cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject [14/50] [abbrv] iam/plugin: Rename Acl to IAM everywhere
Date Thu, 13 Mar 2014 23:55:07 GMT
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
deleted file mode 100644
index 68b4df9..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPermissionResponse.java
+++ /dev/null
@@ -1,125 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.iam;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.acl.IAMEntityType;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-
-import com.cloud.serializer.Param;
-
-public class AclPermissionResponse extends BaseResponse {
-
-    @SerializedName(ApiConstants.ACL_ACTION)
-    @Param(description = "action of this permission")
-    private String action;
-
-    @SerializedName(ApiConstants.ENTITY_TYPE)
-    @Param(description = "the entity type of this permission")
-    private IAMEntityType entityType;
-
-    @SerializedName(ApiConstants.ACL_SCOPE)
-    @Param(description = "scope of this permission")
-    private PermissionScope scope;
-
-    @SerializedName(ApiConstants.ACL_SCOPE_ID)
-    @Param(description = "scope id of this permission")
-    private Long scopeId;
-
-    @SerializedName(ApiConstants.ACL_ALLOW_DENY)
-    @Param(description = "allow or deny of this permission")
-    private AclPolicyPermission.Permission permission;
-
-    public IAMEntityType getEntityType() {
-        return entityType;
-    }
-
-    public void setEntityType(IAMEntityType entityType) {
-        this.entityType = entityType;
-    }
-
-    public String getAction() {
-        return action;
-    }
-
-    public void setAction(String action) {
-        this.action = action;
-    }
-
-    public PermissionScope getScope() {
-        return scope;
-    }
-
-    public void setScope(PermissionScope scope) {
-        this.scope = scope;
-    }
-
-    public Long getScopeId() {
-        return scopeId;
-    }
-
-    public void setScopeId(Long scopeId) {
-        this.scopeId = scopeId;
-    }
-
-    public AclPolicyPermission.Permission getPermission() {
-        return permission;
-    }
-
-    public void setPermission(AclPolicyPermission.Permission permission) {
-        this.permission = permission;
-    }
-
-    @Override
-    public int hashCode() {
-        final int prime = 31;
-        int result = 1;
-        result = prime * result + ((action == null) ? 0 : action.hashCode());
-        result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
-        result = prime * result + ((scope == null) ? 0 : scope.hashCode());
-        result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
-        return result;
-    }
-
-    @Override
-    public boolean equals(Object obj) {
-        if (this == obj)
-            return true;
-        if (obj == null)
-            return false;
-        if (getClass() != obj.getClass())
-            return false;
-        AclPermissionResponse other = (AclPermissionResponse) obj;
-        if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
-            return false;
-        } else if ((action == null && other.action != null) || !action.equals(other.action)) {
-            return false;
-        } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
-            return false;
-        } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
-            return false;
-        }
-        return true;
-    }
-
-
-
-}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
deleted file mode 100644
index 12d90de..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/AclPolicyResponse.java
+++ /dev/null
@@ -1,177 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response.iam;
-
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.api.EntityReference;
-import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
-import org.apache.cloudstack.iam.api.AclPolicy;
-
-import com.cloud.serializer.Param;
-
-@SuppressWarnings("unused")
-@EntityReference(value = AclPolicy.class)
-public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
-
-    @SerializedName(ApiConstants.ID)
-    @Param(description = "the ID of the acl policy")
-    private String id;
-
-    @SerializedName(ApiConstants.NAME)
-    @Param(description = "the name of the acl policy")
-    private String name;
-
-    @SerializedName(ApiConstants.DESCRIPTION)
-    @Param(description = "the description of the acl policy")
-    private String description;
-
-    @SerializedName(ApiConstants.DOMAIN_ID)
-    @Param(description = "the domain ID of the acl policy")
-    private String domainId;
-
-    @SerializedName(ApiConstants.DOMAIN)
-    @Param(description = "the domain name of the acl policy")
-    private String domainName;
-
-    @SerializedName(ApiConstants.ACCOUNT)
-    @Param(description = "the account owning the policy")
-    private String accountName;
-
-    @SerializedName(ApiConstants.ACL_PERMISSIONS)
-    @Param(description = "set of permissions for the acl policy")
-    private Set<AclPermissionResponse> permissionList;
-
-    public AclPolicyResponse() {
-        permissionList = new LinkedHashSet<AclPermissionResponse>();
-    }
-
-    @Override
-    public String getObjectId() {
-        return getId();
-    }
-
-
-    public String getId() {
-        return id;
-     }
-
-    public void setId(String id) {
-        this.id = id;
-    }
-
-
-    public void setName(String name) {
-        this.name = name;
-    }
-
-    public void setDescription(String description) {
-        this.description = description;
-    }
-
-    @Override
-    public void setDomainId(String domainId) {
-        this.domainId = domainId;
-    }
-
-    @Override
-    public void setDomainName(String domainName) {
-        this.domainName = domainName;
-    }
-
-    public Set<AclPermissionResponse> getPermissionList() {
-        return permissionList;
-    }
-
-    public void setPermissionList(Set<AclPermissionResponse> perms) {
-        permissionList = perms;
-    }
-
-    public void addPermission(AclPermissionResponse perm) {
-        permissionList.add(perm);
-    }
-
-    @Override
-    public void setAccountName(String accountName) {
-        this.accountName = accountName;
-    }
-
-    @Override
-    public void setProjectId(String projectId) {
-        // TODO Auto-generated method stub
-
-    }
-
-    @Override
-    public void setProjectName(String projectName) {
-        // TODO Auto-generated method stub
-
-    }
-
-    public String getName() {
-        return name;
-    }
-
-    public String getDescription() {
-        return description;
-    }
-
-    public String getDomainId() {
