Merge branch 'master' into dev-ethomas-EUCA-10662

Conflicts:
	clc/modules/cloudformation/src/main/java/com/eucalyptus/cloudformation/workflow/StackActivityImpl.groovy

INSTALL

@@ -43,7 +43,7 @@ yum install ant ant-nodeps apache-ivy axis2-adb axis2-adb-codegen axis2c-devel \
     axis2-codegen axis2c-devel curl-devel gawk git java-1.6.0-openjdk-devel \
     java-1.7.0-openjdk-devel jpackage-utils libvirt-devel libxml2-devel \
     libxslt-devel m2crypto openssl-devel python-devel python-setuptools \
-    rampartc-devel swig xalan-j2-xsltc
+    rampartc-devel swig xalan-j2-xsltc json-c-devel
 
 Install the following runtime dependencies (this is the superset of all
 dependencies. Not all may be required for every component):
@@ -276,7 +276,7 @@ export EUCALYPTUS="/"
 
 On RHEL or CentOS,
 
-export JAVA_HOME="/usr/lib/jvm/jre-1.7.0/"
+export JAVA_HOME="/usr/lib/jvm/java-1.7.0/"
 export JAVA="$JAVA_HOME/bin/java"
 export EUCALYPTUS="/"
 

VERSION

@@ -1 +1 @@
-4.1.0
+4.1.1

clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAccountProxy.java

@@ -93,6 +93,8 @@
 import com.eucalyptus.auth.policy.PolicyPolicy;
 import com.eucalyptus.auth.principal.Account;
 import com.eucalyptus.auth.principal.AccountFullName;
+import com.eucalyptus.auth.principal.EuareInstanceProfile;
+import com.eucalyptus.auth.principal.EuareRole;
 import com.eucalyptus.auth.principal.EuareUser;
 import com.eucalyptus.auth.principal.Group;
 import com.eucalyptus.auth.principal.InstanceProfile;
@@ -238,8 +240,8 @@ public List<Group> getGroups( ) throws AuthException {
   }
 
   @Override
-  public List<Role> getRoles( ) throws AuthException {
-    final List<Role> results = Lists.newArrayList( );
+  public List<EuareRole> getRoles( ) throws AuthException {
+    final List<EuareRole> results = Lists.newArrayList( );
     try ( final TransactionResource db = Entities.transactionFor( RoleEntity.class ) ) {
       @SuppressWarnings( "unchecked" )
       List<RoleEntity> roles = ( List<RoleEntity> ) Entities
@@ -258,8 +260,8 @@ public List<Role> getRoles( ) throws AuthException {
   }
 
   @Override
-  public List<InstanceProfile> getInstanceProfiles() throws AuthException {
-    final List<InstanceProfile> results = Lists.newArrayList( );
+  public List<EuareInstanceProfile> getInstanceProfiles() throws AuthException {
+    final List<EuareInstanceProfile> results = Lists.newArrayList( );
     try ( final TransactionResource db = Entities.transactionFor( InstanceProfileEntity.class ) ) {
       @SuppressWarnings( "unchecked" )
       List<InstanceProfileEntity> instanceProfiles = ( List<InstanceProfileEntity> ) Entities
@@ -388,7 +390,7 @@ public void deleteUser( String userName, boolean forceDeleteAdmin, boolean recur
   }
 
   @Override
-  public Role addRole( final String roleName, final String path, final String assumeRolePolicy ) throws AuthException, PolicyParseException {
+  public EuareRole addRole( final String roleName, final String path, final String assumeRolePolicy ) throws AuthException, PolicyParseException {
     try {
       USER_GROUP_NAME_CHECKER.check( roleName );
     } catch ( InvalidValueException e ) {
@@ -510,7 +512,7 @@ public void deleteGroup( String groupName, boolean recursive ) throws AuthExcept
   }
 
   @Override
-  public InstanceProfile addInstanceProfile( final String instanceProfileName, final String path ) throws AuthException {
+  public EuareInstanceProfile addInstanceProfile( final String instanceProfileName, final String path ) throws AuthException {
     try {
       USER_GROUP_NAME_CHECKER.check( instanceProfileName );
     } catch ( InvalidValueException e ) {
@@ -573,7 +575,7 @@ public Group lookupGroupByName( String groupName ) throws AuthException {
   }
 
