Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 87E8410E5A for ; Thu, 13 Mar 2014 23:56:03 +0000 (UTC) Received: (qmail 24638 invoked by uid 500); 13 Mar 2014 23:55:14 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 24330 invoked by uid 500); 13 Mar 2014 23:55:07 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 23904 invoked by uid 99); 13 Mar 2014 23:54:57 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Mar 2014 23:54:57 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id A22A9980793; Thu, 13 Mar 2014 23:54:56 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: mchen@apache.org To: commits@cloudstack.apache.org Date: Thu, 13 Mar 2014 23:55:31 -0000 Message-Id: <5c2dfe3a2f304c41b096311937e7f5c2@git.apache.org> In-Reply-To: <12b9daed0a9e4902903d5ca04a968f98@git.apache.org> References: <12b9daed0a9e4902903d5ca04a968f98@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [38/50] [abbrv] git commit: updated refs/heads/master to 8ff9460 A production/QA Setup does not populate the admin and SYSTEM accounts during database setup. So IAM plugin needs to insert the necessary group <-> account map in the DB during startup Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1c85af31 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1c85af31 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1c85af31 Branch: refs/heads/master Commit: 1c85af319340b28152a75606da577ec8e6eb51ca Parents: 748c090 Author: Prachi Damle Authored: Mon Mar 10 17:27:32 2014 -0700 Committer: Prachi Damle Committed: Mon Mar 10 17:30:00 2014 -0700 ---------------------------------------------------------------------- .../cloudstack/iam/IAMApiServiceImpl.java | 95 ++++++++++++++++++++ 1 file changed, 95 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1c85af31/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java index 97519f2..47b7697 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java @@ -16,6 +16,9 @@ // under the License. package org.apache.cloudstack.iam; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -111,6 +114,11 @@ import com.cloud.utils.component.Manager; import com.cloud.utils.component.ManagerBase; import com.cloud.utils.db.DB; import com.cloud.utils.db.EntityManager; +import com.cloud.utils.db.Transaction; +import com.cloud.utils.db.TransactionCallbackNoReturn; +import com.cloud.utils.db.TransactionLegacy; +import com.cloud.utils.db.TransactionStatus; +import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.vm.InstanceGroupVO; import com.cloud.vm.VMInstanceVO; import com.cloud.vm.dao.NicIpAliasVO; @@ -190,6 +198,11 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man @Override public boolean configure(final String name, final Map params) throws ConfigurationException { + + // populate group <-> account association if not present for CS admin + // and system accounts + populateIAMGroupAdminAccountMap(); + _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() { @Override public void onPublishMessage(String senderAddress, String subject, Object obj) { @@ -338,6 +351,88 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man return super.configure(name, params); } + private void populateIAMGroupAdminAccountMap() { + + Transaction.execute(new TransactionCallbackNoReturn() { + @Override + public void doInTransactionWithoutResult(TransactionStatus status) { + TransactionLegacy txn = TransactionLegacy.currentTxn(); + + String searchQuery = "Select id from `cloud`.`iam_group_account_map` where account_id = ? and removed is null"; + ResultSet rs = null; + PreparedStatement acctQuery = null; + PreparedStatement acctInsert = null; + // find if the system account is present in the map + try { + acctQuery = txn.prepareAutoCloseStatement(searchQuery); + acctQuery.setLong(1, Account.ACCOUNT_ID_SYSTEM); + + rs = acctQuery.executeQuery(); + if (!rs.next()) { + acctInsert = txn + .prepareAutoCloseStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())"); + // insert entry in iam_group_account_map table + acctInsert.setLong(1, Account.ACCOUNT_TYPE_ADMIN + 1); + acctInsert.setLong(2, Account.ACCOUNT_ID_SYSTEM); + acctInsert.executeUpdate(); + } + } catch (SQLException ex) { + String msg = "Unable to populate iam_group_account_map for SYSTEM account." + ex.getMessage(); + s_logger.error(msg); + throw new CloudRuntimeException(msg, ex); + } finally { + try { + if (acctInsert != null) { + acctInsert.close(); + } + if (rs != null) { + rs.close(); + } + if (acctQuery != null) { + acctQuery.close(); + } + } catch (SQLException e) { + } + } + + // find if the admin account is present in the map + try { + acctQuery = txn.prepareAutoCloseStatement(searchQuery); + acctQuery.setLong(1, Account.ACCOUNT_ID_SYSTEM + 1); + + rs = acctQuery.executeQuery(); + if (!rs.next()) { + acctInsert = txn + .prepareAutoCloseStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())"); + // insert entry in iam_group_account_map table + acctInsert.setLong(1, Account.ACCOUNT_TYPE_ADMIN + 1); + acctInsert.setLong(2, Account.ACCOUNT_ID_SYSTEM + 1); + acctInsert.executeUpdate(); + } + } catch (SQLException ex) { + String msg = "Unable to populate iam_group_account_map for Admin account." + ex.getMessage(); + s_logger.error(msg); + throw new CloudRuntimeException(msg, ex); + } finally { + try { + if (acctInsert != null) { + acctInsert.close(); + } + if (rs != null) { + rs.close(); + } + if (acctQuery != null) { + acctQuery.close(); + } + } catch (SQLException e) { + } + } + + } + }); + + } + private void addDomainWideResourceAccess(Map params) { IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);