Examples with IAMPolicyPermission org.apache.cloudstack.iam.api.IAMPolicyPermission used on opensource projects

Search in sources :

Example 6 with IAMPolicyPermission

use of org.apache.cloudstack.iam.api.IAMPolicyPermission in project cloudstack by apache.

the class RoleBasedEntityQuerySelector method getAuthorizedAccounts.

@Override
public List<Long> getAuthorizedAccounts(Account caller, String action, AccessType accessType) {
    long accountId = caller.getAccountId();
    if (accessType == null) {
        // default always show resources authorized to use
        accessType = AccessType.UseEntry;
    }
    // Get the static Policies of the Caller
    List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
    // for each policy, find granted permission with Account scope
    List<Long> accountIds = new ArrayList<Long>();
    for (IAMPolicy policy : policies) {
        List<IAMPolicyPermission> pp = new ArrayList<IAMPolicyPermission>();
        pp.addAll(_iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ACCOUNT.toString(), accessType.toString()));
        if (pp != null) {
            for (IAMPolicyPermission p : pp) {
                if (p.getScopeId() != null) {
                    if (p.getScopeId().longValue() == -1) {
                        accountIds.add(caller.getId());
                    } else {
                        accountIds.add(p.getScopeId());
                    }
                }
            }
        }
    }
    return accountIds;
}
Also used : IAMPolicyPermission(org.apache.cloudstack.iam.api.IAMPolicyPermission) IAMPolicy(org.apache.cloudstack.iam.api.IAMPolicy) ArrayList(java.util.ArrayList)

Example 7 with IAMPolicyPermission

use of org.apache.cloudstack.iam.api.IAMPolicyPermission in project cloudstack by apache.

the class IAMApiServiceTest method addRemovePermissionToPolicyTest.

@Test
public void addRemovePermissionToPolicyTest() {
    IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
    List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
    policies.add(policy);
    Long policyId = policy.getId();
    Long resId = 200L;
    Class clz = ListVMsCmd.class;
    when(_apiServer.getCmdClass("listVirtualMachines")).thenReturn(clz);
    when(_iamSrv.addIAMPermissionToIAMPolicy(policyId, VirtualMachine.class.getSimpleName(), PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines", AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
    _aclSrv.addIAMPermissionToIAMPolicy(policyId, VirtualMachine.class.getSimpleName(), PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false, false);
    Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>, Integer>(policies, 1);
    List<IAMPolicyPermission> policyPerms = new ArrayList<IAMPolicyPermission>();
    IAMPolicyPermission perm = new IAMPolicyPermissionVO(policyId, "listVirtualMachines", VirtualMachine.class.getSimpleName(), AccessType.UseEntry.toString(), PermissionScope.RESOURCE.toString(), resId, Permission.Allow, false);
    policyPerms.add(perm);
    when(_iamSrv.listIAMPolicies(null, "policy1", callerDomainPath, 0L, 20L)).thenReturn(policyList);
    when(_iamSrv.listPolicyPermissions(policyId)).thenReturn(policyPerms);
    ListResponse<IAMPolicyResponse> policyResp = _aclSrv.listIAMPolicies(null, "policy1", callerDomainId, 0L, 20L);
    assertTrue("No. of response items should be one", policyResp.getCount() == 1);
    IAMPolicyResponse resp = policyResp.getResponses().get(0);
    Set<IAMPermissionResponse> permList = resp.getPermissionList();
    assertTrue("Permission list should not be empty", permList != null && permList.size() > 0);
    IAMPermissionResponse permResp = permList.iterator().next();
    assertEquals("There should be one permission for listVirtualMachines", "listVirtualMachines", permResp.getAction());
    //remove permission from policy
    policyPerms.remove(perm);
    _aclSrv.removeIAMPermissionFromIAMPolicy(policyId, VirtualMachine.class.getSimpleName(), PermissionScope.RESOURCE, resId, "listVirtualMachines");
    policyResp = _aclSrv.listIAMPolicies(null, "policy1", callerDomainId, 0L, 20L);
    assertTrue("No. of response items should be one", policyResp.getCount() == 1);
    resp = policyResp.getResponses().get(0);
    permList = resp.getPermissionList();
    assertTrue("Permission list should be empty", permList != null && permList.size() == 0);
}
Also used : IAMPolicy(org.apache.cloudstack.iam.api.IAMPolicy) IAMPolicyVO(org.apache.cloudstack.iam.server.IAMPolicyVO) ArrayList(java.util.ArrayList) IAMPolicyPermissionVO(org.apache.cloudstack.iam.server.IAMPolicyPermissionVO) IAMPolicyResponse(org.apache.cloudstack.api.response.iam.IAMPolicyResponse) ListVMsCmd(org.apache.cloudstack.api.command.user.vm.ListVMsCmd) IAMPolicyPermission(org.apache.cloudstack.iam.api.IAMPolicyPermission) IAMPermissionResponse(org.apache.cloudstack.api.response.iam.IAMPermissionResponse) BeforeClass(org.junit.BeforeClass) List(java.util.List) ArrayList(java.util.ArrayList) VirtualMachine(com.cloud.vm.VirtualMachine) Pair(com.cloud.utils.Pair) Test(org.junit.Test)

