etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,180 Commits 322 Branches 325 Tags 975 MiB
Commit Graph

243 Commits

Author SHA1 Message Date
Min Chen 5728ed33e9 CLOUDSTACK-6501:IAM - DomainAdmin - When listVirtualMachines is used 
with listall=true and account and domainId , Vms owned by the account
account is not listed.
 2014-04-24 18:14:25 -07:00
Nitin Mehta b8a1cbe81a CLOUDSTACK-6499: 
Made changes so that uploading custom certificate works for ssvm.
    1. Reboot ssvm only when private key is passed meaning the server cert is passed. This is because while uploading the server cert is the last to be uploaded. And we want to propagate the entire chain once uploading is done.
    2. Change the SecStorageSetupCommand sent to ssvm so that it also carries the root cert apart from having the chain and the server cert and key.
    3. Change ssvm agent code to be able to configure root cert to the java key store.
    4. Change ssvm configure ssl script to insert the chain certs correctly.
    5. Fix order of chain certificates for apache webserver in SSVM
    6. Remove double encoding and decoding for uploadCustomCertificate API from UI and server code respectively, so that API call without UI works fine
    7. Java 1.7 - disable using SNI since copyTemplate doesnt work for SSL.
 2014-04-24 17:20:41 -07:00
Prachi Damle 81adee346c CLOUDSTACK-6458: IAM - When a domain is deleted , the group created for this domian is not removed. 
Changes:
- When domain is deleted, IAM service will not find it unless it selects using 'removed' column
 2014-04-24 12:42:40 -07:00
Prachi Damle be10b32b27 CLOUDSTACK-6474: IAM - Not able to list shared networks that is created with scope="all" 
Changes:
- On startup the root domain group should be created
- Also the SYSTEM and Root Admin accounts should be added to that group
- This will make sure that the root domain shared network's policy gets attached to the root domain group
 2014-04-22 18:19:47 -07:00
Prachi Damle 48c9b46328 CLOUDSTACK-6349: IAM - No error message presented to the user , when invalid password is provided. 
- AccountManager now works using accountId instead of accountType in following methods too:
- isResourceDomainAdmin()
- isAdmin()
 2014-04-16 11:26:57 -07:00
Min Chen ba55002132 CLOUDSTACK-6428:IAM - Domain Admin - When his sub-domainId is passed to 
the listVirtualMachine command, Vms from all the domains are being
listed.
 2014-04-16 10:10:45 -07:00
Min Chen ffd877595d Fix RoleBasedQuerySelector to handle new listAll semantics. If 
listAll=true, show all resources that caller (or impersonater) has
ListEntry access type; otherwise, show all resources that caller (or
impersonater) has UseEntry access type.
 2014-04-04 18:44:59 -07:00
Prachi Damle 8ddf0a42b7 CLOUDSTACK-6330 [Automation] createRemoteAccessVpn call fails with access permission error 
- Correcting the EntityType for PublicIpAddress entity
- Adding the EntityType in the @APICommand for *IPAddrCmds
 2014-04-03 23:07:10 -07:00
Prachi Damle f2ab2c10b8 All BaseAsyncCreateCmd commands will also be grouped into "OperateEntry" accesstype 2014-04-03 23:07:07 -07:00
Min Chen 4367d1406b Change AccountManagerImpl.checkAccess to invoke SecurityChecker 
interface that takes multiple controlled entities.
 2014-04-01 17:31:56 -07:00
Prachi Damle a8a0e84b88 Split the Root Admin policy to allow 'ListEntry' access for listing resources for scope 'all', but 'UseEntry' access only within Account scope 
Same with Domain Admin policy
 2014-04-01 16:01:36 -07:00
Prachi Damle 9962cf1706 SecurityChecker can accept multiple ControlledEntity 2014-04-01 12:06:13 -07:00
Prachi Damle 412af7c2e6 RoleBasedEntityAccessChecker should skip Project resources. IAM does not support Projects yet. 2014-03-28 18:54:19 -07:00
Prachi Damle 024efbfbd4 CLOUDSTACK-6303 [Automation] [UI] Account creation hang in UI 
Changes:
- Caused due to a MySql error during 'Project' account cleanup. The MySql error hits a deadlock bug in the MessageBus code that does not release the lock/decrement the counter Eventually all callers on the MessageBus end up waiting to enter
- This fixes the account cleanup MySql error.
 2014-03-28 14:00:39 -07:00
edison 5917b25fd3 CLOUDSTACK-5828: if snapshot deletion failed, such as can't find it on secondary storage, should return succeed. 2014-03-27 17:38:39 -07:00
Prachi Damle a5b9814f7a Fixes to ensure Network entity checkAccess invokes the IAM service 2014-03-24 17:09:43 -07:00
Prachi Damle 0cc6b303e0 IAMEntityType change in the test after merge 2014-03-19 11:31:23 -07:00
Prachi Damle b3e22191cb More changes to support 'readOnly' access 
Conflicts:
	api/src/org/apache/cloudstack/api/ApiConstants.java
 2014-03-19 11:31:06 -07:00
Prachi Damle a919f740d0 Adding support for 'readOnly' access. AccessType.ListEntry introduced. 
Conflicts:
	api/src/org/apache/cloudstack/api/ApiConstants.java
 2014-03-19 11:30:22 -07:00
Min Chen ae6b9a0829 Remove IAMEntityType to use existing VO interface class to annotate 
entityType.
 2014-03-17 16:59:19 -07:00
Prachi Damle d9696b26e1 After merge, fix isRootAdmin() calls to use accountId instead of type 2014-03-13 13:28:40 -07:00
Min Chen 99bdc8d875 Merge branch 'master' into rbac. 2014-03-13 11:05:03 -07:00
Min Chen f2d4b4d60e Use IAMService to populate group-account association for system/admin 
account to solve unit test failure.
 2014-03-11 16:31:03 -07:00
Min Chen b554d4ac1f Fix issues found through FindBugs. 2014-03-11 11:49:48 -07:00
Prachi Damle 1c85af3193 A production/QA Setup does not populate the admin and SYSTEM accounts during database setup. So IAM plugin needs to insert the necessary group <-> account map in the DB during startup 2014-03-10 17:30:00 -07:00
Min Chen 748c090b29 Fix unapproved licens issue. 2014-03-10 11:27:10 -07:00
John Kinsella 09c375379d CLOUDSTACK-6204: removing realhostip dependency 
Moving default transport for console proxy, SSVM to http.

