cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject [1/5] Remove IAMEntityType to use existing VO interface class to annotate entityType.
Date Mon, 17 Mar 2014 23:59:45 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/4.4 831f51318 -> ae6b9a082


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae6b9a08/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index 69f669c..e128cf1 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -27,11 +27,18 @@ import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
 import org.apache.log4j.Logger;
+import org.bouncycastle.util.IPAddress;
+
+import com.amazonaws.auth.policy.Condition;
+import com.amazonaws.services.ec2.model.SecurityGroup;
+import com.amazonaws.services.ec2.model.Snapshot;
+import com.amazonaws.services.ec2.model.Volume;
+import com.amazonaws.services.ec2.model.Vpc;
+import com.amazonaws.services.elasticache.model.Event;
 
-import org.apache.cloudstack.acl.IAMEntityType;
 import org.apache.cloudstack.acl.PermissionScope;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.affinity.AffinityGroupVO;
+import org.apache.cloudstack.affinity.AffinityGroup;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseListCmd;
 import org.apache.cloudstack.api.InternalIdentity;
@@ -54,7 +61,7 @@ import org.apache.cloudstack.api.response.iam.IAMGroupResponse;
 import org.apache.cloudstack.api.response.iam.IAMPermissionResponse;
 import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
 import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.framework.jobs.impl.AsyncJobVO;
+import org.apache.cloudstack.framework.jobs.AsyncJob;
 import org.apache.cloudstack.framework.messagebus.MessageBus;
 import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
 import org.apache.cloudstack.iam.api.IAMGroup;
@@ -62,9 +69,6 @@ import org.apache.cloudstack.iam.api.IAMPolicy;
 import org.apache.cloudstack.iam.api.IAMPolicyPermission;
 import org.apache.cloudstack.iam.api.IAMPolicyPermission.Permission;
 import org.apache.cloudstack.iam.api.IAMService;
-import org.apache.cloudstack.iam.server.IAMGroupVO;
-import org.apache.cloudstack.iam.server.IAMPolicyVO;
-import org.apache.cloudstack.region.gslb.GlobalLoadBalancerRuleVO;
 
 import com.cloud.api.ApiServerService;
 import com.cloud.domain.Domain;
@@ -72,50 +76,45 @@ import com.cloud.domain.DomainVO;
 import com.cloud.domain.dao.DomainDao;
 import com.cloud.event.ActionEvent;
 import com.cloud.event.EventTypes;
-import com.cloud.event.EventVO;
 import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.network.UserIpv6AddressVO;
-import com.cloud.network.VpnUserVO;
-import com.cloud.network.as.AutoScalePolicyVO;
-import com.cloud.network.as.AutoScaleVmGroupVO;
-import com.cloud.network.as.AutoScaleVmProfileVO;
-import com.cloud.network.as.ConditionVO;
-import com.cloud.network.dao.IPAddressVO;
-import com.cloud.network.dao.MonitoringServiceVO;
-import com.cloud.network.dao.NetworkVO;
-import com.cloud.network.dao.RemoteAccessVpnVO;
-import com.cloud.network.dao.Site2SiteCustomerGatewayVO;
-import com.cloud.network.dao.Site2SiteVpnConnectionVO;
-import com.cloud.network.dao.Site2SiteVpnGatewayVO;
-import com.cloud.network.dao.SslCertVO;
-import com.cloud.network.rules.FirewallRuleVO;
-import com.cloud.network.rules.PortForwardingRuleVO;
-import com.cloud.network.security.SecurityGroupVO;
-import com.cloud.network.vpc.StaticRouteVO;
-import com.cloud.network.vpc.VpcGatewayVO;
-import com.cloud.network.vpc.VpcVO;
-import com.cloud.projects.ProjectInvitationVO;
-import com.cloud.storage.SnapshotVO;
-import com.cloud.storage.VMTemplateVO;
-import com.cloud.storage.VolumeVO;
-import com.cloud.tags.ResourceTagVO;
+import com.cloud.network.IpAddress;
+import com.cloud.network.MonitoringService;
+import com.cloud.network.Network;
+import com.cloud.network.RemoteAccessVpn;
+import com.cloud.network.Site2SiteCustomerGateway;
+import com.cloud.network.Site2SiteVpnConnection;
+import com.cloud.network.Site2SiteVpnGateway;
+import com.cloud.network.UserIpv6Address;
+import com.cloud.network.VpnUser;
+import com.cloud.network.as.AutoScalePolicy;
+import com.cloud.network.as.AutoScaleVmGroup;
+import com.cloud.network.as.AutoScaleVmProfile;
+import com.cloud.network.lb.SslCert;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.PortForwardingRule;
+import com.cloud.network.vpc.StaticRoute;
+import com.cloud.network.vpc.VpcGateway;
+import com.cloud.projects.ProjectInvitation;
+import com.cloud.region.ha.GlobalLoadBalancerRule;
+import com.cloud.server.ResourceTag;
 import com.cloud.template.TemplateManager;
+import com.cloud.template.VirtualMachineTemplate;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.user.AccountVO;
 import com.cloud.user.DomainManager;
-import com.cloud.user.SSHKeyPairVO;
+import com.cloud.user.SSHKeyPair;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.utils.Pair;
 import com.cloud.utils.component.Manager;
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.utils.db.DB;
 import com.cloud.utils.db.EntityManager;
-import com.cloud.vm.InstanceGroupVO;
-import com.cloud.vm.VMInstanceVO;
-import com.cloud.vm.dao.NicIpAliasVO;
-import com.cloud.vm.dao.NicSecondaryIpVO;
-import com.cloud.vm.snapshot.VMSnapshotVO;
+import com.cloud.vm.InstanceGroup;
+import com.cloud.vm.NicIpAlias;
+import com.cloud.vm.NicSecondaryIp;
+import com.cloud.vm.VirtualMachine;
+import com.cloud.vm.snapshot.VMSnapshot;
 
