etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add access for domain wide createAffinityGroup

This commit is contained in:
Prachi Damle 2014-02-03 18:14:56 -08:00
parent a6d07c873c
commit 022b9b8f80
3 changed files with 42 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
View File

@ -38,6 +38,7 @@ import javax.naming.ConfigurationException;
import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
import org.apache.cloudstack.framework.config.ConfigDepot;
@ -670,10 +671,13 @@ public class NetworkOrchestrator extends ManagerBase implements NetworkOrchestra
if (domainId != null && aclType == ACLType.Domain) {
_networksDao.addDomainToNetwork(id, domainId, subdomainAccess == null ? true : subdomainAccess);
//send event for storing the domain wide resource access
// remove its related ACL permission
Pair<AclEntityType, Long> network = new Pair<AclEntityType, Long>(AclEntityType.Network, id);
Map<String, Object> params = new HashMap<String, Object>();
params.put(ApiConstants.ENTITY_TYPE, AclEntityType.Network);
params.put(ApiConstants.ENTITY_ID, id);
params.put(ApiConstants.DOMAIN_ID, domainId);
params.put(ApiConstants.SUBDOMAIN_ACCESS, subdomainAccess == null ? true : subdomainAccess);
_messageBus.publish(_name, EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT,
PublishScope.LOCAL, network);
PublishScope.LOCAL, params);
}
}
});

29
server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
View File

@ -28,13 +28,17 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
import org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDao;
import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.framework.messagebus.MessageBus;
import org.apache.cloudstack.framework.messagebus.PublishScope;
import com.cloud.domain.DomainVO;
import com.cloud.domain.dao.DomainDao;
@ -50,6 +54,7 @@ import com.cloud.utils.Pair;
import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.EntityManager;
import com.cloud.utils.db.Filter;
import com.cloud.utils.db.JoinBuilder;
import com.cloud.utils.db.SearchBuilder;
@ -92,6 +97,9 @@ public class AffinityGroupServiceImpl extends ManagerBase implements AffinityGro
@Inject
DomainManager _domainMgr;
@Inject
MessageBus _messageBus;
protected List<AffinityGroupProcessor> _affinityProcessors;
public List<AffinityGroupProcessor> getAffinityGroupProcessors() {
@ -200,14 +208,23 @@ public class AffinityGroupServiceImpl extends ManagerBase implements AffinityGro
public AffinityGroupVO doInTransaction(TransactionStatus status) {
AffinityGroupVO group =
new AffinityGroupVO(affinityGroupName, affinityGroupType, description, ownerFinal.getDomainId(), ownerFinal.getId(), aclTypeFinal);
_affinityGroupDao.persist(group);
_affinityGroupDao.persist(group);
if (domainId != null && aclTypeFinal == ACLType.Domain) {
boolean subDomainAccess = false;
subDomainAccess = processor.subDomainAccess();
AffinityGroupDomainMapVO domainMap = new AffinityGroupDomainMapVO(group.getId(), domainId, subDomainAccess);
_affinityGroupDomainMapDao.persist(domainMap);
}
boolean subDomainAccess = false;
subDomainAccess = processor.subDomainAccess();
AffinityGroupDomainMapVO domainMap = new AffinityGroupDomainMapVO(group.getId(), domainId,
subDomainAccess);
_affinityGroupDomainMapDao.persist(domainMap);
//send event for storing the domain wide resource access
Map<String, Object> params = new HashMap<String, Object>();
params.put(ApiConstants.ENTITY_TYPE, AclEntityType.AffinityGroup);
params.put(ApiConstants.ENTITY_ID, group.getId());
params.put(ApiConstants.DOMAIN_ID, domainId);
params.put(ApiConstants.SUBDOMAIN_ACCESS, subDomainAccess);
_messageBus.publish(_name, EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, PublishScope.LOCAL,
params);
}
return group;
}

30
services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
View File

@ -67,8 +67,6 @@ import com.cloud.domain.dao.DomainDao;
import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.dao.NetworkDomainDao;
import com.cloud.network.dao.NetworkDomainVO;
import com.cloud.template.TemplateManager;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
@ -105,9 +103,6 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@Inject
MessageBus _messageBus;
@Inject
NetworkDomainDao _networkDomainDao;
@Override
public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
_messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
@ -221,9 +216,9 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
_messageBus.subscribe(EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
Pair<AclEntityType, Long> entity = (Pair<AclEntityType, Long>) obj;
if (entity != null) {
addDomainWideResourceAccess(entity);
Map<String, Object> params = (Map<String, Object>) obj;
if (params != null) {
addDomainWideResourceAccess(params);
}
}
});
@ -231,20 +226,19 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
return super.configure(name, params);
}
private void addDomainWideResourceAccess(Pair<AclEntityType, Long> entity) {
private void addDomainWideResourceAccess(Map<String, Object> params) {
String entityType = entity.first().toString();
Long entityId = entity.second();
String entityType = (String) params.get(ApiConstants.ENTITY_TYPE);
Long entityId = (Long) params.get(ApiConstants.ENTITY_ID);
Long domainId = (Long) params.get(ApiConstants.DOMAIN_ID);
Boolean isRecursive = (Boolean) params.get(ApiConstants.SUBDOMAIN_ACCESS);
if (AclEntityType.Network.toString().equals(entityType)) {
NetworkDomainVO networkDomainMap = _networkDomainDao.getDomainNetworkMapByNetworkId(entityId);
if (networkDomainMap != null) {
createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType,
entityId, "listNetworks", AccessType.UseEntry, networkDomainMap.getDomainId(),
networkDomainMap.isSubdomainAccess());
}
createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType,
entityId, "listNetworks", AccessType.UseEntry, domainId, isRecursive);
} else if (AclEntityType.AffinityGroup.toString().equals(entityType)) {
createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide affinityGroup", entityType,
entityId, "listAffinityGroups", AccessType.UseEntry, domainId, isRecursive);
}
}