Renaming plugin packages to 'iam' instead if 'acl'

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAccountToAclGroupCmd.java

@@ -14,7 +14,7 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import java.util.List;
 
@@ -22,7 +22,7 @@ import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.iam.api.AclGroup;
 

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddAclPermissionToAclPolicyCmd.java

@@ -14,14 +14,14 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
@@ -30,7 +30,7 @@ import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.BaseAsyncCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.iam.api.AclPolicy;
 import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAccountCmd.java

@@ -14,7 +14,7 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import java.util.List;
 
@@ -22,7 +22,7 @@ import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.AccountResponse;
 import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
 import org.apache.cloudstack.context.CallContext;
 
 import com.cloud.event.EventTypes;

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AttachAclPolicyToAclGroupCmd.java

@@ -14,7 +14,7 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import java.util.List;
 
@@ -22,7 +22,7 @@ import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
@@ -31,8 +31,8 @@ import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.BaseAsyncCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.iam.api.AclGroup;
 

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclGroupCmd.java

@@ -14,13 +14,13 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
 import org.apache.cloudstack.api.ApiConstants;
@@ -29,7 +29,7 @@ import org.apache.cloudstack.api.BaseAsyncCreateCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.iam.api.AclGroup;
 

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/CreateAclPolicyCmd.java

@@ -14,13 +14,13 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
@@ -30,7 +30,7 @@ import org.apache.cloudstack.api.BaseAsyncCreateCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.iam.api.AclPolicy;
 

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclGroupCmd.java

@@ -14,13 +14,13 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
@@ -30,7 +30,7 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
 
 import com.cloud.event.EventTypes;
 import com.cloud.user.Account;

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/DeleteAclPolicyCmd.java

@@ -14,13 +14,13 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
@@ -30,7 +30,7 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
 
 import com.cloud.event.EventTypes;
 import com.cloud.user.Account;

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclGroupsCmd.java

@@ -14,20 +14,20 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
 
 
 @APICommand(name = "listAclGroups", description = "Lists acl groups", responseObject = AclGroupResponse.class)

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/ListAclPoliciesCmd.java

@@ -14,20 +14,20 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
 
 
 @APICommand(name = "listAclPolicies", description = "Lists acl policies", responseObject = AclPolicyResponse.class)

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAccountFromAclGroupCmd.java

@@ -14,7 +14,7 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import java.util.List;
 
@@ -22,7 +22,7 @@ import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.iam.api.AclGroup;
 

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPermissionFromAclPolicyCmd.java

@@ -14,14 +14,14 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
@@ -30,7 +30,7 @@ import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.BaseAsyncCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.iam.api.AclPolicy;
 

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAccountCmd.java

@@ -14,7 +14,7 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import java.util.List;
 
@@ -22,7 +22,7 @@ import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
@@ -31,8 +31,8 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
 import org.apache.cloudstack.context.CallContext;
 
 import com.cloud.event.EventTypes;

services/iam/plugin/src/org/apache/cloudstack/api/command/iam/RemoveAclPolicyFromAclGroupCmd.java

@@ -14,7 +14,7 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.command.acl;
+package org.apache.cloudstack.api.command.iam;
 
 import java.util.List;
 
@@ -22,7 +22,7 @@ import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.AclApiService;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
@@ -31,8 +31,8 @@ import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.BaseAsyncCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.iam.api.AclGroup;
 

services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclGroupResponse.java

@@ -14,7 +14,7 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.response.acl;
+package org.apache.cloudstack.api.response.iam;
 
 import java.util.LinkedHashSet;
 import java.util.Set;

services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java

@@ -14,11 +14,11 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.response.acl;
+package org.apache.cloudstack.api.response.iam;
 
 import com.google.gson.annotations.SerializedName;
 
-import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.IAMEntityType;
 import org.apache.cloudstack.acl.PermissionScope;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseResponse;
@@ -34,7 +34,7 @@ public class AclPermissionResponse extends BaseResponse {
 
     @SerializedName(ApiConstants.ENTITY_TYPE)
     @Param(description = "the entity type of this permission")
-    private AclEntityType entityType;
+    private IAMEntityType entityType;
 
