Permalink
Browse files

Merge branch 'testing' into team/console/3.3

  • Loading branch information...
2 parents 9955c03 + 3205244 commit 0a611007d5e08afc2652325828895034a8dc3b73 @dkavanagh dkavanagh committed Mar 30, 2013
Showing with 8,614 additions and 1,669 deletions.
  1. +3 −3 clc/.classpath
  2. +227 −12 clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAccountProxy.java
  3. +21 −2 clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthProvider.java
  4. +93 −7 clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthUtils.java
  5. +19 −2 clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthorizationProxy.java
  6. +148 −0 clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseInstanceProfileProxy.java
  7. +26 −3 clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabasePolicyProxy.java
  8. +58 −0 clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabasePrincipalProxy.java
  9. +354 −0 clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseRoleProxy.java
  10. +12 −2 clc/modules/authentication/src/main/java/com/eucalyptus/auth/entities/AuthorizationEntity.java
  11. +141 −0 clc/modules/authentication/src/main/java/com/eucalyptus/auth/entities/InstanceProfileEntity.java
  12. +18 −2 clc/modules/authentication/src/main/java/com/eucalyptus/auth/entities/PolicyEntity.java
  13. +141 −0 clc/modules/authentication/src/main/java/com/eucalyptus/auth/entities/PrincipalEntity.java
  14. +170 −0 clc/modules/authentication/src/main/java/com/eucalyptus/auth/entities/RoleEntity.java
  15. +37 −5 clc/modules/authentication/src/main/java/com/eucalyptus/auth/entities/StatementEntity.java
  16. +8 −4 clc/modules/authentication/src/main/java/com/eucalyptus/auth/json/JsonUtils.java
  17. +154 −56 clc/modules/authentication/src/main/java/com/eucalyptus/auth/policy/PolicyEngineImpl.java
  18. +71 −35 clc/modules/authentication/src/main/java/com/eucalyptus/auth/policy/PolicyParser.java
  19. +0 −118 clc/modules/authentication/src/main/java/com/eucalyptus/auth/policy/PolicyParserTest.java
  20. +204 −0 clc/modules/authentication/src/test/java/com/eucalyptus/auth/policy/PolicyParserTest.java
  21. +108 −0 ...oscaling-common/src/main/java/com/eucalyptus/autoscaling/common/AutoScalingMessageValidation.java
  22. +199 −4 ...les/autoscaling-common/src/main/java/com/eucalyptus/autoscaling/common/AutoScalingMessages.groovy
  23. +68 −0 ...ng-common/src/test/java/com/eucalyptus/autoscaling/common/AutoScalingMessageValidationTest.groovy
  24. +45 −0 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/AutoScalingMessageValidator.java
  25. +160 −53 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/AutoScalingService.java
  26. +36 −0 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/InvalidActionException.java
  27. +35 −0 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/ValidationErrorException.java
  28. +230 −8 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/activities/ActivityManager.java
  29. +1 −1 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/activities/BackoffRunner.java
  30. +33 −0 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/activities/CloudWatchClient.java
  31. +21 −3 ...ules/autoscaling/src/main/java/com/eucalyptus/autoscaling/configurations/LaunchConfiguration.java
  32. +4 −0 ...les/autoscaling/src/main/java/com/eucalyptus/autoscaling/configurations/LaunchConfigurations.java
  33. +0 −2 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/groups/AutoScalingGroup.java
  34. +0 −2 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/groups/AutoScalingGroups.java
  35. +10 −1 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/groups/SuspendedProcess.java
  36. +1 −1 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/policies/AdjustmentType.java
  37. +1 −2 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/policies/ScalingPolicies.java
  38. +0 −2 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/policies/ScalingPolicy.java