See
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Realhost+IP+changes
for more info.

jlk ported Amogh's patch for 4.3 to master - code base is different
enough that patch has multiple issues.

Author: Amogh Vasekar <Amogh Vasekar <amogh.vasekar@citrix.com>
Signed-off-by: John Kinsella <jlk@stratosec.co> 1394398017 -0700
 2014-03-09 13:46:57 -07:00
Min Chen 48e08fe676 Merge branch 'master' into rbac. 2014-03-06 14:02:20 -08:00
Min Chen 922cdc0dd1 Fix unapproved licens issue. 2014-03-05 14:31:28 -08:00
Min Chen 63e3eea790 CLOUDSTACK-5920: enable build of IAM services in pom.xml. 2014-03-05 09:40:56 -08:00
Min Chen c28450c1cd CLOUDSTACK-5920: IAM service plugin. 2014-03-05 09:40:55 -08:00
Min Chen adb29b2140 CLOUDSTACK-5920: IAM service server. 2014-03-05 09:40:55 -08:00
Alena Prokharchyk 5a8d165afa CLOUDSTACK-6198: use List DS for storing NicProfiles as public network can have more than one nic 
Conflicts:
	engine/api/src/com/cloud/vm/VirtualMachineManager.java
	engine/api/src/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java
	engine/orchestration/src/com/cloud/vm/VirtualMachineManagerImpl.java
	engine/orchestration/src/org/apache/cloudstack/engine/orchestration/CloudOrchestrator.java
	engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
	plugins/network-elements/elastic-loadbalancer/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
	plugins/network-elements/internal-loadbalancer/src/org/apache/cloudstack/network/lb/InternalLoadBalancerVMManagerImpl.java
	plugins/network-elements/juniper-contrail/src/org/apache/cloudstack/network/contrail/management/ServiceManagerImpl.java
	server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
	server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
	server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
	server/test/com/cloud/vpc/MockNetworkManagerImpl.java
	services/secondary-storage/controller/src/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java
 2014-03-04 15:37:52 -08:00
Min Chen 056d21e14b Fix bugs found from marvin test. 2014-03-04 11:16:45 -08:00
Min Chen 61b47850f2 Bug fix identified by marvin test. 2014-03-03 17:26:16 -08:00
Min Chen e5d722654a Rename IAMEntityType.AclGroup and AclPolicy. 2014-03-02 16:06:29 -08:00
Min Chen 7e4c3b0e92 Pass UUID for scopeId in addIAMPermissionToIAMPolicyCmd and 
removeIAMPermissionFromIAMPolicyCmd.
 2014-03-02 15:56:02 -08:00
Kelven Yang dfb9f49117 Remove inner retry loop when CPVM tries to reconnect to host 2014-02-28 15:35:58 -08:00
Min Chen 9f47466fea Fix some issues in renaming iam api, also fix marvin library. 2014-02-26 17:30:34 -08:00
Prachi Damle 45a96e4e4c renaming Acl to IAM in module.properties for the plugin 2014-02-25 17:02:41 -08:00
Prachi Damle 57b687e8b6 Renaming all beans in the xml files to use IAM insteda of Acl 2014-02-25 16:58:42 -08:00
Prachi Damle 6309887800 iam/server changes: Rename Acl to IAM 2014-02-25 16:43:25 -08:00
Prachi Damle 187f9cd0a2 iam/plugin: Rename Acl to IAM everywhere 2014-02-25 16:43:23 -08:00
Prachi Damle b2ba6c05b4 Renaming plugin packages to 'iam' instead if 'acl' 2014-02-25 16:43:20 -08:00
Min Chen 26e92af62d Rename IAM api and response package name so that they are following 
convention used by ApiXmlDocWriter.
 2014-02-18 16:08:06 -08:00
Hugo Trippaers f1139848e5 Slight optimization, don't run checkstyle on container or non-java projects. 2014-02-18 12:24:11 +01:00
Min Chen ebfe947f41 Fixed some bugs encountered in testing iam-plugin apis. 2014-02-14 15:04:29 -08:00
Min Chen 586ee74000 Clean up SecurityChecker.AccessType and modify code to use them 
consistently.
 2014-02-14 11:23:05 -08:00
Hugo Trippaers 97bad4f9b3 Fix checkstyle and license issues 2014-02-14 18:37:47 +01:00
Ian Southam 33c2c87287 Findbugs finding 
Signed-off-by: Hugo Trippaers <htrippaers@schubergphilis.com>
 2014-02-14 18:37:46 +01:00