Skip to content

Commit fce2aad

Browse files
committed
WIP For APIs related to ACL Roles.
1 parent 4294005 commit fce2aad

31 files changed

Lines changed: 1739 additions & 54 deletions

api/src/com/cloud/user/AccountService.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
import org.apache.cloudstack.api.command.admin.user.RegisterCmd;
2525

2626
import com.cloud.domain.Domain;
27+
import com.cloud.domain.PartOf;
2728
import com.cloud.exception.PermissionDeniedException;
2829

2930
public interface AccountService {
@@ -102,4 +103,6 @@ UserAccount createUserAccount(String userName, String password, String firstName
102103

103104
void checkAccess(Account account, AccessType accessType, boolean sameOwner, ControlledEntity... entities) throws PermissionDeniedException;
104105

106+
//TO be implemented, to check accessibility for an entity owned by domain
107+
void checkAccess(Account account, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException;
105108
}

api/src/org/apache/cloudstack/acl/AclGroup.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,11 @@
1919
import org.apache.cloudstack.api.Identity;
2020
import org.apache.cloudstack.api.InternalIdentity;
2121

22-
public interface AclGroup extends InternalIdentity, Identity {
22+
import com.cloud.domain.PartOf;
23+
24+
public interface AclGroup extends PartOf, InternalIdentity, Identity {
2325

2426
String getName();
2527

2628
String getDescription();
27-
2829
}

api/src/org/apache/cloudstack/acl/AclRole.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,13 @@
1919
import org.apache.cloudstack.api.Identity;
2020
import org.apache.cloudstack.api.InternalIdentity;
2121

22-
public interface AclRole extends InternalIdentity, Identity {
22+
import com.cloud.domain.PartOf;
23+
24+
public interface AclRole extends PartOf, InternalIdentity, Identity {
2325

2426
String getName();
2527

2628
String getDescription();
2729

28-
long getParentRoleId();
30+
Long getParentRoleId();
2931
}
Lines changed: 103 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,103 @@
1+
// Licensed to the Apache Software Foundation (ASF) under one
2+
// or more contributor license agreements. See the NOTICE file
3+
// distributed with this work for additional information
4+
// regarding copyright ownership. The ASF licenses this file
5+
// to you under the Apache License, Version 2.0 (the
6+
// "License"); you may not use this file except in compliance
7+
// with the License. You may obtain a copy of the License at
8+
//
9+
// http://www.apache.org/licenses/LICENSE-2.0
10+
//
11+
// Unless required by applicable law or agreed to in writing,
12+
// software distributed under the License is distributed on an
13+
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14+
// KIND, either express or implied. See the License for the
15+
// specific language governing permissions and limitations
16+
// under the License.
17+
package org.apache.cloudstack.acl;
18+
19+
import java.util.List;
20+
21+
import com.cloud.utils.Pair;
22+
23+
public interface AclService {
24+
25+
/**
26+
* Creates an acl role for the given domain.
27+
*
28+
* @param domainId
29+
* @param name
30+
* @param description
31+
* @return AclRole
32+
*/
33+
34+
AclRole createAclRole(Long domainId, String aclRoleName, String description);
35+
36+
/**
37+
* Delete an acl role.
38+
*
39+
* @param aclRoleId
40+
*/
41+
boolean deleteAclRole(long aclRoleId);
42+
43+
/** Lists Acl roles for a domain
44+
* @param domainId
45+
* @param aclRoleId
46+
* @param aclRoleName
47+
* @param startIndex
48+
* @param pageSize
49+
* @return
50+
*/
51+
Pair<List<? extends AclRole>, Integer> listAclRoles(Long aclRoleId, String aclRoleName,
52+
Long domainId, Long startIndex, Long pageSize);
53+
54+
55+
/**
56+
* Get the acl role for the given role id.
57+
* @param roleId
58+
* @return AclRole
59+
*/
60+
AclRole getAclRole(Long roleId);
61+
62+
AclGroup addAclRolesToGroup(List<Long> roleIds, Long groupId);
63+
64+
AclGroup removeAclRolesFromGroup(List<Long> roleIds, Long groupId);
65+
66+
/**
67+
* Creates an acl group for the given domain.
68+
*
69+
* @param domainId
70+
* @param name
71+
* @param description
72+
* @return AclGroup
73+
*/
74+
75+
AclGroup createAclGroup(Long domainId, String aclGroupName, String description);
76+
77+
/**
78+
* Delete an acl group.
79+
*
80+
* @param aclGroupId
81+
*/
82+
boolean deleteAclGroup(Long aclGroupId);
83+
84+
/** Lists Acl groups for a domain
85+
* @param domainId
86+
* @param aclGroupId
87+
* @param aclGroupName
88+
* @param startIndex
89+
* @param pageSize
90+
* @return
91+
*/
92+
Pair<List<? extends AclRole>, Integer> listAclGroups(Long aclRoleId, String aclRoleName,
93+
Long domainId, Long startIndex, Long pageSize);
94+
95+
96+
/**
97+
* Get the acl group for the given group id.
98+
* @param groupId
99+
* @return AclGroup
100+
*/
101+
AclRole getAclGroup(Long groupId);
102+
103+
}

