August 2013 - rhq-commits - Fedora Mailing-Lists

by Simeon Pinder

modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java | 41 +++++----- 1 file changed, 24 insertions(+), 17 deletions(-) New commits: commit 35aec2e57a134860d16fcc80dfea8ca3f9db6c33 Author: Simeon Pinder <spinder(a)redhat.com> Date: Mon Aug 5 16:52:11 2013 -0400 minor refactor. diff --git a/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java b/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java index 86d64ab..b13b289 100644 --- a/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java +++ b/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java @@ -23,6 +23,7 @@ import java.util.Set; import javax.naming.CompositeName; import javax.naming.Context; +import javax.naming.InvalidNameException; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.Attribute; @@ -464,19 +465,7 @@ public class TestLdapSettings extends JFrame { // Going with the first match SearchResult si = (SearchResult) answer.next(); - // Construct the UserDN - // userDN = si.getName() + "," + baseDNs[x]; - //BZ: 981015: - userDN = null; - - try { - userDN = si.getNameInNamespace(); - } catch (UnsupportedOperationException use) { - userDN = new CompositeName(si.getName()).get(0); - if (si.isRelative()) { - userDN += "," + baseDNs[x]; - } - } + constructUserDn(baseDNs, x, si); msg = "STEP-2:PASS: The test user '" + testUserName @@ -946,16 +935,7 @@ public class TestLdapSettings extends JFrame { // We use the first match SearchResult si = answer.next(); // Construct the UserDN - userDN = null; - - try { - userDN = si.getNameInNamespace(); - } catch (UnsupportedOperationException use) { - userDN = new CompositeName(si.getName()).get(0); - if (si.isRelative()) { - userDN += "," + baseDNs[x]; - } - } + constructUserDn(baseDNs, x, si); userDetails.put("dn", userDN); // Construct the UserDN @@ -977,6 +957,22 @@ public class TestLdapSettings extends JFrame { return userDetails; } + /* Construct UserDn. + * + */ + private void constructUserDn(String[] baseDNs, int x, SearchResult si) throws InvalidNameException { + userDN = null; + + try { + userDN = si.getNameInNamespace(); + } catch (UnsupportedOperationException use) { + userDN = new CompositeName(si.getName()).get(0); + if (si.isRelative()) { + userDN += "," + baseDNs[x]; + } + } + } + public Set<String> findAvailableGroupsFor(String userName) { // Load our LDAP specific properties Properties options = env; commit e6fb7a22c9cc1b7c3a5dab8cf48017d5da564087 Author: Simeon Pinder <spinder(a)redhat.com> Date: Mon Aug 5 16:41:57 2013 -0400 Applying fixes for [BZ 707047] and [BZ 981015] to LDAP Test Tool, to correctly encode characters and consistently construct UserDN. diff --git a/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java b/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java index bc322ab..86d64ab 100644 --- a/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java +++ b/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java @@ -21,6 +21,7 @@ import java.util.Map; import java.util.Properties; import java.util.Set; +import javax.naming.CompositeName; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.NamingException; @@ -464,7 +465,19 @@ public class TestLdapSettings extends JFrame { SearchResult si = (SearchResult) answer.next(); // Construct the UserDN - userDN = si.getName() + "," + baseDNs[x]; + // userDN = si.getName() + "," + baseDNs[x]; + //BZ: 981015: + userDN = null; + + try { + userDN = si.getNameInNamespace(); + } catch (UnsupportedOperationException use) { + userDN = new CompositeName(si.getName()).get(0); + if (si.isRelative()) { + userDN += "," + baseDNs[x]; + } + } + msg = "STEP-2:PASS: The test user '" + testUserName + "' was succesfully located, and the following userDN will be used in authorization check:\n"; @@ -914,7 +927,8 @@ public class TestLdapSettings extends JFrame { String filter = String.format("(&(%s)(%s=%s))", groupSearchFilter, groupMemberFilter, - testUserDN); + // testUserDN); BZ 707047 + encodeForFilter(testUserDN)); generateUiLoggingForStep4LdapFilter(userName, filter); @@ -931,19 +945,16 @@ public class TestLdapSettings extends JFrame { // We use the first match SearchResult si = answer.next(); - //generate the DN - String userDN = null; + // Construct the UserDN + userDN = null; + try { userDN = si.getNameInNamespace(); } catch (UnsupportedOperationException use) { - userDN = si.getName(); - if (userDN.startsWith("\"")) { - userDN = userDN.substring(1, userDN.length()); - } - if (userDN.endsWith("\"")) { - userDN = userDN.substring(0, userDN.length() - 1); + userDN = new CompositeName(si.getName()).get(0); + if (si.isRelative()) { + userDN += "," + baseDNs[x]; } - userDN = userDN + "," + baseDNs[x]; } userDetails.put("dn", userDN);

10 years, 10 months

1
0
0 / 0

[rhq] modules/enterprise

by mike thompson

modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/monitoring/table/AddToDashboardComponent.java | 18 +++------- 1 file changed, 7 insertions(+), 11 deletions(-) New commits: commit 59eaa500eedaae0a7e687800c049dbfe7f5c01b1 Author: Mike Thompson <mithomps(a)redhat.com> Date: Mon Aug 5 15:07:37 2013 -0700 [BZ 991257] Spurious Globally uncaught Exception: (TypeError): 'null' is not an object. Add EnhancedToolstrip instead of Toolstrip to fix proper destroying. diff --git a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/monitoring/table/AddToDashboardComponent.java b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/monitoring/table/AddToDashboardComponent.java index 52b0d86..f337202 100644 --- a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/monitoring/table/AddToDashboardComponent.java +++ b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/monitoring/table/AddToDashboardComponent.java @@ -23,12 +23,10 @@ import java.util.LinkedHashMap; import com.google.gwt.user.client.rpc.AsyncCallback; import com.smartgwt.client.widgets.IButton; import com.smartgwt.client.widgets.events.ClickEvent; -import com.smartgwt.client.widgets.form.DynamicForm; import com.smartgwt.client.widgets.form.fields.SelectItem; import com.smartgwt.client.widgets.form.fields.events.ChangeEvent; import com.smartgwt.client.widgets.form.fields.events.ChangeHandler; import com.smartgwt.client.widgets.grid.ListGridRecord; -import com.smartgwt.client.widgets.toolbar.ToolStrip; import org.rhq.core.domain.configuration.PropertySimple; import org.rhq.core.domain.criteria.DashboardCriteria; @@ -42,12 +40,13 @@ import org.rhq.enterprise.gui.coregui.client.dashboard.portlets.inventory.resour import org.rhq.enterprise.gui.coregui.client.gwt.GWTServiceLookup; import org.rhq.enterprise.gui.coregui.client.util.Log; import org.rhq.enterprise.gui.coregui.client.util.enhanced.Enhanced; +import org.rhq.enterprise.gui.coregui.client.util.enhanced.EnhancedToolStrip; import org.rhq.enterprise.gui.coregui.client.util.message.Message; /** * @author Mike Thompson */ -public class AddToDashboardComponent extends ToolStrip implements Enhanced { +public class AddToDashboardComponent extends EnhancedToolStrip implements Enhanced { final private Resource resource; private SelectItem dashboardSelectItem; private Dashboard selectedDashboard; @@ -75,7 +74,6 @@ public class AddToDashboardComponent extends ToolStrip implements Enhanced { private void createToolstrip() { addSpacer(15); - dashboardSelectItem = new SelectItem(); addToDashboardButton = new IButton(MSG.view_metric_addToDashboard()); addToDashboardButton.disable(); @@ -103,8 +101,8 @@ public class AddToDashboardComponent extends ToolStrip implements Enhanced { .getMetricDefinitions()) { if (measurementDefinition.getId() == selectedRecord .getAttributeAsInt(MetricsViewDataSource.FIELD_METRIC_DEF_ID)) { - Log.info("Add to Dashboard -- Storing: " + measurementDefinition.getDisplayName() - + " in " + selectedDashboard.getName()); + Log.info("Add to Dashboard -- Storing: " + measurementDefinition.getDisplayName() + " in " + + selectedDashboard.getName()); storeDashboardMetric(selectedDashboard, resource, measurementDefinition); break; } @@ -114,15 +112,14 @@ public class AddToDashboardComponent extends ToolStrip implements Enhanced { }); } - public void disableAddToDashboardButton(){ - addToDashboardButton.disable(); + public void disableAddToDashboardButton() { + addToDashboardButton.disable(); } - public void enableAddToDashboardButton(){ + public void enableAddToDashboardButton() { addToDashboardButton.enable(); } - public void populateDashboardMenu() { dashboardMenuMap.clear(); dashboardMap.clear(); @@ -157,7 +154,6 @@ public class AddToDashboardComponent extends ToolStrip implements Enhanced { this.metricsListGrid = metricsListGrid; } - private void storeDashboardMetric(Dashboard dashboard, Resource resource, MeasurementDefinition definition) { DashboardPortlet dashboardPortlet = new DashboardPortlet(MSG.view_tree_common_contextMenu_resourceGraph(), ResourceD3GraphPortlet.KEY, 250);