-        return domainId;
-    }
-
-    public String getDomainName() {
-        return domainName;
-    }
-
-    public String getAccountName() {
-        return accountName;
-    }
-
-    @Override
-    public int hashCode() {
-        final int prime = 31;
-        int result = 1;
-        result = prime * result + ((id == null) ? 0 : id.hashCode());
-        return result;
-    }
-
-    @Override
-    public boolean equals(Object obj) {
-        if (this == obj)
-            return true;
-        if (obj == null)
-            return false;
-        if (getClass() != obj.getClass())
-            return false;
-        AclPolicyResponse other = (AclPolicyResponse) obj;
-        if (id == null) {
-            if (other.id != null)
-                return false;
-        } else if (!id.equals(other.id))
-            return false;
-        return true;
-    }
-
-
-
-}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java
new file mode 100644
index 0000000..af28d53
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMGroupResponse.java
@@ -0,0 +1,193 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+import org.apache.cloudstack.iam.api.IAMGroup;
+
+import com.cloud.serializer.Param;
+
+@SuppressWarnings("unused")
+@EntityReference(value = IAMGroup.class)
+public class IAMGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
+
+    @SerializedName(ApiConstants.ID)
+    @Param(description = "the ID of the iam group")
+    private String id;
+
+    @SerializedName(ApiConstants.NAME)
+    @Param(description = "the name of the iam group")
+    private String name;
+
+    @SerializedName(ApiConstants.DESCRIPTION)
+    @Param(description = "the description of the iam group")
+    private String description;
+
+    @SerializedName(ApiConstants.DOMAIN_ID)
+    @Param(description = "the domain ID of the iam group")
+    private String domainId;
+
+    @SerializedName(ApiConstants.DOMAIN)
+    @Param(description = "the domain name of the iam role")
+    private String domainName;
+
+    @SerializedName(ApiConstants.ACCOUNT)
+    @Param(description = "the account owning the policy")
+    private String accountName;
+
+    @SerializedName(ApiConstants.IAM_MEMBER_ACCOUNTS)
+    @Param(description = "account names assigned to this iam group ")
+    private Set<String> accountNameList;
+
+    @SerializedName(ApiConstants.IAM_POLICIES)
+    @Param(description = "iam policies attached to this iam group ")
+    private Set<String> policyNameList;
+
+    public IAMGroupResponse() {
+        accountNameList = new LinkedHashSet<String>();
+        policyNameList = new LinkedHashSet<String>();
+    }
+
+    @Override
+    public String getObjectId() {
+        return getId();
+    }
+
+
+    public String getId() {
+        return id;
+     }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    @Override
+    public void setDomainId(String domainId) {
+        this.domainId = domainId;
+    }
+
+    @Override
+    public void setDomainName(String domainName) {
+        this.domainName = domainName;
+    }
+
+    @Override
+    public void setAccountName(String accountName) {
+        this.accountName = accountName;
+
+    }
+
+    @Override
+    public void setProjectId(String projectId) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void setProjectName(String projectName) {
+        // TODO Auto-generated method stub
+
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public String getDomainId() {
+        return domainId;
+    }
+
+    public String getDomainName() {
+        return domainName;
+    }
+
+    public String getAccountName() {
+        return accountName;
+    }
+
+    public Set<String> getAccountNameList() {
+        return accountNameList;
+    }
+
+    public void setMemberAccounts(Set<String> accts) {
+        accountNameList = accts;
+    }
+
+    public void addMemberAccount(String acct) {
+        accountNameList.add(acct);
+    }
+
+    public void setPolicyList(Set<String> policies) {
+        policyNameList = policies;
+    }
+
+    public void addPolicy(String policy) {
+        policyNameList.add(policy);
+    }
+
+    public Set<String> getPolicyList() {
+        return policyNameList;
+    }
+
+    @Override
+    public int hashCode() {
+        final int prime = 31;
+        int result = 1;
+        result = prime * result + ((id == null) ? 0 : id.hashCode());
+        return result;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj)
+            return true;
+        if (obj == null)
+            return false;
+        if (getClass() != obj.getClass())
+            return false;
+        IAMGroupResponse other = (IAMGroupResponse)obj;
+        if (id == null) {
+            if (other.id != null)
+                return false;
+        } else if (!id.equals(other.id))
+            return false;
+        return true;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
new file mode 100644
index 0000000..b7af4da
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java
@@ -0,0 +1,125 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.acl.IAMEntityType;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+
+import com.cloud.serializer.Param;
+
+public class IAMPermissionResponse extends BaseResponse {
+
+    @SerializedName(ApiConstants.IAM_ACTION)
+    @Param(description = "action of this permission")
+    private String action;
+
+    @SerializedName(ApiConstants.ENTITY_TYPE)
+    @Param(description = "the entity type of this permission")
+    private IAMEntityType entityType;
+
+    @SerializedName(ApiConstants.IAM_SCOPE)
+    @Param(description = "scope of this permission")
+    private PermissionScope scope;
+
+    @SerializedName(ApiConstants.IAM_SCOPE_ID)
+    @Param(description = "scope id of this permission")
+    private Long scopeId;
+
+    @SerializedName(ApiConstants.IAM_ALLOW_DENY)
+    @Param(description = "allow or deny of this permission")
+    private IAMPolicyPermission.Permission permission;
+
+    public IAMEntityType getEntityType() {
+        return entityType;
+    }
+
+    public void setEntityType(IAMEntityType entityType) {
+        this.entityType = entityType;
+    }
+
+    public String getAction() {
+        return action;
+    }
+
+    public void setAction(String action) {
+        this.action = action;
+    }
+
+    public PermissionScope getScope() {
+        return scope;
+    }
+
+    public void setScope(PermissionScope scope) {
+        this.scope = scope;
+    }
+
+    public Long getScopeId() {
+        return scopeId;
+    }
+
+    public void setScopeId(Long scopeId) {