  39. +11 −0 clc/modules/autoscaling/src/main/java/com/eucalyptus/autoscaling/tags/Tags.java
  40. +1 −1 clc/modules/autoscaling/src/main/resources/autoscaling-model.xml
  41. +20 −0 clc/modules/autoscaling/src/test/java/com/eucalyptus/autoscaling/AutoScalingBindingTest.groovy
  42. +9 −1 clc/modules/autoscaling/src/test/java/com/eucalyptus/autoscaling/AutoScalingServiceTest.groovy
  43. +97 −13 ...odules/autoscaling/src/test/java/com/eucalyptus/autoscaling/activities/ActivityManagerTest.groovy
  44. +3 −0 clc/modules/cloudwatch/src/main/java/com/eucalyptus/cloudwatch/CloudWatchService.java
  45. +41 −0 clc/modules/cloudwatch/src/main/java/com/eucalyptus/cloudwatch/domain/DBCleanupService.java
  46. +159 −6 clc/modules/cloudwatch/src/main/java/com/eucalyptus/cloudwatch/domain/alarms/AlarmManager.java
  47. +15 −1 clc/modules/cluster-manager/src/main/java/com/eucalyptus/blockstorage/SnapshotManager.java
  48. +24 −6 clc/modules/cluster-manager/src/main/java/com/eucalyptus/cloud/run/Allocations.java
  49. +1 −1 ...modules/cluster-manager/src/main/java/com/eucalyptus/cluster/callback/DescribeSensorCallback.java
  50. +1 −6 clc/modules/cluster-manager/src/main/java/com/eucalyptus/vm/Bundles.java
  51. +34 −0 clc/modules/cluster-manager/src/main/java/com/eucalyptus/vm/VmBootRecord.java
  52. +17 −4 clc/modules/cluster-manager/src/main/java/com/eucalyptus/vm/VmControl.java
  53. +27 −6 clc/modules/cluster-manager/src/main/java/com/eucalyptus/vm/VmId.java
  54. +64 −15 clc/modules/cluster-manager/src/main/java/com/eucalyptus/vm/VmInstance.java
  55. +33 −4 clc/modules/cluster-manager/src/main/java/com/eucalyptus/vm/VmInstances.java
  56. +134 −0 clc/modules/core/src/main/java/edu/ucsb/eucalyptus/cloud/entities/ARecordAddressInfo.java
  57. +162 −0 clc/modules/core/src/main/java/edu/ucsb/eucalyptus/cloud/entities/ARecordNameInfo.java
  58. +229 −7 clc/modules/dns/src/main/java/com/eucalyptus/cloud/ws/DNSControl.java
  59. +34 −29 clc/modules/dns/src/main/java/com/eucalyptus/cloud/ws/ZoneManager.java
  60. +4 −4 clc/modules/dns/src/main/java/com/eucalyptus/dns/SetResponse.java
  61. +179 −0 clc/modules/dns/src/main/java/com/eucalyptus/dns/TransientPtrZone.java
  62. +339 −24 clc/modules/euare-common/src/main/java/com/eucalyptus/auth/euare/EuareMessages.groovy
  63. +242 −15 clc/modules/euare-common/src/main/resources/euare-binding.xml
  64. +1 −1 clc/modules/{msgs → euare}/src/main/java/com/eucalyptus/auth/euare/EuareException.java
  65. +8 −1 clc/modules/euare/src/main/java/com/eucalyptus/auth/euare/EuareQuotaUtil.java
  66. +482 −106 clc/modules/euare/src/main/java/com/eucalyptus/auth/euare/EuareService.java
  67. +60 −0 clc/modules/euare/src/main/java/com/eucalyptus/auth/euare/InstanceProfileNumberQuotaKey.java
  68. +60 −0 clc/modules/euare/src/main/java/com/eucalyptus/auth/euare/RoleNumberQuotaKey.java
  69. +2 −2 ...in/java/com/eucalyptus/ws/util → euare/src/main/java/com/eucalyptus/auth/ws}/EuareReplyQueue.java
  70. +2 −2 clc/modules/euare/src/main/resources/euare-model.xml
  71. +22 −0 clc/modules/euare/src/test/java/com/eucalyptus/auth/ws/EuareBindingTest.groovy
  72. +46 −53 ...modules/loadbalancing/src/main/java/com/eucalyptus/loadbalancing/LoadBalancerBackendInstance.java
  73. +43 −17 clc/modules/loadbalancing/src/main/java/com/eucalyptus/loadbalancing/LoadBalancers.java
  74. +157 −56 clc/modules/loadbalancing/src/main/java/com/eucalyptus/loadbalancing/LoadBalancingService.java
  75. +1 −1 clc/modules/loadbalancing/src/main/java/com/eucalyptus/loadbalancing/activities/ActivityManager.java
  76. +176 −18 .../loadbalancing/src/main/java/com/eucalyptus/loadbalancing/activities/EucalyptusActivityTasks.java
  77. +7 −1 .../loadbalancing/src/main/java/com/eucalyptus/loadbalancing/activities/EventHandlerChainDelete.java
  78. +59 −7 ...les/loadbalancing/src/main/java/com/eucalyptus/loadbalancing/activities/EventHandlerChainNew.java
  79. +3 −2 ...balancing/src/main/java/com/eucalyptus/loadbalancing/activities/LoadbalancerInstanceLauncher.java