10 years, 10 months

1
0
0 / 0

[rhq] Branch 'feature/bundle-group' - modules/core modules/enterprise

by Jay Shaughnessy

modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java | 16 modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java | 33 - modules/core/domain/src/main/java/org/rhq/core/domain/bundle/Bundle.java | 32 - modules/core/domain/src/main/java/org/rhq/core/domain/bundle/BundleGroup.java | 54 +- modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java | 265 +++++++++- modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java | 26 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java | 26 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java | 4 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java | 83 ++- modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java | 9 10 files changed, 480 insertions(+), 68 deletions(-) New commits: commit 71fe832fda706228745df1bc9fe089b1b7095d8b Author: Jay Shaughnessy <jshaughn(a)redhat.com> Date: Mon Aug 5 17:42:45 2013 -0400 More fine-grained bundle testing and work - add canView authz support for bundle stuff - up the serial version uid for affected entities - fix inverse relation handling on add/remove/sets - add more testing around create and delete, fix cleanup of bundle groups - fix some delete code when roles or bundles are associated with bundle groups - add some more useful authz checking for local api diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java index 5f86d8e..c70d651 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java @@ -186,6 +186,20 @@ import org.rhq.core.domain.resource.group.ResourceGroup; + " JOIN r.subjects s " // + " WHERE s.id = :subjectId ) ) "), + @NamedQuery(name = Subject.QUERY_CAN_VIEW_BUNDLE, query = "SELECT COUNT(b) " + + "FROM Bundle b, IN (b.bundleGroups) bg, IN (bg.roles) r, IN (r.subjects) s " + + "WHERE s = :subject AND b.id = :bundleId"), + + @NamedQuery(name = Subject.QUERY_CAN_VIEW_BUNDLE_GROUP, query = "" // + + "SELECT count(bg) " // + + " FROM BundleGroup bg " // + + " WHERE bg.id = :bundleGroupId " // + + " AND bg.id IN (SELECT innerbg.id " // + + " FROM BundleGroup innerbg " // + + " JOIN innerbg.roles r " // + + " JOIN r.subjects s " // + + " WHERE s = :subject) "), + /* * No easy way to test whether ALL resources are in some group in some role in some subject where * subject.id = <id> & role.permission = <perm> @@ -246,6 +260,8 @@ public class Subject implements Serializable { public static final String QUERY_CAN_VIEW_RESOURCES = "Subject.canViewResources"; public static final String QUERY_CAN_VIEW_GROUP = "Subject.canViewGroup"; public static final String QUERY_CAN_VIEW_AUTO_GROUP = "Subject.canViewAutoGroup"; + public static final String QUERY_CAN_VIEW_BUNDLE = "Subject.canViewBundle"; + public static final String QUERY_CAN_VIEW_BUNDLE_GROUP = "Subject.canViewBundleGroup"; public static final String QUERY_GET_RESOURCES_BY_PERMISSION = "Subject.getResourcesByPermission"; diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java index af5af3b..3f4c136 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java @@ -38,6 +38,7 @@ import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.JoinColumn; +import javax.persistence.JoinTable; import javax.persistence.ManyToMany; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; @@ -94,7 +95,7 @@ public class Role implements Serializable { public static final String QUERY_DYNAMIC_CONFIG_VALUES = "Role.dynamicConfigValues"; - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = 2L; @Column(name = "ID", nullable = false) @GeneratedValue(strategy = GenerationType.AUTO, generator = "RHQ_ROLE_ID_SEQ") @@ -129,7 +130,8 @@ public class Role implements Serializable { @Cascade({ org.hibernate.annotations.CascadeType.ALL }) private Set<Permission> permissions = new HashSet<Permission>(); - @ManyToMany(mappedBy = "roles") + @JoinTable(name = "RHQ_ROLE_BUNDLE_GROUP_MAP", joinColumns = { @JoinColumn(name = "ROLE_ID") }, inverseJoinColumns = { @JoinColumn(name = "BUNDLE_GROUP_ID") }) + @ManyToMany private Set<BundleGroup> bundleGroups = new HashSet<BundleGroup>(); public Role() { @@ -277,9 +279,16 @@ public class Role implements Serializable { } public Set<BundleGroup> getBundleGroups() { + if (this.bundleGroups == null) { + this.bundleGroups = new HashSet<BundleGroup>(); + } return bundleGroups; } + /** + * This also updates the inverse relations (add this role to bundle groups) + * @param bundleGroups + */ public void setBundleGroups(Set<BundleGroup> bundleGroups) { if (bundleGroups == null) { this.bundleGroups = new HashSet<BundleGroup>(); @@ -292,22 +301,22 @@ public class Role implements Serializable { } } + /** + * This also updates the inverse relation (add this role to bundle group) + * @param bundleGroup + */ public void addBundleGroup(BundleGroup bundleGroup) { - if (this.bundleGroups == null) { - this.bundleGroups = new HashSet<BundleGroup>(); - } - + getBundleGroups().add(bundleGroup); bundleGroup.addRole(this); - this.bundleGroups.add(bundleGroup); } + /** + * This also updates the inverse relation (remove this role from bundle group) + * @param bundleGroup + */ public void removeBundleGroup(BundleGroup bundleGroup) { - if (this.bundleGroups == null) { - this.bundleGroups = new HashSet<BundleGroup>(); - } - + getBundleGroups().remove(bundleGroup); bundleGroup.removeRole(this); - this.bundleGroups.remove(bundleGroup); } public Set<ResourceGroup> getResourceGroups() { diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/Bundle.java b/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/Bundle.java index 5af51af..c2f2714 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/Bundle.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/Bundle.java @@ -69,7 +69,7 @@ import org.rhq.core.domain.tagging.Tag; @Table(name = "RHQ_BUNDLE") @XmlAccessorType(XmlAccessType.FIELD) public class Bundle implements Serializable { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = 2L; public static final String QUERY_FIND_ALL = "Bundle.findAll"; public static final String QUERY_FIND_BY_NAME = "Bundle.findByName"; @@ -104,8 +104,8 @@ public class Bundle implements Serializable { @OneToMany(mappedBy = "bundle", fetch = FetchType.LAZY) private List<BundleVersion> bundleVersions = new ArrayList<BundleVersion>(); - @ManyToMany(mappedBy = "bundles", fetch = FetchType.LAZY, cascade = CascadeType.REMOVE) - private Set<BundleGroup> bundleGroups; + @ManyToMany(mappedBy = "bundles", fetch = FetchType.LAZY) + private Set<BundleGroup> bundleGroups = new HashSet<BundleGroup>(); @ManyToMany(mappedBy = "bundles", fetch = FetchType.LAZY, cascade = CascadeType.REMOVE) private Set<Tag> tags; @@ -183,26 +183,34 @@ public class Bundle implements Serializable { } public Set<BundleGroup> getBundleGroups() { + if (this.bundleGroups == null) { + this.bundleGroups = new HashSet<BundleGroup>(); + } return bundleGroups; } + /** + * This does not set the inverse relationships. + * @param bundleGroups + */ public void setBundleGroups(Set<BundleGroup> bundleGroups) { this.bundleGroups = bundleGroups; } + /** + * This does not set the inverse relationship. You may want {@link BundleGroup#addBundle(Bundle)}. + * @param bundleGroups + */ public void addBundleGroup(BundleGroup bundleGroup) { - if (this.bundleGroups == null) { - this.bundleGroups = new HashSet<BundleGroup>(); - } - this.bundleGroups.add(bundleGroup); + getBundleGroups().add(bundleGroup); } + /** + * This does not set the inverse relationship. You may want {@link BundleGroup#removeBundle(Bundle)}. + * @param bundleGroups + */ public boolean removeBundleGroup(BundleGroup bundleGroup) { - if (this.bundleGroups != null) { - return this.bundleGroups.remove(bundleGroup); - } else { - return false; - } + return getBundleGroups().remove(bundleGroup); } public List<BundleDestination> getDestinations() { diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/BundleGroup.java b/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/BundleGroup.java index 16037f7..dd6a824 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/BundleGroup.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/BundleGroup.java @@ -26,8 +26,10 @@ import java.io.Serializable; import java.util.HashSet; import java.util.Set; +import javax.persistence.CascadeType; import javax.persistence.Column; import javax.persistence.Entity; +import javax.persistence.FetchType; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; @@ -74,11 +76,10 @@ public class BundleGroup implements Serializable { @JoinTable(name = "RHQ_BUNDLE_GROUP_BUNDLE_MAP", joinColumns = { @JoinColumn(name = "BUNDLE_GROUP_ID") }, inverseJoinColumns = { @JoinColumn(name = "BUNDLE_ID") }) @ManyToMany - private Set<Bundle> bundles = new HashSet<Bundle>(); + private Set<Bundle> bundles; - @JoinTable(name = "RHQ_ROLE_BUNDLE_GROUP_MAP", joinColumns = { @JoinColumn(name = "BUNDLE_GROUP_ID") }, inverseJoinColumns = { @JoinColumn(name = "ROLE_ID") }) - @ManyToMany - private Set<Role> roles = new HashSet<Role>(); + @ManyToMany(mappedBy = "bundleGroups", fetch = FetchType.LAZY, cascade = CascadeType.REMOVE) + private Set<Role> roles; public BundleGroup() { // for JPA use @@ -119,12 +120,41 @@ public class BundleGroup implements Serializable { return bundles; } + /** + * This also updates the inverse relation (add this bundle group to bundle) + * @param bundle + */ public void addBundle(Bundle bundle) { getBundles().add(bundle); + bundle.addBundleGroup(this); } - public void removeBundle(Bundle bundle) { - getBundles().remove(bundle); + /** + * This also updates the inverse relation (remove this bundle group from bundle) + * @param bundle + */ + public boolean removeBundle(Bundle bundle) { + boolean result = getBundles().remove(bundle); + bundle.removeBundleGroup(this); + return result; + } + + /** + * This also updates the inverse relations + * @param bundle + */ + public void setBundles(Set<Bundle> bundles) { + for (Bundle bundle : getBundles()) { + bundle.removeBundleGroup(this); + } + + this.bundles.clear(); + + if (null != bundles) { + for (Bundle bundle : bundles) { + addBundle(bundle); + } + } } public Set<Role> getRoles() { @@ -134,12 +164,20 @@ public class BundleGroup implements Serializable { return roles; } + /** + * This *does not* update the inverse relation. You may want {@link Role#addBundleGroup(BundleGroup)} + * @param role + */ public void addRole(Role role) { getRoles().add(role); } - public void removeRole(Role role) { - getRoles().remove(role); + /** + * This *does not* update the inverse relation. You may want {@link Role#removeBundleGroup(BundleGroup)} + * @param role + */ + public boolean removeRole(Role role) { + return getRoles().remove(role); } public Long getCtime() { diff --git a/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java b/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java index 117d2df..5e94ab1 100644 --- a/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java +++ b/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java @@ -215,6 +215,15 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { em.remove(em.getReference(BundleDeployment.class, ((BundleDeployment) removeMe).getId())); } + // remove bundle groups to free up bundles + q = em.createQuery("SELECT bg FROM BundleGroup bg WHERE bg.name LIKE '" + TEST_PREFIX + "%'"); + doomed = q.getResultList(); + for (Object removeMe : doomed) { + BundleGroup doomedBundleGroup = em.find(BundleGroup.class, ((BundleGroup) removeMe).getId()); + doomedBundleGroup.setBundles(new HashSet<Bundle>()); + em.remove(doomedBundleGroup); + } + // remove bundles which cascade remove packageTypes and destinations // packagetypes cascade remove packages // package cascade remove packageversions @@ -224,6 +233,7 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { em.remove(em.getReference(Bundle.class, ((Bundle) removeMe).getId())); } em.flush(); + // remove any orphaned pvs q = em.createQuery("SELECT pv FROM PackageVersion pv WHERE pv.generalPackage.name LIKE '" + TEST_PREFIX + "%'"); @@ -257,13 +267,6 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { em.remove(em.getReference(Repo.class, ((Repo) removeMe).getId())); } - // remove bundle groups no longer referenced by bundles - q = em.createQuery("SELECT bg FROM BundleGroup bg WHERE bg.name LIKE '" + TEST_PREFIX + "%'"); - doomed = q.getResultList(); - for (Object removeMe : doomed) { - em.remove(em.getReference(BundleGroup.class, ((BundleGroup) removeMe).getId())); - } - // remove Resource Groups left over from test deployments freeing up test resources q = em.createQuery("SELECT rg FROM ResourceGroup rg WHERE rg.name LIKE '" + TEST_PREFIX + "%'"); doomed = q.getResultList(); @@ -1318,12 +1321,9 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { } @Test(enabled = TESTS_ENABLED) - public void authzBundleGroupTest() throws Exception { - Subject subject = null; - Role role = null; - - subject = createNewSubject(TEST_USER_NAME); - role = createNewRoleForSubject(subject, TEST_ROLE_NAME); + public void testAuthzBundleGroup() throws Exception { + Subject subject = createNewSubject(TEST_USER_NAME); + Role role = createNewRoleForSubject(subject, TEST_ROLE_NAME); subject = createSession(subject); // start a session so we can use this subject in SLSB calls @@ -1479,14 +1479,241 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { assertEquals("Should be able to see assigned bundle", 1, bundleGroups.size()); assertNotNull(bundleGroups.get(0).getBundles()); assertEquals("Should have fetched bundle in bundle group", 1, bundleGroups.get(0).getBundles().size()); - assertEquals("Should have fetched bundle in bundle group", bundle, bundleGroups.get(0).getBundles() - .iterator().next()); + assertEquals("Should have fetched bundle in bundle group", bundle, bundleGroups.get(0).getBundles().iterator() + .next()); assertNotNull(bundleGroups.get(0).getRoles()); assertEquals("Should have fetched role for bundle group", 1, bundleGroups.get(0).getRoles().size()); assertEquals("Should have fetched role for bundle group", role, bundleGroups.get(0).getRoles().iterator() .next()); } + @Test(enabled = TESTS_ENABLED) + public void testAuthzCreateBundleVersion() throws Exception { + Subject subject = createNewSubject(TEST_USER_NAME); + Role role = createNewRoleForSubject(subject, TEST_ROLE_NAME); + + subject = createSession(subject); // start a session so we can use this subject in SLSB calls + + // create bundle group + addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS); + BundleGroup bundleGroup1 = bundleManager.createBundleGroup(subject, TEST_BUNDLE_GROUP_NAME + "_1", "bg-1"); + + // add bg1 to the role, but no perms + addRoleBundleGroup(role, bundleGroup1); + + // deny bundle create in bg1 (no create perm) + try { + createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup1.getId()); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + + // allow bundle creation in bg1 (has create perm) + addRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP); + Bundle bundle = createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup1.getId()); + + // deny bundle version creation (perm taken away) + removeRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP); + try { + BundleVersion bv1 = createBundleVersion(subject, bundle.getName() + "-1", null, bundle); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + + // allow bundle version creation (perm granted) + addRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP); + BundleVersion bv1 = createBundleVersion(subject, bundle.getName() + "-1", null, bundle); + assertNotNull(bv1); + assertEquals("1.0", bv1.getVersion()); + assert 0 == bv1.getVersionOrder(); + + // create second role + Role role2 = createNewRoleForSubject(subject, TEST_ROLE_NAME + "_2"); + addRolePermissions(role2, Permission.CREATE_BUNDLES_IN_GROUP); + + // create second bundle group + BundleGroup bundleGroup2 = bundleManager.createBundleGroup(subject, TEST_BUNDLE_GROUP_NAME + "_2", "bg-2"); + + // deny bundle create in bg2 (not associated with role) + try { + createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup2.getId()); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + + // deny bundle assign to bg2 (not associated with role) + try { + bundleManager.assignBundlesToBundleGroup(subject, bundleGroup2.getId(), new int[] { bundle.getId() }); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + + // add bg2 to the role + addRoleBundleGroup(role2, bundleGroup2); + + // deny bundle assign to bg2 (no perm) + removeRolePermissions(role2, Permission.CREATE_BUNDLES_IN_GROUP); + try { + bundleManager.assignBundlesToBundleGroup(subject, bundleGroup2.getId(), new int[] { bundle.getId() }); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + + // allow bundle assign to bg2 + addRolePermissions(role2, Permission.ASSIGN_BUNDLES_TO_GROUP); + bundleManager.assignBundlesToBundleGroup(subject, bundleGroup2.getId(), new int[] { bundle.getId() }); + + // should fetch the single bundle even though it is in two groups + BundleCriteria bundleCriteria = new BundleCriteria(); + bundleCriteria.addFilterBundleGroupIds(bundleGroup1.getId(), bundleGroup2.getId()); + List<Bundle> bundles = bundleManager.findBundlesByCriteria(subject, bundleCriteria); + assertNotNull(bundles); + assertEquals("Should be able to see assigned bundle", 1, bundles.size()); + assertEquals("Should have fetched bundle", bundle, bundles.get(0)); + + BundleVersionCriteria bvCriteria = new BundleVersionCriteria(); + bvCriteria.addFilterBundleId(bundle.getId()); + List<BundleVersion> bundleVersions = bundleManager.findBundleVersionsByCriteria(subject, bvCriteria); + assertNotNull(bundleVersions); + assertEquals("Should be able to see assigned bundle bundleversion", 1, bundleVersions.size()); + assertEquals("Should have fetched bundleversion", bv1, bundleVersions.get(0)); + + // deny unassign + try { + bundleManager.unassignBundlesFromBundleGroup(subject, bundleGroup2.getId(), new int[] { bundle.getId() }); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + + // allow unassigns + addRolePermissions(role, Permission.UNASSIGN_BUNDLES_FROM_GROUP); + addRolePermissions(role2, Permission.UNASSIGN_BUNDLES_FROM_GROUP); + bundleManager.unassignBundlesFromBundleGroup(subject, bundleGroup1.getId(), new