iam/server changes: Rename Acl to IAM

2014-02-25 16:41:53 -08:00 · 2014-02-25 16:41:53 -08:00 · 6309887800
parent 187f9cd0a2
commit 6309887800
9 changed files with 142 additions and 142 deletions
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@ -149,7 +149,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
                if (domainId != null) {
                    s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
                    Domain domain = _domainDao.findById(domainId);
-                    _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
+                    _iamSrv.createIAMGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
                }
            }
        });
@ -163,7 +163,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
                    Domain domain = _domainDao.findById(domainId);
                    List<IAMGroup> groups = listDomainGroup(domain);
                    for (IAMGroup group : groups) {
-                        _iamSrv.deleteAclGroup(group.getId());
+                        _iamSrv.deleteIAMGroup(group.getId());
                    }
                }
            }
@ -175,9 +175,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
                Long templateId = (Long)obj;
                if (templateId != null) {
                    s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
-                    _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+                    _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
                            PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
-                    _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+                    _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
                            PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
                }
            }
@ -202,7 +202,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
                    String entityType = entity.first().toString();
                    Long entityId = entity.second();
                    s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
-                    _iamSrv.removeAclPermissionForEntity(entityType, entityId);
+                    _iamSrv.removeIAMPermissionForEntity(entityType, entityId);
                }
            }
        });
@ -275,8 +275,8 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man

       Domain domain = _domainDao.findById(domainId);
       if (domain != null) {
-            IAMPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
-            _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
+            IAMPolicy policy = _iamSrv.createIAMPolicy(policyName, description, null, domain.getPath());
+            _iamSrv.addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
                    entityId, action, accessType.toString(), Permission.Allow, recursive);
            List<Long> policyList = new ArrayList<Long>();
            policyList.add(new Long(policy.getId()));
@ -284,7 +284,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
           List<IAMGroup> domainGroups = listDomainGroup(domain);
           if (domainGroups != null) {
               for (IAMGroup group : domainGroups) {
-                   _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
+                   _iamSrv.attachIAMPoliciesToGroup(policyList, group.getId());
               }
           }
       }
@ -299,19 +299,19 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
        if (callerDomain == null) {
            throw new InvalidParameterValueException("Caller does not have a domain");
        }
-        return _iamSrv.createAclGroup(iamGroupName, description, callerDomain.getPath());
+        return _iamSrv.createIAMGroup(iamGroupName, description, callerDomain.getPath());
    }

    @DB
    @Override
    @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_DELETE, eventDescription = "Deleting Acl Group")
    public boolean deleteIAMGroup(final Long iamGroupId) {
-        return _iamSrv.deleteAclGroup(iamGroupId);
+        return _iamSrv.deleteIAMGroup(iamGroupId);
    }

    @Override
    public List<IAMGroup> listIAMGroups(long accountId) {
-        return _iamSrv.listAclGroups(accountId);
+        return _iamSrv.listIAMGroups(accountId);
    }


@ -356,34 +356,34 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
        if (callerDomain == null) {
            throw new InvalidParameterValueException("Caller does not have a domain");
        }
-        return _iamSrv.createAclPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath());
+        return _iamSrv.createIAMPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath());
    }

    @DB
    @Override
    @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_DELETE, eventDescription = "Deleting IAM Policy")
    public boolean deleteIAMPolicy(final long iamPolicyId) {
-        return _iamSrv.deleteAclPolicy(iamPolicyId);
+        return _iamSrv.deleteIAMPolicy(iamPolicyId);
    }


    @Override
    public List<IAMPolicy> listIAMPolicies(long accountId) {
-        return _iamSrv.listAclPolicies(accountId);
+        return _iamSrv.listIAMPolicies(accountId);
    }

    @DB
    @Override
    @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
    public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
-        return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
+        return _iamSrv.attachIAMPoliciesToGroup(policyIds, groupId);
    }