     @SerializedName(ApiConstants.ACL_SCOPE)
     @Param(description = "scope of this permission")
@@ -48,11 +48,11 @@ public class AclPermissionResponse extends BaseResponse {
     @Param(description = "allow or deny of this permission")
     private AclPolicyPermission.Permission permission;
 
-    public AclEntityType getEntityType() {
+    public IAMEntityType getEntityType() {
         return entityType;
     }
 
-    public void setEntityType(AclEntityType entityType) {
+    public void setEntityType(IAMEntityType entityType) {
         this.entityType = entityType;
     }
 

services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java

@@ -14,7 +14,7 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.api.response.acl;
+package org.apache.cloudstack.api.response.iam;
 
 import java.util.LinkedHashSet;
 import java.util.Set;

services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java

@@ -1,84 +1,84 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.api;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-
-import com.cloud.user.Account;
-import com.cloud.utils.component.PluggableService;
-
-public interface AclApiService extends PluggableService {
-
-    /* ACL group related interfaces */
-    AclGroup createAclGroup(Account caller, String aclGroupName, String description);
-
-    boolean deleteAclGroup(Long aclGroupId);
-
-    List<AclGroup> listAclGroups(long accountId);
-
-    AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
-
-    AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
-
-    /* ACL Policy related interfaces */
-    AclPolicy createAclPolicy(Account caller, String aclPolicyName, String description, Long parentPolicyId);
-
-    boolean deleteAclPolicy(long aclPolicyId);
-
-    List<AclPolicy> listAclPolicies(long accountId);
-
-    AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
-
-    AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
-
-    void attachAclPolicyToAccounts(Long policyId, List<Long> accountIds);
-
-    void removeAclPolicyFromAccounts(Long policyId, List<Long> accountIds);
-
-    AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId,
-            String action, Permission perm, Boolean recursive);
-
-    AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
-
-    AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
-
-    /* Utility routine to grant/revoke invidivual resource to list of accounts */
-    void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
-
-    void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
-
-    /* Response Generation */
-    AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
-
-    AclGroupResponse createAclGroupResponse(AclGroup group);
-
-    ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
-            Long domainId, Long startIndex, Long pageSize);
-
-    ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
-            Long domainId, Long startIndex, Long pageSize);
-}
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.List;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
+import org.apache.cloudstack.iam.api.AclGroup;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+
+import com.cloud.user.Account;
+import com.cloud.utils.component.PluggableService;
+
+public interface AclApiService extends PluggableService {
+
+    /* ACL group related interfaces */
+    AclGroup createAclGroup(Account caller, String aclGroupName, String description);
+
+    boolean deleteAclGroup(Long aclGroupId);
+
+    List<AclGroup> listAclGroups(long accountId);
+
+    AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
+
+    AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
+
+    /* ACL Policy related interfaces */
+    AclPolicy createAclPolicy(Account caller, String aclPolicyName, String description, Long parentPolicyId);
+
+    boolean deleteAclPolicy(long aclPolicyId);
+
+    List<AclPolicy> listAclPolicies(long accountId);
+
+    AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
+
+    AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
+
+    void attachAclPolicyToAccounts(Long policyId, List<Long> accountIds);
+
+    void removeAclPolicyFromAccounts(Long policyId, List<Long> accountIds);
+
+    AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId,
+            String action, Permission perm, Boolean recursive);
+
+    AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
+
+    AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
+
+    /* Utility routine to grant/revoke invidivual resource to list of accounts */
+    void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
+
+    void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
+
+    /* Response Generation */
+    AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
+
+    AclGroupResponse createAclGroupResponse(AclGroup group);
+
+    ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
+            Long domainId, Long startIndex, Long pageSize);
+
+    ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
+            Long domainId, Long startIndex, Long pageSize);
+}

services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java

@@ -14,7 +14,7 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.acl;
+package org.apache.cloudstack.iam;
 
 import java.util.HashMap;
 import java.util.HashSet;
@@ -28,6 +28,10 @@ import javax.naming.ConfigurationException;
 
 import org.apache.log4j.Logger;
 