int[] { bundle.getId() }); + bundleManager.unassignBundlesFromBundleGroup(subject, bundleGroup2.getId(), new int[] { bundle.getId() }); + + // should not find the now unassigned bundle + bundles = bundleManager.findBundlesByCriteria(subject, bundleCriteria); + assertNotNull(bundles); + assertEquals("Should not be able to see unassigned bundle", 0, bundles.size()); + + bundleVersions = bundleManager.findBundleVersionsByCriteria(subject, bvCriteria); + assertNotNull(bundleVersions); + assertEquals("Should not be able to see unassigned bundle bundleversion", 0, bundleVersions.size()); + + // allow view + addRolePermissions(role, Permission.VIEW_BUNDLES); + + // should fetch the single unassigned bundle due to global view in one of the assigned roles + bundleCriteria.addFilterBundleGroupIds(null); + bundles = bundleManager.findBundlesByCriteria(subject, bundleCriteria); + assertNotNull(bundles); + assertEquals("Should be able to see unassigned bundle", 1, bundles.size()); + assertEquals("Should have fetched bundle", bundle, bundles.get(0)); + + bundleVersions = bundleManager.findBundleVersionsByCriteria(subject, bvCriteria); + assertNotNull(bundleVersions); + assertEquals("Should be able to see unassigned bundle bundleversion", 1, bundleVersions.size()); + assertEquals("Should have fetched bundleversion", bv1, bundleVersions.get(0)); + } + + @Test(enabled = TESTS_ENABLED) + public void testAuthzDeleteBundleVersion() throws Exception { + Subject subject = createNewSubject(TEST_USER_NAME); + Role role = createNewRoleForSubject(subject, TEST_ROLE_NAME); + + subject = createSession(subject); // start a session so we can use this subject in SLSB calls + + // create bundle group + addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS); + BundleGroup bundleGroup1 = bundleManager.createBundleGroup(subject, TEST_BUNDLE_GROUP_NAME + "_1", "bg-1"); + + // add bg1 to the role with group create + addRoleBundleGroup(role, bundleGroup1); + addRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP); + + // allow bundle creation in bg1 (has create perm) + Bundle bundle = createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup1.getId()); + + // allow delete, global perm + addRolePermissions(role, Permission.DELETE_BUNDLES); + deleteBundleVersion(subject, bundle); + + // allow bundle creation in bg1 (has create perm) + bundle = createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup1.getId()); + + // allow delete, bundle group perm + removeRolePermissions(role, Permission.DELETE_BUNDLES); + addRolePermissions(role, Permission.DELETE_BUNDLES_FROM_GROUP); + deleteBundleVersion(subject, bundle); + + // allow bundle creation in bg1 (has create perm) + bundle = createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup1.getId()); + + // deny delete, no delete perms + removeRolePermissions(role, Permission.DELETE_BUNDLES_FROM_GROUP); + try { + deleteBundleVersion(subject, bundle); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + } + + // subject must have create bundle version permission + private void deleteBundleVersion(Subject subject, Bundle b1) throws Exception { + assertNotNull(b1); + + BundleVersion bv1 = createBundleVersion(subject, b1.getName() + "-1", null, b1); + assertNotNull(bv1); + assertEquals("1.0", bv1.getVersion()); + BundleVersion bv2 = createBundleVersion(subject, b1.getName() + "-2", null, b1); + assertNotNull(bv2); + assertEquals("1.1", bv2.getVersion()); + + // let's add a bundle file so we can ensure our deletion will also delete the file too + bundleManager.addBundleFileViaByteArray(subject, bv2.getId(), "testDeleteBundleVersion", "1.0", + new Architecture("noarch"), "content".getBytes()); + BundleFileCriteria bfCriteria = new BundleFileCriteria(); + bfCriteria.addFilterBundleVersionId(bv2.getId()); + bfCriteria.fetchPackageVersion(true); + PageList<BundleFile> files = bundleManager.findBundleFilesByCriteria(overlord, bfCriteria); + assert files.size() == 1 : files; + assert files.get(0).getPackageVersion().getGeneralPackage().getName().equals("testDeleteBundleVersion") : files; + + BundleVersionCriteria bvCriteria = new BundleVersionCriteria(); + BundleCriteria bCriteria = new BundleCriteria(); + + // delete the first one - this deletes the BV but the bundle should remain intact + bundleManager.deleteBundleVersion(subject, bv2.getId(), true); + bvCriteria.addFilterId(bv2.getId()); + PageList<BundleVersion> bvResults = bundleManager.findBundleVersionsByCriteria(subject, bvCriteria); + assert bvResults.size() == 0; + bCriteria.addFilterId(b1.getId()); + PageList<Bundle> bResults = bundleManager.findBundlesByCriteria(subject, bCriteria); + assert bResults.size() == 1 : "Should not have deleted bundle yet, 1 version still exists"; + + // delete the second one - this deletes last BV thus the bundle should also get deleted + bundleManager.deleteBundleVersion(subject, bv1.getId(), true); + bvCriteria.addFilterId(bv1.getId()); + bvResults = bundleManager.findBundleVersionsByCriteria(subject, bvCriteria); + assert bvResults.size() == 0; + bCriteria.addFilterId(b1.getId()); + bResults = bundleManager.findBundlesByCriteria(subject, bCriteria); + assert bResults.size() == 0 : "Should have deleted bundle since no versions exists anymore"; + + // make sure our composite query is OK and can show us 0 bundles, too + PageList<BundleWithLatestVersionComposite> composites; + bCriteria = new BundleCriteria(); + composites = bundleManager.findBundlesWithLatestVersionCompositesByCriteria(subject, bCriteria); + assert composites.size() == 0; + } + private Subject createNewSubject(String subjectName) throws Exception { Subject newSubject = new Subject(); @@ -1557,8 +1784,12 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { } private Bundle createBundle(Subject subject, String name) throws Exception { + return createBundle(subject, name, 0); + } + + private Bundle createBundle(Subject subject, String name, int bundleGroupId) throws Exception { BundleType bt = createBundleType(name); - return createBundle(subject, name, bt, 0); + return createBundle(subject, name, bt, bundleGroupId); } private Bundle createBundle(Subject subject, String name, BundleType bt, int bundleGroupId) throws Exception { @@ -1578,7 +1809,7 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { throws Exception { final String fullName = TEST_PREFIX + "-bundleversion-" + version + "-" + name; final String recipe = "deploy -f " + TEST_PREFIX + ".zip -d @@ test.path @@"; - BundleVersion bv = bundleManager.createBundleVersion(overlord, bundle.getId(), fullName, fullName + "-desc", + BundleVersion bv = bundleManager.createBundleVersion(subject, bundle.getId(), fullName, fullName + "-desc", version, recipe); assert bv.getId() > 0; diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java index d71095f..d5746d3 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java @@ -304,6 +304,32 @@ public class AuthorizationManagerBean implements AuthorizationManagerLocal { } @Override + public boolean canViewBundle(Subject subject, int bundleId) { + if (hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) { + return true; + } + + Query query = entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_BUNDLE); + query.setParameter("subject", subject); + query.setParameter("bundleId", bundleId); + long count = (Long) query.getSingleResult(); + return (count != 0); + } + + @Override + public boolean canViewBundleGroup(Subject subject, int bundleGroupId) { + if (hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) { + return true; + } + + Query query = entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_BUNDLE_GROUP); + query.setParameter("subject", subject); + query.setParameter("bundleGroupId", bundleGroupId); + long count = (Long) query.getSingleResult(); + return (count != 0); + } + + @Override public boolean isInventoryManager(Subject subject) { return hasGlobalPermission(subject, Permission.MANAGE_INVENTORY); } diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java index 8872d61..62d3c0c 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java @@ -80,6 +80,28 @@ public interface AuthorizationManagerLocal { boolean canViewAutoGroup(Subject subject, int parentResourceId, int resourceTypeId); /** + * Returns true if the current user has explicit (Global.VIEW_BUNDLES) or implicit (via bundleGroup-Role + * association) view of the specified bundle . + * + * @param subject the current subject or caller + * @param bundleId the id of some Bundle to check permissions against + * + * @return true if the current user has some role attached to some bundle group that contains this bundle + */ + boolean canViewBundle(Subject subject, int bundleId); + + /** + * Returns true if the current user has explicit (Global.VIEW_BUNDLES) or implicit (via bundleGroup-Role + * association) view of the specified bundle group. + * + * @param subject the current subject or caller + * @param bundleGroupId the id of some Bundle to check permissions against + * + * @return true if the current user has some role attached to some bundle group that contains this bundle + */ + boolean canViewBundleGroup(Subject subject, int bundleGroupId); + + /** * Returns true if the current user possesses either: 1) the specified resource permission for the specified * resource, or 2) the global MANAGE_INVENTORY permission which, by definition, gives full access to the inventory * (all resources and all groups) @@ -244,7 +266,7 @@ public interface AuthorizationManagerLocal { * @return <code>true</code> if the given subject is considered the overlord subject */ boolean isOverlord(Subject subject); - + /** * Returns true if given subject is able to view given repo. * The subject is able to view a repo if it is public or if the subject is the owner of the repo @@ -255,7 +277,7 @@ public interface AuthorizationManagerLocal { * @return true if subject is able to view the repo, false otherwise */ boolean canViewRepo(Subject subject, int repoId); - + /** * Returns true if given subject is able to update given repo. * The subject is able to update a repo if it is owned by the subject diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java index aeaf597..96d44de 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java @@ -841,7 +841,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { throw new IllegalArgumentException("Tried to remove role[" + roleId + "] from BundleGroup[" + bundleGroupId + "], but role was not found"); } - bundleGroup.removeRole(doomedRole); + doomedRole.removeBundleGroup(bundleGroup); } } @@ -893,7 +893,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { throw new IllegalArgumentException("Tried to add role[" + roleId + "] to bundleGroup[" + bundleGroupId + "], but role was not found"); } - bundleGroup.addRole(role); + role.addBundleGroup(bundleGroup); } } diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java index bc85e6d..33c119e 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java @@ -259,13 +259,14 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot Bundle bundle = new Bundle(name, bundleType, repo, packageType); bundle.setDescription(description); bundle.setPackageType(packageType); - if (null != bundleGroup) { - bundle.addBundleGroup(bundleGroup); - } log.info("Creating bundle: " + bundle); entityManager.persist(bundle); + if (null != bundleGroup) { + bundleGroup.addBundle(bundle); + } + return bundle; } @@ -511,6 +512,8 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot throw new IllegalArgumentException("Invalid bundleId: " + bundleId); } + checkCreateBundleVersionAuthz(subject, bundleId); + // parse the recipe (validation occurs here) and get the config def and list of files BundleType bundleType = bundle.getBundleType(); RecipeParseResults results; @@ -1784,7 +1787,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot if (!authorizationManager.hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) { generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, - subject.getId()); + subject.getId(), null); } CriteriaQueryRunner<BundleWithLatestVersionComposite> queryRunner = new CriteriaQueryRunner<BundleWithLatestVersionComposite>( @@ -1824,6 +1827,11 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot entityManager.flush(); } + // remove bundle from relevant any assigned bundle groups + for (BundleGroup bg : bundle.getBundleGroups()) { + bg.removeBundle(bundle); + } + // we need to whack the Repo once the Bundle no longer refers to it Repo bundleRepo = bundle.getRepo(); @@ -2004,7 +2012,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot // remove from any roles for (Role r : bundleGroup.getRoles()) { - bundleGroup.removeRole(r); + r.removeBundleGroup(bundleGroup); } bundleGroup = entityManager.merge(bundleGroup); @@ -2036,7 +2044,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot throw new IllegalArgumentException("BundleGroup does not exist for bundleGroupId [" + bundleGroupId + "]"); } - checkAssignBundleGroupAuthz(subject, bundleGroupId, bundleIds); + checkUnassignBundleGroupAuthz(subject, bundleGroupId, bundleIds); for (int bundleId : bundleIds) { Bundle bundle = entityManager.find(Bundle.class, bundleId); @@ -2074,7 +2082,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot } if (hasGlobalCreateBundles) { - if (authorizationManager.hasBundleGroupPermission(subject, Permission.VIEW_BUNDLES_IN_GROUP, bundleGroupId)) { + if (authorizationManager.canViewBundleGroup(subject, bundleGroupId)) { return; } } else { @@ -2116,7 +2124,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot } if (hasGlobalCreateBundles) { - if (authorizationManager.hasBundlePermission(subject, Permission.VIEW_BUNDLES_IN_GROUP, bundleId)) { + if (authorizationManager.canViewBundle(subject, bundleId)) { return; } } else { @@ -2173,7 +2181,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot throw new IllegalArgumentException("Invalid bundleId: [" + bundleId + "]"); } - if (!authorizationManager.hasBundlePermission(subject, Permission.VIEW_BUNDLES_IN_GROUP, bundleId)) { + if (!authorizationManager.canViewBundle(subject, bundleId)) { String msg = "Subject [" + subject.getName() + "] requires either Global.VIEW_BUNDLES or BundleGroup.VIEW_BUNDLES_IN_GROUP to assign bundle [" + bundleId + "] to bundle group [" + bundleGroupId + "]"; @@ -2185,6 +2193,58 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot } /** + * Requires VIEW permission for the relevant bundles and either: + * - Global.DELETE_BUNDLE + * - BundleGroup.DELETE_BUNDLES_FROM_GROUP or BundleGroup.UNASSIGN_BUNDLES_FROM_GROUP for the relevant bundle group + * + * @param subject + * @param bundleGroupId an existing bundle group + * @param bundleIds existing bundles + * @throws PermissionException + */ + private void checkUnassignBundleGroupAuthz(Subject subject, int bundleGroupId, int[] bundleIds) + throws PermissionException { + + Set<Permission> globalPerms = authorizationManager.getExplicitGlobalPermissions(subject); + boolean hasGlobalDeleteBundles = globalPerms.contains(Permission.DELETE_BUNDLES); + boolean hasGlobalViewBundles = globalPerms.contains(Permission.VIEW_BUNDLES); + + if (hasGlobalDeleteBundles && hasGlobalViewBundles) { + return; + } + + boolean hasBundleGroupDelete = hasGlobalDeleteBundles + || authorizationManager.hasBundleGroupPermission(subject, Permission.DELETE_BUNDLES_FROM_GROUP, + bundleGroupId); + boolean hasBundleGroupUnassign = hasBundleGroupDelete + || authorizationManager.hasBundleGroupPermission(subject, Permission.UNASSIGN_BUNDLES_FROM_GROUP, + bundleGroupId); + + if (!hasBundleGroupUnassign) { + String msg = "Subject [" + + subject.getName() + + "] requires one of Global.DELETE_BUNDLES, BundleGroup.DELETE_BUNDLES_FROM_GROUP, or BundleGroup.UNASSIGN_BUNDLES_FROM_GROUP to unassign a bundle to undle group [" + + bundleGroupId + "]."; + throw new PermissionException(msg); + } + + for (int bundleId : bundleIds) { + if (bundleId <= 0) { + throw new IllegalArgumentException("Invalid bundleId: [" + bundleId + "]"); + } + + if (!authorizationManager.canViewBundle(subject, bundleId)) { + String msg = "Subject [" + subject.getName() + + "] requires either Global.VIEW_BUNDLES or BundleGroup.VIEW_BUNDLES_IN_GROUP to unassign bundle [" + + bundleId + "] to bundle group [" + bundleGroupId + "]"; + throw new PermissionException(msg); + } + } + + return; + } + + /** * Required Permissions: Either: * - Global.DEPLOY_BUNDLES and a view of the relevant bundle and a view of the relevant resource group (may involve multiple roles) * - Resource.DEPLOY_BUNDLES_TO_GROUP and a view of the relevant bundle and a view of the relevant resource group (may involve multiple roles) @@ -2210,8 +2270,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot boolean hasResourceGroupDeploy = hasGlobalDeployBundles || authorizationManager.hasGroupPermission(subject, Permission.DEPLOY_BUNDLES_TO_GROUP, resourceGroupId); - boolean hasBundleView = hasGlobalViewBundles - || authorizationManager.hasBundlePermission(subject, Permission.VIEW_BUNDLES_IN_GROUP, bundleId); + boolean hasBundleView = hasGlobalViewBundles || authorizationManager.canViewBundle(subject, bundleId); if (!(hasResourceGroupDeploy && hasBundleView)) { String msg = "Subject [" + subject.getName() @@ -2248,7 +2307,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot } if (hasGlobalDeleteBundles) { - if (authorizationManager.hasBundlePermission(subject, Permission.VIEW_BUNDLES_IN_GROUP, bundleId)) { + if (authorizationManager.canViewBundle(subject, bundleId)) { return; } } else { diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java index f96d356..6df2610 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java @@ -112,9 +112,12 @@ public interface BundleManagerLocal extends BundleManagerRemote { /** * Internal use only, test entry point - * - * This method performs NO AUTHZ! - * + * <pre> + * Required Permissions: Either: + * - Global.CREATE_BUNDLES and Global.VIEW_BUNDLES + * - Global.CREATE_BUNDLES and BundleGroup.VIEW_BUNDLES_IN_GROUP for bundle group BG and the relevant bundle is assigned to BG + * - BundleGroup.CREATE_BUNDLES_IN_GROUP for bundle group BG and the relevant bundle is assigned to BG + * </pre> * @param subject user that must have proper permissions * @param bundleId the bundle for which this will be the next version * @param name not null or empty

