) { for (IAMGroup group : domainGroups) { - _iamSrv.attachAclPoliciesToGroup(policyList, group.getId()); + _iamSrv.attachIAMPoliciesToGroup(policyList, group.getId()); } } } @@ -299,19 +299,19 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man if (callerDomain == null) { throw new InvalidParameterValueException("Caller does not have a domain"); } - return _iamSrv.createAclGroup(iamGroupName, description, callerDomain.getPath()); + return _iamSrv.createIAMGroup(iamGroupName, description, callerDomain.getPath()); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_DELETE, eventDescription = "Deleting Acl Group") public boolean deleteIAMGroup(final Long iamGroupId) { - return _iamSrv.deleteAclGroup(iamGroupId); + return _iamSrv.deleteIAMGroup(iamGroupId); } @Override public List<IAMGroup> listIAMGroups(long accountId) { - return _iamSrv.listAclGroups(accountId); + return _iamSrv.listIAMGroups(accountId); } @@ -356,34 +356,34 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man if (callerDomain == null) { throw new InvalidParameterValueException("Caller does not have a domain"); } - return _iamSrv.createAclPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath()); + return _iamSrv.createIAMPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath()); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_DELETE, eventDescription = "Deleting IAM Policy") public boolean deleteIAMPolicy(final long iamPolicyId) { - return _iamSrv.deleteAclPolicy(iamPolicyId); + return _iamSrv.deleteIAMPolicy(iamPolicyId); } @Override public List<IAMPolicy> listIAMPolicies(long accountId) { - return _iamSrv.listAclPolicies(accountId); + return _iamSrv.listIAMPolicies(accountId); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Attaching policy to acl group") public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) { - return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId); + return _iamSrv.attachIAMPoliciesToGroup(policyIds, groupId); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Removing policies from acl group") public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) { - return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId); + return _iamSrv.removeIAMPoliciesFromGroup(policyIds, groupId); } @@ -391,14 +391,14 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts") public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> accountIds) { - _iamSrv.attachAclPolicyToAccounts(policyId, accountIds); + _iamSrv.attachIAMPolicyToAccounts(policyId, accountIds); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts") public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> accountIds) { - _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds); + _iamSrv.removeIAMPolicyFromAccounts(policyId, accountIds); } @DB @@ -411,7 +411,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man if (BaseListCmd.class.isAssignableFrom(cmdClass)) { accessType = AccessType.UseEntry; } - return _iamSrv.addAclPermissionToAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action, + return _iamSrv.addIAMPermissionToIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action, accessType.toString(), perm, recursive); } @@ -419,12 +419,12 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_REVOKE, eventDescription = "Revoking acl permission from IAM Policy") public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) { - return _iamSrv.removeAclPermissionFromAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action); + return _iamSrv.removeIAMPermissionFromIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action); } @Override public IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action) { - List<IAMPolicy> policies = _iamSrv.listAclPolicies(accountId); + List<IAMPolicy> policies = _iamSrv.listIAMPolicies(accountId); IAMPolicyPermission curPerm = null; for (IAMPolicy policy : policies) { List<IAMPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action, @@ -515,7 +515,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man } // find all the policies attached to this group - List<IAMPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId()); + List<IAMPolicy> policies = _iamSrv.listIAMPoliciesByGroup(group.getId()); if (policies != null && policies.size() > 0) { for (IAMPolicy policy : policies) { response.addPolicy(policy.getName()); @@ -532,7 +532,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man if (domain != null) { String domainPath = domain.getPath(); // search for groups - Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(), + Pair<List<IAMGroup>, Integer> result = _iamSrv.listIAMGroups(null, "DomainGrp-" + domain.getUuid(), domainPath, null, null); return result.first(); } @@ -558,7 +558,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man } String domainPath = domain.getPath(); // search for groups - Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize); + Pair<List<IAMGroup>, Integer> result = _iamSrv.listIAMGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize); // generate group response ListResponse<IAMGroupResponse> response = new ListResponse<IAMGroupResponse>(); List<IAMGroupResponse> groupResponses = new ArrayList<IAMGroupResponse>(); @@ -589,7 +589,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man } String domainPath = domain.getPath(); // search for policies - Pair<List<IAMPolicy>, Integer> result = _iamSrv.listAclPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize); + Pair<List<IAMPolicy>, Integer> result = _iamSrv.listIAMPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize); // generate