Example 21 with IAMPolicy
use of org.apache.cloudstack.iam.api.IAMPolicy in project cloudstack by apache.
the class IAMApiServiceTest method addRemovePermissionToPolicyTest.
@Test
public void addRemovePermissionToPolicyTest() {
IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
policies.add(policy);
Long policyId = policy.getId();
Long resId = 200L;
Class clz = ListVMsCmd.class;
when(_apiServer.getCmdClass("listVirtualMachines")).thenReturn(clz);
when(_iamSrv.addIAMPermissionToIAMPolicy(policyId, VirtualMachine.class.getSimpleName(), PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines", AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
_aclSrv.addIAMPermissionToIAMPolicy(policyId, VirtualMachine.class.getSimpleName(), PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false, false);
Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>, Integer>(policies, 1);
List<IAMPolicyPermission> policyPerms = new ArrayList<IAMPolicyPermission>();
IAMPolicyPermission perm = new IAMPolicyPermissionVO(policyId, "listVirtualMachines", VirtualMachine.class.getSimpleName(), AccessType.UseEntry.toString(), PermissionScope.RESOURCE.toString(), resId, Permission.Allow, false);
policyPerms.add(perm);
when(_iamSrv.listIAMPolicies(null, "policy1", callerDomainPath, 0L, 20L)).thenReturn(policyList);
when(_iamSrv.listPolicyPermissions(policyId)).thenReturn(policyPerms);
ListResponse<IAMPolicyResponse> policyResp = _aclSrv.listIAMPolicies(null, "policy1", callerDomainId, 0L, 20L);
assertTrue("No. of response items should be one", policyResp.getCount() == 1);
IAMPolicyResponse resp = policyResp.getResponses().get(0);
Set<IAMPermissionResponse> permList = resp.getPermissionList();
assertTrue("Permission list should not be empty", permList != null && permList.size() > 0);
IAMPermissionResponse permResp = permList.iterator().next();
assertEquals("There should be one permission for listVirtualMachines", "listVirtualMachines", permResp.getAction());
//remove permission from policy
policyPerms.remove(perm);
_aclSrv.removeIAMPermissionFromIAMPolicy(policyId, VirtualMachine.class.getSimpleName(), PermissionScope.RESOURCE, resId, "listVirtualMachines");
policyResp = _aclSrv.listIAMPolicies(null, "policy1", callerDomainId, 0L, 20L);
assertTrue("No. of response items should be one", policyResp.getCount() == 1);
resp = policyResp.getResponses().get(0);
permList = resp.getPermissionList();
assertTrue("Permission list should be empty", permList != null && permList.size() == 0);
}
Also used :
IAMPolicy(org.apache.cloudstack.iam.api.IAMPolicy)
IAMPolicyVO(org.apache.cloudstack.iam.server.IAMPolicyVO)
ArrayList(java.util.ArrayList)
IAMPolicyPermissionVO(org.apache.cloudstack.iam.server.IAMPolicyPermissionVO)
IAMPolicyResponse(org.apache.cloudstack.api.response.iam.IAMPolicyResponse)
ListVMsCmd(org.apache.cloudstack.api.command.user.vm.ListVMsCmd)
IAMPolicyPermission(org.apache.cloudstack.iam.api.IAMPolicyPermission)
IAMPermissionResponse(org.apache.cloudstack.api.response.iam.IAMPermissionResponse)
BeforeClass(org.junit.BeforeClass)
List(java.util.List)
ArrayList(java.util.ArrayList)
VirtualMachine(com.cloud.vm.VirtualMachine)
Pair(com.cloud.utils.Pair)
Test(org.junit.Test)
Example 22 with IAMPolicy
use of org.apache.cloudstack.iam.api.IAMPolicy in project cloudstack by apache.
the class IAMServiceImpl method getGrantedEntities.
@Override
public List<Long> getGrantedEntities(long accountId, String action, String scope) {
// Get the static Policies of the Caller
List<IAMPolicy> policies = listIAMPolicies(accountId);
// for each policy, find granted permission within the given scope
List<Long> entityIds = new ArrayList<Long>();
for (IAMPolicy policy : policies) {
List<IAMPolicyPermissionVO> pp = _policyPermissionDao.listByPolicyActionAndScope(policy.getId(), action, scope, null);
if (pp != null) {
for (IAMPolicyPermissionVO p : pp) {
if (p.getScopeId() != null) {
entityIds.add(p.getScopeId());
}
}
}
}
return entityIds;
}Example 23 with IAMPolicy
use of org.apache.cloudstack.iam.api.IAMPolicy in project cloudstack by apache.
the class IAMServiceImpl method attachIAMPolicyToAccounts.