    @DB
    @Override
    @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
    public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
-        return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
+        return _iamSrv.removeIAMPoliciesFromGroup(policyIds, groupId);
    }


@ -391,14 +391,14 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
    @Override
    @ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
    public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
-        _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
+        _iamSrv.attachIAMPolicyToAccounts(policyId, accountIds);
    }

    @DB
    @Override
    @ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
    public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
-        _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
+        _iamSrv.removeIAMPolicyFromAccounts(policyId, accountIds);
    }

    @DB
@ -411,7 +411,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
        if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
            accessType = AccessType.UseEntry;
        }
-        return _iamSrv.addAclPermissionToAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
+        return _iamSrv.addIAMPermissionToIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
                accessType.toString(), perm, recursive);
    }

@ -419,12 +419,12 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
    @Override
    @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_REVOKE, eventDescription = "Revoking acl permission from IAM Policy")
    public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
-        return _iamSrv.removeAclPermissionFromAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action);
+        return _iamSrv.removeIAMPermissionFromIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action);
    }

    @Override
    public IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action) {
-        List<IAMPolicy> policies = _iamSrv.listAclPolicies(accountId);
+        List<IAMPolicy> policies = _iamSrv.listIAMPolicies(accountId);
        IAMPolicyPermission curPerm = null;
        for (IAMPolicy policy : policies) {
            List<IAMPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
@ -515,7 +515,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
        }

        // find all the policies attached to this group
-        List<IAMPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
+        List<IAMPolicy> policies = _iamSrv.listIAMPoliciesByGroup(group.getId());
        if (policies != null && policies.size() > 0) {
            for (IAMPolicy policy : policies) {
                response.addPolicy(policy.getName());
@ -532,7 +532,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
        if (domain != null) {
            String domainPath = domain.getPath();
            // search for groups
-            Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
+            Pair<List<IAMGroup>, Integer> result = _iamSrv.listIAMGroups(null, "DomainGrp-" + domain.getUuid(),
                    domainPath, null, null);
            return result.first();
        }
@ -558,7 +558,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
        }
        String domainPath = domain.getPath();
        // search for groups
-        Pair<List<IAMGroup>, Integer> result = _iamSrv.listAclGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize);
+        Pair<List<IAMGroup>, Integer> result = _iamSrv.listIAMGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize);
        // generate group response
        ListResponse<IAMGroupResponse> response = new ListResponse<IAMGroupResponse>();
        List<IAMGroupResponse> groupResponses = new ArrayList<IAMGroupResponse>();
@ -589,7 +589,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
        }
        String domainPath = domain.getPath();
        // search for policies
-        Pair<List<IAMPolicy>, Integer> result = _iamSrv.listAclPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize);
+        Pair<List<IAMPolicy>, Integer> result = _iamSrv.listIAMPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize);
        // generate policy response
        ListResponse<IAMPolicyResponse> response = new ListResponse<IAMPolicyResponse>();
        List<IAMPolicyResponse> policyResponses = new ArrayList<IAMPolicyResponse>();
@ -653,9 +653,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man

    private void resetTemplatePermission(Long templateId){
        // reset template will change template to private, so we need to remove its permission for domain admin and normal user group
-        _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+        _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
                PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
-        _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+        _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
                PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
        // check if there is a policy with only UseEntry permission for this template added
        IAMPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
@ -664,7 +664,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
            return;
        }
        // delete the policy, which should detach it from groups and accounts
-        _iamSrv.deleteAclPolicy(policy.getId());
+        _iamSrv.deleteIAMPolicy(policy.getId());

    }

--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
@ -90,7 +90,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
                    + "is null");
        }

-        List<IAMPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
+        List<IAMPolicy> policies = _iamSrv.listIAMPolicies(account.getAccountId());

        boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
        if (!isAllowed) {
@ -117,25 +117,25 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
        for (RoleType role : RoleType.values()) {
            Long policyId = getDefaultPolicyId(role);
            if (policyId != null) {
-                _iamSrv.resetAclPolicy(policyId);
+                _iamSrv.resetIAMPolicy(policyId);
            }
         }