+        this.scopeId = scopeId;
+    }
+
+    public IAMPolicyPermission.Permission getPermission() {
+        return permission;
+    }
+
+    public void setPermission(IAMPolicyPermission.Permission permission) {
+        this.permission = permission;
+    }
+
+    @Override
+    public int hashCode() {
+        final int prime = 31;
+        int result = 1;
+        result = prime * result + ((action == null) ? 0 : action.hashCode());
+        result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
+        result = prime * result + ((scope == null) ? 0 : scope.hashCode());
+        result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
+        return result;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj)
+            return true;
+        if (obj == null)
+            return false;
+        if (getClass() != obj.getClass())
+            return false;
+        IAMPermissionResponse other = (IAMPermissionResponse) obj;
+        if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
+            return false;
+        } else if ((action == null && other.action != null) || !action.equals(other.action)) {
+            return false;
+        } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
+            return false;
+        } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
+            return false;
+        }
+        return true;
+    }
+
+
+
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java
new file mode 100644
index 0000000..dc29369
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPolicyResponse.java
@@ -0,0 +1,177 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response.iam;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+
+import com.cloud.serializer.Param;
+
+@SuppressWarnings("unused")
+@EntityReference(value = IAMPolicy.class)
+public class IAMPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
+
+    @SerializedName(ApiConstants.ID)
+    @Param(description = "the ID of the iam policy")
+    private String id;
+
+    @SerializedName(ApiConstants.NAME)
+    @Param(description = "the name of the iam policy")
+    private String name;
+
+    @SerializedName(ApiConstants.DESCRIPTION)
+    @Param(description = "the description of the iam policy")
+    private String description;
+
+    @SerializedName(ApiConstants.DOMAIN_ID)
+    @Param(description = "the domain ID of the iam policy")
+    private String domainId;
+
+    @SerializedName(ApiConstants.DOMAIN)
+    @Param(description = "the domain name of the iam policy")
+    private String domainName;
+
+    @SerializedName(ApiConstants.ACCOUNT)
+    @Param(description = "the account owning the policy")
+    private String accountName;
+
+    @SerializedName(ApiConstants.IAM_PERMISSIONS)
+    @Param(description = "set of permissions for the iam policy")
+    private Set<IAMPermissionResponse> permissionList;
+
+    public IAMPolicyResponse() {
+        permissionList = new LinkedHashSet<IAMPermissionResponse>();
+    }
+
+    @Override
+    public String getObjectId() {
+        return getId();
+    }
+
+
+    public String getId() {
+        return id;
+     }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    @Override
+    public void setDomainId(String domainId) {
+        this.domainId = domainId;
+    }
+
+    @Override
+    public void setDomainName(String domainName) {
+        this.domainName = domainName;
+    }
+
+    public Set<IAMPermissionResponse> getPermissionList() {
+        return permissionList;
+    }
+
+    public void setPermissionList(Set<IAMPermissionResponse> perms) {
+        permissionList = perms;
+    }
+
+    public void addPermission(IAMPermissionResponse perm) {
+        permissionList.add(perm);
+    }
+
+    @Override
+    public void setAccountName(String accountName) {
+        this.accountName = accountName;
+    }
+
+    @Override
+    public void setProjectId(String projectId) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void setProjectName(String projectName) {
+        // TODO Auto-generated method stub
+
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public String getDomainId() {
+        return domainId;
+    }
+
+    public String getDomainName() {
+        return domainName;
+    }
+
+    public String getAccountName() {
+        return accountName;
+    }
+
+    @Override
+    public int hashCode() {
+        final int prime = 31;
+        int result = 1;
+        result = prime * result + ((id == null) ? 0 : id.hashCode());
+        return result;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj)
+            return true;
+        if (obj == null)
+            return false;
+        if (getClass() != obj.getClass())
+            return false;
+        IAMPolicyResponse other = (IAMPolicyResponse) obj;
+        if (id == null) {
+            if (other.id != null)
+                return false;
+        } else if (!id.equals(other.id))
+            return false;
+        return true;
+    }
+
+
+
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
deleted file mode 100644
index 0cb1e22..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiService.java
+++ /dev/null
@@ -1,84 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-
-import com.cloud.user.Account;
-import com.cloud.utils.component.PluggableService;
-
-public interface AclApiService extends PluggableService {
-
-    /* ACL group related interfaces */
-    AclGroup createAclGroup(Account caller, String aclGroupName, String description);
-
-    boolean deleteAclGroup(Long aclGroupId);
-
-    List<AclGroup> listAclGroups(long accountId);
-
-    AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
-
-    AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
-
-    /* ACL Policy related interfaces */
-    AclPolicy createAclPolicy(Account caller, String aclPolicyName, String description, Long parentPolicyId);
-
-    boolean deleteAclPolicy(long aclPolicyId);
-
-    List<AclPolicy> listAclPolicies(long accountId);
-
-    AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
-
-    AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
-
-    void attachAclPolicyToAccounts(Long policyId, List<Long> accountIds);
-
-    void removeAclPolicyFromAccounts(Long policyId, List<Long> accountIds);
-
-    AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId,
-            String action, Permission perm, Boolean recursive);
-
-    AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
-
-    AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
-
-    /* Utility routine to grant/revoke invidivual resource to list of accounts */