policy response ListResponse<IAMPolicyResponse> response = new ListResponse<IAMPolicyResponse>(); List<IAMPolicyResponse> policyResponses = new ArrayList<IAMPolicyResponse>(); @@ -653,9 +653,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man private void resetTemplatePermission(Long templateId){ // reset template will change template to private, so we need to remove its permission for domain admin and normal user group - _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(), + _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(), PermissionScope.RESOURCE.toString(), templateId, "listTemplates"); - _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(), + _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(), PermissionScope.RESOURCE.toString(), templateId, "listTemplates"); // check if there is a policy with only UseEntry permission for this template added IAMPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates"); @@ -664,7 +664,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man return; } // delete the policy, which should detach it from groups and accounts - _iamSrv.deleteAclPolicy(policy.getId()); + _iamSrv.deleteIAMPolicy(policy.getId()); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java index 48e6ede..fb75db3 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java @@ -90,7 +90,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker + "is null"); } - List<IAMPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId()); + List<IAMPolicy> policies = _iamSrv.listIAMPolicies(account.getAccountId()); boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies); if (!isAllowed) { @@ -117,25 +117,25 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker for (RoleType role : RoleType.values()) { Long policyId = getDefaultPolicyId(role); if (policyId != null) { - _iamSrv.resetAclPolicy(policyId); + _iamSrv.resetIAMPolicy(policyId); } } // add the system-domain capability - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null, + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null, "SystemCapability", null, Permission.Allow, false); - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null, + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null, "DomainCapability", null, Permission.Allow, false); - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null, + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null, "DomainResourceCapability", null, Permission.Allow, false); // add permissions for public templates List<VMTemplateVO> pTmplts = _templateDao.listByPublic(); for (VMTemplateVO tmpl : pTmplts){ - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(), + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(), PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false); - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(), + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(), PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false); } @@ -259,11 +259,11 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker if (entityTypes == null || entityTypes.length == 0) { - _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), + _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false); } else { for (IAMEntityType entityType : entityTypes) { - _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), + _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false); } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java index 13f6914..d0d9d88 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java @@ -64,7 +64,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur if (entity == null && action != null) { // check if caller can do this action - List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId()); + List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getAccountId()); boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies); if (!isAllowed) { @@ -164,7 +164,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur private List<IAMPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) { // Get the static Policies of the Caller - List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getId()); + List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getId()); // add any dynamic policies w.r.t the entity if (caller.getId() == entity.getAccountId()) { @@ -172,12 +172,12 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur policies.add(_iamSrv.getResourceOwnerPolicy()); } - List<IAMGroup> groups = _iamSrv.listAclGroups(caller.getId()); + List<IAMGroup> groups = _iamSrv.listIAMGroups(caller.getId()); for (IAMGroup group : groups) { // for each group find the grand parent groups. - List<IAMGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId()); + List<IAMGroup> parentGroups = _iamSrv.listParentIAMGroups(group.getId()); for (IAMGroup parentGroup : parentGroups) { - policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId())); + policies.addAll(_iamSrv.listRecursiveIAMPoliciesByGroup(parentGroup.getId())); } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java index 596ac7e..23c57a1 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java @@ -44,7 +44,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe public List<Long> getAuthorizedDomains(Account caller, String action) { long accountId = caller.getAccountId(); // Get the static Policies of the Caller - List<IAMPolicy> policies = _iamService.listAclPolicies(accountId); + List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId); // for each policy, find granted permission with Domain scope List<Long> domainIds = new ArrayList<Long>(); for (IAMPolicy policy : policies) { @@ -68,7 +68,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe public List<Long> getAuthorizedAccounts(Account caller, String action) { long accountId = caller.getAccountId(); // Get the static Policies of the Caller - List<IAMPolicy> policies = _iamService.listAclPolicies(accountId); + List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId); // for each policy, find granted permission with Account scope List<Long> accountIds = new ArrayList<Long>(); for (IAMPolicy policy : policies) { @@ -92,15 +92,15 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe public List<Long> getAuthorizedResources(Account caller, String action) { long accountId = caller.getAccountId(); // Get the static Policies of the Caller - List<IAMPolicy> policies = _iamService.listAclPolicies(accountId); + List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId); // add the policies that grant recursive access - List<IAMGroup> groups = _iamService.listAclGroups(caller.getId()); + List<IAMGroup> groups = _iamService.listIAMGroups(caller.getId()); for (IAMGroup group : groups) { // for each group find the grand parent groups. - List<IAMGroup> parentGroups = _iamService.listParentAclGroups(group.getId()); + List<IAMGroup> parentGroups = _iamService.listParentIAMGroups(group.getId()); for (IAMGroup parentGroup : parentGroups) { - policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId())); + policies.addAll(_iamService.listRecursiveIAMPoliciesByGroup(parentGroup.getId())); } } @@ -123,7 +123,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe public boolean isGrantedAll(Account caller, String action) { long accountId = caller.getAccountId(); // Get the static Policies of the Caller - List<IAMPolicy> policies = _iamService.listAclPolicies(accountId); + List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId); // for each policy, find granted permission with ALL scope for (IAMPolicy policy : policies) { List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString()); @@ -136,7 +136,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe @Override public List<String> listAclGroupsByAccount(long accountId) { - List<IAMGroup> groups = _iamService.listAclGroups(accountId); + List<IAMGroup> groups = _iamService.listIAMGroups(accountId); List<String> groupNames = new ArrayList<String>(); for (IAMGroup grp : groups) { groupNames.add(grp.getName()); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java index 6eb61fa..74a0885 100644 --- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java +++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java @@ -24,12 +24,12 @@ import com.cloud.utils.Pair; public interface IAMService { - /* ACL group related interfaces */ - IAMGroup createAclGroup(String aclGroupName, String description, String path); + /* IAM group related interfaces */ + IAMGroup createIAMGroup(String iamGroupName, String description, String path); - boolean deleteAclGroup(Long aclGroupId); + boolean deleteIAMGroup(Long iamGroupId); - List<IAMGroup> listAclGroups(long accountId); + List<IAMGroup> listIAMGroups(long accountId); IAMGroup addAccountsToGroup(List<Long> acctIds, Long groupId); @@ -37,34 +37,34 @@ public interface IAMService { List<Long> listAccountsByGroup(long groupId); - Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize); + Pair<List<IAMGroup>, Integer> listIAMGroups(Long iamGroupId, String iamGroupName, String path, Long startIndex, Long pageSize); - /* ACL Policy related interfaces */ - IAMPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path); + /* IAM Policy related interfaces */ + IAMPolicy createIAMPolicy(String iamPolicyName, String description, Long parentPolicyId, String path); - boolean deleteAclPolicy(long aclPolicyId); + boolean deleteIAMPolicy(long iamPolicyId); - List<IAMPolicy> listAclPolicies(long accountId); + List<IAMPolicy> listIAMPolicies(long accountId); - List<IAMPolicy> listAclPoliciesByGroup(long groupId); + List<IAMPolicy> listIAMPoliciesByGroup(long groupId); - Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize); + Pair<List<IAMPolicy>, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize); - IAMGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId); + IAMGroup attachIAMPoliciesToGroup(List<Long> policyIds, Long groupId); - IAMGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId); + IAMGroup removeIAMPoliciesFromGroup(List<Long> policyIds, Long groupId); - void attachAclPolicyToAccounts(Long policyId, List<Long> acctIds); + void attachIAMPolicyToAccounts(Long policyId, List<Long> acctIds); - void removeAclPolicyFromAccounts(Long policyId, List<Long> acctIds); + void removeIAMPolicyFromAccounts(Long policyId, List<Long> acctIds); - IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId, + IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId, String action, String accessType, Permission perm, Boolean recursive); - IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId, + IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId, String action); - void removeAclPermissionForEntity(final String entityType, final Long entityId); + void removeIAMPermissionForEntity(final String entityType, final Long entityId); IAMPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action); @@ -80,13 +80,13 @@ public interface IAMService { List<Long> getGrantedEntities(long accountId, String action, String scope); - IAMPolicy resetAclPolicy(long aclPolicyId); + IAMPolicy resetIAMPolicy(long iamPolicyId); List<IAMPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType, String