  80. +56 −4 clc/modules/msgs/src/main/java/com/eucalyptus/auth/Accounts.java
  81. +12 −1 clc/modules/msgs/src/main/java/com/eucalyptus/auth/AuthException.java
  82. +24 −27 clc/modules/msgs/src/main/java/com/eucalyptus/auth/Permissions.java
  83. +217 −12 clc/modules/msgs/src/main/java/com/eucalyptus/auth/Privileged.java
  84. +4 −1 clc/modules/msgs/src/main/java/com/eucalyptus/auth/api/AccountProvider.java
  85. +10 −2 clc/modules/msgs/src/main/java/com/eucalyptus/auth/api/PolicyEngine.java
  86. +11 −0 clc/modules/msgs/src/main/java/com/eucalyptus/auth/policy/PolicyResourceType.java
  87. +91 −3 clc/modules/msgs/src/main/java/com/eucalyptus/auth/policy/PolicySpec.java
  88. +1 −1 clc/modules/msgs/src/main/java/com/eucalyptus/auth/policy/ern/Ern.java
  89. +3 −1 clc/modules/msgs/src/main/java/com/eucalyptus/auth/policy/key/Keys.java
  90. +22 −5 clc/modules/msgs/src/main/java/com/eucalyptus/auth/principal/Account.java
  91. +3 −2 clc/modules/msgs/src/main/java/com/eucalyptus/auth/principal/Authorization.java
  92. +40 −0 clc/modules/msgs/src/main/java/com/eucalyptus/auth/principal/AuthorizedPrincipal.java
  93. +45 −0 clc/modules/msgs/src/main/java/com/eucalyptus/auth/principal/InstanceProfile.java
  94. +4 −2 clc/modules/msgs/src/main/java/com/eucalyptus/auth/principal/Policy.java
  95. +88 −0 clc/modules/msgs/src/main/java/com/eucalyptus/auth/principal/Principal.java
  96. +124 −131 clc/modules/msgs/src/main/java/com/eucalyptus/auth/principal/Principals.java
  97. +51 −0 clc/modules/msgs/src/main/java/com/eucalyptus/auth/principal/Role.java
  98. +252 −0 clc/modules/msgs/src/main/java/com/eucalyptus/auth/principal/RoleUser.java
  99. +2 −13 clc/modules/msgs/src/main/java/com/eucalyptus/auth/principal/User.java
  100. +159 −31 clc/modules/msgs/src/main/java/com/eucalyptus/auth/tokens/SecurityTokenManager.java
  101. +1 −1 clc/modules/msgs/src/main/java/com/eucalyptus/entities/EntityWrapper.java
  102. +19 −2 clc/modules/msgs/src/main/java/com/eucalyptus/event/ListenerRegistry.java
  103. +2 −1 clc/modules/msgs/src/main/java/com/eucalyptus/system/Ats.java
  104. +17 −12 clc/modules/msgs/src/main/java/com/eucalyptus/util/RestrictedType.java
  105. +150 −12 clc/modules/msgs/src/main/java/com/eucalyptus/util/RestrictedTypes.java
  106. +74 −0 clc/modules/msgs/src/main/java/edu/ucsb/eucalyptus/msgs/DNS.groovy
  107. +1 −1 clc/modules/msgs/src/main/java/edu/ucsb/eucalyptus/msgs/Messages.groovy
  108. +10 −2 clc/modules/msgs/src/main/java/edu/ucsb/eucalyptus/msgs/VmControl.groovy
  109. +3 −0 clc/modules/msgs/src/main/resources/aws-instances-10-08-31.xml
  110. +3 −0 clc/modules/msgs/src/main/resources/aws-instances-11-11-01.xml
  111. +1 −1 clc/modules/msgs/src/main/resources/cc-sensors.xml
  112. +19 −0 clc/modules/msgs/src/test/java/com/eucalyptus/auth/policy/ern/ErnTest.groovy
  113. +44 −0 clc/modules/msgs/src/test/java/com/eucalyptus/auth/principal/PrincipalTest.groovy
  114. +120 −8 clc/modules/msgs/src/test/java/com/eucalyptus/auth/tokens/SecurityTokenManagerTest.groovy
  115. +1 −1 clc/modules/reporting/src/main/java/com/eucalyptus/reporting/ReportingDataVerifier.java
  116. +387 −111 clc/modules/storage-controller/src/main/java/com/eucalyptus/storage/DASManager.java
  117. +25 −10 clc/modules/storage-controller/src/main/java/com/eucalyptus/storage/ISCSIManager.java
  118. +39 −334 clc/modules/storage-controller/src/main/java/com/eucalyptus/storage/OverlayManager.java
  119. +2 −0 clc/modules/storage-controller/src/main/java/com/eucalyptus/storage/StorageExportManager.java
  120. +4 −2 clc/modules/storage-controller/src/main/java/edu/ucsb/eucalyptus/cloud/ws/BlockStorage.java
  121. +1 −0 clc/modules/tokens/src/main/java/com/eucalyptus/tokens/TokensException.java
  122. +47 −0 clc/modules/tokens/src/main/java/com/eucalyptus/tokens/TokensMessages.groovy
  123. +109 −2 clc/modules/tokens/src/main/java/com/eucalyptus/tokens/TokensService.java
