From 6309887800c74b4049558a85ba18f5a14749b72b Mon Sep 17 00:00:00 2001 From: Prachi Damle Date: Tue, 25 Feb 2014 16:41:53 -0800 Subject: [PATCH] iam/server changes: Rename Acl to IAM --- .../cloudstack/iam/IAMApiServiceImpl.java | 56 ++++----- .../iam/RoleBasedAPIAccessChecker.java | 18 +-- .../iam/RoleBasedEntityAccessChecker.java | 10 +- .../iam/RoleBasedEntityQuerySelector.java | 16 +-- .../apache/cloudstack/iam/api/IAMService.java | 42 +++---- .../iam/server/IAMAccountPolicyMapVO.java | 10 +- .../cloudstack/iam/server/IAMServiceImpl.java | 116 +++++++++--------- .../dao/IAMAccountPolicyMapDaoImpl.java | 4 +- .../cloudstack/iam/IAMServiceUnitTest.java | 12 +- 9 files changed, 142 insertions(+), 142 deletions(-) diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java index de57a41ea8f..393fe0efb6c 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java @@ -149,7 +149,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man if (domainId != null) { s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group"); Domain domain = _domainDao.findById(domainId); - _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath()); + _iamSrv.createIAMGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath()); } } }); @@ -163,7 +163,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man Domain domain = _domainDao.findById(domainId); List groups = listDomainGroup(domain); for (IAMGroup group : groups) { - _iamSrv.deleteAclGroup(group.getId()); + _iamSrv.deleteIAMGroup(group.getId()); } } } @@ -175,9 +175,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man Long templateId = (Long)obj; if (templateId != null) { s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies"); - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(), + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(), PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false); - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(), + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(), PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false); } } @@ -202,7 +202,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man String entityType = entity.first().toString(); Long entityId = entity.second(); s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission"); - _iamSrv.removeAclPermissionForEntity(entityType, entityId); + _iamSrv.removeIAMPermissionForEntity(entityType, entityId); } } }); @@ -275,8 +275,8 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man Domain domain = _domainDao.findById(domainId); if (domain != null) { - IAMPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath()); - _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(), + IAMPolicy policy = _iamSrv.createIAMPolicy(policyName, description, null, domain.getPath()); + _iamSrv.addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(), entityId, action, accessType.toString(), Permission.Allow, recursive); List policyList = new ArrayList(); policyList.add(new Long(policy.getId())); @@ -284,7 +284,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man List domainGroups = listDomainGroup(domain); if (domainGroups != null) { for (IAMGroup group : domainGroups) { - _iamSrv.attachAclPoliciesToGroup(policyList, group.getId()); + _iamSrv.attachIAMPoliciesToGroup(policyList, group.getId()); } } } @@ -299,19 +299,19 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man if (callerDomain == null) { throw new InvalidParameterValueException("Caller does not have a domain"); } - return _iamSrv.createAclGroup(iamGroupName, description, callerDomain.getPath()); + return _iamSrv.createIAMGroup(iamGroupName, description, callerDomain.getPath()); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_DELETE, eventDescription = "Deleting Acl Group") public boolean deleteIAMGroup(final Long iamGroupId) { - return _iamSrv.deleteAclGroup(iamGroupId); + return _iamSrv.deleteIAMGroup(iamGroupId); } @Override public List listIAMGroups(long accountId) { - return _iamSrv.listAclGroups(accountId); + return _iamSrv.listIAMGroups(accountId); } @@ -356,34 +356,34 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man if (callerDomain == null) { throw new InvalidParameterValueException("Caller does not have a domain"); } - return _iamSrv.createAclPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath()); + return _iamSrv.createIAMPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath()); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_DELETE, eventDescription = "Deleting IAM Policy") public boolean deleteIAMPolicy(final long iamPolicyId) { - return _iamSrv.deleteAclPolicy(iamPolicyId); + return _iamSrv.deleteIAMPolicy(iamPolicyId); } @Override public List listIAMPolicies(long accountId) { - return _iamSrv.listAclPolicies(accountId); + return _iamSrv.listIAMPolicies(accountId); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Attaching policy to acl group") public IAMGroup attachIAMPoliciesToGroup(final List policyIds, final Long groupId) { - return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId); + return _iamSrv.attachIAMPoliciesToGroup(policyIds, groupId); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_GROUP_UPDATE, eventDescription = "Removing policies from acl group") public IAMGroup removeIAMPoliciesFromGroup(final List policyIds, final Long groupId) { - return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId); + return _iamSrv.removeIAMPoliciesFromGroup(policyIds, groupId); } @@ -391,14 +391,14 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts") public void attachIAMPolicyToAccounts(final Long policyId, final List accountIds) { - _iamSrv.attachAclPolicyToAccounts(policyId, accountIds); + _iamSrv.attachIAMPolicyToAccounts(policyId, accountIds); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts") public void removeIAMPolicyFromAccounts(final Long policyId, final List accountIds) { - _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds); + _iamSrv.removeIAMPolicyFromAccounts(policyId, accountIds); } @DB @@ -411,7 +411,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man if (BaseListCmd.class.isAssignableFrom(cmdClass)) { accessType = AccessType.UseEntry; } - return _iamSrv.addAclPermissionToAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action, + return _iamSrv.addIAMPermissionToIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action, accessType.toString(), perm, recursive); } @@ -419,12 +419,12 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man @Override @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_REVOKE, eventDescription = "Revoking acl permission from IAM Policy") public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) { - return _iamSrv.removeAclPermissionFromAclPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action); + return _iamSrv.removeIAMPermissionFromIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action); } @Override public IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action) { - List policies = _iamSrv.listAclPolicies(accountId); + List policies = _iamSrv.listIAMPolicies(accountId); IAMPolicyPermission curPerm = null; for (IAMPolicy policy : policies) { List perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action, @@ -515,7 +515,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man } // find all the policies attached to this group - List policies = _iamSrv.listAclPoliciesByGroup(group.getId()); + List policies = _iamSrv.listIAMPoliciesByGroup(group.getId()); if (policies != null && policies.size() > 0) { for (IAMPolicy policy : policies) { response.addPolicy(policy.getName()); @@ -532,7 +532,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man if (domain != null) { String domainPath = domain.getPath(); // search for groups - Pair, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(), + Pair, Integer> result = _iamSrv.listIAMGroups(null, "DomainGrp-" + domain.getUuid(), domainPath, null, null); return result.first(); } @@ -558,7 +558,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man } String domainPath = domain.getPath(); // search for groups - Pair, Integer> result = _iamSrv.listAclGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize); + Pair, Integer> result = _iamSrv.listIAMGroups(iamGroupId, iamGroupName, domainPath, startIndex, pageSize); // generate group response ListResponse response = new ListResponse(); List groupResponses = new ArrayList(); @@ -589,7 +589,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man } String domainPath = domain.getPath(); // search for policies - Pair, Integer> result = _iamSrv.listAclPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize); + Pair, Integer> result = _iamSrv.listIAMPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize); // generate policy response ListResponse response = new ListResponse(); List policyResponses = new ArrayList(); @@ -653,9 +653,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man private void resetTemplatePermission(Long templateId){ // reset template will change template to private, so we need to remove its permission for domain admin and normal user group - _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(), + _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(), PermissionScope.RESOURCE.toString(), templateId, "listTemplates"); - _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(), + _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(), PermissionScope.RESOURCE.toString(), templateId, "listTemplates"); // check if there is a policy with only UseEntry permission for