Return-Path: 
 <commits-return-48439-apmail-cloudstack-commits-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-commits-archive@www.apache.org
Delivered-To: apmail-cloudstack-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 32B291724A
	for <apmail-cloudstack-commits-archive@www.apache.org>;
 Thu, 26 Feb 2015 12:18:20 +0000 (UTC)
Received: (qmail 75204 invoked by uid 500); 26 Feb 2015 12:18:17 -0000
Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org
Received: (qmail 75172 invoked by uid 500); 26 Feb 2015 12:18:17 -0000
Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:commits@cloudstack.apache.org>
List-Id: <commits.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list commits@cloudstack.apache.org
Received: (qmail 75162 invoked by uid 99); 26 Feb 2015 12:18:16 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 26 Feb 2015 12:18:16 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id D254FE0531; Thu, 26 Feb 2015 12:18:16 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: bhaisaab@apache.org
To: commits@cloudstack.apache.org
Message-Id: <091d1b65ba01469797e07a8bd39c9e0d@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: git commit: updated refs/heads/master to 6df2fe7
Date: Thu, 26 Feb 2015 12:18:16 +0000 (UTC)

Repository: cloudstack
Updated Branches:
  refs/heads/master f39319932 -> 6df2fe7a8


CLOUDSTACK-8273: refactor baremetal user name to utils, restrict baremetal user

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit cb08707addbffa12abc50aec9ad980059f23910c)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Conflicts:
	server/src/com/cloud/user/AccountManagerImpl.java


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6df2fe7a
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6df2fe7a
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6df2fe7a

Branch: refs/heads/master
Commit: 6df2fe7a8ad70a10b4584391d1c56fc03ff0f85b
Parents: f393199
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Thu Feb 26 17:42:21 2015 +0530
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Thu Feb 26 17:47:01 2015 +0530

----------------------------------------------------------------------
 .../baremetal/manager/BaremetalVlanManager.java |  4 -
 .../manager/BaremetalVlanManagerImpl.java       | 11 +--
 .../src/com/cloud/user/AccountManagerImpl.java  | 93 ++++++++++----------
 .../utils/baremetal/BaremetalUtils.java         | 24 +++++
 4 files changed, 77 insertions(+), 55 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6df2fe7a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManager.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManager.java b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManager.java
index 76f1052..b6311f7 100644
--- a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManager.java
+++ b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManager.java
@@ -27,11 +27,7 @@ import com.cloud.vm.VirtualMachineProfile;
 import org.apache.cloudstack.api.AddBaremetalRctCmd;
 import org.apache.cloudstack.api.DeleteBaremetalRctCmd;
 
-/**
- * Created by frank on 4/30/14.
- */
 public interface BaremetalVlanManager extends Manager, PluggableService {
-    public static final String BAREMETAL_SYSTEM_ACCOUNT_NAME = "baremetal-system-account";
 
     BaremetalRctResponse addRct(AddBaremetalRctCmd cmd);
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6df2fe7a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManagerImpl.java b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManagerImpl.java
index a77cf35..3169597 100644
--- a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManagerImpl.java
+++ b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManagerImpl.java
@@ -43,6 +43,7 @@ import org.apache.cloudstack.api.AddBaremetalRctCmd;
 import org.apache.cloudstack.api.DeleteBaremetalRctCmd;
 import org.apache.cloudstack.api.ListBaremetalRctCmd;
 import org.apache.cloudstack.api.command.admin.user.RegisterCmd;
+import org.apache.cloudstack.utils.baremetal.BaremetalUtils;
 import org.springframework.web.client.RestTemplate;
 
 import javax.inject.Inject;
@@ -235,14 +236,14 @@ public class BaremetalVlanManagerImpl extends ManagerBase implements BaremetalVl
     @Override
     public boolean start() {
         QueryBuilder<AccountVO> acntq = QueryBuilder.create(AccountVO.class);
-        acntq.and(acntq.entity().getAccountName(), SearchCriteria.Op.EQ, BaremetalVlanManager.BAREMETAL_SYSTEM_ACCOUNT_NAME);
+        acntq.and(acntq.entity().getAccountName(), SearchCriteria.Op.EQ, BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME);
         AccountVO acnt = acntq.find();
         if (acnt != null) {
             return true;
         }
 