        // add the system-domain capability

-        _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null,
+        _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null,
                "SystemCapability", null, Permission.Allow, false);
-        _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null,
+        _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null,
                "DomainCapability", null, Permission.Allow, false);
-        _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null,
+        _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null,
                "DomainResourceCapability", null, Permission.Allow, false);

        // add permissions for public templates
        List<VMTemplateVO> pTmplts = _templateDao.listByPublic();
        for (VMTemplateVO tmpl : pTmplts){
-            _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+            _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
                    PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
-            _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
+            _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
                    PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
        }

@ -259,11 +259,11 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker


        if (entityTypes == null || entityTypes.length == 0) {
-            _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+            _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
                    apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
        } else {
            for (IAMEntityType entityType : entityTypes) {
-                _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+                _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
                        apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
            }
         }
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@ -64,7 +64,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur

        if (entity == null && action != null) {
            // check if caller can do this action
-            List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getAccountId());
+            List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getAccountId());

            boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies);
            if (!isAllowed) {
@ -164,7 +164,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
    private List<IAMPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {

        // Get the static Policies of the Caller
-        List<IAMPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
+        List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getId());

        // add any dynamic policies w.r.t the entity
        if (caller.getId() == entity.getAccountId()) {
@ -172,12 +172,12 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
            policies.add(_iamSrv.getResourceOwnerPolicy());
        }

-        List<IAMGroup> groups = _iamSrv.listAclGroups(caller.getId());
+        List<IAMGroup> groups = _iamSrv.listIAMGroups(caller.getId());
        for (IAMGroup group : groups) {
            // for each group find the grand parent groups.
-            List<IAMGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
+            List<IAMGroup> parentGroups = _iamSrv.listParentIAMGroups(group.getId());
            for (IAMGroup parentGroup : parentGroups) {
-                policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
+                policies.addAll(_iamSrv.listRecursiveIAMPoliciesByGroup(parentGroup.getId()));
            }
        }

--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
@ -44,7 +44,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
    public List<Long> getAuthorizedDomains(Account caller, String action) {
        long accountId = caller.getAccountId();
        // Get the static Policies of the Caller
-        List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+        List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
        // for each policy, find granted permission with Domain scope
        List<Long> domainIds = new ArrayList<Long>();
        for (IAMPolicy policy : policies) {
@ -68,7 +68,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
    public List<Long> getAuthorizedAccounts(Account caller, String action) {
        long accountId = caller.getAccountId();
        // Get the static Policies of the Caller
-        List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+        List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
        // for each policy, find granted permission with Account scope
        List<Long> accountIds = new ArrayList<Long>();
        for (IAMPolicy policy : policies) {
@ -92,15 +92,15 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
    public List<Long> getAuthorizedResources(Account caller, String action) {
        long accountId = caller.getAccountId();
        // Get the static Policies of the Caller
-        List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+        List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);

        // add the policies that grant recursive access
-        List<IAMGroup> groups = _iamService.listAclGroups(caller.getId());
+        List<IAMGroup> groups = _iamService.listIAMGroups(caller.getId());
        for (IAMGroup group : groups) {
            // for each group find the grand parent groups.
-            List<IAMGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
+            List<IAMGroup> parentGroups = _iamService.listParentIAMGroups(group.getId());
            for (IAMGroup parentGroup : parentGroups) {
-                policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
+                policies.addAll(_iamService.listRecursiveIAMPoliciesByGroup(parentGroup.getId()));
            }
        }

@ -123,7 +123,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
    public boolean isGrantedAll(Account caller, String action) {
        long accountId = caller.getAccountId();
        // Get the static Policies of the Caller
-        List<IAMPolicy> policies = _iamService.listAclPolicies(accountId);
+        List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
        // for each policy, find granted permission with ALL scope
        for (IAMPolicy policy : policies) {
            List<IAMPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
@ -136,7 +136,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe

    @Override
    public List<String> listAclGroupsByAccount(long accountId) {
-        List<IAMGroup> groups = _iamService.listAclGroups(accountId);
+        List<IAMGroup> groups = _iamService.listIAMGroups(accountId);
        List<String> groupNames = new ArrayList<String>();
        for (IAMGroup grp : groups) {
            groupNames.add(grp.getName());
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
@ -24,12 +24,12 @@ import com.cloud.utils.Pair;

 public interface IAMService {

-    /* ACL group related interfaces */
-    IAMGroup createAclGroup(String aclGroupName, String description, String path);
+    /* IAM group related interfaces */
+    IAMGroup createIAMGroup(String iamGroupName, String description, String path);

-    boolean deleteAclGroup(Long aclGroupId);
+    boolean deleteIAMGroup(Long iamGroupId);

-    List<IAMGroup> listAclGroups(long accountId);
+    List<IAMGroup> listIAMGroups(long accountId);

    IAMGroup addAccountsToGroup(List<Long> acctIds, Long groupId);

@ -37,34 +37,34 @@ public interface IAMService {

    List<Long> listAccountsByGroup(long groupId);

-    Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
+    Pair<List<IAMGroup>, Integer> listIAMGroups(Long iamGroupId, String iamGroupName, String path, Long startIndex, Long pageSize);

-    /* ACL Policy related interfaces */
-    IAMPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path);
+    /* IAM Policy related interfaces */
+    IAMPolicy createIAMPolicy(String iamPolicyName, String description, Long parentPolicyId, String path);

-    boolean deleteAclPolicy(long aclPolicyId);
+    boolean deleteIAMPolicy(long iamPolicyId);

-    List<IAMPolicy> listAclPolicies(long accountId);
+    List<IAMPolicy> listIAMPolicies(long accountId);

-    List<IAMPolicy> listAclPoliciesByGroup(long groupId);
+    List<IAMPolicy> listIAMPoliciesByGroup(long groupId);

-    Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize);
+    Pair<List<IAMPolicy>, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize);

-    IAMGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
+    IAMGroup attachIAMPoliciesToGroup(List<Long> policyIds, Long groupId);

-    IAMGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
+    IAMGroup removeIAMPoliciesFromGroup(List<Long> policyIds, Long groupId);

-    void attachAclPolicyToAccounts(Long policyId, List<Long> acctIds);
+    void attachIAMPolicyToAccounts(Long policyId, List<Long> acctIds);

-    void removeAclPolicyFromAccounts(Long policyId, List<Long> acctIds);
+    void removeIAMPolicyFromAccounts(Long policyId, List<Long> acctIds);

-    IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+    IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
            String action, String accessType, Permission perm, Boolean recursive);

-    IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+    IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
            String action);

-    void removeAclPermissionForEntity(final String entityType, final Long entityId);
+    void removeIAMPermissionForEntity(final String entityType, final Long entityId);

    IAMPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action);

@ -80,13 +80,13 @@ public interface IAMService {

    List<Long> getGrantedEntities(long accountId, String action, String scope);

-    IAMPolicy resetAclPolicy(long aclPolicyId);
+    IAMPolicy resetIAMPolicy(long iamPolicyId);

    List<IAMPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
            String entityType);

-    List<IAMGroup> listParentAclGroups(long groupId);
+    List<IAMGroup> listParentIAMGroups(long groupId);

-    List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId);
+    List<IAMPolicy> listRecursiveIAMPoliciesByGroup(long groupId);

 }
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java
@ -39,7 +39,7 @@ public class IAMAccountPolicyMapVO {
    private long accountId;

    @Column(name = "policy_id")
-    private long aclPolicyId;
+    private long iamPolicyId;