-    void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
-
-    void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
-
-    /* Response Generation */
-    AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
-
-    AclGroupResponse createAclGroupResponse(AclGroup group);
-
-    ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
-            Long domainId, Long startIndex, Long pageSize);
-
-    ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
-            Long domainId, Long startIndex, Long pageSize);
-}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
deleted file mode 100644
index 996f8d4..0000000
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/AclApiServiceImpl.java
+++ /dev/null
@@ -1,690 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.iam;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.IAMEntityType;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListCmd;
-import org.apache.cloudstack.api.command.iam.AddAccountToAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.AddAclPermissionToAclPolicyCmd;
-import org.apache.cloudstack.api.command.iam.AttachAclPolicyToAccountCmd;
-import org.apache.cloudstack.api.command.iam.AttachAclPolicyToAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.CreateAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.CreateAclPolicyCmd;
-import org.apache.cloudstack.api.command.iam.DeleteAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.DeleteAclPolicyCmd;
-import org.apache.cloudstack.api.command.iam.ListAclGroupsCmd;
-import org.apache.cloudstack.api.command.iam.ListAclPoliciesCmd;
-import org.apache.cloudstack.api.command.iam.RemoveAccountFromAclGroupCmd;
-import org.apache.cloudstack.api.command.iam.RemoveAclPermissionFromAclPolicyCmd;
-import org.apache.cloudstack.api.command.iam.RemoveAclPolicyFromAccountCmd;
-import org.apache.cloudstack.api.command.iam.RemoveAclPolicyFromAclGroupCmd;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.api.response.iam.AclGroupResponse;
-import org.apache.cloudstack.api.response.iam.AclPermissionResponse;
-import org.apache.cloudstack.api.response.iam.AclPolicyResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.framework.messagebus.MessageBus;
-import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
-import org.apache.cloudstack.iam.api.AclGroup;
-import org.apache.cloudstack.iam.api.AclPolicy;
-import org.apache.cloudstack.iam.api.AclPolicyPermission;
-import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
-import org.apache.cloudstack.iam.api.IAMService;
-
-import com.cloud.api.ApiServerService;
-import com.cloud.domain.Domain;
-import com.cloud.domain.DomainVO;
-import com.cloud.domain.dao.DomainDao;
-import com.cloud.event.ActionEvent;
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.template.TemplateManager;
-import com.cloud.user.Account;
-import com.cloud.user.AccountManager;
-import com.cloud.user.AccountVO;
-import com.cloud.user.DomainManager;
-import com.cloud.user.dao.AccountDao;
-import com.cloud.utils.Pair;
-import com.cloud.utils.component.Manager;
-import com.cloud.utils.component.ManagerBase;
-import com.cloud.utils.db.DB;
-import com.cloud.utils.db.EntityManager;
-
-@Local(value = {AclApiService.class})
-public class AclApiServiceImpl extends ManagerBase implements AclApiService, Manager {
-
-    public static final Logger s_logger = Logger.getLogger(AclApiServiceImpl.class);
-    private String _name;
-
-    @Inject
-    ApiServerService _apiServer;
-
-    @Inject
-    IAMService _iamSrv;
-
-    @Inject
-    DomainDao _domainDao;
-
-    @Inject
-    AccountDao _accountDao;
-
-    @Inject
-    AccountManager _accountMgr;
-
-    @Inject
-    MessageBus _messageBus;
-
-    @Override
-    public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
-        _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
-            @Override
-            public void onPublishMessage(String senderAddress, String subject, Object obj) {
-                HashMap<Long, Long> acctGroupMap = (HashMap<Long, Long>) obj;
-                for (Long accountId : acctGroupMap.keySet()) {
-                    Long groupId = acctGroupMap.get(accountId);
-                    s_logger.debug("MessageBus message: new Account Added: " + accountId + ", adding it to groupId :"
-                            + groupId);
-                    addAccountToAclGroup(accountId, groupId);
-                    // add it to domain group too
-                    AccountVO account = _accountDao.findById(accountId);
-                    Domain domain = _domainDao.findById(account.getDomainId());
-                    if (domain != null) {
-                        List<AclGroup> domainGroups = listDomainGroup(domain);
-
-                        if (domainGroups != null) {
-                            for (AclGroup group : domainGroups) {
-                                addAccountToAclGroup(accountId, new Long(group.getId()));
-                            }
-                        }
-                    }
-                }
-            }
-        });
-
-        _messageBus.subscribe(AccountManager.MESSAGE_REMOVE_ACCOUNT_EVENT, new MessageSubscriber() {
-            @Override
-            public void onPublishMessage(String senderAddress, String subject, Object obj) {
-                Long accountId = ((Long) obj);
-                if (accountId != null) {
-                    s_logger.debug("MessageBus message: Account removed: " + accountId
-                            + ", releasing the group associations");
-                    removeAccountFromAclGroups(accountId);
-                }
-            }
-        });
-
-        _messageBus.subscribe(DomainManager.MESSAGE_ADD_DOMAIN_EVENT, new MessageSubscriber() {
-            @Override
-            public void onPublishMessage(String senderAddress, String subject, Object obj) {
-                Long domainId = ((Long) obj);
-                if (domainId != null) {
-                    s_logger.debug("MessageBus message: new Domain created: " + domainId + ", creating a new group");
-                    Domain domain = _domainDao.findById(domainId);
-                    _iamSrv.createAclGroup("DomainGrp-" + domain.getUuid(), "Domain group", domain.getPath());
-                }
-            }
-        });
-
-        _messageBus.subscribe(DomainManager.MESSAGE_REMOVE_DOMAIN_EVENT, new MessageSubscriber() {
-            @Override
-            public void onPublishMessage(String senderAddress, String subject, Object obj) {
-                Long domainId = ((Long) obj);