api/src/org/apache/cloudstack/api/ApiCommandJobType.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,5 +48,7 @@ public enum ApiCommandJobType {
4848
LoadBalancerRule,
4949
AffinityGroup,
5050
InternalLbVm,
51-
DedicatedGuestVlanRange
51+
DedicatedGuestVlanRange,
52+
AclRole,
53+
AclGroup
5254
}

api/src/org/apache/cloudstack/api/ApiConstants.java

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -248,7 +248,7 @@ public class ApiConstants {
248248
public static final String IS_VOLATILE = "isvolatile";
249249
public static final String VOLUME_ID = "volumeid";
250250
public static final String ZONE_ID = "zoneid";
251-
public static final String ZONE_NAME = "zonename";
251+
public static final String ZONE_NAME = "zonename";
252252
public static final String NETWORK_TYPE = "networktype";
253253
public static final String PAGE = "page";
254254
public static final String PAGE_SIZE = "pagesize";
@@ -518,6 +518,12 @@ public class ApiConstants {
518518
public static final String ROUTING = "isrouting";
519519
public static final String MAX_CONNECTIONS = "maxconnections";
520520
public static final String SERVICE_STATE = "servicestate";
521+
public static final String ACL_ACCOUNT_IDS = "accountids";
522+
public static final String ACL_PARENT_ROLE_ID = "parentroleid";
523+
public static final String ACL_PARENT_ROLE_NAME = "parentrolename";
524+
public static final String ACL_ROLES = "roles";
525+
public static final String ACL_ROLE_IDS = "roleids";
526+
public static final String ACL_ALLOWED_APIS = "allowedapis";
521527
public enum HostDetails {
522528
all, capacity, events, stats, min;
523529
}

api/src/org/apache/cloudstack/api/BaseCmd.java

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -27,18 +27,16 @@
2727

2828
import javax.inject.Inject;
2929

30-
import org.apache.cloudstack.affinity.AffinityGroupService;
31-
32-
import com.cloud.server.ResourceMetaDataService;
30+
import org.apache.log4j.Logger;
3331

32+
import org.apache.cloudstack.acl.AclService;
33+
import org.apache.cloudstack.affinity.AffinityGroupService;
3434
import org.apache.cloudstack.network.element.InternalLoadBalancerElementService;
3535
import org.apache.cloudstack.network.lb.ApplicationLoadBalancerService;
3636
import org.apache.cloudstack.network.lb.InternalLoadBalancerVMService;
3737
import org.apache.cloudstack.query.QueryService;
3838
import org.apache.cloudstack.usage.UsageService;
3939

