Alon Bar-Lev has uploaded a new change for review. Change subject: extapi: aaa: support group resolution control for fetch principal ......................................................................
extapi: aaa: support group resolution control for fetch principal Topic: AAA Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1120720 Change-Id: I1e7faed5d0b0fa07e5517925bea5fa62d2369145 Signed-off-by: Alon Bar-Lev <alo...@redhat.com> --- M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetDirectoryUserByPrincipalQuery.java M backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authz.java 3 files changed, 16 insertions(+), 6 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/41/32441/1 diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java index 2b8cfbf..5f9eb69 100644 --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java @@ -35,14 +35,14 @@ } public static ExtMap fetchPrincipalRecord(final ExtensionProxy extension, ExtMap authRecord) { - return fetchPrincipalRecordImpl(extension, Authn.InvokeKeys.AUTH_RECORD, authRecord); + return fetchPrincipalRecordImpl(extension, Authn.InvokeKeys.AUTH_RECORD, authRecord, true, true); } - public static ExtMap fetchPrincipalRecord(final ExtensionProxy extension, String principal) { - return fetchPrincipalRecordImpl(extension, Authz.InvokeKeys.PRINCIPAL, principal); + public static ExtMap fetchPrincipalRecord(final ExtensionProxy extension, String principal, boolean resolveGroups, boolean resolveGroupsRecursive) { + return fetchPrincipalRecordImpl(extension, Authz.InvokeKeys.PRINCIPAL, principal, resolveGroups, resolveGroupsRecursive); } - private static ExtMap fetchPrincipalRecordImpl(final ExtensionProxy extension, ExtKey key, Object value) { + private static ExtMap fetchPrincipalRecordImpl(final ExtensionProxy extension, ExtKey key, Object value, boolean resolveGroups, boolean resolveGroupsRecursive) { ExtMap ret = null; ExtMap output = extension.invoke(new ExtMap().mput( Base.InvokeKeys.COMMAND, @@ -50,6 +50,13 @@ ).mput( key, value + ).mput( + Authz.InvokeKeys.QUERY_FLAGS, + ( + (resolveGroups ? Authz.QueryFlags.RESOLVE_GROUPS : 0) | + (resolveGroupsRecursive ? Authz.QueryFlags.RESOLVE_GROUPS_RECURSIVE : 0) | + 0 + ) )); if (output.<Integer> get(Authz.InvokeKeys.STATUS) == Authz.Status.SUCCESS) { ret = output.<ExtMap> get(Authz.InvokeKeys.PRINCIPAL_RECORD); diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetDirectoryUserByPrincipalQuery.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetDirectoryUserByPrincipalQuery.java index 1304754..e159206 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetDirectoryUserByPrincipalQuery.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetDirectoryUserByPrincipalQuery.java @@ -25,7 +25,9 @@ EngineExtensionsManager.getInstance().getExtensionByName( getParameters().getAuthz() ), - getParameters().getPrincnipal() + getParameters().getPrincnipal(), + false, + false ) ) ); diff --git a/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authz.java b/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authz.java index 588d600..bef4d56 100644 --- a/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authz.java +++ b/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authz.java @@ -59,7 +59,7 @@ * Principal value. * @see PrincipalRecord */ - public static final ExtKey PRINCIPAL = new ExtKey("AAA_AUTHZ_PRINCIPAL_RECORD", String.class, "a3c1d5ca-f1ea-131c-86ae-a1ecbcadd6b7"); + public static final ExtKey PRINCIPAL = new ExtKey("AAA_AUTHZ_PRINCIPAL", String.class, "a3c1d5ca-f1ea-131c-86ae-a1ecbcadd6b7"); /** * AuthResult of operation. * @see Status @@ -117,6 +117,7 @@ * <ul> * <li>{@link Authn.InvokeKeys#AUTH_RECORD}[O] - authentication record.</li> * <li>{@link Authz.InvokeKeys#PRINCIPAL}[O] - principal.</li> + * <li>{@link InvokeKeys#QUERY_FLAGS}[O] - query flags.</li> * </ul> * </p> * -- To view, visit http://gerrit.ovirt.org/32441 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1e7faed5d0b0fa07e5517925bea5fa62d2369145 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
