use of com.cloud.domain.Domain in project cloudstack by apache.
the class QueryManagerImpl method searchForDomainsInternal.
private Pair<List<DomainJoinVO>, Integer> searchForDomainsInternal(ListDomainsCmd cmd) {
Account caller = CallContext.current().getCallingAccount();
Long domainId = cmd.getId();
boolean listAll = cmd.listAll();
boolean isRecursive = false;
if (domainId != null) {
Domain domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
}
_accountMgr.checkAccess(caller, domain);
} else {
if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
domainId = caller.getDomainId();
}
if (listAll) {
isRecursive = true;
}
}
Filter searchFilter = new Filter(DomainJoinVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal());
String domainName = cmd.getDomainName();
Integer level = cmd.getLevel();
Object keyword = cmd.getKeyword();
SearchBuilder<DomainJoinVO> sb = _domainJoinDao.createSearchBuilder();
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.and("level", sb.entity().getLevel(), SearchCriteria.Op.EQ);
sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE);
sb.and("state", sb.entity().getState(), SearchCriteria.Op.EQ);
SearchCriteria<DomainJoinVO> sc = sb.create();
if (keyword != null) {
SearchCriteria<DomainJoinVO> ssc = _domainJoinDao.createSearchCriteria();
ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
sc.addAnd("name", SearchCriteria.Op.SC, ssc);
}
if (domainName != null) {
sc.setParameters("name", domainName);
}
if (level != null) {
sc.setParameters("level", level);
}
if (domainId != null) {
if (isRecursive) {
sc.setParameters("path", _domainDao.findById(domainId).getPath() + "%");
} else {
sc.setParameters("id", domainId);
}
}
// return only Active domains to the API
sc.setParameters("state", Domain.State.Active);
return _domainJoinDao.searchAndCount(sc, searchFilter);
}
use of com.cloud.domain.Domain in project cloudstack by apache.
the class QueryManagerImpl method searchForAccountsInternal.
private Pair<List<AccountJoinVO>, Integer> searchForAccountsInternal(ListAccountsCmd cmd) {
Account caller = CallContext.current().getCallingAccount();
Long domainId = cmd.getDomainId();
Long accountId = cmd.getId();
String accountName = cmd.getSearchName();
boolean isRecursive = cmd.isRecursive();
boolean listAll = cmd.listAll();
Boolean listForDomain = false;
if (accountId != null) {
Account account = _accountDao.findById(accountId);
if (account == null || account.getId() == Account.ACCOUNT_ID_SYSTEM) {
throw new InvalidParameterValueException("Unable to find account by id " + accountId);
}
_accountMgr.checkAccess(caller, null, true, account);
}
if (domainId != null) {
Domain domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
}
_accountMgr.checkAccess(caller, domain);
if (accountName != null) {
Account account = _accountDao.findActiveAccount(accountName, domainId);
if (account == null || account.getId() == Account.ACCOUNT_ID_SYSTEM) {
throw new InvalidParameterValueException("Unable to find account by name " + accountName + " in domain " + domainId);
}
_accountMgr.checkAccess(caller, null, true, account);
}
}
if (accountId == null) {
if (_accountMgr.isAdmin(caller.getId()) && listAll && domainId == null) {
listForDomain = true;
isRecursive = true;
if (domainId == null) {
domainId = caller.getDomainId();
}
} else if (_accountMgr.isAdmin(caller.getId()) && domainId != null) {
listForDomain = true;
} else {
accountId = caller.getAccountId();
}
}
Filter searchFilter = new Filter(AccountJoinVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal());
Object type = cmd.getAccountType();
Object state = cmd.getState();
Object isCleanupRequired = cmd.isCleanupRequired();
Object keyword = cmd.getKeyword();
SearchBuilder<AccountJoinVO> sb = _accountJoinDao.createSearchBuilder();
sb.and("accountName", sb.entity().getAccountName(), SearchCriteria.Op.EQ);
sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
sb.and("type", sb.entity().getType(), SearchCriteria.Op.EQ);
sb.and("state", sb.entity().getState(), SearchCriteria.Op.EQ);
sb.and("needsCleanup", sb.entity().isNeedsCleanup(), SearchCriteria.Op.EQ);