+import org.apache.cloudstack.acl.APIChecker;
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.BaseAsyncCreateCmd;
@@ -129,9 +133,9 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
         // add permissions for public templates
         List<VMTemplateVO> pTmplts = _templateDao.listByPublic();
         for (VMTemplateVO tmpl : pTmplts){
-            _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), AclEntityType.VirtualMachineTemplate.toString(),
+            _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
                     PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
-            _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), AclEntityType.VirtualMachineTemplate.toString(),
+            _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
                     PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
         }
 
@@ -214,7 +218,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
     private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType role) {
 
         AccessType accessType = null;
-        AclEntityType[] entityTypes = null;
+        IAMEntityType[] entityTypes = null;
         if (cmdClass != null) {
             BaseCmd cmdObj;
             try {
@@ -258,7 +262,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
             _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
                     apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
         } else {
-            for (AclEntityType entityType : entityTypes) {
+            for (IAMEntityType entityType : entityTypes) {
                 _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(AclPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
                         apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
             }

services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java

@@ -14,7 +14,7 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.acl;
+package org.apache.cloudstack.iam;
 
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -24,6 +24,9 @@ import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
+import org.apache.cloudstack.acl.ControlledEntity;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.api.InternalIdentity;
 import org.apache.cloudstack.iam.api.AclGroup;
 import org.apache.cloudstack.iam.api.AclPolicy;

services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java

@@ -14,7 +14,7 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package org.apache.cloudstack.acl;
+package org.apache.cloudstack.iam;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -23,6 +23,8 @@ import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.QuerySelector;
 import org.apache.cloudstack.iam.api.AclGroup;
 import org.apache.cloudstack.iam.api.AclPolicy;
 import org.apache.cloudstack.iam.api.AclPolicyPermission;

services/iam/plugin/test/org/apache/cloudstack/acl/AclApiServiceTest.java

@@ -35,13 +35,13 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.context.support.AnnotationConfigContextLoader;
 
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.acl.api.AclApiServiceImpl;
+import org.apache.cloudstack.iam.AclApiService;
+import org.apache.cloudstack.iam.AclApiServiceImpl;
 import org.apache.cloudstack.api.command.user.vm.ListVMsCmd;
 import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.acl.AclGroupResponse;
-import org.apache.cloudstack.api.response.acl.AclPermissionResponse;
-import org.apache.cloudstack.api.response.acl.AclPolicyResponse;
+import org.apache.cloudstack.api.response.iam.AclGroupResponse;
+import org.apache.cloudstack.api.response.iam.AclPermissionResponse;
+import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.framework.messagebus.MessageBus;
 import org.apache.cloudstack.iam.api.AclGroup;
@@ -273,12 +273,12 @@ public class AclApiServiceTest {
         Class clz = ListVMsCmd.class;
         when(_apiServer.getCmdClass("listVirtualMachines")).thenReturn(clz);
         when(
-                _iamSrv.addAclPermissionToAclPolicy(policyId, AclEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
+                _iamSrv.addAclPermissionToAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
                         AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
-        _aclSrv.addAclPermissionToAclPolicy(policyId, AclEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
+        _aclSrv.addAclPermissionToAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
         Pair<List<AclPolicy>, Integer> policyList = new Pair<List<AclPolicy>, Integer>(policies, 1);
         List<AclPolicyPermission> policyPerms = new ArrayList<AclPolicyPermission>();
-        AclPolicyPermission perm = new AclPolicyPermissionVO(policyId, "listVirtualMachines", AclEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
+        AclPolicyPermission perm = new AclPolicyPermissionVO(policyId, "listVirtualMachines", IAMEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
                 PermissionScope.RESOURCE.toString(),
                 resId, Permission.Allow, false);
         policyPerms.add(perm);
@@ -294,7 +294,7 @@ public class AclApiServiceTest {
 
         //remove permission from policy
         policyPerms.remove(perm);
-        _aclSrv.removeAclPermissionFromAclPolicy(policyId, AclEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines");
+        _aclSrv.removeAclPermissionFromAclPolicy(policyId, IAMEntityType.VirtualMachine.toString(), PermissionScope.RESOURCE, resId, "listVirtualMachines");
         policyResp = _aclSrv.listAclPolicies(null, "policy1", callerDomainId, 0L, 20L);
         assertTrue("No. of response items should be one", policyResp.getCount() == 1);
         resp = policyResp.getResponses().get(0);