this template added IAMPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates"); @@ -664,7 +664,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man return; } // delete the policy, which should detach it from groups and accounts - _iamSrv.deleteAclPolicy(policy.getId()); + _iamSrv.deleteIAMPolicy(policy.getId()); } diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java index 48e6edefff8..fb75db310f4 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java @@ -90,7 +90,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker + "is null"); } - List policies = _iamSrv.listAclPolicies(account.getAccountId()); + List policies = _iamSrv.listIAMPolicies(account.getAccountId()); boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies); if (!isAllowed) { @@ -117,25 +117,25 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker for (RoleType role : RoleType.values()) { Long policyId = getDefaultPolicyId(role); if (policyId != null) { - _iamSrv.resetAclPolicy(policyId); + _iamSrv.resetIAMPolicy(policyId); } } // add the system-domain capability - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null, + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), null, null, null, "SystemCapability", null, Permission.Allow, false); - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null, + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), null, null, null, "DomainCapability", null, Permission.Allow, false); - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null, + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1), null, null, null, "DomainResourceCapability", null, Permission.Allow, false); // add permissions for public templates List pTmplts = _templateDao.listByPublic(); for (VMTemplateVO tmpl : pTmplts){ - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(), + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(), PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false); - _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(), + _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(), PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false); } @@ -259,11 +259,11 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker if (entityTypes == null || entityTypes.length == 0) { - _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), + _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false); } else { for (IAMEntityType entityType : entityTypes) { - _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), + _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false); } } diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java index 13f69149d4a..d0d9d88120e 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java @@ -64,7 +64,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur if (entity == null && action != null) { // check if caller can do this action - List policies = _iamSrv.listAclPolicies(caller.getAccountId()); + List policies = _iamSrv.listIAMPolicies(caller.getAccountId()); boolean isAllowed = _iamSrv.isActionAllowedForPolicies(action, policies); if (!isAllowed) { @@ -164,7 +164,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur private List getEffectivePolicies(Account caller, ControlledEntity entity) { // Get the static Policies of the Caller - List policies = _iamSrv.listAclPolicies(caller.getId()); + List policies = _iamSrv.listIAMPolicies(caller.getId()); // add any dynamic policies w.r.t the entity if (caller.getId() == entity.getAccountId()) { @@ -172,12 +172,12 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur policies.add(_iamSrv.getResourceOwnerPolicy()); } - List groups = _iamSrv.listAclGroups(caller.getId()); + List groups = _iamSrv.listIAMGroups(caller.getId()); for (IAMGroup group : groups) { // for each group find the grand parent groups. - List parentGroups = _iamSrv.listParentAclGroups(group.getId()); + List parentGroups = _iamSrv.listParentIAMGroups(group.getId()); for (IAMGroup parentGroup : parentGroups) { - policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId())); + policies.addAll(_iamSrv.listRecursiveIAMPoliciesByGroup(parentGroup.getId())); } } diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java index 596ac7e164b..23c57a16880 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java @@ -44,7 +44,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe public List getAuthorizedDomains(Account caller, String action) { long accountId = caller.getAccountId(); // Get the static Policies of the Caller - List policies = _iamService.listAclPolicies(accountId); + List policies = _iamService.listIAMPolicies(accountId); // for each policy, find granted permission with Domain scope List domainIds = new ArrayList(); for (IAMPolicy policy : policies) { @@ -68,7 +68,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe public List getAuthorizedAccounts(Account caller, String action) { long accountId = caller.getAccountId(); // Get the static Policies of the Caller - List policies = _iamService.listAclPolicies(accountId); + List policies = _iamService.listIAMPolicies(accountId); // for each policy, find granted permission with Account scope List accountIds = new ArrayList(); for (IAMPolicy policy : policies) { @@ -92,15 +92,15 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe public List getAuthorizedResources(Account caller, String action) { long accountId = caller.getAccountId(); // Get the static Policies of the Caller - List policies = _iamService.listAclPolicies(accountId); + List policies = _iamService.listIAMPolicies(accountId); // add the policies that grant recursive access - List groups = _iamService.listAclGroups(caller.getId()); + List groups = _iamService.listIAMGroups(caller.getId()); for (IAMGroup group : groups) { // for each group find the grand parent groups. - List parentGroups = _iamService.listParentAclGroups(group.getId()); + List parentGroups = _iamService.listParentIAMGroups(group.getId()); for (IAMGroup parentGroup : parentGroups) { - policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId())); + policies.addAll(_iamService.listRecursiveIAMPoliciesByGroup(parentGroup.getId())); } } @@ -123,7 +123,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe public boolean isGrantedAll(Account caller, String action) { long accountId = caller.getAccountId(); // Get the static Policies of the Caller - List policies = _iamService.listAclPolicies(accountId); + List policies = _iamService.listIAMPolicies(accountId); // for each policy, find granted permission with ALL scope for (IAMPolicy policy : policies) { List pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString()); @@ -136,7 +136,7 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe @Override public List listAclGroupsByAccount(long accountId) { - List groups = _iamService.listAclGroups(accountId); + List groups = _iamService.listIAMGroups(accountId); List groupNames = new ArrayList(); for (IAMGroup grp : groups) { groupNames.add(grp.getName()); diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java index 6eb61fac277..74a08851506 100644 --- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java +++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java @@ -24,12 +24,12 @@ import com.cloud.utils.Pair; public interface IAMService { - /* ACL group related interfaces */ - IAMGroup createAclGroup(String aclGroupName, String description, String path); + /* IAM group related interfaces */ + IAMGroup createIAMGroup(String iamGroupName, String description, String path); - boolean deleteAclGroup(Long aclGroupId); + boolean deleteIAMGroup(Long iamGroupId); - List listAclGroups(long accountId); + List listIAMGroups(long accountId); IAMGroup addAccountsToGroup(List acctIds, Long groupId); @@ -37,34 +37,34 @@ public interface IAMService { List listAccountsByGroup(long groupId); - Pair, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize); + Pair, Integer> listIAMGroups(Long iamGroupId, String iamGroupName, String path, Long startIndex, Long pageSize); - /* ACL Policy related interfaces */ - IAMPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path); + /* IAM Policy related interfaces */ + IAMPolicy createIAMPolicy(String iamPolicyName, String description, Long parentPolicyId, String path); - boolean deleteAclPolicy(long aclPolicyId); + boolean deleteIAMPolicy(long iamPolicyId); - List listAclPolicies(long accountId); + List listIAMPolicies(long accountId); - List listAclPoliciesByGroup(long groupId); + List listIAMPoliciesByGroup(long groupId); - Pair, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize); + Pair, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize); - IAMGroup attachAclPoliciesToGroup(List policyIds, Long groupId); + IAMGroup attachIAMPoliciesToGroup(List policyIds, Long groupId); - IAMGroup removeAclPoliciesFromGroup(List policyIds, Long groupId); + IAMGroup removeIAMPoliciesFromGroup(List policyIds, Long groupId); - void attachAclPolicyToAccounts(Long policyId, List acctIds); + void attachIAMPolicyToAccounts(Long policyId, List acctIds); - void removeAclPolicyFromAccounts(Long policyId, List acctIds); + void removeIAMPolicyFromAccounts(Long policyId, List acctIds); - IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId, + IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId, String action, String accessType, Permission perm, Boolean recursive); - IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId, + IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId, String action); - void removeAclPermissionForEntity(final String