Example 8 with IAMPolicyPermission

use of org.apache.cloudstack.iam.api.IAMPolicyPermission in project cloudstack by apache.

the class RoleBasedEntityQuerySelector method isGrantedAll.

@Override
public boolean isGrantedAll(Account caller, String action, AccessType accessType) {
    long accountId = caller.getAccountId();
    if (accessType == null) {
        // default always show resources authorized to use
        accessType = AccessType.UseEntry;
    }
    // Get the static Policies of the Caller
    List<IAMPolicy> policies = _iamService.listIAMPolicies(accountId);
    // for each policy, find granted permission with ALL scope
    for (IAMPolicy policy : policies) {
        List<IAMPolicyPermission> pp = new ArrayList<IAMPolicyPermission>();
        pp.addAll(_iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString(), accessType.toString()));
        if (pp != null && pp.size() > 0) {
            return true;
        }
    }
    return false;
}
Also used : IAMPolicyPermission(org.apache.cloudstack.iam.api.IAMPolicyPermission) IAMPolicy(org.apache.cloudstack.iam.api.IAMPolicy) ArrayList(java.util.ArrayList)

Aggregations

IAMPolicyPermission (org.apache.cloudstack.iam.api.IAMPolicyPermission)8 IAMPolicy (org.apache.cloudstack.iam.api.IAMPolicy)7 ArrayList (java.util.ArrayList)6 DomainVO (com.cloud.domain.DomainVO)2 IAMPermissionResponse (org.apache.cloudstack.api.response.iam.IAMPermissionResponse)2 IAMPolicyResponse (org.apache.cloudstack.api.response.iam.IAMPolicyResponse)2 InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)1 PermissionDeniedException (com.cloud.exception.PermissionDeniedException)1 Account (com.cloud.user.Account)1 AccountVO (com.cloud.user.AccountVO)1 Pair (com.cloud.utils.Pair)1 VirtualMachine (com.cloud.vm.VirtualMachine)1 HashMap (java.util.HashMap)1 List (java.util.List)1 AccessType (org.apache.cloudstack.acl.SecurityChecker.AccessType)1 ListVMsCmd (org.apache.cloudstack.api.command.user.vm.ListVMsCmd)1 IAMGroup (org.apache.cloudstack.iam.api.IAMGroup)1 IAMPolicyPermissionVO (org.apache.cloudstack.iam.server.IAMPolicyPermissionVO)1 IAMPolicyVO (org.apache.cloudstack.iam.server.IAMPolicyVO)1 BeforeClass (org.junit.BeforeClass)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial