etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,018 Commits 326 Branches 325 Tags 885 MiB
Commit Graph

64 Commits

Author SHA1 Message Date
Min Chen 4367d1406b Change AccountManagerImpl.checkAccess to invoke SecurityChecker 
interface that takes multiple controlled entities.
 2014-04-01 17:31:56 -07:00
Prachi Damle a8a0e84b88 Split the Root Admin policy to allow 'ListEntry' access for listing resources for scope 'all', but 'UseEntry' access only within Account scope 
Same with Domain Admin policy
 2014-04-01 16:01:36 -07:00
Prachi Damle 9962cf1706 SecurityChecker can accept multiple ControlledEntity 2014-04-01 12:06:13 -07:00
Prachi Damle 412af7c2e6 RoleBasedEntityAccessChecker should skip Project resources. IAM does not support Projects yet. 2014-03-28 18:54:19 -07:00
Prachi Damle a5b9814f7a Fixes to ensure Network entity checkAccess invokes the IAM service 2014-03-24 17:09:43 -07:00
Prachi Damle 0cc6b303e0 IAMEntityType change in the test after merge 2014-03-19 11:31:23 -07:00
Prachi Damle b3e22191cb More changes to support 'readOnly' access 
Conflicts:
	api/src/org/apache/cloudstack/api/ApiConstants.java
 2014-03-19 11:31:06 -07:00
Prachi Damle a919f740d0 Adding support for 'readOnly' access. AccessType.ListEntry introduced. 
Conflicts:
	api/src/org/apache/cloudstack/api/ApiConstants.java
 2014-03-19 11:30:22 -07:00
Min Chen ae6b9a0829 Remove IAMEntityType to use existing VO interface class to annotate 
entityType.
 2014-03-17 16:59:19 -07:00
Prachi Damle d9696b26e1 After merge, fix isRootAdmin() calls to use accountId instead of type 2014-03-13 13:28:40 -07:00
Min Chen f2d4b4d60e Use IAMService to populate group-account association for system/admin 
account to solve unit test failure.
 2014-03-11 16:31:03 -07:00
Min Chen b554d4ac1f Fix issues found through FindBugs. 2014-03-11 11:49:48 -07:00
Prachi Damle 1c85af3193 A production/QA Setup does not populate the admin and SYSTEM accounts during database setup. So IAM plugin needs to insert the necessary group <-> account map in the DB during startup 2014-03-10 17:30:00 -07:00
Min Chen 748c090b29 Fix unapproved licens issue. 2014-03-10 11:27:10 -07:00
Min Chen 056d21e14b Fix bugs found from marvin test. 2014-03-04 11:16:45 -08:00
Min Chen 61b47850f2 Bug fix identified by marvin test. 2014-03-03 17:26:16 -08:00
Min Chen e5d722654a Rename IAMEntityType.AclGroup and AclPolicy. 2014-03-02 16:06:29 -08:00
Min Chen 7e4c3b0e92 Pass UUID for scopeId in addIAMPermissionToIAMPolicyCmd and 
removeIAMPermissionFromIAMPolicyCmd.
 2014-03-02 15:56:02 -08:00
Min Chen 9f47466fea Fix some issues in renaming iam api, also fix marvin library. 2014-02-26 17:30:34 -08:00
Prachi Damle 45a96e4e4c renaming Acl to IAM in module.properties for the plugin 2014-02-25 17:02:41 -08:00
Prachi Damle 6309887800 iam/server changes: Rename Acl to IAM 2014-02-25 16:43:25 -08:00
Prachi Damle 187f9cd0a2 iam/plugin: Rename Acl to IAM everywhere 2014-02-25 16:43:23 -08:00
Prachi Damle b2ba6c05b4 Renaming plugin packages to 'iam' instead if 'acl' 2014-02-25 16:43:20 -08:00
Min Chen 26e92af62d Rename IAM api and response package name so that they are following 
convention used by ApiXmlDocWriter.
 2014-02-18 16:08:06 -08:00
Min Chen 586ee74000 Clean up SecurityChecker.AccessType and modify code to use them 
consistently.
 2014-02-14 11:23:05 -08:00
Min Chen 4b75fa806a Fix a NPE bug in listAclPolicies. 2014-02-13 17:57:49 -08:00
Min Chen 5bfc75cac9 Fix test build failure. 2014-02-13 11:21:07 -08:00
Min Chen 5854c0bbeb Fix Path cannot be null error in creating ACL Policy. 2014-02-11 22:45:57 -08:00
Min Chen 97ec3f6628 Fix an AclEntityType cast bug. 2014-02-11 22:26:52 -08:00
Min Chen 63e42d3c47 Handle scopeId=-1 properly, which indicates current caller domain or 
account.
 2014-02-07 15:56:03 -08:00
Min Chen 7c0170e3e9 Hook up IAM update for updateTemplatePermission api. 2014-02-05 16:04:13 -08:00
Prachi Damle 022b9b8f80 Add access for domain wide createAffinityGroup 2014-02-03 18:14:56 -08:00
Prachi Damle a6d07c873c Changes to QuerySelector to list the parent group resources with recursive = true access 2014-02-03 17:49:33 -08:00
Prachi Damle 939b15169c changes to support the domain wide resources for Network 2014-02-03 17:34:03 -08:00
Prachi Damle d12422bf68 Add policies to domain group for CreateNetwork usecase for a domain wide shared network 2014-01-29 23:56:25 -08:00
Min Chen 81323dce5d Add support to grant acl permission to access an individual resource. 2014-01-29 17:59:24 -08:00
Min Chen 0063b60701 Remove ACL permission for a particular entity when it is deleted. The 
hook is currently only done for deleteTemplateCmd.
 2014-01-28 18:17:01 -08:00
Min Chen 72812cdf22 Grant public template permission to domain admin and normal user policy. 2014-01-28 17:41:27 -08:00
Min Chen 748dc1541c Support attaching policy to account. 2014-01-28 10:00:17 -08:00
Prachi Damle 91317dc497 Changes for createDomain - create new group AND createAccount - add account to domain group 2014-01-28 09:48:19 -08:00
Min Chen 344d3a37cc Add missing AclApiServiceImpl bean into spring xml. 2014-01-23 18:32:48 -08:00
Prachi Damle af14699c4c fixing the build _ AffinityGroup command changes 2014-01-23 18:17:43 -08:00
Prachi Damle 96a64b933e - Adding OperateEntry during loading of commands 
- Replace ListEntry By OperateEntry
- ApiDispatcher should pass on the API name
 2014-01-23 17:50:59 -08:00
Prachi Damle 39c0a302b4 Fix the isRootAdmin and isDomainAdmin to return true or false even if the permission is denied by IAM 2014-01-22 13:59:59 -08:00
Min Chen 82bdde70a2 Fix NPE during MS startup. 2014-01-17 18:14:04 -08:00
Prachi Damle b444136166 Adding the correct policyIds for the command permission loading 2014-01-17 16:55:32 -08:00
Min Chen 929fbabaa2 Merge branch 'master' into rbac. 2014-01-17 14:37:08 -08:00
Min Chen b725035b22 Fix NPE about accessType in RoleBasedApiAccessChecker.start. 2014-01-14 18:20:32 -08:00
Min Chen 6583cb3800 Add listAclGroupsByAccount to QuerySelector adapters and remove 
AclProxyService interface.
 2014-01-14 16:19:25 -08:00
Prachi Damle fac9f2da0f Adding messageBus events for adding and removal of an account. 2014-01-13 22:12:39 -08:00