Examples of org.apache.cloudstack.iam.api.IAMPolicy

• org.apache.cloudstack.iam.api.IAMPolicy

    @DB
    @Override
    public IAMPolicy createIAMPolicy(final String iamPolicyName, final String description, final Long parentPolicyId, final String path) {

        // check if the policy is already existing
        IAMPolicy ro = _aclPolicyDao.findByName(iamPolicyName);
        if (ro != null) {
            throw new InvalidParameterValueException(
                    "Unable to create acl policy with name " + iamPolicyName
                            + " already exisits");
        }

        IAMPolicy role = Transaction.execute(new TransactionCallback<IAMPolicy>() {
            @Override
            public IAMPolicy doInTransaction(TransactionStatus status) {
                IAMPolicyVO rvo = new IAMPolicyVO(iamPolicyName, description);
                rvo.setPath(path);

                IAMPolicy role = _aclPolicyDao.persist(rvo);
                if (parentPolicyId != null) {
                    // copy parent role permissions
                    List<IAMPolicyPermissionVO> perms = _policyPermissionDao.listByPolicy(parentPolicyId);
                    if (perms != null) {
                        for (IAMPolicyPermissionVO perm : perms) {
                            perm.setAclPolicyId(role.getId());
                            _policyPermissionDao.persist(perm);
                        }
                    }
                }
                return role;

    @DB
    @Override
    public boolean deleteIAMPolicy(final long iamPolicyId) {
        // get the Acl Policy entity
        final IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
        if (policy == null) {
            throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
                    + "; failed to delete acl policy.");
        }

        Transaction.execute(new TransactionCallbackNoReturn() {
            @Override
            public void doInTransactionWithoutResult(TransactionStatus status) {
                // remove this policy related entry in acl_group_policy_map
                List<IAMGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByPolicyId(policy.getId());
                if (groupPolicyMap != null) {
                    for (IAMGroupPolicyMapVO gr : groupPolicyMap) {
                        _aclGroupPolicyMapDao.remove(gr.getId());
                    }
                }

                // remove this policy related entry in acl_account_policy_map table
                List<IAMAccountPolicyMapVO> policyAcctMap = _aclAccountPolicyMapDao.listByPolicyId(policy.getId());
                if (policyAcctMap != null) {
                    for (IAMAccountPolicyMapVO policyAcct : policyAcctMap) {
                        _aclAccountPolicyMapDao.remove(policyAcct.getId());
                    }
                }

                // remove this policy related entry in acl_policy_permission table
                List<IAMPolicyPermissionVO> policyPermMap = _policyPermissionDao.listByPolicy(policy.getId());
                if (policyPermMap != null) {
                    for (IAMPolicyPermissionVO policyPerm : policyPermMap) {
                        _policyPermissionDao.remove(policyPerm.getId());
                    }
                }

    @SuppressWarnings("unchecked")
    @Override
    public Pair<List<IAMPolicy>, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize) {

        if (iamPolicyId != null) {
            IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
            if (policy == null) {
                throw new InvalidParameterValueException("Unable to find acl policy by id " + iamPolicyId);
            }
        }

        Transaction.execute(new TransactionCallbackNoReturn() {
            @Override
            public void doInTransactionWithoutResult(TransactionStatus status) {
                // add entries in acl_group_policy_map table
                for (Long policyId : policyIds) {
                    IAMPolicy policy = _aclPolicyDao.findById(policyId);
                    if (policy == null) {
                        throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
                                + "; failed to add policies to acl group.");
                    }

        Transaction.execute(new TransactionCallbackNoReturn() {
            @Override
            public void doInTransactionWithoutResult(TransactionStatus status) {
                // add entries in acl_group_role_map table
                for (Long policyId : policyIds) {
                    IAMPolicy policy = _aclPolicyDao.findById(policyId);
                    if (policy == null) {
                        throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
                                + "; failed to add policies to acl group.");
                    }

        assertFalse("account2 should not belong to the group anymore", acctNames.contains("account2"));
    }

    @Test
    public void createIAMPolicyTest() {
        IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
        List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
        policies.add(policy);
        Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>, Integer>(policies, 1);
        when(_iamSrv.createIAMPolicy("policy1", "tester policy1", null, callerDomainPath)).thenReturn(policy);
        when(_iamSrv.listIAMPolicies(null, null, callerDomainPath, 0L, 20L)).thenReturn(policyList);

        IAMPolicy createdPolicy = _aclSrv.createIAMPolicy(caller, "policy1", "tester policy1", null);
        assertNotNull("IAM policy 'policy1' failed to create ", createdPolicy);
        ListResponse<IAMPolicyResponse> policyResp = _aclSrv.listIAMPolicies(null, null, callerDomainId, 0L, 20L);
        assertTrue("No. of response items should be one", policyResp.getCount() == 1);
        IAMPolicyResponse resp = policyResp.getResponses().get(0);
        assertEquals("Error in created group name", "policy1", resp.getName());

    }


    @Override
    public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> acctIds) {
        IAMPolicy policy = _aclPolicyDao.findById(policyId);
        if (policy == null) {
            throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
                    + "; failed to add policy to account.");
        }

        assertTrue("failed to delete acl policy 1", _aclSrv.deleteIAMPolicy(1L));
    }

    @Test
    public void listIAMPolicyTest() {
        IAMPolicy policy = new IAMPolicyVO("policy1", "tester policy1");
        List<IAMPolicy> policies = new ArrayList<IAMPolicy>();
        policies.add(policy);
        when(_iamSrv.listIAMPolicies(callerId)).thenReturn(policies);
        List<IAMPolicy> polys = _aclSrv.listIAMPolicies(callerId);
        assertTrue(polys != null && polys.size() == 1);
        IAMPolicy p = polys.get(0);
        assertEquals("Error to retrieve group", "policy1", p.getName());
    }

        invalidateIAMCache();
    }

    @Override
    public void removeIAMPolicyFromAccounts(final Long policyId, final List<Long> acctIds) {
        IAMPolicy policy = _aclPolicyDao.findById(policyId);
        if (policy == null) {
            throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
                    + "; failed to add policy to account.");
        }

    @DB
    @Override
    public IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, String scope, Long scopeId,
            String action, String accessType, Permission perm, Boolean recursive) {
        // get the Acl Policy entity
        IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
        if (policy == null) {
            throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId
                    + "; failed to add permission to policy.");
        }