-                if (domainId != null) {
-                    s_logger.debug("MessageBus message: Domain removed: " + domainId + ", removing the domain group");
-                    Domain domain = _domainDao.findById(domainId);
-                    List<AclGroup> groups = listDomainGroup(domain);
-                    for (AclGroup group : groups) {
-                        _iamSrv.deleteAclGroup(group.getId());
-                    }
-                }
-            }
-        });
-
-        _messageBus.subscribe(TemplateManager.MESSAGE_REGISTER_PUBLIC_TEMPLATE_EVENT, new MessageSubscriber() {
-            @Override
-            public void onPublishMessage(String senderAddress, String subject, Object obj) {
-                Long templateId = (Long)obj;
-                if (templateId != null) {
-                    s_logger.debug("MessageBus message: new public template registered: " + templateId + ", grant permission to domain admin and normal user policies");
-                    _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
-                            PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
-                    _iamSrv.addAclPermissionToAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
-                            PermissionScope.RESOURCE.toString(), templateId, "listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
-                }
-            }
-        });
-
-        _messageBus.subscribe(TemplateManager.MESSAGE_RESET_TEMPLATE_PERMISSION_EVENT, new MessageSubscriber() {
-            @Override
-            public void onPublishMessage(String senderAddress, String subject, Object obj) {
-                Long templateId = (Long)obj;
-                if (templateId != null) {
-                    s_logger.debug("MessageBus message: reset template permission: " + templateId);
-                    resetTemplatePermission(templateId);
-                }
-            }
-        });
-
-        _messageBus.subscribe(EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, new MessageSubscriber() {
-            @Override
-            public void onPublishMessage(String senderAddress, String subject, Object obj) {
-                Pair<IAMEntityType, Long> entity = (Pair<IAMEntityType, Long>)obj;
-                if (entity != null) {
-                    String entityType = entity.first().toString();
-                    Long entityId = entity.second();
-                    s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
-                    _iamSrv.removeAclPermissionForEntity(entityType, entityId);
-                }
-            }
-        });
-
-
-        _messageBus.subscribe(EntityManager.MESSAGE_GRANT_ENTITY_EVENT, new MessageSubscriber() {
-            @Override
-            public void onPublishMessage(String senderAddress, String subject, Object obj) {
-                Map<String, Object> permit = (Map<String, Object>)obj;
-                if (permit != null) {
-                    String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
-                    Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
-                    AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
-                    String action = (String)permit.get(ApiConstants.ACL_ACTION);
-                    List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
-                    s_logger.debug("MessageBus message: grant accounts permission to an entity: (" + entityType + "," + entityId + ")");
-                    grantEntityPermissioinToAccounts(entityType, entityId, accessType, action, acctIds);
-                }
-            }
-        });
-
-        _messageBus.subscribe(EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, new MessageSubscriber() {
-            @Override
-            public void onPublishMessage(String senderAddress, String subject, Object obj) {
-                Map<String, Object> permit = (Map<String, Object>)obj;
-                if (permit != null) {
-                    String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
-                    Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
-                    AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
-                    String action = (String)permit.get(ApiConstants.ACL_ACTION);
-                    List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
-                    s_logger.debug("MessageBus message: revoke from accounts permission to an entity: (" + entityType + "," + entityId + ")");
-                    revokeEntityPermissioinFromAccounts(entityType, entityId, accessType, action, acctIds);
-                }
-            }
-        });
-
-        _messageBus.subscribe(EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, new MessageSubscriber() {
-            @Override
-            public void onPublishMessage(String senderAddress, String subject, Object obj) {
-                Map<String, Object> params = (Map<String, Object>) obj;
-                if (params != null) {
-                    addDomainWideResourceAccess(params);
-                }
-            }
-        });
-
-        return super.configure(name, params);
-    }
-
-    private void addDomainWideResourceAccess(Map<String, Object> params) {
-
-        IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);
-        Long entityId = (Long) params.get(ApiConstants.ENTITY_ID);
-        Long domainId = (Long) params.get(ApiConstants.DOMAIN_ID);
-        Boolean isRecursive = (Boolean) params.get(ApiConstants.SUBDOMAIN_ACCESS);
-
-        if (entityType == IAMEntityType.Network) {
-            createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType.toString(),
-                    entityId, "listNetworks", AccessType.UseEntry, domainId, isRecursive);
-        } else if (entityType == IAMEntityType.AffinityGroup) {
-            createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide affinityGroup", entityType.toString(),
-                    entityId, "listAffinityGroups", AccessType.UseEntry, domainId, isRecursive);
-        }
-
-    }
-
-    private void createPolicyAndAddToDomainGroup(String policyName, String description, String entityType,
-            Long entityId, String action, AccessType accessType, Long domainId, Boolean recursive) {
-
-       Domain domain = _domainDao.findById(domainId);
-       if (domain != null) {
-            AclPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
-            _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
-                    entityId, action, accessType.toString(), Permission.Allow, recursive);
