Example 6 with IAMGroup
use of org.apache.cloudstack.iam.api.IAMGroup in project cloudstack by apache.
the class IAMServiceImpl method listParentIAMGroups.
@Override
public List<IAMGroup> listParentIAMGroups(long groupId) {
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + groupId);
}
String path = group.getPath();
List<String> pathList = new ArrayList<String>();
String[] parts = path.split("/");
for (String part : parts) {
int start = path.indexOf(part);
if (start > 0) {
String subPath = path.substring(0, start);
pathList.add(subPath);
}
}
if (pathList.isEmpty()) {
return new ArrayList<IAMGroup>();
}
SearchBuilder<IAMGroupVO> sb = _aclGroupDao.createSearchBuilder();
sb.and("paths", sb.entity().getPath(), SearchCriteria.Op.IN);
SearchCriteria<IAMGroupVO> sc = sb.create();
sc.setParameters("paths", pathList.toArray());
List<IAMGroupVO> groups = _aclGroupDao.search(sc, null);
return new ArrayList<IAMGroup>(groups);
}
Also used :
IAMGroup(org.apache.cloudstack.iam.api.IAMGroup)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
ArrayList(java.util.ArrayList)
Example 7 with IAMGroup
use of org.apache.cloudstack.iam.api.IAMGroup in project cloudstack by apache.
the class RoleBasedEntityAccessChecker method getEffectivePolicies.
private List<IAMPolicy> getEffectivePolicies(Account caller) {
List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getId());
List<IAMGroup> groups = _iamSrv.listIAMGroups(caller.getId());
for (IAMGroup group : groups) {
// for each group find the grand parent groups.
List<IAMGroup> parentGroups = _iamSrv.listParentIAMGroups(group.getId());
for (IAMGroup parentGroup : parentGroups) {
policies.addAll(_iamSrv.listRecursiveIAMPoliciesByGroup(parentGroup.getId()));
}
}
return policies;
}Example 8 with IAMGroup
use of org.apache.cloudstack.iam.api.IAMGroup in project cloudstack by apache.
the class RoleBasedEntityQuerySelector method getAuthorizedResources.
@Override
public List<Long> getAuthorizedResources(Account caller, String action, AccessType accessType) {
long accountId = caller.getAccountId();
if (accessType == null) {
// default always show resources authorized to use
accessType = AccessType.UseEntry;
}
// Get the static Policies of the Caller
List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// add the policies that grant recursive access
List<IAMGroup> groups = _iamService.listIAMGroups(caller.getId());
for (IAMGroup group : groups) {
// for each group find the grand parent groups.
List<IAMGroup> parentGroups = _iamService.listParentIAMGroups(group.getId());
for (IAMGroup parentGroup : parentGroups) {
policies.addAll(_iamService.listRecursiveIAMPoliciesByGroup(parentGroup.getId()));
}
}
// for each policy, find granted permission with Resource scope
List<Long> entityIds = new ArrayList<Long>();
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> pp = new ArrayList<IAMPolicyPermission>();
pp.addAll(_iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.RESOURCE.toString(), accessType.toString()));
if (pp != null) {
for (IAMPolicyPermission p : pp) {
if (p.getScopeId() != null) {
entityIds.add(p.getScopeId());
}
}
}
}
return entityIds;
}
Also used :
IAMGroup(org.apache.cloudstack.iam.api.IAMGroup)
IAMPolicyPermission(org.apache.cloudstack.iam.api.IAMPolicyPermission)
IAMPolicy(org.apache.cloudstack.iam.api.IAMPolicy)
ArrayList(java.util.ArrayList)
Example 9 with IAMGroup
use of org.apache.cloudstack.iam.api.IAMGroup in project cloudstack by apache.
the class IAMServiceImpl method removeAccountsFromGroup.
@DB
@Override
public IAMGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
// get the Acl Group entity
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId + "; failed to remove accounts from acl group.");
}
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove entries from acl_group_account_map table
for (Long acctId : acctIds) {
IAMGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
if (grMap != null) {
// not removed yet
_aclGroupAccountMapDao.remove(grMap.getId());
}
}
}
});
invalidateIAMCache();
return group;
}
Also used :
IAMGroup(org.apache.cloudstack.iam.api.IAMGroup)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
TransactionCallbackNoReturn(com.cloud.utils.db.TransactionCallbackNoReturn)
DB(com.cloud.utils.db.DB)
Example 10 with IAMGroup
use of org.apache.cloudstack.iam.api.IAMGroup in project cloudstack by apache.
the class IAMServiceImpl method attachIAMPoliciesToGroup.
@DB
@Override
public IAMGroup attachIAMPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
// get the Acl Group entity
IAMGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group: " + groupId + "; failed to add roles to acl group.");
}
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_policy_map table
for (Long policyId : policyIds) {
IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId + "; failed to add policies to acl group.");
}
IAMGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
if (grMap == null) {
// not there already
grMap = new IAMGroupPolicyMapVO(groupId, policyId);
_aclGroupPolicyMapDao.persist(grMap);
}
}
}
});
invalidateIAMCache();
return group;
}
Also used :
IAMGroup(org.apache.cloudstack.iam.api.IAMGroup)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
IAMPolicy(org.apache.cloudstack.iam.api.IAMPolicy)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
TransactionCallbackNoReturn(com.cloud.utils.db.TransactionCallbackNoReturn)
DB(com.cloud.utils.db.DB)
Aggregations
IAMGroup (org.apache.cloudstack.iam.api.IAMGroup)26
ArrayList (java.util.ArrayList)13
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)9
IAMGroupResponse (org.apache.cloudstack.api.response.iam.IAMGroupResponse)9
List (java.util.List)7
DB (com.cloud.utils.db.DB)6
ServerApiException (org.apache.cloudstack.api.ServerApiException)6
IAMPolicy (org.apache.cloudstack.iam.api.IAMPolicy)6
Pair (com.cloud.utils.Pair)5
TransactionCallbackNoReturn (com.cloud.utils.db.TransactionCallbackNoReturn)5
TransactionStatus (com.cloud.utils.db.TransactionStatus)5
IAMGroupVO (org.apache.cloudstack.iam.server.IAMGroupVO)5
Test (org.junit.Test)5
Domain (com.cloud.domain.Domain)3
Account (com.cloud.user.Account)2
AccountVO (com.cloud.user.AccountVO)2
SSHKeyPair (com.cloud.user.SSHKeyPair)1
Filter (com.cloud.utils.db.Filter)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