10 years, 10 months

1
0
0 / 0

[rhq] Branch 'hotfix/jon3.1.2' - modules/enterprise

by Larry O'Leary

modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java | 16 +++- modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java | 17 +--- modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java | 37 ++++------ 3 files changed, 39 insertions(+), 31 deletions(-) New commits: commit bbe1c9b92ae47cda13927a3f541874ecb52c868d Author: Larry O'Leary <loleary(a)redhat.com> Date: Wed Jul 17 16:32:05 2013 +0200 BZ 981015 - Ldap auth failed if DN contained a backslash (cherry-picked from commit 01cd91b130f563ba62cd96a46f2cb3a2ac567a48) BZ 981015: Fix test failures introduced by commit 01cd91b - findLdapUserDetails was appending baseDN twice during fallback code - FakeLdapContext contained some lazy escaping on the mock group entries (cherry picked from commit 567aee7f81c6aa0f7680d4f394cccb1974705320) (cherry picked from commit cb7bdca5eb624e5064dc0e4191e63b01e4877829) diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java index 3de303c..38af750 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java @@ -23,6 +23,7 @@ import java.util.Iterator; import java.util.Properties; import java.util.Map.Entry; +import javax.naming.CompositeName; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.directory.SearchControls; @@ -189,7 +190,18 @@ public class LdapLoginModule extends UsernamePasswordLoginModule { SearchResult si = (SearchResult) answer.next(); // Construct the UserDN - String userDN = si.getName() + "," + baseDNs[x]; + String userDN = null; + + try { + userDN = si.getNameInNamespace(); + } catch (UnsupportedOperationException use) { + userDN = new CompositeName(si.getName()).get(0); + if (si.isRelative()) { + userDN += "," + baseDNs[x]; + } + } + + log.debug("Using LDAP userDN=" + userDN); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, inputPassword); @@ -204,7 +216,7 @@ public class LdapLoginModule extends UsernamePasswordLoginModule { // If we try all the BaseDN's and have not found a match, return false return false; } catch (Exception e) { - log.info("Failed to validate password: " + e.getMessage()); + log.info("Failed to validate password for [" + userName + "]: " + e.getMessage()); return false; } } diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java index eeeb4fc..f828950 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java @@ -1,6 +1,6 @@ /* * RHQ Management Platform - * Copyright (C) 2005-2011 Red Hat, Inc. + * Copyright (C) 2005-2013 Red Hat, Inc. * All rights reserved. * * This program is free software; you can redistribute it and/or modify @@ -13,8 +13,8 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ package org.rhq.enterprise.server.resource.group; @@ -31,6 +31,7 @@ import java.util.Set; import javax.ejb.EJB; import javax.ejb.Stateless; +import javax.naming.CompositeName; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.NamingException; @@ -322,14 +323,10 @@ public class LdapGroupManagerBean implements LdapGroupManagerLocal { try { userDN = si.getNameInNamespace(); } catch (UnsupportedOperationException use) { - userDN = si.getName(); - if (userDN.startsWith("\"")) { - userDN = userDN.substring(1, userDN.length()); + userDN = new CompositeName(si.getName()).get(0); + if (si.isRelative()) { + userDN += "," + baseDNs[x]; } - if (userDN.endsWith("\"")) { - userDN = userDN.substring(0, userDN.length() - 1); - } - userDN = userDN + "," + baseDNs[x]; } userDetails.put("dn", userDN); diff --git a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java index dad31ce..2ae6265 100644 --- a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java +++ b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java @@ -99,7 +99,6 @@ public class FakeLdapContext implements LdapContext { try { return new FakeNamingEnumeration<SearchResult>(ldapTestData.getSearchResults(attributes)); } catch (Exception e) { - // TODO Auto-generated catch block e.printStackTrace(); return null; } @@ -516,12 +515,12 @@ public class FakeLdapContext implements LdapContext { attr = new BasicAttribute("member"); attr.add("cn=Robert Smith,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Cannon\\, Brett,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); - attr.add("cn=Charles H\\\\Samlin,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); + attr.add("cn=Charles H\\Samlin,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Craig \\#1 Sellers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Beverly \\+1 Balanger,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Bethany \\<Stuart\\> Wallace,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Zachory S\\; Balanger,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); - attr.add("cn=Allen \\\"The Hammer\\\" Callen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); + attr.add("cn=Allen \"The Hammer\" Callen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Sam Not \\= Smitherson,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=\\ Billy The Kiddough\\ ,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=System/Integration API,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); @@ -557,12 +556,12 @@ public class FakeLdapContext implements LdapContext { attr = new BasicAttribute("member"); attr.add("cn=John Smith,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Dr. Greg Hause\\, MD,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); - attr.add("cn=Cindy\\\\Cynthia Groober,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); + attr.add("cn=Cindy\\Cynthia Groober,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Biff \\# Rogers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Steven \\+2 Reed,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Lisa \\<The Great\\> Toller,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Homer J Simpsonite\\; III,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); - attr.add("cn=Jessica \\\"Crouching Tiger\\\" Mathers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); + attr.add("cn=Jessica \"Crouching Tiger\" Mathers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Hope \\= Rein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=\\ Sue Ferguson\\ ,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Phil/Susan Carlson,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); @@ -598,12 +597,12 @@ public class FakeLdapContext implements LdapContext { attr = new BasicAttribute("member"); attr.add("cn=Sheri Smith,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Walsh\\, Brad,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); - attr.add("cn=Jim\\\\James Kirk,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); + attr.add("cn=Jim\\James Kirk,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Sandra \\# Phillips,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=William Tell Overture \\+1,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Craig \\<Bison\\> Allen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Walter T Fredrick\\; The Second,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); - attr.add("cn=Stanley \\\"Short\\\" Mein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); + attr.add("cn=Stanley \"Short\" Mein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Noah \\= Sadler,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=\\ Stuart Smiley\\ ,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=System/Integration API 2,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); @@ -984,7 +983,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with backslash (\\) in 'cn' in the RHQ Admin Group"); attrs.put(attr); - sr = new SearchResult("cn=Charles H\\\\Samlin,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=Charles H\\Samlin,ou=users", null, null, attrs, true); this.add(sr); // dn: cn=Cindy\\Cynthia Groober,ou=users,dc=test,dc=rhq,dc=redhat,dc=com @@ -1033,7 +1032,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with backslash (\\) in 'cn' in the JBoss Admin Group"); attrs.put(attr); - sr = new SearchResult("cn=Cindy\\\\Cynthia Groober,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=Cindy\\Cynthia Groober,ou=users", null, null, attrs, true); this.add(sr); // dn: cn=Jim\\James Kirk,ou=users,dc=test,dc=rhq,dc=redhat,dc=com @@ -1082,7 +1081,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with backslash (\\) in 'cn' in the JBoss Monitor Group"); attrs.put(attr); - sr = new SearchResult("cn=Jim\\\\James Kirk,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=Jim\\James Kirk,ou=users", null, null, attrs, true); this.add(sr); // dn: cn=Craig \#1 Sellers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com @@ -1675,7 +1674,7 @@ public class FakeLdapContext implements LdapContext { null, attrs, true); this.add(sr); - // dn: cn=Allen \"The Hammer\" Callen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com + // dn: cn=Allen "The Hammer" Callen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com attrs = new BasicAttributes(); attr = new BasicAttribute("baseName"); @@ -1721,11 +1720,11 @@ public class FakeLdapContext implements LdapContext { attr.add("User with quote (\") in 'cn' in the RHQ Admin Group"); attrs.put(attr); - sr = new SearchResult("cn=Allen \\\"The Hammer\\\" Callen,ou=users", "javax.naming.directory.DirContext", + sr = new SearchResult("cn=Allen \"The Hammer\" Callen,ou=users", "javax.naming.directory.DirContext", null, attrs, true); this.add(sr); - // dn: cn=Jessica \"Crouching Tiger\" Mathers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com + // dn: cn=Jessica "Crouching Tiger" Mathers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com attrs = new BasicAttributes(); attr = new BasicAttribute("baseName"); @@ -1771,11 +1770,11 @@ public class FakeLdapContext implements LdapContext { attr.add("User with quote (\") in 'cn' in the JBoss Admin Group"); attrs.put(attr); - sr = new SearchResult("cn=Jessica \\\"Crouching Tiger\\\" Mathers,ou=users", + sr = new SearchResult("cn=Jessica \"Crouching Tiger\" Mathers,ou=users", "javax.naming.directory.DirContext", null, attrs, true); this.add(sr); - // dn: cn=Stanley \"Short\" Mein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com + // dn: cn=Stanley "Short" Mein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com attrs = new BasicAttributes(); attr = new BasicAttribute("baseName"); @@ -1821,7 +1820,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with quote (\") in 'cn' in the JBoss Monitor Group"); attrs.put(attr); - sr = new SearchResult("cn=Stanley \\\"Short\\\" Mein,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=Stanley \"Short\" Mein,ou=users", null, null, attrs, true); this.add(sr); // dn: cn=Sam Not \= Smitherson,ou=users,dc=test,dc=rhq,dc=redhat,dc=com @@ -2160,7 +2159,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with slash (/) in 'cn' in the RHQ Admin Group"); attrs.put(attr); - sr = new SearchResult("cn=System/Integration API,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=System\\/Integration API,ou=users", null, null, attrs, true); this.add(sr); // dn: cn=Phil/Susan Carlson,ou=users,dc=test,dc=rhq,dc=redhat,dc=com @@ -2209,7 +2208,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with slash (/) in 'cn' in the JBoss Admin Group"); attrs.put(attr); - sr = new SearchResult("cn=Phil/Susan Carlson,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=Phil\\/Susan Carlson,ou=users", null, null, attrs, true); this.add(sr); // dn: cn=System/Integration API 2,ou=users,dc=test,dc=rhq,dc=redhat,dc=com @@ -2254,7 +2253,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with slash (/) in 'cn' in the JBoss Monitor Group"); attrs.put(attr); - sr = new SearchResult("cn=System/Integration API 2,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=System\\/Integration API 2,ou=users", null, null, attrs, true); this.add(sr); // dn: cn=Lee -Fast- Croutche,ou=users,dc=test,dc=rhq,dc=redhat,dc=com

10 years, 10 months

1
0
0 / 0

[rhq] modules/enterprise

by Thomas Segismont

modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/factory/ResourceFactoryInfoStep.java | 16 ++++++++-- modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties | 1 modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_cs.properties | 1 modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_de.properties | 1 modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ja.properties | 1 modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ko.properties | 1 modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_pt.properties | 1 modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ru.properties | 1 modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_zh.properties | 3 + modules/enterprise/gui/coregui/src/main/webapp/CoreGUI.css | 4 ++ 10 files changed, 26 insertions(+), 4 deletions(-) New commits: commit 0d9fb46045b844ef4f2a4c921fbe461c37c09c4e Author: Thomas Segismont <tsegismo(a)redhat.com> Date: Fri Jul 26 14:50:07 2013 +0200 Bug 886119 - JON is using JNDI when referring to child Datasource resource instead of specified Resource name Added message in the first step of the resource creation wizard to indicate that some plugin implementations might not be able to give the resource the supplied name when it gets discovered. diff --git a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/factory/ResourceFactoryInfoStep.java b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/factory/ResourceFactoryInfoStep.java index 31dc10d..89b6e30 100644 --- a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/factory/ResourceFactoryInfoStep.java +++ b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/factory/ResourceFactoryInfoStep.java @@ -1,6 +1,6 @@ /* * RHQ Management Platform - * Copyright (C) 2005-2010 Red Hat, Inc. + * Copyright (C) 2005-2013 Red Hat, Inc. * All rights reserved. * * This program is free software; you can redistribute it and/or modify @@ -13,11 +13,13 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ package org.rhq.enterprise.gui.coregui.client.inventory.resource.factory; +import static java.lang.Boolean.FALSE; + import java.util.ArrayList; import java.util.LinkedHashMap; import java.util.List; @@ -30,6 +32,7 @@ import com.smartgwt.client.widgets.Canvas; import com.smartgwt.client.widgets.form.DynamicForm; import com.smartgwt.client.widgets.form.fields.FormItem; import com.smartgwt.client.widgets.form.fields.SelectItem; +import com.smartgwt.client.widgets.form.fields.StaticTextItem; import com.smartgwt.client.widgets.form.fields.TextItem; import com.smartgwt.client.widgets.form.fields.events.ChangedEvent; import com.smartgwt.client.widgets.form.fields.events.ChangedHandler; @@ -99,6 +102,13 @@ public class ResourceFactoryInfoStep extends AbstractWizardStep { } }); formItems.add(nameItem); + + StaticTextItem commentItem = new StaticTextItem("resourceNameComment"); + commentItem.setWidth(300); + commentItem.setTextBoxStyle("InlineInfo"); + commentItem.setShowTitle(FALSE); + commentItem.setValue(MSG.widget_resourceFactoryWizard_nameComment()); + formItems.add(commentItem); } if (null != versionPrompt) { diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties index 7f2e7d4..58d0f8e 100644 --- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties +++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties @@ -2232,6 +2232,7 @@ widget_resourceFactoryWizard_importWizardWindowTitle = Resource Import Wizard widget_resourceFactoryWizard_infoStepName = Resource Information widget_resourceFactoryWizard_infoStep_loadFail = Failed to get available Architectures widget_resourceFactoryWizard_namePrompt = New Resource Name +widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered. widget_resourceFactoryWizard_templatePrompt = Connection Settings Template widget_resourceFactoryWizard_timeoutFailure = Timed out widget_resourceFactoryWizard_timeoutHelp = A timeout duration that if specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. A higher value may be useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. Note that if there is a timeout failure, it is still possible that the resource deployment succeeded. In the event of a timeout you may want to execute a discovery scan before attempting to redeploy the resource. diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_cs.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_cs.properties index 941eb60..91b959e 100644 --- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_cs.properties +++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_cs.properties @@ -2242,6 +2242,7 @@ widget_resourceFactoryWizard_importWizardWindowTitle = Průvodce importu zdroje widget_resourceFactoryWizard_infoStepName = Informace o zdroji widget_resourceFactoryWizard_infoStep_loadFail = Nepodařilo se získat dostupné architektury widget_resourceFactoryWizard_namePrompt = Nové jméno zdroje +#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered. widget_resourceFactoryWizard_templatePrompt = Šablona pro nastavení připojení ##widget_resourceFactoryWizard_timeoutFailure = Timed out ##widget_resourceFactoryWizard_timeoutHelp = A timeout duration that if specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. A higher value may be useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. Note that if there is a timeout failure, it is still possible that the resource deployment succeeded. In the event of a timeout you may want to execute a discovery scan before attempting to redeploy the resource. diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_de.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_de.properties index e30a19e..cf68680 100644 --- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_de.properties +++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_de.properties @@ -2067,6 +2067,7 @@ widget_resourceFactoryWizard_importWizardWindowTitle = Wizard zum Import von Res widget_resourceFactoryWizard_infoStepName = Information über die Ressource widget_resourceFactoryWizard_infoStep_loadFail = Konnte die verfügbaren Architekturen nicht ermitteln widget_resourceFactoryWizard_namePrompt = Name der neuen Ressource +#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered. widget_resourceFactoryWizard_templatePrompt = Vorlage für die Verbindungseinstellungen ##widget_resourceFactoryWizard_timeoutHelp = A timeout duration that if specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. A higher value may be useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. Note that if there is a timeout failure, it is still possible that the resource deployment succeeded. In the event of a timeout you may want to execute a discovery scan before attempting to redeploy the resource. widget_resourceFactoryWizard_uploadFailure = Konnte die Datei nicht hochladen diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ja.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ja.properties index bed024b..abe264e 100644 --- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ja.properties +++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ja.properties @@ -2213,6 +2213,7 @@ widget_resourceFactoryWizard_importWizardWindowTitle = リソースインポー widget_resourceFactoryWizard_infoStepName = リソース情報 widget_resourceFactoryWizard_infoStep_loadFail = アーキテクチャーを利用可能にするのに失敗しました widget_resourceFactoryWizard_namePrompt = 新規リソース名 +#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered. widget_resourceFactoryWizard_templatePrompt = コネクション設定テンプレート ###widget_resourceFactoryWizard_timeoutFailure = Timed out ##widget_resourceFactoryWizard_timeoutHelp = A timeout duration that if specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. A higher value may be useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. Note that if there is a timeout failure, it is still possible that the resource deployment succeeded. In the event of a timeout you may want to execute a discovery scan before attempting to redeploy the resource. diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ko.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ko.properties index 416f4b4..c9081f8 100644 --- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ko.properties +++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ko.properties @@ -1822,6 +1822,7 @@ widget_resourceFactoryWizard_importFailure2 = 수동으로 리소스를 가져 widget_resourceFactoryWizard_importWizardWindowTitle = 리소스 가져오기 마법사 widget_resourceFactoryWizard_infoStepName = 리소스 정보 widget_resourceFactoryWizard_namePrompt = 새 리소스 이름 +#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered. widget_resourceFactoryWizard_timeoutFailure = 타임 아웃 widget_resourceFactoryWizard_versionPrompt = 패키지 버전 widget_resourceSelector_pleaseSelectMultipleResource = 하나 이상의 리소스를 선택하십시오 diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_pt.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_pt.properties index 47cac36..566dcf9 100644 --- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_pt.properties +++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_pt.properties @@ -2328,6 +2328,7 @@ widget_resourceFactoryWizard_importWizardWindowTitle = Assistente para Importa\u widget_resourceFactoryWizard_infoStepName = Informa\u00E7\u00E3o do Recurso widget_resourceFactoryWizard_infoStep_loadFail = Falha ao recuperar Arquiteturas dispon\u00EDveis. widget_resourceFactoryWizard_namePrompt = Novo Nome do Recurso +#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered. widget_resourceFactoryWizard_templatePrompt = Modelo de Propriedades para Conex\u00E3o ##widget_resourceFactoryWizard_timeoutFailure = Timed out ##widget_resourceFactoryWizard_timeoutHelp = A timeout duration that if specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. A higher value may be useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. Note that if there is a timeout failure, it is still possible that the resource deployment succeeded. In the event of a timeout you may want to execute a discovery scan before attempting to redeploy the resource. diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ru.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ru.properties index 99f34f9..b6f53b1 100644 --- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ru.properties +++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ru.properties @@ -2154,6 +2154,7 @@ #widget_resourceFactoryWizard_infoStepName = Resource Information #widget_resourceFactoryWizard_infoStep_loadFail = Failed to get available Architectures #widget_resourceFactoryWizard_namePrompt = New Resource Name +#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered. #widget_resourceFactoryWizard_templatePrompt = Connection Settings Template #widget_resourceFactoryWizard_timeoutHelp = A timeout duration. If specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. Useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. #widget_resourceFactoryWizard_timeoutFailure = Timed out. Note that it is possible that the deployment may still succeed. diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_zh.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_zh.properties index 69ca0f6..2ea7f25 100644 --- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_zh.properties +++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_zh.properties @@ -2211,7 +2211,8 @@ widget_resourceFactoryWizard_importWizardWindowTitle = \u5bfc\u5165\u8d44\u6e90\ widget_resourceFactoryWizard_infoStepName = \u8d44\u6e90\u6d88\u606f widget_resourceFactoryWizard_infoStep_loadFail = \u65e0\u6cd5\u53d6\u5f97\u67b6\u6784 widget_resourceFactoryWizard_namePrompt = \u65b0\u8d44\u6e90\u540d -widget_resourceFactoryWizard_templatePrompt = \u8fde\u63a5\u8bbe\u7f6e\u6a21\u677f +#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered. +#widget_resourceFactoryWizard_templatePrompt = \u8fde\u63a5\u8bbe\u7f6e\u6a21\u677f #widget_resourceFactoryWizard_timeoutHelp = A timeout duration that if specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. A higher value may be useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. Note that if there is a timeout failure, it is still possible that the resource deployment succeeded. In the event of a timeout you may want to execute a discovery scan before attempting to redeploy the resource. #widget_resourceFactoryWizard_timeoutFailure = Timed out widget_resourceFactoryWizard_uploadFailure = \u4e0a\u4f20\u6587\u4ef6\u5931\u8d25 diff --git a/modules/enterprise/gui/coregui/src/main/webapp/CoreGUI.css b/modules/enterprise/gui/coregui/src/main/webapp/CoreGUI.css index 6f4d6ca..393ffb4 100644 --- a/modules/enterprise/gui/coregui/src/main/webapp/CoreGUI.css +++ b/modules/enterprise/gui/coregui/src/main/webapp/CoreGUI.css @@ -372,6 +372,10 @@ a.menuBar, a.menuBar:link, a.menuBar:visited, a.menuBar:hover { color: #C22; } +.InlineInfo { + color: #00AC3D; /* medium green */ +} + .log-panel { z-index: 9999999 !important; }

