IAM: Policy related fixes.

Three fixes related to policy management: 1. RT #5867: returns non-500 error for invalid group name with euare-grouplistpolicies 2. RT #5868: detect name conflict when uploading a policy 3. Fix occasional uploading policy failure, due to a hibernate issue.
eucalyptus · Jan 30, 2012 · 2bdde68 · 2bdde68
2 parents 69c0561 + e901587
commit 2bdde68
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 4 deletions.
diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAccountProxy.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAccountProxy.java
@@ -333,7 +333,7 @@ public Group lookupGroupByName( String groupName ) throws AuthException {
     } catch ( Exception e ) {
       db.rollback( );
       Debugging.logError( LOG, e, "Failed to get group " + groupName + " for " + accountName );
-      throw new AuthException( "Failed to get group", e );
+      throw new AuthException( AuthException.NO_SUCH_GROUP, e );
     }
   }
 

diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthUtils.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthUtils.java
@@ -11,6 +11,7 @@
 import com.eucalyptus.auth.entities.UserEntity;
 import com.eucalyptus.auth.principal.Account;
 import com.eucalyptus.auth.principal.Group;
+import com.eucalyptus.auth.principal.Policy;
 import com.eucalyptus.auth.principal.User;
 import com.eucalyptus.entities.EntityWrapper;
 
@@ -278,5 +279,16 @@ public static boolean isAccountEmpty( String accountName ) throws AuthException
       throw new AuthException( "Failed to check groups for account", e );
     }
   }
+
+  public static boolean policyNameinList( String name, List<Policy> policies ) {
+    if ( policies != null ) {
+      for ( Policy p : policies ) {
+        if ( p.getName( ).equals( name ) ) {
+          return true;
+        }
+      }
+    }
+    return false;
+  }
 
 }
diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseGroupProxy.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseGroupProxy.java
@@ -199,7 +199,7 @@ public void fire( GroupEntity t ) {
         }
       } );
     } catch ( ExecutionException e ) {
-      Debugging.logError( LOG, e, "Failed to getUsers for " + this.delegate );
+      Debugging.logError( LOG, e, "Failed to getPolicies for " + this.delegate );
     }
     return results;
   }
@@ -212,6 +212,10 @@ public Policy addPolicy( String name, String policy ) throws AuthException, Poli
       Debugging.logError( LOG, e, "Invalid policy name " + name );
       throw new AuthException( AuthException.INVALID_NAME, e );
     }
+    if ( DatabaseAuthUtils.policyNameinList( name, this.getPolicies( ) ) ) {
+      Debugging.logError( LOG, null, "Policy name already used: " + name );
+      throw new AuthException( AuthException.INVALID_NAME );
+    }    
     PolicyEntity parsedPolicy = PolicyParser.getInstance( ).parse( policy );
     parsedPolicy.setName( name );
     EntityWrapper<GroupEntity> db = EntityWrapper.get( GroupEntity.class );
@@ -231,6 +235,7 @@ public Policy addPolicy( String name, String policy ) throws AuthException, Poli
           cond.setStatement( statement );
         }
       }
+      groupEntity.getPolicies( ).add( parsedPolicy );
       db.commit( );
       return new DatabasePolicyProxy( parsedPolicy );
     } catch ( Exception e ) {

diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseUserProxy.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseUserProxy.java
@@ -415,6 +415,7 @@ public AccessKey createKey( ) throws AuthException {
       AccessKeyEntity keyEntity = new AccessKeyEntity( user );
       keyEntity.setActive( true );
       db.recast( AccessKeyEntity.class ).add( keyEntity );
+      user.getKeys( ).add( keyEntity );
       db.commit( );
       return new DatabaseAccessKeyProxy( keyEntity );
     } catch ( Exception e ) {
@@ -468,6 +469,7 @@ public Certificate addCertificate( X509Certificate cert ) throws AuthException {
       certEntity.setRevoked( false );
       db.recast( CertificateEntity.class ).add( certEntity );
       certEntity.setUser( user );
+      user.getCertificates( ).add( certEntity );
       db.commit( );
       return new DatabaseCertificateProxy( certEntity );
     } catch ( Exception e ) {
@@ -587,6 +589,10 @@ public Policy addPolicy( String name, String policy ) throws AuthException, Poli
       Debugging.logError( LOG, e, "Invalid policy name " + name );
       throw new AuthException( AuthException.INVALID_NAME, e );
     }
+    if ( DatabaseAuthUtils.policyNameinList( name, this.getPolicies( ) ) ) {
+      Debugging.logError( LOG, null, "Policy name already used: " + name );
+      throw new AuthException( AuthException.INVALID_NAME );
+    }
     PolicyEntity parsedPolicy = PolicyParser.getInstance( ).parse( policy );
     parsedPolicy.setName( name );
     EntityWrapper<GroupEntity> db = EntityWrapper.get( GroupEntity.class );
@@ -610,6 +616,7 @@ public Policy addPolicy( String name, String policy ) throws AuthException, Poli
           cond.setStatement( statement );
         }
       }
+      groupEntity.getPolicies( ).add( parsedPolicy );
       db.commit( );
       return new DatabasePolicyProxy( parsedPolicy );
     } catch ( Exception e ) {

diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/Debugging.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/Debugging.java
@@ -45,8 +45,12 @@ public static void logWT( Logger logger, Object... objs ) {
   }
 
   public static void logError( Logger logger, Throwable t, String message ) {
-    logger.error( t, t );
-    logger.debug( message + " with exception " + t + getEucaStackTraceString( 0, t ) );
+    if ( t != null ) {
+      logger.error( t, t );
+      logger.debug( message + " with exception " + t + getEucaStackTraceString( 0, t ) );
+    } else {
+      logger.debug( message );
+    }
   }
 
 }