-            List<Long> policyList = new ArrayList<Long>();
-            policyList.add(new Long(policy.getId()));
-
-           List<AclGroup> domainGroups = listDomainGroup(domain);
-           if (domainGroups != null) {
-               for (AclGroup group : domainGroups) {
-                   _iamSrv.attachAclPoliciesToGroup(policyList, group.getId());
-               }
-           }
-       }
-    }
-
-    @DB
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
-    public AclGroup createAclGroup(Account caller, String aclGroupName, String description) {
-        Long domainId = caller.getDomainId();
-        Domain callerDomain = _domainDao.findById(domainId);
-        if (callerDomain == null) {
-            throw new InvalidParameterValueException("Caller does not have a domain");
-        }
-        return _iamSrv.createAclGroup(aclGroupName, description, callerDomain.getPath());
-    }
-
-    @DB
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_DELETE, eventDescription = "Deleting Acl Group")
-    public boolean deleteAclGroup(final Long aclGroupId) {
-        return _iamSrv.deleteAclGroup(aclGroupId);
-    }
-
-    @Override
-    public List<AclGroup> listAclGroups(long accountId) {
-        return _iamSrv.listAclGroups(accountId);
-    }
-
-
-    @DB
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
-    public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
-        return _iamSrv.addAccountsToGroup(acctIds, groupId);
-    }
-
-
-    private void removeAccountFromAclGroups(long accountId) {
-        List<AclGroup> groups = listAclGroups(accountId);
-        List<Long> accts = new ArrayList<Long>();
-        accts.add(accountId);
-        if (groups != null) {
-            for (AclGroup grp : groups) {
-                removeAccountsFromGroup(accts, grp.getId());
-            }
-        }
-    }
-
-    private void addAccountToAclGroup(long accountId, long groupId) {
-        List<Long> accts = new ArrayList<Long>();
-        accts.add(accountId);
-        addAccountsToGroup(accts, groupId);
-    }
-
-    @DB
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
-    public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
-        return _iamSrv.removeAccountsFromGroup(acctIds, groupId);
-    }
-
-    @DB
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_CREATE, eventDescription = "Creating Acl Policy", create = true)
-    public AclPolicy createAclPolicy(Account caller, final String aclPolicyName, final String description, final Long parentPolicyId) {
-        Long domainId = caller.getDomainId();
-        Domain callerDomain = _domainDao.findById(domainId);
-        if (callerDomain == null) {
-            throw new InvalidParameterValueException("Caller does not have a domain");
-        }
-        return _iamSrv.createAclPolicy(aclPolicyName, description, parentPolicyId, callerDomain.getPath());
-    }
-
-    @DB
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_DELETE, eventDescription = "Deleting Acl Policy")
-    public boolean deleteAclPolicy(final long aclPolicyId) {
-        return _iamSrv.deleteAclPolicy(aclPolicyId);
-    }
-
-
-    @Override
-    public List<AclPolicy> listAclPolicies(long accountId) {
-        return _iamSrv.listAclPolicies(accountId);
-    }
-
-    @DB
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
-    public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
-        return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
-    }
-
-    @DB
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
-    public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
-        return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
-    }
-
-
-    @DB
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Attaching policy to accounts")
-    public void attachAclPolicyToAccounts(final Long policyId, final List<Long> accountIds) {
-        _iamSrv.attachAclPolicyToAccounts(policyId, accountIds);
-    }
-
-    @DB
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_ACL_ACCOUNT_POLICY_UPDATE, eventDescription = "Removing policy from accounts")
-    public void removeAclPolicyFromAccounts(final Long policyId, final List<Long> accountIds) {
-        _iamSrv.removeAclPolicyFromAccounts(policyId, accountIds);
-    }
-
-    @DB
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_GRANT, eventDescription = "Granting acl permission to Acl Policy")
-    public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope,
-            Long scopeId, String action, Permission perm, Boolean recursive) {
-        Class<?> cmdClass = _apiServer.getCmdClass(action);
-        AccessType accessType = null;
-        if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
-            accessType = AccessType.UseEntry;
-        }
-        return _iamSrv.addAclPermissionToAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action,
-                accessType.toString(), perm, recursive);
-    }
-
-    @DB
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_REVOKE, eventDescription = "Revoking acl permission from Acl Policy")
-    public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
-        return _iamSrv.removeAclPermissionFromAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action);
-    }
-
-    @Override
-    public AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action) {
-        List<AclPolicy> policies = _iamSrv.listAclPolicies(accountId);
-        AclPolicyPermission curPerm = null;
-        for (AclPolicy policy : policies) {
-            List<AclPolicyPermission> perms = _iamSrv.listPolicyPermissionByActionAndEntity(policy.getId(), action,
-                    entityType);
-            if (perms == null || perms.size() == 0)
-                continue;
-            AclPolicyPermission perm = perms.get(0); // just pick one
-            if (curPerm == null) {
-                curPerm = perm;
-            } else if (PermissionScope.valueOf(perm.getScope()).greaterThan(PermissionScope.valueOf(curPerm.getScope()))) {
-                // pick the more relaxed allowed permission
-                curPerm = perm;
-            }
-        }
-
-        return curPerm;
-    }
-
-
-    @Override
-    public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
-        AclPolicyResponse response = new AclPolicyResponse();
-        response.setId(policy.getUuid());
-        response.setName(policy.getName());
-        response.setDescription(policy.getDescription());
-        String domainPath = policy.getPath();
-        if (domainPath != null) {
