Skip to content

Commit 1294cdc

Browse files
author
Alex Huang
committed
pulled from master
2 parents d6f44a4 + 345c179 commit 1294cdc

21 files changed

Lines changed: 710 additions & 654 deletions

File tree

api/src/com/cloud/user/AccountService.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
import java.util.Map;
2121

2222
import org.apache.cloudstack.acl.ControlledEntity;
23+
import org.apache.cloudstack.acl.RoleType;
2324
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
2425

2526
import org.apache.cloudstack.api.command.admin.user.DeleteUserCmd;
@@ -193,6 +194,8 @@ UserAccount createUserAccount(String userName, String password, String firstName
193194

194195
UserAccount getUserByApiKey(String apiKey);
195196

197+
RoleType getRoleType(Account account);
198+
196199
void checkAccess(Account account, Domain domain) throws PermissionDeniedException;
197200

198201
void checkAccess(Account account, AccessType accessType, boolean sameOwner, ControlledEntity... entities) throws PermissionDeniedException;

api/src/org/apache/cloudstack/acl/RoleType.java

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
// Licensed to the Apache Software Foundation (ASF) under one
2+
// or more contributor license agreements. See the NOTICE file
3+
// distributed with this work for additional information
4+
// regarding copyright ownership. The ASF licenses this file
5+
// to you under the Apache License, Version 2.0 (the
6+
// "License"); you may not use this file except in compliance
7+
// with the License. You may obtain a copy of the License at
8+
//
9+
// http://www.apache.org/licenses/LICENSE-2.0
10+
//
11+
// Unless required by applicable law or agreed to in writing,
12+
// software distributed under the License is distributed on an
13+
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14+
// KIND, either express or implied. See the License for the
15+
// specific language governing permissions and limitations
16+
// under the License.
17+
package org.apache.cloudstack.acl;
18+
19+
// Enum for default roles in CloudStack
20+
public enum RoleType {
21+
22+
Admin(1),
23+
ResourceAdmin(2),
24+
DomainAdmin(4),
25+
User(8),
26+
Unknown(0);
27+
28+
private int mask;
29+
30+
private RoleType(int mask) {
31+
this.mask = mask;
32+
}
33+
34+
public int getValue() {
35+
return mask;
36+
}
37+
}

client/tomcatconf/api-discovery_commands.properties.in

Lines changed: 0 additions & 23 deletions
This file was deleted.

plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java

Lines changed: 46 additions & 83 deletions
Original file line numberDiff line numberDiff line change
@@ -16,17 +16,15 @@
1616
// under the License.
1717
package org.apache.cloudstack.acl;
1818

19-
import java.io.File;
20-
import java.io.FileInputStream;
21-
import java.io.FileNotFoundException;
22-
import java.io.IOException;
23-
import java.io.InputStream;
24-
import java.util.ArrayList;
25-
import java.util.Arrays;
19+
import static org.apache.cloudstack.acl.RoleType.Admin;
20+
import static org.apache.cloudstack.acl.RoleType.DomainAdmin;
21+
import static org.apache.cloudstack.acl.RoleType.ResourceAdmin;
22+
import static org.apache.cloudstack.acl.RoleType.User;
23+
24+
import java.util.HashMap;
2625
import java.util.HashSet;
2726
import java.util.List;
2827
import java.util.Map;
29-
import java.util.Properties;
3028
import java.util.Set;
3129

3230
import javax.ejb.Local;
@@ -37,7 +35,6 @@
3735

3836
import com.cloud.exception.PermissionDeniedException;
3937
import com.cloud.user.AccountManager;
40-
import com.cloud.utils.PropertiesUtil;
4138
import com.cloud.utils.component.AdapterBase;
4239
import com.cloud.utils.component.PluggableService;
4340

@@ -70,104 +67,70 @@ protected StaticRoleBasedAPIAccessChecker() {
7067
}
7168

7269
@Override
73-
public boolean canAccessAPI(RoleType roleType, String apiCommandName)
74-
throws PermissionDeniedException{
75-
76-
boolean commandExists = s_allCommands.contains(apiCommandName);
77-
78-
if(commandExists) {
79-
return isCommandAvailableForAccount(roleType, apiCommandName);
80-
}
81-
82-
return commandExists;
83-
}
84-
85-
private static boolean isCommandAvailableForAccount(RoleType roleType, String commandName) {
86-
boolean isCommandAvailable = false;
87-
switch (roleType) {
88-
case Admin:
89-
isCommandAvailable = s_adminCommands.contains(commandName);
90-
break;
91-
case DomainAdmin:
92-
isCommandAvailable = s_resellerCommands.contains(commandName);
93-
break;
94-
case ResourceAdmin:
95-
isCommandAvailable = s_resourceDomainAdminCommands.contains(commandName);
96-
break;
97-
case User:
98-
isCommandAvailable = s_userCommands.contains(commandName);
99-
break;
70+
public boolean canAccessAPI(RoleType roleType, String commandName)
71+
throws PermissionDeniedException {
72+
73+
boolean commandExists = s_allCommands.contains(commandName);
74+
boolean commandAccessible = false;
75+
76+
if (commandExists) {
77+
switch (roleType) {
78+
case Admin:
79+
commandAccessible = s_adminCommands.contains(commandName);
80+
break;
81+
case DomainAdmin:
82+
commandAccessible = s_resellerCommands.contains(commandName);
83+
break;
84+
case ResourceAdmin:
85+
commandAccessible = s_resourceDomainAdminCommands.contains(commandName);
86+
break;
87+
case User:
88+
commandAccessible = s_userCommands.contains(commandName);
89+
break;
90+
}
10091
}
101-
return isCommandAvailable;
92+
return commandExists && commandAccessible;
10293
}
10394

10495
@Override
10596
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
10697
super.configure(name, params);
10798

108-
List<String> configFiles = new ArrayList<String>();
99+
// Read command properties files to build the static map per role.
100+
Map<String, String> configPropertiesMap = new HashMap<String, String>();
109101
for (PluggableService service : _services) {
110-
configFiles.addAll(Arrays.asList(service.getPropertiesFiles()));
102+
configPropertiesMap.putAll(service.getProperties());
111103
}
112104

113-
processConfigFiles(configFiles);
105+
processConfigFiles(configPropertiesMap);
114106
return true;
115107
}
116108

117-
private void processConfigFiles(List<String> configFiles) {
118-
Properties preProcessedCommands = new Properties();
119-
120-
for (String configFile : configFiles) {
121-
File commandsFile = PropertiesUtil.findConfigFile(configFile);
122-
if (commandsFile != null) {
123-
try {
124-
preProcessedCommands.load(new FileInputStream(commandsFile));
125-
} catch (FileNotFoundException fnfex) {
126-
// in case of a file within a jar in classpath, try to open stream using url
127-
InputStream stream = PropertiesUtil.openStreamFromURL(configFile);
128-
if (stream != null) {
129-
try {
130-
preProcessedCommands.load(stream);
131-
} catch (IOException e) {
132-
s_logger.error("IO Exception, unable to find properties file:", fnfex);
133-
}
134-
} else {
135-
s_logger.error("Unable to find properites file", fnfex);
136-
}
137-
} catch (IOException ioe) {
138-
s_logger.error("IO Exception loading properties file", ioe);
139-
}
140-
}
141-
}
142-
143-
for (Object key : preProcessedCommands.keySet()) {
144-
String preProcessedCommand = preProcessedCommands.getProperty((String) key);
145-
int splitIndex = preProcessedCommand.lastIndexOf(";");
146-
// Backward compatible to old style, apiname=pkg;mask
147-
String mask = preProcessedCommand.substring(splitIndex+1);
148-
109+
private void processConfigFiles(Map<String, String> config) {
110+
for (Map.Entry<String, String> entry: config.entrySet()) {
111+
String apiName = entry.getKey();
112+
String roleMask = entry.getValue();
149113
try {
150-
short cmdPermissions = Short.parseShort(mask);
114+
short cmdPermissions = Short.parseShort(roleMask);
151115
if ((cmdPermissions & Admin.getValue()) != 0) {
152-
s_adminCommands.add((String) key);
116+
s_adminCommands.add(apiName);
153117
}
154118
if ((cmdPermissions & ResourceAdmin.getValue()) != 0) {
155-
s_resourceDomainAdminCommands.add((String) key);
119+
s_resourceDomainAdminCommands.add(apiName);
156120
}
157121
if ((cmdPermissions & DomainAdmin.getValue()) != 0) {
158-
s_resellerCommands.add((String) key);
122+
s_resellerCommands.add(apiName);
159123
}
160124
if ((cmdPermissions & User.getValue()) != 0) {
161-
s_userCommands.add((String) key);
125+
s_userCommands.add(apiName);
162126
}
163-
s_allCommands.addAll(s_adminCommands);
164-
s_allCommands.addAll(s_resourceDomainAdminCommands);
165-
s_allCommands.addAll(s_userCommands);
166-
s_allCommands.addAll(s_resellerCommands);
167127
} catch (NumberFormatException nfe) {
168-
s_logger.info("Malformed command.properties permissions value, key = " + key + ", value = " + preProcessedCommand);
128+
s_logger.info("Malformed commands.properties permissions value, for entry: " + entry.toString());
169129
}
170130
}
131+
s_allCommands.addAll(s_adminCommands);
132+
s_allCommands.addAll(s_resourceDomainAdminCommands);
133+
s_allCommands.addAll(s_userCommands);
134+
s_allCommands.addAll(s_resellerCommands);
171135
}
172-
173136
}

plugins/api/discovery/src/org/apache/cloudstack/api/command/user/discovery/ListApisCmd.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@
1616
// under the License.
1717
package org.apache.cloudstack.api.command.user.discovery;
1818

19+
import com.cloud.user.Account;
20+
import com.cloud.user.UserContext;
21+
import org.apache.cloudstack.acl.RoleType;
1922
import org.apache.cloudstack.api.APICommand;
2023
import org.apache.cloudstack.api.BaseCmd;
2124
import org.apache.cloudstack.api.BaseListCmd;
@@ -39,7 +42,9 @@ public class ListApisCmd extends BaseListCmd {
3942
@Override
4043
public void execute() throws ServerApiException {
4144
if (_apiDiscoveryService != null) {
42-
ListResponse<ApiDiscoveryResponse> response = (ListResponse<ApiDiscoveryResponse>) _apiDiscoveryService.listApis();
45+
Account caller = UserContext.current().getCaller();
46+
RoleType roleType = _accountService.getRoleType(UserContext.current().getCaller());
47+
ListResponse<ApiDiscoveryResponse> response = (ListResponse<ApiDiscoveryResponse>) _apiDiscoveryService.listApis(roleType);
4348
if (response == null) {
4449
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Api Discovery plugin was unable to find and process any apis");
4550
}

plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryService.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,10 @@
1717
package org.apache.cloudstack.discovery;
1818

1919
import com.cloud.utils.component.PluggableService;
20+
import org.apache.cloudstack.acl.RoleType;
2021
import org.apache.cloudstack.api.BaseResponse;
2122
import org.apache.cloudstack.api.response.ListResponse;
2223

2324
public interface ApiDiscoveryService extends PluggableService {
24-
ListResponse<? extends BaseResponse> listApis();
25+
ListResponse<? extends BaseResponse> listApis(RoleType roleType);
2526
}

plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,9 @@
1616
// under the License.
1717
package org.apache.cloudstack.discovery;
1818

19+
import com.cloud.utils.PropertiesUtil;
1920
import com.cloud.utils.ReflectUtil;
21+
import org.apache.cloudstack.acl.RoleType;
2022
import org.apache.cloudstack.api.APICommand;
2123
import org.apache.cloudstack.api.BaseCmd;
2224
import org.apache.cloudstack.api.BaseAsyncCmd;
@@ -108,12 +110,14 @@ private void cacheListApiResponse() {
108110
}
109111