    @Column(name = GenericDao.REMOVED_COLUMN)
    private Date removed;
@ -50,9 +50,9 @@ public class IAMAccountPolicyMapVO {
    public IAMAccountPolicyMapVO() {
    }

-    public IAMAccountPolicyMapVO(long accountId, long aclPolicyId) {
+    public IAMAccountPolicyMapVO(long accountId, long iamPolicyId) {
        this.accountId = accountId;
-        this.aclPolicyId = aclPolicyId;
+        this.iamPolicyId = iamPolicyId;
    }

    public long getId() {
@ -63,8 +63,8 @@ public class IAMAccountPolicyMapVO {
        return accountId;
    }

-    public long getAclPolicyId() {
-        return aclPolicyId;
+    public long getIAMPolicyId() {
+        return iamPolicyId;
    }

    public Date getRemoved() {
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@ -84,15 +84,15 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @DB
    @Override
-    public IAMGroup createAclGroup(String aclGroupName, String description, String path) {
+    public IAMGroup createIAMGroup(String iamGroupName, String description, String path) {
        // check if the group is already existing
-        IAMGroup grp = _aclGroupDao.findByName(path, aclGroupName);
+        IAMGroup grp = _aclGroupDao.findByName(path, iamGroupName);
        if (grp != null) {
            throw new InvalidParameterValueException(
-                    "Unable to create acl group with name " + aclGroupName
+                    "Unable to create acl group with name " + iamGroupName
                    + " already exisits for path " + path);
        }
-        IAMGroupVO rvo = new IAMGroupVO(aclGroupName, description);
+        IAMGroupVO rvo = new IAMGroupVO(iamGroupName, description);
        rvo.setPath(path);

        return _aclGroupDao.persist(rvo);
@ -100,11 +100,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @DB
    @Override
-    public boolean deleteAclGroup(final Long aclGroupId) {
+    public boolean deleteIAMGroup(final Long iamGroupId) {
        // get the Acl Group entity
-        final IAMGroup grp = _aclGroupDao.findById(aclGroupId);
+        final IAMGroup grp = _aclGroupDao.findById(iamGroupId);
        if (grp == null) {
-            throw new InvalidParameterValueException("Unable to find acl group: " + aclGroupId
+            throw new InvalidParameterValueException("Unable to find acl group: " + iamGroupId
                    + "; failed to delete acl group.");
        }

@ -128,7 +128,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
                }

                // remove this group from acl_group table
-                _aclGroupDao.remove(aclGroupId);
+                _aclGroupDao.remove(iamGroupId);
            }
        });

@ -137,7 +137,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @SuppressWarnings("unchecked")
    @Override
-    public List<IAMGroup> listAclGroups(long accountId) {
+    public List<IAMGroup> listIAMGroups(long accountId) {

        GenericSearchBuilder<IAMGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class);
        groupSB.selectFields(groupSB.entity().getAclGroupId());
@ -225,11 +225,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
    }

    @Override
-    public Pair<List<IAMGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) {
-        if (aclGroupId != null) {
-            IAMGroup group = _aclGroupDao.findById(aclGroupId);
+    public Pair<List<IAMGroup>, Integer> listIAMGroups(Long iamGroupId, String iamGroupName, String path, Long startIndex, Long pageSize) {
+        if (iamGroupId != null) {
+            IAMGroup group = _aclGroupDao.findById(iamGroupId);
            if (group == null) {
-                throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId);
+                throw new InvalidParameterValueException("Unable to find acl group by id " + iamGroupId);
            }
        }

@ -242,12 +242,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

        SearchCriteria<IAMGroupVO> sc = sb.create();

-        if (aclGroupName != null) {
-            sc.setParameters("name", aclGroupName);
+        if (iamGroupName != null) {
+            sc.setParameters("name", iamGroupName);
        }

