From 52f40433b9dbc5d78e7000410da09cb7f55e499f Mon Sep 17 00:00:00 2001 From: Prachi Damle Date: Tue, 22 Apr 2014 18:18:44 -0700 Subject: [PATCH] CLOUDSTACK-6474: IAM - Not able to list shared networks that is created with scope="all" Changes: - On startup the root domain group should be created - Also the SYSTEM and Root Admin accounts should be added to that group - This will make sure that the root domain shared network's policy gets attached to the root domain group --- .../apache/cloudstack/iam/IAMApiServiceImpl.java | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java index 8b454e0da78..77e588b122a 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java @@ -352,6 +352,21 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man sysAccts.add(Account.ACCOUNT_ID_SYSTEM); sysAccts.add(Account.ACCOUNT_ID_SYSTEM + 1); _iamSrv.addAccountsToGroup(sysAccts, new Long(Account.ACCOUNT_TYPE_ADMIN + 1)); + + // add the root domain group + Domain domain = _domainDao.findById(Domain.ROOT_DOMAIN); + if (domain != null) { + List domainGroups = listDomainGroup(domain); + if (domainGroups != null && !domainGroups.isEmpty()) { + return; + } + IAMGroup rootDomainGrp = _iamSrv.createIAMGroup("DomainGrp-" + domain.getUuid(), "Root Domain group", + domain.getPath()); + // add the system accounts to the root domain group + _iamSrv.addAccountsToGroup(sysAccts, rootDomainGrp.getId()); + + } + } private void addDomainWideResourceAccess(Map params) {