  124. +57 −0 clc/modules/tokens/src/main/java/com/eucalyptus/tokens/policy/ExternalIdContext.java
  125. +59 −0 clc/modules/tokens/src/main/java/com/eucalyptus/tokens/policy/ExternalIdKey.java
  126. +22 −0 clc/modules/tokens/src/main/resources/tokens-binding.xml
  127. 0 clc/modules/www/src/main/java/com/eucalyptus/webui/public/themes/active
  128. 0 clc/modules/www/src/main/java/com/eucalyptus/webui/public/themes/active
  129. +5 −5 clc/modules/www/src/main/java/com/eucalyptus/webui/server/EuareWebBackend.java
  130. +116 −27 cluster/handlers.c
  131. +1 −1 cluster/handlers.h
  132. +1 −1 configure
  133. +2 −2 configure.ac
  134. 0 console/static/custom/Messages_FI.properties
  135. 0 console/static/custom/Messages_FI.properties
  136. 0 console/static/custom/Messages_en.properties
  137. 0 console/static/custom/Messages_en.properties
  138. 0 console/static/custom/Messages_en_US.properties
  139. 0 console/static/custom/Messages_en_US.properties
  140. 0 console/static/custom/Messages_ja_JP.properties
  141. 0 console/static/custom/Messages_ja_JP.properties
  142. 0 console/static/custom/Messages_ko.properties
  143. 0 console/static/custom/Messages_ko.properties
  144. 0 console/static/custom/Messages_ru_RU.properties
  145. 0 console/static/custom/Messages_ru_RU.properties
  146. 0 console/static/help/en_US
  147. 0 console/static/help/en_US
  148. 0 console/static/help/zh_CN
  149. 0 console/static/help/zh_CN
  150. +43 −7 node/handlers.c
  151. +40 −20 node/handlers_kvm.c
  152. 0 project/cluster
  153. 0 project/cluster
  154. 0 project/devel
  155. 0 project/devel
  156. 0 project/gatherlog
  157. 0 project/gatherlog
  158. 0 project/net
  159. 0 project/net
  160. 0 project/node
  161. 0 project/node
  162. 0 project/storage
  163. 0 project/storage
  164. 0 project/tools
  165. 0 project/tools
  166. 0 project/util
  167. 0 project/util
  168. 0 project/wsdl
  169. 0 project/wsdl
  170. +11 −4 tools/connect_iscsitarget_main.pl
  171. +1 −2 tools/disconnect_iscsitarget_main.pl
  172. +6 −4 tools/get_iscsitarget.pl
  173. +15 −46 tools/iscsitarget_common.pl
  174. +23 −0 tools/multipath.conf.example.equallogic
  175. +25 −30 util/adb-helpers.h
  176. +3 −3 util/data.c
  177. +17 −38 util/sensor.c
  178. +1 −1 util/sensor.h
  179. +1 −1 wsdl/eucalyptus_cc.wsdl
  180. +1 −1 wsdl/eucalyptus_nc.wsdl
View
@@ -67,16 +67,13 @@
<classpathentry kind="lib" path="lib/cglib-2.1.3.jar"/>
<classpathentry kind="lib" path="lib/commons-beanutils-1.8.0-BETA.jar"/>
<classpathentry kind="lib" path="lib/commons-cli-1.1.jar"/>
- <classpathentry kind="lib" path="lib/commons-codec-1.3.jar"/>
<classpathentry kind="lib" path="lib/commons-collections3-3.2.1.jar"/>
<classpathentry kind="lib" path="lib/commons-compress-1.1.jar"/>
<classpathentry kind="lib" path="lib/commons-digester-1.8.1.jar"/>
<classpathentry kind="lib" path="lib/commons-discovery-0.4.jar"/>
<classpathentry kind="lib" path="lib/commons-fileupload-1.2.1.jar"/>
<classpathentry kind="lib" path="lib/commons-httpclient-3.1.jar"/>
- <classpathentry kind="lib" path="lib/commons-io-1.4.jar"/>
<classpathentry kind="lib" path="lib/commons-jxpath-1.2.jar"/>
- <classpathentry kind="lib" path="lib/commons-lang-2.4.jar"/>
<classpathentry kind="lib" path="lib/commons-logging-1.1.1.jar"/>
<classpathentry kind="lib" path="lib/commons-logging-adapters-1.1.1.jar"/>
<classpathentry kind="lib" path="lib/commons-logging-api-1.1.1.jar"/>
@@ -194,5 +191,8 @@
<classpathentry kind="lib" path="lib/xom-1.1.jar"/>
<classpathentry kind="lib" path="lib/xpp3-1.1.3.4.O.jar"/>
<classpathentry exported="true" kind="con" path="GROOVY_DSL_SUPPORT"/>
+ <classpathentry kind="lib" path="lib/commons-codec-1.4.jar"/>
+ <classpathentry kind="lib" path="lib/commons-io-2.0.1.jar"/>
+ <classpathentry kind="lib" path="lib/commons-lang-2.6.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>
@@ -1,5 +1,5 @@
/*************************************************************************
- * Copyright 2009-2012 Eucalyptus Systems, Inc.