10 years, 10 months

1
0
0 / 0

[rhq] modules/plugins

by Thomas Segismont

modules/plugins/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/BaseProcessDiscovery.java | 64 +++++++--- 1 file changed, 50 insertions(+), 14 deletions(-) New commits: commit 917414abdf9bbe8e34844a3c92e491cd6f1711a4 Author: Thomas Segismont <tsegismo(a)redhat.com> Date: Fri Jul 26 19:29:31 2013 +0200 Bug 913764 - [as7] Version identifier of EAP resource changes depending on run state of EAP The version was determined with a call to the http management interface. Now it's all based on file inspection diff --git a/modules/plugins/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/BaseProcessDiscovery.java b/modules/plugins/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/BaseProcessDiscovery.java index cd9f276..876b1ac 100644 --- a/modules/plugins/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/BaseProcessDiscovery.java +++ b/modules/plugins/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/BaseProcessDiscovery.java @@ -18,6 +18,9 @@ */ package org.rhq.modules.plugins.jbossas7; +import static org.rhq.core.util.StringUtil.arrayToString; +import static org.rhq.core.util.StringUtil.isNotBlank; + import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -212,20 +215,7 @@ public abstract class BaseProcessDiscovery implements ResourceDiscoveryComponent HostPort hostPort = hostConfig.getDomainControllerHostPort(commandLine); String name = buildDefaultResourceName(hostPort, managementHostPort, productType); String description = buildDefaultResourceDescription(hostPort, productType); - - String version; - String versionFromHomeDir = determineServerVersionFromHomeDir(homeDir); - if (productType == JBossProductType.AS) { - version = versionFromHomeDir; - } else { - ProductInfo productInfo = new ProductInfo(managementHostPort.host, serverPluginConfig.getUser(), - serverPluginConfig.getPassword(), managementHostPort.port); - productInfo = productInfo.getFromRemote(); - String productVersion = (productInfo.fromRemote) ? productInfo.productVersion : versionFromHomeDir; - // TODO: Grab the product version from the product info properties file, so we aren't relying on connecting - // to the server to obtain it. - version = productType.SHORT_NAME + " " + productVersion; - } + String version = getVersion(homeDir, productType); return new DiscoveredResourceDetails(discoveryContext.getResourceType(), key, name, version, description, pluginConfig, process); @@ -605,6 +595,52 @@ public abstract class BaseProcessDiscovery implements ResourceDiscoveryComponent } } + private String getVersion(File homeDir, JBossProductType productType) { + // Products should have a version.txt file at root dir + File versionFile = new File(homeDir, "version.txt"); + String version = getProductVersionInFile(versionFile, " - Version ", productType); + if (version == null && productType != JBossProductType.AS && productType != JBossProductType.WILDFLY8) { + // No version.txt file. Try modules/system/layers/base/org/jboss/as/product/slot/dir/META-INF/MANIFEST.MF + String layeredProductManifestFilePath = arrayToString( + new String[] { "modules", "system", "layers", "base", "org", "jboss", "as", "product", + productType.SHORT_NAME.toLowerCase(), "dir", "META-INF", "MANIFEST.MF" }, File.separatorChar); + File productManifest = new File(homeDir, layeredProductManifestFilePath); + version = getProductVersionInFile(productManifest, "JBoss-Product-Release-Version: ", productType); + if (version == null) { + // Try modules/org/jboss/as/product/slot/dir/META-INF/MANIFEST.MF + String productManifestFilePath = arrayToString(new String[] { "modules", "org", "jboss", "as", + "product", productType.SHORT_NAME.toLowerCase(), "dir", "META-INF", "MANIFEST.MF" }, + File.separatorChar); + productManifest = new File(homeDir, productManifestFilePath); + version = getProductVersionInFile(productManifest, "JBoss-Product-Release-Version: ", productType); + } + } + if (version == null) { + // Fallback + version = determineServerVersionFromHomeDir(homeDir); + } + return version; + } + + private String getProductVersionInFile(File file, String versionPrefix, JBossProductType productType) { + if (!file.exists() || file.isDirectory()) { + return null; + } + try { + String versionLine = FileUtils.findString(file.getAbsolutePath(), versionPrefix); + if (isNotBlank(versionLine)) { + return new StringBuilder(productType.SHORT_NAME).append(" ") + .append(versionLine.substring(versionLine.lastIndexOf(versionPrefix) + versionPrefix.length())) + .toString(); + } + } catch (IOException e) { + if (log.isDebugEnabled()) { + log.debug("Could not read file " + file.getAbsolutePath(), e); + } + } + return null; + } + protected String determineServerVersionFromHomeDir(File homeDir) { String version; String homeDirName = homeDir.getName();

10 years, 10 months

1
0
0 / 0

[rhq] modules/enterprise

by snegrea

modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) New commits: commit b93245a5c4087a12666baf394af64930d34acb99 Author: Stefan Negrea <snegrea(a)redhat.com> Date: Fri Aug 2 18:15:28 2013 -0500 Remove dampening from the alert definition. Dampening not needed for discreet operation executions. diff --git a/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java b/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java index 2188020..840477c 100644 --- a/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java +++ b/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java @@ -386,10 +386,7 @@ public class AlertDefinitionServerPluginComponent implements ServerPluginCompone snapshotFailureCondition.setOption(OperationRequestStatus.FAILURE.name()); newTemplate.addCondition(snapshotFailureCondition); - AlertDampening dampener = new AlertDampening(AlertDampening.Category.PARTIAL_COUNT); - dampener.setPeriod(15); - dampener.setPeriodUnits(TimeUnits.MINUTES); - dampener.setValue(10); + AlertDampening dampener = new AlertDampening(AlertDampening.Category.NONE); newTemplate.setAlertDampening(dampener); int newTemplateId = alertTemplateManager.createAlertTemplate(subjectManager.getOverlord(), newTemplate,

10 years, 10 months

1
0
0 / 0

[rhq] modules/enterprise

by snegrea

modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) New commits: commit f0ed14645f583dfa58cc8581b4ea847a8e8c032d Author: Stefan Negrea <snegrea(a)redhat.com> Date: Fri Aug 2 16:59:09 2013 -0500 [BZ 990245] Add an extra null check for safety for the child resource set. diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java index c119df0..f17f006 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java @@ -34,6 +34,7 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Queue; +import java.util.Set; import javax.ejb.EJB; import javax.ejb.Stateless; @@ -686,8 +687,11 @@ public class StorageNodeManagerBean implements StorageNodeManagerLocal, StorageN resourceIdsWithAlertDefinitions.add(resource.getId()); } - for (Resource child : resource.getChildResources()) { - unvisitedResources.add(child); + Set<Resource> childResources = resource.getChildResources(); + if (childResources != null) { + for (Resource child : childResources) { + unvisitedResources.add(child); + } } }

10 years, 10 months

1
0
0 / 0

[rhq] 2 commits - modules/enterprise

by snegrea

modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java | 9 +- modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java | 42 ++++++++++ 2 files changed, 49 insertions(+), 2 deletions(-) New commits: commit 7c3460d3aa21ca871c3676a84b482230d7d298e8 Author: Stefan Negrea <snegrea(a)redhat.com> Date: Fri Aug 2 16:54:15 2013 -0500 Add an alert template for take snapshot operation failure for the storage service. diff --git a/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java b/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java index 37d10a8..2188020 100644 --- a/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java +++ b/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java @@ -40,6 +40,7 @@ import org.rhq.core.domain.configuration.PropertySimple; import org.rhq.core.domain.criteria.AlertDefinitionCriteria; import org.rhq.core.domain.criteria.ResourceTypeCriteria; import org.rhq.core.domain.measurement.MeasurementDefinition; +import org.rhq.core.domain.operation.OperationRequestStatus; import org.rhq.core.domain.resource.ResourceType; import org.rhq.enterprise.server.alert.AlertDefinitionManagerLocal; import org.rhq.enterprise.server.alert.AlertTemplateManagerLocal; @@ -64,10 +65,12 @@ public class AlertDefinitionServerPluginComponent implements ServerPluginCompone private static final String DATA_DISK_USED_PERCENTAGE_METRIC_NAME = "Calculated.DataDiskUsedPercentage"; private static final String TOTAL_DISK_USED_PERCENTAGE_METRIC_NAME = "Calculated.TotalDiskUsedPercentage"; private static final String FREE_DISK_TO_DATA_SIZE_RATIO_METRIC_NAME = "Calculated.FreeDiskToDataSizeRatio"; + private static final String TAKE_SNAPSHOT_OPERATION_NAME = "takeSnapshot"; static private final List<InjectedTemplate> injectedTemplates; static private final InjectedTemplate storageNodeHighHeapTemplate; static private final InjectedTemplate storageNodeHighDiskUsageTemplate; + static private final InjectedTemplate storageNodeSnapshotFailureTemplate; static { storageNodeHighHeapTemplate = new InjectedTemplate( @@ -82,9 +85,16 @@ public class AlertDefinitionServerPluginComponent implements ServerPluginCompone "StorageNodeHighDiskUsageTemplate", // "An alert template to notify users of excessive heap use by an RHQ Storage Node. When fired please see documentation for the proper corrective action."); + storageNodeSnapshotFailureTemplate = new InjectedTemplate( + "RHQStorage", // + "StorageService", // + "StorageNodeSnapshotFailureTemplate", // + "An alert template to notify users when a snapshot operations fails for an RHQ Storage Node. When fired please see documentation for the proper corrective action."); + injectedTemplates = new ArrayList<InjectedTemplate>(); injectedTemplates.add(storageNodeHighHeapTemplate); injectedTemplates.add(storageNodeHighDiskUsageTemplate); + injectedTemplates.add(storageNodeSnapshotFailureTemplate); } private ServerPluginContext context; @@ -227,6 +237,8 @@ public class AlertDefinitionServerPluginComponent implements ServerPluginCompone newAlertDefId = injectStorageNodeHighHeapTemplate(resourceType); } else if (storageNodeHighDiskUsageTemplate.equals(injectedAlertDef)) { newAlertDefId = injectStorageNodeHighDiskUsageTemplate(resourceType); + } else if (storageNodeSnapshotFailureTemplate.equals(injectedAlertDef)) { + newAlertDefId = injectStorageNodeSnapshotFailureTemplate(resourceType); } adc.addFilterId(newAlertDefId); @@ -356,6 +368,36 @@ public class AlertDefinitionServerPluginComponent implements ServerPluginCompone return newTemplateId; } + private int injectStorageNodeSnapshotFailureTemplate(ResourceType resourceType) { + AlertTemplateManagerLocal alertTemplateManager = LookupUtil.getAlertTemplateManager(); + SubjectManagerLocal subjectManager = LookupUtil.getSubjectManager(); + + AlertDefinition newTemplate = new AlertDefinition(); + newTemplate.setName(storageNodeSnapshotFailureTemplate.getName()); + newTemplate.setResourceType(resourceType); + newTemplate.setPriority(AlertPriority.MEDIUM); + newTemplate.setConditionExpression(BooleanExpression.ANY); + newTemplate.setRecoveryId(0); + newTemplate.setEnabled(true); + + AlertCondition snapshotFailureCondition = new AlertCondition(); + snapshotFailureCondition.setCategory(AlertConditionCategory.CONTROL); + snapshotFailureCondition.setName(TAKE_SNAPSHOT_OPERATION_NAME); + snapshotFailureCondition.setOption(OperationRequestStatus.FAILURE.name()); + newTemplate.addCondition(snapshotFailureCondition); + + AlertDampening dampener = new AlertDampening(AlertDampening.Category.PARTIAL_COUNT); + dampener.setPeriod(15); + dampener.setPeriodUnits(TimeUnits.MINUTES); + dampener.setValue(10); + newTemplate.setAlertDampening(dampener); + + int newTemplateId = alertTemplateManager.createAlertTemplate(subjectManager.getOverlord(), newTemplate, + resourceType.getId()); + + return newTemplateId; + } + private static class InjectedTemplate { static public final String FIELD_PLUGIN_NAME = "plugin"; static public final String FIELD_RESOURCE_TYPE_NAME = "type"; commit 431f35d8ed804bc4e6ffce8fb2612985087d1958 Author: Stefan Negrea <snegrea(a)redhat.com> Date: Thu Aug 1 17:28:44 2013 -0500 [BZ 990245] Use an attached storage node entity rather than the detached one recieved from the remote interface. diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java index 34e5ebd..c119df0 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java @@ -660,11 +660,16 @@ public class StorageNodeManagerBean implements StorageNodeManagerLocal, StorageN @Override public Integer[] findResourcesWithAlertDefinitions(StorageNode storageNode) { - List<StorageNode> initialStorageNodes; + List<StorageNode> initialStorageNodes = getStorageNodes(); if (storageNode == null) { initialStorageNodes = getStorageNodes(); } else { - initialStorageNodes = Arrays.asList(storageNode); + int index = initialStorageNodes.indexOf(storageNode); + if (index >= 0) { + initialStorageNodes = Arrays.asList(initialStorageNodes.get(index)); + } else { + initialStorageNodes = new ArrayList<StorageNode>(); + } } Queue<Resource> unvisitedResources = new LinkedList<Resource>();