@Override
public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
IAMPolicy policy = _aclPolicyDao.findById(policyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy: " + policyId + "; failed to add policy to account.");
}
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// add entries in acl_group_policy_map table
for (Long acctId : acctIds) {
IAMAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId);
if (acctMap == null) {
// not there already
acctMap = new IAMAccountPolicyMapVO(acctId, policyId);
_aclAccountPolicyMapDao.persist(acctMap);
}
}
}
});
invalidateIAMCache();
}
Also used :
IAMPolicy(org.apache.cloudstack.iam.api.IAMPolicy)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
TransactionCallbackNoReturn(com.cloud.utils.db.TransactionCallbackNoReturn)
Example 24 with IAMPolicy
use of org.apache.cloudstack.iam.api.IAMPolicy in project cloudstack by apache.
the class IAMServiceUnitTest method createAclPolicyTest.
@Test(expected = InvalidParameterValueException.class)
public void createAclPolicyTest() {
IAMPolicy policy = _iamService.createIAMPolicy("policy1", "my first policy", null, "/root/mydomain");
assertNotNull("Acl policy 'policy1' failed to create ", policy);
IAMPolicyVO rvo = new IAMPolicyVO("policy2", "second policy");
when(_aclPolicyDao.findByName(eq("policy2"))).thenReturn(rvo);
_iamService.createIAMPolicy("policy2", "second policy", null, "/root/mydomain");
}
Also used :
IAMPolicy(org.apache.cloudstack.iam.api.IAMPolicy)
IAMPolicyVO(org.apache.cloudstack.iam.server.IAMPolicyVO)
Test(org.junit.Test)
Example 25 with IAMPolicy
use of org.apache.cloudstack.iam.api.IAMPolicy in project cloudstack by apache.
the class RoleBasedEntityQuerySelector method isGrantedAll.
@Override
public boolean isGrantedAll(Account caller, String action, AccessType accessType) {
long accountId = caller.getAccountId();
if (accessType == null) {
// default always show resources authorized to use
accessType = AccessType.UseEntry;
}
// Get the static Policies of the Caller
List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
// for each policy, find granted permission with ALL scope
for (IAMPolicy policy : policies) {
List<IAMPolicyPermission> pp = new ArrayList<IAMPolicyPermission>();
pp.addAll(_iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString(), accessType.toString()));
if (pp != null && pp.size() > 0) {
return true;
}
}
return false;
}
Also used :
IAMPolicyPermission(org.apache.cloudstack.iam.api.IAMPolicyPermission)
IAMPolicy(org.apache.cloudstack.iam.api.IAMPolicy)
ArrayList(java.util.ArrayList)
Aggregations
IAMPolicy (org.apache.cloudstack.iam.api.IAMPolicy)35
ArrayList (java.util.ArrayList)16
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)12
DB (com.cloud.utils.db.DB)7
List (java.util.List)7
IAMPolicyPermission (org.apache.cloudstack.iam.api.IAMPolicyPermission)7
TransactionStatus (com.cloud.utils.db.TransactionStatus)6
IAMPolicyResponse (org.apache.cloudstack.api.response.iam.IAMPolicyResponse)6
IAMGroup (org.apache.cloudstack.iam.api.IAMGroup)6
Account (com.cloud.user.Account)5
TransactionCallbackNoReturn (com.cloud.utils.db.TransactionCallbackNoReturn)5
IAMPolicyVO (org.apache.cloudstack.iam.server.IAMPolicyVO)5
Test (org.junit.Test)5
Pair (com.cloud.utils.Pair)4
ServerApiException (org.apache.cloudstack.api.ServerApiException)4
Domain (com.cloud.domain.Domain)2
DomainVO (com.cloud.domain.DomainVO)2
PermissionDeniedException (com.cloud.exception.PermissionDeniedException)2
IAMGroupResponse (org.apache.cloudstack.api.response.iam.IAMGroupResponse)2
VirtualMachineTemplate (com.cloud.template.VirtualMachineTemplate)1