+ * Copyright 2009-2013 Eucalyptus Systems, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -65,9 +65,6 @@
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;
-import org.hibernate.Session;
-import org.hibernate.criterion.Example;
-import org.hibernate.criterion.MatchMode;
import org.hibernate.criterion.Restrictions;
import com.eucalyptus.auth.checker.InvalidValueException;
import com.eucalyptus.auth.checker.ValueChecker;
@@ -76,17 +73,20 @@
import com.eucalyptus.auth.entities.AuthorizationEntity;
import com.eucalyptus.auth.entities.CertificateEntity;
import com.eucalyptus.auth.entities.GroupEntity;
+import com.eucalyptus.auth.entities.InstanceProfileEntity;
+import com.eucalyptus.auth.entities.PolicyEntity;
+import com.eucalyptus.auth.entities.RoleEntity;
import com.eucalyptus.auth.entities.UserEntity;
+import com.eucalyptus.auth.policy.PolicyParser;
import com.eucalyptus.auth.principal.Account;
import com.eucalyptus.auth.principal.Authorization;
import com.eucalyptus.auth.principal.Group;
+import com.eucalyptus.auth.principal.InstanceProfile;
+import com.eucalyptus.auth.principal.Role;
import com.eucalyptus.auth.principal.User;
import com.eucalyptus.auth.principal.Authorization.EffectType;
import com.eucalyptus.crypto.Crypto;
-import com.eucalyptus.crypto.Hmacs;
import com.eucalyptus.entities.EntityWrapper;
-import com.eucalyptus.entities.Transactions;
-import java.util.concurrent.ExecutionException;
import com.eucalyptus.util.Tx;
import com.google.common.collect.Lists;
@@ -194,7 +194,53 @@ public void fire( AccountEntity t ) {
throw new AuthException( "Failed to get groups", e );
}
}
-
+
+ @Override
+ public List<Role> getRoles( ) throws AuthException {
+ final List<Role> results = Lists.newArrayList( );
+ final EntityWrapper<RoleEntity> db = EntityWrapper.get( RoleEntity.class );
+ try {
+ @SuppressWarnings( "unchecked" )
+ List<RoleEntity> roles = ( List<RoleEntity> ) db
+ .createCriteria( RoleEntity.class )
+ .createCriteria( "account" ).add( Restrictions.eq( "name", this.delegate.getName( ) ) )
+ .setCacheable( true )
+ .list( );
+ for ( final RoleEntity role : roles ) {
+ results.add( new DatabaseRoleProxy( role ) );
+ }
+ return results;
+ } catch ( Exception e ) {
+ Debugging.logError( LOG, e, "Failed to get roles for " + this.delegate.getName( ) );
+ throw new AuthException( "Failed to get roles", e );
+ } finally {
+ if ( db.isActive() ) db.rollback();
+ }
+ }
+
+ @Override
+ public List<InstanceProfile> getInstanceProfiles() throws AuthException {
+ final List<InstanceProfile> results = Lists.newArrayList( );
+ final EntityWrapper<InstanceProfileEntity> db = EntityWrapper.get( InstanceProfileEntity.class );
+ try {
+ @SuppressWarnings( "unchecked" )
+ List<InstanceProfileEntity> instanceProfiles = ( List<InstanceProfileEntity> ) db
+ .createCriteria( InstanceProfileEntity.class )
+ .createCriteria( "account" ).add( Restrictions.eq( "name", this.delegate.getName( ) ) )
+ .setCacheable( true )
+ .list( );
+ for ( final InstanceProfileEntity instanceProfile : instanceProfiles ) {
+ results.add( new DatabaseInstanceProfileProxy( instanceProfile ) );
+ }
+ return results;
+ } catch ( Exception e ) {
+ Debugging.logError( LOG, e, "Failed to get instance profiles for " + this.delegate.getName( ) );
+ throw new AuthException( "Failed to get instance profiles", e );
+ } finally {
+ if ( db.isActive() ) db.rollback();
+ }
+ }
+
@Override
public User addUser( String userName, String path, boolean skipRegistration, boolean enabled, Map<String, String> info ) throws AuthException {
try {