entityType); - List<IAMGroup> listParentAclGroups(long groupId); + List<IAMGroup> listParentIAMGroups(long groupId); - List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId); + List<IAMPolicy> listRecursiveIAMPoliciesByGroup(long groupId); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java index 8f3ac7d..a537655 100644 --- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java @@ -39,7 +39,7 @@ public class IAMAccountPolicyMapVO { private long accountId; @Column(name = "policy_id") - private long aclPolicyId; + private long iamPolicyId; @Column(name = GenericDao.REMOVED_COLUMN) private Date removed; @@ -50,9 +50,9 @@ public class IAMAccountPolicyMapVO { public IAMAccountPolicyMapVO() { } - public IAMAccountPolicyMapVO(long accountId, long aclPolicyId) { + public IAMAccountPolicyMapVO(long accountId, long iamPolicyId) { this.accountId = accountId; - this.aclPolicyId = aclPolicyId; + this.iamPolicyId = iamPolicyId; } public long getId() { @@ -63,8 +63,8 @@ public class IAMAccountPolicyMapVO { return accountId; } - public long getAclPolicyId() { - return aclPolicyId; + public long getIAMPolicyId() { + return iamPolicyId; } public Date getRemoved() { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java index 02da7c3..11af27e 100644 --- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java @@ -84,15 +84,15 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMGroup createAclGroup(String aclGroupName, String description, String path) { + public IAMGroup createIAMGroup(String iamGroupName, String description, String path) { // check if the group is already existing - IAMGroup grp = _aclGroupDao.findByName(path, aclGroupName); + IAMGroup grp = _aclGroupDao.findByName(path, iamGroupName); if (grp != null) { throw new InvalidParameterValueException( - "Unable to create acl group with name " + aclGroupName + "Unable to create acl group with name " + iamGroupName + " already exisits for path " + path); } - IAMGroupVO rvo = new IAMGroupVO(aclGroupName, description); + IAMGroupVO rvo = new IAMGroupVO(iamGroupName, description); rvo.setPath(path); return _aclGroupDao.persist(rvo); @@ -100,11 +100,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public boolean deleteAclGroup(final Long aclGroupId) { + public boolean deleteIAMGroup(final Long iamGroupId) { // get the Acl Group entity - final IAMGroup grp = _aclGroupDao.findById(aclGroupId); + final IAMGroup grp = _aclGroupDao.findById(iamGroupId); if (grp == null) { - throw new InvalidParameterValueException("Unable to find acl group: " + aclGroupId + throw new InvalidParameterValueException("Unable to find acl group: " + iamGroupId + "; failed to delete acl group."); } @@ -128,7 +128,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { } // remove this group from acl_group table - _aclGroupDao.remove(aclGroupId); + _aclGroupDao.remove(iamGroupId); } }); @@ -137,7 +137,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @SuppressWarnings("unchecked") @Override - public List<IAMGroup> listAclGroups(long accountId) { + public List<IAMGroup> listIAMGroups(long accountId) { GenericSearchBuilder<IAMGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class); groupSB.selectFields(groupSB.entity().getAclGroupId()); @@ -225,11 +225,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { } @Override - public Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) { - if (aclGroupId != null) { - IAMGroup group = _aclGroupDao.findById(aclGroupId); + public Pair<List<IAMGroup>, Integer> listIAMGroups(Long iamGroupId, String iamGroupName, String path, Long startIndex, Long pageSize) { + if (iamGroupId != null) { + IAMGroup group = _aclGroupDao.findById(iamGroupId); if (group == null) { - throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId); + throw new InvalidParameterValueException("Unable to find acl group by id " + iamGroupId); } } @@ -242,12 +242,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { SearchCriteria<IAMGroupVO> sc = sb.create(); - if (aclGroupName != null) { - sc.setParameters("name", aclGroupName); + if (iamGroupName != null) { + sc.setParameters("name", iamGroupName); } - if (aclGroupId != null) { - sc.setParameters("id", aclGroupId); + if (iamGroupId != null) { + sc.setParameters("id", iamGroupId); } sc.setParameters("path", path + "%"); @@ -257,7 +257,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { } @Override - public List<IAMGroup> listParentAclGroups(long groupId) { + public List<IAMGroup> listParentIAMGroups(long groupId) { IAMGroup group = _aclGroupDao.findById(groupId); if (group == null) { throw new InvalidParameterValueException("Unable to find acl group by id " + groupId); @@ -294,20 +294,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) { + public IAMPolicy createIAMPolicy(final String iamPolicyName, final String description, final Long parentPolicyId, final String path) { // check if the policy is already existing - IAMPolicy ro = _aclPolicyDao.findByName(aclPolicyName); + IAMPolicy ro = _aclPolicyDao.findByName(iamPolicyName); if (ro != null) { throw new InvalidParameterValueException( - "Unable to create acl policy with name " + aclPolicyName + "Unable to create acl policy with name " + iamPolicyName + " already exisits"); } IAMPolicy role = Transaction.execute(new TransactionCallback<IAMPolicy>() { @Override public IAMPolicy doInTransaction(TransactionStatus status) { - IAMPolicyVO rvo = new IAMPolicyVO(aclPolicyName, description); + IAMPolicyVO rvo = new IAMPolicyVO(iamPolicyName, description); rvo.setPath(path); IAMPolicy