-        if (aclGroupId != null) {
-            sc.setParameters("id", aclGroupId);
+        if (iamGroupId != null) {
+            sc.setParameters("id", iamGroupId);
        }

        sc.setParameters("path", path + "%");
@ -257,7 +257,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
    }

    @Override
-    public List<IAMGroup> listParentAclGroups(long groupId) {
+    public List<IAMGroup> listParentIAMGroups(long groupId) {
        IAMGroup group = _aclGroupDao.findById(groupId);
        if (group == null) {
            throw new InvalidParameterValueException("Unable to find acl group by id " + groupId);
@ -294,20 +294,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @DB
    @Override
-    public IAMPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) {
+    public IAMPolicy createIAMPolicy(final String iamPolicyName, final String description, final Long parentPolicyId, final String path) {

        // check if the policy is already existing
-        IAMPolicy ro = _aclPolicyDao.findByName(aclPolicyName);
+        IAMPolicy ro = _aclPolicyDao.findByName(iamPolicyName);
        if (ro != null) {
            throw new InvalidParameterValueException(
-                    "Unable to create acl policy with name " + aclPolicyName
+                    "Unable to create acl policy with name " + iamPolicyName
                    + " already exisits");
        }

        IAMPolicy role = Transaction.execute(new TransactionCallback<IAMPolicy>() {
            @Override
            public IAMPolicy doInTransaction(TransactionStatus status) {
-                IAMPolicyVO rvo = new IAMPolicyVO(aclPolicyName, description);
+                IAMPolicyVO rvo = new IAMPolicyVO(iamPolicyName, description);
                rvo.setPath(path);

                IAMPolicy role = _aclPolicyDao.persist(rvo);
@ -331,11 +331,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @DB
    @Override
-    public boolean deleteAclPolicy(final long aclPolicyId) {
+    public boolean deleteIAMPolicy(final long iamPolicyId) {
        // get the Acl Policy entity
-        final IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+        final IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
        if (policy == null) {
-            throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+            throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
                    + "; failed to delete acl policy.");
        }

@ -367,7 +367,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
                }

                // remove this role from acl_role table
-                _aclPolicyDao.remove(aclPolicyId);
+                _aclPolicyDao.remove(iamPolicyId);
            }
        });

@ -377,7 +377,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @SuppressWarnings("unchecked")
    @Override
-    public List<IAMPolicy> listAclPolicies(long accountId) {
+    public List<IAMPolicy> listIAMPolicies(long accountId) {

        // static policies of the account
        SearchBuilder<IAMGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
@ -395,7 +395,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
        // add policies directly attached to the account
        List<IAMAccountPolicyMapVO> acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId);
        for (IAMAccountPolicyMapVO p : acctPolicies) {
-            policyIds.add(p.getAclPolicyId());
+            policyIds.add(p.getIAMPolicyId());
        }
        if (policyIds.size() == 0) {
            return new ArrayList<IAMPolicy>();
@ -413,7 +413,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @SuppressWarnings("unchecked")
    @Override
-    public List<IAMPolicy> listAclPoliciesByGroup(long groupId) {
+    public List<IAMPolicy> listIAMPoliciesByGroup(long groupId) {
        List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
        if (policyGrpMap == null || policyGrpMap.size() == 0) {
            return new ArrayList<IAMPolicy>();
@ -436,7 +436,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @SuppressWarnings("unchecked")
    @Override
-    public List<IAMPolicy> listRecursiveAclPoliciesByGroup(long groupId) {
+    public List<IAMPolicy> listRecursiveIAMPoliciesByGroup(long groupId) {
        List<IAMGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
        if (policyGrpMap == null || policyGrpMap.size() == 0) {
            return new ArrayList<IAMPolicy>();
@ -468,12 +468,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @SuppressWarnings("unchecked")
    @Override
-    public Pair<List<IAMPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
+    public Pair<List<IAMPolicy>, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize) {

