etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,826 Commits 326 Branches 325 Tags 885 MiB
Commit Graph

77 Commits

Author SHA1 Message Date
Hugo Trippaers dc3f0cbc63 Improve the handling of the findbug exclude files 2014-09-03 10:41:22 +02:00
Min Chen ba848087f8 Disable IAM feature from 4.4 release. 2014-05-22 18:27:08 -07:00
Min Chen 5c3858b504 CLOUDSTACK-6617: [Automation] detach / resize volume test cases failing 
with permission error.
 2014-05-09 18:47:51 -07:00
Min Chen 5f8641e908 CLOUDSTACK-6600: fix a bug in IAM cache in constructing cache key. 2014-05-09 18:47:37 -07:00
Min Chen 218158b9ab CLOUDSTACK-6600:IAM Security checker needs to have cache to improve 
checkAccess performance.
 2014-05-08 17:56:20 -07:00
Min Chen b42ad3ccaa CLOUDSTACK-6533: IAM - Templates - Public templates do not have 
permissions to be used by ROOT group.
 2014-05-01 15:57:27 -07:00
Min Chen 6af1a2919b CLOUDSTACK-6501:IAM - DomainAdmin - When listVirtualMachines is used 
with listall=true and account and domainId , Vms owned by the account
account is not listed.
 2014-04-28 11:11:27 -07:00
Prachi Damle 9514c9e045 CLOUDSTACK-6349: IAM - No error message presented to the user , when 
invalid password is provided.