   @Override
-  public InstanceProfile lookupInstanceProfileByName( final String instanceProfileName ) throws AuthException {
+  public EuareInstanceProfile lookupInstanceProfileByName( final String instanceProfileName ) throws AuthException {
     final String accountName = this.delegate.getName( );
     if ( instanceProfileName == null ) {
       throw new AuthException( AuthException.EMPTY_INSTANCE_PROFILE_NAME );
@@ -589,7 +591,7 @@ public InstanceProfile lookupInstanceProfileByName( final String instanceProfile
   }
 
   @Override
-  public Role lookupRoleByName( String roleName ) throws AuthException {
+  public EuareRole lookupRoleByName( String roleName ) throws AuthException {
     final String accountName = this.delegate.getName( );
     if ( roleName == null ) {
       throw new AuthException( AuthException.EMPTY_ROLE_NAME );

clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthBootstrapper.java

@@ -68,6 +68,7 @@
 import com.eucalyptus.auth.ldap.LdapSync;
 import com.eucalyptus.auth.policy.PolicyEngineImpl;
 import com.eucalyptus.auth.principal.Account;
+import com.eucalyptus.auth.principal.EuareRole;
 import com.eucalyptus.auth.principal.EuareUser;
 import com.eucalyptus.auth.principal.Role;
 import com.eucalyptus.auth.principal.User;
@@ -202,7 +203,7 @@ private void ensureSystemAdminExists( ) throws Exception {
   private void ensureSystemRolesExist( ) throws Exception {
     try {
       final Account account = Accounts.lookupAccountByName( Account.SYSTEM_ACCOUNT );
-      final List<Role> roles = account.getRoles( );
+      final List<EuareRole> roles = account.getRoles( );
       final List<String> roleNames = Lists.transform( roles, RestrictedTypes.toDisplayName( ) );
       for ( final SystemRoleProvider provider : ServiceLoader.load( SystemRoleProvider.class ) ) {
         if ( !roleNames.contains( provider.getName( ) ) ) {
@@ -222,7 +223,7 @@ private void addSystemRole( final Account account,
       final String path = provider.getPath( );
       final String assumeRolePolicy = provider.getAssumeRolePolicy( );
       final String policy = provider.getPolicy( );
-      final Role role = account.addRole( name, path, assumeRolePolicy );
+      final EuareRole role = account.addRole( name, path, assumeRolePolicy );
       role.addPolicy( name, policy );
     } catch ( Exception e ) {
       LOG.error( String.format( "Error adding system role: %s", provider.getName( ) ), e );

clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthProvider.java

@@ -68,6 +68,7 @@
 import java.util.NoSuchElementException;
 import java.util.Set;
 
+import com.eucalyptus.auth.principal.EuareRole;
 import com.eucalyptus.auth.principal.EuareUser;
 import com.eucalyptus.entities.Entities;
 import org.apache.log4j.Logger;
@@ -87,7 +88,6 @@
 import com.eucalyptus.auth.principal.Account;
 import com.eucalyptus.auth.principal.Certificate;
 import com.eucalyptus.auth.principal.Group;
-import com.eucalyptus.auth.principal.Role;
 import com.eucalyptus.auth.principal.User;
 import com.eucalyptus.auth.util.X509CertHelper;
 import com.eucalyptus.entities.TransactionResource;
@@ -205,7 +205,7 @@ public Group lookupGroupById( final String groupId ) throws AuthException {
   }
 