-        if (aclPolicyId != null) {
-            IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+        if (iamPolicyId != null) {
+            IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
            if (policy == null) {
-                throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId);
+                throw new InvalidParameterValueException("Unable to find acl policy by id " + iamPolicyId);
            }
        }

@ -486,12 +486,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

        SearchCriteria<IAMPolicyVO> sc = sb.create();

-        if (aclPolicyName != null) {
-            sc.setParameters("name", aclPolicyName);
+        if (iamPolicyName != null) {
+            sc.setParameters("name", iamPolicyName);
        }

-        if (aclPolicyId != null) {
-            sc.setParameters("id", aclPolicyId);
+        if (iamPolicyId != null) {
+            sc.setParameters("id", iamPolicyId);
        }

        sc.setParameters("path", path + "%");
@ -504,7 +504,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @DB
    @Override
-    public IAMGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
+    public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
        // get the Acl Group entity
        IAMGroup group = _aclGroupDao.findById(groupId);
        if (group == null) {
@ -538,7 +538,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @DB
    @Override
-    public IAMGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
+    public IAMGroup removeIAMPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
        // get the Acl Group entity
        IAMGroup group = _aclGroupDao.findById(groupId);
        if (group == null) {
@ -570,7 +570,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {


    @Override
-    public void attachAclPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
+    public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
        IAMPolicy policy = _aclPolicyDao.findById(policyId);
        if (policy == null) {
            throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
@ -594,7 +594,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
    }

    @Override
-    public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> acctIds) {
+    public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> acctIds) {
        IAMPolicy policy = _aclPolicyDao.findById(policyId);
        if (policy == null) {
            throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
@ -619,20 +619,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @DB
    @Override
-    public IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+    public IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
            String action, String accessType, Permission perm, Boolean recursive) {
        // get the Acl Policy entity
-        IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+        IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
        if (policy == null) {
-            throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+            throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
                    + "; failed to add permission to policy.");
        }

        // add entry in acl_policy_permission table
-        IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
+        IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(iamPolicyId, entityType, scope, scopeId, action, perm);
        if (permit == null) {
            // not there already
-            permit = new IAMPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm,
+            permit = new IAMPolicyPermissionVO(iamPolicyId, action, entityType, accessType, scope, scopeId, perm,
                    recursive);
            _policyPermissionDao.persist(permit);
        }
@ -642,16 +642,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @DB
    @Override
-    public IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
+    public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
            String action) {
        // get the Acl Policy entity
-        IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+        IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
        if (policy == null) {
-            throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+            throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
                    + "; failed to revoke permission from policy.");
        }
        // remove entry from acl_entity_permission table
-        IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, Permission.Allow);
+        IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(iamPolicyId, entityType, scope, scopeId, action, Permission.Allow);
        if (permit != null) {
            // not removed yet
            _policyPermissionDao.remove(permit.getId());
@ -661,7 +661,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @DB
    @Override
-    public void removeAclPermissionForEntity(final String entityType, final Long entityId) {
+    public void removeIAMPermissionForEntity(final String entityType, final Long entityId) {
        Transaction.execute(new TransactionCallbackNoReturn() {
            @Override
            public void doInTransactionWithoutResult(TransactionStatus status) {
@ -673,7 +673,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

                    // remove the policy if there are no other permissions
                    if ((_policyPermissionDao.listByPolicy(policyId)).isEmpty()) {
-                        deleteAclPolicy(policyId);
+                        deleteIAMPolicy(policyId);
                    }
                }
            }
@ -682,11 +682,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {

    @DB
    @Override
-    public IAMPolicy resetAclPolicy(long aclPolicyId) {
+    public IAMPolicy resetIAMPolicy(long iamPolicyId) {
        // get the Acl Policy entity
-        IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+        IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
        if (policy == null) {
-            throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
+            throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
                    + "; failed to reset the policy.");
        }