sb.and("typeNEQ", sb.entity().getType(), SearchCriteria.Op.NEQ);
sb.and("idNEQ", sb.entity().getId(), SearchCriteria.Op.NEQ);
if (listForDomain && isRecursive) {
sb.and("path", sb.entity().getDomainPath(), SearchCriteria.Op.LIKE);
}
SearchCriteria<AccountJoinVO> sc = sb.create();
sc.setParameters("idNEQ", Account.ACCOUNT_ID_SYSTEM);
if (keyword != null) {
SearchCriteria<AccountJoinVO> ssc = _accountJoinDao.createSearchCriteria();
ssc.addOr("accountName", SearchCriteria.Op.LIKE, "%" + keyword + "%");
ssc.addOr("state", SearchCriteria.Op.LIKE, "%" + keyword + "%");
sc.addAnd("accountName", SearchCriteria.Op.SC, ssc);
}
if (type != null) {
sc.setParameters("type", type);
}
if (state != null) {
sc.setParameters("state", state);
}
if (isCleanupRequired != null) {
sc.setParameters("needsCleanup", isCleanupRequired);
}
if (accountName != null) {
sc.setParameters("accountName", accountName);
}
// don't return account of type project to the end user
sc.setParameters("typeNEQ", 5);
if (accountId != null) {
sc.setParameters("id", accountId);
}
if (listForDomain) {
if (isRecursive) {
Domain domain = _domainDao.findById(domainId);
sc.setParameters("path", domain.getPath() + "%");
} else {
sc.setParameters("domainId", domainId);
}
}
return _accountJoinDao.searchAndCount(sc, searchFilter);
}
use of com.cloud.domain.Domain in project cloudstack by apache.
the class IAMApiServiceImpl method configure.
@Override
public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
_messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
HashMap<Long, Long> acctGroupMap = (HashMap<Long, Long>) obj;
for (Long accountId : acctGroupMap.keySet()) {
Long groupId = acctGroupMap.get(accountId);
s_logger.debug("MessageBus message: new Account Added: " + accountId + ", adding it to groupId :" + groupId);
addAccountToIAMGroup(accountId, groupId);
// add it to domain group too
AccountVO account = _accountDao.findById(accountId);
Domain domain = _domainDao.findById(account.getDomainId());
if (domain != null) {
List<IAMGroup> domainGroups = listDomainGroup(domain);
if (domainGroups != null) {
for (IAMGroup group : domainGroups) {
addAccountToIAMGroup(accountId, new Long(group.getId()));
}
}
}
}
}
});
_messageBus.subscribe(AccountManager.MESSAGE_REMOVE_ACCOUNT_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
Long accountId = ((Long) obj);
if (accountId != null) {
s_logger.debug("MessageBus message: Account removed: " + accountId + ", releasing the group associations");
removeAccountFromIAMGroups(accountId);
}
}
});
_messageBus.subscribe(DomainManager.MESSAGE_ADD_DOMAIN_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
Long domainId = ((Long) obj);
if (domainId != null) {
s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
Domain domain = _domainDao.findById(domainId);
_iamSrv.createIAMGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
}
}
});
_messageBus.subscribe(DomainManager.MESSAGE_REMOVE_DOMAIN_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
Long domainId = ((Long) obj);
if (domainId != null) {
s_logger.debug("MessageBus message: Domain removed: " + domainId + ", removing the domain group");
Domain domain = _domainDao.findById(domainId);
List<IAMGroup> groups = listDomainGroup(domain);
for (IAMGroup group : groups) {
_iamSrv.deleteIAMGroup(group.getId());
}
}
}
});
_messageBus.subscribe(TemplateManager.MESSAGE_REGISTER_PUBLIC_TEMPLATE_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
Long templateId = (Long) obj;
if (templateId != null) {
s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to default root admin, domain admin and normal user policies");
_iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1), VirtualMachineTemplate.class.getSimpleName(), PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
_iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), VirtualMachineTemplate.class.getSimpleName(), PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
_iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), VirtualMachineTemplate.class.getSimpleName(), PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
}
}