   @Override
-  public Role lookupRoleById( final String roleId ) throws AuthException {
+  public EuareRole lookupRoleById( final String roleId ) throws AuthException {
     if ( roleId == null ) {
       throw new AuthException( AuthException.EMPTY_ROLE_ID );
     }

clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseIdentityProvider.java

@@ -22,15 +22,21 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
+import javax.annotation.Nullable;
 import com.eucalyptus.auth.api.IdentityProvider;
 import com.eucalyptus.auth.principal.AccessKey;
 import com.eucalyptus.auth.principal.Certificate;
+import com.eucalyptus.auth.principal.EuareInstanceProfile;
+import com.eucalyptus.auth.principal.EuareRole;
 import com.eucalyptus.auth.principal.EuareUser;
+import com.eucalyptus.auth.principal.InstanceProfile;
+import com.eucalyptus.auth.principal.PolicyVersion;
 import com.eucalyptus.auth.principal.Role;
 import com.eucalyptus.auth.principal.UserPrincipal;
 import com.eucalyptus.auth.principal.UserPrincipalImpl;
 import com.eucalyptus.auth.tokens.SecurityTokenManager;
 import com.eucalyptus.component.annotation.ComponentNamed;
+import com.eucalyptus.util.OwnerFullName;
 
 /**
  *
@@ -46,7 +52,7 @@ public UserPrincipal lookupPrincipalByUserId( final String userId, final String
 
   @Override
   public UserPrincipal lookupPrincipalByRoleId( final String roleId, final String nonce ) throws AuthException {
-    final Role role = Accounts.lookupRoleById( roleId );
+    final EuareRole role = Accounts.lookupRoleById( roleId );
     return decorateCredentials( Accounts.roleAsPrincipal( role ), nonce, role.getSecret() );
   }
 
@@ -70,14 +76,63 @@ public UserPrincipal lookupPrincipalByCertificateId( final String certificateId
 
   @Override
   public UserPrincipal lookupPrincipalByCanonicalId( final String canonicalId ) throws AuthException {
-    return Accounts.userAsPrincipal( Accounts.lookupAccountByCanonicalId( canonicalId ).lookupAdmin( ) );
+    return Accounts.userAsPrincipal( Accounts.lookupAccountByCanonicalId( canonicalId ).lookupAdmin() );
   }
 
   @Override
   public UserPrincipal lookupPrincipalByAccountNumber( final String accountNumber ) throws AuthException {
     return Accounts.userAsPrincipal( Accounts.lookupAccountById( accountNumber ).lookupAdmin( ) );
   }
 
+  @Override
+  public InstanceProfile lookupInstanceProfileByName( final String accountNumber, final String name ) throws AuthException {
+    final EuareInstanceProfile profile = Accounts.lookupAccountById( accountNumber ).lookupInstanceProfileByName( name );
+    final String profileArn = Accounts.getInstanceProfileArn( profile );
+    final EuareRole euareRole = profile.getRole( );
+    final String roleArn = euareRole == null ? null : Accounts.getRoleArn( euareRole );
+    final String roleAccountNumber = euareRole == null ? null : euareRole.getAccountNumber( );
+    final PolicyVersion rolePolicy = euareRole == null ? null : euareRole.getPolicy( );
+    final Role role = euareRole == null ? null : new Role( ) {
+      @Override public String getAccountNumber( ) { return roleAccountNumber; }
+      @Override public String getRoleId( ) { return euareRole.getRoleId( ); }
+      @Override public String getRoleArn( ) { return roleArn; }
+      @Override public String getPath( ) { return euareRole.getPath( ); }
+      @Override public String getName( ) { return euareRole.getName( ); }
+      @Override public String getSecret( ) { return euareRole.getSecret( ); }
+      @Override public PolicyVersion getPolicy( ) { return rolePolicy; }
+      @Override public String getDisplayName( ) { return Accounts.getRoleFullName( this ); }
+      @Override public OwnerFullName getOwner( ) { return euareRole.getOwner( ); }
+    };
+    return new InstanceProfile( ) {
+      @Override public String getAccountNumber( ) { return accountNumber; }
+      @Override public String getInstanceProfileId( ) { return profile.getInstanceProfileId( ); }
+      @Override public String getInstanceProfileArn( ) { return profileArn; }
+      @Nullable
+      @Override public Role getRole( ) { return role; }
+      @Override public String getName( ) { return profile.getName( ); }
+      @Override public String getPath( ) { return profile.getPath(); }
+    };
+  }
+
+  @Override
+  public Role lookupRoleByName( final String accountNumber, final String name ) throws AuthException {
+    final EuareRole euareRole = Accounts.lookupAccountById( accountNumber ).lookupRoleByName( name );
+    final String roleArn = Accounts.getRoleArn( euareRole );
+    final String roleAccountNumber = euareRole.getAccountNumber( );
+    final PolicyVersion assumeRolePolicy = euareRole.getPolicy( );
+    return new Role( ) {
+      @Override public String getAccountNumber( ) { return roleAccountNumber; }
+      @Override public String getRoleId( ) { return euareRole.getRoleId( ); }
+      @Override public String getRoleArn( ) { return roleArn; }
+      @Override public String getPath( ) { return euareRole.getPath( ); }
+      @Override public String getName( ) { return euareRole.getName( ); }
+      @Override public String getSecret( ) { return euareRole.getSecret( ); }
+      @Override public PolicyVersion getPolicy( ) { return assumeRolePolicy; }
+      @Override public String getDisplayName( ) { return Accounts.getRoleFullName( this ); }
+      @Override public OwnerFullName getOwner( ) { return euareRole.getOwner( ); }
+    };
+  }
+
   private UserPrincipal decorateCredentials( final UserPrincipal userPrincipal,
                                              final String nonce,
                                              final String secret ) throws AuthException {

clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseInstanceProfileProxy.java

@@ -1,5 +1,5 @@
 /*************************************************************************
- * Copyright 2009-2013 Eucalyptus Systems, Inc.
+ * Copyright 2009-2015 Eucalyptus Systems, Inc.
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,8 +27,8 @@
 import com.eucalyptus.auth.entities.InstanceProfileEntity;
 import com.eucalyptus.auth.entities.RoleEntity;
 import com.eucalyptus.auth.principal.Account;
-import com.eucalyptus.auth.principal.InstanceProfile;
-import com.eucalyptus.auth.principal.Role;
+import com.eucalyptus.auth.principal.EuareInstanceProfile;
+import com.eucalyptus.auth.principal.EuareRole;
 import com.eucalyptus.entities.Entities;
 import com.eucalyptus.entities.TransactionResource;
 import com.eucalyptus.util.Callback;
@@ -38,7 +38,7 @@
 /**
  * Instance profile implementation backed by InstanceProfileEntity
  */
-public class DatabaseInstanceProfileProxy implements InstanceProfile {
+public class DatabaseInstanceProfileProxy implements EuareInstanceProfile {
 
   private static Logger LOG = Logger.getLogger( DatabaseInstanceProfileProxy.class );
 
@@ -64,6 +64,11 @@ public void fire( InstanceProfileEntity t ) {
     return sb.toString();
   }
 
+  @Override
+  public String getAccountNumber() throws AuthException {
+    return getAccount( ).getAccountNumber( );
+  }
+
   @Override
   public Account getAccount() throws AuthException {
     final List<Account> results = Lists.newArrayList();
@@ -81,6 +86,11 @@ public String getInstanceProfileId() {
     return delegate.getInstanceProfileId();
   }
 
+  @Override
+  public String getInstanceProfileArn( ) throws AuthException {
+    return Accounts.getInstanceProfileArn( this );
+  }
+
   @Override
   public String getName() {
     return delegate.getName();
@@ -92,8 +102,8 @@ public String getPath() {
   }
 
   @Override
-  public Role getRole() throws AuthException {
-    final List<Role> results = Lists.newArrayList();
+  public EuareRole getRole() throws AuthException {
+    final List<EuareRole> results = Lists.newArrayList();
     dbCallback( "getRole", new Callback<InstanceProfileEntity>() {
       @Override
       public void fire( final InstanceProfileEntity instanceProfileEntity ) {
@@ -108,7 +118,7 @@ public void fire( final InstanceProfileEntity instanceProfileEntity ) {
   }
 