@ -695,7 +695,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
        sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ);
        sb.done();
        SearchCriteria<IAMPolicyPermissionVO> permissionSC = sb.create();
-        permissionSC.setParameters("policyId", aclPolicyId);
+        permissionSC.setParameters("policyId", iamPolicyId);
        _policyPermissionDao.expunge(permissionSC);

        return policy;
@ -736,7 +736,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
    @Override
    public List<Long> getGrantedEntities(long accountId, String action, String scope) {
        // Get the static Policies of the Caller
-        List<IAMPolicy> policies = listAclPolicies(accountId);
+        List<IAMPolicy> policies = listIAMPolicies(accountId);
        // for each policy, find granted permission within the given scope
        List<Long> entityIds = new ArrayList<Long>();
        for (IAMPolicy policy : policies) {
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java
@ -26,11 +26,11 @@ public class IAMAccountPolicyMapDaoImpl extends GenericDaoBase<IAMAccountPolicyM
        ListByAccountId.done();

        ListByPolicyId = createSearchBuilder();
-        ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+        ListByPolicyId.and("policyId", ListByPolicyId.entity().getIAMPolicyId(), SearchCriteria.Op.EQ);
        ListByPolicyId.done();

        findByPolicyAccountId = createSearchBuilder();
-        findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+        findByPolicyAccountId.and("policyId", findByPolicyAccountId.entity().getIAMPolicyId(), SearchCriteria.Op.EQ);
        findByPolicyAccountId.and("accountId", findByPolicyAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
        findByPolicyAccountId.done();

--- a/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
+++ b/services/iam/server/test/org/apache/cloudstack/iam/IAMServiceUnitTest.java
@ -114,19 +114,19 @@ public class IAMServiceUnitTest {

    @Test(expected = InvalidParameterValueException.class)
    public void createAclGroupTest() {
-        IAMGroup group = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
+        IAMGroup group = _iamService.createIAMGroup("group1", "my first group", "/root/mydomain");
        assertNotNull("Acl group 'group1' failed to create ", group);

        IAMGroupVO group2 = new IAMGroupVO("group1", "my second group");
        when(_aclGroupDao.findByName(eq("/root/mydomain"), eq("group1"))).thenReturn(group2);

-        IAMGroup group3 = _iamService.createAclGroup("group1", "my first group", "/root/mydomain");
+        IAMGroup group3 = _iamService.createIAMGroup("group1", "my first group", "/root/mydomain");
    }

    @Test(expected = InvalidParameterValueException.class)
    public void deleteAclGroupInvalidIdTest() {
        when(_aclGroupDao.findById(20L)).thenReturn(null);
-        _iamService.deleteAclGroup(20L);
+        _iamService.deleteIAMGroup(20L);
    }

    @Test
@ -145,19 +145,19 @@ public class IAMServiceUnitTest {

    @Test(expected = InvalidParameterValueException.class)
    public void createAclPolicyTest() {
-        IAMPolicy policy = _iamService.createAclPolicy("policy1", "my first policy", null, "/root/mydomain");
+        IAMPolicy policy = _iamService.createIAMPolicy("policy1", "my first policy", null, "/root/mydomain");
        assertNotNull("Acl policy 'policy1' failed to create ", policy);

        IAMPolicyVO rvo = new IAMPolicyVO("policy2", "second policy");
        when(_aclPolicyDao.findByName(eq("policy2"))).thenReturn(rvo);

-        _iamService.createAclPolicy("policy2", "second policy", null, "/root/mydomain");
+        _iamService.createIAMPolicy("policy2", "second policy", null, "/root/mydomain");
    }

    @Test(expected = InvalidParameterValueException.class)
    public void deleteAclPolicyInvalidIdTest() {
        when(_aclPolicyDao.findById(34L)).thenReturn(null);
-        _iamService.deleteAclPolicy(34L);
+        _iamService.deleteIAMPolicy(34L);
    }

    @Configuration