10 years, 10 months

1
0
0 / 0

[rhq] Branch 'feature/bundle-group' - modules/core modules/enterprise

by Jay Shaughnessy

modules/core/dbutils/pom.xml | 9 modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleCriteria.java | 17 modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleGroupCriteria.java | 21 modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java | 292 +++++++++- modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/util/SessionTestHelper.java | 13 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java | 149 +++++ modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java | 98 --- modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerRemote.java | 24 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java | 28 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java | 18 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/util/CriteriaQueryGenerator.java | 37 - 11 files changed, 538 insertions(+), 168 deletions(-) New commits: commit 4d624b061398b84782c970bf5da587ea81ef0f7d Author: Jay Shaughnessy <jshaughn(a)redhat.com> Date: Fri Aug 2 15:25:52 2013 -0400 First authz test passing - fixed testing approach to use all slsbs and proper non-super-subject - fixed criteria bundle/bundleGroup auth token issues - fixed criteria filter override issues - fixed various bugs and added more supporting slsb methods - added some authz to bundle manager local methods where it seemed needed/useful - cleaned up RoleManagerLocal to extend the remote diff --git a/modules/core/dbutils/pom.xml b/modules/core/dbutils/pom.xml index d7e2d65..360fdbc 100644 --- a/modules/core/dbutils/pom.xml +++ b/modules/core/dbutils/pom.xml @@ -17,7 +17,7 @@ <description>Database schema setup, upgrade and other utilities</description> <properties> - <db.schema.version>2.134</db.schema.version> + <db.schema.version>2.135</db.schema.version> <rhq.ds.type-mapping>${rhq.test.ds.type-mapping}</rhq.ds.type-mapping> <rhq.ds.server-name>${rhq.test.ds.server-name}</rhq.ds.server-name> <rhq.ds.db-name>${rhq.test.ds.db-name}</rhq.ds.db-name> @@ -276,7 +276,7 @@ <script language="groovy"> import org.rhq.cassandra.schema.SchemaManager - if (project.getProperty('dbsetup-upgrade') || project.getProperty('dbreset')) { + if (project.getProperty('dbsetup-upgrade') || project.getProperty('dbsetup')) { if (project.getProperty('storage-schema')) { if (project.getProperty('db') == 'dev') { self.log('PERFORMING STORAGE NODE SETUP TO LATEST SCHEMA') @@ -286,11 +286,6 @@ schemaManager = new SchemaManager(username, password, seeds) - if (project.getProperty('dbreset') == 'true') { - self.log('Dropping schema') - schemaManager.drop() - } - self.log('Install schema') schemaManager.install() } else { diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleCriteria.java b/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleCriteria.java index 32f2f9d..2e34174 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleCriteria.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleCriteria.java @@ -26,6 +26,7 @@ import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlRootElement; import org.rhq.core.domain.bundle.Bundle; +import org.rhq.core.domain.util.CriteriaUtils; import org.rhq.core.domain.util.PageOrdering; /** @@ -64,8 +65,9 @@ public class BundleCriteria extends TaggedCriteria { filterOverrides.put("bundleTypeId", "bundleType.id = ?"); filterOverrides.put("bundleTypeName", "bundleType.name like ?"); filterOverrides.put("bundleGroupIds", "" // - + "id IN ( SELECT bg.bundle.id " // - + " FROM BundleGroup bg " // + + "id IN ( SELECT innerbundle.id " // + + " FROM Bundle innerbundle " // + + " JOIN innerbundle.bundleGroups bg" + " WHERE bg.id IN ( ? ) )"); filterOverrides.put("destinationIds", "" // + "id IN ( SELECT bd.bundle.id " // @@ -103,15 +105,8 @@ public class BundleCriteria extends TaggedCriteria { this.filterDescription = filterDescription; } - /** Convenience routine calls addFilterBundleGroupIds */ - public void addFilterBundleGroupId(Integer filterBundleGroupId) { - List<Integer> ids = new ArrayList<Integer>(1); - ids.add(filterBundleGroupId); - this.addFilterBundleGroupIds(ids); - } - - public void addFilterBundleGroupIds(List<Integer> filterBundleGroupIds) { - this.filterBundleGroupIds = filterBundleGroupIds; + public void addFilterBundleGroupIds(Integer... filterBundleGroupIds) { + this.filterBundleGroupIds = CriteriaUtils.getListIgnoringNulls(filterBundleGroupIds); } /** Convenience routine calls addFilterDestinationIds */ diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleGroupCriteria.java b/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleGroupCriteria.java index 88886d7..69ceea4 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleGroupCriteria.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleGroupCriteria.java @@ -18,7 +18,6 @@ */ package org.rhq.core.domain.criteria; -import java.util.ArrayList; import java.util.List; import javax.xml.bind.annotation.XmlAccessType; @@ -26,6 +25,7 @@ import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlRootElement; import org.rhq.core.domain.bundle.BundleGroup; +import org.rhq.core.domain.util.CriteriaUtils; import org.rhq.core.domain.util.PageOrdering; /** @@ -39,9 +39,7 @@ public class BundleGroupCriteria extends Criteria { private String filterName; private String filterDescription; - private Integer filterBundleId; private List<Integer> filterBundleIds; // requires overrides - private Integer filterRoleId; private List<Integer> filterRoleIds; // requires overrides private boolean fetchBundles; @@ -52,12 +50,14 @@ public class BundleGroupCriteria extends Criteria { public BundleGroupCriteria() { filterOverrides.put("bundleIds", "" // - + "id IN ( SELECT b.id " // + + "id IN ( SELECT bg.id " // + " FROM Bundle b " // + + " JOIN b.bundleGroups bg" + " WHERE b.id IN ( ? ) )"); filterOverrides.put("roleIds", "" // - + "id IN ( SELECT r.id " // + + "id IN ( SELECT bg.id " // + " FROM Role r " // + + " JOIN r.bundleGroups bg" + " WHERE r.id IN ( ? ) )"); } @@ -74,15 +74,12 @@ public class BundleGroupCriteria extends Criteria { this.filterDescription = filterDescription; } - /** Convenience routine calls addFilterBundleVersionIds */ - public void addFilterBundleId(Integer filterBundleId) { - List<Integer> ids = new ArrayList<Integer>(1); - ids.add(filterBundleId); - this.addFilterBundleIds(ids); + public void addFilterBundleIds(Integer... filterBundleIds) { + this.filterBundleIds = CriteriaUtils.getListIgnoringNulls(filterBundleIds); } - public void addFilterBundleIds(List<Integer> filterBundleIds) { - this.filterBundleIds = filterBundleIds; + public void addFilterRoleIds(Integer... filterRoleIds) { + this.filterRoleIds = CriteriaUtils.getListIgnoringNulls(filterRoleIds); } public void fetchBundles(boolean fetchBundles) { diff --git a/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java b/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java index c4d9a79..117d2df 100644 --- a/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java +++ b/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java @@ -39,11 +39,14 @@ import org.hibernate.LazyInitializationException; import org.testng.annotations.Test; import org.rhq.core.domain.auth.Subject; +import org.rhq.core.domain.authz.Permission; +import org.rhq.core.domain.authz.Role; import org.rhq.core.domain.bundle.Bundle; import org.rhq.core.domain.bundle.BundleDeployment; import org.rhq.core.domain.bundle.BundleDeploymentStatus; import org.rhq.core.domain.bundle.BundleDestination; import org.rhq.core.domain.bundle.BundleFile; +import org.rhq.core.domain.bundle.BundleGroup; import org.rhq.core.domain.bundle.BundleResourceDeployment; import org.rhq.core.domain.bundle.BundleResourceDeploymentHistory; import org.rhq.core.domain.bundle.BundleType; @@ -65,8 +68,11 @@ import org.rhq.core.domain.content.Repo; import org.rhq.core.domain.criteria.BundleCriteria; import org.rhq.core.domain.criteria.BundleDeploymentCriteria; import org.rhq.core.domain.criteria.BundleFileCriteria; +import org.rhq.core.domain.criteria.BundleGroupCriteria; import org.rhq.core.domain.criteria.BundleResourceDeploymentCriteria; import org.rhq.core.domain.criteria.BundleVersionCriteria; +import org.rhq.core.domain.criteria.RoleCriteria; +import org.rhq.core.domain.criteria.SubjectCriteria; import org.rhq.core.domain.resource.Agent; import org.rhq.core.domain.resource.InventoryStatus; import org.rhq.core.domain.resource.Resource; @@ -78,6 +84,7 @@ import org.rhq.core.domain.util.PageOrdering; import org.rhq.core.util.file.FileUtil; import org.rhq.core.util.stream.StreamUtil; import org.rhq.core.util.updater.DeploymentProperties; +import org.rhq.enterprise.server.authz.PermissionException; import org.rhq.enterprise.server.plugin.pc.MasterServerPluginContainer; import org.rhq.enterprise.server.resource.ResourceManagerLocal; import org.rhq.enterprise.server.test.AbstractEJB3Test; @@ -98,10 +105,13 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { private static final boolean TESTS_ENABLED = true; - private static final String TEST_PREFIX = "bundletest"; + private static final String TEST_PREFIX = BundleManagerBeanTest.class.getSimpleName(); private static final String TEST_BUNDLE_DESTBASEDIR_PROP = TEST_PREFIX + ".destBaseDirProp"; private static final String TEST_BUNDLE_DESTBASEDIR_PROP_VALUE = TEST_PREFIX + "/destBaseDir"; + private static final String TEST_BUNDLE_GROUP_NAME = TEST_PREFIX + ".bundleGroup"; private static final String TEST_DESTBASEDIR_NAME = TEST_PREFIX + ".destBaseDirName"; + private static final String TEST_ROLE_NAME = TEST_PREFIX + ".role"; + private static final String TEST_USER_NAME = TEST_PREFIX + ".user"; private BundleManagerLocal bundleManager; private ResourceManagerLocal resourceManager; @@ -143,6 +153,21 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { private void cleanupDatabase() { try { + RoleCriteria roleCriteria = new RoleCriteria(); + roleCriteria.addFilterName(TEST_ROLE_NAME); + List<Role> testRoles = LookupUtil.getRoleManager().findRolesByCriteria(overlord, roleCriteria); + for (Role testRole : testRoles) { + LookupUtil.getRoleManager().deleteRoles(overlord, new int[] { testRole.getId() }); + } + + SubjectCriteria subjectCriteria = new SubjectCriteria(); + subjectCriteria.addFilterName(TEST_USER_NAME); + List<Subject> testSubjects = LookupUtil.getSubjectManager().findSubjectsByCriteria(overlord, + subjectCriteria); + for (Subject testSubject : testSubjects) { + LookupUtil.getSubjectManager().deleteSubjects(overlord, new int[] { testSubject.getId() }); + } + getTransactionManager().begin(); Query q; @@ -232,6 +257,13 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { em.remove(em.getReference(Repo.class, ((Repo) removeMe).getId())); } + // remove bundle groups no longer referenced by bundles + q = em.createQuery("SELECT bg FROM BundleGroup bg WHERE bg.name LIKE '" + TEST_PREFIX + "%'"); + doomed = q.getResultList(); + for (Object removeMe : doomed) { + em.remove(em.getReference(BundleGroup.class, ((BundleGroup) removeMe).getId())); + } + // remove Resource Groups left over from test deployments freeing up test resources q = em.createQuery("SELECT rg FROM ResourceGroup rg WHERE rg.name LIKE '" + TEST_PREFIX + "%'"); doomed = q.getResultList(); @@ -755,7 +787,7 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { public void testAddBundleFilesToDifferentBundles() throws Exception { // create a bundle type to use for both bundles. BundleType bt = createBundleType("one"); - Bundle b1 = createBundle("one", bt); + Bundle b1 = createBundle(overlord, "one", bt, 0); assertNotNull(b1); BundleVersion bv1 = createBundleVersion(b1.getName(), "1.0", b1); assertNotNull(bv1); @@ -763,7 +795,7 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { null, "Bundle #1 File # 1".getBytes()); // create a second bundle but create file of the same name as above - Bundle b2 = createBundle("two", bt); + Bundle b2 = createBundle(overlord, "two", bt, 0); assertNotNull(b2); BundleVersion bv2 = createBundleVersion(b2.getName(), "1.0", b2); assertNotNull(bv2); @@ -860,9 +892,10 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { int size = brd.getBundleResourceDeploymentHistories().size(); assertTrue(size > 0); String auditMessage = "BundleTest-Message"; - bundleManager.addBundleResourceDeploymentHistoryInNewTrans(overlord, brd.getId(), new BundleResourceDeploymentHistory( - overlord.getName(), auditMessage, auditMessage, BundleResourceDeploymentHistory.Category.DEPLOY_STEP, - BundleResourceDeploymentHistory.Status.SUCCESS, auditMessage, auditMessage)); + bundleManager.addBundleResourceDeploymentHistoryInNewTrans(overlord, brd.getId(), + new BundleResourceDeploymentHistory(overlord.getName(), auditMessage, auditMessage, + BundleResourceDeploymentHistory.Category.DEPLOY_STEP, BundleResourceDeploymentHistory.Status.SUCCESS, + auditMessage, auditMessage)); brds = bundleManager.findBundleResourceDeploymentsByCriteria(overlord, c); assertEquals(1, brds.size()); @@ -1284,31 +1317,253 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { assertEquals(1, bundles.size()); } - @Test(enabled = false) - public void testNoAuthz() throws Exception { - // create + @Test(enabled = TESTS_ENABLED) + public void authzBundleGroupTest() throws Exception { + Subject subject = null; + Role role = null; + + subject = createNewSubject(TEST_USER_NAME); + role = createNewRoleForSubject(subject, TEST_ROLE_NAME); + + subject = createSession(subject); // start a session so we can use this subject in SLSB calls + + // deny bundle group create + try { + bundleManager.createBundleGroup(subject, TEST_BUNDLE_GROUP_NAME, "test"); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + + // allow bundle group create + addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS); + BundleGroup bundleGroup = bundleManager.createBundleGroup(subject, TEST_BUNDLE_GROUP_NAME, "test"); + + // deny bundle group delete + removeRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS); + try { + bundleManager.deleteBundleGroups(subject, new int[] { bundleGroup.getId() }); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + + // deny global perm bundleGroup view + BundleGroupCriteria bgCriteria = new BundleGroupCriteria(); + List<BundleGroup> bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria); + assertNotNull(bundleGroups); + assert bundleGroups.isEmpty() : "Should not be able to see unassociated bundle group"; + + // allow global perm bundleGroup view + addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS); + bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria); + assertNotNull(bundleGroups); + assertEquals("Should be able to see unassociated bundle group", 1, bundleGroups.size()); + + // allow bundle group delete + bundleManager.deleteBundleGroups(subject, new int[] { bundleGroup.getId() }); + + // deny unassigned bundle create (no global create or view) + try { + createBundle(subject, TEST_PREFIX + ".bundle"); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + + // deny unassigned bundle create (no global view) + addRolePermissions(role, Permission.CREATE_BUNDLES); + try { + createBundle(subject, TEST_PREFIX + ".bundle"); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + + // deny unassigned bundle create (no global create) + removeRolePermissions(role, Permission.CREATE_BUNDLES); + addRolePermissions(role, Permission.VIEW_BUNDLES); + try { + createBundle(subject, TEST_PREFIX + ".bundle"); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + + // allow unassigned bundle create + addRolePermissions(role, Permission.CREATE_BUNDLES); + Bundle bundle = createBundle(subject, TEST_PREFIX + ".bundle"); + + // deny unassigned bundle view + removeRolePermissions(role, Permission.CREATE_BUNDLES, Permission.VIEW_BUNDLES); + BundleCriteria bCriteria = new BundleCriteria(); + List<Bundle> bundles = bundleManager.findBundlesByCriteria(subject, bCriteria); + assertNotNull(bundles); + assert bundles.isEmpty() : "Should not be able to see unassigned bundle"; + + // allow unassigned bundle view + addRolePermissions(role, Permission.VIEW_BUNDLES); + bundles = bundleManager.findBundlesByCriteria(subject, bCriteria); + assertNotNull(bundles); + assertEquals("Should be able to see unassigned bundle", 1, bundles.size()); + + // deny global perm bundle assign + bundleGroup = bundleManager.createBundleGroup(subject, TEST_BUNDLE_GROUP_NAME, "test"); + try { + bundleManager.assignBundlesToBundleGroup(subject, bundleGroup.getId(), new int[] { bundle.getId() }); + fail("Should have thrown PermissionException"); + } catch (PermissionException e) { + // expected + } + + // allow global perm bundle assign + addRolePermissions(role, Permission.CREATE_BUNDLES); + bundleManager.assignBundlesToBundleGroup(subject, bundleGroup.getId(), new int[] { bundle.getId() }); + + // deny assigned, unassociated-bundle-group bundle view + removeRolePermissions(role, Permission.CREATE_BUNDLES, Permission.VIEW_BUNDLES); + bundles = bundleManager.findBundlesByCriteria(subject, bCriteria); + assertNotNull(bundles); + assert bundles.isEmpty() : "Should not be able to see assigned bundle"; + + // allow assigned, associated-bundle-group bundle view + addRoleBundleGroup(role, bundleGroup); + bundles = bundleManager.findBundlesByCriteria(subject, bCriteria); + assertNotNull(bundles); + assertEquals("Should be able to see assigned bundle", 1, bundles.size()); + + // check new bundle criteria options (no match) + bCriteria.addFilterBundleGroupIds(87678); + bCriteria.fetchBundleGroups(true); + bundles = bundleManager.findBundlesByCriteria(subject, bCriteria); + assertNotNull(bundles); + assert bundles.isEmpty() : "Should not have found anything"; + + // check new bundle criteria options (match) + bCriteria.addFilterBundleGroupIds(bundleGroup.getId()); + bCriteria.fetchBundleGroups(true); + bundles = bundleManager.findBundlesByCriteria(subject, bCriteria); + assertNotNull(bundles); + assertEquals("Should be able to see assigned bundle", 1, bundles.size()); + assertNotNull(bundles.get(0).getBundleGroups()); + assertEquals("Should