@@ -262,7 +308,20 @@ private boolean userHasResourceAttached( String userName, String accountName ) t
throw new AuthException( AuthException.NO_SUCH_USER, e );
}
}
-
+
+ private boolean roleHasResourceAttached( String roleName, String accountName ) throws AuthException {
+ final EntityWrapper<RoleEntity> db = EntityWrapper.get( RoleEntity.class );
+ try {
+ final RoleEntity roleEntity = DatabaseAuthUtils.getUniqueRole( db, roleName, accountName );
+ return roleEntity.getPolicies( ).size( ) > 0;
+ } catch ( Exception e ) {
+ Debugging.logError( LOG, e, "Failed to check role " + roleName + " in " + accountName );
+ throw new AuthException( AuthException.NO_SUCH_ROLE, e );
+ } finally {
+ if ( db.isActive() ) db.rollback();
+ }
+ }
+
private static int getCurrentCertificateNumber( List<CertificateEntity> certs ) {
int num = 0;
for ( CertificateEntity cert : certs ) {
@@ -303,7 +362,67 @@ public void deleteUser( String userName, boolean forceDeleteAdmin, boolean recur
throw new AuthException( AuthException.NO_SUCH_USER, e );
}
}
-
+
+ @Override
+ public Role addRole( final String roleName, final String path, final String assumeRolePolicy ) throws AuthException, PolicyParseException {
+ try {
+ USER_GROUP_NAME_CHECKER.check( roleName );
+ } catch ( InvalidValueException e ) {
+ Debugging.logError( LOG, e, "Invalid role name " + roleName );
+ throw new AuthException( AuthException.INVALID_NAME, e );
+ }
+ try {
+ PATH_CHECKER.check( path );
+ } catch ( InvalidValueException e ) {
+ Debugging.logError( LOG, e, "Invalid path " + path );
+ throw new AuthException( AuthException.INVALID_PATH, e );
+ }
+ if ( DatabaseAuthUtils.checkRoleExists( roleName, this.delegate.getName() ) ) {
+ throw new AuthException( AuthException.ROLE_ALREADY_EXISTS );
+ }
+ final PolicyEntity parsedPolicy = PolicyParser.getResourceInstance().parse( assumeRolePolicy );
+ final EntityWrapper<AccountEntity> db = EntityWrapper.get( AccountEntity.class );
+ try {
+ final AccountEntity account = DatabaseAuthUtils.getUnique( db, AccountEntity.class, "name", this.delegate.getName( ) );
+ final RoleEntity newRole = new RoleEntity( roleName );
+ newRole.setRoleId( Crypto.generateQueryId() );
+ newRole.setPath( path );
+ newRole.setAccount( account );
+ newRole.setAssumeRolePolicy( parsedPolicy );
+ parsedPolicy.setName( "assume-role-policy-for-" + newRole.getRoleId() );
+ final RoleEntity persistedRole = db.recast( RoleEntity.class ).persist( newRole );
+ db.commit( );
+ return new DatabaseRoleProxy( persistedRole );
+ } catch ( Exception e ) {
+ Debugging.logError( LOG, e, "Failed to add role: " + roleName + " in " + this.delegate.getName() );
+ throw new AuthException( AuthException.ROLE_CREATE_FAILURE, e );
+ } finally {
+ if ( db.isActive() ) db.rollback();
+ }
+ }
+
+ @Override
+ public void deleteRole( final String roleName ) throws AuthException {
+ final String accountName = this.delegate.getName( );
+ if ( roleName == null ) {
+ throw new AuthException( AuthException.EMPTY_ROLE_NAME );
+ }
+ if ( roleHasResourceAttached( roleName, accountName ) ) {
+ throw new AuthException( AuthException.ROLE_DELETE_CONFLICT );
+ }
+ final EntityWrapper<RoleEntity> db = EntityWrapper.get( RoleEntity.class );
+ try {
+ final RoleEntity role = DatabaseAuthUtils.getUniqueRole( db, roleName, accountName );
+ db.delete( role );
+ db.commit( );
+ } catch ( Exception e ) {
+ Debugging.logError( LOG, e, "Failed to delete role: " + roleName + " in " + accountName );
+ throw new AuthException( AuthException.NO_SUCH_ROLE, e );
+ } finally {
+ if ( db.isActive() ) db.rollback();
+ }
+ }
+
@Override