-            DomainVO domain = _domainDao.findDomainByPath(domainPath);
-            if (domain != null) {
-                response.setDomainId(domain.getUuid());
-                response.setDomainName(domain.getName());
-            }
-        }
-        long accountId = policy.getAccountId();
-        AccountVO owner = _accountDao.findById(accountId);
-        if (owner != null) {
-            response.setAccountName(owner.getAccountName());
-        }
-        // find permissions associated with this policy
-        List<AclPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
-        if (permissions != null && permissions.size() > 0) {
-            for (AclPolicyPermission permission : permissions) {
-                AclPermissionResponse perm = new AclPermissionResponse();
-                perm.setAction(permission.getAction());
-                if (permission.getEntityType() != null) {
-                    perm.setEntityType(IAMEntityType.valueOf(permission.getEntityType()));
-                }
-                if (permission.getScope() != null) {
-                    perm.setScope(PermissionScope.valueOf(permission.getScope()));
-                }
-                perm.setScopeId(permission.getScopeId());
-                perm.setPermission(permission.getPermission());
-                response.addPermission(perm);
-            }
-        }
-        response.setObjectName("aclpolicy");
-        return response;
-    }
-
-    @Override
-    public AclGroupResponse createAclGroupResponse(AclGroup group) {
-        AclGroupResponse response = new AclGroupResponse();
-        response.setId(group.getUuid());
-        response.setName(group.getName());
-        response.setDescription(group.getDescription());
-        String domainPath = group.getPath();
-        if (domainPath != null) {
-            DomainVO domain = _domainDao.findDomainByPath(domainPath);
-            if (domain != null) {
-                response.setDomainId(domain.getUuid());
-                response.setDomainName(domain.getName());
-            }
-        }
-        long accountId = group.getAccountId();
-        AccountVO owner = _accountDao.findById(accountId);
-        if (owner != null) {
-            response.setAccountName(owner.getAccountName());
-        }
-        // find all the members in this group
-        List<Long> members = _iamSrv.listAccountsByGroup(group.getId());
-        if (members != null && members.size() > 0) {
-            for (Long member : members) {
-                AccountVO mem = _accountDao.findById(member);
-                if (mem != null) {
-                    response.addMemberAccount(mem.getAccountName());
-                }
-            }
-        }
-
-        // find all the policies attached to this group
-        List<AclPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
-        if (policies != null && policies.size() > 0) {
-            for (AclPolicy policy : policies) {
-                response.addPolicy(policy.getName());
-            }
-        }
-
-        response.setObjectName("aclgroup");
-        return response;
-
-    }
-
-    public List<AclGroup> listDomainGroup(Domain domain) {
-
-        if (domain != null) {
-            String domainPath = domain.getPath();
-            // search for groups
-            Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(null, "DomainGrp-" + domain.getUuid(),
-                    domainPath, null, null);
-            return result.first();
-        }
-        return new ArrayList<AclGroup>();
-
-    }
-
-    @Override
-    public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
-        // acl check
-        Account caller = CallContext.current().getCallingAccount();
-
-        Domain domain = null;
-        if (domainId != null) {
-            domain = _domainDao.findById(domainId);
-            if (domain == null) {
-                throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
-            }
-
-            _accountMgr.checkAccess(caller, domain);
-        } else {
-            domain = _domainDao.findById(caller.getDomainId());
-        }
-        String domainPath = domain.getPath();
-        // search for groups
-        Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(aclGroupId, aclGroupName, domainPath, startIndex, pageSize);
-        // generate group response
-        ListResponse<AclGroupResponse> response = new ListResponse<AclGroupResponse>();
-        List<AclGroupResponse> groupResponses = new ArrayList<AclGroupResponse>();
-        for (AclGroup group : result.first()) {
-            AclGroupResponse resp = createAclGroupResponse(group);
-            groupResponses.add(resp);
-        }
-        response.setResponses(groupResponses, result.second());
-        return response;
-    }
-
-    @Override
-    public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
-            Long pageSize) {
-        // acl check
-        Account caller = CallContext.current().getCallingAccount();
-
-        Domain domain = null;
-        if (domainId != null) {
-            domain = _domainDao.findById(domainId);
-            if (domain == null) {
-                throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
-            }
-
-            _accountMgr.checkAccess(caller, domain);
-        } else {
-            domain = _domainDao.findById(caller.getDomainId());
-        }
-        String domainPath = domain.getPath();
-        // search for policies
-        Pair<List<AclPolicy>, Integer> result = _iamSrv.listAclPolicies(aclPolicyId, aclPolicyName, domainPath, startIndex, pageSize);
-        // generate policy response
-        ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
-        List<AclPolicyResponse> policyResponses = new ArrayList<AclPolicyResponse>();
-        for (AclPolicy policy : result.first()) {
-            AclPolicyResponse resp = createAclPolicyResponse(policy);
-            policyResponses.add(resp);
-        }
-        response.setResponses(policyResponses, result.second());
-        return response;
-    }
-
-    @Override
-    public void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
-        // check if there is already a policy with only this permission added to it
-        AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
-        if (policy == null) {
-            // not found, just create a policy with resource grant permission
-            Account caller = CallContext.current().getCallingAccount();
-            String aclPolicyName = "policyGrant" + entityType + entityId;
