Permalink
Browse files

IAM: Policy related fixes.

Three fixes related to policy management:
1. RT #5867: returns non-500 error for invalid group name with euare-grouplistpolicies
2. RT #5868: detect name conflict when uploading a policy
3. Fix occasional uploading policy failure, due to a hibernate issue.
  • Loading branch information...
2 parents 69c0561 + e901587 commit 2bdde683f18f242e285becf50d0ea36e3ad9d22f Ye Wen committed Jan 30, 2012
View
2 clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAccountProxy.java
@@ -333,7 +333,7 @@ public Group lookupGroupByName( String groupName ) throws AuthException {
} catch ( Exception e ) {
db.rollback( );
Debugging.logError( LOG, e, "Failed to get group " + groupName + " for " + accountName );
- throw new AuthException( "Failed to get group", e );
+ throw new AuthException( AuthException.NO_SUCH_GROUP, e );
}
}
View
12 clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthUtils.java
@@ -11,6 +11,7 @@
import com.eucalyptus.auth.entities.UserEntity;
import com.eucalyptus.auth.principal.Account;
import com.eucalyptus.auth.principal.Group;
+import com.eucalyptus.auth.principal.Policy;
import com.eucalyptus.auth.principal.User;
import com.eucalyptus.entities.EntityWrapper;
@@ -278,5 +279,16 @@ public static boolean isAccountEmpty( String accountName ) throws AuthException
throw new AuthException( "Failed to check groups for account", e );
}
}
+
+ public static boolean policyNameinList( String name, List<Policy> policies ) {
+ if ( policies != null ) {
+ for ( Policy p : policies ) {
+ if ( p.getName( ).equals( name ) ) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
}
View
7 clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseGroupProxy.java
@@ -199,7 +199,7 @@ public void fire( GroupEntity t ) {
}
} );
} catch ( ExecutionException e ) {
- Debugging.logError( LOG, e, "Failed to getUsers for " + this.delegate );
+ Debugging.logError( LOG, e, "Failed to getPolicies for " + this.delegate );
}
return results;
}
@@ -212,6 +212,10 @@ public Policy addPolicy( String name, String policy ) throws AuthException, Poli
Debugging.logError( LOG, e, "Invalid policy name " + name );
throw new AuthException( AuthException.INVALID_NAME, e );
}
+ if ( DatabaseAuthUtils.policyNameinList( name, this.getPolicies( ) ) ) {
+ Debugging.logError( LOG, null, "Policy name already used: " + name );
+ throw new AuthException( AuthException.INVALID_NAME );
+ }
PolicyEntity parsedPolicy = PolicyParser.getInstance( ).parse( policy );
parsedPolicy.setName( name );
EntityWrapper<GroupEntity> db = EntityWrapper.get( GroupEntity.class );
@@ -231,6 +235,7 @@ public Policy addPolicy( String name, String policy ) throws AuthException, Poli
cond.setStatement( statement );
}
}
+ groupEntity.getPolicies( ).add( parsedPolicy );
db.commit( );
return new DatabasePolicyProxy( parsedPolicy );
} catch ( Exception e ) {
View
7 clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseUserProxy.java
@@ -415,6 +415,7 @@ public AccessKey createKey( ) throws AuthException {
AccessKeyEntity keyEntity = new AccessKeyEntity( user );
keyEntity.setActive( true );
db.recast( AccessKeyEntity.class ).add( keyEntity );
+ user.getKeys( ).add( keyEntity );
db.commit( );
return new DatabaseAccessKeyProxy( keyEntity );
} catch ( Exception e ) {
@@ -468,6 +469,7 @@ public Certificate addCertificate( X509Certificate cert ) throws AuthException {
certEntity.setRevoked( false );
db.recast( CertificateEntity.class ).add( certEntity );
certEntity.setUser( user );
+ user.getCertificates( ).add( certEntity );
db.commit( );
return new DatabaseCertificateProxy( certEntity );
} catch ( Exception e ) {
@@ -587,6 +589,10 @@ public Policy addPolicy( String name, String policy ) throws AuthException, Poli
Debugging.logError( LOG, e, "Invalid policy name " + name );
throw new AuthException( AuthException.INVALID_NAME, e );
}
+ if ( DatabaseAuthUtils.policyNameinList( name, this.getPolicies( ) ) ) {
+ Debugging.logError( LOG, null, "Policy name already used: " + name );
+ throw new AuthException( AuthException.INVALID_NAME );
+ }
PolicyEntity parsedPolicy = PolicyParser.getInstance( ).parse( policy );
parsedPolicy.setName( name );
EntityWrapper<GroupEntity> db = EntityWrapper.get( GroupEntity.class );
@@ -610,6 +616,7 @@ public Policy addPolicy( String name, String policy ) throws AuthException, Poli
cond.setStatement( statement );
}
}
+ groupEntity.getPolicies( ).add( parsedPolicy );
db.commit( );
return new DatabasePolicyProxy( parsedPolicy );
} catch ( Exception e ) {
View
8 clc/modules/authentication/src/main/java/com/eucalyptus/auth/Debugging.java
@@ -45,8 +45,12 @@ public static void logWT( Logger logger, Object... objs ) {
}
public static void logError( Logger logger, Throwable t, String message ) {
- logger.error( t, t );
- logger.debug( message + " with exception " + t + getEucaStackTraceString( 0, t ) );
+ if ( t != null ) {
+ logger.error( t, t );
+ logger.debug( message + " with exception " + t + getEucaStackTraceString( 0, t ) );
+ } else {
+ logger.debug( message );
+ }
}
}

0 comments on commit 2bdde68

Please sign in to comment.