role = _aclPolicyDao.persist(rvo); @@ -331,11 +331,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public boolean deleteAclPolicy(final long aclPolicyId) { + public boolean deleteIAMPolicy(final long iamPolicyId) { // get the Acl Policy entity - final IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId); + final IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId + throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId + "; failed to delete acl policy."); } @@ -367,7 +367,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { } // remove this role from acl_role table - _aclPolicyDao.remove(aclPolicyId); + _aclPolicyDao.remove(iamPolicyId); } }); @@ -377,7 +377,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @SuppressWarnings("unchecked") @Override - public List<IAMPolicy> listAclPolicies(long accountId) { + public List<IAMPolicy> listIAMPolicies(long accountId) { // static policies of the account SearchBuilder<IAMGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder(); @@ -395,7 +395,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { // add policies directly attached to the account List<IAMAccountPolicyMapVO> acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId); for (IAMAccountPolicyMapVO p : acctPolicies) { - policyIds.add(p.getAclPolicyId()); + policyIds.add(p.getIAMPolicyId()); } if (policyIds.size() == 0) { return new ArrayList<IAMPolicy>(); @@ -413,7 +413,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @SuppressWarnings("unchecked") @Override - public List<IAMPolicy> listAclPoliciesByGroup(long groupId) { + public List<IAMPolicy> listIAMPoliciesByGroup(long groupId) { List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId); if (policyGrpMap == null || policyGrpMap.size() == 0) { return new ArrayList<IAMPolicy>(); @@ -436,7 +436,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @SuppressWarnings("unchecked") @Override - public List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId) { + public List<IAMPolicy> listRecursiveIAMPoliciesByGroup(long groupId) { List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId); if (policyGrpMap == null || policyGrpMap.size() == 0) { return new ArrayList<IAMPolicy>(); @@ -468,12 +468,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @SuppressWarnings("unchecked") @Override - public Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) { + public Pair<List<IAMPolicy>, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize) { - if (aclPolicyId != null) { - IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId); + if (iamPolicyId != null) { + IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId); + throw new InvalidParameterValueException("Unable to find acl policy by id " + iamPolicyId); } } @@ -486,12 +486,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { SearchCriteria<IAMPolicyVO> sc = sb.create(); - if (aclPolicyName != null) { - sc.setParameters("name", aclPolicyName); + if (iamPolicyName != null) { + sc.setParameters("name", iamPolicyName); } - if (aclPolicyId != null) { - sc.setParameters("id", aclPolicyId); + if (iamPolicyId != null) { + sc.setParameters("id", iamPolicyId); } sc.setParameters("path", path + "%"); @@ -504,7 +504,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) { + public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) { // get the Acl Group entity IAMGroup group = _aclGroupDao.findById(groupId); if (group == null) { @@ -538,7 +538,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) { + public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) { // get the Acl Group entity IAMGroup group = _aclGroupDao.findById(groupId); if (group == null) { @@ -570,7 +570,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @Override - public void attachAclPolicyToAccounts(final Long policyId, final List<Long> acctIds) { + public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> acctIds) { IAMPolicy policy = _aclPolicyDao.findById(policyId); if (policy == null) { throw new InvalidParameterValueException("Unable to find acl policy: " + policyId @@ -594,7 +594,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { } @Override - public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> acctIds) { + public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> acctIds) { IAMPolicy policy = _aclPolicyDao.findById(policyId); if (policy == null) { throw new InvalidParameterValueException("Unable to find acl policy: " + policyId @@ -619,20 +619,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId, + public IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId, String action, String accessType, Permission perm, Boolean recursive) { // get the Acl Policy entity - IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId); + IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId + throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId + "; failed to add permission to policy."); } // add entry in acl_policy_permission table - IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm); + IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(iamPolicyId, entityType, scope, scopeId, action, perm); if (permit == null) { // not there already - permit = new IAMPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm, + permit = new IAMPolicyPermissionVO(iamPolicyId, action, entityType, accessType, scope, scopeId, perm, recursive); _policyPermissionDao.persist(permit); } @@ -642,16 +642,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId, + public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId, String