});
_messageBus.subscribe(TemplateManager.MESSAGE_RESET_TEMPLATE_PERMISSION_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
Long templateId = (Long) obj;
if (templateId != null) {
s_logger.debug("MessageBus message: reset template permission: " + templateId);
resetTemplatePermission(templateId);
}
}
});
_messageBus.subscribe(EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
Pair<Class<?>, Long> entity = (Pair<Class<?>, Long>) obj;
if (entity != null) {
String entityType = entity.first().getSimpleName();
Long entityId = entity.second();
s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
_iamSrv.removeIAMPermissionForEntity(entityType, entityId);
}
}
});
_messageBus.subscribe(EntityManager.MESSAGE_GRANT_ENTITY_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
Map<String, Object> permit = (Map<String, Object>) obj;
if (permit != null) {
Class<?> entityType = (Class<?>) permit.get(ApiConstants.ENTITY_TYPE);
Long entityId = (Long) permit.get(ApiConstants.ENTITY_ID);
AccessType accessType = (AccessType) permit.get(ApiConstants.ACCESS_TYPE);
String action = (String) permit.get(ApiConstants.IAM_ACTION);
List<Long> acctIds = (List<Long>) permit.get(ApiConstants.ACCOUNTS);
s_logger.debug("MessageBus message: grant accounts permission to an entity: (" + entityType + "," + entityId + ")");
grantEntityPermissioinToAccounts(entityType.getSimpleName(), entityId, accessType, action, acctIds);
}
}
});
_messageBus.subscribe(EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
Map<String, Object> permit = (Map<String, Object>) obj;
if (permit != null) {
Class<?> entityType = (Class<?>) permit.get(ApiConstants.ENTITY_TYPE);
Long entityId = (Long) permit.get(ApiConstants.ENTITY_ID);
AccessType accessType = (AccessType) permit.get(ApiConstants.ACCESS_TYPE);
String action = (String) permit.get(ApiConstants.IAM_ACTION);
List<Long> acctIds = (List<Long>) permit.get(ApiConstants.ACCOUNTS);
s_logger.debug("MessageBus message: revoke from accounts permission to an entity: (" + entityType + "," + entityId + ")");
revokeEntityPermissioinFromAccounts(entityType.getSimpleName(), entityId, accessType, action, acctIds);
}
}
});
_messageBus.subscribe(EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, new MessageSubscriber() {
@Override
public void onPublishMessage(String senderAddress, String subject, Object obj) {
Map<String, Object> params = (Map<String, Object>) obj;
if (params != null) {
addDomainWideResourceAccess(params);
}
}
});
return super.configure(name, params);
}
use of com.cloud.domain.Domain in project cloudstack by apache.
the class IAMApiServiceImpl method createPolicyAndAddToDomainGroup.
private void createPolicyAndAddToDomainGroup(String policyName, String description, String entityType, Long entityId, String action, AccessType accessType, Long domainId, Boolean recursive) {
Domain domain = _domainDao.findById(domainId);
if (domain != null) {
IAMPolicy policy = _iamSrv.createIAMPolicy(policyName, description, null, domain.getPath());
_iamSrv.addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(), entityId, action, accessType.toString(), Permission.Allow, recursive);
List<Long> policyList = new ArrayList<Long>();
policyList.add(new Long(policy.getId()));
List<IAMGroup> domainGroups = listDomainGroup(domain);
if (domainGroups != null) {
for (IAMGroup group : domainGroups) {
_iamSrv.attachIAMPoliciesToGroup(policyList, group.getId());
}
}
}
}
use of com.cloud.domain.Domain in project cloudstack by apache.
the class IAMApiServiceImpl method createIAMPolicy.
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_CREATE, eventDescription = "Creating IAM Policy", create = true)
public IAMPolicy createIAMPolicy(Account caller, final String iamPolicyName, final String description, final Long parentPolicyId) {
Long domainId = caller.getDomainId();
Domain callerDomain = _domainDao.findById(domainId);
if (callerDomain == null) {
throw new InvalidParameterValueException("Caller does not have a domain");
}
return _iamSrv.createIAMPolicy(iamPolicyName, description, parentPolicyId, callerDomain.getPath());
}
Aggregations