Alon Bar-Lev has posted comments on this change. Change subject: aaa: using the new extensions API in InternalDirectory ......................................................................
Patch Set 3: (11 comments) http://gerrit.ovirt.org/#/c/26477/3/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalDirectory.java File backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalDirectory.java: Line 8: import org.ovirt.engine.api.extensions.ExtUUID; Line 9: import org.ovirt.engine.api.extensions.Extension; Line 10: import org.ovirt.engine.api.extensions.aaa.Authz; Line 11: import org.ovirt.engine.api.extensions.aaa.Authz.InvokeCommands; Line 12: import org.ovirt.engine.core.common.utils.Pair; how can you use something from engine? Line 13: Line 14: /** Line 15: * This directory contains only the internal user as specified in the {@code AdminUser} configuration parameter. Line 16: */ Line 23: /** Line 24: * The identifier of the admin user of the internal directory is inserted in the database when it is created, we Line 25: * need to use exactly the same here. Line 26: */ Line 27: private static final String ADMIN_ID = "fdfc627c-d875-11e0-90f0-83df133b58cc"; can't this be configuration property? Line 28: Line 29: private ExtMap context; Line 30: Line 31: private String userName; Line 32: Line 33: private ExtMap adminUser; Line 34: Line 35: @Override Line 36: public void invoke(ExtMap input, ExtMap output) { you need to put authz STATUS success Line 37: try { Line 38: ExtUUID commandType = input.<ExtUUID> get(Base.InvokeKeys.COMMAND); Line 39: if (commandType.equals(Base.InvokeCommands.INITIALIZE)) { Line 40: doInit(input, output); Line 38: ExtUUID commandType = input.<ExtUUID> get(Base.InvokeKeys.COMMAND); Line 39: if (commandType.equals(Base.InvokeCommands.INITIALIZE)) { Line 40: doInit(input, output); Line 41: } Line 42: if (commandType.equals(Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD)) { else if? Line 43: doFetchPrincipalOutput(input, output); Line 44: } Line 45: if (commandType.equals(Authz.InvokeCommands.QUERY_CLOSE)) { Line 46: // Do nothing Line 55: fillOpaque(output, commandType); Line 56: } Line 57: if (commandType.equals(Authz.InvokeCommands.QUERY_EXECUTE)) { Line 58: doQueryExecute(input, output); Line 59: } you need to add else and return unsupported. Line 60: Line 61: output.mput(Base.InvokeKeys.RESULT, Base.InvokeResult.SUCCESS); Line 62: } catch (Exception ex) { Line 63: output.mput(Base.InvokeKeys.RESULT, Base.InvokeResult.FAILED); Line 61: output.mput(Base.InvokeKeys.RESULT, Base.InvokeResult.SUCCESS); Line 62: } catch (Exception ex) { Line 63: output.mput(Base.InvokeKeys.RESULT, Base.InvokeResult.FAILED); Line 64: output.mput(Base.InvokeKeys.MESSAGE, ex.getMessage()); Line 65: } choose: output.mput().mput() or output.put() output.put() :) Line 66: } Line 67: Line 68: Line 69: private void doQueryExecute(ExtMap input, ExtMap output) { Line 76: opaque.setSecond(false); Line 77: output.mput( Line 78: Authz.InvokeKeys.QUERY_RESULT, Arrays.asList(adminUser) Line 79: ).mput( Line 80: Authz.InvokeKeys.QUERY_OPAQUE, opaque you do not need to reset the opaque. Line 81: ); Line 82: } else { Line 83: output.mput( Line 84: Authz.InvokeKeys.QUERY_RESULT, null Line 84: Authz.InvokeKeys.QUERY_RESULT, null Line 85: ).mput( Line 86: Authz.InvokeKeys.QUERY_OPAQUE, opaque Line 87: ); Line 88: } better to have: no? result = null; if (...) { result = something; } output.put(k, res) Line 89: } Line 90: } Line 91: Line 92: private void fillOpaque(ExtMap output, ExtUUID queryType) { Line 92: private void fillOpaque(ExtMap output, ExtUUID queryType) { Line 93: output.mput(Authz.InvokeKeys.QUERY_OPAQUE, new Pair<ExtUUID, Boolean>(queryType, true)); Line 94: } Line 95: Line 96: private void doFetchPrincipalOutput(ExtMap input, ExtMap output) { why Output? please try to sync function name and invoke name Line 97: output.mput( Line 98: Authz.InvokeKeys.PRINCIPAL_RECORD, adminUser); Line 99: Line 100: } Line 100: } Line 101: Line 102: private void doInit(ExtMap input, ExtMap output) { Line 103: context = input.<ExtMap> get(Base.InvokeKeys.CONTEXT); Line 104: context.mput(Base.ContextKeys.CONFIGURATION_SENSITIVE_KEYS, "config.authn.user.password"). please add to list do not overwrite. Line 105: mput(Base.ContextKeys.EXTENSION_NAME, "Internal Authorization (Built-in"). Line 106: mput(Base.ContextKeys.LICENSE, "ASL 2.0"). Line 107: mput(Base.ContextKeys.HOME_URL, "http://www.ovirt.org";). Line 108: mput(Base.ContextKeys.VERSION, "N/A"); Line 106: mput(Base.ContextKeys.LICENSE, "ASL 2.0"). Line 107: mput(Base.ContextKeys.HOME_URL, "http://www.ovirt.org";). Line 108: mput(Base.ContextKeys.VERSION, "N/A"); Line 109: userName = context.<Properties> get(Base.ContextKeys.CONFIGURATION).getProperty("config.authz.user.name"); Line 110: adminUser = new ExtMap(). quite confusing userName and adminUser referring to same name... anyway, if you construct this map and put it as a member, you can drop the userName. Line 111: mput(Authz.PrincipalRecord.NAME, userName). Line 112: mput(Authz.PrincipalRecord.ID, ADMIN_ID); Line 113: } -- To view, visit http://gerrit.ovirt.org/26477 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I958443292da0455e0a12039fac98eebb9b17dee2 Gerrit-PatchSet: 3 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