have fetched bundlegroup", 1, bundles.get(0).getBundleGroups().size()); + assertEquals("Should have fetched expected bundlegroup", bundleGroup, bundles.get(0).getBundleGroups() + .iterator().next()); + + // check new bundle group criteria options (no match) + bgCriteria.addFilterId(87678); + bgCriteria.addFilterBundleIds(87678); + bgCriteria.addFilterRoleIds(87678); + bgCriteria.fetchBundles(true); + bgCriteria.fetchRoles(true); + bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria); + assertNotNull(bundleGroups); + assert bundleGroups.isEmpty() : "Should not have found anything"; + + // check new bundle group criteria options (no match) + bgCriteria.addFilterId(bundleGroup.getId()); + bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria); + assertNotNull(bundleGroups); + assert bundleGroups.isEmpty() : "Should not have found anything"; + + // check new bundle group criteria options (no match) + bgCriteria.addFilterBundleIds(bundle.getId()); + bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria); + assertNotNull(bundleGroups); + assert bundleGroups.isEmpty() : "Should not have found anything"; + + // check new bundle group criteria options (match) + bgCriteria.addFilterRoleIds(role.getId()); + bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria); + assertNotNull(bundleGroups); + assertEquals("Should be able to see assigned bundle", 1, bundleGroups.size()); + assertNotNull(bundleGroups.get(0).getBundles()); + assertEquals("Should have fetched bundle in bundle group", 1, bundleGroups.get(0).getBundles().size()); + assertEquals("Should have fetched bundle in bundle group", bundle, bundleGroups.get(0).getBundles() + .iterator().next()); + assertNotNull(bundleGroups.get(0).getRoles()); + assertEquals("Should have fetched role for bundle group", 1, bundleGroups.get(0).getRoles().size()); + assertEquals("Should have fetched role for bundle group", role, bundleGroups.get(0).getRoles().iterator() + .next()); + } + + private Subject createNewSubject(String subjectName) throws Exception { + + Subject newSubject = new Subject(); + newSubject.setName(subjectName); + newSubject.setFactive(true); + newSubject.setFsystem(false); + + return LookupUtil.getSubjectManager().createSubject(overlord, newSubject); + } + + private Role createNewRoleForSubject(Subject subject, String roleName) throws Exception { + Role newRole = new Role(roleName); + newRole.setFsystem(false); + newRole.addSubject(subject); + return LookupUtil.getRoleManager().createRole(overlord, newRole); + } + + private void addRolePermissions(Role role, Permission... permissions) throws Exception { + + for (Permission p : permissions) { + role.getPermissions().add(p); + } + LookupUtil.getRoleManager().setPermissions(overlord, role.getId(), role.getPermissions()); + } + + private void removeRolePermissions(Role role, Permission... permissions) throws Exception { + + for (Permission p : permissions) { + role.getPermissions().remove(p); + } + LookupUtil.getRoleManager().setPermissions(overlord, role.getId(), role.getPermissions()); + } + + private void addRoleBundleGroup(Role role, BundleGroup bundleGroup) throws Exception { + + int[] ids = new int[1]; + ids[0] = bundleGroup.getId(); + LookupUtil.getRoleManager().addBundleGroupsToRole(overlord, role.getId(), ids); + } + + private void removeRoleBundleGroup(Role role, BundleGroup bundleGroup) throws Exception { + + int[] ids = new int[1]; + ids[0] = bundleGroup.getId(); + LookupUtil.getRoleManager().removeBundleGroupsFromRole(overlord, role.getId(), ids); } // helper methods private BundleType createBundleType(String name) throws Exception { final String fullName = TEST_PREFIX + "-type-" + name; - ResourceType rt = createResourceTypeForBundleType(name); - BundleType bt = bundleManager.createBundleType(overlord, fullName, rt.getId()); + BundleType bt = null; + try { + bt = bundleManager.getBundleType(overlord, fullName); + } catch (Throwable t) { + ResourceType rt = createResourceTypeForBundleType(name); + bt = bundleManager.createBundleType(overlord, fullName, rt.getId()); + + assert bt.getId() > 0; + assert bt.getName().endsWith(fullName); + } - assert bt.getId() > 0; - assert bt.getName().endsWith(fullName); return bt; } private Bundle createBundle(String name) throws Exception { + return createBundle(overlord, name); + } + + private Bundle createBundle(Subject subject, String name) throws Exception { BundleType bt = createBundleType(name); - return createBundle(name, bt); + return createBundle(subject, name, bt, 0); } - private Bundle createBundle(String name, BundleType bt) throws Exception { + private Bundle createBundle(Subject subject, String name, BundleType bt, int bundleGroupId) throws Exception { final String fullName = TEST_PREFIX + "-bundle-" + name; - Bundle b = bundleManager.createBundle(overlord, fullName, fullName + "-desc", bt.getId(), 0); + Bundle b = bundleManager.createBundle(subject, fullName, fullName + "-desc", bt.getId(), bundleGroupId); assert b.getId() > 0; assert b.getName().endsWith(fullName); @@ -1316,6 +1571,11 @@ public class BundleManagerBeanTest extends AbstractEJB3Test { } private BundleVersion createBundleVersion(String name, String version, Bundle bundle) throws Exception { + return createBundleVersion(overlord, name, version, bundle); + } + + private BundleVersion createBundleVersion(Subject subject, String name, String version, Bundle bundle) + throws Exception { final String fullName = TEST_PREFIX + "-bundleversion-" + version + "-" + name; final String recipe = "deploy -f " + TEST_PREFIX + ".zip -d @@ test.path @@"; BundleVersion bv = bundleManager.createBundleVersion(overlord, bundle.getId(), fullName, fullName + "-desc", diff --git a/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/util/SessionTestHelper.java b/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/util/SessionTestHelper.java index 10b5dbc..b85408d 100644 --- a/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/util/SessionTestHelper.java +++ b/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/util/SessionTestHelper.java @@ -19,6 +19,7 @@ package org.rhq.enterprise.server.util; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collection; import java.util.EnumSet; import java.util.Random; @@ -137,6 +138,18 @@ public class SessionTestHelper { return newRole; } + public static void addRolePermissions(EntityManager em, Role role, Permission... permissions) { + role.getPermissions().addAll(Arrays.asList(permissions)); + em.merge(role); + em.flush(); + } + + public static void removeRolePermissions(EntityManager em, Role role, Permission... permissions) { + role.getPermissions().removeAll(Arrays.asList(permissions)); + em.merge(role); + em.flush(); + } + public static ResourceType createNewResourceType(EntityManager em) { ResourceType type = new ResourceType(preprocess("testType"), "testPlugin", ResourceCategory.PLATFORM, null); ConfigurationDefinition resourceConfigDef = new ConfigurationDefinition("Fake def", diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java index af4c81f..aeaf597 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java @@ -39,6 +39,7 @@ import org.apache.commons.logging.LogFactory; import org.rhq.core.domain.auth.Subject; import org.rhq.core.domain.authz.Permission; import org.rhq.core.domain.authz.Role; +import org.rhq.core.domain.bundle.BundleGroup; import org.rhq.core.domain.criteria.RoleCriteria; import org.rhq.core.domain.resource.group.LdapGroup; import org.rhq.core.domain.resource.group.ResourceGroup; @@ -88,6 +89,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#findRolesBySubject(int subjectId,PageControl pageControl) */ + @Override @SuppressWarnings("unchecked") // the first param, subject, is not the subject making the request, its the subject whose roles are to be returned. // therefore, we won't want our security interceptor to check this method since the subject won't have a session associated with it @@ -109,6 +111,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#findRoles(PageControl) */ + @Override @SuppressWarnings("unchecked") public PageList<Role> findRoles(PageControl pc) { pc.initDefaultOrderingField("r.name"); @@ -135,6 +138,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#createRole(Subject, Role) */ + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public Role createRole(Subject whoami, Role newRole) { // Make sure there's not an existing role with the same name. @@ -182,6 +186,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#deleteRoles(Subject, int[]) */ + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void deleteRoles(Subject subject, int[] doomedRoleIds) { if (doomedRoleIds != null) { @@ -202,6 +207,13 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { entityManager.merge(doomedResourceGroupRelationship); } + //remove attached Bundle Groups + Set<BundleGroup> bundleGroupsToUnhook = new HashSet<BundleGroup>(doomedRole.getBundleGroups()); // avoid concurrent mod exception + for (BundleGroup doomedBundleGroupRelationship : bundleGroupsToUnhook) { + doomedRole.removeBundleGroup(doomedBundleGroupRelationship); + entityManager.merge(doomedBundleGroupRelationship); + } + //remove attached LDAP Subjects Set<Subject> ldapSubjectsToUnhook = new HashSet<Subject>(doomedRole.getLdapSubjects()); // avoid concurrent mod exception for (Subject doomedLdapSubjectRelationship : ldapSubjectsToUnhook) { @@ -232,6 +244,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#addRolesToSubject(Subject, int, int[]) */ + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void addRolesToSubject(Subject subject, int subjectId, int[] roleIds) { addRolesToSubject(subject, subjectId, roleIds, false); @@ -272,6 +285,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#addSubjectsToRole(Subject, int, int[]) */ + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void addSubjectsToRole(Subject subject, int roleId, int[] subjectIds) { if (subjectIds != null) { @@ -303,6 +317,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#removeRolesFromSubject(Subject, int, int[]) */ + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void removeRolesFromSubject(Subject subject, int subjectId, int[] roleIds) { if (roleIds != null) { @@ -324,6 +339,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { return; } + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void setAssignedSubjectRoles(Subject subject, int subjectId, int[] roleIds) { @@ -359,6 +375,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#getRoleById(Integer) */ + @Override public Role getRoleById(Integer roleId) { Role role = entityManager.find(Role.class, roleId); return role; @@ -367,6 +384,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#setPermissions(Subject, Integer, Set) */ + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void setPermissions(Subject subject, Integer roleId, Set<Permission> permissions) { Role role = entityManager.find(Role.class, roleId); @@ -381,6 +399,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#getPermissions(Integer) */ + @Override public Set<Permission> getPermissions(Integer roleId) { Role role = entityManager.find(Role.class, roleId); Set<Permission> rolePermissions = role.getPermissions(); @@ -390,6 +409,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#updateRole(Subject, Role) */ + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public Role updateRole(Subject whoami, Role role) { Role attachedRole = entityManager.find(Role.class, role.getId()); @@ -481,6 +501,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#findSubjectsByRole(Integer,PageControl) */ + @Override @SuppressWarnings("unchecked") public PageList<Subject> findSubjectsByRole(Integer roleId, PageControl pc) { pc.initDefaultOrderingField("s.name"); @@ -501,6 +522,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#findRolesByIds(Integer[],PageControl) */ + @Override @SuppressWarnings("unchecked") public PageList<Role> findRolesByIds(Integer[] roleIds, PageControl pc) { if ((roleIds == null) || (roleIds.length == 0)) { @@ -528,6 +550,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { return new PageList<Role>(roles, (int) count, pc); } + @Override @RequiredPermission(Permission.MANAGE_SECURITY) @SuppressWarnings("unchecked") public PageList<Role> findAvailableRolesForSubject(Subject subject, Integer subjectId, Integer[] pendingRoleIds, @@ -565,14 +588,39 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { return new PageList<Role>(roles, (int) count, pc); } + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public PageList<Role> findSubjectUnassignedRoles(Subject subject, int subjectId, PageControl pc) { return findAvailableRolesForSubject(subject, subjectId, null, pc); } + @Override + @RequiredPermission(Permission.MANAGE_SECURITY) + public void addBundleGroupsToRole(Subject subject, int roleId, int[] bundleGroupIds) { + if ((bundleGroupIds != null) && (bundleGroupIds.length > 0)) { + Role role = entityManager.find(Role.class, roleId); + if (role == null) { + throw new IllegalArgumentException("Could not find role[" + roleId + "] in order to add resourceGroups"); + } + role.getBundleGroups().size(); // load them in + + for (Integer bundleGroupId : bundleGroupIds) { + BundleGroup bundleGroup = entityManager.find(BundleGroup.class, bundleGroupId); + if (bundleGroup == null) { + throw new IllegalArgumentException("Tried to add BundleGroup[" + bundleGroupId + "] to role[" + + roleId + "], but bundleGroup was not found."); + } + role.addBundleGroup(bundleGroup); + } + } + + return; + } + /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#addResourceGroupsToRole(Subject, int, int[]) */ + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void addResourceGroupsToRole(Subject subject, int roleId, int[] groupIds) { if ((groupIds != null) && (groupIds.length > 0)) { @@ -595,9 +643,32 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { return; } + @Override + @RequiredPermission(Permission.MANAGE_SECURITY) + public void removeBundleGroupsFromRole(Subject subject, int roleId, int[] bundleGroupIds) { + if ((bundleGroupIds != null) && (bundleGroupIds.length > 0)) { + Role role = entityManager.find(Role.class, roleId); + if (role == null) { + throw new IllegalArgumentException("Could not find role[" + roleId + + "] in order to remove BundleGroups"); + } + role.getBundleGroups().size(); // load them in + + for (Integer bundleGroupId : bundleGroupIds) { + BundleGroup bundleGroup = entityManager.find(BundleGroup.class, bundleGroupId); + if (bundleGroup == null) { + throw new IllegalArgumentException("Tried to remove BundleGroup[" + bundleGroupId + "] from role[" + + roleId + "], but BundleGroup was not found"); + } + role.removeBundleGroup(bundleGroup); + } + } + } + /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#removeResourceGroupsFromRole(Subject, int, int[]) */ + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void removeResourceGroupsFromRole(Subject subject, int roleId, int[] groupIds) { if ((groupIds != null) && (groupIds.length > 0)) { @@ -618,6 +689,27 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { } } + @Override + @RequiredPermission(Permission.MANAGE_SECURITY) + public void setAssignedBundleGroups(Subject subject, int roleId, int[] bundleGroupIds) { + Role role = getRole(subject, roleId); + List<Integer> currentBundleGroups = new ArrayList<Integer>(); + for (BundleGroup group : role.getBundleGroups()) { + currentBundleGroups.add(group.getId()); + } + + List<Integer> newBundleGroups = ArrayUtils.wrapInList(bundleGroupIds); // members needing addition + newBundleGroups.removeAll(currentBundleGroups); + int[] newBundleGroupIds = ArrayUtils.unwrapCollection(newBundleGroups); + roleManager.addBundleGroupsToRole(subject, roleId, newBundleGroupIds); + + List<Integer> removedBundleGroups = new ArrayList<Integer>(currentBundleGroups); // members needing removal + removedBundleGroups.removeAll(ArrayUtils.wrapInList(bundleGroupIds)); + int[] removedGroupIds = ArrayUtils.unwrapCollection(removedBundleGroups); + roleManager.removeBundleGroupsFromRole(subject, roleId, removedGroupIds); + } + + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void setAssignedResourceGroups(Subject subject, int roleId, int[] groupIds) { Role role = getRole(subject, roleId); @@ -668,11 +760,13 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { } } + @Override public PageList<Role> findSubjectAssignedRoles(Subject subject, int subjectId, PageControl pc) { PageList<Role> assignedRoles = findRolesBySubject(subjectId, pc); return assignedRoles; } + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void removeSubjectsFromRole(Subject subject, int roleId, int[] subjectIds) { if ((subjectIds != null) && (subjectIds.length > 0)) { @@ -697,6 +791,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { } } + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void setAssignedSubjects(Subject subject, int roleId, int[] subjectIds) { @@ -729,6 +824,31 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { } } + @Override + @RequiredPermission(Permission.MANAGE_SECURITY) + public void removeRolesFromBundleGroup(Subject subject, int bundleGroupId, int[] roleIds) { + if ((roleIds != null) && (roleIds.length > 0)) { + BundleGroup bundleGroup = entityManager.find(BundleGroup.class, bundleGroupId); + if (bundleGroup == null) { + throw new IllegalArgumentException("Could not find BundleGroup[" + bundleGroupId + + "] in order to remove roles"); + } + bundleGroup.getRoles().size(); // load them in + + for (Integer roleId : roleIds) { + Role doomedRole = entityManager.find(Role.class, roleId); + if (doomedRole == null) { + throw new IllegalArgumentException("Tried to remove role[" + roleId + "] from BundleGroup[" + + bundleGroupId + "], but role was not found"); + } + bundleGroup.removeRole(doomedRole); + } + } + + return; + } + + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void removeRolesFromResourceGroup(Subject subject, int groupId, int[] roleIds) { if ((roleIds != null) && (roleIds.length > 0)) { @@ -751,10 +871,36 