         acnt = new AccountVO();
-        acnt.setAccountName(BAREMETAL_SYSTEM_ACCOUNT_NAME);
+        acnt.setAccountName(BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME);
         acnt.setUuid(UUID.randomUUID().toString());
         acnt.setState(Account.State.enabled);
         acnt.setDomainId(1);
@@ -252,9 +253,9 @@ public class BaremetalVlanManagerImpl extends ManagerBase implements BaremetalVl
         user.setState(Account.State.enabled);
         user.setUuid(UUID.randomUUID().toString());
         user.setAccountId(acnt.getAccountId());
-        user.setUsername(BAREMETAL_SYSTEM_ACCOUNT_NAME);
-        user.setFirstname(BAREMETAL_SYSTEM_ACCOUNT_NAME);
-        user.setLastname(BAREMETAL_SYSTEM_ACCOUNT_NAME);
+        user.setUsername(BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME);
+        user.setFirstname(BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME);
+        user.setLastname(BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME);
         user.setPassword(UUID.randomUUID().toString());
         user = userDao.persist(user);
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6df2fe7a/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 28115a2..bced7b3 100644
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -16,52 +16,6 @@
 // under the License.
 package com.cloud.user;
 
-import java.net.URLEncoder;
-import java.net.InetAddress;
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
-import java.util.concurrent.Executors;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeUnit;
-
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-import javax.ejb.Local;
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang.StringUtils;
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.ControlledEntity;
-import org.apache.cloudstack.acl.QuerySelector;
-import org.apache.cloudstack.acl.RoleType;
-import org.apache.cloudstack.acl.SecurityChecker;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.affinity.AffinityGroup;
-import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
-import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd;
-import org.apache.cloudstack.api.command.admin.user.DeleteUserCmd;
-import org.apache.cloudstack.api.command.admin.user.RegisterCmd;
-import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
-import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
-import org.apache.cloudstack.framework.messagebus.MessageBus;
-import org.apache.cloudstack.framework.messagebus.PublishScope;
-import org.apache.cloudstack.managed.context.ManagedContextRunnable;
-import org.apache.cloudstack.region.gslb.GlobalLoadBalancerRuleDao;
-
 import com.cloud.api.ApiDBUtils;
 import com.cloud.api.query.vo.ControlledViewEntity;
 import com.cloud.configuration.Config;
@@ -163,6 +117,49 @@ import com.cloud.vm.VirtualMachineManager;
 import com.cloud.vm.dao.InstanceGroupDao;
 import com.cloud.vm.dao.UserVmDao;
 import com.cloud.vm.dao.VMInstanceDao;
+import org.apache.cloudstack.acl.ControlledEntity;
+import org.apache.cloudstack.acl.QuerySelector;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.affinity.AffinityGroup;
+import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
+import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd;
+import org.apache.cloudstack.api.command.admin.user.DeleteUserCmd;
+import org.apache.cloudstack.api.command.admin.user.RegisterCmd;
+import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
+import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.messagebus.MessageBus;
+import org.apache.cloudstack.framework.messagebus.PublishScope;
+import org.apache.cloudstack.managed.context.ManagedContextRunnable;
+import org.apache.cloudstack.region.gslb.GlobalLoadBalancerRuleDao;
+import org.apache.cloudstack.utils.baremetal.BaremetalUtils;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+import java.net.URLEncoder;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
 
 @Local(value = {AccountManager.class, AccountService.class})
 public class AccountManagerImpl extends ManagerBase implements AccountManager, Manager {
@@ -2194,6 +2191,10 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
         if (user.getId() == User.UID_SYSTEM) {
             throw new PermissionDeniedException("user id : " + user.getId() + " is system account, update is not allowed");
         }
+        // don't allow baremetal system user
+        if (BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME.equals(user.getUsername())) {
+            throw new PermissionDeniedException("user id : " + user.getId() + " is system account, update is not allowed");
+        }
 
         // generate both an api key and a secret key, update the user table with the keys, return the keys to the user
         final String[] keys = new String[2];

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6df2fe7a/utils/src/org/apache/cloudstack/utils/baremetal/BaremetalUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/baremetal/BaremetalUtils.java b/utils/src/org/apache/cloudstack/utils/baremetal/BaremetalUtils.java
new file mode 100644
index 0000000..85704a5
--- /dev/null
+++ b/utils/src/org/apache/cloudstack/utils/baremetal/BaremetalUtils.java
@@ -0,0 +1,24 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package org.apache.cloudstack.utils.baremetal;
+
+public class BaremetalUtils {
+    public static final String BAREMETAL_SYSTEM_ACCOUNT_NAME = "baremetal-system-account";
+}