Merge remote-tracking branch 'origin/dev/sjones/EUCA-5273' into testing

eucalyptus · Mar 4, 2013 · dc6ec50 · dc6ec50
2 parents 0490b64 + 0c05034
commit dc6ec50
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 5 deletions.
diff --git a/clc/modules/cluster-manager/src/main/java/com/eucalyptus/network/NetworkGroupTag.java b/clc/modules/cluster-manager/src/main/java/com/eucalyptus/network/NetworkGroupTag.java
@@ -30,6 +30,7 @@
 import org.hibernate.annotations.Cache;
 import org.hibernate.annotations.CacheConcurrencyStrategy;
 import org.hibernate.annotations.Entity;
+import com.eucalyptus.auth.policy.PolicySpec;
 import com.eucalyptus.cloud.CloudMetadata;
 import com.eucalyptus.entities.Entities;
 import com.eucalyptus.entities.TransactionException;
@@ -48,7 +49,7 @@
 @PersistenceContext( name = "eucalyptus_cloud" )
 @Table( name = "metadata_tags_network_groups" )
 @Cache( usage = CacheConcurrencyStrategy.TRANSACTIONAL )
-@DiscriminatorValue( "securitygroup" )
+@DiscriminatorValue( "security-group" )
 public class NetworkGroupTag extends Tag<NetworkGroupTag> {
   private static final long serialVersionUID = 1L;
 
@@ -57,14 +58,14 @@ public class NetworkGroupTag extends Tag<NetworkGroupTag> {
   private NetworkGroup networkGroup;
 
   protected NetworkGroupTag() {
-    super( "securitygroup", ResourceIdFunction.INSTANCE );
+    super( "security-group", ResourceIdFunction.INSTANCE );
   }
 
   public NetworkGroupTag( @Nonnull final NetworkGroup networkGroup,
                           @Nonnull final OwnerFullName ownerFullName,
                           @Nullable final String key,
                           @Nullable final String value ) {
-    super( "securitygroup", ResourceIdFunction.INSTANCE, ownerFullName, key, value );
+    super( "security-group", ResourceIdFunction.INSTANCE, ownerFullName, key, value );
     setNetworkGroup( networkGroup );
   }
 
@@ -76,6 +77,11 @@ public void setNetworkGroup( final NetworkGroup networkGroup ) {
     this.networkGroup = networkGroup;
   }
 
+  @Override
+  public String getPolicyResourceType() {
+    return PolicySpec.EC2_RESOURCE_SECURITYGROUP;
+  }
+
   @Nonnull
   public static Tag named( @Nonnull final NetworkGroup networkGroup,
                            @Nonnull final OwnerFullName ownerFullName,

diff --git a/clc/modules/cluster-manager/src/main/java/com/eucalyptus/tags/Tag.java b/clc/modules/cluster-manager/src/main/java/com/eucalyptus/tags/Tag.java
@@ -125,6 +125,11 @@ public String getResourceType(){
     return resourceType; 
   }
 
+  @Nullable
+  public String getPolicyResourceType(){
+    return resourceType;
+  }
+
   @Override
   public String getPartition( ) {
     return ComponentIds.lookup(Eucalyptus.class).name( );

diff --git a/clc/modules/cluster-manager/src/main/java/com/eucalyptus/tags/TagManager.java b/clc/modules/cluster-manager/src/main/java/com/eucalyptus/tags/TagManager.java
@@ -201,10 +201,10 @@ public DescribeTagsResponseType describeTags( final DescribeTagsType request ) t
         filter.getAliases() ) ) ) {
       if ( Permissions.isAuthorized( 
           PolicySpec.VENDOR_EC2,
-          tag.getResourceType(),
+          tag.getPolicyResourceType(),
           tag.getKey(),
           context.getAccount(), //TODO:STEVE: this is wrong, should be the account of the resource, not caller.
-          PolicySpec.describeAction( PolicySpec.VENDOR_EC2, tag.getResourceType() ),
+          PolicySpec.describeAction( PolicySpec.VENDOR_EC2, tag.getPolicyResourceType() ),
           context.getUser() ) ) { //TODO:STEVE: this permission check is not sufficient (e.g. launch permissions, create volume permissions)
         final TagInfo info = new TagInfo();
         info.setKey( tag.getKey() );