Permalink
Browse files

Use correct resource type for security group tags - EUCA-5273

The resource type for security group tags is now security-group. Tag now
allows sub-classes to override the policy resource name for a resource
type where the tag resource type differs from the policy resource name.

EUCA-5273
  • Loading branch information...
1 parent 9f04e8e commit 0c05034f13bb31442d0a8f966b7b9e8d8677604b @sjones4 sjones4 committed Mar 2, 2013
@@ -30,6 +30,7 @@
import org.hibernate.annotations.Cache;
import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.hibernate.annotations.Entity;
+import com.eucalyptus.auth.policy.PolicySpec;
import com.eucalyptus.cloud.CloudMetadata;
import com.eucalyptus.entities.Entities;
import com.eucalyptus.entities.TransactionException;
@@ -48,7 +49,7 @@
@PersistenceContext( name = "eucalyptus_cloud" )
@Table( name = "metadata_tags_network_groups" )
@Cache( usage = CacheConcurrencyStrategy.TRANSACTIONAL )
-@DiscriminatorValue( "securitygroup" )
+@DiscriminatorValue( "security-group" )
public class NetworkGroupTag extends Tag<NetworkGroupTag> {
private static final long serialVersionUID = 1L;
@@ -57,14 +58,14 @@
private NetworkGroup networkGroup;
protected NetworkGroupTag() {
- super( "securitygroup", ResourceIdFunction.INSTANCE );
+ super( "security-group", ResourceIdFunction.INSTANCE );
}
public NetworkGroupTag( @Nonnull final NetworkGroup networkGroup,
@Nonnull final OwnerFullName ownerFullName,
@Nullable final String key,
@Nullable final String value ) {
- super( "securitygroup", ResourceIdFunction.INSTANCE, ownerFullName, key, value );
+ super( "security-group", ResourceIdFunction.INSTANCE, ownerFullName, key, value );
setNetworkGroup( networkGroup );
}
@@ -76,6 +77,11 @@ public void setNetworkGroup( final NetworkGroup networkGroup ) {
this.networkGroup = networkGroup;
}
+ @Override
+ public String getPolicyResourceType() {
+ return PolicySpec.EC2_RESOURCE_SECURITYGROUP;
+ }
+
@Nonnull
public static Tag named( @Nonnull final NetworkGroup networkGroup,
@Nonnull final OwnerFullName ownerFullName,
@@ -125,6 +125,11 @@ public String getResourceType(){
return resourceType;
}
+ @Nullable
+ public String getPolicyResourceType(){
+ return resourceType;
+ }
+
@Override
public String getPartition( ) {
return ComponentIds.lookup(Eucalyptus.class).name( );
@@ -201,10 +201,10 @@ public DescribeTagsResponseType describeTags( final DescribeTagsType request ) t
filter.getAliases() ) ) ) {
if ( Permissions.isAuthorized(
PolicySpec.VENDOR_EC2,
- tag.getResourceType(),
+ tag.getPolicyResourceType(),
tag.getKey(),
context.getAccount(), //TODO:STEVE: this is wrong, should be the account of the resource, not caller.
- PolicySpec.describeAction( PolicySpec.VENDOR_EC2, tag.getResourceType() ),
+ PolicySpec.describeAction( PolicySpec.VENDOR_EC2, tag.getPolicyResourceType() ),
context.getUser() ) ) { //TODO:STEVE: this permission check is not sufficient (e.g. launch permissions, create volume permissions)
final TagInfo info = new TagInfo();
info.setKey( tag.getKey() );

0 comments on commit 0c05034

Please sign in to comment.