entityType, final Long entityId); + void removeIAMPermissionForEntity(final String entityType, final Long entityId); IAMPolicy getResourceGrantPolicy(String entityType, Long entityId, String accessType, String action); @@ -80,13 +80,13 @@ public interface IAMService { List getGrantedEntities(long accountId, String action, String scope); - IAMPolicy resetAclPolicy(long aclPolicyId); + IAMPolicy resetIAMPolicy(long iamPolicyId); List listPolicyPermissionByAccessAndEntity(long policyId, String accessType, String entityType); - List listParentAclGroups(long groupId); + List listParentIAMGroups(long groupId); - List listRecursiveAclPoliciesByGroup(long groupId); + List listRecursiveIAMPoliciesByGroup(long groupId); } diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java index 8f3ac7d6222..a5376557d76 100644 --- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMAccountPolicyMapVO.java @@ -39,7 +39,7 @@ public class IAMAccountPolicyMapVO { private long accountId; @Column(name = "policy_id") - private long aclPolicyId; + private long iamPolicyId; @Column(name = GenericDao.REMOVED_COLUMN) private Date removed; @@ -50,9 +50,9 @@ public class IAMAccountPolicyMapVO { public IAMAccountPolicyMapVO() { } - public IAMAccountPolicyMapVO(long accountId, long aclPolicyId) { + public IAMAccountPolicyMapVO(long accountId, long iamPolicyId) { this.accountId = accountId; - this.aclPolicyId = aclPolicyId; + this.iamPolicyId = iamPolicyId; } public long getId() { @@ -63,8 +63,8 @@ public class IAMAccountPolicyMapVO { return accountId; } - public long getAclPolicyId() { - return aclPolicyId; + public long getIAMPolicyId() { + return iamPolicyId; } public Date getRemoved() { diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java index 02da7c36d18..11af27e9fb7 100644 --- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java @@ -84,15 +84,15 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMGroup createAclGroup(String aclGroupName, String description, String path) { + public IAMGroup createIAMGroup(String iamGroupName, String description, String path) { // check if the group is already existing - IAMGroup grp = _aclGroupDao.findByName(path, aclGroupName); + IAMGroup grp = _aclGroupDao.findByName(path, iamGroupName); if (grp != null) { throw new InvalidParameterValueException( - "Unable to create acl group with name " + aclGroupName + "Unable to create acl group with name " + iamGroupName + " already exisits for path " + path); } - IAMGroupVO rvo = new IAMGroupVO(aclGroupName, description); + IAMGroupVO rvo = new IAMGroupVO(iamGroupName, description); rvo.setPath(path); return _aclGroupDao.persist(rvo); @@ -100,11 +100,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public boolean deleteAclGroup(final Long aclGroupId) { + public boolean deleteIAMGroup(final Long iamGroupId) { // get the Acl Group entity - final IAMGroup grp = _aclGroupDao.findById(aclGroupId); + final IAMGroup grp = _aclGroupDao.findById(iamGroupId); if (grp == null) { - throw new InvalidParameterValueException("Unable to find acl group: " + aclGroupId + throw new InvalidParameterValueException("Unable to find acl group: " + iamGroupId + "; failed to delete acl group."); } @@ -128,7 +128,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { } // remove this group from acl_group table - _aclGroupDao.remove(aclGroupId); + _aclGroupDao.remove(iamGroupId); } }); @@ -137,7 +137,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @SuppressWarnings("unchecked") @Override - public List listAclGroups(long accountId) { + public List listIAMGroups(long accountId) { GenericSearchBuilder groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class); groupSB.selectFields(groupSB.entity().getAclGroupId()); @@ -225,11 +225,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { } @Override - public Pair, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) { - if (aclGroupId != null) { - IAMGroup group = _aclGroupDao.findById(aclGroupId); + public Pair, Integer> listIAMGroups(Long iamGroupId, String iamGroupName, String path, Long startIndex, Long pageSize) { + if (iamGroupId != null) { + IAMGroup group = _aclGroupDao.findById(iamGroupId); if (group == null) { - throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId); + throw new InvalidParameterValueException("Unable to find acl group by id " + iamGroupId); } } @@ -242,12 +242,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { SearchCriteria sc = sb.create(); - if (aclGroupName != null) { - sc.setParameters("name", aclGroupName); + if (iamGroupName != null) { + sc.setParameters("name", iamGroupName); } - if (aclGroupId != null) { - sc.setParameters("id", aclGroupId); + if (iamGroupId != null) { + sc.setParameters("id", iamGroupId); } sc.setParameters("path", path + "%"); @@ -257,7 +257,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { } @Override - public List listParentAclGroups(long groupId) { + public List listParentIAMGroups(long groupId) { IAMGroup group = _aclGroupDao.findById(groupId); if (group == null) { throw new InvalidParameterValueException("Unable to find acl group by id " + groupId); @@ -294,20 +294,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) { + public IAMPolicy createIAMPolicy(final String iamPolicyName, final String description, final Long parentPolicyId, final String path) { // check if the policy is already existing - IAMPolicy ro = _aclPolicyDao.findByName(aclPolicyName); + IAMPolicy ro = _aclPolicyDao.findByName(iamPolicyName); if (ro != null) { throw new InvalidParameterValueException( - "Unable to create acl policy with name " + aclPolicyName + "Unable to create acl policy with name " + iamPolicyName + " already exisits"); } IAMPolicy role = Transaction.execute(new TransactionCallback() { @Override public IAMPolicy doInTransaction(TransactionStatus status) { - IAMPolicyVO rvo = new IAMPolicyVO(aclPolicyName, description); + IAMPolicyVO rvo = new IAMPolicyVO(iamPolicyName, description); rvo.setPath(path); IAMPolicy role = _aclPolicyDao.persist(rvo); @@ -331,11 +331,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public boolean deleteAclPolicy(final long aclPolicyId) { + public boolean deleteIAMPolicy(final long iamPolicyId) { // get the Acl Policy entity - final IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId); + final IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId + throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId + "; failed to delete acl policy."); } @@ -367,7 +367,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { } // remove this role from acl_role table - _aclPolicyDao.remove(aclPolicyId); + _aclPolicyDao.remove(iamPolicyId); } }); @@ -377,7 +377,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @SuppressWarnings("unchecked") @Override - public List listAclPolicies(long accountId) { + public List listIAMPolicies(long accountId) { // static policies of the account SearchBuilder groupSB = _aclGroupAccountMapDao.createSearchBuilder(); @@ -395,7 +395,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { // add policies directly attached to the account List acctPolicies = _aclAccountPolicyMapDao.listByAccountId(accountId); for (IAMAccountPolicyMapVO p : acctPolicies) { - policyIds.add(p.getAclPolicyId()); + policyIds.add(p.getIAMPolicyId()); } if (policyIds.size() == 0) { return new ArrayList(); @@ -413,7 +413,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @SuppressWarnings("unchecked") @Override - public List listAclPoliciesByGroup(long groupId) { + public List listIAMPoliciesByGroup(long groupId) { List policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId); if (policyGrpMap == null || policyGrpMap.size() == 0) { return new ArrayList(); @@ -436,7 +436,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @SuppressWarnings("unchecked") @Override - public List listRecursiveAclPoliciesByGroup(long groupId) { + public List listRecursiveIAMPoliciesByGroup(long groupId) { List policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId); if (policyGrpMap == null || policyGrpMap.size() == 0) { return new ArrayList(); @@ -468,12 +468,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @SuppressWarnings("unchecked") @Override - public Pair, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) { + public Pair, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize) { - if (aclPolicyId != null) { - IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId); + if (iamPolicyId != null) { + IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId); + throw new InvalidParameterValueException("Unable to find acl policy by id " + iamPolicyId); } } @@ -486,12 +486,12 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { SearchCriteria sc = sb.create(); - if (aclPolicyName != null) { - sc.setParameters("name", aclPolicyName); + if (iamPolicyName != null) { + sc.setParameters("name", iamPolicyName); } - if (aclPolicyId != null) { - sc.setParameters("id", aclPolicyId); + if (iamPolicyId != null) { + sc.setParameters("id", iamPolicyId); } sc.setParameters("path", path + "%"); @@ -504,7 +504,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMGroup attachAclPoliciesToGroup(final List policyIds, final Long groupId) { + public IAMGroup attachIAMPoliciesToGroup(final List policyIds, final Long groupId) { // get the Acl Group entity IAMGroup group = _aclGroupDao.findById(groupId); if (group == null) { @@ -538,7 +538,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMGroup removeAclPoliciesFromGroup(final List policyIds, final Long groupId) { + public IAMGroup