40-
import org.apache.log4j.Logger;
41-
4240
import com.cloud.configuration.ConfigurationService;
4341
import com.cloud.domain.Domain;
4442
import com.cloud.exception.ConcurrentOperationException;
@@ -55,10 +53,10 @@
5553
import com.cloud.network.VpcVirtualNetworkApplianceService;
5654
import com.cloud.network.as.AutoScaleService;
5755
import com.cloud.network.firewall.FirewallService;
58-
import com.cloud.network.vpc.NetworkACLService;
5956
import com.cloud.network.lb.LoadBalancingRulesService;
6057
import com.cloud.network.rules.RulesService;
6158
import com.cloud.network.security.SecurityGroupService;
59+
import com.cloud.network.vpc.NetworkACLService;
6260
import com.cloud.network.vpc.VpcProvisioningService;
6361
import com.cloud.network.vpc.VpcService;
6462
import com.cloud.network.vpn.RemoteAccessVpnService;
@@ -67,6 +65,7 @@
6765
import com.cloud.projects.ProjectService;
6866
import com.cloud.resource.ResourceService;
6967
import com.cloud.server.ManagementService;
68+
import com.cloud.server.ResourceMetaDataService;
7069
import com.cloud.server.TaggedResourceService;
7170
import com.cloud.storage.DataStoreProviderApiService;
7271
import com.cloud.storage.StorageService;
@@ -150,6 +149,8 @@ public enum HTTPMethod {
150149
@Inject public ApplicationLoadBalancerService _newLbSvc;
151150
@Inject public ApplicationLoadBalancerService _appLbService;
152151
@Inject public AffinityGroupService _affinityGroupService;
152+
@Inject
153+
public AclService _aclService;
153154
@Inject public InternalLoadBalancerElementService _internalLbElementSvc;
154155
@Inject public InternalLoadBalancerVMService _internalLbSvc;
155156
@Inject public NetworkModel _ntwkModel;
@@ -474,11 +475,11 @@ protected long getInstanceIdFromJobSuccessResult(String result) {
474475
}
475476

476477
public void setFullUrlParams(Map<String, String> map) {
477-
this.fullUrlParams = map;
478+
fullUrlParams = map;
478479
}
479480

480481
public Map<String, String> getFullUrlParams() {
481-
return this.fullUrlParams;
482+
return fullUrlParams;
482483
}
483484

484485
public Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly) {

api/src/org/apache/cloudstack/api/ResponseGenerator.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,12 +22,16 @@
2222
import java.util.List;
2323
import java.util.Map;
2424

25+
import org.apache.cloudstack.acl.AclGroup;
26+
import org.apache.cloudstack.acl.AclRole;
2527
import org.apache.cloudstack.affinity.AffinityGroup;
2628
import org.apache.cloudstack.affinity.AffinityGroupResponse;
2729
import org.apache.cloudstack.api.ApiConstants.HostDetails;
2830
import org.apache.cloudstack.api.ApiConstants.VMDetails;
2931
import org.apache.cloudstack.api.command.user.job.QueryAsyncJobResultCmd;
3032
import org.apache.cloudstack.api.response.AccountResponse;
33+
import org.apache.cloudstack.api.response.AclGroupResponse;
34+
import org.apache.cloudstack.api.response.AclRoleResponse;
3135
import org.apache.cloudstack.api.response.ApplicationLoadBalancerResponse;
3236
import org.apache.cloudstack.api.response.AsyncJobResponse;
3337
import org.apache.cloudstack.api.response.AutoScalePolicyResponse;
@@ -446,4 +450,8 @@ LBHealthCheckResponse createLBHealthCheckPolicyResponse(List<? extends HealthChe
446450