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { return; } + @Override public Role getRole(Subject subject, int roleId) { return entityManager.find(Role.class, roleId); } + @Override + @RequiredPermission(Permission.MANAGE_SECURITY) + public void addRolesToBundleGroup(Subject subject, int bundleGroupId, int[] roleIds) { + if ((roleIds != null) && (roleIds.length > 0)) { + BundleGroup bundleGroup = entityManager.find(BundleGroup.class, bundleGroupId); + if (bundleGroup == null) { + throw new IllegalArgumentException("Could not find bundleGroup[" + bundleGroupId + + "] in order to add roles"); + } + bundleGroup.getRoles().size(); // load them in + + for (Integer roleId : roleIds) { + Role role = entityManager.find(Role.class, roleId); + if (role == null) { + throw new IllegalArgumentException("Tried to add role[" + roleId + "] to bundleGroup[" + + bundleGroupId + "], but role was not found"); + } + bundleGroup.addRole(role); + } + } + + return; + } + + @Override @RequiredPermission(Permission.MANAGE_SECURITY) public void addRolesToResourceGroup(Subject subject, int groupId, int[] roleIds) { if ((roleIds != null) && (roleIds.length > 0)) { @@ -777,6 +923,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { return; } + @Override @SuppressWarnings("unchecked") public PageList<Role> findRolesByCriteria(Subject subject, RoleCriteria criteria) { @@ -788,7 +935,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { CriteriaQueryGenerator generator = new CriteriaQueryGenerator(subject, criteria); CriteriaQueryRunner<Role> queryRunner = new CriteriaQueryRunner<Role>(criteria, generator, entityManager); - @SuppressWarnings({ "UnnecessaryLocalVariable" }) + PageList<Role> roles = queryRunner.execute(); return roles; diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java index 5c2e1cb..d099f7c 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java @@ -25,7 +25,6 @@ import javax.ejb.Local; import org.rhq.core.domain.auth.Subject; import org.rhq.core.domain.authz.Permission; import org.rhq.core.domain.authz.Role; -import org.rhq.core.domain.criteria.RoleCriteria; import org.rhq.core.domain.util.PageControl; import org.rhq.core.domain.util.PageList; @@ -36,7 +35,7 @@ import org.rhq.core.domain.util.PageList; * @author John Mazzitelli */ @Local -public interface RoleManagerLocal { +public interface RoleManagerLocal extends RoleManagerRemote { /** * This returns a page list of all the roles that a subject is authorized to access. * @@ -57,26 +56,6 @@ public interface RoleManagerLocal { PageList<Role> findRoles(PageControl pc); /** - * Persists the new role to the database. The subjects assigned to the role are ignored - this only creates the role - * entity with 0 subjects initially assigned to it. - * - * @param subject the user attempting to create the role - * @param newRole the new role to persist - * - * @return the persisted role with the primary key populated - */ - Role createRole(Subject subject, Role newRole); - - /** - * Removes a set of roles from the database. The subjects assigned to the roles are no longer authorized with the - * deleted roles. Groups attached to the deleted roles are left alone. - * - * @param subject the user attempting to delete the role - * @param doomedRoleIds the IDs of the roles to delete - */ - void deleteRoles(Subject subject, int[] doomedRoleIds); - - /** * Sets the permissions for the specified role. Any currently existing role permissions are overwritten - that is, * <code>permissions</code> will be the complete set of permissions the role will now be authorized with. * @@ -96,16 +75,6 @@ public interface RoleManagerLocal { Set<Permission> getPermissions(Integer roleId); /** - * Updates the given role, excluding the subjects and groups. This updates permissions, name, description, etc. - * - * @param subject user asking to update the role - * @param role - * - * @return the updated role - */ - Role updateRole(Subject subject, Role role); - - /** * Given a set of role Ids, this returns a list of all the roles. * * @param roleIds @@ -140,12 +109,6 @@ public interface RoleManagerLocal { PageList<Role> findAvailableRolesForSubject(Subject subject, Integer subjectId, Integer[] pendingRoleIds, PageControl pc); - // !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - // - // The following are shared with the Remote Interface - // - // !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - /** * Returns the role with the given ID * @@ -157,64 +120,5 @@ public interface RoleManagerLocal { // Use getRole instead Role getRoleById(Integer roleId); - Role getRole(Subject subject, int roleId); - - PageList<Role> findSubjectAssignedRoles(Subject subject, int subjectId, PageControl pc); - - //This is a proxy of getAvailableRolesForSubject but without pendingRoleIds as required by remote spec - PageList<Role> findSubjectUnassignedRoles(Subject subject, int subjectId, PageControl pc); - - /** - * Assigns a set of roles to a subject which authorizes the subject to do anything the roles permit. - * - * @param subject the user attempting to assign the roles to the subject - * @param subjectId the subject who is to be authorized with the given roles - * @param roleIds the roles to assign - */ - void addRolesToSubject(Subject subject, int subjectId, int[] roleIds); - - /** - * Disassociates particular roles from a subject. Once complete, the subject will no longer be authorized with the - * given roles. - * - * @param subject the user that is attempting to perform the remove - * @param subjectId the user that is to have the roles unassigned from it - * @param roleIds list of role IDs that are to be removed from user - */ - void removeRolesFromSubject(Subject subject, int subjectId, int[] roleIds); - - void setAssignedSubjectRoles(Subject subject, int subjectId, int[] roleIds); - - void addSubjectsToRole(Subject subject, int roleId, int[] subjectIds); - - void removeSubjectsFromRole(Subject subject, int roleId, int[] subjectIds); - void setAssignedSubjects(Subject sessionSubject, int roleId, int[] subjectIds); - - /** - * Adds the given resource groups to the given role. - * - * @param subject user attempting to add the groups to the role - * @param roleId - * @param pendingGroupIds - */ - void addResourceGroupsToRole(Subject subject, int roleId, int[] pendingGroupIds); - - void addRolesToResourceGroup(Subject subject, int groupId, int[] roleIds); - - void setAssignedResourceGroups(Subject subject, int roleId, int[] groupIds); - - /** - * Removes the given resource groups from the given role. - * - * @param subject user attempting to remove the groups from the role - * @param roleId - * @param groupIds - */ - void removeResourceGroupsFromRole(Subject subject, int roleId, int[] groupIds); - - void removeRolesFromResourceGroup(Subject subject, int groupId, int[] roleIds); - - PageList<Role> findRolesByCriteria(Subject subject, RoleCriteria criteria); - } \ No newline at end of file diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerRemote.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerRemote.java index 0586998..83194da 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerRemote.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerRemote.java @@ -130,6 +130,15 @@ public interface RoleManagerRemote { void setAssignedSubjectRoles(Subject subject, int subjectId, int[] roleIds); /** + * Adds the given bundle groups to the given role. + * + * @param subject The logged in user's subject. + * @param roleId + * @param bundleGroupIds + */ + void addBundleGroupsToRole(Subject subject, int roleId, int[] bundleGroupIds); + + /** * Adds the given resource groups to the given role. * * @param subject The logged in user's subject. @@ -138,11 +147,24 @@ public interface RoleManagerRemote { */ void addResourceGroupsToRole(Subject subject, int roleId, int[] pendingGroupIds); + void addRolesToBundleGroup(Subject subject, int bundleGroupId, int[] roleIds); + void addRolesToResourceGroup(Subject subject, int groupId, int[] roleIds); + void setAssignedBundleGroups(Subject subject, int roleId, int[] bundleGroupIds); + void setAssignedResourceGroups(Subject subject, int roleId, int[] groupIds); /** + * Removes the given bundle groups from the given role. + * + * @param subject user attempting to remove the groups from the role + * @param roleId + * @param bundleGroupIds + */ + void removeBundleGroupsFromRole(Subject subject, int roleId, int[] bundleGroupIds); + + /** * Removes the given resource groups from the given role. * * @param subject user attempting to remove the groups from the role @@ -151,6 +173,8 @@ public interface RoleManagerRemote { */ void removeResourceGroupsFromRole(Subject subject, int roleId, int[] groupIds); + void removeRolesFromBundleGroup(Subject subject, int bundleGroupId, int[] roleIds); + void removeRolesFromResourceGroup(Subject subject, int groupId, int[] roleIds); PageList<Role> findRolesByCriteria(Subject subject, RoleCriteria criteria); diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java index a9882c4..bc85e6d 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java @@ -66,6 +66,7 @@ import org.rhq.core.clientapi.agent.bundle.BundleScheduleResponse; import org.rhq.core.clientapi.agent.configuration.ConfigurationUtility; import org.rhq.core.domain.auth.Subject; import org.rhq.core.domain.authz.Permission; +import org.rhq.core.domain.authz.Role; import org.rhq.core.domain.bundle.Bundle; import org.rhq.core.domain.bundle.BundleDeployment; import org.rhq.core.domain.bundle.BundleDeploymentStatus; @@ -233,6 +234,8 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot } } + checkCreateInitialBundleVersionAuthz(subject, bundleGroupId); + // create and add the required Repo. the Repo is a detached object which helps in its eventual removal. Repo repo = new Repo(name); repo.setCandidate(false); @@ -761,7 +764,6 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot } if (isInitialVersion) { - checkCreateInitialBundleVersionAuthz(subject, initialBundleGroupId); bundle = bundleManager.createBundle(subject, bundleName, bundleDescription, bundleType.getId(), initialBundleGroupId); createdBundle = true; @@ -1619,7 +1621,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot // filter by bundles that are viewable if (!authorizationManager.hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) { - generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, null, + generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, subject.getId()); } @@ -1660,7 +1662,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot CriteriaQueryGenerator generator = new CriteriaQueryGenerator(subject, criteria); if (!authorizationManager.hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) { - generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, null, + generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, subject.getId()); } @@ -1720,7 +1722,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot // filter by bundles that are viewable if (!authorizationManager.hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) { - generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, null, + generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, subject.getId()); } @@ -1735,8 +1737,8 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot CriteriaQueryGenerator generator = new CriteriaQueryGenerator(subject, criteria); if (!authorizationManager.hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) { - generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, null, - subject.getId()); + generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, + subject.getId(), null); } CriteriaQueryRunner<Bundle> queryRunner = new CriteriaQueryRunner<Bundle>(criteria, generator, entityManager); @@ -1781,7 +1783,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot generator.alterProjection(replacementSelectList); if (!authorizationManager.hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) { - generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, null, + generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, subject.getId()); } @@ -1990,7 +1992,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot public void deleteBundleGroups(Subject subject, int[] bundleGroupIds) throws Exception { for (int bundleGroupId : bundleGroupIds) { - BundleGroup bundleGroup = this.entityManager.find(BundleGroup.class, bundleGroupIds); + BundleGroup bundleGroup = this.entityManager.find(BundleGroup.class, bundleGroupId); if (null == bundleGroup) { return; } @@ -1999,6 +2001,12 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot for (Bundle b : bundleGroup.getBundles()) { bundleGroup.removeBundle(b); } + + // remove from any roles + for (Role r : bundleGroup.getRoles()) { + bundleGroup.removeRole(r); + } + bundleGroup = entityManager.merge(bundleGroup); // now remove the bundle group @@ -2012,8 +2020,8 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot // filter by bundle groups that are viewable if (!authorizationManager.hasGlobalPermission(subject, Permission.MANAGE_BUNDLE_GROUPS)) { - generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE_GROUP, - null, subject.getId()); + generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE_GROUP, + subject.getId(), null); } CriteriaQueryRunner<BundleGroup> queryRunner = new CriteriaQueryRunner<BundleGroup>(criteria, generator, diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java index 01ca620..f96d356 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java @@ -68,9 +68,12 @@ public interface BundleManagerLocal extends BundleManagerRemote { /** * Internal use only, and test entry point. - * - * This method performs NO AUTHZ! - * + * <pre> + * Required Permissions (same as createInitialBundleVersionXxx): Either: + * - Global.CREATE_BUNDLES and Global.VIEW_BUNDLES + * - Global.CREATE_BUNDLES and BundleGroup.VIEW_BUNDLES_IN_GROUP for bundle group BG + * - BundleGroup.CREATE_BUNDLES_IN_GROUP for bundle group BG + * </pre> * @param subject user that must have proper permissions * @param name not null or empty * @param description optional long description of the bundle @@ -87,9 +90,12 @@ public interface BundleManagerLocal extends BundleManagerRemote { * Convenience method that combines {@link #createBundle(Subject, String, int)} and {@link #createBundleVersion(Subject, int, String, String, String)}. * This will first check to see if a bundle with the given type/name exists - if it doesn't, it will be created. If it does, it will be reused. * This will then create the bundle version that will be associated with the bundle that was created or found. - * - * This method performs NO AUTHZ! - * + * <pre> + * Required Permissions (same as createInitialBundleVersionXxx): Either: + * - Global.CREATE_BUNDLES and Global.VIEW_BUNDLES + * - Global.CREATE_BUNDLES and BundleGroup.VIEW_BUNDLES_IN_GROUP for bundle group BG + * - BundleGroup.CREATE_BUNDLES_IN_GROUP for bundle group BG + * </pre> * @param subject user that must have proper permissions * @param bundleName name of the bundle to use (if not found, it will be created) * @param bundleDescription optional long description of the bundle diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/util/CriteriaQueryGenerator.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/util/CriteriaQueryGenerator.java index 0a1060d..3692b78 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/util/CriteriaQueryGenerator.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/util/CriteriaQueryGenerator.java @@ -124,10 +124,9 @@ public final class CriteriaQueryGenerator { } else if (type == AuthorizationTokenType.GROUP) { defaultFragment = "group"; setAuthorizationResourceFragment(type, defaultFragment, subjectId); - } else if (type == AuthorizationTokenType.BUNDLE) { - setAuthorizationBundleFragment(subjectId); - } else if (type == AuthorizationTokenType.BUNDLE_GROUP) { - setAuthorizationBundleGroupFragment(subjectId); + } else { + throw new IllegalArgumentException(this.getClass().getSimpleName() + + " does not yet support generating resource queries for '" + type + "' token types"); } } @@ -237,10 +236,31 @@ public final class CriteriaQueryGenerator { return customAuthzFragment; } - public void setAuthorizationBundleFragment(int subjectId) { + public void setAuthorizationBundleFragment(AuthorizationTokenType type, int subjectId) { + if (type == AuthorizationTokenType.BUNDLE) { + setAuthorizationBundleFragment(type, subjectId, "bundle"); + } else if (type == AuthorizationTokenType.BUNDLE_GROUP) { + setAuthorizationBundleFragment(type, subjectId, "bundleGroup"); + } else { + throw new IllegalArgumentException(this.getClass().getSimpleName() + + " does not yet support generating bundle queries for '" + type + "' token types"); + } + } + + public void setAuthorizationBundleFragment(AuthorizationTokenType type, int subjectId, String fragment) { + if (type == AuthorizationTokenType.BUNDLE) { + setAuthorizationBundleFragment(subjectId, fragment); + } else if (type == AuthorizationTokenType.BUNDLE_GROUP) { + setAuthorizationBundleGroupFragment(subjectId, fragment); + } else { + throw new IllegalArgumentException(this.getClass().getSimpleName() + + " does not yet support generating bundle queries for '" + type + "' token types"); + } + } + + private void setAuthorizationBundleFragment(int subjectId, String fragment) { this.authorizationSubjectId = subjectId; - String fragment = "bundle"; String customAuthzFragment = "" // + "( %aliasWithFragment%.id IN ( SELECT %innerAlias%.id " + NL // + " FROM %alias% innerAlias " + NL // @@ -271,8 +291,9 @@ public final class CriteriaQueryGenerator { } } - public void setAuthorizationBundleGroupFragment(int subjectId) { - String fragment = "bundleGroup"; + private void setAuthorizationBundleGroupFragment(int subjectId, String fragment) { + this.authorizationSubjectId = subjectId; + String customAuthzFragment = "" // + "( %aliasWithFragment%.id IN ( SELECT %innerAlias%.id " + NL // + " FROM %alias% innerAlias " + NL //

10 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

rhq-commits August 2013