From 1c85af319340b28152a75606da577ec8e6eb51ca Mon Sep 17 00:00:00 2001 From: Prachi Damle Date: Mon, 10 Mar 2014 17:27:32 -0700 Subject: [PATCH] A production/QA Setup does not populate the admin and SYSTEM accounts during database setup. So IAM plugin needs to insert the necessary group <-> account map in the DB during startup --- .../cloudstack/iam/IAMApiServiceImpl.java | 95 +++++++++++++++++++ 1 file changed, 95 insertions(+) diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java index 97519f26d56..47b7697124d 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java @@ -16,6 +16,9 @@ // under the License. package org.apache.cloudstack.iam; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -111,6 +114,11 @@ import com.cloud.utils.component.Manager; import com.cloud.utils.component.ManagerBase; import com.cloud.utils.db.DB; import com.cloud.utils.db.EntityManager; +import com.cloud.utils.db.Transaction; +import com.cloud.utils.db.TransactionCallbackNoReturn; +import com.cloud.utils.db.TransactionLegacy; +import com.cloud.utils.db.TransactionStatus; +import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.vm.InstanceGroupVO; import com.cloud.vm.VMInstanceVO; import com.cloud.vm.dao.NicIpAliasVO; @@ -190,6 +198,11 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man @Override public boolean configure(final String name, final Map params) throws ConfigurationException { + + // populate group <-> account association if not present for CS admin + // and system accounts + populateIAMGroupAdminAccountMap(); + _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() { @Override public void onPublishMessage(String senderAddress, String subject, Object obj) { @@ -338,6 +351,88 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man return super.configure(name, params); } + private void populateIAMGroupAdminAccountMap() { + + Transaction.execute(new TransactionCallbackNoReturn() { + @Override + public void doInTransactionWithoutResult(TransactionStatus status) { + TransactionLegacy txn = TransactionLegacy.currentTxn(); + + String searchQuery = "Select id from `cloud`.`iam_group_account_map` where account_id = ? and removed is null"; + ResultSet rs = null; + PreparedStatement acctQuery = null; + PreparedStatement acctInsert = null; + // find if the system account is present in the map + try { + acctQuery = txn.prepareAutoCloseStatement(searchQuery); + acctQuery.setLong(1, Account.ACCOUNT_ID_SYSTEM); + + rs = acctQuery.executeQuery(); + if (!rs.next()) { + acctInsert = txn + .prepareAutoCloseStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())"); + // insert entry in iam_group_account_map table + acctInsert.setLong(1, Account.ACCOUNT_TYPE_ADMIN + 1); + acctInsert.setLong(2, Account.ACCOUNT_ID_SYSTEM); + acctInsert.executeUpdate(); + } + } catch (SQLException ex) { + String msg = "Unable to populate iam_group_account_map for SYSTEM account." + ex.getMessage(); + s_logger.error(msg); + throw new CloudRuntimeException(msg, ex); + } finally { + try { + if (acctInsert != null) { + acctInsert.close(); + } + if (rs != null) { + rs.close(); + } + if (acctQuery != null) { + acctQuery.close(); + } + } catch (SQLException e) { + } + } + + // find if the admin account is present in the map + try { + acctQuery = txn.prepareAutoCloseStatement(searchQuery); + acctQuery.setLong(1, Account.ACCOUNT_ID_SYSTEM + 1); + + rs = acctQuery.executeQuery(); + if (!rs.next()) { + acctInsert = txn + .prepareAutoCloseStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())"); + // insert entry in iam_group_account_map table + acctInsert.setLong(1, Account.ACCOUNT_TYPE_ADMIN + 1); + acctInsert.setLong(2, Account.ACCOUNT_ID_SYSTEM + 1); + acctInsert.executeUpdate(); + } + } catch (SQLException ex) { + String msg = "Unable to populate iam_group_account_map for Admin account." + ex.getMessage(); + s_logger.error(msg); + throw new CloudRuntimeException(msg, ex); + } finally { + try { + if (acctInsert != null) { + acctInsert.close(); + } + if (rs != null) { + rs.close(); + } + if (acctQuery != null) { + acctQuery.close(); + } + } catch (SQLException e) { + } + } + + } + }); + + } + private void addDomainWideResourceAccess(Map params) { IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);