 @Local(value = {IAMApiService.class})
 public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Manager {
@@ -144,48 +143,46 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService,
Man
     @Inject
     EntityManager _entityMgr;
 
-    private static final Map<IAMEntityType, Class<?>> s_typeMap = new HashMap<IAMEntityType,
Class<?>>();
+    private static final Map<String, Class<?>> s_typeMap = new HashMap<String,
Class<?>>();
     static {
-        s_typeMap.put(IAMEntityType.VirtualMachine, VMInstanceVO.class);
-        s_typeMap.put(IAMEntityType.Volume, VolumeVO.class);
-        s_typeMap.put(IAMEntityType.ResourceTag, ResourceTagVO.class);
-        s_typeMap.put(IAMEntityType.Account, AccountVO.class);
-        s_typeMap.put(IAMEntityType.AffinityGroup, AffinityGroupVO.class);
-        s_typeMap.put(IAMEntityType.AutoScalePolicy, AutoScalePolicyVO.class);
-        s_typeMap.put(IAMEntityType.AutoScaleVmProfile, AutoScaleVmProfileVO.class);
-        s_typeMap.put(IAMEntityType.AutoScaleVmGroup, AutoScaleVmGroupVO.class);
-        s_typeMap.put(IAMEntityType.Condition, ConditionVO.class);
-        s_typeMap.put(IAMEntityType.Vpc, VpcVO.class);
-        s_typeMap.put(IAMEntityType.VpcGateway, VpcGatewayVO.class);
-        s_typeMap.put(IAMEntityType.PrivateGateway, RemoteAccessVpnVO.class);
-        s_typeMap.put(IAMEntityType.VpnUser, VpnUserVO.class);
-        s_typeMap.put(IAMEntityType.VMSnapshot, VMSnapshotVO.class);
-        s_typeMap.put(IAMEntityType.VirtualMachineTemplate, VMTemplateVO.class);
-        s_typeMap.put(IAMEntityType.UserIpv6Address, UserIpv6AddressVO.class);
-        s_typeMap.put(IAMEntityType.StaticRoute, StaticRouteVO.class);
-        s_typeMap.put(IAMEntityType.SSHKeyPair, SSHKeyPairVO.class);
-        s_typeMap.put(IAMEntityType.Snapshot, SnapshotVO.class);
-        s_typeMap.put(IAMEntityType.Site2SiteVpnGateway, Site2SiteVpnGatewayVO.class);
-        s_typeMap.put(IAMEntityType.Site2SiteCustomerGateway, Site2SiteCustomerGatewayVO.class);
-        s_typeMap.put(IAMEntityType.Site2SiteVpnConnection, Site2SiteVpnConnectionVO.class);
-        s_typeMap.put(IAMEntityType.SecurityGroup, SecurityGroupVO.class);
-        s_typeMap.put(IAMEntityType.RemoteAccessVpn, RemoteAccessVpnVO.class);
-        s_typeMap.put(IAMEntityType.PublicIpAddress, IPAddressVO.class);
-        s_typeMap.put(IAMEntityType.ProjectInvitation, ProjectInvitationVO.class);
-        s_typeMap.put(IAMEntityType.NicSecondaryIp, NicSecondaryIpVO.class);
-        s_typeMap.put(IAMEntityType.NicIpAlias, NicIpAliasVO.class);
-        s_typeMap.put(IAMEntityType.Network, NetworkVO.class);
-        s_typeMap.put(IAMEntityType.IpAddress, IPAddressVO.class);
-        s_typeMap.put(IAMEntityType.InstanceGroup, InstanceGroupVO.class);
-        s_typeMap.put(IAMEntityType.GlobalLoadBalancerRule, GlobalLoadBalancerRuleVO.class);
-        s_typeMap.put(IAMEntityType.FirewallRule, FirewallRuleVO.class);
-        s_typeMap.put(IAMEntityType.PortForwardingRule, PortForwardingRuleVO.class);
-        s_typeMap.put(IAMEntityType.Event, EventVO.class);
-        s_typeMap.put(IAMEntityType.AsyncJob, AsyncJobVO.class);
-        s_typeMap.put(IAMEntityType.IAMGroup, IAMGroupVO.class);
-        s_typeMap.put(IAMEntityType.IAMPolicy, IAMPolicyVO.class);