- AccountManager now works using accountId instead of accountType in
following methods too:
- isResourceDomainAdmin()
- isAdmin()
 2014-04-28 11:10:50 -07:00
Min Chen bc525d2236 CLOUDSTACK-6428:IAM - Domain Admin - When his sub-domainId is passed to 
the listVirtualMachine command, Vms from all the domains are being
listed.
 2014-04-17 18:32:57 -07:00
Min Chen 5d59fc7f5a Fix RoleBasedQuerySelector to handle new listAll semantics. If 
listAll=true, show all resources that caller (or impersonater) has
ListEntry access type; otherwise, show all resources that caller (or
impersonater) has UseEntry access type.
 2014-04-17 18:06:07 -07:00
Prachi Damle 7819775bb8 CLOUDSTACK-6330 [Automation] createRemoteAccessVpn call fails with access permission error 
- Correcting the EntityType for PublicIpAddress entity
- Adding the EntityType in the @APICommand for *IPAddrCmds
 2014-04-17 17:54:57 -07:00
Prachi Damle c387d983a3 All BaseAsyncCreateCmd commands will also be grouped into "OperateEntry" accesstype 2014-04-17 17:54:36 -07:00
Min Chen da13165743 Change AccountManagerImpl.checkAccess to invoke SecurityChecker 
interface that takes multiple controlled entities.
 2014-04-17 17:53:01 -07:00
Prachi Damle df302bdb3e Split the Root Admin policy to allow 'ListEntry' access for listing resources for scope 'all', but 'UseEntry' access only within Account scope 
Same with Domain Admin policy
 2014-04-04 16:38:29 -07:00
Prachi Damle 897e0d3abe SecurityChecker can accept multiple ControlledEntity 2014-04-04 16:38:29 -07:00
Prachi Damle 6a9d6f8796 RoleBasedEntityAccessChecker should skip Project resources. IAM does not support Projects yet. 2014-03-28 18:56:30 -07:00
Daan Hoogland 8b62b2cb92 findbugs: exclude known spiffy hacks a.k.a. false positives 2014-03-28 14:28:10 +01:00
Prachi Damle acfdd519be IAMEntityType change in the test after merge 2014-03-19 11:00:25 -07:00
Prachi Damle c3ee01cca1 More changes to support 'readOnly' access 2014-03-19 11:00:23 -07:00
Prachi Damle e09f97aa63 Adding support for 'readOnly' access. AccessType.ListEntry introduced. 2014-03-19 11:00:20 -07:00
Min Chen ae1d6a771b Remove IAMEntityType to use existing VO interface class to annotate 
entityType.
 2014-03-17 17:19:55 -07:00
Hugo Trippaers 4402685e11 Update master to 4.5.0-SNAPSHOT 2014-03-14 14:55:26 +01:00
Prachi Damle d9696b26e1 After merge, fix isRootAdmin() calls to use accountId instead of type 2014-03-13 13:28:40 -07:00
Min Chen f2d4b4d60e Use IAMService to populate group-account association for system/admin 
account to solve unit test failure.
 2014-03-11 16:31:03 -07:00
Min Chen b554d4ac1f Fix issues found through FindBugs. 2014-03-11 11:49:48 -07:00
Prachi Damle 1c85af3193 A production/QA Setup does not populate the admin and SYSTEM accounts during database setup. So IAM plugin needs to insert the necessary group <-> account map in the DB during startup 2014-03-10 17:30:00 -07:00
Min Chen 748c090b29 Fix unapproved licens issue. 2014-03-10 11:27:10 -07:00
Min Chen 056d21e14b Fix bugs found from marvin test. 2014-03-04 11:16:45 -08:00
Min Chen 61b47850f2 Bug fix identified by marvin test. 2014-03-03 17:26:16 -08:00
Min Chen e5d722654a Rename IAMEntityType.AclGroup and AclPolicy. 2014-03-02 16:06:29 -08:00
Min Chen 7e4c3b0e92 Pass UUID for scopeId in addIAMPermissionToIAMPolicyCmd and 
removeIAMPermissionFromIAMPolicyCmd.
 2014-03-02 15:56:02 -08:00
Min Chen 9f47466fea Fix some issues in renaming iam api, also fix marvin library. 2014-02-26 17:30:34 -08:00
Prachi Damle 45a96e4e4c renaming Acl to IAM in module.properties for the plugin 2014-02-25 17:02:41 -08:00
Prachi Damle 6309887800 iam/server changes: Rename Acl to IAM 2014-02-25 16:43:25 -08:00
Prachi Damle 187f9cd0a2 iam/plugin: Rename Acl to IAM everywhere 2014-02-25 16:43:23 -08:00
Prachi Damle b2ba6c05b4 Renaming plugin packages to 'iam' instead if 'acl' 2014-02-25 16:43:20 -08:00
Min Chen 26e92af62d Rename IAM api and response package name so that they are following 
convention used by ApiXmlDocWriter.
 2014-02-18 16:08:06 -08:00
Min Chen 586ee74000 Clean up SecurityChecker.AccessType and modify code to use them 
consistently.
 2014-02-14 11:23:05 -08:00
Min Chen 4b75fa806a Fix a NPE bug in listAclPolicies. 2014-02-13 17:57:49 -08:00
Min Chen 5bfc75cac9 Fix test build failure. 2014-02-13 11:21:07 -08:00
Min Chen 5854c0bbeb Fix Path cannot be null error in creating ACL Policy. 2014-02-11 22:45:57 -08:00
Min Chen 97ec3f6628 Fix an AclEntityType cast bug. 2014-02-11 22:26:52 -08:00
Min Chen 63e42d3c47 Handle scopeId=-1 properly, which indicates current caller domain or 
account.
 2014-02-07 15:56:03 -08:00
Min Chen 7c0170e3e9 Hook up IAM update for updateTemplatePermission api. 2014-02-05 16:04:13 -08:00
Prachi Damle 022b9b8f80 Add access for domain wide createAffinityGroup 2014-02-03 18:14:56 -08:00
Prachi Damle a6d07c873c Changes to QuerySelector to list the parent group resources with recursive = true access 2014-02-03 17:49:33 -08:00
Prachi Damle 939b15169c changes to support the domain wide resources for Network 2014-02-03 17:34:03 -08:00
Prachi Damle d12422bf68 Add policies to domain group for CreateNetwork usecase for a domain wide shared network 2014-01-29 23:56:25 -08:00
Min Chen 81323dce5d Add support to grant acl permission to access an individual resource. 2014-01-29 17:59:24 -08:00
Min Chen 0063b60701 Remove ACL permission for a particular entity when it is deleted. The 
hook is currently only done for deleteTemplateCmd.
 2014-01-28 18:17:01 -08:00