public Group addGroup( String groupName, String path ) throws AuthException {
try {
@@ -378,6 +497,60 @@ public void deleteGroup( String groupName, boolean recursive ) throws AuthExcept
}
@Override
+ public InstanceProfile addInstanceProfile( final String instanceProfileName, final String path ) throws AuthException {
+ try {
+ USER_GROUP_NAME_CHECKER.check( instanceProfileName );
+ } catch ( InvalidValueException e ) {
+ Debugging.logError( LOG, e, "Invalid instance profile name " + instanceProfileName );
+ throw new AuthException( AuthException.INVALID_NAME, e );
+ }
+ try {
+ PATH_CHECKER.check( path );
+ } catch ( InvalidValueException e ) {
+ Debugging.logError( LOG, e, "Invalid path " + path );
+ throw new AuthException( AuthException.INVALID_PATH, e );
+ }
+ if ( DatabaseAuthUtils.checkInstanceProfileExists( instanceProfileName, this.delegate.getName() ) ) {
+ throw new AuthException( AuthException.INSTANCE_PROFILE_ALREADY_EXISTS );
+ }
+ final EntityWrapper<AccountEntity> db = EntityWrapper.get( AccountEntity.class );
+ try {
+ final AccountEntity account = DatabaseAuthUtils.getUnique( db, AccountEntity.class, "name", this.delegate.getName( ) );
+ final InstanceProfileEntity newInstanceProfile = new InstanceProfileEntity( instanceProfileName );
+ newInstanceProfile.setInstanceProfileId( Crypto.generateQueryId() );
+ newInstanceProfile.setPath( path );
+ newInstanceProfile.setAccount( account );
+ final InstanceProfileEntity persistedInstanceProfile = db.recast( InstanceProfileEntity.class ).persist( newInstanceProfile );
+ db.commit( );
+ return new DatabaseInstanceProfileProxy( persistedInstanceProfile );
+ } catch ( Exception e ) {
+ Debugging.logError( LOG, e, "Failed to add instance profile: " + instanceProfileName + " in " + this.delegate.getName() );
+ throw new AuthException( AuthException.INSTANCE_PROFILE_CREATE_FAILURE, e );
+ } finally {
+ if ( db.isActive() ) db.rollback();
+ }
+ }
+
+ @Override
+ public void deleteInstanceProfile( final String instanceProfileName ) throws AuthException {
+ final String accountName = this.delegate.getName( );
+ if ( instanceProfileName == null ) {
+ throw new AuthException( AuthException.EMPTY_INSTANCE_PROFILE_NAME );
+ }
+ final EntityWrapper<InstanceProfileEntity> db = EntityWrapper.get( InstanceProfileEntity.class );
+ try {
+ final InstanceProfileEntity instanceProfileEntity = DatabaseAuthUtils.getUniqueInstanceProfile( db, instanceProfileName, accountName );
+ db.delete( instanceProfileEntity );
+ db.commit( );
+ } catch ( Exception e ) {
+ Debugging.logError( LOG, e, "Failed to delete instance profile: " + instanceProfileName + " in " + accountName );
+ throw new AuthException( AuthException.NO_SUCH_INSTANCE_PROFILE, e );
+ } finally {
+ if ( db.isActive() ) db.rollback();
+ }
+ }
+
+ @Override
public Group lookupGroupByName( String groupName ) throws AuthException {
String accountName = this.delegate.getName( );
if ( groupName == null ) {
@@ -394,7 +567,44 @@ public Group lookupGroupByName( String groupName ) throws AuthException {
throw new AuthException( AuthException.NO_SUCH_GROUP, e );
}
}
-
+
+ @Override
+ public InstanceProfile lookupInstanceProfileByName( final String instanceProfileName ) throws AuthException {
+ final String accountName = this.delegate.getName( );
+ if ( instanceProfileName == null ) {
+ throw new AuthException( AuthException.EMPTY_INSTANCE_PROFILE_NAME );
+ }
+ final EntityWrapper<InstanceProfileEntity> db = EntityWrapper.get( InstanceProfileEntity.class );
+ try {
+ final InstanceProfileEntity instanceProfileEntity =