-        s_typeMap.put(IAMEntityType.MonitorService, MonitoringServiceVO.class);
-        s_typeMap.put(IAMEntityType.SSLCert, SslCertVO.class);
+        s_typeMap.put(VirtualMachine.class.getSimpleName(), VirtualMachine.class);
+        s_typeMap.put(Volume.class.getSimpleName(), Volume.class);
+        s_typeMap.put(ResourceTag.class.getSimpleName(), ResourceTag.class);
+        s_typeMap.put(Account.class.getSimpleName(), Account.class);
+        s_typeMap.put(AffinityGroup.class.getSimpleName(), AffinityGroup.class);
+        s_typeMap.put(AutoScalePolicy.class.getSimpleName(), AutoScalePolicy.class);
+        s_typeMap.put(AutoScaleVmProfile.class.getSimpleName(), AutoScaleVmProfile.class);
+        s_typeMap.put(AutoScaleVmGroup.class.getSimpleName(), AutoScaleVmGroup.class);
+        s_typeMap.put(Condition.class.getSimpleName(), Condition.class);
+        s_typeMap.put(Vpc.class.getSimpleName(), Vpc.class);
+        s_typeMap.put(VpcGateway.class.getSimpleName(), VpcGateway.class);
+        s_typeMap.put(VpnUser.class.getSimpleName(), VpnUser.class);
+        s_typeMap.put(VMSnapshot.class.getSimpleName(), VMSnapshot.class);
+        s_typeMap.put(VirtualMachineTemplate.class.getSimpleName(), VirtualMachineTemplate.class);
+        s_typeMap.put(UserIpv6Address.class.getSimpleName(), UserIpv6Address.class);
+        s_typeMap.put(StaticRoute.class.getSimpleName(), StaticRoute.class);
+        s_typeMap.put(SSHKeyPair.class.getSimpleName(), SSHKeyPair.class);
+        s_typeMap.put(Snapshot.class.getSimpleName(), Snapshot.class);
+        s_typeMap.put(Site2SiteVpnGateway.class.getSimpleName(), Site2SiteVpnGateway.class);
+        s_typeMap.put(Site2SiteCustomerGateway.class.getSimpleName(), Site2SiteCustomerGateway.class);
+        s_typeMap.put(Site2SiteVpnConnection.class.getSimpleName(), Site2SiteVpnConnection.class);
+        s_typeMap.put(SecurityGroup.class.getSimpleName(), SecurityGroup.class);
+        s_typeMap.put(RemoteAccessVpn.class.getSimpleName(), RemoteAccessVpn.class);
+        s_typeMap.put(ProjectInvitation.class.getSimpleName(), ProjectInvitation.class);
+        s_typeMap.put(NicSecondaryIp.class.getSimpleName(), NicSecondaryIp.class);
+        s_typeMap.put(NicIpAlias.class.getSimpleName(), NicIpAlias.class);
+        s_typeMap.put(Network.class.getSimpleName(), Network.class);
+        s_typeMap.put(IpAddress.class.getSimpleName(), IPAddress.class);
+        s_typeMap.put(InstanceGroup.class.getSimpleName(), InstanceGroup.class);
+        s_typeMap.put(GlobalLoadBalancerRule.class.getSimpleName(), GlobalLoadBalancerRule.class);
+        s_typeMap.put(FirewallRule.class.getSimpleName(), FirewallRule.class);
+        s_typeMap.put(PortForwardingRule.class.getSimpleName(), PortForwardingRule.class);
+        s_typeMap.put(Event.class.getSimpleName(), Event.class);
+        s_typeMap.put(AsyncJob.class.getSimpleName(), AsyncJob.class);
+        s_typeMap.put(IAMGroup.class.getSimpleName(), IAMGroup.class);
+        s_typeMap.put(IAMPolicy.class.getSimpleName(), IAMPolicy.class);
+        s_typeMap.put(MonitoringService.class.getSimpleName(), MonitoringService.class);
+        s_typeMap.put(SslCert.class.getSimpleName(), SslCert.class);
     }
 