removeIAMPoliciesFromGroup(final List policyIds, final Long groupId) { // get the Acl Group entity IAMGroup group = _aclGroupDao.findById(groupId); if (group == null) { @@ -570,7 +570,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @Override - public void attachAclPolicyToAccounts(final Long policyId, final List acctIds) { + public void attachIAMPolicyToAccounts(final Long policyId, final List acctIds) { IAMPolicy policy = _aclPolicyDao.findById(policyId); if (policy == null) { throw new InvalidParameterValueException("Unable to find acl policy: " + policyId @@ -594,7 +594,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { } @Override - public void removeAclPolicyFromAccounts(final Long policyId, final List acctIds) { + public void removeIAMPolicyFromAccounts(final Long policyId, final List acctIds) { IAMPolicy policy = _aclPolicyDao.findById(policyId); if (policy == null) { throw new InvalidParameterValueException("Unable to find acl policy: " + policyId @@ -619,20 +619,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId, + public IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId, String action, String accessType, Permission perm, Boolean recursive) { // get the Acl Policy entity - IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId); + IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId + throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId + "; failed to add permission to policy."); } // add entry in acl_policy_permission table - IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm); + IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(iamPolicyId, entityType, scope, scopeId, action, perm); if (permit == null) { // not there already - permit = new IAMPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm, + permit = new IAMPolicyPermissionVO(iamPolicyId, action, entityType, accessType, scope, scopeId, perm, recursive); _policyPermissionDao.persist(permit); } @@ -642,16 +642,16 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId, + public IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId, String action) { // get the Acl Policy entity - IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId); + IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId + throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId + "; failed to revoke permission from policy."); } // remove entry from acl_entity_permission table - IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, Permission.Allow); + IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(iamPolicyId, entityType, scope, scopeId, action, Permission.Allow); if (permit != null) { // not removed yet _policyPermissionDao.remove(permit.getId()); @@ -661,7 +661,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public void removeAclPermissionForEntity(final String entityType, final Long entityId) { + public void removeIAMPermissionForEntity(final String entityType, final Long entityId) { Transaction.execute(new TransactionCallbackNoReturn() { @Override public void doInTransactionWithoutResult(TransactionStatus status) { @@ -673,7 +673,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { // remove the policy if there are no other permissions if ((_policyPermissionDao.listByPolicy(policyId)).isEmpty()) { - deleteAclPolicy(policyId); + deleteIAMPolicy(policyId); } } } @@ -682,11 +682,11 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @DB @Override - public IAMPolicy resetAclPolicy(long aclPolicyId) { + public IAMPolicy resetIAMPolicy(long iamPolicyId) { // get the Acl Policy entity - IAMPolicy policy = _aclPolicyDao.findById(aclPolicyId); + IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId + throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId + "; failed to reset the policy."); } @@ -695,7 +695,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ); sb.done(); SearchCriteria permissionSC = sb.create(); - permissionSC.setParameters("policyId", aclPolicyId); + permissionSC.setParameters("policyId", iamPolicyId); _policyPermissionDao.expunge(permissionSC); return policy; @@ -736,7 +736,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { @Override public List getGrantedEntities(long accountId, String action, String scope) { // Get the static Policies of the Caller - List policies = listAclPolicies(accountId); + List policies = listIAMPolicies(accountId); // for each policy, find granted permission within the given scope List entityIds = new ArrayList(); for (IAMPolicy policy : policies) { diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java index 883fd5c1b23..a112a3ed5a1 100644 --- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/IAMAccountPolicyMapDaoImpl.java @@ -26,11 +26,11 @@ public class IAMAccountPolicyMapDaoImpl extends GenericDaoBase