+ DatabaseAuthUtils.getUniqueInstanceProfile( db, instanceProfileName, accountName );
+ return new DatabaseInstanceProfileProxy( instanceProfileEntity );
+ } catch ( Exception e ) {
+ Debugging.logError( LOG, e, "Failed to get instance profile " + instanceProfileName + " for " + accountName );
+ throw new AuthException( AuthException.NO_SUCH_INSTANCE_PROFILE, e );
+ } finally {
+ if ( db.isActive() ) db.rollback();
+ }
+ }
+
+ @Override
+ public Role lookupRoleByName( String roleName ) throws AuthException {
+ final String accountName = this.delegate.getName( );
+ if ( roleName == null ) {
+ throw new AuthException( AuthException.EMPTY_ROLE_NAME );
+ }
+ final EntityWrapper<RoleEntity> db = EntityWrapper.get( RoleEntity.class );
+ try {
+ final RoleEntity roleEntity = DatabaseAuthUtils.getUniqueRole( db, roleName, accountName );
+ return new DatabaseRoleProxy( roleEntity );
+ } catch ( Exception e ) {
+ Debugging.logError( LOG, e, "Failed to get role " + roleName + " for " + accountName );
+ throw new AuthException( AuthException.NO_SUCH_ROLE, e );
+ } finally {
+ if ( db.isActive() ) db.rollback();
+ }
+ }
+
@Override
public User lookupUserByName( String userName ) throws AuthException {
String accountName = this.delegate.getName( );
@@ -412,7 +622,12 @@ public User lookupUserByName( String userName ) throws AuthException {
throw new AuthException( AuthException.NO_SUCH_USER, e );
}
}
-
+
+ @Override
+ public User lookupAdmin() throws AuthException {
+ return lookupUserByName( User.ACCOUNT_ADMIN );
+ }
+
@Override
public List<Authorization> lookupAccountGlobalAuthorizations( String resourceType ) throws AuthException {
String accountId = this.delegate.getAccountNumber( );
@@ -77,11 +77,13 @@
import com.eucalyptus.auth.entities.AccountEntity;
import com.eucalyptus.auth.entities.CertificateEntity;
import com.eucalyptus.auth.entities.GroupEntity;
+import com.eucalyptus.auth.entities.RoleEntity;
import com.eucalyptus.auth.entities.UserEntity;
import com.eucalyptus.auth.principal.AccessKey;
import com.eucalyptus.auth.principal.Account;
import com.eucalyptus.auth.principal.Certificate;
import com.eucalyptus.auth.principal.Group;
+import com.eucalyptus.auth.principal.Role;
import com.eucalyptus.auth.principal.User;
import com.eucalyptus.auth.util.X509CertHelper;
import com.eucalyptus.entities.EntityWrapper;
@@ -189,7 +191,7 @@ public User lookupUserByCertificate( X509Certificate cert ) throws AuthException
.createCriteria( "certificates" ).setCacheable( true ).add(
Restrictions.and(
Restrictions.eq( "pem", X509CertHelper.fromCertificate( cert ) ),
- Restrictions.and(
+ Restrictions.and(
Restrictions.eq( "active", true ),
Restrictions.eq( "revoked", false ) ) ) )
.uniqueResult( );
@@ -221,7 +223,24 @@ public Group lookupGroupById( final String groupId ) throws AuthException {
throw new AuthException( AuthException.NO_SUCH_GROUP, e );
}
}
-
+
+ @Override
+ public Role lookupRoleById( final String roleId ) throws AuthException {
+ if ( roleId == null ) {
+ throw new AuthException( AuthException.EMPTY_ROLE_ID );
+ }
+ final EntityWrapper<RoleEntity> db = EntityWrapper.get( RoleEntity.class );
+ try {
+ final RoleEntity role = DatabaseAuthUtils.getUnique( db, RoleEntity.class, "roleId", roleId );
+ return new DatabaseRoleProxy( role );
+ } catch ( Exception e ) {
+ Debugging.logError( LOG, e, "Failed to find role by ID " + roleId );
+ throw new AuthException( AuthException.NO_SUCH_ROLE, e );
+ } finally {
+ db.rollback();
+ }
+ }
+
/**
* Add account admin user separately.
*
Oops, something went wrong.

0 comments on commit 0a61100

Please sign in to comment.