447451
IsolationMethodResponse createIsolationMethodResponse(IsolationType method);
448452

453+
AclRoleResponse createAclRoleResponse(AclRole role);
454+
455+
AclGroupResponse createAclGroupResponse(AclGroup group);
456+
449457
}
Lines changed: 105 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,105 @@
1+
// Licensed to the Apache Software Foundation (ASF) under one
2+
// or more contributor license agreements. See the NOTICE file
3+
// distributed with this work for additional information
4+
// regarding copyright ownership. The ASF licenses this file
5+
// to you under the Apache License, Version 2.0 (the
6+
// "License"); you may not use this file except in compliance
7+
// with the License. You may obtain a copy of the License at
8+
//
9+
// http://www.apache.org/licenses/LICENSE-2.0
10+
//
11+
// Unless required by applicable law or agreed to in writing,
12+
// software distributed under the License is distributed on an
13+
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14+
// KIND, either express or implied. See the License for the
15+
// specific language governing permissions and limitations
16+
// under the License.
17+
package org.apache.cloudstack.api.command.admin.acl;
18+
19+
import java.util.List;
20+
21+
import org.apache.log4j.Logger;
22+
23+
import org.apache.cloudstack.acl.AclGroup;
24+
import org.apache.cloudstack.api.ACL;
25+
import org.apache.cloudstack.api.APICommand;
26+
import org.apache.cloudstack.api.ApiConstants;
27+
import org.apache.cloudstack.api.ApiErrorCode;
28+
import org.apache.cloudstack.api.BaseCmd;
29+
import org.apache.cloudstack.api.Parameter;
30+
import org.apache.cloudstack.api.ServerApiException;
31+
import org.apache.cloudstack.api.response.AclGroupResponse;
32+
import org.apache.cloudstack.api.response.AclRoleResponse;
33+
import org.apache.cloudstack.context.CallContext;
34+
35+
import com.cloud.exception.InsufficientCapacityException;
36+
import com.cloud.exception.ResourceUnavailableException;
37+
import com.cloud.user.Account;
38+
39+
40+
@APICommand(name = "addAclRoleToAclGroup", description = "add acl role to an acl group", responseObject = AclGroupResponse.class)
41+
public class AddAclRoleToAclGroupCmd extends BaseCmd {
42+
public static final Logger s_logger = Logger.getLogger(AddAclRoleToAclGroupCmd.class.getName());
43+
private static final String s_name = "addaclroletoaclgroupresponse";
44+
45+
/////////////////////////////////////////////////////
46+
//////////////// API parameters /////////////////////
47+
/////////////////////////////////////////////////////
48+
49+
50+
@ACL
51+
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
52+
required = true, description = "The ID of the acl group")
53+
private Long id;
54+
55+
@ACL
56+
@Parameter(name = ApiConstants.ACL_ROLES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclRoleResponse.class, description = "comma separated list of acl role id that are going to be applied to the acl group.")
57+
private List<Long> roleIdList;
58+
59+
60+
/////////////////////////////////////////////////////
61+
/////////////////// Accessors ///////////////////////
62+
/////////////////////////////////////////////////////
63+
64+
65+
public Long getId() {
66+
return id;
67+
}
68+
69+
70+
public List<Long> getRoleIdList() {
71+
return roleIdList;
72+
}
73+
74+
/////////////////////////////////////////////////////
75+
/////////////// API Implementation///////////////////
76+
/////////////////////////////////////////////////////
77+
78+
79+
@Override
80+
public String getCommandName() {
81+
return s_name;
82+
}
83+
84+
85+
@Override
86+
public long getEntityOwnerId() {
87+
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
88+
}
89+
90+
@Override
91+
public void execute() throws ResourceUnavailableException,
92+
InsufficientCapacityException, ServerApiException {
93+
CallContext.current().setEventDetails("Acl group Id: " + getId());
94+
AclGroup result = _aclService.addAclRolesToGroup(roleIdList, id);
95+
if (result != null){
96+
AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
97+
response.setResponseName(getCommandName());
98+
setResponseObject(response);
99+
} else {
100+
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
101+
}
102+
}
103+
104+
105+
}

0 commit comments

Comments
 (0)