-            String description = "Policy to grant permission to " + entityType + entityId;
-            policy = createAclPolicy(caller, aclPolicyName, description, null);
-            // add permission to this policy
-            addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
-        }
-        // attach this policy to list of accounts if not attached already
-        Long policyId = policy.getId();
-        for (Long acctId : accountIds) {
-            if (!isPolicyAttachedToAccount(policyId, acctId)) {
-                attachAclPolicyToAccounts(policyId, Collections.singletonList(acctId));
-            }
-        }
-    }
-
-    @Override
-    public void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds) {
-        // there should already a policy with only this permission added to it, this call is mainly used
-        AclPolicy policy = _iamSrv.getResourceGrantPolicy(entityType, entityId, accessType.toString(), action);
-        if (policy == null) {
-            s_logger.warn("Cannot find a policy associated with this entity permissioin to be revoked, just return");
-            return;
-        }
-        // detach this policy from list of accounts if not detached already
-        Long policyId = policy.getId();
-        for (Long acctId : accountIds) {
-            if (isPolicyAttachedToAccount(policyId, acctId)) {
-                removeAclPolicyFromAccounts(policyId, Collections.singletonList(acctId));
-            }
-        }
-
-    }
-
-    private boolean isPolicyAttachedToAccount(Long policyId, Long accountId) {
-        List<AclPolicy> pList = listAclPolicies(accountId);
-        for (AclPolicy p : pList) {
-            if (p.getId() == policyId.longValue()) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    private void resetTemplatePermission(Long templateId){
-        // reset template will change template to private, so we need to remove its permission for domain admin and normal user group
-        _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), IAMEntityType.VirtualMachineTemplate.toString(),
-                PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
-        _iamSrv.removeAclPermissionFromAclPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1), IAMEntityType.VirtualMachineTemplate.toString(),
-                PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
-        // check if there is a policy with only UseEntry permission for this template added
-        AclPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(), templateId, AccessType.UseEntry.toString(), "listTemplates");
-        if ( policy == null ){
-            s_logger.info("No policy found for this template grant: " + templateId + ", no detach to be done");
-            return;
-        }
-        // delete the policy, which should detach it from groups and accounts
-        _iamSrv.deleteAclPolicy(policy.getId());
-
-    }
-
-    @Override
-    public List<Class<?>> getCommands() {
-        List<Class<?>> cmdList = new ArrayList<Class<?>>();
-        cmdList.add(CreateAclPolicyCmd.class);
-        cmdList.add(DeleteAclPolicyCmd.class);
-        cmdList.add(ListAclPoliciesCmd.class);
-        cmdList.add(AddAclPermissionToAclPolicyCmd.class);
-        cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
-        cmdList.add(AttachAclPolicyToAclGroupCmd.class);
-        cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
-        cmdList.add(CreateAclGroupCmd.class);
-        cmdList.add(DeleteAclGroupCmd.class);
-        cmdList.add(ListAclGroupsCmd.class);
-        cmdList.add(AddAccountToAclGroupCmd.class);
-        cmdList.add(RemoveAccountFromAclGroupCmd.class);
-        cmdList.add(AttachAclPolicyToAccountCmd.class);
-        cmdList.add(RemoveAclPolicyFromAccountCmd.class);
-        return cmdList;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/187f9cd0/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
new file mode 100644
index 0000000..b9e680a
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
@@ -0,0 +1,84 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.iam;
+
+import java.util.List;
+
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
+import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
+import org.apache.cloudstack.iam.api.IAMGroup;
+import org.apache.cloudstack.iam.api.IAMPolicy;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
+
+import com.cloud.user.Account;
+import com.cloud.utils.component.PluggableService;
+
+public interface IAMApiService extends PluggableService {
+
+    /* ACL group related interfaces */
+    IAMGroup createIAMGroup(Account caller, String iamGroupName, String description);
+
+    boolean deleteIAMGroup(Long iamGroupId);
+
+    List<IAMGroup> listIAMGroups(long accountId);
+
+    IAMGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
+
+    IAMGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
+
+    /* IAM Policy related interfaces */
+    IAMPolicy createIAMPolicy(Account caller, String iamPolicyName, String description, Long parentPolicyId);
+
+    boolean deleteIAMPolicy(long iamPolicyId);
+
+    List<IAMPolicy> listIAMPolicies(long accountId);
+
+    IAMGroup attachIAMPoliciesToGroup(List<Long> policyIds, Long groupId);
+
+    IAMGroup removeIAMPoliciesFromGroup(List<Long> policyIds, Long groupId);
+
+    void attachIAMPolicyToAccounts(Long policyId, List<Long> accountIds);
+
+    void removeIAMPolicyFromAccounts(Long policyId, List<Long> accountIds);
+
+    IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId,
+            String action, Permission perm, Boolean recursive);
+
+    IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
+
+    IAMPolicyPermission getIAMPolicyPermission(long accountId, String entityType, String action);
+
+    /* Utility routine to grant/revoke invidivual resource to list of accounts */
+    void grantEntityPermissioinToAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
+
+    void revokeEntityPermissioinFromAccounts(String entityType, Long entityId, AccessType accessType, String action, List<Long> accountIds);
+
+    /* Response Generation */
+    IAMPolicyResponse createIAMPolicyResponse(IAMPolicy policy);
+
+    IAMGroupResponse createIAMGroupResponse(IAMGroup group);
+
+    ListResponse<IAMGroupResponse> listIAMGroups(Long iamGroupId, String iamGroupName,
+            Long domainId, Long startIndex, Long pageSize);
+
+    ListResponse<IAMPolicyResponse> listIAMPolicies(Long iamPolicyId, String iamPolicyName,
+            Long domainId, Long startIndex, Long pageSize);
+}


Mime
View raw message