     @Override
@@ -261,9 +258,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService,
Man
                 Long templateId = (Long)obj;
                 if (templateId != null) {
                     s_logger.debug("MessageBus message: new public template registered: "
+ templateId + ", grant permission to domain admin and normal user policies");
-                    _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN
+ 1), IAMEntityType.VirtualMachineTemplate.toString(),
+                    _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN
+ 1), VirtualMachineTemplate.class.getSimpleName(),
                             PermissionScope.RESOURCE.toString(), templateId, "listTemplates",
AccessType.UseEntry.toString(), Permission.Allow, false);
-                    _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL
+ 1), IAMEntityType.VirtualMachineTemplate.toString(),
+                    _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL
+ 1), VirtualMachineTemplate.class.getSimpleName(),
                             PermissionScope.RESOURCE.toString(), templateId, "listTemplates",
AccessType.UseEntry.toString(), Permission.Allow, false);
                 }
             }
@@ -283,9 +280,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService,
Man
         _messageBus.subscribe(EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, new MessageSubscriber()
{
             @Override
             public void onPublishMessage(String senderAddress, String subject, Object obj)
{
-                Pair<IAMEntityType, Long> entity = (Pair<IAMEntityType, Long>)obj;
+                Pair<Class<?>, Long> entity = (Pair<Class<?>, Long>)obj;
                 if (entity != null) {
-                    String entityType = entity.first().toString();
+                    String entityType = entity.first().getSimpleName();
                     Long entityId = entity.second();
                     s_logger.debug("MessageBus message: delete an entity: (" + entityType
+ "," + entityId + "), remove its related permission");
                     _iamSrv.removeIAMPermissionForEntity(entityType, entityId);
@@ -299,13 +296,13 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService,
Man
             public void onPublishMessage(String senderAddress, String subject, Object obj)
{
                 Map<String, Object> permit = (Map<String, Object>)obj;
                 if (permit != null) {
-                    String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
+                    Class<?> entityType = (Class<?>)permit.get(ApiConstants.ENTITY_TYPE);
                     Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
                     AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
                     String action = (String)permit.get(ApiConstants.IAM_ACTION);
                     List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
                     s_logger.debug("MessageBus message: grant accounts permission to an entity:
(" + entityType + "," + entityId + ")");
-                    grantEntityPermissioinToAccounts(entityType, entityId, accessType, action,
acctIds);
+                    grantEntityPermissioinToAccounts(entityType.getSimpleName(), entityId,
accessType, action, acctIds);
                 }
             }
         });
@@ -315,13 +312,13 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService,
Man
             public void onPublishMessage(String senderAddress, String subject, Object obj)
{
                 Map<String, Object> permit = (Map<String, Object>)obj;
                 if (permit != null) {
-                    String entityType = (String)permit.get(ApiConstants.ENTITY_TYPE);
+                    Class<?> entityType = (Class<?>)permit.get(ApiConstants.ENTITY_TYPE);
                     Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
                     AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
                     String action = (String)permit.get(ApiConstants.IAM_ACTION);
                     List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
                     s_logger.debug("MessageBus message: revoke from accounts permission to
an entity: (" + entityType + "," + entityId + ")");
-                    revokeEntityPermissioinFromAccounts(entityType, entityId, accessType,
action, acctIds);
+                    revokeEntityPermissioinFromAccounts(entityType.getSimpleName(), entityId,
accessType, action, acctIds);
                 }
             }
         });
@@ -359,15 +356,15 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService,
Man
 