110112
@Override
111-
public ListResponse<? extends BaseResponse> listApis() {
113+
public ListResponse<? extends BaseResponse> listApis(RoleType roleType) {
112114
return _discoveryResponse;
113115
}
114116

115117
@Override
116-
public String[] getPropertiesFiles() {
117-
return new String[] { "api-discovery_commands.properties" };
118+
public Map<String, String> getProperties() {
119+
Map<String, String> apiDiscoveryPropertyMap = new HashMap<String, String>();
120+
apiDiscoveryPropertyMap.put("listApis", "15");
121+
return apiDiscoveryPropertyMap;
118122
}
119123
}

plugins/hypervisors/simulator/src/com/cloud/server/ManagementServerSimulatorImpl.java

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -17,16 +17,16 @@
1717
package com.cloud.server;
1818

1919

20+
import com.cloud.utils.PropertiesUtil;
21+
22+
import java.util.Map;
23+
2024
public class ManagementServerSimulatorImpl extends ManagementServerExtImpl {
2125
@Override
22-
public String[] getPropertiesFiles() {
23-
String[] apis = super.getPropertiesFiles();
24-
String[] newapis = new String[apis.length + 1];
25-
for (int i = 0; i < apis.length; i++) {
26-
newapis[i] = apis[i];
27-
}
28-
29-
newapis[apis.length] = "commands-simulator.properties";
30-
return newapis;
26+
public Map<String, String> getProperties() {
27+
Map<String, String> apiNameRoleMaskMapping = super.getProperties();
28+
apiNameRoleMaskMapping.putAll(PropertiesUtil.processConfigFile(new String[]
29+
{"commands-simulator.properties"}));
30+
return apiNameRoleMaskMapping;
3131
}
3232
}

plugins/hypervisors/vmware/src/com/cloud/network/element/CiscoNexusVSMElement.java

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717

1818
package com.cloud.network.element;
1919

20+
import java.lang.String;
2021
import java.util.List;
2122
import java.util.Map;
2223
import java.util.ArrayList;
@@ -25,6 +26,7 @@
2526
import javax.ejb.Local;
2627
import javax.inject.Inject;
2728

29+
import com.cloud.utils.PropertiesUtil;
2830
import org.apache.log4j.Logger;
2931
import org.springframework.stereotype.Component;
3032

@@ -239,7 +241,8 @@ public CiscoNexusVSMResponse createCiscoNexusVSMDetailedResponse(CiscoNexusVSMDe
239241
}
240242

241243
@Override
242-
public String[] getPropertiesFiles() {
243-
return new String[] { "cisconexusvsm_commands.properties" };
244+
public Map<String, String> getProperties() {
245+
return PropertiesUtil.processConfigFile(new String[]
246+
{ "cisconexusvsm_commands.properties" });
244247
}
245248
}

plugins/network-elements/f5/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
// under the License.
1717
package com.cloud.network.element;
1818

19+
import java.lang.String;
1920
import java.util.ArrayList;
2021
import java.util.HashMap;
2122
import java.util.List;
@@ -25,6 +26,7 @@
2526
import javax.ejb.Local;
2627
import javax.inject.Inject;
2728

29+
import com.cloud.utils.PropertiesUtil;
2830
import org.apache.log4j.Logger;
2931
import org.springframework.stereotype.Component;
3032

@@ -262,8 +264,9 @@ public boolean canEnableIndividualServices() {
262264
}
263265

264266
@Override
265-
public String[] getPropertiesFiles() {
266-
return new String[] { "f5bigip_commands.properties" };
267+
public Map<String, String> getProperties() {
268+
return PropertiesUtil.processConfigFile(new String[]
269+
{ "f5bigip_commands.properties" });
267270
}
268271

269272
@Override

0 commit comments

Comments
 (0)