action) { // get the Acl Policy entity - IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId); + IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId + throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId + "; failed to revoke permission from policy."); } // remove entry from acl_entity_permission table - IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, Permission.Allow); + IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(iamPolicyId, entityType, scope, scopeId, action, Permission.Allow); if (permit != null) { // not removed yet _policyPermissionDao.remove(permit.getId()); @@ -661,7 +661,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public void removeAclPermissionForEntity(final String entityType, final Long entityId) { + public void removeIAMPermissionForEntity(final String entityType, final Long entityId) { Transaction.execute(new TransactionCallbackNoReturn() { @Override public void doInTransactionWithoutResult(TransactionStatus status) { @@ -673,7 +673,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { // remove the policy if there are no other permissions if ((_policyPermissionDao.listByPolicy(policyId)).isEmpty()) { - deleteAclPolicy(policyId); + deleteIAMPolicy(policyId); } } } @@ -682,11 +682,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMPolicy resetAclPolicy(long aclPolicyId) { + public IAMPolicy resetIAMPolicy(long iamPolicyId) { // get the Acl Policy entity - IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId); + IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId + throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId + "; failed to reset the policy."); } @@ -695,7 +695,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ); sb.done(); SearchCriteria<IAMPolicyPermissionVO> permissionSC = sb.create(); - permissionSC.setParameters("policyId", aclPolicyId); + permissionSC.setParameters("policyId", iamPolicyId); _policyPermissionDao.expunge(permissionSC); return policy; @@ -736,7 +736,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @Override public List<Long> getGrantedEntities(long accountId, String action, String scope) { // Get the static Policies of the Caller - List<IAMPolicy> policies = listAclPolicies(accountId); + List<IAMPolicy> policies = listIAMPolicies(accountId); // for each policy, find granted permission within the given scope List<Long> entityIds = new ArrayList<Long>(); for (IAMPolicy policy : policies) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java index 883fd5c..a112a3e 100644 --- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java @@ -26,11 +26,11 @@ public class IAMAccountPolicyMapDaoImpl extends GenericDaoBase<IAMAccountPolicyM ListByAccountId.done(); ListByPolicyId = createSearchBuilder(); - ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ); + ListByPolicyId.and("policyId", ListByPolicyId.entity().getIAMPolicyId(), SearchCriteria.Op.EQ); ListByPolicyId.done(); findByPolicyAccountId = createSearchBuilder(); - findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getAclPolicyId(), SearchCriteria.Op.EQ); + findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getIAMPolicyId(), SearchCriteria.Op.EQ); findByPolicyAccountId.and("accountId", findByPolicyAccountId.entity().getAccountId(), SearchCriteria.Op.EQ); findByPolicyAccountId.done(); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/63098878/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java ---------------------------------------------------------------------- diff --git a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java index 8760199..53cfc71 100644 --- a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java +++ b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java @@ -114,19 +114,19 @@ public class IAMServiceUnitTest { @Test(expected = InvalidParameterValueException.class) public void createAclGroupTest() { - IAMGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain"); + IAMGroup group = _iamService.createIAMGroup("group1", "my first group", "/root/mydomain"); assertNotNull("Acl group 'group1' failed to create ", group); IAMGroupVO group2 = new IAMGroupVO("group1", "my second group"); when(_aclGroupDao.findByName(eq("/root/mydomain"), eq("group1"))).thenReturn(group2); - IAMGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain"); + IAMGroup group3 = _iamService.createIAMGroup("group1", "my first group", "/root/mydomain"); } @Test(expected = InvalidParameterValueException.class) public void deleteAclGroupInvalidIdTest() { when(_aclGroupDao.findById(20L)).thenReturn(null); - _iamService.deleteAclGroup(20L); + _iamService.deleteIAMGroup(20L); } @Test @@ -145,19 +145,19 @@ public class IAMServiceUnitTest { @Test(expected = InvalidParameterValueException.class) public void createAclPolicyTest() { - IAMPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain"); + IAMPolicy policy = _iamService.createIAMPolicy("policy1", "my first policy", null, "/root/mydomain"); assertNotNull("Acl policy 'policy1' failed to create ", policy); IAMPolicyVO rvo = new IAMPolicyVO("policy2", "second policy"); when(_aclPolicyDao.findByName(eq("policy2"))).thenReturn(rvo); - _iamService.createAclPolicy("policy2", "second policy", null, "/root/mydomain"); + _iamService.createIAMPolicy("policy2", "second policy", null, "/root/mydomain"); } @Test(expected = InvalidParameterValueException.class) public void deleteAclPolicyInvalidIdTest() { when(_aclPolicyDao.findById(34L)).thenReturn(null); - _iamService.deleteAclPolicy(34L); + _iamService.deleteIAMPolicy(34L); } @Configuration