     private void addDomainWideResourceAccess(Map<String, Object> params) {
 
-        IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);
+        Class<?> entityType = (Class<?>)params.get(ApiConstants.ENTITY_TYPE);
         Long entityId = (Long) params.get(ApiConstants.ENTITY_ID);
         Long domainId = (Long) params.get(ApiConstants.DOMAIN_ID);
         Boolean isRecursive = (Boolean) params.get(ApiConstants.SUBDOMAIN_ACCESS);
 
-        if (entityType == IAMEntityType.Network) {
+        if (entityType == Network.class) {
             createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide
network", entityType.toString(),
                     entityId, "listNetworks", AccessType.UseEntry, domainId, isRecursive);
-        } else if (entityType == IAMEntityType.AffinityGroup) {
+        } else if (entityType == AffinityGroup.class) {
             createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide
affinityGroup", entityType.toString(),
                     entityId, "listAffinityGroups", AccessType.UseEntry, domainId, isRecursive);
         }
@@ -575,7 +572,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService,
Man
                 IAMPermissionResponse perm = new IAMPermissionResponse();
                 perm.setAction(permission.getAction());
                 if (permission.getEntityType() != null) {
-                    perm.setEntityType(IAMEntityType.valueOf(permission.getEntityType()));
+                    perm.setEntityType(permission.getEntityType());
                 }
                 if (permission.getScope() != null) {
                     perm.setScope(PermissionScope.valueOf(permission.getScope()));
@@ -758,12 +755,12 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService,
Man
 
     private void resetTemplatePermission(Long templateId){
         // reset template will change template to private, so we need to remove its permission
for domain admin and normal user group
-        _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN
+ 1), IAMEntityType.VirtualMachineTemplate.toString(),
+        _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN
+ 1), VirtualMachineTemplate.class.getSimpleName(),
                 PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
-        _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1),
IAMEntityType.VirtualMachineTemplate.toString(),
+        _iamSrv.removeIAMPermissionFromIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1),
VirtualMachineTemplate.class.getSimpleName(),
                 PermissionScope.RESOURCE.toString(), templateId, "listTemplates");
         // check if there is a policy with only UseEntry permission for this template added
-        IAMPolicy policy = _iamSrv.getResourceGrantPolicy(IAMEntityType.VirtualMachineTemplate.toString(),
templateId, AccessType.UseEntry.toString(), "listTemplates");
+        IAMPolicy policy = _iamSrv.getResourceGrantPolicy(VirtualMachineTemplate.class.getSimpleName(),
templateId, AccessType.UseEntry.toString(), "listTemplates");
         if ( policy == null ){
             s_logger.info("No policy found for this template grant: " + templateId + ", no
detach to be done");
             return;
@@ -788,7 +785,7 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService,
Man
             entity = _accountDao.findByUuid(scopeId);
             break;
         case RESOURCE:
-            Class<?> clazz = s_typeMap.get(IAMEntityType.valueOf(entityType));
+            Class<?> clazz = s_typeMap.get(entityType);
             entity = (InternalIdentity)_entityMgr.findByUuid(clazz, scopeId);
         }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae6b9a08/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
index fb75db3..1afe5e8 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
@@ -29,7 +29,6 @@ import javax.naming.ConfigurationException;
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.acl.APIChecker;
-import org.apache.cloudstack.acl.IAMEntityType;
 import org.apache.cloudstack.acl.PermissionScope;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@@ -46,6 +45,7 @@ import com.cloud.api.ApiServerService;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.storage.VMTemplateVO;
 import com.cloud.storage.dao.VMTemplateDao;
+import com.cloud.template.VirtualMachineTemplate;
 import com.cloud.user.Account;
 import com.cloud.user.AccountService;
 import com.cloud.user.User;
@@ -133,9 +133,9 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements
APIChecker
         // add permissions for public templates
         List<VMTemplateVO> pTmplts = _templateDao.listByPublic();
         for (VMTemplateVO tmpl : pTmplts){
-            _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN
+ 1), IAMEntityType.VirtualMachineTemplate.toString(),
+            _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN
+ 1), VirtualMachineTemplate.class.getSimpleName(),
                     PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(),
Permission.Allow, false);
-            _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1),
IAMEntityType.VirtualMachineTemplate.toString(),
+            _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1),
VirtualMachineTemplate.class.getSimpleName(),
                     PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(),
Permission.Allow, false);
         }
 