   @Override
-  public void setRole( @Nullable final Role role ) throws AuthException {
+  public void setRole( @Nullable final EuareRole role ) throws AuthException {
     try ( final TransactionResource db = Entities.transactionFor( InstanceProfileEntity.class ) ) {
       final InstanceProfileEntity instanceProfileEntity =
           DatabaseAuthUtils.getUnique( InstanceProfileEntity.class, "instanceProfileId", getInstanceProfileId() );

clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseRoleProxy.java

@@ -36,9 +36,12 @@
 import com.eucalyptus.auth.policy.PolicyPolicy;
 import com.eucalyptus.auth.principal.Account;
 import com.eucalyptus.auth.principal.AccountFullName;
-import com.eucalyptus.auth.principal.InstanceProfile;
+import com.eucalyptus.auth.principal.EuareInstanceProfile;
+import com.eucalyptus.auth.principal.EuareRole;
 import com.eucalyptus.auth.principal.Policy;
-import com.eucalyptus.auth.principal.Role;
+import com.eucalyptus.auth.principal.PolicyScope;
+import com.eucalyptus.auth.principal.PolicyVersion;
+import com.eucalyptus.auth.principal.PolicyVersions;
 import com.eucalyptus.entities.Entities;
 import com.eucalyptus.entities.TransactionResource;
 import com.eucalyptus.util.Callback;
@@ -52,7 +55,7 @@
 /**
  * Role implementation backed by RoleEntity
  */
-public class DatabaseRoleProxy implements Role {
+public class DatabaseRoleProxy implements EuareRole {
 
   private static final long serialVersionUID = 1L;
 
@@ -70,7 +73,7 @@ public DatabaseRoleProxy( RoleEntity delegate ) {
 
   @Override
   public String getDisplayName() {
-    return getName();
+    return Accounts.getRoleFullName( this );
   }
 
   @Override
@@ -103,6 +106,11 @@ public String getRoleId() {
     return this.delegate.getRoleId();
   }
 
+  @Override
+  public String getRoleArn() throws AuthException {
+    return Accounts.getRoleArn( this );
+  }
+
   @Override
   public String getName() {
     return this.delegate.getName();
@@ -119,9 +127,9 @@ public String getSecret() {
   }
 
   @Override
-  public Policy getPolicy() {
+  public PolicyVersion getPolicy() {
     try {
-      return getAssumeRolePolicy();
+      return PolicyVersions.policyVersion( PolicyScope.Resource, getRoleArn( ) ).apply( getAssumeRolePolicy() );
     } catch ( Exception e ) {
       throw Exceptions.toUndeclared( e );
     }
@@ -247,8 +255,8 @@ public void removePolicy( final String name ) throws AuthException {
   }
 
   @Override
-  public List<InstanceProfile> getInstanceProfiles() throws AuthException {
-    final List<InstanceProfile> results = Lists.newArrayList( );
+  public List<EuareInstanceProfile> getInstanceProfiles() throws AuthException {
+    final List<EuareInstanceProfile> results = Lists.newArrayList( );
     try ( final TransactionResource db = Entities.transactionFor( InstanceProfileEntity.class ) ) {
       @SuppressWarnings( "unchecked" )
       List<InstanceProfileEntity> instanceProfiles = ( List<InstanceProfileEntity> ) Entities

clc/modules/authentication/src/main/java/com/eucalyptus/auth/entities/AccountEntity.java

@@ -69,7 +69,6 @@
 import javax.persistence.Entity;
 import javax.persistence.EntityTransaction;
 import javax.persistence.FetchType;
-import javax.persistence.JoinColumn;
 import javax.persistence.OneToMany;
 import javax.persistence.PersistenceContext;
 import javax.persistence.PrePersist;
@@ -78,6 +77,7 @@
 
 import com.eucalyptus.auth.Accounts;
 import com.eucalyptus.auth.AuthException;
+import com.eucalyptus.auth.util.Identifiers;
 import com.eucalyptus.component.id.Euare;
 import com.eucalyptus.entities.Entities;
 import com.eucalyptus.upgrade.Upgrades;
@@ -127,7 +127,7 @@ public AccountEntity( String name ) {
 
   @PrePersist
   public void generateOnCommit() {
-    this.accountNumber = String.format( "%012d", ( long ) ( Math.pow( 10, 12 ) * Math.random( ) ) );
+    this.accountNumber = Identifiers.generateAccountNumber( );
     populateCanonicalId();
   }