@@ -218,7 +218,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements
APIChecker
     private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType
role) {
 
         AccessType accessType = null;
-        IAMEntityType[] entityTypes = null;
+        Class<?>[] entityTypes = null;
         if (cmdClass != null) {
             BaseCmd cmdObj;
             try {
@@ -262,8 +262,9 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements
APIChecker
             _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, permissionScope.toString(),
new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
                     apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow,
false);
         } else {
-            for (IAMEntityType entityType : entityTypes) {
-                _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.toString(), permissionScope.toString(),
new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
+            for (Class<?> entityType : entityTypes) {
+                _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.getSimpleName(),
permissionScope.toString(), new Long(
+                        IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
                         apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow,
false);
             }
          }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae6b9a08/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 3fe854a..3ab3749 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -83,7 +83,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements
Secur
 
         String entityType = null;
         if (entity.getEntityType() != null) {
-            entityType = entity.getEntityType().toString();
+            entityType = entity.getEntityType().getSimpleName();
         }
 
         if (accessType == null) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae6b9a08/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
index b825ab2..49c4c9f 100644
--- a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
+++ b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
@@ -50,7 +50,6 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.context.support.AnnotationConfigContextLoader;
 
-import org.apache.cloudstack.acl.IAMEntityType;
 import org.apache.cloudstack.acl.PermissionScope;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.command.user.vm.ListVMsCmd;
@@ -84,6 +83,7 @@ import com.cloud.user.dao.AccountDao;
 import com.cloud.utils.Pair;
 import com.cloud.utils.component.ComponentContext;
 import com.cloud.utils.db.EntityManager;
+import com.cloud.vm.VirtualMachine;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(loader = AnnotationConfigContextLoader.class)
@@ -292,15 +292,15 @@ public class IAMApiServiceTest {
         Class clz = ListVMsCmd.class;
         when(_apiServer.getCmdClass("listVirtualMachines")).thenReturn(clz);
         when(
-                _iamSrv.addIAMPermissionToIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
+                _iamSrv.addIAMPermissionToIAMPolicy(policyId, VirtualMachine.class.getSimpleName(),
                         PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
                         AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
-        _aclSrv.addIAMPermissionToIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
+        _aclSrv.addIAMPermissionToIAMPolicy(policyId, VirtualMachine.class.getSimpleName(),
                 PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow,
false);
         Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>,
Integer>(policies, 1);
         List<IAMPolicyPermission> policyPerms = new ArrayList<IAMPolicyPermission>();
         IAMPolicyPermission perm = new IAMPolicyPermissionVO(policyId, "listVirtualMachines",
-                IAMEntityType.VirtualMachine.toString(), AccessType.UseEntry.toString(),
+                VirtualMachine.class.getSimpleName(), AccessType.UseEntry.toString(),
                 PermissionScope.RESOURCE.toString(),
                 resId, Permission.Allow, false);
         policyPerms.add(perm);
@@ -316,7 +316,7 @@ public class IAMApiServiceTest {
 
         //remove permission from policy
         policyPerms.remove(perm);
-        _aclSrv.removeIAMPermissionFromIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
+        _aclSrv.removeIAMPermissionFromIAMPolicy(policyId, VirtualMachine.class.getSimpleName(),
                 PermissionScope.RESOURCE, resId, "listVirtualMachines");
         policyResp = _aclSrv.listIAMPolicies(null, "policy1", callerDomainId, 0L, 20L);
         assertTrue("No. of response items should be one", policyResp.getCount() == 1);


Mime
View raw message